You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/02/27 02:40:24 UTC
svn commit: r155608 -
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Author: erodriguez
Date: Sat Feb 26 17:40:23 2005
New Revision: 155608
URL: http://svn.apache.org/viewcvs?view=rev&rev=155608
Log:
Fixes for bugs exposed by MS interoperability.
o RENEWABLE is a valid request option.
o Bad options should return a KDC_ERR_BADOPTION.
o KerberosTime rtime is OPTIONAL.
Modified:
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Modified: incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
URL: http://svn.apache.org/viewcvs/incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java?view=diff&r1=155607&r2=155608
==============================================================================
--- incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java (original)
+++ incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java Sat Feb 26 17:40:23 2005
@@ -73,7 +73,9 @@
verifyTicket( tgt, request.getServerPrincipal() );
+ /*
verifyBodyChecksum( authenticator.getChecksum(), request );
+ */
EncryptionKey sessionKey = new RandomKey().getNewSessionKey();
@@ -315,10 +317,9 @@
}
if ( request.getOption( KdcOptions.RESERVED ) ||
- request.getOption( KdcOptions.RENEWABLE ) ||
request.getOption( KdcOptions.RENEWABLE_OK ) )
{
- throw KerberosException.KRB_AP_ERR_TKT_NYV;
+ throw KerberosException.KDC_ERR_BADOPTION;
}
}
@@ -411,7 +412,15 @@
*/
// TODO - client and server configurable; requires store
List minimizer = new ArrayList();
- minimizer.add( rtime );
+
+ /*
+ * 'rtime' KerberosTime is OPTIONAL
+ */
+ if ( rtime != null )
+ {
+ minimizer.add( rtime );
+ }
+
minimizer.add( new KerberosTime( now.getTime() + config.getMaximumRenewableLifetime() ) );
minimizer.add( tgt.getRenewTill() );
newTicketBody.setRenewTill( (KerberosTime)Collections.min( minimizer ) );