directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: [DIRKRB-297]-Implement command 'ktremove' in Kadmin. Contributed by Wei.
Date Thu, 18 Jun 2015 02:01:27 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master c89d7e40d -> dc623d966


[DIRKRB-297]-Implement command 'ktremove' in Kadmin. Contributed by Wei.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/dc623d96
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/dc623d96
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/dc623d96

Branch: refs/heads/master
Commit: dc623d966db8360b5a9c4bafe24107a128b369da
Parents: c89d7e4
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Thu Jun 18 10:06:28 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Thu Jun 18 10:06:28 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/admin/Kadmin.java       | 61 +++++++++++++
 .../kerby/kerberos/kerb/admin/KadminOption.java |  2 +
 .../kerby/kerberos/kerb/keytab/Keytab.java      | 10 ++-
 .../kerby/kerberos/tool/kadmin/Kadmin.java      |  3 +
 .../kadmin/executor/KeytabRemoveExecutor.java   | 94 ++++++++++++++++++++
 5 files changed, 169 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc623d96/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index 63589f9..29062f0 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -190,6 +190,67 @@ public class Kadmin {
         return resultSB;
     }
 
+    public StringBuilder removeEntryFromKeytab(File keytabFile, String principalName, String
option)
+        throws KrbException {
+        int kvno;
+        int numDeleted = 0;
+        StringBuilder resultSB = new StringBuilder();
+        Keytab keytab = loadKeytab(keytabFile);
+        List<KeytabEntry> entries = keytab.getKeytabEntries(new PrincipalName(principalName));
+        if (entries == null || entries.isEmpty()) {
+            resultSB.append("Principal " + principalName + " not found! ");
+            return resultSB;
+        }
+
+        if (option == null || option.equals("all")) {
+            numDeleted = entries.size();
+            for(KeytabEntry entry : entries) {
+                keytab.removeKeytabEntry(entry);
+            }
+        } else if (option.equals("old")) {
+            kvno = entries.get(0).getKvno();
+            for (KeytabEntry entry : entries) {
+                if (kvno > entry.getKvno()) {
+                    kvno = entry.getKvno();
+                }
+            }
+            numDeleted = deleteKeytabEntryByKvno(entries, kvno, keytab);
+        } else {
+            try {
+                kvno = Integer.parseInt(option);
+            } catch (NumberFormatException e) {
+                resultSB.append("Parameter " + option + " not recognized!");
+                return resultSB;
+            }
+            numDeleted = deleteKeytabEntryByKvno(entries, kvno, keytab);
+        }
+
+        //Store the keytab
+        if (numDeleted != 0) {
+            try {
+                keytab.store(keytabFile);
+            } catch (IOException e) {
+                throw new KrbException("Fail to store the keytab!", e);
+            }
+        }
+
+        resultSB.append( numDeleted + " entry(entries) removed for principal " +
+                principalName + " from keytab \n");
+
+        return resultSB;
+    }
+
+    private int deleteKeytabEntryByKvno(List<KeytabEntry> entries, int kvno, Keytab
keytab) {
+        int numDeleted = 0;
+        for(KeytabEntry entry : entries) {
+            if(entry.getKvno() == kvno) {
+                numDeleted++;
+                keytab.removeKeytabEntry(entry);
+            }
+        }
+        return numDeleted;
+    }
+
     private Keytab loadKeytab(File keytabFile) throws KrbException {
         try {
             if (!keytabFile.exists()) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc623d96/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
index 7c7dcde..9d9b57e 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
@@ -30,6 +30,8 @@ public enum KadminOption implements KOption {
     FORCE("-force", "force", KOptionType.NOV),
     KVNO("-kvno", "initial key version number", KOptionType.INT),
     PW("-pw", "password", KOptionType.STR),
+    K("-k", "keytab file path", KOptionType.STR),
+    KEYTAB("-keytab", "keytab file path", KOptionType.STR),
     ;
 
     private String name;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc623d96/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
index 648d08f..1f715e4 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
@@ -83,7 +83,15 @@ public class Keytab implements KrbKeytab {
 
     @Override
     public List<KeytabEntry> getKeytabEntries(PrincipalName principal) {
-        return principalEntries.get(principal);
+        List<KeytabEntry> internal = principalEntries.get(principal);
+        if (internal == null) {
+            return null;
+        }
+        List<KeytabEntry> result = new ArrayList<KeytabEntry>();
+        for (KeytabEntry entry : internal) {
+            result.add(entry);
+        }
+        return result;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc623d96/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
index c6c3112..fe720bf 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/Kadmin.java
@@ -83,6 +83,9 @@ public class Kadmin {
         } else if (command.startsWith("ktadd") ||
                 command.startsWith("xst")) {
             executor = new KeytabAddExecutor(backendConfig);
+        } else if (command.startsWith("ktremove") ||
+                command.startsWith("ktrem")) {
+            executor = new KeytabRemoveExecutor(backendConfig);
         } else if (command.startsWith("delete_principal") ||
                 command.startsWith("delprinc")) {
             executor = new DeletePrincipalExecutor(backendConfig);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc623d96/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabRemoveExecutor.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabRemoveExecutor.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabRemoveExecutor.java
new file mode 100644
index 0000000..ffde039
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/executor/KeytabRemoveExecutor.java
@@ -0,0 +1,94 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.executor;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.tool.kadmin.tool.KadminTool;
+
+import java.io.File;
+
+public class KeytabRemoveExecutor implements KadminCommandExecutor{
+    private static final String USAGE =
+            "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno | all | old]";
+
+    private static final String DEFAULT_KEYTAB_FILE_LOCATION = "/etc/krb5.keytab";
+
+    private Config backendConfig;
+
+    public KeytabRemoveExecutor(Config backendConfig) {
+        this.backendConfig = backendConfig;
+    }
+
+    @Override
+    public void execute(String input) {
+        String[] commands = input.split("\\s+");
+        if (commands.length < 2 || commands.length > 6) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        String principal = null;
+        String keytabFileLocation = null;
+        String rangeSuffix = null;
+        int lastIndex ;
+
+        if (commands[commands.length - 1].matches("^all|old|-?\\d+$")) {
+            if (commands.length < 3) {
+                System.err.println(USAGE);
+                return;
+            }
+            lastIndex = commands.length - 3;
+            principal = commands[commands.length - 2];
+            rangeSuffix = commands[commands.length - 1];
+        } else {
+            lastIndex = commands.length - 2;
+            principal = commands[commands.length - 1];
+        }
+        KOptions kOptions = KadminTool.parseOptions(commands, 1, lastIndex);
+
+        if (principal == null || kOptions == null ||
+                kOptions.contains(KadminOption.K) && kOptions.contains(KadminOption.KEYTAB))
{
+            System.err.println(USAGE);
+            return;
+        }
+
+        keytabFileLocation = kOptions.contains(KadminOption.K)?
+                kOptions.getStringOption(KadminOption.K):kOptions.getStringOption(KadminOption.KEYTAB);
+
+        if (keytabFileLocation == null) {
+            keytabFileLocation = DEFAULT_KEYTAB_FILE_LOCATION;
+        }
+        File keytabFile = new File(keytabFileLocation);
+
+        Kadmin kadmin = new Kadmin(backendConfig);
+        try {
+            StringBuilder result = kadmin.removeEntryFromKeytab(keytabFile, principal, rangeSuffix);
+            result.append("\tFile:" + keytabFileLocation);
+            System.out.println(result.toString());
+        } catch (KrbException e) {
+            System.err.println("Principal \"" + principal + "\" fail to remove entry from
keytab." +
+                e.getMessage());
+        }
+    }
+}


Mime
View raw message