Source code

001/*
002 *   Licensed to the Apache Software Foundation (ASF) under one
003 *   or more contributor license agreements.  See the NOTICE file
004 *   distributed with this work for additional information
005 *   regarding copyright ownership.  The ASF licenses this file
006 *   to you under the Apache License, Version 2.0 (the
007 *   "License"); you may not use this file except in compliance
008 *   with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *   Unless required by applicable law or agreed to in writing,
013 *   software distributed under the License is distributed on an
014 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *   KIND, either express or implied.  See the License for the
016 *   specific language governing permissions and limitations
017 *   under the License.
018 *
019 */
020package org.apache.directory.server.protocol.shared.kerberos;
021
022
023import org.apache.directory.api.ldap.model.constants.Loggers;
024import org.apache.directory.api.ldap.model.constants.SchemaConstants;
025import org.apache.directory.api.ldap.model.cursor.Cursor;
026import org.apache.directory.api.ldap.model.entry.Entry;
027import org.apache.directory.api.ldap.model.entry.Value;
028import org.apache.directory.api.ldap.model.filter.EqualityNode;
029import org.apache.directory.api.ldap.model.filter.ExprNode;
030import org.apache.directory.api.ldap.model.message.AliasDerefMode;
031import org.apache.directory.api.ldap.model.message.SearchScope;
032import org.apache.directory.api.ldap.model.name.Dn;
033import org.apache.directory.api.ldap.model.schema.AttributeType;
034import org.apache.directory.api.ldap.model.schema.SchemaManager;
035import org.apache.directory.server.core.api.CoreSession;
036import org.apache.directory.server.i18n.I18n;
037import org.apache.directory.shared.kerberos.KerberosAttribute;
038import org.slf4j.Logger;
039import org.slf4j.LoggerFactory;
040
041
042/**
043 * Commonly used store utility operations.
044 *
045 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
046 */
047public final class StoreUtils
048{
049    /** Loggers for this class */
050    private static final Logger LOG = LoggerFactory.getLogger( StoreUtils.class );
051    private static final Logger LOG_KRB = LoggerFactory.getLogger( Loggers.KERBEROS_LOG.getName() );
052
053
054    private StoreUtils()
055    {
056    }
057
058
059    /**
060     * Constructs a filter expression tree for the filter used to search the 
061     * directory.
062     * 
063     * @param schemaManager The server schemaManager to use for attribute lookups
064     * @param principal the principal to use for building the filter
065     * @return the filter expression tree
066     * @throws Exception if there are problems while looking up attributes
067     */
068    private static ExprNode getFilter( SchemaManager schemaManager, String principal ) throws Exception
069    {
070        AttributeType type = schemaManager.lookupAttributeTypeRegistry( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT );
071        Value value = new Value( type, principal );
072
073        return new EqualityNode<String>( type, value );
074    }
075
076
077    /**
078     * Finds the Entry associated with the Kerberos principal name.
079     *
080     * @param session the session to use for the search
081     * @param searchBaseDn the base to use while searching
082     * @param principal the name of the principal to search for
083     * @return the server entry for the principal or null if non-existent
084     * @throws Exception if there are problems while searching the directory
085     */
086    public static Entry findPrincipalEntry( CoreSession session, Dn searchBaseDn, String principal )
087        throws Exception
088    {
089        Cursor<Entry> cursor = null;
090
091        try
092        {
093            SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
094            cursor = session
095                .search( searchBaseDn, SearchScope.SUBTREE,
096                    getFilter( schemaManager, principal ), AliasDerefMode.DEREF_ALWAYS,
097                    SchemaConstants.ALL_USER_ATTRIBUTES );
098
099            cursor.beforeFirst();
100
101            if ( cursor.next() )
102            {
103                Entry entry = cursor.get();
104                LOG.debug( "Found entry {} for kerberos principal name {}", entry.getDn(), principal );
105                LOG_KRB.debug( "Found entry {} for kerberos principal name {}", entry.getDn(), principal );
106
107                while ( cursor.next() )
108                {
109                    LOG.error( I18n.err( I18n.ERR_149, principal, cursor.next() ) );
110                }
111
112                return entry;
113            }
114            else
115            {
116                LOG.warn( "No server entry found for kerberos principal name {}", principal );
117                LOG_KRB.warn( "No server entry found for kerberos principal name {}", principal );
118
119                return null;
120            }
121        }
122        finally
123        {
124            if ( cursor != null )
125            {
126                cursor.close();
127            }
128        }
129    }
130}