You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/03/23 02:55:44 UTC

svn commit: r158706 - directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java

Author: erodriguez
Date: Tue Mar 22 17:55:44 2005
New Revision: 158706

URL: http://svn.apache.org/viewcvs?view=rev&rev=158706
Log:
Context operation for changing a principal's password.

Added:
    directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java

Added: directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java
URL: http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java?view=auto&rev=158706
==============================================================================
--- directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java (added)
+++ directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java Tue Mar 22 17:55:44 2005
@@ -0,0 +1,145 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.store.operations;
+
+import javax.naming.Name;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SearchResult;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.store.ContextOperation;
+import org.apache.kerberos.store.KerberosAttribute;
+import org.apache.ldap.common.name.LdapName;
+import org.apache.ldap.common.util.NestableRuntimeException;
+
+/**
+ * Command for changing a principal's password in a JNDI context.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$
+ */
+public class ChangePassword implements ContextOperation
+{
+    /** The Kerberos principal who's password is to be changed. */
+    protected KerberosPrincipal principal;
+    /** The new key for the update. */
+    protected KerberosKey newKey;
+    
+    /**
+     * Creates the action to be used against the embedded ApacheDS DIT.
+     */
+    public ChangePassword( KerberosPrincipal principal, KerberosKey newKey )
+    {
+        this.principal = principal;
+        this.newKey = newKey;
+    }
+    
+    public Object execute( DirContext ctx, Name searchBaseDn )
+	{
+        if ( principal == null )
+        {
+            return null;
+        }
+        
+	    ModificationItem[] mods = new ModificationItem[ 1 ];
+	    Attribute newKeyAttribute = new BasicAttribute( "krb5key", newKey.getEncoded() );
+		mods[0] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, newKeyAttribute );
+		
+		String dn = null;
+		
+		try
+		{
+		    dn = search( ctx, searchBaseDn, principal.getName() );
+		    Name rdn = getRelativeName( ctx, dn );
+		    ctx.modifyAttributes( rdn, mods );
+		}
+		catch (NamingException e)
+		{
+			e.printStackTrace();
+			return null;
+		}
+		
+		return dn;
+	}
+    
+	private String search( DirContext ctx, Name searchBaseDn, String principal ) throws NamingException
+	{
+		String[] attrIDs = { KerberosAttribute.PRINCIPAL, KerberosAttribute.VERSION,
+		        KerberosAttribute.TYPE, KerberosAttribute.KEY };
+
+		Attributes matchAttrs = new BasicAttributes(false); // case-sensitive
+		matchAttrs.put( new BasicAttribute( KerberosAttribute.PRINCIPAL, principal ) );
+		
+		// Search for objects that have those matching attributes
+		NamingEnumeration answer = ctx.search( searchBaseDn, matchAttrs, attrIDs );
+		
+		if ( answer.hasMore() )
+		{
+			SearchResult sr = (SearchResult) answer.next();
+			if ( sr != null )
+			{
+				return sr.getName();
+			}
+		}
+		
+		return null;
+	}
+	
+    private Name getRelativeName( DirContext ctx, String baseDn )
+    {
+        Name searchBaseDn = null;
+        
+        try
+        {
+            LdapName ctxRoot = new LdapName( ctx.getNameInNamespace() );
+
+            searchBaseDn = new LdapName( baseDn );
+            
+            if ( searchBaseDn.startsWith( ctxRoot ) )
+            {
+                for ( int ii = 0; ii < ctxRoot.size(); ii++ )
+                {
+                    searchBaseDn.remove( 0 );
+                }
+            }
+            else
+            {
+                String msg = "Failed to create initial context for ApacheDS provider";
+                
+                throw new IllegalArgumentException( msg );
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to find search base for ApacheDS store";
+            
+            throw new NestableRuntimeException( msg, e );
+        }
+        
+        return searchBaseDn;
+    }
+}
+