diff --git a/jdk/src/share/classes/sun/security/krb5/Config.java b/jdk/src/share/classes/sun/security/krb5/Config.java index 8adcba81f53..283e0d28cbf 100644 --- a/jdk/src/share/classes/sun/security/krb5/Config.java +++ b/jdk/src/share/classes/sun/security/krb5/Config.java @@ -70,7 +70,12 @@ public class Config { private static final int BASE16_1 = 16; private static final int BASE16_2 = 16 * 16; private static final int BASE16_3 = 16 * 16 * 16; - private String defaultRealm; // default kdc realm. + + /** + * Specified by system properties. Must be both null or non-null. + */ + private final String defaultRealm; + private final String defaultKDC; // used for native interface private static native String getWindowsDirectory(boolean isSystem); @@ -81,9 +86,8 @@ public class Config { * singleton) is returned. * * @exception KrbException if error occurs when constructing a Config - * instance. Possible causes would be configuration file not - * found, either of java.security.krb5.realm or java.security.krb5.kdc - * not specified, error reading configuration file. + * instance. Possible causes would be either of java.security.krb5.realm or + * java.security.krb5.kdc not specified, error reading configuration file. */ public static synchronized Config getInstance() throws KrbException { if (singleton == null) { @@ -98,9 +102,8 @@ public class Config { * the java.security.krb5.* system properties again. * * @exception KrbException if error occurs when constructing a Config - * instance. Possible causes would be configuration file not - * found, either of java.security.krb5.realm or java.security.krb5.kdc - * not specified, error reading configuration file. + * instance. Possible causes would be either of java.security.krb5.realm or + * java.security.krb5.kdc not specified, error reading configuration file. */ public static synchronized void refresh() throws KrbException { @@ -114,56 +117,37 @@ public class Config { */ private Config() throws KrbException { /* - * If these two system properties are being specified by the user, - * we ignore configuration file. If either one system property is - * specified, we throw exception. If neither of them are specified, - * we load the information from configuration file. + * If either one system property is specified, we throw exception. */ - String kdchost = + String tmp = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction ("java.security.krb5.kdc")); + if (tmp != null) { + // The user can specify a list of kdc hosts separated by ":" + defaultKDC = tmp.replace(':', ' '); + } else { + defaultKDC = null; + } defaultRealm = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction ("java.security.krb5.realm")); - if ((kdchost == null && defaultRealm != null) || - (defaultRealm == null && kdchost != null)) { + if ((defaultKDC == null && defaultRealm != null) || + (defaultRealm == null && defaultKDC != null)) { throw new KrbException ("System property java.security.krb5.kdc and " + "java.security.krb5.realm both must be set or " + "neither must be set."); } - // Read the Kerberos configuration file + // Always read the Kerberos configuration file try { Vector configFile; configFile = loadConfigFile(); stanzaTable = parseStanzaTable(configFile); } catch (IOException ioe) { - // No krb5.conf, no problem. We'll use DNS etc. - } - - if (kdchost != null) { - /* - * If configuration information is only specified by - * properties java.security.krb5.kdc and - * java.security.krb5.realm, we put both in the hashtable - * under [libdefaults]. - */ - if (stanzaTable == null) { - stanzaTable = new Hashtable (); - } - Hashtable kdcs = - (Hashtable)stanzaTable.get("libdefaults"); - if (kdcs == null) { - kdcs = new Hashtable (); - stanzaTable.put("libdefaults", kdcs); - } - kdcs.put("default_realm", defaultRealm); - // The user can specify a list of kdc hosts separated by ":" - kdchost = kdchost.replace(':', ' '); - kdcs.put("kdc", kdchost); + // No krb5.conf, no problem. We'll use DNS or system property etc. } } @@ -295,19 +279,6 @@ public class Config { String result = null; Hashtable subTable; - /* - * In the situation when kdc is specified by - * java.security.krb5.kdc, we get the kdc from [libdefaults] in - * hashtable. - */ - if (name.equalsIgnoreCase("kdc") && - (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) && - (java.security.AccessController.doPrivileged( - new sun.security.action. - GetPropertyAction("java.security.krb5.kdc")) != null)) { - result = getDefault("kdc", "libdefaults"); - return result; - } if (stanzaTable != null) { for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) { stanzaName = (String)e.nextElement(); @@ -1035,13 +1006,13 @@ public class Config { /** * Resets the default kdc realm. * We do not need to synchronize these methods since assignments are atomic + * + * This method was useless. Kept here in case some class still calls it. */ public void resetDefaultRealm(String realm) { - defaultRealm = realm; if (DEBUG) { - System.out.println(">>> Config reset default kdc " + defaultRealm); + System.out.println(">>> Config try resetting default kdc " + realm); } - } /** @@ -1098,6 +1069,9 @@ public class Config { * @return the default realm, always non null */ public String getDefaultRealm() throws KrbException { + if (defaultRealm != null) { + return defaultRealm; + } Exception cause = null; String realm = getDefault("default_realm", "libdefaults"); if ((realm == null) && useDNS_Realm()) { @@ -1142,6 +1116,9 @@ public class Config { if (realm == null) { realm = getDefaultRealm(); } + if (realm.equalsIgnoreCase(defaultRealm)) { + return defaultKDC; + } Exception cause = null; String kdcs = getDefault("kdc", realm); if ((kdcs == null) && useDNS_KDC()) { @@ -1171,6 +1148,9 @@ public class Config { }); } if (kdcs == null) { + if (defaultKDC != null) { + return defaultKDC; + } KrbException ke = new KrbException("Cannot locate KDC"); if (cause != null) { ke.initCause(cause); diff --git a/jdk/src/share/classes/sun/security/krb5/KrbApReq.java b/jdk/src/share/classes/sun/security/krb5/KrbApReq.java index d274b1efbb0..4ed98c5f0cd 100644 --- a/jdk/src/share/classes/sun/security/krb5/KrbApReq.java +++ b/jdk/src/share/classes/sun/security/krb5/KrbApReq.java @@ -294,8 +294,6 @@ public class KrbApReq { apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm); enc_ticketPart.cname.setRealm(enc_ticketPart.crealm); - Config.getInstance().resetDefaultRealm(apReqMessg.ticket.realm.toString()); - if (!authenticator.cname.equals(enc_ticketPart.cname)) throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH); diff --git a/jdk/test/sun/security/krb5/ConfPlusProp.java b/jdk/test/sun/security/krb5/ConfPlusProp.java index b1ea2ca5e75..e2c49a237a9 100644 --- a/jdk/test/sun/security/krb5/ConfPlusProp.java +++ b/jdk/test/sun/security/krb5/ConfPlusProp.java @@ -23,31 +23,56 @@ /* * @test * @bug 6857795 + * @buf 6858589 * @summary krb5.conf ignored if system properties on realm and kdc are provided */ import sun.security.krb5.Config; -import sun.security.krb5.KrbException; public class ConfPlusProp { + Config config; public static void main(String[] args) throws Exception { - System.setProperty("java.security.krb5.realm", "R2"); - System.setProperty("java.security.krb5.kdc", "k2"); + new ConfPlusProp().run(); + } + + void refresh() throws Exception { + Config.refresh(); + config = Config.getInstance(); + } + + void checkDefaultRealm(String r) throws Exception { + try { + if (!config.getDefaultRealm().equals(r)) { + throw new AssertionError("Default realm error"); + } + } catch (Exception e) { + if (r != null) throw e; + } + } + + void check(String r, String k) throws Exception { + try { + if (!config.getKDCList(r).equals(k)) { + throw new AssertionError(r + " kdc not " + k); + } + } catch (Exception e) { + if (k != null) throw e; + } + } + + void run() throws Exception { + + // No prop, only conf // Point to a file with existing default_realm System.setProperty("java.security.krb5.conf", System.getProperty("test.src", ".") +"/confplusprop.conf"); - Config config = Config.getInstance(); + refresh(); - if (!config.getDefaultRealm().equals("R2")) { - throw new Exception("Default realm error"); - } - if (!config.getKDCList("R1").equals("k1")) { - throw new Exception("R1 kdc error"); - } - if (!config.getKDCList("R2").equals("k2")) { - throw new Exception("R2 kdc error"); - } + checkDefaultRealm("R1"); + check("R1", "k1"); + check("R2", "old"); + check("R3", null); if (!config.getDefault("forwardable", "libdefaults").equals("well")) { throw new Exception("Extra config error"); } @@ -55,38 +80,66 @@ public class ConfPlusProp { // Point to a file with no libdefaults System.setProperty("java.security.krb5.conf", System.getProperty("test.src", ".") +"/confplusprop2.conf"); - Config.refresh(); + refresh(); - config = Config.getInstance(); + checkDefaultRealm(null); + check("R1", "k12"); + check("R2", "old"); + check("R3", null); - if (!config.getDefaultRealm().equals("R2")) { - throw new Exception("Default realm error again"); + int version = System.getProperty("java.version").charAt(2) - '0'; + System.out.println("JDK version is " + version); + + // Zero-config is supported since 1.7 + if (version >= 7) { + // Point to a non-existing file + System.setProperty("java.security.krb5.conf", "i-am-not-a file"); + refresh(); + + checkDefaultRealm(null); + check("R1", null); + check("R2", null); + check("R3", null); + if (config.getDefault("forwardable", "libdefaults") != null) { + throw new Exception("Extra config error"); + } } - if (!config.getKDCList("R1").equals("k12")) { - throw new Exception("R1 kdc error"); - } - if (!config.getKDCList("R2").equals("k2")) { - throw new Exception("R2 kdc error"); + + // Add prop + System.setProperty("java.security.krb5.realm", "R2"); + System.setProperty("java.security.krb5.kdc", "k2"); + + // Point to a file with existing default_realm + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") +"/confplusprop.conf"); + refresh(); + + checkDefaultRealm("R2"); + check("R1", "k1"); + check("R2", "k2"); + check("R3", "k2"); + if (!config.getDefault("forwardable", "libdefaults").equals("well")) { + throw new Exception("Extra config error"); } + // Point to a file with no libdefaults + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") +"/confplusprop2.conf"); + refresh(); + + checkDefaultRealm("R2"); + check("R1", "k12"); + check("R2", "k2"); + check("R3", "k2"); + // Point to a non-existing file System.setProperty("java.security.krb5.conf", "i-am-not-a file"); - Config.refresh(); + refresh(); - config = Config.getInstance(); - - if (!config.getDefaultRealm().equals("R2")) { - throw new Exception("Default realm error"); - } - try { - config.getKDCList("R1"); - throw new Exception("R1 is nowhere"); - } catch (KrbException ke) { - // OK - } - if (!config.getKDCList("R2").equals("k2")) { - throw new Exception("R2 kdc error"); - } + checkDefaultRealm("R2"); + check("R1", "k2"); + check("R2", "k2"); + check("R3", "k2"); if (config.getDefault("forwardable", "libdefaults") != null) { throw new Exception("Extra config error"); }