directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: DIRKRB-395 Create krb5.conf for kadmin authentication with jaas.
Date Fri, 07 Aug 2015 03:44:40 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master b76a764f4 -> 815d0aed7


DIRKRB-395 Create krb5.conf for kadmin authentication with jaas.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/815d0aed
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/815d0aed
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/815d0aed

Branch: refs/heads/master
Commit: 815d0aed7aed0e77ba4714044fa74c7a47229752
Parents: b76a764
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri Aug 7 11:49:58 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri Aug 7 11:49:58 2015 +0800

----------------------------------------------------------------------
 .gitignore                                      |  1 +
 .../kerby/kerberos/tool/kadmin/KadminTool.java  | 12 ++-
 .../kerby/kerberos/tool/kadmin/Krb5Conf.java    | 83 ++++++++++++++++++++
 .../kdc-tool/src/main/resources/krb5.conf       | 29 +++++++
 .../kdc-tool/src/main/resources/krb5_udp.conf   | 29 +++++++
 5 files changed, 152 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/815d0aed/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index 25ccb6c..ff05a87 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@ kerby-dist/kdc-dist/lib/
 kerby-dist/tool-dist/lib/
 kerby-dist/kdc-dist/logs/
 kerby-dist/tool-dist/logs/
+kerby-dist/kdc-dist/conf/krb5.conf

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/815d0aed/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
index 605a3e2..1f5f955 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -38,11 +38,13 @@ import org.slf4j.LoggerFactory;
 
 import javax.security.auth.login.LoginException;
 import java.io.File;
+import java.io.IOException;
 import java.util.Map;
 import java.util.Scanner;
 
 public class KadminTool {
     private static final Logger LOG = LoggerFactory.getLogger(KadminTool.class);
+    private static File confDir;
 
     private static final String PROMPT = KadminTool.class.getSimpleName() + ".local";
     private static final String REQUEST_LIST = "Available " + PROMPT + " requests:\n"
@@ -144,7 +146,6 @@ public class KadminTool {
     }
 
     private static File getConfDir(String[] args) {
-        File confDir;
         String envDir;
         confDir = new File(args[0]);
         if (confDir == null || !confDir.exists()) {
@@ -169,7 +170,7 @@ public class KadminTool {
         return confDir;
     }
 
-    public static void main(String[] args) {
+    public static void main(String[] args) throws KrbException {
 
         if (args.length < 2) {
             System.err.println(USAGE);
@@ -184,6 +185,13 @@ public class KadminTool {
             return;
         }
 
+        try {
+            Krb5Conf krb5Conf = new Krb5Conf(confDir, kadmin.getKdcConfig());
+            krb5Conf.initKrb5conf();
+        } catch (IOException e) {
+            throw new KrbException("Failed to make krb5.conf", e);
+        }
+
         KOptions kOptions = ToolUtil.parseOptions(args, 1, args.length - 1);
         if (kOptions == null) {
             System.err.println(USAGE);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/815d0aed/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Krb5Conf.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Krb5Conf.java
new file mode 100644
index 0000000..470da96
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Krb5Conf.java
@@ -0,0 +1,83 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin;
+
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.util.IOUtil;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Generate krb5 file using given kdc server settings.
+ */
+public class Krb5Conf {
+    public static final String KRB5_CONF = "java.security.krb5.conf";
+    private static final String KRB5_CONF_FILE = "krb5.conf";
+    private File confDir;
+    private KdcConfig kdcConfig;
+
+    public Krb5Conf(File confDir, KdcConfig kdcConfig) {
+        this.confDir = confDir;
+        this.kdcConfig = kdcConfig;
+    }
+
+    public void initKrb5conf() throws IOException {
+        File confFile = generateConfFile();
+        System.setProperty(KRB5_CONF, confFile.getAbsolutePath());
+    }
+
+    // Read in krb5.conf and substitute in the correct port
+    private File generateConfFile() throws IOException {
+
+        String resourcePath = kdcConfig.allowUdp() ? "/krb5_udp.conf" : "/krb5.conf";
+        InputStream templateResource = getClass().getResourceAsStream(resourcePath);
+
+        String templateContent = IOUtil.readInput(templateResource);
+
+        String content = templateContent;
+
+        content = content.replaceAll("_REALM_", "" + kdcConfig.getKdcRealm());
+
+        int kdcPort = kdcConfig.allowUdp() ? kdcConfig.getKdcUdpPort()
+                : kdcConfig.getKdcTcpPort();
+        content = content.replaceAll("_KDC_PORT_",
+                String.valueOf(kdcPort));
+
+        if (kdcConfig.allowTcp()) {
+            content = content.replaceAll("#_KDC_TCP_PORT_", "kdc_tcp_port = " + kdcConfig.getKdcTcpPort());
+        }
+        if (kdcConfig.allowUdp()) {
+            content = content.replaceAll("#_KDC_UDP_PORT_", "kdc_udp_port = " + kdcConfig.getKdcUdpPort());
+        }
+
+        int udpLimit = kdcConfig.allowUdp() ? 4096 : 1;
+        content = content.replaceAll("_UDP_LIMIT_", String.valueOf(udpLimit));
+
+        File confFile = new File(confDir, KRB5_CONF_FILE);
+        if (confFile.exists()) {
+            confFile.delete();
+        }
+        IOUtil.writeFile(content, confFile);
+
+        return confFile;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/815d0aed/kerby-tool/kdc-tool/src/main/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/resources/krb5.conf b/kerby-tool/kdc-tool/src/main/resources/krb5.conf
new file mode 100644
index 0000000..0954538
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/resources/krb5.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+[libdefaults]
+    kdc_realm = _REALM_
+    default_realm = _REALM_
+    udp_preference_limit = _UDP_LIMIT_
+    #_KDC_TCP_PORT_
+    #_KDC_UDP_PORT_
+
+[realms]
+    _REALM_ = {
+        kdc = localhost:_KDC_PORT_
+    }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/815d0aed/kerby-tool/kdc-tool/src/main/resources/krb5_udp.conf
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/resources/krb5_udp.conf b/kerby-tool/kdc-tool/src/main/resources/krb5_udp.conf
new file mode 100644
index 0000000..0954538
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/resources/krb5_udp.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+[libdefaults]
+    kdc_realm = _REALM_
+    default_realm = _REALM_
+    udp_preference_limit = _UDP_LIMIT_
+    #_KDC_TCP_PORT_
+    #_KDC_UDP_PORT_
+
+[realms]
+    _REALM_ = {
+        kdc = localhost:_KDC_PORT_
+    }
\ No newline at end of file


Mime
View raw message