infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-19 06:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

6858589: more changes to Config on system properties

Browse Source 
Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2009-07-22 16:39:34 +08:00
parent 31eb8dfb51
commit f1b3e33db7
3 changed files with 124 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
jdk/src/share/classes/sun/security/krb5/Config.java
View File

@ -70,7 +70,12 @@ public class Config {
private static final int BASE16_1 = 16;
private static final int BASE16_2 = 16 * 16;
private static final int BASE16_3 = 16 * 16 * 16;
private String defaultRealm; // default kdc realm.
/**
* Specified by system properties. Must be both null or non-null.
*/
private final String defaultRealm;
private final String defaultKDC;
// used for native interface
private static native String getWindowsDirectory(boolean isSystem);
@ -81,9 +86,8 @@ public class Config {
* singleton) is returned.
*
* @exception KrbException if error occurs when constructing a Config
* instance. Possible causes would be configuration file not
* found, either of java.security.krb5.realm or java.security.krb5.kdc
* not specified, error reading configuration file.
* instance. Possible causes would be either of java.security.krb5.realm or
* java.security.krb5.kdc not specified, error reading configuration file.
*/
public static synchronized Config getInstance() throws KrbException {
if (singleton == null) {
@ -98,9 +102,8 @@ public class Config {
* the java.security.krb5.* system properties again.
*
* @exception KrbException if error occurs when constructing a Config
* instance. Possible causes would be configuration file not
* found, either of java.security.krb5.realm or java.security.krb5.kdc
* not specified, error reading configuration file.
* instance. Possible causes would be either of java.security.krb5.realm or
* java.security.krb5.kdc not specified, error reading configuration file.
*/
public static synchronized void refresh() throws KrbException {
@ -114,56 +117,37 @@ public class Config {
*/
private Config() throws KrbException {
/*
* If these two system properties are being specified by the user,
* we ignore configuration file. If either one system property is
* specified, we throw exception. If neither of them are specified,
* we load the information from configuration file.
* If either one system property is specified, we throw exception.
*/
String kdchost =
String tmp =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.kdc"));
if (tmp != null) {
// The user can specify a list of kdc hosts separated by ":"
defaultKDC = tmp.replace(':', ' ');
} else {
defaultKDC = null;
}
defaultRealm =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.realm"));
if ((kdchost == null && defaultRealm != null) ||
(defaultRealm == null && kdchost != null)) {
if ((defaultKDC == null && defaultRealm != null) ||
(defaultRealm == null && defaultKDC != null)) {
throw new KrbException
("System property java.security.krb5.kdc and " +
"java.security.krb5.realm both must be set or " +
"neither must be set.");
}
// Read the Kerberos configuration file
// Always read the Kerberos configuration file
try {
Vector<String> configFile;
configFile = loadConfigFile();
stanzaTable = parseStanzaTable(configFile);
} catch (IOException ioe) {
// No krb5.conf, no problem. We'll use DNS etc.
}
if (kdchost != null) {
/*
* If configuration information is only specified by
* properties java.security.krb5.kdc and
* java.security.krb5.realm, we put both in the hashtable
* under [libdefaults].
*/
if (stanzaTable == null) {
stanzaTable = new Hashtable<String,Object> ();
}
Hashtable<String,String> kdcs =
(Hashtable<String,String>)stanzaTable.get("libdefaults");
if (kdcs == null) {
kdcs = new Hashtable<String,String> ();
stanzaTable.put("libdefaults", kdcs);
}
kdcs.put("default_realm", defaultRealm);
// The user can specify a list of kdc hosts separated by ":"
kdchost = kdchost.replace(':', ' ');
kdcs.put("kdc", kdchost);
// No krb5.conf, no problem. We'll use DNS or system property etc.
}
}
@ -295,19 +279,6 @@ public class Config {
String result = null;
Hashtable subTable;
/*
* In the situation when kdc is specified by
* java.security.krb5.kdc, we get the kdc from [libdefaults] in
* hashtable.
*/
if (name.equalsIgnoreCase("kdc") &&
(section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
(java.security.AccessController.doPrivileged(
new sun.security.action.
GetPropertyAction("java.security.krb5.kdc")) != null)) {
result = getDefault("kdc", "libdefaults");
return result;
}
if (stanzaTable != null) {
for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) {
stanzaName = (String)e.nextElement();
@ -1035,13 +1006,13 @@ public class Config {
/**
* Resets the default kdc realm.
* We do not need to synchronize these methods since assignments are atomic
*
* This method was useless. Kept here in case some class still calls it.
*/
public void resetDefaultRealm(String realm) {
defaultRealm = realm;
if (DEBUG) {
System.out.println(">>> Config reset default kdc " + defaultRealm);
System.out.println(">>> Config try resetting default kdc " + realm);
}
}
/**
@ -1098,6 +1069,9 @@ public class Config {
* @return the default realm, always non null
*/
public String getDefaultRealm() throws KrbException {
if (defaultRealm != null) {
return defaultRealm;
}
Exception cause = null;
String realm = getDefault("default_realm", "libdefaults");
if ((realm == null) && useDNS_Realm()) {
@ -1142,6 +1116,9 @@ public class Config {
if (realm == null) {
realm = getDefaultRealm();
}
if (realm.equalsIgnoreCase(defaultRealm)) {
return defaultKDC;
}
Exception cause = null;
String kdcs = getDefault("kdc", realm);
if ((kdcs == null) && useDNS_KDC()) {
@ -1171,6 +1148,9 @@ public class Config {
});
}
if (kdcs == null) {
if (defaultKDC != null) {
return defaultKDC;
}
KrbException ke = new KrbException("Cannot locate KDC");
if (cause != null) {
ke.initCause(cause);

2
jdk/src/share/classes/sun/security/krb5/KrbApReq.java
View File

@ -294,8 +294,6 @@ public class KrbApReq {
apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
Config.getInstance().resetDefaultRealm(apReqMessg.ticket.realm.toString());
if (!authenticator.cname.equals(enc_ticketPart.cname))
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);

127
jdk/test/sun/security/krb5/ConfPlusProp.java
View File

@ -23,31 +23,56 @@
/*
* @test
* @bug 6857795
* @buf 6858589
* @summary krb5.conf ignored if system properties on realm and kdc are provided
*/
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;
public class ConfPlusProp {
Config config;
public static void main(String[] args) throws Exception {
System.setProperty("java.security.krb5.realm", "R2");
System.setProperty("java.security.krb5.kdc", "k2");
new ConfPlusProp().run();
}
void refresh() throws Exception {
Config.refresh();
config = Config.getInstance();
}
void checkDefaultRealm(String r) throws Exception {
try {
if (!config.getDefaultRealm().equals(r)) {
throw new AssertionError("Default realm error");
}
} catch (Exception e) {
if (r != null) throw e;
}
}
void check(String r, String k) throws Exception {
try {
if (!config.getKDCList(r).equals(k)) {
throw new AssertionError(r + " kdc not " + k);
}
} catch (Exception e) {
if (k != null) throw e;
}
}
void run() throws Exception {
// No prop, only conf
// Point to a file with existing default_realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop.conf");
Config config = Config.getInstance();
refresh();
if (!config.getDefaultRealm().equals("R2")) {
throw new Exception("Default realm error");
}
if (!config.getKDCList("R1").equals("k1")) {
throw new Exception("R1 kdc error");
}
if (!config.getKDCList("R2").equals("k2")) {
throw new Exception("R2 kdc error");
}
checkDefaultRealm("R1");
check("R1", "k1");
check("R2", "old");
check("R3", null);
if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
throw new Exception("Extra config error");
}
@ -55,38 +80,66 @@ public class ConfPlusProp {
// Point to a file with no libdefaults
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop2.conf");
Config.refresh();
refresh();
config = Config.getInstance();
checkDefaultRealm(null);
check("R1", "k12");
check("R2", "old");
check("R3", null);
if (!config.getDefaultRealm().equals("R2")) {
throw new Exception("Default realm error again");
int version = System.getProperty("java.version").charAt(2) - '0';
System.out.println("JDK version is " + version);
// Zero-config is supported since 1.7
if (version >= 7) {
// Point to a non-existing file
System.setProperty("java.security.krb5.conf", "i-am-not-a file");
refresh();
checkDefaultRealm(null);
check("R1", null);
check("R2", null);
check("R3", null);
if (config.getDefault("forwardable", "libdefaults") != null) {
throw new Exception("Extra config error");
}
}
if (!config.getKDCList("R1").equals("k12")) {
throw new Exception("R1 kdc error");
}
if (!config.getKDCList("R2").equals("k2")) {
throw new Exception("R2 kdc error");
// Add prop
System.setProperty("java.security.krb5.realm", "R2");
System.setProperty("java.security.krb5.kdc", "k2");
// Point to a file with existing default_realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop.conf");
refresh();
checkDefaultRealm("R2");
check("R1", "k1");
check("R2", "k2");
check("R3", "k2");
if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
throw new Exception("Extra config error");
}
// Point to a file with no libdefaults
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop2.conf");
refresh();
checkDefaultRealm("R2");
check("R1", "k12");
check("R2", "k2");
check("R3", "k2");
// Point to a non-existing file
System.setProperty("java.security.krb5.conf", "i-am-not-a file");
Config.refresh();
refresh();
config = Config.getInstance();
if (!config.getDefaultRealm().equals("R2")) {
throw new Exception("Default realm error");
}
try {
config.getKDCList("R1");
throw new Exception("R1 is nowhere");
} catch (KrbException ke) {
// OK
}
if (!config.getKDCList("R2").equals("k2")) {
throw new Exception("R2 kdc error");
}
checkDefaultRealm("R2");
check("R1", "k2");
check("R2", "k2");
check("R3", "k2");
if (config.getDefault("forwardable", "libdefaults") != null) {
throw new Exception("Extra config error");
}