You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2018/02/12 11:45:28 UTC
[1/3] directory-kerby git commit: DIRKRB-692 - Adding test
Repository: directory-kerby
Updated Branches:
refs/heads/1.1.x-fixes 1b3be48eb -> d65562fe0
DIRKRB-692 - Adding test
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f702f72e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f702f72e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f702f72e
Branch: refs/heads/1.1.x-fixes
Commit: f702f72edac73ea90ec4228a1f1944c91d13070a
Parents: 1b3be48
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Feb 8 12:44:18 2018 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 12 11:41:11 2018 +0000
----------------------------------------------------------------------
.../kerberos/kerb/server/CacheFileTest.java | 55 ++++++++++++++++++++
1 file changed, 55 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f702f72e/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
new file mode 100644
index 0000000..ebc40db
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.File;
+
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.junit.Test;
+
+@org.junit.Ignore("See DIRKRB-692")
+public class CacheFileTest extends KdcTestBase {
+
+ @Test
+ public void testStoringSGT() throws Exception {
+
+ TgtTicket tgt = getKrbClient().requestTgt(getClientPrincipal(),
+ getClientPassword());
+ assertThat(tgt).isNotNull();
+
+ SgtTicket tkt = getKrbClient().requestSgt(tgt, getServerPrincipal());
+ assertThat(tkt).isNotNull();
+
+ File ccFile = new File("target/cache.cc");
+ if (ccFile.exists()) {
+ ccFile.delete();
+ }
+
+ try {
+ // Test storing the SGT and not the TGT
+ getKrbClient().storeTicket(tkt, ccFile);
+ } catch (Throwable t) {
+ t.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
[2/3] directory-kerby git commit: Fix for SGT clientPrincipal that is
currently not populated. This fix should be moved at a lower layer but this
is a quick fix that works (tested with USE_TGT case) REF DIRKRB-692
https://issues.apache.org/jira/projects/
Posted by co...@apache.org.
Fix for SGT clientPrincipal that is currently not populated. This fix should be moved at a lower layer but this is a quick fix that works (tested with USE_TGT case) REF DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Fix for storeTicket method, it does not support correctly the one SGT only case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Improves previous fix for requestSGT method, small bug fix, typos and improved comment case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Improves previous fix for storeTicket method, fixed behaviour of no-fresh-new case and improved comments + better formatting case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Improves previous fix for requestsgt method, null clientPrincipal is not saved in sgt, this will preseve values coming from lower layers
case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
requestsgt method, better formatting
case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted trailing spaces and variable "isFreshNew" name refactoring case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted trailing spaces (for real) added blank lines around few if/else blocks case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted (missed) trailing spaces. case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Deleted (other missed) trailing spaces. case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/bc2bac50
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/bc2bac50
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/bc2bac50
Branch: refs/heads/1.1.x-fixes
Commit: bc2bac505269edc02998f5ea91c9ce881dead57c
Parents: f702f72
Author: Fabiano <ft...@gmail.com>
Authored: Wed Feb 7 11:03:15 2018 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 12 11:41:23 2018 +0000
----------------------------------------------------------------------
.../kerberos/kerb/client/KrbClientBase.java | 21 +++++++++++++++-----
.../client/impl/AbstractInternalKrbClient.java | 20 +++++++++++++++++--
2 files changed, 34 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bc2bac50/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
index 602024a..995df5c 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
@@ -271,15 +271,25 @@ public class KrbClientBase {
*/
public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException {
LOG.info("Storing the sgt to the credential cache file.");
- if (!ccacheFile.exists()) {
+ boolean createCache = !ccacheFile.exists() || (ccacheFile.length() == 0);
+
+ if (createCache) {
createCacheFile(ccacheFile);
}
+
if (ccacheFile.exists() && ccacheFile.canWrite()) {
- CredentialCache cCache = new CredentialCache();
try {
- cCache.load(ccacheFile);
- cCache.addCredential(new Credential(sgtTicket, sgtTicket.getClientPrincipal()));
- cCache.setPrimaryPrincipal(sgtTicket.getClientPrincipal());
+ CredentialCache cCache;
+
+ if (!createCache) {
+ cCache = new CredentialCache();
+ cCache.load(ccacheFile);
+ cCache.addCredential(new Credential(sgtTicket, sgtTicket.getClientPrincipal()));
+ } else {
+ //Remind: contructor sets the cCache client principal from the sgtTicket one
+ cCache = new CredentialCache(sgtTicket);
+ }
+
cCache.store(ccacheFile);
} catch (IOException e) {
throw new KrbException("Failed to store sgt", e);
@@ -288,6 +298,7 @@ public class KrbClientBase {
throw new IllegalArgumentException("Invalid ccache file, "
+ "not exist or writable: " + ccacheFile.getAbsolutePath());
}
+
}
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bc2bac50/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 8c8d6ed..c1f0732 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -152,14 +152,16 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
String serverPrincipalString = fixPrincipal(requestOptions.
getStringOption(KrbOption.SERVER_PRINCIPAL));
PrincipalName serverPrincipalName = new PrincipalName(serverPrincipalString);
+ PrincipalName clientPrincipalName = null;
if (tgtTicket != null) {
String sourceRealm = tgtTicket.getRealm();
String destRealm = serverPrincipalName.getRealm();
+ clientPrincipalName = tgtTicket.getClientPrincipal();
+
if (!sourceRealm.equals(destRealm)) {
KrbConfig krbConfig = krbSetting.getKrbConfig();
LinkedList<String> capath = krbConfig.getCapath(sourceRealm, destRealm);
- PrincipalName clientPrincipalName = tgtTicket.getClientPrincipal();
for (int i = 0; i < capath.size() - 1; i++) {
PrincipalName tgsPrincipalName = KrbUtil.makeTgsPrincipal(
capath.get(i), capath.get(i + 1));
@@ -170,11 +172,25 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
tgsRequest = new TgsRequestWithTgt(context, sgtTicket);
}
}
+
+ } else {
+ //This code is for the no-tgt case but works only with CLIENT_PRINCIPAL option
+ //Should be expanded later to encompass more use-cases
+ String clientPrincipalString = (String) requestOptions.getOptionValue(KrbOption.CLIENT_PRINCIPAL);
+ if (clientPrincipalString != null) {
+ clientPrincipalName = new PrincipalName(clientPrincipalString);
+ }
}
tgsRequest.setServerPrincipal(serverPrincipalName);
tgsRequest.setRequestOptions(requestOptions);
- return doRequestSgt(tgsRequest);
+ SgtTicket sgtTicket = doRequestSgt(tgsRequest);
+
+ if (clientPrincipalName!=null) {
+ sgtTicket.setClientPrincipal(clientPrincipalName);
+ }
+
+ return sgtTicket;
}
protected abstract TgtTicket doRequestTgt(
[3/3] directory-kerby git commit: DIRKRB-692 - This closes #29.
Posted by co...@apache.org.
DIRKRB-692 - This closes #29.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d65562fe
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d65562fe
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d65562fe
Branch: refs/heads/1.1.x-fixes
Commit: d65562fe0e45ba016d782eeb12e97eb149388f63
Parents: bc2bac5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 12 11:24:49 2018 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 12 11:41:30 2018 +0000
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/client/KrbClientBase.java | 2 +-
.../kerberos/kerb/client/impl/AbstractInternalKrbClient.java | 6 +++---
.../org/apache/kerby/kerberos/kerb/server/CacheFileTest.java | 3 +--
3 files changed, 5 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d65562fe/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
index 995df5c..08fd14f 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
@@ -271,7 +271,7 @@ public class KrbClientBase {
*/
public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException {
LOG.info("Storing the sgt to the credential cache file.");
- boolean createCache = !ccacheFile.exists() || (ccacheFile.length() == 0);
+ boolean createCache = !ccacheFile.exists() || ccacheFile.length() == 0;
if (createCache) {
createCacheFile(ccacheFile);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d65562fe/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index c1f0732..113618e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -158,7 +158,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
String sourceRealm = tgtTicket.getRealm();
String destRealm = serverPrincipalName.getRealm();
clientPrincipalName = tgtTicket.getClientPrincipal();
-
+
if (!sourceRealm.equals(destRealm)) {
KrbConfig krbConfig = krbSetting.getKrbConfig();
LinkedList<String> capath = krbConfig.getCapath(sourceRealm, destRealm);
@@ -172,7 +172,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
tgsRequest = new TgsRequestWithTgt(context, sgtTicket);
}
}
-
+
} else {
//This code is for the no-tgt case but works only with CLIENT_PRINCIPAL option
//Should be expanded later to encompass more use-cases
@@ -186,7 +186,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
tgsRequest.setRequestOptions(requestOptions);
SgtTicket sgtTicket = doRequestSgt(tgsRequest);
- if (clientPrincipalName!=null) {
+ if (clientPrincipalName != null) {
sgtTicket.setClientPrincipal(clientPrincipalName);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d65562fe/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
index ebc40db..d73d959 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/CacheFileTest.java
@@ -27,7 +27,6 @@ import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.junit.Test;
-@org.junit.Ignore("See DIRKRB-692")
public class CacheFileTest extends KdcTestBase {
@Test
@@ -52,4 +51,4 @@ public class CacheFileTest extends KdcTestBase {
t.printStackTrace();
}
}
-}
\ No newline at end of file
+}