You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2006/05/05 06:52:32 UTC
svn commit: r399961 - in
/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared:
messages/value/ store/ store/operations/
Author: akarasulu
Date: Thu May 4 21:52:31 2006
New Revision: 399961
URL: http://svn.apache.org/viewcvs?rev=399961&view=rev
Log:
Added account disable, lock out, and expiration time to PrincipalStoreEntry and
related classes to be able to trigger error code 18 messages from the KDC.
Modified:
directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java
directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java
directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java
Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java Thu May 4 21:52:31 2006
@@ -17,6 +17,7 @@
package org.apache.directory.server.kerberos.shared.messages.value;
+import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
@@ -57,7 +58,14 @@
kerberosTime = time.getTime();
}
+
+ public static KerberosTime getTime( String zuluTime ) throws ParseException
+ {
+ Date date = dateFormat.parse( zuluTime );
+ return new KerberosTime( date );
+ }
+
public int compareTo( Object o )
{
final int BEFORE = -1;
Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java Thu May 4 21:52:31 2006
@@ -33,4 +33,10 @@
public static final String VERSION = "krb5KeyVersionNumber";
/** the Apache specific SAM type attribute */
public static final String SAM_TYPE = "apacheSamType";
+ /** the disabled boolean LDAP attribute for a Kerberos account */
+ public static final String ACCOUNT_DISABLED = "krb5AccountDisabled";
+ /** the lockedout boolean LDAP attribute for a Kerberos account */
+ public static final String ACCOUNT_LOCKEDOUT = "krb5AccountLockedOut";
+ /** the expiration time attribute LDAP attribute for a Kerberos account */
+ public static final String ACCOUNT_EXPIRATION_TIME = "krb5AccountExpirationTime";
}
Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java Thu May 4 21:52:31 2006
@@ -44,11 +44,15 @@
private int kdcFlags;
private SamType samType;
private EncryptionKey key;
+ private boolean disabled;
+ private boolean lockedOut;
+ private KerberosTime expiration;
PrincipalStoreEntry(String commonName, String userId, KerberosPrincipal principal, int keyVersionNumber,
KerberosTime validStart, KerberosTime validEnd, KerberosTime passwordEnd, int maxLife, int maxRenew,
- int kdcFlags, int keyType, byte[] key, String realmName, SamType samType)
+ int kdcFlags, int keyType, byte[] key, String realmName, SamType samType, boolean disabled,
+ boolean lockedOut, KerberosTime expiration )
{
this.commonName = commonName;
this.userId = userId;
@@ -60,12 +64,31 @@
this.maxRenew = maxRenew;
this.kdcFlags = kdcFlags;
this.realmName = realmName;
-
+ this.disabled = disabled;
+ this.lockedOut = lockedOut;
+ this.expiration = expiration;
this.samType = samType;
-
this.key = new EncryptionKey( EncryptionType.getTypeByOrdinal( keyType ), key, keyVersionNumber );
}
+
+ public boolean isDisabled()
+ {
+ return disabled;
+ }
+
+
+ public boolean isLockedOut()
+ {
+ return lockedOut;
+ }
+
+
+ public KerberosTime getExpiration()
+ {
+ return expiration;
+ }
+
public String getCommonName()
{
Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java Thu May 4 21:52:31 2006
@@ -46,15 +46,37 @@
private int encryptionType;
private SamType samType;
private byte[] key;
+ private boolean disabled = false;
+ private boolean lockedOut = false;
+ private KerberosTime expiration = KerberosTime.INFINITY;
public PrincipalStoreEntry getEntry()
{
return new PrincipalStoreEntry( commonName, userId, principal, keyVersionNumber, validStart, validEnd,
- passwordEnd, maxLife, maxRenew, kdcFlags, encryptionType, key, realmName, samType );
+ passwordEnd, maxLife, maxRenew, kdcFlags, encryptionType, key, realmName, samType,
+ disabled, lockedOut, expiration );
}
+
+ public void setDisabled( boolean disabled )
+ {
+ this.disabled = disabled;
+ }
+
+
+ public void setLockedOut( boolean lockedOut )
+ {
+ this.lockedOut = lockedOut;
+ }
+
+
+ public void setExpiration( KerberosTime expiration )
+ {
+ this.expiration = expiration;
+ }
+
public void setCommonName( String commonName )
{
this.commonName = commonName;
Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java Thu May 4 21:52:31 2006
@@ -17,6 +17,8 @@
package org.apache.directory.server.kerberos.shared.store.operations;
+import java.text.ParseException;
+
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -24,9 +26,11 @@
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
+import javax.naming.directory.InvalidAttributeValueException;
import javax.naming.directory.SearchResult;
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.messages.value.SamType;
import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -70,7 +74,8 @@
String[] attrIDs =
{ KerberosAttribute.PRINCIPAL, KerberosAttribute.VERSION, KerberosAttribute.TYPE, KerberosAttribute.KEY,
- KerberosAttribute.SAM_TYPE };
+ KerberosAttribute.SAM_TYPE, KerberosAttribute.ACCOUNT_DISABLED,
+ KerberosAttribute.ACCOUNT_EXPIRATION_TIME, KerberosAttribute.ACCOUNT_LOCKEDOUT };
Attributes matchAttrs = new BasicAttributes( false ); // case-sensitive
matchAttrs.put( new BasicAttribute( KerberosAttribute.PRINCIPAL, principal.getName() ) );
@@ -117,6 +122,33 @@
String principal = ( String ) attrs.get( KerberosAttribute.PRINCIPAL ).get();
String encryptionType = ( String ) attrs.get( KerberosAttribute.TYPE ).get();
String keyVersionNumber = ( String ) attrs.get( KerberosAttribute.VERSION ).get();
+
+ if ( attrs.get( KerberosAttribute.ACCOUNT_DISABLED ) != null )
+ {
+ String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_DISABLED ).get();
+ modifier.setDisabled( Boolean.parseBoolean( val.toLowerCase() ) );
+ }
+
+ if ( attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ) != null )
+ {
+ String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ).get();
+ modifier.setLockedOut( Boolean.parseBoolean( val.toLowerCase() ) );
+ }
+
+ if ( attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ) != null )
+ {
+ String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ).get();
+ try
+ {
+ modifier.setExpiration( KerberosTime.getTime( val ) );
+ }
+ catch ( ParseException e )
+ {
+ throw new InvalidAttributeValueException( "Account expiration attribute " +
+ KerberosAttribute.ACCOUNT_EXPIRATION_TIME
+ + " contained an invalid value for generalizedTime: " + val );
+ }
+ }
if ( attrs.get( KerberosAttribute.SAM_TYPE ) != null )
{