directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: PreAuth and incorrect Password fails silently.
Date Tue, 19 Apr 2016 07:14:20 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk f77c4b3ed -> 1adbb865d


PreAuth and incorrect Password fails silently.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/1adbb865
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/1adbb865
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/1adbb865

Branch: refs/heads/trunk
Commit: 1adbb865db4d02adefe567dda7a2005fa20c1079
Parents: f77c4b3
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Tue Apr 19 15:19:24 2016 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Tue Apr 19 15:19:24 2016 +0800

----------------------------------------------------------------------
 .../org/apache/kerby/kerberos/kerb/client/KrbHandler.java   | 4 ++++
 .../org/apache/kerby/kerberos/kerb/server/KdcHandler.java   | 9 +++++++++
 2 files changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1adbb865/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
index 38e93b2..c885001 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
@@ -136,6 +136,10 @@ public abstract class KrbHandler {
                 handleRequest(kdcRequest);
                 LOG.info("Retry with the new kdc request including pre-authentication.");
             }
+            if (error.getErrorCode() == KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY) {
+                LOG.info(error.getEtext());
+                throw new KrbException(error.getErrorCode(), error.getEtext());
+            }
         }
     }
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1adbb865/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 7abf49f..02830bd 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -118,6 +118,15 @@ public class KdcHandler {
             if (e instanceof KdcRecoverableException) {
                 krbResponse = handleRecoverableException(
                         (KdcRecoverableException) e, kdcRequest);
+            } else if (e.getMessage().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY.getMessage()))
{
+                KrbError krbError = new KrbError();
+                krbError.setStime(KerberosTime.now());
+                krbError.setErrorCode(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+                krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
+                krbError.setSname(kdcRequest.getServerPrincipal());
+                krbError.setRealm(kdcContext.getKdcRealm());
+                krbError.setEtext("PREAUTH_FAILED");
+                krbResponse = krbError;
             } else {
                 throw e;
             }


Mime
View raw message