directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1469019 - /directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Date Wed, 17 Apr 2013 18:17:45 GMT
Author: kayyagari
Date: Wed Apr 17 18:17:45 2013
New Revision: 1469019

URL: http://svn.apache.org/r1469019
Log:
applied patch provided by Steve Moyer with minor modifications (DIRKRB-91)

Modified:
    directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java

Modified: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1469019&r1=1469018&r2=1469019&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
(original)
+++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Wed Apr 17 18:17:45 2013
@@ -35,6 +35,7 @@ import java.util.Set;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.api.asn1.Asn1Object;
+import org.apache.directory.api.asn1.DecoderException;
 import org.apache.directory.api.asn1.ber.Asn1Decoder;
 import org.apache.directory.api.util.Strings;
 import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
@@ -378,15 +379,25 @@ public class KdcConnection
             }
             
             byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, rep.getEncPart(),
KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
-            EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( decryptedEncAsRepPart
);
             
-            if ( currentNonce != encAsRepPart.getEncKdcRepPart().getNonce() )
+            EncKdcRepPart encKdcRepPart = null;
+            try
             {
-                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "received nonce didn't
match with the nonce sent in the request" );
+                EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( decryptedEncAsRepPart
);
+                encKdcRepPart = encAsRepPart.getEncKdcRepPart();
+            } 
+            catch( KerberosException e ) 
+            {
+                LOG.info("Trying an encTgsRepPart instead");
+                EncTgsRepPart encTgsRepPart = KerberosDecoder.decodeEncTgsRepPart( decryptedEncAsRepPart
);
+                encKdcRepPart = encTgsRepPart.getEncKdcRepPart();
             }
             
-            EncKdcRepPart encKdcRepPart = encAsRepPart.getEncKdcRepPart();
-            
+            if ( currentNonce != encKdcRepPart.getNonce() )
+            {
+                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "received nonce didn't
match with the nonce sent in the request" );
+            }
+                       
             if ( !encKdcRepPart.getSName().getNameString().equals( clientTgtReq.getSName()
) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_SERVER_NOMATCH );



Mime
View raw message