You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2019/01/07 12:32:54 UTC
directory-kerby git commit: DIRKRB-731 - RC4-HMAC encrytion type
doesn't work
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 1cd9a4e0f -> 507c74bc3
DIRKRB-731 - RC4-HMAC encrytion type doesn't work
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/507c74bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/507c74bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/507c74bc
Branch: refs/heads/trunk
Commit: 507c74bc3547e80b7102d3b7e5c753e67b60fb9a
Parents: 1cd9a4e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jan 7 12:32:40 2019 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jan 7 12:32:40 2019 +0000
----------------------------------------------------------------------
.../kerberos/kerb/common/EncryptionUtil.java | 25 ++++++++++-------
.../kerb/server/KeytabArcFourMd5LoginTest.java | 28 ++++++++++++++++++--
.../kerby/kerberos/kerb/keytab/Keytab.java | 8 ++++++
3 files changed, 50 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/507c74bc/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
index 1144d42..9626c78 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
@@ -117,9 +117,19 @@ public class EncryptionUtil {
public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
List<EncryptionType> configuredTypes) {
- for (EncryptionType encryptionType : configuredTypes) {
- if (requestedTypes.contains(encryptionType)) {
- return encryptionType;
+ for (EncryptionType configuredType : configuredTypes) {
+ if (requestedTypes.contains(configuredType)) {
+ return configuredType;
+ }
+ }
+
+ // Maybe we have a different encryption name configured for the same type
+ for (EncryptionType configuredType : configuredTypes) {
+ int configuredTypeValue = configuredType.getValue();
+ for (EncryptionType requestedType : requestedTypes) {
+ if (configuredTypeValue == requestedType.getValue()) {
+ return requestedType;
+ }
}
}
@@ -129,8 +139,7 @@ public class EncryptionUtil {
public static EncryptedData seal(Asn1Encodeable asn1Type,
EncryptionKey key, KeyUsage usage) throws KrbException {
byte[] encoded = KrbCodec.encode(asn1Type);
- EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
- return encrypted;
+ return EncryptionHandler.encrypt(encoded, key, usage);
}
public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey key,
@@ -142,14 +151,12 @@ public class EncryptionUtil {
public static byte[] encrypt(EncryptionKey key,
byte[] plaintext, KeyUsage usage) throws KrbException {
EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
- byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage.getValue());
- return cipherData;
+ return encType.encrypt(plaintext, key.getKeyData(), usage.getValue());
}
public static byte[] decrypt(EncryptionKey key,
byte[] cipherData, KeyUsage usage) throws KrbException {
EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
- byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage.getValue());
- return plainData;
+ return encType.decrypt(cipherData, key.getKeyData(), usage.getValue());
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/507c74bc/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
index c6c11d7..dd05de1 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
@@ -37,7 +37,7 @@ public class KeytabArcFourMd5LoginTest extends LoginTestBase {
@Override
protected void setUpKdcServer() throws Exception {
KdcConfig config = new KdcConfig();
- config.setString(KdcConfigKey.ENCRYPTION_TYPES, "arcfour-hmac");
+ config.setString(KdcConfigKey.ENCRYPTION_TYPES, "arcfour-hmac rc4-hmac");
SimpleKdcServer kdcServer = new TestKdcServer(allowTcp(), allowUdp(), config, new BackendConfig());
super.setKdcServer(kdcServer);
@@ -49,7 +49,7 @@ public class KeytabArcFourMd5LoginTest extends LoginTestBase {
}
@Test
- public void testLogin() throws Exception {
+ public void testLoginARCFOURHMAC() throws Exception {
KrbClient client = super.getKrbClient();
client.getKrbConfig().setString(KrbConfigKey.PERMITTED_ENCTYPES, "arcfour-hmac");
@@ -71,4 +71,28 @@ public class KeytabArcFourMd5LoginTest extends LoginTestBase {
keytab.delete();
}
+
+ @Test
+ public void testLoginRC4HMAC() throws Exception {
+ KrbClient client = super.getKrbClient();
+ client.getKrbConfig().setString(KrbConfigKey.PERMITTED_ENCTYPES, "rc4-hmac");
+
+ KOptions requestOptions = new KOptions();
+ requestOptions.add(KrbOption.CLIENT_PRINCIPAL, getClientPrincipal());
+ requestOptions.add(KrbOption.USE_KEYTAB, true);
+
+ File keytab = new File(getTestDir(), "test-client.keytab");
+ requestOptions.add(KrbOption.KEYTAB_FILE, keytab);
+
+ getKdcServer().exportPrincipal(getClientPrincipal(), keytab);
+
+ TgtTicket tgt = client.requestTgt(requestOptions);
+ assertThat(tgt).isNotNull();
+
+ SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal());
+ assertThat(tkt).isNotNull();
+
+ keytab.delete();
+
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/507c74bc/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
index c34922c..3d97db0 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
@@ -130,6 +130,14 @@ public final class Keytab implements KrbKeytab {
}
}
+ // Maybe we have a key stored under a different name for the same type
+ int keyTypeValue = keyType.getValue();
+ for (KeytabEntry ke : entries) {
+ if (keyTypeValue == ke.getKey().getKeyType().getValue()) {
+ return ke.getKey();
+ }
+ }
+
return null;
}