806 Ticket tkt = null; |
806 Ticket tkt = null; |
807 EncTicketPart etp = null; |
807 EncTicketPart etp = null; |
808 |
808 |
809 PrincipalName cname = null; |
809 PrincipalName cname = null; |
810 boolean allowForwardable = true; |
810 boolean allowForwardable = true; |
811 |
811 boolean isReferral = false; |
812 if (body.kdcOptions.get(KDCOptions.CANONICALIZE)) { |
812 if (body.kdcOptions.get(KDCOptions.CANONICALIZE)) { |
|
813 System.out.println(realm + "> verifying referral for " + |
|
814 body.sname.getNameString()); |
813 KDC referral = aliasReferrals.get(body.sname.getNameString()); |
815 KDC referral = aliasReferrals.get(body.sname.getNameString()); |
814 if (referral != null) { |
816 if (referral != null) { |
815 service = new PrincipalName( |
817 service = new PrincipalName( |
816 PrincipalName.TGS_DEFAULT_SRV_NAME + |
818 PrincipalName.TGS_DEFAULT_SRV_NAME + |
817 PrincipalName.NAME_COMPONENT_SEPARATOR_STR + |
819 PrincipalName.NAME_COMPONENT_SEPARATOR_STR + |
818 referral.getRealm(), PrincipalName.KRB_NT_SRV_INST, |
820 referral.getRealm(), PrincipalName.KRB_NT_SRV_INST, |
819 this.getRealm()); |
821 this.getRealm()); |
|
822 System.out.println(realm + "> referral to " + |
|
823 referral.getRealm()); |
|
824 isReferral = true; |
820 } |
825 } |
821 } |
826 } |
822 |
827 |
823 if (pas == null || pas.length == 0) { |
828 if (pas == null || pas.length == 0) { |
824 throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP); |
829 throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP); |
916 bFlags[Krb5.TKT_OPTS_POSTDATED] = true; |
921 bFlags[Krb5.TKT_OPTS_POSTDATED] = true; |
917 } |
922 } |
918 if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) { |
923 if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) { |
919 bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true; |
924 bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true; |
920 } |
925 } |
921 if (body.kdcOptions.get(KDCOptions.CNAME_IN_ADDL_TKT)) { |
926 if (body.kdcOptions.get(KDCOptions.CNAME_IN_ADDL_TKT) && |
|
927 !isReferral) { |
922 if (!options.containsKey(Option.ALLOW_S4U2PROXY)) { |
928 if (!options.containsKey(Option.ALLOW_S4U2PROXY)) { |
923 // Don't understand CNAME_IN_ADDL_TKT |
929 // Don't understand CNAME_IN_ADDL_TKT |
924 throw new KrbException(Krb5.KDC_ERR_BADOPTION); |
930 throw new KrbException(Krb5.KDC_ERR_BADOPTION); |
925 } else { |
931 } else { |
926 Map<String,List<String>> map = (Map<String,List<String>>) |
932 Map<String,List<String>> map = (Map<String,List<String>>) |
1072 if (eTypes.length == 0) { |
1078 if (eTypes.length == 0) { |
1073 throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP); |
1079 throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP); |
1074 } |
1080 } |
1075 int eType = eTypes[0]; |
1081 int eType = eTypes[0]; |
1076 |
1082 |
1077 if (body.kdcOptions.get(KDCOptions.CANONICALIZE) && |
1083 if (body.kdcOptions.get(KDCOptions.CANONICALIZE)) { |
1078 body.cname.getNameType() == PrincipalName.KRB_NT_ENTERPRISE) { |
|
1079 PrincipalName principal = alias2Principals.get( |
1084 PrincipalName principal = alias2Principals.get( |
1080 body.cname.getNameString()); |
1085 body.cname.getNameString()); |
1081 if (principal != null) { |
1086 if (principal != null) { |
1082 body.cname = principal; |
1087 body.cname = principal; |
1083 } else { |
1088 } else { |