directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r557135 - /directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
Date Wed, 18 Jul 2007 03:51:42 GMT
Author: erodriguez
Date: Tue Jul 17 20:51:41 2007
New Revision: 557135

URL: http://svn.apache.org/viewvc?view=rev&rev=557135
Log:
Per version 1 of Change Password, the INITIAL flag is required in the service ticket.

Modified:
    directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java?view=diff&rev=557135&r1=557134&r2=557135
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
(original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
Tue Jul 17 20:51:41 2007
@@ -22,6 +22,9 @@
 
 import java.net.InetAddress;
 
+import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
+import org.apache.directory.server.changepw.exceptions.ErrorType;
+import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
@@ -29,6 +32,7 @@
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.service.VerifyAuthHeader;
 import org.apache.mina.common.IoSession;
@@ -61,6 +65,13 @@
 
         Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew,
replayCache,
             emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER11 );
+
+        ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
+
+        if ( request.getVersionNumber() == 1 && !ticket.getFlag( TicketFlags.INITIAL
) )
+        {
+            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_INITIAL_FLAG_NEEDED
);
+        }
 
         changepwContext.setAuthenticator( authenticator );
 



Mime
View raw message