Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9902:e4e8739563d1
8132111: Do not request for addresses for forwarded TGT
Reviewed-by: mbalao
author | andrew |
---|---|
date | Tue, 04 Feb 2020 03:47:35 +0000 |
parents | f87a938560e4 |
children | 8eeff57878e0 |
files | src/share/classes/sun/security/krb5/KrbCred.java src/share/classes/sun/security/krb5/internal/HostAddress.java src/share/classes/sun/security/krb5/internal/HostAddresses.java test/sun/security/krb5/auto/KDC.java |
diffstat | 4 files changed, 18 insertions(+), 26 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/KrbCred.java Tue Feb 04 02:50:59 2020 +0000 +++ b/src/share/classes/sun/security/krb5/KrbCred.java Tue Feb 04 03:47:35 2020 +0000 @@ -34,8 +34,6 @@ import sun.security.krb5.internal.*; import sun.security.krb5.internal.crypto.KeyUsage; import java.io.IOException; -import java.net.InetAddress; -import java.net.UnknownHostException; import sun.security.util.DerValue; @@ -65,7 +63,6 @@ PrincipalName client = tgt.getClient(); PrincipalName tgService = tgt.getServer(); - PrincipalName server = serviceTicket.getServer(); if (!serviceTicket.getClient().equals(client)) throw new KrbException(Krb5.KRB_ERR_GENERIC, "Client principal does not match"); @@ -78,28 +75,10 @@ options.set(KDCOptions.FORWARDED, true); options.set(KDCOptions.FORWARDABLE, true); - HostAddresses sAddrs = null; - - // GSSName.NT_HOSTBASED_SERVICE should display with KRB_NT_SRV_HST - if (server.getNameType() == PrincipalName.KRB_NT_SRV_HST) { - sAddrs = new HostAddresses(server); - } else if (server.getNameType() == PrincipalName.KRB_NT_UNKNOWN) { - // Sometimes this is also a server - if (server.getNameStrings().length >= 2) { - String host = server.getNameStrings()[1]; - try { - InetAddress[] addr = InetAddress.getAllByName(host); - if (addr != null && addr.length > 0) { - sAddrs = new HostAddresses(addr); - } - } catch (UnknownHostException ioe) { - // maybe we guessed wrong, let sAddrs be null - } - } - } - KrbTgsReq tgsReq = new KrbTgsReq(options, tgt, tgService, - null, null, null, null, sAddrs, null, null, null); + null, null, null, null, + null, // No easy way to get addresses right + null, null, null); credMessg = createMessage(tgsReq.sendAndGetCreds(), key); obuf = credMessg.asn1Encode(); @@ -111,7 +90,6 @@ EncryptionKey sessionKey = delegatedCreds.getSessionKey(); PrincipalName princ = delegatedCreds.getClient(); - Realm realm = princ.getRealm(); PrincipalName tgService = delegatedCreds.getServer(); KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
--- a/src/share/classes/sun/security/krb5/internal/HostAddress.java Tue Feb 04 02:50:59 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/HostAddress.java Tue Feb 04 03:47:35 2020 +0000 @@ -39,6 +39,7 @@ import java.net.Inet6Address; import java.net.UnknownHostException; import java.io.IOException; +import java.util.Arrays; /** * Implements the ASN.1 HostAddress type. @@ -295,4 +296,11 @@ } } + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append(Arrays.toString(address)); + sb.append('(').append(addrType).append(')'); + return sb.toString(); + } }
--- a/src/share/classes/sun/security/krb5/internal/HostAddresses.java Tue Feb 04 02:50:59 2020 +0000 +++ b/src/share/classes/sun/security/krb5/internal/HostAddresses.java Tue Feb 04 03:47:35 2020 +0000 @@ -338,4 +338,9 @@ for (int i = 0; i < inetAddresses.length; i++) addresses[i] = new HostAddress(inetAddresses[i]); } + + @Override + public String toString() { + return Arrays.toString(addresses); + } }
--- a/test/sun/security/krb5/auto/KDC.java Tue Feb 04 02:50:59 2020 +0000 +++ b/test/sun/security/krb5/auto/KDC.java Tue Feb 04 03:47:35 2020 +0000 @@ -797,9 +797,10 @@ if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) { bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true; } + // We do not request for addresses for FORWARDED tickets if (options.containsKey(Option.CHECK_ADDRESSES) && body.kdcOptions.get(KDCOptions.FORWARDED) - && body.addresses == null) { + && body.addresses != null) { throw new KrbException(Krb5.KDC_ERR_BADOPTION); } if (body.kdcOptions.get(KDCOptions.FORWARDED) ||