# HG changeset patch # User weijun # Date 1431997749 -28800 # Node ID 6ef1144fd56150b5f5f0160f19368a224cc9bbdd # Parent d34aad6e0365a9cdbb5daa05b3d778614ba9cd24 8077102: dns_lookup_realm should be false by default Reviewed-by: valeriep diff -r d34aad6e0365 -r 6ef1144fd561 jdk/src/java.security.jgss/share/classes/sun/security/krb5/Config.java --- a/jdk/src/java.security.jgss/share/classes/sun/security/krb5/Config.java Mon May 18 13:34:56 2015 -0700 +++ b/jdk/src/java.security.jgss/share/classes/sun/security/krb5/Config.java Tue May 19 09:09:09 2015 +0800 @@ -1085,27 +1085,30 @@ * Check if need to use DNS to locate Kerberos services for name. If not * defined, check dns_fallback, whose default value is true. */ - private boolean useDNS(String name) { + private boolean useDNS(String name, boolean defaultValue) { Boolean value = getBooleanObject("libdefaults", name); if (value != null) { return value.booleanValue(); - } else { - return getBooleanObject("libdefaults", "dns_fallback") != Boolean.FALSE; } + value = getBooleanObject("libdefaults", "dns_fallback"); + if (value != null) { + return value.booleanValue(); + } + return defaultValue; } /** * Check if need to use DNS to locate the KDC */ private boolean useDNS_KDC() { - return useDNS("dns_lookup_kdc"); + return useDNS("dns_lookup_kdc", true); } /* * Check if need to use DNS to locate the Realm */ private boolean useDNS_Realm() { - return useDNS("dns_lookup_realm"); + return useDNS("dns_lookup_realm", false); } /** diff -r d34aad6e0365 -r 6ef1144fd561 jdk/test/sun/security/krb5/config/ConfPlusProp.java --- a/jdk/test/sun/security/krb5/config/ConfPlusProp.java Mon May 18 13:34:56 2015 -0700 +++ b/jdk/test/sun/security/krb5/config/ConfPlusProp.java Tue May 19 09:09:09 2015 +0800 @@ -35,6 +35,12 @@ public class ConfPlusProp { Config config; public static void main(String[] args) throws Exception { + if (System.getenv("USERDNSDOMAIN") != null || + System.getenv("LOGONSERVER") != null) { + System.out.println( + "Looks like a Windows machine in a domain. Skip test."); + return; + } new ConfPlusProp().run(); } @@ -90,23 +96,8 @@ check("R2", "old"); check("R3", null); - int version = System.getProperty("java.version").charAt(2) - '0'; - System.out.println("JDK version is " + version); - - // Zero-config is supported since 1.7 - if (version >= 7) { - // Point to a non-existing file - System.setProperty("java.security.krb5.conf", "i-am-not-a file"); - refresh(); - - // Default realm might come from DNS - //checkDefaultRealm(null); - check("R1", null); - check("R2", null); - check("R3", null); - if (config.get("libdefaults", "forwardable") != null) { - throw new Exception("Extra config error"); - } + if (config.get("libdefaults", "forwardable") != null) { + throw new Exception("Extra config error"); } // Add prop @@ -136,14 +127,6 @@ check("R2", "k2"); check("R3", "k2"); - // Point to a non-existing file - System.setProperty("java.security.krb5.conf", "i-am-not-a file"); - refresh(); - - checkDefaultRealm("R2"); - check("R1", "k2"); - check("R2", "k2"); - check("R3", "k2"); if (config.get("libdefaults", "forwardable") != null) { throw new Exception("Extra config error"); } diff -r d34aad6e0365 -r 6ef1144fd561 jdk/test/sun/security/krb5/config/DNS.java --- a/jdk/test/sun/security/krb5/config/DNS.java Mon May 18 13:34:56 2015 -0700 +++ b/jdk/test/sun/security/krb5/config/DNS.java Tue May 19 09:09:09 2015 +0800 @@ -23,12 +23,22 @@ // See dns.sh. import sun.security.krb5.Config; +import sun.security.krb5.KrbException; public class DNS { public static void main(String[] args) throws Exception { System.setProperty("java.security.krb5.conf", - System.getProperty("test.src", ".") +"/nothing.conf"); + System.getProperty("test.src", ".") +"/no-such-file.conf"); Config config = Config.getInstance(); + try { + String r = config.getDefaultRealm(); + throw new Exception("What? There is a default realm " + r + "?"); + } catch (KrbException ke) { + ke.printStackTrace(); + if (ke.getCause() != null) { + throw new Exception("There should be no cause. Won't try DNS"); + } + } String kdcs = config.getKDCList("X"); if (!kdcs.equals("a.com.:88 b.com.:99") && !kdcs.equals("a.com. b.com.:99")) { diff -r d34aad6e0365 -r 6ef1144fd561 jdk/test/sun/security/krb5/config/DnsFallback.java --- a/jdk/test/sun/security/krb5/config/DnsFallback.java Mon May 18 13:34:56 2015 -0700 +++ b/jdk/test/sun/security/krb5/config/DnsFallback.java Tue May 19 09:09:09 2015 +0800 @@ -22,8 +22,7 @@ */ /* * @test - * @bug 6673164 - * @bug 6552334 + * @bug 6673164 6552334 8077102 * @run main/othervm DnsFallback * @summary fix dns_fallback parse error, and use dns by default */ @@ -35,47 +34,66 @@ public class DnsFallback { static Method useDNS_Realm; + static Method useDNS_KDC; public static void main(String[] args) throws Exception { useDNS_Realm = Config.class.getDeclaredMethod("useDNS_Realm"); useDNS_Realm.setAccessible(true); + useDNS_KDC = Config.class.getDeclaredMethod("useDNS_KDC"); + useDNS_KDC.setAccessible(true); // for 6673164 - check("true", "true", true); - check("false", "true", false); - check("true", "false", true); - check("false", "false", false); - check("true", null, true); - check("false", null, false); - check(null, "true", true); - check(null, "false", false); + check("true", "true", true, true); + check("false", "true", false, false); + check("true", "false", true, true); + check("false", "false", false, false); + check("true", null, true, true); + check("false", null, false, false); + check(null, "true", true, true); + check(null, "false", false, false); - // for 6552334 - check(null, null, true); + // for 6552334, no longer true + //check(null, null, true, true); + + // 8077102 + check(null, null, false, true); } - static void check(String realm, String fallback, boolean output) + /** + * Sets and checks. + * + * @param u dns_lookup_XXX value set, none if null + * @param f dns_fallback value set, none if null + * @param r expected useDNS_Realm + * @param k expected useDNS_KDC + */ + static void check(String u, String f, boolean r, boolean k) throws Exception { try (PrintStream ps = new PrintStream(new FileOutputStream("dnsfallback.conf"))) { ps.println("[libdefaults]\n"); - if (realm != null) { - ps.println("dns_lookup_realm=" + realm); + if (u != null) { + ps.println("dns_lookup_realm=" + u); + ps.println("dns_lookup_kdc=" + u); } - if (fallback != null) { - ps.println("dns_fallback=" + fallback); + if (f != null) { + ps.println("dns_fallback=" + f); } } System.setProperty("java.security.krb5.conf", "dnsfallback.conf"); Config.refresh(); - System.out.println("Testing " + realm + ", " + fallback + ", " + output); + System.out.println("Testing " + u + ", " + f + ", " + r + ", " + k); - if (!useDNS_Realm.invoke(Config.getInstance()).equals(output)) { - throw new Exception("Fail"); + if (!useDNS_Realm.invoke(Config.getInstance()).equals(r)) { + throw new Exception("useDNS_Realm Fail"); + } + + if (!useDNS_KDC.invoke(Config.getInstance()).equals(k)) { + throw new Exception("useDNS_KDC Fail"); } } } diff -r d34aad6e0365 -r 6ef1144fd561 jdk/test/sun/security/krb5/config/confplusprop.conf --- a/jdk/test/sun/security/krb5/config/confplusprop.conf Mon May 18 13:34:56 2015 -0700 +++ b/jdk/test/sun/security/krb5/config/confplusprop.conf Tue May 19 09:09:09 2015 +0800 @@ -1,7 +1,7 @@ [libdefaults] default_realm = R1 forwardable = well -dns_lookup_realm = false +dns_lookup_kdc = false [realms] R1 = { diff -r d34aad6e0365 -r 6ef1144fd561 jdk/test/sun/security/krb5/config/confplusprop2.conf --- a/jdk/test/sun/security/krb5/config/confplusprop2.conf Mon May 18 13:34:56 2015 -0700 +++ b/jdk/test/sun/security/krb5/config/confplusprop2.conf Tue May 19 09:09:09 2015 +0800 @@ -1,5 +1,5 @@ [libdefaults] -dns_lookup_realm = false +dns_lookup_kdc = false [realms] R1 = {