You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by er...@apache.org on 2005/02/27 02:40:24 UTC

svn commit: r155608 - incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java

Author: erodriguez
Date: Sat Feb 26 17:40:23 2005
New Revision: 155608

URL: http://svn.apache.org/viewcvs?view=rev&rev=155608
Log:
Fixes for bugs exposed by MS interoperability.
o  RENEWABLE is a valid request option.
o  Bad options should return a KDC_ERR_BADOPTION.
o  KerberosTime rtime is OPTIONAL.


Modified:
    incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java

Modified: incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
URL: http://svn.apache.org/viewcvs/incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java?view=diff&r1=155607&r2=155608
==============================================================================
--- incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java (original)
+++ incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java Sat Feb 26 17:40:23 2005
@@ -73,7 +73,9 @@
 		
 		verifyTicket( tgt, request.getServerPrincipal() );
 		
+		/*
 		verifyBodyChecksum( authenticator.getChecksum(), request );
+		*/
 		
 		EncryptionKey sessionKey = new RandomKey().getNewSessionKey();
 		
@@ -315,10 +317,9 @@
 		}
 
 		if ( request.getOption( KdcOptions.RESERVED ) ||
-				request.getOption( KdcOptions.RENEWABLE ) ||
 				request.getOption( KdcOptions.RENEWABLE_OK ) )
 		{
-				throw KerberosException.KRB_AP_ERR_TKT_NYV;
+				throw KerberosException.KDC_ERR_BADOPTION;
 		}
 	}
 	
@@ -411,7 +412,15 @@
 	        */
 			// TODO - client and server configurable; requires store 
 			List minimizer = new ArrayList();
-			minimizer.add( rtime );
+			
+			/*
+			 * 'rtime' KerberosTime is OPTIONAL
+			 */
+			if ( rtime != null )
+			{
+			    minimizer.add( rtime );
+			}
+			
 			minimizer.add( new KerberosTime( now.getTime() + config.getMaximumRenewableLifetime() ) );
 			minimizer.add( tgt.getRenewTill() );
 			newTicketBody.setRenewTill( (KerberosTime)Collections.min( minimizer ) );