You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/08/28 16:26:58 UTC
svn commit: r263879 -
/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/
Author: erodriguez
Date: Sun Aug 28 07:26:49 2005
New Revision: 263879
URL: http://svn.apache.org/viewcvs?rev=263879&view=rev
Log:
Change Password protocol provider refactored to chain.
Added:
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java (with props)
directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java (with props)
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import java.net.InetAddress;
+
+import org.apache.changepw.messages.ChangePasswordReplyModifier;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.io.encoder.EncApRepPartEncoder;
+import org.apache.kerberos.io.encoder.EncKrbPrivPartEncoder;
+import org.apache.kerberos.messages.application.ApplicationReply;
+import org.apache.kerberos.messages.application.PrivateMessage;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.EncApRepPart;
+import org.apache.kerberos.messages.components.EncApRepPartModifier;
+import org.apache.kerberos.messages.components.EncKrbPrivPart;
+import org.apache.kerberos.messages.components.EncKrbPrivPartModifier;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.HostAddress;
+
+public class BuildReply extends CommandBase
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+ Authenticator authenticator = changepwContext.getAuthenticator();
+ Ticket ticket = changepwContext.getTicket();
+
+ // begin building reply
+
+ // create priv message
+ // user-data component is short result code
+ EncKrbPrivPartModifier modifier = new EncKrbPrivPartModifier();
+ byte[] resultCode = { (byte) 0x00, (byte) 0x00 };
+ modifier.setUserData( resultCode );
+
+ modifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );
+ EncKrbPrivPart privPart = modifier.getEncKrbPrivPart();
+
+ System.out.println( "Sender address " + privPart.getSenderAddress() );
+ System.out.println( "Recipient address " + privPart.getRecipientAddress() );
+ System.out.println( "Localhost address " + InetAddress.getLocalHost() );
+
+ EncKrbPrivPartEncoder encoder = new EncKrbPrivPartEncoder();
+ byte[] encodedPrivPart = encoder.encode( privPart );
+
+ // get the subsession key from the Authenticator
+ EncryptionKey subSessionKey = authenticator.getSubSessionKey();
+
+ EncryptedData encPrivPart = null;
+
+ try
+ {
+ EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( subSessionKey );
+ encPrivPart = engine.getEncryptedData( subSessionKey, encodedPrivPart );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ }
+
+ PrivateMessage privateMessage = new PrivateMessage( encPrivPart );
+
+ // Begin AP_REP generation
+ EncApRepPartModifier encApModifier = new EncApRepPartModifier();
+ encApModifier.setClientTime( authenticator.getClientTime() );
+ encApModifier.setClientMicroSecond( authenticator.getClientMicroSecond() );
+ encApModifier.setSequenceNumber( new Integer( authenticator.getSequenceNumber() ) );
+ encApModifier.setSubSessionKey( authenticator.getSubSessionKey() );
+
+ EncApRepPart repPart = encApModifier.getEncApRepPart();
+ EncApRepPartEncoder repEncoder = new EncApRepPartEncoder();
+ byte[] encodedRepPart = repEncoder.encode( repPart );
+
+ EncryptedData encRepPart = null;
+
+ try
+ {
+ EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( ticket.getSessionKey() );
+ encRepPart = engine.getEncryptedData( ticket.getSessionKey(), encodedRepPart );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ }
+ ApplicationReply appReply = new ApplicationReply( encRepPart );
+
+ // return status message value object
+ ChangePasswordReplyModifier replyModifier = new ChangePasswordReplyModifier();
+ replyModifier.setApplicationReply( appReply );
+ replyModifier.setPrivateMessage( privateMessage );
+
+ changepwContext.setReply( replyModifier.getChangePasswordReply() );
+
+ return STOP_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.kerberos.chain.impl.ChainBase;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Kerberos Change Password and Set Password Protocols (RFC 3244)
+ */
+public class ChangePasswordChain extends ChainBase
+{
+ /** the logger for this class */
+ private static final Logger log = LoggerFactory.getLogger( ChangePasswordChain.class );
+
+ public ChangePasswordChain()
+ {
+ super();
+ log.debug( "Change password processing begun" );
+ addCommand( new ChangePasswordExceptionHandler() );
+ //addCommand( new MonitorRequest() );
+ addCommand( new ConfigureChangePasswordChain() );
+ addCommand( new GetAuthHeader() );
+ addCommand( new VerifyServiceTicket() );
+ addCommand( new GetServerEntry() );
+ addCommand( new VerifyServiceTicketAuthHeader() );
+ addCommand( new ProcessPasswordChange() );
+ addCommand( new BuildReply() );
+ //addCommand( new MonitorReply() );
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.AbstractPasswordMessage;
+import org.apache.kerberos.chain.impl.ContextBase;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.replay.ReplayCache;
+import org.apache.kerberos.store.PrincipalStore;
+import org.apache.kerberos.store.PrincipalStoreEntry;
+
+public class ChangePasswordContext extends ContextBase
+{
+ private ChangePasswordConfiguration config;
+ private PrincipalStore store;
+ private AbstractPasswordMessage request;
+ private AbstractPasswordMessage reply;
+
+ private ApplicationRequest authHeader;
+ private Ticket ticket;
+ private Authenticator authenticator;
+ private PrincipalStoreEntry serverEntry;
+ private ReplayCache replayCache;
+
+ /**
+ * @return Returns the replayCache.
+ */
+ public ReplayCache getReplayCache()
+ {
+ return replayCache;
+ }
+
+ /**
+ * @param replayCache The replayCache to set.
+ */
+ public void setReplayCache( ReplayCache replayCache )
+ {
+ this.replayCache = replayCache;
+ }
+
+ /**
+ * @return Returns the serverEntry.
+ */
+ public PrincipalStoreEntry getServerEntry()
+ {
+ return serverEntry;
+ }
+
+ /**
+ * @param serverEntry The serverEntry to set.
+ */
+ public void setServerEntry( PrincipalStoreEntry serverEntry )
+ {
+ this.serverEntry = serverEntry;
+ }
+
+ /**
+ * @return Returns the config.
+ */
+ public ChangePasswordConfiguration getConfig()
+ {
+ return config;
+ }
+
+ /**
+ * @param config The config to set.
+ */
+ public void setConfig( ChangePasswordConfiguration config )
+ {
+ this.config = config;
+ }
+
+ /**
+ * @return Returns the reply.
+ */
+ public AbstractPasswordMessage getReply()
+ {
+ return reply;
+ }
+
+ /**
+ * @param reply The reply to set.
+ */
+ public void setReply( AbstractPasswordMessage reply )
+ {
+ this.reply = reply;
+ }
+
+ /**
+ * @return Returns the request.
+ */
+ public AbstractPasswordMessage getRequest()
+ {
+ return request;
+ }
+
+ /**
+ * @param request The request to set.
+ */
+ public void setRequest( AbstractPasswordMessage request )
+ {
+ this.request = request;
+ }
+
+ /**
+ * @return Returns the store.
+ */
+ public PrincipalStore getStore()
+ {
+ return store;
+ }
+
+ /**
+ * @param store The store to set.
+ */
+ public void setStore( PrincipalStore store )
+ {
+ this.store = store;
+ }
+
+ /**
+ * @return Returns the authenticator.
+ */
+ public Authenticator getAuthenticator()
+ {
+ return authenticator;
+ }
+
+ /**
+ * @param authenticator The authenticator to set.
+ */
+ public void setAuthenticator( Authenticator authenticator )
+ {
+ this.authenticator = authenticator;
+ }
+
+ /**
+ * @return Returns the authHeader.
+ */
+ public ApplicationRequest getAuthHeader()
+ {
+ return authHeader;
+ }
+
+ /**
+ * @param authHeader The authHeader to set.
+ */
+ public void setAuthHeader( ApplicationRequest authHeader )
+ {
+ this.authHeader = authHeader;
+ }
+
+ /**
+ * @return Returns the ticket.
+ */
+ public Ticket getTicket()
+ {
+ return ticket;
+ }
+
+ /**
+ * @param ticket The ticket to set.
+ */
+ public void setTicket( Ticket ticket )
+ {
+ this.ticket = ticket;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordErrorModifier;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.messages.ErrorMessage;
+import org.apache.kerberos.service.ErrorMessageHandler;
+
+public class ChangePasswordExceptionHandler extends ErrorMessageHandler
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ return CONTINUE_CHAIN;
+ }
+
+ public boolean postprocess( Context context, Exception exception )
+ {
+ if ( exception == null )
+ {
+ return CONTINUE_CHAIN;
+ }
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+ ChangePasswordConfiguration config = changepwContext.getConfig();
+ KerberosException ke = (KerberosException) exception;
+
+ System.out.println( "Exception " + exception.getMessage() + " occurred." );
+
+ ErrorMessage errorMessage = getErrorMessage( config.getChangepwPrincipal(), ke );
+
+ ChangePasswordErrorModifier modifier = new ChangePasswordErrorModifier();
+ modifier.setErrorMessage( errorMessage );
+
+ changepwContext.setReply( modifier.getChangePasswordError() );
+
+ return STOP_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.replay.InMemoryReplayCache;
+import org.apache.kerberos.replay.ReplayCache;
+
+public class ConfigureChangePasswordChain extends CommandBase
+{
+ private static final ReplayCache replayCache = new InMemoryReplayCache();
+
+ public boolean execute( Context context ) throws Exception
+ {
+ System.out.println( "Configuring change password chain." );
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+ changepwContext.setReplayCache( replayCache );
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordRequest;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Ticket;
+
+/*
+ * differs from the TGS getAuthHeader by not verifying the presence of TGS_REQ
+ */
+public class GetAuthHeader extends CommandBase
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ System.out.println( "Extracting authentication header." );
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+ ChangePasswordRequest request = (ChangePasswordRequest) changepwContext.getRequest();
+
+ ApplicationRequest authHeader = request.getAuthHeader();
+ Ticket ticket = authHeader.getTicket();
+
+ changepwContext.setAuthHeader( authHeader );
+ changepwContext.setTicket( ticket );
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.ErrorType;
+import org.apache.kerberos.service.GetPrincipalStoreEntry;
+import org.apache.kerberos.store.PrincipalStore;
+
+public class GetServerEntry extends GetPrincipalStoreEntry
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ System.out.println( "Getting server entry." );
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+ KerberosPrincipal principal = changepwContext.getTicket().getServerPrincipal();
+ PrincipalStore store = changepwContext.getStore();
+
+ changepwContext.setServerEntry( getEntry( principal, store,
+ ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordReply;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.application.ApplicationReply;
+import org.apache.kerberos.messages.application.PrivateMessage;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MonitorReply extends CommandBase
+{
+ /** the log for this class */
+ private static final Logger log = LoggerFactory.getLogger( MonitorReply.class );
+
+ public boolean execute( Context context ) throws Exception
+ {
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+ ChangePasswordReply reply = (ChangePasswordReply) changepwContext.getReply();
+ short authHeaderLength = reply.getAuthHeaderLength();
+ short messageLength = reply.getMessageLength();
+ short versionNumber = reply.getVersionNumber();
+ ApplicationReply appReply = reply.getApplicationReply();
+ PrivateMessage priv = reply.getPrivateMessage();
+
+ if ( log.isDebugEnabled() )
+ {
+ StringBuffer sb = new StringBuffer();
+ sb.append( "Responding to change password request:" );
+ sb.append( "\n\t" + "authHeaderLength " + authHeaderLength );
+ sb.append( "\n\t" + "messageLength " + messageLength );
+ sb.append( "\n\t" + "versionNumber " + versionNumber );
+ sb.append( "\n\t" + "appReply " + appReply );
+ sb.append( "\n\t" + "priv " + priv );
+
+ log.debug( sb.toString() );
+ }
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordRequest;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.replay.ReplayCache;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MonitorRequest extends CommandBase
+{
+ /** the log for this class */
+ private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class );
+
+ public boolean execute( Context context ) throws Exception
+ {
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+ ChangePasswordRequest request = (ChangePasswordRequest) changepwContext.getRequest();
+ short authHeaderLength = request.getAuthHeaderLength();
+ short messageLength = request.getMessageLength();
+ short versionNumber = request.getVersionNumber();
+
+ ApplicationRequest authHeader = changepwContext.getAuthHeader();
+ Ticket ticket = changepwContext.getTicket();
+ EncryptionKey serverKey = changepwContext.getServerEntry().getEncryptionKey();
+ long clockSkew = changepwContext.getConfig().getClockSkew();
+ ReplayCache replayCache = changepwContext.getReplayCache();
+ String principal = changepwContext.getServerEntry().getPrincipal().getName();
+
+ if ( log.isDebugEnabled() )
+ {
+ StringBuffer sb = new StringBuffer();
+ sb.append( "Responding to change password request:" );
+ sb.append( "\n\t" + "authHeaderLength " + authHeaderLength );
+ sb.append( "\n\t" + "messageLength " + messageLength );
+ sb.append( "\n\t" + "versionNumber " + versionNumber );
+ sb.append( "\n\t" + "authHeader " + authHeader );
+ sb.append( "\n\t" + "ticket " + ticket );
+ sb.append( "\n\t" + "principal " + principal );
+ sb.append( "\n\t" + "serverKey " + serverKey );
+ sb.append( "\n\t" + "clockSkew " + clockSkew );
+ sb.append( "\n\t" + "replayCache " + replayCache );
+
+ log.debug( sb.toString() );
+ }
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.changepw.exceptions.ChangePasswordException;
+import org.apache.changepw.exceptions.ErrorType;
+import org.apache.changepw.io.ChangePasswordDataDecoder;
+import org.apache.changepw.messages.ChangePasswordRequest;
+import org.apache.changepw.value.ChangePasswordData;
+import org.apache.changepw.value.ChangePasswordDataModifier;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.io.decoder.EncKrbPrivPartDecoder;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.EncKrbPrivPart;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.store.PrincipalStore;
+import org.apache.kerberos.store.operations.ChangePassword;
+
+public class ProcessPasswordChange extends CommandBase
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ System.out.println( "Processing password change." );
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+ ChangePasswordRequest request = (ChangePasswordRequest) changepwContext.getRequest();
+ PrincipalStore store = changepwContext.getStore();
+ Authenticator authenticator = changepwContext.getAuthenticator();
+ Ticket ticket = changepwContext.getTicket();
+
+ System.out.println( "Ticket principal " + ticket.getServerPrincipal() );
+
+ // TODO - check ticket is for service authorized to change passwords
+ // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName()));
+
+ // TODO - check client principal in ticket is authorized to change password
+
+ // get the subsession key from the Authenticator
+ EncryptionKey subSessionKey = authenticator.getSubSessionKey();
+
+ // getDecryptedData the request's private message with the subsession key
+ EncryptedData encReqPrivPart = request.getPrivateMessage().getEncryptedPart();
+ EncKrbPrivPart privatePart;
+ try
+ {
+ EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( subSessionKey );
+
+ byte[] decPrivPart = engine.getDecryptedData( subSessionKey, encReqPrivPart );
+
+ EncKrbPrivPartDecoder privDecoder = new EncKrbPrivPartDecoder();
+ privatePart = privDecoder.decode( decPrivPart );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_AUTHERROR );
+ }
+
+ ChangePasswordData passwordData = null;
+
+ if ( request.getVersionNumber() == (short) 1 )
+ {
+ // Use protocol version 0x0001, the legacy Kerberos change password protocol
+ ChangePasswordDataModifier modifier = new ChangePasswordDataModifier();
+ modifier.setNewPassword( privatePart.getUserData() );
+ passwordData = modifier.getChangePasswdData();
+ }
+ else
+ {
+ // Use protocol version 0xFF80, the backwards-compatible MS protocol
+ ChangePasswordDataDecoder passwordDecoder = new ChangePasswordDataDecoder();
+ passwordData = passwordDecoder.decodeChangePasswordData( privatePart.getUserData() );
+ }
+
+ // usec and seq-number must be present per MS but aren't in legacy kpasswd
+ // seq-number must have same value as authenticator
+ // ignore r-address
+
+ // generate key from password
+ String password = new String( passwordData.getPassword() );
+ KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
+ KerberosKey newKey = new KerberosKey( clientPrincipal, password.toCharArray(), "DES" );
+
+ System.out.println( "Got client principal " + clientPrincipal );
+ System.out.println( "Got client password " + password );
+
+ // store password in database
+ try
+ {
+ String principalName = (String) store.execute( new ChangePassword( clientPrincipal,
+ newKey ) );
+ System.out.println( "Successfully modified principal " + principalName );
+ }
+ catch ( Exception e )
+ {
+ e.printStackTrace();
+ }
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.service.VerifyTicket;
+
+public class VerifyServiceTicket extends VerifyTicket
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ System.out.println( "Verifying service ticket." );
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+ ChangePasswordConfiguration config = changepwContext.getConfig();
+ Ticket ticket = changepwContext.getTicket();
+ String primaryRealm = config.getPrimaryRealm();
+ KerberosPrincipal changepwPrincipal = config.getChangepwPrincipal();
+
+ verifyTicket( ticket, primaryRealm, changepwPrincipal );
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java (added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java Sun Aug 28 07:26:49 2005
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.replay.ReplayCache;
+import org.apache.kerberos.service.VerifyAuthHeader;
+
+public class VerifyServiceTicketAuthHeader extends VerifyAuthHeader
+{
+ public boolean execute( Context context ) throws Exception
+ {
+ System.out.println( "Verifying service ticket's authentication header." );
+
+ ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+ ApplicationRequest authHeader = changepwContext.getAuthHeader();
+ Ticket ticket = changepwContext.getTicket();
+ EncryptionKey serverKey = changepwContext.getServerEntry().getEncryptionKey();
+ long clockSkew = changepwContext.getConfig().getClockSkew();
+ ReplayCache replayCache = changepwContext.getReplayCache();
+
+ Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew,
+ replayCache );
+
+ changepwContext.setAuthenticator( authenticator );
+
+ return CONTINUE_CHAIN;
+ }
+}
Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
------------------------------------------------------------------------------
svn:eol-style = native