directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r263879 - /directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/
Date Sun, 28 Aug 2005 14:26:58 GMT
Author: erodriguez
Date: Sun Aug 28 07:26:49 2005
New Revision: 263879

URL: http://svn.apache.org/viewcvs?rev=263879&view=rev
Log:
Change Password protocol provider refactored to chain.

Added:
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
  (with props)
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
  (with props)

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,117 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import java.net.InetAddress;
+
+import org.apache.changepw.messages.ChangePasswordReplyModifier;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.io.encoder.EncApRepPartEncoder;
+import org.apache.kerberos.io.encoder.EncKrbPrivPartEncoder;
+import org.apache.kerberos.messages.application.ApplicationReply;
+import org.apache.kerberos.messages.application.PrivateMessage;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.EncApRepPart;
+import org.apache.kerberos.messages.components.EncApRepPartModifier;
+import org.apache.kerberos.messages.components.EncKrbPrivPart;
+import org.apache.kerberos.messages.components.EncKrbPrivPartModifier;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.HostAddress;
+
+public class BuildReply extends CommandBase
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+        Authenticator authenticator = changepwContext.getAuthenticator();
+        Ticket ticket = changepwContext.getTicket();
+
+        // begin building reply
+
+        // create priv message
+        // user-data component is short result code
+        EncKrbPrivPartModifier modifier = new EncKrbPrivPartModifier();
+        byte[] resultCode = { (byte) 0x00, (byte) 0x00 };
+        modifier.setUserData( resultCode );
+
+        modifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );
+        EncKrbPrivPart privPart = modifier.getEncKrbPrivPart();
+
+        System.out.println( "Sender address " + privPart.getSenderAddress() );
+        System.out.println( "Recipient address " + privPart.getRecipientAddress() );
+        System.out.println( "Localhost address " + InetAddress.getLocalHost() );
+
+        EncKrbPrivPartEncoder encoder = new EncKrbPrivPartEncoder();
+        byte[] encodedPrivPart = encoder.encode( privPart );
+
+        // get the subsession key from the Authenticator
+        EncryptionKey subSessionKey = authenticator.getSubSessionKey();
+
+        EncryptedData encPrivPart = null;
+
+        try
+        {
+            EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( subSessionKey
);
+            encPrivPart = engine.getEncryptedData( subSessionKey, encodedPrivPart );
+        }
+        catch ( KerberosException ke )
+        {
+            ke.printStackTrace();
+        }
+
+        PrivateMessage privateMessage = new PrivateMessage( encPrivPart );
+
+        // Begin AP_REP generation
+        EncApRepPartModifier encApModifier = new EncApRepPartModifier();
+        encApModifier.setClientTime( authenticator.getClientTime() );
+        encApModifier.setClientMicroSecond( authenticator.getClientMicroSecond() );
+        encApModifier.setSequenceNumber( new Integer( authenticator.getSequenceNumber() )
);
+        encApModifier.setSubSessionKey( authenticator.getSubSessionKey() );
+
+        EncApRepPart repPart = encApModifier.getEncApRepPart();
+        EncApRepPartEncoder repEncoder = new EncApRepPartEncoder();
+        byte[] encodedRepPart = repEncoder.encode( repPart );
+
+        EncryptedData encRepPart = null;
+
+        try
+        {
+            EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( ticket.getSessionKey()
);
+            encRepPart = engine.getEncryptedData( ticket.getSessionKey(), encodedRepPart
);
+        }
+        catch ( KerberosException ke )
+        {
+            ke.printStackTrace();
+        }
+        ApplicationReply appReply = new ApplicationReply( encRepPart );
+
+        // return status message value object
+        ChangePasswordReplyModifier replyModifier = new ChangePasswordReplyModifier();
+        replyModifier.setApplicationReply( appReply );
+        replyModifier.setPrivateMessage( privateMessage );
+
+        changepwContext.setReply( replyModifier.getChangePasswordReply() );
+
+        return STOP_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/BuildReply.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,46 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.kerberos.chain.impl.ChainBase;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Kerberos Change Password and Set Password Protocols (RFC 3244)
+ */
+public class ChangePasswordChain extends ChainBase
+{
+    /** the logger for this class */
+    private static final Logger log = LoggerFactory.getLogger( ChangePasswordChain.class
);
+
+    public ChangePasswordChain()
+    {
+        super();
+        log.debug( "Change password processing begun" );
+        addCommand( new ChangePasswordExceptionHandler() );
+        //addCommand( new MonitorRequest() );
+        addCommand( new ConfigureChangePasswordChain() );
+        addCommand( new GetAuthHeader() );
+        addCommand( new VerifyServiceTicket() );
+        addCommand( new GetServerEntry() );
+        addCommand( new VerifyServiceTicketAuthHeader() );
+        addCommand( new ProcessPasswordChange() );
+        addCommand( new BuildReply() );
+        //addCommand( new MonitorReply() );
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordChain.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,184 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.AbstractPasswordMessage;
+import org.apache.kerberos.chain.impl.ContextBase;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.replay.ReplayCache;
+import org.apache.kerberos.store.PrincipalStore;
+import org.apache.kerberos.store.PrincipalStoreEntry;
+
+public class ChangePasswordContext extends ContextBase
+{
+    private ChangePasswordConfiguration config;
+    private PrincipalStore store;
+    private AbstractPasswordMessage request;
+    private AbstractPasswordMessage reply;
+
+    private ApplicationRequest authHeader;
+    private Ticket ticket;
+    private Authenticator authenticator;
+    private PrincipalStoreEntry serverEntry;
+    private ReplayCache replayCache;
+
+    /**
+     * @return Returns the replayCache.
+     */
+    public ReplayCache getReplayCache()
+    {
+        return replayCache;
+    }
+
+    /**
+     * @param replayCache The replayCache to set.
+     */
+    public void setReplayCache( ReplayCache replayCache )
+    {
+        this.replayCache = replayCache;
+    }
+
+    /**
+     * @return Returns the serverEntry.
+     */
+    public PrincipalStoreEntry getServerEntry()
+    {
+        return serverEntry;
+    }
+
+    /**
+     * @param serverEntry The serverEntry to set.
+     */
+    public void setServerEntry( PrincipalStoreEntry serverEntry )
+    {
+        this.serverEntry = serverEntry;
+    }
+
+    /**
+     * @return Returns the config.
+     */
+    public ChangePasswordConfiguration getConfig()
+    {
+        return config;
+    }
+
+    /**
+     * @param config The config to set.
+     */
+    public void setConfig( ChangePasswordConfiguration config )
+    {
+        this.config = config;
+    }
+
+    /**
+     * @return Returns the reply.
+     */
+    public AbstractPasswordMessage getReply()
+    {
+        return reply;
+    }
+
+    /**
+     * @param reply The reply to set.
+     */
+    public void setReply( AbstractPasswordMessage reply )
+    {
+        this.reply = reply;
+    }
+
+    /**
+     * @return Returns the request.
+     */
+    public AbstractPasswordMessage getRequest()
+    {
+        return request;
+    }
+
+    /**
+     * @param request The request to set.
+     */
+    public void setRequest( AbstractPasswordMessage request )
+    {
+        this.request = request;
+    }
+
+    /**
+     * @return Returns the store.
+     */
+    public PrincipalStore getStore()
+    {
+        return store;
+    }
+
+    /**
+     * @param store The store to set.
+     */
+    public void setStore( PrincipalStore store )
+    {
+        this.store = store;
+    }
+
+    /**
+     * @return Returns the authenticator.
+     */
+    public Authenticator getAuthenticator()
+    {
+        return authenticator;
+    }
+
+    /**
+     * @param authenticator The authenticator to set.
+     */
+    public void setAuthenticator( Authenticator authenticator )
+    {
+        this.authenticator = authenticator;
+    }
+
+    /**
+     * @return Returns the authHeader.
+     */
+    public ApplicationRequest getAuthHeader()
+    {
+        return authHeader;
+    }
+
+    /**
+     * @param authHeader The authHeader to set.
+     */
+    public void setAuthHeader( ApplicationRequest authHeader )
+    {
+        this.authHeader = authHeader;
+    }
+
+    /**
+     * @return Returns the ticket.
+     */
+    public Ticket getTicket()
+    {
+        return ticket;
+    }
+
+    /**
+     * @param ticket The ticket to set.
+     */
+    public void setTicket( Ticket ticket )
+    {
+        this.ticket = ticket;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,54 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordErrorModifier;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.messages.ErrorMessage;
+import org.apache.kerberos.service.ErrorMessageHandler;
+
+public class ChangePasswordExceptionHandler extends ErrorMessageHandler
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        return CONTINUE_CHAIN;
+    }
+
+    public boolean postprocess( Context context, Exception exception )
+    {
+        if ( exception == null )
+        {
+            return CONTINUE_CHAIN;
+        }
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+        ChangePasswordConfiguration config = changepwContext.getConfig();
+        KerberosException ke = (KerberosException) exception;
+
+        System.out.println( "Exception " + exception.getMessage() + " occurred." );
+
+        ErrorMessage errorMessage = getErrorMessage( config.getChangepwPrincipal(), ke );
+
+        ChangePasswordErrorModifier modifier = new ChangePasswordErrorModifier();
+        modifier.setErrorMessage( errorMessage );
+
+        changepwContext.setReply( modifier.getChangePasswordError() );
+
+        return STOP_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordExceptionHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,38 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.replay.InMemoryReplayCache;
+import org.apache.kerberos.replay.ReplayCache;
+
+public class ConfigureChangePasswordChain extends CommandBase
+{
+    private static final ReplayCache replayCache = new InMemoryReplayCache();
+
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Configuring change password chain." );
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+        changepwContext.setReplayCache( replayCache );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ConfigureChangePasswordChain.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,45 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordRequest;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Ticket;
+
+/*
+ * differs from the TGS getAuthHeader by not verifying the presence of TGS_REQ
+ */
+public class GetAuthHeader extends CommandBase
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Extracting authentication header." );
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+        ChangePasswordRequest request = (ChangePasswordRequest) changepwContext.getRequest();
+
+        ApplicationRequest authHeader = request.getAuthHeader();
+        Ticket ticket = authHeader.getTicket();
+
+        changepwContext.setAuthHeader( authHeader );
+        changepwContext.setTicket( ticket );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetAuthHeader.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,42 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.ErrorType;
+import org.apache.kerberos.service.GetPrincipalStoreEntry;
+import org.apache.kerberos.store.PrincipalStore;
+
+public class GetServerEntry extends GetPrincipalStoreEntry
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Getting server entry." );
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+        KerberosPrincipal principal = changepwContext.getTicket().getServerPrincipal();
+        PrincipalStore store = changepwContext.getStore();
+
+        changepwContext.setServerEntry( getEntry( principal, store,
+                ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/GetServerEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,58 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordReply;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.application.ApplicationReply;
+import org.apache.kerberos.messages.application.PrivateMessage;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MonitorReply extends CommandBase
+{
+    /** the log for this class */
+    private static final Logger log = LoggerFactory.getLogger( MonitorReply.class );
+
+    public boolean execute( Context context ) throws Exception
+    {
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+        ChangePasswordReply reply = (ChangePasswordReply) changepwContext.getReply();
+        short authHeaderLength = reply.getAuthHeaderLength();
+        short messageLength = reply.getMessageLength();
+        short versionNumber = reply.getVersionNumber();
+        ApplicationReply appReply = reply.getApplicationReply();
+        PrivateMessage priv = reply.getPrivateMessage();
+
+        if ( log.isDebugEnabled() )
+        {
+            StringBuffer sb = new StringBuffer();
+            sb.append( "Responding to change password request:" );
+            sb.append( "\n\t" + "authHeaderLength " + authHeaderLength );
+            sb.append( "\n\t" + "messageLength    " + messageLength );
+            sb.append( "\n\t" + "versionNumber    " + versionNumber );
+            sb.append( "\n\t" + "appReply         " + appReply );
+            sb.append( "\n\t" + "priv             " + priv );
+
+            log.debug( sb.toString() );
+        }
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorReply.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,69 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.changepw.messages.ChangePasswordRequest;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.replay.ReplayCache;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MonitorRequest extends CommandBase
+{
+    /** the log for this class */
+    private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class );
+
+    public boolean execute( Context context ) throws Exception
+    {
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+        ChangePasswordRequest request = (ChangePasswordRequest) changepwContext.getRequest();
+        short authHeaderLength = request.getAuthHeaderLength();
+        short messageLength = request.getMessageLength();
+        short versionNumber = request.getVersionNumber();
+
+        ApplicationRequest authHeader = changepwContext.getAuthHeader();
+        Ticket ticket = changepwContext.getTicket();
+        EncryptionKey serverKey = changepwContext.getServerEntry().getEncryptionKey();
+        long clockSkew = changepwContext.getConfig().getClockSkew();
+        ReplayCache replayCache = changepwContext.getReplayCache();
+        String principal = changepwContext.getServerEntry().getPrincipal().getName();
+
+        if ( log.isDebugEnabled() )
+        {
+            StringBuffer sb = new StringBuffer();
+            sb.append( "Responding to change password request:" );
+            sb.append( "\n\t" + "authHeaderLength " + authHeaderLength );
+            sb.append( "\n\t" + "messageLength    " + messageLength );
+            sb.append( "\n\t" + "versionNumber    " + versionNumber );
+            sb.append( "\n\t" + "authHeader       " + authHeader );
+            sb.append( "\n\t" + "ticket           " + ticket );
+            sb.append( "\n\t" + "principal        " + principal );
+            sb.append( "\n\t" + "serverKey        " + serverKey );
+            sb.append( "\n\t" + "clockSkew        " + clockSkew );
+            sb.append( "\n\t" + "replayCache      " + replayCache );
+
+            log.debug( sb.toString() );
+        }
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/MonitorRequest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,124 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.changepw.exceptions.ChangePasswordException;
+import org.apache.changepw.exceptions.ErrorType;
+import org.apache.changepw.io.ChangePasswordDataDecoder;
+import org.apache.changepw.messages.ChangePasswordRequest;
+import org.apache.changepw.value.ChangePasswordData;
+import org.apache.changepw.value.ChangePasswordDataModifier;
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.io.decoder.EncKrbPrivPartDecoder;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.EncKrbPrivPart;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.store.PrincipalStore;
+import org.apache.kerberos.store.operations.ChangePassword;
+
+public class ProcessPasswordChange extends CommandBase
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Processing password change." );
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+        ChangePasswordRequest request = (ChangePasswordRequest) changepwContext.getRequest();
+        PrincipalStore store = changepwContext.getStore();
+        Authenticator authenticator = changepwContext.getAuthenticator();
+        Ticket ticket = changepwContext.getTicket();
+
+        System.out.println( "Ticket principal " + ticket.getServerPrincipal() );
+
+        // TODO - check ticket is for service authorized to change passwords
+        // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName()));
+
+        // TODO - check client principal in ticket is authorized to change password
+
+        // get the subsession key from the Authenticator
+        EncryptionKey subSessionKey = authenticator.getSubSessionKey();
+
+        // getDecryptedData the request's private message with the subsession key
+        EncryptedData encReqPrivPart = request.getPrivateMessage().getEncryptedPart();
+        EncKrbPrivPart privatePart;
+        try
+        {
+            EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( subSessionKey
);
+
+            byte[] decPrivPart = engine.getDecryptedData( subSessionKey, encReqPrivPart );
+
+            EncKrbPrivPartDecoder privDecoder = new EncKrbPrivPartDecoder();
+            privatePart = privDecoder.decode( decPrivPart );
+        }
+        catch ( KerberosException ke )
+        {
+            ke.printStackTrace();
+            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_AUTHERROR );
+        }
+
+        ChangePasswordData passwordData = null;
+
+        if ( request.getVersionNumber() == (short) 1 )
+        {
+            // Use protocol version 0x0001, the legacy Kerberos change password protocol
+            ChangePasswordDataModifier modifier = new ChangePasswordDataModifier();
+            modifier.setNewPassword( privatePart.getUserData() );
+            passwordData = modifier.getChangePasswdData();
+        }
+        else
+        {
+            // Use protocol version 0xFF80, the backwards-compatible MS protocol
+            ChangePasswordDataDecoder passwordDecoder = new ChangePasswordDataDecoder();
+            passwordData = passwordDecoder.decodeChangePasswordData( privatePart.getUserData()
);
+        }
+
+        // usec and seq-number must be present per MS but aren't in legacy kpasswd
+        // seq-number must have same value as authenticator
+        // ignore r-address
+
+        // generate key from password
+        String password = new String( passwordData.getPassword() );
+        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
+        KerberosKey newKey = new KerberosKey( clientPrincipal, password.toCharArray(), "DES"
);
+
+        System.out.println( "Got client principal " + clientPrincipal );
+        System.out.println( "Got client password " + password );
+
+        // store password in database
+        try
+        {
+            String principalName = (String) store.execute( new ChangePassword( clientPrincipal,
+                    newKey ) );
+            System.out.println( "Successfully modified principal " + principalName );
+        }
+        catch ( Exception e )
+        {
+            e.printStackTrace();
+        }
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ProcessPasswordChange.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.service.VerifyTicket;
+
+public class VerifyServiceTicket extends VerifyTicket
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Verifying service ticket." );
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+        ChangePasswordConfiguration config = changepwContext.getConfig();
+        Ticket ticket = changepwContext.getTicket();
+        String primaryRealm = config.getPrimaryRealm();
+        KerberosPrincipal changepwPrincipal = config.getChangepwPrincipal();
+
+        verifyTicket( ticket, primaryRealm, changepwPrincipal );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicket.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java?rev=263879&view=auto
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
(added)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
Sun Aug 28 07:26:49 2005
@@ -0,0 +1,48 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.changepw.service;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.replay.ReplayCache;
+import org.apache.kerberos.service.VerifyAuthHeader;
+
+public class VerifyServiceTicketAuthHeader extends VerifyAuthHeader
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Verifying service ticket's authentication header." );
+
+        ChangePasswordContext changepwContext = (ChangePasswordContext) context;
+
+        ApplicationRequest authHeader = changepwContext.getAuthHeader();
+        Ticket ticket = changepwContext.getTicket();
+        EncryptionKey serverKey = changepwContext.getServerEntry().getEncryptionKey();
+        long clockSkew = changepwContext.getConfig().getClockSkew();
+        ReplayCache replayCache = changepwContext.getReplayCache();
+
+        Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew,
+                replayCache );
+
+        changepwContext.setAuthenticator( authenticator );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message