public static void go0(String... expected) throws Exception {
System.setProperty("sun.security.krb5.debug", "true");
// Make sure KDCs' ports starts with 1 and 2 and 3,
// useful for checking debug output.
int p1 = 10000 + new java.util.Random().nextInt(10000);
int p2 = 20000 + new java.util.Random().nextInt(10000);
int p3 = 30000 + new java.util.Random().nextInt(10000);
FileWriter fw = new FileWriter("alternative-krb5.conf");
fw.write(
"[libdefaults]\n"
+ "default_realm = "
+ OneKDC.REALM
+ "\n"
+ "kdc_timeout = "
+ toReal(2000)
+ "\n");
fw.write(
"[realms]\n"
+ OneKDC.REALM
+ " = {\n"
+ "kdc = "
+ OneKDC.KDCHOST
+ ":"
+ p1
+ "\n"
+ "kdc = "
+ OneKDC.KDCHOST
+ ":"
+ p2
+ "\n"
+ "kdc = "
+ OneKDC.KDCHOST
+ ":"
+ p3
+ "\n"
+ "}\n");
fw.close();
System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
Config.refresh();
// Turn on k3 only
KDC k3 = on(p3);
test(expected[0]);
test(expected[1]);
Config.refresh();
test(expected[2]);
k3.terminate(); // shutdown k3
on(p2); // k2 is on
test(expected[3]);
on(p1); // k1 and k2 is on
test(expected[4]);
}
private static KerberosTicket getTgt(int caller, Krb5NameElement name, int initLifetime)
throws GSSException {
String realm = null;
final String clientPrincipal, tgsPrincipal = null;
/*
* Find the TGT for the realm that the client is in. If the client
* name is not available, then use the default realm.
*/
if (name != null) {
clientPrincipal = (name.getKrb5PrincipalName()).getName();
realm = (name.getKrb5PrincipalName()).getRealmAsString();
} else {
clientPrincipal = null;
try {
Config config = Config.getInstance();
realm = config.getDefaultRealm();
} catch (KrbException e) {
GSSException ge =
new GSSException(
GSSException.NO_CRED,
-1,
"Attempt to obtain INITIATE credentials failed!" + " (" + e.getMessage() + ")");
ge.initCause(e);
throw ge;
}
}
final AccessControlContext acc = AccessController.getContext();
try {
final int realCaller = (caller == GSSUtil.CALLER_UNKNOWN) ? GSSUtil.CALLER_INITIATE : caller;
return AccessController.doPrivileged(
new PrivilegedExceptionAction<KerberosTicket>() {
public KerberosTicket run() throws Exception {
return Krb5Util.getTicket(realCaller, clientPrincipal, tgsPrincipal, acc);
}
});
} catch (PrivilegedActionException e) {
GSSException ge =
new GSSException(
GSSException.NO_CRED,
-1,
"Attempt to obtain new INITIATE credentials failed!" + " (" + e.getMessage() + ")");
ge.initCause(e.getException());
throw ge;
}
}
/* */ private static String getDefaultTabName() /* */ {
/* 184 */ if (defaultTabName != null) {
/* 185 */ return defaultTabName;
/* */ }
/* 187 */ String str1 = null;
/* */ try {
/* 189 */ String str2 = Config.getInstance().getDefault("default_keytab_name", "libdefaults");
/* */
/* 191 */ if (str2 != null) {
/* 192 */ StringTokenizer localStringTokenizer = new StringTokenizer(str2, " ");
/* 193 */ while (localStringTokenizer.hasMoreTokens()) {
/* 194 */ str1 = parse(localStringTokenizer.nextToken());
/* 195 */ if (new File(str1).exists()) /* 196 */ break;
/* */ }
/* */ }
/* */ }
/* */ catch (KrbException localKrbException) {
/* 201 */ str1 = null;
/* */ }
/* */
/* 204 */ if (str1 == null) {
/* 205 */ String str3 =
(String) AccessController.doPrivileged(new GetPropertyAction("user.home"));
/* */
/* 209 */ if (str3 == null) {
/* 210 */ str3 = (String) AccessController.doPrivileged(new GetPropertyAction("user.dir"));
/* */ }
/* */
/* 215 */ str1 = str3 + File.separator + "krb5.keytab";
/* */ }
/* 217 */ defaultTabName = str1;
/* 218 */ return str1;
/* */ }
public static void main(String[] args) throws Exception {
File f = new File(System.getProperty("test.src", "."), "unreachable.krb5.conf");
System.setProperty("java.security.krb5.conf", f.getPath());
Config.refresh();
// If PortUnreachableException is not received, the login will consume
// about 3*3*30 seconds and the test will timeout.
try {
Context.fromUserPass("name", "pass".toCharArray(), true);
} catch (LoginException le) {
// This is OK
}
}
/** Deletes an entry from the key table. */
void deleteEntry() {
PrincipalName pname = null;
try {
pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
String answer;
BufferedReader cis = new BufferedReader(new InputStreamReader(System.in));
System.out.print(
"Are you sure you want to "
+ " delete service key for "
+ pname.toString()
+ " in "
+ table.tabName()
+ "?(Y/N) :");
System.out.flush();
answer = cis.readLine();
if (answer.equalsIgnoreCase("Y") || answer.equalsIgnoreCase("Yes")) ;
else {
// no error, the user did not want to delete the entry
System.exit(0);
}
} catch (KrbException e) {
System.err.println("Error occured while deleting the entry. " + "Deletion failed.");
e.printStackTrace();
System.exit(-1);
} catch (IOException e) {
System.err.println("Error occured while deleting the entry. " + " Deletion failed.");
e.printStackTrace();
System.exit(-1);
}
// admin.deleteEntry(pname);
table.deleteEntry(pname);
try {
table.save();
} catch (IOException e) {
System.err.println("Error occurs while saving the keytab." + "Deletion fails.");
e.printStackTrace();
System.exit(-1);
}
System.out.println("Done!");
}
/**
* Adds a service key to key table. If the specified key table does not exist, the program will
* automatically generate a new key table.
*/
void addEntry() {
PrincipalName pname = null;
try {
pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
} catch (KrbException e) {
System.err.println("Failed to add " + principal + " to keytab.");
e.printStackTrace();
System.exit(-1);
}
if (password == null) {
try {
BufferedReader cis = new BufferedReader(new InputStreamReader(System.in));
System.out.print("Password for " + pname.toString() + ":");
System.out.flush();
password = new StringBuffer().append(cis.readLine());
} catch (IOException e) {
System.err.println("Failed to read the password.");
e.printStackTrace();
System.exit(-1);
}
}
try {
// admin.addEntry(pname, password);
table.addEntry(pname, password);
// admin.save();
table.save();
System.out.println("Done!");
System.out.println("Service key for " + principal + " is saved in " + table.tabName());
} catch (KrbCryptoException e) {
System.err.println("Failed to add " + principal + " to keytab.");
e.printStackTrace();
System.exit(-1);
} catch (IOException e) {
System.err.println("Failed to save new entry.");
e.printStackTrace();
System.exit(-1);
}
}
/**
* Creates the KDC and starts it.
*
* @param etype Encryption type, null if not specified
* @throws java.lang.Exception if there's anything wrong
*/
public OneKDC(String etype) throws Exception {
super(REALM, KDCHOST, 0, true);
addPrincipal(USER, PASS);
addPrincipalRandKey("krbtgt/" + REALM);
addPrincipalRandKey(SERVER);
addPrincipalRandKey(BACKEND);
KDC.saveConfig(
KRB5_CONF,
this,
"forwardable = true",
"default_keytab_name = " + KTAB,
etype == null ? "" : "default_tkt_enctypes=" + etype + "\ndefault_tgs_enctypes=" + etype);
System.setProperty("java.security.krb5.conf", KRB5_CONF);
// Whatever krb5.conf had been loaded before, we reload ours now.
Config.refresh();
writeKtab(KTAB);
new File(KRB5_CONF).deleteOnExit();
new File(KTAB).deleteOnExit();
}