Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4632785

File based Kerberos ticket caches always use big-endian integers

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P3 P3
    • None
    • 1.4.0
    • security-libs



      Name: nt126004 Date: 02/04/2002


      FULL PRODUCT VERSION :
      java version "1.4.0-beta3"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta3-b84)
      Java HotSpot(TM) Client VM (build 1.4.0-beta3-b84, mixed mode)


      FULL OPERATING SYSTEM VERSION :
      Microsoft Windows 2000 [Version 5.00.2195]

      ADDITIONAL OPERATING SYSTEMS :
      The same problem must occur on all Windows versions


      A DESCRIPTION OF THE PROBLEM :
      The code that reads and writes file-based Kerberos ticket
      caches assumes that integers will always be big-endian.
      But on Intel systems, valid MIT-format ticket caches always
      use little-endian integers. As a result, JRE beta 1.4.0
      can neither read nor write valid Kerberos ticket caches on
      any Windows system.

      Here's some code that will write a ticket cache. Take the
      resulting cache and compare it (in a hex editor) to one
      created by (e.g.) the MIT Kerberos client for Windows, and
      you'll see what I mean.

      By the way, the JRE makes it _much_ harder than it should
      be to write out a ticket cache.

      String Username = "user";
      String Password = "password";
      SetSystemProperty("java.security.krb5.conf",
          System.getProperty("user.home") + File.separator +
          ".java" + File.separator + "krb5.ini");
      SetSystemProperty("KRB5CCNAME","FILE:" +
          System.getProperty("user.home") +
          File.separator + ".java" +
          File.separator + "krb5cc");
      PrincipalName principal = new PrincipalName(Username,
      PrincipalName.KRB_NT_PRINCIPAL);
      EncryptionKey encKey = new EncryptionKeyPassword,principal.getSalt());
      KrbAsReq request = new KrbAsReq(principal,encKey);
      request.send();
      KrbAsRep reply = request.getReply(encKey);
      sun.security.krb5.internal.ccache.av credblob = reply.setCredentials();
      sun.security.krb5.internal.ccache.ap cache =
      sun.security.krb5.internal.ccache.ap.a(principal,
      System.getProperty("KRB5CCNAME"));
      if (cache == null) {
          cache = sun.security.krb5.internal.ccache.ap.b
              (principal,System.getProperty("KRB5CCNAME"));
      }
      cache.a(credblob);
      cache.d();


      This bug can be reproduced always.
      (Review ID: 138622)
      ======================================================================

            Unassigned Unassigned
            nthompsosunw Nathanael Thompson (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: