directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r552694 - in /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc: authentication/ preauthentication/ ticketgrant/
Date Tue, 03 Jul 2007 07:03:39 GMT
Author: erodriguez
Date: Tue Jul  3 00:03:37 2007
New Revision: 552694

URL: http://svn.apache.org/viewvc?view=rev&rev=552694
Log:
Enabled 2 flags based on testing with new Kerberos client component and after reviewing RFC
4120:
o  Enabled INITIAL flag for AS requests.
o  Enabled setting PRE-AUTHENT flag for TGTs and carrying-forward PRE-AUTHENT flag to service
tickets.

Modified:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java?view=diff&rev=552694&r1=552693&r2=552694
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
Tue Jul  3 00:03:37 2007
@@ -47,6 +47,8 @@
     private PrincipalStoreEntry clientEntry;
     private PrincipalStoreEntry serverEntry;
 
+    private boolean isPreAuthenticated;
+
 
     /**
      * @return Returns the serverEntry.
@@ -153,5 +155,23 @@
     public void setTicket( Ticket ticket )
     {
         this.ticket = ticket;
+    }
+
+
+    /**
+     * @return true if the client used pre-authentication.
+     */
+    public boolean isPreAuthenticated()
+    {
+        return isPreAuthenticated;
+    }
+
+
+    /**
+     * @param isPreAuthenticated Whether the client used pre-authentication.
+     */
+    public void setPreAuthenticated( boolean isPreAuthenticated )
+    {
+        this.isPreAuthenticated = isPreAuthenticated;
     }
 }

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java?view=diff&rev=552694&r1=552693&r2=552694
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
Tue Jul  3 00:03:37 2007
@@ -72,6 +72,15 @@
         EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
         KdcConfiguration config = authContext.getConfig();
 
+        // The INITIAL flag indicates that a ticket was issued using the AS protocol.
+        newTicketBody.setFlag( TicketFlags.INITIAL );
+
+        // The PRE-AUTHENT flag indicates that the client used pre-authentication.
+        if ( authContext.isPreAuthenticated() )
+        {
+            newTicketBody.setFlag( TicketFlags.PRE_AUTHENT );
+        }
+
         if ( request.getKdcOptions().get( KdcOptions.FORWARDABLE ) )
         {
             newTicketBody.setFlag( TicketFlags.FORWARDABLE );

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java?view=diff&rev=552694&r1=552693&r2=552694
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
Tue Jul  3 00:03:37 2007
@@ -143,6 +143,7 @@
         }
 
         authContext.setClientKey( clientKey );
+        authContext.setPreAuthenticated( true );
 
         if ( log.isDebugEnabled() )
         {

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java?view=diff&rev=552694&r1=552693&r2=552694
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java
Tue Jul  3 00:03:37 2007
@@ -102,6 +102,7 @@
             }
 
             authContext.setClientKey( clientKey );
+            authContext.setPreAuthenticated( true );
 
             if ( log.isDebugEnabled() )
             {

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java?view=diff&rev=552694&r1=552693&r2=552694
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
Tue Jul  3 00:03:37 2007
@@ -127,6 +127,11 @@
     private void processFlags( KdcConfiguration config, KdcRequest request, Ticket tgt,
         EncTicketPartModifier newTicketBody ) throws KerberosException
     {
+        if ( tgt.getFlag( TicketFlags.PRE_AUTHENT ) )
+        {
+            newTicketBody.setFlag( TicketFlags.PRE_AUTHENT );
+        }
+
         if ( request.getOption( KdcOptions.FORWARDABLE ) )
         {
             if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )



Mime
View raw message