directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: DIRKRB-561 Jaas client failed to decode KrbError message from Kerby KDC.
Date Tue, 26 Apr 2016 08:49:33 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 7b5f7432c -> f57bf7474


DIRKRB-561 Jaas client failed to decode KrbError message from Kerby KDC.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f57bf747
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f57bf747
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f57bf747

Branch: refs/heads/trunk
Commit: f57bf74740b99df5b45546bfa1b1595ff34f2c48
Parents: 7b5f743
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Tue Apr 26 16:54:36 2016 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Tue Apr 26 16:54:36 2016 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/type/base/KrbError.java   | 18 +++++++++---------
 .../kerby/kerberos/kerb/server/KdcHandler.java    | 16 ++++++++++++++--
 .../kerberos/kerb/server/request/AsRequest.java   |  1 +
 .../kerberos/kerb/server/request/KdcRequest.java  | 17 +++++++++++++++++
 4 files changed, 41 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
index 9e272d5..52ffb49 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
@@ -80,9 +80,9 @@ public class KrbError extends KrbMessage {
             new ExplicitField(KrbErrorField.STIME, KerberosTime.class),
             new ExplicitField(KrbErrorField.SUSEC, Asn1Integer.class),
             new ExplicitField(KrbErrorField.ERROR_CODE, Asn1Integer.class),
-            new ExplicitField(KrbErrorField.CREALM, KerberosString.class),
+            new ExplicitField(KrbErrorField.CREALM, Realm.class),
             new ExplicitField(KrbErrorField.CNAME, PrincipalName.class),
-            new ExplicitField(KrbErrorField.REALM, KerberosString.class),
+            new ExplicitField(KrbErrorField.REALM, Realm.class),
             new ExplicitField(KrbErrorField.SNAME, PrincipalName.class),
             new ExplicitField(KrbErrorField.ETEXT, KerberosString.class),
             new ExplicitField(KrbErrorField.EDATA, Asn1OctetString.class)
@@ -129,7 +129,7 @@ public class KrbError extends KrbMessage {
     }
 
     public void setErrorCode(KrbErrorCode errorCode) {
-        setField(KrbErrorField.ERROR_CODE, errorCode);
+        setFieldAsInt(KrbErrorField.ERROR_CODE, errorCode.getValue());
     }
 
     public String getCrealm() {
@@ -137,15 +137,15 @@ public class KrbError extends KrbMessage {
     }
 
     public void setCrealm(String realm) {
-        setFieldAs(KrbErrorField.CREALM, new KerberosString(realm));
+        setFieldAs(KrbErrorField.CREALM, new Realm(realm));
     }
 
     public PrincipalName getCname() {
         return getFieldAs(KrbErrorField.CNAME, PrincipalName.class);
     }
 
-    public void setCname(PrincipalName sname) {
-        setFieldAs(KrbErrorField.CNAME, sname);
+    public void setCname(PrincipalName cname) {
+        setFieldAs(KrbErrorField.CNAME, cname);
     }
 
     public PrincipalName getSname() {
@@ -161,15 +161,15 @@ public class KrbError extends KrbMessage {
     }
 
     public void setRealm(String realm) {
-        setFieldAs(KrbErrorField.REALM, new KerberosString(realm));
+        setFieldAs(KrbErrorField.REALM, new Realm(realm));
     }
 
     public String getEtext() {
         return getFieldAsString(KrbErrorField.ETEXT);
     }
 
-    public void setEtext(String realm) {
-        setFieldAs(KrbErrorField.ETEXT, new KerberosString(realm));
+    public void setEtext(String text) {
+        setFieldAs(KrbErrorField.ETEXT, new KerberosString(text));
     }
 
     public byte[] getEdata() {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 748f0bc..aa896c2 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -121,12 +121,24 @@ public class KdcHandler {
             } else {
                 KrbError krbError = new KrbError();
                 krbError.setStime(KerberosTime.now());
+                krbError.setSusec(100);
                 krbError.setErrorCode(e.getKrbErrorCode());
-                krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
-                krbError.setSname(kdcRequest.getServerPrincipal());
+                krbError.setCrealm(kdcContext.getKdcRealm());
+                if (kdcRequest.getClientPrincipal() != null) {
+                    krbError.setCname(kdcRequest.getClientPrincipal());
+                }
                 krbError.setRealm(kdcContext.getKdcRealm());
+                if (kdcRequest.getServerPrincipal() != null) {
+                    krbError.setSname(kdcRequest.getServerPrincipal());
+                } else {
+                    PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname();
+                    serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm());
+                    krbError.setSname(serverPrincipal);
+                }
                 if (e.getKrbErrorCode().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY)) {
                     krbError.setEtext("PREAUTH_FAILED");
+                } else {
+                    krbError.setEtext(e.getMessage());
                 }
                 krbResponse = krbError;
             }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 49aa892..66fdac5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -73,6 +73,7 @@ public class AsRequest extends KdcRequest {
             clientRealm = getKdcContext().getKdcRealm();
         }
         clientPrincipal.setRealm(clientRealm);
+        setClientPrincipal(clientPrincipal);
 
         KrbIdentity clientEntry;
         if (isToken()) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index abd7eec..8203501 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -90,6 +90,7 @@ public abstract class KdcRequest {
     private KrbIdentity tgsEntry;
     private PreauthContext preauthContext;
     private KdcFastContext fastContext;
+    private PrincipalName clientPrincipal;
     private PrincipalName serverPrincipal;
     private byte[] innerBodyout;
     private AuthToken token;
@@ -757,6 +758,22 @@ public abstract class KdcRequest {
     }
 
     /**
+     * Get client principal.
+     * @return client principal
+     */
+    public PrincipalName getClientPrincipal() {
+        return clientPrincipal;
+    }
+
+    /**
+     * Set client principal.
+     * @param clientPrincipal client principal
+     */
+    public void setClientPrincipal(PrincipalName clientPrincipal) {
+        this.clientPrincipal = clientPrincipal;
+    }
+
+    /**
      * Get server principal.
      * @return server principal
      */


Mime
View raw message