You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2004/11/02 08:18:08 UTC
svn commit: rev 56363 - incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store
Author: erodriguez
Date: Mon Nov 1 23:18:07 2004
New Revision: 56363
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/LdapPasswordStore.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/PasswordStore.java
Log:
New store interface and LDAP implementation for change password service.
Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/LdapPasswordStore.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/LdapPasswordStore.java Mon Nov 1 23:18:07 2004
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.changepw.store;
+
+import org.apache.kerberos.kdc.*;
+import org.apache.kerberos.kdc.jaas.*;
+import org.apache.kerberos.kdc.store.*;
+import org.apache.kerberos.messages.value.*;
+
+import java.security.*;
+
+import javax.naming.*;
+import javax.naming.directory.*;
+import javax.security.auth.*;
+import javax.security.auth.kerberos.*;
+import javax.security.auth.login.*;
+
+public class LdapPasswordStore implements PasswordStore {
+
+ public static final String PRINCIPAL_NAME = "krb5PrincipalName";
+ public static final String KEY_VERSION_NUMBER = "krb5KeyVersionNumber";
+ public static final String MAX_LIFE = "krb5MaxLife";
+ public static final String MAX_RENEW = "krb5MaxRenew";
+ public static final String KDC_FLAGS = "krb5KDCFlags";
+ public static final String ENCRYPTION_TYPE = "krb5EncryptionType";
+ public static final String VALID_START = "krb5ValidStart";
+ public static final String VALID_END = "krb5ValidEnd";
+ public static final String PASSWORD_END = "krb5PasswordEnd";
+ public static final String KEY = "krb5Key";
+ public static final String PRINCIPAL_REALM = "krb5PrincipalRealm";
+ public static final String REALM_NAME = "krb5RealmName";
+
+ private KdcConfiguration _config;
+ private BootstrapStore _bootstrap;
+ private Subject _subject;
+
+ public LdapPasswordStore(KdcConfiguration config, BootstrapStore bootstrap) {
+ _config = config;
+ _bootstrap = bootstrap;
+ }
+
+ public void init() {
+
+ _subject = new Subject();
+
+ KerberosPrincipal principal = _config.getChangepwPrincipal();
+ EncryptionKey entry = _bootstrap.getEntry(principal).getEncryptionKey();
+
+ KerberosKey key = new KerberosKey(principal, entry.getKeyValue(),
+ entry.getKeyType().getOrdinal(), entry.getKeyVersion());
+
+ _subject.getPrincipals().add(principal);
+ _subject.getPrivateCredentials().add(key);
+
+ Configuration.setConfiguration(new Krb5Configuration());
+
+ LoginContext lc = null;
+ try {
+ lc = new LoginContext(LdapPasswordStore.class.getName(), _subject);
+ lc.login();
+ } catch (LoginException le) {
+ System.err.println("Authentication attempt failed" + le);
+ }
+ }
+
+ public String changePassword(KerberosPrincipal principal, byte[] newKey) {
+ return (String)Subject.doAs(_subject, new JaasLdapLookupAction(_config, principal, newKey));
+ }
+}
+
+class JaasLdapLookupAction implements PrivilegedAction {
+
+ private KdcConfiguration _config;
+ private KerberosPrincipal _principal;
+ private byte[] _newKey;
+ private String _name;
+
+ public JaasLdapLookupAction(KdcConfiguration config, KerberosPrincipal principal, byte[] newKey) {
+ _config = config;
+ _principal = principal;
+ _newKey = newKey;
+ }
+
+ public Object run() {
+ performJndiOperation();
+ return _name;
+ }
+
+ private void performJndiOperation() {
+
+ try {
+ DirContext ctx = new InitialDirContext(_config.getProperties());
+
+ search(ctx);
+
+ ModificationItem[] mods = new ModificationItem[1];
+ mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
+ new BasicAttribute("krb5key", _newKey));
+ ctx.modifyAttributes(_name, mods);
+
+ ctx.close();
+ } catch (NamingException e) {
+ _name = null;
+ e.printStackTrace();
+ }
+ }
+
+ private void search(DirContext ctx) throws NamingException {
+
+ String[] attrIDs = {LdapPasswordStore.PRINCIPAL_NAME, LdapPasswordStore.KEY_VERSION_NUMBER,
+ LdapPasswordStore.ENCRYPTION_TYPE, LdapPasswordStore.KEY};
+
+ Attributes matchAttrs = new BasicAttributes(false); // case-sensitive
+ matchAttrs.put(new BasicAttribute(LdapPasswordStore.PRINCIPAL_NAME, _principal));
+ matchAttrs.put(new BasicAttribute(LdapPasswordStore.KEY));
+ matchAttrs.put(new BasicAttribute(LdapPasswordStore.ENCRYPTION_TYPE));
+ matchAttrs.put(new BasicAttribute(LdapPasswordStore.KEY_VERSION_NUMBER));
+
+ // Search for objects that have those matching attributes
+ NamingEnumeration answer = ctx.search("", matchAttrs, attrIDs);
+
+ if (answer.hasMore()) {
+ SearchResult sr = (SearchResult) answer.next();
+ if (sr != null) {
+ _name = sr.getName();
+ }
+ }
+ }
+}
+
Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/PasswordStore.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/changepw/store/PasswordStore.java Mon Nov 1 23:18:07 2004
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.changepw.store;
+
+import javax.security.auth.kerberos.*;
+
+public interface PasswordStore {
+ public void init();
+ public String changePassword(KerberosPrincipal principal, byte[] key);
+}
+