You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2019/01/15 11:00:44 UTC

directory-kerby git commit: Fixing the logic in the LoginModules

Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 1d61c68f5 -> 2f20a0cf5


Fixing the logic in the LoginModules


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/2f20a0cf
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/2f20a0cf
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/2f20a0cf

Branch: refs/heads/trunk
Commit: 2f20a0cf5dbb8a85486aa6f425201b8442b67d26
Parents: 1d61c68
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jan 15 11:00:33 2019 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jan 15 11:00:33 2019 +0000

----------------------------------------------------------------------
 .../apache/kerby/has/client/HasLoginModule.java    | 17 ++++++++---------
 .../kerb/client/jaas/TokenAuthLoginModule.java     | 16 +++++++++-------
 2 files changed, 17 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2f20a0cf/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasLoginModule.java
----------------------------------------------------------------------
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasLoginModule.java b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasLoginModule.java
index c763a5b..0c9bdb7 100644
--- a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasLoginModule.java
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasLoginModule.java
@@ -303,7 +303,8 @@ public class HasLoginModule implements LoginModule {
         }
 
         if (useTgtTicket) {
-            if (succeeded == false) {
+            if (!succeeded) {
+                cleanKerberosCred();
                 return false;
             } else {
                 if (isInitiator && cred == null) {
@@ -359,16 +360,14 @@ public class HasLoginModule implements LoginModule {
 
     public boolean abort() throws LoginException {
         if (useTgtTicket) {
-            if (succeeded == false) {
+            if (!succeeded) {
                 return false;
-            } else if (succeeded == true && commitSucceeded == false) {
-                // login succeeded but overall authentication failed
-                succeeded = false;
-                cleanKerberosCred();
-            } else {
-                // overall authentication succeeded and commit succeeded,
-                // but someone else's commit failed
+            } else if (succeeded && commitSucceeded) {
+                // we succeeded, but another required module failed
                 logout();
+            } else {
+                // our commit failed
+                succeeded = false;
             }
             return true;
         } else {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2f20a0cf/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
index b8b4c4e..0f5f730 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
@@ -135,6 +135,7 @@ public class TokenAuthLoginModule implements LoginModule {
     public boolean commit() throws LoginException {
 
         if (!succeeded) {
+            cleanup();
             return false;
         } else {
             KerberosTicket ticket = null;
@@ -180,15 +181,14 @@ public class TokenAuthLoginModule implements LoginModule {
      */
     @Override
     public boolean abort() throws LoginException {
-        if (succeeded == false) {
+        if (!succeeded) {
             return false;
-        } else if (succeeded == true && commitSucceeded == false) {
-            // login succeeded but overall authentication failed
-            succeeded = false;
-        } else {
-            // overall authentication succeeded and commit succeeded,
-            // but someone else's commit failed
+        } else if (succeeded && commitSucceeded) {
+            // we succeeded, but another required module failed
             logout();
+        } else {
+            // our commit failed
+            succeeded = false;
         }
         return true;
     }
@@ -364,6 +364,8 @@ public class TokenAuthLoginModule implements LoginModule {
                 throw new RuntimeException("File delete error!");
             }
         }
+        tgtTicket = null;
+        krbToken = null;
     }
 
     private void throwWith(String error, Exception cause) throws LoginException {