1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.kerberos.shared.store.operations;
21
22 import org.apache.directory.server.core.CoreSession;
23 import org.apache.directory.server.core.entry.ServerEntry;
24 import org.apache.directory.server.core.entry.ServerStringValue;
25 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
26 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
27 import org.apache.directory.server.kerberos.shared.io.encoder.EncryptionKeyEncoder;
28 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
29 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
30 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
31 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
32 import org.apache.directory.shared.ldap.constants.SchemaConstants;
33 import org.apache.directory.shared.ldap.entry.Value;
34 import org.apache.directory.shared.ldap.filter.EqualityNode;
35 import org.apache.directory.shared.ldap.filter.ExprNode;
36 import org.apache.directory.shared.ldap.filter.SearchScope;
37 import org.apache.directory.shared.ldap.message.AliasDerefMode;
38 import org.apache.directory.shared.ldap.name.LdapDN;
39 import org.apache.directory.shared.ldap.schema.AttributeType;
40 import org.slf4j.Logger;
41 import org.slf4j.LoggerFactory;
42
43
44
45
46
47
48
49
50 public class StoreUtils
51 {
52 private static final Logger LOG = LoggerFactory.getLogger( StoreUtils.class );
53
54
55
56
57
58
59
60
61
62
63
64
65 public static ServerEntry toServerEntry( CoreSession session, LdapDN dn, PrincipalStoreEntry principalEntry )
66 throws Exception
67 {
68 ServerEntry outAttrs = session.getDirectoryService().newEntry( dn );
69
70
71 outAttrs.add( SchemaConstants.OBJECT_CLASS_AT,
72 SchemaConstants.TOP_OC, SchemaConstants.UID_OBJECT_AT,
73 "uidObject", SchemaConstants.EXTENSIBLE_OBJECT_OC,
74 SchemaConstants.PERSON_OC, SchemaConstants.ORGANIZATIONAL_PERSON_OC,
75 SchemaConstants.INET_ORG_PERSON_OC, SchemaConstants.KRB5_PRINCIPAL_OC,
76 "krb5KDCEntry" );
77
78 outAttrs.add( SchemaConstants.UID_AT, principalEntry.getUserId() );
79 outAttrs.add( KerberosAttribute.APACHE_SAM_TYPE_AT, "7" );
80 outAttrs.add( SchemaConstants.SN_AT, principalEntry.getUserId() );
81 outAttrs.add( SchemaConstants.CN_AT, principalEntry.getCommonName() );
82
83 EncryptionKey encryptionKey = principalEntry.getKeyMap().get( EncryptionType.DES_CBC_MD5 );
84 outAttrs.add( KerberosAttribute.KRB5_KEY_AT, EncryptionKeyEncoder.encode( encryptionKey ) );
85
86 int keyVersion = encryptionKey.getKeyVersion();
87
88 outAttrs.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalEntry.getPrincipal().getName() );
89 outAttrs.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, Integer.toString( keyVersion ) );
90
91 return outAttrs;
92 }
93
94
95
96
97
98
99
100
101
102
103
104 private static ExprNode getFilter( AttributeTypeRegistry registry, String principal ) throws Exception
105 {
106 AttributeType type = registry.lookup( "krb5Principal" );
107 Value<String> value = new ServerStringValue( type, principal );
108 return new EqualityNode<String>( "krb5Principal", value );
109 }
110
111
112
113
114
115
116
117
118
119
120
121 public static ServerEntry findPrincipalEntry( CoreSession session, LdapDN searchBaseDn, String principal )
122 throws Exception
123 {
124 EntryFilteringCursor cursor = null;
125
126 try
127 {
128 AttributeTypeRegistry registry = session.getDirectoryService().getRegistries().getAttributeTypeRegistry();
129 cursor = session.search( searchBaseDn, SearchScope.SUBTREE,
130 getFilter( registry, principal ), AliasDerefMode.DEREF_ALWAYS, null );
131
132 cursor.beforeFirst();
133 if ( cursor.next() )
134 {
135 ServerEntry entry = cursor.get();
136 LOG.debug( "Found entry {} for kerberos principal name {}", entry, principal );
137
138 while ( cursor.next() )
139 {
140 LOG.error( "More than one server entry found for kerberos principal name {}: ",
141 principal, cursor.next() );
142 }
143
144 return entry;
145 }
146 else
147 {
148 LOG.warn( "No server entry found for kerberos principal name {}", principal );
149 return null;
150 }
151 }
152 finally
153 {
154 if ( cursor != null )
155 {
156 cursor.close();
157 }
158 }
159 }
160 }