directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r540005 - in /directory/apacheds/branches/kerberos-encryption-types: kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/ protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ protocol-k...
Date Mon, 21 May 2007 03:40:34 GMT
Author: erodriguez
Date: Sun May 20 20:40:33 2007
New Revision: 540005

URL: http://svn.apache.org/viewvc?view=rev&rev=540005
Log:
Fixed two problems found during testing with new encryption types:
o  TGS GetSessionKey would throw ClassCastException.
o  Introduced key usage to auth header verification.  Issue affected TGT auth header and service
ticket auth header verification, eg Change Password.

Modified:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
    directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
    directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
    directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
Sun May 20 20:40:33 2007
@@ -62,12 +62,13 @@
      * @param emptyAddressesAllowed
      * @param clientAddress
      * @param lockBox
+     * @param authenticatorKeyUsage
      * @return The authenticator.
      * @throws KerberosException
      */
     public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket,
EncryptionKey serverKey,
         long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress
clientAddress,
-        CipherTextHandler lockBox ) throws KerberosException
+        CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage ) throws KerberosException
     {
         if ( authHeader.getProtocolVersionNumber() != 5 )
         {
@@ -111,7 +112,7 @@
         ticket.setEncTicketPart( encPart );
 
         Authenticator authenticator = ( Authenticator ) lockBox.unseal( Authenticator.class,
ticket.getSessionKey(),
-            authHeader.getEncPart(), KeyUsage.NUMBER11 );
+            authHeader.getEncPart(), authenticatorKeyUsage );
 
         if ( !authenticator.getClientPrincipal().getName().equals( ticket.getClientPrincipal().getName()
) )
         {

Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
Sun May 20 20:40:33 2007
@@ -24,6 +24,7 @@
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -59,7 +60,7 @@
         CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
 
         Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew,
replayCache,
-            emptyAddressesAllowed, clientAddress, cipherTextHandler );
+            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER11 );
 
         changepwContext.setAuthenticator( authenticator );
 

Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
Sun May 20 20:40:33 2007
@@ -20,7 +20,6 @@
 package org.apache.directory.server.kerberos.kdc.ticketgrant;
 
 
-import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -39,8 +38,8 @@
 
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute(
getContextKey() );
-        authContext.setSessionKey( RandomKeyFactory.getRandomKey( authContext.getEncryptionType()
) );
+        TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute(
getContextKey() );
+        tgsContext.setSessionKey( RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType()
) );
 
         next.execute( session, message );
     }

Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java?view=diff&rev=540005&r1=540004&r2=540005
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
Sun May 20 20:40:33 2007
@@ -24,6 +24,7 @@
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -56,7 +57,7 @@
         CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
 
         Authenticator authenticator = verifyAuthHeader( authHeader, tgt, serverKey, clockSkew,
replayCache,
-            emptyAddressesAllowed, clientAddress, cipherTextHandler );
+            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER7 );
 
         tgsContext.setAuthenticator( authenticator );
 



Mime
View raw message