Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 a7fc6b8f 编写于 作者: A andrew
浏览文件
操作

8132111: Do not request for addresses for forwarded TGT 

Reviewed-by: mbalao, shade
上级 a60ab219
隐藏空白更改
内联 并排
Showing with 16 addition and 26 deletion
src/share/classes/sun/security/krb5/KrbCred.java
浏览文件 @ a7fc6b8f
......@@ -34,8 +34,6 @@ package sun.security.krb5;
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import sun.security.util.DerValue;
......@@ -65,7 +63,6 @@ public class KrbCred {
PrincipalName client = tgt.getClient();
PrincipalName tgService = tgt.getServer();
PrincipalName server = serviceTicket.getServer();
if (!serviceTicket.getClient().equals(client))
throw new KrbException(Krb5.KRB_ERR_GENERIC,
"Client principal does not match");
......@@ -78,29 +75,9 @@ public class KrbCred {
options.set(KDCOptions.FORWARDED, true);
options.set(KDCOptions.FORWARDABLE, true);
HostAddresses sAddrs = null;
// GSSName.NT_HOSTBASED_SERVICE should display with KRB_NT_SRV_HST
if (server.getNameType() == PrincipalName.KRB_NT_SRV_HST) {
sAddrs = new HostAddresses(server);
} else if (server.getNameType() == PrincipalName.KRB_NT_UNKNOWN) {
// Sometimes this is also a server
if (server.getNameStrings().length >= 2) {
String host = server.getNameStrings()[1];
try {
InetAddress[] addr = InetAddress.getAllByName(host);
if (addr != null && addr.length > 0) {
sAddrs = new HostAddresses(addr);
}
} catch (UnknownHostException ioe) {
// maybe we guessed wrong, let sAddrs be null
}
}
}
KrbTgsReq tgsReq = new KrbTgsReq(options, tgt, tgService,
null, null, null, null, null,
sAddrs, // Only non-null for KRB_NT_SRV_HST, see JDK-8132111
null, // No easy way to get addresses right
null, null, null);
credMessg = createMessage(tgsReq.sendAndGetCreds(), key);
......@@ -113,7 +90,6 @@ public class KrbCred {
EncryptionKey sessionKey
= delegatedCreds.getSessionKey();
PrincipalName princ = delegatedCreds.getClient();
Realm realm = princ.getRealm();
PrincipalName tgService = delegatedCreds.getServer();
KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
......
src/share/classes/sun/security/krb5/internal/HostAddress.java
浏览文件 @ a7fc6b8f
......@@ -39,6 +39,7 @@ import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.UnknownHostException;
import java.io.IOException;
import java.util.Arrays;
/**
* Implements the ASN.1 HostAddress type.
......@@ -295,4 +296,11 @@ public class HostAddress implements Cloneable {
}
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append(Arrays.toString(address));
sb.append('(').append(addrType).append(')');
return sb.toString();
}
}
src/share/classes/sun/security/krb5/internal/HostAddresses.java
浏览文件 @ a7fc6b8f
......@@ -338,4 +338,9 @@ public class HostAddresses implements Cloneable {
for (int i = 0; i < inetAddresses.length; i++)
addresses[i] = new HostAddress(inetAddresses[i]);
}
@Override
public String toString() {
return Arrays.toString(addresses);
}
}
test/sun/security/krb5/auto/KDC.java
浏览文件 @ a7fc6b8f
......@@ -903,9 +903,10 @@ public class KDC {
bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
}
}
// We do not request for addresses for FORWARDED tickets
if (options.containsKey(Option.CHECK_ADDRESSES)
&& body.kdcOptions.get(KDCOptions.FORWARDED)
&& body.addresses == null) {
&& body.addresses != null) {
throw new KrbException(Krb5.KDC_ERR_BADOPTION);
}
if (body.kdcOptions.get(KDCOptions.FORWARDED) ||
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册