You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/17 08:12:17 UTC

directory-kerby git commit: DIRKRB-448 Enhance AbstractInternalKrbClient and AsRequest to insert a provided server name. Contributed by Steve.

Repository: directory-kerby
Updated Branches:
  refs/heads/master c3c778f3a -> abe9daa52


DIRKRB-448 Enhance AbstractInternalKrbClient and AsRequest to insert a provided server name. Contributed by Steve.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/abe9daa5
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/abe9daa5
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/abe9daa5

Branch: refs/heads/master
Commit: abe9daa52e6c76e03b0e8ce04b47e77801d5d110
Parents: c3c778f
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Nov 17 15:18:41 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Nov 17 15:18:41 2015 +0800

----------------------------------------------------------------------
 .../kerb/client/impl/AbstractInternalKrbClient.java       |  8 ++++++++
 .../kerby/kerberos/kerb/client/request/AsRequest.java     | 10 +++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/abe9daa5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 2c55ff8..40d1827 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -33,6 +33,7 @@ import org.apache.kerby.kerberos.kerb.client.request.AsRequestWithToken;
 import org.apache.kerby.kerberos.kerb.client.request.TgsRequest;
 import org.apache.kerby.kerberos.kerb.client.request.TgsRequestWithTgt;
 import org.apache.kerby.kerberos.kerb.client.request.TgsRequestWithToken;
+import org.apache.kerby.kerberos.kerb.spec.base.NameType;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
@@ -100,6 +101,13 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
             principal = fixPrincipal(principal);
             asRequest.setClientPrincipal(new PrincipalName(principal));
         }
+        if (requestOptions.contains(KrbOption.SERVER_PRINCIPAL)) {
+            String serverPrincipalName = requestOptions.getStringOption(KrbOption.SERVER_PRINCIPAL);
+            serverPrincipalName = fixPrincipal(serverPrincipalName);
+            PrincipalName serverPrincipal = new PrincipalName(serverPrincipalName, NameType.NT_PRINCIPAL);
+            asRequest.setServerPrincipal(serverPrincipal);
+        }
+
         asRequest.setKrbOptions(requestOptions);
 
         return doRequestTgtTicket(asRequest);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/abe9daa5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
index 75216a8..82d35f8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequest.java
@@ -111,9 +111,13 @@ public class AsRequest extends KdcRequest {
             throw new KrbException("Nonce didn't match");
         }
 
-        PrincipalName tmpServerPrincipal = encKdcRepPart.getSname();
-        tmpServerPrincipal.setRealm(encKdcRepPart.getSrealm());
-        if (!tmpServerPrincipal.equals(getServerPrincipal())) {
+        PrincipalName returnedServerPrincipal = encKdcRepPart.getSname();
+        returnedServerPrincipal.setRealm(encKdcRepPart.getSrealm());
+        PrincipalName requestedServerPrincipal = getServerPrincipal();
+        if (requestedServerPrincipal.getRealm() == null) {
+            requestedServerPrincipal.setRealm(getContext().getKrbSetting().getKdcRealm());
+        }
+        if (!returnedServerPrincipal.equals(requestedServerPrincipal)) {
             throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
         }