--- a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java Tue Nov 11 09:07:58 2008 +0000
+++ b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java Wed Nov 12 16:00:22 2008 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -284,7 +284,8 @@
ByteArrayOutputStream bos = new ByteArrayOutputStream(100);
acceptSecContext(new ByteArrayInputStream(inTok, offset, len),
bos);
- return bos.toByteArray();
+ byte[] out = bos.toByteArray();
+ return (out.length == 0) ? null : out;
}
public void acceptSecContext(InputStream inStream,
--- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Tue Nov 11 09:07:58 2008 +0000
+++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Wed Nov 12 16:00:22 2008 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -413,13 +413,14 @@
// pull out the mechanism token
byte[] accept_token = targToken.getResponseToken();
if (accept_token == null) {
- // return wth failure
- throw new GSSException(errorCode, -1,
- "mechansim token from server is null");
+ if (!isMechContextEstablished()) {
+ // return with failure
+ throw new GSSException(errorCode, -1,
+ "mechanism token from server is null");
+ }
+ } else {
+ mechToken = GSS_initSecContext(accept_token);
}
-
- mechToken = GSS_initSecContext(accept_token);
-
// verify MIC
if (!GSSUtil.useMSInterop()) {
byte[] micToken = targToken.getMechListMIC();
@@ -428,7 +429,6 @@
"verification of MIC on MechList Failed!");
}
}
-
if (isMechContextEstablished()) {
state = STATE_DONE;
retVal = mechToken;
@@ -556,9 +556,6 @@
// get the token for mechanism
byte[] accept_token = GSS_acceptSecContext(mechToken);
- if (accept_token == null) {
- valid = false;
- }
// verify MIC
if (!GSSUtil.useMSInterop() && valid) {
--- a/jdk/test/sun/security/krb5/auto/Context.java Tue Nov 11 09:07:58 2008 +0000
+++ b/jdk/test/sun/security/krb5/auto/Context.java Wed Nov 12 16:00:22 2008 +0800
@@ -360,6 +360,10 @@
if (me.x.isEstablished()) {
me.f = true;
System.out.println(c.name + " side established");
+ if (input != null) {
+ throw new Exception("Context established but " +
+ "still receive token at " + c.name);
+ }
return null;
} else {
System.out.println(c.name + " call initSecContext");
@@ -374,6 +378,10 @@
if (me.x.isEstablished()) {
me.f = true;
System.out.println(s.name + " side established");
+ if (input != null) {
+ throw new Exception("Context established but " +
+ "still receive token at " + s.name);
+ }
return null;
} else {
System.out.println(s.name + " called acceptSecContext");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/NonMutualSpnego.java Wed Nov 12 16:00:22 2008 +0800
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6733095
+ * @summary Failure when SPNEGO request non-Mutual
+ */
+
+import sun.security.jgss.GSSUtil;
+
+public class NonMutualSpnego {
+
+ public static void main(String[] args)
+ throws Exception {
+
+ // Create and start the KDC
+ new OneKDC(null).writeJAASConf();
+ new NonMutualSpnego().go();
+ }
+
+ void go() throws Exception {
+ Context c = Context.fromJAAS("client");
+ Context s = Context.fromJAAS("server");
+
+ c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
+ c.x().requestMutualAuth(false);
+ s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);
+
+ Context.handshake(c, s);
+
+ Context.transmit("i say high --", c, s);
+ Context.transmit(" you say low", s, c);
+
+ c.dispose();
+ s.dispose();
+ }
+}