directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: [DIRKRB-227]-Enhance kadmin to support change password for principal. Contributed by Liqi.
Date Fri, 19 Jun 2015 03:57:26 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 0ec0cf78a -> 12be8a29d


[DIRKRB-227]-Enhance kadmin to support change password for principal. Contributed by Liqi.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/12be8a29
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/12be8a29
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/12be8a29

Branch: refs/heads/master
Commit: 12be8a29d5054f2aea699b9a9628f77e4f500876
Parents: 0ec0cf7
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri Jun 19 12:02:41 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri Jun 19 12:02:41 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/admin/Kadmin.java       |  30 ++++
 .../kerby/kerberos/kerb/admin/KadminOption.java |   3 +
 .../kerby/kerberos/tool/kadmin/Kadmin.java      |   3 +
 .../kadmin/executor/ChangePasswordExecutor.java | 140 +++++++++++++++++++
 4 files changed, 176 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/12be8a29/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index 29062f0..ef40dae 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -334,4 +334,34 @@ public class Kadmin {
             throw new KrbException("Failed to get identity!", e);
         }
     }
+
+    public void updatePassword(String principal, String password) throws KrbException {
+        KrbIdentity identity = backend.getIdentity(principal);
+        if (identity != null) {
+            identity.addKeys(generateKeys(identity.getPrincipalName(), password));
+        } else {
+            throw new KrbException("Principal " + principal +
+                "was not found. Please check the input and try again");
+        }
+        backend.updateIdentity(identity);
+    }
+
+    public void updateKey(String principal) throws KrbException {
+        KrbIdentity identity = backend.getIdentity(principal);
+        if (identity != null) {
+            identity.addKeys(generateKeys());
+        } else {
+            throw new KrbException("Principal " + principal +
+                "was not found. Please check the input and try again");
+        }
+        backend.updateIdentity(identity);
+    }
+
+    private List<EncryptionKey> generateKeys() throws KrbException {
+        try {
+            return EncryptionUtil.generateKeys(kdcConfig.getEncryptionTypes());
+        } catch (KrbException e) {
+            throw new KrbException("Failed to create keys", e);
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/12be8a29/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
index 9d9b57e..8f24ac8 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
@@ -30,6 +30,9 @@ public enum KadminOption implements KOption {
     FORCE("-force", "force", KOptionType.NOV),
     KVNO("-kvno", "initial key version number", KOptionType.INT),
     PW("-pw", "password", KOptionType.STR),
+    RANDKEY("-randkey","random key", KOptionType.NOV),
+    KEEPOLD("-keepold", "keep old passowrd", KOptionType.NOV),
+    KEYSALTLIST("-e", "key saltlist", KOptionType.STR),
     K("-k", "keytab file path", KOptionType.STR),
     KEYTAB("-keytab", "keytab file path", KOptionType.STR),
     ;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/12be8a29/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
index fe720bf..d6b73d8 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
@@ -95,6 +95,9 @@ public class Kadmin {
         } else if (command.startsWith("rename_principal") ||
                 command.startsWith("renprinc")) {
             executor = new RenamePrincipalExecutor(backendConfig);
+        } else if (command.startsWith("change_password") ||
+                command.startsWith("cpw")) {
+            executor = new ChangePasswordExecutor(kdcConfig, backendConfig);
         } else if (command.startsWith("get_principal") || command.startsWith("getprinc")
||
                 command.startsWith("Get principal")) {
             executor = new GetPrincipalExcutor(backendConfig);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/12be8a29/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/ChangePasswordExecutor.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/ChangePasswordExecutor.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/ChangePasswordExecutor.java
new file mode 100644
index 0000000..3c8ca4e
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/ChangePasswordExecutor.java
@@ -0,0 +1,140 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.executor;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.tool.kadmin.tool.KadminTool;
+
+import java.io.Console;
+import java.util.Arrays;
+import java.util.Scanner;
+
+public class ChangePasswordExecutor implements KadminCommandExecutor{
+    private static final String USAGE = "Usage: change_password [-randkey] " +
+            "[-keepold] [-e keysaltlist] [-pw password] principal";
+
+    private KdcConfig kdcConfig;
+    private Config backendConfig;
+    private KOptions kOptions;
+    private Kadmin kadmin;
+
+    public ChangePasswordExecutor(KdcConfig kdcCfg, Config backendCfg) {
+        this.kdcConfig=kdcCfg;
+        this.backendConfig = backendCfg;
+        this.kadmin = new Kadmin(kdcConfig, backendConfig);
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split("\\s");
+        String principal = commands[commands.length -1];
+        String password;
+
+        if (commands.length <= 1) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        if (commands.length == 2) {//only principal is given
+            password = getPassword(principal);
+            if(password == null) {
+                System.out.println("Did not get new password successfully. Please try again");
+                return;
+            }
+            try {
+                kadmin.updatePassword(principal, password);
+                System.out.println("Update password success.");
+            } catch (KrbException e) {
+                System.err.println("Fail to update password. " + e.getCause());
+            }
+        } else if (commands.length > 2) {
+            kOptions = KadminTool.parseOptions(commands, 1, commands.length - 2);
+            if (kOptions == null) {
+                System.err.println(USAGE);
+                return;
+            }
+            if (kOptions.contains(KadminOption.PW)){
+                password = kOptions.getStringOption(KadminOption.PW);
+                try {
+                    kadmin.updatePassword(principal, password);
+                    System.out.println("Update password success.");
+                } catch (KrbException e) {
+                    System.err.println("Fail to update password. " + e.getCause());
+                }
+            } else if( kOptions.contains(KadminOption.RANDKEY)){
+                try {
+                    kadmin.updateKey(principal);
+                } catch (KrbException e) {
+                    System.err.println("Fail to update key. " + e.getCause());
+                }
+            }
+        }
+    }
+
+    /**
+     * Get password from console
+     */
+    private String getPassword(String principal) {
+        String passwordOnce;
+        String passwordTwice;
+
+        Console console = System.console();
+        if (console == null) {
+            System.out.println("Couldn't get Console instance, " +
+                    "maybe you're running this from within an IDE. " +
+                    "Use scanner to read password.");
+            Scanner scanner = new Scanner(System.in);
+            passwordOnce = getPassword(scanner,
+                    "Please enter new password  \"" + principal + "\":");
+            passwordTwice = getPassword(scanner,
+                    "Please re-enter password  =\"" + principal + "\":");
+
+        } else {
+            passwordOnce = getPassword(console,
+                    "Please enter new password \"" + principal + "\":");
+            passwordTwice = getPassword(console,
+                    "Please re-enter password \"" + principal + "\":");
+        }
+
+        if (!passwordOnce.equals(passwordTwice)) {
+            System.err.println("change_password: Password mismatch while reading password
for \"" + principal + "\".");
+            return null;
+        }
+        return passwordOnce;
+    }
+
+    private String getPassword(Scanner scanner, String prompt) {
+        System.out.println(prompt);
+        return scanner.nextLine().trim();
+    }
+
+    private String getPassword(Console console, String prompt) {
+        console.printf(prompt);
+        char[] passwordChars = console.readPassword();
+        String password = new String(passwordChars).trim();
+        Arrays.fill(passwordChars, ' ');
+        return password;
+    }
+}


Mime
View raw message