Java Code Examples for sun.security.krb5.internal.KerberosTime#getSeconds()
The following examples show how to use
sun.security.krb5.internal.KerberosTime#getSeconds() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DflCache.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 2
Source File: DflCache.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 3
Source File: DflCache.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 4
Source File: DflCache.java From hottub with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 5
Source File: DflCache.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 6
Source File: DflCache.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 7
Source File: DflCache.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 8
Source File: DflCache.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
private static void expunge(Path p, KerberosTime currTime) throws IOException { Path p2 = Files.createTempFile(p.getParent(), "rcache", null); try (SeekableByteChannel oldChan = Files.newByteChannel(p); SeekableByteChannel newChan = createNoClose(p2)) { long timeLimit = currTime.getSeconds() - readHeader(oldChan); while (true) { try { AuthTime at = AuthTime.readFrom(oldChan); if (at.ctime > timeLimit) { ByteBuffer bb = ByteBuffer.wrap(at.encode(true)); newChan.write(bb); } } catch (BufferUnderflowException e) { break; } } } makeMine(p2); Files.move(p2, p, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); }
Example 9
Source File: DflCache.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 10
Source File: DflCache.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 11
Source File: DflCache.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 12
Source File: DflCache.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 13
Source File: DflCache.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.sameTimeDiffHash((AuthTimeWithHash)a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 14
Source File: DflCache.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 15
Source File: AuthList.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
/** * Puts the authenticator timestamp into the cache in descending order, * and throw an exception if it's already there. */ public synchronized void put(AuthTimeWithHash t, KerberosTime currentTime) throws KrbApErrException { if (entries.isEmpty()) { entries.addFirst(t); oldestTime = t.ctime; return; } else { AuthTimeWithHash temp = entries.getFirst(); int cmp = temp.compareTo(t); if (cmp < 0) { // This is the most common case, newly received authenticator // has larger timestamp. entries.addFirst(t); } else if (cmp == 0) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else { //unless client clock being re-adjusted. ListIterator<AuthTimeWithHash> it = entries.listIterator(1); boolean found = false; while (it.hasNext()) { temp = it.next(); cmp = temp.compareTo(t); if (cmp < 0) { // Find an older one, put in front of it entries.add(entries.indexOf(temp), t); found = true; break; } else if (cmp == 0) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } if (!found) { // All is newer than the newcomer. Sigh. entries.addLast(t); } } } // let us cleanup while we are here long timeLimit = currentTime.getSeconds() - lifespan; // Only trigger a cleanup when the earliest entry is // lifespan + 5 sec ago. This ensures a cleanup is done // at most every 5 seconds so that we don't always // addLast(removeLast). if (oldestTime > timeLimit - 5) { return; } // and we remove the *enough* old ones (1 lifetime ago) while (!entries.isEmpty()) { AuthTimeWithHash removed = entries.removeLast(); if (removed.ctime >= timeLimit) { entries.addLast(removed); oldestTime = removed.ctime; return; } } oldestTime = Integer.MIN_VALUE; }
Example 16
Source File: AuthList.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
/** * Puts the authenticator timestamp into the cache in descending order, * and throw an exception if it's already there. */ public synchronized void put(AuthTimeWithHash t, KerberosTime currentTime) throws KrbApErrException { if (entries.isEmpty()) { entries.addFirst(t); oldestTime = t.ctime; return; } else { AuthTimeWithHash temp = entries.getFirst(); int cmp = temp.compareTo(t); if (cmp < 0) { // This is the most common case, newly received authenticator // has larger timestamp. entries.addFirst(t); } else if (cmp == 0) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else { //unless client clock being re-adjusted. ListIterator<AuthTimeWithHash> it = entries.listIterator(1); boolean found = false; while (it.hasNext()) { temp = it.next(); cmp = temp.compareTo(t); if (cmp < 0) { // Find an older one, put in front of it entries.add(entries.indexOf(temp), t); found = true; break; } else if (cmp == 0) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } if (!found) { // All is newer than the newcomer. Sigh. entries.addLast(t); } } } // let us cleanup while we are here long timeLimit = currentTime.getSeconds() - lifespan; // Only trigger a cleanup when the earliest entry is // lifespan + 5 sec ago. This ensures a cleanup is done // at most every 5 seconds so that we don't always // addLast(removeLast). if (oldestTime > timeLimit - 5) { return; } // and we remove the *enough* old ones (1 lifetime ago) while (!entries.isEmpty()) { AuthTimeWithHash removed = entries.removeLast(); if (removed.ctime >= timeLimit) { entries.addLast(removed); oldestTime = removed.ctime; return; } } oldestTime = Integer.MIN_VALUE; }
Example 17
Source File: DflCache.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 18
Source File: DflCache.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 19
Source File: DflCache.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }
Example 20
Source File: DflCache.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
private int loadAndCheck(Path p, AuthTimeWithHash time, KerberosTime currTime) throws IOException, KrbApErrException { int missed = 0; if (Files.isSymbolicLink(p)) { throw new IOException("Symlink not accepted"); } try { Set<PosixFilePermission> perms = Files.getPosixFilePermissions(p); if (uid != -1 && (Integer)Files.getAttribute(p, "unix:uid") != uid) { throw new IOException("Not mine"); } if (perms.contains(PosixFilePermission.GROUP_READ) || perms.contains(PosixFilePermission.GROUP_WRITE) || perms.contains(PosixFilePermission.GROUP_EXECUTE) || perms.contains(PosixFilePermission.OTHERS_READ) || perms.contains(PosixFilePermission.OTHERS_WRITE) || perms.contains(PosixFilePermission.OTHERS_EXECUTE)) { throw new IOException("Accessible by someone else"); } } catch (UnsupportedOperationException uoe) { // No POSIX permissions? Ignore it. } chan = Files.newByteChannel(p, StandardOpenOption.WRITE, StandardOpenOption.READ); long timeLimit = currTime.getSeconds() - readHeader(chan); long pos = 0; boolean seeNewButNotSame = false; while (true) { try { pos = chan.position(); AuthTime a = AuthTime.readFrom(chan); if (a instanceof AuthTimeWithHash) { if (time.equals(a)) { // Exact match, must be a replay throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } else if (time.isSameIgnoresHash(a)) { // Two different authenticators in the same second. // Remember it seeNewButNotSame = true; } } else { if (time.isSameIgnoresHash(a)) { // Two authenticators in the same second. Considered // same if we haven't seen a new style version of it if (!seeNewButNotSame) { throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT); } } } if (a.ctime < timeLimit) { missed++; } else { missed--; } } catch (BufferUnderflowException e) { // Half-written file? chan.position(pos); break; } } return missed; }