You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/21 11:26:52 UTC
[05/50] [abbrv] directory-kerby git commit: DIRKRB-561 Jaas client
failed to decode KrbError message from Kerby KDC.
DIRKRB-561 Jaas client failed to decode KrbError message from Kerby KDC.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/aa1bd31e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/aa1bd31e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/aa1bd31e
Branch: refs/heads/gssapi
Commit: aa1bd31e203a303fa953eee0f04438f43c468749
Parents: fe4f0b8
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Apr 26 16:54:36 2016 +0800
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 21 12:25:02 2017 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kerb/type/base/KrbError.java | 18 +++++++++---------
.../kerby/kerberos/kerb/server/KdcHandler.java | 16 ++++++++++++++--
.../kerberos/kerb/server/request/AsRequest.java | 1 +
.../kerberos/kerb/server/request/KdcRequest.java | 17 +++++++++++++++++
4 files changed, 41 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aa1bd31e/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
index 9e272d5..52ffb49 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
@@ -80,9 +80,9 @@ public class KrbError extends KrbMessage {
new ExplicitField(KrbErrorField.STIME, KerberosTime.class),
new ExplicitField(KrbErrorField.SUSEC, Asn1Integer.class),
new ExplicitField(KrbErrorField.ERROR_CODE, Asn1Integer.class),
- new ExplicitField(KrbErrorField.CREALM, KerberosString.class),
+ new ExplicitField(KrbErrorField.CREALM, Realm.class),
new ExplicitField(KrbErrorField.CNAME, PrincipalName.class),
- new ExplicitField(KrbErrorField.REALM, KerberosString.class),
+ new ExplicitField(KrbErrorField.REALM, Realm.class),
new ExplicitField(KrbErrorField.SNAME, PrincipalName.class),
new ExplicitField(KrbErrorField.ETEXT, KerberosString.class),
new ExplicitField(KrbErrorField.EDATA, Asn1OctetString.class)
@@ -129,7 +129,7 @@ public class KrbError extends KrbMessage {
}
public void setErrorCode(KrbErrorCode errorCode) {
- setField(KrbErrorField.ERROR_CODE, errorCode);
+ setFieldAsInt(KrbErrorField.ERROR_CODE, errorCode.getValue());
}
public String getCrealm() {
@@ -137,15 +137,15 @@ public class KrbError extends KrbMessage {
}
public void setCrealm(String realm) {
- setFieldAs(KrbErrorField.CREALM, new KerberosString(realm));
+ setFieldAs(KrbErrorField.CREALM, new Realm(realm));
}
public PrincipalName getCname() {
return getFieldAs(KrbErrorField.CNAME, PrincipalName.class);
}
- public void setCname(PrincipalName sname) {
- setFieldAs(KrbErrorField.CNAME, sname);
+ public void setCname(PrincipalName cname) {
+ setFieldAs(KrbErrorField.CNAME, cname);
}
public PrincipalName getSname() {
@@ -161,15 +161,15 @@ public class KrbError extends KrbMessage {
}
public void setRealm(String realm) {
- setFieldAs(KrbErrorField.REALM, new KerberosString(realm));
+ setFieldAs(KrbErrorField.REALM, new Realm(realm));
}
public String getEtext() {
return getFieldAsString(KrbErrorField.ETEXT);
}
- public void setEtext(String realm) {
- setFieldAs(KrbErrorField.ETEXT, new KerberosString(realm));
+ public void setEtext(String text) {
+ setFieldAs(KrbErrorField.ETEXT, new KerberosString(text));
}
public byte[] getEdata() {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aa1bd31e/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 748f0bc..aa896c2 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -121,12 +121,24 @@ public class KdcHandler {
} else {
KrbError krbError = new KrbError();
krbError.setStime(KerberosTime.now());
+ krbError.setSusec(100);
krbError.setErrorCode(e.getKrbErrorCode());
- krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
- krbError.setSname(kdcRequest.getServerPrincipal());
+ krbError.setCrealm(kdcContext.getKdcRealm());
+ if (kdcRequest.getClientPrincipal() != null) {
+ krbError.setCname(kdcRequest.getClientPrincipal());
+ }
krbError.setRealm(kdcContext.getKdcRealm());
+ if (kdcRequest.getServerPrincipal() != null) {
+ krbError.setSname(kdcRequest.getServerPrincipal());
+ } else {
+ PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname();
+ serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm());
+ krbError.setSname(serverPrincipal);
+ }
if (e.getKrbErrorCode().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY)) {
krbError.setEtext("PREAUTH_FAILED");
+ } else {
+ krbError.setEtext(e.getMessage());
}
krbResponse = krbError;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aa1bd31e/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 49aa892..66fdac5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -73,6 +73,7 @@ public class AsRequest extends KdcRequest {
clientRealm = getKdcContext().getKdcRealm();
}
clientPrincipal.setRealm(clientRealm);
+ setClientPrincipal(clientPrincipal);
KrbIdentity clientEntry;
if (isToken()) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/aa1bd31e/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index abd7eec..8203501 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -90,6 +90,7 @@ public abstract class KdcRequest {
private KrbIdentity tgsEntry;
private PreauthContext preauthContext;
private KdcFastContext fastContext;
+ private PrincipalName clientPrincipal;
private PrincipalName serverPrincipal;
private byte[] innerBodyout;
private AuthToken token;
@@ -757,6 +758,22 @@ public abstract class KdcRequest {
}
/**
+ * Get client principal.
+ * @return client principal
+ */
+ public PrincipalName getClientPrincipal() {
+ return clientPrincipal;
+ }
+
+ /**
+ * Set client principal.
+ * @param clientPrincipal client principal
+ */
+ public void setClientPrincipal(PrincipalName clientPrincipal) {
+ this.clientPrincipal = clientPrincipal;
+ }
+
+ /**
* Get server principal.
* @return server principal
*/