Merge pull request #145 from mbidewell/master

Add support for configurable use of Kerberos ticket cache.

README.md

@@ -964,6 +964,12 @@ The CIFS protocol implementation of Overthere defines a number of additional con
 	<br/>
 	<strong>N.B.:</strong> This connection option is only applicable for the <strong>WINRM_INTERNAL</strong> connection type, when a Windows domain acount is used.</td>
 </tr>
+<tr>
+<th align="left" valign="top"><a name="cifs_winrmKerberosTicketCache"></a>winrmKerberosTicketCache</th>
+<td>If set to <code>true</code>, enables the use of the Kerberos ticket cache for use in authentication.  When enabled, if a password is not specfified the system ticket cache will be used as a  The default value is <code>false</code>.
+<br/>
+<strong>N.B.:</strong> This connection option is only applicable for the <strong>WINRM_INTERNAL</strong> connection type, when a Windows domain acount is used.</td>
+</tr>
 <tr>
 	<th align="left" valign="top"><a name="cifs_winrmKerberosUseHttpSpn"></a>winrmKerberosUseHttpSpn</th>
 	<td>If set to <code>true</code>, the protocol <code>HTTP</code> will be used in the service principal name (SPN) for which a Kerberos ticket is requested. Otherwise the protocol <code>WSMAN</code> is used. The default value is <code>false</code>.

src/main/java/com/xebialabs/overthere/cifs/CifsConnectionBuilder.java

@@ -143,12 +143,22 @@ public class CifsConnectionBuilder implements OverthereConnectionBuilder {
     /**
      * See <a href="https://github.com/xebialabs/overthere/blob/master/README.md#cifs_winrmKerberosDebug">the online documentation</a>
      */
-    public static final String WINRM_KERBEROS_DEBUG = "winrmKerberosDebug";
+    public static final String WINRM_KERBEROS_DEBUG = "winrmKerberosDebug";  
 
     /**
      * See <a href="https://github.com/xebialabs/overthere/blob/master/README.md#cifs_winrmKerberosDebug">the online documentation</a>
      */
     public static final boolean WINRM_KERBEROS_DEBUG_DEFAULT = false;
+
+    /**
+     * See <a href="https://github.com/xebialabs/overthere/blob/master/README.md#cifs_winrmKerberosTicketCache">the online documentation</a>
+     */
+    public static final String WINRM_KERBEROS_TICKET_CACHE = "winrmKerberosTicketCache";  
+
+    /**
+     * See <a href="https://github.com/xebialabs/overthere/blob/master/README.md#cifs_winrmKerberosTicketCache">the online documentation</a>
+     */
+    public static final boolean WINRM_KERBEROS_TICKET_CACHE_DEFAULT = false;  
 
     /**
      * See <a href="https://github.com/xebialabs/overthere/blob/master/README.md#cifs_winrmLocale">the online documentation</a>

src/main/java/com/xebialabs/overthere/cifs/winrm/CifsWinRmConnection.java

@@ -66,6 +66,8 @@
 import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_KERBEROS_USE_HTTP_SPN;
 import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_LOCALE;
 import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_TIMEMOUT;
+import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_KERBEROS_TICKET_CACHE;
+import static com.xebialabs.overthere.cifs.CifsConnectionBuilder.WINRM_KERBEROS_TICKET_CACHE_DEFAULT;
 import static com.xebialabs.overthere.util.OverthereUtils.closeQuietly;
 import static java.lang.String.format;
 
@@ -245,6 +247,7 @@ private WinRmClient createWinrmClient() {
         client.setKerberosUseHttpSpn(options.getBoolean(WINRM_KERBEROS_USE_HTTP_SPN, WINRM_KERBEROS_USE_HTTP_SPN_DEFAULT));
         client.setKerberosAddPortToSpn(options.getBoolean(WINRM_KERBEROS_ADD_PORT_TO_SPN, WINRM_KERBEROS_ADD_PORT_TO_SPN_DEFAULT));
         client.setKerberosDebug(options.getBoolean(WINRM_KERBEROS_DEBUG, WINRM_KERBEROS_DEBUG_DEFAULT));
+        client.setKerberosTicketCache(options.getBoolean(WINRM_KERBEROS_TICKET_CACHE, WINRM_KERBEROS_TICKET_CACHE_DEFAULT));
         return client;
     }
 

src/main/java/com/xebialabs/overthere/cifs/winrm/KerberosJaasConfiguration.java

@@ -29,9 +29,16 @@
 class KerberosJaasConfiguration extends Configuration {
 
     private boolean debug;
+    private boolean ticketCache;
 
     KerberosJaasConfiguration(boolean debug) {
         this.debug = debug;
+        this.ticketCache = false;
+    }
+
+    KerberosJaasConfiguration(boolean debug, boolean ticketCache) {
+        this.debug = debug;
+        this.ticketCache = ticketCache;
     }
 
     @Override
@@ -41,13 +48,19 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
         if (debug) {
             options.put("debug", "true");
         }
+
+        if (ticketCache) {
+        	options.put("useTicketCache", "true");
+        } else {
+        	options.put("useTicketCache", "false");
+        }
+
         options.put("refreshKrb5Config", "true");
 
         if (JavaVendor.isIBM()) {
             options.put("credsType", "initiator");
         } else {
             options.put("client", "true");
-            options.put("useTicketCache", "false");
             options.put("useKeyTab", "false");
             options.put("doNotPrompt", "false");
         }

src/main/java/com/xebialabs/overthere/cifs/winrm/WinRmClient.java

@@ -115,6 +115,7 @@ public class WinRmClient {
     private boolean kerberosUseHttpSpn;
     private boolean kerberosAddPortToSpn;
     private boolean kerberosDebug;
+    private boolean kerberosTicketCache;
 
     private String shellId;
     private String commandId;
@@ -358,7 +359,7 @@ private Document runPrivileged(final PrivilegedSendMessage privilegedSendMessage
         final CallbackHandler handler = new ProvidedAuthCallback(username, password);
         Document result;
         try {
-            final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug));
+            final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug, kerberosTicketCache));
             lc.login();
 
             result = Subject.doAs(lc.getSubject(), privilegedSendMessage);
@@ -589,6 +590,10 @@ public void setKerberosAddPortToSpn(boolean kerberosAddPortToSpn) {
     public void setKerberosDebug(boolean kerberosDebug) {
         this.kerberosDebug = kerberosDebug;
     }
+
+    public void setKerberosTicketCache(boolean kerberosTicketCache) {
+        this.kerberosTicketCache = kerberosTicketCache;
+    }
 
     private static Logger logger = LoggerFactory.getLogger(WinRmClient.class);