65 final class GssKrb5Server extends GssKrb5Base implements SaslServer { |
65 final class GssKrb5Server extends GssKrb5Base implements SaslServer { |
66 private static final String MY_CLASS_NAME = GssKrb5Server.class.getName(); |
66 private static final String MY_CLASS_NAME = GssKrb5Server.class.getName(); |
67 |
67 |
68 private int handshakeStage = 0; |
68 private int handshakeStage = 0; |
69 private String peer; |
69 private String peer; |
|
70 private String me; |
70 private String authzid; |
71 private String authzid; |
71 private CallbackHandler cbh; |
72 private CallbackHandler cbh; |
72 |
73 |
|
74 // When serverName is null, the server will be unbound. We need to save and |
|
75 // check the protocol name after the context is established. This value |
|
76 // will be null if serverName is not null. |
|
77 private final String protocolSaved; |
73 /** |
78 /** |
74 * Creates a SASL mechanism with server credentials that it needs |
79 * Creates a SASL mechanism with server credentials that it needs |
75 * to participate in GSS-API/Kerberos v5 authentication exchange |
80 * to participate in GSS-API/Kerberos v5 authentication exchange |
76 * with the client. |
81 * with the client. |
77 */ |
82 */ |
79 Map<String, ?> props, CallbackHandler cbh) throws SaslException { |
84 Map<String, ?> props, CallbackHandler cbh) throws SaslException { |
80 |
85 |
81 super(props, MY_CLASS_NAME); |
86 super(props, MY_CLASS_NAME); |
82 |
87 |
83 this.cbh = cbh; |
88 this.cbh = cbh; |
84 String service = protocol + "@" + serverName; |
89 |
|
90 String service; |
|
91 if (serverName == null) { |
|
92 protocolSaved = protocol; |
|
93 service = null; |
|
94 } else { |
|
95 protocolSaved = null; |
|
96 service = protocol + "@" + serverName; |
|
97 } |
85 |
98 |
86 logger.log(Level.FINE, "KRB5SRV01:Using service name: {0}", service); |
99 logger.log(Level.FINE, "KRB5SRV01:Using service name: {0}", service); |
87 |
100 |
88 try { |
101 try { |
89 GSSManager mgr = GSSManager.getInstance(); |
102 GSSManager mgr = GSSManager.getInstance(); |
90 |
103 |
91 // Create the name for the requested service entity for Krb5 mech |
104 // Create the name for the requested service entity for Krb5 mech |
92 GSSName serviceName = mgr.createName(service, |
105 GSSName serviceName = service == null ? null: |
93 GSSName.NT_HOSTBASED_SERVICE, KRB5_OID); |
106 mgr.createName(service, GSSName.NT_HOSTBASED_SERVICE, KRB5_OID); |
94 |
107 |
95 GSSCredential cred = mgr.createCredential(serviceName, |
108 GSSCredential cred = mgr.createCredential(serviceName, |
96 GSSCredential.INDEFINITE_LIFETIME, |
109 GSSCredential.INDEFINITE_LIFETIME, |
97 KRB5_OID, GSSCredential.ACCEPT_ONLY); |
110 KRB5_OID, GSSCredential.ACCEPT_ONLY); |
98 |
111 |
161 |
174 |
162 if (secCtx.isEstablished()) { |
175 if (secCtx.isEstablished()) { |
163 handshakeStage = 1; |
176 handshakeStage = 1; |
164 |
177 |
165 peer = secCtx.getSrcName().toString(); |
178 peer = secCtx.getSrcName().toString(); |
166 |
179 me = secCtx.getTargName().toString(); |
167 logger.log(Level.FINE, "KRB5SRV05:Peer name is : {0}", peer); |
180 |
|
181 logger.log(Level.FINE, |
|
182 "KRB5SRV05:Peer name is : {0}, my name is : {1}", |
|
183 new Object[]{peer, me}); |
|
184 |
|
185 // me might take the form of proto@host or proto/host |
|
186 if (protocolSaved != null && |
|
187 !protocolSaved.equalsIgnoreCase(me.split("[/@]")[0])) { |
|
188 throw new SaslException( |
|
189 "GSS context targ name protocol error: " + me); |
|
190 } |
168 |
191 |
169 if (gssOutToken == null) { |
192 if (gssOutToken == null) { |
170 return doHandshake1(EMPTY); |
193 return doHandshake1(EMPTY); |
171 } |
194 } |
172 } |
195 } |