PasswordDBField

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

arlut.csd.ganymede
Class PasswordDBField

java.lang.Object
  |
  +--arlut.csd.ganymede.DBField
        |
        +--arlut.csd.ganymede.PasswordDBField

All Implemented Interfaces:: db_field, pass_field, java.rmi.Remote

public class PasswordDBField
extends DBField
implements pass_field

PasswordDBField is a subclass of DBField for the storage and handling of password fields in the DBStore on the Ganymede server.

The Ganymede client talks to PasswordDBFields through the pass_field RMI interface.

This class differs a bit from most subclasses of DBField in that the normal setValue()/getValue() methods are non-functional. Instead, there are special methods used to set or access password information in crypted and non-crypted forms.

Crypted passwords are stored in the UNIX crypt() format. See the jcrypt class for details on the crypt hashing.

There are no methods provided to allow remote access to password information.. server-side code must locally access the getUNIXCryptText() and getPlainText() methods to get access to the password information. Generally, even in that case, only crypted password information will be available. If this password field was configured to store encrypted passwords by way of its DBObjectBaseField, this password field will never emit() the plaintext to disk. Instead, the crypt()'ed password information will be retained for user authentication. The plaintext of the password may be retained in memory for the purpose of replicating to systems that do not use the UNIX crypt() format for password hashing, but only on a temporary basis, for those passwords whose plaintext was provided to the server during its operation. Basically, it's for custom builder tasks that need to be able to provide the plaintext of a stored password for replication to a system with an incompatible hash format.

See Also:: BaseField.setCrypted(boolean), BaseField.setPlainText(boolean)

Field Summary

private java.lang.String apacheMd5CryptPass
          The complex md5crypt()'ed password, with the magic string used by Apache for their htpasswd file format.

private java.lang.String cryptedPass
          Traditional Unix crypt()'ed pass

(package private) static boolean debug


private java.lang.String lanHash
          Samba LANMAN hash, for Win95 clients

private java.lang.String md5CryptPass
          The complex md5crypt()'ed password, as in OpenBSD, FreeBSD, Linux PAM, etc.

private java.lang.String ntHash
          Samba md4 Unicode hash, for WinNT/2k clients

private java.lang.String uncryptedPass
          Plaintext password..

Fields inherited from class arlut.csd.ganymede.DBField

fieldcode, owner, value

Constructor Summary

(package private) PasswordDBField(arlut.csd.ganymede.DBObject owner, java.io.DataInput in, arlut.csd.ganymede.DBObjectBaseField definition)
          Receive constructor.

(package private) PasswordDBField(arlut.csd.ganymede.DBObject owner, arlut.csd.ganymede.DBObjectBaseField definition)
          No-value constructor.

PasswordDBField(arlut.csd.ganymede.DBObject owner, arlut.csd.ganymede.PasswordDBField field)
          Copy constructor.

Method Summary

boolean allowed(char c)
          Convenience method to identify if a particular character is acceptable in this field.

java.lang.String allowedChars()
          Returns a string containing the list of acceptable characters.

private void clear_stored()
          private helper to clear all stored password information in this field

java.lang.Object clone()


arlut.csd.ganymede.ReturnVal copyFieldTo(arlut.csd.ganymede.PasswordDBField target, boolean local)
          This method copies the current value of this DBField to target.

boolean crypted()
          Returns true if the password stored in this field is hash-crypted.

java.lang.String disallowedChars()
          Returns a string containing the list of forbidden characters for this field.

(package private) void emit(java.io.DataOutput out)
          This method is responsible for writing out the contents of this field to an binary output stream.

(package private) void emitXML(arlut.csd.ganymede.XMLDumpContext dump)
          This method is used when the database is being dumped, to write out this field to disk.

boolean equals(java.lang.Object obj)
          Returns true if obj is a field with the same value(s) as this one.

java.lang.String getApacheMD5CryptText()
          This server-side only method returns the Apache md5crypt()-encrypted hashed password text.

java.lang.String getApacheMD5Salt()
          Method to obtain the SALT for a stored Apache-style md5crypt()'ed password.

arlut.csd.ganymede.DBField getCopy(arlut.csd.ganymede.DBObject newOwner)
          This method is used to return a copy of this field, with the field's owner set to newOwner.

java.lang.String getDiffString(arlut.csd.ganymede.DBField orig)
          Returns a String representing the change in value between this field and orig.

java.lang.String getEncodingString()
          The default getValueString() encoding is acceptable.

java.lang.String getLANMANCryptText()
          This server-side only method returns the LANMAN-compatible password hash of the password data held in this field.

java.lang.String getMD5CryptText()
          This server-side only method returns the md5crypt()-encrypted hashed password text.

java.lang.String getMD5Salt()
          Method to obtain the SALT for a stored OpenBSD-style md5crypt()'ed password.

java.lang.String getNTUNICODECryptText()
          This server-side only method returns the Windows NT 4 SP3-compatible md4/Unicode password hash of the password data held in this field.

java.lang.String getPlainText()
          This server-side only method returns the plaintext password text, if available.

java.lang.String getSalt()
          Method to obtain the SALT for a stored crypted password.

java.lang.String getUNIXCryptText()
          This server-side only method returns the UNIX-encrypted password text.

java.lang.Object getValue()
          Standard db_field method to retrieve the value of this field.

java.lang.Object getValueLocal()
          Returns an Object carrying the value held in this field.

java.lang.String getValueString()
          This method returns a text encoded value for this DBField without checking permissions.

boolean isDefined()
          Returns true if this field has a value associated with it, or false if it is an unfilled 'placeholder'.

java.lang.Object key()
          Object value of DBField.

boolean matchPlainText(java.lang.String plaintext)
          This method is used for authenticating a provided plaintext password against the stored contents of this password field.

int maxSize()
          Returns the maximum acceptable string length for this field.

int minSize()
          Returns the minimum acceptable string length for this field.

(package private) void receive(java.io.DataInput in, arlut.csd.ganymede.DBObjectBaseField definition)
          This method is responsible for reading in the contents of this field from an binary input stream.

arlut.csd.ganymede.ReturnVal setAllHashes(java.lang.String crypt, java.lang.String md5crypt, java.lang.String apacheMd5Crypt, java.lang.String LANMAN, java.lang.String NTUnicodeMD4, boolean local, boolean noWizards)
          This method is used to force all known hashes into this password field.

arlut.csd.ganymede.ReturnVal setApacheMD5CryptedPass(java.lang.String text)
          This method is used to set a pre-crypted Apache-style MD5Crypt password for this field.

arlut.csd.ganymede.ReturnVal setApacheMD5CryptedPass(java.lang.String text, boolean local, boolean noWizards)
          This method is used to set a pre-crypted Apache-style MD5Crypt password for this field.

arlut.csd.ganymede.ReturnVal setCryptPass(java.lang.String text)
          This method is used to set a pre-crypted password for this field.

arlut.csd.ganymede.ReturnVal setCryptPass(java.lang.String text, boolean local, boolean noWizards)
          This method is used to set a pre-crypted password for this field.

arlut.csd.ganymede.ReturnVal setMD5CryptedPass(java.lang.String text)
          This method is used to set a pre-crypted OpenBSD-style MD5Crypt password for this field.

arlut.csd.ganymede.ReturnVal setMD5CryptedPass(java.lang.String text, boolean local, boolean noWizards)
          This method is used to set a pre-crypted OpenBSD-style MD5Crypt password for this field.

arlut.csd.ganymede.ReturnVal setPlainTextPass(java.lang.String plaintext)
          This method is used to set the password for this field, crypting it in various ways if this password field is stored crypted.

arlut.csd.ganymede.ReturnVal setPlainTextPass(java.lang.String plaintext, boolean local, boolean noWizards)
          This method is used to set the password for this field, crypting it in various ways if this password field is stored crypted.

arlut.csd.ganymede.ReturnVal setUndefined(boolean local)
          This method is used to mark a field as undefined when it is checked out for editing.

arlut.csd.ganymede.ReturnVal setValue(java.lang.Object value, boolean local, boolean noWizards)
          Sets the value of this field, if a scalar.

arlut.csd.ganymede.ReturnVal setWinCryptedPass(java.lang.String LANMAN, java.lang.String NTUnicodeMD4)
          This method is used to set a pre-crypted OpenBSD-style MD5Crypt password for this field.

arlut.csd.ganymede.ReturnVal setWinCryptedPass(java.lang.String LANMAN, java.lang.String NTUnicodeMD4, boolean local, boolean noWizards)
          This method is used to set a pre-crypted OpenBSD-style MD5Crypt password for this field.

private boolean streq(java.lang.String str1, java.lang.String str2)
          Convenience null-friendly string comparison helper.

arlut.csd.ganymede.ReturnVal verifyNewValue(java.lang.Object o)
          Generally only for when we get a plaintext submission..

boolean verifyTypeMatch(java.lang.Object o)
          Overridable method to determine whether an Object submitted to this field is of an appropriate type.

Methods inherited from class arlut.csd.ganymede.DBField

addElement, addElement, addElement, addElementLocal, addElements, addElements, addElements, addElements, addElementsLocal, checkpoint, cleanup, containsElement, containsElement, containsElementLocal, copyFieldTo, deleteAllElements, deleteElement, deleteElement, deleteElement, deleteElement, deleteElement, deleteElement, deleteElementLocal, deleteElementLocal, deleteElements, deleteElements, deleteElements, deleteElementsLocal, getComment, getElement, getFieldDef, getFieldDef, getFieldDef, getFieldInfo, getFieldTemplate, getID, getMaxArraySize, getName, getNameSpace, getObjTypeID, getOwner, getType, getTypeDesc, getValue, getValues, getValuesLocal, getVectorDiff, getVectVal, getXMLName, indexOfValue, isBuiltIn, isEditable, isEditable, isEditInPlace, isVector, isVisible, key, mark, mark, rescanThisField, rollback, setElement, setElement, setElement, setElementLocal, setOwner, setValue, setValue, setValueLocal, size, toString, unmark, unmark, verifyReadPermission, verifyWritePermission

Methods inherited from class java.lang.Object

finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface arlut.csd.ganymede.db_field

addElement, addElements, containsElement, deleteAllElements, deleteElement, deleteElement, deleteElements, getComment, getElement, getFieldInfo, getFieldTemplate, getID, getName, getType, getTypeDesc, getValues, isBuiltIn, isEditable, isEditInPlace, isVector, isVisible, setElement, setValue, size

Field Detail

debug

static final boolean debug

See Also:: Constant Field Values

cryptedPass

private java.lang.String cryptedPass

Traditional Unix crypt()'ed pass

md5CryptPass

private java.lang.String md5CryptPass

The complex md5crypt()'ed password, as in OpenBSD, FreeBSD, Linux PAM, etc.

apacheMd5CryptPass

private java.lang.String apacheMd5CryptPass

The complex md5crypt()'ed password, with the magic string used by Apache for their htpasswd file format.

uncryptedPass

private java.lang.String uncryptedPass

Plaintext password.. will never be saved to disk if we have cryptedPass or md5CryptPass.

lanHash

private java.lang.String lanHash

Samba LANMAN hash, for Win95 clients

ntHash

private java.lang.String ntHash

Samba md4 Unicode hash, for WinNT/2k clients

Constructor Detail

PasswordDBField

PasswordDBField(arlut.csd.ganymede.DBObject owner,
                java.io.DataInput in,
                arlut.csd.ganymede.DBObjectBaseField definition)
          throws java.io.IOException

Receive constructor. Used to create a PasswordDBField from a DBStore/DBJournal DataInput stream.

PasswordDBField

PasswordDBField(arlut.csd.ganymede.DBObject owner,
                arlut.csd.ganymede.DBObjectBaseField definition)

No-value constructor. Allows the construction of a 'non-initialized' field, for use where the DBObjectBase definition indicates that a given field may be present, but for which no value has been stored in the DBStore.

Used to provide the client a template for 'creating' this field if so desired.

PasswordDBField

public PasswordDBField(arlut.csd.ganymede.DBObject owner,
                       arlut.csd.ganymede.PasswordDBField field)

Copy constructor.

Method Detail

isDefined

public boolean isDefined()

Returns true if this field has a value associated with it, or false if it is an unfilled 'placeholder'.

Specified by:: isDefined in interface db_field
Overrides:: isDefined in class DBField

See Also:: db_field

setUndefined

public arlut.csd.ganymede.ReturnVal setUndefined(boolean local)

This method is used to mark a field as undefined when it is checked out for editing. Different subclasses of DBField will implement this in different ways. Any namespace values claimed by the field will be released, and when the transaction is committed, this field will be released.

Overrides:: setUndefined in class DBField

clear_stored

private final void clear_stored()

private helper to clear all stored password information in this field

equals

public boolean equals(java.lang.Object obj)

Returns true if obj is a field with the same value(s) as this one.

This method is ok to be synchronized because it does not call synchronized methods on any other object.

Overrides:: equals in class DBField

streq

private final boolean streq(java.lang.String str1,
                            java.lang.String str2)

Convenience null-friendly string comparison helper.

copyFieldTo

public arlut.csd.ganymede.ReturnVal copyFieldTo(arlut.csd.ganymede.PasswordDBField target,
                                                boolean local)

This method copies the current value of this DBField to target. The target DBField must be contained within a checked-out DBEditObject in order to be updated. Any actions that would normally occur from a user manually setting a value into the field will occur.

NOTE: this method is mainly used in cloning objects, and cloneFromObject doesn't allow cloning of password fields by default.

Parameters:: target - The DBField to copy this field's contents to.; local - If true, permissions checking is skipped.

key

public java.lang.Object key()

Object value of DBField. Used to represent value in value hashes. Subclasses need to override this method in subclass.

Overrides:: key in class DBField

getCopy

public arlut.csd.ganymede.DBField getCopy(arlut.csd.ganymede.DBObject newOwner)

This method is used to return a copy of this field, with the field's owner set to newOwner.

Specified by:: getCopy in class DBField

clone

public java.lang.Object clone()

Overrides:: clone in class java.lang.Object

emit

void emit(java.io.DataOutput out)
    throws java.io.IOException

Description copied from class: DBField

This method is responsible for writing out the contents of this field to an binary output stream. It is used in writing fields to the ganymede.db file and to the journal file.

This method only writes out the value contents of this field. The DBObject emit() method is responsible for writing out the field identifier information ahead of the field's contents.

Specified by:: emit in class DBField

java.io.IOException

receive

void receive(java.io.DataInput in,
             arlut.csd.ganymede.DBObjectBaseField definition)
       throws java.io.IOException

Description copied from class: DBField

This method is responsible for reading in the contents of this field from an binary input stream. It is used in reading fields from the ganymede.db file and from the journal file.

The code that calls receive() on this field is responsible for having read enough of the binary input stream's context to place the read cursor at the point in the file immediately after the field's id and type information has been read.

Specified by:: receive in class DBField

java.io.IOException

emitXML

void emitXML(arlut.csd.ganymede.XMLDumpContext dump)
       throws java.io.IOException

This method is used when the database is being dumped, to write out this field to disk. It is mated with receiveXML().

Specified by:: emitXML in class DBField

java.io.IOException

getValue

public java.lang.Object getValue()

Standard db_field method to retrieve the value of this field. Because we are holding sensitive password information, this method always returns null.. we don't want to make password values available to the client under any circumstances.

Specified by:: getValue in interface db_field
Overrides:: getValue in class DBField

See Also:: db_field

getValueLocal

public java.lang.Object getValueLocal()

Returns an Object carrying the value held in this field.

This is intended to be used within the Ganymede server, it bypasses the permissions checking that getValues() does.

Note that this method will always return null, as you need to use the special Password-specific value accessors to get access to the password information in crypted or non-crypted form.

Overrides:: getValueLocal in class DBField

getValueString

public java.lang.String getValueString()

This method returns a text encoded value for this DBField without checking permissions.

This method avoids checking permissions because it is used on the server side only and because it is involved in the getLabel() logic for DBObject, which is invoked from GanymedeSession's getPerm() method.

If this method checked permissions and the getPerm() method failed for some reason and tried to report the failure using object.getLabel(), as it does at present, the server could get into an infinite loop.

Specified by:: getValueString in interface db_field
Specified by:: getValueString in class DBField

getEncodingString

public java.lang.String getEncodingString()

The default getValueString() encoding is acceptable.

Specified by:: getEncodingString in interface db_field
Specified by:: getEncodingString in class DBField

See Also:: db_field

getDiffString

public java.lang.String getDiffString(arlut.csd.ganymede.DBField orig)

Returns a String representing the change in value between this field and orig. This String is intended for logging and email, not for any sort of programmatic activity. The format of the generated string is not defined, but is intended to be suitable for inclusion in a log entry and in an email message.

If there is no change in the field, null will be returned.

Specified by:: getDiffString in class DBField

maxSize

public int maxSize()

Returns the maximum acceptable string length for this field.

Specified by:: maxSize in interface pass_field

See Also:: pass_field

minSize

public int minSize()

Returns the minimum acceptable string length for this field.

Specified by:: minSize in interface pass_field

See Also:: pass_field

allowedChars

public java.lang.String allowedChars()

Returns a string containing the list of acceptable characters. If the string is null, it should be interpreted as meaning all characters not listed in disallowedChars() are allowable by default.

Specified by:: allowedChars in interface pass_field

See Also:: pass_field

disallowedChars

public java.lang.String disallowedChars()

Returns a string containing the list of forbidden characters for this field. If the string is null, it should be interpreted as meaning that no characters are specifically disallowed.

Specified by:: disallowedChars in interface pass_field

See Also:: pass_field

allowed

public boolean allowed(char c)

Convenience method to identify if a particular character is acceptable in this field.

Specified by:: allowed in interface pass_field

See Also:: pass_field

crypted

public boolean crypted()

Returns true if the password stored in this field is hash-crypted.

Specified by:: crypted in interface pass_field

See Also:: pass_field

matchPlainText

public boolean matchPlainText(java.lang.String plaintext)

This method is used for authenticating a provided plaintext password against the stored contents of this password field. The password field may have stored the password in plaintext, or in any of a variety of cryptographic hash formats. matchPlainText() will perform whatever operation on the provided plaintext as is required to determine whether or not it matches with the stored password data.

Specified by:: matchPlainText in interface pass_field

Returns:: true if the given plaintext matches the stored password
See Also:: pass_field