directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ckopp...@apache.org
Subject svn commit: r764561 - in /directory/apacheds/trunk/protocol-kerberos/src/test: java/org/apache/directory/server/kerberos/kdc/ resources/ resources/org/ resources/org/apache/ resources/org/apache/directory/ resources/org/apache/directory/server/ resourc...
Date Mon, 13 Apr 2009 19:00:18 GMT
Author: ckoppelt
Date: Mon Apr 13 19:00:18 2009
New Revision: 764561

URL: http://svn.apache.org/viewvc?rev=764561&view=rev
Log:
restored and partially fixed the SaslGssapiBindTest

Added:
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/kdc/
    directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/kdc/krb5.conf
Modified:
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java?rev=764561&r1=764560&r2=764561&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
Mon Apr 13 19:00:18 2009
@@ -20,37 +20,46 @@
 package org.apache.directory.server.kerberos.kdc;
 
 
+import java.security.PrivilegedAction;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.ModificationItem;
+import javax.security.auth.Subject;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.Interceptor;
 import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
 import org.apache.directory.server.core.partition.Partition;
-import org.apache.directory.server.xdbm.Index;
 import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
 import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
+import org.apache.directory.server.kerberos.shared.jaas.CallbackHandlerBean;
+import org.apache.directory.server.kerberos.shared.jaas.Krb5LoginConfiguration;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.directory.server.protocol.shared.transport.UdpTransport;
 import org.apache.directory.server.unit.AbstractServerTest;
+import org.apache.directory.server.xdbm.Index;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
-import javax.naming.Context;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.ModificationItem;
-
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.List;
-import java.util.Set;
-
 
 /**
  * An {@link AbstractServerTest} testing SASL GSSAPI authentication
@@ -68,13 +77,13 @@
 
 
     /**
-     * Creates a new instance of SaslGssapiBindTest and sets JAAS system properties
-     * for the KDC and realm, so we don't have to rely on external configuration.
+     * Creates a new instance of SaslGssapiBindTest and sets JAAS system properties.
      */
     public SaslGssapiBindITest()
     {
-        System.setProperty( "java.security.krb5.realm", "EXAMPLE.COM" );
-        System.setProperty( "java.security.krb5.kdc", "localhost" );
+        String krbConfPath = getClass().getResource( "krb5.conf" ).getFile();
+        System.setProperty( "java.security.krb5.conf", krbConfPath );
+        System.setProperty( "sun.security.krb5.debug" , "false" ); 
     }
 
 
@@ -92,9 +101,11 @@
 
         KdcServer kdcConfig = new KdcServer();
         kdcConfig.setDirectoryService( directoryService );
+        kdcConfig.setTcpTransport( new TcpTransport(6088) );
+        kdcConfig.setUdpTransport( new UdpTransport(6088) );
         kdcConfig.setEnabled( true );
         kdcConfig.setSearchBaseDn( "ou=users,dc=example,dc=com" );
-
+        kdcConfig.start();
         Attributes attrs;
 
         setContexts( "uid=admin,ou=system", "secret" );
@@ -232,7 +243,77 @@
     @Test
     public void testSaslGssapiBind()
     {
-        assertTrue( true );
+        // Use our custom configuration to avoid reliance on external config
+        Configuration.setConfiguration( new Krb5LoginConfiguration() );
+        // 1. Authenticate to Kerberos.
+        LoginContext lc = null;
+        try
+        {
+            lc = new LoginContext( SaslGssapiBindITest.class.getName(), new CallbackHandlerBean(
"hnelson", "secret" ) );
+            lc.login();
+        }
+        catch ( LoginException le )
+        {
+            // Bad username:  Client not found in Kerberos database
+            // Bad password:  Integrity check on decrypted field failed
+            fail( "Authentication failed:  " + le.getMessage() );
+            assertTrue( false );
+        }
+
+        // 2. Perform JNDI work as authenticated Subject.
+        Subject.doAs( lc.getSubject(), new PrivilegedAction()
+        {
+            public Object run()
+            {
+                //FIXME activate this code as soon as the GSSAPIMechanismHandler is fixed.
+                //Currently GSSAPI authentication for the ldap server is broken
+//                try
+//                {
+//                    // Create the initial context
+//                    Hashtable<String, String> env = new Hashtable<String, String>();
+//                    env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"
);
+//                    env.put( Context.PROVIDER_URL, "ldap://127.0.0.1:" + port );
+//
+//                    // Request the use of the "GSSAPI" SASL mechanism
+//                    // Authenticate by using already established Kerberos credentials
+//                    env.put( Context.SECURITY_AUTHENTICATION, "GSSAPI" );
+//
+//                    // Request privacy protection
+//                    env.put( "javax.security.sasl.qop", "auth-conf" );
+//
+//                    // Request mutual authentication
+//                    env.put( "javax.security.sasl.server.authentication", "true" );
+//
+//                    // Request high-strength cryptographic protection
+//                    env.put( "javax.security.sasl.strength", "high" );
+//
+//                    DirContext ctx = new InitialDirContext( env );
+//
+//                    String[] attrIDs =
+//                        { "uid" };
+//
+//                    Attributes attrs = ctx.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com",
attrIDs );
+//
+//                    String uid = null;
+//
+//                    if ( attrs.get( "uid" ) != null )
+//                    {
+//                        uid = ( String ) attrs.get( "uid" ).get();
+//                    }
+//
+//                    assertEquals( uid, "hnelson" );
+//                }
+//                catch ( NamingException e )
+//                {
+//                    fail( "Should not have caught exception:  " + e.getMessage() + e.getRootCause()
);
+//                    e.printStackTrace();
+//                   
+//                }
+
+                return null;
+            }
+        } );
+
     }
 
 

Added: directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/kdc/krb5.conf
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/kdc/krb5.conf?rev=764561&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/kdc/krb5.conf
(added)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/resources/org/apache/directory/server/kerberos/kdc/krb5.conf
Mon Apr 13 19:00:18 2009
@@ -0,0 +1,15 @@
+[libdefaults]
+	default_realm = EXAMPLE.COM
+
+[realms]
+	EXAMPLE.COM = {
+		kdc = localhost:6088
+	}
+
+[domain_realm]
+	.example.com = EXAMPLE.COM
+	example.com = EXAMPLE.COM
+
+[login]
+	krb4_convert = true
+	krb4_get_tickets = false
\ No newline at end of file



Mime
View raw message