Author: erodriguez
Date: Thu Oct 21 03:44:20 2004
New Revision: 55216
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/CallbackHandlerBean.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubject.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubjectLogin.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/Krb5Configuration.java
Modified:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
Log:
Bootstrap classes for initializing KDC login context.
Modified:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
==============================================================================
---
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
(original)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/AuthenticationService.java
Thu Oct 21 03:44:20 2004
@@ -18,30 +18,49 @@
import org.apache.kerberos.crypto.*;
import org.apache.kerberos.io.encoder.*;
+import org.apache.kerberos.kdc.store.*;
import org.apache.kerberos.messages.*;
import org.apache.kerberos.messages.components.*;
import org.apache.kerberos.messages.value.*;
-import org.apache.kerberos.util.keytab.*;
public class AuthenticationService {
- private KeyList _keytab;
+ private PrincipalStore _store;
+ private PrincipalStore _bootstrap = new KdcBootstrapStore();
- public AuthenticationService(KeyList keytab) {
- _keytab = keytab;
+ public AuthenticationService(PrincipalStore store) {
+ _store = store;
}
- public AuthenticationReply getReplyFor(KdcRequest request) throws
KeytabException, KerberosException {
+ public AuthenticationReply getReplyFor(KdcRequest request) throws
KerberosException {
Realm realm = request.getRealm();
PrincipalName client = request.getCname();
client.setRealm(realm);
- EncryptionKey clientKey = _keytab.getEncryptionKey(client);
+
+ System.out.println("Client: " + client.getNameString());
+ PrincipalStoreEntry clientEntry = _bootstrap.getEntry(client);
+ EncryptionKey clientKey;
+ if (clientEntry != null) {
+ clientKey = clientEntry.getEncryptionKey();
+ } else {
+ System.out.println("Going to look up client");
+ clientKey = _store.getEntry(client).getEncryptionKey();
+ }
PrincipalName server = request.getSname();
server.setRealm(realm);
- EncryptionKey serverKey = _keytab.getEncryptionKey(server);
+
+ System.out.println("Server: " + server.getNameString());
+ PrincipalStoreEntry serverEntry = _bootstrap.getEntry(server);
+ EncryptionKey serverKey;
+ if (serverEntry != null) {
+ serverKey = serverEntry.getEncryptionKey();
+ } else {
+ System.out.println("Going to look up client");
+ serverKey = _store.getEntry(server).getEncryptionKey();
+ }
verifyPreAuthentication(request, client);
Modified:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
==============================================================================
---
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
(original)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/KdcDispatcher.java
Thu Oct 21 03:44:20 2004
@@ -19,8 +19,8 @@
import org.apache.kerberos.io.decoder.*;
import org.apache.kerberos.io.encoder.*;
import org.apache.kerberos.kdc.replay.*;
+import org.apache.kerberos.kdc.store.*;
import org.apache.kerberos.messages.*;
-import org.apache.kerberos.util.keytab.*;
import java.io.*;
@@ -38,15 +38,15 @@
private AuthenticationService _authService;
private TicketGrantingService _tgsService;
- private KeyList _store;
+ private PrincipalStore _store;
- public KdcDispatcher(KeyList store) {
+ public KdcDispatcher(PrincipalStore store) {
_store = store;
_authService = new AuthenticationService(_store);
_tgsService = new TicketGrantingService(_store, replay);
}
- public byte[] dispatch(byte[] requestBytes) throws IOException,
KerberosException, KeytabException {
+ public byte[] dispatch(byte[] requestBytes) throws IOException,
KerberosException {
ByteArrayInputStream input = new
ByteArrayInputStream(requestBytes);
ByteArrayOutputStream output = new ByteArrayOutputStream();
Modified:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
---
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
Thu Oct 21 03:44:20 2004
@@ -22,10 +22,10 @@
import org.apache.kerberos.io.decoder.*;
import org.apache.kerberos.io.encoder.*;
import org.apache.kerberos.kdc.replay.*;
+import org.apache.kerberos.kdc.store.*;
import org.apache.kerberos.messages.*;
import org.apache.kerberos.messages.components.*;
import org.apache.kerberos.messages.value.*;
-import org.apache.kerberos.util.keytab.*;
import java.io.*;
import java.util.*;
@@ -35,15 +35,16 @@
*/
public class TicketGrantingService {
- private KeyList _keytab;
- private ReplayCache _replayCache;
+ private PrincipalStore _store;
+ private PrincipalStore _bootstrap = new KdcBootstrapStore();
+ private ReplayCache _replayCache;
- public TicketGrantingService(KeyList keytab, ReplayCache replay) {
- _keytab = keytab;
+ public TicketGrantingService(PrincipalStore store, ReplayCache replay) {
+ _store = store;
_replayCache = replay;
}
- public TicketGrantReply getReplyFor(KdcRequest request) throws
KerberosException, IOException, KeytabException {
+ public TicketGrantReply getReplyFor(KdcRequest request) throws
KerberosException, IOException {
System.out.println("Got request from " + request.getCname() +
"@" + request.getRealm());
@@ -106,7 +107,7 @@
// RFC 1510 A.10. KRB_AP_REQ verification
private Authenticator verifyApReq(ApplicationRequest authHeader, Ticket
tgt)
- throws KerberosException, IOException, KeytabException {
+ throws KerberosException, IOException {
if (authHeader.getProtocolVersionNumber() != 5)
throw KerberosException.KRB_AP_ERR_BADVERSION;
@@ -122,7 +123,13 @@
} else {
PrincipalName server = tgt.getServerName();
server.setRealm(tgt.getRealm());
- serverKey = _keytab.getEncryptionKey(server);
+ PrincipalStoreEntry serverEntry =
_bootstrap.getEntry(server);
+ if (serverEntry != null) {
+ serverKey = serverEntry.getEncryptionKey();
+ } else {
+ System.out.println("Going to look up client");
+ serverKey =
_store.getEntry(server).getEncryptionKey();
+ }
}
if (serverKey == null) {
// TODO - check server key version number, skvno;
requires store
@@ -252,8 +259,15 @@
PrincipalName server = request.getSname();
server.setRealm(request.getRealm());
System.out.println(server);
- serverKey = _keytab.getEncryptionKey(server);
- } catch (KeytabException ke) {
+ PrincipalStoreEntry serverEntry =
_bootstrap.getEntry(server);
+ if (serverEntry != null) {
+ serverKey = serverEntry.getEncryptionKey();
+ } else {
+ System.out.println("Going to look up client");
+ serverKey =
_store.getEntry(server).getEncryptionKey();
+ }
+
+ } catch (KerberosException ke) {
/*
if (!server) then
if (is_foreign_tgt_name(server)) then
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/CallbackHandlerBean.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/CallbackHandlerBean.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import java.io.*;
+
+import javax.security.auth.callback.*;
+
+public class CallbackHandlerBean implements CallbackHandler {
+
+ private String _name = null;
+ private String _password = null;
+
+ public CallbackHandlerBean(String name, String password) {
+ _name = name;
+ _password = password;
+ }
+
+ public void handle(Callback[] callbacks) throws
UnsupportedCallbackException, IOException {
+ for (int i = 0; i < callbacks.length; i++) {
+ Callback callBack = callbacks[i];
+
+ // Handles username callback.
+ if (callBack instanceof NameCallback) {
+ NameCallback nameCallback = (NameCallback)
callBack;
+ nameCallback.setName(_name);
+ // Handles _password callback.
+ } else if (callBack instanceof PasswordCallback) {
+ PasswordCallback passwordCallback =
(PasswordCallback) callBack;
+
passwordCallback.setPassword(_password.toCharArray());
+ } else {
+ throw new
UnsupportedCallbackException(callBack, "Callback not supported");
+ }
+ }
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubject.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubject.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import javax.security.auth.*;
+
+public interface KdcSubject {
+ public Subject getSubject();
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubjectLogin.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/KdcSubjectLogin.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import java.security.*;
+
+import javax.security.auth.*;
+import javax.security.auth.login.*;
+
+public class KdcSubjectLogin implements KdcSubject {
+
+ private Subject kdcSubject;
+
+ public KdcSubjectLogin(String principal, String passPhrase) {
+
+ Security.setProperty("login.configuration.provider",
+
"org.apache.kerberos.kdc.jaas.Krb5Configuration");
+
+ LoginContext lc = null;
+ try {
+ lc = new
LoginContext(KdcSubjectLogin.class.getName(),
+ new
CallbackHandlerBean(principal, passPhrase));
+ lc.login();
+ } catch (LoginException le) {
+ System.err.println("Authentication attempt
failed" + le);
+ }
+
+ kdcSubject = lc.getSubject();
+ }
+
+ public Subject getSubject() {
+ return kdcSubject;
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/Krb5Configuration.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/jaas/Krb5Configuration.java
Thu Oct 21 03:44:20 2004
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.jaas;
+
+import java.util.*;
+
+import javax.security.auth.login.*;
+import javax.security.auth.login.AppConfigurationEntry.*;
+
+public class Krb5Configuration extends Configuration {
+
+ private static AppConfigurationEntry[] _configList = new
AppConfigurationEntry[1];
+
+ public Krb5Configuration() {
+
+ String loginModule =
"com.sun.security.auth.module.Krb5LoginModule";
+ LoginModuleControlFlag flag = LoginModuleControlFlag.REQUIRED;
+ Map options = new HashMap();
+ options.put("storeKey", "true");
+
+ _configList[0] = new AppConfigurationEntry(loginModule, flag,
options);
+ }
+
+ /**
+ * Interface method requiring us to return all the LoginModules we know
about.
+ */
+ public AppConfigurationEntry[] getAppConfigurationEntry(String
applicationName) {
+ // We will ignore the applicationName, since we want all apps
to use Kerberos V5
+ return _configList;
+ }
+
+ /**
+ * Interface method for reloading the configuration. We don't need
this.
+ */
+ public void refresh() {
+ // Right now this is a load once scheme and we will not
implement the refresh method
+ }
+}
+
Modified:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
==============================================================================
---
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
(original)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/store/KdcSchema.java
Thu Oct 21 03:44:20 2004
@@ -23,7 +23,7 @@
* Attributes types are under 1.3.6.1.4.1.5322.10.1
* Object classes are under 1.3.6.1.4.1.5322.10.2
*/
-package org.apache.kerberos.kdc.jndi;
+package org.apache.kerberos.kdc.store;
import org.apache.kerberos.messages.value.*;
