You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/24 08:59:36 UTC
[07/27] directory-kerby git commit: DIRKRB-448 Enhance
AbstractInternalKrbClient and AsRequest to insert a provided server name.
Contributed by Steve.
DIRKRB-448 Enhance AbstractInternalKrbClient and AsRequest to insert a provided server name. Contributed by Steve.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/abe9daa5
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/abe9daa5
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/abe9daa5
Branch: refs/heads/pkinit-support
Commit: abe9daa52e6c76e03b0e8ce04b47e77801d5d110
Parents: c3c778f
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Nov 17 15:18:41 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Nov 17 15:18:41 2015 +0800
----------------------------------------------------------------------
.../kerb/client/impl/AbstractInternalKrbClient.java | 8 ++++++++
.../kerby/kerberos/kerb/client/request/AsRequest.java | 10 +++++++---
2 files changed, 15 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/abe9daa5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 2c55ff8..40d1827 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -33,6 +33,7 @@ import org.apache.kerby.kerberos.kerb.client.request.AsRequestWithToken;
import org.apache.kerby.kerberos.kerb.client.request.TgsRequest;
import org.apache.kerby.kerberos.kerb.client.request.TgsRequestWithTgt;
import org.apache.kerby.kerberos.kerb.client.request.TgsRequestWithToken;
+import org.apache.kerby.kerberos.kerb.spec.base.NameType;
import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
@@ -100,6 +101,13 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
principal = fixPrincipal(principal);
asRequest.setClientPrincipal(new PrincipalName(principal));
}
+ if (requestOptions.contains(KrbOption.SERVER_PRINCIPAL)) {
+ String serverPrincipalName = requestOptions.getStringOption(KrbOption.SERVER_PRINCIPAL);
+ serverPrincipalName = fixPrincipal(serverPrincipalName);
+ PrincipalName serverPrincipal = new PrincipalName(serverPrincipalName, NameType.NT_PRINCIPAL);
+ asRequest.setServerPrincipal(serverPrincipal);
+ }
+
asRequest.setKrbOptions(requestOptions);
return doRequestTgtTicket(asRequest);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/abe9daa5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
index 75216a8..82d35f8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
@@ -111,9 +111,13 @@ public class AsRequest extends KdcRequest {
throw new KrbException("Nonce didn't match");
}
- PrincipalName tmpServerPrincipal = encKdcRepPart.getSname();
- tmpServerPrincipal.setRealm(encKdcRepPart.getSrealm());
- if (!tmpServerPrincipal.equals(getServerPrincipal())) {
+ PrincipalName returnedServerPrincipal = encKdcRepPart.getSname();
+ returnedServerPrincipal.setRealm(encKdcRepPart.getSrealm());
+ PrincipalName requestedServerPrincipal = getServerPrincipal();
+ if (requestedServerPrincipal.getRealm() == null) {
+ requestedServerPrincipal.setRealm(getContext().getKrbSetting().getKdcRealm());
+ }
+ if (!returnedServerPrincipal.equals(requestedServerPrincipal)) {
throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
}