Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 73247 invoked from network); 21 Jul 2007 11:38:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Jul 2007 11:38:11 -0000 Received: (qmail 12730 invoked by uid 500); 21 Jul 2007 11:38:13 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 12676 invoked by uid 500); 21 Jul 2007 11:38:13 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 12665 invoked by uid 99); 21 Jul 2007 11:38:13 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Jul 2007 04:38:13 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Jul 2007 04:38:10 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id CBC931A981F; Sat, 21 Jul 2007 04:37:50 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r558312 - /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java Date: Sat, 21 Jul 2007 11:37:50 -0000 To: commits@directory.apache.org From: erodriguez@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070721113750.CBC931A981F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: erodriguez Date: Sat Jul 21 04:37:49 2007 New Revision: 558312 URL: http://svn.apache.org/viewvc?view=rev&rev=558312 Log: Minor API tweak to auth header verification to handle non-TGT ticket validation. Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java?view=diff&rev=558312&r1=558311&r2=558312 ============================================================================== --- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java (original) +++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java Sat Jul 21 04:37:49 2007 @@ -29,6 +29,7 @@ import org.apache.directory.server.kerberos.shared.messages.components.Authenticator; import org.apache.directory.server.kerberos.shared.messages.components.Ticket; import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; +import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions; import org.apache.directory.server.kerberos.shared.replay.ReplayCache; import org.apache.directory.server.kerberos.shared.service.VerifyAuthHeader; import org.apache.mina.common.IoSession; @@ -46,6 +47,8 @@ ApplicationRequest authHeader = tgsContext.getAuthHeader(); Ticket tgt = tgsContext.getTgt(); + + boolean isValidate = tgsContext.getRequest().getKdcOptions().get( KdcOptions.VALIDATE ); EncryptionType encryptionType = tgt.getEncPart().getEncryptionType(); EncryptionKey serverKey = tgsContext.getTicketPrincipalEntry().getKeyMap().get( encryptionType ); @@ -57,7 +60,7 @@ CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler(); Authenticator authenticator = verifyAuthHeader( authHeader, tgt, serverKey, clockSkew, replayCache, - emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER7 ); + emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER7, isValidate ); tgsContext.setAuthenticator( authenticator );