changeset 7719:72c8e96b7c95

8031046: Native Windows ccache might still get unsupported ticket Reviewed-by: weijun, coffeys
author mbankal
date Wed, 06 Aug 2014 04:26:22 -0700
parents e337f936bd2b
children 05c60a78290a
files src/windows/native/sun/security/krb5/NativeCreds.c
diffstat 1 files changed, 15 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/windows/native/sun/security/krb5/NativeCreds.c	Wed Aug 06 12:42:25 2014 +0400
+++ b/src/windows/native/sun/security/krb5/NativeCreds.c	Wed Aug 06 04:26:22 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -397,7 +397,7 @@
     jobject ticketFlags, startTime, endTime, krbCreds = NULL;
     jobject authTime, renewTillTime, hostAddresses = NULL;
     KERB_EXTERNAL_TICKET *msticket;
-    int found_in_cache = 0;
+    int found = 0;
     FILETIME Now, EndTime, LocalEndTime;
 
     int i, netypes;
@@ -485,7 +485,7 @@
             if (CompareFileTime(&Now, &LocalEndTime) < 0) {
                 for (i=0; i<netypes; i++) {
                     if (etypes[i] == msticket->SessionKey.KeyType) {
-                        found_in_cache = 1;
+                        found = 1;
                         if (native_debug) {
                             printf("LSA: Valid etype found: %d\n", etypes[i]);
                         }
@@ -495,7 +495,7 @@
             }
         }
 
-        if (!found_in_cache) {
+        if (!found) {
             if (native_debug) {
                 printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
             }
@@ -538,6 +538,13 @@
 
                 // got the native MS Kerberos TGT
                 msticket = &(pTicketResponse->Ticket);
+                if (msticket->SessionKey.KeyType != etypes[i]) {
+                    if (native_debug) {
+                        printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
+                    }
+                    continue;
+                }
+                found = 1;
                 break;
             }
         }
@@ -590,6 +597,10 @@
             PUCHAR Value;
         } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY;
 
+        if (!found) {
+            break;
+        }
+
         */
         // Build a com.sun.security.krb5.Ticket
         ticket = BuildTicket(env, msticket->EncodedTicket,