directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject [kerberos] Potential problem in AuthenticationServiceChain
Date Wed, 31 Oct 2007 16:36:58 GMT
Hi,

I'm looking again in the AuthenticationServiceChain (which has been 
removed in bigbang branch), and I see this code :

public class VerifyEncryptedTimestamp extends VerifierBase
{
    /** the log for this class */
    private static final Logger log = LoggerFactory.getLogger( 
VerifyEncryptedTimestamp.class );


    public void execute( NextCommand next, IoSession session, Object 
message ) throws Exception
    {
        AuthenticationContext authContext = ( AuthenticationContext ) 
session.getAttribute( getContextKey() );

        if ( authContext.getClientKey() != null )
        {
            next.execute( session, message );
        }

        log.debug( "Verifying using encrypted timestamp." );
        KdcConfiguration config = authContext.getConfig();
...
        authContext.setClientKey( clientKey );
        authContext.setPreAuthenticated( true );

        if ( log.isDebugEnabled() )
        {
            log.debug( "Pre-authentication by encrypted timestamp 
successful for {}.", clientName );
        }

        next.execute( session, message );
    }


As one can see, the next.execute() method is called twice if the 
authContext.getClientKey() is not null.

Should I presume that the method should return immediatly in tis case 
instead of going through all the following code ? Something like :

    public void execute( NextCommand next, IoSession session, Object 
message ) throws Exception
    {
        AuthenticationContext authContext = ( AuthenticationContext ) 
session.getAttribute( getContextKey() );

        if ( authContext.getClientKey() != null )
        {
            next.execute( session, message );
            return;
        }
...

Thanks.

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message