You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2004/11/10 07:02:26 UTC
svn commit: rev 57145 - incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc
Author: erodriguez
Date: Tue Nov 9 22:02:23 2004
New Revision: 57145
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Log:
Extracted method for echoing tickets; moved to base service class.
Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java (original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java Tue Nov 9 22:02:23 2004
@@ -67,7 +67,7 @@
AuthenticationReply reply = getAuthenticationReply(request, ticket);
encryptReplyPart(reply, clientKey);
- System.out.print("Got request from client " + clientPrincipal.toString() + " ");
+ System.out.print("Issuing ticket to client " + clientPrincipal.toString() + " ");
System.out.println("for access to " + serverPrincipal.toString());
return reply;
Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java (original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java Tue Nov 9 22:02:23 2004
@@ -27,6 +27,7 @@
import org.apache.kerberos.messages.components.Ticket;
import org.apache.kerberos.messages.components.Authenticator;
import org.apache.kerberos.messages.components.EncTicketPart;
+import org.apache.kerberos.messages.components.EncTicketPartModifier;
import org.apache.kerberos.messages.value.EncryptionKey;
import org.apache.kerberos.messages.value.ApOptions;
import org.apache.kerberos.messages.value.TicketFlags;
@@ -65,8 +66,6 @@
public EncryptionKey getKeyForPrincipal(KerberosPrincipal principal)
{
- System.out.println(principal.getName());
-
EncryptionKey key = null;
try {
@@ -212,5 +211,18 @@
return authenticator;
}
+
+ protected void echoTicket(EncTicketPartModifier newTicketBody, Ticket tgt)
+ {
+ newTicketBody.setAuthorizationData(tgt.getAuthorizationData());
+ newTicketBody.setAuthTime(tgt.getAuthTime());
+ newTicketBody.setClientAddresses(tgt.getClientAddresses());
+ newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
+ newTicketBody.setEndTime(tgt.getEndTime());
+ newTicketBody.setFlags(tgt.getFlags());
+ newTicketBody.setRenewTill(tgt.getRenewTill());
+ newTicketBody.setSessionKey(tgt.getSessionKey());
+ newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
+ }
}
Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java (original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java Tue Nov 9 22:02:23 2004
@@ -54,7 +54,7 @@
{
super(config, bootstrap, store);
- this.config = config;
+ this.config = config;
}
public TicketGrantReply getReplyFor(KdcRequest request) throws KerberosException, IOException {
@@ -98,9 +98,7 @@
return authHeader;
}
-
-
// TODO - configurable checksum
private void verifyBodyChecksum(Checksum authChecksum, KdcRequest request)
throws KerberosException {
@@ -258,7 +256,7 @@
endif
*/
- // TODO - tkt = tgt;
+ echoTicket(newTicketBody, tgt);
newTicketBody.clearFlag(TicketFlags.INVALID);
}
@@ -277,27 +275,16 @@
KerberosTime renewalTime = null;
- if (request.getOption(KdcOptions.RENEW)) {
- /*
- * Note that if the endtime has already passed, the ticket would have been
- * rejected in the initial authentication stage, so there is no need to check again here
- */
+ if (request.getOption(KdcOptions.RENEW))
+ {
if (!tgt.getFlag(TicketFlags.RENEWABLE))
throw KerberosException.KDC_ERR_BADOPTION;
if (tgt.getRenewTill().greaterThan(now))
throw KerberosException.KRB_AP_ERR_TKT_EXPIRED;
-
- newTicketBody.setAuthorizationData(tgt.getAuthorizationData());
- newTicketBody.setAuthTime(tgt.getAuthTime());
- newTicketBody.setClientAddresses(tgt.getClientAddresses());
- newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
- newTicketBody.setEndTime(tgt.getEndTime());
- newTicketBody.setFlags(tgt.getFlags());
- newTicketBody.setRenewTill(tgt.getRenewTill());
- newTicketBody.setSessionKey(tgt.getSessionKey());
- newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
-
- newTicketBody.setStartTime(now);
+
+ echoTicket(newTicketBody, tgt);
+
+ newTicketBody.setStartTime(now);
long oldLife = tgt.getEndTime().getTime() - tgt.getStartTime().getTime();
newTicketBody.setEndTime(new KerberosTime(Math.min(tgt.getRenewTill().getTime(), now.getTime() + oldLife)));
} else {
@@ -356,8 +343,8 @@
newTicketBody.setRenewTill((KerberosTime)Collections.min(minimizer));
}
}
-
- private AuthorizationData processAuthorizationData(KdcRequest request,
+
+ private AuthorizationData processAuthorizationData(KdcRequest request,
Authenticator authHeader, Ticket tgt) throws KerberosException {
AuthorizationData authData = null;
@@ -403,14 +390,16 @@
private EncryptedData encryptTicketPart(EncTicketPart newTicketBody, EncryptionKey serverKey,
KdcRequest request) throws KerberosException {
- byte[] encodedTicket;
+ byte[] encodedTicket = null;
EncTicketPartEncoder encoder = new EncTicketPartEncoder();
- try {
+ try
+ {
encodedTicket = encoder.encode(newTicketBody);
- } catch (IOException ioe) {
- // TODO - figure out right error for ASN.1 generation error
- throw KerberosException.KRB_ERR_GENERIC;
+ }
+ catch (IOException ioe)
+ {
+ ioe.printStackTrace();
}
if (request.getOption(KdcOptions.ENC_TKT_IN_SKEY)) {