From 40f4d52838c974e2a22336c2cea8e087d9f9e558 Mon Sep 17 00:00:00 2001 From: Jacek Poreda Date: Wed, 26 Jul 2023 10:50:13 +0200 Subject: [PATCH] SONAR-14222 Allow to configure sasl QoP in LDAP context --- .../auth/ldap/DefaultLdapAuthenticatorIT.java | 9 +++++++-- .../org/sonar/auth/ldap/LdapContextFactory.java | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java b/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java index e9264d06275..507cb1d611d 100644 --- a/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java +++ b/server/sonar-auth-ldap/src/it/java/org/sonar/auth/ldap/DefaultLdapAuthenticatorIT.java @@ -21,6 +21,7 @@ package org.sonar.auth.ldap; import org.junit.ClassRule; import org.junit.Test; +import org.sonar.api.config.internal.MapSettings; import org.sonar.api.server.http.HttpRequest; import org.sonar.auth.ldap.server.LdapServer; @@ -115,8 +116,12 @@ public class DefaultLdapAuthenticatorIT { @Test public void testSasl() { - LdapSettingsManager settingsManager = new LdapSettingsManager( - LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_CRAM_MD5).asConfig()); + MapSettings mapSettings = LdapSettingsFactory.generateAuthenticationSettings(exampleServer, null, LdapContextFactory.AUTH_METHOD_DIGEST_MD5); + //set sasl QoP properties as per https://docs.oracle.com/javase/jndi/tutorial/ldap/security/digest.html + mapSettings.setProperty("ldap.saslQop", "auth") + .setProperty("ldap.saslStrength", "high") + .setProperty("ldap.saslMaxbuf", "16384"); + LdapSettingsManager settingsManager = new LdapSettingsManager(mapSettings.asConfig()); DefaultLdapAuthenticator authenticator = new DefaultLdapAuthenticator(settingsManager.getContextFactories(), settingsManager.getUserMappings()); LdapAuthenticationResult user1Success = authenticator.doAuthenticate(createContext("godin", "secret1")); diff --git a/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java b/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java index abe882e62c1..c4084d173e1 100644 --- a/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java +++ b/server/sonar-auth-ldap/src/main/java/org/sonar/auth/ldap/LdapContextFactory.java @@ -73,6 +73,9 @@ public class LdapContextFactory { private final String password; private final String realm; private final String referral; + private final String saslQop; + private final String saslStrength; + private final String saslMaxbuf; public LdapContextFactory(org.sonar.api.config.Configuration config, String settingsPrefix, String ldapUrl) { this.authentication = StringUtils.defaultString(config.get(settingsPrefix + ".authentication").orElse(null), DEFAULT_AUTHENTICATION); @@ -83,6 +86,9 @@ public class LdapContextFactory { this.username = config.get(settingsPrefix + ".bindDn").orElse(null); this.password = config.get(settingsPrefix + ".bindPassword").orElse(null); this.referral = getReferralsMode(config, settingsPrefix + ".followReferrals"); + this.saslQop = config.get(settingsPrefix + ".saslQop").orElse(null); + this.saslStrength = config.get(settingsPrefix + ".saslStrength").orElse(null); + this.saslMaxbuf = config.get(settingsPrefix + ".saslMaxbuf").orElse(null); } /** @@ -179,6 +185,16 @@ public class LdapContextFactory { if (principal != null) { env.put(Context.SECURITY_PRINCIPAL, principal); } + if (saslQop != null) { + env.put("javax.security.sasl.qop", saslQop); + } + if (saslStrength != null) { + env.put("javax.security.sasl.strength", saslStrength); + } + if (saslMaxbuf != null) { + env.put("javax.security.sasl.maxbuf", saslMaxbuf); + } + // Note: debug is intentionally was placed here - in order to not expose password in log LOG.debug("Initializing LDAP context {}", env); if (credentials != null) { -- 2.39.5