/** * Verify whether auth_to_local rules transform a principal name * <p> * Having a local user name "bar@foo.com" may be harmless, so it is noted at * info. However if what was intended is a transformation to "bar" * it can be difficult to debug, hence this check. */ protected void validateShortName() { failif(principal == null, CAT_KERBEROS, "No principal defined"); try { KerberosName kn = new KerberosName(principal); String result = kn.getShortName(); if (nonSimplePattern.matcher(result).find()) { warn(CAT_KERBEROS, principal + " short name: " + result + " still contains @ or /"); } } catch (IOException e) { throw new KerberosDiagsFailure(CAT_KERBEROS, e, "Failed to get short name for " + principal, e); } catch (IllegalArgumentException e) { error(CAT_KERBEROS, "KerberosName(" + principal + ") failed: %s\n%s", e, StringUtils.stringifyException(e)); } }
KerberosName.setRules(nameRules);
"Failed to specify server's Kerberos principal name"); KerberosName name = new KerberosName(confPrincipal); if (name.getHostName() == null) { throw new IllegalArgumentException( "Kerberos principal name does NOT have the expected hostname part: "
@Test(timeout=60000) public void testNameRules() throws Exception { KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal()); Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); //destroy handler created in setUp() handler.destroy(); KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT"); handler = getNewAuthenticationHandler(); Properties props = getDefaultProperties(); props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT"); try { handler.init(props); } catch (Exception ex) { } kn = new KerberosName("bar@BAR"); Assert.assertEquals("bar", kn.getShortName()); kn = new KerberosName("bar@FOO"); Assert.assertEquals("bar@FOO", kn.getShortName()); }
KerberosName.setRules(nameRules); KerberosName kerbName = new KerberosName(spnegoPrincipal); if (kerbName.getHostName() != null && kerbName.getServiceName() != null && kerbName.getServiceName().equals("HTTP")) { boolean added = serverPrincipalMap.put(kerbName.getHostName(), spnegoPrincipal); LOG.info("Map server: {} to principal: [{}], added = {}", kerbName.getHostName(), spnegoPrincipal, added); } else { LOG.warn("HTTP principal: [{}] is invalid for SPNEGO!",
@Test public void testParsing() throws Exception { final String principalNameFull = "HTTP/abc.com@EXAMPLE.COM"; final String principalNameWoRealm = "HTTP/abc.com"; final String principalNameWoHost = "HTTP@EXAMPLE.COM"; final KerberosName kerbNameFull = new KerberosName(principalNameFull); Assert.assertEquals("HTTP", kerbNameFull.getServiceName()); Assert.assertEquals("abc.com", kerbNameFull.getHostName()); Assert.assertEquals("EXAMPLE.COM", kerbNameFull.getRealm()); final KerberosName kerbNamewoRealm = new KerberosName(principalNameWoRealm); Assert.assertEquals("HTTP", kerbNamewoRealm.getServiceName()); Assert.assertEquals("abc.com", kerbNamewoRealm.getHostName()); Assert.assertEquals(null, kerbNamewoRealm.getRealm()); final KerberosName kerbNameWoHost = new KerberosName(principalNameWoHost); Assert.assertEquals("HTTP", kerbNameWoHost.getServiceName()); Assert.assertEquals(null, kerbNameWoHost.getHostName()); Assert.assertEquals("EXAMPLE.COM", kerbNameWoHost.getRealm()); }
public KerberosNameShim(String name) { kerberosName = new KerberosName(name); }
if (KerberosName.hasRulesBeenSet()) { try { KerberosName krbName = new KerberosName(principal); principalShortName = krbName.getShortName();
krbName = new KerberosName(serverPrincipal); clientConf.setProperty( org.apache.accumulo.core.client.ClientConfiguration.ClientProperty.KERBEROS_SERVER_PRIMARY, krbName.getServiceName());
@Test (timeout = 30000) public void testEnsureInitWithRules() throws IOException { String rules = "RULE:[1:RULE1]"; // trigger implicit init, rules should init UserGroupInformation.reset(); assertFalse(KerberosName.hasRulesBeenSet()); UserGroupInformation.createUserForTesting("someone", new String[0]); assertTrue(KerberosName.hasRulesBeenSet()); // set a rule, trigger implicit init, rule should not change UserGroupInformation.reset(); KerberosName.setRules(rules); assertTrue(KerberosName.hasRulesBeenSet()); assertEquals(rules, KerberosName.getRules()); UserGroupInformation.createUserForTesting("someone", new String[0]); assertEquals(rules, KerberosName.getRules()); }
@Before public void setUp() throws Exception { System.setProperty("java.security.krb5.realm", KerberosTestUtils.getRealm()); System.setProperty("java.security.krb5.kdc", "localhost:88"); String rules = "RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" + "RULE:[2:$1](johndoe)s/^.*$/guest/\n" + "RULE:[2:$1;$2](^.*;admin$)s/;admin$//\n" + "RULE:[2:$2](root)\n" + "DEFAULT"; KerberosName.setRules(rules); KerberosName.printRules(); }
@Override public String getShortName() throws IOException { return kerberosName.getShortName(); } }
@Override public String getHostName() { return kerberosName.getHostName(); }
KerberosName.setRules(nameRules); KerberosName.setRuleMechanism(ruleMechanism);
@Override public String getServiceName() { return kerberosName.getServiceName(); }
@Override public String getRealm() { return kerberosName.getRealm(); }
@Override public String getDefaultRealm() { return kerberosName.getDefaultRealm(); }
@Test(timeout=60000) public void testNameRules() throws Exception { KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal()); Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); //destroy handler created in setUp() handler.destroy(); KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT"); handler = getNewAuthenticationHandler(); Properties props = getDefaultProperties(); props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT"); try { handler.init(props); } catch (Exception ex) { } kn = new KerberosName("bar@BAR"); Assert.assertEquals("bar", kn.getShortName()); kn = new KerberosName("bar@FOO"); Assert.assertEquals("bar@FOO", kn.getShortName()); }
KerberosName.setRules(nameRules); KerberosName kerbName = new KerberosName(spnegoPrincipal); if (kerbName.getHostName() != null && kerbName.getServiceName() != null && kerbName.getServiceName().equals("HTTP")) { boolean added = serverPrincipalMap.put(kerbName.getHostName(), spnegoPrincipal); LOG.info("Map server: {} to principal: [{}], added = {}", kerbName.getHostName(), spnegoPrincipal, added); } else { LOG.warn("HTTP principal: [{}] is invalid for SPNEGO!",
@Test public void testParsing() throws Exception { final String principalNameFull = "HTTP/abc.com@EXAMPLE.COM"; final String principalNameWoRealm = "HTTP/abc.com"; final String principalNameWoHost = "HTTP@EXAMPLE.COM"; final KerberosName kerbNameFull = new KerberosName(principalNameFull); Assert.assertEquals("HTTP", kerbNameFull.getServiceName()); Assert.assertEquals("abc.com", kerbNameFull.getHostName()); Assert.assertEquals("EXAMPLE.COM", kerbNameFull.getRealm()); final KerberosName kerbNamewoRealm = new KerberosName(principalNameWoRealm); Assert.assertEquals("HTTP", kerbNamewoRealm.getServiceName()); Assert.assertEquals("abc.com", kerbNamewoRealm.getHostName()); Assert.assertEquals(null, kerbNamewoRealm.getRealm()); final KerberosName kerbNameWoHost = new KerberosName(principalNameWoHost); Assert.assertEquals("HTTP", kerbNameWoHost.getServiceName()); Assert.assertEquals(null, kerbNameWoHost.getHostName()); Assert.assertEquals("EXAMPLE.COM", kerbNameWoHost.getRealm()); }