001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.kerberos.shared.store.operations; 021 022 023 import java.util.ArrayList; 024 import java.util.List; 025 026 import javax.security.auth.kerberos.KerberosPrincipal; 027 028 import org.apache.directory.server.core.CoreSession; 029 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute; 030 import org.apache.directory.server.protocol.shared.store.DirectoryServiceOperation; 031 import org.apache.directory.shared.ldap.constants.SchemaConstants; 032 import org.apache.directory.shared.ldap.entry.DefaultServerAttribute; 033 import org.apache.directory.shared.ldap.entry.EntryAttribute; 034 import org.apache.directory.shared.ldap.entry.Modification; 035 import org.apache.directory.shared.ldap.entry.ModificationOperation; 036 import org.apache.directory.shared.ldap.entry.ServerEntry; 037 import org.apache.directory.shared.ldap.entry.ServerModification; 038 import org.apache.directory.shared.ldap.name.DN; 039 import org.apache.directory.shared.ldap.schema.SchemaManager; 040 import org.apache.directory.shared.ldap.util.StringTools; 041 042 043 /** 044 * Command for changing a principal's password in a JNDI context. 045 * 046 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 047 * @version $Rev: 927839 $, $Date: 2010-03-26 14:25:10 +0100 (Fri, 26 Mar 2010) $ 048 */ 049 public class ChangePassword implements DirectoryServiceOperation 050 { 051 private static final long serialVersionUID = -7147685183641418353L; 052 053 /** The Kerberos principal who's password is to be changed. */ 054 protected KerberosPrincipal principal; 055 /** The new password for the update. */ 056 protected String newPassword; 057 058 059 /** 060 * Creates the action to be used against the embedded ApacheDS DIT. 061 * 062 * @param principal The principal to change the password for. 063 * @param newPassword The password to change. 064 */ 065 public ChangePassword( KerberosPrincipal principal, String newPassword ) 066 { 067 this.principal = principal; 068 this.newPassword = newPassword; 069 } 070 071 072 public Object execute( CoreSession session, DN searchBaseDn ) throws Exception 073 { 074 if ( principal == null ) 075 { 076 return null; 077 } 078 079 SchemaManager schemaManager = session.getDirectoryService().getSchemaManager(); 080 081 List<Modification> mods = new ArrayList<Modification>(2); 082 083 EntryAttribute newPasswordAttribute = new DefaultServerAttribute( 084 schemaManager.lookupAttributeTypeRegistry( SchemaConstants.USER_PASSWORD_AT ), StringTools.getBytesUtf8( newPassword ) ); 085 mods.add( new ServerModification( ModificationOperation.REPLACE_ATTRIBUTE, newPasswordAttribute ) ); 086 087 EntryAttribute principalAttribute = new DefaultServerAttribute( 088 schemaManager.lookupAttributeTypeRegistry( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ), principal.getName() ); 089 mods.add( new ServerModification( ModificationOperation.REPLACE_ATTRIBUTE, principalAttribute ) ); 090 091 //FIXME check if keyderivation is necessary 092 093 ServerEntry entry = StoreUtils.findPrincipalEntry( session, searchBaseDn, principal.getName() ); 094 session.modify( entry.getDn(), mods ); 095 096 return entry.getDn().toString(); 097 } 098 }