You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/21 09:38:12 UTC
directory-kerberos git commit: DIRKRB-120 Enhance KDC Server to
respect kdc.conf file. Contributed by Lin Chen
Repository: directory-kerberos
Updated Branches:
refs/heads/master a69651e9d -> 3558a6bae
DIRKRB-120 Enhance KDC Server to respect kdc.conf file. Contributed by Lin Chen
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/3558a6ba
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/3558a6ba
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/3558a6ba
Branch: refs/heads/master
Commit: 3558a6baee9a6ac3dbabed1b01e0a16e3498d812
Parents: a69651e
Author: drankye <dr...@gmail.com>
Authored: Thu Jan 22 00:35:05 2015 +0800
Committer: drankye <dr...@gmail.com>
Committed: Thu Jan 22 00:35:05 2015 +0800
----------------------------------------------------------------------
.../java/org/apache/haox/config/ConfigImpl.java | 1 +
.../apache/kerberos/kerb/client/KrbConfig.java | 6 +--
.../kerberos/kerb/common/KrbConfHelper.java | 33 ++++++++----
.../apache/kerberos/kerb/server/KdcConfig.java | 28 +++++++++-
.../kerberos/kerb/server/KdcConfigKey.java | 44 ++++++++++++---
.../kerb-server/src/main/resources/kdc.conf | 51 ++++++++++++++++++
.../kerberos/kerb/server/TestKdcConfigLoad.java | 57 ++++++++++++++++++++
7 files changed, 198 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
----------------------------------------------------------------------
diff --git a/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
index 470ee88..ad031a0 100644
--- a/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
+++ b/contrib/haox-config/src/main/java/org/apache/haox/config/ConfigImpl.java
@@ -7,6 +7,7 @@
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
+
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
index 8c409f3..e9008c4 100644
--- a/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
+++ b/haox-kerb/kerb-client/src/main/java/org/apache/kerberos/kerb/client/KrbConfig.java
@@ -102,7 +102,7 @@ public class KrbConfig {
}
public List<EncryptionType> getEncryptionTypes() {
- return KrbConfHelper.getEnctypesUnderSection(conf, KrbConfigKey.PERMITTED_ENCTYPES);
+ return KrbConfHelper.getEncTypesUnderSection(conf, KrbConfigKey.PERMITTED_ENCTYPES);
}
public boolean isPaEncTimestampRequired() {
@@ -138,11 +138,11 @@ public class KrbConfig {
}
public List<EncryptionType> getDefaultTgsEnctypes() {
- return KrbConfHelper.getEnctypesUnderSection(conf, KrbConfigKey.DEFAULT_TGS_ENCTYPES);
+ return KrbConfHelper.getEncTypesUnderSection(conf, KrbConfigKey.DEFAULT_TGS_ENCTYPES);
}
public List<EncryptionType> getDefaultTktEnctypes() {
- return KrbConfHelper.getEnctypesUnderSection(conf, KrbConfigKey.DEFAULT_TKT_ENCTYPES);
+ return KrbConfHelper.getEncTypesUnderSection(conf, KrbConfigKey.DEFAULT_TKT_ENCTYPES);
}
public String getDefaultLoggingLocation() {
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
index 6382462..41f9d86 100644
--- a/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
+++ b/haox-kerb/kerb-common/src/main/java/org/apache/kerberos/kerb/common/KrbConfHelper.java
@@ -7,6 +7,7 @@
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
+
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
@@ -63,10 +64,24 @@ public class KrbConfHelper {
}
}
- public static List<EncryptionType> getEnctypesUnderSection(Conf conf, SectionConfigKey key) {
- String enctypesNamesString = getStringUnderSection(conf, key);
- String[] enctypesNames = enctypesNamesString.split(LIST_SPLITTER);
- return getEncryptionTypes(enctypesNames);
+ public static int getIntUnderSection(Conf conf, SectionConfigKey key) {
+ Config subConfig = conf.getConfig(key.getSectionName());
+ if (subConfig != null) {
+ return subConfig.getInt(key);
+ } else {
+ return (Integer) key.getDefaultValue();
+ }
+ }
+
+ public static String[] getStringArrayUnderSection(Conf conf, SectionConfigKey key) {
+ String value = getStringUnderSection(conf, key);
+ String[] values = value.split(LIST_SPLITTER);
+ return values;
+ }
+
+ public static List<EncryptionType> getEncTypesUnderSection(Conf conf, SectionConfigKey key) {
+ String[] encTypesNames = getStringArrayUnderSection(conf, key);
+ return getEncryptionTypes(encTypesNames);
}
public static List<EncryptionType> getEncryptionTypes(String[] encTypeNames) {
@@ -76,11 +91,11 @@ public class KrbConfHelper {
public static List<EncryptionType> getEncryptionTypes(List<String> encTypeNames) {
List<EncryptionType> results = new ArrayList<EncryptionType>(encTypeNames.size());
- EncryptionType etype;
- for (String etypeName : encTypeNames) {
- etype = EncryptionType.fromName(etypeName);
- if (etype != EncryptionType.NONE) {
- results.add(etype);
+ EncryptionType eType;
+ for (String eTypeName : encTypeNames) {
+ eType = EncryptionType.fromName(eTypeName);
+ if (eType != EncryptionType.NONE) {
+ results.add(eType);
}
}
return results;
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
index ba4208a..75db95d 100644
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfig.java
@@ -53,12 +53,12 @@ public class KdcConfig {
}
public short getKdcTcpPort() {
- Integer kdcTcpPort = conf.getInt(KdcConfigKey.KDC_TCP_PORT);
+ Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_TCP_PORT);
return kdcTcpPort.shortValue();
}
public short getKdcUdpPort() {
- Integer kdcUdpPort = conf.getInt(KdcConfigKey.KDC_UDP_PORT);
+ Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_UDP_PORT);
return kdcUdpPort.shortValue();
}
@@ -126,4 +126,28 @@ public class KdcConfig {
public boolean isBodyChecksumVerified() {
return conf.getBoolean(KdcConfigKey.VERIFY_BODY_CHECKSUM);
}
+
+ public String getDefaultLoggingLocation() {
+ return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.DEFAULT);
+ }
+
+ public String getKdcLoggingLocation() {
+ return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.KDC);
+ }
+
+ public String getAdminLoggingLocation() {
+ return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.ADMIN_SERVER);
+ }
+
+ public boolean isRestrictAnonymousToTgt() {
+ return KrbConfHelper.getBooleanUnderSection(conf, KdcConfigKey.RESTRICT_ANONYMOUS_TO_TGT);
+ }
+
+ public int getKdcMaxDgramReplySize() {
+ return KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_MAX_DGRAM_REPLY_SIZE);
+ }
+
+ public String[] getLdapKerberosContainerDn() {
+ return KrbConfHelper.getStringArrayUnderSection(conf, KdcConfigKey.LDAP_KERBEROS_CONTAINER_DN);
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
index 6b7a185..54c5703 100644
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
+++ b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/KdcConfigKey.java
@@ -6,28 +6,29 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- *
+ *
*/
package org.apache.kerberos.kerb.server;
import org.apache.haox.config.ConfigKey;
+import org.apache.kerberos.kerb.common.SectionConfigKey;
-public enum KdcConfigKey implements ConfigKey {
+public enum KdcConfigKey implements SectionConfigKey {
KRB_DEBUG(true),
WORK_DIR,
KDC_SERVICE_NAME("Haox_KDC_Server"),
KDC_HOST("127.0.0.1"),
- KDC_TCP_PORT(8015),
- KDC_UDP_PORT(8016),
+ KDC_UDP_PORT(8016, "kdcdefaults"),
+ KDC_TCP_PORT(8015, "kdcdefaults"),
KDC_DOMAIN("example.com"),
KDC_REALM("EXAMPLE.COM"),
TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
@@ -43,9 +44,23 @@ public enum KdcConfigKey implements ConfigKey {
PROXIABLE_ALLOWED(true),
RENEWABLE_ALLOWED(true),
VERIFY_BODY_CHECKSUM(true),
- ENCRYPTION_TYPES(new String[] { "aes128-cts-hmac-sha1-96", "des3-cbc-sha1-kd" });
+ ENCRYPTION_TYPES(new String[] { "aes128-cts-hmac-sha1-96", "des3-cbc-sha1-kd" }),
+ RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
+ KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
+
+ //logging location TODO the default log location need to be determinded.
+ DEFAULT(null, "logging"),
+ KDC(null, "logging"),
+ ADMIN_SERVER(null, "logging"),
+
+ //dbdefaults
+ LDAP_KERBEROS_CONTAINER_DN(null, "dbdefaults");
private Object defaultValue;
+ /**
+ * The name of a section where a config key is contained in MIT Kerberos config file.
+ */
+ private String sectionName;
private KdcConfigKey() {
this.defaultValue = null;
@@ -55,13 +70,26 @@ public enum KdcConfigKey implements ConfigKey {
this.defaultValue = defaultValue;
}
+ private KdcConfigKey(Object defaultValue, String sectionName) {
+ this(defaultValue);
+ this.sectionName = sectionName;
+ }
+
+ /**
+ * Use the propertyKey, we can get the configuration value from Object Conf.
+ */
@Override
public String getPropertyKey() {
- return "kdc." + name().toLowerCase();
+ return name().toLowerCase();
}
@Override
public Object getDefaultValue() {
return this.defaultValue;
}
+
+ @Override
+ public String getSectionName() {
+ return sectionName;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/haox-kerb/kerb-server/src/main/resources/kdc.conf
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/resources/kdc.conf b/haox-kerb/kerb-server/src/main/resources/kdc.conf
new file mode 100644
index 0000000..8f286a1
--- /dev/null
+++ b/haox-kerb/kerb-server/src/main/resources/kdc.conf
@@ -0,0 +1,51 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[kdcdefaults]
+ kdc_udp_port = 88
+ kdc_tcp_port = 8014
+ restrict_anonymous_to_tgt = true
+ kdc_max_dgram_reply_size = 4096
+
+[realms]
+# ATHENA.MIT.EDU = {
+# kadmind_port = 749
+# max_life = 12h 0m 0s
+# max_renewable_life = 7d 0h 0m 0s
+# master_key_type = des3-hmac-sha1
+# supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
+# database_module = openldap_ldapconf
+# }
+
+[dbdefaults]
+ ldap_kerberos_container_dn = cn=krbcontainer dc=mit dc=edu
+
+[dbmodules]
+# openldap_ldapconf = {
+# db_library = kldap
+# disable_last_success = true
+# ldap_kdc_dn = cn=krbadmin dc=mit,dc=edu
+# ldap_kadmind_dn = cn=krbadmin dc=mit dc=edu
+# ldap_service_password_file = /etc/kerberos/service.keyfile
+# ldap_servers = ldaps://kerberos.mit.edu
+# ldap_conns_per_server = 5
+# }
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/3558a6ba/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java b/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java
new file mode 100644
index 0000000..923861a
--- /dev/null
+++ b/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerberos.kerb.server;
+
+import org.apache.haox.config.Conf;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+public class TestKdcConfigLoad {
+
+ @Test
+ public void test() throws URISyntaxException, IOException {
+ URL confFileUrl = TestKdcConfigLoad.class.getResource("/kdc.conf");
+ File confFile = new File(confFileUrl.toURI());
+
+ KdcConfig krbConfig = new KdcConfig();
+ Conf conf = krbConfig.getConf();
+ conf.addIniConfig(confFile);
+
+ Assert.assertEquals(krbConfig.getDefaultLoggingLocation(), "FILE:/var/log/krb5libs.log");
+ Assert.assertEquals(krbConfig.getKdcLoggingLocation(), "FILE:/var/log/krb5kdc.log");
+ Assert.assertEquals(krbConfig.getAdminLoggingLocation(), "FILE:/var/log/kadmind.log");
+
+ Assert.assertEquals(krbConfig.getKdcUdpPort(), 88);
+ Assert.assertEquals(krbConfig.getKdcTcpPort(), 8014);
+ Assert.assertTrue(krbConfig.isRestrictAnonymousToTgt());
+ Assert.assertEquals(krbConfig.getKdcMaxDgramReplySize(), 4096);
+
+ String[] ldapContainerDn = krbConfig.getLdapKerberosContainerDn();
+ Assert.assertEquals(ldapContainerDn.length, 3);
+ Assert.assertEquals(ldapContainerDn[0], "cn=krbcontainer");
+ Assert.assertEquals(ldapContainerDn[1], "dc=mit");
+ Assert.assertEquals(ldapContainerDn[2], "dc=edu");
+ }
+}