You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ha...@apache.org on 2015/03/25 02:07:30 UTC
directory-kerby git commit: DIRKRB-191 Enhance kadmin to support
adding entry to keytab
Repository: directory-kerby
Updated Branches:
refs/heads/master f040bec57 -> 878285dee
DIRKRB-191 Enhance kadmin to support adding entry to keytab
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/878285de
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/878285de
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/878285de
Branch: refs/heads/master
Commit: 878285dee720b410be53e3f429437ef2d8de37be
Parents: f040bec
Author: hazel <li...@foxmail.com>
Authored: Wed Mar 25 09:07:20 2015 +0800
Committer: hazel <li...@foxmail.com>
Committed: Wed Mar 25 09:07:20 2015 +0800
----------------------------------------------------------------------
kerby-tool/kdc-tool/pom.xml | 5 +
.../kerby/kerberos/tool/kadmin/Kadmin.java | 4 +
.../kadmin/executor/AddPrincipalExecutor.java | 34 +----
.../tool/kadmin/executor/KeytabAddExecutor.java | 131 +++++++++++++++++++
.../kerberos/tool/kadmin/tool/KadminTool.java | 58 ++++++++
5 files changed, 201 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/878285de/kerby-tool/kdc-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/pom.xml b/kerby-tool/kdc-tool/pom.xml
index de1f5e7..13c9d76 100644
--- a/kerby-tool/kdc-tool/pom.xml
+++ b/kerby-tool/kdc-tool/pom.xml
@@ -41,6 +41,11 @@
<artifactId>kerb-server</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
<profiles>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/878285de/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
index 6e0c0f1..c77b76e 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
@@ -23,6 +23,7 @@ import org.apache.kerby.config.Conf;
import org.apache.kerby.kerberos.kerb.server.KdcConfig;
import org.apache.kerby.kerberos.tool.kadmin.executor.AddPrincipalExecutor;
import org.apache.kerby.kerberos.tool.kadmin.executor.KadminCommandExecutor;
+import org.apache.kerby.kerberos.tool.kadmin.executor.KeytabAddExecutor;
import java.io.File;
import java.io.IOException;
@@ -78,6 +79,9 @@ public class Kadmin {
command.startsWith("addprinc") ||
command.startsWith("ank")) {
executor = new AddPrincipalExecutor(kdcConfig, backendConfig);
+ } else if (command.startsWith("ktadd") ||
+ command.startsWith("xst")) {
+ executor = new KeytabAddExecutor(backendConfig);
}
if (executor == null) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/878285de/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
index 33a6f6c..4e94aa3 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
@@ -25,9 +25,9 @@ import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.tool.kadmin.tool.KadminTool;
import java.io.Console;
import java.util.Arrays;
@@ -35,7 +35,7 @@ import java.util.List;
import java.util.Scanner;
public class AddPrincipalExecutor implements KadminCommandExecutor{
- private static final String USAGE = "usage: add_principal [options] principal\n" +
+ private static final String USAGE = "Usage: add_principal [options] principal\n" +
"\toptions are:\n" +
"\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n" +
"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n" +
@@ -130,7 +130,7 @@ public class AddPrincipalExecutor implements KadminCommandExecutor{
}
private void addPrincipal(String principal, String password) {
- IdentityBackend backend = initBackend();
+ IdentityBackend backend = KadminTool.getBackend(backendConfig);
KrbIdentity identity = createIdentity(principal, password);
try {
@@ -140,34 +140,6 @@ public class AddPrincipalExecutor implements KadminCommandExecutor{
}
}
- private IdentityBackend initBackend() {
- String backendClassName = backendConfig.getString(
- KdcConfigKey.KDC_IDENTITY_BACKEND);
- if (backendClassName == null) {
- throw new RuntimeException("Can not find the IdentityBackend class");
- }
-
- Class backendClass = null;
- try {
- backendClass = Class.forName(backendClassName);
- } catch (ClassNotFoundException e) {
- throw new RuntimeException("Failed to load backend class: "
- + backendClassName);
- }
-
- IdentityBackend backend;
- try {
- backend = (IdentityBackend) backendClass.newInstance();
- } catch (InstantiationException | IllegalAccessException e) {
- throw new RuntimeException("Failed to create backend: "
- + backendClassName);
- }
-
- backend.setConfig(backendConfig);
- backend.initialize();
- return backend;
- }
-
protected KrbIdentity createIdentity(String principal, String password) {
KrbIdentity kid = new KrbIdentity(principal);
kid.setCreatedTime(KerberosTime.now());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/878285de/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabAddExecutor.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabAddExecutor.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabAddExecutor.java
new file mode 100644
index 0000000..bc3eb03
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabAddExecutor.java
@@ -0,0 +1,131 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.executor;
+
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.tool.kadmin.tool.KadminTool;
+
+import java.io.File;
+import java.io.IOException;
+
+public class KeytabAddExecutor implements KadminCommandExecutor{
+ private static final String USAGE =
+ "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]";
+
+ private static final String DEFAULT_KEYTAB_FILE_LOCATION = "krb5.keytab";
+
+ private Config backendConfig;
+
+ public KeytabAddExecutor(Config backendConfig) {
+ this.backendConfig = backendConfig;
+ }
+
+ @Override
+ public void execute(String input) {
+ String[] commands = input.split(" ");
+
+ String principal = null;
+ String keytabFileLocation = null;
+
+ //Since commands[0] is ktadd, the initial index is 1.
+ int index = 1;
+ while (index < commands.length) {
+ String command = commands[index];
+ if (command.equals("-k")) {
+ index++;
+ if (index >= commands.length) {
+ System.err.println(USAGE);
+ return;
+ }
+ keytabFileLocation = commands[index].trim();
+
+ } else if (!command.startsWith("-")){
+ principal = command;
+ }
+ index++;
+ }
+
+ if (keytabFileLocation == null) {
+ keytabFileLocation = DEFAULT_KEYTAB_FILE_LOCATION;
+ }
+ File keytabFile = new File(keytabFileLocation);
+
+ addEntryToKeytab(keytabFile, principal);
+ }
+
+ private void addEntryToKeytab(File keytabFile, String principalName) {
+ IdentityBackend backend = KadminTool.getBackend(backendConfig);
+
+ //Get Identity
+ KrbIdentity identity = backend.getIdentity(principalName);
+ if (identity == null) {
+ System.err.println("Can not find the identity for pincipal " +
+ principalName + ".");
+ return;
+ }
+
+ StringBuffer resultSB = new StringBuffer();
+ Keytab keytab = loadKeytab(keytabFile);
+
+ //Add principal to keytab.
+ PrincipalName principal = identity.getPrincipal();
+ KerberosTime timestamp = new KerberosTime();
+ for (EncryptionType encType : identity.getKeys().keySet()) {
+ EncryptionKey ekey = identity.getKeys().get(encType);
+ int keyVersion = ekey.getKvno();
+ keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+ resultSB.append("Entry for principal " + principalName +
+ " with kvno " + keyVersion + ", encryption type " +
+ encType.getName() + " added to keytab " +
+ keytabFile.getAbsolutePath() + "\n");
+ }
+
+ //Store the keytab
+ try {
+ keytab.store(keytabFile);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ System.out.println(resultSB.toString());
+ }
+
+ private Keytab loadKeytab(File keytabFile) {
+ try {
+ if (!keytabFile.exists()) {
+ keytabFile.createNewFile();
+ return new Keytab();
+ }
+
+ return Keytab.loadKeytab(keytabFile);
+ } catch (IOException e) {
+ e.printStackTrace();
+ return new Keytab();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/878285de/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/tool/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/tool/KadminTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/tool/KadminTool.java
new file mode 100644
index 0000000..fe0f244
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/tool/KadminTool.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.tool;
+
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
+
+public class KadminTool {
+
+ /**
+ * Init the identity backend from backend configuration.
+ */
+ public static IdentityBackend getBackend(Config backendConfig) {
+ String backendClassName = backendConfig.getString(
+ KdcConfigKey.KDC_IDENTITY_BACKEND);
+ if (backendClassName == null) {
+ throw new RuntimeException("Can not find the IdentityBackend class");
+ }
+
+ Class backendClass = null;
+ try {
+ backendClass = Class.forName(backendClassName);
+ } catch (ClassNotFoundException e) {
+ throw new RuntimeException("Failed to load backend class: "
+ + backendClassName);
+ }
+
+ IdentityBackend backend;
+ try {
+ backend = (IdentityBackend) backendClass.newInstance();
+ } catch (InstantiationException | IllegalAccessException e) {
+ throw new RuntimeException("Failed to create backend: "
+ + backendClassName);
+ }
+
+ backend.setConfig(backendConfig);
+ backend.initialize();
+ return backend;
+ }
+}