8227437: S4U2proxy cannot continue because server's TGT cannot be found

Reviewed-by: weijun
2025-09-22 12:04:39 +02:00 · 2019-07-17 12:26:56 -03:00 · 2019-07-17 12:26:56 -03:00 · 3cd50f2666
commit 3cd50f2666
parent 5fd772a6f1
23 changed files with 466 additions and 149 deletions
--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsReq.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsReq.java
@ -45,7 +45,9 @@ import java.util.Arrays;
 public class KrbTgsReq {

    private PrincipalName princName;
+    private PrincipalName clientAlias;
    private PrincipalName servName;
+    private PrincipalName serverAlias;
    private TGSReq tgsReqMessg;
    private KerberosTime ctime;
    private Ticket secondTicket = null;
@ -59,13 +61,16 @@ public class KrbTgsReq {

    // Used in CredentialsUtil
    public KrbTgsReq(KDCOptions options, Credentials asCreds,
-            PrincipalName cname, PrincipalName sname,
+            PrincipalName cname, PrincipalName clientAlias,
+            PrincipalName sname, PrincipalName serverAlias,
            Ticket[] additionalTickets, PAData[] extraPAs)
        throws KrbException, IOException {
        this(options,
             asCreds,
             cname,
+             clientAlias,
             sname,
+             serverAlias,
             null, // KerberosTime from
             null, // KerberosTime till
             null, // KerberosTime rtime
@ -82,6 +87,7 @@ public class KrbTgsReq {
            KDCOptions options,
            Credentials asCreds,
            PrincipalName sname,
+            PrincipalName serverAlias,
            KerberosTime from,
            KerberosTime till,
            KerberosTime rtime,
@ -90,16 +96,18 @@ public class KrbTgsReq {
            AuthorizationData authorizationData,
            Ticket[] additionalTickets,
            EncryptionKey subKey) throws KrbException, IOException {
-        this(options, asCreds, asCreds.getClient(), sname,
-                from, till, rtime, eTypes, addresses,
-                authorizationData, additionalTickets, subKey, null);
+        this(options, asCreds, asCreds.getClient(), asCreds.getClientAlias(),
+                sname, serverAlias, from, till, rtime, eTypes,
+                addresses, authorizationData, additionalTickets, subKey, null);
    }

    private KrbTgsReq(
            KDCOptions options,
            Credentials asCreds,
            PrincipalName cname,
+            PrincipalName clientAlias,
            PrincipalName sname,
+            PrincipalName serverAlias,
            KerberosTime from,
            KerberosTime till,
            KerberosTime rtime,
@ -111,7 +119,9 @@ public class KrbTgsReq {
            PAData[] extraPAs) throws KrbException, IOException {

        princName = cname;
+        this.clientAlias = clientAlias;
        servName = sname;
+        this.serverAlias = serverAlias;
        ctime = KerberosTime.now();

        // check if they are valid arguments. The optional fields
@ -365,6 +375,14 @@ public class KrbTgsReq {
        return secondTicket;
    }

+    PrincipalName getClientAlias() {
+        return clientAlias;
+    }
+
+    PrincipalName getServerAlias() {
+        return serverAlias;
+    }
+
    private static void debug(String message) {
        //      System.err.println(">>> KrbTgsReq: " + message);
    }