diff --git a/README.md b/README.md index f80ae844..30a98a5f 100644 --- a/README.md +++ b/README.md @@ -964,6 +964,12 @@ The CIFS protocol implementation of Overthere defines a number of additional con
N.B.: This connection option is only applicable for the WINRM_INTERNAL connection type, when a Windows domain acount is used. + +winrmKerberosTicketCache +If set to true, enables the use of the Kerberos ticket cache for use in authentication. When enabled, if a password is not specfified the system ticket cache will be used as a The default value is false. +
+N.B.: This connection option is only applicable for the WINRM_INTERNAL connection type, when a Windows domain acount is used. + winrmKerberosUseHttpSpn If set to true, the protocol HTTP will be used in the service principal name (SPN) for which a Kerberos ticket is requested. Otherwise the protocol WSMAN is used. The default value is false. diff --git a/src/main/java/com/xebialabs/overthere/cifs/CifsConnectionBuilder.java b/src/main/java/com/xebialabs/overthere/cifs/CifsConnectionBuilder.java index 1266ca2d..8f5c8b3f 100644 --- a/src/main/java/com/xebialabs/overthere/cifs/CifsConnectionBuilder.java +++ b/src/main/java/com/xebialabs/overthere/cifs/CifsConnectionBuilder.java @@ -143,12 +143,22 @@ public class CifsConnectionBuilder implements OverthereConnectionBuilder { /** * See the online documentation */ - public static final String WINRM_KERBEROS_DEBUG = "winrmKerberosDebug"; + public static final String WINRM_KERBEROS_DEBUG = "winrmKerberosDebug"; /** * See the online documentation */ public static final boolean WINRM_KERBEROS_DEBUG_DEFAULT = false; + + /** + * See the online documentation + */ + public static final String WINRM_KERBEROS_TICKET_CACHE = "winrmKerberosTicketCache"; + + /** + * See the online documentation + */ + public static final boolean WINRM_KERBEROS_TICKET_CACHE_DEFAULT = false; /** * See the online documentation diff --git a/src/main/java/com/xebialabs/overthere/cifs/winrm/CifsWinRmConnection.java b/src/main/java/com/xebialabs/overthere/cifs/winrm/CifsWinRmConnection.java index bc633d79..bae4d159 100644 --- a/src/main/java/com/xebialabs/overthere/cifs/winrm/CifsWinRmConnection.java +++ b/src/main/java/com/xebialabs/overthere/cifs/winrm/CifsWinRmConnection.java @@ -66,6 +66,8 @@ import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_KERBEROS_USE_HTTP_SPN; import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_LOCALE; import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_TIMEMOUT; +import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_KERBEROS_TICKET_CACHE; +import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_KERBEROS_TICKET_CACHE_DEFAULT; import static com.xebialabs.overthere.util.OverthereUtils.closeQuietly; import static java.lang.String.format; @@ -245,6 +247,7 @@ private WinRmClient createWinrmClient() { client.setKerberosUseHttpSpn(options.getBoolean(WINRM_KERBEROS_USE_HTTP_SPN, WINRM_KERBEROS_USE_HTTP_SPN_DEFAULT)); client.setKerberosAddPortToSpn(options.getBoolean(WINRM_KERBEROS_ADD_PORT_TO_SPN, WINRM_KERBEROS_ADD_PORT_TO_SPN_DEFAULT)); client.setKerberosDebug(options.getBoolean(WINRM_KERBEROS_DEBUG, WINRM_KERBEROS_DEBUG_DEFAULT)); + client.setKerberosTicketCache(options.getBoolean(WINRM_KERBEROS_TICKET_CACHE, WINRM_KERBEROS_TICKET_CACHE_DEFAULT)); return client; } diff --git a/src/main/java/com/xebialabs/overthere/cifs/winrm/KerberosJaasConfiguration.java b/src/main/java/com/xebialabs/overthere/cifs/winrm/KerberosJaasConfiguration.java index 5374da7d..5e94933f 100644 --- a/src/main/java/com/xebialabs/overthere/cifs/winrm/KerberosJaasConfiguration.java +++ b/src/main/java/com/xebialabs/overthere/cifs/winrm/KerberosJaasConfiguration.java @@ -29,9 +29,16 @@ class KerberosJaasConfiguration extends Configuration { private boolean debug; + private boolean ticketCache; KerberosJaasConfiguration(boolean debug) { this.debug = debug; + this.ticketCache = false; + } + + KerberosJaasConfiguration(boolean debug, boolean ticketCache) { + this.debug = debug; + this.ticketCache = ticketCache; } @Override @@ -41,13 +48,19 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String s) { if (debug) { options.put("debug", "true"); } + + if (ticketCache) { + options.put("useTicketCache", "true"); + } else { + options.put("useTicketCache", "false"); + } + options.put("refreshKrb5Config", "true"); if (JavaVendor.isIBM()) { options.put("credsType", "initiator"); } else { options.put("client", "true"); - options.put("useTicketCache", "false"); options.put("useKeyTab", "false"); options.put("doNotPrompt", "false"); } diff --git a/src/main/java/com/xebialabs/overthere/cifs/winrm/WinRmClient.java b/src/main/java/com/xebialabs/overthere/cifs/winrm/WinRmClient.java index 58c30481..528ec1be 100644 --- a/src/main/java/com/xebialabs/overthere/cifs/winrm/WinRmClient.java +++ b/src/main/java/com/xebialabs/overthere/cifs/winrm/WinRmClient.java @@ -115,6 +115,7 @@ public class WinRmClient { private boolean kerberosUseHttpSpn; private boolean kerberosAddPortToSpn; private boolean kerberosDebug; + private boolean kerberosTicketCache; private String shellId; private String commandId; @@ -358,7 +359,7 @@ private Document runPrivileged(final PrivilegedSendMessage privilegedSendMessage final CallbackHandler handler = new ProvidedAuthCallback(username, password); Document result; try { - final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug)); + final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug, kerberosTicketCache)); lc.login(); result = Subject.doAs(lc.getSubject(), privilegedSendMessage); @@ -589,6 +590,10 @@ public void setKerberosAddPortToSpn(boolean kerberosAddPortToSpn) { public void setKerberosDebug(boolean kerberosDebug) { this.kerberosDebug = kerberosDebug; } + + public void setKerberosTicketCache(boolean kerberosTicketCache) { + this.kerberosTicketCache = kerberosTicketCache; + } private static Logger logger = LoggerFactory.getLogger(WinRmClient.class);