You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/07/30 08:24:44 UTC
[37/50] [abbrv] directory-kerby git commit: DIRKRB-278 Add kdcinit
tool.
DIRKRB-278 Add kdcinit tool.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/516cee18
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/516cee18
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/516cee18
Branch: refs/heads/pkinit-support
Commit: 516cee189bb5ae80bf29bd7343b1e0a5e545672a
Parents: 1648cdf
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jul 21 20:17:53 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jul 21 20:17:53 2015 +0800
----------------------------------------------------------------------
kerby-dist/kdc-dist/bin/kdcinit.cmd | 4 +
kerby-dist/kdc-dist/bin/kdcinit.sh | 6 ++
kerby-dist/kdc-dist/conf/backend.conf | 2 +-
.../kerby/kerberos/kdc/KerbyKdcServer.java | 9 ++-
.../kerby/kerberos/kerb/admin/Kadmin.java | 14 +++-
.../kerberos/tool/kdcinit/KdcInitTool.java | 83 ++++++++++++++++++++
6 files changed, 114 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/516cee18/kerby-dist/kdc-dist/bin/kdcinit.cmd
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/kdcinit.cmd b/kerby-dist/kdc-dist/bin/kdcinit.cmd
new file mode 100644
index 0000000..125af23
--- /dev/null
+++ b/kerby-dist/kdc-dist/bin/kdcinit.cmd
@@ -0,0 +1,4 @@
+java -Xdebug -Xrunjdwp:transport=dt_socket,address=8005,server=y,suspend=n -classpath ^
+lib/*:. ^
+-DKERBY_LOGFILE=kdcinit ^
+org.apache.kerby.kerberos.tool.kdcinit.KdcInitTool $@
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/516cee18/kerby-dist/kdc-dist/bin/kdcinit.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/kdcinit.sh b/kerby-dist/kdc-dist/bin/kdcinit.sh
new file mode 100644
index 0000000..a7d9b5b
--- /dev/null
+++ b/kerby-dist/kdc-dist/bin/kdcinit.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+java -Xdebug -Xrunjdwp:transport=dt_socket,address=8005,server=y,suspend=n -classpath \
+lib/*:. \
+-DKERBY_LOGFILE=kdcinit \
+org.apache.kerby.kerberos.tool.kdcinit.KdcInitTool $@
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/516cee18/kerby-dist/kdc-dist/conf/backend.conf
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/conf/backend.conf b/kerby-dist/kdc-dist/conf/backend.conf
index 5991f48..287ded5 100644
--- a/kerby-dist/kdc-dist/conf/backend.conf
+++ b/kerby-dist/kdc-dist/conf/backend.conf
@@ -16,7 +16,7 @@
# limitations under the License.
#
-kdc_identity_backend = org.apache.kerby.kerberos.kdc.identitybackend.ZookeeperIdentityBackend
+kdc_identity_backend = org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend
backend.json.dir = /home/kerby/jsonbackend
data_dir = /home/kerby/zookeeper/data
data_log_dir = /home/kerby/zookeeper/datalog
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/516cee18/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index 9b9f922..5edbdf9 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -42,7 +42,7 @@ public class KerbyKdcServer extends KdcServer {
kadmin = new Kadmin(getKdcSetting(), getIdentityService());
- kadmin.createBuiltinPrincipals();
+ kadmin.checkBuiltinPrincipals();
}
private static final String USAGE = "Usage: "
@@ -71,7 +71,12 @@ public class KerbyKdcServer extends KdcServer {
KerbyKdcServer server = new KerbyKdcServer(confDir);
server.setWorkDir(workDir);
- server.init();
+ try {
+ server.init();
+ } catch (KrbException e) {
+ System.err.println("Errors occurred when start kdc server: " + e.getMessage());
+ return;
+ }
server.start();
System.out.println("KDC started.");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/516cee18/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index 12a4ea8..eeafdc4 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -76,19 +76,31 @@ public class Kadmin {
return KrbUtil.makeTgsPrincipal(kdcSetting.getKdcRealm()).getName();
}
- private String getKadminPrincipal() {
+ public String getKadminPrincipal() {
return KrbUtil.makeKadminPrincipal(kdcSetting.getKdcRealm()).getName();
}
+ public void checkBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null || backend.getIdentity(kadminPrincipal) == null ) {
+ throw new KrbException("The builtin principals do not exist in backend, please run the kdcinit tool.");
+ }
+ }
+
public void createBuiltinPrincipals() throws KrbException {
String tgsPrincipal = getTgsPrincipal();
if (backend.getIdentity(tgsPrincipal) == null) {
addPrincipal(tgsPrincipal);
+ } else {
+ throw new KrbException("The tgs principal already exists in backend.");
}
String kadminPrincipal = getKadminPrincipal();
if (backend.getIdentity(kadminPrincipal) == null) {
addPrincipal(kadminPrincipal);
+ } else {
+ throw new KrbException("The kadmin principal already exists in backend.");
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/516cee18/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
new file mode 100644
index 0000000..06b3830
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kdcinit;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+
+import java.io.File;
+
+public class KdcInitTool {
+ private Kadmin kadmin;
+ private static File keytabFile;
+
+ private static final String USAGE = "Usage: " +
+ KdcInitTool.class.getSimpleName() +
+ " conf-dir keytab";
+
+ private void init(File confDir) throws KrbException {
+ kadmin = new Kadmin(confDir);
+ kadmin.createBuiltinPrincipals();
+ kadmin.exportKeytab(keytabFile, kadmin.getKadminPrincipal());
+ System.out.println("The kadmin principal " + kadmin.getKadminPrincipal() +
+ " has exported into keytab file " + keytabFile.getAbsolutePath() +
+ ", please make sure to keep it, because it will be used by kadmin tool" +
+ " for the authentication.");
+ }
+
+ public static void main(String[] args) throws KrbException {
+ if (args.length != 2) {
+ System.err.println(USAGE);
+ System.exit(1);
+ }
+
+ String confDirPath = args[0];
+ String keyTabPath = args[1];
+ File confDir = new File(confDirPath);
+ keytabFile = new File(keyTabPath);
+ if (!confDir.exists()) {
+ System.err.println("Invalid or not exist conf-dir.");
+ System.exit(2);
+ }
+ File keytabFilePath = keytabFile.getParentFile();
+ if (keytabFilePath != null && !keytabFilePath.exists() && !keytabFilePath.mkdirs()) {
+ System.err.println("Could not create keytab path." + keytabFilePath);
+ System.exit(3);
+ }
+
+ if (keytabFile.exists()) {
+ System.err.println("There is one kadmin keytab exists in " + keyTabPath +
+ ", this tool maybe have been executed, if not," +
+ " please delete it or change the keytab-dir.");
+ return;
+ }
+
+ KdcInitTool kdcInitTool = new KdcInitTool();
+
+ try {
+ kdcInitTool.init(confDir);
+ } catch (KrbException e) {
+ System.err.println("Errors occurred when init the kdc " + e.getMessage());
+ return;
+ }
+
+ System.out.println("Finish kdc init.");
+ }
+}