directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r558309 - /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
Date Sat, 21 Jul 2007 11:34:47 GMT
Author: erodriguez
Date: Sat Jul 21 04:34:46 2007
New Revision: 558309

URL: http://svn.apache.org/viewvc?view=rev&rev=558309
Log:
Minor improvement to error handling when a request is made to TGS without an auth header present.

Modified:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java?view=diff&rev=558309&r1=558308&r2=558309
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
Sat Jul 21 04:34:46 2007
@@ -37,6 +37,10 @@
 /**
  * Differs from the changepw getAuthHeader by verifying the presence of TGS_REQ.
  * 
+ * Note that reading the application request requires first determining the server
+ * for which a ticket was issued, and choosing the correct key for decryption.  The
+ * name of the server appears in the plaintext part of the ticket.
+ * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
@@ -62,8 +66,14 @@
 
     protected ApplicationRequest getAuthHeader( KdcRequest request ) throws KerberosException,
IOException
     {
-        byte[] undecodedAuthHeader = null;
         PreAuthenticationData[] preAuthData = request.getPreAuthData();
+
+        if ( preAuthData == null || preAuthData.length < 1 )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
+        }
+
+        byte[] undecodedAuthHeader = null;
 
         for ( int ii = 0; ii < preAuthData.length; ii++ )
         {



Mime
View raw message