Hello Alon Bar-Lev,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/34526
to review the following change.
Change subject: tools: manage-domains: respect ConfigValues.SASL_QOP
......................................................................
tools: manage-domains: respect ConfigValues.SASL_QOP
in one of the ugliest piece of code I've ever seen.
the cli does not respect the configuration of the application.
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1157888
Change-Id: I4fad86b7b2a1437607acf9562ac898ac455c10dd
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java
M
backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
M
backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
4 files changed, 18 insertions(+), 8 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/26/34526/1
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
index 467d64c..6b2124b 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java
@@ -34,15 +34,17 @@
private final StringBuffer userGuid;
private List<String> ldapServers;
private final String defaultLdapServerPort;
+ private final String saslQOP;
private final static Logger log = Logger.getLogger(JndiAction.class);
- public JndiAction(String userName, String domainName, StringBuffer
userGuid, LdapProviderType ldapProviderType, List<String> ldapServers, String
defaultLdapServerPort) {
+ public JndiAction(String userName, String domainName, StringBuffer
userGuid, LdapProviderType ldapProviderType, List<String> ldapServers, String
defaultLdapServerPort, String saslQOP) {
this.userName = userName;
this.domainName = domainName;
this.ldapProviderType = ldapProviderType;
this.userGuid = userGuid;
this.ldapServers = ldapServers;
this.defaultLdapServerPort = defaultLdapServerPort;
+ this.saslQOP = saslQOP;
}
@Override
@@ -51,7 +53,7 @@
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put("java.naming.ldap.attributes.binary", "objectGUID");
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
- env.put("javax.security.sasl.qop", "auth-conf");
+ env.put("javax.security.sasl.qop", saslQOP);
// Send an SRV record DNS query to retrieve all the LDAP servers in
the domain
LdapSRVLocator locator = new LdapSRVLocator();
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java
index 304f8dc..9513089 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/KerberosConfigCheck.java
@@ -23,6 +23,7 @@
public class KerberosConfigCheck {
private LoginContext lc;
private final List<String> ldapServers;
+ private final String saslQOP;
private String defaultLdapServerPort;
private final static Logger log =
Logger.getLogger(KerberosConfigCheck.class);
@@ -36,13 +37,14 @@
ldapProviderType;
}
- public KerberosConfigCheck(List<String> ldapServers, String
defaultLdapServerPort) {
+ public KerberosConfigCheck(List<String> ldapServers, String
defaultLdapServerPort, String saslQOP) {
this.ldapServers = ldapServers;
this.defaultLdapServerPort = defaultLdapServerPort;
+ this.saslQOP = saslQOP;
}
public KerberosConfigCheck() {
- this(null, null);
+ this(null, null, "auth-conf");
}
/**
@@ -129,7 +131,7 @@
authResult =
(AuthenticationResult) Subject.doAs(lc.getSubject(), new
JndiAction(username,
realm.toLowerCase(),
- userGuid, ldapProviderType, ldapServers,
defaultLdapServerPort));
+ userGuid, ldapProviderType, ldapServers,
defaultLdapServerPort, saslQOP));
} finally {
if (lc != null) {
diff --git
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
index 002d6f8..b4a066f 100644
---
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
+++
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java
@@ -9,6 +9,7 @@
import static
org.ovirt.engine.core.common.config.ConfigValues.LDAPSecurityAuthentication;
import static org.ovirt.engine.core.common.config.ConfigValues.LDAPServerPort;
import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers;
+import static org.ovirt.engine.core.common.config.ConfigValues.SASL_QOP;
import java.io.BufferedWriter;
import java.io.File;
@@ -34,7 +35,7 @@
String adUserId,
String ldapProviderTypes,
String engineConfigExecutable,
- String engineConfigProperties, String ldapServerPort, String
passwordChangeUrls) {
+ String engineConfigProperties, String ldapServerPort, String
passwordChangeUrls, String saslQOP) {
super();
configVals.put(AdUserName, adUserName);
configVals.put(AdUserPassword, adUserPassword);
@@ -45,6 +46,7 @@
configVals.put(LDAPProviderTypes, ldapProviderTypes);
configVals.put(LDAPServerPort, ldapServerPort);
configVals.put(ChangePasswordMsg, passwordChangeUrls);
+ configVals.put(SASL_QOP, saslQOP);
this.engineConfigExecutable = engineConfigExecutable;
this.engineConfigProperties = engineConfigProperties;
}
diff --git
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
index e4f4987..efcb486 100644
---
a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
+++
b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java
@@ -201,6 +201,8 @@
if (changePasswordUrl == null) {
changePasswordUrl = "";
}
+ String saslQOP =
+ getConfigValue(engineConfigExecutable,
engineConfigProperties, ConfigValues.SASL_QOP);
configurationProvider =
new ConfigurationProvider(adUserName,
@@ -211,7 +213,7 @@
adUserId,
ldapProviderTypes,
utilityConfiguration.getEngineConfigExecutablePath(),
- engineConfigProperties, ldapPort,
changePasswordUrl);
+ engineConfigProperties, ldapPort,
changePasswordUrl, saslQOP);
} catch (Throwable e) {
throw new
ManageDomainsResult(ManageDomainsResultEnum.FAILED_READING_CURRENT_CONFIGURATION,
e.getMessage());
@@ -746,7 +748,7 @@
try {
log.info("Testing kerberos configuration for domain: " +
domain);
List<String> ldapServersPerDomain =
ldapServersPerDomainMap.get(domain);
- KerberosConfigCheck kerberosConfigCheck = new
KerberosConfigCheck(ldapServersPerDomain, ldapServerPort);
+ KerberosConfigCheck kerberosConfigCheck = new
KerberosConfigCheck(ldapServersPerDomain, ldapServerPort,
configurationProvider.getConfigValue(ConfigValues.SASL_QOP));
StringBuffer userGuid = new StringBuffer();
kerberosConfigCheck.checkInstallation(domain,
users.getValueForDomain(domain),
@@ -1115,6 +1117,8 @@
.append("=\n")
.append(ConfigValues.ChangePasswordMsg.name())
.append("=\n")
+ .append(ConfigValues.SASL_QOP.name())
+ .append("=\n")
.toString());
fw.flush();
} catch (IOException ex) {
--
To view, visit http://gerrit.ovirt.org/34526
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4fad86b7b2a1437607acf9562ac898ac455c10dd
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.4
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
