1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.protocol.shared.kerberos;
21
22
23 import java.nio.ByteBuffer;
24
25 import org.apache.directory.api.ldap.model.constants.Loggers;
26 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
27 import org.apache.directory.api.ldap.model.cursor.Cursor;
28 import org.apache.directory.api.ldap.model.entry.Entry;
29 import org.apache.directory.api.ldap.model.entry.Value;
30 import org.apache.directory.api.ldap.model.filter.EqualityNode;
31 import org.apache.directory.api.ldap.model.filter.ExprNode;
32 import org.apache.directory.api.ldap.model.message.AliasDerefMode;
33 import org.apache.directory.api.ldap.model.message.SearchScope;
34 import org.apache.directory.api.ldap.model.name.Dn;
35 import org.apache.directory.api.ldap.model.schema.AttributeType;
36 import org.apache.directory.api.ldap.model.schema.SchemaManager;
37 import org.apache.directory.server.core.api.CoreSession;
38 import org.apache.directory.server.i18n.I18n;
39 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
40 import org.apache.directory.shared.kerberos.KerberosAttribute;
41 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
42 import org.apache.directory.shared.kerberos.components.EncryptionKey;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
45
46
47
48
49
50
51
52 public final class StoreUtils
53 {
54
55 private static final Logger LOG = LoggerFactory.getLogger( StoreUtils.class );
56 private static final Logger LOG_KRB = LoggerFactory.getLogger( Loggers.KERBEROS_LOG.getName() );
57
58
59 private StoreUtils()
60 {
61 }
62
63
64
65
66
67
68
69
70
71
72
73
74 public static Entry toServerEntry( CoreSession session, Dn dn, PrincipalStoreEntry principalEntry )
75 throws Exception
76 {
77 Entry outAttrs = session.getDirectoryService().newEntry( dn );
78
79
80 outAttrs.add( SchemaConstants.OBJECT_CLASS_AT,
81 SchemaConstants.TOP_OC, SchemaConstants.UID_OBJECT_AT,
82 "uidObject", SchemaConstants.EXTENSIBLE_OBJECT_OC,
83 SchemaConstants.PERSON_OC, SchemaConstants.ORGANIZATIONAL_PERSON_OC,
84 SchemaConstants.INET_ORG_PERSON_OC, SchemaConstants.KRB5_PRINCIPAL_OC,
85 "krb5KDCEntry" );
86
87 outAttrs.add( SchemaConstants.UID_AT, principalEntry.getUserId() );
88 outAttrs.add( KerberosAttribute.APACHE_SAM_TYPE_AT, "7" );
89 outAttrs.add( SchemaConstants.SN_AT, principalEntry.getUserId() );
90 outAttrs.add( SchemaConstants.CN_AT, principalEntry.getCommonName() );
91
92 EncryptionKey encryptionKey = principalEntry.getKeyMap().get( EncryptionType.DES_CBC_MD5 );
93
94 ByteBuffer buffer = ByteBuffer.allocate( encryptionKey.computeLength() );
95 outAttrs.add( KerberosAttribute.KRB5_KEY_AT, encryptionKey.encode( buffer ).array() );
96
97 int keyVersion = encryptionKey.getKeyVersion();
98
99 outAttrs.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalEntry.getPrincipal().toString() );
100 outAttrs.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, Integer.toString( keyVersion ) );
101
102 return outAttrs;
103 }
104
105
106
107
108
109
110
111
112
113
114
115 private static ExprNode getFilter( SchemaManager schemaManager, String principal ) throws Exception
116 {
117 AttributeType type = schemaManager.lookupAttributeTypeRegistry( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT );
118 Value value = new Value( type, principal );
119
120 return new EqualityNode<String>( type, value );
121 }
122
123
124
125
126
127
128
129
130
131
132
133 public static Entry findPrincipalEntry( CoreSession session, Dn searchBaseDn, String principal )
134 throws Exception
135 {
136 Cursor<Entry> cursor = null;
137
138 try
139 {
140 SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
141 cursor = session
142 .search( searchBaseDn, SearchScope.SUBTREE,
143 getFilter( schemaManager, principal ), AliasDerefMode.DEREF_ALWAYS,
144 SchemaConstants.ALL_USER_ATTRIBUTES );
145
146 cursor.beforeFirst();
147
148 if ( cursor.next() )
149 {
150 Entry entry = cursor.get();
151 LOG.debug( "Found entry {} for kerberos principal name {}", entry.getDn(), principal );
152 LOG_KRB.debug( "Found entry {} for kerberos principal name {}", entry.getDn(), principal );
153
154 while ( cursor.next() )
155 {
156 LOG.error( I18n.err( I18n.ERR_149, principal, cursor.next() ) );
157 }
158
159 return entry;
160 }
161 else
162 {
163 LOG.warn( "No server entry found for kerberos principal name {}", principal );
164 LOG_KRB.warn( "No server entry found for kerberos principal name {}", principal );
165
166 return null;
167 }
168 }
169 finally
170 {
171 if ( cursor != null )
172 {
173 cursor.close();
174 }
175 }
176 }
177 }