diff options
Diffstat (limited to 'src/share/classes/sun/security/jgss/krb5/SubjectComber.java')
-rw-r--r-- | src/share/classes/sun/security/jgss/krb5/SubjectComber.java | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/src/share/classes/sun/security/jgss/krb5/SubjectComber.java b/src/share/classes/sun/security/jgss/krb5/SubjectComber.java index a7100f07c9..1bc1bf7d62 100644 --- a/src/share/classes/sun/security/jgss/krb5/SubjectComber.java +++ b/src/share/classes/sun/security/jgss/krb5/SubjectComber.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ package sun.security.jgss.krb5; +import sun.security.krb5.KerberosSecrets; + import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.Subject; @@ -182,24 +184,45 @@ class SubjectComber { } } else { + KerberosPrincipal serverAlias = KerberosSecrets + .getJavaxSecurityAuthKerberosAccess() + .kerberosTicketGetServerAlias(ticket); if (serverPrincipal == null || - ticket.getServer().getName().equals(serverPrincipal)) { - + ticket.getServer().getName().equals(serverPrincipal) || + (serverAlias != null && + serverPrincipal.equals( + serverAlias.getName()))) { + KerberosPrincipal clientAlias = KerberosSecrets + .getJavaxSecurityAuthKerberosAccess() + .kerberosTicketGetClientAlias(ticket); if (clientPrincipal == null || clientPrincipal.equals( - ticket.getClient().getName())) { + ticket.getClient().getName()) || + (clientAlias != null && + clientPrincipal.equals( + clientAlias.getName()))) { if (oneOnly) { return ticket; } else { // Record names so that tickets will // all belong to same principals if (clientPrincipal == null) { - clientPrincipal = - ticket.getClient().getName(); + if (clientAlias == null) { + clientPrincipal = + ticket.getClient().getName(); + } else { + clientPrincipal = + clientAlias.getName(); + } } if (serverPrincipal == null) { - serverPrincipal = - ticket.getServer().getName(); + if (serverAlias == null) { + serverPrincipal = + ticket.getServer().getName(); + } else { + serverPrincipal = + serverAlias.getName(); + } } answer.add(credClass.cast(ticket)); } |