6857795: krb5.conf ignored if system properties on realm and kdc are provided
Reviewed-by: xuelei
--- a/jdk/src/share/classes/sun/security/krb5/Config.java Wed Jul 08 12:07:16 2009 +0800
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java Wed Jul 08 12:07:43 2009 +0800
@@ -123,7 +123,7 @@
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.kdc"));
- defaultRealm =
+ defaultRealm =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.realm"));
@@ -134,6 +134,16 @@
"java.security.krb5.realm both must be set or " +
"neither must be set.");
}
+
+ // Read the Kerberos configuration file
+ try {
+ Vector<String> configFile;
+ configFile = loadConfigFile();
+ stanzaTable = parseStanzaTable(configFile);
+ } catch (IOException ioe) {
+ // No krb5.conf, no problem. We'll use DNS etc.
+ }
+
if (kdchost != null) {
/*
* If configuration information is only specified by
@@ -141,22 +151,19 @@
* java.security.krb5.realm, we put both in the hashtable
* under [libdefaults].
*/
- Hashtable<String,String> kdcs = new Hashtable<String,String> ();
+ if (stanzaTable == null) {
+ stanzaTable = new Hashtable<String,Object> ();
+ }
+ Hashtable<String,String> kdcs =
+ (Hashtable<String,String>)stanzaTable.get("libdefaults");
+ if (kdcs == null) {
+ kdcs = new Hashtable<String,String> ();
+ stanzaTable.put("libdefaults", kdcs);
+ }
kdcs.put("default_realm", defaultRealm);
// The user can specify a list of kdc hosts separated by ":"
kdchost = kdchost.replace(':', ' ');
kdcs.put("kdc", kdchost);
- stanzaTable = new Hashtable<String,Object> ();
- stanzaTable.put("libdefaults", kdcs);
- } else {
- // Read the Kerberos configuration file
- try {
- Vector<String> configFile;
- configFile = loadConfigFile();
- stanzaTable = parseStanzaTable(configFile);
- } catch (IOException ioe) {
- // No krb5.conf, no problem. We'll use DNS etc.
- }
}
}
@@ -294,7 +301,7 @@
* hashtable.
*/
if (name.equalsIgnoreCase("kdc") &&
- (!section.equalsIgnoreCase("libdefaults")) &&
+ (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
(java.security.AccessController.doPrivileged(
new sun.security.action.
GetPropertyAction("java.security.krb5.kdc")) != null)) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/ConfPlusProp.java Wed Jul 08 12:07:43 2009 +0800
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6857795
+ * @summary krb5.conf ignored if system properties on realm and kdc are provided
+ */
+
+import sun.security.krb5.Config;
+import sun.security.krb5.KrbException;
+
+public class ConfPlusProp {
+ public static void main(String[] args) throws Exception {
+ System.setProperty("java.security.krb5.realm", "R2");
+ System.setProperty("java.security.krb5.kdc", "k2");
+
+ // Point to a file with existing default_realm
+ System.setProperty("java.security.krb5.conf",
+ System.getProperty("test.src", ".") +"/confplusprop.conf");
+ Config config = Config.getInstance();
+
+ if (!config.getDefaultRealm().equals("R2")) {
+ throw new Exception("Default realm error");
+ }
+ if (!config.getKDCList("R1").equals("k1")) {
+ throw new Exception("R1 kdc error");
+ }
+ if (!config.getKDCList("R2").equals("k2")) {
+ throw new Exception("R2 kdc error");
+ }
+ if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
+ throw new Exception("Extra config error");
+ }
+
+ // Point to a file with no libdefaults
+ System.setProperty("java.security.krb5.conf",
+ System.getProperty("test.src", ".") +"/confplusprop2.conf");
+ Config.refresh();
+
+ config = Config.getInstance();
+
+ if (!config.getDefaultRealm().equals("R2")) {
+ throw new Exception("Default realm error again");
+ }
+ if (!config.getKDCList("R1").equals("k12")) {
+ throw new Exception("R1 kdc error");
+ }
+ if (!config.getKDCList("R2").equals("k2")) {
+ throw new Exception("R2 kdc error");
+ }
+
+ // Point to a non-existing file
+ System.setProperty("java.security.krb5.conf", "i-am-not-a file");
+ Config.refresh();
+
+ config = Config.getInstance();
+
+ if (!config.getDefaultRealm().equals("R2")) {
+ throw new Exception("Default realm error");
+ }
+ try {
+ config.getKDCList("R1");
+ throw new Exception("R1 is nowhere");
+ } catch (KrbException ke) {
+ // OK
+ }
+ if (!config.getKDCList("R2").equals("k2")) {
+ throw new Exception("R2 kdc error");
+ }
+ if (config.getDefault("forwardable", "libdefaults") != null) {
+ throw new Exception("Extra config error");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/confplusprop.conf Wed Jul 08 12:07:43 2009 +0800
@@ -0,0 +1,11 @@
+[libdefaults]
+default_realm = R1
+forwardable = well
+
+[realms]
+R1 = {
+ kdc = k1
+}
+R2 = {
+ kdc = old
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/confplusprop2.conf Wed Jul 08 12:07:43 2009 +0800
@@ -0,0 +1,7 @@
+[realms]
+R1 = {
+ kdc = k12
+}
+R2 = {
+ kdc = old
+}