You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2014/02/28 11:44:43 UTC
svn commit: r1572913 - in
/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client:
KdcConfig.java KdcConnection.java
Author: kayyagari
Date: Fri Feb 28 10:44:42 2014
New Revision: 1572913
URL: http://svn.apache.org/r1572913
Log:
o fixed the wrong etype used while decrypting the TGT (DIRKRB-101)
o initialized encryptionTypes in the config
Modified:
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java?rev=1572913&r1=1572912&r2=1572913&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java Fri Feb 28 10:44:42 2014
@@ -58,29 +58,22 @@ public class KdcConfig
/** the timeout of the connection to the Kerberos server */
private int timeout = 60000; // default 1 min
- /** the set of encryption types that the client can support */
+ /** the set of encryption types that the client can support, by default this includes all the encryption types supported by ApacheDS */
private Set<EncryptionType> encryptionTypes;
- /** the default encryption types, this includes <b>many</b> encryption types */
- private static Set<EncryptionType> DEFAULT_ENCRYPTION_TYPES;
-
- static
- {
- DEFAULT_ENCRYPTION_TYPES = new HashSet<EncryptionType>();
-
- DEFAULT_ENCRYPTION_TYPES.add( AES128_CTS_HMAC_SHA1_96 );
- DEFAULT_ENCRYPTION_TYPES.add( AES256_CTS_HMAC_SHA1_96 );
- DEFAULT_ENCRYPTION_TYPES.add( DES_CBC_MD5 );
- DEFAULT_ENCRYPTION_TYPES.add( DES3_CBC_SHA1_KD );
- DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC );
- //DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC_EXP );
-
- DEFAULT_ENCRYPTION_TYPES = KerberosUtils.orderEtypesByStrength( DEFAULT_ENCRYPTION_TYPES );
- }
-
public KdcConfig()
{
+ encryptionTypes = new HashSet<EncryptionType>();
+
+ encryptionTypes.add( AES128_CTS_HMAC_SHA1_96 );
+ encryptionTypes.add( AES256_CTS_HMAC_SHA1_96 );
+ encryptionTypes.add( DES_CBC_MD5 );
+ encryptionTypes.add( DES3_CBC_SHA1_KD );
+ encryptionTypes.add( RC4_HMAC );
+ //DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC_EXP );
+
+ encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
}
Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1572913&r1=1572912&r2=1572913&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java Fri Feb 28 10:44:42 2014
@@ -206,8 +206,7 @@ public class KdcConnection
return tgt;
}
- private EncryptionType usedEType;
-
+
/* default protected */ TgTicket _getTgt( TgtRequest clientTgtReq ) throws KerberosException
{
String realm = clientTgtReq.getRealm();
@@ -260,7 +259,6 @@ public class KdcConnection
}
EncryptionType encryptionType = clientTgtReq.getETypes().iterator().next();
- usedEType = encryptionType;
EncryptionKey clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType );
AsReq req = new AsReq();
@@ -315,6 +313,12 @@ public class KdcConnection
throw new KerberosException( ErrorType.KRB_ERR_WRONG_REALM );
}
+ if ( encryptionType != rep.getEncPart().getEType() )
+ {
+ encryptionType = rep.getEncPart().getEType();
+ clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType );
+ }
+
byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, rep.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
EncKdcRepPart encKdcRepPart = null;
@@ -543,7 +547,7 @@ public class KdcConnection
authenticator.setCusec( 0 );
authenticator.setSeqNumber( nonceGenerator.nextInt() );
- EncryptionKey subKey = RandomKeyFactory.getRandomKey( usedEType );
+ EncryptionKey subKey = RandomKeyFactory.getRandomKey( tgt.getEncKdcRepPart().getKey().getKeyType() );
authenticator.setSubKey( subKey );