You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2018/02/12 11:40:09 UTC
[1/2] directory-kerby git commit: Fix for SGT clientPrincipal that is
currently not populated. This fix should be moved at a lower layer but this
is a quick fix that works (tested with USE_TGT case) REF DIRKRB-692
https://issues.apache.org/jira/projects/
Repository: directory-kerby
Updated Branches:
refs/heads/trunk f90dc5aca -> 26748ae43
Fix for SGT clientPrincipal that is currently not populated. This fix should be moved at a lower layer but this is a quick fix that works (tested with USE_TGT case) REF DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Fix for storeTicket method, it does not support correctly the one SGT only case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Improves previous fix for requestSGT method, small bug fix, typos and improved comment case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Improves previous fix for storeTicket method, fixed behaviour of no-fresh-new case and improved comments + better formatting case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Improves previous fix for requestsgt method, null clientPrincipal is not saved in sgt, this will preseve values coming from lower layers
case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
requestsgt method, better formatting
case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted trailing spaces and variable "isFreshNew" name refactoring case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted trailing spaces (for real) added blank lines around few if/else blocks case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted (missed) trailing spaces. case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted (other missed) trailing spaces. case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7cae2a48
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7cae2a48
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7cae2a48
Branch: refs/heads/trunk
Commit: 7cae2a48c807dd31a87725b1c30d3858c6797ec0
Parents: f90dc5a
Author: Fabiano <ft...@gmail.com>
Authored: Wed Feb 7 11:03:15 2018 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 12 11:23:28 2018 +0000
----------------------------------------------------------------------
.../kerberos/kerb/client/KrbClientBase.java | 21 +++++++++++++++-----
.../client/impl/AbstractInternalKrbClient.java | 20 +++++++++++++++++--
2 files changed, 34 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7cae2a48/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
index 602024a..995df5c 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
@@ -271,15 +271,25 @@ public class KrbClientBase {
*/
public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException {
LOG.info("Storing the sgt to the credential cache file.");
- if (!ccacheFile.exists()) {
+ boolean createCache = !ccacheFile.exists() || (ccacheFile.length() == 0);
+
+ if (createCache) {
createCacheFile(ccacheFile);
}
+
if (ccacheFile.exists() && ccacheFile.canWrite()) {
- CredentialCache cCache = new CredentialCache();
try {
- cCache.load(ccacheFile);
- cCache.addCredential(new Credential(sgtTicket, sgtTicket.getClientPrincipal()));
- cCache.setPrimaryPrincipal(sgtTicket.getClientPrincipal());
+ CredentialCache cCache;
+
+ if (!createCache) {
+ cCache = new CredentialCache();
+ cCache.load(ccacheFile);
+ cCache.addCredential(new Credential(sgtTicket, sgtTicket.getClientPrincipal()));
+ } else {
+ //Remind: contructor sets the cCache client principal from the sgtTicket one
+ cCache = new CredentialCache(sgtTicket);
+ }
+
cCache.store(ccacheFile);
} catch (IOException e) {
throw new KrbException("Failed to store sgt", e);
@@ -288,6 +298,7 @@ public class KrbClientBase {
throw new IllegalArgumentException("Invalid ccache file, "
+ "not exist or writable: " + ccacheFile.getAbsolutePath());
}
+
}
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7cae2a48/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 8c8d6ed..c1f0732 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -152,14 +152,16 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
String serverPrincipalString = fixPrincipal(requestOptions.
getStringOption(KrbOption.SERVER_PRINCIPAL));
PrincipalName serverPrincipalName = new PrincipalName(serverPrincipalString);
+ PrincipalName clientPrincipalName = null;
if (tgtTicket != null) {
String sourceRealm = tgtTicket.getRealm();
String destRealm = serverPrincipalName.getRealm();
+ clientPrincipalName = tgtTicket.getClientPrincipal();
+
if (!sourceRealm.equals(destRealm)) {
KrbConfig krbConfig = krbSetting.getKrbConfig();
LinkedList<String> capath = krbConfig.getCapath(sourceRealm, destRealm);
- PrincipalName clientPrincipalName = tgtTicket.getClientPrincipal();
for (int i = 0; i < capath.size() - 1; i++) {
PrincipalName tgsPrincipalName = KrbUtil.makeTgsPrincipal(
capath.get(i), capath.get(i + 1));
@@ -170,11 +172,25 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
tgsRequest = new TgsRequestWithTgt(context, sgtTicket);
}
}
+
+ } else {
+ //This code is for the no-tgt case but works only with CLIENT_PRINCIPAL option
+ //Should be expanded later to encompass more use-cases
+ String clientPrincipalString = (String) requestOptions.getOptionValue(KrbOption.CLIENT_PRINCIPAL);
+ if (clientPrincipalString != null) {
+ clientPrincipalName = new PrincipalName(clientPrincipalString);
+ }
}
tgsRequest.setServerPrincipal(serverPrincipalName);
tgsRequest.setRequestOptions(requestOptions);
- return doRequestSgt(tgsRequest);
+ SgtTicket sgtTicket = doRequestSgt(tgsRequest);
+
+ if (clientPrincipalName!=null) {
+ sgtTicket.setClientPrincipal(clientPrincipalName);
+ }
+
+ return sgtTicket;
}
protected abstract TgtTicket doRequestTgt(
[2/2] directory-kerby git commit: DIRKRB-692 - This closes #29.
Posted by co...@apache.org.
DIRKRB-692 - This closes #29.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/26748ae4
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/26748ae4
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/26748ae4
Branch: refs/heads/trunk
Commit: 26748ae4303d328666970d26914d12a9639f33ba
Parents: 7cae2a4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 12 11:24:49 2018 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 12 11:40:02 2018 +0000
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/client/KrbClientBase.java | 2 +-
.../kerberos/kerb/client/impl/AbstractInternalKrbClient.java | 6 +++---
.../org/apache/kerby/kerberos/kerb/server/CacheFileTest.java | 3 +--
3 files changed, 5 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/26748ae4/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
index 995df5c..08fd14f 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
@@ -271,7 +271,7 @@ public class KrbClientBase {
*/
public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException {
LOG.info("Storing the sgt to the credential cache file.");
- boolean createCache = !ccacheFile.exists() || (ccacheFile.length() == 0);
+ boolean createCache = !ccacheFile.exists() || ccacheFile.length() == 0;
if (createCache) {
createCacheFile(ccacheFile);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/26748ae4/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index c1f0732..113618e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -158,7 +158,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
String sourceRealm = tgtTicket.getRealm();
String destRealm = serverPrincipalName.getRealm();
clientPrincipalName = tgtTicket.getClientPrincipal();
-
+
if (!sourceRealm.equals(destRealm)) {
KrbConfig krbConfig = krbSetting.getKrbConfig();
LinkedList<String> capath = krbConfig.getCapath(sourceRealm, destRealm);
@@ -172,7 +172,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
tgsRequest = new TgsRequestWithTgt(context, sgtTicket);
}
}
-
+
} else {
//This code is for the no-tgt case but works only with CLIENT_PRINCIPAL option
//Should be expanded later to encompass more use-cases
@@ -186,7 +186,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
tgsRequest.setRequestOptions(requestOptions);
SgtTicket sgtTicket = doRequestSgt(tgsRequest);
- if (clientPrincipalName!=null) {
+ if (clientPrincipalName != null) {
sgtTicket.setClientPrincipal(clientPrincipalName);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/26748ae4/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
index ebc40db..d73d959 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
@@ -27,7 +27,6 @@ import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.junit.Test;
-@org.junit.Ignore("See DIRKRB-692")
public class CacheFileTest extends KdcTestBase {
@Test
@@ -52,4 +51,4 @@ public class CacheFileTest extends KdcTestBase {
t.printStackTrace();
}
}
-}
\ No newline at end of file
+}