Fabiano Tarlao created DIRKRB-692:
-------------------------------------
Summary: 1)sgtTicket clientPrincipal is not initialized +
2)KrbClient fails to store SGT ticket in cache file
Key: DIRKRB-692
URL: https://issues.apache.org/jira/browse/DIRKRB-692
Project: Directory Kerberos
Issue Type: Bug
Affects Versions: 1.1.0
Environment: Linux Mint 17.1 + Netbeans 8.1 with a Maven Project +
kerb-core 1.1.0
Reporter: Fabiano Tarlao
Two bugs that interact each other
h1. 1)
*SgtTicket*, returned by *KrbClient.requestSgt(..)*, has a _null_
*clientPrincipal* field (unassigned). Perhaps this is not mandatory but your
code assumes this property is populated (see later). I highly suggest to
populate this field.
I have wrote a workaround that overrides the *requestSgt* method and works for
the *USE_TGT* case:
{code:java}
@Override
public SgtTicket requestSgt(KOptions requestOptions) throws KrbException {
SgtTicket requestSgt = super.requestSgt(requestOptions);
TgtTicket tgt = (TgtTicket)
requestOptions.getOptionValue(KrbOption.USE_TGT);
if(tgt != null){
requestSgt.setClientPrincipal(tgt.getClientPrincipal());
}
return requestSgt;
}{code}
h1. 2)
Creating a new credential cache file when storing only one SGT (service ticket)
fails. (i.e., trying to create a new cache file containing only one SGT and no
TGT)
Invoking *KrbClient.storeTicket(sgtTicket, File)* fails for this reason (here
is the original code in *KrbClientBase* class, my comments in RED ):
{{public void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws
KrbException {}}
{{ LOG.info("Storing the sgt to the credential cache file.");}}
{{ if (!ccacheFile.exists()) {}}
{{ createCacheFile(ccacheFile);{color:#FF0000} //Correctly creates a
new file but...{color}}}
{{ }}}
{{ if (ccacheFile.exists() && ccacheFile.canWrite()) {}}
{{ CredentialCache cCache = new CredentialCache();}}
{{ try {}}
{{ cCache.load(ccacheFile);{color:#FF0000} //..this line
EXPLODES cause it tries to initialize from an empty file, the unexistent file
case is not managed correctly{color}}}
{{ cCache.addCredential(new Credential(sgtTicket,
sgtTicket.getClientPrincipal()));}}
{{ cCache.setPrimaryPrincipal(sgtTicket.getClientPrincipal());}}
{{ cCache.store(ccacheFile);}}
{{ } catch (IOException e) {}}
{{ throw new KrbException("Failed to store sgt", e);}}
{{ }}}
{{ } else {}}
{{ throw new IllegalArgumentException("Invalid ccache file, "}}
{{ + "not exist or writable: " +
ccacheFile.getAbsolutePath());}}
{{ }}}
{{}}}
Here follows my proposal/fix, this code correctly manages the MIT ccache file
creation for one SGT, please note that this fix assumes that bug 1 is already
fixed:
{{public static void storeTicket(SgtTicket sgtTicket, File ccacheFile) throws
KrbException {}}
{{ LOG.info("Storing the sgt to the credential cache file.");}}
{{ boolean isFreshNew = !ccacheFile.exists();}}
{{ if (isFreshNew) {}}
{{ createCacheFile(ccacheFile);}}
{{ }}}
{{ if (ccacheFile.exists() && ccacheFile.canWrite()) {}}
{{ }}
{{ try {}}
{{ CredentialCache cCache;}}
{{ if(!isFreshNew){}}
{{ cCache = new CredentialCache(sgtTicket);
{color:#FF0000}//This constructor sets also the cCache principal from sgtTicket
principal{color}}}
{{ cCache.load(ccacheFile);}}
{{ cCache.addCredential(new Credential(sgtTicket,
sgtTicket.getClientPrincipal()));}}
{{
cCache.setPrimaryPrincipal(sgtTicket.getClientPrincipal());}}
{{ } else {}}
{{ cCache = new CredentialCache(sgtTicket);}}
{{ }}}
{{ cCache.store(ccacheFile);}}
{{ } catch (IOException e) {}}
{{ throw new KrbException("Failed to store sgt", e);}}
{{ }}}
{{ } else {}}
{{ throw new IllegalArgumentException("Invalid ccache file, "}}
{{ + "not exist or writable: " +
ccacheFile.getAbsolutePath());}}
{{ }}}
{{ }}}
Please note that *YOUR CredentialCache contructor assumes the clientPrincipal
is populated* ;)
Hope useful,
regards
Fabiano
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
