You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/07/04 10:13:55 UTC
svn commit: r553117 - in
/directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos:
GetServiceTicket.java GetTicketGrantingTicket.java KdcControls.java
Author: erodriguez
Date: Wed Jul 4 01:13:53 2007
New Revision: 553117
URL: http://svn.apache.org/viewvc?view=rev&rev=553117
Log:
Added support to Kerberos client for setting flags for proxying, forwarding, renewing, and postdating tickets.
Modified:
directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetServiceTicket.java
directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetTicketGrantingTicket.java
directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/KdcControls.java
Modified: directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetServiceTicket.java
URL: http://svn.apache.org/viewvc/directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetServiceTicket.java?view=diff&rev=553117&r1=553116&r2=553117
==============================================================================
--- directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetServiceTicket.java (original)
+++ directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetServiceTicket.java Wed Jul 4 01:13:53 2007
@@ -254,8 +254,6 @@
RequestBodyModifier modifier = new RequestBodyModifier();
- KdcOptions kdcOptions = new KdcOptions();
-
/*
If the TGT is not for the realm of the end-server
then the sname will be for a TGT for the end-realm
@@ -267,6 +265,8 @@
modifier.setServerName( serverName );
modifier.setRealm( servicePrincipal.getRealm() );
+ KdcOptions kdcOptions = new KdcOptions();
+
// Set the requested starting time.
if ( controls.getStartTime() != null )
{
@@ -285,6 +285,26 @@
KerberosTime renewTime = new KerberosTime( currentTime + controls.getRenewableLifetime() );
modifier.setRtime( renewTime );
kdcOptions.set( KdcOptions.RENEWABLE );
+ }
+
+ if ( controls.isProxiable() )
+ {
+ kdcOptions.set( KdcOptions.PROXIABLE );
+ }
+
+ if ( controls.isForwardable() )
+ {
+ kdcOptions.set( KdcOptions.FORWARDABLE );
+ }
+
+ if ( controls.isForwarded() )
+ {
+ kdcOptions.set( KdcOptions.FORWARDED );
+ }
+
+ if ( controls.isProxy() )
+ {
+ kdcOptions.set( KdcOptions.PROXY );
}
modifier.setKdcOptions( kdcOptions );
Modified: directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetTicketGrantingTicket.java
URL: http://svn.apache.org/viewvc/directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetTicketGrantingTicket.java?view=diff&rev=553117&r1=553116&r2=553117
==============================================================================
--- directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetTicketGrantingTicket.java (original)
+++ directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/GetTicketGrantingTicket.java Wed Jul 4 01:13:53 2007
@@ -241,8 +241,6 @@
KerberosKey kerberosKey = new KerberosKey( clientPrincipal, password.toCharArray(), "DES" );
clientKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
- KdcOptions kdcOptions = new KdcOptions();
-
PreAuthenticationData[] paData = new PreAuthenticationData[1];
if ( controls.isUsePaEncTimestamp() )
@@ -280,20 +278,41 @@
.getNameType() );
modifier.setServerName( serverName );
- if ( kdcOptions.get( KdcOptions.POSTDATED ) )
+ KdcOptions kdcOptions = new KdcOptions();
+
+ // Set the requested starting time.
+ if ( controls.getStartTime() != null )
{
- // body.from := requested starting time;
+ KerberosTime fromTime = new KerberosTime( controls.getStartTime() );
+ modifier.setFrom( fromTime );
+ kdcOptions.set( KdcOptions.POSTDATED );
}
long currentTime = System.currentTimeMillis();
- KerberosTime endTime = new KerberosTime( currentTime + KdcControls.DAY );
+ KerberosTime endTime = new KerberosTime( currentTime + controls.getLifeTime() );
modifier.setTill( endTime );
- if ( kdcOptions.get( KdcOptions.RENEWABLE ) )
+ if ( controls.getRenewableLifetime() > 0 )
+ {
+ KerberosTime renewTime = new KerberosTime( currentTime + controls.getRenewableLifetime() );
+ modifier.setRtime( renewTime );
+ kdcOptions.set( KdcOptions.RENEWABLE );
+ }
+
+ if ( controls.isAllowPostdate() )
+ {
+ kdcOptions.set( KdcOptions.ALLOW_POSTDATE );
+ }
+
+ if ( controls.isProxiable() )
+ {
+ kdcOptions.set( KdcOptions.PROXIABLE );
+ }
+
+ if ( controls.isForwardable() )
{
- KerberosTime rTime = new KerberosTime( currentTime + KdcControls.WEEK );
- modifier.setRtime( rTime );
+ kdcOptions.set( KdcOptions.FORWARDABLE );
}
modifier.setKdcOptions( kdcOptions );
Modified: directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/KdcControls.java
URL: http://svn.apache.org/viewvc/directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/KdcControls.java?view=diff&rev=553117&r1=553116&r2=553117
==============================================================================
--- directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/KdcControls.java (original)
+++ directory/clients/trunk/kerberos/client/src/main/java/org/apache/directory/client/kerberos/KdcControls.java Wed Jul 4 01:13:53 2007
@@ -61,6 +61,12 @@
/** Whether proxiable addresses are allowed. */
private boolean isProxiable = false;
+ /** Whether the request is for a proxy ticket. */
+ private boolean isProxy = false;
+
+ /** Whether the request is for a forwarded ticket. */
+ private boolean isForwarded = false;
+
/** The encryption types. */
private List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
@@ -205,6 +211,28 @@
/**
+ * Returns whether to request a forwarded ticket.
+ *
+ * @return true if the request is for a forwarded ticket.
+ */
+ public boolean isForwarded()
+ {
+ return isForwarded;
+ }
+
+
+ /**
+ * Sets whether to request a forwarded ticket.
+ *
+ * @param isForwarded
+ */
+ public void setForwarded( boolean isForwarded )
+ {
+ this.isForwarded = isForwarded;
+ }
+
+
+ /**
* Returns whether to request a proxiable ticket.
*
* @return true if the request is for a proxiable ticket.
@@ -223,6 +251,28 @@
public void setProxiable( boolean isProxiable )
{
this.isProxiable = isProxiable;
+ }
+
+
+ /**
+ * Returns whether to request a proxy ticket.
+ *
+ * @return true if the request is for a proxy ticket.
+ */
+ public boolean isProxy()
+ {
+ return isProxy;
+ }
+
+
+ /**
+ * Sets whether to request a proxy ticket.
+ *
+ * @param isProxy
+ */
+ public void setProxy( boolean isProxy )
+ {
+ this.isProxy = isProxy;
}