--- a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java Sun Aug 02 01:39:18 2015 +0300
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/KrbCred.java Mon Aug 03 09:25:02 2015 +0800
@@ -34,8 +34,6 @@
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import java.io.IOException;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
import sun.security.util.DerValue;
@@ -65,7 +63,6 @@
PrincipalName client = tgt.getClient();
PrincipalName tgService = tgt.getServer();
- PrincipalName server = serviceTicket.getServer();
if (!serviceTicket.getClient().equals(client))
throw new KrbException(Krb5.KRB_ERR_GENERIC,
"Client principal does not match");
@@ -78,28 +75,10 @@
options.set(KDCOptions.FORWARDED, true);
options.set(KDCOptions.FORWARDABLE, true);
- HostAddresses sAddrs = null;
-
- // GSSName.NT_HOSTBASED_SERVICE should display with KRB_NT_SRV_HST
- if (server.getNameType() == PrincipalName.KRB_NT_SRV_HST) {
- sAddrs = new HostAddresses(server);
- } else if (server.getNameType() == PrincipalName.KRB_NT_UNKNOWN) {
- // Sometimes this is also a server
- if (server.getNameStrings().length >= 2) {
- String host = server.getNameStrings()[1];
- try {
- InetAddress[] addr = InetAddress.getAllByName(host);
- if (addr != null && addr.length > 0) {
- sAddrs = new HostAddresses(addr);
- }
- } catch (UnknownHostException ioe) {
- // maybe we guessed wrong, let sAddrs be null
- }
- }
- }
-
KrbTgsReq tgsReq = new KrbTgsReq(options, tgt, tgService,
- null, null, null, null, sAddrs, null, null, null);
+ null, null, null, null,
+ null, // No easy way to get addresses right
+ null, null, null);
credMessg = createMessage(tgsReq.sendAndGetCreds(), key);
obuf = credMessg.asn1Encode();
@@ -111,7 +90,6 @@
EncryptionKey sessionKey
= delegatedCreds.getSessionKey();
PrincipalName princ = delegatedCreds.getClient();
- Realm realm = princ.getRealm();
PrincipalName tgService = delegatedCreds.getServer();
KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
--- a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java Sun Aug 02 01:39:18 2015 +0300
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddress.java Mon Aug 03 09:25:02 2015 +0800
@@ -39,6 +39,7 @@
import java.net.Inet6Address;
import java.net.UnknownHostException;
import java.io.IOException;
+import java.util.Arrays;
/**
* Implements the ASN.1 HostAddress type.
@@ -295,4 +296,11 @@
}
}
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ sb.append(Arrays.toString(address));
+ sb.append('(').append(addrType).append(')');
+ return sb.toString();
+ }
}
--- a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java Sun Aug 02 01:39:18 2015 +0300
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/internal/HostAddresses.java Mon Aug 03 09:25:02 2015 +0800
@@ -338,4 +338,9 @@
for (int i = 0; i < inetAddresses.length; i++)
addresses[i] = new HostAddress(inetAddresses[i]);
}
+
+ @Override
+ public String toString() {
+ return Arrays.toString(addresses);
+ }
}
--- a/jdk/test/sun/security/krb5/auto/KDC.java Sun Aug 02 01:39:18 2015 +0300
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Mon Aug 03 09:25:02 2015 +0800
@@ -745,9 +745,10 @@
bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
}
}
+ // We do not request for addresses for FORWARDED tickets
if (options.containsKey(Option.CHECK_ADDRESSES)
&& body.kdcOptions.get(KDCOptions.FORWARDED)
- && body.addresses == null) {
+ && body.addresses != null) {
throw new KrbException(Krb5.KDC_ERR_BADOPTION);
}
if (body.kdcOptions.get(KDCOptions.FORWARDED) ||