directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r278599 - in /directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw: protocol/ service/
Date Sun, 04 Sep 2005 15:15:28 GMT
Author: erodriguez
Date: Sun Sep  4 08:15:22 2005
New Revision: 278599

URL: http://svn.apache.org/viewcvs?rev=278599&view=rev
Log:
Added ticket host addresses check to changepw protocol
o  added client address to changepw context
o  added new "changepw.empty.addresses.allowed" option to configuration
o  added passing of client address from MINA to auth header stage via handler

Modified:
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/protocol/ChangePasswordProtocolHandler.java
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordConfiguration.java
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
    directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java

Modified: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/protocol/ChangePasswordProtocolHandler.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/protocol/ChangePasswordProtocolHandler.java?rev=278599&r1=278598&r2=278599&view=diff
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/protocol/ChangePasswordProtocolHandler.java
(original)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/protocol/ChangePasswordProtocolHandler.java
Sun Sep  4 08:15:22 2005
@@ -17,6 +17,9 @@
 
 package org.apache.changepw.protocol;
 
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+
 import org.apache.changepw.messages.ChangePasswordRequest;
 import org.apache.changepw.service.ChangePasswordChain;
 import org.apache.changepw.service.ChangePasswordConfiguration;
@@ -91,6 +94,7 @@
             log.debug( session.getRemoteAddress() + " RCVD: " + message );
         }
 
+        InetAddress clientAddress = ( (InetSocketAddress) session.getRemoteAddress() ).getAddress();
         ChangePasswordRequest request = (ChangePasswordRequest) message;
 
         try
@@ -98,6 +102,7 @@
             ChangePasswordContext changepwContext = new ChangePasswordContext();
             changepwContext.setConfig( config );
             changepwContext.setStore( store );
+            changepwContext.setClientAddress( clientAddress );
             changepwContext.setRequest( request );
 
             changepwService.execute( changepwContext );

Modified: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordConfiguration.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordConfiguration.java?rev=278599&r1=278598&r2=278599&view=diff
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordConfiguration.java
(original)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordConfiguration.java
Sun Sep  4 08:15:22 2005
@@ -144,6 +144,18 @@
         return new KerberosPrincipal( CHANGEPW_DEFAULT_PRINCIPAL );
     }
 
+    public boolean isEmptyAddressesAllowed()
+    {
+        String key = "changepw.empty.addresses.allowed";
+
+        if ( properties.containsKey( key ) )
+        {
+            return "true".equalsIgnoreCase( properties.getProperty( key ) );
+        }
+
+        return true;
+    }
+
     private void prepareEncryptionTypes()
     {
         String[] encryptionTypeStrings = null;

Modified: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java?rev=278599&r1=278598&r2=278599&view=diff
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
(original)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/ChangePasswordContext.java
Sun Sep  4 08:15:22 2005
@@ -16,6 +16,8 @@
  */
 package org.apache.changepw.service;
 
+import java.net.InetAddress;
+
 import org.apache.changepw.messages.AbstractPasswordMessage;
 import org.apache.kerberos.chain.impl.ContextBase;
 import org.apache.kerberos.messages.ApplicationRequest;
@@ -31,6 +33,7 @@
     private PrincipalStore store;
     private AbstractPasswordMessage request;
     private AbstractPasswordMessage reply;
+    private InetAddress clientAddress;
 
     private ApplicationRequest authHeader;
     private Ticket ticket;
@@ -180,5 +183,21 @@
     public void setTicket( Ticket ticket )
     {
         this.ticket = ticket;
+    }
+
+    /**
+     * @return Returns the clientAddress.
+     */
+    public InetAddress getClientAddress()
+    {
+        return clientAddress;
+    }
+
+    /**
+     * @param clientAddress The clientAddress to set.
+     */
+    public void setClientAddress( InetAddress clientAddress )
+    {
+        this.clientAddress = clientAddress;
     }
 }

Modified: directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java?rev=278599&r1=278598&r2=278599&view=diff
==============================================================================
--- directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
(original)
+++ directory/protocol-providers/changepw/trunk/src/java/org/apache/changepw/service/VerifyServiceTicketAuthHeader.java
Sun Sep  4 08:15:22 2005
@@ -16,6 +16,8 @@
  */
 package org.apache.changepw.service;
 
+import java.net.InetAddress;
+
 import org.apache.kerberos.chain.Context;
 import org.apache.kerberos.messages.ApplicationRequest;
 import org.apache.kerberos.messages.components.Authenticator;
@@ -37,9 +39,11 @@
         EncryptionKey serverKey = changepwContext.getServerEntry().getEncryptionKey();
         long clockSkew = changepwContext.getConfig().getClockSkew();
         ReplayCache replayCache = changepwContext.getReplayCache();
+        boolean emptyAddressesAllowed = changepwContext.getConfig().isEmptyAddressesAllowed();
+        InetAddress clientAddress = changepwContext.getClientAddress();
 
-        Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew,
-                replayCache );
+        Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew,
replayCache,
+                emptyAddressesAllowed, clientAddress );
 
         changepwContext.setAuthenticator( authenticator );
 



Mime
View raw message