You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2016/06/30 08:53:49 UTC
[02/44] directory-kerby git commit: PreAuth and incorrect Password
fails silently.
PreAuth and incorrect Password fails silently.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/1adbb865
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/1adbb865
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/1adbb865
Branch: refs/heads/gssapi
Commit: 1adbb865db4d02adefe567dda7a2005fa20c1079
Parents: f77c4b3
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Apr 19 15:19:24 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Apr 19 15:19:24 2016 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/client/KrbHandler.java | 4 ++++
.../org/apache/kerby/kerberos/kerb/server/KdcHandler.java | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1adbb865/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
index 38e93b2..c885001 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
@@ -136,6 +136,10 @@ public abstract class KrbHandler {
handleRequest(kdcRequest);
LOG.info("Retry with the new kdc request including pre-authentication.");
}
+ if (error.getErrorCode() == KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY) {
+ LOG.info(error.getEtext());
+ throw new KrbException(error.getErrorCode(), error.getEtext());
+ }
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1adbb865/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 7abf49f..02830bd 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -118,6 +118,15 @@ public class KdcHandler {
if (e instanceof KdcRecoverableException) {
krbResponse = handleRecoverableException(
(KdcRecoverableException) e, kdcRequest);
+ } else if (e.getMessage().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY.getMessage())) {
+ KrbError krbError = new KrbError();
+ krbError.setStime(KerberosTime.now());
+ krbError.setErrorCode(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
+ krbError.setSname(kdcRequest.getServerPrincipal());
+ krbError.setRealm(kdcContext.getKdcRealm());
+ krbError.setEtext("PREAUTH_FAILED");
+ krbResponse = krbError;
} else {
throw e;
}