8002344: Krb5LoginModule config class does not return proper KDC list from DNS
Reviewed-by: weijun
Contributed-by: Severin Gehwolf <sgehwolf@redhat.com>, Wang Weijun <weijun.wang@oracle.com>
--- a/jdk/src/share/classes/sun/security/krb5/Config.java Sun Nov 18 01:31:44 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java Mon Nov 19 11:13:08 2012 +0800
@@ -1123,7 +1123,7 @@
*/
private String getKDCFromDNS(String realm) throws KrbException {
// use DNS to locate KDC
- String kdcs = null;
+ String kdcs = "";
String[] srvs = null;
// locate DNS SRV record using UDP
if (DEBUG) {
@@ -1133,7 +1133,7 @@
if (srvs == null) {
// locate DNS SRV record using TCP
if (DEBUG) {
- System.out.println("getKDCFromDNS using UDP");
+ System.out.println("getKDCFromDNS using TCP");
}
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
}
@@ -1142,14 +1142,15 @@
throw new KrbException(Krb5.KRB_ERR_GENERIC,
"Unable to locate KDC for realm " + realm);
}
+ if (srvs.length == 0) {
+ return null;
+ }
for (int i = 0; i < srvs.length; i++) {
- String value = srvs[i];
- for (int j = 0; j < srvs[i].length(); j++) {
- // filter the KDC name
- if (value.charAt(j) == ':') {
- kdcs = (value.substring(0, j)).trim();
- }
- }
+ kdcs += srvs[i].trim() + " ";
+ }
+ kdcs = kdcs.trim();
+ if (kdcs.equals("")) {
+ return null;
}
return kdcs;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/DNS.java Mon Nov 19 11:13:08 2012 +0800
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// See dns.sh.
+import sun.security.krb5.Config;
+
+public class DNS {
+ public static void main(String[] args) throws Exception {
+ System.setProperty("java.security.krb5.conf",
+ System.getProperty("test.src", ".") +"/nothing.conf");
+ Config config = Config.getInstance();
+ String kdcs = config.getKDCList("X");
+ if (!kdcs.equals("a.com.:88 b.com.:99") &&
+ !kdcs.equals("a.com. b.com.:99")) {
+ throw new Exception("Strange KDC: [" + kdcs + "]");
+ };
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/NamingManager.java Mon Nov 19 11:13:08 2012 +0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package javax.naming.spi;
+
+import com.sun.jndi.dns.DnsContext;
+import java.util.Hashtable;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+/**
+ * A fake javax.naming.spi.NamingManager. It allows reading a DNS
+ * record without contacting a real server.
+ *
+ * See DNS.java and dns.sh.
+ */
+public class NamingManager {
+ NamingManager() {}
+ public static Context getURLContext(
+ String scheme, Hashtable<?,?> environment)
+ throws NamingException {
+ return new DnsContext("", null, new Hashtable<String,String>()) {
+ public Attributes getAttributes(String name, String[] attrIds)
+ throws NamingException {
+ return new BasicAttributes() {
+ public Attribute get(String attrID) {
+ BasicAttribute ba = new BasicAttribute(attrID);
+ ba.add("1 1 99 b.com.");
+ ba.add("0 0 88 a.com."); // 2nd has higher priority
+ return ba;
+ }
+ };
+ }
+ };
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/dns.sh Mon Nov 19 11:13:08 2012 +0800
@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8002344
+# @summary Krb5LoginModule config class does not return proper KDC list from DNS
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+if [ "${TESTSRC}" = "" ] ; then
+ TESTSRC="."
+fi
+
+$TESTJAVA/bin/javac -d . \
+ ${TESTSRC}/NamingManager.java ${TESTSRC}/DNS.java
+$TESTJAVA/bin/java -Xbootclasspath/p:. DNS
+