author | weijun |
Fri, 04 Apr 2014 21:19:43 +0800 | |
changeset 23716 | 33cc4db6209b |
parent 23336 | 7e5853f091e9 |
child 25151 | 7a670121602e |
permissions | -rw-r--r-- |
2 | 1 |
/* |
23010
6dadb192ad81
8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013
lana
parents:
21278
diff
changeset
|
2 |
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
/* |
|
27 |
* |
|
28 |
* (C) Copyright IBM Corp. 1999 All Rights Reserved. |
|
29 |
* Copyright 1997 The Open Group Research Institute. All rights reserved. |
|
30 |
*/ |
|
31 |
package sun.security.krb5; |
|
32 |
||
33 |
import java.io.File; |
|
34 |
import java.io.FileInputStream; |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
35 |
import java.util.*; |
2 | 36 |
import java.io.BufferedReader; |
37 |
import java.io.InputStreamReader; |
|
38 |
import java.io.IOException; |
|
39 |
import java.net.InetAddress; |
|
40 |
import java.net.UnknownHostException; |
|
14327 | 41 |
import java.security.AccessController; |
42 |
import java.security.PrivilegedExceptionAction; |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
43 |
|
6113 | 44 |
import sun.net.dns.ResolverConfiguration; |
2 | 45 |
import sun.security.krb5.internal.crypto.EType; |
46 |
import sun.security.krb5.internal.Krb5; |
|
47 |
||
48 |
/** |
|
49 |
* This class maintains key-value pairs of Kerberos configurable constants |
|
50 |
* from configuration file or from user specified system properties. |
|
51 |
*/ |
|
52 |
||
53 |
public class Config { |
|
54 |
||
55 |
/* |
|
56 |
* Only allow a single instance of Config. |
|
57 |
*/ |
|
58 |
private static Config singleton = null; |
|
59 |
||
60 |
/* |
|
21278 | 61 |
* Hashtable used to store configuration information. |
2 | 62 |
*/ |
14327 | 63 |
private Hashtable<String,Object> stanzaTable = new Hashtable<>(); |
2 | 64 |
|
65 |
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG; |
|
66 |
||
67 |
// these are used for hexdecimal calculation. |
|
68 |
private static final int BASE16_0 = 1; |
|
69 |
private static final int BASE16_1 = 16; |
|
70 |
private static final int BASE16_2 = 16 * 16; |
|
71 |
private static final int BASE16_3 = 16 * 16 * 16; |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
72 |
|
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
73 |
/** |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
74 |
* Specified by system properties. Must be both null or non-null. |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
75 |
*/ |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
76 |
private final String defaultRealm; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
77 |
private final String defaultKDC; |
2 | 78 |
|
79 |
// used for native interface |
|
1819 | 80 |
private static native String getWindowsDirectory(boolean isSystem); |
2 | 81 |
|
82 |
||
83 |
/** |
|
84 |
* Gets an instance of Config class. One and only one instance (the |
|
85 |
* singleton) is returned. |
|
86 |
* |
|
87 |
* @exception KrbException if error occurs when constructing a Config |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
88 |
* instance. Possible causes would be either of java.security.krb5.realm or |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
89 |
* java.security.krb5.kdc not specified, error reading configuration file. |
2 | 90 |
*/ |
91 |
public static synchronized Config getInstance() throws KrbException { |
|
92 |
if (singleton == null) { |
|
93 |
singleton = new Config(); |
|
94 |
} |
|
95 |
return singleton; |
|
96 |
} |
|
97 |
||
98 |
/** |
|
99 |
* Refresh and reload the Configuration. This could involve, |
|
100 |
* for example reading the Configuration file again or getting |
|
14327 | 101 |
* the java.security.krb5.* system properties again. This method |
102 |
* also tries its best to update static fields in other classes |
|
103 |
* that depend on the configuration. |
|
2 | 104 |
* |
105 |
* @exception KrbException if error occurs when constructing a Config |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
106 |
* instance. Possible causes would be either of java.security.krb5.realm or |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
107 |
* java.security.krb5.kdc not specified, error reading configuration file. |
2 | 108 |
*/ |
109 |
||
110 |
public static synchronized void refresh() throws KrbException { |
|
111 |
singleton = new Config(); |
|
7183 | 112 |
KdcComm.initStatic(); |
14327 | 113 |
EType.initStatic(); |
114 |
Checksum.initStatic(); |
|
2 | 115 |
} |
116 |
||
117 |
||
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
118 |
private static boolean isMacosLionOrBetter() { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
119 |
// split the "10.x.y" version number |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
120 |
String osname = getProperty("os.name"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
121 |
if (!osname.contains("OS X")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
122 |
return false; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
123 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
124 |
|
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
125 |
String osVersion = getProperty("os.version"); |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
126 |
String[] fragments = osVersion.split("\\."); |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
127 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
128 |
// sanity check the "10." part of the version |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
129 |
if (!fragments[0].equals("10")) return false; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
130 |
if (fragments.length < 2) return false; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
131 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
132 |
// check if Mac OS X 10.7(.y) |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
133 |
try { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
134 |
int minorVers = Integer.parseInt(fragments[1]); |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
135 |
if (minorVers >= 7) return true; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
136 |
} catch (NumberFormatException e) { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
137 |
// was not an integer |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
138 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
139 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
140 |
return false; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
141 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
142 |
|
2 | 143 |
/** |
144 |
* Private constructor - can not be instantiated externally. |
|
145 |
*/ |
|
146 |
private Config() throws KrbException { |
|
147 |
/* |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
148 |
* If either one system property is specified, we throw exception. |
2 | 149 |
*/ |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
150 |
String tmp = getProperty("java.security.krb5.kdc"); |
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
151 |
if (tmp != null) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
152 |
// The user can specify a list of kdc hosts separated by ":" |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
153 |
defaultKDC = tmp.replace(':', ' '); |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
154 |
} else { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
155 |
defaultKDC = null; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
156 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
157 |
defaultRealm = getProperty("java.security.krb5.realm"); |
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
158 |
if ((defaultKDC == null && defaultRealm != null) || |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
159 |
(defaultRealm == null && defaultKDC != null)) { |
2 | 160 |
throw new KrbException |
161 |
("System property java.security.krb5.kdc and " + |
|
162 |
"java.security.krb5.realm both must be set or " + |
|
163 |
"neither must be set."); |
|
164 |
} |
|
3221
98ac5a3e79e9
6857795: krb5.conf ignored if system properties on realm and kdc are provided
weijun
parents:
2587
diff
changeset
|
165 |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
166 |
// Always read the Kerberos configuration file |
3221
98ac5a3e79e9
6857795: krb5.conf ignored if system properties on realm and kdc are provided
weijun
parents:
2587
diff
changeset
|
167 |
try { |
14327 | 168 |
List<String> configFile; |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
169 |
String fileName = getJavaFileName(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
170 |
if (fileName != null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
171 |
configFile = loadConfigFile(fileName); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
172 |
stanzaTable = parseStanzaTable(configFile); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
173 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
174 |
System.out.println("Loaded from Java config"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
175 |
} |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
176 |
} else { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
177 |
boolean found = false; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
178 |
if (isMacosLionOrBetter()) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
179 |
try { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
180 |
stanzaTable = SCDynamicStoreConfig.getConfig(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
181 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
182 |
System.out.println("Loaded from SCDynamicStoreConfig"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
183 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
184 |
found = true; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
185 |
} catch (IOException ioe) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
186 |
// OK. Will go on with file |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
187 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
188 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
189 |
if (!found) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
190 |
fileName = getNativeFileName(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
191 |
configFile = loadConfigFile(fileName); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
192 |
stanzaTable = parseStanzaTable(configFile); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
193 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
194 |
System.out.println("Loaded from native config"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
195 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
196 |
} |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
197 |
} |
3221
98ac5a3e79e9
6857795: krb5.conf ignored if system properties on realm and kdc are provided
weijun
parents:
2587
diff
changeset
|
198 |
} catch (IOException ioe) { |
14327 | 199 |
// I/O error, mostly like krb5.conf missing. |
200 |
// No problem. We'll use DNS or system property etc. |
|
2 | 201 |
} |
202 |
} |
|
203 |
||
204 |
/** |
|
14327 | 205 |
* Gets the last-defined string value for the specified keys. |
206 |
* @param keys the keys, as an array from section name, sub-section names |
|
207 |
* (if any), to value name. |
|
208 |
* @return the value. When there are multiple values for the same key, |
|
209 |
* returns the last one. {@code null} is returned if not all the keys are |
|
210 |
* defined. For example, {@code get("libdefaults", "forwardable")} will |
|
211 |
* return null if "forwardable" is not defined in [libdefaults], and |
|
212 |
* {@code get("realms", "R", "kdc")} will return null if "R" is not |
|
213 |
* defined in [realms] or "kdc" is not defined for "R". |
|
214 |
* @throws IllegalArgumentException if any of the keys is illegal, either |
|
215 |
* because a key not the last one is not a (sub)section name or the last |
|
216 |
* key is still a section name. For example, {@code get("libdefaults")} |
|
217 |
* throws this exception because [libdefaults] is a section name instead of |
|
218 |
* a value name, and {@code get("libdefaults", "forwardable", "tail")} |
|
219 |
* also throws this exception because "forwardable" is already a value name |
|
220 |
* and has no sub-key at all (given "forwardable" is defined, otherwise, |
|
221 |
* this method has no knowledge if it's a value name or a section name), |
|
222 |
*/ |
|
223 |
public String get(String... keys) { |
|
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
224 |
Vector<String> v = getString0(keys); |
14327 | 225 |
if (v == null) return null; |
226 |
return v.lastElement(); |
|
227 |
} |
|
228 |
||
229 |
/** |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
230 |
* Gets the boolean value for the specified keys. Returns TRUE if the |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
231 |
* string value is "yes", or "true", FALSE if "no", or "false", or null |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
232 |
* if otherwise or not defined. The comparision is case-insensitive. |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
233 |
* |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
234 |
* @param keys the keys, see {@link #get(String...)} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
235 |
* @return the boolean value, or null if there is no value defined or the |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
236 |
* value does not look like a boolean value. |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
237 |
* @throws IllegalArgumentException see {@link #get(String...)} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
238 |
*/ |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
239 |
public Boolean getBooleanObject(String... keys) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
240 |
String s = get(keys); |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
241 |
if (s == null) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
242 |
return null; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
243 |
} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
244 |
switch (s.toLowerCase(Locale.US)) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
245 |
case "yes": case "true": |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
246 |
return Boolean.TRUE; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
247 |
case "no": case "false": |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
248 |
return Boolean.FALSE; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
249 |
default: |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
250 |
return null; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
251 |
} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
252 |
} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
253 |
|
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
254 |
/** |
14327 | 255 |
* Gets all values for the specified keys. |
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
256 |
* @throws IllegalArgumentException if any of the keys is illegal |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
257 |
* (See {@link #get}) |
2 | 258 |
*/ |
14327 | 259 |
public String getAll(String... keys) { |
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
260 |
Vector<String> v = getString0(keys); |
14327 | 261 |
if (v == null) return null; |
262 |
StringBuilder sb = new StringBuilder(); |
|
263 |
boolean first = true; |
|
264 |
for (String s: v) { |
|
265 |
if (first) { |
|
266 |
sb.append(s); |
|
267 |
first = false; |
|
268 |
} else { |
|
269 |
sb.append(' ').append(s); |
|
270 |
} |
|
271 |
} |
|
272 |
return sb.toString(); |
|
273 |
} |
|
274 |
||
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
275 |
/** |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
276 |
* Returns true if keys exists, can be either final string(s) or sub-stanza |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
277 |
* @throws IllegalArgumentException if any of the keys is illegal |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
278 |
* (See {@link #get}) |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
279 |
*/ |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
280 |
public boolean exists(String... keys) { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
281 |
return get0(keys) != null; |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
282 |
} |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
283 |
|
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
284 |
// Returns final string value(s) for given keys. |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
285 |
@SuppressWarnings("unchecked") |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
286 |
private Vector<String> getString0(String... keys) { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
287 |
try { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
288 |
return (Vector<String>)get0(keys); |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
289 |
} catch (ClassCastException cce) { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
290 |
throw new IllegalArgumentException(cce); |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
291 |
} |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
292 |
} |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
293 |
|
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
294 |
// Internal method. Returns the value for keys, which can be a sub-stanza |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
295 |
// or final string value(s). |
14327 | 296 |
// The only method (except for toString) that reads stanzaTable directly. |
297 |
@SuppressWarnings("unchecked") |
|
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
298 |
private Object get0(String... keys) { |
14327 | 299 |
Object current = stanzaTable; |
300 |
try { |
|
301 |
for (String key: keys) { |
|
302 |
current = ((Hashtable<String,Object>)current).get(key); |
|
303 |
if (current == null) return null; |
|
304 |
} |
|
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
305 |
return current; |
14327 | 306 |
} catch (ClassCastException cce) { |
307 |
throw new IllegalArgumentException(cce); |
|
308 |
} |
|
309 |
} |
|
310 |
||
311 |
/** |
|
312 |
* Gets the int value for the specified keys. |
|
313 |
* @param keys the keys |
|
314 |
* @return the int value, Integer.MIN_VALUE is returned if it cannot be |
|
315 |
* found or the value is not a legal integer. |
|
316 |
* @throw IllegalArgumentException if any of the keys is illegal |
|
317 |
* @see #get(java.lang.String[]) |
|
318 |
*/ |
|
319 |
public int getIntValue(String... keys) { |
|
320 |
String result = get(keys); |
|
2 | 321 |
int value = Integer.MIN_VALUE; |
322 |
if (result != null) { |
|
323 |
try { |
|
324 |
value = parseIntValue(result); |
|
325 |
} catch (NumberFormatException e) { |
|
326 |
if (DEBUG) { |
|
327 |
System.out.println("Exception in getting value of " + |
|
14327 | 328 |
Arrays.toString(keys) + " " + |
2 | 329 |
e.getMessage()); |
14327 | 330 |
System.out.println("Setting " + Arrays.toString(keys) + |
2 | 331 |
" to minimum value"); |
332 |
} |
|
333 |
value = Integer.MIN_VALUE; |
|
334 |
} |
|
335 |
} |
|
336 |
return value; |
|
337 |
} |
|
338 |
||
339 |
/** |
|
340 |
* Parses a string to an integer. The convertible strings include the |
|
341 |
* string representations of positive integers, negative integers, and |
|
342 |
* hex decimal integers. Valid inputs are, e.g., -1234, +1234, |
|
343 |
* 0x40000. |
|
344 |
* |
|
345 |
* @param input the String to be converted to an Integer. |
|
346 |
* @return an numeric value represented by the string |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
347 |
* @exception NumberFormatException if the String does not contain a |
2 | 348 |
* parsable integer. |
349 |
*/ |
|
350 |
private int parseIntValue(String input) throws NumberFormatException { |
|
351 |
int value = 0; |
|
352 |
if (input.startsWith("+")) { |
|
353 |
String temp = input.substring(1); |
|
354 |
return Integer.parseInt(temp); |
|
355 |
} else if (input.startsWith("0x")) { |
|
356 |
String temp = input.substring(2); |
|
357 |
char[] chars = temp.toCharArray(); |
|
358 |
if (chars.length > 8) { |
|
359 |
throw new NumberFormatException(); |
|
360 |
} else { |
|
361 |
for (int i = 0; i < chars.length; i++) { |
|
362 |
int index = chars.length - i - 1; |
|
363 |
switch (chars[i]) { |
|
364 |
case '0': |
|
365 |
value += 0; |
|
366 |
break; |
|
367 |
case '1': |
|
368 |
value += 1 * getBase(index); |
|
369 |
break; |
|
370 |
case '2': |
|
371 |
value += 2 * getBase(index); |
|
372 |
break; |
|
373 |
case '3': |
|
374 |
value += 3 * getBase(index); |
|
375 |
break; |
|
376 |
case '4': |
|
377 |
value += 4 * getBase(index); |
|
378 |
break; |
|
379 |
case '5': |
|
380 |
value += 5 * getBase(index); |
|
381 |
break; |
|
382 |
case '6': |
|
383 |
value += 6 * getBase(index); |
|
384 |
break; |
|
385 |
case '7': |
|
386 |
value += 7 * getBase(index); |
|
387 |
break; |
|
388 |
case '8': |
|
389 |
value += 8 * getBase(index); |
|
390 |
break; |
|
391 |
case '9': |
|
392 |
value += 9 * getBase(index); |
|
393 |
break; |
|
394 |
case 'a': |
|
395 |
case 'A': |
|
396 |
value += 10 * getBase(index); |
|
397 |
break; |
|
398 |
case 'b': |
|
399 |
case 'B': |
|
400 |
value += 11 * getBase(index); |
|
401 |
break; |
|
402 |
case 'c': |
|
403 |
case 'C': |
|
404 |
value += 12 * getBase(index); |
|
405 |
break; |
|
406 |
case 'd': |
|
407 |
case 'D': |
|
408 |
value += 13 * getBase(index); |
|
409 |
break; |
|
410 |
case 'e': |
|
411 |
case 'E': |
|
412 |
value += 14 * getBase(index); |
|
413 |
break; |
|
414 |
case 'f': |
|
415 |
case 'F': |
|
416 |
value += 15 * getBase(index); |
|
417 |
break; |
|
418 |
default: |
|
419 |
throw new NumberFormatException("Invalid numerical format"); |
|
420 |
} |
|
421 |
} |
|
422 |
} |
|
423 |
if (value < 0) { |
|
424 |
throw new NumberFormatException("Data overflow."); |
|
425 |
} |
|
426 |
} else { |
|
427 |
value = Integer.parseInt(input); |
|
428 |
} |
|
429 |
return value; |
|
430 |
} |
|
431 |
||
432 |
private int getBase(int i) { |
|
433 |
int result = 16; |
|
434 |
switch (i) { |
|
435 |
case 0: |
|
436 |
result = BASE16_0; |
|
437 |
break; |
|
438 |
case 1: |
|
439 |
result = BASE16_1; |
|
440 |
break; |
|
441 |
case 2: |
|
442 |
result = BASE16_2; |
|
443 |
break; |
|
444 |
case 3: |
|
445 |
result = BASE16_3; |
|
446 |
break; |
|
447 |
default: |
|
448 |
for (int j = 1; j < i; j++) { |
|
449 |
result *= 16; |
|
450 |
} |
|
451 |
} |
|
452 |
return result; |
|
453 |
} |
|
454 |
||
455 |
/** |
|
14327 | 456 |
* Reads lines to the memory from the configuration file. |
2 | 457 |
* |
458 |
* Configuration file contains information about the default realm, |
|
459 |
* ticket parameters, location of the KDC and the admin server for |
|
460 |
* known realms, etc. The file is divided into sections. Each section |
|
461 |
* contains one or more name/value pairs with one pair per line. A |
|
462 |
* typical file would be: |
|
14327 | 463 |
* <pre> |
2 | 464 |
* [libdefaults] |
465 |
* default_realm = EXAMPLE.COM |
|
466 |
* default_tgs_enctypes = des-cbc-md5 |
|
467 |
* default_tkt_enctypes = des-cbc-md5 |
|
468 |
* [realms] |
|
469 |
* EXAMPLE.COM = { |
|
470 |
* kdc = kerberos.example.com |
|
471 |
* kdc = kerberos-1.example.com |
|
472 |
* admin_server = kerberos.example.com |
|
473 |
* } |
|
474 |
* SAMPLE_COM = { |
|
475 |
* kdc = orange.sample.com |
|
476 |
* admin_server = orange.sample.com |
|
477 |
* } |
|
478 |
* [domain_realm] |
|
479 |
* blue.sample.com = TEST.SAMPLE.COM |
|
480 |
* .backup.com = EXAMPLE.COM |
|
14327 | 481 |
* </pre> |
482 |
* @return an ordered list of strings representing the config file after |
|
483 |
* some initial processing, including:<ol> |
|
484 |
* <li> Comment lines and empty lines are removed |
|
485 |
* <li> "{" not at the end of a line is appended to the previous line |
|
486 |
* <li> The content of a section is also placed between "{" and "}". |
|
487 |
* <li> Lines are trimmed</ol> |
|
488 |
* @throws IOException if there is an I/O error |
|
489 |
* @throws KrbException if there is a file format error |
|
2 | 490 |
*/ |
14327 | 491 |
private List<String> loadConfigFile(final String fileName) |
492 |
throws IOException, KrbException { |
|
2 | 493 |
try { |
14327 | 494 |
List<String> v = new ArrayList<>(); |
495 |
try (BufferedReader br = new BufferedReader(new InputStreamReader( |
|
496 |
AccessController.doPrivileged( |
|
497 |
new PrivilegedExceptionAction<FileInputStream> () { |
|
498 |
public FileInputStream run() throws IOException { |
|
499 |
return new FileInputStream(fileName); |
|
500 |
} |
|
501 |
})))) { |
|
502 |
String line; |
|
2 | 503 |
String previous = null; |
14327 | 504 |
while ((line = br.readLine()) != null) { |
505 |
line = line.trim(); |
|
506 |
if (line.startsWith("#") || line.isEmpty()) { |
|
507 |
// ignore comments and blank line |
|
508 |
// Comments start with #. |
|
509 |
continue; |
|
510 |
} |
|
511 |
// In practice, a subsection might look like: |
|
512 |
// [realms] |
|
513 |
// EXAMPLE.COM = |
|
514 |
// { |
|
515 |
// kdc = kerberos.example.com |
|
516 |
// ... |
|
517 |
// } |
|
518 |
// Before parsed into stanza table, it needs to be |
|
519 |
// converted into a canonicalized style (no indent): |
|
520 |
// realms = { |
|
521 |
// EXAMPLE.COM = { |
|
522 |
// kdc = kerberos.example.com |
|
523 |
// ... |
|
524 |
// } |
|
525 |
// } |
|
526 |
// |
|
527 |
if (line.startsWith("[")) { |
|
528 |
if (!line.endsWith("]")) { |
|
529 |
throw new KrbException("Illegal config content:" |
|
530 |
+ line); |
|
2 | 531 |
} |
14327 | 532 |
if (previous != null) { |
533 |
v.add(previous); |
|
534 |
v.add("}"); |
|
535 |
} |
|
536 |
String title = line.substring( |
|
537 |
1, line.length()-1).trim(); |
|
538 |
if (title.isEmpty()) { |
|
539 |
throw new KrbException("Illegal config content:" |
|
540 |
+ line); |
|
541 |
} |
|
542 |
previous = title + " = {"; |
|
543 |
} else if (line.startsWith("{")) { |
|
544 |
if (previous == null) { |
|
545 |
throw new KrbException( |
|
546 |
"Config file should not start with \"{\""); |
|
547 |
} |
|
548 |
previous += " {"; |
|
549 |
if (line.length() > 1) { |
|
550 |
// { and content on the same line |
|
551 |
v.add(previous); |
|
552 |
previous = line.substring(1).trim(); |
|
553 |
} |
|
554 |
} else { |
|
23336
7e5853f091e9
8036971: krb5.conf does not accept directive lines before the first section
weijun
parents:
23010
diff
changeset
|
555 |
// Lines before the first section are ignored |
7e5853f091e9
8036971: krb5.conf does not accept directive lines before the first section
weijun
parents:
23010
diff
changeset
|
556 |
if (previous != null) { |
7e5853f091e9
8036971: krb5.conf does not accept directive lines before the first section
weijun
parents:
23010
diff
changeset
|
557 |
v.add(previous); |
7e5853f091e9
8036971: krb5.conf does not accept directive lines before the first section
weijun
parents:
23010
diff
changeset
|
558 |
previous = line; |
14327 | 559 |
} |
2 | 560 |
} |
561 |
} |
|
562 |
if (previous != null) { |
|
14327 | 563 |
v.add(previous); |
564 |
v.add("}"); |
|
2 | 565 |
} |
566 |
} |
|
14327 | 567 |
return v; |
2 | 568 |
} catch (java.security.PrivilegedActionException pe) { |
569 |
throw (IOException)pe.getException(); |
|
570 |
} |
|
571 |
} |
|
572 |
||
573 |
/** |
|
574 |
* Parses stanza names and values from configuration file to |
|
575 |
* stanzaTable (Hashtable). Hashtable key would be stanza names, |
|
576 |
* (libdefaults, realms, domain_realms, etc), and the hashtable value |
|
577 |
* would be another hashtable which contains the key-value pairs under |
|
14327 | 578 |
* a stanza name. The value of this sub-hashtable can be another hashtable |
579 |
* containing another sub-sub-section or a vector of strings for |
|
580 |
* final values (even if there is only one value defined). |
|
581 |
* <p> |
|
582 |
* For duplicates section names, the latter overwrites the former. For |
|
583 |
* duplicate value names, the values are in a vector in its appearing order. |
|
584 |
* </ol> |
|
585 |
* Please note that this behavior is Java traditional. and it is |
|
586 |
* not the same as the MIT krb5 behavior, where:<ol> |
|
587 |
* <li>Duplicated root sections will be merged |
|
588 |
* <li>For duplicated sub-sections, the former overwrites the latter |
|
589 |
* <li>Duplicate keys for values are always saved in a vector |
|
590 |
* </ol> |
|
591 |
* @param v the strings in the file, never null, might be empty |
|
592 |
* @throws KrbException if there is a file format error |
|
2 | 593 |
*/ |
14327 | 594 |
@SuppressWarnings("unchecked") |
595 |
private Hashtable<String,Object> parseStanzaTable(List<String> v) |
|
596 |
throws KrbException { |
|
597 |
Hashtable<String,Object> current = stanzaTable; |
|
598 |
for (String line: v) { |
|
599 |
// There are 3 kinds of lines |
|
600 |
// 1. a = b |
|
601 |
// 2. a = { |
|
602 |
// 3. } |
|
603 |
if (line.equals("}")) { |
|
604 |
// Go back to parent, see below |
|
605 |
current = (Hashtable<String,Object>)current.remove(" PARENT "); |
|
606 |
if (current == null) { |
|
607 |
throw new KrbException("Unmatched close brace"); |
|
2 | 608 |
} |
14327 | 609 |
} else { |
610 |
int pos = line.indexOf('='); |
|
611 |
if (pos < 0) { |
|
612 |
throw new KrbException("Illegal config content:" + line); |
|
2 | 613 |
} |
14327 | 614 |
String key = line.substring(0, pos).trim(); |
615 |
String value = trimmed(line.substring(pos+1)); |
|
616 |
if (value.equals("{")) { |
|
617 |
Hashtable<String,Object> subTable; |
|
618 |
if (current == stanzaTable) { |
|
619 |
key = key.toLowerCase(Locale.US); |
|
2 | 620 |
} |
14327 | 621 |
subTable = new Hashtable<>(); |
622 |
current.put(key, subTable); |
|
623 |
// A special entry for its parent. Put whitespaces around, |
|
624 |
// so will never be confused with a normal key |
|
625 |
subTable.put(" PARENT ", current); |
|
626 |
current = subTable; |
|
627 |
} else { |
|
628 |
Vector<String> values; |
|
629 |
if (current.containsKey(key)) { |
|
630 |
Object obj = current.get(key); |
|
631 |
// If a key first shows as a section and then a value, |
|
632 |
// this is illegal. However, we haven't really forbid |
|
633 |
// first value then section, which the final result |
|
634 |
// is a section. |
|
635 |
if (!(obj instanceof Vector)) { |
|
636 |
throw new KrbException("Key " + key |
|
637 |
+ "used for both value and section"); |
|
638 |
} |
|
639 |
values = (Vector<String>)current.get(key); |
|
640 |
} else { |
|
641 |
values = new Vector<String>(); |
|
642 |
current.put(key, values); |
|
643 |
} |
|
644 |
values.add(value); |
|
2 | 645 |
} |
646 |
} |
|
647 |
} |
|
14327 | 648 |
if (current != stanzaTable) { |
649 |
throw new KrbException("Not closed"); |
|
650 |
} |
|
651 |
return current; |
|
2 | 652 |
} |
653 |
||
654 |
/** |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
655 |
* Gets the default Java configuration file name. |
1819 | 656 |
* |
657 |
* If the system property "java.security.krb5.conf" is defined, we'll |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
658 |
* use its value, no matter if the file exists or not. Otherwise, we |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
659 |
* will look at $JAVA_HOME/lib/security directory with "krb5.conf" name, |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
660 |
* and return it if the file exists. |
1819 | 661 |
* |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
662 |
* The method returns null if it cannot find a Java config file. |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
663 |
*/ |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
664 |
private String getJavaFileName() { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
665 |
String name = getProperty("java.security.krb5.conf"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
666 |
if (name == null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
667 |
name = getProperty("java.home") + File.separator + |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
668 |
"lib" + File.separator + "security" + |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
669 |
File.separator + "krb5.conf"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
670 |
if (!fileExists(name)) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
671 |
name = null; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
672 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
673 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
674 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
675 |
System.out.println("Java config name: " + name); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
676 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
677 |
return name; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
678 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
679 |
|
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
680 |
/** |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
681 |
* Gets the default native configuration file name. |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
682 |
* |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
683 |
* Depending on the OS type, the method returns the default native |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
684 |
* kerberos config file name, which is at windows directory with |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
685 |
* the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris, |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
686 |
* /etc/krb5.conf otherwise. Mac OSX X has a different file name. |
1819 | 687 |
* |
688 |
* Note: When the Terminal Service is started in Windows (from 2003), |
|
689 |
* there are two kinds of Windows directories: A system one (say, |
|
690 |
* C:\Windows), and a user-private one (say, C:\Users\Me\Windows). |
|
691 |
* We will first look for krb5.ini in the user-private one. If not |
|
692 |
* found, try the system one instead. |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
693 |
* |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
694 |
* This method will always return a non-null non-empty file name, |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
695 |
* even if that file does not exist. |
2 | 696 |
*/ |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
697 |
private String getNativeFileName() { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
698 |
String name = null; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
699 |
String osname = getProperty("os.name"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
700 |
if (osname.startsWith("Windows")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
701 |
try { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
702 |
Credentials.ensureLoaded(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
703 |
} catch (Exception e) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
704 |
// ignore exceptions |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
705 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
706 |
if (Credentials.alreadyLoaded) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
707 |
String path = getWindowsDirectory(false); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
708 |
if (path != null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
709 |
if (path.endsWith("\\")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
710 |
path = path + "krb5.ini"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
711 |
} else { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
712 |
path = path + "\\krb5.ini"; |
2 | 713 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
714 |
if (fileExists(path)) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
715 |
name = path; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
716 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
717 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
718 |
if (name == null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
719 |
path = getWindowsDirectory(true); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
720 |
if (path != null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
721 |
if (path.endsWith("\\")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
722 |
path = path + "krb5.ini"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
723 |
} else { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
724 |
path = path + "\\krb5.ini"; |
2 | 725 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
726 |
name = path; |
1819 | 727 |
} |
2 | 728 |
} |
729 |
} |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
730 |
if (name == null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
731 |
name = "c:\\winnt\\krb5.ini"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
732 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
733 |
} else if (osname.startsWith("SunOS")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
734 |
name = "/etc/krb5/krb5.conf"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
735 |
} else if (osname.contains("OS X")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
736 |
name = findMacosConfigFile(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
737 |
} else { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
738 |
name = "/etc/krb5.conf"; |
2 | 739 |
} |
740 |
if (DEBUG) { |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
741 |
System.out.println("Native config name: " + name); |
2 | 742 |
} |
743 |
return name; |
|
744 |
} |
|
745 |
||
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
746 |
private static String getProperty(String property) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
747 |
return java.security.AccessController.doPrivileged( |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
748 |
new sun.security.action.GetPropertyAction(property)); |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
749 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
750 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
751 |
private String findMacosConfigFile() { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
752 |
String userHome = getProperty("user.home"); |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
753 |
final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos"; |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
754 |
String userPrefs = userHome + PREF_FILE; |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
755 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
756 |
if (fileExists(userPrefs)) { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
757 |
return userPrefs; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
758 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
759 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
760 |
if (fileExists(PREF_FILE)) { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
761 |
return PREF_FILE; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
762 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
763 |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
764 |
return "/etc/krb5.conf"; |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
765 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
766 |
|
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
767 |
private static String trimmed(String s) { |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
768 |
s = s.trim(); |
14327 | 769 |
if (s.isEmpty()) return s; |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
770 |
if (s.charAt(0) == '"' && s.charAt(s.length()-1) == '"' || |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
771 |
s.charAt(0) == '\'' && s.charAt(s.length()-1) == '\'') { |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
772 |
s = s.substring(1, s.length()-1).trim(); |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
773 |
} |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
774 |
return s; |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
775 |
} |
2 | 776 |
|
777 |
/** |
|
778 |
* For testing purpose. This method lists all information being parsed from |
|
779 |
* the configuration file to the hashtable. |
|
780 |
*/ |
|
781 |
public void listTable() { |
|
14327 | 782 |
System.out.println(this); |
2 | 783 |
} |
784 |
||
785 |
/** |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
786 |
* Returns all etypes specified in krb5.conf for the given configName, |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
787 |
* or all the builtin defaults. This result is always non-empty. |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
788 |
* If no etypes are found, an exception is thrown. |
2 | 789 |
*/ |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
790 |
public int[] defaultEtype(String configName) throws KrbException { |
2 | 791 |
String default_enctypes; |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
792 |
default_enctypes = get("libdefaults", configName); |
2 | 793 |
int[] etype; |
794 |
if (default_enctypes == null) { |
|
795 |
if (DEBUG) { |
|
796 |
System.out.println("Using builtin default etypes for " + |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
797 |
configName); |
2 | 798 |
} |
799 |
etype = EType.getBuiltInDefaults(); |
|
800 |
} else { |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
801 |
String delim = " "; |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
802 |
StringTokenizer st; |
2 | 803 |
for (int j = 0; j < default_enctypes.length(); j++) { |
804 |
if (default_enctypes.substring(j, j + 1).equals(",")) { |
|
805 |
// only two delimiters are allowed to use |
|
806 |
// according to Kerberos DCE doc. |
|
807 |
delim = ","; |
|
808 |
break; |
|
809 |
} |
|
810 |
} |
|
811 |
st = new StringTokenizer(default_enctypes, delim); |
|
812 |
int len = st.countTokens(); |
|
7977
f47f211cd627
7008713: diamond conversion of kerberos5 and security tools
smarks
parents:
7183
diff
changeset
|
813 |
ArrayList<Integer> ls = new ArrayList<>(len); |
2 | 814 |
int type; |
815 |
for (int i = 0; i < len; i++) { |
|
14327 | 816 |
type = Config.getType(st.nextToken()); |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
817 |
if (type != -1 && EType.isSupported(type)) { |
2 | 818 |
ls.add(type); |
819 |
} |
|
820 |
} |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9499
diff
changeset
|
821 |
if (ls.isEmpty()) { |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
822 |
throw new KrbException("no supported default etypes for " |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
823 |
+ configName); |
2 | 824 |
} else { |
825 |
etype = new int[ls.size()]; |
|
826 |
for (int i = 0; i < etype.length; i++) { |
|
827 |
etype[i] = ls.get(i); |
|
828 |
} |
|
829 |
} |
|
830 |
} |
|
831 |
||
832 |
if (DEBUG) { |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
833 |
System.out.print("default etypes for " + configName + ":"); |
2 | 834 |
for (int i = 0; i < etype.length; i++) { |
835 |
System.out.print(" " + etype[i]); |
|
836 |
} |
|
837 |
System.out.println("."); |
|
838 |
} |
|
839 |
return etype; |
|
840 |
} |
|
841 |
||
842 |
||
843 |
/** |
|
844 |
* Get the etype and checksum value for the specified encryption and |
|
845 |
* checksum type. |
|
846 |
* |
|
847 |
*/ |
|
848 |
/* |
|
849 |
* This method converts the string representation of encryption type and |
|
850 |
* checksum type to int value that can be later used by EType and |
|
851 |
* Checksum classes. |
|
852 |
*/ |
|
14327 | 853 |
public static int getType(String input) { |
2 | 854 |
int result = -1; |
855 |
if (input == null) { |
|
856 |
return result; |
|
857 |
} |
|
858 |
if (input.startsWith("d") || (input.startsWith("D"))) { |
|
859 |
if (input.equalsIgnoreCase("des-cbc-crc")) { |
|
860 |
result = EncryptedData.ETYPE_DES_CBC_CRC; |
|
861 |
} else if (input.equalsIgnoreCase("des-cbc-md5")) { |
|
862 |
result = EncryptedData.ETYPE_DES_CBC_MD5; |
|
863 |
} else if (input.equalsIgnoreCase("des-mac")) { |
|
864 |
result = Checksum.CKSUMTYPE_DES_MAC; |
|
865 |
} else if (input.equalsIgnoreCase("des-mac-k")) { |
|
866 |
result = Checksum.CKSUMTYPE_DES_MAC_K; |
|
867 |
} else if (input.equalsIgnoreCase("des-cbc-md4")) { |
|
868 |
result = EncryptedData.ETYPE_DES_CBC_MD4; |
|
869 |
} else if (input.equalsIgnoreCase("des3-cbc-sha1") || |
|
870 |
input.equalsIgnoreCase("des3-hmac-sha1") || |
|
871 |
input.equalsIgnoreCase("des3-cbc-sha1-kd") || |
|
872 |
input.equalsIgnoreCase("des3-cbc-hmac-sha1-kd")) { |
|
873 |
result = EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD; |
|
874 |
} |
|
875 |
} else if (input.startsWith("a") || (input.startsWith("A"))) { |
|
876 |
// AES |
|
877 |
if (input.equalsIgnoreCase("aes128-cts") || |
|
878 |
input.equalsIgnoreCase("aes128-cts-hmac-sha1-96")) { |
|
879 |
result = EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96; |
|
880 |
} else if (input.equalsIgnoreCase("aes256-cts") || |
|
881 |
input.equalsIgnoreCase("aes256-cts-hmac-sha1-96")) { |
|
882 |
result = EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96; |
|
883 |
// ARCFOUR-HMAC |
|
884 |
} else if (input.equalsIgnoreCase("arcfour-hmac") || |
|
885 |
input.equalsIgnoreCase("arcfour-hmac-md5")) { |
|
886 |
result = EncryptedData.ETYPE_ARCFOUR_HMAC; |
|
887 |
} |
|
888 |
// RC4-HMAC |
|
889 |
} else if (input.equalsIgnoreCase("rc4-hmac")) { |
|
890 |
result = EncryptedData.ETYPE_ARCFOUR_HMAC; |
|
891 |
} else if (input.equalsIgnoreCase("CRC32")) { |
|
892 |
result = Checksum.CKSUMTYPE_CRC32; |
|
893 |
} else if (input.startsWith("r") || (input.startsWith("R"))) { |
|
894 |
if (input.equalsIgnoreCase("rsa-md5")) { |
|
895 |
result = Checksum.CKSUMTYPE_RSA_MD5; |
|
896 |
} else if (input.equalsIgnoreCase("rsa-md5-des")) { |
|
897 |
result = Checksum.CKSUMTYPE_RSA_MD5_DES; |
|
898 |
} |
|
899 |
} else if (input.equalsIgnoreCase("hmac-sha1-des3-kd")) { |
|
900 |
result = Checksum.CKSUMTYPE_HMAC_SHA1_DES3_KD; |
|
901 |
} else if (input.equalsIgnoreCase("hmac-sha1-96-aes128")) { |
|
902 |
result = Checksum.CKSUMTYPE_HMAC_SHA1_96_AES128; |
|
903 |
} else if (input.equalsIgnoreCase("hmac-sha1-96-aes256")) { |
|
904 |
result = Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256; |
|
905 |
} else if (input.equalsIgnoreCase("hmac-md5-rc4") || |
|
906 |
input.equalsIgnoreCase("hmac-md5-arcfour") || |
|
907 |
input.equalsIgnoreCase("hmac-md5-enc")) { |
|
908 |
result = Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR; |
|
909 |
} else if (input.equalsIgnoreCase("NULL")) { |
|
910 |
result = EncryptedData.ETYPE_NULL; |
|
911 |
} |
|
912 |
||
913 |
return result; |
|
914 |
} |
|
915 |
||
916 |
/** |
|
917 |
* Resets the default kdc realm. |
|
918 |
* We do not need to synchronize these methods since assignments are atomic |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
919 |
* |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
920 |
* This method was useless. Kept here in case some class still calls it. |
2 | 921 |
*/ |
922 |
public void resetDefaultRealm(String realm) { |
|
923 |
if (DEBUG) { |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
924 |
System.out.println(">>> Config try resetting default kdc " + realm); |
2 | 925 |
} |
926 |
} |
|
927 |
||
928 |
/** |
|
929 |
* Check to use addresses in tickets |
|
930 |
* use addresses if "no_addresses" or "noaddresses" is set to false |
|
931 |
*/ |
|
932 |
public boolean useAddresses() { |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
933 |
return getBooleanObject("libdefaults", "no_addresses") == Boolean.FALSE || |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
934 |
getBooleanObject("libdefaults", "noaddresses") == Boolean.FALSE; |
2 | 935 |
} |
936 |
||
937 |
/** |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
938 |
* Check if need to use DNS to locate Kerberos services for name. If not |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
939 |
* defined, check dns_fallback, whose default value is true. |
2 | 940 |
*/ |
14327 | 941 |
private boolean useDNS(String name) { |
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
942 |
Boolean value = getBooleanObject("libdefaults", name); |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
943 |
if (value != null) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
944 |
return value.booleanValue(); |
93 | 945 |
} else { |
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
946 |
return getBooleanObject("libdefaults", "dns_fallback") != Boolean.FALSE; |
2 | 947 |
} |
948 |
} |
|
949 |
||
950 |
/** |
|
951 |
* Check if need to use DNS to locate the KDC |
|
952 |
*/ |
|
14327 | 953 |
private boolean useDNS_KDC() { |
2 | 954 |
return useDNS("dns_lookup_kdc"); |
955 |
} |
|
956 |
||
957 |
/* |
|
958 |
* Check if need to use DNS to locate the Realm |
|
959 |
*/ |
|
14327 | 960 |
private boolean useDNS_Realm() { |
2 | 961 |
return useDNS("dns_lookup_realm"); |
962 |
} |
|
963 |
||
964 |
/** |
|
965 |
* Gets default realm. |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
966 |
* @throws KrbException where no realm can be located |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
967 |
* @return the default realm, always non null |
2 | 968 |
*/ |
969 |
public String getDefaultRealm() throws KrbException { |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
970 |
if (defaultRealm != null) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
971 |
return defaultRealm; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
972 |
} |
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
973 |
Exception cause = null; |
14327 | 974 |
String realm = get("libdefaults", "default_realm"); |
2 | 975 |
if ((realm == null) && useDNS_Realm()) { |
976 |
// use DNS to locate Kerberos realm |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
977 |
try { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
978 |
realm = getRealmFromDNS(); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
979 |
} catch (KrbException ke) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
980 |
cause = ke; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
981 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
982 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
983 |
if (realm == null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
984 |
realm = java.security.AccessController.doPrivileged( |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
985 |
new java.security.PrivilegedAction<String>() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
986 |
@Override |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
987 |
public String run() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
988 |
String osname = System.getProperty("os.name"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
989 |
if (osname.startsWith("Windows")) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
990 |
return System.getenv("USERDNSDOMAIN"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
991 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
992 |
return null; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
993 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
994 |
}); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
995 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
996 |
if (realm == null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
997 |
KrbException ke = new KrbException("Cannot locate default realm"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
998 |
if (cause != null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
999 |
ke.initCause(cause); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1000 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1001 |
throw ke; |
2 | 1002 |
} |
1003 |
return realm; |
|
1004 |
} |
|
1005 |
||
1006 |
/** |
|
1007 |
* Returns a list of KDC's with each KDC separated by a space |
|
1008 |
* |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1009 |
* @param realm the realm for which the KDC list is desired |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1010 |
* @throws KrbException if there's no way to find KDC for the realm |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1011 |
* @return the list of KDCs separated by a space, always non null |
2 | 1012 |
*/ |
1013 |
public String getKDCList(String realm) throws KrbException { |
|
1014 |
if (realm == null) { |
|
1015 |
realm = getDefaultRealm(); |
|
1016 |
} |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1017 |
if (realm.equalsIgnoreCase(defaultRealm)) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1018 |
return defaultKDC; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1019 |
} |
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1020 |
Exception cause = null; |
14327 | 1021 |
String kdcs = getAll("realms", realm, "kdc"); |
2 | 1022 |
if ((kdcs == null) && useDNS_KDC()) { |
1023 |
// use DNS to locate KDC |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1024 |
try { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1025 |
kdcs = getKDCFromDNS(realm); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1026 |
} catch (KrbException ke) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1027 |
cause = ke; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1028 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1029 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1030 |
if (kdcs == null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1031 |
kdcs = java.security.AccessController.doPrivileged( |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1032 |
new java.security.PrivilegedAction<String>() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1033 |
@Override |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1034 |
public String run() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1035 |
String osname = System.getProperty("os.name"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1036 |
if (osname.startsWith("Windows")) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1037 |
String logonServer = System.getenv("LOGONSERVER"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1038 |
if (logonServer != null |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1039 |
&& logonServer.startsWith("\\\\")) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1040 |
logonServer = logonServer.substring(2); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1041 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1042 |
return logonServer; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1043 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1044 |
return null; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1045 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1046 |
}); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1047 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1048 |
if (kdcs == null) { |
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1049 |
if (defaultKDC != null) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1050 |
return defaultKDC; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1051 |
} |
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1052 |
KrbException ke = new KrbException("Cannot locate KDC"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1053 |
if (cause != null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1054 |
ke.initCause(cause); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1055 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1056 |
throw ke; |
2 | 1057 |
} |
1058 |
return kdcs; |
|
1059 |
} |
|
1060 |
||
1061 |
/** |
|
1062 |
* Locate Kerberos realm using DNS |
|
1063 |
* |
|
1064 |
* @return the Kerberos realm |
|
1065 |
*/ |
|
1066 |
private String getRealmFromDNS() throws KrbException { |
|
1067 |
// use DNS to locate Kerberos realm |
|
1068 |
String realm = null; |
|
1069 |
String hostName = null; |
|
1070 |
try { |
|
1946 | 1071 |
hostName = InetAddress.getLocalHost().getCanonicalHostName(); |
2 | 1072 |
} catch (UnknownHostException e) { |
1073 |
KrbException ke = new KrbException(Krb5.KRB_ERR_GENERIC, |
|
1074 |
"Unable to locate Kerberos realm: " + e.getMessage()); |
|
1075 |
ke.initCause(e); |
|
1076 |
throw (ke); |
|
1077 |
} |
|
1078 |
// get the domain realm mapping from the configuration |
|
1079 |
String mapRealm = PrincipalName.mapHostToRealm(hostName); |
|
6113 | 1080 |
if (mapRealm == null) { |
1081 |
// No match. Try search and/or domain in /etc/resolv.conf |
|
1082 |
List<String> srchlist = ResolverConfiguration.open().searchlist(); |
|
1083 |
for (String domain: srchlist) { |
|
1084 |
realm = checkRealm(domain); |
|
1085 |
if (realm != null) { |
|
1086 |
break; |
|
1087 |
} |
|
1088 |
} |
|
1089 |
} else { |
|
1090 |
realm = checkRealm(mapRealm); |
|
1091 |
} |
|
1092 |
if (realm == null) { |
|
1093 |
throw new KrbException(Krb5.KRB_ERR_GENERIC, |
|
1094 |
"Unable to locate Kerberos realm"); |
|
1095 |
} |
|
1096 |
return realm; |
|
1097 |
} |
|
1098 |
||
1099 |
/** |
|
1100 |
* Check if the provided realm is the correct realm |
|
1101 |
* @return the realm if correct, or null otherwise |
|
1102 |
*/ |
|
1103 |
private static String checkRealm(String mapRealm) { |
|
1104 |
if (DEBUG) { |
|
1105 |
System.out.println("getRealmFromDNS: trying " + mapRealm); |
|
1106 |
} |
|
2 | 1107 |
String[] records = null; |
1108 |
String newRealm = mapRealm; |
|
1109 |
while ((records == null) && (newRealm != null)) { |
|
1110 |
// locate DNS TXT record |
|
1111 |
records = KrbServiceLocator.getKerberosService(newRealm); |
|
1112 |
newRealm = Realm.parseRealmComponent(newRealm); |
|
1113 |
// if no DNS TXT records found, try again using sub-realm |
|
1114 |
} |
|
6113 | 1115 |
if (records != null) { |
1116 |
for (int i = 0; i < records.length; i++) { |
|
1117 |
if (records[i].equalsIgnoreCase(mapRealm)) { |
|
1118 |
return records[i]; |
|
1119 |
} |
|
2 | 1120 |
} |
1121 |
} |
|
6113 | 1122 |
return null; |
2 | 1123 |
} |
1124 |
||
1125 |
/** |
|
1126 |
* Locate KDC using DNS |
|
1127 |
* |
|
1128 |
* @param realm the realm for which the master KDC is desired |
|
1129 |
* @return the KDC |
|
1130 |
*/ |
|
1131 |
private String getKDCFromDNS(String realm) throws KrbException { |
|
1132 |
// use DNS to locate KDC |
|
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1133 |
String kdcs = ""; |
2 | 1134 |
String[] srvs = null; |
1135 |
// locate DNS SRV record using UDP |
|
6113 | 1136 |
if (DEBUG) { |
1137 |
System.out.println("getKDCFromDNS using UDP"); |
|
1138 |
} |
|
1139 |
srvs = KrbServiceLocator.getKerberosService(realm, "_udp"); |
|
2 | 1140 |
if (srvs == null) { |
1141 |
// locate DNS SRV record using TCP |
|
6113 | 1142 |
if (DEBUG) { |
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1143 |
System.out.println("getKDCFromDNS using TCP"); |
6113 | 1144 |
} |
1145 |
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp"); |
|
2 | 1146 |
} |
1147 |
if (srvs == null) { |
|
1148 |
// no DNS SRV records |
|
1149 |
throw new KrbException(Krb5.KRB_ERR_GENERIC, |
|
1150 |
"Unable to locate KDC for realm " + realm); |
|
1151 |
} |
|
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1152 |
if (srvs.length == 0) { |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1153 |
return null; |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1154 |
} |
2 | 1155 |
for (int i = 0; i < srvs.length; i++) { |
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1156 |
kdcs += srvs[i].trim() + " "; |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1157 |
} |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1158 |
kdcs = kdcs.trim(); |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1159 |
if (kdcs.equals("")) { |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1160 |
return null; |
2 | 1161 |
} |
1162 |
return kdcs; |
|
1163 |
} |
|
1164 |
||
1819 | 1165 |
private boolean fileExists(String name) { |
1166 |
return java.security.AccessController.doPrivileged( |
|
1167 |
new FileExistsAction(name)); |
|
1168 |
} |
|
1169 |
||
2 | 1170 |
static class FileExistsAction |
1171 |
implements java.security.PrivilegedAction<Boolean> { |
|
1172 |
||
1173 |
private String fileName; |
|
1174 |
||
1175 |
public FileExistsAction(String fileName) { |
|
1176 |
this.fileName = fileName; |
|
1177 |
} |
|
1178 |
||
1179 |
public Boolean run() { |
|
1180 |
return new File(fileName).exists(); |
|
1181 |
} |
|
1182 |
} |
|
1183 |
||
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1184 |
// Shows the content of the Config object for debug purpose. |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1185 |
// |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1186 |
// { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1187 |
// libdefaults = { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1188 |
// default_realm = R |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1189 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1190 |
// realms = { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1191 |
// R = { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1192 |
// kdc = [k1,k2] |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1193 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1194 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1195 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1196 |
|
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1197 |
@Override |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1198 |
public String toString() { |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1199 |
StringBuffer sb = new StringBuffer(); |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1200 |
toStringInternal("", stanzaTable, sb); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1201 |
return sb.toString(); |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1202 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1203 |
private static void toStringInternal(String prefix, Object obj, |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1204 |
StringBuffer sb) { |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1205 |
if (obj instanceof String) { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1206 |
// A string value, just print it |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1207 |
sb.append(obj).append('\n'); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1208 |
} else if (obj instanceof Hashtable) { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1209 |
// A table, start a new sub-section... |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9499
diff
changeset
|
1210 |
Hashtable<?, ?> tab = (Hashtable<?, ?>)obj; |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1211 |
sb.append("{\n"); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1212 |
for (Object o: tab.keySet()) { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1213 |
// ...indent, print "key = ", and |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1214 |
sb.append(prefix).append(" ").append(o).append(" = "); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1215 |
// ...go recursively into value |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1216 |
toStringInternal(prefix + " ", tab.get(o), sb); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1217 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1218 |
sb.append(prefix).append("}\n"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1219 |
} else if (obj instanceof Vector) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1220 |
// A vector of strings, print them inside [ and ] |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1221 |
Vector<?> v = (Vector<?>)obj; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1222 |
sb.append("["); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1223 |
boolean first = true; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1224 |
for (Object o: v.toArray()) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1225 |
if (!first) sb.append(","); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1226 |
sb.append(o); |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1227 |
first = false; |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1228 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1229 |
sb.append("]\n"); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1230 |
} |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1231 |
} |
2 | 1232 |
} |