You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/21 05:40:34 UTC
svn commit: r540005 - in
/directory/apacheds/branches/kerberos-encryption-types:
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/
protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/
protocol-k...
Author: erodriguez
Date: Sun May 20 20:40:33 2007
New Revision: 540005
URL: http://svn.apache.org/viewvc?view=rev&rev=540005
Log:
Fixed two problems found during testing with new encryption types:
o TGS GetSessionKey would throw ClassCastException.
o Introduced key usage to auth header verification. Issue affected TGT auth header and service ticket auth header verification, eg Change Password.
Modified:
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Sun May 20 20:40:33 2007
@@ -62,12 +62,13 @@
* @param emptyAddressesAllowed
* @param clientAddress
* @param lockBox
+ * @param authenticatorKeyUsage
* @return The authenticator.
* @throws KerberosException
*/
public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey,
long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress,
- CipherTextHandler lockBox ) throws KerberosException
+ CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage ) throws KerberosException
{
if ( authHeader.getProtocolVersionNumber() != 5 )
{
@@ -111,7 +112,7 @@
ticket.setEncTicketPart( encPart );
Authenticator authenticator = ( Authenticator ) lockBox.unseal( Authenticator.class, ticket.getSessionKey(),
- authHeader.getEncPart(), KeyUsage.NUMBER11 );
+ authHeader.getEncPart(), authenticatorKeyUsage );
if ( !authenticator.getClientPrincipal().getName().equals( ticket.getClientPrincipal().getName() ) )
{
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java Sun May 20 20:40:33 2007
@@ -24,6 +24,7 @@
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -59,7 +60,7 @@
CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew, replayCache,
- emptyAddressesAllowed, clientAddress, cipherTextHandler );
+ emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER11 );
changepwContext.setAuthenticator( authenticator );
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java Sun May 20 20:40:33 2007
@@ -20,7 +20,6 @@
package org.apache.directory.server.kerberos.kdc.ticketgrant;
-import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -39,8 +38,8 @@
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
- AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
- authContext.setSessionKey( RandomKeyFactory.getRandomKey( authContext.getEncryptionType() ) );
+ TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute( getContextKey() );
+ tgsContext.setSessionKey( RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType() ) );
next.execute( session, message );
}
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java Sun May 20 20:40:33 2007
@@ -24,6 +24,7 @@
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -56,7 +57,7 @@
CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
Authenticator authenticator = verifyAuthHeader( authHeader, tgt, serverKey, clockSkew, replayCache,
- emptyAddressesAllowed, clientAddress, cipherTextHandler );
+ emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER7 );
tgsContext.setAuthenticator( authenticator );