1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.kerberos.kdc;
21
22
23 import java.io.IOException;
24 import java.net.InetSocketAddress;
25 import java.util.HashSet;
26 import java.util.Set;
27
28 import javax.security.auth.kerberos.KerberosPrincipal;
29
30 import org.apache.directory.server.constants.ServerDNConstants;
31 import org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler;
32 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
33 import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
34 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
35 import org.apache.directory.server.protocol.shared.DirectoryBackedService;
36 import org.apache.mina.transport.socket.nio.DatagramAcceptorConfig;
37 import org.apache.mina.transport.socket.nio.SocketAcceptorConfig;
38
39
40
41
42
43
44
45
46
47
48 public class KdcServer extends DirectoryBackedService
49 {
50 private static final long serialVersionUID = 522567370475574165L;
51
52
53 private static final int DEFAULT_IP_PORT = 88;
54
55
56 private static final String DEFAULT_PID = "org.apache.directory.server.kerberos";
57
58
59 private static final String DEFAULT_NAME = "ApacheDS Kerberos Service";
60
61
62 private static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";
63
64
65 private static final String DEFAULT_REALM = "EXAMPLE.COM";
66
67
68 private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * 60000;
69
70
71 private static final String[] DEFAULT_ENCRYPTION_TYPES = new String[]
72 { "des-cbc-md5" };
73
74
75 private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
76
77
78 private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;
79
80
81 private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 60000 * 1440;
82
83
84 private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 60000 * 10080;
85
86
87 private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;
88
89
90 private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;
91
92
93 private static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;
94
95
96 private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;
97
98
99 private static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;
100
101
102 private Set<EncryptionType> encryptionTypes;
103
104
105 private String primaryRealm = DEFAULT_REALM;
106
107
108 private String servicePrincipal = DEFAULT_PRINCIPAL;
109
110
111 private long allowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;
112
113
114 private boolean isPaEncTimestampRequired = DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;
115
116
117 private long maximumTicketLifetime = DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;
118
119
120 private long maximumRenewableLifetime = DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;
121
122
123 private boolean isEmptyAddressesAllowed = DEFAULT_EMPTY_ADDRESSES_ALLOWED;
124
125
126 private boolean isForwardableAllowed = DEFAULT_TGS_FORWARDABLE_ALLOWED;
127
128
129 private boolean isProxiableAllowed = DEFAULT_TGS_PROXIABLE_ALLOWED;
130
131
132 private boolean isPostdatedAllowed = DEFAULT_TGS_POSTDATED_ALLOWED;
133
134
135 private boolean isRenewableAllowed = DEFAULT_TGS_RENEWABLE_ALLOWED;
136
137
138 private boolean isBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM;
139
140
141
142
143
144 public KdcServer()
145 {
146 super.setServiceName( DEFAULT_NAME );
147 super.setIpPort( DEFAULT_IP_PORT );
148 super.setServiceId( DEFAULT_PID );
149 super.setSearchBaseDn( ServerDNConstants.USER_EXAMPLE_COM_DN );
150
151 prepareEncryptionTypes();
152 }
153
154
155
156
157
158
159
160 public long getAllowableClockSkew()
161 {
162 return allowableClockSkew;
163 }
164
165
166
167
168
169 public boolean isEmptyAddressesAllowed()
170 {
171 return isEmptyAddressesAllowed;
172 }
173
174
175
176
177
178 public boolean isForwardableAllowed()
179 {
180 return isForwardableAllowed;
181 }
182
183
184
185
186
187 public boolean isPostdatedAllowed()
188 {
189 return isPostdatedAllowed;
190 }
191
192
193
194
195
196 public boolean isProxiableAllowed()
197 {
198 return isProxiableAllowed;
199 }
200
201
202
203
204
205 public boolean isRenewableAllowed()
206 {
207 return isRenewableAllowed;
208 }
209
210
211
212
213
214 public long getMaximumRenewableLifetime()
215 {
216 return maximumRenewableLifetime;
217 }
218
219
220
221
222
223 public long getMaximumTicketLifetime()
224 {
225 return maximumTicketLifetime;
226 }
227
228
229
230
231
232 public void setAllowableClockSkew( long allowableClockSkew )
233 {
234 this.allowableClockSkew = allowableClockSkew;
235 }
236
237
238
239
240
241
242
243 public void setEncryptionTypes( EncryptionType[] encryptionTypes )
244 {
245 if ( encryptionTypes != null )
246 {
247 this.encryptionTypes.clear();
248
249 for ( EncryptionType encryptionType:encryptionTypes )
250 {
251 this.encryptionTypes.add( encryptionType );
252 }
253 }
254 }
255
256
257
258
259
260
261
262 public void setEncryptionTypes( Set<EncryptionType> encryptionTypes )
263 {
264 this.encryptionTypes = encryptionTypes;
265 }
266
267
268
269
270
271 public void setEmptyAddressesAllowed( boolean isEmptyAddressesAllowed )
272 {
273 this.isEmptyAddressesAllowed = isEmptyAddressesAllowed;
274 }
275
276
277
278
279
280 public void setForwardableAllowed( boolean isForwardableAllowed )
281 {
282 this.isForwardableAllowed = isForwardableAllowed;
283 }
284
285
286
287
288
289 public void setPaEncTimestampRequired( boolean isPaEncTimestampRequired )
290 {
291 this.isPaEncTimestampRequired = isPaEncTimestampRequired;
292 }
293
294
295
296
297
298 public void setPostdatedAllowed( boolean isPostdatedAllowed )
299 {
300 this.isPostdatedAllowed = isPostdatedAllowed;
301 }
302
303
304
305
306
307 public void setProxiableAllowed( boolean isProxiableAllowed )
308 {
309 this.isProxiableAllowed = isProxiableAllowed;
310 }
311
312
313
314
315
316 public void setRenewableAllowed( boolean isRenewableAllowed )
317 {
318 this.isRenewableAllowed = isRenewableAllowed;
319 }
320
321
322
323
324
325 public void setKdcPrincipal( String kdcPrincipal )
326 {
327 this.servicePrincipal = kdcPrincipal;
328 }
329
330
331
332
333
334 public void setMaximumRenewableLifetime( long maximumRenewableLifetime )
335 {
336 this.maximumRenewableLifetime = maximumRenewableLifetime;
337 }
338
339
340
341
342
343 public void setMaximumTicketLifetime( long maximumTicketLifetime )
344 {
345 this.maximumTicketLifetime = maximumTicketLifetime;
346 }
347
348
349
350
351
352 public void setPrimaryRealm( String primaryRealm )
353 {
354 this.primaryRealm = primaryRealm;
355 }
356
357
358
359
360
361
362
363 public String getPrimaryRealm()
364 {
365 return primaryRealm;
366 }
367
368
369
370
371
372
373
374 public KerberosPrincipal getServicePrincipal()
375 {
376 return new KerberosPrincipal( servicePrincipal );
377 }
378
379
380
381
382
383
384
385 public Set<EncryptionType> getEncryptionTypes()
386 {
387 return encryptionTypes;
388 }
389
390
391
392
393
394
395
396 public boolean isPaEncTimestampRequired()
397 {
398 return isPaEncTimestampRequired;
399 }
400
401
402
403
404
405 public boolean isBodyChecksumVerified()
406 {
407 return isBodyChecksumVerified;
408 }
409
410
411
412
413
414 public void setBodyChecksumVerified( boolean isBodyChecksumVerified )
415 {
416 this.isBodyChecksumVerified = isBodyChecksumVerified;
417 }
418
419
420
421
422
423 public void start() throws IOException
424 {
425 PrincipalStore store;
426
427
428
429 store = new DirectoryPrincipalStore( getDirectoryService() );
430
431
432
433
434
435
436
437
438
439
440
441
442
443 if ( getDatagramAcceptor() != null )
444 {
445 DatagramAcceptorConfig udpConfig = new DatagramAcceptorConfig();
446 getDatagramAcceptor().bind( new InetSocketAddress( getIpPort() ), new KerberosProtocolHandler( this, store ), udpConfig );
447 }
448
449 if ( getSocketAcceptor() != null )
450 {
451 SocketAcceptorConfig tcpConfig = new SocketAcceptorConfig();
452 tcpConfig.setDisconnectOnUnbind( false );
453 tcpConfig.setReuseAddress( true );
454 getSocketAcceptor().bind( new InetSocketAddress( getIpPort() ), new KerberosProtocolHandler( this, store ), tcpConfig );
455 }
456 }
457
458
459 public void stop()
460 {
461 if ( getDatagramAcceptor() != null )
462 {
463 getDatagramAcceptor().unbind( new InetSocketAddress( getIpPort() ));
464 }
465 if ( getSocketAcceptor() != null )
466 {
467 getSocketAcceptor().unbind( new InetSocketAddress( getIpPort() ));
468 }
469 }
470
471
472
473
474
475 private void prepareEncryptionTypes()
476 {
477 String[] encryptionTypeStrings = DEFAULT_ENCRYPTION_TYPES;
478
479 encryptionTypes = new HashSet<EncryptionType>();
480
481 for ( String enc : encryptionTypeStrings )
482 {
483 for ( EncryptionType type : EncryptionType.getEncryptionTypes() )
484 {
485 if ( type.getName().equalsIgnoreCase( enc ) )
486 {
487 encryptionTypes.add( type );
488 }
489 }
490 }
491 }
492 }