You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2018/01/22 08:11:19 UTC
directory-kerby git commit: Implement change password feature in
hadmin tool.
Repository: directory-kerby
Updated Branches:
refs/heads/has-project f0b7b230d -> d37016227
Implement change password feature in hadmin tool.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d3701622
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d3701622
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d3701622
Branch: refs/heads/has-project
Commit: d3701622748fe6a4c6b71ec1e456e47aacf548de
Parents: f0b7b23
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jan 22 16:07:35 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jan 22 16:07:35 2018 +0800
----------------------------------------------------------------------
.../apache/kerby/has/client/HasAdminClient.java | 11 ++
.../kerby/has/client/HasAuthAdminClient.java | 11 ++
.../org/apache/kerby/has/common/HasAdmin.java | 4 +-
.../kerby/has/server/admin/LocalHasAdmin.java | 31 +++++
.../server/hadmin/local/HadminLocalTool.java | 8 +-
.../hadmin/local/cmd/ChangePasswordCmd.java | 133 +++++++++++++++++++
6 files changed, 195 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d3701622/has/has-client/src/main/java/org/apache/kerby/has/client/HasAdminClient.java
----------------------------------------------------------------------
diff --git a/has/has-client/src/main/java/org/apache/kerby/has/client/HasAdminClient.java b/has/has-client/src/main/java/org/apache/kerby/has/client/HasAdminClient.java
index 7b6457a..f5d40f8 100644
--- a/has/has-client/src/main/java/org/apache/kerby/has/client/HasAdminClient.java
+++ b/has/has-client/src/main/java/org/apache/kerby/has/client/HasAdminClient.java
@@ -259,6 +259,17 @@ public class HasAdminClient implements HasAdmin {
}
@Override
+ public void changePassword(String principal,
+ String newPassword) throws HasException {
+ throw new HasException("Unsupported feature");
+ }
+
+ @Override
+ public void updateKeys(String principal) throws HasException {
+ throw new HasException("Unsupported feature");
+ }
+
+ @Override
public List<String> getPrincipals() throws HasException {
WebResource webResource = getWebResource("admin/getprincipals");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d3701622/has/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
----------------------------------------------------------------------
diff --git a/has/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java b/has/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
index d8523f0..1495745 100644
--- a/has/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
+++ b/has/has-client/src/main/java/org/apache/kerby/has/client/HasAuthAdminClient.java
@@ -466,6 +466,17 @@ public class HasAuthAdminClient extends HasAdminClient {
}
@Override
+ public void changePassword(String principal,
+ String newPassword) throws HasException {
+ throw new HasException("Unsupported feature");
+ }
+
+ @Override
+ public void updateKeys(String principal) throws HasException {
+ throw new HasException("Unsupported feature");
+ }
+
+ @Override
public List<String> getPrincipals() throws HasException {
HttpURLConnection httpConn;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d3701622/has/has-common/src/main/java/org/apache/kerby/has/common/HasAdmin.java
----------------------------------------------------------------------
diff --git a/has/has-common/src/main/java/org/apache/kerby/has/common/HasAdmin.java b/has/has-common/src/main/java/org/apache/kerby/has/common/HasAdmin.java
index 30b1e35..e5751de 100644
--- a/has/has-common/src/main/java/org/apache/kerby/has/common/HasAdmin.java
+++ b/has/has-common/src/main/java/org/apache/kerby/has/common/HasAdmin.java
@@ -113,7 +113,7 @@ public interface HasAdmin {
* @param newPassword The new password
* @throws HasException e
*/
-// void changePassword(String principal, String newPassword) throws HasException;
+ void changePassword(String principal, String newPassword) throws HasException;
/**
* Update the random keys of specified principal.
@@ -121,7 +121,7 @@ public interface HasAdmin {
* @param principal The principal to be updated keys
* @throws HasException e
*/
-// void updateKeys(String principal) throws HasException;
+ void updateKeys(String principal) throws HasException;
/**
* Release any resources associated.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d3701622/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
----------------------------------------------------------------------
diff --git a/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java b/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
index 50644c3..1ce5848 100644
--- a/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
+++ b/has/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHasAdmin.java
@@ -165,6 +165,37 @@ public class LocalHasAdmin implements HasAdmin {
}
@Override
+ public void changePassword(String principal,
+ String newPassword) throws HasException {
+ LocalKadmin kadmin;
+ try {
+ kadmin = new LocalKadminImpl(serverSetting);
+ } catch (KrbException e) {
+ throw new HasException(e);
+ }
+ try {
+ kadmin.changePassword(principal, newPassword);
+ } catch (KrbException e) {
+ throw new HasException(e);
+ }
+ }
+
+ @Override
+ public void updateKeys(String principal) throws HasException {
+ LocalKadmin kadmin;
+ try {
+ kadmin = new LocalKadminImpl(serverSetting);
+ } catch (KrbException e) {
+ throw new HasException(e);
+ }
+ try {
+ kadmin.updateKeys(principal);
+ } catch (KrbException e) {
+ throw new HasException(e);
+ }
+ }
+
+ @Override
public String addPrincByRole(String host, String role) throws HasException {
String result = "";
LocalKadmin kadmin = null;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d3701622/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
index d02129a..abdb543 100644
--- a/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
+++ b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/HadminLocalTool.java
@@ -19,10 +19,12 @@
*/
package org.apache.kerby.has.tool.server.hadmin.local;
+import org.apache.kerby.KOptions;
import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.server.admin.LocalHasAdmin;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.AddPrincipalCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.AddPrincipalsCmd;
+import org.apache.kerby.has.tool.server.hadmin.local.cmd.ChangePasswordCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.DeletePrincipalCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.DisableConfigureCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.EnableConfigureCmd;
@@ -33,7 +35,6 @@ import org.apache.kerby.has.tool.server.hadmin.local.cmd.HadminCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.KeytabAddCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.ListPrincipalsCmd;
import org.apache.kerby.has.tool.server.hadmin.local.cmd.RenamePrincipalCmd;
-import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
import org.apache.kerby.kerberos.tool.kadmin.AuthUtil;
@@ -82,6 +83,8 @@ public class HadminLocalTool {
+ " Delete principal\n"
+ "rename_principal, renprinc\n"
+ " Rename principal\n"
+ + "change_password, cpw\n"
+ + " Change password\n"
+ "get_principal, getprinc\n"
+ " Get principal\n"
+ "list_principals, listprincs\n"
@@ -119,6 +122,9 @@ public class HadminLocalTool {
} else if (cmd.startsWith("rename_principal")
|| cmd.startsWith("renprinc")) {
executor = new RenamePrincipalCmd(hadmin);
+ } else if (cmd.startsWith("change_password")
+ || cmd.startsWith("cpw")) {
+ executor = new ChangePasswordCmd(hadmin);
} else if (cmd.startsWith("list_principals")
|| cmd.startsWith("listprincs")) {
executor = new ListPrincipalsCmd(hadmin);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d3701622/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/ChangePasswordCmd.java
----------------------------------------------------------------------
diff --git a/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/ChangePasswordCmd.java b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/ChangePasswordCmd.java
new file mode 100644
index 0000000..4b9412b
--- /dev/null
+++ b/has/has-tool/has-server-tool/src/main/java/org/apache/kerby/has/tool/server/hadmin/local/cmd/ChangePasswordCmd.java
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.has.tool.server.hadmin.local.cmd;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHasAdmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
+
+import java.io.Console;
+import java.util.Arrays;
+import java.util.Scanner;
+
+public class ChangePasswordCmd extends HadminCmd {
+ private static final String USAGE = "Usage: change_password [-randkey] "
+ + "[-keepold] [-e keysaltlist] [-pw password] principal";
+
+ private KOptions kOptions;
+
+ public ChangePasswordCmd(LocalHasAdmin hadmin) {
+ super(hadmin);
+ }
+
+ @Override
+ public void execute(String[] items) {
+
+ if (items.length < 1) {
+ System.err.println(USAGE);
+ return;
+ }
+ String principal = items[items.length - 1];
+
+ String password;
+
+ if (items.length == 2) { //only principal is given
+ password = getPassword(principal);
+ if (password == null) {
+ System.out.println("Did not get new password successfully. Please try again");
+ return;
+ }
+ try {
+ getHadmin().changePassword(principal, password);
+ System.out.println("Update password success.");
+ } catch (HasException e) {
+ System.err.println("Failed to update password. " + e.getCause());
+ }
+ } else if (items.length > 2) {
+ kOptions = ToolUtil.parseOptions(items, 1, items.length - 2);
+ if (kOptions == null) {
+ System.err.println(USAGE);
+ return;
+ }
+ if (kOptions.contains(KadminOption.PW)) {
+ password = kOptions.getStringOption(KadminOption.PW);
+ try {
+ getHadmin().changePassword(principal, password);
+ System.out.println("Update password success.");
+ } catch (HasException e) {
+ System.err.println("Fail to update password. " + e.getMessage());
+ }
+ } else if (kOptions.contains(KadminOption.RANDKEY)) {
+ try {
+ getHadmin().updateKeys(principal);
+ } catch (HasException e) {
+ System.err.println("Fail to update key. " + e.getMessage());
+ }
+ }
+ }
+ }
+
+ /**
+ * Get password from console
+ */
+ private String getPassword(String principal) {
+ String passwordOnce;
+ String passwordTwice;
+
+ Console console = System.console();
+ if (console == null) {
+ System.out.println("Couldn't get Console instance, "
+ + "maybe you're running this from within an IDE. "
+ + "Use scanner to read password.");
+ Scanner scanner = new Scanner(System.in, "UTF-8");
+ passwordOnce = getPassword(scanner,
+ "Please enter new password \"" + principal + "\":");
+ passwordTwice = getPassword(scanner,
+ "Please re-enter password =\"" + principal + "\":");
+
+ } else {
+ passwordOnce = getPassword(console,
+ "Please enter new password \"" + principal + "\":");
+ passwordTwice = getPassword(console,
+ "Please re-enter password \"" + principal + "\":");
+ }
+
+ if (!passwordOnce.equals(passwordTwice)) {
+ System.err.println("change_password: Password mismatch while reading password for \"" + principal + "\".");
+ return null;
+ }
+ return passwordOnce;
+ }
+
+ private String getPassword(Scanner scanner, String prompt) {
+ System.out.println(prompt);
+ return scanner.nextLine().trim();
+ }
+
+ private String getPassword(Console console, String prompt) {
+ console.printf(prompt);
+ char[] passwordChars = console.readPassword();
+ String password = new String(passwordChars).trim();
+ Arrays.fill(passwordChars, ' ');
+ return password;
+ }
+}