You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/26 13:28:05 UTC

directory-kerby git commit: DIRKRB-637 - NPE in GssAcceptCred when no initial GSSCredential is passed to manager.createContext

Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 6d38f80bd -> db14ad6b2


DIRKRB-637 - NPE in GssAcceptCred when no initial GSSCredential is passed to manager.createContext


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/db14ad6b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/db14ad6b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/db14ad6b

Branch: refs/heads/trunk
Commit: db14ad6b219c969e744c1d14e40f19230a5a5498
Parents: 6d38f80
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 26 14:27:50 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 26 14:27:50 2017 +0100

----------------------------------------------------------------------
 .../kerb/integration/test/KerbyGssAppTest.java     |  6 ------
 .../kerby/kerberos/kerb/gss/impl/CredUtils.java    |  8 +++++++-
 .../kerberos/kerb/gss/impl/GssAcceptCred.java      | 17 ++++++++++++++---
 .../kerberos/kerb/gss/impl/GssNameElement.java     |  4 ++++
 4 files changed, 25 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
index df1bb7b..b6f4e43 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
@@ -21,7 +21,6 @@ package org.apache.kerby.kerberos.kerb.integration.test;
 
 import org.apache.kerby.kerberos.kerb.gss.KerbyGssProvider;
 import org.junit.Before;
-import org.junit.Test;
 
 import java.security.Provider;
 
@@ -35,9 +34,4 @@ public class KerbyGssAppTest extends GssAppTest {
         super.setUp();
     }
 
-    @Test
-    @org.junit.Ignore
-    public void testServerWithoutInitialCredential() throws Exception {
-        super.testServerWithoutInitialCredential();
-    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
index fdcb046..4088b5c 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
@@ -52,7 +52,13 @@ public class CredUtils {
     public static KeyTab getKeyTabFromContext(KerberosPrincipal principal) throws GSSException {
         Set<KeyTab> tabs = getContextCredentials(KeyTab.class);
         for (KeyTab tab : tabs) {
-            KerberosKey[] keys = tab.getKeys(principal);
+            // Use the supplied principal, fall back to the principal of the KeyTab if none is supplied
+            KerberosPrincipal princ = principal;
+            if (princ == null) {
+                princ = tab.getPrincipal();
+            }
+
+            KerberosKey[] keys = tab.getKeys(princ);
             if (keys != null && keys.length > 0) {
                 return tab;
             }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
index 9ba718f..120f9de 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
@@ -21,6 +21,8 @@ package org.apache.kerby.kerberos.kerb.gss.impl;
 
 
 import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSName;
+
 import sun.security.jgss.GSSCaller;
 
 import javax.security.auth.kerberos.KerberosKey;
@@ -34,15 +36,24 @@ public final class GssAcceptCred extends GssCredElement {
     public static GssAcceptCred getInstance(final GSSCaller caller,
                                             GssNameElement name, int lifeTime) throws GSSException {
 
-        KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(),
-                name.getPrincipalName().getNameType().getValue());
-        KeyTab keyTab = CredUtils.getKeyTabFromContext(princ);
+        KeyTab keyTab = null;
+        if (name == null) {
+            keyTab = CredUtils.getKeyTabFromContext(null);
+        } else {
+            KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(),
+                                                            name.getPrincipalName().getNameType().getValue());
+            keyTab = CredUtils.getKeyTabFromContext(princ);
+        }
 
         if (keyTab == null) {
             throw new GSSException(GSSException.NO_CRED, -1,
                     "Failed to find any Kerberos credential for " + name.getPrincipalName().getName());
         }
 
+        if (name == null) {
+            name = GssNameElement.getInstance(keyTab.getPrincipal().getName(), GSSName.NT_HOSTBASED_SERVICE);
+        }
+
         return new GssAcceptCred(caller, name, keyTab, lifeTime);
     }
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db14ad6b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
index bd5c8a4..619b763 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssNameElement.java
@@ -68,6 +68,10 @@ public class GssNameElement implements GSSNameSpi {
 
     public static GssNameElement getInstance(String name, Oid oidNameType)
             throws GSSException {
+        if (oidNameType == null) {
+            PrincipalName principalName = new PrincipalName(name);
+            return new GssNameElement(principalName, null);
+        }
         PrincipalName principalName = new PrincipalName(name, toKerbyNameType(oidNameType));
         return new GssNameElement(principalName, oidNameType);
     }