infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-17 10:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

8132111: Do not request for addresses for forwarded TGT

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2015-08-03 09:25:02 +08:00
parent f2aa30e173
commit 31e49478d4
4 changed files with 18 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java
View File

@ -34,8 +34,6 @@ package sun.security.krb5;
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import sun.security.util.DerValue;
@ -65,7 +63,6 @@ public class KrbCred {
PrincipalName client = tgt.getClient();
PrincipalName tgService = tgt.getServer();
PrincipalName server = serviceTicket.getServer();
if (!serviceTicket.getClient().equals(client))
throw new KrbException(Krb5.KRB_ERR_GENERIC,
"Client principal does not match");
@ -78,28 +75,10 @@ public class KrbCred {
options.set(KDCOptions.FORWARDED, true);
options.set(KDCOptions.FORWARDABLE, true);
HostAddresses sAddrs = null;
// GSSName.NT_HOSTBASED_SERVICE should display with KRB_NT_SRV_HST
if (server.getNameType() == PrincipalName.KRB_NT_SRV_HST) {
sAddrs = new HostAddresses(server);
} else if (server.getNameType() == PrincipalName.KRB_NT_UNKNOWN) {
// Sometimes this is also a server
if (server.getNameStrings().length >= 2) {
String host = server.getNameStrings()[1];
try {
InetAddress[] addr = InetAddress.getAllByName(host);
if (addr != null && addr.length > 0) {
sAddrs = new HostAddresses(addr);
}
} catch (UnknownHostException ioe) {
// maybe we guessed wrong, let sAddrs be null
}
}
}
KrbTgsReq tgsReq = new KrbTgsReq(options, tgt, tgService,
null, null, null, null, sAddrs, null, null, null);
null, null, null, null,
null, // No easy way to get addresses right
null, null, null);
credMessg = createMessage(tgsReq.sendAndGetCreds(), key);
obuf = credMessg.asn1Encode();
@ -111,7 +90,6 @@ public class KrbCred {
EncryptionKey sessionKey
= delegatedCreds.getSessionKey();
PrincipalName princ = delegatedCreds.getClient();
Realm realm = princ.getRealm();
PrincipalName tgService = delegatedCreds.getServer();
KrbCredInfo credInfo = new KrbCredInfo(sessionKey,

8
jdk/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java
View File

@ -39,6 +39,7 @@ import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.UnknownHostException;
import java.io.IOException;
import java.util.Arrays;
/**
* Implements the ASN.1 HostAddress type.
@ -295,4 +296,11 @@ public class HostAddress implements Cloneable {
}
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append(Arrays.toString(address));
sb.append('(').append(addrType).append(')');
return sb.toString();
}
}

5
jdk/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java
View File

@ -338,4 +338,9 @@ public class HostAddresses implements Cloneable {
for (int i = 0; i < inetAddresses.length; i++)
addresses[i] = new HostAddress(inetAddresses[i]);
}
@Override
public String toString() {
return Arrays.toString(addresses);
}
}

3
jdk/test/sun/security/krb5/auto/KDC.java
View File

@ -745,9 +745,10 @@ public class KDC {
bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
}
}
// We do not request for addresses for FORWARDED tickets
if (options.containsKey(Option.CHECK_ADDRESSES)
&& body.kdcOptions.get(KDCOptions.FORWARDED)
&& body.addresses == null) {
&& body.addresses != null) {
throw new KrbException(Krb5.KDC_ERR_BADOPTION);
}
if (body.kdcOptions.get(KDCOptions.FORWARDED) ||