HADOOP-9860. Remove class HackedKeytab and HackedKeytabEncoder from hadoop-minikdc once jira DIRSERVER-1882 solved. (ywskycn via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1515652 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
8f343e684c
commit
23abbd8f64
@ -316,6 +316,9 @@ Release 2.3.0 - UNRELEASED
|
|||||||
HADOOP-9848. Create a MiniKDC for use with security testing.
|
HADOOP-9848. Create a MiniKDC for use with security testing.
|
||||||
(ywskycn via tucu)
|
(ywskycn via tucu)
|
||||||
|
|
||||||
|
HADOOP-9860. Remove class HackedKeytab and HackedKeytabEncoder from
|
||||||
|
hadoop-minikdc once jira DIRSERVER-1882 solved. (ywskycn via tucu)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
HADOOP-9748. Reduce blocking on UGI.ensureInitialized (daryn)
|
HADOOP-9748. Reduce blocking on UGI.ensureInitialized (daryn)
|
||||||
|
@ -38,7 +38,7 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.directory.server</groupId>
|
<groupId>org.apache.directory.server</groupId>
|
||||||
<artifactId>apacheds-all</artifactId>
|
<artifactId>apacheds-all</artifactId>
|
||||||
<version>2.0.0-M14</version>
|
<version>2.0.0-M15</version>
|
||||||
<scope>compile</scope>
|
<scope>compile</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
|
@ -1,42 +0,0 @@
|
|||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.directory.server.kerberos.shared.keytab;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.ByteBuffer;
|
|
||||||
|
|
||||||
//This is a hack for ApacheDS 2.0.0-M14 to be able to create
|
|
||||||
//keytab files with more than one principal.
|
|
||||||
//It needs to be in this package because the KeytabEncoder class is package
|
|
||||||
// private.
|
|
||||||
//This class can be removed once jira DIRSERVER-1882
|
|
||||||
// (https://issues.apache.org/jira/browse/DIRSERVER-1882) solved
|
|
||||||
public class HackedKeytab extends Keytab {
|
|
||||||
|
|
||||||
private byte[] keytabVersion = VERSION_52;
|
|
||||||
|
|
||||||
public void write( File file, int principalCount ) throws IOException
|
|
||||||
{
|
|
||||||
HackedKeytabEncoder writer = new HackedKeytabEncoder();
|
|
||||||
ByteBuffer buffer = writer.write( keytabVersion, getEntries(),
|
|
||||||
principalCount );
|
|
||||||
writeFile( buffer, file );
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,121 +0,0 @@
|
|||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.directory.server.kerberos.shared.keytab;
|
|
||||||
|
|
||||||
import org.apache.directory.shared.kerberos.components.EncryptionKey;
|
|
||||||
|
|
||||||
import java.nio.ByteBuffer;
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
//This is a hack for ApacheDS 2.0.0-M14 to be able to create
|
|
||||||
//keytab files with more than one principal.
|
|
||||||
//It needs to be in this package because the KeytabEncoder class is package
|
|
||||||
// private.
|
|
||||||
//This class can be removed once jira DIRSERVER-1882
|
|
||||||
// (https://issues.apache.org/jira/browse/DIRSERVER-1882) solved
|
|
||||||
class HackedKeytabEncoder extends KeytabEncoder {
|
|
||||||
|
|
||||||
ByteBuffer write( byte[] keytabVersion, List<KeytabEntry> entries,
|
|
||||||
int principalCount )
|
|
||||||
{
|
|
||||||
ByteBuffer buffer = ByteBuffer.allocate( 512 * principalCount);
|
|
||||||
putKeytabVersion(buffer, keytabVersion);
|
|
||||||
putKeytabEntries( buffer, entries );
|
|
||||||
buffer.flip();
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void putKeytabVersion( ByteBuffer buffer, byte[] version )
|
|
||||||
{
|
|
||||||
buffer.put( version );
|
|
||||||
}
|
|
||||||
|
|
||||||
private void putKeytabEntries( ByteBuffer buffer, List<KeytabEntry> entries )
|
|
||||||
{
|
|
||||||
Iterator<KeytabEntry> iterator = entries.iterator();
|
|
||||||
|
|
||||||
while ( iterator.hasNext() )
|
|
||||||
{
|
|
||||||
ByteBuffer entryBuffer = putKeytabEntry( iterator.next() );
|
|
||||||
int size = entryBuffer.position();
|
|
||||||
|
|
||||||
entryBuffer.flip();
|
|
||||||
|
|
||||||
buffer.putInt( size );
|
|
||||||
buffer.put( entryBuffer );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private ByteBuffer putKeytabEntry( KeytabEntry entry )
|
|
||||||
{
|
|
||||||
ByteBuffer buffer = ByteBuffer.allocate( 100 );
|
|
||||||
|
|
||||||
putPrincipalName( buffer, entry.getPrincipalName() );
|
|
||||||
|
|
||||||
buffer.putInt( ( int ) entry.getPrincipalType() );
|
|
||||||
|
|
||||||
buffer.putInt( ( int ) ( entry.getTimeStamp().getTime() / 1000 ) );
|
|
||||||
|
|
||||||
buffer.put( entry.getKeyVersion() );
|
|
||||||
|
|
||||||
putKeyBlock( buffer, entry.getKey() );
|
|
||||||
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void putPrincipalName( ByteBuffer buffer, String principalName )
|
|
||||||
{
|
|
||||||
String[] split = principalName.split("@");
|
|
||||||
String nameComponent = split[0];
|
|
||||||
String realm = split[1];
|
|
||||||
|
|
||||||
String[] nameComponents = nameComponent.split( "/" );
|
|
||||||
|
|
||||||
// increment for v1
|
|
||||||
buffer.putShort( ( short ) nameComponents.length );
|
|
||||||
|
|
||||||
putCountedString( buffer, realm );
|
|
||||||
// write components
|
|
||||||
|
|
||||||
for ( int ii = 0; ii < nameComponents.length; ii++ )
|
|
||||||
{
|
|
||||||
putCountedString( buffer, nameComponents[ii] );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void putKeyBlock( ByteBuffer buffer, EncryptionKey key )
|
|
||||||
{
|
|
||||||
buffer.putShort( ( short ) key.getKeyType().getValue() );
|
|
||||||
putCountedBytes( buffer, key.getKeyValue() );
|
|
||||||
}
|
|
||||||
|
|
||||||
private void putCountedString( ByteBuffer buffer, String string )
|
|
||||||
{
|
|
||||||
byte[] data = string.getBytes();
|
|
||||||
buffer.putShort( ( short ) data.length );
|
|
||||||
buffer.put( data );
|
|
||||||
}
|
|
||||||
|
|
||||||
private void putCountedBytes( ByteBuffer buffer, byte[] data )
|
|
||||||
{
|
|
||||||
buffer.putShort( ( short ) data.length );
|
|
||||||
buffer.put( data );
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -37,7 +37,7 @@
|
|||||||
import org.apache.directory.server.core.partition.ldif.LdifPartition;
|
import org.apache.directory.server.core.partition.ldif.LdifPartition;
|
||||||
import org.apache.directory.server.kerberos.kdc.KdcServer;
|
import org.apache.directory.server.kerberos.kdc.KdcServer;
|
||||||
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
|
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
|
||||||
import org.apache.directory.server.kerberos.shared.keytab.HackedKeytab;
|
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
|
||||||
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
|
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
|
||||||
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
|
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
|
||||||
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
|
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
|
||||||
@ -514,7 +514,7 @@ public synchronized void createPrincipal(String principal, String password)
|
|||||||
public void createPrincipal(File keytabFile, String ... principals)
|
public void createPrincipal(File keytabFile, String ... principals)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
String generatedPassword = UUID.randomUUID().toString();
|
String generatedPassword = UUID.randomUUID().toString();
|
||||||
HackedKeytab keytab = new HackedKeytab();
|
Keytab keytab = new Keytab();
|
||||||
List<KeytabEntry> entries = new ArrayList<KeytabEntry>();
|
List<KeytabEntry> entries = new ArrayList<KeytabEntry>();
|
||||||
for (String principal : principals) {
|
for (String principal : principals) {
|
||||||
createPrincipal(principal, generatedPassword);
|
createPrincipal(principal, generatedPassword);
|
||||||
@ -529,6 +529,6 @@ public void createPrincipal(File keytabFile, String ... principals)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
keytab.setEntries(entries);
|
keytab.setEntries(entries);
|
||||||
keytab.write(keytabFile, principals.length);
|
keytab.write(keytabFile);
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -137,7 +137,7 @@ public void testKerberosLogin() throws Exception {
|
|||||||
subject.getPrincipals().iterator().next().getClass());
|
subject.getPrincipals().iterator().next().getClass());
|
||||||
Assert.assertEquals(principal + "@" + kdc.getRealm(),
|
Assert.assertEquals(principal + "@" + kdc.getRealm(),
|
||||||
subject.getPrincipals().iterator().next().getName());
|
subject.getPrincipals().iterator().next().getName());
|
||||||
loginContext.login();
|
loginContext.logout();
|
||||||
|
|
||||||
//server login
|
//server login
|
||||||
subject = new Subject(false, principals, new HashSet<Object>(),
|
subject = new Subject(false, principals, new HashSet<Object>(),
|
||||||
@ -151,7 +151,7 @@ public void testKerberosLogin() throws Exception {
|
|||||||
subject.getPrincipals().iterator().next().getClass());
|
subject.getPrincipals().iterator().next().getClass());
|
||||||
Assert.assertEquals(principal + "@" + kdc.getRealm(),
|
Assert.assertEquals(principal + "@" + kdc.getRealm(),
|
||||||
subject.getPrincipals().iterator().next().getName());
|
subject.getPrincipals().iterator().next().getName());
|
||||||
loginContext.login();
|
loginContext.logout();
|
||||||
|
|
||||||
} finally {
|
} finally {
|
||||||
if (loginContext != null) {
|
if (loginContext != null) {
|
||||||
|
Loading…
Reference in New Issue
Block a user