You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ha...@apache.org on 2015/03/13 08:14:23 UTC
directory-kerberos git commit: 1. Packing kinit 2. Create client with
configuration file in kinit 3. Enhance krb client to support kdc_realm in
configuration file
Repository: directory-kerberos
Updated Branches:
refs/heads/master cb5c66e92 -> 580d79c7a
1. Packing kinit
2. Create client with configuration file in kinit
3. Enhance krb client to support kdc_realm in configuration file
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/580d79c7
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/580d79c7
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/580d79c7
Branch: refs/heads/master
Commit: 580d79c7a9c13a2d3a83e712ab982d9e41c22e1f
Parents: cb5c66e
Author: chenlin1 <li...@intel.com>
Authored: Fri Mar 13 15:14:12 2015 +0800
Committer: chenlin1 <li...@intel.com>
Committed: Fri Mar 13 15:14:12 2015 +0800
----------------------------------------------------------------------
kdc-tool/kinit/kinit-dist/bin/kinit.sh | 19 ++++++++
kdc-tool/kinit/pom.xml | 30 ++++++++++++
.../org/apache/kerby/kerberos/tool/Kinit.java | 50 ++++++++++++++------
.../kerby/kerberos/kerb/client/KrbConfig.java | 2 +-
.../kerberos/kerb/client/KrbConfigKey.java | 2 +-
.../kerberos/kerb/client/TestKrbConfigLoad.java | 1 +
.../kerb-client/src/test/resources/krb5.conf | 1 +
7 files changed, 88 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kdc-tool/kinit/kinit-dist/bin/kinit.sh
----------------------------------------------------------------------
diff --git a/kdc-tool/kinit/kinit-dist/bin/kinit.sh b/kdc-tool/kinit/kinit-dist/bin/kinit.sh
new file mode 100644
index 0000000..ebbb466
--- /dev/null
+++ b/kdc-tool/kinit/kinit-dist/bin/kinit.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+confdir=/etc/kerby/krb/conf
+java -jar ../kinit/kinit-1.0-SNAPSHOT-jar-with-dependencies.jar confdir $@
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kdc-tool/kinit/pom.xml
----------------------------------------------------------------------
diff --git a/kdc-tool/kinit/pom.xml b/kdc-tool/kinit/pom.xml
index 0fd40ae..64c877c 100644
--- a/kdc-tool/kinit/pom.xml
+++ b/kdc-tool/kinit/pom.xml
@@ -51,4 +51,34 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.2</version>
+ <executions>
+ <execution>
+ <id>dist</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <archive>
+ <manifest>
+ <mainClass>org.apache.kerby.kerberos.tool.Kinit</mainClass>
+ </manifest>
+ </archive>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ <outputDirectory>kinit-dist/kinit</outputDirectory>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java
----------------------------------------------------------------------
diff --git a/kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java b/kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java
index 83f63a9..ce0cbc0 100644
--- a/kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java
+++ b/kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java
@@ -19,10 +19,14 @@
*/
package org.apache.kerby.kerberos.tool;
+import org.apache.kerby.config.Conf;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import java.io.Console;
+import java.io.File;
+import java.io.IOException;
import java.util.Arrays;
import java.util.Scanner;
@@ -49,36 +53,40 @@ public class Kinit {
}
}
+ /**
+ * args[0] is the configuration directory written in script.
+ * args[length - 1] is principal
+ */
private int execute(String[] args) {
- if (args.length < 1 || args.length > 3) {
+ if (args.length < 2 || args.length > 4) {
printUsage("");
return -1;
}
//no options
- if (args.length == 1) {
- return requestTicket(args, 0);
+ if (args.length == 2) {
+ return requestTicket(args, 1);
}
int exitCode = -1;
- int i = 0;
+ int i = 1;
String cmd = args[i];
//
// verify that we have enough option parameters
//
if ("-l".equals(cmd)) {
- if (args.length != 3) {
+ if (args.length != 4) {
printUsage(cmd);
return exitCode;
}
} else if ("-f".equals(cmd)) {
- if (args.length != 2) {
+ if (args.length != 3) {
printUsage(cmd);
return exitCode;
}
} else if ("-F".equals(cmd)) {
- if (args.length != 2) {
+ if (args.length != 3) {
printUsage(cmd);
return exitCode;
}
@@ -101,11 +109,23 @@ public class Kinit {
/**
* Init the KrbClient
*/
- private KrbClient getClient() {
- KrbClient krbClient = new KrbClient();
+ private KrbClient createClient(String confDirString) {
+ KrbConfig krbConfig = new KrbConfig();
+ Conf conf = krbConfig.getConf();
+
+ File confDir = new File(confDirString);
+ File[] files = confDir.listFiles();
+ try {
+ for (File file : files) {
+ conf.addIniConfig(file);
+ }
+ } catch (IOException e) {
+ System.err.println("Something wrong with krb configuration.");
+ e.printStackTrace();
+ }
+
+ KrbClient krbClient = new KrbClient(krbConfig);
krbClient.init();
- //TODO should be read from configuration
- krbClient.setKdcRealm("TEST.COM");
return krbClient;
}
@@ -129,7 +149,7 @@ public class Kinit {
private int requestTicket(String[] args, int i) {
String principal = args[i];
- KrbClient client = getClient();
+ KrbClient client = createClient(args[0]);
String password = getPassword(principal);
try {
@@ -144,7 +164,7 @@ public class Kinit {
private int ticketWithLifetime(String[] args, int i) {
String lifetime = args[i];
String principal = args[i];
- KrbClient client = getClient();
+ KrbClient client = createClient(args[0]);
String password = getPassword(principal);
try {
//TODO
@@ -157,7 +177,7 @@ public class Kinit {
private int ticketForwardable(String[] args, int i) {
String principal = args[i];
- KrbClient client = getClient();
+ KrbClient client = createClient(args[0]);
String password = getPassword(principal);
try {
//TODO
@@ -170,7 +190,7 @@ public class Kinit {
private int ticketNonForwardable(String[] args, int i) {
String principal = args[i];
- KrbClient client = getClient();
+ KrbClient client = createClient(args[0]);
String password = getPassword(principal);
try {
//TODO
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index 9317424..7f5cf40 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -90,7 +90,7 @@ public class KrbConfig {
}
public String getKdcRealm() {
- return conf.getString(KrbConfigKey.KDC_REALM);
+ return KrbConfHelper.getStringUnderSection(conf, KrbConfigKey.KDC_REALM);
}
public String getKdcDomain() {
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index bbd3623..2350529 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -29,7 +29,7 @@ public enum KrbConfigKey implements SectionConfigKey {
KDC_UDP_PORT(8016),
KDC_TCP_PORT(8015),
KDC_DOMAIN("example.com"),
- KDC_REALM("EXAMPLE.COM"),
+ KDC_REALM("EXAMPLE.COM", "libdefaults"),
TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
PREAUTH_REQUIRED(true),
CLOCKSKEW(5 * 60L, "libdefaults"),
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
index 26fb38e..a840fd7 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
@@ -46,6 +46,7 @@ public class TestKrbConfigLoad {
conf.addIniConfig(confFile);
assertThat(krbConfig.getDefaultRealm()).isEqualTo("KRB.COM");
+ assertThat(krbConfig.getKdcRealm()).isEqualTo("TEST.COM");
assertThat(krbConfig.getDnsLookUpKdc()).isFalse();
assertThat(krbConfig.getDnsLookUpRealm()).isFalse();
assertThat(krbConfig.getAllowWeakCrypto()).isTrue();
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/580d79c7/kerby-kerb/kerb-client/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/krb5.conf b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
index 4222475..3c582f6 100644
--- a/kerby-kerb/kerb-client/src/test/resources/krb5.conf
+++ b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
@@ -17,6 +17,7 @@
#
[libdefaults]
default_realm = KRB.COM
+ kdc_realm = TEST.COM
dns_lookup_kdc = false
dns_lookup_realm = false
allow_weak_crypto = true