directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [1/9] directory-kerby git commit: DIRKRB-657 Implement kinit tool to get tgt ticket from remote realm. Contributed by Frank.
Date Wed, 18 Oct 2017 08:28:59 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 8ae0b3542 -> 19c903e4f


DIRKRB-657 Implement kinit tool to get tgt ticket from remote realm. Contributed by Frank.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/e0c1998b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/e0c1998b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/e0c1998b

Branch: refs/heads/trunk
Commit: e0c1998b7d02587d5eb0850730ee8b873dca46ca
Parents: aa3dfaf
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Thu Sep 14 20:57:33 2017 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Wed Oct 18 16:26:37 2017 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/client/ClientUtil.java   |  5 +----
 .../client/impl/AbstractInternalKrbClient.java   | 19 +++++++++++++------
 .../client/impl/DefaultInternalKrbClient.java    |  6 +++++-
 .../kerberos/kerb/client/request/KdcRequest.java |  9 +++++++--
 4 files changed, 26 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e0c1998b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
index d822431..35a2ed8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
@@ -200,12 +200,9 @@ public final class ClientUtil {
      * @throws KrbException if there's no way to find KDC for the realm
      * @return the list of KDC, always non null
      */
-    public static List<String> getKDCList(KrbSetting krbSetting) throws KrbException
{
+    public static List<String> getKDCList(String realm, KrbSetting krbSetting) throws
KrbException {
 
         List<String> kdcList = new ArrayList<>();
-        kdcList.add(krbSetting.getKdcHost());
-        /*get the kdc realm */
-        String realm = krbSetting.getKdcRealm();
         if (realm != null) {
             KrbConfig krbConfig = krbSetting.getKrbConfig();
             List<Object> kdcs = krbConfig.getRealmSectionItems(realm, "kdc");

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e0c1998b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 2eeece3..27ecd5e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -35,6 +35,7 @@ import org.apache.kerby.kerberos.kerb.client.request.AsRequestWithToken;
 import org.apache.kerby.kerberos.kerb.client.request.TgsRequest;
 import org.apache.kerby.kerberos.kerb.client.request.TgsRequestWithTgt;
 import org.apache.kerby.kerberos.kerb.client.request.TgsRequestWithToken;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
 import org.apache.kerby.kerberos.kerb.type.base.NameType;
 import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
@@ -78,6 +79,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient
{
     @Override
     public TgtTicket requestTgt(KOptions requestOptions) throws KrbException {
         AsRequest asRequest = null;
+        PrincipalName clientPrincipal = null;
 
         if (requestOptions.contains(KrbOption.USE_PASSWD)) {
             asRequest = new AsRequestWithPasswd(context);
@@ -97,21 +99,26 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient
{
             throw new IllegalArgumentException(
                     "No valid krb client request option found");
         }
+
         if (requestOptions.contains(KrbOption.CLIENT_PRINCIPAL)) {
-            String principal = requestOptions.getStringOption(
-                    KrbOption.CLIENT_PRINCIPAL);
-            principal = fixPrincipal(principal);
-            PrincipalName principalName = new PrincipalName(principal);
+            String clientPrincipalName = requestOptions.getStringOption(KrbOption.CLIENT_PRINCIPAL);
+            clientPrincipalName = fixPrincipal(clientPrincipalName);
+            clientPrincipal = new PrincipalName(clientPrincipalName);
             if (requestOptions.contains(PkinitOption.USE_ANONYMOUS)) {
-                principalName.setNameType(NameType.NT_WELLKNOWN);
+                clientPrincipal.setNameType(NameType.NT_WELLKNOWN);
             }
-            asRequest.setClientPrincipal(principalName);
+            asRequest.setClientPrincipal(clientPrincipal);
         }
+
         if (requestOptions.contains(KrbOption.SERVER_PRINCIPAL)) {
             String serverPrincipalName = requestOptions.getStringOption(KrbOption.SERVER_PRINCIPAL);
             serverPrincipalName = fixPrincipal(serverPrincipalName);
             PrincipalName serverPrincipal = new PrincipalName(serverPrincipalName, NameType.NT_PRINCIPAL);
             asRequest.setServerPrincipal(serverPrincipal);
+        } else if (clientPrincipal != null) {
+            String realm = clientPrincipal.getRealm();
+            PrincipalName serverPrincipal = KrbUtil.makeTgsPrincipal(realm);
+            asRequest.setServerPrincipal(serverPrincipal);
         }
 
         asRequest.setRequestOptions(requestOptions);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e0c1998b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
index e7ea499..e383dbe 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
@@ -63,7 +63,11 @@ public class DefaultInternalKrbClient extends AbstractInternalKrbClient
{
 
     private void doRequest(KdcRequest request) throws KrbException {
 
-        List<String> kdcList = ClientUtil.getKDCList(getSetting());
+        String realm = request.getClientPrincipal().getRealm();
+        if (realm == null || realm.isEmpty()) {
+            realm = getSetting().getKdcRealm();
+        }
+        List<String> kdcList = ClientUtil.getKDCList(realm, getSetting());
 
         // tempKdc may include the port number
         Iterator<String> tempKdc = kdcList.iterator();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e0c1998b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
index fe2e1e1..cd473e0 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
@@ -183,12 +183,17 @@ public abstract class KdcRequest {
         PrincipalName cName = getClientPrincipal();
         body.setCname(cName);
 
-        body.setRealm(getContext().getKrbSetting().getKdcRealm());
+        String realm = cName.getRealm();
+        if (realm == null || realm.isEmpty()) {
+            realm = getContext().getKrbSetting().getKdcRealm();
+        }
+        body.setRealm(realm);
 
         PrincipalName sName = getServerPrincipal();
         body.setSname(sName);
 
-        body.setTill(new KerberosTime(startTime + getTicketValidTime()));
+        long tillTime = startTime + getTicketValidTime();
+        body.setTill(new KerberosTime(tillTime));
 
         KerberosTime rtime;
         if (renewTill != null) {


Mime
View raw message