|
Home > Archive > Apache Directory Project > November 2007 > [kerberos] Potential problem in AuthenticationServiceChain
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[kerberos] Potential problem in AuthenticationServiceChain
|
|
| Emmanuel Lecharny 2007-10-31, 1:11 pm |
| Hi,
I'm looking again in the AuthenticationServiceChain (which has been
removed in bigbang branch), and I see this code :
public class VerifyEncryptedTimestamp extends VerifierBase
{
/** the log for this class */
private static final Logger log = LoggerFactory.getLogger(
VerifyEncryptedTimestamp.class );
public void execute( NextCommand next, IoSession session, Object
message ) throws Exception
{
AuthenticationContext authContext = ( AuthenticationContext )
session.getAttribute( getContextKey() );
if ( authContext.getClientKey() != null )
{
next.execute( session, message );
}
log.debug( "Verifying using encrypted timestamp." );
KdcConfiguration config = authContext.getConfig();
....
authContext.setClientKey( clientKey );
authContext.setPreAuthenticated( true );
if ( log.isDebugEnabled() )
{
log.debug( "Pre-authentication by encrypted timestamp
successful for {}.", clientName );
}
next.execute( session, message );
}
As one can see, the next.execute() method is called twice if the
authContext.getClientKey() is not null.
Should I presume that the method should return immediatly in tis case
instead of going through all the following code ? Something like :
public void execute( NextCommand next, IoSession session, Object
message ) throws Exception
{
AuthenticationContext authContext = ( AuthenticationContext )
session.getAttribute( getContextKey() );
if ( authContext.getClientKey() != null )
{
next.execute( session, message );
return;
}
....
Thanks.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
| |
| Enrique Rodriguez 2007-11-04, 1:11 am |
| On 10/31/07, Emmanuel Lecharny <elecharny-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> ...
> I'm looking again in the AuthenticationServiceChain (which has been
> removed in bigbang branch), and I see this code :
> ...
> As one can see, the next.execute() method is called twice if the
> authContext.getClientKey() is not null.
>
> Should I presume that the method should return immediatly in tis case
> instead of going through all the following code ? Something like :
> ...
> if ( authContext.getClientKey() != null )
> {
> next.execute( session, message );
> return;
> }
> ...
Yes, definitely.
Enrique
|
|
|
|
|