You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2013/04/20 17:16:47 UTC
svn commit: r1470173 - in /directory/apacheds/trunk/kerberos-client2/src:
main/java/org/apache/directory/kerberos/client/
test/java/org/apache/directory/kerberos/client/
Author: kayyagari
Date: Sat Apr 20 15:16:47 2013
New Revision: 1470173
URL: http://svn.apache.org/r1470173
Log:
o added ChangePasswordResult class for holding the return value and message text sent by the changepassword server
o modified changePassword() method to return a result
Added:
directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java
directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java
Modified:
directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
Added: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java?rev=1470173&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java (added)
+++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java Sat Apr 20 15:16:47 2013
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+/**
+ * The class to hold the result of change password operation.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ChangePasswordResult
+{
+ /** the result code */
+ private ChangePasswordResultCode code;
+
+ /** result message */
+ private String message;
+
+
+ public ChangePasswordResult( byte[] userData )
+ {
+ // first 2 bytes contain the result code ( from 0-7 )
+ int r = ( userData[0] & 0xFF << 8 ) + ( userData[1] & 0xFF );
+
+ code = ChangePasswordResultCode.getByValue( r );
+
+ message = new String( userData, 2, userData.length - 2 );
+ }
+
+
+ public ChangePasswordResultCode getCode()
+ {
+ return code;
+ }
+
+
+ public String getMessage()
+ {
+ return message;
+ }
+
+
+ @Override
+ public String toString()
+ {
+ return "ChangePasswordResult [result=" + code + ", message=" + message + "]";
+ }
+
+}
Added: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java?rev=1470173&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java (added)
+++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java Sat Apr 20 15:16:47 2013
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+/**
+ * The result codes returned by the change password server as defined in the <a href="http://www.ietf.org/rfc/rfc3244.txt">rfc3244</a>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public enum ChangePasswordResultCode
+{
+
+ /** request succeeds (This value is not allowed in a KRB-ERROR message) */
+ KRB5_KPASSWD_SUCCESS(0),
+
+ /** request fails due to being malformed */
+ KRB5_KPASSWD_MALFORMED(1),
+
+ /**
+ * request fails due to "hard" error in processing the request
+ * (for example, there is a resource or other problem causing
+ * the request to fail)
+ */
+ KRB5_KPASSWD_HARDERROR(2),
+
+ /** request fails due to an error in authentication processing */
+ KRB5_KPASSWD_AUTHERROR(3),
+
+ /** request fails due to a "soft" error in processing the request */
+ KRB5_KPASSWD_SOFTERROR(4),
+
+ /** requestor not authorized */
+ KRB5_KPASSWD_ACCESSDENIED(5),
+
+ /** protocol version unsupported */
+ KRB5_KPASSWD_BAD_VERSION(6),
+
+ /** initial flag required */
+ KRB5_KPASSWD_INITIAL_FLAG_NEEDED(7),
+
+ /** 0xFFFF(65535) is returned if the request fails for some other reason */
+ OTHER(0xFFFF);
+
+ private int val;
+
+
+ private ChangePasswordResultCode( int val )
+ {
+ this.val = val;
+ }
+
+
+ public int getVal()
+ {
+ return val;
+ }
+
+
+ public static ChangePasswordResultCode getByValue( int code )
+ {
+ switch ( code )
+ {
+ case 0: return KRB5_KPASSWD_SUCCESS;
+
+ case 1: return KRB5_KPASSWD_MALFORMED;
+
+ case 2: return KRB5_KPASSWD_HARDERROR;
+
+ case 3: return KRB5_KPASSWD_AUTHERROR;
+
+ case 4: return KRB5_KPASSWD_SOFTERROR;
+
+ case 5: return KRB5_KPASSWD_ACCESSDENIED;
+
+ case 6: return KRB5_KPASSWD_BAD_VERSION;
+
+ case 7: return KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
+
+ case 0xFFFF: return OTHER;
+
+ default: throw new IllegalArgumentException( "Unknown result code " + code );
+ }
+ }
+
+
+ @Override
+ public String toString()
+ {
+ return super.toString() + "(" + getVal() + ")";
+ }
+
+}
Modified: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1470173&r1=1470172&r2=1470173&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java (original)
+++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java Sat Apr 20 15:16:47 2013
@@ -35,7 +35,6 @@ import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.api.asn1.Asn1Object;
-import org.apache.directory.api.asn1.DecoderException;
import org.apache.directory.api.asn1.ber.Asn1Decoder;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
@@ -44,6 +43,7 @@ import org.apache.directory.server.kerbe
import org.apache.directory.server.kerberos.changepwd.io.ChangePasswordEncoder;
import org.apache.directory.server.kerberos.changepwd.messages.AbstractPasswordMessage;
import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordError;
+import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordReply;
import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordRequest;
import org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder;
import org.apache.directory.server.kerberos.protocol.codec.KerberosEncoder;
@@ -59,6 +59,7 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.codec.types.PaDataType;
import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
+import org.apache.directory.shared.kerberos.components.EncKrbPrivPart;
import org.apache.directory.shared.kerberos.components.EncryptedData;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.directory.shared.kerberos.components.HostAddress;
@@ -69,11 +70,13 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.components.PrincipalName;
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.messages.ApRep;
import org.apache.directory.shared.kerberos.messages.ApReq;
import org.apache.directory.shared.kerberos.messages.AsRep;
import org.apache.directory.shared.kerberos.messages.AsReq;
import org.apache.directory.shared.kerberos.messages.Authenticator;
import org.apache.directory.shared.kerberos.messages.ChangePasswdData;
+import org.apache.directory.shared.kerberos.messages.EncApRepPart;
import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
import org.apache.directory.shared.kerberos.messages.EncTgsRepPart;
import org.apache.directory.shared.kerberos.messages.KerberosMessage;
@@ -580,7 +583,7 @@ public class KdcConnection
}
- public void changePassword( String clientPrincipal, String oldPassword, String newPassword, String host, int port, boolean isUdp ) throws ChangePasswordException
+ public ChangePasswordResult changePassword( String clientPrincipal, String oldPassword, String newPassword, String host, int port, boolean isUdp ) throws ChangePasswordException
{
KerberosChannel channel = null;
@@ -634,6 +637,20 @@ public class KdcConnection
throw new ChangePasswordException( err.getResultCode(), err.getResultString() );
}
+
+ ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) reply;
+ ApRep chngApRep = chngPwdReply.getApplicationReply();
+ byte[] apRepData = cipherTextHandler.decrypt( tgt.getSessionKey(), chngApRep.getEncPart(), KeyUsage.AP_REP_ENC_PART_SESS_KEY );
+
+ EncApRepPart encApRepPart = KerberosDecoder.decodeEncApRepPart( apRepData );
+
+ KrbPriv replyPriv = chngPwdReply.getPrivateMessage();
+ byte[] data = cipherTextHandler.decrypt( encApRepPart.getSubkey(), replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
+ EncKrbPrivPart part = KerberosDecoder.decodeEncKrbPrivPart( data );
+
+ ChangePasswordResult result = new ChangePasswordResult( part.getUserData() );
+
+ return result;
}
catch( ChangePasswordException e )
{
Modified: directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java?rev=1470173&r1=1470172&r2=1470173&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java (original)
+++ directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java Sat Apr 20 15:16:47 2013
@@ -46,7 +46,7 @@ import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
-
+import static org.apache.directory.kerberos.client.ChangePasswordResultCode.*;
@RunWith(FrameworkRunner.class)
@CreateDS(name = "KerberosTcpIT-class", enableChangeLog = false,
@@ -216,7 +216,9 @@ public class KdcConnectionTest extends A
String newPassword = "newPassword";
int port = kdcServer.getChangePwdServer().getTcpPort();
- conn.changePassword( principalName, userPassword, newPassword, "localhost", port, false );
+ ChangePasswordResult result = conn.changePassword( principalName, userPassword, newPassword, "localhost", port, false );
+ assertNotNull( result );
+ assertTrue( KRB5_KPASSWD_SUCCESS.getVal() == result.getCode().getVal() );
try
{
@@ -225,6 +227,7 @@ public class KdcConnectionTest extends A
}
catch( KerberosException e )
{
+ e.printStackTrace();
}
TgTicket tgt = conn.getTgt( principalName, newPassword );