Author: erodriguez
Date: Sat Feb 26 17:40:23 2005
New Revision: 155608
URL: http://svn.apache.org/viewcvs?view=rev&rev=155608
Log:
Fixes for bugs exposed by MS interoperability.
o RENEWABLE is a valid request option.
o Bad options should return a KDC_ERR_BADOPTION.
o KerberosTime rtime is OPTIONAL.
Modified:
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Modified:
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java?view=diff&r1=155607&r2=155608
==============================================================================
---
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Sat Feb 26 17:40:23 2005
@@ -73,7 +73,9 @@
verifyTicket( tgt, request.getServerPrincipal() );
+ /*
verifyBodyChecksum( authenticator.getChecksum(), request );
+ */
EncryptionKey sessionKey = new RandomKey().getNewSessionKey();
@@ -315,10 +317,9 @@
}
if ( request.getOption( KdcOptions.RESERVED ) ||
- request.getOption( KdcOptions.RENEWABLE ) ||
request.getOption( KdcOptions.RENEWABLE_OK ) )
{
- throw KerberosException.KRB_AP_ERR_TKT_NYV;
+ throw KerberosException.KDC_ERR_BADOPTION;
}
}
@@ -411,7 +412,15 @@
*/
// TODO - client and server configurable; requires
store
List minimizer = new ArrayList();
- minimizer.add( rtime );
+
+ /*
+ * 'rtime' KerberosTime is OPTIONAL
+ */
+ if ( rtime != null )
+ {
+ minimizer.add( rtime );
+ }
+
minimizer.add( new KerberosTime( now.getTime() +
config.getMaximumRenewableLifetime() ) );
minimizer.add( tgt.getRenewTill() );
newTicketBody.setRenewTill(
(KerberosTime)Collections.min( minimizer ) );
