directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ha...@apache.org
Subject directory-kerby git commit: DIRKRB-183 Enhance kadmin to support add principals
Date Fri, 20 Mar 2015 05:27:52 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 44de66463 -> 7a441d451


DIRKRB-183 Enhance kadmin to support add principals


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7a441d45
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7a441d45
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7a441d45

Branch: refs/heads/master
Commit: 7a441d45120ae4cbc3d8d4cd3e21ed046259b18a
Parents: 44de664
Author: hazel <linchen7@foxmail.com>
Authored: Fri Mar 20 13:27:45 2015 +0800
Committer: hazel <linchen7@foxmail.com>
Committed: Fri Mar 20 13:27:45 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/tool/kadmin/Kadmin.java      |   7 +-
 .../kadmin/executor/AddPrincipalExecutor.java   | 191 +++++++++++++++++++
 2 files changed, 197 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7a441d45/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
b/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
index e5b5c97..6e0c0f1 100644
--- a/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
+++ b/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.tool.kadmin;
 
 import org.apache.kerby.config.Conf;
 import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.tool.kadmin.executor.AddPrincipalExecutor;
 import org.apache.kerby.kerberos.tool.kadmin.executor.KadminCommandExecutor;
 
 import java.io.File;
@@ -73,7 +74,11 @@ public class Kadmin {
         }
 
         KadminCommandExecutor executor = null;
-        //TODO execute commands.
+        if (command.startsWith("add_principal") ||
+                command.startsWith("addprinc") ||
+                command.startsWith("ank")) {
+            executor = new AddPrincipalExecutor(kdcConfig, backendConfig);
+        }
 
         if (executor == null) {
             System.out.println("Unknown request \"" + command + "\". Type \"?\" for a request
list.");

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7a441d45/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
----------------------------------------------------------------------
diff --git a/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
b/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
new file mode 100644
index 0000000..ddb310b
--- /dev/null
+++ b/kdc-tool/kadmin-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/AddPrincipalExecutor.java
@@ -0,0 +1,191 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.executor;
+
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.Console;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Scanner;
+
+public class AddPrincipalExecutor implements KadminCommandExecutor{
+    private static final String USAGE = "usage: add_principal [options] principal\n" +
+            "\toptions are:\n" +
+            "\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate]
[-maxlife maxtixlife]\n" +
+            "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n" +
+            "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n" +
+            "\t\t[-e keysaltlist]\n" +
+            "\t\t[{+|-}attribute]\n" +
+            "\tattributes are:\n" +
+            "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n" +
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n" +
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n" +
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n" +
+            "\n" +
+            "where,\n" +
+            "\t[-x db_princ_args]* - any number of database specific arguments.\n" +
+            "\t\t\tLook at each database documentation for supported arguments";
+
+    private KdcConfig kdcConfig;
+    private Config backendConfig;
+
+    public AddPrincipalExecutor(KdcConfig kdcConfig, Config backendConfig) {
+        this.kdcConfig = kdcConfig;
+        this.backendConfig = backendConfig;
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split(" ");
+        if (commands.length < 2) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        parseOptions(commands);
+        String principal = commands[commands.length - 1];
+        String password = getPassword(principal);
+
+        if (password == null) {
+            return;
+        }
+
+        addPrincipal(principal, password);
+        System.out.println("Principal \"" + principal + "\" created.");
+    }
+
+    private void parseOptions(String[] commands) {
+        //TODO
+    }
+
+    /**
+     * Get password for the input principal from console
+     */
+    private String getPassword(String principal) {
+        String passwordOnce;
+        String passwordTwice;
+
+        Console console = System.console();
+        if (console == null) {
+            System.out.println("Couldn't get Console instance, " +
+                    "maybe you're running this from within an IDE. " +
+                    "Use scanner to read password.");
+            Scanner scanner = new Scanner(System.in);
+            passwordOnce = getPassword(scanner,
+                    "Enter password for principal \"" + principal + "\":");
+            passwordTwice = getPassword(scanner,
+                    "Re-enter password for principal \"" + principal + "\":");
+
+        } else {
+            passwordOnce = getPassword(console,
+                    "Enter password for principal \"" + principal + "\":");
+            passwordTwice = getPassword(console,
+                    "Re-enter password for principal \"" + principal + "\":");
+        }
+
+        if (!passwordOnce.equals(passwordTwice)) {
+            System.err.println("add_principal: Password mismatch while reading password for
\"" + principal + "\".");
+            return null;
+        }
+        return passwordOnce;
+    }
+
+    private String getPassword(Scanner scanner, String prompt) {
+        System.out.println(prompt);
+        return scanner.nextLine().trim();
+    }
+
+    private String getPassword(Console console, String prompt) {
+        console.printf(prompt);
+        char[] passwordChars = console.readPassword();
+        String password = new String(passwordChars).trim();
+        Arrays.fill(passwordChars, ' ');
+        return password;
+    }
+
+    private void addPrincipal(String principal, String password) {
+        IdentityBackend backend = initBackend();
+
+        KrbIdentity identity = createIdentity(principal, password);
+        backend.addIdentity(identity);
+    }
+
+    private IdentityBackend initBackend() {
+        String backendClassName = backendConfig.getString(
+                KdcConfigKey.KDC_IDENTITY_BACKEND);
+        if (backendClassName == null) {
+            throw new RuntimeException("Can not find the IdentityBackend class");
+        }
+
+        Class backendClass = null;
+        try {
+            backendClass = Class.forName(backendClassName);
+        } catch (ClassNotFoundException e) {
+            throw new RuntimeException("Failed to load backend class: "
+                    + backendClassName);
+        }
+
+        IdentityBackend backend;
+        try {
+            backend = (IdentityBackend) backendClass.newInstance();
+        } catch (InstantiationException | IllegalAccessException e) {
+            throw new RuntimeException("Failed to create backend: "
+                    + backendClassName);
+        }
+
+        backend.setConfig(backendConfig);
+        backend.initialize();
+        return backend;
+    }
+
+    protected KrbIdentity createIdentity(String principal, String password) {
+        KrbIdentity kid = new KrbIdentity(principal);
+        kid.setCreatedTime(KerberosTime.now());
+        kid.setExpireTime(KerberosTime.NEVER);
+        kid.setDisabled(false);
+        kid.setKeyVersion(1);
+        kid.setLocked(false);
+
+        kid.addKeys(generateKeys(kid.getPrincipalName(), password));
+
+        return kid;
+    }
+
+    protected List<EncryptionKey> generateKeys(String principal, String password) {
+        try {
+            return EncryptionUtil.generateKeys(principal, password, kdcConfig.getEncryptionTypes());
+        } catch (KrbException e) {
+            throw new RuntimeException("Failed to create keys", e);
+        }
+    }
+
+
+
+
+}


Mime
View raw message