This is an automated email from the ASF dual-hosted git repository. arshad pushed a commit to branch branch-3.5 in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.5 by this push: new 457d7de ZOOKEEPER-1467: Make server principal configurable at client side. 457d7de is described below commit 457d7dee925fddbed6114cd9d3686697057c5d42 Author: Sujith Simon <sujith.abraham.si...@huawei.com> AuthorDate: Tue Oct 1 12:48:22 2019 +0530 ZOOKEEPER-1467: Make server principal configurable at client side. Make server principal configurable at the client side Author: sujithsimon22 <sujith.abraham.si...@huawei.com> Reviewers: Mohammad Arshad <ars...@apache.org>, enixon, Enrico Olivelli <eolive...@apache.org> Closes #1104 from sujithsimon22/ZOOKEEPER-1467-3.5 --- .../src/main/resources/markdown/zookeeperProgrammers.md | 6 ++++++ .../main/java/org/apache/zookeeper/SaslServerPrincipal.java | 5 +++++ .../java/org/apache/zookeeper/client/ZKClientConfig.java | 3 +++ .../main/java/org/apache/zookeeper/util/SecurityUtils.java | 8 ++++++-- .../java/org/apache/zookeeper/ClientCanonicalizeTest.java | 13 +++++++++++++ 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/zookeeper-docs/src/main/resources/markdown/zookeeperProgrammers.md b/zookeeper-docs/src/main/resources/markdown/zookeeperProgrammers.md index addc796..0bd00b3 100644 --- a/zookeeper-docs/src/main/resources/markdown/zookeeperProgrammers.md +++ b/zookeeper-docs/src/main/resources/markdown/zookeeperProgrammers.md @@ -1205,6 +1205,12 @@ following reference * *zookeeper.kinit* : Specifies path to kinit binary. Default is "/usr/bin/kinit". +* *zookeeper.server.principal* : + Specifies the server principal to be used by the client for authentication, while connecting to the zookeeper + server, when Kerberos authentication is enabled. A couple of ways to specify the server principal can be as + "zookeeper.server.principal = **zookeeper/zookeeper.apache....@apache.org**" or + "zookeeper.server.principal = **zookeeper/zookeeper.apache.org**" + <a name="C+Binding"></a> ### C Binding diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/SaslServerPrincipal.java b/zookeeper-server/src/main/java/org/apache/zookeeper/SaslServerPrincipal.java index 2694f77..5213d9c 100644 --- a/zookeeper-server/src/main/java/org/apache/zookeeper/SaslServerPrincipal.java +++ b/zookeeper-server/src/main/java/org/apache/zookeeper/SaslServerPrincipal.java @@ -46,6 +46,11 @@ public class SaslServerPrincipal { * @return the name of the principal. */ static String getServerPrincipal(WrapperInetSocketAddress addr, ZKClientConfig clientConfig) { + String configuredServerPrincipal = clientConfig.getProperty(ZKClientConfig.ZOOKEEPER_SERVER_PRINCIPAL); + if (configuredServerPrincipal != null) { + // If server principal is already configured then return it + return configuredServerPrincipal; + } String principalUserName = clientConfig.getProperty(ZKClientConfig.ZK_SASL_CLIENT_USERNAME, ZKClientConfig.ZK_SASL_CLIENT_USERNAME_DEFAULT); String hostName = addr.getHostName(); diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZKClientConfig.java b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZKClientConfig.java index b2d214b..07ae65c 100644 --- a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZKClientConfig.java +++ b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZKClientConfig.java @@ -60,6 +60,7 @@ public class ZKClientConfig extends ZKConfig { public static final String SECURE_CLIENT = ZooKeeper.SECURE_CLIENT; public static final int CLIENT_MAX_PACKET_LENGTH_DEFAULT = 4096 * 1024; /* 4 MB */ public static final String ZOOKEEPER_REQUEST_TIMEOUT = "zookeeper.request.timeout"; + public static final String ZOOKEEPER_SERVER_PRINCIPAL = "zookeeper.server.principal"; /** * Feature is disabled by default. */ @@ -85,6 +86,8 @@ public class ZKClientConfig extends ZKConfig { private void initFromJavaSystemProperties() { setProperty(ZOOKEEPER_REQUEST_TIMEOUT, System.getProperty(ZOOKEEPER_REQUEST_TIMEOUT)); + setProperty(ZOOKEEPER_SERVER_PRINCIPAL, + System.getProperty(ZOOKEEPER_SERVER_PRINCIPAL)); } @Override diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/util/SecurityUtils.java b/zookeeper-server/src/main/java/org/apache/zookeeper/util/SecurityUtils.java index 67484e4..105d79e 100644 --- a/zookeeper-server/src/main/java/org/apache/zookeeper/util/SecurityUtils.java +++ b/zookeeper-server/src/main/java/org/apache/zookeeper/util/SecurityUtils.java @@ -112,8 +112,12 @@ public final class SecurityUtils { // "zookeeper.server.realm" is set). String serverRealm = System.getProperty("zookeeper.server.realm", clientKerberosName.getRealm()); - KerberosName serviceKerberosName = new KerberosName( - servicePrincipal + "@" + serverRealm); + String modifiedServerPrincipal = servicePrincipal; + // If service principal does not contain realm, then add it + if (!modifiedServerPrincipal.contains("@")) { + modifiedServerPrincipal = modifiedServerPrincipal + "@" + serverRealm; + } + KerberosName serviceKerberosName = new KerberosName(modifiedServerPrincipal); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); diff --git a/zookeeper-server/src/test/java/org/apache/zookeeper/ClientCanonicalizeTest.java b/zookeeper-server/src/test/java/org/apache/zookeeper/ClientCanonicalizeTest.java index 91dec23..e1238ef 100644 --- a/zookeeper-server/src/test/java/org/apache/zookeeper/ClientCanonicalizeTest.java +++ b/zookeeper-server/src/test/java/org/apache/zookeeper/ClientCanonicalizeTest.java @@ -18,6 +18,7 @@ package org.apache.zookeeper; import java.io.IOException; +import java.net.InetSocketAddress; import org.apache.zookeeper.client.ZKClientConfig; import org.junit.Assert; import org.junit.Test; @@ -73,4 +74,16 @@ public class ClientCanonicalizeTest extends ZKTestCase { Assert.assertEquals("The computed principal does appear to have falled back to the original host name", "zookeeper/zookeeper.apache.org", principal); } + + @Test + public void testGetServerPrincipalReturnConfiguredPrincipalName() { + ZKClientConfig config = new ZKClientConfig(); + String configuredPrincipal = "zookeeper/zookeeper.apache....@apache.org"; + config.setProperty(ZKClientConfig.ZOOKEEPER_SERVER_PRINCIPAL, configuredPrincipal); + + // Testing the case where server principal is configured, therefore InetSocketAddress is passed as null + String serverPrincipal = SaslServerPrincipal.getServerPrincipal((InetSocketAddress) null, config); + Assert.assertEquals(configuredPrincipal, serverPrincipal); + } + }