Alon Bar-Lev has uploaded a new change for review. Change subject: tools: manage-domains: respect ConfigValues.SASL_QOP ......................................................................
tools: manage-domains: respect ConfigValues.SASL_QOP in one of the ugliest piece of code I've ever seen. the cli does not respect the configuration of the application. Related-To: https://bugzilla.redhat.com/show_bug.cgi?id=1156577 Change-Id: I4fad86b7b2a1437607acf9562ac898ac455c10dd Signed-off-by: Alon Bar-Lev <alo...@redhat.com> --- M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/JndiAction.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/KerberosConfigCheck.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ConfigurationProvider.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java 4 files changed, 19 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/06/34506/1 diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/JndiAction.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/JndiAction.java index 272a5f8..821d614 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/JndiAction.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/JndiAction.java @@ -35,15 +35,17 @@ private final StringBuffer userGuid; private List<String> ldapServers; private final String defaultLdapServerPort; + private final String saslQOP; private final static Logger log = Logger.getLogger(JndiAction.class); - public JndiAction(String userName, String domainName, StringBuffer userGuid, LdapProviderType ldapProviderType, List<String> ldapServers, String defaultLdapServerPort) { + public JndiAction(String userName, String domainName, StringBuffer userGuid, LdapProviderType ldapProviderType, List<String> ldapServers, String defaultLdapServerPort, String saslQOP) { this.userName = userName; this.domainName = domainName; this.ldapProviderType = ldapProviderType; this.userGuid = userGuid; this.ldapServers = ldapServers; this.defaultLdapServerPort = defaultLdapServerPort; + this.saslQOP = saslQOP; } @Override @@ -52,7 +54,7 @@ env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put("java.naming.ldap.attributes.binary", "objectGUID"); env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); - env.put("javax.security.sasl.qop", "auth-conf"); + env.put("javax.security.sasl.qop", saslQOP); // Send an SRV record DNS query to retrieve all the LDAP servers in the domain LdapSRVLocator locator = new LdapSRVLocator(); diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/KerberosConfigCheck.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/KerberosConfigCheck.java index 9557d59..9b2a36c 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/KerberosConfigCheck.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/utils/kerberos/KerberosConfigCheck.java @@ -25,6 +25,7 @@ private LoginContext lc; private final List<String> ldapServers; private String defaultLdapServerPort; + private final String saslQOP; private final static Logger log = Logger.getLogger(KerberosConfigCheck.class); public enum Arguments { @@ -37,13 +38,14 @@ ldapProviderType; } - public KerberosConfigCheck(List<String> ldapServers, String defaultLdapServerPort) { + public KerberosConfigCheck(List<String> ldapServers, String defaultLdapServerPort, String saslQOP) { this.ldapServers = ldapServers; this.defaultLdapServerPort = defaultLdapServerPort; + this.saslQOP = saslQOP; } public KerberosConfigCheck() { - this(null, null); + this(null, null, "auth-conf"); } /** @@ -130,7 +132,7 @@ authResult = (AuthenticationResult) Subject.doAs(lc.getSubject(), new JndiAction(username, realm.toLowerCase(), - userGuid, ldapProviderType, ldapServers, defaultLdapServerPort)); + userGuid, ldapProviderType, ldapServers, defaultLdapServerPort, saslQOP)); } finally { if (lc != null) { diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ConfigurationProvider.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ConfigurationProvider.java index b36c663..4b668f7 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ConfigurationProvider.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ConfigurationProvider.java @@ -9,6 +9,7 @@ import static org.ovirt.engine.core.common.config.ConfigValues.LDAPSecurityAuthentication; import static org.ovirt.engine.core.common.config.ConfigValues.LDAPServerPort; import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers; +import static org.ovirt.engine.core.common.config.ConfigValues.SASL_QOP; import java.io.BufferedWriter; import java.io.File; @@ -34,7 +35,7 @@ String adUserId, String ldapProviderTypes, String engineConfigExecutable, - String engineConfigProperties, String ldapServerPort, String passwordChangeUrls) { + String engineConfigProperties, String ldapServerPort, String passwordChangeUrls, String saslQOP) { super(); configVals.put(AdUserName, adUserName); configVals.put(AdUserPassword, adUserPassword); @@ -45,6 +46,7 @@ configVals.put(LDAPProviderTypes, ldapProviderTypes); configVals.put(LDAPServerPort, ldapServerPort); configVals.put(ChangePasswordMsg, passwordChangeUrls); + configVals.put(SASL_QOP, saslQOP); this.engineConfigExecutable = engineConfigExecutable; this.engineConfigProperties = engineConfigProperties; } diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java index fbda242..cd4a7de 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java @@ -193,6 +193,8 @@ getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.LDAPServerPort); String changePasswordUrl = getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.ChangePasswordMsg); + String saslQOP = + getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.SASL_QOP); configurationProvider = new ConfigurationProvider(adUserName, @@ -203,7 +205,7 @@ adUserId, ldapProviderTypes, utilityConfiguration.getEngineConfigExecutablePath(), - engineConfigProperties, ldapPort, changePasswordUrl); + engineConfigProperties, ldapPort, changePasswordUrl, saslQOP); } catch (Throwable e) { throw new ManageDomainsResult(ManageDomainsResultEnum.FAILED_READING_CURRENT_CONFIGURATION, e.getMessage()); @@ -748,7 +750,8 @@ try { log.info("Testing kerberos configuration for domain: " + domain); List<String> ldapServersPerDomain = ldapServersPerDomainMap.get(domain); - KerberosConfigCheck kerberosConfigCheck = new KerberosConfigCheck(ldapServersPerDomain, ldapServerPort); + KerberosConfigCheck kerberosConfigCheck = new KerberosConfigCheck(ldapServersPerDomain, ldapServerPort, + configurationProvider.getConfigValue(ConfigValues.SASL_QOP)); StringBuffer userGuid = new StringBuffer(); kerberosConfigCheck.checkInstallation(domain, users.getValueForDomain(domain), @@ -1115,6 +1118,8 @@ .append("=\n") .append(ConfigValues.ChangePasswordMsg.name()) .append("=\n") + .append(ConfigValues.SASL_QOP.name()) + .append("=\n") .toString()); fw.flush(); } catch (IOException ex) { -- To view, visit http://gerrit.ovirt.org/34506 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4fad86b7b2a1437607acf9562ac898ac455c10dd Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
