Hi Steve,
Thanks for your digging!
>> Here's the snippet of code I created to copy the KrbOptions to KdcOptions
>> ... I think this was the designed intention ...
I'm wondering if it could be better if we check explicitly the KdcOption
related options contained in KrbOptions passed from above layer. For example,
If (requestOptions.contain(KrbOption. FORWARDABLE) {
asRequest.getKdcOptions().setFlag(KdcOption. FORWARDABLE);
}
>> Is a pull request on GitHub the easiest way to send you code changes or
>> would you prefer patches attached to the issues in Jira?
If you're convenient to generate a patch and upload it to the JIRA, it would be
great, but GH PR should also work for us as well!
Regards,
Kai
-----Original Message-----
From: Steve Moyer [mailto:[email protected]]
Sent: Wednesday, November 18, 2015 9:18 PM
To: [email protected]
Subject: Re: How to request a forwardable ticket?
I've got working code for FORWARDABLE AND PROXIABLE ... I've been looking at
the changes needed for RENEWABLE_OK (and maybe other flags).
Right now the code feels a bit strange. I set a flag in KrbOptions and I'm
converting the appropriate flags to KdcOptions, then generating the bitmap.
Should this really be happening just by matching the enum name() from KrbOption
to KdcOption? DIRKRB-449 (https://issues.apache.org/jira/browse/DIRKRB-449) is
resolved as of commit 9e504bd785d894491bd8f4fbe2359f346d951299
(https://github.com/apache/directory-kerby/commit/c3c778f3af0fe2a187c10447682bf12b9bed7c6d),
so the flags in the AsRequest are set properly.
Here's the snippet of code I created to copy the KrbOptions to KdcOptions ... I
think this was the designed intention:
KdcOptions kdcOptions = new KdcOptions();
for (KOption koption: requestOptions.getOptions()) {
try {
KdcOption kdcOption = KdcOption.valueOf(koption.getOptionName());
kdcOptions.setFlag(kdcOption,
requestOptions.getBooleanOption(koption, false));
} catch (IllegalArgumentException | NullPointerException e) {
// It's completely acceptable that a request option is NOT a
KdcOption
// but PMD doesn't like empty finally or catch blocks - here's a
message
// just for you!
e.getMessage();
}
}
asRequest.setKdcOptions(kdcOptions);
DIRKRB-450 (https://issues.apache.org/jira/browse/DIRKRB-450) was assigned to
me and I'll try to get a pull request for this code issued today. As noted
below, DIRKRB-452 (https://issues.apache.org/jira/browse/DIRKRB-452) is also
required for those using the KinitTool (at the moment, I'm requesting TGTs
programmatically).
Kai and Jia:
Is a pull request on GitHub the easiest way to send you code changes or would
you prefer patches attached to the issues in Jira?
Steve
--
“The mark of the immature man is that he wants to die nobly for a cause, while
the mark of the mature man is that he wants to live humbly for one.” - Wilhelm
Stekel
----- Original Message -----
From: "Zheng, Kai" <[email protected]>
To: [email protected]
Sent: Tuesday, November 17, 2015 10:18:09 PM
Subject: RE: How to request a forwardable ticket?
Looks like we're hitting this issue, which isn't resolved yet. I got some
mistaken.
https://issues.apache.org/jira/browse/DIRKRB-452
-----Original Message-----
From: Zheng, Kai [mailto:[email protected]]
Sent: Wednesday, November 18, 2015 11:10 AM
To: [email protected]
Subject: RE: How to request a forwardable ticket?
Ok, see. Looks like KrbOption.FORWARDABLE in request options isn't passed down
to KdcOptions for the final AsReq.
Will take a look and possible fix it soon.
-----Original Message-----
From: Marc Boorshtein [mailto:[email protected]]
Sent: Wednesday, November 18, 2015 10:43 AM
To: [email protected]
Subject: Re: How to request a forwardable ticket?
Thanks Kai, I'm having the same issue with the latest code. Here's the pull
log:
emote: Counting objects: 467, done.
remote: Compressing objects: 100% (70/70), done.
remote: Total 143 (delta 47), reused 0 (delta 0) Receiving objects: 100%
(143/143), 12.23 KiB | 0 bytes/s, done.
Resolving deltas: 100% (47/47), completed with 35 local objects.
From https://git1-us-west.apache.org/repos/asf/directory-kerby
955a845..d18ad29 master -> origin/master
Updating 955a845..d18ad29
Fast-forward
.../zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
| 8 +--
kerby-config/src/main/java/org/apache/kerby/config/Conf.java
| 48 +++++++++---------
kerby-config/src/main/java/org/apache/kerby/config/Config.java
| 35 +++++++------
kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
| 71 +++++++++++++++-----------
kerby-config/src/test/java/org/apache/kerby/config/ConfTest.java
| 11 ++--
kerby-dist/kdc-dist/assembly.xml
| 2 +
kerby-dist/tool-dist/assembly.xml
| 2 +
kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
| 43 ++++++++++------
kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
| 2 +-
kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
| 8 +++
kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
| 10 ++--
.../kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoadWithDefaultRealm.java
| 45 +++++++++++++++++
kerby-kerb/kerb-client/src/test/resources/krb5-kdcrealm.conf
| 19 +++++++
kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
| 17 ++++---
kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestAsReqCodec.java
| 3 +-
kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestTgsReqCodec.java
| 5 +-
kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbFlags.java
| 28 ++++++-----
kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/spec/base/KrbFlagsTest.java
| 155
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
| 44 +++++++++-------
kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcUtil.java
| 2 +-
20 files changed, 420 insertions(+), 138 deletions(-) create mode 100644
kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoadWithDefaultRealm.java
create mode 100644
kerby-kerb/kerb-client/src/test/resources/krb5-kdcrealm.conf
create mode 100644
kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/spec/base/KrbFlagsTest.java
On Tue, Nov 17, 2015 at 9:32 PM, Zheng, Kai <[email protected]> wrote:
> Hi Marc,
>
> There're recent contribution fixes related to this from Steve. Would
> you checkout and update to the latest codes?
>
> commit c3c778f3af0fe2a187c10447682bf12b9bed7c6d
> Author: plusplusjiajia <[email protected]>
> Date: Tue Nov 17 15:08:59 2015 +0800
>
> DIRKRB-449 Fix the bit manipulation functions in KrbFlags.
> Contributed by Steve.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Marc Boorshtein [mailto:[email protected]]
> Sent: Wednesday, November 18, 2015 10:27 AM
> To: [email protected]
> Subject: How to request a forwardable ticket?
>
> I can't seem to workout how to specify any options for a ticket. For
> s4u the TGT and SGTs need to be forwardable. Here's my code so far:
>
> KOptions requestOptions = new KOptions();
>
> requestOptions.add(KrbOption.CLIENT_PRINCIPAL,
> "HTTP/[email protected]");
>
> requestOptions.add(KrbOption.USE_KEYTAB, true);
>
> requestOptions.add(KrbOption.KEYTAB_FILE, new File(
> "/Users/mlb/Documents/localdev.keytab"));
>
> requestOptions.add(KrbOption.FORWARDABLE,true);
>
> TgtTicket tgt = kerb.requestTgtWithOptions(requestOptions);
>
> Looking at the code it doesn't look like the options are ever picked up.
> Any thoughts on how to set the forwardable flag?
>
> Thanks
>
> Marc
>
