directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: rev 57145 - incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc
Date Wed, 10 Nov 2004 06:02:26 GMT
Author: erodriguez
Date: Tue Nov  9 22:02:23 2004
New Revision: 57145

Modified:
   incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
   incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
   incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Log:
Extracted method for echoing tickets; moved to base service class.

Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
(original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
Tue Nov  9 22:02:23 2004
@@ -67,7 +67,7 @@
 		AuthenticationReply reply = getAuthenticationReply(request, ticket);
 		encryptReplyPart(reply, clientKey);
 		
-		System.out.print("Got request from client " + clientPrincipal.toString() + " ");
+		System.out.print("Issuing ticket to client " + clientPrincipal.toString() + " ");
 		System.out.println("for access to " + serverPrincipal.toString());
 		
 		return reply;

Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
(original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
Tue Nov  9 22:02:23 2004
@@ -27,6 +27,7 @@
 import org.apache.kerberos.messages.components.Ticket;
 import org.apache.kerberos.messages.components.Authenticator;
 import org.apache.kerberos.messages.components.EncTicketPart;
+import org.apache.kerberos.messages.components.EncTicketPartModifier;
 import org.apache.kerberos.messages.value.EncryptionKey;
 import org.apache.kerberos.messages.value.ApOptions;
 import org.apache.kerberos.messages.value.TicketFlags;
@@ -65,8 +66,6 @@
 
     public EncryptionKey getKeyForPrincipal(KerberosPrincipal principal)
     {
-        System.out.println(principal.getName());
-
 		EncryptionKey key = null;
 
 		try {
@@ -212,5 +211,18 @@
 
 		return authenticator;
 	}
+
+    protected void echoTicket(EncTicketPartModifier newTicketBody, Ticket tgt)
+    {
+        newTicketBody.setAuthorizationData(tgt.getAuthorizationData());
+        newTicketBody.setAuthTime(tgt.getAuthTime());
+        newTicketBody.setClientAddresses(tgt.getClientAddresses());
+        newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
+        newTicketBody.setEndTime(tgt.getEndTime());
+        newTicketBody.setFlags(tgt.getFlags());
+        newTicketBody.setRenewTill(tgt.getRenewTill());
+        newTicketBody.setSessionKey(tgt.getSessionKey());
+        newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
+    }
 }
 

Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Tue Nov  9 22:02:23 2004
@@ -54,7 +54,7 @@
     {
         super(config, bootstrap, store);
 
-		this.config    = config;
+		this.config = config;
 	}
 	
 	public TicketGrantReply getReplyFor(KdcRequest request) throws KerberosException, IOException
{
@@ -98,9 +98,7 @@
 		
 		return authHeader;
 	}
-	
 
-	
 	// TODO - configurable checksum
 	private void verifyBodyChecksum(Checksum authChecksum, KdcRequest request)
 			throws KerberosException {
@@ -258,7 +256,7 @@
 	        endif
 	        */
 			
-			// TODO - tkt = tgt;
+			echoTicket(newTicketBody, tgt);
 			newTicketBody.clearFlag(TicketFlags.INVALID);
 		}
 
@@ -277,27 +275,16 @@
 		
 		KerberosTime renewalTime = null;
 		
-		if (request.getOption(KdcOptions.RENEW)) {
-			/* 
-			 * Note that if the endtime has already passed, the ticket would have been
-			 * rejected in the initial authentication stage, so there is no need to check again here
-			 */          
+		if (request.getOption(KdcOptions.RENEW))
+        {
 			if (!tgt.getFlag(TicketFlags.RENEWABLE))
 				throw KerberosException.KDC_ERR_BADOPTION;
 			if (tgt.getRenewTill().greaterThan(now))
 				throw KerberosException.KRB_AP_ERR_TKT_EXPIRED;
-			
-			newTicketBody.setAuthorizationData(tgt.getAuthorizationData());
-			newTicketBody.setAuthTime(tgt.getAuthTime());
-			newTicketBody.setClientAddresses(tgt.getClientAddresses());
-			newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
-			newTicketBody.setEndTime(tgt.getEndTime());
-			newTicketBody.setFlags(tgt.getFlags());
-			newTicketBody.setRenewTill(tgt.getRenewTill());
-			newTicketBody.setSessionKey(tgt.getSessionKey());
-			newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
-			
-			newTicketBody.setStartTime(now);
+
+            echoTicket(newTicketBody, tgt);
+
+            newTicketBody.setStartTime(now);
 			long oldLife = tgt.getEndTime().getTime() - tgt.getStartTime().getTime();
 			newTicketBody.setEndTime(new KerberosTime(Math.min(tgt.getRenewTill().getTime(), now.getTime()
+ oldLife)));
 		} else {
@@ -356,8 +343,8 @@
 			newTicketBody.setRenewTill((KerberosTime)Collections.min(minimizer));
 		}
 	}
-	
-	private AuthorizationData processAuthorizationData(KdcRequest request,
+
+    private AuthorizationData processAuthorizationData(KdcRequest request,
 			Authenticator authHeader, Ticket tgt) throws KerberosException {
 
 		AuthorizationData authData = null;
@@ -403,14 +390,16 @@
 	private EncryptedData encryptTicketPart(EncTicketPart newTicketBody, EncryptionKey serverKey,
 			KdcRequest request) throws KerberosException {
 		
-		byte[] encodedTicket;
+		byte[] encodedTicket = null;
 		
 		EncTicketPartEncoder encoder = new EncTicketPartEncoder();
-		try {
+		try
+        {
 			encodedTicket = encoder.encode(newTicketBody);
-		} catch (IOException ioe) {
-			// TODO - figure out right error for ASN.1 generation error
-			throw KerberosException.KRB_ERR_GENERIC;
+		}
+        catch (IOException ioe)
+        {
+			ioe.printStackTrace();
 		}
 		
 		if (request.getOption(KdcOptions.ENC_TKT_IN_SKEY)) {

Mime
View raw message