directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Norval Hope (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-1247) removing unrequired escaping in DNs / filters
Date Tue, 23 Sep 2008 12:16:44 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633706#action_12633706
] 

Norval Hope commented on DIRSERVER-1247:
----------------------------------------

Unfortunately I seem to have run into another failure unrelated to my changes in ...\apacheds\protocol-kerberos
:

...
Tests in error:
  testRequestAes128(org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest)

Tests run: 105, Failures: 0, Errors: 1, Skipped: 0

----
-------------------------------------------------------------------------------
Test set: org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest
-------------------------------------------------------------------------------
Tests run: 6, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.375 sec <<< FAILURE!
testRequestAes128(org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest)
 Time elapsed: 0 sec  <<< ERROR!
java.lang.ClassCastException: org.apache.directory.server.kerberos.shared.messages.ErrorMessage
	at org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest.testRequestAes128(TicketGrantingEncryptionTypeTest.java:171)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

the line that is failing is marked with ------<<<<< below:


    /**
     * Tests the use of a TGT containing a DES-CBC-MD5 session key while the
     * requested encryption type is AES-128.
     *
     * @throws Exception
     */
    public void testRequestAes128() throws Exception
    {
        EncryptionType[] configuredEncryptionTypes =
                {EncryptionType.AES128_CTS_HMAC_SHA1_96};
        config.setEncryptionTypes( configuredEncryptionTypes );

        // Get the mutable ticket part.
        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        EncTicketPartModifier encTicketPartModifier = getTicketArchetype( clientPrincipal
);

        // Seal the ticket for the server.
        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM"
);
        String passPhrase = "randomKey";
        EncryptionKey serverKey = getEncryptionKey( serverPrincipal, passPhrase );
        Ticket tgt = getTicket( encTicketPartModifier, serverPrincipal, serverKey );

        RequestBodyModifier modifier = new RequestBodyModifier();
        modifier.setServerName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
        modifier.setRealm( "EXAMPLE.COM" );

        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
        encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );

        modifier.setEType( encryptionTypes );

        modifier.setNonce( random.nextInt() );

        KdcOptions kdcOptions = new KdcOptions();
        modifier.setKdcOptions( kdcOptions );

        long now = System.currentTimeMillis();
        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        modifier.setTill( requestedEndTime );

        RequestBody requestBody = modifier.getRequestBody();
        KdcRequest message = getKdcRequest( tgt, requestBody );

        handler.messageReceived( session, message );

        TicketGrantReply reply = ( TicketGrantReply ) session.getMessage();              
    /------------------------------------------<<<<<<<<

        assertEquals( "Encryption type", EncryptionType.DES_CBC_MD5, reply.getEncPart().getEType()
);
        assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getTicket().getEncPart()
                .getEType() );
    }


> removing unrequired escaping in DNs / filters
> ---------------------------------------------
>
>                 Key: DIRSERVER-1247
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1247
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>    Affects Versions: 1.5.4
>            Reporter: Norval Hope
>             Fix For: 1.5.5
>
>         Attachments: escaping.patch
>
>   Original Estimate: 8h
>  Remaining Estimate: 8h
>
> The current Dn and filter handling is overly restrictive in that all non-ascii characters
are quoted using the \NN syntax. This is probably due to rfc 2253 being unclear about the
fact that multibyte UTF-8 encoded values can be used, but this iss further clarified in rfc
4514 which superceeds 2253. The application of unrequired quoting makes debugging / reading
logs much harder then it should be, as it requires manual calculations rather then just setting
the file encoding on your log file / IDE windows to being UTF-8.
> I have attached a patch file with the required updates to code and unit tests under /shared/ldap
(some problems i had noted with earlier AD version due to unspecified encoding when converting
bytes to / from Strings had already been tidied up in AD 1.5.4). 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message