You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by er...@apache.org on 2007/07/21 13:34:47 UTC

svn commit: r558309 - /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java

Author: erodriguez
Date: Sat Jul 21 04:34:46 2007
New Revision: 558309

URL: http://svn.apache.org/viewvc?view=rev&rev=558309
Log:
Minor improvement to error handling when a request is made to TGS without an auth header present.

Modified:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java?view=diff&rev=558309&r1=558308&r2=558309
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java Sat Jul 21 04:34:46 2007
@@ -37,6 +37,10 @@
 /**
  * Differs from the changepw getAuthHeader by verifying the presence of TGS_REQ.
  * 
+ * Note that reading the application request requires first determining the server
+ * for which a ticket was issued, and choosing the correct key for decryption.  The
+ * name of the server appears in the plaintext part of the ticket.
+ * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
@@ -62,8 +66,14 @@
 
     protected ApplicationRequest getAuthHeader( KdcRequest request ) throws KerberosException, IOException
     {
-        byte[] undecodedAuthHeader = null;
         PreAuthenticationData[] preAuthData = request.getPreAuthData();
+
+        if ( preAuthData == null || preAuthData.length < 1 )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
+        }
+
+        byte[] undecodedAuthHeader = null;
 
         for ( int ii = 0; ii < preAuthData.length; ii++ )
         {