aboutsummaryrefslogtreecommitdiff
path: root/src/share/classes/sun/security/jgss/krb5/SubjectComber.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/share/classes/sun/security/jgss/krb5/SubjectComber.java')
-rw-r--r--src/share/classes/sun/security/jgss/krb5/SubjectComber.java39
1 files changed, 31 insertions, 8 deletions
diff --git a/src/share/classes/sun/security/jgss/krb5/SubjectComber.java b/src/share/classes/sun/security/jgss/krb5/SubjectComber.java
index a7100f07c9..1bc1bf7d62 100644
--- a/src/share/classes/sun/security/jgss/krb5/SubjectComber.java
+++ b/src/share/classes/sun/security/jgss/krb5/SubjectComber.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
package sun.security.jgss.krb5;
+import sun.security.krb5.KerberosSecrets;
+
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.Subject;
@@ -182,24 +184,45 @@ class SubjectComber {
}
} else {
+ KerberosPrincipal serverAlias = KerberosSecrets
+ .getJavaxSecurityAuthKerberosAccess()
+ .kerberosTicketGetServerAlias(ticket);
if (serverPrincipal == null ||
- ticket.getServer().getName().equals(serverPrincipal)) {
-
+ ticket.getServer().getName().equals(serverPrincipal) ||
+ (serverAlias != null &&
+ serverPrincipal.equals(
+ serverAlias.getName()))) {
+ KerberosPrincipal clientAlias = KerberosSecrets
+ .getJavaxSecurityAuthKerberosAccess()
+ .kerberosTicketGetClientAlias(ticket);
if (clientPrincipal == null ||
clientPrincipal.equals(
- ticket.getClient().getName())) {
+ ticket.getClient().getName()) ||
+ (clientAlias != null &&
+ clientPrincipal.equals(
+ clientAlias.getName()))) {
if (oneOnly) {
return ticket;
} else {
// Record names so that tickets will
// all belong to same principals
if (clientPrincipal == null) {
- clientPrincipal =
- ticket.getClient().getName();
+ if (clientAlias == null) {
+ clientPrincipal =
+ ticket.getClient().getName();
+ } else {
+ clientPrincipal =
+ clientAlias.getName();
+ }
}
if (serverPrincipal == null) {
- serverPrincipal =
- ticket.getServer().getName();
+ if (serverAlias == null) {
+ serverPrincipal =
+ ticket.getServer().getName();
+ } else {
+ serverPrincipal =
+ serverAlias.getName();
+ }
}
answer.add(credClass.cast(ticket));
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 11:18:52 +0000