You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2006/05/05 06:52:32 UTC
svn commit: r399961 - in /directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared: messages/value/ store/ store/operations/

Author: akarasulu
Date: Thu May  4 21:52:31 2006
New Revision: 399961

URL: http://svn.apache.org/viewcvs?rev=399961&view=rev
Log:
Added account disable, lock out, and expiration time to PrincipalStoreEntry and
related classes to be able to trigger error code 18 messages from the KDC.


Modified:
    directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java
    directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java
    directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
    directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
    directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java

Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/KerberosTime.java Thu May  4 21:52:31 2006
@@ -17,6 +17,7 @@
 package org.apache.directory.server.kerberos.shared.messages.value;
 
 
+import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.TimeZone;
@@ -57,7 +58,14 @@
         kerberosTime = time.getTime();
     }
 
+    
+    public static KerberosTime getTime( String zuluTime ) throws ParseException
+    {
+        Date date = dateFormat.parse( zuluTime );
+        return new KerberosTime( date );
+    }
 
+    
     public int compareTo( Object o )
     {
         final int BEFORE = -1;

Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/KerberosAttribute.java Thu May  4 21:52:31 2006
@@ -33,4 +33,10 @@
     public static final String VERSION = "krb5KeyVersionNumber";
     /** the Apache specific SAM type attribute */
     public static final String SAM_TYPE = "apacheSamType";
+    /** the disabled boolean LDAP attribute for a Kerberos account */
+    public static final String ACCOUNT_DISABLED = "krb5AccountDisabled";
+    /** the lockedout boolean LDAP attribute for a Kerberos account */
+    public static final String ACCOUNT_LOCKEDOUT = "krb5AccountLockedOut";
+    /** the expiration time attribute LDAP attribute for a Kerberos account */
+    public static final String ACCOUNT_EXPIRATION_TIME = "krb5AccountExpirationTime";
 }

Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java Thu May  4 21:52:31 2006
@@ -44,11 +44,15 @@
     private int kdcFlags;
     private SamType samType;
     private EncryptionKey key;
+    private boolean disabled;
+    private boolean lockedOut;
+    private KerberosTime expiration;
 
 
     PrincipalStoreEntry(String commonName, String userId, KerberosPrincipal principal, int keyVersionNumber,
         KerberosTime validStart, KerberosTime validEnd, KerberosTime passwordEnd, int maxLife, int maxRenew,
-        int kdcFlags, int keyType, byte[] key, String realmName, SamType samType)
+        int kdcFlags, int keyType, byte[] key, String realmName, SamType samType, boolean disabled, 
+        boolean lockedOut, KerberosTime expiration )
     {
         this.commonName = commonName;
         this.userId = userId;
@@ -60,12 +64,31 @@
         this.maxRenew = maxRenew;
         this.kdcFlags = kdcFlags;
         this.realmName = realmName;
-
+        this.disabled = disabled;
+        this.lockedOut = lockedOut;
+        this.expiration = expiration;
         this.samType = samType;
-
         this.key = new EncryptionKey( EncryptionType.getTypeByOrdinal( keyType ), key, keyVersionNumber );
     }
 
+    
+    public boolean isDisabled()
+    {
+        return disabled;
+    }
+    
+    
+    public boolean isLockedOut()
+    {
+        return lockedOut;
+    }
+    
+    
+    public KerberosTime getExpiration()
+    {
+        return expiration;
+    }
+    
 
     public String getCommonName()
     {

Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java Thu May  4 21:52:31 2006
@@ -46,15 +46,37 @@
     private int encryptionType;
     private SamType samType;
     private byte[] key;
+    private boolean disabled = false;
+    private boolean lockedOut = false;
+    private KerberosTime expiration = KerberosTime.INFINITY;
 
 
     public PrincipalStoreEntry getEntry()
     {
         return new PrincipalStoreEntry( commonName, userId, principal, keyVersionNumber, validStart, validEnd,
-            passwordEnd, maxLife, maxRenew, kdcFlags, encryptionType, key, realmName, samType );
+            passwordEnd, maxLife, maxRenew, kdcFlags, encryptionType, key, realmName, samType, 
+            disabled, lockedOut, expiration );
     }
 
+    
+    public void setDisabled( boolean disabled )
+    {
+        this.disabled = disabled;
+    }
+    
+    
+    public void setLockedOut( boolean lockedOut )
+    {
+        this.lockedOut = lockedOut;
+    }
+    
+    
+    public void setExpiration( KerberosTime expiration )
+    {
+        this.expiration = expiration;
+    }
 
+    
     public void setCommonName( String commonName )
     {
         this.commonName = commonName;

Modified: directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java
URL: http://svn.apache.org/viewcvs/directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java?rev=399961&r1=399960&r2=399961&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java (original)
+++ directory/branches/apacheds/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java Thu May  4 21:52:31 2006
@@ -17,6 +17,8 @@
 package org.apache.directory.server.kerberos.shared.store.operations;
 
 
+import java.text.ParseException;
+
 import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
@@ -24,9 +26,11 @@
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
+import javax.naming.directory.InvalidAttributeValueException;
 import javax.naming.directory.SearchResult;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -70,7 +74,8 @@
 
         String[] attrIDs =
             { KerberosAttribute.PRINCIPAL, KerberosAttribute.VERSION, KerberosAttribute.TYPE, KerberosAttribute.KEY,
-                KerberosAttribute.SAM_TYPE };
+                KerberosAttribute.SAM_TYPE, KerberosAttribute.ACCOUNT_DISABLED, 
+                KerberosAttribute.ACCOUNT_EXPIRATION_TIME, KerberosAttribute.ACCOUNT_LOCKEDOUT };
 
         Attributes matchAttrs = new BasicAttributes( false ); // case-sensitive
         matchAttrs.put( new BasicAttribute( KerberosAttribute.PRINCIPAL, principal.getName() ) );
@@ -117,6 +122,33 @@
         String principal = ( String ) attrs.get( KerberosAttribute.PRINCIPAL ).get();
         String encryptionType = ( String ) attrs.get( KerberosAttribute.TYPE ).get();
         String keyVersionNumber = ( String ) attrs.get( KerberosAttribute.VERSION ).get();
+
+        if ( attrs.get( KerberosAttribute.ACCOUNT_DISABLED ) != null )
+        {
+            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_DISABLED ).get(); 
+            modifier.setDisabled( Boolean.parseBoolean( val.toLowerCase() ) );
+        }
+
+        if ( attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ) != null )
+        {
+            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ).get(); 
+            modifier.setLockedOut( Boolean.parseBoolean( val.toLowerCase() ) );
+        }
+        
+        if ( attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ) != null )
+        {
+            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ).get(); 
+            try
+            {
+                modifier.setExpiration( KerberosTime.getTime( val ) );
+            }
+            catch ( ParseException e )
+            {
+                throw new InvalidAttributeValueException( "Account expiration attribute " +
+                    KerberosAttribute.ACCOUNT_EXPIRATION_TIME 
+                    + " contained an invalid value for generalizedTime: " + val );
+            }
+        }
 
         if ( attrs.get( KerberosAttribute.SAM_TYPE ) != null )
         {