提交 b0b89f8f 编写于 作者: W weijun

6966259: Make PrincipalName and Realm immutable

Reviewed-by: xuelei
上级 89d4b110
......@@ -26,7 +26,6 @@
package javax.security.auth.kerberos;
import java.io.*;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm;
......@@ -81,14 +80,12 @@ public final class KerberosPrincipal
public static final int KRB_NT_UID = 5;
private transient String fullName;
private transient String realm;
private transient int nameType;
private static final char NAME_REALM_SEPARATOR = '@';
/**
* Constructs a KerberosPrincipal from the provided string input. The
......@@ -233,41 +230,35 @@ public final class KerberosPrincipal
* realm in their DER-encoded form as specified in Section 5.2.2 of
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
*/
private void writeObject(ObjectOutputStream oos)
throws IOException {
throws IOException {
PrincipalName krb5Principal = null;
PrincipalName krb5Principal;
try {
krb5Principal = new PrincipalName(fullName,nameType);
krb5Principal = new PrincipalName(fullName, nameType);
oos.writeObject(krb5Principal.asn1Encode());
oos.writeObject(krb5Principal.getRealm().asn1Encode());
} catch (Exception e) {
IOException ioe = new IOException(e.getMessage());
ioe.initCause(e);
throw ioe;
throw new IOException(e);
}
}
/**
* Reads this object from a stream (i.e., deserializes it)
*/
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
throws IOException, ClassNotFoundException {
byte[] asn1EncPrincipal = (byte [])ois.readObject();
byte[] encRealm = (byte [])ois.readObject();
try {
PrincipalName krb5Principal = new PrincipalName(new
DerValue(asn1EncPrincipal));
realm = (new Realm(new DerValue(encRealm))).toString();
fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR +
realm.toString();
Realm realmObject = new Realm(new DerValue(encRealm));
PrincipalName krb5Principal = new PrincipalName(
new DerValue(asn1EncPrincipal), realmObject);
realm = realmObject.toString();
fullName = krb5Principal.toString();
nameType = krb5Principal.getNameType();
} catch (Exception e) {
IOException ioe = new IOException(e.getMessage());
ioe.initCause(e);
throw ioe;
throw new IOException(e);
}
}
......@@ -288,9 +279,7 @@ public final class KerberosPrincipal
* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.
*
* @return the name type.
*
*/
public int getNameType() {
return nameType;
}
......
......@@ -27,10 +27,8 @@ package sun.security.jgss.krb5;
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
import javax.security.auth.kerberos.*;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.KrbException;
import sun.security.krb5.ServiceName;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
......@@ -119,8 +117,8 @@ public class Krb5NameElement
hostName = components[1];
String principal = getHostBasedInstance(service, hostName);
principalName = new ServiceName(principal,
PrincipalName.KRB_NT_SRV_HST);
principalName = new PrincipalName(principal,
PrincipalName.KRB_NT_SRV_HST);
}
}
......
......@@ -464,8 +464,7 @@ public class Credentials {
System.out.println(">>> DEBUG: ----Credentials----");
System.out.println("\tclient: " + c.client.toString());
System.out.println("\tserver: " + c.server.toString());
System.out.println("\tticket: realm: " + c.ticket.realm.toString());
System.out.println("\t sname: " + c.ticket.sname.toString());
System.out.println("\tticket: sname: " + c.ticket.sname.toString());
if (c.startTime != null) {
System.out.println("\tstartTime: " + c.startTime.getTime());
}
......
......@@ -179,7 +179,6 @@ public class KrbApReq {
KrbApReq(APOptions apOptions,
Ticket ticket,
EncryptionKey key,
Realm crealm,
PrincipalName cname,
Checksum cksum,
KerberosTime ctime,
......@@ -189,7 +188,7 @@ public class KrbApReq {
throws Asn1Exception, IOException,
KdcErrException, KrbCryptoException {
init(apOptions, ticket, key, crealm, cname,
init(apOptions, ticket, key, cname,
cksum, ctime, subKey, seqNumber, authorizationData,
KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR);
......@@ -208,7 +207,6 @@ public class KrbApReq {
init(options,
tgs_creds.ticket,
tgs_creds.key,
tgs_creds.client.getRealm(),
tgs_creds.client,
cksum,
ctime,
......@@ -221,7 +219,6 @@ public class KrbApReq {
private void init(APOptions apOptions,
Ticket ticket,
EncryptionKey key,
Realm crealm,
PrincipalName cname,
Checksum cksum,
KerberosTime ctime,
......@@ -232,7 +229,7 @@ public class KrbApReq {
throws Asn1Exception, IOException,
KdcErrException, KrbCryptoException {
createMessage(apOptions, ticket, key, crealm, cname,
createMessage(apOptions, ticket, key, cname,
cksum, ctime, subKey, seqNumber, authorizationData,
usage);
obuf = apReqMessg.asn1Encode();
......@@ -289,9 +286,6 @@ public class KrbApReq {
ctime = authenticator.ctime;
cusec = authenticator.cusec;
authenticator.ctime.setMicroSeconds(authenticator.cusec);
authenticator.cname.setRealm(authenticator.crealm);
apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
if (!authenticator.cname.equals(enc_ticketPart.cname))
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
......@@ -457,7 +451,6 @@ public class KrbApReq {
private void createMessage(APOptions apOptions,
Ticket ticket,
EncryptionKey key,
Realm crealm,
PrincipalName cname,
Checksum cksum,
KerberosTime ctime,
......@@ -474,8 +467,7 @@ public class KrbApReq {
seqno = new Integer(seqNumber.current());
authenticator =
new Authenticator(crealm,
cname,
new Authenticator(cname,
cksum,
ctime.getMicroSeconds(),
ctime,
......
......@@ -48,8 +48,7 @@ abstract class KrbAppMessage {
HostAddress rAddress,
boolean timestampRequired,
boolean seqNumberRequired,
PrincipalName packetPrincipal,
Realm packetRealm)
PrincipalName packetPrincipal)
throws KrbApErrException {
if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) {
......
......@@ -152,11 +152,10 @@ class KrbAsRep extends KrbKdcRep {
DerValue encoding = new DerValue(enc_as_rep_part);
EncASRepPart enc_part = new EncASRepPart(encoding);
rep.ticket.sname.setRealm(rep.ticket.realm);
rep.encKDCRepPart = enc_part;
ASReq req = asReq.getMessage();
check(req, rep);
check(true, req, rep);
creds = new Credentials(
rep.ticket,
......
......@@ -115,10 +115,8 @@ public class KrbAsReq {
}
if (sname == null) {
sname = new PrincipalName("krbtgt" +
PrincipalName.NAME_COMPONENT_SEPARATOR +
cname.getRealmAsString(),
PrincipalName.KRB_NT_SRV_INST);
String realm = cname.getRealmAsString();
sname = PrincipalName.tgsService(realm, realm);
}
if (till == null) {
......@@ -128,7 +126,6 @@ public class KrbAsReq {
// enc-authorization-data and additional-tickets never in AS-REQ
KDCReqBody kdc_req_body = new KDCReqBody(options,
cname,
cname.getRealm(),
sname,
from,
till,
......
......@@ -99,9 +99,6 @@ public final class KrbAsReqBuilder {
// Called by other constructors
private void init(PrincipalName cname)
throws KrbException {
if (cname.getRealm() == null) {
cname.setRealm(Config.getInstance().getDefaultRealm());
}
this.cname = cname;
state = State.INIT;
}
......
......@@ -96,12 +96,11 @@ public class KrbCred {
PrincipalName princ = delegatedCreds.getClient();
Realm realm = princ.getRealm();
PrincipalName tgService = delegatedCreds.getServer();
Realm tgsRealm = tgService.getRealm();
KrbCredInfo credInfo = new KrbCredInfo(sessionKey, realm,
KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
princ, delegatedCreds.flags, delegatedCreds.authTime,
delegatedCreds.startTime, delegatedCreds.endTime,
delegatedCreds.renewTill, tgsRealm, tgService,
delegatedCreds.renewTill, tgService,
delegatedCreds.cAddr);
timeStamp = new KerberosTime(KerberosTime.NOW);
......@@ -138,19 +137,13 @@ public class KrbCred {
KrbCredInfo credInfo = encPart.ticketInfo[0];
EncryptionKey credInfoKey = credInfo.key;
Realm prealm = credInfo.prealm;
// XXX PrincipalName can store realm + principalname or
// just principal name.
PrincipalName pname = credInfo.pname;
pname.setRealm(prealm);
TicketFlags flags = credInfo.flags;
KerberosTime authtime = credInfo.authtime;
KerberosTime starttime = credInfo.starttime;
KerberosTime endtime = credInfo.endtime;
KerberosTime renewTill = credInfo.renewTill;
Realm srealm = credInfo.srealm;
PrincipalName sname = credInfo.sname;
sname.setRealm(srealm);
HostAddresses caddr = credInfo.caddr;
if (DEBUG) {
......
......@@ -45,6 +45,10 @@ public class KrbException extends Exception {
super(s);
}
public KrbException(Throwable cause) {
super(cause);
}
public KrbException(int i) {
returnCode = i;
}
......
......@@ -35,28 +35,17 @@ import sun.security.krb5.internal.*;
abstract class KrbKdcRep {
static void check(
boolean isAsReq,
KDCReq req,
KDCRep rep
) throws KrbApErrException {
if (!req.reqBody.cname.equalsWithoutRealm(rep.cname)) {
if (isAsReq && !req.reqBody.cname.equals(rep.cname)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
/**** XXX
if (!req.reqBody.crealm.equals(rep.crealm)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
*****/
if (!req.reqBody.sname.equalsWithoutRealm(rep.encKDCRepPart.sname)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
if (!req.reqBody.crealm.equals(rep.encKDCRepPart.srealm)) {
if (!req.reqBody.sname.equals(rep.encKDCRepPart.sname)) {
rep.encKDCRepPart.key.destroy();
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
......@@ -73,7 +62,6 @@ abstract class KrbKdcRep {
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
for (int i = 1; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) !=
rep.encKDCRepPart.flags.get(i)) {
......
......@@ -89,8 +89,7 @@ class KrbPriv extends KrbAppMessage {
raddr,
timestampRequired,
seqNumberRequired,
creds.client,
creds.client.getRealm()
creds.client
);
}
......@@ -151,8 +150,7 @@ class KrbPriv extends KrbAppMessage {
HostAddress rAddress,
boolean timestampRequired,
boolean seqNumberRequired,
PrincipalName cname,
Realm crealm
PrincipalName cname
) throws Asn1Exception, KdcErrException,
KrbApErrException, IOException, KrbCryptoException {
......@@ -172,8 +170,7 @@ class KrbPriv extends KrbAppMessage {
rAddress,
timestampRequired,
seqNumberRequired,
cname,
crealm
cname
);
return enc_part.userData;
......
......@@ -90,8 +90,7 @@ class KrbSafe extends KrbAppMessage {
raddr,
timestampRequired,
seqNumberRequired,
creds.client,
creds.client.getRealm()
creds.client
);
}
......@@ -154,8 +153,7 @@ class KrbSafe extends KrbAppMessage {
HostAddress rAddress,
boolean timestampRequired,
boolean seqNumberRequired,
PrincipalName cname,
Realm crealm
PrincipalName cname
) throws Asn1Exception, KdcErrException,
KrbApErrException, IOException, KrbCryptoException {
......@@ -177,8 +175,7 @@ class KrbSafe extends KrbAppMessage {
rAddress,
timestampRequired,
seqNumberRequired,
cname,
crealm
cname
);
return krb_safe.safeBody.userData;
......
......@@ -82,12 +82,11 @@ public class KrbTgsRep extends KrbKdcRep {
byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes);
ref = new DerValue(enc_tgs_rep_part);
EncTGSRepPart enc_part = new EncTGSRepPart(ref);
rep.ticket.sname.setRealm(rep.ticket.realm);
rep.encKDCRepPart = enc_part;
check(req, rep);
check(false, req, rep);
creds = new Credentials(rep.ticket,
this.creds = new Credentials(rep.ticket,
req.reqBody.cname,
rep.ticket.sname,
enc_part.key,
......@@ -99,7 +98,6 @@ public class KrbTgsRep extends KrbKdcRep {
enc_part.caddr
);
this.rep = rep;
this.creds = creds;
this.secondTicket = tgsReq.getSecondTicket();
}
......
......@@ -148,7 +148,6 @@ public class KrbTgsReq {
asCreds.key,
ctime,
princName,
princName.getRealm(),
servName,
from,
till,
......@@ -214,7 +213,6 @@ public class KrbTgsReq {
EncryptionKey key,
KerberosTime ctime,
PrincipalName cname,
Realm crealm,
PrincipalName sname,
KerberosTime from,
KerberosTime till,
......@@ -273,8 +271,6 @@ public class KrbTgsReq {
KDCReqBody reqBody = new KDCReqBody(
kdc_options,
cname,
// crealm,
sname.getRealm(), // TO
sname,
from,
req_till,
......@@ -315,7 +311,6 @@ public class KrbTgsReq {
new APOptions(),
ticket,
key,
crealm,
cname,
cksum,
ctime,
......
......@@ -38,15 +38,25 @@ import java.util.Vector;
import java.util.Locale;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import sun.security.krb5.internal.ccache.CCacheOutputStream;
import sun.security.krb5.internal.util.KerberosString;
/**
* This class encapsulates a Kerberos principal.
* Implements the ASN.1 PrincipalName type and its realm in a single class.
* <xmp>
* Realm ::= KerberosString
*
* PrincipalName ::= SEQUENCE {
* name-type [0] Int32,
* name-string [1] SEQUENCE OF KerberosString
* }
* </xmp>
* This class is immutable.
* @see Realm
*/
public class PrincipalName
implements Cloneable {
public class PrincipalName implements Cloneable {
//name types
......@@ -80,8 +90,6 @@ public class PrincipalName
*/
public static final int KRB_NT_UID = 5;
/**
* TGS Name
*/
......@@ -96,98 +104,109 @@ public class PrincipalName
public static final String NAME_REALM_SEPARATOR_STR = "@";
public static final String REALM_COMPONENT_SEPARATOR_STR = ".";
private int nameType;
private String[] nameStrings; // Principal names don't mutate often
// Instance fields.
/**
* The name type, from PrincipalName's name-type field.
*/
private final int nameType;
/**
* The name strings, from PrincipalName's name-strings field. This field
* must be neither null nor empty. Each entry of it must also be neither
* null nor empty. Make sure to clone the field when it's passed in or out.
*/
private final String[] nameStrings;
/**
* The realm this principal belongs to.
*/
private final Realm nameRealm; // not null
// cached default salt, not used in clone
private transient String salt = null;
private Realm nameRealm; // optional; a null realm means use default
// Note: the nameRealm is not included in the default ASN.1 encoding
// There are 3 basic constructors. All other constructors must call them.
// All basic constructors must call validateNameStrings.
// 1. From name components
// 2. From name
// 3. From DER encoding
// cached salt, might be changed by KDC info, not used in clone
private String salt = null;
/**
* Creates a PrincipalName.
*/
public PrincipalName(int nameType, String[] nameStrings, Realm nameRealm) {
if (nameRealm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
validateNameStrings(nameStrings);
this.nameType = nameType;
this.nameStrings = nameStrings.clone();
this.nameRealm = nameRealm;
}
protected PrincipalName() {
// This method is called by Windows NativeCred.c
public PrincipalName(String[] nameParts, String realm) throws RealmException {
this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
}
public PrincipalName(String[] nameParts, int type)
throws IllegalArgumentException, IOException {
if (nameParts == null) {
throw new IllegalArgumentException("Null input not allowed");
}
nameStrings = new String[nameParts.length];
System.arraycopy(nameParts, 0, nameStrings, 0, nameParts.length);
nameType = type;
nameRealm = null;
throws IllegalArgumentException, RealmException {
this(type, nameParts, Realm.getDefault());
}
public PrincipalName(String[] nameParts) throws IOException {
this(nameParts, KRB_NT_UNKNOWN);
// Validate a nameStrings argument
private static void validateNameStrings(String[] ns) {
if (ns == null) {
throw new IllegalArgumentException("Null nameStrings not allowed");
}
if (ns.length == 0) {
throw new IllegalArgumentException("Empty nameStrings not allowed");
}
for (String s: ns) {
if (s == null) {
throw new IllegalArgumentException("Null nameString not allowed");
}
if (s.isEmpty()) {
throw new IllegalArgumentException("Empty nameString not allowed");
}
}
}
public Object clone() {
try {
PrincipalName pName = (PrincipalName) super.clone();
// Re-assign mutable fields
if (nameStrings != null) {
pName.nameStrings = nameStrings.clone();
}
if (nameRealm != null) {
pName.nameRealm = (Realm)nameRealm.clone();
}
UNSAFE.putObject(this, NAME_STRINGS_OFFSET, nameStrings.clone());
return pName;
} catch (CloneNotSupportedException ex) {
throw new AssertionError("Should never happen");
}
}
/*
* Added to workaround a bug where the equals method that takes a
* PrincipalName is not being called but Object.equals(Object) is
* being called.
*/
public boolean equals(Object o) {
if (o instanceof PrincipalName)
return equals((PrincipalName)o);
else
return false;
}
public boolean equals(PrincipalName other) {
if (!equalsWithoutRealm(other)) {
return false;
}
if ((nameRealm != null && other.nameRealm == null) ||
(nameRealm == null && other.nameRealm != null)) {
return false;
}
if (nameRealm != null && other.nameRealm != null) {
if (!nameRealm.equals(other.nameRealm)) {
return false;
}
private static final long NAME_STRINGS_OFFSET;
private static final sun.misc.Unsafe UNSAFE;
static {
try {
sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe();
NAME_STRINGS_OFFSET = unsafe.objectFieldOffset(
PrincipalName.class.getDeclaredField("nameStrings"));
UNSAFE = unsafe;
} catch (ReflectiveOperationException e) {
throw new Error(e);
}
return true;
}
boolean equalsWithoutRealm(PrincipalName other) {
if ((nameStrings != null && other.nameStrings == null) ||
(nameStrings == null && other.nameStrings != null))
return false;
if (nameStrings != null && other.nameStrings != null) {
if (nameStrings.length != other.nameStrings.length)
return false;
for (int i = 0; i < nameStrings.length; i++)
if (!nameStrings[i].equals(other.nameStrings[i]))
return false;
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
return true;
if (o instanceof PrincipalName) {
PrincipalName other = (PrincipalName)o;
return nameRealm.equals(other.nameRealm) &&
Arrays.equals(nameStrings, other.nameStrings);
}
return false;
}
/**
......@@ -208,20 +227,23 @@ public class PrincipalName
* http://www.ietf.org/rfc/rfc4120.txt</a>.
*
* @param encoding a Der-encoded data.
* @param realm the realm for this name
* @exception Asn1Exception if an error occurs while decoding
* an ASN1 encoded data.
* @exception Asn1Exception if there is an ASN1 encoding error
* @exception IOException if an I/O error occurs
* @exception IllegalArgumentException if encoding is null
* reading encoded data.
*
*/
public PrincipalName(DerValue encoding)
throws Asn1Exception, IOException {
nameRealm = null;
public PrincipalName(DerValue encoding, Realm realm)
throws Asn1Exception, IOException {
if (realm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
nameRealm = realm;
DerValue der;
if (encoding == null) {
throw new IllegalArgumentException("Null input not allowed");
throw new IllegalArgumentException("Null encoding not allowed");
}
if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
......@@ -243,14 +265,12 @@ public class PrincipalName
DerValue subSubDer;
while(subDer.getData().available() > 0) {
subSubDer = subDer.getData().getDerValue();
v.addElement(new KerberosString(subSubDer).toString());
}
if (v.size() > 0) {
nameStrings = new String[v.size()];
v.copyInto(nameStrings);
} else {
nameStrings = new String[] {""};
String namePart = new KerberosString(subSubDer).toString();
v.addElement(namePart);
}
nameStrings = new String[v.size()];
v.copyInto(nameStrings);
validateNameStrings(nameStrings);
} else {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
......@@ -267,32 +287,35 @@ public class PrincipalName
* more marshaled value.
* @param explicitTag tag number.
* @param optional indicate if this data field is optional
* @return an instance of <code>PrincipalName</code>.
*
* @param realm the realm for the name
* @return an instance of <code>PrincipalName</code>, or null if the
* field is optional and missing.
*/
public static PrincipalName parse(DerInputStream data,
byte explicitTag, boolean
optional)
throws Asn1Exception, IOException {
optional,
Realm realm)
throws Asn1Exception, IOException, RealmException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) !=
explicitTag))
return null;
DerValue der = data.getDerValue();
if (explicitTag != (der.getTag() & (byte)0x1F))
if (explicitTag != (der.getTag() & (byte)0x1F)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
else {
} else {
DerValue subDer = der.getData().getDerValue();
return new PrincipalName(subDer);
if (realm == null) {
realm = Realm.getDefault();
}
return new PrincipalName(subDer, realm);
}
}
// This is protected because the definition of a principal
// string is fixed
// XXX Error checkin consistent with MIT krb5_parse_name
// Code repetition, realm parsed again by class Realm
protected static String[] parseName(String name) {
private static String[] parseName(String name) {
Vector<String> tempStrings = new Vector<>();
String temp = name;
......@@ -312,13 +335,13 @@ public class PrincipalName
continue;
}
else {
if (componentStart < i) {
if (componentStart <= i) {
component = temp.substring(componentStart, i);
tempStrings.addElement(component);
}
componentStart = i + 1;
}
} else
} else {
if (temp.charAt(i) == NAME_REALM_SEPARATOR) {
/*
* If this separator is escaped then don't treat it
......@@ -337,11 +360,11 @@ public class PrincipalName
break;
}
}
}
i++;
}
if (i == temp.length())
if (componentStart < i) {
if (i == temp.length()) {
component = temp.substring(componentStart, i);
tempStrings.addElement(component);
}
......@@ -351,30 +374,26 @@ public class PrincipalName
return result;
}
public PrincipalName(String name, int type)
throws RealmException {
/**
* Constructs a PrincipalName from a string.
* @param name the name
* @param type the type
* @param realm the realm, null if not known. Note that when realm is not
* null, it will be always used even if there is a realm part in name. When
* realm is null, will read realm part from name, or try to map a realm
* (for KRB_NT_SRV_HST), or use the default realm, or fail
* @throws RealmException
*/
public PrincipalName(String name, int type, String realm)
throws RealmException {
if (name == null) {
throw new IllegalArgumentException("Null name not allowed");
}
String[] nameParts = parseName(name);
Realm tempRealm = null;
String realmString = Realm.parseRealmAtSeparator(name);
if (realmString == null) {
try {
Config config = Config.getInstance();
realmString = config.getDefaultRealm();
} catch (KrbException e) {
RealmException re =
new RealmException(e.getMessage());
re.initCause(e);
throw re;
}
validateNameStrings(nameParts);
if (realm == null) {
realm = Realm.parseRealmAtSeparator(name);
}
if (realmString != null)
tempRealm = new Realm(realmString);
switch (type) {
case KRB_NT_SRV_HST:
if (nameParts.length >= 2) {
......@@ -401,18 +420,22 @@ public class PrincipalName
}
nameStrings = nameParts;
nameType = type;
if (realm != null) {
nameRealm = new Realm(realm);
} else {
// We will try to get realm name from the mapping in
// the configuration. If it is not specified
// we will use the default realm. This nametype does
// not allow a realm to be specified. The name string must of
// the form service@host and this is internally changed into
// service/host by Kerberos
String mapRealm = mapHostToRealm(nameParts[1]);
if (mapRealm != null) {
nameRealm = new Realm(mapRealm);
} else {
nameRealm = tempRealm;
String mapRealm = mapHostToRealm(nameParts[1]);
if (mapRealm != null) {
nameRealm = new Realm(mapRealm);
} else {
nameRealm = Realm.getDefault();
}
}
break;
case KRB_NT_UNKNOWN:
......@@ -422,20 +445,34 @@ public class PrincipalName
case KRB_NT_UID:
nameStrings = nameParts;
nameType = type;
nameRealm = tempRealm;
if (realm != null) {
nameRealm = new Realm(realm);
} else {
nameRealm = Realm.getDefault();
}
break;
default:
throw new IllegalArgumentException("Illegal name type");
}
}
public PrincipalName(String name, int type) throws RealmException {
this(name, type, (String)null);
}
public PrincipalName(String name) throws RealmException {
this(name, KRB_NT_UNKNOWN);
}
public PrincipalName(String name, String realm) throws RealmException {
this(name, KRB_NT_UNKNOWN);
nameRealm = new Realm(realm);
this(name, KRB_NT_UNKNOWN, realm);
}
public static PrincipalName tgsService(String r1, String r2)
throws KrbException {
return new PrincipalName(PrincipalName.KRB_NT_SRV_INST,
new String[] {PrincipalName.TGS_DEFAULT_SRV_NAME, r1},
new Realm(r2));
}
public String getRealmAsString() {
......@@ -475,29 +512,17 @@ public class PrincipalName
}
public String getRealmString() {
if (nameRealm != null)
return nameRealm.toString();
return null;
return nameRealm.toString();
}
public Realm getRealm() {
return nameRealm;
}
public void setRealm(Realm new_nameRealm) throws RealmException {
nameRealm = new_nameRealm;
}
public void setRealm(String realmsString) throws RealmException {
nameRealm = new Realm(realmsString);
}
public String getSalt() {
if (salt == null) {
StringBuffer salt = new StringBuffer();
if (nameRealm != null) {
salt.append(nameRealm.toString());
}
salt.append(nameRealm.toString());
for (int i = 0; i < nameStrings.length; i++) {
salt.append(nameStrings[i]);
}
......@@ -513,11 +538,8 @@ public class PrincipalName
str.append("/");
str.append(nameStrings[i]);
}
if (nameRealm != null) {
str.append("@");
str.append(nameRealm.toString());
}
str.append("@");
str.append(nameRealm.toString());
return str.toString();
}
......@@ -532,7 +554,8 @@ public class PrincipalName
}
/**
* Encodes a <code>PrincipalName</code> object.
* Encodes a <code>PrincipalName</code> object. Note that only the type and
* names are encoded. To encode the realm, call getRealm().asn1Encode().
* @return the byte array of the encoded PrncipalName object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
......@@ -597,12 +620,10 @@ public class PrincipalName
public void writePrincipal(CCacheOutputStream cos) throws IOException {
cos.write32(nameType);
cos.write32(nameStrings.length);
if (nameRealm != null) {
byte[] realmBytes = null;
realmBytes = nameRealm.toString().getBytes();
cos.write32(realmBytes.length);
cos.write(realmBytes, 0, realmBytes.length);
}
byte[] realmBytes = null;
realmBytes = nameRealm.toString().getBytes();
cos.write32(realmBytes.length);
cos.write(realmBytes, 0, realmBytes.length);
byte[] bytes = null;
for (int i = 0; i < nameStrings.length; i++) {
bytes = nameStrings[i].getBytes();
......@@ -611,31 +632,6 @@ public class PrincipalName
}
}
/**
* Creates a KRB_NT_SRV_INST name from the supplied
* name components and realm.
* @param primary the primary component of the name
* @param instance the instance component of the name
* @param realm the realm
* @throws KrbException
*/
protected PrincipalName(String primary, String instance, String realm,
int type)
throws KrbException {
if (type != KRB_NT_SRV_INST) {
throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name type");
}
String[] nParts = new String[2];
nParts[0] = primary;
nParts[1] = instance;
this.nameStrings = nParts;
this.nameRealm = new Realm(realm);
this.nameType = type;
}
/**
* Returns the instance component of a name.
* In a multi-component name such as a KRB_NT_SRV_INST
......
......@@ -46,24 +46,29 @@ import sun.security.krb5.internal.util.KerberosString;
* <xmp>
* Realm ::= GeneralString
* </xmp>
* This class is immutable.
*/
public class Realm implements Cloneable {
private String realm;
private final String realm; // not null nor empty
private static boolean DEBUG = Krb5.DEBUG;
private Realm() {
}
public Realm(String name) throws RealmException {
realm = parseRealm(name);
}
public Object clone() {
Realm new_realm = new Realm();
if (realm != null) {
new_realm.realm = new String(realm);
public static Realm getDefault() throws RealmException {
try {
return new Realm(Config.getInstance().getDefaultRealm());
} catch (RealmException re) {
throw re;
} catch (KrbException ke) {
throw new RealmException(ke);
}
return new_realm;
}
// Immutable class, no need to clone
public Object clone() {
return this;
}
public boolean equals(Object obj) {
......@@ -76,21 +81,11 @@ public class Realm implements Cloneable {
}
Realm that = (Realm)obj;
if (this.realm != null && that.realm != null ) {
return this.realm.equals(that.realm);
} else {
return (this.realm == null && that.realm == null);
}
return this.realm.equals(that.realm);
}
public int hashCode() {
int result = 17 ;
if( realm != null ) {
result = 37 * result + realm.hashCode();
}
return result;
return realm.hashCode();
}
/**
......@@ -116,6 +111,7 @@ public class Realm implements Cloneable {
return realm;
}
// Extract realm from a string like dummy@REALM
public static String parseRealmAtSeparator(String name)
throws RealmException {
if (name == null) {
......@@ -128,8 +124,12 @@ public class Realm implements Cloneable {
while (i < temp.length()) {
if (temp.charAt(i) == PrincipalName.NAME_REALM_SEPARATOR) {
if (i == 0 || temp.charAt(i - 1) != '\\') {
if (i + 1 < temp.length())
if (i + 1 < temp.length()) {
result = temp.substring(i + 1, temp.length());
} else {
throw new IllegalArgumentException
("empty realm part not allowed");
}
break;
}
}
......@@ -219,7 +219,8 @@ public class Realm implements Cloneable {
* @return an instance of Realm.
*
*/
public static Realm parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException, RealmException {
public static Realm parse(DerInputStream data, byte explicitTag, boolean optional)
throws Asn1Exception, IOException, RealmException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) {
return null;
}
......
......@@ -47,4 +47,7 @@ public class RealmException extends KrbException {
super(i,s);
}
public RealmException(Throwable cause) {
super(cause);
}
}
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
*
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
* Copyright 1997 The Open Group Research Institute. All rights reserved.
*/
package sun.security.krb5;
import java.net.InetAddress;
import java.net.UnknownHostException;
public class ServiceName extends PrincipalName {
public ServiceName(String name, int type) throws RealmException {
super(name, type);
}
public ServiceName(String name) throws RealmException {
this(name, PrincipalName.KRB_NT_UNKNOWN);
}
public ServiceName(String name, String realm) throws RealmException {
this(name, PrincipalName.KRB_NT_UNKNOWN);
setRealm(realm);
}
public ServiceName (String service, String instance, String realm)
throws KrbException
{
super(service, instance, realm, PrincipalName.KRB_NT_SRV_INST);
}
}
......@@ -42,11 +42,10 @@ public class ASRep extends KDCRep {
public ASRep(
PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname,
Ticket new_ticket,
EncryptedData new_encPart) throws IOException {
super(new_pAData, new_crealm, new_cname, new_ticket,
super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_AS_REP);
}
......
......@@ -61,7 +61,6 @@ import java.math.BigInteger;
public class Authenticator {
public int authenticator_vno;
public Realm crealm;
public PrincipalName cname;
Checksum cksum; //optional
public int cusec;
......@@ -71,7 +70,6 @@ public class Authenticator {
public AuthorizationData authorizationData; //optional
public Authenticator(
Realm new_crealm,
PrincipalName new_cname,
Checksum new_cksum,
int new_cusec,
......@@ -80,7 +78,6 @@ public class Authenticator {
Integer new_seqNumber,
AuthorizationData new_authorizationData) {
authenticator_vno = Krb5.AUTHNETICATOR_VNO;
crealm = new_crealm;
cname = new_cname;
cksum = new_cksum;
cusec = new_cusec;
......@@ -131,8 +128,8 @@ public class Authenticator {
if (authenticator_vno != 5) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
}
crealm = Realm.parse(der.getData(), (byte) 0x01, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x02, false);
Realm crealm = Realm.parse(der.getData(), (byte) 0x01, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x02, false, crealm);
cksum = Checksum.parse(der.getData(), (byte) 0x03, true);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) == 0x04) {
......@@ -180,7 +177,7 @@ public class Authenticator {
DerOutputStream temp = new DerOutputStream();
temp.putInteger(BigInteger.valueOf(authenticator_vno));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), cname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode()));
if (cksum != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode()));
......
......@@ -72,23 +72,9 @@ rs.
public static Credentials acquireServiceCreds(
String service, Credentials ccreds)
throws KrbException, IOException {
ServiceName sname = new ServiceName(service);
PrincipalName sname = new PrincipalName(service);
String serviceRealm = sname.getRealmString();
String localRealm = ccreds.getClient().getRealmString();
String defaultRealm = Config.getInstance().getDefaultRealm();
if (localRealm == null) {
PrincipalName temp = null;
if ((temp = ccreds.getServer()) != null)
localRealm = temp.getRealmString();
}
if (localRealm == null) {
localRealm = defaultRealm;
}
if (serviceRealm == null) {
serviceRealm = localRealm;
sname.setRealm(serviceRealm);
}
/*
if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
......@@ -128,13 +114,12 @@ rs.
int i = 0, k = 0;
Credentials cTgt = null, newTgt = null, theTgt = null;
ServiceName tempService = null;
PrincipalName tempService = null;
String realm = null, newTgtRealm = null, theTgtRealm = null;
for (cTgt = ccreds, i = 0; i < realms.length;)
{
tempService = new ServiceName(PrincipalName.TGS_DEFAULT_SRV_NAME,
serviceRealm, realms[i]);
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
if (DEBUG)
{
......@@ -164,9 +149,7 @@ rs.
newTgt == null && k > i; k--)
{
tempService = new ServiceName(
PrincipalName.TGS_DEFAULT_SRV_NAME,
realms[k], realms[i]);
tempService = PrincipalName.tgsService(realms[k], realms[i]);
if (DEBUG)
{
System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
......@@ -306,7 +289,7 @@ rs.
* This method does the real job to request the service credential.
*/
private static Credentials serviceCreds(
ServiceName service, Credentials ccreds)
PrincipalName service, Credentials ccreds)
throws KrbException, IOException {
return new KrbTgsReq(ccreds, service).sendAndGetCreds();
}
......
......@@ -46,7 +46,6 @@ public class EncASRepPart extends EncKDCRepPart {
KerberosTime new_starttime,
KerberosTime new_endtime,
KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname,
HostAddresses new_caddr) {
super(
......@@ -59,7 +58,6 @@ public class EncASRepPart extends EncKDCRepPart {
new_starttime,
new_endtime,
new_renewTill,
new_srealm,
new_sname,
new_caddr,
Krb5.KRB_ENC_AS_REP_PART
......
......@@ -74,7 +74,6 @@ public class EncKDCRepPart {
public KerberosTime starttime; //optional
public KerberosTime endtime;
public KerberosTime renewTill; //optional
public Realm srealm;
public PrincipalName sname;
public HostAddresses caddr; //optional
public int msgType; //not included in sequence
......@@ -89,7 +88,6 @@ public class EncKDCRepPart {
KerberosTime new_starttime,
KerberosTime new_endtime,
KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname,
HostAddresses new_caddr,
int new_msgType) {
......@@ -102,7 +100,6 @@ public class EncKDCRepPart {
starttime = new_starttime;
endtime = new_endtime;
renewTill = new_renewTill;
srealm = new_srealm;
sname = new_sname;
caddr = new_caddr;
msgType = new_msgType;
......@@ -158,8 +155,8 @@ public class EncKDCRepPart {
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
srealm = Realm.parse(der.getData(), (byte) 0x09, false);
sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false);
Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false);
sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm);
if (der.getData().available() > 0) {
caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
}
......@@ -206,7 +203,7 @@ public class EncKDCRepPart {
true, (byte) 0x08), renewTill.asn1Encode());
}
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x09), srealm.asn1Encode());
true, (byte) 0x09), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x0A), sname.asn1Encode());
if (caddr != null) {
......
......@@ -45,7 +45,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
KerberosTime new_starttime,
KerberosTime new_endtime,
KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname,
HostAddresses new_caddr) {
super(
......@@ -58,7 +57,6 @@ public class EncTGSRepPart extends EncKDCRepPart {
new_starttime,
new_endtime,
new_renewTill,
new_srealm,
new_sname,
new_caddr,
Krb5.KRB_ENC_TGS_REP_PART);
......
......@@ -65,7 +65,6 @@ public class EncTicketPart {
public TicketFlags flags;
public EncryptionKey key;
public Realm crealm;
public PrincipalName cname;
public TransitedEncoding transited;
public KerberosTime authtime;
......@@ -78,7 +77,6 @@ public class EncTicketPart {
public EncTicketPart(
TicketFlags new_flags,
EncryptionKey new_key,
Realm new_crealm,
PrincipalName new_cname,
TransitedEncoding new_transited,
KerberosTime new_authtime,
......@@ -89,7 +87,6 @@ public class EncTicketPart {
AuthorizationData new_authorizationData) {
flags = new_flags;
key = new_key;
crealm = new_crealm;
cname = new_cname;
transited = new_transited;
authtime = new_authtime;
......@@ -151,8 +148,8 @@ public class EncTicketPart {
}
flags = TicketFlags.parse(der.getData(), (byte) 0x00, false);
key = EncryptionKey.parse(der.getData(), (byte) 0x01, false);
crealm = Realm.parse(der.getData(), (byte) 0x02, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x03, false);
Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm);
transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false);
authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
......@@ -186,7 +183,7 @@ public class EncTicketPart {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x01), key.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x02), crealm.asn1Encode());
true, (byte) 0x02), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x03), cname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
......
......@@ -61,7 +61,6 @@ import java.math.BigInteger;
*/
public class KDCRep {
public Realm crealm;
public PrincipalName cname;
public Ticket ticket;
public EncryptedData encPart;
......@@ -73,7 +72,6 @@ public class KDCRep {
public KDCRep(
PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname,
Ticket new_ticket,
EncryptedData new_encPart,
......@@ -90,7 +88,6 @@ public class KDCRep {
}
}
}
crealm = new_crealm;
cname = new_cname;
ticket = new_ticket;
encPart = new_encPart;
......@@ -174,8 +171,8 @@ public class KDCRep {
} else {
pAData = null;
}
crealm = Realm.parse(der.getData(), (byte) 0x03, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x04, false);
Realm crealm = Realm.parse(der.getData(), (byte) 0x03, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x04, false, crealm);
ticket = Ticket.parse(der.getData(), (byte) 0x05, false);
encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false);
if (der.getData().available() > 0) {
......@@ -212,7 +209,7 @@ public class KDCRep {
true, (byte) 0x02), temp);
}
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x03), crealm.asn1Encode());
true, (byte) 0x03), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x04), cname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
......
......@@ -72,7 +72,6 @@ import java.math.BigInteger;
public class KDCReqBody {
public KDCOptions kdcOptions;
public PrincipalName cname; //optional in ASReq only
public Realm crealm;
public PrincipalName sname; //optional
public KerberosTime from; //optional
public KerberosTime till;
......@@ -87,7 +86,6 @@ public class KDCReqBody {
public KDCReqBody(
KDCOptions new_kdcOptions,
PrincipalName new_cname, //optional in ASReq only
Realm new_crealm,
PrincipalName new_sname, //optional
KerberosTime new_from, //optional
KerberosTime new_till,
......@@ -100,7 +98,6 @@ public class KDCReqBody {
) throws IOException {
kdcOptions = new_kdcOptions;
cname = new_cname;
crealm = new_crealm;
sname = new_sname;
from = new_from;
till = new_till;
......@@ -142,12 +139,22 @@ public class KDCReqBody {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false);
cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true);
// cname only appears in AS-REQ and it shares the realm field with
// sname. This is the only place where realm comes after the name.
// We first give cname a fake realm and reassign it the correct
// realm after the realm field is read.
cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true,
new Realm("PLACEHOLDER"));
if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
crealm = Realm.parse(encoding.getData(), (byte)0x02, false);
sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true);
Realm realm = Realm.parse(encoding.getData(), (byte)0x02, false);
if (cname != null) {
cname = new PrincipalName(
cname.getNameType(), cname.getNameStrings(), realm);
}
sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true, realm);
from = KerberosTime.parse(encoding.getData(), (byte)0x04, true);
till = KerberosTime.parse(encoding.getData(), (byte)0x05, false);
rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true);
......@@ -223,9 +230,11 @@ public class KDCReqBody {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode()));
}
}
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode()));
if (sname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode()));
} else if (cname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.getRealm().asn1Encode()));
}
if (from != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode()));
......
......@@ -90,9 +90,7 @@ public class KRBError implements java.io.Serializable {
private KerberosTime sTime;
private Integer suSec;
private int errorCode;
private Realm crealm; //optional
private PrincipalName cname; //optional
private Realm realm;
private PrincipalName sname;
private String eText; //optional
private byte[] eData; //optional
......@@ -128,9 +126,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime new_sTime,
Integer new_suSec,
int new_errorCode,
Realm new_crealm,
PrincipalName new_cname,
Realm new_realm,
PrincipalName new_sname,
String new_eText,
byte[] new_eData
......@@ -142,9 +138,7 @@ public class KRBError implements java.io.Serializable {
sTime = new_sTime;
suSec = new_suSec;
errorCode = new_errorCode;
crealm = new_crealm;
cname = new_cname;
realm = new_realm;
sname = new_sname;
eText = new_eText;
eData = new_eData;
......@@ -159,9 +153,7 @@ public class KRBError implements java.io.Serializable {
KerberosTime new_sTime,
Integer new_suSec,
int new_errorCode,
Realm new_crealm,
PrincipalName new_cname,
Realm new_realm,
PrincipalName new_sname,
String new_eText,
byte[] new_eData,
......@@ -174,9 +166,7 @@ public class KRBError implements java.io.Serializable {
sTime = new_sTime;
suSec = new_suSec;
errorCode = new_errorCode;
crealm = new_crealm;
cname = new_cname;
realm = new_realm;
sname = new_sname;
eText = new_eText;
eData = new_eData;
......@@ -359,10 +349,10 @@ public class KRBError implements java.io.Serializable {
errorCode = subDer.getData().getBigInteger().intValue();
}
else throw new Asn1Exception(Krb5.ASN1_BAD_ID);
crealm = Realm.parse(der.getData(), (byte)0x07, true);
cname = PrincipalName.parse(der.getData(), (byte)0x08, true);
realm = Realm.parse(der.getData(), (byte)0x09, false);
sname = PrincipalName.parse(der.getData(), (byte)0x0A, false);
Realm crealm = Realm.parse(der.getData(), (byte)0x07, true);
cname = PrincipalName.parse(der.getData(), (byte)0x08, true, crealm);
Realm realm = Realm.parse(der.getData(), (byte)0x09, false);
sname = PrincipalName.parse(der.getData(), (byte)0x0A, false, realm);
eText = null;
eData = null;
eCksum = null;
......@@ -403,15 +393,9 @@ public class KRBError implements java.io.Serializable {
System.out.println("\t suSec is " + suSec);
System.out.println("\t error code is " + errorCode);
System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
if (crealm != null) {
System.out.println("\t crealm is " + crealm.toString());
}
if (cname != null) {
System.out.println("\t cname is " + cname.toString());
}
if (realm != null) {
System.out.println("\t realm is " + realm.toString());
}
if (sname != null) {
System.out.println("\t sname is " + sname.toString());
}
......@@ -458,14 +442,12 @@ public class KRBError implements java.io.Serializable {
temp.putInteger(BigInteger.valueOf(errorCode));
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), temp);
if (crealm != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), crealm.asn1Encode());
}
if (cname != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), cname.asn1Encode());
}
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), realm.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode());
if (eText != null) {
......@@ -506,9 +488,7 @@ public class KRBError implements java.io.Serializable {
isEqual(sTime, other.sTime) &&
isEqual(suSec, other.suSec) &&
errorCode == other.errorCode &&
isEqual(crealm, other.crealm) &&
isEqual(cname, other.cname) &&
isEqual(realm, other.realm) &&
isEqual(sname, other.sname) &&
isEqual(eText, other.eText) &&
java.util.Arrays.equals(eData, other.eData) &&
......@@ -528,9 +508,7 @@ public class KRBError implements java.io.Serializable {
if (sTime != null) result = 37 * result + sTime.hashCode();
if (suSec != null) result = 37 * result + suSec.hashCode();
result = 37 * result + errorCode;
if (crealm != null) result = 37 * result + crealm.hashCode();
if (cname != null) result = 37 * result + cname.hashCode();
if (realm != null) result = 37 * result + realm.hashCode();
if (sname != null) result = 37 * result + sname.hashCode();
if (eText != null) result = 37 * result + eText.hashCode();
result = 37 * result + Arrays.hashCode(eData);
......
......@@ -63,14 +63,12 @@ import java.io.IOException;
public class KrbCredInfo {
public EncryptionKey key;
public Realm prealm; //optional
public PrincipalName pname; //optional
public TicketFlags flags; //optional
public KerberosTime authtime; //optional
public KerberosTime starttime; //optional
public KerberosTime endtime; //optional
public KerberosTime renewTill; //optional
public Realm srealm; //optional
public PrincipalName sname; //optional
public HostAddresses caddr; //optional
......@@ -79,26 +77,22 @@ public class KrbCredInfo {
public KrbCredInfo(
EncryptionKey new_key,
Realm new_prealm,
PrincipalName new_pname,
TicketFlags new_flags,
KerberosTime new_authtime,
KerberosTime new_starttime,
KerberosTime new_endtime,
KerberosTime new_renewTill,
Realm new_srealm,
PrincipalName new_sname,
HostAddresses new_caddr
) {
key = new_key;
prealm = new_prealm;
pname = new_pname;
flags = new_flags;
authtime = new_authtime;
starttime = new_starttime;
endtime = new_endtime;
renewTill = new_renewTill;
srealm = new_srealm;
sname = new_sname;
caddr = new_caddr;
}
......@@ -115,21 +109,20 @@ public class KrbCredInfo {
if (encoding.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
prealm = null;
pname = null;
flags = null;
authtime = null;
starttime = null;
endtime = null;
renewTill = null;
srealm = null;
sname = null;
caddr = null;
key = EncryptionKey.parse(encoding.getData(), (byte)0x00, false);
Realm prealm = null, srealm = null;
if (encoding.getData().available() > 0)
prealm = Realm.parse(encoding.getData(), (byte)0x01, true);
if (encoding.getData().available() > 0)
pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true);
pname = PrincipalName.parse(encoding.getData(), (byte)0x02, true, prealm);
if (encoding.getData().available() > 0)
flags = TicketFlags.parse(encoding.getData(), (byte)0x03, true);
if (encoding.getData().available() > 0)
......@@ -143,7 +136,7 @@ public class KrbCredInfo {
if (encoding.getData().available() > 0)
srealm = Realm.parse(encoding.getData(), (byte)0x08, true);
if (encoding.getData().available() > 0)
sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true);
sname = PrincipalName.parse(encoding.getData(), (byte)0x09, true, srealm);
if (encoding.getData().available() > 0)
caddr = HostAddresses.parse(encoding.getData(), (byte)0x0A, true);
if (encoding.getData().available() > 0)
......@@ -159,10 +152,10 @@ public class KrbCredInfo {
public byte[] asn1Encode() throws Asn1Exception, IOException {
Vector<DerValue> v = new Vector<>();
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode()));
if (prealm != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode()));
if (pname != null)
if (pname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), pname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode()));
}
if (flags != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode()));
if (authtime != null)
......@@ -173,10 +166,10 @@ public class KrbCredInfo {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode()));
if (renewTill != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode()));
if (srealm != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode()));
if (sname != null)
if (sname != null) {
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), sname.getRealm().asn1Encode()));
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode()));
}
if (caddr != null)
v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode()));
DerValue der[] = new DerValue[v.size()];
......@@ -190,8 +183,6 @@ public class KrbCredInfo {
KrbCredInfo kcred = new KrbCredInfo();
kcred.key = (EncryptionKey)key.clone();
// optional fields
if (prealm != null)
kcred.prealm = (Realm)prealm.clone();
if (pname != null)
kcred.pname = (PrincipalName)pname.clone();
if (flags != null)
......@@ -204,8 +195,6 @@ public class KrbCredInfo {
kcred.endtime = (KerberosTime)endtime.clone();
if (renewTill != null)
kcred.renewTill = (KerberosTime)renewTill.clone();
if (srealm != null)
kcred.srealm = (Realm)srealm.clone();
if (sname != null)
kcred.sname = (PrincipalName)sname.clone();
if (caddr != null)
......
......@@ -42,12 +42,11 @@ public class TGSRep extends KDCRep {
public TGSRep(
PAData[] new_pAData,
Realm new_crealm,
PrincipalName new_cname,
Ticket new_ticket,
EncryptedData new_encPart
) throws IOException {
super(new_pAData, new_crealm, new_cname, new_ticket,
super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_TGS_REP);
}
......
......@@ -60,7 +60,6 @@ import java.math.BigInteger;
public class Ticket implements Cloneable {
public int tkt_vno;
public Realm realm;
public PrincipalName sname;
public EncryptedData encPart;
......@@ -69,7 +68,6 @@ public class Ticket implements Cloneable {
public Object clone() {
Ticket new_ticket = new Ticket();
new_ticket.realm = (Realm)realm.clone();
new_ticket.sname = (PrincipalName)sname.clone();
new_ticket.encPart = (EncryptedData)encPart.clone();
new_ticket.tkt_vno = tkt_vno;
......@@ -77,12 +75,10 @@ public class Ticket implements Cloneable {
}
public Ticket(
Realm new_realm,
PrincipalName new_sname,
EncryptedData new_encPart
) {
tkt_vno = Krb5.TICKET_VNO;
realm = new_realm;
sname = new_sname;
encPart = new_encPart;
}
......@@ -123,8 +119,8 @@ public class Ticket implements Cloneable {
tkt_vno = subDer.getData().getBigInteger().intValue();
if (tkt_vno != Krb5.TICKET_VNO)
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
realm = Realm.parse(der.getData(), (byte)0x01, false);
sname = PrincipalName.parse(der.getData(), (byte)0x02, false);
Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() > 0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
......@@ -142,7 +138,7 @@ public class Ticket implements Cloneable {
DerValue der[] = new DerValue[4];
temp.putInteger(BigInteger.valueOf(tkt_vno));
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), realm.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), sname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode());
temp = new DerOutputStream();
......
......@@ -114,7 +114,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
// made public for KinitOptions to call directly
public PrincipalName readPrincipal(int version) throws IOException, RealmException {
int type, length, namelength, kret;
PrincipalName p;
String[] pname = null;
String realm;
/* Read principal type */
......@@ -144,11 +143,13 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
realm = result[0];
pname = new String[length];
System.arraycopy(result, 1, pname, 0, length);
p = new PrincipalName(pname, type);
p.setRealm(realm);
return new PrincipalName(type, pname, new Realm(realm));
}
try {
return new PrincipalName(result, type);
} catch (RealmException re) {
return null;
}
else p = new PrincipalName(result, type);
return p;
}
/*
......@@ -342,10 +343,10 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
PrincipalName cpname = readPrincipal(version);
if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname.toString());
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
PrincipalName spname = readPrincipal(version);
if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname.toString());
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
EncryptionKey key = readKey(version);
if (DEBUG)
System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
......
......@@ -36,9 +36,7 @@ import sun.security.krb5.internal.*;
public class Credentials {
PrincipalName cname;
Realm crealm;
PrincipalName sname;
Realm srealm;
EncryptionKey key;
KerberosTime authtime;
KerberosTime starttime;//optional
......@@ -67,15 +65,7 @@ public class Credentials {
Ticket new_ticket,
Ticket new_secondTicket) {
cname = (PrincipalName) new_cname.clone();
if (new_cname.getRealm() != null) {
crealm = (Realm) new_cname.getRealm().clone();
}
sname = (PrincipalName) new_sname.clone();
if (new_sname.getRealm() != null) {
srealm = (Realm) new_sname.getRealm().clone();
}
key = (EncryptionKey) new_key.clone();
authtime = (KerberosTime) new_authtime.clone();
......@@ -110,7 +100,6 @@ public class Credentials {
{
return;
}
crealm = (Realm) kdcRep.crealm.clone();
cname = (PrincipalName) kdcRep.cname.clone();
ticket = (Ticket) kdcRep.ticket.clone();
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
......@@ -123,7 +112,6 @@ public class Credentials {
if (kdcRep.encKDCRepPart.renewTill != null) {
renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
}
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
secondTicket = (Ticket) new_secondTicket.clone();
......@@ -138,17 +126,7 @@ public class Credentials {
public Credentials(KDCRep kdcRep, Ticket new_ticket) {
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
try {
sname.setRealm(srealm);
} catch (RealmException e) {
}
cname = (PrincipalName) kdcRep.cname.clone();
crealm = (Realm) kdcRep.crealm.clone();
try {
cname.setRealm(crealm);
} catch (RealmException e) {
}
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
if (kdcRep.encKDCRepPart.starttime != null) {
......@@ -202,9 +180,6 @@ public class Credentials {
}
public PrincipalName getServicePrincipal() throws RealmException {
if (sname.getRealm() == null) {
sname.setRealm(srealm);
}
return sname;
}
......
......@@ -120,6 +120,6 @@ public abstract class CredentialsCache {
public abstract void save() throws IOException, KrbException;
public abstract Credentials[] getCredsList();
public abstract Credentials getDefaultCreds();
public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ;
public abstract Credentials getCreds(LoginOptions options, PrincipalName sname, Realm srealm) ;
public abstract Credentials getCreds(PrincipalName sname);
public abstract Credentials getCreds(LoginOptions options, PrincipalName sname);
}
......@@ -59,7 +59,6 @@ public class FileCredentialsCache extends CredentialsCache
public int version;
public Tag tag; // optional
public PrincipalName primaryPrincipal;
public Realm primaryRealm;
private Vector<Credentials> credentialsList;
private static String dir;
private static boolean DEBUG = Krb5.DEBUG;
......@@ -79,7 +78,6 @@ public class FileCredentialsCache extends CredentialsCache
}
if (principal != null) {
fcc.primaryPrincipal = principal;
fcc.primaryRealm = principal.getRealm();
}
fcc.load(cacheName);
return fcc;
......@@ -153,7 +151,6 @@ public class FileCredentialsCache extends CredentialsCache
synchronized void init(PrincipalName principal, String name)
throws IOException, KrbException {
primaryPrincipal = principal;
primaryRealm = principal.getRealm();
CCacheOutputStream cos =
new CCacheOutputStream(new FileOutputStream(name));
version = KRB5_FCC_FVNO_3;
......@@ -183,7 +180,6 @@ public class FileCredentialsCache extends CredentialsCache
}
} else
primaryPrincipal = p;
primaryRealm = primaryPrincipal.getRealm();
credentialsList = new Vector<Credentials> ();
while (cis.available() > 0) {
Credentials cred = cis.readCred(version);
......@@ -291,18 +287,16 @@ public class FileCredentialsCache extends CredentialsCache
}
public Credentials getCreds(LoginOptions options,
PrincipalName sname, Realm srealm) {
public Credentials getCreds(LoginOptions options, PrincipalName sname) {
if (options == null) {
return getCreds(sname, srealm);
return getCreds(sname);
} else {
Credentials[] list = getCredsList();
if (list == null) {
return null;
} else {
for (int i = 0; i < list.length; i++) {
if (sname.match(list[i].sname) &&
(srealm.toString().equals(list[i].srealm.toString()))) {
if (sname.match(list[i].sname)) {
if (list[i].flags.match(options)) {
return list[i];
}
......@@ -317,16 +311,14 @@ public class FileCredentialsCache extends CredentialsCache
/**
* Gets a credentials for a specified service.
* @param sname service principal name.
* @param srealm the realm that the service belongs to.
*/
public Credentials getCreds(PrincipalName sname, Realm srealm) {
public Credentials getCreds(PrincipalName sname) {
Credentials[] list = getCredsList();
if (list == null) {
return null;
} else {
for (int i = 0; i < list.length; i++) {
if (sname.match(list[i].sname) &&
(srealm.toString().equals(list[i].srealm.toString()))) {
if (sname.match(list[i].sname)) {
return list[i];
}
}
......@@ -343,7 +335,7 @@ public class FileCredentialsCache extends CredentialsCache
if (list[i].sname.toString().startsWith("krbtgt")) {
String[] nameStrings = list[i].sname.getNameStrings();
// find the TGT for the current realm krbtgt/realm@realm
if (nameStrings[1].equals(list[i].srealm.toString())) {
if (nameStrings[1].equals(list[i].sname.getRealm().toString())) {
return list[i];
}
}
......
......@@ -64,7 +64,7 @@ public abstract class MemoryCredentialsCache extends CredentialsCache {
public abstract Credentials[] getCredsList();
public abstract Credentials getCreds(PrincipalName sname, Realm srealm) ;
public abstract Credentials getCreds(PrincipalName sname) ;
public abstract PrincipalName getPrimaryPrincipal();
......
......@@ -83,8 +83,7 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
}
int nameType = read(4);
index -= 4;
PrincipalName service = new PrincipalName(nameParts, nameType);
service.setRealm(realm);
PrincipalName service = new PrincipalName(nameType, nameParts, realm);
KerberosTime timeStamp = readTimeStamp();
int keyVersion = read() & 0xff;
......
......@@ -163,7 +163,7 @@ public final class KerberosClientKeyExchangeImpl
EncryptedData encPart = t.encPart;
PrincipalName ticketSname = t.sname;
Realm ticketRealm = t.realm;
Realm ticketRealm = t.sname.getRealm();
String serverPrincipal = serverKeys[0].getPrincipal().getName();
......@@ -175,8 +175,7 @@ public final class KerberosClientKeyExchangeImpl
*/
// Check that ticket Sname matches serverPrincipal
String ticketPrinc = ticketSname.toString().concat("@" +
ticketRealm.toString());
String ticketPrinc = ticketSname.toString();
if (!ticketPrinc.equals(serverPrincipal)) {
if (debug != null && Debug.isOn("handshake"))
System.out.println("Service principal in Ticket does not"
......@@ -224,7 +223,6 @@ public final class KerberosClientKeyExchangeImpl
if (debug != null && Debug.isOn("handshake")) {
System.out.println("server principal: " + serverPrincipal);
System.out.println("realm: " + encTicketPart.crealm.toString());
System.out.println("cname: " + encTicketPart.cname.toString());
}
} catch (IOException e) {
......
......@@ -206,9 +206,7 @@ public class Kinit {
System.out.println(">>> Kinit realm name is " + realm);
}
PrincipalName sname = new PrincipalName("krbtgt" + "/" + realm,
PrincipalName.KRB_NT_SRV_INST);
sname.setRealm(realm);
PrincipalName sname = PrincipalName.tgsService(realm, realm);
builder.setTarget(sname);
if (DEBUG) {
......
......@@ -146,15 +146,6 @@ class KinitOptions {
"Principal name: " + p +
e.getMessage());
}
if (principal.getRealm() == null) {
String realm =
Config.getInstance().getDefault("default_realm",
"libdefaults");
if (realm != null) {
principal.setRealm(realm);
} else throw new IllegalArgumentException("invalid " +
"Realm name");
}
} else if (this.password == null) {
// Have already processed a Principal, this must be a password
password = args[i].toCharArray();
......@@ -175,16 +166,6 @@ class KinitOptions {
}
PrincipalName getDefaultPrincipal() {
String cname;
String realm = null;
try {
realm = Config.getInstance().getDefaultRealm();
} catch (KrbException e) {
System.out.println ("Can not get default realm " +
e.getMessage());
e.printStackTrace();
return null;
}
// get default principal name from the cachename if it is
// available.
......@@ -204,10 +185,6 @@ class KinitOptions {
}
PrincipalName p = cis.readPrincipal(version);
cis.close();
String temp = p.getRealmString();
if (temp == null) {
p.setRealm(realm);
}
if (DEBUG) {
System.out.println(">>>KinitOptions principal name from "+
"the cache is :" + p);
......@@ -230,19 +207,15 @@ class KinitOptions {
System.out.println(">>>KinitOptions default username is :"
+ username);
}
if (realm != null) {
try {
PrincipalName p = new PrincipalName(username);
if (p.getRealm() == null)
p.setRealm(realm);
return p;
} catch (RealmException e) {
// ignore exception , return null
if (DEBUG) {
System.out.println ("Exception in getting principal " +
"name " + e.getMessage());
e.printStackTrace();
}
try {
PrincipalName p = new PrincipalName(username);
return p;
} catch (RealmException e) {
// ignore exception , return null
if (DEBUG) {
System.out.println ("Exception in getting principal " +
"name " + e.getMessage());
e.printStackTrace();
}
}
return null;
......
......@@ -273,9 +273,6 @@ public class Ktab {
PrincipalName pname = null;
try {
pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
} catch (KrbException e) {
System.err.println("Failed to add " + principal +
" to keytab.");
......@@ -382,9 +379,6 @@ public class Ktab {
PrincipalName pname = null;
try {
pname = new PrincipalName(principal);
if (pname.getRealm() == null) {
pname.setRealm(Config.getInstance().getDefaultRealm());
}
if (!forced) {
String answer;
BufferedReader cis =
......
......@@ -67,7 +67,6 @@ jmethodID encryptionKeyConstructor = 0;
jmethodID ticketFlagsConstructor = 0;
jmethodID kerberosTimeConstructor = 0;
jmethodID krbcredsConstructor = 0;
jmethodID setRealmMethod = 0;
/*
* Function prototypes for internal routines
......@@ -279,7 +278,7 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
}
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
"<init>", "([Ljava/lang/String;)V");
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
if (principalNameConstructor == 0) {
printf("LSA: Couldn't find PrincipalName constructor\n");
return JNI_ERR;
......@@ -318,14 +317,6 @@ JNIEXPORT jint JNICALL JNI_OnLoad(
printf("LSA: Found KerberosTime constructor\n");
}
// load the setRealm method in PrincipalName
setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
"setRealm", "(Ljava/lang/String;)V");
if (setRealmMethod == 0) {
printf("LSA: Couldn't find setRealm in PrincipalName\n");
return JNI_ERR;
}
if (native_debug) {
printf("LSA: Finished OnLoad processing\n");
}
......@@ -952,13 +943,12 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
// Do I have to worry about storage reclamation here?
}
principal = (*env)->NewObject(env, principalNameClass,
principalNameConstructor, stringArray);
// now set the realm in the principal
realmLen = (ULONG)wcslen((PWCHAR)realm);
realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen);
(*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr);
principal = (*env)->NewObject(env, principalNameClass,
principalNameConstructor, stringArray, realmStr);
// free local resources
LocalFree(realm);
......
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6856069
* @summary PrincipalName.clone() does not invoke super.clone()
*/
import sun.security.krb5.ServiceName;
public class ServiceNameClone {
public static void main(String[] args) throws Exception {
ServiceName sn = new ServiceName("me@HERE");
if (sn.clone().getClass() != ServiceName.class) {
throw new Exception("ServiceName's clone is not a ServiceName");
}
if (!sn.clone().equals(sn)) {
throw new Exception("ServiceName's clone changed");
}
}
}
......@@ -606,9 +606,8 @@ public class KDC {
TGSReq tgsReq = new TGSReq(in);
PrincipalName service = tgsReq.reqBody.sname;
if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(),
(int)options.get(KDC.Option.RESP_NT));
service.setRealm(service.getRealm());
service = new PrincipalName((int)options.get(KDC.Option.RESP_NT),
service.getNameStrings(), service.getRealm());
}
try {
System.out.println(realm + "> " + tgsReq.reqBody.cname +
......@@ -632,7 +631,6 @@ public class KDC {
EncryptedData ed = apReq.authenticator;
tkt = apReq.ticket;
int te = tkt.encPart.getEType();
tkt.sname.setRealm(tkt.realm);
EncryptionKey kkey = keyForUser(tkt.sname, te, true);
byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
DerInputStream derIn = new DerInputStream(bb);
......@@ -693,7 +691,6 @@ public class KDC {
EncTicketPart enc = new EncTicketPart(
tFlags,
key,
etp.crealm,
etp.cname,
new TransitedEncoding(1, new byte[0]), // TODO
new KerberosTime(new Date()),
......@@ -709,7 +706,6 @@ public class KDC {
throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
}
Ticket t = new Ticket(
body.crealm,
service,
new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
);
......@@ -725,7 +721,6 @@ public class KDC {
new KerberosTime(new Date()),
body.from,
till, body.rtime,
body.crealm,
service,
body.addresses != null // always set caddr
? body.addresses
......@@ -734,7 +729,6 @@ public class KDC {
);
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
TGSRep tgsRep = new TGSRep(null,
etp.crealm,
etp.cname,
t,
edata);
......@@ -756,8 +750,8 @@ public class KDC {
new KerberosTime(new Date()),
0,
ke.returnCode(),
body.crealm, body.cname,
new Realm(getRealm()), service,
body.cname,
service,
KrbException.errorMessage(ke.returnCode()),
null);
}
......@@ -780,7 +774,6 @@ public class KDC {
if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(),
(int)options.get(KDC.Option.RESP_NT));
service.setRealm(service.getRealm());
}
try {
System.out.println(realm + "> " + asReq.reqBody.cname +
......@@ -788,7 +781,6 @@ public class KDC {
service);
KDCReqBody body = asReq.reqBody;
body.cname.setRealm(getRealm());
eTypes = KDCReqBodyDotEType(body);
int eType = eTypes[0];
......@@ -971,7 +963,6 @@ public class KDC {
EncTicketPart enc = new EncTicketPart(
tFlags,
key,
body.crealm,
body.cname,
new TransitedEncoding(1, new byte[0]),
new KerberosTime(new Date()),
......@@ -980,7 +971,6 @@ public class KDC {
body.addresses,
null);
Ticket t = new Ticket(
body.crealm,
service,
new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET)
);
......@@ -996,14 +986,12 @@ public class KDC {
new KerberosTime(new Date()),
body.from,
till, body.rtime,
body.crealm,
service,
body.addresses
);
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART);
ASRep asRep = new ASRep(
outPAs.toArray(new PAData[outPAs.size()]),
body.crealm,
body.cname,
t,
edata);
......@@ -1024,7 +1012,6 @@ public class KDC {
asRep.encKDCRepPart = enc_part;
sun.security.krb5.internal.ccache.Credentials credentials =
new sun.security.krb5.internal.ccache.Credentials(asRep);
asReq.reqBody.cname.setRealm(getRealm());
CredentialsCache cache =
CredentialsCache.create(asReq.reqBody.cname, ccache);
if (cache == null) {
......@@ -1059,8 +1046,8 @@ public class KDC {
new KerberosTime(new Date()),
0,
ke.returnCode(),
body.crealm, body.cname,
new Realm(getRealm()), service,
body.cname,
service,
KrbException.errorMessage(ke.returnCode()),
eData);
}
......
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6966259
* @summary Make PrincipalName and Realm immutable
* @run main/othervm Constructors
*/
import java.util.Arrays;
import sun.security.krb5.*;
public class Constructors {
public static void main(String[] args) throws Exception {
int type;
boolean testNoDefaultDomain;
// Part 1: on format
// Good ones
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R", "R", "a");
checkName("a@R2", type, "R", "R", "a");
checkName("a/b", type, "R", "R", "a", "b");
checkName("a/b@R2", type, "R", "R", "a", "b");
checkName("a/b/c", type, "R", "R", "a", "b", "c");
checkName("a/b/c@R2", type, "R", "R", "a", "b", "c");
// Weird ones
checkName("a\\/b", type, "R", "R", "a/b");
checkName("a\\/b\\/c", type, "R", "R", "a/b/c");
checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2");
// Bad ones
checkName("a", type, "", null);
checkName("a/", type, "R", null);
checkName("/a", type, "R", null);
checkName("a//b", type, "R", null);
checkName("a@", type, null, null);
type = PrincipalName.KRB_NT_SRV_HST;
// Part 2: on realm choices
// When there is no default realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") + "/empty.conf");
Config.refresh();
// A Windows client login to AD always has a default realm
try {
Realm r = Realm.getDefault();
System.out.println("testNoDefaultDomain = false. Realm is " + r);
testNoDefaultDomain = false;
} catch (RealmException re) {
// Great. This is what we expected
testNoDefaultDomain = true;
}
if (testNoDefaultDomain) {
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, null); // fail if none
checkName("a/b@R1", type, null, "R1", "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
// Let's pray "b.h" won't be canonicalized
checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r
checkName("a/b.h", type, null, null); // fail if none
}
// When there is default realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") + "/krb5.conf");
Config.refresh();
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, "R", "a"); // default
checkName("a/b", type, null, "R", "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r
checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map
checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map
checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map
checkName("a/b.h", type, null, "R", "a", "b.h"); // default
}
// Check if the creation matches the expected output.
// Note: realm == null means creation failure
static void checkName(String n, int t, String s,
String realm, String... parts)
throws Exception {
PrincipalName pn = null;
try {
pn = new PrincipalName(n, t, s);
} catch (Exception e) {
if (realm == null) {
return; // This is expected
} else {
throw e;
}
}
if (!pn.getRealmAsString().equals(realm)
|| !Arrays.equals(pn.getNameStrings(), parts)) {
throw new Exception(pn.toString() + " vs "
+ Arrays.toString(parts) + "@" + realm);
}
}
}
[libdefaults]
dns_fallback = false
[libdefaults]
default_realm = R
[realms]
R = {
kdc = kdc
}
[domain_realm]
.h2 = R2
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册