You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/26 13:28:05 UTC
directory-kerby git commit: DIRKRB-637 - NPE in GssAcceptCred when no
initial GSSCredential is passed to manager.createContext
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 6d38f80bd -> db14ad6b2
DIRKRB-637 - NPE in GssAcceptCred when no initial GSSCredential is passed to manager.createContext
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/db14ad6b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/db14ad6b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/db14ad6b
Branch: refs/heads/trunk
Commit: db14ad6b219c969e744c1d14e40f19230a5a5498
Parents: 6d38f80
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 26 14:27:50 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 26 14:27:50 2017 +0100
----------------------------------------------------------------------
.../kerb/integration/test/KerbyGssAppTest.java | 6 ------
.../kerby/kerberos/kerb/gss/impl/CredUtils.java | 8 +++++++-
.../kerberos/kerb/gss/impl/GssAcceptCred.java | 17 ++++++++++++++---
.../kerberos/kerb/gss/impl/GssNameElement.java | 4 ++++
4 files changed, 25 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
index df1bb7b..b6f4e43 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
@@ -21,7 +21,6 @@ package org.apache.kerby.kerberos.kerb.integration.test;
import org.apache.kerby.kerberos.kerb.gss.KerbyGssProvider;
import org.junit.Before;
-import org.junit.Test;
import java.security.Provider;
@@ -35,9 +34,4 @@ public class KerbyGssAppTest extends GssAppTest {
super.setUp();
}
- @Test
- @org.junit.Ignore
- public void testServerWithoutInitialCredential() throws Exception {
- super.testServerWithoutInitialCredential();
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
index fdcb046..4088b5c 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
@@ -52,7 +52,13 @@ public class CredUtils {
public static KeyTab getKeyTabFromContext(KerberosPrincipal principal) throws GSSException {
Set<KeyTab> tabs = getContextCredentials(KeyTab.class);
for (KeyTab tab : tabs) {
- KerberosKey[] keys = tab.getKeys(principal);
+ // Use the supplied principal, fall back to the principal of the KeyTab if none is supplied
+ KerberosPrincipal princ = principal;
+ if (princ == null) {
+ princ = tab.getPrincipal();
+ }
+
+ KerberosKey[] keys = tab.getKeys(princ);
if (keys != null && keys.length > 0) {
return tab;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
index 9ba718f..120f9de 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
@@ -21,6 +21,8 @@ package org.apache.kerby.kerberos.kerb.gss.impl;
import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSName;
+
import sun.security.jgss.GSSCaller;
import javax.security.auth.kerberos.KerberosKey;
@@ -34,15 +36,24 @@ public final class GssAcceptCred extends GssCredElement {
public static GssAcceptCred getInstance(final GSSCaller caller,
GssNameElement name, int lifeTime) throws GSSException {
- KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(),
- name.getPrincipalName().getNameType().getValue());
- KeyTab keyTab = CredUtils.getKeyTabFromContext(princ);
+ KeyTab keyTab = null;
+ if (name == null) {
+ keyTab = CredUtils.getKeyTabFromContext(null);
+ } else {
+ KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(),
+ name.getPrincipalName().getNameType().getValue());
+ keyTab = CredUtils.getKeyTabFromContext(princ);
+ }
if (keyTab == null) {
throw new GSSException(GSSException.NO_CRED, -1,
"Failed to find any Kerberos credential for " + name.getPrincipalName().getName());
}
+ if (name == null) {
+ name = GssNameElement.getInstance(keyTab.getPrincipal().getName(), GSSName.NT_HOSTBASED_SERVICE);
+ }
+
return new GssAcceptCred(caller, name, keyTab, lifeTime);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
index bd5c8a4..619b763 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
@@ -68,6 +68,10 @@ public class GssNameElement implements GSSNameSpi {
public static GssNameElement getInstance(String name, Oid oidNameType)
throws GSSException {
+ if (oidNameType == null) {
+ PrincipalName principalName = new PrincipalName(name);
+ return new GssNameElement(principalName, null);
+ }
PrincipalName principalName = new PrincipalName(name, toKerbyNameType(oidNameType));
return new GssNameElement(principalName, oidNameType);
}