You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2017/09/05 02:02:07 UTC
[2/2] directory-kerby git commit: DIRKRB-647 - Compilation error with
java7 in gss module
DIRKRB-647 - Compilation error with java7 in gss module
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c4c43ced
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c4c43ced
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c4c43ced
Branch: refs/heads/cross-realm
Commit: c4c43ced6e7cad8e3e1f900a3281bf0e65721ff2
Parents: ea9f606
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Aug 30 10:16:47 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Aug 30 10:16:47 2017 +0100
----------------------------------------------------------------------
.../kerb/integration/test/KerbyGssAppTest.java | 10 ++++++++
.../kerby/kerberos/kerb/gss/impl/CredUtils.java | 27 ++++++++++++++++----
.../kerberos/kerb/gss/impl/GssAcceptCred.java | 20 +++++++++++++--
3 files changed, 50 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4c43ced/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
index b6f4e43..7488d51 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.integration.test;
import org.apache.kerby.kerberos.kerb.gss.KerbyGssProvider;
import org.junit.Before;
+import org.junit.Test;
import java.security.Provider;
@@ -34,4 +35,13 @@ public class KerbyGssAppTest extends GssAppTest {
super.setUp();
}
+ @Test
+ public void testServerWithoutInitialCredential() throws Exception {
+ String version = System.getProperty("java.version");
+ // See DIRKRB-647
+ if (!version.startsWith("1.7")) {
+ super.testServerWithoutInitialCredential();
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4c43ced/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
index eded06d..9433bf5 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java
@@ -1,10 +1,16 @@
package org.apache.kerby.kerberos.kerb.gss.impl;
import org.ietf.jgss.GSSException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import sun.security.jgss.GSSCaller;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.*;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedActionException;
@@ -16,6 +22,8 @@ import java.util.Set;
*/
public class CredUtils {
+ private static final Logger LOG = LoggerFactory.getLogger(CredUtils.class);
+
public static <T> Set<T> getContextPrivateCredentials(Class<T> credentialType, AccessControlContext acc) {
Subject subject = Subject.getSubject(acc);
Set<T> creds = subject.getPrivateCredentials(credentialType);
@@ -58,15 +66,24 @@ public class CredUtils {
public static KeyTab getKeyTabFromContext(KerberosPrincipal principal) throws GSSException {
Set<KeyTab> tabs = getContextCredentials(KeyTab.class);
for (KeyTab tab : tabs) {
- // Use the supplied principal, fall back to the principal of the KeyTab if none is supplied
+ // Use the supplied principal
KerberosPrincipal princ = principal;
if (princ == null) {
- princ = tab.getPrincipal();
+ // fall back to the principal of the KeyTab (if JDK 1.8) if none is supplied
+ try {
+ Method m = tab.getClass().getDeclaredMethod("getPrincipal");
+ princ = (KerberosPrincipal) m.invoke(tab);
+ } catch (NoSuchMethodException | SecurityException | IllegalAccessException
+ | IllegalArgumentException | InvocationTargetException e) {
+ LOG.info("Can't get a principal from the keytab", e);
+ }
}
- KerberosKey[] keys = tab.getKeys(princ);
- if (keys != null && keys.length > 0) {
- return tab;
+ if (princ != null) {
+ KerberosKey[] keys = tab.getKeys(princ);
+ if (keys != null && keys.length > 0) {
+ return tab;
+ }
}
}
return null;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4c43ced/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
index de198d8..5d1b88e 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
@@ -23,16 +23,23 @@ package org.apache.kerby.kerberos.kerb.gss.impl;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import sun.security.jgss.GSSCaller;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.util.Set;
public final class GssAcceptCred extends GssCredElement {
+ private static final Logger LOG = LoggerFactory.getLogger(GssAcceptCred.class);
+
private final KeyTab keyTab;
private final Set<KerberosKey> kerberosKeySet;
@@ -61,8 +68,17 @@ public final class GssAcceptCred extends GssCredElement {
if (name == null) {
if (keyTab != null) {
- name = GssNameElement.getInstance(keyTab.getPrincipal().getName(),
- GSSName.NT_HOSTBASED_SERVICE);
+ try {
+ Method m = keyTab.getClass().getDeclaredMethod("getPrincipal");
+ KerberosPrincipal princ = (KerberosPrincipal) m.invoke(keyTab);
+ name = GssNameElement.getInstance(princ.getName(),
+ GSSName.NT_HOSTBASED_SERVICE);
+ } catch (NoSuchMethodException | SecurityException | IllegalAccessException
+ | IllegalArgumentException | InvocationTargetException e) {
+ String error = "Can't get a principal from the keytab";
+ LOG.info(error, e);
+ throw new GSSException(GSSException.NO_CRED, -1, error);
+ }
} else {
name = GssNameElement.getInstance(
kerberosKeySet.iterator().next().getPrincipal().getName(),