예제 #1
0
  private static KerberosTicket getTgt(int caller, Krb5NameElement name, int initLifetime)
      throws GSSException {

    String realm = null;
    final String clientPrincipal, tgsPrincipal = null;

    /*
     * Find the TGT for the realm that the client is in. If the client
     * name is not available, then use the default realm.
     */
    if (name != null) {
      clientPrincipal = (name.getKrb5PrincipalName()).getName();
      realm = (name.getKrb5PrincipalName()).getRealmAsString();
    } else {
      clientPrincipal = null;
      try {
        Config config = Config.getInstance();
        realm = config.getDefaultRealm();
      } catch (KrbException e) {
        GSSException ge =
            new GSSException(
                GSSException.NO_CRED,
                -1,
                "Attempt to obtain INITIATE credentials failed!" + " (" + e.getMessage() + ")");
        ge.initCause(e);
        throw ge;
      }
    }

    final AccessControlContext acc = AccessController.getContext();

    try {
      final int realCaller = (caller == GSSUtil.CALLER_UNKNOWN) ? GSSUtil.CALLER_INITIATE : caller;
      return AccessController.doPrivileged(
          new PrivilegedExceptionAction<KerberosTicket>() {
            public KerberosTicket run() throws Exception {
              return Krb5Util.getTicket(realCaller, clientPrincipal, tgsPrincipal, acc);
            }
          });
    } catch (PrivilegedActionException e) {
      GSSException ge =
          new GSSException(
              GSSException.NO_CRED,
              -1,
              "Attempt to obtain new INITIATE credentials failed!" + " (" + e.getMessage() + ")");
      ge.initCause(e.getException());
      throw ge;
    }
  }
예제 #2
0
  static Krb5InitCredential getInstance(int caller, Krb5NameElement name, int initLifetime)
      throws GSSException {

    KerberosTicket tgt = getTgt(caller, name, initLifetime);
    if (tgt == null)
      throw new GSSException(GSSException.NO_CRED, -1, "Failed to find any Kerberos tgt");

    if (name == null) {
      String fullName = tgt.getClient().getName();
      name = Krb5NameElement.getInstance(fullName, Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
    }

    return new Krb5InitCredential(
        name,
        tgt.getEncoded(),
        tgt.getClient(),
        tgt.getServer(),
        tgt.getSessionKey().getEncoded(),
        tgt.getSessionKeyType(),
        tgt.getFlags(),
        tgt.getAuthTime(),
        tgt.getStartTime(),
        tgt.getEndTime(),
        tgt.getRenewTill(),
        tgt.getClientAddresses());
  }
예제 #3
0
  static Krb5InitCredential getInstance(Krb5NameElement name, Credentials delegatedCred)
      throws GSSException {

    EncryptionKey sessionKey = delegatedCred.getSessionKey();

    /*
     * all of the following data is optional in a KRB-CRED
     * messages. This check for each field.
     */

    PrincipalName cPrinc = delegatedCred.getClient();
    PrincipalName sPrinc = delegatedCred.getServer();

    KerberosPrincipal client = null;
    KerberosPrincipal server = null;

    Krb5NameElement credName = null;

    if (cPrinc != null) {
      String fullName = cPrinc.getName();
      credName = Krb5NameElement.getInstance(fullName, Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
      client = new KerberosPrincipal(fullName);
    }

    // XXX Compare name to credName

    if (sPrinc != null) {
      server = new KerberosPrincipal(sPrinc.getName(), KerberosPrincipal.KRB_NT_SRV_INST);
    }

    return new Krb5InitCredential(
        credName,
        delegatedCred,
        delegatedCred.getEncoded(),
        client,
        server,
        sessionKey.getBytes(),
        sessionKey.getEType(),
        delegatedCred.getFlags(),
        delegatedCred.getAuthTime(),
        delegatedCred.getStartTime(),
        delegatedCred.getEndTime(),
        delegatedCred.getRenewTill(),
        delegatedCred.getClientAddresses());
  }