From 42e3a805117ff7cb054c2442f7b0e0cc54be63ad Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Mon, 9 Mar 2015 11:07:40 -0700 Subject: [PATCH] HADOOP-11686. MiniKDC cannot change ORG_NAME or ORG_DOMAIN. Contributed by Duo Zhang. --- .../hadoop-common/CHANGES.txt | 3 ++ .../org/apache/hadoop/minikdc/MiniKdc.java | 17 ++++++---- .../minikdc/TestChangeOrgNameAndDomain.java | 32 +++++++++++++++++++ 3 files changed, 45 insertions(+), 7 deletions(-) create mode 100644 hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestChangeOrgNameAndDomain.java diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 6f2c8c3bf20..37604c4416a 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1067,6 +1067,9 @@ Release 2.7.0 - UNRELEASED HADOOP-11670. Regression: s3a auth setup broken. (Adam Budde via stevel) + HADOOP-11686. MiniKDC cannot change ORG_NAME or ORG_DOMAIN. + (Duo Zhang via wheat9) + Release 2.6.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/MiniKdc.java b/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/MiniKdc.java index a649bd224e9..938836051e0 100644 --- a/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/MiniKdc.java +++ b/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/MiniKdc.java @@ -36,6 +36,7 @@ import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor; import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex; import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition; import org.apache.directory.server.core.partition.ldif.LdifPartition; +import org.apache.directory.server.kerberos.KerberosConfig; import org.apache.directory.server.kerberos.kdc.KdcServer; import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory; import org.apache.directory.server.kerberos.shared.keytab.Keytab; @@ -418,7 +419,15 @@ public class MiniKdc { IOUtils.closeQuietly(is1); } - kdc = new KdcServer(); + KerberosConfig kerberosConfig = new KerberosConfig(); + kerberosConfig.setMaximumRenewableLifetime(Long.parseLong(conf + .getProperty(MAX_RENEWABLE_LIFETIME))); + kerberosConfig.setMaximumTicketLifetime(Long.parseLong(conf + .getProperty(MAX_TICKET_LIFETIME))); + kerberosConfig.setSearchBaseDn(String.format("dc=%s,dc=%s", orgName, + orgDomain)); + kerberosConfig.setPaEncTimestampRequired(false); + kdc = new KdcServer(kerberosConfig); kdc.setDirectoryService(ds); // transport @@ -431,12 +440,6 @@ public class MiniKdc { throw new IllegalArgumentException("Invalid transport: " + transport); } kdc.setServiceName(conf.getProperty(INSTANCE)); - kdc.getConfig().setMaximumRenewableLifetime( - Long.parseLong(conf.getProperty(MAX_RENEWABLE_LIFETIME))); - kdc.getConfig().setMaximumTicketLifetime( - Long.parseLong(conf.getProperty(MAX_TICKET_LIFETIME))); - - kdc.getConfig().setPaEncTimestampRequired(false); kdc.start(); StringBuilder sb = new StringBuilder(); diff --git a/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestChangeOrgNameAndDomain.java b/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestChangeOrgNameAndDomain.java new file mode 100644 index 00000000000..384313011a3 --- /dev/null +++ b/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestChangeOrgNameAndDomain.java @@ -0,0 +1,32 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.minikdc; + +import java.util.Properties; + +public class TestChangeOrgNameAndDomain extends TestMiniKdc { + + @Override + public void createMiniKdcConf() { + super.createMiniKdcConf(); + Properties properties = getConf(); + properties.setProperty(MiniKdc.ORG_NAME, "APACHE"); + properties.setProperty(MiniKdc.ORG_DOMAIN, "COM"); + } + +}