You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/04/12 14:39:55 UTC
directory-kerby git commit: DIRKRB-201 Netty based KDC server
implementation
Repository: directory-kerby
Updated Branches:
refs/heads/master b61f74964 -> 0633ad96c
DIRKRB-201 Netty based KDC server implementation
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0633ad96
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0633ad96
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0633ad96
Branch: refs/heads/master
Commit: 0633ad96c109a771a5898b4e8a22c01cafac9e2e
Parents: b61f749
Author: Drankye <dr...@gmail.com>
Authored: Sun Apr 12 20:39:23 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Sun Apr 12 20:39:23 2015 +0800
----------------------------------------------------------------------
kerby-kdc-test/pom.xml | 2 +-
.../apache/kerby/kerberos/kdc/KerbyKdcTest.java | 11 +-
kerby-kdc/pom.xml | 6 +
.../kerby/kerberos/kdc/KerbyKdcServer.java | 83 +++++++-------
.../kerberos/kdc/impl/NettyKdcHandler.java | 60 ++++++++++
.../kerberos/kdc/impl/NettyKdcNetwork.java | 108 ++++++++++++++++++
.../kerberos/kdc/impl/NettyKdcServerImpl.java | 77 +++++++++++++
.../kerby/kerberos/kerb/server/KdcTestBase.java | 1 +
.../kerby/kerberos/kerb/server/KdcTest.java | 6 +-
.../kerberos/kerb/server/InternalKdcServer.java | 59 ++++++++++
.../kerby/kerberos/kerb/server/KdcHandler.java | 90 +++++++++++++++
.../kerby/kerberos/kerb/server/KdcServer.java | 25 +++-
.../kerberos/kerb/server/KdcServerOption.java | 1 +
.../impl/DefaultInternalKdcServerImpl.java | 84 ++++++++++++++
.../kerb/server/impl/DefaultKdcHandler.java | 69 +++++++++++
.../kerb/server/impl/InternalKdcServer.java | 59 ----------
.../kerb/server/impl/InternalKdcServerImpl.java | 84 --------------
.../kerberos/kerb/server/impl/KdcHandler.java | 114 -------------------
.../kerb/server/impl/event/EventKdcHandler.java | 52 +--------
.../kerb/server/request/KdcRequest.java | 2 +-
20 files changed, 637 insertions(+), 356 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/pom.xml b/kerby-kdc-test/pom.xml
index daf2268..fe19e63 100644
--- a/kerby-kdc-test/pom.xml
+++ b/kerby-kdc-test/pom.xml
@@ -44,7 +44,7 @@
</dependency>
<dependency>
<groupId>org.apache.kerby</groupId>
- <artifactId>kerb-server</artifactId>
+ <artifactId>kerby-kdc</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
index 5b62724..cd82798 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
@@ -19,6 +19,7 @@
*/
package org.apache.kerby.kerberos.kdc;
+import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
@@ -30,12 +31,16 @@ import static org.assertj.core.api.Assertions.assertThat;
public abstract class KerbyKdcTest extends KdcTestBase {
- private String password = "123456";
+ @Override
+ protected void prepareKdcServer() throws Exception {
+ super.prepareKdcServer();
+ kdcServer.setInnerKdcImpl(new NettyKdcServerImpl());
+ }
@Override
protected void createPrincipals() {
super.createPrincipals();
- kdcServer.createPrincipal(clientPrincipal, password);
+ kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);
}
protected void performKdcTest() throws Exception {
@@ -50,7 +55,7 @@ public abstract class KerbyKdcTest extends KdcTestBase {
ServiceTicket tkt;
try {
- tgt = krbClnt.requestTgtWithPassword(clientPrincipal, password);
+ tgt = krbClnt.requestTgtWithPassword(clientPrincipal, TEST_PASSWORD);
assertThat(tgt).isNotNull();
tkt = krbClnt.requestServiceTicketWithTgt(tgt, serverPrincipal);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc/pom.xml b/kerby-kdc/pom.xml
index aed146a..e1a8cf7 100644
--- a/kerby-kdc/pom.xml
+++ b/kerby-kdc/pom.xml
@@ -37,6 +37,12 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-all</artifactId> <!-- TODO: limited -->
+ <version>4.0.0.Final</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index a08b1ff..bb0a14c 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -19,6 +19,7 @@
*/
package org.apache.kerby.kerberos.kdc;
+import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
@@ -36,44 +37,10 @@ import java.util.UUID;
public class KerbyKdcServer extends KdcServer {
private static KerbyKdcServer server;
- private static final String USAGE = "Usage: " +
- KerbyKdcServer.class.getSimpleName() +
- " -start conf-dir working-dir|-start|-stop";
-
- public static void main(String[] args) {
- if (args.length == 0) {
- System.err.println(USAGE);
- return;
- }
-
- if (args[0].equals("-start")) {
- String confDir;
- String workDir;
- if(args.length == 1) {
- confDir = "/etc/kerby/";
- workDir = "/tmp/";
- } else if (args.length == 3) {
- confDir = args[1];
- workDir = args[2];
- } else {
- System.err.println(USAGE);
- return;
- }
- server = new KerbyKdcServer();
- server.setWorkDir(new File(workDir));
- server.setConfDir(new File(confDir));
- server.init();
-
- server.createTgtPrincipal();
-
- server.start();
- System.out.println("KDC started.");
- } else if (args[0].equals("-stop")) {
- //server.stop();//FIXME can't get the server instance here
- System.out.println("KDC Server stopped.");
- } else {
- System.err.println(USAGE);
- }
+ @Override
+ public void init() {
+ innerKdc = new NettyKdcServerImpl();
+ innerKdc.init(commonOptions);
}
/**
@@ -116,4 +83,44 @@ public class KerbyKdcServer extends KdcServer {
}
return principal;
}
+
+ private static final String USAGE = "Usage: " +
+ KerbyKdcServer.class.getSimpleName() +
+ " -start conf-dir working-dir|-start|-stop";
+
+ public static void main(String[] args) {
+ if (args.length == 0) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ if (args[0].equals("-start")) {
+ String confDir;
+ String workDir;
+ if(args.length == 1) {
+ confDir = "/etc/kerby/";
+ workDir = "/tmp/";
+ } else if (args.length == 3) {
+ confDir = args[1];
+ workDir = args[2];
+ } else {
+ System.err.println(USAGE);
+ return;
+ }
+ server = new KerbyKdcServer();
+ server.setWorkDir(new File(workDir));
+ server.setConfDir(new File(confDir));
+ server.init();
+
+ server.createTgtPrincipal();
+
+ server.start();
+ System.out.println("KDC started.");
+ } else if (args[0].equals("-stop")) {
+ //server.stop();//FIXME can't get the server instance here
+ System.out.println("KDC Server stopped.");
+ } else {
+ System.err.println(USAGE);
+ }
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
new file mode 100644
index 0000000..67477b7
--- /dev/null
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc.impl;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.Unpooled;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelInboundHandlerAdapter;
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.KdcHandler;
+
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+
+public class NettyKdcHandler extends ChannelInboundHandlerAdapter {
+ private final KdcHandler myKdcHandler;
+
+ public NettyKdcHandler(KdcContext kdcContext) {
+ this.myKdcHandler = new KdcHandler(kdcContext);
+ }
+
+ @Override
+ public void channelRead(ChannelHandlerContext ctx,
+ Object msg) throws Exception {
+ ByteBuf byteBuf = (ByteBuf) msg;
+ byte[] msgBytes = new byte[byteBuf.readableBytes()];
+ byteBuf.readBytes(msgBytes);
+ ByteBuffer requestMessage = ByteBuffer.wrap(msgBytes);
+
+ InetSocketAddress clientAddress =
+ (InetSocketAddress) ctx.channel().remoteAddress();
+ boolean isTcp = true; //TODO:
+ try {
+ ByteBuffer responseMessage = myKdcHandler.handleMessage(requestMessage,
+ isTcp, clientAddress.getAddress());
+ ctx.writeAndFlush(Unpooled.wrappedBuffer(responseMessage));
+ } catch (Exception e) {
+ //TODO: log the error
+ System.out.println("Error occured while processing request:"
+ + e.getMessage());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
new file mode 100644
index 0000000..119e089
--- /dev/null
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc.impl;
+
+import io.netty.bootstrap.ServerBootstrap;
+import io.netty.channel.*;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.SocketChannel;
+import io.netty.channel.socket.nio.NioServerSocketChannel;
+import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
+import io.netty.handler.logging.LogLevel;
+import io.netty.handler.logging.LoggingHandler;
+import io.netty.util.concurrent.DefaultEventExecutorGroup;
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+
+/**
+ * A combined and mixed network server handling UDP and TCP.
+ */
+public class NettyKdcNetwork {
+ private KdcContext kdcContext;
+ private InetSocketAddress tcpAddress;
+ private InetSocketAddress udpAddress;
+ private EventLoopGroup bossGroup;
+ private EventLoopGroup workerGroup;
+
+ public void init(KdcContext kdcContext) {
+ this.kdcContext = kdcContext;
+ // Configure the server.
+ bossGroup = new NioEventLoopGroup(1);
+ workerGroup = new NioEventLoopGroup();
+ }
+
+ public void listen(InetSocketAddress tcpAddress,
+ InetSocketAddress udpAddress) throws IOException {
+ this.tcpAddress = tcpAddress;
+ this.udpAddress = udpAddress;
+
+
+ if (udpAddress != null) {
+
+ }
+ }
+
+ public void start() {
+ try {
+ doStart();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private void doStart() throws Exception {
+ ServerBootstrap b = new ServerBootstrap();
+ b.group(bossGroup, workerGroup)
+ .channel(NioServerSocketChannel.class)
+ .option(ChannelOption.SO_BACKLOG, 100)
+ .handler(new LoggingHandler(LogLevel.INFO))
+ .childHandler(createChannelInitializer());
+
+ // Start the server.
+ b.bind(tcpAddress.getPort());
+ }
+
+ static class KrbMessageDecoder extends LengthFieldBasedFrameDecoder {
+ public KrbMessageDecoder() {
+ super(1 * 1024 * 1024, 0, 4, 0, 4, true);
+ }
+ }
+
+ private ChannelInitializer createChannelInitializer() {
+ return new ChannelInitializer<SocketChannel>() {
+ @Override
+ public void initChannel(SocketChannel ch) throws Exception {
+ ChannelPipeline p = ch.pipeline();
+ p.addLast(new KrbMessageDecoder());
+ p.addLast(new DefaultEventExecutorGroup(10), //TODO: to configure.
+ "KDC_HANDLER",
+ new NettyKdcHandler(kdcContext));
+ }
+ };
+ }
+
+ public synchronized void stop() {
+ // Shut down all event loops to terminate all threads.
+ bossGroup.shutdownGracefully();
+ workerGroup.shutdownGracefully();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
new file mode 100644
index 0000000..276af8f
--- /dev/null
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc.impl;
+
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.impl.AbstractInternalKdcServer;
+import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
+
+import java.net.InetSocketAddress;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * A Netty based KDC server implementation.
+ */
+public class NettyKdcServerImpl extends AbstractInternalKdcServer {
+ private ExecutorService executor;
+ private KdcContext kdcContext;
+ private NettyKdcNetwork network;
+
+ @Override
+ protected void doStart() throws Exception {
+ super.doStart();
+
+ prepareHandler();
+
+ executor = Executors.newCachedThreadPool();
+
+ network = new NettyKdcNetwork();
+
+ network.init(kdcContext);
+
+ InetSocketAddress tcpAddress, udpAddress = null;
+ tcpAddress = new InetSocketAddress(getSetting().getKdcHost(),
+ getSetting().getKdcTcpPort());
+ if (getSetting().allowUdp()) {
+ udpAddress = new InetSocketAddress(getSetting().getKdcHost(),
+ getSetting().getKdcUdpPort());
+ }
+ network.listen(tcpAddress, udpAddress);
+ network.start();
+ }
+
+ private void prepareHandler() {
+ kdcContext = new KdcContext(getSetting());
+ kdcContext.setIdentityService(getBackend());
+ PreauthHandler preauthHandler = new PreauthHandler();
+ preauthHandler.init(kdcContext.getConfig());
+ kdcContext.setPreauthHandler(preauthHandler);
+ }
+
+ @Override
+ protected void doStop() throws Exception {
+ super.doStop();
+
+ network.stop();
+
+ executor.shutdownNow();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 46a9add..b0e0214 100644
--- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -27,6 +27,7 @@ import java.io.IOException;
import java.net.ServerSocket;
public abstract class KdcTestBase {
+ protected static final String TEST_PASSWORD = "123456";
protected String kdcRealm;
protected String clientPrincipal;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index d959c8c..12d3aa9 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -29,12 +29,10 @@ import static org.assertj.core.api.Assertions.assertThat;
public abstract class KdcTest extends KdcTestBase {
- private String password = "123456";
-
@Override
protected void createPrincipals() {
super.createPrincipals();
- kdcServer.createPrincipal(clientPrincipal, password);
+ kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);
}
protected void performKdcTest() throws Exception {
@@ -49,7 +47,7 @@ public abstract class KdcTest extends KdcTestBase {
ServiceTicket tkt;
try {
- tgt = krbClnt.requestTgtWithPassword(clientPrincipal, password);
+ tgt = krbClnt.requestTgtWithPassword(clientPrincipal, TEST_PASSWORD);
assertThat(tgt).isNotNull();
tkt = krbClnt.requestServiceTicketWithTgt(tgt, serverPrincipal);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
new file mode 100644
index 0000000..dae169e
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+
+/**
+ * An internal KDC server interface.
+ */
+public interface InternalKdcServer {
+
+ /**
+ * Initialize with KDC startup options.
+ * @param options
+ */
+ public void init(KOptions options);
+
+ /**
+ * Start the KDC server.
+ */
+ public void start();
+
+ /**
+ * Stop the KDC server.
+ */
+ public void stop();
+
+ /**
+ * Get KDC setting.
+ * @return setting
+ */
+ public KdcSetting getSetting();
+
+ /**
+ * Get identity service.
+ * @return IdentityService
+ */
+ public IdentityService getIdentityService();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
new file mode 100644
index 0000000..95ec7f0
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
+import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
+import org.apache.kerby.kerberos.kerb.spec.base.KrbMessage;
+import org.apache.kerby.kerberos.kerb.spec.base.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
+
+import java.net.InetAddress;
+import java.nio.ByteBuffer;
+
+/**
+ * KDC handler to process client requests. Currently only one realm is supported.
+ */
+public class KdcHandler {
+ private final KdcContext kdcContext;
+
+ public KdcHandler(KdcContext kdcContext) {
+ this.kdcContext = kdcContext;
+ }
+
+ public ByteBuffer handleMessage(ByteBuffer message, boolean isTcp,
+ InetAddress remoteAddress) throws Exception {
+ KrbMessage krbRequest = KrbUtil.decodeMessage(message);
+ KdcRequest kdcRequest = null;
+
+ KrbMessageType messageType = krbRequest.getMsgType();
+ if (messageType == KrbMessageType.TGS_REQ || messageType
+ == KrbMessageType.AS_REQ) {
+ KdcReq kdcReq = (KdcReq) krbRequest;
+ String realm = getRequestRealm(kdcReq);
+ if (realm == null || ! kdcContext.getKdcRealm().equals(realm)) {
+ throw new KrbException("Invalid realm from kdc request: " + realm);
+ }
+
+ if (messageType == KrbMessageType.TGS_REQ) {
+ kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
+ } else if (messageType == KrbMessageType.AS_REQ) {
+ kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
+ }
+ }
+
+ kdcRequest.setClientAddress(remoteAddress);
+ kdcRequest.isTcp(isTcp);
+
+ kdcRequest.process();
+
+ KrbMessage krbResponse = kdcRequest.getReply();
+ int bodyLen = krbResponse.encodingLength();
+ ByteBuffer responseMessage = ByteBuffer.allocate(bodyLen + 4);
+ responseMessage.putInt(bodyLen);
+ krbResponse.encode(responseMessage);
+ responseMessage.flip();
+
+ return responseMessage;
+ }
+
+ private String getRequestRealm(KdcReq kdcReq) {
+ String realm = kdcReq.getReqBody().getRealm();
+ if (realm == null && kdcReq.getReqBody().getCname() != null) {
+ realm = kdcReq.getReqBody().getCname().getRealm();
+ }
+
+ return realm;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index 8671651..ff3e22e 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -21,15 +21,14 @@ package org.apache.kerby.kerberos.kerb.server;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.identity.IdentityService;
-import org.apache.kerby.kerberos.kerb.server.impl.InternalKdcServer;
-import org.apache.kerby.kerberos.kerb.server.impl.InternalKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.server.impl.DefaultInternalKdcServerImpl;
import org.apache.kerby.kerberos.kerb.server.impl.event.EventBasedKdcServer;
import java.io.File;
public class KdcServer {
- private KOptions commonOptions;
- private InternalKdcServer innerKdc;
+ protected KOptions commonOptions;
+ protected InternalKdcServer innerKdc;
/**
* Default constructor.
@@ -122,11 +121,22 @@ public class KdcServer {
commonOptions.add(KdcServerOption.WORK_DIR, workDir);
}
+ /**
+ * Allow to debug so have more logs.
+ */
public void enableDebug() {
commonOptions.add(KdcServerOption.ENABLE_DEBUG);
}
/**
+ * Allow to hook customized kdc implementation.
+ * @param innerKdcImpl
+ */
+ public void setInnerKdcImpl(InternalKdcServer innerKdcImpl) {
+ commonOptions.add(KdcServerOption.INNER_KDC_IMPL, innerKdcImpl);
+ }
+
+ /**
* Get KDC setting from startup options and configs.
* Note it must be called after init().
* @return setting
@@ -153,10 +163,13 @@ public class KdcServer {
* Init the KDC server.
*/
public void init() {
- if (commonOptions.contains(KdcServerOption.USE_EVENT_MODEL)) {
+ if (commonOptions.contains(KdcServerOption.INNER_KDC_IMPL)) {
+ innerKdc = (InternalKdcServer) commonOptions.getOptionValue(
+ KdcServerOption.INNER_KDC_IMPL);
+ } else if (commonOptions.contains(KdcServerOption.USE_EVENT_MODEL)) {
innerKdc = new EventBasedKdcServer();
} else {
- innerKdc = new InternalKdcServerImpl();
+ innerKdc = new DefaultInternalKdcServerImpl();
}
innerKdc.init(commonOptions);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
index 63a952d..d2a5ddf 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
@@ -28,6 +28,7 @@ import org.apache.kerby.KOptionType;
public enum KdcServerOption implements KOption {
NONE("NONE"),
USE_EVENT_MODEL("use event model", KOptionType.NOV),
+ INNER_KDC_IMPL("inner KDC impl", KOptionType.OBJ),
KDC_CONFIG("kdc config", KOptionType.OBJ),
BACKEND_CONFIG("backend config", KOptionType.OBJ),
CONF_DIR("conf dir", KOptionType.DIR),
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
new file mode 100644
index 0000000..491d55a
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server.impl;
+
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
+import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+
+import java.net.InetSocketAddress;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * A default KDC server implementation.
+ */
+public class DefaultInternalKdcServerImpl extends AbstractInternalKdcServer {
+ private ExecutorService executor;
+ private KdcContext kdcContext;
+ private KdcNetwork network;
+
+ @Override
+ protected void doStart() throws Exception {
+ super.doStart();
+
+ prepareHandler();
+
+ executor = Executors.newCachedThreadPool();
+
+ network = new KdcNetwork() {
+ @Override
+ protected void onNewTransport(KrbTransport transport) {
+ DefaultKdcHandler kdcHandler = new DefaultKdcHandler(kdcContext, transport);
+ executor.execute(kdcHandler);
+ }
+ };
+
+ network.init();
+
+ InetSocketAddress tcpAddress, udpAddress = null;
+ tcpAddress = new InetSocketAddress(getSetting().getKdcHost(),
+ getSetting().getKdcTcpPort());
+ if (getSetting().allowUdp()) {
+ udpAddress = new InetSocketAddress(getSetting().getKdcHost(),
+ getSetting().getKdcUdpPort());
+ }
+ network.listen(tcpAddress, udpAddress);
+ network.start();
+ }
+
+ private void prepareHandler() {
+ kdcContext = new KdcContext(getSetting());
+ kdcContext.setIdentityService(getBackend());
+ PreauthHandler preauthHandler = new PreauthHandler();
+ preauthHandler.init(kdcContext.getConfig());
+ kdcContext.setPreauthHandler(preauthHandler);
+ }
+
+ @Override
+ protected void doStop() throws Exception {
+ super.doStop();
+
+ network.stop();
+
+ executor.shutdownNow();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
new file mode 100644
index 0000000..9604c05
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server.impl;
+
+import org.apache.kerby.kerberos.kerb.server.KdcHandler;
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+
+import java.net.InetAddress;
+import java.nio.ByteBuffer;
+
+public class DefaultKdcHandler extends KdcHandler implements Runnable {
+ private final KrbTransport transport;
+
+ public DefaultKdcHandler(KdcContext kdcContext, KrbTransport transport) {
+ super(kdcContext);
+ this.transport = transport;
+ }
+
+ @Override
+ public void run() {
+ while (true) {
+ try {
+ ByteBuffer message = transport.receiveMessage();
+ if (message == null) {
+ System.out.println("No valid request recved. Disconnect actively");
+ transport.release();
+ break;
+ }
+ handleMessage(message);
+ } catch (Exception e) {
+ System.out.println("Transport or decoding error occurred"
+ + e.getMessage());
+ }
+ }
+ }
+
+ protected void handleMessage(ByteBuffer message) throws Exception {
+ InetAddress clientAddress = transport.getRemoteAddress();
+ boolean isTcp = (transport instanceof KrbTcpTransport);
+
+ try {
+ ByteBuffer krbResponse = handleMessage(message, isTcp, clientAddress);
+ transport.sendMessage(krbResponse);
+ } catch (Exception e) {
+ //TODO: log the error
+ System.out.println("Error occured while processing request:"
+ + e.getMessage());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java
deleted file mode 100644
index 92d3450..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server.impl;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
-import org.apache.kerby.kerberos.kerb.server.KdcContext;
-import org.apache.kerby.kerberos.kerb.server.KdcSetting;
-
-/**
- * An internal KDC server interface.
- */
-public interface InternalKdcServer {
-
- /**
- * Initialize with KDC startup options.
- * @param options
- */
- public void init(KOptions options);
-
- /**
- * Start the KDC server.
- */
- public void start();
-
- /**
- * Stop the KDC server.
- */
- public void stop();
-
- /**
- * Get KDC setting.
- * @return setting
- */
- public KdcSetting getSetting();
-
- /**
- * Get identity service.
- * @return IdentityService
- */
- public IdentityService getIdentityService();
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServerImpl.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServerImpl.java
deleted file mode 100644
index 010bae1..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServerImpl.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server.impl;
-
-import org.apache.kerby.kerberos.kerb.server.KdcContext;
-import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
-import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
-import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
-
-import java.net.InetSocketAddress;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-
-/**
- * A default KDC server implementation.
- */
-public class InternalKdcServerImpl extends AbstractInternalKdcServer {
- private ExecutorService executor;
- private KdcContext kdcContext;
- private KdcNetwork network;
-
- @Override
- protected void doStart() throws Exception {
- super.doStart();
-
- prepareHandler();
-
- executor = Executors.newCachedThreadPool();
-
- network = new KdcNetwork() {
- @Override
- protected void onNewTransport(KrbTransport transport) {
- KdcHandler kdcHandler = new KdcHandler(kdcContext, transport);
- executor.execute(kdcHandler);
- }
- };
-
- network.init();
-
- InetSocketAddress tcpAddress, udpAddress = null;
- tcpAddress = new InetSocketAddress(getSetting().getKdcHost(),
- getSetting().getKdcTcpPort());
- if (getSetting().allowUdp()) {
- udpAddress = new InetSocketAddress(getSetting().getKdcHost(),
- getSetting().getKdcUdpPort());
- }
- network.listen(tcpAddress, udpAddress);
- network.start();
- }
-
- private void prepareHandler() {
- kdcContext = new KdcContext(getSetting());
- kdcContext.setIdentityService(getBackend());
- PreauthHandler preauthHandler = new PreauthHandler();
- preauthHandler.init(kdcContext.getConfig());
- kdcContext.setPreauthHandler(preauthHandler);
- }
-
- @Override
- protected void doStop() throws Exception {
- super.doStop();
-
- network.stop();
-
- executor.shutdownNow();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/KdcHandler.java
deleted file mode 100644
index 46e9395..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/KdcHandler.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server.impl;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.server.KdcContext;
-import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
-import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbMessage;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbMessageType;
-import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
-import org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport;
-import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
-import org.apache.kerby.transport.tcp.TcpTransport;
-
-import java.net.InetAddress;
-import java.nio.ByteBuffer;
-
-/**
- * KDC handler to process client requests. Currently only one realm is supported.
- */
-public class KdcHandler implements Runnable {
- private final KrbTransport transport;
- private final KdcContext kdcContext;
-
- public KdcHandler(KdcContext kdcContext, KrbTransport transport) {
- this.kdcContext = kdcContext;
- this.transport = transport;
- }
-
- @Override
- public void run() {
- while (true) {
- try {
- ByteBuffer message = transport.receiveMessage();
- if (message == null) {
- System.out.println("No valid request recved. Disconnect actively");
- transport.release();
- break;
- }
- handleMessage(message);
- } catch (Exception e) {
- System.out.println("Transport or decoding error occurred" + e.getMessage());
- }
- }
- }
-
- protected void handleMessage(ByteBuffer message) throws Exception {
- KrbMessage krbRequest = KrbUtil.decodeMessage(message);
- KdcRequest kdcRequest = null;
-
- KrbMessageType messageType = krbRequest.getMsgType();
- if (messageType == KrbMessageType.TGS_REQ || messageType
- == KrbMessageType.AS_REQ) {
- KdcReq kdcReq = (KdcReq) krbRequest;
- String realm = getRequestRealm(kdcReq);
- if (realm == null || ! kdcContext.getKdcRealm().equals(realm)) {
- throw new KrbException("Invalid realm from kdc request: " + realm);
- }
-
- if (messageType == KrbMessageType.TGS_REQ) {
- kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
- } else if (messageType == KrbMessageType.AS_REQ) {
- kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
- }
- }
-
- InetAddress clientAddress = transport.getRemoteAddress();
- kdcRequest.setClientAddress(clientAddress);
- boolean isTcp = (transport instanceof KrbTcpTransport);
- kdcRequest.isTcp(isTcp);
-
- try {
- kdcRequest.process();
-
- KrbMessage krbResponse = kdcRequest.getReply();
- KrbUtil.sendMessage(krbResponse, transport);
- } catch (Exception e) {
- //TODO: log the error
- System.out.println("Error occured while processing request:"
- + e.getMessage());
- }
- }
-
- private String getRequestRealm(KdcReq kdcReq) {
- String realm = kdcReq.getReqBody().getRealm();
- if (realm == null && kdcReq.getReqBody().getCname() != null) {
- realm = kdcReq.getReqBody().getCname().getRealm();
- }
-
- return realm;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/event/EventKdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/event/EventKdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/event/EventKdcHandler.java
index 94f24e5..cccdb27 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/event/EventKdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/event/EventKdcHandler.java
@@ -19,17 +19,8 @@
*/
package org.apache.kerby.kerberos.kerb.server.impl.event;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.server.KdcHandler;
import org.apache.kerby.kerberos.kerb.server.KdcContext;
-import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
-import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbMessage;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbMessageType;
-import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
import org.apache.kerby.transport.MessageHandler;
import org.apache.kerby.transport.Transport;
import org.apache.kerby.transport.event.MessageEvent;
@@ -43,10 +34,10 @@ import java.nio.ByteBuffer;
*/
public class EventKdcHandler extends MessageHandler {
- private final KdcContext kdcContext;
+ private final KdcHandler myKdcHandler;
public EventKdcHandler(KdcContext kdcContext) {
- this.kdcContext = kdcContext;
+ this.myKdcHandler = new KdcHandler(kdcContext);
}
@Override
@@ -54,48 +45,17 @@ public class EventKdcHandler extends MessageHandler {
ByteBuffer message = event.getMessage();
Transport transport = event.getTransport();
- KrbMessage krbRequest = KrbUtil.decodeMessageOld(message);
- KdcRequest kdcRequest = null;
-
- KrbMessageType messageType = krbRequest.getMsgType();
- if (messageType == KrbMessageType.TGS_REQ || messageType
- == KrbMessageType.AS_REQ) {
- KdcReq kdcReq = (KdcReq) krbRequest;
- String realm = getRequestRealm(kdcReq);
- if (realm == null || ! kdcContext.getKdcRealm().equals(realm)) {
- throw new KrbException("Invalid realm from kdc request: " + realm);
- }
-
- if (messageType == KrbMessageType.TGS_REQ) {
- kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
- } else if (messageType == KrbMessageType.AS_REQ) {
- kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
- }
- }
-
InetSocketAddress clientAddress = transport.getRemoteAddress();
- kdcRequest.setClientAddress(clientAddress.getAddress());
boolean isTcp = (transport instanceof TcpTransport);
- kdcRequest.isTcp(isTcp);
try {
- kdcRequest.process();
-
- KrbMessage krbResponse = kdcRequest.getReply();
- KrbUtil.sendMessageOld(krbResponse, transport);
+ ByteBuffer krbResponse = myKdcHandler.handleMessage(message, isTcp,
+ clientAddress.getAddress());
+ transport.sendMessage(krbResponse);
} catch (Exception e) {
//TODO: log the error
System.out.println("Error occured while processing request:"
+ e.getMessage());
}
}
-
- private String getRequestRealm(KdcReq kdcReq) {
- String realm = kdcReq.getReqBody().getRealm();
- if (realm == null && kdcReq.getReqBody().getCname() != null) {
- realm = kdcReq.getReqBody().getCname().getRealm();
- }
-
- return realm;
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0633ad96/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 99b742a..3d49af3 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -60,7 +60,7 @@ public abstract class KdcRequest {
private KdcReq kdcReq;
private KdcRep reply;
private InetAddress clientAddress;
- private boolean isTcp;
+ private boolean isTcp = true;
private EncryptionType encryptionType;
private EncryptionKey clientKey;
private KrbIdentity clientEntry;