Author: erodriguez
Date: Tue Nov 9 22:02:23 2004
New Revision: 57145
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Log:
Extracted method for echoing tickets; moved to base service class.
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/AuthenticationService.java
Tue Nov 9 22:02:23 2004
@@ -67,7 +67,7 @@
AuthenticationReply reply = getAuthenticationReply(request,
ticket);
encryptReplyPart(reply, clientKey);
- System.out.print("Got request from client " +
clientPrincipal.toString() + " ");
+ System.out.print("Issuing ticket to client " +
clientPrincipal.toString() + " ");
System.out.println("for access to " +
serverPrincipal.toString());
return reply;
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/KerberosService.java
Tue Nov 9 22:02:23 2004
@@ -27,6 +27,7 @@
import org.apache.kerberos.messages.components.Ticket;
import org.apache.kerberos.messages.components.Authenticator;
import org.apache.kerberos.messages.components.EncTicketPart;
+import org.apache.kerberos.messages.components.EncTicketPartModifier;
import org.apache.kerberos.messages.value.EncryptionKey;
import org.apache.kerberos.messages.value.ApOptions;
import org.apache.kerberos.messages.value.TicketFlags;
@@ -65,8 +66,6 @@
public EncryptionKey getKeyForPrincipal(KerberosPrincipal principal)
{
- System.out.println(principal.getName());
-
EncryptionKey key = null;
try {
@@ -212,5 +211,18 @@
return authenticator;
}
+
+ protected void echoTicket(EncTicketPartModifier newTicketBody, Ticket tgt)
+ {
+ newTicketBody.setAuthorizationData(tgt.getAuthorizationData());
+ newTicketBody.setAuthTime(tgt.getAuthTime());
+ newTicketBody.setClientAddresses(tgt.getClientAddresses());
+ newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
+ newTicketBody.setEndTime(tgt.getEndTime());
+ newTicketBody.setFlags(tgt.getFlags());
+ newTicketBody.setRenewTill(tgt.getRenewTill());
+ newTicketBody.setSessionKey(tgt.getSessionKey());
+ newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
+ }
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Tue Nov 9 22:02:23 2004
@@ -54,7 +54,7 @@
{
super(config, bootstrap, store);
- this.config = config;
+ this.config = config;
}
public TicketGrantReply getReplyFor(KdcRequest request) throws
KerberosException, IOException {
@@ -98,9 +98,7 @@
return authHeader;
}
-
-
// TODO - configurable checksum
private void verifyBodyChecksum(Checksum authChecksum, KdcRequest
request)
throws KerberosException {
@@ -258,7 +256,7 @@
endif
*/
- // TODO - tkt = tgt;
+ echoTicket(newTicketBody, tgt);
newTicketBody.clearFlag(TicketFlags.INVALID);
}
@@ -277,27 +275,16 @@
KerberosTime renewalTime = null;
- if (request.getOption(KdcOptions.RENEW)) {
- /*
- * Note that if the endtime has already passed, the
ticket would have been
- * rejected in the initial authentication stage, so
there is no need to check again here
- */
+ if (request.getOption(KdcOptions.RENEW))
+ {
if (!tgt.getFlag(TicketFlags.RENEWABLE))
throw KerberosException.KDC_ERR_BADOPTION;
if (tgt.getRenewTill().greaterThan(now))
throw KerberosException.KRB_AP_ERR_TKT_EXPIRED;
-
-
newTicketBody.setAuthorizationData(tgt.getAuthorizationData());
- newTicketBody.setAuthTime(tgt.getAuthTime());
-
newTicketBody.setClientAddresses(tgt.getClientAddresses());
-
newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
- newTicketBody.setEndTime(tgt.getEndTime());
- newTicketBody.setFlags(tgt.getFlags());
- newTicketBody.setRenewTill(tgt.getRenewTill());
- newTicketBody.setSessionKey(tgt.getSessionKey());
-
newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
-
- newTicketBody.setStartTime(now);
+
+ echoTicket(newTicketBody, tgt);
+
+ newTicketBody.setStartTime(now);
long oldLife = tgt.getEndTime().getTime() -
tgt.getStartTime().getTime();
newTicketBody.setEndTime(new
KerberosTime(Math.min(tgt.getRenewTill().getTime(), now.getTime() + oldLife)));
} else {
@@ -356,8 +343,8 @@
newTicketBody.setRenewTill((KerberosTime)Collections.min(minimizer));
}
}
-
- private AuthorizationData processAuthorizationData(KdcRequest request,
+
+ private AuthorizationData processAuthorizationData(KdcRequest request,
Authenticator authHeader, Ticket tgt) throws
KerberosException {
AuthorizationData authData = null;
@@ -403,14 +390,16 @@
private EncryptedData encryptTicketPart(EncTicketPart newTicketBody,
EncryptionKey serverKey,
KdcRequest request) throws KerberosException {
- byte[] encodedTicket;
+ byte[] encodedTicket = null;
EncTicketPartEncoder encoder = new EncTicketPartEncoder();
- try {
+ try
+ {
encodedTicket = encoder.encode(newTicketBody);
- } catch (IOException ioe) {
- // TODO - figure out right error for ASN.1 generation
error
- throw KerberosException.KRB_ERR_GENERIC;
+ }
+ catch (IOException ioe)
+ {
+ ioe.printStackTrace();
}
if (request.getOption(KdcOptions.ENC_TKT_IN_SKEY)) {
