directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1042412 - in /directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos: kdc/ticketgrant/TicketGrantingService.java sam/TimestampChecker.java
Date Sun, 05 Dec 2010 19:16:01 GMT
Author: kayyagari
Date: Sun Dec  5 19:16:01 2010
New Revision: 1042412

URL: http://svn.apache.org/viewvc?rev=1042412&view=rev
Log:
o fixed the compilation errors with a FIXME note

Modified:
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java?rev=1042412&r1=1042411&r2=1042412&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
Sun Dec  5 19:16:01 2010
@@ -21,6 +21,7 @@ package org.apache.directory.server.kerb
 
 
 import java.net.InetAddress;
+import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -43,6 +44,7 @@ import org.apache.directory.server.kerbe
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.asn1.codec.EncoderException;
 import org.apache.directory.shared.kerberos.KerberosMessageType;
 import org.apache.directory.shared.kerberos.KerberosTime;
 import org.apache.directory.shared.kerberos.KerberosUtils;
@@ -59,6 +61,7 @@ import org.apache.directory.shared.kerbe
 import org.apache.directory.shared.kerberos.components.HostAddress;
 import org.apache.directory.shared.kerberos.components.HostAddresses;
 import org.apache.directory.shared.kerberos.components.KdcReq;
+import org.apache.directory.shared.kerberos.components.KdcReqBody;
 import org.apache.directory.shared.kerberos.components.LastReq;
 import org.apache.directory.shared.kerberos.components.PaData;
 import org.apache.directory.shared.kerberos.components.PrincipalName;
@@ -275,7 +278,22 @@ public class TicketGrantingService
 
         if ( config.isBodyChecksumVerified() )
         {
-            byte[] bodyBytes = tgsContext.getRequest().getKdcReqBody().getBodyBytes();
+            KdcReqBody body = tgsContext.getRequest().getKdcReqBody();
+            // FIXME how this byte[] is computed??
+            // is it full ASN.1 encoded bytes OR just the bytes of all the values alone?
+            // for now am using the ASN.1 encoded value
+            ByteBuffer buf = ByteBuffer.allocate( body.computeLength() );
+            try
+            {
+                body.encode( buf );
+            }
+            catch( EncoderException e )
+            {
+                e.printStackTrace();
+                throw new KerberosException( ErrorType.KRB_AP_ERR_INAPP_CKSUM );
+            }
+            
+            byte[] bodyBytes = buf.array();
             Checksum authenticatorChecksum = tgsContext.getAuthenticator().getCksum();
 
             if ( authenticatorChecksum == null || authenticatorChecksum.getChecksumType()
== null

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java?rev=1042412&r1=1042411&r2=1042412&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
Sun Dec  5 19:16:01 2010
@@ -46,8 +46,10 @@ public class TimestampChecker implements
     private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
 
+    // FIXME this whole function seems to be buggy and also I don't find any references to
this function in code- kayyagari
     public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey )
     {
+        /*
         EncryptionType keyType = EncryptionType.getTypeByValue( kerberosKey.getKeyType()
);
         EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() );
 
@@ -56,20 +58,20 @@ public class TimestampChecker implements
             /*
              * Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
              * ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
-             */
+             *
             EncryptedData sadValue = KerberosDecoder.decodeEncryptedData( encryptedData );
 
             /*
              * Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC.  Decode the
              * decrypted timestamp into our timestamp object.
-             */
+             *
             PaEncTsEnc timestamp = ( PaEncTsEnc ) cipherTextHandler.unseal( PAEncTSEnc.class,
                 key, sadValue, KeyUsage.NUMBER1 );
 
             /*
              * Since we got here we must have a valid timestamp structure that we can
              * validate to be within a five minute skew.
-             */
+             *
             KerberosTime time = timestamp.getPaTimestamp();
 
             if ( time.isInClockSkew( FIVE_MINUTES ) )
@@ -89,7 +91,7 @@ public class TimestampChecker implements
         {
             return false;
         }
-
+*/
         return false;
     }
 }



Mime
View raw message