directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject directory-kerby git commit: DIRKRB-731 - RC4-HMAC encrytion type doesn't work
Date Mon, 07 Jan 2019 12:38:16 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/1.1.x-fixes d8621e72f -> d86fc5a26


DIRKRB-731 - RC4-HMAC encrytion type doesn't work


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d86fc5a2
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d86fc5a2
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d86fc5a2

Branch: refs/heads/1.1.x-fixes
Commit: d86fc5a2677f4d3457bf9351e39eb2a368fe613e
Parents: d8621e7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jan 7 12:32:40 2019 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jan 7 12:33:07 2019 +0000

----------------------------------------------------------------------
 .../kerberos/kerb/common/EncryptionUtil.java    | 25 ++++++++++-------
 .../kerb/server/KeytabArcFourMd5LoginTest.java  | 28 ++++++++++++++++++--
 .../kerby/kerberos/kerb/keytab/Keytab.java      |  8 ++++++
 3 files changed, 50 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d86fc5a2/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
index 777e5a4..9b10763 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
@@ -117,9 +117,19 @@ public class EncryptionUtil {
 
     public static EncryptionType getBestEncryptionType(List<EncryptionType> requestedTypes,
                                                        List<EncryptionType> configuredTypes)
{
-        for (EncryptionType encryptionType : configuredTypes) {
-            if (requestedTypes.contains(encryptionType)) {
-                return encryptionType;
+        for (EncryptionType configuredType : configuredTypes) {
+            if (requestedTypes.contains(configuredType)) {
+                return configuredType;
+            }
+        }
+
+        // Maybe we have a different encryption name configured for the same type
+        for (EncryptionType configuredType : configuredTypes) {
+            int configuredTypeValue = configuredType.getValue();
+            for (EncryptionType requestedType : requestedTypes) {
+                if (configuredTypeValue == requestedType.getValue()) {
+                    return requestedType;
+                }
             }
         }
 
@@ -129,8 +139,7 @@ public class EncryptionUtil {
     public static EncryptedData seal(Asn1Encodeable asn1Type,
                                      EncryptionKey key, KeyUsage usage) throws KrbException
{
         byte[] encoded = KrbCodec.encode(asn1Type);
-        EncryptedData encrypted = EncryptionHandler.encrypt(encoded, key, usage);
-        return encrypted;
+        return EncryptionHandler.encrypt(encoded, key, usage);
     }
 
     public static <T extends Asn1Type> T unseal(EncryptedData encrypted, EncryptionKey
key,
@@ -142,14 +151,12 @@ public class EncryptionUtil {
     public static byte[] encrypt(EncryptionKey key,
           byte[] plaintext, KeyUsage usage) throws KrbException {
         EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
-        byte[] cipherData = encType.encrypt(plaintext, key.getKeyData(), usage.getValue());
-        return cipherData;
+        return encType.encrypt(plaintext, key.getKeyData(), usage.getValue());
     }
 
     public static byte[] decrypt(EncryptionKey key,
            byte[] cipherData, KeyUsage usage) throws KrbException {
         EncTypeHandler encType = EncryptionHandler.getEncHandler(key.getKeyType());
-        byte[] plainData = encType.decrypt(cipherData, key.getKeyData(), usage.getValue());
-        return plainData;
+        return encType.decrypt(cipherData, key.getKeyData(), usage.getValue());
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d86fc5a2/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
index c6c11d7..dd05de1 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
@@ -37,7 +37,7 @@ public class KeytabArcFourMd5LoginTest extends LoginTestBase {
     @Override
     protected void setUpKdcServer() throws Exception {
         KdcConfig config = new KdcConfig();
-        config.setString(KdcConfigKey.ENCRYPTION_TYPES, "arcfour-hmac");
+        config.setString(KdcConfigKey.ENCRYPTION_TYPES, "arcfour-hmac rc4-hmac");
         SimpleKdcServer kdcServer = new TestKdcServer(allowTcp(), allowUdp(), config, new
BackendConfig());
         super.setKdcServer(kdcServer);
 
@@ -49,7 +49,7 @@ public class KeytabArcFourMd5LoginTest extends LoginTestBase {
     }
 
     @Test
-    public void testLogin() throws Exception {
+    public void testLoginARCFOURHMAC() throws Exception {
         KrbClient client = super.getKrbClient();
         client.getKrbConfig().setString(KrbConfigKey.PERMITTED_ENCTYPES, "arcfour-hmac");
 
@@ -71,4 +71,28 @@ public class KeytabArcFourMd5LoginTest extends LoginTestBase {
         keytab.delete();
 
     }
+
+    @Test
+    public void testLoginRC4HMAC() throws Exception {
+        KrbClient client = super.getKrbClient();
+        client.getKrbConfig().setString(KrbConfigKey.PERMITTED_ENCTYPES, "rc4-hmac");
+
+        KOptions requestOptions = new KOptions();
+        requestOptions.add(KrbOption.CLIENT_PRINCIPAL, getClientPrincipal());
+        requestOptions.add(KrbOption.USE_KEYTAB, true);
+
+        File keytab = new File(getTestDir(), "test-client.keytab");
+        requestOptions.add(KrbOption.KEYTAB_FILE, keytab);
+
+        getKdcServer().exportPrincipal(getClientPrincipal(), keytab);
+
+        TgtTicket tgt = client.requestTgt(requestOptions);
+        assertThat(tgt).isNotNull();
+
+        SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal());
+        assertThat(tkt).isNotNull();
+
+        keytab.delete();
+
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d86fc5a2/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
index 52e15d9..6364190 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
@@ -130,6 +130,14 @@ public final class Keytab implements KrbKeytab {
             }
         }
 
+        // Maybe we have a key stored under a different name for the same type
+        int keyTypeValue = keyType.getValue();
+        for (KeytabEntry ke : entries) {
+            if (keyTypeValue == ke.getKey().getKeyType().getValue()) {
+                return ke.getKey();
+            }
+        }
+
         return null;
     }
 


Mime
View raw message