You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/03/23 02:55:44 UTC
svn commit: r158706 -
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java
Author: erodriguez
Date: Tue Mar 22 17:55:44 2005
New Revision: 158706
URL: http://svn.apache.org/viewcvs?view=rev&rev=158706
Log:
Context operation for changing a principal's password.
Added:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java
Added: directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java
URL: http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java?view=auto&rev=158706
==============================================================================
--- directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java (added)
+++ directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/operations/ChangePassword.java Tue Mar 22 17:55:44 2005
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.store.operations;
+
+import javax.naming.Name;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SearchResult;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.store.ContextOperation;
+import org.apache.kerberos.store.KerberosAttribute;
+import org.apache.ldap.common.name.LdapName;
+import org.apache.ldap.common.util.NestableRuntimeException;
+
+/**
+ * Command for changing a principal's password in a JNDI context.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$
+ */
+public class ChangePassword implements ContextOperation
+{
+ /** The Kerberos principal who's password is to be changed. */
+ protected KerberosPrincipal principal;
+ /** The new key for the update. */
+ protected KerberosKey newKey;
+
+ /**
+ * Creates the action to be used against the embedded ApacheDS DIT.
+ */
+ public ChangePassword( KerberosPrincipal principal, KerberosKey newKey )
+ {
+ this.principal = principal;
+ this.newKey = newKey;
+ }
+
+ public Object execute( DirContext ctx, Name searchBaseDn )
+ {
+ if ( principal == null )
+ {
+ return null;
+ }
+
+ ModificationItem[] mods = new ModificationItem[ 1 ];
+ Attribute newKeyAttribute = new BasicAttribute( "krb5key", newKey.getEncoded() );
+ mods[0] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE, newKeyAttribute );
+
+ String dn = null;
+
+ try
+ {
+ dn = search( ctx, searchBaseDn, principal.getName() );
+ Name rdn = getRelativeName( ctx, dn );
+ ctx.modifyAttributes( rdn, mods );
+ }
+ catch (NamingException e)
+ {
+ e.printStackTrace();
+ return null;
+ }
+
+ return dn;
+ }
+
+ private String search( DirContext ctx, Name searchBaseDn, String principal ) throws NamingException
+ {
+ String[] attrIDs = { KerberosAttribute.PRINCIPAL, KerberosAttribute.VERSION,
+ KerberosAttribute.TYPE, KerberosAttribute.KEY };
+
+ Attributes matchAttrs = new BasicAttributes(false); // case-sensitive
+ matchAttrs.put( new BasicAttribute( KerberosAttribute.PRINCIPAL, principal ) );
+
+ // Search for objects that have those matching attributes
+ NamingEnumeration answer = ctx.search( searchBaseDn, matchAttrs, attrIDs );
+
+ if ( answer.hasMore() )
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ if ( sr != null )
+ {
+ return sr.getName();
+ }
+ }
+
+ return null;
+ }
+
+ private Name getRelativeName( DirContext ctx, String baseDn )
+ {
+ Name searchBaseDn = null;
+
+ try
+ {
+ LdapName ctxRoot = new LdapName( ctx.getNameInNamespace() );
+
+ searchBaseDn = new LdapName( baseDn );
+
+ if ( searchBaseDn.startsWith( ctxRoot ) )
+ {
+ for ( int ii = 0; ii < ctxRoot.size(); ii++ )
+ {
+ searchBaseDn.remove( 0 );
+ }
+ }
+ else
+ {
+ String msg = "Failed to create initial context for ApacheDS provider";
+
+ throw new IllegalArgumentException( msg );
+ }
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to find search base for ApacheDS store";
+
+ throw new NestableRuntimeException( msg, e );
+ }
+
+ return searchBaseDn;
+ }
+}
+