You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2018/02/12 11:45:29 UTC

[2/3] directory-kerby git commit: Fix for SGT clientPrincipal that is currently not populated. This fix should be moved at a lower layer but this is a quick fix that works (tested with USE_TGT case) REF DIRKRB-692 https://issues.apache.org/jira/projects/

Fix for SGT clientPrincipal that is currently not populated. This fix should be moved at a lower layer but this is a quick fix that works (tested with USE_TGT case) REF DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Fix for storeTicket method, it does not support correctly the one SGT only case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Improves previous fix for requestSGT method, small bug fix, typos and improved comment case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Improves previous fix for storeTicket method, fixed behaviour of no-fresh-new case and improved comments + better formatting case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Improves previous fix for requestsgt method, null clientPrincipal is not saved in sgt, this will preseve values coming from lower layers

case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

requestsgt method, better formatting

case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Deleted trailing spaces and variable "isFreshNew" name refactoring case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Deleted trailing spaces (for real) added blank lines around few if/else blocks case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Deleted (missed) trailing spaces. case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>

Deleted (other missed) trailing spaces. case. REF: DIRKRB-692 https://issues.apache.org/jira/projects/DIRKRB/issues/DIRKRB-692?filter=allopenissues

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/bc2bac50
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/bc2bac50
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/bc2bac50

Branch: refs/heads/1.1.x-fixes
Commit: bc2bac505269edc02998f5ea91c9ce881dead57c
Parents: f702f72
Author: Fabiano <ft...@gmail.com>
Authored: Wed Feb 7 11:03:15 2018 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 12 11:41:23 2018 +0000

----------------------------------------------------------------------
 .../kerberos/kerb/client/KrbClientBase.java     | 21 +++++++++++++++-----
 .../client/impl/AbstractInternalKrbClient.java  | 20 +++++++++++++++++--
 2 files changed, 34 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bc2bac50/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
index 602024a..995df5c 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClientBase.java
@@ -271,15 +271,25 @@ public class KrbClientBase {
      */
     public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException {
         LOG.info("Storing the sgt to the credential cache file.");
-        if (!ccacheFile.exists()) {
+        boolean createCache = !ccacheFile.exists() || (ccacheFile.length() == 0);
+
+        if (createCache) {
             createCacheFile(ccacheFile);
         }
+
         if (ccacheFile.exists() && ccacheFile.canWrite()) {
-            CredentialCache cCache = new CredentialCache();
             try {
-                cCache.load(ccacheFile);
-                cCache.addCredential(new Credential(sgtTicket, sgtTicket.getClientPrincipal()));
-                cCache.setPrimaryPrincipal(sgtTicket.getClientPrincipal());
+                CredentialCache cCache;
+
+                if (!createCache) {
+                    cCache = new CredentialCache();
+                    cCache.load(ccacheFile);
+                    cCache.addCredential(new Credential(sgtTicket, sgtTicket.getClientPrincipal()));
+                } else {
+                    //Remind: contructor sets the cCache client principal from the sgtTicket one
+                    cCache = new CredentialCache(sgtTicket);
+                }
+
                 cCache.store(ccacheFile);
             } catch (IOException e) {
                 throw new KrbException("Failed to store sgt", e);
@@ -288,6 +298,7 @@ public class KrbClientBase {
             throw new IllegalArgumentException("Invalid ccache file, "
                     + "not exist or writable: " + ccacheFile.getAbsolutePath());
         }
+
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bc2bac50/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 8c8d6ed..c1f0732 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -152,14 +152,16 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
         String serverPrincipalString = fixPrincipal(requestOptions.
                 getStringOption(KrbOption.SERVER_PRINCIPAL));
         PrincipalName serverPrincipalName = new PrincipalName(serverPrincipalString);
+        PrincipalName clientPrincipalName = null;
 
         if (tgtTicket != null) {
             String sourceRealm = tgtTicket.getRealm();
             String destRealm = serverPrincipalName.getRealm();
+            clientPrincipalName = tgtTicket.getClientPrincipal();
+            
             if (!sourceRealm.equals(destRealm)) {
                 KrbConfig krbConfig = krbSetting.getKrbConfig();
                 LinkedList<String> capath = krbConfig.getCapath(sourceRealm, destRealm);
-                PrincipalName clientPrincipalName = tgtTicket.getClientPrincipal();
                 for (int i = 0; i < capath.size() - 1; i++) {
                     PrincipalName tgsPrincipalName = KrbUtil.makeTgsPrincipal(
                         capath.get(i), capath.get(i + 1));
@@ -170,11 +172,25 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
                     tgsRequest = new TgsRequestWithTgt(context, sgtTicket);
                 }
             }
+            
+        } else {
+            //This code is for the no-tgt case but works only with CLIENT_PRINCIPAL option
+            //Should be expanded later to encompass more use-cases
+            String clientPrincipalString = (String) requestOptions.getOptionValue(KrbOption.CLIENT_PRINCIPAL);
+            if (clientPrincipalString != null) {
+                clientPrincipalName = new PrincipalName(clientPrincipalString);
+            }
         }
 
         tgsRequest.setServerPrincipal(serverPrincipalName);
         tgsRequest.setRequestOptions(requestOptions);
-        return doRequestSgt(tgsRequest);
+        SgtTicket sgtTicket = doRequestSgt(tgsRequest);
+
+        if (clientPrincipalName!=null) {
+            sgtTicket.setClientPrincipal(clientPrincipalName);
+        }
+
+        return sgtTicket;
     }
 
     protected abstract TgtTicket doRequestTgt(