You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ze...@apache.org on 2017/10/16 09:25:58 UTC
directory-kerby git commit: DIRKRB-660 Compatibility problem with
hadoop when getting default credential cache
Repository: directory-kerby
Updated Branches:
refs/heads/cross-realm 73a612b31 -> dd0d13602
DIRKRB-660 Compatibility problem with hadoop when getting default credential cache
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/dd0d1360
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/dd0d1360
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/dd0d1360
Branch: refs/heads/cross-realm
Commit: dd0d13602da3fba5eba1b7ad01a3d351a54910e1
Parents: 73a612b
Author: zenglinx <fr...@intel.com>
Authored: Mon Oct 16 17:25:35 2017 +0800
Committer: zenglinx <fr...@intel.com>
Committed: Mon Oct 16 17:25:35 2017 +0800
----------------------------------------------------------------------
.../kerby/kerberos/tool/kinit/KinitTool.java | 43 +++++++++-
.../kerby/kerberos/tool/klist/KlistTool.java | 82 +++++++++++++++-----
2 files changed, 101 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dd0d1360/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
index e20fcaf..3b28e1f 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -39,6 +39,8 @@ import org.apache.kerby.util.SysUtil;
import java.io.Console;
import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.Arrays;
import java.util.Scanner;
@@ -213,9 +215,8 @@ public class KinitTool {
String ccacheName = ktOptions.getStringOption(KinitOption.KRB5_CACHE);
ccacheFile = new File(ccacheName);
} else {
- String ccacheName = principal.replaceAll("/", "_");
- ccacheName = "krb5_" + ccacheName + ".cc";
- ccacheFile = new File(SysUtil.getTempDir(), ccacheName);
+ String ccacheName = getCcacheName(krbClient);
+ ccacheFile = new File(ccacheName);
}
try {
@@ -260,6 +261,40 @@ public class KinitTool {
return krbClient;
}
+ /**
+ * Get credential cache file name if not specified.
+ */
+ private static String getCcacheName(KrbClient krbClient) {
+ final String ccacheNameEnv = System.getenv("KRB5CCNAME");
+ final String ccacheNameConf = krbClient.getSetting().getKrbConfig().getString("default_ccache_name");
+ String ccacheName;
+ if (ccacheNameEnv != null) {
+ ccacheName = ccacheNameEnv;
+ } else if (ccacheNameConf != null) {
+ ccacheName = ccacheNameConf;
+ } else {
+ StringBuilder uid = new StringBuilder();
+ try {
+ //Get UID through "id -u" command
+ String command = "id -u";
+ Process child = Runtime.getRuntime().exec(command);
+ InputStream in = child.getInputStream();
+ int c;
+ while ((c = in.read()) != -1) {
+ uid.append((char) c);
+ }
+ in.close();
+ } catch (IOException e) {
+ System.err.println("Failed to get UID.");
+ System.exit(1);
+ }
+ ccacheName = "krb5cc_" + uid.toString().trim();
+ ccacheName = SysUtil.getTempDir().toString() + "/" + ccacheName;
+ }
+
+ return ccacheName;
+ }
+
public static void main(String[] args) {
KOptions ktOptions = new KOptions();
KinitOption kto;
@@ -305,7 +340,7 @@ public class KinitTool {
}
if (!ktOptions.contains(KinitOption.CONF_DIR)) {
- printUsage("No conf dir given. ");
+ printUsage("No conf dir given.");
}
if (principal == null) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dd0d1360/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
index bfd3c22..6103da0 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
@@ -21,13 +21,16 @@ package org.apache.kerby.kerberos.tool.klist;
import org.apache.kerby.KOptionType;
import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.ccache.Credential;
import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.util.HexUtil;
import org.apache.kerby.util.OSUtil;
+import org.apache.kerby.util.SysUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -84,29 +87,26 @@ public class KlistTool {
CredentialCache cc = new CredentialCache();
List<Credential> credentials;
InputStream cis = null;
- String error;
- String fileName = null;
+ String fileName;
if (!klOptions.contains(KlistOption.CREDENTIALS_CACHE)) {
- error = "No credential cache path given.";
- printUsage(error);
+ fileName = getCcacheName();
} else {
fileName = klOptions.getStringOption(KlistOption.CREDENTIALS_CACHE);
+ }
+ try {
+ cis = Files.newInputStream(Paths.get(fileName));
+ cc.load(cis);
+ } catch (IOException e) {
+ LOG.error("Failed to open CredentialCache from file: " + fileName + ". " + e.toString());
+ } finally {
try {
- cis = Files.newInputStream(Paths.get(fileName));
- cc.load(cis);
- } catch (IOException e) {
- LOG.error("Failed to open CredentialCache from file: " + fileName + ". " + e.toString());
- } finally {
- try {
- if (cis != null) {
- cis.close();
- }
- } catch (IOException e) {
- LOG.warn("Fail to close input stream. " + e);
+ if (cis != null) {
+ cis.close();
}
+ } catch (IOException e) {
+ LOG.warn("Fail to close input stream. " + e);
}
-
}
if (cc != null) {
@@ -118,22 +118,64 @@ public class KlistTool {
if (credentials.isEmpty()) {
System.out.println("No credential has been cached.");
} else {
- DateFormat df = new SimpleDateFormat("dd/MM/yy HH:mm:ss");
+ DateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
System.out.println("Valid starting\t\tExpires\t\t\tService principal");
for (Credential crd : credentials) {
System.out.println(df.format(crd.getStartTime().getTime()) + "\t"
- + df.format(crd.getEndTime().getTime()) + "\t"
- + crd.getServerName());
+ + df.format(crd.getEndTime().getTime()) + "\t"
+ + crd.getServerName() + "\n"
+ + "\t" + "renew until" + "\t" + df.format(crd.getRenewTill().getTime()));
}
}
-
}
return 0;
}
+ /**
+ * Get credential cache file name if not specified.
+ */
+ private static String getCcacheName() {
+ String ccacheName;
+ String ccacheNameEnv = System.getenv("KRB5CCNAME");
+ String ccacheNameConf = null;
+ File confDir = new File("/etc");
+ try {
+ KrbClient krbClient = new KrbClient(confDir);
+ ccacheNameConf = krbClient.getSetting().getKrbConfig().getString("default_ccache_name");
+ } catch (KrbException e) {
+ System.err.println("Create krbClient failed: " + e.getMessage());
+ System.exit(1);
+ }
+ if (ccacheNameEnv != null) {
+ ccacheName = ccacheNameEnv;
+ } else if (ccacheNameConf != null) {
+ ccacheName = ccacheNameConf;
+ } else {
+ StringBuilder uid = new StringBuilder();
+ try {
+ //Get UID through "id -u" command
+ String command = "id -u";
+ Process child = Runtime.getRuntime().exec(command);
+ InputStream in = child.getInputStream();
+ int c;
+ while ((c = in.read()) != -1) {
+ uid.append((char) c);
+ }
+ in.close();
+ } catch (IOException e) {
+ System.err.println("Failed to get UID.");
+ System.exit(1);
+ }
+ ccacheName = "krb5cc_" + uid.toString().trim();
+ ccacheName = SysUtil.getTempDir().toString() + "/" + ccacheName;
+ }
+
+ return ccacheName;
+ }
+
private static int printKeytabInfo(KOptions klOptions) {
String[] header = new String[4];
header[0] = "KVNO Principal\n"