You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/07/21 13:34:47 UTC
svn commit: r558309 -
/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
Author: erodriguez
Date: Sat Jul 21 04:34:46 2007
New Revision: 558309
URL: http://svn.apache.org/viewvc?view=rev&rev=558309
Log:
Minor improvement to error handling when a request is made to TGS without an auth header present.
Modified:
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java?view=diff&rev=558309&r1=558308&r2=558309
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java Sat Jul 21 04:34:46 2007
@@ -37,6 +37,10 @@
/**
* Differs from the changepw getAuthHeader by verifying the presence of TGS_REQ.
*
+ * Note that reading the application request requires first determining the server
+ * for which a ticket was issued, and choosing the correct key for decryption. The
+ * name of the server appears in the plaintext part of the ticket.
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
@@ -62,8 +66,14 @@
protected ApplicationRequest getAuthHeader( KdcRequest request ) throws KerberosException, IOException
{
- byte[] undecodedAuthHeader = null;
PreAuthenticationData[] preAuthData = request.getPreAuthData();
+
+ if ( preAuthData == null || preAuthData.length < 1 )
+ {
+ throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
+ }
+
+ byte[] undecodedAuthHeader = null;
for ( int ii = 0; ii < preAuthData.length; ii++ )
{