From cb914005c86cee3e4345cae62376713afe5284c1 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 12 Apr 2016 21:06:33 +0200 Subject: WIP --- .classpath | 1 + base/common/share/etc/pki.conf | 2 ++ .../cms/src/com/netscape/cms/realm/PKIRealm.java | 10 ++++++++++ .../cmscore/ldapconn/LdapBoundConnFactory.java | 22 ++++++++++++++-------- .../src/com/netscape/cms/tomcat/ProxyRealm.java | 12 ++++++++++++ .../src/com/netscape/cms/tomcat/ProxyRealm.java | 14 ++++++++++++++ 6 files changed, 53 insertions(+), 8 deletions(-) diff --git a/.classpath b/.classpath index 9fd5144bf..593679215 100644 --- a/.classpath +++ b/.classpath @@ -20,6 +20,7 @@ + diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf index 57cb83e5a..05a30b11e 100644 --- a/base/common/share/etc/pki.conf +++ b/base/common/share/etc/pki.conf @@ -3,3 +3,5 @@ JNI_JAR_DIR=/usr/lib/java # logging configuration location LOGGING_CONFIG=/usr/share/pki/etc/logging.properties + +# test diff --git a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java index 1933601db..8e94e26c9 100644 --- a/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java +++ b/base/server/cms/src/com/netscape/cms/realm/PKIRealm.java @@ -47,6 +47,11 @@ public class PKIRealm extends RealmBase { @Override public Principal authenticate(String username, String password) { + + if (CMS.isPreOpMode()) { + return null; + } + CMS.debug("PKIRealm: Authenticating user " + username + " with password."); String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; @@ -91,6 +96,11 @@ public class PKIRealm extends RealmBase { @Override public Principal authenticate(final X509Certificate certs[]) { + + if (CMS.isPreOpMode()) { + return null; + } + CMS.debug("PKIRealm: Authenticating certificate chain:"); String auditMessage = null; diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java index 2ac4085c7..07f4ca003 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java +++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java @@ -17,18 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.ldapconn; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSocketFactory; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ldap.ELdapException; import com.netscape.certsrv.ldap.ELdapServerDownException; +import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.certsrv.ldap.ILdapBoundConnFactory; import com.netscape.certsrv.logging.ILogger; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPSocketFactory; + /** * Factory for getting LDAP Connections to a LDAP server with the same * LDAP authentication. @@ -119,8 +120,14 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { throws ELdapException, EBaseException { CMS.debug("LdapBoundConnFactory: init "); - LdapConnInfo connInfo = - new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)); + + LdapConnInfo connInfo = new LdapConnInfo( + config.getSubStore(PROP_LDAPCONNINFO)); + + LdapAuthInfo authInfo = new LdapAuthInfo( + config.getSubStore(PROP_LDAPAUTHINFO), + connInfo.getHost(), connInfo.getPort(), connInfo.getSecure()); + CMS.debug("Auth type: " + (authInfo.getAuthType() == ILdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH ? "basic" : "client cert")); mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown); @@ -130,8 +137,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory { init(config.getInteger(PROP_MINCONNS, mMinConns), config.getInteger(PROP_MAXCONNS, mMaxConns), connInfo, - new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO), - connInfo.getHost(), connInfo.getPort(), connInfo.getSecure())); + authInfo); } /** diff --git a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java index 094c0561f..c089794af 100644 --- a/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java +++ b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java @@ -61,11 +61,13 @@ public class ProxyRealm implements Realm { @Override public Principal authenticate(String username, String password) { + if (realm == null) return null; return realm.authenticate(username, password); } @Override public Principal authenticate(X509Certificate certs[]) { + if (realm == null) return null; return realm.authenticate(certs); } @@ -80,11 +82,13 @@ public class ProxyRealm implements Realm { String realmName, String md5a2 ) { + if (realm == null) return null; return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2); } @Override public Principal authenticate(GSSContext gssContext, boolean storeCreds) { + if (realm == null) return null; return realm.authenticate(gssContext, storeCreds); } @@ -95,26 +99,31 @@ public class ProxyRealm implements Realm { SecurityConstraint[] constraints, Context context ) throws IOException { + if (realm == null) return false; return realm.hasResourcePermission(request, response, constraints, context); } @Override public String getInfo() { + if (realm == null) return null; return realm.getInfo(); } @Override public void backgroundProcess() { + if (realm == null) return; realm.backgroundProcess(); } @Override public SecurityConstraint[] findSecurityConstraints(Request request, Context context) { + if (realm == null) return null; return realm.findSecurityConstraints(request, context); } @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { + if (realm == null) return false; return realm.hasRole(wrapper, principal, role); } @@ -124,16 +133,19 @@ public class ProxyRealm implements Realm { Response response, SecurityConstraint[] constraint ) throws IOException { + if (realm == null) return false; return realm.hasUserDataPermission(request, response, constraint); } @Override public void addPropertyChangeListener(PropertyChangeListener listener) { + if (realm == null) return; realm.addPropertyChangeListener(listener); } @Override public void removePropertyChangeListener(PropertyChangeListener listener) { + if (realm == null) return; realm.removePropertyChangeListener(listener); } } diff --git a/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java index bcedd52dc..72876a4ed 100644 --- a/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java +++ b/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java @@ -62,16 +62,19 @@ public class ProxyRealm implements Realm { @Override public Principal authenticate(String username) { + if (realm == null) return null; return realm.authenticate(username); } @Override public Principal authenticate(String username, String password) { + if (realm == null) return null; return realm.authenticate(username, password); } @Override public Principal authenticate(X509Certificate certs[]) { + if (realm == null) return null; return realm.authenticate(certs); } @@ -86,11 +89,13 @@ public class ProxyRealm implements Realm { String realmName, String md5a2 ) { + if (realm == null) return null; return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2); } @Override public Principal authenticate(GSSContext gssContext, boolean storeCreds) { + if (realm == null) return null; return realm.authenticate(gssContext, storeCreds); } @@ -101,21 +106,25 @@ public class ProxyRealm implements Realm { SecurityConstraint[] constraints, Context context ) throws IOException { + if (realm == null) return false; return realm.hasResourcePermission(request, response, constraints, context); } @Override public void backgroundProcess() { + if (realm == null) return; realm.backgroundProcess(); } @Override public SecurityConstraint[] findSecurityConstraints(Request request, Context context) { + if (realm == null) return null; return realm.findSecurityConstraints(request, context); } @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { + if (realm == null) return false; return realm.hasRole(wrapper, principal, role); } @@ -125,26 +134,31 @@ public class ProxyRealm implements Realm { Response response, SecurityConstraint[] constraint ) throws IOException { + if (realm == null) return false; return realm.hasUserDataPermission(request, response, constraint); } @Override public void addPropertyChangeListener(PropertyChangeListener listener) { + if (realm == null) return; realm.addPropertyChangeListener(listener); } @Override public void removePropertyChangeListener(PropertyChangeListener listener) { + if (realm == null) return; realm.removePropertyChangeListener(listener); } @Override public CredentialHandler getCredentialHandler() { + if (realm == null) return null; return realm.getCredentialHandler(); } @Override public void setCredentialHandler(CredentialHandler handler) { + if (realm == null) return; realm.setCredentialHandler(handler); } } -- cgit