Author: erodriguez
Date: Wed Mar 16 22:03:39 2005
New Revision: 157907
URL: http://svn.apache.org/viewcvs?view=rev&rev=157907
Log:
More store consolidation.
Added:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/ChangePasswordActionImpl.java
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseFactory.java
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseNormalizer.java
Added:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/ChangePasswordActionImpl.java
URL:
http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/ChangePasswordActionImpl.java?view=auto&rev=157907
==============================================================================
---
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/ChangePasswordActionImpl.java
(added)
+++
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/ChangePasswordActionImpl.java
Wed Mar 16 22:03:39 2005
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.store;
+
+import javax.naming.Name;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.LdapContext;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+/**
+ * Encapsulates the action of changing a principal's password in an embedded
ApacheDS DIT.
+ *
+ * @author <a href="mailto:[email protected]";>Apache Directory
Project</a>
+ * @version $Rev$
+ */
+public class ChangePasswordActionImpl implements PasswordStore
+{
+ /** a handle on the top initial context: get new context from this */
+ protected LdapContext ctx;
+ /** the search base relative to provider URL to use for reading entries */
+ protected Name searchBaseDn;
+
+ /**
+ * Creates the action to be used against the embedded ApacheDS DIT.
+ */
+ public ChangePasswordActionImpl( LdapContext ctx, Name searchBaseDn )
+ {
+ this.ctx = ctx;
+ this.searchBaseDn = searchBaseDn;
+ }
+
+ public String changePassword( KerberosPrincipal principal, byte[] key )
+ {
+ if ( principal == null )
+ {
+ return null;
+ }
+
+ ModificationItem[] mods = new ModificationItem[ 1 ];
+ Attribute newKeyAttribute = new BasicAttribute( "krb5key", key );
+ mods[0] = new ModificationItem( DirContext.REPLACE_ATTRIBUTE,
newKeyAttribute );
+
+ String dn = null;
+
+ try
+ {
+ System.out.println( "Searching for " + principal );
+ dn = search( principal.getName() );
+ System.out.println( "Modifying dn " + dn );
+ Name base = SearchBaseNormalizer.getName( dn, ctx );
+ ctx.modifyAttributes( base, mods );
+ }
+ catch (NamingException e)
+ {
+ e.printStackTrace();
+ }
+
+ return dn;
+ }
+
+ private String search( String principal ) throws NamingException
+ {
+ String[] attrIDs = { KerberosAttribute.PRINCIPAL,
KerberosAttribute.VERSION,
+ KerberosAttribute.TYPE, KerberosAttribute.KEY };
+
+ Attributes matchAttrs = new BasicAttributes(false); //
case-sensitive
+ matchAttrs.put( new BasicAttribute(
KerberosAttribute.PRINCIPAL, principal ) );
+
+ // Search for objects that have those matching attributes
+ NamingEnumeration answer = ctx.search( "ou=Users", matchAttrs,
attrIDs );
+
+ if ( answer.hasMore() )
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ if (sr != null)
+ {
+ return sr.getName();
+ }
+ }
+
+ return null;
+ }
+}
+
Added:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseFactory.java
URL:
http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseFactory.java?view=auto&rev=157907
==============================================================================
---
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseFactory.java
(added)
+++
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseFactory.java
Wed Mar 16 22:03:39 2005
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.store;
+
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.Name;
+import javax.naming.NamingException;
+import javax.naming.ldap.LdapContext;
+
+import org.apache.ldap.common.name.LdapName;
+import org.apache.ldap.common.util.NestableRuntimeException;
+
+
+public class SearchBaseFactory
+{
+ /**
+ * The key of the property specifying where Kerberos users are stored. If
this
+ * property is not set the store defaults to performing a subtree search
+ * from the DN in the [EMAIL PROTECTED] Context#PROVIDER_URL}. If it is
present a more
+ * efficient search is conducted on the more specific DN.
+ */
+ public static final String KDC_ENTRY_BASEDN_KEY = "kdc.entry.basedn";
+
+
+ public static Name getName( Hashtable env, LdapContext ctx )
+ {
+ Name searchBaseDn = null;
+
+ // get the search base if it has been set
------------------------------
+ if ( env.containsKey( KDC_ENTRY_BASEDN_KEY ) )
+ {
+ try
+ {
+ LdapName ctxRoot = new LdapName( ctx.getNameInNamespace() );
+
+ searchBaseDn = new LdapName( ( String ) env.get(
KDC_ENTRY_BASEDN_KEY ) );
+
+ if ( searchBaseDn.startsWith( ctxRoot ) )
+ {
+ for ( int ii = 0; ii < ctxRoot.size(); ii++ )
+ {
+ searchBaseDn.remove( 0 );
+ }
+ }
+ else
+ {
+ String msg = "Failed to create initial context for
ApacheDS provider";
+
+ throw new IllegalArgumentException( msg );
+ }
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to find search base for ApacheDS store";
+
+ throw new NestableRuntimeException( msg, e );
+ }
+ }
+
+ return searchBaseDn;
+ }
+}
+
Added:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseNormalizer.java
URL:
http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseNormalizer.java?view=auto&rev=157907
==============================================================================
---
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseNormalizer.java
(added)
+++
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/SearchBaseNormalizer.java
Wed Mar 16 22:03:39 2005
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.store;
+
+import javax.naming.Name;
+import javax.naming.NamingException;
+import javax.naming.ldap.LdapContext;
+
+import org.apache.ldap.common.name.LdapName;
+import org.apache.ldap.common.util.NestableRuntimeException;
+
+
+public class SearchBaseNormalizer
+{
+ public static Name getName( String baseDn, LdapContext ctx )
+ {
+ Name searchBaseDn = null;
+
+ try
+ {
+ LdapName ctxRoot = new LdapName( ctx.getNameInNamespace() );
+
+ searchBaseDn = new LdapName( baseDn );
+
+ if ( searchBaseDn.startsWith( ctxRoot ) )
+ {
+ for ( int ii = 0; ii < ctxRoot.size(); ii++ )
+ {
+ searchBaseDn.remove( 0 );
+ }
+ }
+ else
+ {
+ String msg = "Failed to create initial context for ApacheDS
provider";
+
+ throw new IllegalArgumentException( msg );
+ }
+ }
+ catch ( NamingException e )
+ {
+ String msg = "Failed to find search base for ApacheDS store";
+
+ throw new NestableRuntimeException( msg, e );
+ }
+
+ return searchBaseDn;
+ }
+}
+
