[jira] [Updated] (DIRKRB-762) The AS request appears with an NPE when preauth_required is set to false

Sun, 04 Dec 2022 18:52:04 -0800 


     [ 
https://issues.apache.org/jira/browse/DIRKRB-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jichao Wang updated DIRKRB-762:
-------------------------------
    Description: 
If change the value of preauth_required in the kdc.conf file to false, then 
using the following code to access the KDC causes an NPE error.
{code:java}
public class Test {
    public static void main(String[] args) throws Exception {
        LoginContext lc = new LoginContext("SampleClient",
                new Subject(),
                null,
                new CustomConfiguration("had...@hadoop.com", 
"/root/wjc/hadoop.keytab"));
        lc.login();
        System.out.println(lc.getSubject().toString());
    }
} {code}
Here is a fix to the problem:
{code:java}
Index: 
kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git 
a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
 
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
--- 
a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
    (revision 03784fcde8e94fedbe789606d2f328104c20b33f)
+++ 
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
    (date 1670208269200)
@@ -678,11 +678,13 @@
         }
 
         PaData preAuthData = request.getPaData();
-        if (isPreauthRequired() && (preAuthData == null || 
preAuthData.isEmpty())) {
-            LOG.info("The preauth data is empty.");
-            KrbError krbError = makePreAuthenticationError(kdcContext, request,
-                KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
-            throw new KdcRecoverableException(krbError);
+        if (isPreauthRequired()) {
+            if (preAuthData == null || preAuthData.isEmpty()) {
+                LOG.info("The preauth data is empty.");
+                KrbError krbError = makePreAuthenticationError(kdcContext, 
request,
+                        KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
+                throw new KdcRecoverableException(krbError);
+            }
         } else {
             getPreauthHandler().verify(this, preAuthData);
         }{code}
 

  was:
If change the value of preauth_required in the kdc.conf file to false, then 
using the following code to access the KDC causes an NPE error.
{code:java}
public class Test {
    public static void main(String[] args) throws Exception {
        LoginContext lc = new LoginContext("SampleClient",
                new Subject(),
                null,
                new CustomConfiguration("had...@hadoop.com", 
"/root/wjc/hadoop.keytab"));
        lc.login();
        System.out.println(lc.getSubject().toString());
    }
} {code}
Here is a fix to the problem:
{code:java}
Index: 
kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git 
a/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
 
b/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
--- 
a/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
    (revision 03784fcde8e94fedbe789606d2f328104c20b33f)
+++ 
b/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
    (date 1670208269200)
@@ -678,11 +678,13 @@
         }
 
         PaData preAuthData = request.getPaData();
-        if (isPreauthRequired() && (preAuthData == null || 
preAuthData.isEmpty())) {
-            LOG.info("The preauth data is empty.");
-            KrbError krbError = makePreAuthenticationError(kdcContext, request,
-                KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
-            throw new KdcRecoverableException(krbError);
+        if (isPreauthRequired()) {
+            if (preAuthData == null || preAuthData.isEmpty()) {
+                LOG.info("The preauth data is empty.");
+                KrbError krbError = makePreAuthenticationError(kdcContext, 
request,
+                        KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
+                throw new KdcRecoverableException(krbError);
+            }
         } else {
             getPreauthHandler().verify(this, preAuthData);
         }{code}
 


> The AS request appears with an NPE when preauth_required is set to false
> ------------------------------------------------------------------------
>
>                 Key: DIRKRB-762
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-762
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 2.0.0, 2.0.1, 2.0.2
>            Reporter: Jichao Wang
>            Priority: Major
>             Fix For: 2.0.3
>
>
> If change the value of preauth_required in the kdc.conf file to false, then 
> using the following code to access the KDC causes an NPE error.
> {code:java}
> public class Test {
>     public static void main(String[] args) throws Exception {
>         LoginContext lc = new LoginContext("SampleClient",
>                 new Subject(),
>                 null,
>                 new CustomConfiguration("had...@hadoop.com", 
> "/root/wjc/hadoop.keytab"));
>         lc.login();
>         System.out.println(lc.getSubject().toString());
>     }
> } {code}
> Here is a fix to the problem:
> {code:java}
> Index: 
> kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
> IDEA additional info:
> Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
> <+>UTF-8
> ===================================================================
> diff --git 
> a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
>  
> b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
> --- 
> a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
>     (revision 03784fcde8e94fedbe789606d2f328104c20b33f)
> +++ 
> b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
>     (date 1670208269200)
> @@ -678,11 +678,13 @@
>          }
>  
>          PaData preAuthData = request.getPaData();
> -        if (isPreauthRequired() && (preAuthData == null || 
> preAuthData.isEmpty())) {
> -            LOG.info("The preauth data is empty.");
> -            KrbError krbError = makePreAuthenticationError(kdcContext, 
> request,
> -                KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
> -            throw new KdcRecoverableException(krbError);
> +        if (isPreauthRequired()) {
> +            if (preAuthData == null || preAuthData.isEmpty()) {
> +                LOG.info("The preauth data is empty.");
> +                KrbError krbError = makePreAuthenticationError(kdcContext, 
> request,
> +                        KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
> +                throw new KdcRecoverableException(krbError);
> +            }
>          } else {
>              getPreauthHandler().verify(this, preAuthData);
>          }{code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to