Yair Zaslavsky has uploaded a new change for review. Change subject: tools: Allow to configure domains_realm section via external file ......................................................................
tools: Allow to configure domains_realm section via external file This can be handy in case the kerberos realm for the added domain is not an upper case version of it. Bare in mind the external file should contain all the domains in case there is more than one domain in the setup Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1072330 Change-Id: I970b8f4950abb5eeb0a72a46ed00af26028919dd Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com> --- M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KrbConfCreator.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsConfiguration.java 3 files changed, 51 insertions(+), 27 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/47/25447/1 diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KrbConfCreator.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KrbConfCreator.java index 83e3495..a049979 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KrbConfCreator.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KrbConfCreator.java @@ -1,16 +1,20 @@ package org.ovirt.engine.core.utils.kerberos; import java.io.File; +import java.io.BufferedReader; +import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Scanner; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.ovirt.engine.core.utils.CLIParser; import org.ovirt.engine.core.utils.dns.DnsSRVLocator.DnsSRVResult; @@ -36,18 +40,17 @@ "\n\t-m mixed mode. Will add a flag to support AD in 2003/2008 mixed mode will be added"; private boolean useDnsLookup; private Map<String, List<String>> ldapServersPerGSSAPIDomains; + private String domainRealmMappingFile; private final static Logger log = Logger.getLogger(KrbConfCreator.class); - public KrbConfCreator(String... args) throws Exception { - parseOptions(args); - loadSourceFile(); - extractRealmsFromDomains(); - } - - public KrbConfCreator(String domains, boolean useDnsLookup, Map<String, List<String>> ldapServersPerGSSAPIDomains) throws Exception { + public KrbConfCreator(String domains, + boolean useDnsLookup, + Map<String, List<String>> ldapServersPerGSSAPIDomains, + String domainRealmMappingFile) throws Exception { this.useDnsLookup = useDnsLookup && ( ldapServersPerGSSAPIDomains == null || ldapServersPerGSSAPIDomains.size() == 0 ); this.ldapServersPerGSSAPIDomains = ldapServersPerGSSAPIDomains; + this.domainRealmMappingFile = domainRealmMappingFile; loadSourceFile(); extractRealmsFromDomains(domains); } @@ -209,28 +212,43 @@ // .second.example.com = SECOND.EXAMPLE.COM private String appendDomainRealms(List<String> realms) throws AuthenticationException { StringBuffer text = new StringBuffer(" [domain_realm]\n"); - for (String realm : realms) { - text.append("\t" + realm.toLowerCase() + " = " + realm.toUpperCase() + "\n"); + if (!domainRealmMappingFileExits()) { + for (String realm : realms) { + text.append("\t" + realm.toLowerCase() + " = " + realm.toUpperCase() + "\n"); + } + } else { + // Fill in [domain_realm] section from the provided file at engine-manage-domains.conf + // This can be useful in case the realm is not an upper case of the domain + try (BufferedReader reader = + new BufferedReader(new InputStreamReader(new FileInputStream(domainRealmMappingFile)))) { + while (true) { + String readLine = reader.readLine(); + if (readLine == null) { + break; + } + text.append("\t").append(readLine).append("\n"); + } + + } catch (FileNotFoundException e) { + // This exception should not really happen as we check that the file exists at + // domainRealmMappingFileExits() + + } catch (IOException e) { + } } return text.toString(); } - private String getProblematicRealmExceptionMsg(String realm) { - return (realm != null) ? " Problematic domain is: " + realm.toLowerCase() : ""; + private boolean domainRealmMappingFileExits() { + if (StringUtils.isEmpty(domainRealmMappingFile)) { + return false; + } + File f = new File(domainRealmMappingFile); + return f.exists(); } - public static void main(String[] args) throws FileNotFoundException { - try { - KrbConfCreator kerbParser = new KrbConfCreator(args); - StringBuffer buffer = kerbParser.parse(); - kerbParser.toFile(buffer); - } catch (Exception e) { - System.out.println("Error: " + e.getMessage()); - if (e instanceof AuthenticationException) { - System.exit(((AuthenticationException) e).getAuthResult().getExitCode()); - } - System.exit(1); - } + private String getProblematicRealmExceptionMsg(String realm) { + return (realm != null) ? " Problematic domain is: " + realm.toLowerCase() : ""; } private enum Arguments { diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java index 5cae4a9..74e7bf5 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java @@ -705,13 +705,14 @@ try { log.info("Creating kerberos configuration for domain(s): " + gssapiDomainsString); useDnsLookup = utilityConfiguration.getUseDnsLookup(); + String domainRealmMappingFile = utilityConfiguration.getDomainRealmMappingFile(); if (!ldapServers && useDnsLookup) { - // The arguments do not contain a list of ldap servers, the - // kerberos configuration should not be created according to it if - // useDnsLookup is set to true as in this case the kdc and the domain_realm info + // Arguments do not contain a list of ldap servers, kerberos configuration should not be + // created according to it if useDnsLookup is set to true as in this case the kdc and + // the domain_realm information will be resolved by DNS during kerberos negotiation. ldapServersPerGSSAPIDomains = Collections.emptyMap(); } - krbConfCreator = new KrbConfCreator(gssapiDomainsString, useDnsLookup, ldapServersPerGSSAPIDomains); + krbConfCreator = new KrbConfCreator(gssapiDomainsString, useDnsLookup, ldapServersPerGSSAPIDomains, domainRealmMappingFile); StringBuffer buffer = null; buffer = krbConfCreator.parse("y"); krbConfCreator.toFile(utilityConfiguration.getkrb5confFilePath() + TESTING_KRB5_CONF_SUFFIX, buffer); diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsConfiguration.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsConfiguration.java index 81520d1..bd4a7bc 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsConfiguration.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsConfiguration.java @@ -11,6 +11,7 @@ private static String ENGINE_CONFIG_EXECUTABLE_PROPERTY = "engineConfigExecutable"; private static String LOCAL_HOST_ENTRY = "localHostEntry"; private static String USE_DNS_LOOKUP = "useDnsLookup"; + private static String DOMAIN_REALM_MAPPING_FILE = "domainRealmMappingFile"; ManageDomainsConfiguration(String confFilePath) throws ConfigurationException { manageDomainsConf = new PropertiesConfiguration(confFilePath); @@ -36,4 +37,8 @@ return manageDomainsConf.getBoolean(USE_DNS_LOOKUP); } + public String getDomainRealmMappingFile() { + return manageDomainsConf.getString(DOMAIN_REALM_MAPPING_FILE); + } + } -- To view, visit http://gerrit.ovirt.org/25447 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I970b8f4950abb5eeb0a72a46ed00af26028919dd Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
