You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/04/23 13:23:36 UTC
[1/2] directory-kerby git commit: Fixed some issues in issuing
service ticket
Repository: directory-kerby
Updated Branches:
refs/heads/master bcd790909 -> 0bb77a111
Fixed some issues in issuing service ticket
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/61b61e17
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/61b61e17
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/61b61e17
Branch: refs/heads/master
Commit: 61b61e17b43a0e72392e076d61d49999c375d9bd
Parents: d696cd1
Author: Drankye <dr...@gmail.com>
Authored: Thu Apr 23 19:22:32 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Thu Apr 23 19:22:32 2015 +0800
----------------------------------------------------------------------
.../kerb/server/request/KdcRequest.java | 14 ++++++--
.../kerb/server/request/TgsRequest.java | 37 ++++++++++++--------
2 files changed, 35 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/61b61e17/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index f893fea..6430d3d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -281,7 +281,7 @@ public abstract class KdcRequest {
EncryptionType encryptionType = getEncryptionType();
EncryptionKey serverKey = getServerEntry().getKeys().get(encryptionType);
- PrincipalName ticketPrincipal = request.getReqBody().getSname();
+ PrincipalName ticketPrincipal = getIssueTicketServerPrincipal();
EncTicketPart encTicketPart = new EncTicketPart();
KdcConfig config = kdcContext.getConfig();
@@ -323,7 +323,7 @@ public abstract class KdcRequest {
EncryptionKey sessionKey = EncryptionHandler.random2Key(getEncryptionType());
encTicketPart.setKey(sessionKey);
- encTicketPart.setCname(request.getReqBody().getCname());
+ encTicketPart.setCname(getIssueTicketClientPrincipal());
encTicketPart.setCrealm(request.getReqBody().getRealm());
TransitedEncoding transEnc = new TransitedEncoding();
@@ -409,6 +409,16 @@ public abstract class KdcRequest {
setTicket(newTicket);
}
+ protected PrincipalName getIssueTicketServerPrincipal() {
+ KdcReq request = getKdcReq();
+ return request.getReqBody().getSname();
+ }
+
+ protected PrincipalName getIssueTicketClientPrincipal() {
+ KdcReq request = getKdcReq();
+ return request.getReqBody().getCname();
+ }
+
private void checkServer() throws KrbException {
KdcReq request = getKdcReq();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/61b61e17/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
index 739d759..9088bd6 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
@@ -42,6 +42,7 @@ import java.nio.ByteBuffer;
public class TgsRequest extends KdcRequest {
private EncryptionKey tgtSessionKey;
+ private Ticket tgtTicket;
public TgsRequest(TgsReq tgsReq, KdcContext kdcContext) {
super(tgsReq, kdcContext);
@@ -57,6 +58,14 @@ public class TgsRequest extends KdcRequest {
this.tgtSessionKey = tgtSessionKey;
}
+ protected PrincipalName getIssueTicketServerPrincipal() {
+ return tgtTicket.getSname();
+ }
+
+ protected PrincipalName getIssueTicketClientPrincipal() {
+ return tgtTicket.getEncPart().getCname();
+ }
+
@Override
protected void checkClient() throws KrbException {
// Nothing to do at this phase because client couldn't be checked out yet.
@@ -73,20 +82,20 @@ public class TgsRequest extends KdcRequest {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
}
- Ticket ticket = apReq.getTicket();
- EncryptionType encType = ticket.getEncryptedEncPart().getEType();
+ tgtTicket = apReq.getTicket();
+ EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType();
EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
- if (ticket.getTktvno() != KrbConstant.KRB_V5) {
+ if (tgtTicket.getTktvno() != KrbConstant.KRB_V5) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
}
- EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(),
+ EncTicketPart encPart = EncryptionUtil.unseal(tgtTicket.getEncryptedEncPart(),
tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
- ticket.setEncPart(encPart);
+ tgtTicket.setEncPart(encPart);
EncryptionKey encKey = null;
//if (apReq.getApOptions().isFlagSet(ApOptions.USE_SESSION_KEY)) {
- encKey = ticket.getEncPart().getKey();
+ encKey = tgtTicket.getEncPart().getKey();
if (encKey == null) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY);
@@ -94,11 +103,11 @@ public class TgsRequest extends KdcRequest {
Authenticator authenticator = EncryptionUtil.unseal(apReq.getEncryptedAuthenticator(),
encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class);
- if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) {
+ if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH);
}
- HostAddresses hostAddresses = ticket.getEncPart().getClientAddresses();
+ HostAddresses hostAddresses = tgtTicket.getEncPart().getClientAddresses();
if (hostAddresses == null || hostAddresses.isEmpty()) {
if (!kdcContext.getConfig().isEmptyAddressesAllowed()) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
@@ -107,8 +116,8 @@ public class TgsRequest extends KdcRequest {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
}
- PrincipalName serverPrincipal = ticket.getSname();
- serverPrincipal.setRealm(ticket.getRealm());
+ PrincipalName serverPrincipal = tgtTicket.getSname();
+ serverPrincipal.setRealm(tgtTicket.getRealm());
PrincipalName clientPrincipal = authenticator.getCname();
clientPrincipal.setRealm(authenticator.getCrealm());
KrbIdentity clientEntry = getEntry(clientPrincipal.getName());
@@ -120,22 +129,22 @@ public class TgsRequest extends KdcRequest {
}
KerberosTime now = KerberosTime.now();
- KerberosTime startTime = ticket.getEncPart().getStartTime();
+ KerberosTime startTime = tgtTicket.getEncPart().getStartTime();
if (startTime == null) {
- startTime = ticket.getEncPart().getAuthTime();
+ startTime = tgtTicket.getEncPart().getAuthTime();
}
if (! startTime.lessThan(now)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV);
}
- KerberosTime endTime = ticket.getEncPart().getEndTime();
+ KerberosTime endTime = tgtTicket.getEncPart().getEndTime();
if (! endTime.greaterThan(now)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED);
}
apReq.getApOptions().setFlag(ApOption.MUTUAL_REQUIRED);
- setTgtSessionKey(ticket.getEncPart().getKey());
+ setTgtSessionKey(tgtTicket.getEncPart().getKey());
}
@Override
[2/2] directory-kerby git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/directory-kerby
Posted by dr...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/directory-kerby
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0bb77a11
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0bb77a11
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0bb77a11
Branch: refs/heads/master
Commit: 0bb77a1111cedc12cbc5589bd4b88a49633fda07
Parents: 61b61e1 bcd7909
Author: Drankye <dr...@gmail.com>
Authored: Thu Apr 23 19:23:02 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Thu Apr 23 19:23:02 2015 +0800
----------------------------------------------------------------------
.../kerb/crypto/CheckSumTypeHandler.java | 28 +++++++++---------
.../kerberos/kerb/crypto/CryptoTypeHandler.java | 8 ++---
.../kerberos/kerb/crypto/EncTypeHandler.java | 31 ++++++++++----------
.../kerberos/kerb/crypto/EncryptionHandler.java | 2 +-
.../crypto/cksum/ConfounderedDesCheckSum.java | 2 +-
.../kerb/crypto/cksum/HashProvider.java | 10 +++----
.../kerb/crypto/enc/Aes128CtsHmacSha1Enc.java | 4 ---
.../kerb/crypto/enc/Aes256CtsHmacSha1Enc.java | 3 --
.../kerb/crypto/enc/Camellia128CtsCmacEnc.java | 5 ----
.../kerb/crypto/enc/Camellia256CtsCmacEnc.java | 5 ----
.../kerb/crypto/enc/Des3CbcSha1Enc.java | 4 ---
.../kerb/crypto/enc/EncryptProvider.java | 18 ++++++------
.../kerberos/kerb/crypto/enc/KeKiCmacEnc.java | 7 ++---
.../kerb/crypto/enc/KeKiHmacSha1Enc.java | 2 --
.../kerb/crypto/enc/provider/DesProvider.java | 2 +-
.../kerberos/kerb/crypto/key/DesKeyMaker.java | 1 +
.../kerberos/kerb/crypto/key/KeyMaker.java | 4 +--
.../kerb/crypto/random/RandomProvider.java | 8 ++---
.../kerberos/kerb/crypto/util/BytesUtil.java | 1 +
.../kerberos/kerb/crypto/util/Camellia.java | 2 +-
.../kerberos/kerb/crypto/util/CamelliaKey.java | 1 +
.../kerby/kerberos/kerb/crypto/util/Cmac.java | 1 +
.../kerby/kerberos/kerb/crypto/util/Md4.java | 1 +
.../kerby/kerberos/kerb/crypto/util/Nfold.java | 1 +
24 files changed, 65 insertions(+), 86 deletions(-)
----------------------------------------------------------------------