directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: rev 55216 - in incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc: . jaas store
Date Thu, 21 Oct 2004 10:44:21 GMT
Author: erodriguez
Date: Thu Oct 21 03:44:20 2004
New Revision: 55216

Added:
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/CallbackHandlerBean.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubject.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubjectLogin.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/Krb5Configuration.java
Modified:
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
Log:
Bootstrap classes for initializing KDC login context.

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
Thu Oct 21 03:44:20 2004
@@ -18,30 +18,49 @@
 
 import org.apache.kerberos.crypto.*;
 import org.apache.kerberos.io.encoder.*;
+import org.apache.kerberos.kdc.store.*;
 import org.apache.kerberos.messages.*;
 import org.apache.kerberos.messages.components.*;
 import org.apache.kerberos.messages.value.*;
-import org.apache.kerberos.util.keytab.*;
 
 public class AuthenticationService {
 	
-	private KeyList _keytab;
+	private PrincipalStore _store;
+	private PrincipalStore _bootstrap = new KdcBootstrapStore();
 	
-	public AuthenticationService(KeyList keytab) {
-		_keytab = keytab;
+	public AuthenticationService(PrincipalStore store) {
+		_store = store;
 	}
 	
-	public AuthenticationReply getReplyFor(KdcRequest request) throws KeytabException, KerberosException
{
+	public AuthenticationReply getReplyFor(KdcRequest request) throws KerberosException {
 		
 		Realm realm = request.getRealm();
 		
 		PrincipalName client = request.getCname();
 		client.setRealm(realm);
-		EncryptionKey clientKey = _keytab.getEncryptionKey(client);
+		
+		System.out.println("Client:  " + client.getNameString());
+		PrincipalStoreEntry clientEntry = _bootstrap.getEntry(client);
+		EncryptionKey clientKey;
+		if (clientEntry != null) {
+			clientKey = clientEntry.getEncryptionKey();
+		} else {
+			System.out.println("Going to look up client");
+			clientKey = _store.getEntry(client).getEncryptionKey();
+		}
 		
 		PrincipalName server = request.getSname();
 		server.setRealm(realm);
-		EncryptionKey serverKey = _keytab.getEncryptionKey(server);
+		
+		System.out.println("Server:  " + server.getNameString());
+		PrincipalStoreEntry serverEntry = _bootstrap.getEntry(server);
+		EncryptionKey serverKey;
+		if (serverEntry != null) {
+			serverKey = serverEntry.getEncryptionKey();
+		} else {
+			System.out.println("Going to look up client");
+			serverKey = _store.getEntry(server).getEncryptionKey();
+		}
 		
 		verifyPreAuthentication(request, client);
 		

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
Thu Oct 21 03:44:20 2004
@@ -19,8 +19,8 @@
 import org.apache.kerberos.io.decoder.*;
 import org.apache.kerberos.io.encoder.*;
 import org.apache.kerberos.kdc.replay.*;
+import org.apache.kerberos.kdc.store.*;
 import org.apache.kerberos.messages.*;
-import org.apache.kerberos.util.keytab.*;
 
 import java.io.*;
 
@@ -38,15 +38,15 @@
 	
 	private AuthenticationService _authService;
 	private TicketGrantingService _tgsService;
-	private KeyList _store;
+	private PrincipalStore _store;
 	
-	public KdcDispatcher(KeyList store) {
+	public KdcDispatcher(PrincipalStore store) {
 		_store       = store;
 		_authService = new AuthenticationService(_store);
 		_tgsService  = new TicketGrantingService(_store, replay);
 	}
 	
-	public byte[] dispatch(byte[] requestBytes) throws IOException, KerberosException, KeytabException
{
+	public byte[] dispatch(byte[] requestBytes) throws IOException, KerberosException {
 		
 		ByteArrayInputStream  input  = new ByteArrayInputStream(requestBytes);
 		ByteArrayOutputStream output = new ByteArrayOutputStream();

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
Thu Oct 21 03:44:20 2004
@@ -22,10 +22,10 @@
 import org.apache.kerberos.io.decoder.*;
 import org.apache.kerberos.io.encoder.*;
 import org.apache.kerberos.kdc.replay.*;
+import org.apache.kerberos.kdc.store.*;
 import org.apache.kerberos.messages.*;
 import org.apache.kerberos.messages.components.*;
 import org.apache.kerberos.messages.value.*;
-import org.apache.kerberos.util.keytab.*;
 
 import java.io.*;
 import java.util.*;
@@ -35,15 +35,16 @@
  */
 public class TicketGrantingService {
 	
-	private KeyList     _keytab;
-	private ReplayCache _replayCache;
+	private PrincipalStore _store;
+	private PrincipalStore _bootstrap = new KdcBootstrapStore();
+	private ReplayCache    _replayCache;
 	
-	public TicketGrantingService(KeyList keytab, ReplayCache replay) {
-		_keytab      = keytab;
+	public TicketGrantingService(PrincipalStore store, ReplayCache replay) {
+		_store       = store;
 		_replayCache = replay;
 	}
 	
-	public TicketGrantReply getReplyFor(KdcRequest request) throws KerberosException, IOException,
KeytabException {
+	public TicketGrantReply getReplyFor(KdcRequest request) throws KerberosException, IOException
{
 		
 		System.out.println("Got request from " + request.getCname() + "@" + request.getRealm());
 		
@@ -106,7 +107,7 @@
 	
 	// RFC 1510 A.10.  KRB_AP_REQ verification
 	private Authenticator verifyApReq(ApplicationRequest authHeader, Ticket tgt)
-			throws KerberosException, IOException, KeytabException {
+			throws KerberosException, IOException {
 		
 		if (authHeader.getProtocolVersionNumber() != 5)
 			throw KerberosException.KRB_AP_ERR_BADVERSION;
@@ -122,7 +123,13 @@
 		} else {
 			PrincipalName server = tgt.getServerName();
 			server.setRealm(tgt.getRealm());
-			serverKey = _keytab.getEncryptionKey(server);
+			PrincipalStoreEntry serverEntry = _bootstrap.getEntry(server);
+			if (serverEntry != null) {
+				serverKey = serverEntry.getEncryptionKey();
+			} else {
+				System.out.println("Going to look up client");
+				serverKey = _store.getEntry(server).getEncryptionKey();
+			}
 		}
 		if (serverKey == null) {
 			// TODO - check server key version number, skvno; requires store
@@ -252,8 +259,15 @@
 			PrincipalName server = request.getSname();
 			server.setRealm(request.getRealm());
 			System.out.println(server);
-			serverKey = _keytab.getEncryptionKey(server);
-		} catch (KeytabException ke) {
+			PrincipalStoreEntry serverEntry = _bootstrap.getEntry(server);
+			if (serverEntry != null) {
+				serverKey = serverEntry.getEncryptionKey();
+			} else {
+				System.out.println("Going to look up client");
+				serverKey = _store.getEntry(server).getEncryptionKey();
+			}
+			
+		} catch (KerberosException ke) {
 			/*
 			if (!server) then
 			        if (is_foreign_tgt_name(server)) then

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/CallbackHandlerBean.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/CallbackHandlerBean.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,51 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import java.io.*;
+
+import javax.security.auth.callback.*;
+
+public class CallbackHandlerBean implements CallbackHandler {
+
+	private String _name     = null;
+	private String _password = null;
+
+	public CallbackHandlerBean(String name, String password) {
+		_name     = name;
+		_password = password;
+	}
+
+	public void handle(Callback[] callbacks) throws UnsupportedCallbackException, IOException
{
+		for (int i = 0; i < callbacks.length; i++) {
+			Callback callBack = callbacks[i];
+
+			// Handles username callback.
+			if (callBack instanceof NameCallback) {
+				NameCallback nameCallback = (NameCallback) callBack;
+				nameCallback.setName(_name);
+			// Handles _password callback.
+			} else if (callBack instanceof PasswordCallback) {
+				PasswordCallback passwordCallback = (PasswordCallback) callBack;
+				passwordCallback.setPassword(_password.toCharArray());
+			} else {
+				throw new UnsupportedCallbackException(callBack, "Callback not supported");
+			}
+		}
+	}
+}
+

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubject.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubject.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,24 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import javax.security.auth.*;
+
+public interface KdcSubject {
+	public Subject getSubject();
+}
+

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubjectLogin.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubjectLogin.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,49 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import java.security.*;
+
+import javax.security.auth.*;
+import javax.security.auth.login.*;
+
+public class KdcSubjectLogin implements KdcSubject {
+	
+	private Subject kdcSubject;
+	
+	public KdcSubjectLogin(String principal, String passPhrase) {
+	
+		Security.setProperty("login.configuration.provider",
+					"org.apache.kerberos.kdc.jaas.Krb5Configuration");
+
+			LoginContext lc = null;
+			try {
+				lc = new LoginContext(KdcSubjectLogin.class.getName(),
+						new CallbackHandlerBean(principal, passPhrase));
+				lc.login();
+			} catch (LoginException le) {
+				System.err.println("Authentication attempt failed" + le);
+			}
+			
+			kdcSubject = lc.getSubject();
+		}
+
+	public Subject getSubject() {
+		return kdcSubject;
+	}
+}
+

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/Krb5Configuration.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/Krb5Configuration.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,53 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import java.util.*;
+
+import javax.security.auth.login.*;
+import javax.security.auth.login.AppConfigurationEntry.*;
+
+public class Krb5Configuration extends Configuration {
+
+	private static AppConfigurationEntry[] _configList = new AppConfigurationEntry[1];
+	
+	public Krb5Configuration() {
+		
+		String loginModule = "com.sun.security.auth.module.Krb5LoginModule";
+		LoginModuleControlFlag flag = LoginModuleControlFlag.REQUIRED;
+		Map options = new HashMap();
+		options.put("storeKey", "true");
+		
+		_configList[0] = new AppConfigurationEntry(loginModule, flag, options);
+	}
+
+	/**
+	 * Interface method requiring us to return all the LoginModules we know about.
+	 */
+	public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) {
+		// We will ignore the applicationName, since we want all apps to use Kerberos V5
+		return _configList;
+	}
+
+	/**
+	 * Interface method for reloading the configuration.  We don't need this.
+	 */
+	public void refresh() {
+		// Right now this is a load once scheme and we will not implement the refresh method
+	}
+}
+

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
Thu Oct 21 03:44:20 2004
@@ -23,7 +23,7 @@
  * Attributes types are under 1.3.6.1.4.1.5322.10.1
  * Object classes are under 1.3.6.1.4.1.5322.10.2
  */
-package org.apache.kerberos.kdc.jndi;
+package org.apache.kerberos.kdc.store;
 
 import org.apache.kerberos.messages.value.*;
 

Mime
View raw message