6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ with pre-authentication
Reviewed-by: valeriep
--- a/jdk/src/share/classes/sun/security/krb5/KrbAsReq.java Mon May 24 09:37:16 2010 +0800
+++ b/jdk/src/share/classes/sun/security/krb5/KrbAsReq.java Mon May 24 10:05:04 2010 +0800
@@ -1,5 +1,5 @@
/*
- * Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
+ * Portions Copyright 2000-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -344,16 +344,13 @@
princName = cname;
EncryptionKey key = null;
- int[] tktETypes = null;
+ int[] tktETypes = EType.getDefaults("default_tkt_enctypes");
if (pa_exists && pa_etype != EncryptedData.ETYPE_NULL) {
if (DEBUG) {
System.out.println("Pre-Authenticaton: find key for etype = " + pa_etype);
}
key = EncryptionKey.findKey(pa_etype, keys);
- tktETypes = new int[1];
- tktETypes[0] = pa_etype;
} else {
- tktETypes = EType.getDefaults("default_tkt_enctypes", keys);
key = EncryptionKey.findKey(tktETypes[0], keys);
}
--- a/jdk/test/sun/security/krb5/auto/KDC.java Mon May 24 09:37:16 2010 +0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Mon May 24 10:05:04 2010 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2009 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2008-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -740,6 +740,9 @@
Field f = KDCReqBody.class.getDeclaredField("eType");
f.setAccessible(true);
eTypes = (int[])f.get(body);
+ if (eTypes.length < 2) {
+ throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
+ }
int eType = eTypes[0];
EncryptionKey ckey = keyForUser(body.cname, eType, false);