--- a/jdk/test/sun/security/krb5/auto/KDC.java Thu Jun 04 15:29:23 2015 +0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Thu Jun 04 15:29:29 2015 +0800
@@ -205,6 +205,10 @@
* Sensitive accounts can never be delegated.
*/
SENSITIVE_ACCOUNTS,
+ /**
+ * If true, will check if TGS-REQ contains a non-null addresses field.
+ */
+ CHECK_ADDRESSES,
};
static {
@@ -734,6 +738,11 @@
bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
}
}
+ if (options.containsKey(Option.CHECK_ADDRESSES)
+ && body.kdcOptions.get(KDCOptions.FORWARDED)
+ && body.addresses == null) {
+ throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+ }
if (body.kdcOptions.get(KDCOptions.FORWARDED) ||
etp.flags.get(Krb5.TKT_OPTS_FORWARDED)) {
bFlags[Krb5.TKT_OPTS_FORWARDED] = true;
@@ -800,10 +809,8 @@
new KerberosTime(new Date()),
body.from,
till, body.rtime,
- body.addresses != null // always set caddr
- ? body.addresses
- : new HostAddresses(
- new InetAddress[]{InetAddress.getLocalHost()}),
+ body.addresses != null ? body.addresses
+ : etp.caddr,
null);
EncryptionKey skey = keyForUser(service, e3, true);
if (skey == null) {
@@ -826,10 +833,7 @@
body.from,
till, body.rtime,
service,
- body.addresses != null // always set caddr
- ? body.addresses
- : new HostAddresses(
- new InetAddress[]{InetAddress.getLocalHost()})
+ body.addresses
);
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
TGSRep tgsRep = new TGSRep(null,