You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/08/06 10:21:21 UTC
svn commit: r563062 - in
/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos:
kdc/authentication/ kdc/preauthentication/ kdc/ticketgrant/ sam/
Author: erodriguez
Date: Mon Aug 6 01:21:20 2007
New Revision: 563062
URL: http://svn.apache.org/viewvc?view=rev&rev=563062
Log:
Minor formatting of some comments in protocol-kerberos.
Modified:
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java?view=diff&rev=563062&r1=563061&r2=563062
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java Mon Aug 6 01:21:20 2007
@@ -51,7 +51,7 @@
// TODO - fetch lastReq for this client; requires store
reply.setLastRequest( new LastRequest() );
- // TODO - resp.key-expiration := client.expiration; requires store
+ // TODO - resp.key-expiration := client.expiration; requires store
reply.setNonce( request.getNonce() );
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java?view=diff&rev=563062&r1=563061&r2=563062
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java Mon Aug 6 01:21:20 2007
@@ -74,7 +74,9 @@
{
if ( log.isDebugEnabled() )
{
- log.debug( "Entry for client principal {} has no SAM type. Proceeding with standard pre-authentication.", clientName );
+ log.debug(
+ "Entry for client principal {} has no SAM type. Proceeding with standard pre-authentication.",
+ clientName );
}
EncryptionType encryptionType = authContext.getEncryptionType();
@@ -138,11 +140,11 @@
}
/*
- if(decrypted_enc_timestamp and usec is replay)
- error_out(KDC_ERR_PREAUTH_FAILED);
- endif
-
- add decrypted_enc_timestamp and usec to replay cache;
+ * if(decrypted_enc_timestamp and usec is replay)
+ * error_out(KDC_ERR_PREAUTH_FAILED);
+ * endif
+ *
+ * add decrypted_enc_timestamp and usec to replay cache;
*/
}
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java?view=diff&rev=563062&r1=563061&r2=563062
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java Mon Aug 6 01:21:20 2007
@@ -106,7 +106,7 @@
*
* if ((req.second_ticket is not a TGT) or
* (req.second_ticket.client != server)) then
- * error_out(KDC_ERR_POLICY);
+ * error_out(KDC_ERR_POLICY);
* endif
*
* new_tkt.enc-part := encrypt OCTET STRING using etype_for_key(second-ticket.key), second-ticket.key;
@@ -289,9 +289,9 @@
}
/*
- if (check_hot_list(tgt)) then
- error_out(KRB_AP_ERR_REPEAT);
- endif
+ * if (check_hot_list(tgt)) then
+ * error_out(KRB_AP_ERR_REPEAT);
+ * endif
*/
echoTicket( newTicketBody, tgt );
@@ -478,16 +478,17 @@
/*
- if (realm_tgt_is_for(tgt) := tgt.realm) then
- // tgt issued by local realm
- new_tkt.transited := tgt.transited;
- else
- // was issued for this realm by some other realm
- if (tgt.transited.tr-type not supported) then
- error_out(KDC_ERR_TRTYPE_NOSUPP);
- endif
- new_tkt.transited := compress_transited(tgt.transited + tgt.realm)
- endif
+ * if (realm_tgt_is_for(tgt) := tgt.realm) then
+ * // tgt issued by local realm
+ * new_tkt.transited := tgt.transited;
+ * else
+ * // was issued for this realm by some other realm
+ * if (tgt.transited.tr-type not supported) then
+ * error_out(KDC_ERR_TRTYPE_NOSUPP);
+ * endif
+ *
+ * new_tkt.transited := compress_transited(tgt.transited + tgt.realm)
+ * endif
*/
private void processTransited( EncTicketPartModifier newTicketBody, Ticket tgt )
{
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java?view=diff&rev=563062&r1=563061&r2=563062
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java Mon Aug 6 01:21:20 2007
@@ -58,8 +58,8 @@
String requestServerName = tgsContext.getRequest().getServerPrincipal().getName();
/*
- * if (tgt.sname is not a TGT for local realm and is not
- * req.sname) then error_out(KRB_AP_ERR_NOT_US);
+ * if (tgt.sname is not a TGT for local realm and is not req.sname)
+ * then error_out(KRB_AP_ERR_NOT_US);
*/
if ( !tgtServerName.equals( config.getServicePrincipal().getName() )
&& !tgtServerName.equals( requestServerName ) )
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java?view=diff&rev=563062&r1=563061&r2=563062
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java Mon Aug 6 01:21:20 2007
@@ -52,17 +52,23 @@
try
{
- // Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
- // ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
+ /*
+ * Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
+ * ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
+ */
EncryptedData sadValue = EncryptedDataDecoder.decode( encryptedData );
- // Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC
- // Decode the decrypted timestamp into our timestamp object.
- EncryptedTimeStamp timestamp = ( EncryptedTimeStamp ) cipherTextHandler.unseal( EncryptedTimeStamp.class, key,
- sadValue, KeyUsage.NUMBER1 );
+ /*
+ * Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC. Decode the
+ * decrypted timestamp into our timestamp object.
+ */
+ EncryptedTimeStamp timestamp = ( EncryptedTimeStamp ) cipherTextHandler.unseal( EncryptedTimeStamp.class,
+ key, sadValue, KeyUsage.NUMBER1 );
- // Since we got here we must have a valid timestamp structure that we can
- // validate to be within a five minute skew.
+ /*
+ * Since we got here we must have a valid timestamp structure that we can
+ * validate to be within a five minute skew.
+ */
KerberosTime time = timestamp.getTimeStamp();
if ( time.isInClockSkew( FIVE_MINUTES ) )