Added a few improvements + documentation for the LDAP based authenticators
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/c66c6d42 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/c66c6d42 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/c66c6d42 Branch: refs/heads/master Commit: c66c6d421b185a86ad2851424cc84197eb8545ca Parents: e6991a7 Author: Lyor Goldstein <[email protected]> Authored: Tue Jan 19 10:58:37 2016 +0200 Committer: Lyor Goldstein <[email protected]> Committed: Tue Jan 19 10:58:37 2016 +0200 ---------------------------------------------------------------------- .../common/util/net/LdapNetworkConnector.java | 124 +++++++++++------ .../sshd/server/auth/LdapAuthenticator.java | 37 +++++ .../password/LdapPasswordAuthenticator.java | 28 +++- .../auth/pubkey/LdapPublickeyAuthenticator.java | 136 +++++++++++++++++-- .../sshd/server/auth/BaseAuthenticatorTest.java | 23 ++-- .../password/LdapPasswordAuthenticatorTest.java | 5 +- .../pubkey/LdapPublickeyAuthenticatorTest.java | 5 +- 7 files changed, 291 insertions(+), 67 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/main/java/org/apache/sshd/common/util/net/LdapNetworkConnector.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/main/java/org/apache/sshd/common/util/net/LdapNetworkConnector.java b/sshd-ldap/src/main/java/org/apache/sshd/common/util/net/LdapNetworkConnector.java index 1e4ff23..3bb626d 100644 --- a/sshd-ldap/src/main/java/org/apache/sshd/common/util/net/LdapNetworkConnector.java +++ b/sshd-ldap/src/main/java/org/apache/sshd/common/util/net/LdapNetworkConnector.java @@ -47,9 +47,11 @@ import org.apache.sshd.common.util.buffer.BufferUtils; /** * Uses the <A HREF="http://docs.oracle.com/javase/7/docs/technotes/guides/jndi/jndi-ldap.html";> * LDAP Naming Service Provider for the Java Naming and Directory Interface (JNDI)</A> + * + * @param <C> Type of context being passed to {@link #resolveAttributes(String, String, Object)} * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ -public class LdapNetworkConnector extends NetworkConnector { +public class LdapNetworkConnector<C> extends NetworkConnector { public static final String DEFAULT_LDAP_PROTOCOL = "ldap"; public static final int DEFAULT_LDAP_PORT = 389; @@ -105,6 +107,22 @@ public class LdapNetworkConnector extends NetworkConnector { setBinaryAttributes(DEFAULT_BINARY_ATTRIBUTES); } + @Override + public void setConnectTimeout(long connectTimeout) { + // value must fit in an integer + ValidateUtils.checkTrue((connectTimeout >= Integer.MIN_VALUE) && (connectTimeout <= Integer.MAX_VALUE), "Invalid connect timeout: %d", connectTimeout); + ldapEnv.put("com.sun.jndi.ldap.connect.timeout", Long.toString(connectTimeout)); + super.setConnectTimeout(connectTimeout); + } + + @Override + public void setReadTimeout(long readTimeout) { + // value must fit in an integer + ValidateUtils.checkTrue((readTimeout >= Integer.MIN_VALUE) && (readTimeout <= Integer.MAX_VALUE), "Invalid read timeout: %d", readTimeout); + super.setReadTimeout(readTimeout); + ldapEnv.put("com.sun.jndi.ldap.read.timeout", Long.toString(readTimeout)); + } + public String getLdapFactory() { return Objects.toString(ldapEnv.get(Context.INITIAL_CONTEXT_FACTORY), null); } @@ -319,54 +337,82 @@ public class LdapNetworkConnector extends NetworkConnector { * may be {@code null}/empty if not required for the specific query * @param password Password Password to be used if necessary - may be {@code null}/empty if not * required for the specific query - * @param queryContext User specific query context - relevant only for derived classes that want + * @param queryContext User specific query context - relevant for derived classes that want * to override some of query processing methods * @return A {@link Map} of the retrieved attributes - <B>Note:</B> if {@link #isAccumulateMultiValues()} * is {@code true} and multiple values are encountered for an attribute then a {@link List} of them is * mapped as its value * @throws NamingException If failed to executed the LDAP query + * @see #queryAttributes(Object, DirContext, Map, String, String) */ - public Map<String, Object> resolveAttributes(String username, String password, Object queryContext) throws NamingException { - DirContext context = initializeDirContext(queryContext, ldapEnv, username, password); + public Map<String, Object> resolveAttributes(String username, String password, C queryContext) throws NamingException { + // create a copy of the original environment so we can change it + DirContext context = initializeDirContext(queryContext, new HashMap<String, Object>(ldapEnv), username, password); try { - Map<?, ?> ldapConfig = context.getEnvironment(); - String baseDN = resolveBaseDN(queryContext, ldapConfig, username, password); - String filter = resolveSearchFilter(queryContext, ldapConfig, username, password); - NamingEnumeration<? extends SearchResult> result = - context.search(ValidateUtils.checkNotNullAndNotEmpty(baseDN, "No base DN"), - ValidateUtils.checkNotNullAndNotEmpty(filter, "No filter"), - searchControls); - try { - Map<String, Object> attrsMap = new TreeMap<String, Object>(String.CASE_INSENSITIVE_ORDER); - String referralMode = Objects.toString(ldapConfig.get(Context.REFERRAL), null); - for (int index = 0;; index++) { - if (!result.hasMore()) { - break; - } - - processSearchResult(queryContext, ldapConfig, attrsMap, index, result.next()); + return queryAttributes(queryContext, context, context.getEnvironment(), username, password); + } finally { + context.close(); + } + } - // if not following referrals stop at the 1st result regardless if there are others - if ("ignore".equals(referralMode)) { - break; - } + /** + * @param queryContext The user-specific query context + * @param context The initialized {@link DirContext} + * @param ldapConfig The LDAP environment setup + * @param username The username + * @param password The password + * @return A {@link Map} of the retrieved attributes - <B>Note:</B> if {@link #isAccumulateMultiValues()} + * is {@code true} and multiple values are encountered for an attribute then a {@link List} of them is + * mapped as its value + * @throws NamingException If failed to executed the LDAP query + */ + protected Map<String, Object> queryAttributes(C queryContext, DirContext context, Map<?, ?> ldapConfig, String username, String password) throws NamingException { + String baseDN = resolveBaseDN(queryContext, ldapConfig, username, password); + String filter = resolveSearchFilter(queryContext, ldapConfig, username, password); + NamingEnumeration<? extends SearchResult> result = + context.search(ValidateUtils.checkNotNullAndNotEmpty(baseDN, "No base DN"), + ValidateUtils.checkNotNullAndNotEmpty(filter, "No filter"), + searchControls); + try { + Map<String, Object> attrsMap = new TreeMap<String, Object>(String.CASE_INSENSITIVE_ORDER); + String referralMode = Objects.toString(ldapConfig.get(Context.REFERRAL), null); + for (int index = 0;; index++) { + if (!result.hasMore()) { + break; } - return attrsMap; - } finally { - result.close(); + processSearchResult(queryContext, ldapConfig, attrsMap, index, result.next()); + + // if not following referrals stop at the 1st result regardless if there are others + if ("ignore".equals(referralMode)) { + break; + } } + + return attrsMap; } finally { - context.close(); + result.close(); } } - protected DirContext initializeDirContext(Object queryContext, Map<String, ?> ldapConfig, String username, String password) throws NamingException { - Map<String, Object> env; - synchronized (ldapConfig) { // create a copy so we can change it - env = new HashMap<String, Object>(ldapConfig); - } + protected DirContext initializeDirContext(C queryContext, Map<String, Object> env, String username, String password) throws NamingException { + Map<String, ?> ldapConfig = setupDirContextEnvironment(queryContext, env, username, password); + return new InitialDirContext(new Hashtable<String, Object>(ldapConfig)); + } + /** + * Called in order to set up the environment configuration passed to the + * {@link InitialDirContext#InitialDirContext(Hashtable)} constructor + * + * @param queryContext The caller-specific query context + * @param env The current environment setup + * @param username The username - may be {@code null}/empty + * @param password The password - may be {@code null}/empty + * @return An updated environment configuration - can be a <U>new</U> instance + * or just the original one with some changes in it + * @throws NamingException If failed to set up the environment + */ + protected Map<String, Object> setupDirContextEnvironment(C queryContext, Map<String, Object> env, String username, String password) throws NamingException { if (!env.containsKey(Context.PROVIDER_URL)) { int port = getPort(); ValidateUtils.checkTrue(port > 0, "No port configured"); @@ -391,20 +437,20 @@ public class LdapNetworkConnector extends NetworkConnector { } } - return new InitialDirContext(new Hashtable<String, Object>(env)); + return env; } - protected String resolveBaseDN(Object queryContext, Map<?, ?> ldapConfig, String username, String password) throws NamingException { + protected String resolveBaseDN(C queryContext, Map<?, ?> ldapConfig, String username, String password) throws NamingException { Object[] bindParams = {username, password}; return ValidateUtils.checkNotNull(baseDNPattern, "No base DN pattern").format(bindParams); } - protected String resolveSearchFilter(Object queryContext, Map<?, ?> ldapConfig, String username, String password) throws NamingException { + protected String resolveSearchFilter(C queryContext, Map<?, ?> ldapConfig, String username, String password) throws NamingException { Object[] bindParams = {username, password}; return ValidateUtils.checkNotNull(searchFilterPattern, "No search filter pattern").format(bindParams); } - protected void processSearchResult(Object queryContext, Map<?, ?> ldapConfig, Map<String, Object> attrsMap, + protected void processSearchResult(C queryContext, Map<?, ?> ldapConfig, Map<String, Object> attrsMap, int resultIndex, SearchResult result) throws NamingException { String dn = result.getName(); @@ -422,7 +468,7 @@ public class LdapNetworkConnector extends NetworkConnector { } // returns the most up-to-date value mapped for the attribute - protected Object processResultAttributeValue(Object queryContext, Map<?, ?> ldapConfig, + protected Object processResultAttributeValue(C queryContext, Map<?, ?> ldapConfig, String dn, int resultIndex, Map<String, Object> attrsMap, Attribute a) throws NamingException { String attrID = a.getID(); @@ -460,7 +506,7 @@ public class LdapNetworkConnector extends NetworkConnector { } @SuppressWarnings("unchecked") - protected Object accumulateAttributeValue(Object queryContext, Map<String, Object> attrsMap, String attrID, Object attrVal) { + protected Object accumulateAttributeValue(C queryContext, Map<String, Object> attrsMap, String attrID, Object attrVal) { Object prev = attrsMap.put(attrID, attrVal); if (prev == null) { return null; // debug breakpoint http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/main/java/org/apache/sshd/server/auth/LdapAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/LdapAuthenticator.java b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/LdapAuthenticator.java new file mode 100644 index 0000000..2544f35 --- /dev/null +++ b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/LdapAuthenticator.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.server.auth; + +import org.apache.sshd.common.util.net.LdapNetworkConnector; +import org.apache.sshd.server.session.ServerSession; + +/** + * Serves as the base class for password and public key authenticators. + * + * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> + */ +public class LdapAuthenticator extends LdapNetworkConnector<ServerSession> { + public static final String DEFAULT_USERNAME_ATTR_NAME = "uid"; + public static final String DEFAULT_AUTHENTICATION_MODE = "none"; + + public LdapAuthenticator() { + setAuthenticationMode(DEFAULT_AUTHENTICATION_MODE); + } +} http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/main/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticator.java b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticator.java index 251a3a8..83165e7 100644 --- a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticator.java +++ b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticator.java @@ -23,23 +23,41 @@ import java.util.Map; import javax.naming.NamingException; -import org.apache.sshd.common.util.net.LdapNetworkConnector; +import org.apache.sshd.server.auth.LdapAuthenticator; import org.apache.sshd.server.session.ServerSession; /** + * Uses LDAP to authenticate a user and password. By default it can achieve this using 2 ways: + * <OL> + * <P><LI> + * Comparing the provided password with the one stored in LDAP. In this case, + * the bind DN and password patterns can be either empty (if anonymous access + * allowed) or can contain the administrative username / password required to + * run the LDAP query. The search filter pattern should be set to require a + * match for <U>both</U> the username and password - e.g., <code>"(&(user={0})(password={1}))"</code>. + * The set default ({@link #DEFAULT_SEARCH_FILTER_PATTERN}) uses the most + * commonly encountered attributes names for this purpose. + * </LI></P> + * + * <P><LI> + * Using the original username + password to access LDAP - in which case the very + * success of retrieving anything can be considered a successful authentication. + * In this case, the bind DN and password patterns should be set up to generate + * the correct credentials - the default is to "echo" the provided + * username and password as-is. E.g., if the username is always the alias part + * of a known e-mail, the bind DN should be set to <code>"{0}@my.domain.com"</code>. + * </LI></P> + * </OL> * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ -public class LdapPasswordAuthenticator extends LdapNetworkConnector implements PasswordAuthenticator { - public static final String DEFAULT_USERNAME_ATTR_NAME = "uid"; +public class LdapPasswordAuthenticator extends LdapAuthenticator implements PasswordAuthenticator { public static final String DEFAULT_PASSWORD_ATTR_NAME = "userPassword"; public static final String DEFAULT_SEARCH_FILTER_PATTERN = "(&(" + DEFAULT_USERNAME_ATTR_NAME + "={0})(" + DEFAULT_PASSWORD_ATTR_NAME + "={1}))"; - public static final String DEFAULT_AUTHENTICATION_MODE = "none"; public LdapPasswordAuthenticator() { setRetrievedAttributes(null); - setAuthenticationMode(DEFAULT_AUTHENTICATION_MODE); setSearchFilterPattern(DEFAULT_SEARCH_FILTER_PATTERN); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java index fa3e929..ff8f5ce 100644 --- a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java +++ b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java @@ -22,6 +22,10 @@ package org.apache.sshd.server.auth.pubkey; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; import java.util.Map; import java.util.Objects; @@ -29,30 +33,37 @@ import javax.naming.NamingException; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; +import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; -import org.apache.sshd.common.util.net.LdapNetworkConnector; +import org.apache.sshd.server.auth.LdapAuthenticator; import org.apache.sshd.server.config.keys.AuthorizedKeyEntry; import org.apache.sshd.server.session.ServerSession; /** + * Uses LDAP to retrieve a user's registered public key and compare it with + * the provided one. The default search pattern attempts to retrieve the user's + * SSH public key value which is assumed to be in {@code OpenSSH} format. The + * default assumes that the value resides in the {@link #DEFAULT_PUBKEY_ATTR_NAME} + * attribute and can be either a single or a multi-valued one + * * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ -public class LdapPublickeyAuthenticator extends LdapNetworkConnector implements PublickeyAuthenticator { - public static final String DEFAULT_USERNAME_ATTR_NAME = "uid"; - public static final String DEFAULT_AUTHENTICATION_MODE = "none"; +public class LdapPublickeyAuthenticator extends LdapAuthenticator implements PublickeyAuthenticator { public static final String DEFAULT_SEARCH_FILTER_PATTERN = DEFAULT_USERNAME_ATTR_NAME + "={0}"; + // this seems to be the most commonly used attribute name public static final String DEFAULT_PUBKEY_ATTR_NAME = "sshPublicKey"; private String keyAttributeName = DEFAULT_PUBKEY_ATTR_NAME; public LdapPublickeyAuthenticator() { - setAuthenticationMode(DEFAULT_AUTHENTICATION_MODE); setSearchFilterPattern(DEFAULT_SEARCH_FILTER_PATTERN); setRetrievedAttributes(DEFAULT_PUBKEY_ATTR_NAME); + setAccumulateMultiValues(true); // in case multiple keys registered } /** - * @return The LDAP attribute name containing the public key in {@code OpenSSH} format + * @return The LDAP attribute name containing the public key - assumed + * by default to be in {@code OpenSSH} format */ public String getKeyAttributeName() { return keyAttributeName; @@ -79,17 +90,120 @@ public class LdapPublickeyAuthenticator extends LdapNetworkConnector implements } } + /** + * @param username The SSH username attempting to authenticate + * @param expected The provided {@link PublicKey} + * @param session The {@link ServerSession} + * @param attrs The extracted LDAP attributes {@link Map} + * @return {@code true} whether to accept the presented public key + * @throws GeneralSecurityException If failed to recover the public key(s) + * @throws IOException If failed to parse the public key(s) data + * @see #recoverPublicKeys(String, PublicKey, ServerSession, Map, Object) + * @see #authenticate(String, PublicKey, ServerSession, Map, Collection) + */ protected boolean authenticate(String username, PublicKey expected, ServerSession session, Map<String, ?> attrs) throws GeneralSecurityException, IOException { String attrName = getKeyAttributeName(); - Object keyData = ValidateUtils.checkNotNull(attrs.get(attrName), "No data for attribute=%s", attrName); - PublicKey actual = recoverPublicKey(username, expected, session, keyData); - return KeyUtils.compareKeys(expected, actual); + Collection<PublicKey> keys = recoverPublicKeys(username, expected, session, attrs, attrs.get(attrName)); + return authenticate(username, expected, session, attrs, keys); + } + + /** + * @param username The SSH username attempting to authenticate + * @param expected The provided {@link PublicKey} + * @param session The {@link ServerSession} + * @param attrs The extracted LDAP attributes {@link Map} + * @param keys The {@link Collection} of recovered {@link PublicKey}s - may be {@code null}/empty + * @return {@code true} whether to accept the presented public key + */ + protected boolean authenticate(String username, PublicKey expected, ServerSession session, Map<String, ?> attrs, Collection<? extends PublicKey> keys) { + if (GenericUtils.isEmpty(keys)) { + if (log.isDebugEnabled()) { + log.debug("authenticate({}@{}) no registered keys", username, session); + } + return false; + } + + if (log.isDebugEnabled()) { + log.debug("authenticate({}@{}) check {} registered keys", username, session, keys.size()); + } + + for (PublicKey actual : keys) { + if (log.isTraceEnabled()) { + log.trace("authenticate({}@{}) expected={}-{}, actual={}-{}", + username, session, + KeyUtils.getKeyType(expected), KeyUtils.getFingerPrint(expected), + KeyUtils.getKeyType(actual), KeyUtils.getFingerPrint(actual)); + } + + if (KeyUtils.compareKeys(expected, actual)) { + return true; + } + } + + if (log.isDebugEnabled()) { + log.debug("authenticate({}@{}) no matching keys", username, session); + } + + return false; + } + + /** + * @param username The SSH username attempting to authenticate + * @param expected The provided {@link PublicKey} + * @param session The {@link ServerSession} + * @param attrs The extracted LDAP attributes {@link Map} + * @param keyData The value of the {@link #getKeyAttributeName()} attribute - may be {@code null}, + * a single object or a collection of such (if multi-valued attribute) + * @return A {@link List} of the recovered {@link PublicKey}s - may be {@code null}/empty + * @throws GeneralSecurityException If failed to recover the public key(s) + * @throws IOException If failed to parse the public key(s) data + * @see #parsePublicKeyValue(String, PublicKey, ServerSession, Map, Object) + */ + protected List<PublicKey> recoverPublicKeys(String username, PublicKey expected, ServerSession session, Map<String, ?> attrs, Object keyData) + throws GeneralSecurityException, IOException { + // handle case of multi-valued attribute + if (keyData instanceof Collection<?>) { + Collection<?> values = (Collection<?>) keyData; + List<PublicKey> keys = new ArrayList<PublicKey>(values.size()); + for (Object v : values) { + PublicKey k = parsePublicKeyValue(username, expected, session, attrs, v); + if (k == null) { + continue; // debug breakpoint + } + + keys.add(k); + } + + return keys; + } + + PublicKey k = parsePublicKeyValue(username, expected, session, attrs, keyData); + return (k == null) ? Collections.<PublicKey>emptyList() : Collections.singletonList(k); } - protected PublicKey recoverPublicKey(String username, PublicKey expected, ServerSession session, Object keyData) + /** + * @param username The SSH username attempting to authenticate + * @param expected The provided {@link PublicKey} + * @param session The {@link ServerSession} + * @param attrs The extracted LDAP attributes {@link Map} + * @param keyData One of the values (if multi-valued attribute) - may be {@code null} + * @return The extracted {@link PublicKey} or {@code null} if none available + * @throws GeneralSecurityException If failed to recover the public key + * @throws IOException If failed to parse the public key data + */ + protected PublicKey parsePublicKeyValue(String username, PublicKey expected, ServerSession session, Map<String, ?> attrs, Object keyData) throws GeneralSecurityException, IOException { + if (keyData == null) { + return null; + } + AuthorizedKeyEntry entry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(Objects.toString(keyData, null)); - return ValidateUtils.checkNotNull(entry, "No key extracted").resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKey key = ValidateUtils.checkNotNull(entry, "No key extracted").resolvePublicKey(PublicKeyEntryResolver.FAILING); + if (log.isTraceEnabled()) { + log.trace("parsePublicKeyValue({}@{}) {}-{}", + username, session, KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key)); + } + return key; } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/test/java/org/apache/sshd/server/auth/BaseAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/BaseAuthenticatorTest.java b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/BaseAuthenticatorTest.java index 2b60fb6..eb115ea 100644 --- a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/BaseAuthenticatorTest.java +++ b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/BaseAuthenticatorTest.java @@ -67,6 +67,18 @@ public abstract class BaseAuthenticatorTest extends BaseTestSupport { super(); } + public static String getHost(Pair<LdapServer, DirectoryService> context) { + return getHost((context == null) ? null : context.getFirst()); + } + + public static String getHost(LdapServer ldapServer) { + return getHost((ldapServer == null) ? null : ldapServer.getTransports()); + } + + public static String getHost(Transport ... transports) { + return GenericUtils.isEmpty(transports) ? null : transports[0].getAddress(); + } + public static int getPort(Pair<LdapServer, DirectoryService> context) { return getPort((context == null) ? null : context.getFirst()); } @@ -127,15 +139,6 @@ public abstract class BaseAuthenticatorTest extends BaseTestSupport { directoryService.setSystemPartition(systemPartition); } - // Create a new partition for the special extra attributes - { - JdbmPartition partition = new JdbmPartition(); - partition.setId("openssh-lpk"); - partition.setSuffix("cn=openssh-lpk,cn=schema,cn=config"); - partition.setPartitionDir(assertHierarchyTargetFolderExists(Utils.deleteRecursive(new File(workingDirectory, partition.getId())))); - directoryService.addPartition(partition); - } - // Create a new partition for the users { JdbmPartition partition = new JdbmPartition(); @@ -149,7 +152,7 @@ public abstract class BaseAuthenticatorTest extends BaseTestSupport { directoryService.getChangeLog().setEnabled(false); LdapServer ldapServer = new LdapServer(); - ldapServer.setTransports(new TcpTransport(PORT)); + ldapServer.setTransports(new TcpTransport(TEST_LOCALHOST, PORT)); ldapServer.setDirectoryService(directoryService); log.info("Starting directory service ..."); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/test/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticatorTest.java b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticatorTest.java index aa862ca..b7c2f2b 100644 --- a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticatorTest.java +++ b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/password/LdapPasswordAuthenticatorTest.java @@ -61,11 +61,14 @@ public class LdapPasswordAuthenticatorTest extends BaseAuthenticatorTest { @Test // the user's password is compared with the LDAP stored one public void testPasswordComparison() throws Exception { + Pair<LdapServer, DirectoryService> ldapContext = ldapContextHolder.get(); LdapPasswordAuthenticator auth = new LdapPasswordAuthenticator(); + auth.setHost(getHost(ldapContext)); + auth.setPort(getPort(ldapContext)); auth.setBaseDN(BASE_DN_TEST); - auth.setPort(getPort(ldapContextHolder.get())); ServerSession session = Mockito.mock(ServerSession.class); + outputDebugMessage("%s: %s", getCurrentTestName(), auth); for (Map.Entry<String, String> ue : usersMap.entrySet()) { String username = ue.getKey(); String password = ue.getValue(); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c66c6d42/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java index c697a56..7bf273f 100644 --- a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java +++ b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java @@ -77,13 +77,16 @@ public class LdapPublickeyAuthenticatorTest extends BaseAuthenticatorTest { @Test public void testPublicKeyComparison() throws Exception { + Pair<LdapServer, DirectoryService> ldapContext = ldapContextHolder.get(); LdapPublickeyAuthenticator auth = new LdapPublickeyAuthenticator(); + auth.setHost(getHost(ldapContext)); + auth.setPort(getPort(ldapContext)); auth.setBaseDN(BASE_DN_TEST); - auth.setPort(getPort(ldapContextHolder.get())); auth.setKeyAttributeName(TEST_ATTR_NAME); auth.setRetrievedAttributes(TEST_ATTR_NAME); ServerSession session = Mockito.mock(ServerSession.class); + outputDebugMessage("%s: %s", getCurrentTestName(), auth); for (Map.Entry<String, PublicKey> ke : keysMap.entrySet()) { String username = ke.getKey(); PublicKey key = ke.getValue();
