You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/06/07 02:23:15 UTC
[29/29] directory-kerby git commit: Merge remote-tracking branch
'asf/trunk' into kadmin-remote
Merge remote-tracking branch 'asf/trunk' into kadmin-remote
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/66790030
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/66790030
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/66790030
Branch: refs/heads/kadmin-remote
Commit: 66790030a91767dc0090e4e12c99fcb7707c8984
Parents: 2cb5c16 9d0f9d2
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jun 7 10:28:02 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jun 7 10:28:02 2016 +0800
----------------------------------------------------------------------
.gitignore | 1 -
NOTICE | 6 +
benchmark/pom.xml | 6 +-
kerby-backend/json-backend/pom.xml | 6 +
.../identitybackend/JsonIdentityBackend.java | 1 +
kerby-backend/ldap-backend/pom.xml | 6 +
kerby-backend/mavibot-backend/pom.xml | 7 +
.../kerberos/kdc/identitybackend/ZKConfKey.java | 6 +-
.../ZookeeperIdentityBackend.java | 36 +-
.../identity/backend/ZookeeperBackendTest.java | 26 +-
.../org/apache/kerby/asn1/Asn1FieldInfo.java | 12 +-
.../kerby/asn1/type/AbstractAsn1Type.java | 4 +
.../kerby/asn1/type/Asn1CollectionType.java | 53 ++-
.../apache/kerby/asn1/type/Asn1Constructed.java | 5 +
.../apache/kerby/asn1/type/Asn1Encodeable.java | 12 +-
.../org/apache/kerby/asn1/type/Asn1Simple.java | 1 +
kerby-common/kerby-config/pom.xml | 3 +-
kerby-dist/kdc-dist/conf/backend.conf | 6 +-
kerby-dist/tool-dist/bin/kinitConcurrent.cmd | 33 ++
kerby-dist/tool-dist/bin/kinitConcurrent.sh | 33 ++
kerby-dist/tool-dist/conf/krb5.conf | 5 +
.../kerby/kerberos/kdc/JsonBackendKdcTest.java | 2 +-
.../kerby/kerberos/kdc/LdapBackendKdcTest.java | 2 +-
.../kerby/kerberos/kdc/MultiKdcsTest.java | 50 +++
.../kerberos/kdc/ZookeeperBackendKdcTest.java | 31 +-
kerby-kdc-test/src/test/resources/kdc.conf | 29 ++
.../src/test/resources/krb5-multikdc.conf | 29 ++
.../kerberos/kdc/impl/NettyKdcHandler.java | 14 +
.../kerberos/kdc/impl/NettyKdcNetwork.java | 14 +-
.../kerberos/kdc/impl/NettyKdcServerImpl.java | 14 +-
.../kdc/impl/NettyKdcUdpServerHandler.java | 14 +
kerby-kerb/integration-test/pom.xml | 6 +
.../kerb/integration/test/SaslAppTest.java | 5 +-
.../kerb/admin/kadmin/KadminOption.java | 1 +
.../kerb/admin/kadmin/local/LocalKadmin.java | 2 +
.../admin/kadmin/local/LocalKadminImpl.java | 8 +
kerby-kerb/kerb-client-api-all/pom.xml | 3 +-
kerby-kerb/kerb-client/pom.xml | 6 +
.../kerby/kerberos/kerb/client/ClientUtil.java | 108 +++++-
.../kerby/kerberos/kerb/client/KrbConfig.java | 32 ++
.../kerby/kerberos/kerb/client/KrbHandler.java | 12 +-
.../client/impl/DefaultInternalKrbClient.java | 55 +++-
.../kerb/client/impl/DefaultKrbHandler.java | 4 +-
.../client/preauth/pkinit/PkinitPreauth.java | 29 +-
.../kerberos/kerb/client/KrbConfigLoadTest.java | 4 +-
.../kerby/kerberos/kerb/common/Krb5Conf.java | 14 +-
.../kerby/kerberos/kerb/common/Krb5Parser.java | 35 +-
.../kerby/kerberos/kerb/request/ApRequest.java | 130 ++++++++
.../kerberos/kerb/response/ApResponse.java | 80 +++++
.../kerberos/kerb/transport/KdcNetwork.java | 6 +
.../kerberos/kerb/transport/KrbNetwork.java | 18 +-
.../kerby/kerberos/kerb/Krb5ParserTest.java | 10 +-
.../kerby/kerberos/kerb/KrbErrorCode.java | 4 +-
.../kerby/kerberos/kerb/KrbException.java | 8 +
.../kerberos/kerb/type/EncKrbPrivPart.java | 122 +++++++
.../kerby/kerberos/kerb/type/KrbPriv.java | 94 ++++++
.../kerby/kerberos/kerb/type/ad/ADAndOr.java | 78 +++++
.../kerb/type/ad/ADAuthenticationIndicator.java | 82 +++++
.../kerby/kerberos/kerb/type/ad/ADCamMac.java | 187 +++++++++++
.../kerb/type/ad/ADEnctypeNegotiation.java | 83 +++++
.../type/ad/ADIntendedForApplicationClass.java | 179 ++++++++++
.../kerb/type/ad/ADIntendedForServer.java | 162 +++++++++
.../kerberos/kerb/type/ad/ADKdcIssued.java | 169 ++++++++++
.../kerby/kerberos/kerb/type/ad/AndOr.java | 87 +++++
.../kerb/type/ad/AuthorizationData.java | 10 +
.../kerb/type/ad/AuthorizationDataEntry.java | 49 ++-
.../kerb/type/ad/AuthorizationDataWrapper.java | 118 +++++++
.../kerb/type/ad/AuthorizationType.java | 217 +++++++++++-
.../kerb/type/ad/CamMacOtherVerifiers.java | 30 ++
.../kerb/type/ad/CamMacVerifierChoice.java | 67 ++++
.../kerb/type/ad/CamMacVerifierMac.java | 107 ++++++
.../kerberos/kerb/type/ad/PrincipalList.java | 31 ++
.../kerby/kerberos/kerb/type/base/KeyUsage.java | 3 +-
.../kerby/kerberos/kerb/type/base/KrbError.java | 18 +-
.../kerby/kerberos/kerb/codec/ADTest.java | 143 ++++++++
.../codec/PkinitAnonymousAsRepCodecTest.java | 2 +-
.../codec/PkinitAnonymousAsReqCodecTest.java | 22 +-
.../kerb/identity/CacheableIdentityService.java | 13 +
.../kerberos/kerb/identity/IdentityService.java | 12 +
.../backend/AbstractIdentityBackend.java | 34 ++
.../src/main/resources/log4j.properties | 23 --
kerby-kerb/kerb-kdc-test/pom.xml | 14 +-
.../kerberos/kerb/server/ApRequestTest.java | 75 +++++
.../kerby/kerberos/kerb/server/KdcTestBase.java | 21 +-
.../RepeatLoginWithDefaultKdcNetworkTest.java | 34 ++
.../RepeatLoginWithNettyKdcNetworkTest.java | 43 +++
.../kerberos/kerb/server/TestKdcServer.java | 13 +-
kerby-kerb/kerb-server-api-all/pom.xml | 3 +-
kerby-kerb/kerb-server/pom.xml | 6 +
.../kerby/kerberos/kerb/server/KdcHandler.java | 30 +-
.../impl/DefaultInternalKdcServerImpl.java | 19 +-
.../kerb/server/preauth/PreauthHandler.java | 16 +-
.../kerb/server/preauth/token/TokenPreauth.java | 4 +-
.../kerberos/kerb/server/request/AsRequest.java | 4 +
.../kerb/server/request/KdcRequest.java | 67 ++--
.../kerb/server/request/TgsRequest.java | 8 +-
.../kerb/server/request/TicketIssuer.java | 13 +
.../kerby/kerberos/kerb/client/Krb5Conf.java | 2 +-
.../kerberos/kerb/server/SimpleKdcServer.java | 13 +-
.../src/main/resources/krb5-template.conf | 29 ++
.../kerb-simplekdc/src/main/resources/krb5.conf | 29 --
.../src/main/resources/krb5_udp-template.conf | 29 ++
.../src/main/resources/krb5_udp.conf | 29 --
kerby-pkix/pom.xml | 6 +
.../tool/kinit/KinitToolWithConcurrence.java | 329 +++++++++++++++++++
.../kerby/kerberos/tool/kadmin/KadminTool.java | 6 +
.../kadmin/command/AddPrincipalsCommand.java | 112 +++++++
pom.xml | 12 +-
108 files changed, 3845 insertions(+), 310 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
index b84ee7c,0000000..f6caa87
mode 100644,000000..100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
@@@ -1,75 -1,0 +1,76 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+public enum KadminOption implements KOption {
+ NONE(null),
+ EXPIRE(new KOptionInfo("-expire", "expire time", KOptionType.DATE)),
+ DISABLED(new KOptionInfo("-disabled", "disabled", KOptionType.BOOL)),
+ LOCKED(new KOptionInfo("-locked", "locked", KOptionType.BOOL)),
+ FORCE(new KOptionInfo("-force", "force", KOptionType.NOV)),
+ KVNO(new KOptionInfo("-kvno", "initial key version number", KOptionType.INT)),
++ SIZE(new KOptionInfo("-size", "principal's numbers", KOptionType.STR)),
+ PW(new KOptionInfo("-pw", "password", KOptionType.STR)),
+ RANDKEY(new KOptionInfo("-randkey", "random key", KOptionType.NOV)),
+ KEEPOLD(new KOptionInfo("-keepold", "keep old passowrd", KOptionType.NOV)),
+ KEYSALTLIST(new KOptionInfo("-e", "key saltlist", KOptionType.STR)),
+ K(new KOptionInfo("-k", "keytab file path", KOptionType.STR)),
+ KEYTAB(new KOptionInfo("-keytab", "keytab file path", KOptionType.STR)),
+ CCACHE(new KOptionInfo("-c", "credentials cache", KOptionType.FILE));
+
+ private final KOptionInfo optionInfo;
+
+ KadminOption(KOptionInfo optionInfo) {
+ this.optionInfo = optionInfo;
+ }
+
+ @Override
+ public KOptionInfo getOptionInfo() {
+ return optionInfo;
+ }
+
+ public static KadminOption fromName(String name) {
+ if (name != null) {
+ for (KadminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(name)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+
+ public static KadminOption fromOptionName(String optionName) {
+ if (optionName != null) {
+ for (KadminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(optionName)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
index c3d0afa,0000000..5fd2d0d
mode 100644,000000..100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
@@@ -1,86 -1,0 +1,88 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+
+/**
+ * Server side admin facilities for local, similar to MIT kadmin local mode. It
+ * may be not accurate regarding 'local' because, if the identity backend itself
+ * is supported to be accessed from remote, it won't have to be remote; but if
+ * not, then it must be local to the KDC admin bounded with the local backend.
+ *
+ * Note, suitable with Kerby AdminServerImpl based KDCs like Kerby KDC.
+ */
+public interface LocalKadmin extends Kadmin {
+
+ /**
+ * Check the built-in principals, will throw KrbException if not exist.
+ * @throws KrbException e
+ */
+ void checkBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Create build-in principals.
+ * @throws KrbException e
+ */
+ void createBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Delete build-in principals.
+ * @throws KrbException e
+ */
+ void deleteBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Get kdc config.
+ *
+ * @return The kdc config.
+ */
+ KdcConfig getKdcConfig();
+
+ /**
+ * Get backend config.
+ *
+ * @return The backend config.
+ */
+ BackendConfig getBackendConfig();
+
+ /**
+ * Get identity backend.
+ *
+ * @return IdentityBackend
+ */
+ IdentityBackend getIdentityBackend();
+
+ /**
+ * Get the identity from backend.
+ *
+ * @param principalName The principal name
+ * @return identity
+ * @throws KrbException e
+ */
+ KrbIdentity getPrincipal(String principalName) throws KrbException;
++
++ int size() throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
index 657ad6d,0000000..84c7d36
mode 100644,000000..100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
@@@ -1,401 -1,0 +1,409 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.server.ServerSetting;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * The implementation of admin side admin facilities for local mode.
+ */
+public class LocalKadminImpl implements LocalKadmin {
+ private static final Logger LOG = LoggerFactory.getLogger(LocalKadminImpl.class);
+
+ private final ServerSetting serverSetting;
+ private final IdentityBackend backend;
+
+ /**
+ * Construct with prepared AdminServerConfig and BackendConfig.
+ *
+ * @param kdcConfig The kdc config
+ * @param backendConfig The backend config
+ * @throws KrbException e
+ */
+ public LocalKadminImpl(KdcConfig kdcConfig,
+ BackendConfig backendConfig) throws KrbException {
+ this.backend = KdcUtil.getBackend(backendConfig);
+ this.serverSetting = new KdcSetting(kdcConfig, backendConfig);
+ }
+
+ //
+ public LocalKadminImpl(ServerSetting serverSetting) throws KrbException {
+ this.backend = KdcUtil.getBackend(serverSetting.getBackendConfig());
+ this.serverSetting = serverSetting;
+ }
+
+ /**
+ * Construct with prepared conf dir.
+ *
+ * @param confDir The path of conf dir
+ * @throws KrbException e
+ */
+ public LocalKadminImpl(File confDir) throws KrbException {
+ KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+ if (tmpKdcConfig == null) {
+ tmpKdcConfig = new KdcConfig();
+ }
+
+ BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+ if (tmpBackendConfig == null) {
+ tmpBackendConfig = new BackendConfig();
+ }
+
+ this.serverSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
+
+ backend = KdcUtil.getBackend(tmpBackendConfig);
+ }
+
+ /**
+ * Construct with prepared AdminServerSetting and Backend.
+ *
+ * @param kdcSetting The kdc setting
+ * @param backend The identity backend
+ */
+ public LocalKadminImpl(KdcSetting kdcSetting, IdentityBackend backend) {
+ this.serverSetting = kdcSetting;
+ this.backend = backend;
+ }
+
+ /**
+ * Get the tgs principal name.
+ */
+ private String getTgsPrincipal() {
+ return KrbUtil.makeTgsPrincipal(serverSetting.getKdcRealm()).getName();
+ }
+
+ // TODO: 2016/3/14 check whether it is possible to return getAdminServerRealm
+ @Override
+ public String getKadminPrincipal() {
+ return KrbUtil.makeKadminPrincipal(serverSetting.getKdcRealm()).getName();
+ }
+
+ @Override
+ public void checkBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null
+ || backend.getIdentity(kadminPrincipal) == null) {
+ String errorMsg = "The built-in principals do not exist in backend,"
+ + " please run the kdcinit tool.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+ }
+
+ @Override
+ public void createBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null) {
+ addPrincipal(tgsPrincipal);
+ } else {
+ String errorMsg = "The tgs principal already exists in backend.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(kadminPrincipal) == null) {
+ addPrincipal(kadminPrincipal);
+ } else {
+ String errorMsg = "The kadmin principal already exists in backend.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+ }
+
+ @Override
+ public void deleteBuiltinPrincipals() throws KrbException {
+ deletePrincipal(getTgsPrincipal());
+ deletePrincipal(getKadminPrincipal());
+ }
+
+ @Override
+ public KdcConfig getKdcConfig() {
+ return serverSetting.getKdcConfig();
+ }
+
+ @Override
+ public BackendConfig getBackendConfig() {
+ return serverSetting.getBackendConfig();
+ }
+
+ @Override
+ public IdentityBackend getIdentityBackend() {
+ return backend;
+ }
+
+ @Override
+ public void addPrincipal(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ addPrincipal(principal, new KOptions());
+ }
+
+ @Override
+ public void addPrincipal(String principal, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.addIdentity(identity);
+ System.out.println("add backend success"); //delete
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ addPrincipal(principal, password, new KOptions());
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ List<String> principals = new ArrayList<>(1);
+ principals.add(principal);
+ exportKeytab(keytabFile, principals);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile, List<String> principals)
+ throws KrbException {
+ //Get Identity
+ List<KrbIdentity> identities = new LinkedList<>();
+ for (String principal : principals) {
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Can not find the identity for pincipal "
+ + principal);
+ }
+ identities.add(identity);
+ }
+
+ AdminHelper.exportKeytab(keytabFile, identities);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile) throws KrbException {
+ Keytab keytab = AdminHelper.createOrLoadKeytab(keytabFile);
+
+ Iterable<String> principals = backend.getIdentities();
+ for (String principal : principals) {
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity != null) {
+ AdminHelper.exportToKeytab(keytab, identity);
+ }
+ }
+
+ AdminHelper.storeKeytab(keytab, keytabFile);
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeKeytabEntriesOf(keytabFile, principal);
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeKeytabEntriesOf(keytabFile, principal, kvno);
+ }
+
+ @Override
+ public void removeOldKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeOldKeytabEntriesOf(keytabFile, principal);
+ }
+
+ @Override
+ public void deletePrincipal(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ backend.deleteIdentity(principal);
+ }
+
+ @Override
+ public void modifyPrincipal(String principal, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal \""
+ + principal + "\" does not exist.");
+ }
+ AdminHelper.updateIdentity(identity, kOptions);
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
+ throws KrbException {
+ oldPrincipalName = fixPrincipal(oldPrincipalName);
+ newPrincipalName = fixPrincipal(newPrincipalName);
+ KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
+ if (oldIdentity != null) {
+ throw new KrbException("Principal \""
+ + oldIdentity.getPrincipalName() + "\" is already exist.");
+ }
+ KrbIdentity identity = backend.getIdentity(oldPrincipalName);
+ if (identity == null) {
+ throw new KrbException("Principal \""
+ + oldPrincipalName + "\" does not exist.");
+ }
+ backend.deleteIdentity(oldPrincipalName);
+
+ identity.setPrincipalName(newPrincipalName);
+ identity.setPrincipal(new PrincipalName(newPrincipalName));
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public KrbIdentity getPrincipal(String principalName) throws KrbException {
+ KrbIdentity identity = backend.getIdentity(principalName);
+ return identity;
+ }
+
+ @Override
+ public List<String> getPrincipals() throws KrbException {
+ Iterable<String> principalNames = backend.getIdentities();
+ List<String> principalList = new LinkedList<>();
+ Iterator<String> iterator = principalNames.iterator();
+ while (iterator.hasNext()) {
+ principalList.add(iterator.next());
+ }
+ return principalList;
+ }
+
+ @Override
+ public List<String> getPrincipals(String globString) throws KrbException {
+ Pattern pt = AdminHelper.getPatternFromGlobPatternString(globString);
+ if (pt == null) {
+ return getPrincipals();
+ }
+
+ Boolean containsAt = pt.pattern().indexOf('@') != -1;
+ List<String> result = new LinkedList<>();
+
+ List<String> principalNames = getPrincipals();
+ for (String principal: principalNames) {
+ String toMatch = containsAt ? principal : principal.split("@")[0];
+ Matcher m = pt.matcher(toMatch);
+ if (m.matches()) {
+ result.add(principal);
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public void changePassword(String principal,
+ String newPassword) throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal " + principal
+ + "was not found. Please check the input and try again");
+ }
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void updateKeys(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal " + principal
+ + "was not found. Please check the input and try again");
+ }
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void release() throws KrbException {
+ if (backend != null) {
+ backend.stop();
+ }
+ }
+
+ /**
++ * get size of principal
++ */
++ @Override
++ public int size() throws KrbException {
++ return this.getPrincipals().size();
++ }
++
++ /**
+ * Fix principal name, making it complete.
+ *
+ * @param principal The principal name
+ */
+ private String fixPrincipal(String principal) {
+ if (!principal.contains("@")) {
+ principal += "@" + serverSetting.getKdcRealm();
+ }
+ return principal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 2d1f175,c342d8b..4de8e7f
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@@ -20,10 -20,11 +20,11 @@@
package org.apache.kerby.kerberos.kerb.server;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
+ import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.util.NetworkUtil;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------