Return-Path: Delivered-To: apmail-incubator-directory-cvs-archive@www.apache.org Received: (qmail 72960 invoked from network); 12 Mar 2005 20:27:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 12 Mar 2005 20:27:51 -0000 Received: (qmail 51901 invoked by uid 500); 12 Mar 2005 20:27:50 -0000 Delivered-To: apmail-incubator-directory-cvs-archive@incubator.apache.org Received: (qmail 51860 invoked by uid 500); 12 Mar 2005 20:27:50 -0000 Mailing-List: contact directory-cvs-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: directory-dev@incubator.apache.org Delivered-To: mailing list directory-cvs@incubator.apache.org Received: (qmail 51846 invoked by uid 99); 12 Mar 2005 20:27:50 -0000 X-ASF-Spam-Status: No, hits=-9.8 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from minotaur.apache.org (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Sat, 12 Mar 2005 12:27:49 -0800 Received: (qmail 72937 invoked by uid 65534); 12 Mar 2005 20:27:48 -0000 Message-ID: <20050312202748.72936.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Mailer: svnmailer-1.0.0-dev Date: Sat, 12 Mar 2005 20:27:48 -0000 Subject: svn commit: r157276 - in incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/changepw: protocol/ChangePasswordProtocolHandler.java protocol/ChangePasswordProtocolProvider.java service/ChangePasswordServiceImpl.java store/ To: directory-cvs@incubator.apache.org From: erodriguez@apache.org X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Author: erodriguez Date: Sat Mar 12 12:27:45 2005 New Revision: 157276 URL: http://svn.apache.org/viewcvs?view=3Drev&rev=3D157276 Log: Moved PasswordStore interface to kerberos-store component. Removed: incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/store/ Modified: incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/protocol/ChangePasswordProtocolHandler.java incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/protocol/ChangePasswordProtocolProvider.java incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/service/ChangePasswordServiceImpl.java Modified: incubator/directory/protocols/changepw/trunk/core/src/java/org/ap= ache/changepw/protocol/ChangePasswordProtocolHandler.java URL: http://svn.apache.org/viewcvs/incubator/directory/protocols/changepw/t= runk/core/src/java/org/apache/changepw/protocol/ChangePasswordProtocolHandl= er.java?view=3Ddiff&r1=3D157275&r2=3D157276 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/protocol/ChangePasswordProtocolHandler.java (original) +++ incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/protocol/ChangePasswordProtocolHandler.java Sat Mar 12 12:27:45 2005 @@ -21,9 +21,9 @@ import org.apache.changepw.messages.ChangePasswordReply; import org.apache.changepw.messages.ChangePasswordRequest; import org.apache.changepw.service.ChangePasswordServiceImpl; -import org.apache.changepw.store.PasswordStore; import org.apache.kerberos.kdc.KdcConfiguration; import org.apache.kerberos.kdc.store.PrincipalStore; +import org.apache.kerberos.store.PasswordStore; import org.apache.mina.common.IdleStatus; import org.apache.mina.protocol.ProtocolHandler; import org.apache.mina.protocol.ProtocolSession; @@ -31,17 +31,20 @@ =20 public class ChangePasswordProtocolHandler implements ProtocolHandler { - private PasswordStore store; - private PrincipalStore bootstrap; private KdcConfiguration config; + private PrincipalStore store; + private PasswordStore change; =09 - public ChangePasswordProtocolHandler( PasswordStore store, PrincipalStore= bootstrap, KdcConfiguration config ) +=09 + public ChangePasswordProtocolHandler( KdcConfiguration config, PrincipalS= tore store, + PasswordStore change ) { - this.store =3D store; - this.bootstrap =3D bootstrap; - this.config =3D config; + this.config =3D config; + this.store =3D store; + this.change =3D change; } - +=09 +=09 public void sessionOpened( ProtocolSession session ) { System.out.println( session.getRemoteAddress() + " OPENED" ); @@ -69,7 +72,7 @@ { System.out.println( session.getRemoteAddress() + " RCVD: " + messa= ge ); =20 - ChangePasswordService changepwService =3D new ChangePasswordServic= eImpl( store, bootstrap, config ); + ChangePasswordService changepwService =3D new ChangePasswordServic= eImpl( config, store, change ); =20 try { Modified: incubator/directory/protocols/changepw/trunk/core/src/java/org/ap= ache/changepw/protocol/ChangePasswordProtocolProvider.java URL: http://svn.apache.org/viewcvs/incubator/directory/protocols/changepw/t= runk/core/src/java/org/apache/changepw/protocol/ChangePasswordProtocolProvi= der.java?view=3Ddiff&r1=3D157275&r2=3D157276 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/protocol/ChangePasswordProtocolProvider.java (original) +++ incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/protocol/ChangePasswordProtocolProvider.java Sat Mar 12 12:27:45 20= 05 @@ -17,9 +17,9 @@ =20 package org.apache.changepw.protocol; =20 -import org.apache.changepw.store.PasswordStore; import org.apache.kerberos.kdc.KdcConfiguration; import org.apache.kerberos.kdc.store.PrincipalStore; +import org.apache.kerberos.store.PasswordStore; import org.apache.mina.protocol.ProtocolCodecFactory; import org.apache.mina.protocol.ProtocolDecoder; import org.apache.mina.protocol.ProtocolEncoder; @@ -29,20 +29,9 @@ =20 public class ChangePasswordProtocolProvider implements ProtocolProvider { - private PasswordStore store; - private PrincipalStore bootstrap; - private KdcConfiguration config; -=09 - public ChangePasswordProtocolProvider( PasswordStore store, PrincipalStor= e bootstrap, KdcConfiguration config ) - { - this.store =3D store; - this.bootstrap =3D bootstrap; - this.config =3D config; - } -=09 // Protocol handler is usually a singleton. - private ProtocolHandler HANDLER =3D new ChangePasswordProtocolHandler(= store, bootstrap, config ); - + private ProtocolHandler HANDLER; + =20 // Codec factory is also usually a singleton. private static ProtocolCodecFactory CODEC_FACTORY =3D new ProtocolCode= cFactory() { @@ -58,7 +47,15 @@ return new ChangePasswordDecoder(); } }; - + =20 + =20 + public ChangePasswordProtocolProvider( KdcConfiguration config, Principal= Store store, + PasswordStore change ) + { + HANDLER =3D new ChangePasswordProtocolHandler( config, store, change ); + } +=09 +=09 public ProtocolCodecFactory getCodecFactory() { return CODEC_FACTORY; Modified: incubator/directory/protocols/changepw/trunk/core/src/java/org/ap= ache/changepw/service/ChangePasswordServiceImpl.java URL: http://svn.apache.org/viewcvs/incubator/directory/protocols/changepw/t= runk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.ja= va?view=3Ddiff&r1=3D157275&r2=3D157276 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/service/ChangePasswordServiceImpl.java (original) +++ incubator/directory/protocols/changepw/trunk/core/src/java/org/apache/c= hangepw/service/ChangePasswordServiceImpl.java Sat Mar 12 12:27:45 2005 @@ -29,7 +29,6 @@ import org.apache.changepw.messages.ChangePasswordReply; import org.apache.changepw.messages.ChangePasswordReplyModifier; import org.apache.changepw.messages.ChangePasswordRequest; -import org.apache.changepw.store.PasswordStore; import org.apache.changepw.value.ChangePasswordData; import org.apache.changepw.value.ChangePasswordDataModifier; import org.apache.kerberos.crypto.encryption.EncryptionEngine; @@ -53,6 +52,7 @@ import org.apache.kerberos.messages.value.EncryptedData; import org.apache.kerberos.messages.value.EncryptionKey; import org.apache.kerberos.messages.value.HostAddress; +import org.apache.kerberos.store.PasswordStore; =20 =20 /** @@ -61,26 +61,28 @@ public class ChangePasswordServiceImpl extends KerberosService implements = ChangePasswordService { private KdcConfiguration config; - private PasswordStore store; + private PasswordStore change; =20 - public ChangePasswordServiceImpl( PasswordStore store, PrincipalStore boo= tstrap, KdcConfiguration config ) + public ChangePasswordServiceImpl( KdcConfiguration config, PrincipalStore= store, PasswordStore change ) { - super( config, bootstrap ); + super( config, store ); =20 - this.store =3D store; - this.config =3D config; + this.config =3D config; + this.change =3D change; } =09 - public ChangePasswordReply getReplyFor(ChangePasswordRequest request) + public ChangePasswordReply getReplyFor( ChangePasswordRequest request ) throws KerberosException, IOException { ApplicationRequest authHeader =3D request.getAuthHeader(); =09 Ticket ticket =3D authHeader.getTicket(); =09 - Authenticator authenticator =3D verifyAuthHeader(authHeader, ticket); + System.out.println( "Ticket principal " + ticket.getServerPrincipal() ); =09 - verifyTicket(ticket, config.getChangepwPrincipal()); + Authenticator authenticator =3D verifyAuthHeader( authHeader, ticket ); + =09 + verifyTicket( ticket, config.getChangepwPrincipal() ); =09 // TODO - check ticket is for service authorized to change passwords // ticket.getServerPrincipal().getName().equals(config.getChangepwPrinci= pal().getName())); @@ -93,29 +95,35 @@ // getDecryptedData the request's private message with the subsession key EncryptedData encReqPrivPart =3D request.getPrivateMessage().getEncrypte= dPart(); EncKrbPrivPart privatePart; - try { + try + { EncryptionEngine engine =3D EncryptionEngineFactory.getEncrypt= ionEngineFor( sessionKey ); - - byte[] decPrivPart =3D engine.getDecryptedData(sessionKey, encReqPrivPa= rt); - + =20 + byte[] decPrivPart =3D engine.getDecryptedData( sessionKey, encReqPrivP= art ); + =09 EncKrbPrivPartDecoder privDecoder =3D new EncKrbPrivPartDecoder(); - privatePart =3D privDecoder.decode(decPrivPart); - } catch (KerberosException ke) { + privatePart =3D privDecoder.decode( decPrivPart ); + } + catch (KerberosException ke) + { ke.printStackTrace(); throw ChangePasswordException.KRB5_KPASSWD_AUTHERROR; } =09 ChangePasswordData passwordData =3D null; =09 - if (request.getProtocolVersionNumber() =3D=3D (short)1) { + if ( request.getProtocolVersionNumber() =3D=3D (short)1 ) + { // Use protocol version 0x0001, the legacy Kerberos change password pro= tocol ChangePasswordDataModifier modifier =3D new ChangePasswordDataModifier(= ); - modifier.setNewPassword(privatePart.getUserData()); + modifier.setNewPassword( privatePart.getUserData() ); passwordData =3D modifier.getChangePasswdData(); - } else { + } + else + { // Use protocol version 0xFF80, the backwards-compatible MS protocol ChangePasswordDataDecoder passwordDecoder =3D new ChangePasswordDataDec= oder(); - passwordData =3D passwordDecoder.decodeChangePasswordData(privatePart.g= etUserData()); + passwordData =3D passwordDecoder.decodeChangePasswordData( privatePart.= getUserData() ); } =09 // usec and seq-number must be present per MS but aren't in legacy kpass= wd @@ -123,63 +131,77 @@ // ignore r-address =09 // generate key from password - String password =3D new String(passwordData.getNewPassword()); + String password =3D new String( passwordData.getNewPassword() ); KerberosPrincipal clientPrincipal =3D authenticator.getClientPrincipal(); - KerberosKey newKey =3D new KerberosKey(clientPrincipal, password.toCharA= rray(), "DES"); + KerberosKey newKey =3D new KerberosKey( clientPrincipal, password.toChar= Array(), "DES" ); + =09 + System.out.println( "Got client principal " + clientPrincipal ); + System.out.println( "Got client password " + password ); =09 // store password in database - String principalName =3D store.changePassword(clientPrincipal, newKey.ge= tEncoded()); - System.out.println("Successfully modified principal named " + principalN= ame); + String principalName =3D change.changePassword( clientPrincipal, newKey.= getEncoded() ); + System.out.println( "Successfully modified principal named " + principal= Name ); =09 // begin building reply =09 // create priv message // user-data component is short result code EncKrbPrivPartModifier modifier =3D new EncKrbPrivPartModifier(); - byte[] resultCode =3D {(byte)0x00, (byte)0x00}; - modifier.setUserData(resultCode); + byte[] resultCode =3D { (byte)0x00, (byte)0x00 }; + modifier.setUserData( resultCode ); =09 - modifier.setSenderAddress(new HostAddress(InetAddress.getLocalHost())); + modifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() )= ); EncKrbPrivPart privPart =3D modifier.getEncKrbPrivPart(); =09 + System.out.println( "Sender address " + privPart.getSenderAddress() ); + System.out.println( "Recipient address " + privPart.getRecipientAddress(= ) ); + System.out.println( "Localhost address " + InetAddress.getLocalHost() ); + =09 EncKrbPrivPartEncoder encoder =3D new EncKrbPrivPartEncoder(); - byte[] encodedPrivPart =3D encoder.encode(privPart); + byte[] encodedPrivPart =3D encoder.encode( privPart ); =09 EncryptedData encPrivPart =3D null; - try { + try + { EncryptionEngine engine =3D EncryptionEngineFactory.getEncrypt= ionEngineFor( sessionKey ); - - encPrivPart =3D engine.getEncryptedData(sessionKey, encodedPrivPart); - } catch (KerberosException ke) { + =20 + encPrivPart =3D engine.getEncryptedData( sessionKey, encodedPrivPart ); + } + catch (KerberosException ke) + { ke.printStackTrace(); } - PrivateMessage privateMessage =3D new PrivateMessage(encPrivPart); + =09 + PrivateMessage privateMessage =3D new PrivateMessage( encPrivPart ); =09 // Begin AP_REP generation EncApRepPartModifier encApModifier =3D new EncApRepPartModifier(); - encApModifier.setClientTime(authenticator.getClientTime()); - encApModifier.setClientMicroSecond(authenticator.getClientMicroSecond()); - encApModifier.setSequenceNumber(new Integer(authenticator.getSequenceNum= ber())); - encApModifier.setSubSessionKey(authenticator.getSubSessionKey()); + encApModifier.setClientTime( authenticator.getClientTime() ); + encApModifier.setClientMicroSecond( authenticator.getClientMicroSecond()= ); + encApModifier.setSequenceNumber( new Integer( authenticator.getSequenceN= umber() ) ); + encApModifier.setSubSessionKey( authenticator.getSubSessionKey() ); =09 EncApRepPart repPart =3D encApModifier.getEncApRepPart(); EncApRepPartEncoder repEncoder =3D new EncApRepPartEncoder(); - byte[] encodedRepPart =3D repEncoder.encode(repPart); + byte[] encodedRepPart =3D repEncoder.encode( repPart ); =09 EncryptedData encRepPart =3D null; - try { + try + { EncryptionEngine engine =3D EncryptionEngineFactory.getEncrypt= ionEngineFor( ticket.getSessionKey() ); - - encRepPart =3D engine.getEncryptedData(ticket.getSessionKey(), encodedR= epPart); - } catch (KerberosException ke) { + =20 + encRepPart =3D engine.getEncryptedData( ticket.getSessionKey(), encoded= RepPart ); + } + catch (KerberosException ke) + { ke.printStackTrace(); } - ApplicationReply appReply =3D new ApplicationReply(encRepPart); + ApplicationReply appReply =3D new ApplicationReply( encRepPart ); =09 // return status message value object ChangePasswordReplyModifier replyModifier =3D new ChangePasswordReplyMod= ifier(); - replyModifier.setApplicationReply(appReply); - replyModifier.setPrivateMessage(privateMessage); + replyModifier.setApplicationReply( appReply ); + replyModifier.setPrivateMessage( privateMessage ); =09 return replyModifier.getChangePasswordReply(); }