[jira] [Updated] (DIRKRB-762) The AS request appears with an NPE when preauth_required is set to false

Tue, 20 Dec 2022 06:32:06 -0800 


     [ 
https://issues.apache.org/jira/browse/DIRKRB-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jichao Wang updated DIRKRB-762:
-------------------------------
    Attachment: kdc-npe.png

> The AS request appears with an NPE when preauth_required is set to false
> ------------------------------------------------------------------------
>
>                 Key: DIRKRB-762
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-762
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 2.0.0, 2.0.1, 2.0.2
>            Reporter: Jichao Wang
>            Priority: Major
>             Fix For: 2.0.3
>
>         Attachments: kdc-npe.png
>
>
> If change the value of preauth_required in the kdc.conf file to false, then 
> using the following code to access the KDC causes an NPE error.
> {code:java}
> // Run on JDK8 or JDK11
> public class Test {
>     public static void main(String[] args) throws Exception {
>         LoginContext lc = new LoginContext("SampleClient",
>                 new Subject(),
>                 null,
>                 new CustomConfiguration("had...@hadoop.com", 
> "/root/wjc/hadoop.keytab"));
>         lc.login();
>         System.out.println(lc.getSubject().toString());
>     }
> } {code}
> Here is a fix to the problem:
> {code:java}
> Index: 
> kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
> IDEA additional info:
> Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
> <+>UTF-8
> ===================================================================
> diff --git 
> a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
>  
> b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
> --- 
> a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
>     (revision 03784fcde8e94fedbe789606d2f328104c20b33f)
> +++ 
> b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
>     (date 1670208307220)
> @@ -678,11 +678,13 @@
>          }
>  
>          PaData preAuthData = request.getPaData();
> -        if (isPreauthRequired() && (preAuthData == null || 
> preAuthData.isEmpty())) {
> -            LOG.info("The preauth data is empty.");
> -            KrbError krbError = makePreAuthenticationError(kdcContext, 
> request,
> -                KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
> -            throw new KdcRecoverableException(krbError);
> +        if (isPreauthRequired()) {
> +            if (preAuthData == null || preAuthData.isEmpty()) {
> +                LOG.info("The preauth data is empty.");
> +                KrbError krbError = makePreAuthenticationError(kdcContext, 
> request,
> +                        KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED, false);
> +                throw new KdcRecoverableException(krbError);
> +            }
>          } else {
>              getPreauthHandler().verify(this, preAuthData);
>          }
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to