You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/24 11:50:53 UTC
[12/18] directory-kerby git commit: Revert "DIRKRB-568 - Using RFC
4121 tokens in KerbyContext. Thanks to Wei Zhou."
Revert "DIRKRB-568 - Using RFC 4121 tokens in KerbyContext. Thanks to Wei Zhou."
This reverts commit 706b85e3dd943b8832815828534210b2c4a70789.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/05bf04ee
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/05bf04ee
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/05bf04ee
Branch: refs/heads/1.0.x-fixes
Commit: 05bf04ee5fac6840a197def35fe2e39a68bdd31b
Parents: 95e4ada
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 24 12:46:13 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 24 12:46:13 2017 +0100
----------------------------------------------------------------------
.../apache/kerby/kerberos/kerb/request/ApRequest.java | 11 ++++-------
.../kerby/kerberos/kerb/gssapi/KerbyMechFactory.java | 9 +++++----
2 files changed, 9 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05bf04ee/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
index 44f5b47..096b0de 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
@@ -89,11 +89,8 @@ public class ApRequest {
authenticator.setAuthenticatorVno(5);
authenticator.setCname(clientPrincipal);
authenticator.setCrealm(sgtTicket.getRealm());
- long millis = System.currentTimeMillis();
- int usec = (int) (millis % 1000) * 1000;
- millis -= millis % 1000;
- authenticator.setCtime(new KerberosTime(millis));
- authenticator.setCusec(usec);
+ authenticator.setCtime(KerberosTime.now());
+ authenticator.setCusec(0);
authenticator.setSubKey(sgtTicket.getSessionKey());
return authenticator;
@@ -141,13 +138,13 @@ public class ApRequest {
}
if (timeSkew != 0) {
- if (!authenticator.getCtime().isInClockSkew(timeSkew)) {
+ if (authenticator.getCtime().isInClockSkew(timeSkew)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW);
}
KerberosTime now = KerberosTime.now();
KerberosTime startTime = tktEncPart.getStartTime();
- if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) {
+ if (startTime != null && startTime.greaterThanWithSkew(now, timeSkew)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/05bf04ee/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
index adacb27..a897c29 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
@@ -20,7 +20,6 @@
package org.apache.kerby.kerberos.kerb.gssapi;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyAcceptCred;
-import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyContext;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyCredElement;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyInitCred;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyNameElement;
@@ -91,7 +90,9 @@ public class KerbyMechFactory implements MechanismFactory {
if (myInitiatorCred == null) {
myInitiatorCred = getCredentialElement(null, lifetime, 0, GSSCredential.INITIATE_ONLY);
}
- return new KerbyContext(caller, (KerbyNameElement) peer, (KerbyInitCred) myInitiatorCred, lifetime);
+ return null;
+ //For convenience of making patch, return null instead of introduce in KerbyContext
+ //return new KerbyContext(caller, (KerbyNameElement)peer, (KerbyInitCred)myInitiatorCred, lifetime);
}
public GSSContextSpi getMechanismContext(GSSCredentialSpi myAcceptorCred)
@@ -100,13 +101,13 @@ public class KerbyMechFactory implements MechanismFactory {
myAcceptorCred = getCredentialElement(null, 0,
GSSCredential.INDEFINITE_LIFETIME, GSSCredential.ACCEPT_ONLY);
}
- return new KerbyContext(caller, (KerbyAcceptCred) myAcceptorCred);
+ return null; //return new KerbyContext(caller, (KerbyAcceptCred)myAcceptorCred);
}
// Reconstruct from previously exported context
public GSSContextSpi getMechanismContext(byte[] exportedContext)
throws GSSException {
- return new KerbyContext(caller, exportedContext);
+ return null; //return new KerbyContext(caller, exportedContext);
}
public GSSCredentialSpi getCredentialElement(GSSNameSpi name,