Author: kostat
Date: 2005-11-06 12:20:34 -0500 (Sun, 06 Nov 2005)
New Revision: 52628
Modified:
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/SecureStream.cs
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/ChangeLog
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/LdapConnection.cs
Log:
create GSSCredential only once, cleanup
Modified: trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/ChangeLog
===================================================================
--- trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/ChangeLog
2005-11-06 13:28:20 UTC (rev 52627)
+++ trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/ChangeLog
2005-11-06 17:20:34 UTC (rev 52628)
@@ -1,3 +1,7 @@
+2005-11-06 Konstantin Triger <[EMAIL PROTECTED]>
+
+ * LdapConnection.cs: TARGET_JVM: create GSSCredential only once,
cleanup
+
2005-11-03 Konstantin Triger <[EMAIL PROTECTED]>
* LdapConnection.cs: TARGET_JVM: throw an exception if failed during
Modified:
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/LdapConnection.cs
===================================================================
---
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/LdapConnection.cs
2005-11-06 13:28:20 UTC (rev 52627)
+++
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap/LdapConnection.cs
2005-11-06 17:20:34 UTC (rev 52628)
@@ -1601,21 +1601,27 @@
loginContext.login ();
}
- catch (LoginException e) {
+ catch (Exception e) {
throw new LdapException ("Failed to
create login security context", 80, "", e);
}
- Subject subject = loginContext.getSubject ();
-
- Krb5Helper krb5Helper = new Krb5Helper ("ldap@"
+ conn.Host, subject, authenticationTypes, SecurityMech);
+ Krb5Helper krb5Helper = null;
+ try {
+ krb5Helper = new Krb5Helper ("ldap@" +
conn.Host, username, loginContext.getSubject (), authenticationTypes,
SecurityMech);
+ }
+ finally {
+ loginContext.logout();
+ }
sbyte [] token = krb5Helper.ExchangeTokens
(Krb5Helper.EmptyToken);
for (;;) {
LdapResponseQueue queue =
Bind(LdapConnection.Ldap_V3, username, token, null, null, AuthenticationMech);
LdapResponse res = (LdapResponse)
queue.getResponse ();
if (res.ResultCode !=
LdapException.SASL_BIND_IN_PROGRESS &&
- res.ResultCode !=
LdapException.SUCCESS)
+ res.ResultCode !=
LdapException.SUCCESS) {
+ krb5Helper.Dispose();
throw new
LdapException(ExceptionMessages.CONNECTION_ERROR, res.ResultCode,
res.ErrorMessage);
+ }
Asn1OctetString serverSaslCreds =
((RfcBindResponse)res.Asn1Object.Response).ServerSaslCreds;
token = serverSaslCreds != null ?
serverSaslCreds.byteValue () : null;
@@ -1635,7 +1641,7 @@
}
}
- private string SecurityMech
+ static string SecurityMech
{
get {
string securityMech = null;
@@ -1650,7 +1656,7 @@
}
}
- private string SecurityAppName
+ static string SecurityAppName
{
get {
string securityAppName = null;
@@ -1665,7 +1671,7 @@
}
}
- private string AuthenticationMech
+ static string AuthenticationMech
{
get {
string authenticationMech = null;
Modified:
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
===================================================================
---
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
2005-11-06 13:28:20 UTC (rev 52627)
+++
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/ChangeLog
2005-11-06 17:20:34 UTC (rev 52628)
@@ -1,3 +1,8 @@
+2005-11-06 Konstantin Triger <[EMAIL PROTECTED]>
+
+ * SecureStream.cs, CreateContextPrivilegedAction.cs, Krb5Helper.cs:
+ create GSSCredential only once, cleanup
+
2005-11-03 Konstantin Triger <[EMAIL PROTECTED]>
* CreateContextPrivilegedAction.cs: always require mutual auth;
Modified:
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
===================================================================
---
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
2005-11-06 13:28:20 UTC (rev 52627)
+++
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs
2005-11-06 17:20:34 UTC (rev 52628)
@@ -44,15 +44,17 @@
private readonly bool _signing;
private readonly bool _delegation;
private readonly string _name;
+ private readonly string _clientName;
private readonly string _mech;
#endregion //Fields
#region Constructors
- public CreateContextPrivilegedAction(string name, string mech,
bool encryption, bool signing, bool delegation)
+ public CreateContextPrivilegedAction(string name, string
clientName, string mech, bool encryption, bool signing, bool delegation)
{
_name = name;
+ _clientName = clientName;
_mech = mech;
_encryption = encryption;
_signing = signing;
@@ -68,16 +70,30 @@
try {
Oid krb5Oid = new Oid (_mech);
GSSManager manager = GSSManager.getInstance ();
- GSSName serverName = manager.createName (_name,
GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
- GSSContext context = manager.createContext
(serverName, krb5Oid, null, GSSContext__Finals.INDEFINITE_LIFETIME);
+ GSSName clientName =
+ manager.createName(_clientName,
GSSName__Finals.NT_USER_NAME);
+ GSSCredential clientCreds =
+ manager.createCredential(clientName,
+ GSSContext__Finals.INDEFINITE_LIFETIME,
+ krb5Oid,
+ GSSCredential__Finals.INITIATE_ONLY);
- context.requestMutualAuth(true);
- context.requestConf (_encryption);
- if (!_encryption || _signing)
- context.requestInteg (!_encryption ||
_signing);
- context.requestCredDeleg (_delegation);
+// try {
+ GSSName serverName = manager.createName
(_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
+ GSSContext context =
manager.createContext (serverName, krb5Oid, clientCreds,
GSSContext__Finals.INDEFINITE_LIFETIME);
- return context;
+ context.requestMutualAuth(true);
+ context.requestConf (_encryption);
+ if (!_encryption || _signing)
+ context.requestInteg
(!_encryption || _signing);
+ context.requestCredDeleg (_delegation);
+
+ return context;
+// }
+// finally {
+// // Calling this throws GSSException:
Operation unavailable...
+// clientCreds.dispose();
+// }
}
catch (GSSException e) {
throw new PrivilegedActionException (e);
Modified:
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
===================================================================
---
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
2005-11-06 13:28:20 UTC (rev 52627)
+++
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/Krb5Helper.cs
2005-11-06 17:20:34 UTC (rev 52628)
@@ -39,7 +39,7 @@
namespace Novell.Directory.Ldap.Security
{
- internal class Krb5Helper
+ internal class Krb5Helper : IDisposable
{
enum QOP {
NO_PROTECTION = 1,
@@ -57,26 +57,23 @@
private readonly GSSContext _context;
- private readonly string _name;
- private readonly Subject _subject;
- private readonly string _mech;
-
#endregion // Fields
#region Constructors
- public Krb5Helper(string name, Subject subject,
AuthenticationTypes authenticationTypes, string mech)
+ public Krb5Helper(string name, string clientName, Subject
subject, AuthenticationTypes authenticationTypes, string mech)
{
- _name = name;
- _subject = subject;
- _mech = mech;
-
_encryption = (authenticationTypes &
AuthenticationTypes.Sealing) != 0;
_signing = (authenticationTypes &
AuthenticationTypes.Signing) != 0;
_delegation = (authenticationTypes &
AuthenticationTypes.Delegation) != 0;
- CreateContextPrivilegedAction action = new
CreateContextPrivilegedAction (_name,_mech,_encryption,_signing,_delegation);
- _context = (GSSContext) Subject.doAs (_subject,action);
+ CreateContextPrivilegedAction action = new
CreateContextPrivilegedAction (name, clientName,
mech,_encryption,_signing,_delegation);
+ try {
+ _context = (GSSContext) Subject.doAs
(subject,action);
+ }
+ catch (PrivilegedActionException e) {
+ throw new LdapException ("Problem performing
token exchange with the server",LdapException.OTHER,"",e.getCause());
+ }
}
#endregion // Constructors
@@ -126,14 +123,7 @@
return TypeUtils.ToSByteArray (gssOutToken);
}
- sbyte [] token;
- try {
- ExchangeTokenPrivilegedAction action = new
ExchangeTokenPrivilegedAction (Context, clientToken);
- token = (sbyte []) Subject.doAs (_subject,
action);
- }
- catch (PrivilegedActionException e) {
- throw new LdapException ("Problem performing
token exchange with the server",LdapException.OTHER,"",e);
- }
+ sbyte [] token = Context.initSecContext (clientToken,
0, clientToken.Length);
if (Context.isEstablished ()) {
@@ -169,13 +159,8 @@
return buff;
}
- try {
- WrapPrivilegedAction action = new
WrapPrivilegedAction (Context, outgoing, start, len, messageProp);
- return (byte []) Subject.doAs (_subject,
action);
- }
- catch (PrivilegedActionException e) {
- throw new LdapException ("Problem performing
GSS wrap",LdapException.OTHER,"",e);
- }
+ sbyte [] result = Context.wrap (TypeUtils.ToSByteArray
(outgoing), start, len, messageProp);
+ return (byte []) TypeUtils.ToByteArray (result);
}
public byte [] Unwrap(byte [] incoming, int start, int len)
@@ -195,15 +180,18 @@
return buff;
}
- try {
- UnwrapPrivilegedAction action = new
UnwrapPrivilegedAction (Context, incoming, start, len, messageProp);
- return (byte []) Subject.doAs (_subject,
action);
- }
- catch (PrivilegedActionException e) {
- throw new LdapException("Problems unwrapping
SASL buffer",LdapException.OTHER,"",e);
- }
+ sbyte [] result = Context.unwrap
(TypeUtils.ToSByteArray (incoming), start, len, messageProp);
+ return (byte []) TypeUtils.ToByteArray (result);
}
#endregion // Methods
+
+ #region IDisposable Members
+
+ public void Dispose() {
+ Context.dispose();
+ }
+
+ #endregion
}
}
Modified:
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/SecureStream.cs
===================================================================
---
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/SecureStream.cs
2005-11-06 13:28:20 UTC (rev 52627)
+++
trunk/mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/SecureStream.cs
2005-11-06 17:20:34 UTC (rev 52628)
@@ -118,6 +118,11 @@
}
}
+ public override void Close() {
+ _stream.Close();
+ _helper.Dispose();
+ }
+
private int Fill()
{
int actual = ReadAll (_lenBuf, 4);
_______________________________________________
Mono-patches maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches
