From commits-return-24292-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Tue Jan 05 08:50:12 2010 Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 11839 invoked from network); 5 Jan 2010 08:50:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 5 Jan 2010 08:50:12 -0000 Received: (qmail 22080 invoked by uid 500); 5 Jan 2010 08:50:12 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 22011 invoked by uid 500); 5 Jan 2010 08:50:12 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 22000 invoked by uid 99); 5 Jan 2010 08:50:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jan 2010 08:50:12 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jan 2010 08:50:09 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id B229A23889CB; Tue, 5 Jan 2010 08:49:47 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r895945 - in /directory/apacheds/branches/apacheds-schema: ./ kerberos-test/ kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/ kerberos-test/src/test/resources/ Date: Tue, 05 Jan 2010 08:49:39 -0000 To: commits@directory.apache.org From: kayyagari@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100105084947.B229A23889CB@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kayyagari Date: Tue Jan 5 08:49:31 2010 New Revision: 895945 URL: http://svn.apache.org/viewvc?rev=895945&view=rev Log: o modified the module build order (kereberos-test is now after interceptor-kerberos cause test uses KeyDerivationInterceptor) o added dependency on interceptor-kerberos in kerberos test o added krb5 config and log4j properties files in kerberos-test module o fixed the failing GSSAPI test Added: directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/krb5.conf directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/log4j.properties Modified: directory/apacheds/branches/apacheds-schema/kerberos-test/pom.xml directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java directory/apacheds/branches/apacheds-schema/pom.xml Modified: directory/apacheds/branches/apacheds-schema/kerberos-test/pom.xml URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-schema/kerberos-test/pom.xml?rev=895945&r1=895944&r2=895945&view=diff ============================================================================== --- directory/apacheds/branches/apacheds-schema/kerberos-test/pom.xml (original) +++ directory/apacheds/branches/apacheds-schema/kerberos-test/pom.xml Tue Jan 5 08:49:31 2010 @@ -60,6 +60,12 @@ ${pom.version} test + + + org.apache.directory.server + apacheds-interceptor-kerberos + ${pom.version} + Modified: directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java?rev=895945&r1=895944&r2=895945&view=diff ============================================================================== --- directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java (original) +++ directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java Tue Jan 5 08:49:31 2010 @@ -24,10 +24,7 @@ import static org.junit.Assert.fail; import java.security.PrivilegedAction; -import java.util.HashSet; import java.util.Hashtable; -import java.util.List; -import java.util.Set; import javax.naming.Context; import javax.naming.NamingException; @@ -38,31 +35,42 @@ import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.ModificationItem; +import javax.naming.ldap.InitialLdapContext; +import javax.naming.ldap.LdapContext; import javax.security.auth.Subject; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; +import org.apache.directory.server.annotations.CreateKdcServer; +import org.apache.directory.server.annotations.CreateLdapServer; +import org.apache.directory.server.annotations.CreateTransport; +import org.apache.directory.server.annotations.SaslMechanism; +import org.apache.directory.server.constants.ServerDNConstants; +import org.apache.directory.server.core.CoreSession; import org.apache.directory.server.core.DirectoryService; -import org.apache.directory.server.core.entry.ServerEntry; +import org.apache.directory.server.core.annotations.ContextEntry; +import org.apache.directory.server.core.annotations.CreateDS; +import org.apache.directory.server.core.annotations.CreateIndex; +import org.apache.directory.server.core.annotations.CreatePartition; import org.apache.directory.server.core.integ.AbstractLdapTestUnit; -import org.apache.directory.server.core.interceptor.Interceptor; -import org.apache.directory.server.core.partition.Partition; -import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex; -import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition; +import org.apache.directory.server.core.integ.FrameworkRunner; +import org.apache.directory.server.core.jndi.CoreContextFactory; +import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor; import org.apache.directory.server.kerberos.shared.jaas.CallbackHandlerBean; import org.apache.directory.server.kerberos.shared.jaas.Krb5LoginConfiguration; import org.apache.directory.server.kerberos.shared.store.KerberosAttribute; -import org.apache.directory.server.protocol.shared.transport.TcpTransport; -import org.apache.directory.server.protocol.shared.transport.UdpTransport; -import org.apache.directory.server.xdbm.Index; +import org.apache.directory.server.ldap.handlers.bind.cramMD5.CramMd5MechanismHandler; +import org.apache.directory.server.ldap.handlers.bind.digestMD5.DigestMd5MechanismHandler; +import org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler; +import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler; +import org.apache.directory.server.ldap.handlers.bind.plain.PlainMechanismHandler; import org.apache.directory.shared.ldap.constants.SchemaConstants; -import org.apache.directory.shared.ldap.name.LdapDN; +import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms; import org.junit.After; import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Ignore; import org.junit.Test; +import org.junit.runner.RunWith; /** * An {@link AbstractServerTest} testing SASL GSSAPI authentication @@ -74,25 +82,71 @@ * @author Apache Directory Project * @version $Rev$, $Date$ */ -@Ignore( "temporarily ignored till the schema branch is copied over to trunk" ) +@RunWith( FrameworkRunner.class ) +@CreateDS( name="SaslGssapiBindITest-class", + partitions = + { + @CreatePartition( + name = "example", + suffix = "dc=example,dc=com", + contextEntry = @ContextEntry( + entryLdif = + "dn: dc=example,dc=com\n" + + "dc: example\n" + + "objectClass: top\n" + + "objectClass: domain\n\n" ), + indexes = + { + @CreateIndex( attribute = "objectClass" ), + @CreateIndex( attribute = "dc" ), + @CreateIndex( attribute = "ou" ) + } ) + }, + additionalInterceptors = + { + KeyDerivationInterceptor.class + }) +@CreateLdapServer ( + transports = + { + @CreateTransport( protocol = "LDAP" ) + }, + saslHost="localhost", + saslPrincipal="ldap/localhost@EXAMPLE.COM", + saslMechanisms = + { + @SaslMechanism( name=SupportedSaslMechanisms.PLAIN, implClass=PlainMechanismHandler.class ), + @SaslMechanism( name=SupportedSaslMechanisms.CRAM_MD5, implClass=CramMd5MechanismHandler.class), + @SaslMechanism( name=SupportedSaslMechanisms.DIGEST_MD5, implClass=DigestMd5MechanismHandler.class), + @SaslMechanism( name=SupportedSaslMechanisms.GSSAPI, implClass=GssapiMechanismHandler.class), + @SaslMechanism( name=SupportedSaslMechanisms.NTLM, implClass=NtlmMechanismHandler.class), + @SaslMechanism( name=SupportedSaslMechanisms.GSS_SPNEGO, implClass=NtlmMechanismHandler.class) + }) +@CreateKdcServer ( + transports = + { + @CreateTransport( protocol = "UDP", port = 6088 ), + @CreateTransport( protocol = "TCP", port = 6088 ) + }) public class SaslGssapiBindITest extends AbstractLdapTestUnit { private DirContext ctx; - @BeforeClass - public static final void init() - { - String path = SaslGssapiBindITest.class.getResource( "" ).getPath(); - int targetPos = path.indexOf( "target" ); - workingDir = path.substring( 0, targetPos + 6 ) + "/server-work/schema"; - } + /** the context root for the schema */ + protected LdapContext schemaRoot; + + /** the context root for the system partition */ + protected LdapContext sysRoot; + + /** the context root for the rootDSE */ + protected CoreSession rootDSE; /** * Creates a new instance of SaslGssapiBindTest and sets JAAS system properties. */ public SaslGssapiBindITest() { - String krbConfPath = getClass().getResource( "krb5.conf" ).getFile(); + String krbConfPath = getClass().getClassLoader().getResource( "krb5.conf" ).getFile(); System.setProperty( "java.security.krb5.conf", krbConfPath ); System.setProperty( "sun.security.krb5.debug", "false" ); } @@ -105,17 +159,6 @@ @Before public void setUp() throws Exception { - super.setUp(); - - ldapServer.setSaslHost( "localhost" ); - ldapServer.setSaslPrincipal( "ldap/localhost@EXAMPLE.COM" ); - - KdcServer kdcConfig = new KdcServer(); - kdcConfig.setDirectoryService( directoryService ); - kdcConfig.setTransports( new TcpTransport( 6088 ), new UdpTransport( 6088 ) ); - kdcConfig.setEnabled( true ); - kdcConfig.setSearchBaseDn( "ou=users,dc=example,dc=com" ); - kdcConfig.start(); Attributes attrs; setContexts( "uid=admin,ou=system", "secret" ); @@ -141,15 +184,9 @@ schemaRoot.modifyAttributes( "cn=Krb5kdc", mods ); } - LdapDN contextDn = new LdapDN( "dc=example,dc=com" ); - ServerEntry entry = ldapServer.getDirectoryService().newEntry( contextDn ); - entry.add( "objectClass", "top", "domain", "extensibleObject" ); - entry.add( "dc", "example" ); - ldapServer.getDirectoryService().getAdminSession().add( entry ); - // Get a context, create the ou=users subcontext, then create the 3 principals. Hashtable env = new Hashtable(); - env.put( DirectoryService.JNDI_KEY, directoryService ); + env.put( DirectoryService.JNDI_KEY, service ); env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" ); env.put( Context.PROVIDER_URL, "dc=example,dc=com" ); env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" ); @@ -172,31 +209,6 @@ } - protected void configureDirectoryService() throws NamingException - { - directoryService.setAllowAnonymousAccess( false ); - Set partitions = new HashSet(); - - // Add partition 'example' - JdbmPartition partition = new JdbmPartition(); - partition.setId( "example" ); - partition.setSuffix( "dc=example,dc=com" ); - - Set> indexedAttrs = new HashSet>(); - indexedAttrs.add( new JdbmIndex( "ou" ) ); - indexedAttrs.add( new JdbmIndex( "dc" ) ); - indexedAttrs.add( new JdbmIndex( "objectClass" ) ); - partition.setIndexedAttributes( indexedAttrs ); - - partitions.add( partition ); - directoryService.setPartitions( partitions ); - - List list = directoryService.getInterceptors(); - list.add( new KeyDerivationInterceptor() ); - directoryService.setInterceptors( list ); - } - - /** * Convenience method for creating principals. * @@ -281,7 +293,7 @@ // Create the initial context Hashtable env = new Hashtable(); env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" ); - env.put( Context.PROVIDER_URL, "ldap://localhost:" + port ); + env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() ); // Request the use of the "GSSAPI" SASL mechanism // Authenticate by using already established Kerberos credentials @@ -324,7 +336,7 @@ } - + /** * Tear down. */ @@ -333,6 +345,49 @@ { ctx.close(); ctx = null; - super.tearDown(); } + + + // copied the below two methods from AbstractServerTest + /** + * Sets the contexts for this base class. Values of user and password used to + * set the respective JNDI properties. These values can be overriden by the + * overrides properties. + * + * @param user the username for authenticating as this user + * @param passwd the password of the user + * @throws NamingException if there is a failure of any kind + */ + protected void setContexts( String user, String passwd ) throws Exception + { + Hashtable env = new Hashtable(); + env.put( DirectoryService.JNDI_KEY, service ); + env.put( Context.SECURITY_PRINCIPAL, user ); + env.put( Context.SECURITY_CREDENTIALS, passwd ); + env.put( Context.SECURITY_AUTHENTICATION, "simple" ); + env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() ); + setContexts( env ); + } + + + /** + * Sets the contexts of this class taking into account the extras and overrides + * properties. + * + * @param env an environment to use while setting up the system root. + * @throws NamingException if there is a failure of any kind + */ + protected void setContexts( Hashtable env ) throws Exception + { + Hashtable envFinal = new Hashtable( env ); + envFinal.put( Context.PROVIDER_URL, ServerDNConstants.SYSTEM_DN ); + sysRoot = new InitialLdapContext( envFinal, null ); + + envFinal.put( Context.PROVIDER_URL, "" ); + rootDSE = service.getAdminSession(); + + envFinal.put( Context.PROVIDER_URL, SchemaConstants.OU_SCHEMA ); + schemaRoot = new InitialLdapContext( envFinal, null ); + } + } Added: directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/krb5.conf URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/krb5.conf?rev=895945&view=auto ============================================================================== --- directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/krb5.conf (added) +++ directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/krb5.conf Tue Jan 5 08:49:31 2010 @@ -0,0 +1,15 @@ +[libdefaults] + default_realm = EXAMPLE.COM + +[realms] + EXAMPLE.COM = { + kdc = localhost:6088 + } + +[domain_realm] + .example.com = EXAMPLE.COM + example.com = EXAMPLE.COM + +[login] + krb4_convert = true + krb4_get_tickets = false \ No newline at end of file Added: directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/log4j.properties URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/log4j.properties?rev=895945&view=auto ============================================================================== --- directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/log4j.properties (added) +++ directory/apacheds/branches/apacheds-schema/kerberos-test/src/test/resources/log4j.properties Tue Jan 5 08:49:31 2010 @@ -0,0 +1,22 @@ +############################################################################# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +############################################################################# +log4j.rootCategory=OFF, stdout + +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n + Modified: directory/apacheds/branches/apacheds-schema/pom.xml URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-schema/pom.xml?rev=895945&r1=895944&r2=895945&view=diff ============================================================================== --- directory/apacheds/branches/apacheds-schema/pom.xml (original) +++ directory/apacheds/branches/apacheds-schema/pom.xml Tue Jan 5 08:49:31 2010 @@ -361,7 +361,6 @@ protocol-ntp protocol-ldap protocol-kerberos - protocol-dhcp protocol-dns protocol-changepw @@ -381,6 +380,7 @@ kerberos-shared interceptor-kerberos + kerberos-test server-replication xbean-spring