Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: engine-manads-domains always tries to look for KDC in DNS ......................................................................
aaa: engine-manads-domains always tries to look for KDC in DNS The bug was caused due to the fact that the kdcs are always being validated, regardless of their "source" Change-Id: Ib3bb7cc049ad5b23127a505ff891b2d489a2caca Topic: AAA Bug-Url: https://bugzilla.redhat.com/1136087 Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com> --- M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java 1 file changed, 23 insertions(+), 17 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/85/32285/1 diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java index 9e18351..fbda242 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java @@ -211,25 +211,27 @@ } private void validateKdcServers(String ldapSecurityAuthentication, String domainName) throws ManageDomainsResult { - KDCLocator locator = new KDCLocator(); - DnsSRVResult result = null; - boolean foundServers = true; - try { - result = locator.getKdc(DnsSRVLocator.TCP, domainName); - if (!foundSrvRecords(result)) { - result = locator.getKdc(DnsSRVLocator.UDP, domainName); + if (shouldResolveKdc()) { + KDCLocator locator = new KDCLocator(); + DnsSRVResult result = null; + boolean foundServers = true; + try { + result = locator.getKdc(DnsSRVLocator.TCP, domainName); if (!foundSrvRecords(result)) { - foundServers =false; + result = locator.getKdc(DnsSRVLocator.UDP, domainName); + if (!foundSrvRecords(result)) { + foundServers = false; + } } + } catch (Exception ex) { + foundServers = false; } - } catch (Exception ex) { - foundServers = false; + if (!foundServers) { + throw new ManageDomainsResult("Could not locate KDC servers to be used to validate the input of the utility", + ManageDomainsResultEnum.NO_KDC_SERVERS_FOR_DOMAIN, + domainName); + } } - if (!foundServers) { - throw new ManageDomainsResult("Could not locate KDC servers to be used to validate the input of the utility", - ManageDomainsResultEnum.NO_KDC_SERVERS_FOR_DOMAIN, domainName); - } - } private boolean foundSrvRecords(DnsSRVResult result) { @@ -700,8 +702,7 @@ log.info("Creating kerberos configuration for domain(s): " + gssapiDomainsString); useDnsLookup = utilityConfiguration.getUseDnsLookup(); String domainRealmMappingFile = utilityConfiguration.getDomainRealmMappingFile(); - if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup - || args.contains(ARG_RESOLVE_KDC)) { + if (shouldResolveKdc()) { // Arguments do not contain a list of ldap servers, so the // kerberos configuration should not be created according to it if // useDnsLookup is set to true or resolve KDC argument was entered. @@ -724,6 +725,11 @@ } } + private boolean shouldResolveKdc() { + return !args.contains(ARG_LDAP_SERVERS) && useDnsLookup + || args.contains(ARG_RESOLVE_KDC); + } + private void checkKerberosConfiguration(String domainName, DomainsConfigurationEntry users, DomainsConfigurationEntry passwords, -- To view, visit http://gerrit.ovirt.org/32285 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib3bb7cc049ad5b23127a505ff891b2d489a2caca Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
