001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.kerberos.changepwd; 021 022 023import java.io.IOException; 024 025import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException; 026import org.apache.directory.api.ldap.model.name.Dn; 027import org.apache.directory.server.kerberos.ChangePasswordConfig; 028import org.apache.directory.server.kerberos.changepwd.protocol.ChangePasswordProtocolHandler; 029import org.apache.directory.server.kerberos.kdc.DirectoryPrincipalStore; 030import org.apache.directory.server.kerberos.shared.replay.ReplayCache; 031import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl; 032import org.apache.directory.server.kerberos.shared.store.PrincipalStore; 033import org.apache.directory.server.protocol.shared.DirectoryBackedService; 034import org.apache.directory.server.protocol.shared.transport.TcpTransport; 035import org.apache.directory.server.protocol.shared.transport.Transport; 036import org.apache.directory.server.protocol.shared.transport.UdpTransport; 037import org.apache.mina.core.service.IoAcceptor; 038import org.apache.mina.transport.socket.DatagramSessionConfig; 039import org.apache.mina.transport.socket.SocketAcceptor; 040import org.slf4j.Logger; 041import org.slf4j.LoggerFactory; 042 043 044/** 045 * Contains the configuration parameters for the Change Password protocol provider. 046 * 047 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 048 */ 049public class ChangePasswordServer extends DirectoryBackedService 050{ 051 /** logger for this class */ 052 private static final Logger LOG = LoggerFactory.getLogger( ChangePasswordServer.class ); 053 054 /** The default change password port. */ 055 private static final int DEFAULT_IP_PORT = 464; 056 057 /** The default change password password policy for password length. */ 058 public static final int DEFAULT_PASSWORD_LENGTH = 6; 059 060 /** The default change password password policy for category count. */ 061 public static final int DEFAULT_CATEGORY_COUNT = 3; 062 063 /** The default change password password policy for token size. */ 064 public static final int DEFAULT_TOKEN_SIZE = 3; 065 066 private ChangePasswordConfig config; 067 068 /** the cache used for storing change password requests */ 069 private ReplayCache replayCache; 070 071 072 /** 073 * Creates a new instance of ChangePasswordConfiguration. 074 */ 075 public ChangePasswordServer() 076 { 077 this( new ChangePasswordConfig() ); 078 } 079 080 081 public ChangePasswordServer( ChangePasswordConfig config ) 082 { 083 this.config = config; 084 } 085 086 087 /** 088 * @throws IOException if we cannot bind to the specified ports 089 */ 090 public void start() throws IOException, LdapInvalidDnException 091 { 092 PrincipalStore store = new DirectoryPrincipalStore( getDirectoryService(), new Dn( this.getSearchBaseDn() ) ); 093 094 LOG.debug( "initializing the changepassword replay cache" ); 095 096 replayCache = new ReplayCacheImpl( config.getAllowableClockSkew() ); 097 098 for ( Transport transport : transports ) 099 { 100 IoAcceptor acceptor = transport.getAcceptor(); 101 102 // Disable the disconnection of the clients on unbind 103 acceptor.setCloseOnDeactivation( false ); 104 105 if ( transport instanceof UdpTransport ) 106 { 107 // Allow the port to be reused even if the socket is in TIME_WAIT state 108 ( ( DatagramSessionConfig ) acceptor.getSessionConfig() ).setReuseAddress( true ); 109 } 110 else 111 { 112 // Allow the port to be reused even if the socket is in TIME_WAIT state 113 ( ( SocketAcceptor ) acceptor ).setReuseAddress( true ); 114 115 // No Nagle's algorithm 116 ( ( SocketAcceptor ) acceptor ).getSessionConfig().setTcpNoDelay( true ); 117 } 118 119 // Set the handler 120 acceptor.setHandler( new ChangePasswordProtocolHandler( this, store ) ); 121 122 // Bind 123 acceptor.bind(); 124 } 125 126 LOG.info( "ChangePassword service started." ); 127 //System.out.println( "ChangePassword service started." ); 128 } 129 130 131 public void stop() 132 { 133 for ( Transport transport : getTransports() ) 134 { 135 IoAcceptor acceptor = transport.getAcceptor(); 136 137 if ( acceptor != null ) 138 { 139 acceptor.dispose(); 140 } 141 } 142 143 replayCache.clear(); 144 145 LOG.info( "ChangePassword service stopped." ); 146 //System.out.println( "ChangePassword service stopped." ); 147 } 148 149 150 /** 151 * @return the replayCache 152 */ 153 public ReplayCache getReplayCache() 154 { 155 return replayCache; 156 } 157 158 159 public ChangePasswordConfig getConfig() 160 { 161 return config; 162 } 163 164 165 public int getTcpPort() 166 { 167 for ( Transport t : getTransports() ) 168 { 169 if ( t instanceof TcpTransport ) 170 { 171 return t.getPort(); 172 } 173 } 174 175 throw new IllegalStateException( "TCP transport is not enabled" ); 176 } 177 178 179 /** 180 * @see Object#toString() 181 */ 182 public String toString() 183 { 184 StringBuilder sb = new StringBuilder(); 185 186 sb.append( "ChangePasswordServer[" ).append( getServiceName() ).append( "], listening on :" ).append( '\n' ); 187 188 if ( getTransports() != null ) 189 { 190 for ( Transport transport : getTransports() ) 191 { 192 sb.append( " " ).append( transport ).append( '\n' ); 193 } 194 } 195 196 return sb.toString(); 197 } 198}