directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [1/2] directory-kerby git commit: Refactored Kadmin API
Date Tue, 23 Jun 2015 09:58:52 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 564d25926 -> badf6fa17


Refactored Kadmin API


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/a2237ff1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/a2237ff1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/a2237ff1

Branch: refs/heads/master
Commit: a2237ff1646fce12c84765dffe7de3e9291f4b2c
Parents: 8668131
Author: Drankye <drankye@gmail.com>
Authored: Wed Jun 24 00:56:21 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Wed Jun 24 00:56:21 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/admin/Kadmin.java       | 284 ++++---------------
 .../kerby/kerberos/kerb/admin/KadminUtil.java   | 247 ++++++++++++++++
 .../kerby/kerberos/kerb/keytab/Keytab.java      |  26 +-
 .../kerby/kerberos/kerb/keytab/KrbKeytab.java   |   2 +
 .../kerby/kerberos/tool/kadmin/KadminTool.java  |  58 ++--
 .../kadmin/command/ChangePasswordCommand.java   |   2 +-
 .../tool/kadmin/command/KeytabAddCommand.java   |   6 +-
 .../kadmin/command/KeytabRemoveCommand.java     |  24 +-
 .../kadmin/command/ListPrincipalCommand.java    |   2 +-
 9 files changed, 368 insertions(+), 283 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index ba66687..bc9ab5a 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -25,18 +25,11 @@ import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.keytab.Keytab;
-import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
 import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
-import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 
 import java.io.File;
-import java.io.IOException;
-import java.util.Date;
 import java.util.List;
 
 /**
@@ -48,10 +41,14 @@ public class Kadmin {
     private Config backendConfig;
     private IdentityBackend backend;
 
-    public Kadmin(KdcConfig kdcConfig, Config backendConfig) {
+    protected Kadmin(KdcConfig kdcConfig, Config backendConfig) {
         this.kdcConfig = kdcConfig;
         this.backendConfig = backendConfig;
-        this.backend = getBackend(backendConfig);
+        this.backend = KadminUtil.getBackend(backendConfig);
+    }
+
+    public static Kadmin getInstance(File confDir) throws KrbException {
+        return KadminUtil.createKadmin(confDir);
     }
 
     public KdcConfig getKdcConfig() {
@@ -70,228 +67,75 @@ public class Kadmin {
         return backend;
     }
 
-    /**
-     * Init the identity backend from backend configuration.
-     */
-    private IdentityBackend getBackend(Config backendConfig) {
-        String backendClassName = backendConfig.getString(
-                KdcConfigKey.KDC_IDENTITY_BACKEND);
-        if (backendClassName == null) {
-            throw new RuntimeException("Can not find the IdentityBackend class");
-        }
-
-        Class<?> backendClass = null;
-        try {
-            backendClass = Class.forName(backendClassName);
-        } catch (ClassNotFoundException e) {
-            throw new RuntimeException("Failed to load backend class: "
-                    + backendClassName);
-        }
-
-        IdentityBackend backend;
-        try {
-            backend = (IdentityBackend) backendClass.newInstance();
-        } catch (InstantiationException | IllegalAccessException e) {
-            throw new RuntimeException("Failed to create backend: "
-                    + backendClassName);
-        }
-
-        backend.setConfig(backendConfig);
-        backend.initialize();
-        return backend;
-    }
-
-    public void addPrincipal(String principal, String password, KOptions kOptions)
+    public void addPrincipal(String principal, KOptions kOptions)
         throws KrbException {
-
-        KrbIdentity identity = createIdentity(principal, password, kOptions);
-        try {
-            backend.addIdentity(identity);
-        } catch (RuntimeException e) {
-            throw new KrbException("Fail to add principal.", e);
-        }
-    }
-
-    private KrbIdentity createIdentity(String principal, String password, KOptions kOptions)
-        throws KrbException {
-        KrbIdentity kid = new KrbIdentity(principal);
-        kid.setCreatedTime(KerberosTime.now());
-        if(kOptions.contains(KadminOption.EXPIRE)) {
-            Date date = kOptions.getDateOption(KadminOption.EXPIRE);
-            kid.setExpireTime(new KerberosTime(date.getTime()));
-        } else {
-            kid.setExpireTime(KerberosTime.NEVER);
-        }
-        if(kOptions.contains(KadminOption.KVNO)) {
-            kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO));
-        } else {
-            kid.setKeyVersion(1);
-        }
-        kid.setDisabled(false);
-        kid.setLocked(false);
-        kid.addKeys(generateKeys(kid.getPrincipalName(), password));
-
-        return kid;
+        KrbIdentity identity = KadminUtil.createIdentity(principal, kOptions);
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+            kdcConfig.getEncryptionTypes());
+        identity.addKeys(keys);
+        backend.addIdentity(identity);
     }
 
-    private List<EncryptionKey> generateKeys(String principal, String password)
+    public void addPrincipal(String principal, String password, KOptions kOptions)
         throws KrbException {
-        try {
-            return EncryptionUtil.generateKeys(principal, password, kdcConfig.getEncryptionTypes());
-        } catch (KrbException e) {
-            throw new KrbException("Failed to create keys", e);
-        }
+        KrbIdentity identity = KadminUtil.createIdentity(principal, kOptions);
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
+            kdcConfig.getEncryptionTypes());
+        identity.addKeys(keys);
+        backend.addIdentity(identity);
     }
 
-    public StringBuffer addEntryToKeytab(File keytabFile, String principalName)
+    public void exportKeytab(File keytabFile, String principalName)
         throws KrbException {
 
         //Get Identity
         KrbIdentity identity = backend.getIdentity(principalName);
         if (identity == null) {
             throw new KrbException("Can not find the identity for pincipal " +
-                    principalName + ".");
+                    principalName);
         }
 
-        StringBuffer resultSB = new StringBuffer();
-        Keytab keytab = loadKeytab(keytabFile);
-
-        //Add principal to keytab.
-        PrincipalName principal = identity.getPrincipal();
-        KerberosTime timestamp = new KerberosTime();
-        for (EncryptionType encType : identity.getKeys().keySet()) {
-            EncryptionKey ekey = identity.getKeys().get(encType);
-            int keyVersion = ekey.getKvno();
-            keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
-            resultSB.append("Entry for principal " + principalName +
-                    " with kvno " + keyVersion + ", encryption type " +
-                    encType.getName() + " added to keytab " +
-                    keytabFile.getAbsolutePath() + "\n");
-        }
-
-        //Store the keytab
-        try {
-            keytab.store(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Fail to store the keytab!", e);
-        }
-        return resultSB;
+        KadminUtil.exportKeytab(keytabFile, identity);
     }
 
-    public StringBuilder removeEntryFromKeytab(File keytabFile, String principalName, String
option)
+    public void removeKeytabEntriesOf(File keytabFile, String principalName)
         throws KrbException {
-        int kvno;
-        int numDeleted = 0;
-        StringBuilder resultSB = new StringBuilder();
-        Keytab keytab = loadKeytab(keytabFile);
-        List<KeytabEntry> entries = keytab.getKeytabEntries(new PrincipalName(principalName));
-        if (entries == null || entries.isEmpty()) {
-            resultSB.append("Principal " + principalName + " not found! ");
-            return resultSB;
-        }
-
-        if (option == null || option.equals("all")) {
-            numDeleted = entries.size();
-            for(KeytabEntry entry : entries) {
-                keytab.removeKeytabEntry(entry);
-            }
-        } else if (option.equals("old")) {
-            kvno = entries.get(0).getKvno();
-            for (KeytabEntry entry : entries) {
-                if (kvno > entry.getKvno()) {
-                    kvno = entry.getKvno();
-                }
-            }
-            numDeleted = deleteKeytabEntryByKvno(entries, kvno, keytab);
-        } else {
-            try {
-                kvno = Integer.parseInt(option);
-            } catch (NumberFormatException e) {
-                resultSB.append("Parameter " + option + " not recognized!");
-                return resultSB;
-            }
-            numDeleted = deleteKeytabEntryByKvno(entries, kvno, keytab);
-        }
-
-        //Store the keytab
-        if (numDeleted != 0) {
-            try {
-                keytab.store(keytabFile);
-            } catch (IOException e) {
-                throw new KrbException("Fail to store the keytab!", e);
-            }
-        }
-
-        resultSB.append( numDeleted + " entry(entries) removed for principal " +
-                principalName + " from keytab \n");
-
-        return resultSB;
+        KadminUtil.removeKeytabEntriesOf(keytabFile, principalName);
     }
 
-    private int deleteKeytabEntryByKvno(List<KeytabEntry> entries, int kvno, Keytab
keytab) {
-        int numDeleted = 0;
-        for(KeytabEntry entry : entries) {
-            if(entry.getKvno() == kvno) {
-                numDeleted++;
-                keytab.removeKeytabEntry(entry);
-            }
-        }
-        return numDeleted;
+    public void removeKeytabEntriesOf(File keytabFile,
+                                      String principalName, int kvno)
+        throws KrbException {
+        KadminUtil.removeKeytabEntriesOf(keytabFile, principalName, kvno);
     }
 
-    private Keytab loadKeytab(File keytabFile) throws KrbException {
-        try {
-            if (!keytabFile.exists()) {
-                keytabFile.createNewFile();
-                return new Keytab();
-            }
-
-            return Keytab.loadKeytab(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Fail to load keytab!", e);
-        }
+    public void removeOldKeytabEntriesOf(File keytabFile, String principalName)
+        throws KrbException {
+        KadminUtil.removeOldKeytabEntriesOf(keytabFile, principalName);
     }
 
     public void deletePrincipal(String principal) throws KrbException {
-        try {
-            backend.deleteIdentity(principal);
-        } catch (RuntimeException e) {
-            throw new KrbException("Fail to delete Identity!", e);
-        }
+        backend.deleteIdentity(principal);
     }
 
-    public void modifyPrincipal(String principal, KOptions kOptions) throws KrbException
{
-
-        KrbIdentity originIdentity = backend.getIdentity(principal);
-        if (originIdentity == null) {
+    public void modifyPrincipal(String principal, KOptions kOptions)
+        throws KrbException {
+        KrbIdentity identity = backend.getIdentity(principal);
+        if (identity == null) {
             throw new KrbException("Principal \"" +
-                originIdentity.getPrincipalName() + "\" does not exist.");
+                identity.getPrincipalName() + "\" does not exist.");
         }
-        KrbIdentity identity = createUpdatedIdentity(originIdentity, kOptions);
+        KadminUtil.updateIdentity(identity, kOptions);
         backend.updateIdentity(identity);
     }
 
-    protected KrbIdentity createUpdatedIdentity(KrbIdentity kid, KOptions kOptions) {
-        if (kOptions.contains(KadminOption.EXPIRE)) {
-            Date date = kOptions.getDateOption(KadminOption.EXPIRE);
-            kid.setExpireTime(new KerberosTime(date.getTime()));
-        }
-        if (kOptions.contains(KadminOption.DISABLED)) {
-            kid.setDisabled(kOptions.getBooleanOption(KadminOption.DISABLED));
-        }
-        if (kOptions.contains(KadminOption.LOCKED)) {
-            kid.setLocked(kOptions.getBooleanOption(KadminOption.LOCKED));
-        }
-        return kid;
-    }
-
     public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
         throws KrbException {
 
-        KrbIdentity verifyIdentity = backend.getIdentity(newPrincipalName);
-        if(verifyIdentity != null) {
+        KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
+        if(oldIdentity != null) {
             throw new KrbException("Principal \"" +
-                verifyIdentity.getPrincipalName() + "\" is already exist.");
+                oldIdentity.getPrincipalName() + "\" is already exist.");
         }
         KrbIdentity identity = backend.getIdentity(oldPrincipalName);
         if (identity == null) {
@@ -305,51 +149,39 @@ public class Kadmin {
         backend.addIdentity(identity);
     }
 
-    public KrbIdentity getPrincipal(String princName) throws KrbException {
-        try {
-            KrbIdentity identity = backend.getIdentity(princName);
-            return identity;
-        } catch (RuntimeException e) {
-            throw new KrbException("Failed to get identity!", e);
-        }
+    public KrbIdentity getPrincipal(String principalName) throws KrbException {
+        KrbIdentity identity = backend.getIdentity(principalName);
+        return identity;
     }
 
-    public List<String> listPrincipal() throws KrbException {
-        try {
-            List<String> principalNames = backend.getIdentities();
-            return principalNames;
-        } catch (RuntimeException e) {
-            throw new KrbException("Failed to get identity!", e);
-        }
+    public List<String> getPrincipals() throws KrbException {
+        List<String> principalNames = backend.getIdentities();
+        return principalNames;
     }
 
-    public void updatePassword(String principal, String password) throws KrbException {
+    public void updatePassword(String principal, String password)
+        throws KrbException {
         KrbIdentity identity = backend.getIdentity(principal);
-        if (identity != null) {
-            identity.addKeys(generateKeys(identity.getPrincipalName(), password));
-        } else {
+        if (identity == null) {
             throw new KrbException("Principal " + principal +
                 "was not found. Please check the input and try again");
         }
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
+            kdcConfig.getEncryptionTypes());
+        identity.addKeys(keys);
+
         backend.updateIdentity(identity);
     }
 
-    public void updateKey(String principal) throws KrbException {
+    public void updateKeys(String principal) throws KrbException {
         KrbIdentity identity = backend.getIdentity(principal);
-        if (identity != null) {
-            identity.addKeys(generateKeys());
-        } else {
+        if (identity == null) {
             throw new KrbException("Principal " + principal +
                 "was not found. Please check the input and try again");
         }
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+            kdcConfig.getEncryptionTypes());
+        identity.addKeys(keys);
         backend.updateIdentity(identity);
     }
-
-    private List<EncryptionKey> generateKeys() throws KrbException {
-        try {
-            return EncryptionUtil.generateKeys(kdcConfig.getEncryptionTypes());
-        } catch (KrbException e) {
-            throw new KrbException("Failed to create keys", e);
-        }
-    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
new file mode 100644
index 0000000..e54d0fa
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
@@ -0,0 +1,247 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.config.Conf;
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * Kadmin utilities.
+ */
+public final class KadminUtil {
+
+    private KadminUtil() { }
+
+    static Kadmin createKadmin(File confDir) throws KrbException {
+        KdcConfig kdcConfig;
+        Conf backendConfig;
+
+        File kdcConfFile = new File(confDir, "kdc.conf");
+        kdcConfig = new KdcConfig();
+        if (kdcConfFile.exists()) {
+            try {
+                kdcConfig.addIniConfig(kdcConfFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the kdc configuration file "
+                    + kdcConfFile.getAbsolutePath());
+            }
+        }
+
+        File backendConfigFile = new File(confDir, "backend.conf");
+        backendConfig = new Conf();
+        if (backendConfigFile.exists()) {
+            try {
+                backendConfig.addIniConfig(backendConfigFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the backend configuration file "
+                    + backendConfigFile.getAbsolutePath());
+            }
+        }
+
+        return new Kadmin(kdcConfig, backendConfig);
+    }
+
+    /**
+     * Init the identity backend from backend configuration.
+     */
+    static IdentityBackend getBackend(Config backendConfig) {
+        String backendClassName = backendConfig.getString(
+            KdcConfigKey.KDC_IDENTITY_BACKEND);
+        if (backendClassName == null) {
+            throw new RuntimeException("Can not find the IdentityBackend class");
+        }
+
+        Class<?> backendClass;
+        try {
+            backendClass = Class.forName(backendClassName);
+        } catch (ClassNotFoundException e) {
+            throw new RuntimeException("Failed to load backend class: "
+                    + backendClassName);
+        }
+
+        IdentityBackend backend;
+        try {
+            backend = (IdentityBackend) backendClass.newInstance();
+        } catch (InstantiationException | IllegalAccessException e) {
+            throw new RuntimeException("Failed to create backend: "
+                    + backendClassName);
+        }
+
+        backend.setConfig(backendConfig);
+        backend.initialize();
+        return backend;
+    }
+
+    static void exportKeytab(File keytabFile, KrbIdentity identity)
+        throws KrbException {
+
+        Keytab keytab;
+        try {
+            if (!keytabFile.exists()) {
+                if (!keytabFile.createNewFile()) {
+                    throw new KrbException("Failed to create keytab file "
+                        + keytabFile.getAbsolutePath());
+                }
+                keytab = new Keytab();
+            } else {
+                keytab = Keytab.loadKeytab(keytabFile);
+            }
+        } catch (IOException e) {
+            throw new KrbException("Failed to load keytab", e);
+        }
+
+        //Add principal to keytab.
+        PrincipalName principal = identity.getPrincipal();
+        KerberosTime timestamp = new KerberosTime();
+        for (EncryptionType encType : identity.getKeys().keySet()) {
+            EncryptionKey ekey = identity.getKeys().get(encType);
+            int keyVersion = ekey.getKvno();
+            keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+        }
+
+        //Store the keytab
+        try {
+            keytab.store(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Fail to store the keytab!", e);
+        }
+    }
+
+    static void removeKeytabEntriesOf(File keytabFile,
+                                             String principalName) throws KrbException {
+        Keytab keytab;
+        try {
+            keytab = Keytab.loadKeytab(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to load keytab", e);
+        }
+
+        keytab.removeKeytabEntries(new PrincipalName(principalName));
+
+        //Store the keytab
+        try {
+            keytab.store(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to store keytab", e);
+        }
+    }
+
+    static void removeKeytabEntriesOf(File keytabFile,
+                                      String principalName, int kvno) throws KrbException
{
+        Keytab keytab;
+        try {
+            keytab = Keytab.loadKeytab(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to load keytab", e);
+        }
+
+        keytab.removeKeytabEntries(new PrincipalName(principalName), kvno);
+
+        //Store the keytab
+        try {
+            keytab.store(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to store keytab", e);
+        }
+    }
+
+    static void removeOldKeytabEntriesOf(File keytabFile,
+                                                String principalName) throws KrbException
{
+        Keytab keytab;
+        try {
+            keytab = Keytab.loadKeytab(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to load keytab", e);
+        }
+
+        List<KeytabEntry> entries = keytab.getKeytabEntries(new PrincipalName(principalName));
+
+        int maxKvno = 0;
+        for (KeytabEntry entry : entries) {
+            if (maxKvno < entry.getKvno()) {
+                maxKvno = entry.getKvno();
+            }
+        }
+
+        for(KeytabEntry entry : entries) {
+            if(entry.getKvno() < maxKvno) {
+                keytab.removeKeytabEntry(entry);
+            }
+        }
+
+        //Store the keytab
+        try {
+            keytab.store(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to store keytab", e);
+        }
+    }
+
+    static KrbIdentity createIdentity(String principal, KOptions kOptions)
+        throws KrbException {
+        KrbIdentity kid = new KrbIdentity(principal);
+        kid.setCreatedTime(KerberosTime.now());
+        if(kOptions.contains(KadminOption.EXPIRE)) {
+            Date date = kOptions.getDateOption(KadminOption.EXPIRE);
+            kid.setExpireTime(new KerberosTime(date.getTime()));
+        } else {
+            kid.setExpireTime(KerberosTime.NEVER);
+        }
+        if(kOptions.contains(KadminOption.KVNO)) {
+            kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO));
+        } else {
+            kid.setKeyVersion(1);
+        }
+        kid.setDisabled(false);
+        kid.setLocked(false);
+
+        return kid;
+    }
+
+    static void updateIdentity(KrbIdentity identity, KOptions kOptions) {
+        if (kOptions.contains(KadminOption.EXPIRE)) {
+            Date date = kOptions.getDateOption(KadminOption.EXPIRE);
+            identity.setExpireTime(new KerberosTime(date.getTime()));
+        }
+        if (kOptions.contains(KadminOption.DISABLED)) {
+            identity.setDisabled(kOptions.getBooleanOption(KadminOption.DISABLED));
+        }
+        if (kOptions.contains(KadminOption.LOCKED)) {
+            identity.setLocked(kOptions.getBooleanOption(KadminOption.LOCKED));
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
index 1f715e4..a04687e 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
@@ -35,7 +35,10 @@ import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 
-public class Keytab implements KrbKeytab {
+/**
+ * Keytab management util.
+ */
+public final class Keytab implements KrbKeytab {
 
     public static final int V501 = 0x0501;
     public static final int V502 = 0x0502;
@@ -66,6 +69,16 @@ public class Keytab implements KrbKeytab {
     }
 
     @Override
+    public void removeKeytabEntries(PrincipalName principal, int kvno) {
+        List<KeytabEntry> entries = getKeytabEntries(principal);
+        for(KeytabEntry entry : entries) {
+            if(entry.getKvno() == kvno) {
+                removeKeytabEntry(entry);
+            }
+        }
+    }
+
+    @Override
     public void removeKeytabEntry(KeytabEntry entry) {
         PrincipalName principal = entry.getPrincipal();
         List<KeytabEntry> entries = principalEntries.get(principal);
@@ -83,15 +96,18 @@ public class Keytab implements KrbKeytab {
 
     @Override
     public List<KeytabEntry> getKeytabEntries(PrincipalName principal) {
+        List<KeytabEntry> results = new ArrayList<KeytabEntry>();
+
         List<KeytabEntry> internal = principalEntries.get(principal);
         if (internal == null) {
-            return null;
+            return results;
         }
-        List<KeytabEntry> result = new ArrayList<KeytabEntry>();
+
         for (KeytabEntry entry : internal) {
-            result.add(entry);
+            results.add(entry);
         }
-        return result;
+
+        return results;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KrbKeytab.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KrbKeytab.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KrbKeytab.java
index af11504..175d77a 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KrbKeytab.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KrbKeytab.java
@@ -37,6 +37,8 @@ public interface KrbKeytab {
 
     void removeKeytabEntries(PrincipalName principal);
 
+    void removeKeytabEntries(PrincipalName principal, int kvno);
+
     void removeKeytabEntry(KeytabEntry entry);
 
     List<KeytabEntry> getKeytabEntries(PrincipalName principal);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
index 002e35b..bd6887d 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -19,13 +19,11 @@
  */
 package org.apache.kerby.kerberos.tool.kadmin;
 
-import org.apache.kerby.config.Conf;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.admin.Kadmin;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
 import org.apache.kerby.kerberos.tool.kadmin.command.*;
 
 import java.io.File;
-import java.io.IOException;
 import java.util.Map;
 import java.util.Scanner;
 
@@ -63,10 +61,8 @@ public class KadminTool {
             "list_requests, lr, ?     List available requests.\n" +
             "quit, exit, q            Exit program.";
 
-    private static KdcConfig kdcConfig;
-    private static Conf backendConfig;
 
-    private static void execute(String command) {
+    private static void execute(Kadmin kadmin, String command) {
         //Omit the leading and trailing whitespace.
         command = command.trim();
         if (command.equals("list_requests") ||
@@ -76,7 +72,6 @@ public class KadminTool {
             return;
         }
 
-        Kadmin kadmin = new Kadmin(kdcConfig, backendConfig);
         KadminCommand executor = null;
         if (command.startsWith("add_principal") ||
                 command.startsWith("addprinc") ||
@@ -115,7 +110,7 @@ public class KadminTool {
         executor.execute(command);
     }
 
-    private static void initConfig(String[] args) {
+    private static File getConfDir(String[] args) {
         File confDir;
         if (args.length == 0) {
             String envDir;
@@ -134,43 +129,30 @@ public class KadminTool {
             confDir = new File(args[0]);
         }
 
-        if (confDir.exists()) {
-            File kdcConfFile = new File(confDir, "kdc.conf");
-            if (kdcConfFile.exists()) {
-                kdcConfig = new KdcConfig();
-                try {
-                    kdcConfig.addIniConfig(kdcConfFile);
-                } catch (IOException e) {
-                    System.err.println("Can not load the kdc configuration file " + kdcConfFile.getAbsolutePath());
-                    e.printStackTrace();
-                }
-            }
-
-            File backendConfigFile = new File(confDir, "backend.conf");
-            if (backendConfigFile.exists()) {
-                backendConfig = new Conf();
-                try {
-                    backendConfig.addIniConfig(backendConfigFile);
-                } catch (IOException e) {
-                    System.err.println("Can not load the backend configuration file " + backendConfigFile.getAbsolutePath());
-                    e.printStackTrace();
-                }
-            }
-        } else {
-            throw new RuntimeException("Can not find configuration directory");
+        if (!confDir.exists()) {
+            throw new RuntimeException("Can not locate KDC backend directory "
+                + confDir.getAbsolutePath());
         }
+        return confDir;
     }
 
     public static void main(String[] args) {
-        initConfig(args);
+        Kadmin kadmin;
+        try {
+            kadmin = Kadmin.getInstance(getConfDir(args));
+        } catch (KrbException e) {
+            System.err.println("Failed to init Kadmin due to " + e.getMessage());
+            return;
+        }
+
         System.out.print(PROMPT + ": ");
+
         try (Scanner scanner = new Scanner(System.in)) {
             String input = scanner.nextLine();
-    
-            while (!(input.equals("quit") ||
-                    input.equals("exit") ||
-                    input.equals("q"))) {
-                execute(input);
+
+            boolean quit = input.equals("quit") || input.equals("exit") || input.equals("q");
+            while (!quit) {
+                execute(kadmin, input);
                 System.out.print(PROMPT + ": ");
                 input = scanner.nextLine();
             }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
index fe95729..a8dbc28 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
@@ -78,7 +78,7 @@ public class ChangePasswordCommand extends KadminCommand {
                 }
             } else if( kOptions.contains(KadminOption.RANDKEY)){
                 try {
-                    getKadmin().updateKey(principal);
+                    getKadmin().updateKeys(principal);
                 } catch (KrbException e) {
                     System.err.println("Fail to update key. " + e.getCause());
                 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
index 105067d..c130f56 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
@@ -26,7 +26,7 @@ import java.io.File;
 
 public class KeytabAddCommand extends KadminCommand {
     private static final String USAGE =
-            "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal
| -glob princ-exp] [...]";
+        "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal |
-glob princ-exp] [...]";
 
     private static final String DEFAULT_KEYTAB_FILE_LOCATION = "/etc/krb5.keytab";
 
@@ -70,8 +70,8 @@ public class KeytabAddCommand extends KadminCommand {
         }
 
         try {
-        StringBuffer result = getKadmin().addEntryToKeytab(keytabFile, principal);
-            System.out.println(result.toString());
+            getKadmin().exportKeytab(keytabFile, principal);
+            System.out.println("Done!");
         } catch (KrbException e) {
             System.err.println("Principal \"" + principal + "\" fail to add entry to keytab."
+
                 e.getCause());

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
index d50b120..81dcfb2 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
@@ -31,7 +31,7 @@ public class KeytabRemoveCommand extends KadminCommand {
     private static final String USAGE =
             "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno | all | old]";
 
-    private static final String DEFAULT_KEYTAB_FILE_LOCATION = "/etc/krb5.keytab";
+    private static final String DEFAULT_KEYTAB_FILE = "/etc/krb5.keytab";
 
     public KeytabRemoveCommand(Kadmin kadmin) {
         super(kadmin);
@@ -45,9 +45,9 @@ public class KeytabRemoveCommand extends KadminCommand {
             return;
         }
 
-        String principal = null;
-        String keytabFileLocation = null;
-        String rangeSuffix = null;
+        String principal;
+        String keytabFileLocation;
+        String removeOption = null;
         int lastIndex ;
 
         if (commands[commands.length - 1].matches("^all|old|-?\\d+$")) {
@@ -57,7 +57,7 @@ public class KeytabRemoveCommand extends KadminCommand {
             }
             lastIndex = commands.length - 3;
             principal = commands[commands.length - 2];
-            rangeSuffix = commands[commands.length - 1];
+            removeOption = commands[commands.length - 1];
         } else {
             lastIndex = commands.length - 2;
             principal = commands[commands.length - 1];
@@ -74,14 +74,20 @@ public class KeytabRemoveCommand extends KadminCommand {
                 kOptions.getStringOption(KadminOption.K):kOptions.getStringOption(KadminOption.KEYTAB);
 
         if (keytabFileLocation == null) {
-            keytabFileLocation = DEFAULT_KEYTAB_FILE_LOCATION;
+            keytabFileLocation = DEFAULT_KEYTAB_FILE;
         }
         File keytabFile = new File(keytabFileLocation);
 
         try {
-            StringBuilder result = getKadmin().removeEntryFromKeytab(keytabFile, principal,
rangeSuffix);
-            result.append("\tFile:" + keytabFileLocation);
-            System.out.println(result.toString());
+            if (removeOption.equals("all")) {
+                getKadmin().removeKeytabEntriesOf(keytabFile, principal);
+            } else if (removeOption.equals("old")) {
+                getKadmin().removeOldKeytabEntriesOf(keytabFile, principal);
+            } else {
+                int kvno = Integer.parseInt(removeOption);
+                getKadmin().removeKeytabEntriesOf(keytabFile, principal, kvno);
+            }
+            System.out.println("Done!");
         } catch (KrbException e) {
             System.err.println("Principal \"" + principal + "\" fail to remove entry from
keytab." +
                 e.getMessage());

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a2237ff1/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
index a9433b7..46390de 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
@@ -38,7 +38,7 @@ public class ListPrincipalCommand extends KadminCommand {
 
         if (commands.length == 1) {
             try {
-                principalNames = getKadmin().listPrincipal();
+                principalNames = getKadmin().getPrincipals();
             } catch (KrbException e) {
                 System.err.print("Fail to list principal!" + e.getMessage());
             }


Mime
View raw message