You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2018/06/28 08:03:21 UTC
directory-kerby git commit: Add change_password in remote admin tool.
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 73356def1 -> d0c9147b8
Add change_password in remote admin tool.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d0c9147b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d0c9147b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d0c9147b
Branch: refs/heads/trunk
Commit: d0c9147b8f02573ce17f02e4fefee17382fce76d
Parents: 73356de
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Jun 28 16:03:11 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Jun 28 16:03:11 2018 +0800
----------------------------------------------------------------------
.../kerby/has/client/HasAuthAdminClient.java | 24 +++++++-
.../kerby/has/server/web/rest/KadminApi.java | 60 ++++++++++++++++++--
.../admin/kadmin/local/LocalKadminImpl.java | 2 +-
.../tool/admin/remote/AdminRemoteTool.java | 8 ++-
4 files changed, 87 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d0c9147b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
----------------------------------------------------------------------
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
index e2d74a6..5ac8622 100644
--- a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
@@ -360,7 +360,29 @@ public class HasAuthAdminClient implements Kadmin {
@Override
public void changePassword(String principal,
String newPassword) throws KrbException {
- throw new KrbException("Unsupported feature");
+ HttpURLConnection httpConn;
+
+ URL url;
+ try {
+ url = new URL(getKadminBaseURL() + "changepassword?principal=" + principal
+ + "&password=" + newPassword);
+ } catch (MalformedURLException e) {
+ throw new KrbException("Failed to create a URL object.", e);
+ }
+
+ httpConn = HasClientUtil.createConnection(hasConfig, url, "POST", true);
+
+ try {
+ httpConn.connect();
+
+ if (httpConn.getResponseCode() == 200) {
+ LOG.info(HasClientUtil.getResponse(httpConn));
+ } else {
+ throw new KrbException(HasClientUtil.getResponse(httpConn));
+ }
+ } catch (IOException e) {
+ throw new KrbException("IO error occurred.", e);
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d0c9147b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
index 10ff6c8..dd9ab8b 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
@@ -52,7 +52,7 @@ public class KadminApi {
@Context
private HttpServletRequest httpRequest;
- /**
+ /**
* export single keytab file
*
* @param principal principal name to export keytab file
@@ -83,7 +83,7 @@ public class KadminApi {
try {
localKadmin.exportKeytab(keytabFile, principal);
return Response.ok(keytabFile).header("Content-Disposition", "attachment; filename="
- + keytabFile.getName()).build();
+ + keytabFile.getName()).build();
} catch (KrbException e) {
msg = "Failed to export keytab. " + e.toString();
WebServer.LOG.error(msg);
@@ -213,7 +213,7 @@ public class KadminApi {
return Response.ok(msg).build();
} catch (Exception e) {
msg = "Failed to rename principal " + oldPrincipal + " to "
- + newPrincipal + ",because: " + e.getMessage();
+ + newPrincipal + ",because: " + e.getMessage();
WebServer.LOG.error(msg);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
@@ -257,7 +257,58 @@ public class KadminApi {
return Response.ok(msg).build();
} catch (Exception e) {
msg = "Failed to delete the principal named " + principal.getValue()
- + ",because : " + e.getMessage();
+ + ",because : " + e.getMessage();
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+ }
+ }
+ return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+ }
+
+ /**
+ * Add principal by name and password.
+ *
+ * @param principal principal name.
+ * @param password principal password
+ * @return Response
+ */
+ @POST
+ @Path("/changepassword")
+ @Produces(MediaType.TEXT_PLAIN)
+ public Response changePassword(@QueryParam(PrincipalParam.NAME) @DefaultValue(PrincipalParam.DEFAULT)
+ final PrincipalParam principal,
+ @QueryParam(PasswordParam.NAME) @DefaultValue(PasswordParam.DEFAULT)
+ final PasswordParam newPassword) {
+ if (httpRequest.isSecure()) {
+ WebServer.LOG.info("Request to add the principal named " + principal.getValue());
+ String msg;
+ LocalKadminImpl localKadmin;
+ HasServer hasServer = WebServer.getHasServerFromContext(context);
+ KdcSetting serverSetting = hasServer.getKdcServer().getKdcSetting();
+ try {
+ localKadmin = new LocalKadminImpl(serverSetting);
+ } catch (KrbException e) {
+ msg = "Failed to create local kadmin." + e.getMessage();
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+ }
+ if (principal.getValue() == null || principal.getValue().isEmpty()) {
+ msg = "Value of principal is null.";
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
+ }
+ if (newPassword.getValue() == null || newPassword.getValue().isEmpty()) {
+ msg = "Value of new password is null.";
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
+ }
+ try {
+ localKadmin.changePassword(principal.getValue(), newPassword.getValue());
+ msg = "Change password successfully.";
+ return Response.ok(msg).build();
+ } catch (KrbException e) {
+ msg = "Failed to change the password of " + principal.getValue()
+ + " , because: " + e.getMessage();
WebServer.LOG.error(msg);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
}
@@ -265,3 +316,4 @@ public class KadminApi {
return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
}
}
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d0c9147b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
index bb914f4..fdc0865 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
@@ -353,7 +353,7 @@ public class LocalKadminImpl implements LocalKadmin {
KrbIdentity identity = backend.getIdentity(principal);
if (identity == null) {
throw new KrbException("Principal " + principal
- + "was not found. Please check the input and try again");
+ + " was not found. Please check the input and try again");
}
List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
getKdcConfig().getEncryptionTypes());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d0c9147b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/remote/AdminRemoteTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/remote/AdminRemoteTool.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/remote/AdminRemoteTool.java
index aa6beca..2022f8c 100644
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/remote/AdminRemoteTool.java
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/remote/AdminRemoteTool.java
@@ -27,6 +27,7 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.tool.admin.remote.cmd.AddPrincipalRemoteCmd;
import org.apache.kerby.kerberos.tool.admin.remote.cmd.AddPrincipalsRemoteCmd;
import org.apache.kerby.kerberos.tool.admin.remote.cmd.AdminRemoteCmd;
+import org.apache.kerby.kerberos.tool.admin.remote.cmd.ChangePasswordRemoteCmd;
import org.apache.kerby.kerberos.tool.admin.remote.cmd.DeletePrincipalRemoteCmd;
import org.apache.kerby.kerberos.tool.admin.remote.cmd.DisableConfRemoteCmd;
import org.apache.kerby.kerberos.tool.admin.remote.cmd.EnableConfRemoteCmd;
@@ -67,6 +68,8 @@ public class AdminRemoteTool {
+ " Delete principal\n"
+ "rename_principal, renprinc\n"
+ " Rename principal\n"
+ + "change_password, cpw\n"
+ + " Change password\n"
+ "list_principals, listprincs\n"
+ " List principals\n"
+ "get_hostroles, hostroles\n"
@@ -106,7 +109,7 @@ public class AdminRemoteTool {
System.out.println("enter \"cmd\" to see legal commands.");
Completer completer = new StringsCompleter("add_principal",
- "delete_principal", "rename_principal", "list_principals",
+ "delete_principal", "rename_principal", "change_password", "list_principals",
"get_hostroles", "export_keytabs", "add_principals", "enable_configure",
"disable_configure");
@@ -154,6 +157,9 @@ public class AdminRemoteTool {
} else if (cmd.equals("rename_principal")
|| cmd.equals("renprinc")) {
executor = new RenamePrincipalRemoteCmd(hasAuthAdminClient);
+ } else if (cmd.equals("change_password")
+ || cmd.startsWith("cpw")) {
+ executor = new ChangePasswordRemoteCmd(hasAuthAdminClient);
} else if (cmd.equals("list_principals")
|| cmd.equals("listprincs")) {
executor = new ListPrincipalsRemoteCmd(hasAuthAdminClient);