diff options
| author | David Boreham <dboreham@redhat.com> | 2005-05-11 21:00:36 +0000 |
|---|---|---|
| committer | David Boreham <dboreham@redhat.com> | 2005-05-11 21:00:36 +0000 |
| commit | 94c15f5b528d8889a540d21513d847b1b36e5046 (patch) | |
| tree | 014bc98174f231abdea6c7d4510b5ebd7d530755 | |
| parent | 67730e723afaf37c3153a1e93e7224e306f155d1 (diff) | |
| download | ds-94c15f5b528d8889a540d21513d847b1b36e5046.tar.gz ds-94c15f5b528d8889a540d21513d847b1b36e5046.tar.xz ds-94c15f5b528d8889a540d21513d847b1b36e5046.zip | |
Patches we apply to apache ds 0.9
| -rw-r--r-- | ldap/servers/ntds/apacheds/apache.diff | 393 | ||||
| -rw-r--r-- | ldap/servers/ntds/apacheds/org/apache/ldap/server/NetAPIPartition.java | 56 | ||||
| -rw-r--r-- | ldap/servers/ntds/apacheds/readme.txt | 18 |
3 files changed, 425 insertions, 42 deletions
diff --git a/ldap/servers/ntds/apacheds/apache.diff b/ldap/servers/ntds/apacheds/apache.diff new file mode 100644 index 00000000..dd7513ff --- /dev/null +++ b/ldap/servers/ntds/apacheds/apache.diff @@ -0,0 +1,393 @@ +Index: apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java +=================================================================== +--- apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java (revision 169374) ++++ apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java (working copy) +@@ -28,16 +28,17 @@ + import javax.naming.ldap.InitialLdapContext; + import javax.naming.ldap.Control; + + import org.apache.ldap.common.exception.LdapConfigurationException; + import org.apache.ldap.common.name.LdapName; + import org.apache.ldap.common.util.PropertiesUtils; + import org.apache.ldap.server.protocol.LdapProtocolProvider; + import org.apache.mina.common.TransportType; ++import org.apache.mina.io.filter.SSLFilter; + import org.apache.mina.registry.Service; + import org.apache.mina.registry.ServiceRegistry; + import org.apache.mina.registry.SimpleServiceRegistry; + import org.apache.kerberos.service.KdcConfiguration; + import org.apache.kerberos.protocol.KerberosProtocolProvider; + import org.apache.kerberos.store.PrincipalStore; + import org.apache.kerberos.store.JndiPrincipalStoreImpl; + +@@ -49,17 +50,17 @@ + * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> + * @version $Rev$ + * @see javax.naming.spi.InitialContextFactory + */ + public class ServerContextFactory extends CoreContextFactory + { + /** the default LDAP port to use */ + private static final int LDAP_PORT = 389; +- ++ private static final int LDAPS_PORT = 636; + private static final ServiceRegistry DEFAULT_MINA_REGISTRY; + + private static Service ldapService; + + private static Service kerberosService; + + private static ServiceRegistry minaRegistry; + +@@ -263,24 +264,61 @@ + + /** + * Starts up the LDAP protocol provider to service LDAP requests + * + * @throws NamingException if there are problems starting the LDAP provider + */ + private void startLdapProtocol() throws NamingException + { +- int port = PropertiesUtils.get( initialEnv, EnvKeys.LDAP_PORT, LDAP_PORT ); ++ int port = 0; ++ ++ boolean useSSL = false; ++ if (initialEnv.containsKey(EnvKeys.LDAPS_ENABLE)) { ++ useSSL = (Boolean.valueOf((String) initialEnv.get(EnvKeys.LDAPS_ENABLE))).booleanValue(); ++ } ++ ++ if (useSSL) ++ { ++ port = PropertiesUtils.get( initialEnv, EnvKeys.LDAPS_PORT, LDAPS_PORT ); ++ } ++ else ++ { ++ port = PropertiesUtils.get( initialEnv, EnvKeys.LDAP_PORT, LDAP_PORT ); ++ } ++ + + Service service = new Service( "ldap", TransportType.SOCKET, new InetSocketAddress( port ) ); + + try + { + minaRegistry.bind( service, new LdapProtocolProvider( ( Hashtable ) initialEnv.clone() ) ); + ++ ++ if ( useSSL) ++ { ++ SSLContextFactory.setKeystore( (String) initialEnv.get(EnvKeys.LDAPS_KEYSTORE_LOCATION) ); ++ if (initialEnv.containsKey( EnvKeys.LDAPS_KEYSTORE_PASSWORD ) && ++ initialEnv.get( EnvKeys.LDAPS_KEYSTORE_PASSWORD ) != null) ++ { ++ String pw = (String)initialEnv.get( EnvKeys.LDAPS_KEYSTORE_PASSWORD ); ++ SSLContextFactory.setKeystorePassword( pw ); ++ } ++ try ++ { ++ SSLFilter sslFilter = new SSLFilter (org.apache.ldap.server.jndi.SSLContextFactory.getInstance(true)); ++ minaRegistry.getIoAcceptor(TransportType.SOCKET).getFilterChain().addLast("sslFilter", sslFilter); ++ ++ } catch (java.security.GeneralSecurityException ge) ++ { ++ throw new NamingException("can't invoke ssl filter"); ++ } ++ } ++ ++ + ldapService = service; + } + catch ( IOException e ) + { + String msg = "Failed to bind the LDAP protocol service to the service registry: " + service; + + LdapConfigurationException lce = new LdapConfigurationException( msg ); + +Index: apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/TrustManagerFactory.java +=================================================================== +--- apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/TrustManagerFactory.java (revision 0) ++++ apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/TrustManagerFactory.java (revision 0) +@@ -0,0 +1,73 @@ ++/* ++ * Copyright 2004 The Apache Software Foundation ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++package org.apache.ldap.server.jndi; ++ ++import java.security.InvalidAlgorithmParameterException; ++import java.security.KeyStore; ++import java.security.KeyStoreException; ++import java.security.cert.CertificateException; ++import java.security.cert.X509Certificate; ++ ++import javax.net.ssl.ManagerFactoryParameters; ++import javax.net.ssl.TrustManager; ++import javax.net.ssl.TrustManagerFactorySpi; ++import javax.net.ssl.X509TrustManager; ++ ++class TrustManagerFactory extends TrustManagerFactorySpi ++{ ++ ++ static final X509TrustManager X509 = new X509TrustManager() ++ { ++ public void checkClientTrusted( X509Certificate[] x509Certificates, ++ String s ) throws CertificateException ++ { ++ } ++ ++ public void checkServerTrusted( X509Certificate[] x509Certificates, ++ String s ) throws CertificateException ++ { ++ } ++ ++ public X509Certificate[] getAcceptedIssuers() ++ { ++ return new X509Certificate[ 0 ]; ++ } ++ }; ++ ++ static final TrustManager[] X509_MANAGERS = new TrustManager[] { X509 }; ++ ++ public TrustManagerFactory() ++ { ++ } ++ ++ protected TrustManager[] engineGetTrustManagers() ++ { ++ return X509_MANAGERS; ++ } ++ ++ protected void engineInit( KeyStore keystore ) throws KeyStoreException ++ { ++ // noop ++ } ++ ++ protected void engineInit( ++ ManagerFactoryParameters managerFactoryParameters ) ++ throws InvalidAlgorithmParameterException ++ { ++ // noop ++ } ++} +Index: apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/SSLContextFactory.java +=================================================================== +--- apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/SSLContextFactory.java (revision 0) ++++ apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/SSLContextFactory.java (revision 0) +@@ -0,0 +1,146 @@ ++/* ++ * Copyright 2004 The Apache Software Foundation ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++package org.apache.ldap.server.jndi; ++ ++import java.io.IOException; ++import java.io.InputStream; ++import java.security.GeneralSecurityException; ++import java.security.KeyStore; ++import java.security.SecureRandom; ++import java.security.Security; ++import javax.net.ssl.KeyManagerFactory; ++import javax.net.ssl.SSLContext; ++ ++class SSLContextFactory ++{ ++ /** ++ * Protocol to use. ++ */ ++ private static final String PROTOCOL = "TLS"; ++ private static String keystore = ""; ++ private static String keystorepassword = null; ++ ++ private static SSLContext serverInstance = null; ++ private static SSLContext clientInstance = null; ++ ++ private static String[] supported = null; ++ ++ static void setKeystore(String kstore) ++ { ++ keystore = kstore; ++ } ++ ++ static void setKeystorePassword(String pw) ++ { ++ keystorepassword = pw; ++ } ++ ++ /** ++ * Get SSLContext singleton. ++ * ++ * @return SSLContext ++ * @throws java.security.GeneralSecurityException ++ * ++ */ ++ public static SSLContext getInstance( boolean server ) ++ throws GeneralSecurityException ++ { ++ SSLContext retInstance = null; ++ if( server ) ++ { ++ if( serverInstance == null ) ++ { ++ synchronized( SSLContextFactory.class ) ++ { ++ if( serverInstance == null ) ++ { ++ try ++ { ++ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); ++ Security.addProvider(new com.sun.crypto.provider.SunJCE()); ++ serverInstance = createServerSSLContext(); ++ } ++ catch( Exception ioe ) ++ { ++ throw new GeneralSecurityException( ++ "Can't create Server SSLContext:" + ioe ); ++ } ++ } ++ } ++ } ++ retInstance = serverInstance; ++ } ++ else ++ { ++ if( clientInstance == null ) ++ { ++ synchronized( SSLContextFactory.class ) ++ { ++ if( clientInstance == null ) ++ { ++ // clientInstance = createClientSSLContext(); ++ } ++ } ++ } ++ retInstance = clientInstance; ++ } ++ return retInstance; ++ } ++ ++ private static SSLContext createServerSSLContext() ++ throws GeneralSecurityException, IOException ++ { ++ // Create keystore ++ KeyStore ks = KeyStore.getInstance( "JKS" ); ++ java.io.FileInputStream in = null; ++ ++ try ++ { ++ in = new java.io.FileInputStream(keystore); ++ ks.load( in, keystorepassword.toCharArray() ); ++ ++ } ++ catch (java.io.IOException e) { ++ throw new IOException("unable to load keystore: " + keystore); ++ } ++ finally ++ { ++ if( in != null ) ++ { ++ try ++ { ++ in.close(); ++ } ++ catch( IOException ignored ) ++ { ++ } ++ } ++ } ++ ++ // Set up key manager factory to use our key store ++ KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" ); ++ kmf.init( ks, keystorepassword.toCharArray() ); ++ ++ // Initialize the SSLContext to work with our key managers. */ ++ SSLContext sslContext = SSLContext.getInstance( PROTOCOL ); ++ ++ sslContext.init( kmf.getKeyManagers(), TrustManagerFactory.X509_MANAGERS, SecureRandom.getInstance("SHA1PRNG") ); ++ ++ return sslContext; ++ } ++ ++} +Index: apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java +=================================================================== +--- apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java (revision 169377) ++++ apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java (working copy) +@@ -90,17 +90,22 @@ + /** key used to disable the networking layer (wire protocol) */ + public static final String DISABLE_PROTOCOL = "server.net.disable.protocol"; + /** key used to hold the MINA registry instance to use rather than creating one */ + public static final String PASSTHRU = "server.net.passthru"; + /** key for port setting for ldap requests beside default 389 */ + public static final String LDAP_PORT = "server.net.ldap.port"; + /** key for port setting for secure ldap requests besides default 636 */ + public static final String LDAPS_PORT = "server.net.ldaps.port"; +- ++ /** key used to enable secure ldap */ ++ public static final String LDAPS_ENABLE = "server.net.ldaps.enable"; ++ /** key for location of keystore used */ ++ public static final String LDAPS_KEYSTORE_LOCATION = "javax.net.ssl.keyStore"; ++ /** key for password of keystore used (if any) */ ++ public static final String LDAPS_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword"; + // ------------------------------------------------------------------------ + // Properties for partition configuration + // ------------------------------------------------------------------------ + + /** a comma separated list of partition names */ + public static final String PARTITIONS = "server.db.partitions"; + /** the envprop key base to the suffix of a partition */ + public static final String SUFFIX = "server.db.partition.suffix."; +Index: apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java +=================================================================== +--- apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java (revision 169377) ++++ apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java (working copy) +@@ -373,18 +373,25 @@ + + attributes.put( "objectClass", "person" ); + + attributes.put( "objectClass", "organizationalPerson" ); + + attributes.put( "objectClass", "inetOrgPerson" ); + + attributes.put( "uid", SystemPartition.ADMIN_UID ); +- +- attributes.put( "userPassword", SystemPartition.ADMIN_PW ); ++ ++ if (initialEnv.containsKey( "server.net.admin.password" )) ++ { ++ attributes.put( "userPassword", (String) initialEnv.get( "server.net.admin.password" ) ); ++ } ++ else ++ { ++ throw new NamingException("ERROR: Admin password not set. Server not starting for security reasons. "); ++ } + + attributes.put( "displayName", "Directory Superuser" ); + + attributes.put( "creatorsName", ADMIN ); + + attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() ); + + attributes.put( "displayName", "Directory Superuser" ); diff --git a/ldap/servers/ntds/apacheds/org/apache/ldap/server/NetAPIPartition.java b/ldap/servers/ntds/apacheds/org/apache/ldap/server/NetAPIPartition.java index e121997c..c4403f2c 100644 --- a/ldap/servers/ntds/apacheds/org/apache/ldap/server/NetAPIPartition.java +++ b/ldap/servers/ntds/apacheds/org/apache/ldap/server/NetAPIPartition.java @@ -149,17 +149,17 @@ public class NetAPIPartition implements ContextPartition { if(name.toString().toLowerCase().startsWith(new String("sAMAccountName").toLowerCase())) { if(user.RetriveUserByAccountName(rdn) == 0) { - if(user.DeleteUser(user.GetAccountName()) == 0) { + if(user.DeleteUser() == 0) { deletedSomthing = true; } } if(group.RetriveGroupByAccountName(rdn) == 0) { - if(group.DeleteGroup(group.GetAccountName()) == 0) { + if(group.DeleteGroup() == 0) { deletedSomthing = true; } } if(localGroup.RetriveLocalGroupByAccountName(rdn) == 0) { - if(localGroup.DeleteLocalGroup(localGroup.GetAccountName()) == 0) { + if(localGroup.DeleteLocalGroup() == 0) { deletedSomthing = true; } } @@ -168,17 +168,17 @@ public class NetAPIPartition implements ContextPartition { (name.toString().toLowerCase().startsWith(new String("GUID").toLowerCase()))) { if(user.RetriveUserBySIDHexStr(rdn) == 0) { - if(user.DeleteUser(user.GetAccountName()) == 0) { + if(user.DeleteUser() == 0) { deletedSomthing = true; } } if(group.RetriveGroupBySIDHexStr(rdn) == 0) { - if(group.DeleteGroup(group.GetAccountName()) == 0) { + if(group.DeleteGroup() == 0) { deletedSomthing = true; } } if(localGroup.RetriveLocalGroupBySIDHexStr(rdn) == 0) { - if(localGroup.DeleteLocalGroup(localGroup.GetAccountName()) == 0) { + if(localGroup.DeleteLocalGroup() == 0) { deletedSomthing = true; } } @@ -230,15 +230,10 @@ public class NetAPIPartition implements ContextPartition { (normName.toString().toLowerCase().startsWith(new String("sAMAccountName").toLowerCase()))) { if(attribute.contains("user")) { - user.NewUser(rdn); - result = user.AddUser(); - if(result != 0) { - throw new NamingException("Failed to add new user: " + normName + " (" + result + ")"); + if(user.NewUser(rdn) != 0) { + throw new NamingException("Failed to add new user: " + normName); } modNTUserAttributes(user, modItems); - if(user.StoreUser() != 0) { - throw new NamingException("Failed to commit modified user information: " + normName); - } } else if(attribute.contains("group")) { attribute = entry.get("groupType"); @@ -247,25 +242,16 @@ public class NetAPIPartition implements ContextPartition { } if(((new Integer((String)attribute.get())).intValue() & GLOBAL_FLAG) == GLOBAL_FLAG) { - group.NewGroup(rdn); - if(group.AddGroup() != 0) { + if(group.NewGroup(rdn) != 0) { throw new NamingException("Failed to add new group: " + normName); } modNTGroupAttributes(group, modItems); - if(group.StoreGroup() != 0) { - throw new NamingException("Failed to commit modified user information: " + normName); - } } else if(((new Integer((String)attribute.get())).intValue() & DOMAINLOCAL_FLAG) == DOMAINLOCAL_FLAG) { - localGroup.NewLocalGroup(rdn); - modNTLocalGroupAttributes(localGroup, modItems); - if(localGroup.AddLocalGroup() != 0) { + if(localGroup.NewLocalGroup(rdn) != 0) { throw new NamingException("Failed add new local group: " + normName); } modNTLocalGroupAttributes(localGroup, modItems); - if(localGroup.StoreLocalGroup() != 0) { - throw new NamingException("Failed to commit modified user information: " + normName); - } } else { throw new NamingException("Unknown group type: " + (Integer)attribute.get()); @@ -342,25 +328,16 @@ public class NetAPIPartition implements ContextPartition { if(name.toString().toLowerCase().startsWith(new String("sAMAccountName").toLowerCase())) { if(user.RetriveUserByAccountName(rdn) == 0) { modNTUserAttributes(user, mods); - if(user.StoreUser() != 0) { - throw new NamingException("Failed to commit modified user information: " + name); - } modifiedSomething = true; } else if(group.RetriveGroupByAccountName(rdn) == 0) { modNTGroupAttributes(group, mods); - if(group.StoreGroup() != 0) { - throw new NamingException("Failed to commit modified group information: " + name); - } modifiedSomething = true; } else if(localGroup.RetriveLocalGroupByAccountName(rdn) == 0) { modNTLocalGroupAttributes(localGroup, mods); - if(localGroup.StoreLocalGroup() != 0) { - throw new NamingException("Failed to commit modified local group information: " + name); - } modifiedSomething = true; } @@ -370,25 +347,16 @@ public class NetAPIPartition implements ContextPartition { if(user.RetriveUserBySIDHexStr(rdn) == 0) { modNTUserAttributes(user, mods); - if(user.StoreUser() != 0) { - throw new NamingException("Failed to commit modified user information: " + name); - } modifiedSomething = true; } else if(group.RetriveGroupBySIDHexStr(rdn) == 0) { modNTGroupAttributes(group, mods); - if(group.StoreGroup() != 0) { - throw new NamingException("Failed to commit modified group information: " + name); - } modifiedSomething = true; } else if(localGroup.RetriveLocalGroupBySIDHexStr(rdn) == 0) { modNTLocalGroupAttributes(localGroup, mods); - if(localGroup.StoreLocalGroup() != 0) { - throw new NamingException("Failed to commit modified local group information: " + name); - } modifiedSomething = true; } @@ -1111,9 +1079,11 @@ public class NetAPIPartition implements ContextPartition { attribute.add(new Long(user.GetLastLogon()).toString()); attributes.put(attribute); + /* attribute = new BasicAttribute("logonHours"); attribute.add(HexStringToByteArray(user.GetLogonHours())); attributes.put(attribute); + */ attribute = new BasicAttribute("maxStorage"); attribute.add(new Long(user.GetMaxStorage()).toString()); @@ -1379,6 +1349,7 @@ public class NetAPIPartition implements ContextPartition { user.SetHomeDirDrive((String)mods[i].getAttribute().get()); } } + /* else if(mods[i].getAttribute().getID().compareToIgnoreCase("logonHours") == 0) { if(mods[i].getModificationOp() == DirContext.ADD_ATTRIBUTE) { user.SetLogonHours(ByteArrayToHexString((byte[])mods[i].getAttribute().get())); @@ -1390,6 +1361,7 @@ public class NetAPIPartition implements ContextPartition { user.SetLogonHours(ByteArrayToHexString((byte[])mods[i].getAttribute().get())); } } + */ else if(mods[i].getAttribute().getID().compareToIgnoreCase("maxStorage") == 0) { if(mods[i].getModificationOp() == DirContext.ADD_ATTRIBUTE) { user.SetMaxStorage(new Long((String)mods[i].getAttribute().get()).longValue()); diff --git a/ldap/servers/ntds/apacheds/readme.txt b/ldap/servers/ntds/apacheds/readme.txt new file mode 100644 index 00000000..42a5646b --- /dev/null +++ b/ldap/servers/ntds/apacheds/readme.txt @@ -0,0 +1,18 @@ +basic instructions for our apacheds: + +for our jar component +# svn co http://svn.apache.org/repos/asf/directory +# cd directory/apacheds/trunk/ +# apply the patch +# maven -D maven.test.skip=true multiproject:install +# cd main/target +# copy apacheds-main-${VER}.jar into component directory + +for our source component: +# svn co http://svn.apache.org/repos/asf/directory +# cd directory/apacheds/ +# cp -R trunk apacheds-${VER} +# zip apacheds-${VER} into apacheds-${VER}-src.zip +# copy apacheds-${VER}-src.zip into component directory + + |