1 /* |
1 /* |
2 * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
29 * Copyright 1997 The Open Group Research Institute. All rights reserved. |
29 * Copyright 1997 The Open Group Research Institute. All rights reserved. |
30 */ |
30 */ |
31 |
31 |
32 package sun.security.krb5; |
32 package sun.security.krb5; |
33 |
33 |
34 import sun.security.util.*; |
|
35 import sun.security.krb5.EncryptionKey; |
|
36 import sun.security.krb5.internal.*; |
34 import sun.security.krb5.internal.*; |
37 import sun.security.krb5.internal.crypto.*; |
35 import sun.security.krb5.internal.crypto.*; |
38 import java.io.IOException; |
36 import java.io.IOException; |
39 import java.net.UnknownHostException; |
37 import java.net.UnknownHostException; |
40 import java.util.StringTokenizer; |
|
41 import java.io.InterruptedIOException; |
|
42 |
38 |
43 /** |
39 /** |
44 * This class encapsulates a Kerberos TGS-REQ that is sent from the |
40 * This class encapsulates a Kerberos TGS-REQ that is sent from the |
45 * client to the KDC. |
41 * client to the KDC. |
46 */ |
42 */ |
47 public class KrbTgsReq extends KrbKdcReq { |
43 public class KrbTgsReq { |
48 |
44 |
49 private PrincipalName princName; |
45 private PrincipalName princName; |
50 private PrincipalName servName; |
46 private PrincipalName servName; |
51 private TGSReq tgsReqMessg; |
47 private TGSReq tgsReqMessg; |
52 private KerberosTime ctime; |
48 private KerberosTime ctime; |
54 private boolean useSubkey = false; |
50 private boolean useSubkey = false; |
55 EncryptionKey tgsReqKey; |
51 EncryptionKey tgsReqKey; |
56 |
52 |
57 private static final boolean DEBUG = Krb5.DEBUG; |
53 private static final boolean DEBUG = Krb5.DEBUG; |
58 |
54 |
59 private int defaultTimeout = 30*1000; // 30 seconds |
55 private byte[] obuf; |
|
56 private byte[] ibuf; |
60 |
57 |
61 // Used in CredentialsUtil |
58 // Used in CredentialsUtil |
62 public KrbTgsReq(Credentials asCreds, |
59 public KrbTgsReq(Credentials asCreds, |
63 PrincipalName sname) |
60 PrincipalName sname) |
64 throws KrbException, IOException { |
61 throws KrbException, IOException { |
180 /** |
177 /** |
181 * Sends a TGS request to the realm of the target. |
178 * Sends a TGS request to the realm of the target. |
182 * @throws KrbException |
179 * @throws KrbException |
183 * @throws IOException |
180 * @throws IOException |
184 */ |
181 */ |
185 public String send() throws IOException, KrbException { |
182 public void send() throws IOException, KrbException { |
186 String realmStr = null; |
183 String realmStr = null; |
187 if (servName != null) |
184 if (servName != null) |
188 realmStr = servName.getRealmString(); |
185 realmStr = servName.getRealmString(); |
189 return (send(realmStr)); |
186 KdcComm comm = new KdcComm(realmStr); |
|
187 ibuf = comm.send(obuf); |
190 } |
188 } |
191 |
189 |
192 public KrbTgsRep getReply() |
190 public KrbTgsRep getReply() |
193 throws KrbException, IOException { |
191 throws KrbException, IOException { |
194 return new KrbTgsRep(ibuf, this); |
192 return new KrbTgsRep(ibuf, this); |
199 * Used in Credentials, KrbCred, and internal/CredentialsUtil. |
197 * Used in Credentials, KrbCred, and internal/CredentialsUtil. |
200 */ |
198 */ |
201 public Credentials sendAndGetCreds() throws IOException, KrbException { |
199 public Credentials sendAndGetCreds() throws IOException, KrbException { |
202 KrbTgsRep tgs_rep = null; |
200 KrbTgsRep tgs_rep = null; |
203 String kdc = null; |
201 String kdc = null; |
204 try { |
202 send(); |
205 kdc = send(); |
203 tgs_rep = getReply(); |
206 tgs_rep = getReply(); |
|
207 } catch (KrbException ke) { |
|
208 if (ke.returnCode() == Krb5.KRB_ERR_RESPONSE_TOO_BIG) { |
|
209 // set useTCP and retry |
|
210 send(servName.getRealmString(), kdc, true); |
|
211 tgs_rep = getReply(); |
|
212 } else { |
|
213 throw ke; |
|
214 } |
|
215 } |
|
216 return tgs_rep.getCreds(); |
204 return tgs_rep.getCreds(); |
217 } |
205 } |
218 |
206 |
219 KerberosTime getCtime() { |
207 KerberosTime getCtime() { |
220 return ctime; |
208 return ctime; |
238 EncryptionKey subKey) |
226 EncryptionKey subKey) |
239 throws Asn1Exception, IOException, KdcErrException, KrbApErrException, |
227 throws Asn1Exception, IOException, KdcErrException, KrbApErrException, |
240 UnknownHostException, KrbCryptoException { |
228 UnknownHostException, KrbCryptoException { |
241 KerberosTime req_till = null; |
229 KerberosTime req_till = null; |
242 if (till == null) { |
230 if (till == null) { |
243 req_till = new KerberosTime(); |
231 req_till = new KerberosTime(0); |
244 } else { |
232 } else { |
245 req_till = till; |
233 req_till = till; |
246 } |
234 } |
247 |
235 |
248 /* |
236 /* |