You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2020/12/08 02:20:08 UTC
[directory-kerby] branch trunk updated: DIRKRB-752: HAS server need
to check the content of admin.keytab when init (#55)
This is an automated email from the ASF dual-hosted git repository.
plusplusjiajia pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/directory-kerby.git
The following commit(s) were added to refs/heads/trunk by this push:
new 42c6476 DIRKRB-752: HAS server need to check the content of admin.keytab when init (#55)
42c6476 is described below
commit 42c6476362bc394482a6997b87f16d65e0b9b6cf
Author: Joey <jo...@alibaba-inc.com>
AuthorDate: Tue Dec 8 10:19:51 2020 +0800
DIRKRB-752: HAS server need to check the content of admin.keytab when init (#55)
---
.../org/apache/kerby/has/server/HasServer.java | 33 ++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
index 282cc9f..bc4eaf7 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
@@ -35,8 +35,10 @@ import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbSetting;
import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.server.KdcServer;
import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.util.IOUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -176,10 +178,37 @@ public class HasServer {
}
LocalKadmin kadmin = new LocalKadminImpl(kdcServer.getKdcSetting(),
kdcServer.getIdentityService());
+ String kadminPrincipalName = kadmin.getKadminPrincipal();
if (adminKeytabFile.exists()) {
- throw new KrbException("KDC Server is already inited.");
+ try {
+ Keytab keytab = Keytab.loadKeytab(adminKeytabFile);
+ boolean deleteFlag = false;
+ if (!keytab.getPrincipals().isEmpty()) {
+ for (PrincipalName principal: keytab.getPrincipals()) {
+ if (!principal.getName().equals(kadminPrincipalName)) {
+ deleteFlag = true;
+ break;
+ }
+ }
+ } else {
+ deleteFlag = true;
+ }
+ if (deleteFlag) {
+ if (!adminKeytabFile.delete()) {
+ throw new KrbException("Failed to delete wrong admin keytab file.");
+ } else {
+ System.out.println("The old admin.keytab is wrong and will be regenerated.");
+ }
+ } else {
+ return adminKeytabFile;
+ }
+ } catch (IOException e) {
+ throw new KrbException("Failed to load existing admin keytab file.");
+ }
+ }
+ if (kadmin.getPrincipal(kadminPrincipalName) == null) {
+ kadmin.createBuiltinPrincipals();
}
- kadmin.createBuiltinPrincipals();
kadmin.exportKeytab(adminKeytabFile, kadmin.getKadminPrincipal());
System.out.println("The keytab for kadmin principal "
+ "has been exported to the specified file "