author | weijun |
Mon, 22 Jan 2018 12:00:41 +0800 | |
changeset 48651 | 67abfee27e69 |
parent 47216 | 71c04702a3d5 |
child 48672 | 77baeab90732 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
44474
bed865427a2f
8177085: Accept including .conf files in krb5.conf's includedir
weijun
parents:
39507
diff
changeset
|
2 |
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
/* |
|
27 |
* |
|
28 |
* (C) Copyright IBM Corp. 1999 All Rights Reserved. |
|
29 |
* Copyright 1997 The Open Group Research Institute. All rights reserved. |
|
30 |
*/ |
|
31 |
package sun.security.krb5; |
|
32 |
||
27946
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
33 |
import java.io.*; |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
34 |
import java.nio.file.DirectoryStream; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
35 |
import java.nio.file.Files; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
36 |
import java.nio.file.Paths; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
37 |
import java.nio.file.Path; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
38 |
import java.security.PrivilegedAction; |
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
39 |
import java.util.*; |
2 | 40 |
import java.net.InetAddress; |
41 |
import java.net.UnknownHostException; |
|
14327 | 42 |
import java.security.AccessController; |
43 |
import java.security.PrivilegedExceptionAction; |
|
27946
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
44 |
import java.util.regex.Matcher; |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
45 |
import java.util.regex.Pattern; |
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
46 |
|
6113 | 47 |
import sun.net.dns.ResolverConfiguration; |
2 | 48 |
import sun.security.krb5.internal.crypto.EType; |
49 |
import sun.security.krb5.internal.Krb5; |
|
50 |
||
51 |
/** |
|
52 |
* This class maintains key-value pairs of Kerberos configurable constants |
|
53 |
* from configuration file or from user specified system properties. |
|
54 |
*/ |
|
55 |
||
56 |
public class Config { |
|
57 |
||
58 |
/* |
|
59 |
* Only allow a single instance of Config. |
|
60 |
*/ |
|
61 |
private static Config singleton = null; |
|
62 |
||
63 |
/* |
|
21278 | 64 |
* Hashtable used to store configuration information. |
2 | 65 |
*/ |
14327 | 66 |
private Hashtable<String,Object> stanzaTable = new Hashtable<>(); |
2 | 67 |
|
68 |
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG; |
|
69 |
||
70 |
// these are used for hexdecimal calculation. |
|
71 |
private static final int BASE16_0 = 1; |
|
72 |
private static final int BASE16_1 = 16; |
|
73 |
private static final int BASE16_2 = 16 * 16; |
|
74 |
private static final int BASE16_3 = 16 * 16 * 16; |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
75 |
|
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
76 |
/** |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
77 |
* Specified by system properties. Must be both null or non-null. |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
78 |
*/ |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
79 |
private final String defaultRealm; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
80 |
private final String defaultKDC; |
2 | 81 |
|
82 |
// used for native interface |
|
1819 | 83 |
private static native String getWindowsDirectory(boolean isSystem); |
2 | 84 |
|
85 |
||
86 |
/** |
|
87 |
* Gets an instance of Config class. One and only one instance (the |
|
88 |
* singleton) is returned. |
|
89 |
* |
|
90 |
* @exception KrbException if error occurs when constructing a Config |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
91 |
* instance. Possible causes would be either of java.security.krb5.realm or |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
92 |
* java.security.krb5.kdc not specified, error reading configuration file. |
2 | 93 |
*/ |
94 |
public static synchronized Config getInstance() throws KrbException { |
|
95 |
if (singleton == null) { |
|
96 |
singleton = new Config(); |
|
97 |
} |
|
98 |
return singleton; |
|
99 |
} |
|
100 |
||
101 |
/** |
|
102 |
* Refresh and reload the Configuration. This could involve, |
|
103 |
* for example reading the Configuration file again or getting |
|
14327 | 104 |
* the java.security.krb5.* system properties again. This method |
105 |
* also tries its best to update static fields in other classes |
|
106 |
* that depend on the configuration. |
|
2 | 107 |
* |
108 |
* @exception KrbException if error occurs when constructing a Config |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
109 |
* instance. Possible causes would be either of java.security.krb5.realm or |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
110 |
* java.security.krb5.kdc not specified, error reading configuration file. |
2 | 111 |
*/ |
112 |
||
30796
6d090852a86a
8080911: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
weijun
parents:
30653
diff
changeset
|
113 |
public static void refresh() throws KrbException { |
6d090852a86a
8080911: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
weijun
parents:
30653
diff
changeset
|
114 |
synchronized (Config.class) { |
6d090852a86a
8080911: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
weijun
parents:
30653
diff
changeset
|
115 |
singleton = new Config(); |
6d090852a86a
8080911: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
weijun
parents:
30653
diff
changeset
|
116 |
} |
7183 | 117 |
KdcComm.initStatic(); |
14327 | 118 |
EType.initStatic(); |
119 |
Checksum.initStatic(); |
|
2 | 120 |
} |
121 |
||
122 |
||
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
123 |
private static boolean isMacosLionOrBetter() { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
124 |
// split the "10.x.y" version number |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
125 |
String osname = getProperty("os.name"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
126 |
if (!osname.contains("OS X")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
127 |
return false; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
128 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
129 |
|
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
130 |
String osVersion = getProperty("os.version"); |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
131 |
String[] fragments = osVersion.split("\\."); |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
132 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
133 |
// sanity check the "10." part of the version |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
134 |
if (!fragments[0].equals("10")) return false; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
135 |
if (fragments.length < 2) return false; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
136 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
137 |
// check if Mac OS X 10.7(.y) |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
138 |
try { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
139 |
int minorVers = Integer.parseInt(fragments[1]); |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
140 |
if (minorVers >= 7) return true; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
141 |
} catch (NumberFormatException e) { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
142 |
// was not an integer |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
143 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
144 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
145 |
return false; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
146 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
147 |
|
2 | 148 |
/** |
149 |
* Private constructor - can not be instantiated externally. |
|
150 |
*/ |
|
151 |
private Config() throws KrbException { |
|
152 |
/* |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
153 |
* If either one system property is specified, we throw exception. |
2 | 154 |
*/ |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
155 |
String tmp = getProperty("java.security.krb5.kdc"); |
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
156 |
if (tmp != null) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
157 |
// The user can specify a list of kdc hosts separated by ":" |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
158 |
defaultKDC = tmp.replace(':', ' '); |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
159 |
} else { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
160 |
defaultKDC = null; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
161 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
162 |
defaultRealm = getProperty("java.security.krb5.realm"); |
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
163 |
if ((defaultKDC == null && defaultRealm != null) || |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
164 |
(defaultRealm == null && defaultKDC != null)) { |
2 | 165 |
throw new KrbException |
166 |
("System property java.security.krb5.kdc and " + |
|
167 |
"java.security.krb5.realm both must be set or " + |
|
168 |
"neither must be set."); |
|
169 |
} |
|
3221
98ac5a3e79e9
6857795: krb5.conf ignored if system properties on realm and kdc are provided
weijun
parents:
2587
diff
changeset
|
170 |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
171 |
// Always read the Kerberos configuration file |
3221
98ac5a3e79e9
6857795: krb5.conf ignored if system properties on realm and kdc are provided
weijun
parents:
2587
diff
changeset
|
172 |
try { |
14327 | 173 |
List<String> configFile; |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
174 |
String fileName = getJavaFileName(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
175 |
if (fileName != null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
176 |
configFile = loadConfigFile(fileName); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
177 |
stanzaTable = parseStanzaTable(configFile); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
178 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
179 |
System.out.println("Loaded from Java config"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
180 |
} |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
181 |
} else { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
182 |
boolean found = false; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
183 |
if (isMacosLionOrBetter()) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
184 |
try { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
185 |
stanzaTable = SCDynamicStoreConfig.getConfig(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
186 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
187 |
System.out.println("Loaded from SCDynamicStoreConfig"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
188 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
189 |
found = true; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
190 |
} catch (IOException ioe) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
191 |
// OK. Will go on with file |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
192 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
193 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
194 |
if (!found) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
195 |
fileName = getNativeFileName(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
196 |
configFile = loadConfigFile(fileName); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
197 |
stanzaTable = parseStanzaTable(configFile); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
198 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
199 |
System.out.println("Loaded from native config"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
200 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
201 |
} |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
202 |
} |
3221
98ac5a3e79e9
6857795: krb5.conf ignored if system properties on realm and kdc are provided
weijun
parents:
2587
diff
changeset
|
203 |
} catch (IOException ioe) { |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
204 |
if (DEBUG) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
205 |
System.out.println("Exception thrown in loading config:"); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
206 |
ioe.printStackTrace(System.out); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
207 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
208 |
throw new KrbException("krb5.conf loading failed"); |
2 | 209 |
} |
210 |
} |
|
211 |
||
212 |
/** |
|
14327 | 213 |
* Gets the last-defined string value for the specified keys. |
214 |
* @param keys the keys, as an array from section name, sub-section names |
|
215 |
* (if any), to value name. |
|
216 |
* @return the value. When there are multiple values for the same key, |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
217 |
* returns the first one. {@code null} is returned if not all the keys are |
14327 | 218 |
* defined. For example, {@code get("libdefaults", "forwardable")} will |
219 |
* return null if "forwardable" is not defined in [libdefaults], and |
|
220 |
* {@code get("realms", "R", "kdc")} will return null if "R" is not |
|
221 |
* defined in [realms] or "kdc" is not defined for "R". |
|
222 |
* @throws IllegalArgumentException if any of the keys is illegal, either |
|
223 |
* because a key not the last one is not a (sub)section name or the last |
|
224 |
* key is still a section name. For example, {@code get("libdefaults")} |
|
225 |
* throws this exception because [libdefaults] is a section name instead of |
|
226 |
* a value name, and {@code get("libdefaults", "forwardable", "tail")} |
|
227 |
* also throws this exception because "forwardable" is already a value name |
|
228 |
* and has no sub-key at all (given "forwardable" is defined, otherwise, |
|
229 |
* this method has no knowledge if it's a value name or a section name), |
|
230 |
*/ |
|
231 |
public String get(String... keys) { |
|
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
232 |
Vector<String> v = getString0(keys); |
14327 | 233 |
if (v == null) return null; |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
234 |
return v.firstElement(); |
14327 | 235 |
} |
236 |
||
237 |
/** |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
238 |
* Gets the boolean value for the specified keys. Returns TRUE if the |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
239 |
* string value is "yes", or "true", FALSE if "no", or "false", or null |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
240 |
* if otherwise or not defined. The comparision is case-insensitive. |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
241 |
* |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
242 |
* @param keys the keys, see {@link #get(String...)} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
243 |
* @return the boolean value, or null if there is no value defined or the |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
244 |
* value does not look like a boolean value. |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
245 |
* @throws IllegalArgumentException see {@link #get(String...)} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
246 |
*/ |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
247 |
public Boolean getBooleanObject(String... keys) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
248 |
String s = get(keys); |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
249 |
if (s == null) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
250 |
return null; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
251 |
} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
252 |
switch (s.toLowerCase(Locale.US)) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
253 |
case "yes": case "true": |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
254 |
return Boolean.TRUE; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
255 |
case "no": case "false": |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
256 |
return Boolean.FALSE; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
257 |
default: |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
258 |
return null; |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
259 |
} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
260 |
} |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
261 |
|
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
262 |
/** |
30959 | 263 |
* Gets all values (at least one) for the specified keys separated by |
264 |
* a whitespace, or null if there is no such keys. |
|
265 |
* The values can either be provided on a single line, or on multiple lines |
|
266 |
* using the same key. When provided on a single line, the value can be |
|
267 |
* comma or space separated. |
|
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
268 |
* @throws IllegalArgumentException if any of the keys is illegal |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
269 |
* (See {@link #get}) |
2 | 270 |
*/ |
14327 | 271 |
public String getAll(String... keys) { |
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
272 |
Vector<String> v = getString0(keys); |
14327 | 273 |
if (v == null) return null; |
274 |
StringBuilder sb = new StringBuilder(); |
|
275 |
boolean first = true; |
|
276 |
for (String s: v) { |
|
30959 | 277 |
s = s.replaceAll("[\\s,]+", " "); |
14327 | 278 |
if (first) { |
279 |
sb.append(s); |
|
280 |
first = false; |
|
281 |
} else { |
|
282 |
sb.append(' ').append(s); |
|
283 |
} |
|
284 |
} |
|
285 |
return sb.toString(); |
|
286 |
} |
|
287 |
||
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
288 |
/** |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
289 |
* Returns true if keys exists, can be final string(s) or a sub-section |
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
290 |
* @throws IllegalArgumentException if any of the keys is illegal |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
291 |
* (See {@link #get}) |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
292 |
*/ |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
293 |
public boolean exists(String... keys) { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
294 |
return get0(keys) != null; |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
295 |
} |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
296 |
|
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
297 |
// Returns final string value(s) for given keys. |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
298 |
@SuppressWarnings("unchecked") |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
299 |
private Vector<String> getString0(String... keys) { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
300 |
try { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
301 |
return (Vector<String>)get0(keys); |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
302 |
} catch (ClassCastException cce) { |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
303 |
throw new IllegalArgumentException(cce); |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
304 |
} |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
305 |
} |
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
306 |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
307 |
// Internal method. Returns the value for keys, which can be a sub-section |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
308 |
// (as a Hashtable) or final string value(s) (as a Vector). This is the |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
309 |
// only method (except for toString) that reads stanzaTable directly. |
14327 | 310 |
@SuppressWarnings("unchecked") |
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
311 |
private Object get0(String... keys) { |
14327 | 312 |
Object current = stanzaTable; |
313 |
try { |
|
314 |
for (String key: keys) { |
|
315 |
current = ((Hashtable<String,Object>)current).get(key); |
|
316 |
if (current == null) return null; |
|
317 |
} |
|
20175
a65ad0a49e3c
8012615: Realm.getRealmsList returns realms list in wrong
weijun
parents:
18168
diff
changeset
|
318 |
return current; |
14327 | 319 |
} catch (ClassCastException cce) { |
320 |
throw new IllegalArgumentException(cce); |
|
321 |
} |
|
322 |
} |
|
323 |
||
324 |
/** |
|
27946
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
325 |
* Translates a duration value into seconds. |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
326 |
* |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
327 |
* The format can be one of "h:m[:s]", "NdNhNmNs", and "N". See |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
328 |
* http://web.mit.edu/kerberos/krb5-devel/doc/basic/date_format.html#duration |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
329 |
* for definitions. |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
330 |
* |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
331 |
* @param s the string duration |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
332 |
* @return time in seconds |
32003 | 333 |
* @throws KrbException if format is illegal |
27946
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
334 |
*/ |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
335 |
public static int duration(String s) throws KrbException { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
336 |
|
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
337 |
if (s.isEmpty()) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
338 |
throw new KrbException("Duration cannot be empty"); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
339 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
340 |
|
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
341 |
// N |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
342 |
if (s.matches("\\d+")) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
343 |
return Integer.parseInt(s); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
344 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
345 |
|
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
346 |
// h:m[:s] |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
347 |
Matcher m = Pattern.compile("(\\d+):(\\d+)(:(\\d+))?").matcher(s); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
348 |
if (m.matches()) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
349 |
int hr = Integer.parseInt(m.group(1)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
350 |
int min = Integer.parseInt(m.group(2)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
351 |
if (min >= 60) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
352 |
throw new KrbException("Illegal duration format " + s); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
353 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
354 |
int result = hr * 3600 + min * 60; |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
355 |
if (m.group(4) != null) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
356 |
int sec = Integer.parseInt(m.group(4)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
357 |
if (sec >= 60) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
358 |
throw new KrbException("Illegal duration format " + s); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
359 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
360 |
result += sec; |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
361 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
362 |
return result; |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
363 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
364 |
|
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
365 |
// NdNhNmNs |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
366 |
// 120m allowed. Maybe 1h120m is not good, but still allowed |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
367 |
m = Pattern.compile( |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
368 |
"((\\d+)d)?\\s*((\\d+)h)?\\s*((\\d+)m)?\\s*((\\d+)s)?", |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
369 |
Pattern.CASE_INSENSITIVE).matcher(s); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
370 |
if (m.matches()) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
371 |
int result = 0; |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
372 |
if (m.group(2) != null) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
373 |
result += 86400 * Integer.parseInt(m.group(2)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
374 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
375 |
if (m.group(4) != null) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
376 |
result += 3600 * Integer.parseInt(m.group(4)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
377 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
378 |
if (m.group(6) != null) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
379 |
result += 60 * Integer.parseInt(m.group(6)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
380 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
381 |
if (m.group(8) != null) { |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
382 |
result += Integer.parseInt(m.group(8)); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
383 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
384 |
return result; |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
385 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
386 |
|
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
387 |
throw new KrbException("Illegal duration format " + s); |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
388 |
} |
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
389 |
|
9f99b93cbbb2
8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
weijun
parents:
27565
diff
changeset
|
390 |
/** |
14327 | 391 |
* Gets the int value for the specified keys. |
392 |
* @param keys the keys |
|
393 |
* @return the int value, Integer.MIN_VALUE is returned if it cannot be |
|
394 |
* found or the value is not a legal integer. |
|
32003 | 395 |
* @throws IllegalArgumentException if any of the keys is illegal |
14327 | 396 |
* @see #get(java.lang.String[]) |
397 |
*/ |
|
398 |
public int getIntValue(String... keys) { |
|
399 |
String result = get(keys); |
|
2 | 400 |
int value = Integer.MIN_VALUE; |
401 |
if (result != null) { |
|
402 |
try { |
|
403 |
value = parseIntValue(result); |
|
404 |
} catch (NumberFormatException e) { |
|
405 |
if (DEBUG) { |
|
406 |
System.out.println("Exception in getting value of " + |
|
14327 | 407 |
Arrays.toString(keys) + " " + |
2 | 408 |
e.getMessage()); |
14327 | 409 |
System.out.println("Setting " + Arrays.toString(keys) + |
2 | 410 |
" to minimum value"); |
411 |
} |
|
412 |
value = Integer.MIN_VALUE; |
|
413 |
} |
|
414 |
} |
|
415 |
return value; |
|
416 |
} |
|
417 |
||
418 |
/** |
|
419 |
* Parses a string to an integer. The convertible strings include the |
|
420 |
* string representations of positive integers, negative integers, and |
|
421 |
* hex decimal integers. Valid inputs are, e.g., -1234, +1234, |
|
422 |
* 0x40000. |
|
423 |
* |
|
424 |
* @param input the String to be converted to an Integer. |
|
425 |
* @return an numeric value represented by the string |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
426 |
* @exception NumberFormatException if the String does not contain a |
2 | 427 |
* parsable integer. |
428 |
*/ |
|
429 |
private int parseIntValue(String input) throws NumberFormatException { |
|
430 |
int value = 0; |
|
431 |
if (input.startsWith("+")) { |
|
432 |
String temp = input.substring(1); |
|
433 |
return Integer.parseInt(temp); |
|
434 |
} else if (input.startsWith("0x")) { |
|
435 |
String temp = input.substring(2); |
|
436 |
char[] chars = temp.toCharArray(); |
|
437 |
if (chars.length > 8) { |
|
438 |
throw new NumberFormatException(); |
|
439 |
} else { |
|
440 |
for (int i = 0; i < chars.length; i++) { |
|
441 |
int index = chars.length - i - 1; |
|
442 |
switch (chars[i]) { |
|
443 |
case '0': |
|
444 |
value += 0; |
|
445 |
break; |
|
446 |
case '1': |
|
447 |
value += 1 * getBase(index); |
|
448 |
break; |
|
449 |
case '2': |
|
450 |
value += 2 * getBase(index); |
|
451 |
break; |
|
452 |
case '3': |
|
453 |
value += 3 * getBase(index); |
|
454 |
break; |
|
455 |
case '4': |
|
456 |
value += 4 * getBase(index); |
|
457 |
break; |
|
458 |
case '5': |
|
459 |
value += 5 * getBase(index); |
|
460 |
break; |
|
461 |
case '6': |
|
462 |
value += 6 * getBase(index); |
|
463 |
break; |
|
464 |
case '7': |
|
465 |
value += 7 * getBase(index); |
|
466 |
break; |
|
467 |
case '8': |
|
468 |
value += 8 * getBase(index); |
|
469 |
break; |
|
470 |
case '9': |
|
471 |
value += 9 * getBase(index); |
|
472 |
break; |
|
473 |
case 'a': |
|
474 |
case 'A': |
|
475 |
value += 10 * getBase(index); |
|
476 |
break; |
|
477 |
case 'b': |
|
478 |
case 'B': |
|
479 |
value += 11 * getBase(index); |
|
480 |
break; |
|
481 |
case 'c': |
|
482 |
case 'C': |
|
483 |
value += 12 * getBase(index); |
|
484 |
break; |
|
485 |
case 'd': |
|
486 |
case 'D': |
|
487 |
value += 13 * getBase(index); |
|
488 |
break; |
|
489 |
case 'e': |
|
490 |
case 'E': |
|
491 |
value += 14 * getBase(index); |
|
492 |
break; |
|
493 |
case 'f': |
|
494 |
case 'F': |
|
495 |
value += 15 * getBase(index); |
|
496 |
break; |
|
497 |
default: |
|
498 |
throw new NumberFormatException("Invalid numerical format"); |
|
499 |
} |
|
500 |
} |
|
501 |
} |
|
502 |
if (value < 0) { |
|
503 |
throw new NumberFormatException("Data overflow."); |
|
504 |
} |
|
505 |
} else { |
|
506 |
value = Integer.parseInt(input); |
|
507 |
} |
|
508 |
return value; |
|
509 |
} |
|
510 |
||
511 |
private int getBase(int i) { |
|
512 |
int result = 16; |
|
513 |
switch (i) { |
|
514 |
case 0: |
|
515 |
result = BASE16_0; |
|
516 |
break; |
|
517 |
case 1: |
|
518 |
result = BASE16_1; |
|
519 |
break; |
|
520 |
case 2: |
|
521 |
result = BASE16_2; |
|
522 |
break; |
|
523 |
case 3: |
|
524 |
result = BASE16_3; |
|
525 |
break; |
|
526 |
default: |
|
527 |
for (int j = 1; j < i; j++) { |
|
528 |
result *= 16; |
|
529 |
} |
|
530 |
} |
|
531 |
return result; |
|
532 |
} |
|
533 |
||
534 |
/** |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
535 |
* Reads the lines of the configuration file. All include and includedir |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
536 |
* directives are resolved by calling this method recursively. |
2 | 537 |
* |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
538 |
* @param file the krb5.conf file, must be absolute |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
539 |
* @param content the lines. Comment and empty lines are removed, |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
540 |
* all lines trimmed, include and includedir |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
541 |
* directives resolved, unknown directives ignored |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
542 |
* @param dups a set of Paths to check for possible infinite loop |
14327 | 543 |
* @throws IOException if there is an I/O error |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
544 |
*/ |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
545 |
private static Void readConfigFileLines( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
546 |
Path file, List<String> content, Set<Path> dups) |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
547 |
throws IOException { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
548 |
|
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
549 |
if (DEBUG) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
550 |
System.out.println("Loading krb5 profile at " + file); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
551 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
552 |
if (!file.isAbsolute()) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
553 |
throw new IOException("Profile path not absolute"); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
554 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
555 |
|
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
556 |
if (!dups.add(file)) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
557 |
throw new IOException("Profile path included more than once"); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
558 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
559 |
|
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
560 |
List<String> lines = Files.readAllLines(file); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
561 |
|
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
562 |
boolean inDirectives = true; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
563 |
for (String line: lines) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
564 |
line = line.trim(); |
39507
e65f112c7ee9
8160518: Semicolon is not recognized as comment starting character (Kerberos)
igerasim
parents:
32003
diff
changeset
|
565 |
if (line.isEmpty() || line.startsWith("#") || line.startsWith(";")) { |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
566 |
continue; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
567 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
568 |
if (inDirectives) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
569 |
if (line.charAt(0) == '[') { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
570 |
inDirectives = false; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
571 |
content.add(line); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
572 |
} else if (line.startsWith("includedir ")) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
573 |
Path dir = Paths.get( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
574 |
line.substring("includedir ".length()).trim()); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
575 |
try (DirectoryStream<Path> files = |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
576 |
Files.newDirectoryStream(dir)) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
577 |
for (Path p: files) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
578 |
if (Files.isDirectory(p)) continue; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
579 |
String name = p.getFileName().toString(); |
44474
bed865427a2f
8177085: Accept including .conf files in krb5.conf's includedir
weijun
parents:
39507
diff
changeset
|
580 |
if (name.matches("[a-zA-Z0-9_-]+") || |
bed865427a2f
8177085: Accept including .conf files in krb5.conf's includedir
weijun
parents:
39507
diff
changeset
|
581 |
name.endsWith(".conf")) { |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
582 |
// if dir is absolute, so is p |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
583 |
readConfigFileLines(p, content, dups); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
584 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
585 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
586 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
587 |
} else if (line.startsWith("include ")) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
588 |
readConfigFileLines( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
589 |
Paths.get(line.substring("include ".length()).trim()), |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
590 |
content, dups); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
591 |
} else { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
592 |
// Unsupported directives |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
593 |
if (DEBUG) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
594 |
System.out.println("Unknown directive: " + line); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
595 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
596 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
597 |
} else { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
598 |
content.add(line); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
599 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
600 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
601 |
return null; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
602 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
603 |
|
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
604 |
/** |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
605 |
* Reads the configuration file and return normalized lines. |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
606 |
* If the original file is: |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
607 |
* |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
608 |
* [realms] |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
609 |
* EXAMPLE.COM = |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
610 |
* { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
611 |
* kdc = kerberos.example.com |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
612 |
* ... |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
613 |
* } |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
614 |
* ... |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
615 |
* |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
616 |
* The result will be (no indentations): |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
617 |
* |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
618 |
* { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
619 |
* realms = { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
620 |
* EXAMPLE.COM = { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
621 |
* kdc = kerberos.example.com |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
622 |
* ... |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
623 |
* } |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
624 |
* } |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
625 |
* ... |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
626 |
* } |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
627 |
* |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
628 |
* @param fileName the configuration file |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
629 |
* @return normalized lines |
2 | 630 |
*/ |
14327 | 631 |
private List<String> loadConfigFile(final String fileName) |
632 |
throws IOException, KrbException { |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
633 |
|
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
634 |
List<String> result = new ArrayList<>(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
635 |
List<String> raw = new ArrayList<>(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
636 |
Set<Path> dupsCheck = new HashSet<>(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
637 |
|
2 | 638 |
try { |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
639 |
Path fullp = AccessController.doPrivileged((PrivilegedAction<Path>) |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
640 |
() -> Paths.get(fileName).toAbsolutePath(), |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
641 |
null, |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
642 |
new PropertyPermission("user.dir", "read")); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
643 |
AccessController.doPrivileged( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
644 |
new PrivilegedExceptionAction<Void>() { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
645 |
@Override |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
646 |
public Void run() throws IOException { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
647 |
Path path = Paths.get(fileName); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
648 |
if (!Files.exists(path)) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
649 |
// This is OK. There are other ways to get |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
650 |
// Kerberos 5 settings |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
651 |
return null; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
652 |
} else { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
653 |
return readConfigFileLines( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
654 |
fullp, raw, dupsCheck); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
655 |
} |
14327 | 656 |
} |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
657 |
}, |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
658 |
null, |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
659 |
// include/includedir can go anywhere |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
660 |
new FilePermission("<<ALL FILES>>", "read")); |
2 | 661 |
} catch (java.security.PrivilegedActionException pe) { |
662 |
throw (IOException)pe.getException(); |
|
663 |
} |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
664 |
String previous = null; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
665 |
for (String line: raw) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
666 |
if (line.startsWith("[")) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
667 |
if (!line.endsWith("]")) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
668 |
throw new KrbException("Illegal config content:" |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
669 |
+ line); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
670 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
671 |
if (previous != null) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
672 |
result.add(previous); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
673 |
result.add("}"); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
674 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
675 |
String title = line.substring( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
676 |
1, line.length()-1).trim(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
677 |
if (title.isEmpty()) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
678 |
throw new KrbException("Illegal config content:" |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
679 |
+ line); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
680 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
681 |
previous = title + " = {"; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
682 |
} else if (line.startsWith("{")) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
683 |
if (previous == null) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
684 |
throw new KrbException( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
685 |
"Config file should not start with \"{\""); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
686 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
687 |
previous += " {"; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
688 |
if (line.length() > 1) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
689 |
// { and content on the same line |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
690 |
result.add(previous); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
691 |
previous = line.substring(1).trim(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
692 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
693 |
} else { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
694 |
if (previous == null) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
695 |
// This won't happen, because before a section |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
696 |
// all directives have been resolved |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
697 |
throw new KrbException( |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
698 |
"Config file must starts with a section"); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
699 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
700 |
result.add(previous); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
701 |
previous = line; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
702 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
703 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
704 |
if (previous != null) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
705 |
result.add(previous); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
706 |
result.add("}"); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
707 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
708 |
return result; |
2 | 709 |
} |
710 |
||
711 |
/** |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
712 |
* Parses the input lines to a hashtable. The key would be section names |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
713 |
* (libdefaults, realms, domain_realms, etc), and the value would be |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
714 |
* another hashtable which contains the key-value pairs inside the section. |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
715 |
* The value of this sub-hashtable can be another hashtable containing |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
716 |
* another sub-sub-section or a non-empty vector of strings for final values |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
717 |
* (even if there is only one value defined). |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
718 |
* <p> |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
719 |
* For top-level sections with duplicates names, their contents are merged. |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
720 |
* For sub-sections the former overwrites the latter. For final values, |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
721 |
* they are stored in a vector in their appearing order. Please note these |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
722 |
* values must appear in the same sub-section. Otherwise, the sub-section |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
723 |
* appears first should have already overridden the others. |
14327 | 724 |
* <p> |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
725 |
* As a corner case, if the same name is used as both a section name and a |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
726 |
* value name, the first appearance decides the type. That is to say, if the |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
727 |
* first one is for a section, all latter appearances are ignored. If it's |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
728 |
* a value, latter appearances as sections are ignored, but those as values |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
729 |
* are added to the vector. |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
730 |
* <p> |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
731 |
* The behavior described above is compatible to other krb5 implementations |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
732 |
* but it's not decumented publicly anywhere. the best practice is not to |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
733 |
* assume any kind of override functionality and only specify values for |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
734 |
* a particular key in one place. |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
735 |
* |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
736 |
* @param v the normalized input as return by loadConfigFile |
14327 | 737 |
* @throws KrbException if there is a file format error |
2 | 738 |
*/ |
14327 | 739 |
@SuppressWarnings("unchecked") |
740 |
private Hashtable<String,Object> parseStanzaTable(List<String> v) |
|
741 |
throws KrbException { |
|
742 |
Hashtable<String,Object> current = stanzaTable; |
|
743 |
for (String line: v) { |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
744 |
// There are only 3 kinds of lines |
14327 | 745 |
// 1. a = b |
746 |
// 2. a = { |
|
747 |
// 3. } |
|
748 |
if (line.equals("}")) { |
|
749 |
// Go back to parent, see below |
|
750 |
current = (Hashtable<String,Object>)current.remove(" PARENT "); |
|
751 |
if (current == null) { |
|
752 |
throw new KrbException("Unmatched close brace"); |
|
2 | 753 |
} |
14327 | 754 |
} else { |
755 |
int pos = line.indexOf('='); |
|
756 |
if (pos < 0) { |
|
757 |
throw new KrbException("Illegal config content:" + line); |
|
2 | 758 |
} |
14327 | 759 |
String key = line.substring(0, pos).trim(); |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
760 |
String value = unquote(line.substring(pos + 1)); |
14327 | 761 |
if (value.equals("{")) { |
762 |
Hashtable<String,Object> subTable; |
|
763 |
if (current == stanzaTable) { |
|
764 |
key = key.toLowerCase(Locale.US); |
|
2 | 765 |
} |
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
766 |
// When there are dup names for sections |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
767 |
if (current.containsKey(key)) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
768 |
if (current == stanzaTable) { // top-level, merge |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
769 |
// The value at top-level must be another Hashtable |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
770 |
subTable = (Hashtable<String,Object>)current.get(key); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
771 |
} else { // otherwise, ignored |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
772 |
// read and ignore it (do not put into current) |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
773 |
subTable = new Hashtable<>(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
774 |
} |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
775 |
} else { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
776 |
subTable = new Hashtable<>(); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
777 |
current.put(key, subTable); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
778 |
} |
14327 | 779 |
// A special entry for its parent. Put whitespaces around, |
780 |
// so will never be confused with a normal key |
|
781 |
subTable.put(" PARENT ", current); |
|
782 |
current = subTable; |
|
783 |
} else { |
|
784 |
Vector<String> values; |
|
785 |
if (current.containsKey(key)) { |
|
786 |
Object obj = current.get(key); |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
787 |
if (obj instanceof Vector) { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
788 |
// String values are merged |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
789 |
values = (Vector<String>)obj; |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
790 |
values.add(value); |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
791 |
} else { |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
792 |
// If a key shows as section first and then a value, |
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
793 |
// ignore the value. |
14327 | 794 |
} |
795 |
} else { |
|
796 |
values = new Vector<String>(); |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
797 |
values.add(value); |
14327 | 798 |
current.put(key, values); |
799 |
} |
|
2 | 800 |
} |
801 |
} |
|
802 |
} |
|
14327 | 803 |
if (current != stanzaTable) { |
804 |
throw new KrbException("Not closed"); |
|
805 |
} |
|
806 |
return current; |
|
2 | 807 |
} |
808 |
||
809 |
/** |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
810 |
* Gets the default Java configuration file name. |
1819 | 811 |
* |
812 |
* If the system property "java.security.krb5.conf" is defined, we'll |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
813 |
* use its value, no matter if the file exists or not. Otherwise, we |
27565 | 814 |
* will look at $JAVA_HOME/conf/security directory with "krb5.conf" name, |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
815 |
* and return it if the file exists. |
1819 | 816 |
* |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
817 |
* The method returns null if it cannot find a Java config file. |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
818 |
*/ |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
819 |
private String getJavaFileName() { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
820 |
String name = getProperty("java.security.krb5.conf"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
821 |
if (name == null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
822 |
name = getProperty("java.home") + File.separator + |
27565 | 823 |
"conf" + File.separator + "security" + |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
824 |
File.separator + "krb5.conf"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
825 |
if (!fileExists(name)) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
826 |
name = null; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
827 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
828 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
829 |
if (DEBUG) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
830 |
System.out.println("Java config name: " + name); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
831 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
832 |
return name; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
833 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
834 |
|
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
835 |
/** |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
836 |
* Gets the default native configuration file name. |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
837 |
* |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
838 |
* Depending on the OS type, the method returns the default native |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
839 |
* kerberos config file name, which is at windows directory with |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
840 |
* the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris, |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
841 |
* /etc/krb5.conf otherwise. Mac OSX X has a different file name. |
1819 | 842 |
* |
843 |
* Note: When the Terminal Service is started in Windows (from 2003), |
|
844 |
* there are two kinds of Windows directories: A system one (say, |
|
845 |
* C:\Windows), and a user-private one (say, C:\Users\Me\Windows). |
|
846 |
* We will first look for krb5.ini in the user-private one. If not |
|
847 |
* found, try the system one instead. |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
848 |
* |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
849 |
* This method will always return a non-null non-empty file name, |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
850 |
* even if that file does not exist. |
2 | 851 |
*/ |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
852 |
private String getNativeFileName() { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
853 |
String name = null; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
854 |
String osname = getProperty("os.name"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
855 |
if (osname.startsWith("Windows")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
856 |
try { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
857 |
Credentials.ensureLoaded(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
858 |
} catch (Exception e) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
859 |
// ignore exceptions |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
860 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
861 |
if (Credentials.alreadyLoaded) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
862 |
String path = getWindowsDirectory(false); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
863 |
if (path != null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
864 |
if (path.endsWith("\\")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
865 |
path = path + "krb5.ini"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
866 |
} else { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
867 |
path = path + "\\krb5.ini"; |
2 | 868 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
869 |
if (fileExists(path)) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
870 |
name = path; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
871 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
872 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
873 |
if (name == null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
874 |
path = getWindowsDirectory(true); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
875 |
if (path != null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
876 |
if (path.endsWith("\\")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
877 |
path = path + "krb5.ini"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
878 |
} else { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
879 |
path = path + "\\krb5.ini"; |
2 | 880 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
881 |
name = path; |
1819 | 882 |
} |
2 | 883 |
} |
884 |
} |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
885 |
if (name == null) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
886 |
name = "c:\\winnt\\krb5.ini"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
887 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
888 |
} else if (osname.startsWith("SunOS")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
889 |
name = "/etc/krb5/krb5.conf"; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
890 |
} else if (osname.contains("OS X")) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
891 |
name = findMacosConfigFile(); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
892 |
} else { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
893 |
name = "/etc/krb5.conf"; |
2 | 894 |
} |
895 |
if (DEBUG) { |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
896 |
System.out.println("Native config name: " + name); |
2 | 897 |
} |
898 |
return name; |
|
899 |
} |
|
900 |
||
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
901 |
private static String getProperty(String property) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
902 |
return java.security.AccessController.doPrivileged( |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
903 |
new sun.security.action.GetPropertyAction(property)); |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
904 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
905 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
906 |
private String findMacosConfigFile() { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
907 |
String userHome = getProperty("user.home"); |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
908 |
final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos"; |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
909 |
String userPrefs = userHome + PREF_FILE; |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
910 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
911 |
if (fileExists(userPrefs)) { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
912 |
return userPrefs; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
913 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
914 |
|
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
915 |
if (fileExists(PREF_FILE)) { |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
916 |
return PREF_FILE; |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
917 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
918 |
|
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
919 |
return "/etc/krb5.conf"; |
12047
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
920 |
} |
320a714614e9
7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
10336
diff
changeset
|
921 |
|
25151
7a670121602e
8029994: Support "include" and "includedir" in krb5.conf
weijun
parents:
23716
diff
changeset
|
922 |
private static String unquote(String s) { |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
923 |
s = s.trim(); |
28657
e968ff5c0998
8055045: StringIndexOutOfBoundsException while reading krb5.conf
weijun
parents:
27946
diff
changeset
|
924 |
if (s.length() >= 2 && |
e968ff5c0998
8055045: StringIndexOutOfBoundsException while reading krb5.conf
weijun
parents:
27946
diff
changeset
|
925 |
((s.charAt(0) == '"' && s.charAt(s.length()-1) == '"') || |
e968ff5c0998
8055045: StringIndexOutOfBoundsException while reading krb5.conf
weijun
parents:
27946
diff
changeset
|
926 |
(s.charAt(0) == '\'' && s.charAt(s.length()-1) == '\''))) { |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
927 |
s = s.substring(1, s.length()-1).trim(); |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
928 |
} |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
929 |
return s; |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
930 |
} |
2 | 931 |
|
932 |
/** |
|
933 |
* For testing purpose. This method lists all information being parsed from |
|
934 |
* the configuration file to the hashtable. |
|
935 |
*/ |
|
936 |
public void listTable() { |
|
14327 | 937 |
System.out.println(this); |
2 | 938 |
} |
939 |
||
940 |
/** |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
941 |
* Returns all etypes specified in krb5.conf for the given configName, |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
942 |
* or all the builtin defaults. This result is always non-empty. |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
943 |
* If no etypes are found, an exception is thrown. |
2 | 944 |
*/ |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
945 |
public int[] defaultEtype(String configName) throws KrbException { |
2 | 946 |
String default_enctypes; |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
947 |
default_enctypes = get("libdefaults", configName); |
2 | 948 |
int[] etype; |
949 |
if (default_enctypes == null) { |
|
950 |
if (DEBUG) { |
|
951 |
System.out.println("Using builtin default etypes for " + |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
952 |
configName); |
2 | 953 |
} |
954 |
etype = EType.getBuiltInDefaults(); |
|
955 |
} else { |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
956 |
String delim = " "; |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
957 |
StringTokenizer st; |
2 | 958 |
for (int j = 0; j < default_enctypes.length(); j++) { |
959 |
if (default_enctypes.substring(j, j + 1).equals(",")) { |
|
960 |
// only two delimiters are allowed to use |
|
961 |
// according to Kerberos DCE doc. |
|
962 |
delim = ","; |
|
963 |
break; |
|
964 |
} |
|
965 |
} |
|
966 |
st = new StringTokenizer(default_enctypes, delim); |
|
967 |
int len = st.countTokens(); |
|
7977
f47f211cd627
7008713: diamond conversion of kerberos5 and security tools
smarks
parents:
7183
diff
changeset
|
968 |
ArrayList<Integer> ls = new ArrayList<>(len); |
2 | 969 |
int type; |
970 |
for (int i = 0; i < len; i++) { |
|
14327 | 971 |
type = Config.getType(st.nextToken()); |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
972 |
if (type != -1 && EType.isSupported(type)) { |
2 | 973 |
ls.add(type); |
974 |
} |
|
975 |
} |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9499
diff
changeset
|
976 |
if (ls.isEmpty()) { |
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
977 |
throw new KrbException("no supported default etypes for " |
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
978 |
+ configName); |
2 | 979 |
} else { |
980 |
etype = new int[ls.size()]; |
|
981 |
for (int i = 0; i < etype.length; i++) { |
|
982 |
etype[i] = ls.get(i); |
|
983 |
} |
|
984 |
} |
|
985 |
} |
|
986 |
||
987 |
if (DEBUG) { |
|
18168
f47169155ea0
8014310: JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
weijun
parents:
14515
diff
changeset
|
988 |
System.out.print("default etypes for " + configName + ":"); |
2 | 989 |
for (int i = 0; i < etype.length; i++) { |
990 |
System.out.print(" " + etype[i]); |
|
991 |
} |
|
992 |
System.out.println("."); |
|
993 |
} |
|
994 |
return etype; |
|
995 |
} |
|
996 |
||
997 |
||
998 |
/** |
|
999 |
* Get the etype and checksum value for the specified encryption and |
|
1000 |
* checksum type. |
|
1001 |
* |
|
1002 |
*/ |
|
1003 |
/* |
|
1004 |
* This method converts the string representation of encryption type and |
|
1005 |
* checksum type to int value that can be later used by EType and |
|
1006 |
* Checksum classes. |
|
1007 |
*/ |
|
14327 | 1008 |
public static int getType(String input) { |
2 | 1009 |
int result = -1; |
1010 |
if (input == null) { |
|
1011 |
return result; |
|
1012 |
} |
|
1013 |
if (input.startsWith("d") || (input.startsWith("D"))) { |
|
1014 |
if (input.equalsIgnoreCase("des-cbc-crc")) { |
|
1015 |
result = EncryptedData.ETYPE_DES_CBC_CRC; |
|
1016 |
} else if (input.equalsIgnoreCase("des-cbc-md5")) { |
|
1017 |
result = EncryptedData.ETYPE_DES_CBC_MD5; |
|
1018 |
} else if (input.equalsIgnoreCase("des-mac")) { |
|
1019 |
result = Checksum.CKSUMTYPE_DES_MAC; |
|
1020 |
} else if (input.equalsIgnoreCase("des-mac-k")) { |
|
1021 |
result = Checksum.CKSUMTYPE_DES_MAC_K; |
|
1022 |
} else if (input.equalsIgnoreCase("des-cbc-md4")) { |
|
1023 |
result = EncryptedData.ETYPE_DES_CBC_MD4; |
|
1024 |
} else if (input.equalsIgnoreCase("des3-cbc-sha1") || |
|
1025 |
input.equalsIgnoreCase("des3-hmac-sha1") || |
|
1026 |
input.equalsIgnoreCase("des3-cbc-sha1-kd") || |
|
1027 |
input.equalsIgnoreCase("des3-cbc-hmac-sha1-kd")) { |
|
1028 |
result = EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD; |
|
1029 |
} |
|
1030 |
} else if (input.startsWith("a") || (input.startsWith("A"))) { |
|
1031 |
// AES |
|
1032 |
if (input.equalsIgnoreCase("aes128-cts") || |
|
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1033 |
input.equalsIgnoreCase("aes128-sha1") || |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1034 |
input.equalsIgnoreCase("aes128-cts-hmac-sha1-96")) { |
2 | 1035 |
result = EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96; |
1036 |
} else if (input.equalsIgnoreCase("aes256-cts") || |
|
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1037 |
input.equalsIgnoreCase("aes256-sha1") || |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1038 |
input.equalsIgnoreCase("aes256-cts-hmac-sha1-96")) { |
2 | 1039 |
result = EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96; |
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1040 |
} else if (input.equalsIgnoreCase("aes128-sha2") || |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1041 |
input.equalsIgnoreCase("aes128-cts-hmac-sha256-128")) { |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1042 |
result = EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128; |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1043 |
} else if (input.equalsIgnoreCase("aes256-sha2") || |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1044 |
input.equalsIgnoreCase("aes256-cts-hmac-sha384-192")) { |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1045 |
result = EncryptedData.ETYPE_AES256_CTS_HMAC_SHA384_192; |
2 | 1046 |
// ARCFOUR-HMAC |
1047 |
} else if (input.equalsIgnoreCase("arcfour-hmac") || |
|
1048 |
input.equalsIgnoreCase("arcfour-hmac-md5")) { |
|
1049 |
result = EncryptedData.ETYPE_ARCFOUR_HMAC; |
|
1050 |
} |
|
1051 |
// RC4-HMAC |
|
1052 |
} else if (input.equalsIgnoreCase("rc4-hmac")) { |
|
1053 |
result = EncryptedData.ETYPE_ARCFOUR_HMAC; |
|
1054 |
} else if (input.equalsIgnoreCase("CRC32")) { |
|
1055 |
result = Checksum.CKSUMTYPE_CRC32; |
|
1056 |
} else if (input.startsWith("r") || (input.startsWith("R"))) { |
|
1057 |
if (input.equalsIgnoreCase("rsa-md5")) { |
|
1058 |
result = Checksum.CKSUMTYPE_RSA_MD5; |
|
1059 |
} else if (input.equalsIgnoreCase("rsa-md5-des")) { |
|
1060 |
result = Checksum.CKSUMTYPE_RSA_MD5_DES; |
|
1061 |
} |
|
1062 |
} else if (input.equalsIgnoreCase("hmac-sha1-des3-kd")) { |
|
1063 |
result = Checksum.CKSUMTYPE_HMAC_SHA1_DES3_KD; |
|
1064 |
} else if (input.equalsIgnoreCase("hmac-sha1-96-aes128")) { |
|
1065 |
result = Checksum.CKSUMTYPE_HMAC_SHA1_96_AES128; |
|
1066 |
} else if (input.equalsIgnoreCase("hmac-sha1-96-aes256")) { |
|
1067 |
result = Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256; |
|
48651
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1068 |
} else if (input.equalsIgnoreCase("hmac-sha256-128-aes128")) { |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1069 |
result = Checksum.CKSUMTYPE_HMAC_SHA256_128_AES128; |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1070 |
} else if (input.equalsIgnoreCase("hmac-sha384-192-aes256")) { |
67abfee27e69
8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5
weijun
parents:
47216
diff
changeset
|
1071 |
result = Checksum.CKSUMTYPE_HMAC_SHA384_192_AES256; |
2 | 1072 |
} else if (input.equalsIgnoreCase("hmac-md5-rc4") || |
1073 |
input.equalsIgnoreCase("hmac-md5-arcfour") || |
|
1074 |
input.equalsIgnoreCase("hmac-md5-enc")) { |
|
1075 |
result = Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR; |
|
1076 |
} else if (input.equalsIgnoreCase("NULL")) { |
|
1077 |
result = EncryptedData.ETYPE_NULL; |
|
1078 |
} |
|
1079 |
||
1080 |
return result; |
|
1081 |
} |
|
1082 |
||
1083 |
/** |
|
1084 |
* Resets the default kdc realm. |
|
1085 |
* We do not need to synchronize these methods since assignments are atomic |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1086 |
* |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1087 |
* This method was useless. Kept here in case some class still calls it. |
2 | 1088 |
*/ |
1089 |
public void resetDefaultRealm(String realm) { |
|
1090 |
if (DEBUG) { |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1091 |
System.out.println(">>> Config try resetting default kdc " + realm); |
2 | 1092 |
} |
1093 |
} |
|
1094 |
||
1095 |
/** |
|
1096 |
* Check to use addresses in tickets |
|
1097 |
* use addresses if "no_addresses" or "noaddresses" is set to false |
|
1098 |
*/ |
|
1099 |
public boolean useAddresses() { |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1100 |
return getBooleanObject("libdefaults", "no_addresses") == Boolean.FALSE || |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1101 |
getBooleanObject("libdefaults", "noaddresses") == Boolean.FALSE; |
2 | 1102 |
} |
1103 |
||
1104 |
/** |
|
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1105 |
* Check if need to use DNS to locate Kerberos services for name. If not |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1106 |
* defined, check dns_fallback, whose default value is true. |
2 | 1107 |
*/ |
30653
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1108 |
private boolean useDNS(String name, boolean defaultValue) { |
23716
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1109 |
Boolean value = getBooleanObject("libdefaults", name); |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1110 |
if (value != null) { |
33cc4db6209b
8029995: accept yes/no for boolean krb5.conf settings
weijun
parents:
23336
diff
changeset
|
1111 |
return value.booleanValue(); |
2 | 1112 |
} |
30653
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1113 |
value = getBooleanObject("libdefaults", "dns_fallback"); |
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1114 |
if (value != null) { |
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1115 |
return value.booleanValue(); |
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1116 |
} |
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1117 |
return defaultValue; |
2 | 1118 |
} |
1119 |
||
1120 |
/** |
|
1121 |
* Check if need to use DNS to locate the KDC |
|
1122 |
*/ |
|
14327 | 1123 |
private boolean useDNS_KDC() { |
30653
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1124 |
return useDNS("dns_lookup_kdc", true); |
2 | 1125 |
} |
1126 |
||
1127 |
/* |
|
1128 |
* Check if need to use DNS to locate the Realm |
|
1129 |
*/ |
|
14327 | 1130 |
private boolean useDNS_Realm() { |
30653
6ef1144fd561
8077102: dns_lookup_realm should be false by default
weijun
parents:
28657
diff
changeset
|
1131 |
return useDNS("dns_lookup_realm", false); |
2 | 1132 |
} |
1133 |
||
1134 |
/** |
|
1135 |
* Gets default realm. |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1136 |
* @throws KrbException where no realm can be located |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1137 |
* @return the default realm, always non null |
2 | 1138 |
*/ |
1139 |
public String getDefaultRealm() throws KrbException { |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1140 |
if (defaultRealm != null) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1141 |
return defaultRealm; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1142 |
} |
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1143 |
Exception cause = null; |
14327 | 1144 |
String realm = get("libdefaults", "default_realm"); |
2 | 1145 |
if ((realm == null) && useDNS_Realm()) { |
1146 |
// use DNS to locate Kerberos realm |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1147 |
try { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1148 |
realm = getRealmFromDNS(); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1149 |
} catch (KrbException ke) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1150 |
cause = ke; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1151 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1152 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1153 |
if (realm == null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1154 |
realm = java.security.AccessController.doPrivileged( |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1155 |
new java.security.PrivilegedAction<String>() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1156 |
@Override |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1157 |
public String run() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1158 |
String osname = System.getProperty("os.name"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1159 |
if (osname.startsWith("Windows")) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1160 |
return System.getenv("USERDNSDOMAIN"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1161 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1162 |
return null; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1163 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1164 |
}); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1165 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1166 |
if (realm == null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1167 |
KrbException ke = new KrbException("Cannot locate default realm"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1168 |
if (cause != null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1169 |
ke.initCause(cause); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1170 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1171 |
throw ke; |
2 | 1172 |
} |
1173 |
return realm; |
|
1174 |
} |
|
1175 |
||
1176 |
/** |
|
1177 |
* Returns a list of KDC's with each KDC separated by a space |
|
1178 |
* |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1179 |
* @param realm the realm for which the KDC list is desired |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1180 |
* @throws KrbException if there's no way to find KDC for the realm |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1181 |
* @return the list of KDCs separated by a space, always non null |
2 | 1182 |
*/ |
1183 |
public String getKDCList(String realm) throws KrbException { |
|
1184 |
if (realm == null) { |
|
1185 |
realm = getDefaultRealm(); |
|
1186 |
} |
|
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1187 |
if (realm.equalsIgnoreCase(defaultRealm)) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1188 |
return defaultKDC; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1189 |
} |
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1190 |
Exception cause = null; |
14327 | 1191 |
String kdcs = getAll("realms", realm, "kdc"); |
2 | 1192 |
if ((kdcs == null) && useDNS_KDC()) { |
1193 |
// use DNS to locate KDC |
|
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1194 |
try { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1195 |
kdcs = getKDCFromDNS(realm); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1196 |
} catch (KrbException ke) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1197 |
cause = ke; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1198 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1199 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1200 |
if (kdcs == null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1201 |
kdcs = java.security.AccessController.doPrivileged( |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1202 |
new java.security.PrivilegedAction<String>() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1203 |
@Override |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1204 |
public String run() { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1205 |
String osname = System.getProperty("os.name"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1206 |
if (osname.startsWith("Windows")) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1207 |
String logonServer = System.getenv("LOGONSERVER"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1208 |
if (logonServer != null |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1209 |
&& logonServer.startsWith("\\\\")) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1210 |
logonServer = logonServer.substring(2); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1211 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1212 |
return logonServer; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1213 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1214 |
return null; |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1215 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1216 |
}); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1217 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1218 |
if (kdcs == null) { |
3315
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1219 |
if (defaultKDC != null) { |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1220 |
return defaultKDC; |
2c61231c7973
6858589: more changes to Config on system properties
weijun
parents:
3221
diff
changeset
|
1221 |
} |
1947
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1222 |
KrbException ke = new KrbException("Cannot locate KDC"); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1223 |
if (cause != null) { |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1224 |
ke.initCause(cause); |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1225 |
} |
316d79a73e74
6785456: Read Kerberos setting from Windows environment variables
weijun
parents:
1946
diff
changeset
|
1226 |
throw ke; |
2 | 1227 |
} |
1228 |
return kdcs; |
|
1229 |
} |
|
1230 |
||
1231 |
/** |
|
1232 |
* Locate Kerberos realm using DNS |
|
1233 |
* |
|
1234 |
* @return the Kerberos realm |
|
1235 |
*/ |
|
1236 |
private String getRealmFromDNS() throws KrbException { |
|
1237 |
// use DNS to locate Kerberos realm |
|
1238 |
String realm = null; |
|
1239 |
String hostName = null; |
|
1240 |
try { |
|
1946 | 1241 |
hostName = InetAddress.getLocalHost().getCanonicalHostName(); |
2 | 1242 |
} catch (UnknownHostException e) { |
1243 |
KrbException ke = new KrbException(Krb5.KRB_ERR_GENERIC, |
|
1244 |
"Unable to locate Kerberos realm: " + e.getMessage()); |
|
1245 |
ke.initCause(e); |
|
1246 |
throw (ke); |
|
1247 |
} |
|
1248 |
// get the domain realm mapping from the configuration |
|
1249 |
String mapRealm = PrincipalName.mapHostToRealm(hostName); |
|
6113 | 1250 |
if (mapRealm == null) { |
1251 |
// No match. Try search and/or domain in /etc/resolv.conf |
|
1252 |
List<String> srchlist = ResolverConfiguration.open().searchlist(); |
|
1253 |
for (String domain: srchlist) { |
|
1254 |
realm = checkRealm(domain); |
|
1255 |
if (realm != null) { |
|
1256 |
break; |
|
1257 |
} |
|
1258 |
} |
|
1259 |
} else { |
|
1260 |
realm = checkRealm(mapRealm); |
|
1261 |
} |
|
1262 |
if (realm == null) { |
|
1263 |
throw new KrbException(Krb5.KRB_ERR_GENERIC, |
|
1264 |
"Unable to locate Kerberos realm"); |
|
1265 |
} |
|
1266 |
return realm; |
|
1267 |
} |
|
1268 |
||
1269 |
/** |
|
1270 |
* Check if the provided realm is the correct realm |
|
1271 |
* @return the realm if correct, or null otherwise |
|
1272 |
*/ |
|
1273 |
private static String checkRealm(String mapRealm) { |
|
1274 |
if (DEBUG) { |
|
1275 |
System.out.println("getRealmFromDNS: trying " + mapRealm); |
|
1276 |
} |
|
2 | 1277 |
String[] records = null; |
1278 |
String newRealm = mapRealm; |
|
1279 |
while ((records == null) && (newRealm != null)) { |
|
1280 |
// locate DNS TXT record |
|
1281 |
records = KrbServiceLocator.getKerberosService(newRealm); |
|
1282 |
newRealm = Realm.parseRealmComponent(newRealm); |
|
1283 |
// if no DNS TXT records found, try again using sub-realm |
|
1284 |
} |
|
6113 | 1285 |
if (records != null) { |
1286 |
for (int i = 0; i < records.length; i++) { |
|
1287 |
if (records[i].equalsIgnoreCase(mapRealm)) { |
|
1288 |
return records[i]; |
|
1289 |
} |
|
2 | 1290 |
} |
1291 |
} |
|
6113 | 1292 |
return null; |
2 | 1293 |
} |
1294 |
||
1295 |
/** |
|
1296 |
* Locate KDC using DNS |
|
1297 |
* |
|
1298 |
* @param realm the realm for which the master KDC is desired |
|
1299 |
* @return the KDC |
|
1300 |
*/ |
|
1301 |
private String getKDCFromDNS(String realm) throws KrbException { |
|
1302 |
// use DNS to locate KDC |
|
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1303 |
String kdcs = ""; |
2 | 1304 |
String[] srvs = null; |
1305 |
// locate DNS SRV record using UDP |
|
6113 | 1306 |
if (DEBUG) { |
1307 |
System.out.println("getKDCFromDNS using UDP"); |
|
1308 |
} |
|
1309 |
srvs = KrbServiceLocator.getKerberosService(realm, "_udp"); |
|
2 | 1310 |
if (srvs == null) { |
1311 |
// locate DNS SRV record using TCP |
|
6113 | 1312 |
if (DEBUG) { |
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1313 |
System.out.println("getKDCFromDNS using TCP"); |
6113 | 1314 |
} |
1315 |
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp"); |
|
2 | 1316 |
} |
1317 |
if (srvs == null) { |
|
1318 |
// no DNS SRV records |
|
1319 |
throw new KrbException(Krb5.KRB_ERR_GENERIC, |
|
1320 |
"Unable to locate KDC for realm " + realm); |
|
1321 |
} |
|
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1322 |
if (srvs.length == 0) { |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1323 |
return null; |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1324 |
} |
2 | 1325 |
for (int i = 0; i < srvs.length; i++) { |
14515
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1326 |
kdcs += srvs[i].trim() + " "; |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1327 |
} |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1328 |
kdcs = kdcs.trim(); |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1329 |
if (kdcs.equals("")) { |
f67149f8daf6
8002344: Krb5LoginModule config class does not return proper KDC list from DNS
weijun
parents:
14327
diff
changeset
|
1330 |
return null; |
2 | 1331 |
} |
1332 |
return kdcs; |
|
1333 |
} |
|
1334 |
||
1819 | 1335 |
private boolean fileExists(String name) { |
1336 |
return java.security.AccessController.doPrivileged( |
|
1337 |
new FileExistsAction(name)); |
|
1338 |
} |
|
1339 |
||
2 | 1340 |
static class FileExistsAction |
1341 |
implements java.security.PrivilegedAction<Boolean> { |
|
1342 |
||
1343 |
private String fileName; |
|
1344 |
||
1345 |
public FileExistsAction(String fileName) { |
|
1346 |
this.fileName = fileName; |
|
1347 |
} |
|
1348 |
||
1349 |
public Boolean run() { |
|
1350 |
return new File(fileName).exists(); |
|
1351 |
} |
|
1352 |
} |
|
1353 |
||
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1354 |
// Shows the content of the Config object for debug purpose. |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1355 |
// |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1356 |
// { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1357 |
// libdefaults = { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1358 |
// default_realm = R |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1359 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1360 |
// realms = { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1361 |
// R = { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1362 |
// kdc = [k1,k2] |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1363 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1364 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1365 |
// } |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1366 |
|
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1367 |
@Override |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1368 |
public String toString() { |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1369 |
StringBuffer sb = new StringBuffer(); |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1370 |
toStringInternal("", stanzaTable, sb); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1371 |
return sb.toString(); |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1372 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1373 |
private static void toStringInternal(String prefix, Object obj, |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1374 |
StringBuffer sb) { |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1375 |
if (obj instanceof String) { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1376 |
// A string value, just print it |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1377 |
sb.append(obj).append('\n'); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1378 |
} else if (obj instanceof Hashtable) { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1379 |
// A table, start a new sub-section... |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9499
diff
changeset
|
1380 |
Hashtable<?, ?> tab = (Hashtable<?, ?>)obj; |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1381 |
sb.append("{\n"); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1382 |
for (Object o: tab.keySet()) { |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1383 |
// ...indent, print "key = ", and |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1384 |
sb.append(prefix).append(" ").append(o).append(" = "); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1385 |
// ...go recursively into value |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1386 |
toStringInternal(prefix + " ", tab.get(o), sb); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1387 |
} |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1388 |
sb.append(prefix).append("}\n"); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1389 |
} else if (obj instanceof Vector) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1390 |
// A vector of strings, print them inside [ and ] |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1391 |
Vector<?> v = (Vector<?>)obj; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1392 |
sb.append("["); |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1393 |
boolean first = true; |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1394 |
for (Object o: v.toArray()) { |
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1395 |
if (!first) sb.append(","); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1396 |
sb.append(o); |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1397 |
first = false; |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1398 |
} |
13658
730a11bef766
7184815: [macosx] Need to read Kerberos config in files
weijun
parents:
12538
diff
changeset
|
1399 |
sb.append("]\n"); |
2587
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1400 |
} |
42fa8d578501
6714845: Quotes in Kerberos configuration file are included in the values
weijun
parents:
1947
diff
changeset
|
1401 |
} |
2 | 1402 |
} |