|
2
|
1 |
/*
|
|
|
2 |
* Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
|
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
|
7 |
* published by the Free Software Foundation. Sun designates this
|
|
|
8 |
* particular file as subject to the "Classpath" exception as provided
|
|
|
9 |
* by Sun in the LICENSE file that accompanied this code.
|
|
|
10 |
*
|
|
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
15 |
* accompanied this code).
|
|
|
16 |
*
|
|
|
17 |
* You should have received a copy of the GNU General Public License version
|
|
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
20 |
*
|
|
|
21 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
|
|
22 |
* CA 95054 USA or visit www.sun.com if you need additional information or
|
|
|
23 |
* have any questions.
|
|
|
24 |
*/
|
|
|
25 |
|
|
|
26 |
package sun.security.krb5;
|
|
|
27 |
|
|
|
28 |
import java.util.Arrays;
|
|
|
29 |
import java.util.Enumeration;
|
|
|
30 |
import java.util.Hashtable;
|
|
|
31 |
import java.util.NoSuchElementException;
|
|
|
32 |
import java.util.Random;
|
|
|
33 |
import java.util.StringTokenizer;
|
|
|
34 |
import java.util.List;
|
|
|
35 |
|
|
|
36 |
import javax.naming.*;
|
|
|
37 |
import javax.naming.directory.*;
|
|
|
38 |
import javax.naming.spi.NamingManager;
|
|
|
39 |
|
|
|
40 |
/**
|
|
|
41 |
* This class discovers the location of Kerberos services by querying DNS,
|
|
|
42 |
* as defined in RFC 4120.
|
|
|
43 |
*
|
|
|
44 |
* @author Seema Malkani
|
|
|
45 |
* @since 1.7
|
|
|
46 |
*/
|
|
|
47 |
|
|
|
48 |
class KrbServiceLocator {
|
|
|
49 |
|
|
|
50 |
private static final String SRV_RR = "SRV";
|
|
|
51 |
private static final String[] SRV_RR_ATTR = new String[] {SRV_RR};
|
|
|
52 |
|
|
|
53 |
private static final String SRV_TXT = "TXT";
|
|
|
54 |
private static final String[] SRV_TXT_ATTR = new String[] {SRV_TXT};
|
|
|
55 |
|
|
|
56 |
private static final Random random = new Random();
|
|
|
57 |
|
|
|
58 |
private KrbServiceLocator() {
|
|
|
59 |
}
|
|
|
60 |
|
|
|
61 |
/**
|
|
|
62 |
* Locates the KERBEROS service for a given domain.
|
|
|
63 |
* Queries DNS for a list of KERBEROS Service Text Records (TXT) for a
|
|
|
64 |
* given domain name.
|
|
|
65 |
* Information on the mapping of DNS hostnames and domain names
|
|
|
66 |
* to Kerberos realms is stored using DNS TXT records
|
|
|
67 |
*
|
|
|
68 |
* @param domainName A string domain name.
|
|
|
69 |
* @param environment The possibly null environment of the context.
|
|
|
70 |
* @return An ordered list of hostports for the Kerberos service or null if
|
|
|
71 |
* the service has not been located.
|
|
|
72 |
*/
|
|
|
73 |
static String[] getKerberosService(String realmName) {
|
|
|
74 |
|
|
|
75 |
// search realm in SRV TXT records
|
|
|
76 |
String dnsUrl = "dns:///_kerberos." + realmName;
|
|
|
77 |
String[] records = null;
|
|
|
78 |
try {
|
|
|
79 |
// Create the DNS context using NamingManager rather than using
|
|
|
80 |
// the initial context constructor. This avoids having the initial
|
|
|
81 |
// context constructor call itself (when processing the URL
|
|
|
82 |
// argument in the getAttributes call).
|
|
|
83 |
Context ctx = NamingManager.getURLContext("dns", new Hashtable(0));
|
|
|
84 |
if (!(ctx instanceof DirContext)) {
|
|
|
85 |
return null; // cannot create a DNS context
|
|
|
86 |
}
|
|
|
87 |
Attributes attrs =
|
|
|
88 |
((DirContext)ctx).getAttributes(dnsUrl, SRV_TXT_ATTR);
|
|
|
89 |
Attribute attr;
|
|
|
90 |
|
|
|
91 |
if (attrs != null && ((attr = attrs.get(SRV_TXT)) != null)) {
|
|
|
92 |
int numValues = attr.size();
|
|
|
93 |
int numRecords = 0;
|
|
|
94 |
String[] txtRecords = new String[numValues];
|
|
|
95 |
|
|
|
96 |
// gather the text records
|
|
|
97 |
int i = 0;
|
|
|
98 |
int j = 0;
|
|
|
99 |
while (i < numValues) {
|
|
|
100 |
try {
|
|
|
101 |
txtRecords[j] = (String)attr.get(i);
|
|
|
102 |
j++;
|
|
|
103 |
} catch (Exception e) {
|
|
|
104 |
// ignore bad value
|
|
|
105 |
}
|
|
|
106 |
i++;
|
|
|
107 |
}
|
|
|
108 |
numRecords = j;
|
|
|
109 |
|
|
|
110 |
// trim
|
|
|
111 |
if (numRecords < numValues) {
|
|
|
112 |
String[] trimmed = new String[numRecords];
|
|
|
113 |
System.arraycopy(txtRecords, 0, trimmed, 0, numRecords);
|
|
|
114 |
records = trimmed;
|
|
|
115 |
} else {
|
|
|
116 |
records = txtRecords;
|
|
|
117 |
}
|
|
|
118 |
}
|
|
|
119 |
} catch (NamingException e) {
|
|
|
120 |
// ignore
|
|
|
121 |
}
|
|
|
122 |
return records;
|
|
|
123 |
}
|
|
|
124 |
|
|
|
125 |
/**
|
|
|
126 |
* Locates the KERBEROS service for a given domain.
|
|
|
127 |
* Queries DNS for a list of KERBEROS Service Location Records (SRV) for a
|
|
|
128 |
* given domain name.
|
|
|
129 |
*
|
|
|
130 |
* @param domainName A string domain name.
|
|
|
131 |
* @return An ordered list of hostports for the Kerberos service or null if
|
|
|
132 |
* the service has not been located.
|
|
|
133 |
*/
|
|
|
134 |
static String[] getKerberosService(String realmName, String protocol) {
|
|
|
135 |
|
|
|
136 |
String dnsUrl = "dns:///_kerberos." + protocol + realmName;
|
|
|
137 |
String[] hostports = null;
|
|
|
138 |
|
|
|
139 |
try {
|
|
|
140 |
// Create the DNS context using NamingManager rather than using
|
|
|
141 |
// the initial context constructor. This avoids having the initial
|
|
|
142 |
// context constructor call itself (when processing the URL
|
|
|
143 |
// argument in the getAttributes call).
|
|
|
144 |
Context ctx = NamingManager.getURLContext("dns", new Hashtable(0));
|
|
|
145 |
if (!(ctx instanceof DirContext)) {
|
|
|
146 |
return null; // cannot create a DNS context
|
|
|
147 |
}
|
|
|
148 |
Attributes attrs =
|
|
|
149 |
((DirContext)ctx).getAttributes(dnsUrl, SRV_RR_ATTR);
|
|
|
150 |
Attribute attr;
|
|
|
151 |
|
|
|
152 |
if (attrs != null && ((attr = attrs.get(SRV_RR)) != null)) {
|
|
|
153 |
int numValues = attr.size();
|
|
|
154 |
int numRecords = 0;
|
|
|
155 |
SrvRecord[] srvRecords = new SrvRecord[numValues];
|
|
|
156 |
|
|
|
157 |
// create the service records
|
|
|
158 |
int i = 0;
|
|
|
159 |
int j = 0;
|
|
|
160 |
while (i < numValues) {
|
|
|
161 |
try {
|
|
|
162 |
srvRecords[j] = new SrvRecord((String) attr.get(i));
|
|
|
163 |
j++;
|
|
|
164 |
} catch (Exception e) {
|
|
|
165 |
// ignore bad value
|
|
|
166 |
}
|
|
|
167 |
i++;
|
|
|
168 |
}
|
|
|
169 |
numRecords = j;
|
|
|
170 |
|
|
|
171 |
// trim
|
|
|
172 |
if (numRecords < numValues) {
|
|
|
173 |
SrvRecord[] trimmed = new SrvRecord[numRecords];
|
|
|
174 |
System.arraycopy(srvRecords, 0, trimmed, 0, numRecords);
|
|
|
175 |
srvRecords = trimmed;
|
|
|
176 |
}
|
|
|
177 |
|
|
|
178 |
// Sort the service records in ascending order of their
|
|
|
179 |
// priority value. For records with equal priority, move
|
|
|
180 |
// those with weight 0 to the top of the list.
|
|
|
181 |
if (numRecords > 1) {
|
|
|
182 |
Arrays.sort(srvRecords);
|
|
|
183 |
}
|
|
|
184 |
|
|
|
185 |
// extract the host and port number from each service record
|
|
|
186 |
hostports = extractHostports(srvRecords);
|
|
|
187 |
}
|
|
|
188 |
} catch (NamingException e) {
|
|
|
189 |
// e.printStackTrace();
|
|
|
190 |
// ignore
|
|
|
191 |
}
|
|
|
192 |
return hostports;
|
|
|
193 |
}
|
|
|
194 |
|
|
|
195 |
/**
|
|
|
196 |
* Extract hosts and port numbers from a list of SRV records.
|
|
|
197 |
* An array of hostports is returned or null if none were found.
|
|
|
198 |
*/
|
|
|
199 |
private static String[] extractHostports(SrvRecord[] srvRecords) {
|
|
|
200 |
String[] hostports = null;
|
|
|
201 |
|
|
|
202 |
int head = 0;
|
|
|
203 |
int tail = 0;
|
|
|
204 |
int sublistLength = 0;
|
|
|
205 |
int k = 0;
|
|
|
206 |
for (int i = 0; i < srvRecords.length; i++) {
|
|
|
207 |
if (hostports == null) {
|
|
|
208 |
hostports = new String[srvRecords.length];
|
|
|
209 |
}
|
|
|
210 |
// find the head and tail of the list of records having the same
|
|
|
211 |
// priority value.
|
|
|
212 |
head = i;
|
|
|
213 |
while (i < srvRecords.length - 1 &&
|
|
|
214 |
srvRecords[i].priority == srvRecords[i + 1].priority) {
|
|
|
215 |
i++;
|
|
|
216 |
}
|
|
|
217 |
tail = i;
|
|
|
218 |
|
|
|
219 |
// select hostports from the sublist
|
|
|
220 |
sublistLength = (tail - head) + 1;
|
|
|
221 |
for (int j = 0; j < sublistLength; j++) {
|
|
|
222 |
hostports[k++] = selectHostport(srvRecords, head, tail);
|
|
|
223 |
}
|
|
|
224 |
}
|
|
|
225 |
return hostports;
|
|
|
226 |
}
|
|
|
227 |
|
|
|
228 |
/*
|
|
|
229 |
* Randomly select a service record in the range [head, tail] and return
|
|
|
230 |
* its hostport value. Follows the algorithm in RFC 2782.
|
|
|
231 |
*/
|
|
|
232 |
private static String selectHostport(SrvRecord[] srvRecords, int head,
|
|
|
233 |
int tail) {
|
|
|
234 |
if (head == tail) {
|
|
|
235 |
return srvRecords[head].hostport;
|
|
|
236 |
}
|
|
|
237 |
|
|
|
238 |
// compute the running sum for records between head and tail
|
|
|
239 |
int sum = 0;
|
|
|
240 |
for (int i = head; i <= tail; i++) {
|
|
|
241 |
if (srvRecords[i] != null) {
|
|
|
242 |
sum += srvRecords[i].weight;
|
|
|
243 |
srvRecords[i].sum = sum;
|
|
|
244 |
}
|
|
|
245 |
}
|
|
|
246 |
String hostport = null;
|
|
|
247 |
|
|
|
248 |
// If all records have zero weight, select first available one;
|
|
|
249 |
// otherwise, randomly select a record according to its weight
|
|
|
250 |
int target = (sum == 0 ? 0 : random.nextInt(sum + 1));
|
|
|
251 |
for (int i = head; i <= tail; i++) {
|
|
|
252 |
if (srvRecords[i] != null && srvRecords[i].sum >= target) {
|
|
|
253 |
hostport = srvRecords[i].hostport;
|
|
|
254 |
srvRecords[i] = null; // make this record unavailable
|
|
|
255 |
break;
|
|
|
256 |
}
|
|
|
257 |
}
|
|
|
258 |
return hostport;
|
|
|
259 |
}
|
|
|
260 |
|
|
|
261 |
/**
|
|
|
262 |
* This class holds a DNS service (SRV) record.
|
|
|
263 |
* See http://www.ietf.org/rfc/rfc2782.txt
|
|
|
264 |
*/
|
|
|
265 |
|
|
|
266 |
static class SrvRecord implements Comparable {
|
|
|
267 |
|
|
|
268 |
int priority;
|
|
|
269 |
int weight;
|
|
|
270 |
int sum;
|
|
|
271 |
String hostport;
|
|
|
272 |
|
|
|
273 |
/**
|
|
|
274 |
* Creates a service record object from a string record.
|
|
|
275 |
* DNS supplies the string record in the following format:
|
|
|
276 |
* <pre>
|
|
|
277 |
* <Priority> " " <Weight> " " <Port> " " <Host>
|
|
|
278 |
* </pre>
|
|
|
279 |
*/
|
|
|
280 |
SrvRecord(String srvRecord) throws Exception {
|
|
|
281 |
StringTokenizer tokenizer = new StringTokenizer(srvRecord, " ");
|
|
|
282 |
String port;
|
|
|
283 |
|
|
|
284 |
if (tokenizer.countTokens() == 4) {
|
|
|
285 |
priority = Integer.parseInt(tokenizer.nextToken());
|
|
|
286 |
weight = Integer.parseInt(tokenizer.nextToken());
|
|
|
287 |
port = tokenizer.nextToken();
|
|
|
288 |
hostport = tokenizer.nextToken() + ":" + port;
|
|
|
289 |
} else {
|
|
|
290 |
throw new IllegalArgumentException();
|
|
|
291 |
}
|
|
|
292 |
}
|
|
|
293 |
|
|
|
294 |
/*
|
|
|
295 |
* Sort records in ascending order of priority value. For records with
|
|
|
296 |
* equal priority move those with weight 0 to the top of the list.
|
|
|
297 |
*/
|
|
|
298 |
public int compareTo(Object o) {
|
|
|
299 |
SrvRecord that = (SrvRecord) o;
|
|
|
300 |
if (priority > that.priority) {
|
|
|
301 |
return 1; // this > that
|
|
|
302 |
} else if (priority < that.priority) {
|
|
|
303 |
return -1; // this < that
|
|
|
304 |
} else if (weight == 0 && that.weight != 0) {
|
|
|
305 |
return -1; // this < that
|
|
|
306 |
} else if (weight != 0 && that.weight == 0) {
|
|
|
307 |
return 1; // this > that
|
|
|
308 |
} else {
|
|
|
309 |
return 0; // this == that
|
|
|
310 |
}
|
|
|
311 |
}
|
|
|
312 |
}
|
|
|
313 |
}
|