8009875: Provide a default udp_preference_limit for krb5.conf
authorweijun
Sat, 23 Mar 2013 11:49:39 +0800
changeset 16504 1e8ff2df7152
parent 16503 03d7a6155092
child 16505 bdc5cd3377a4
8009875: Provide a default udp_preference_limit for krb5.conf Reviewed-by: valeriep
jdk/src/share/classes/sun/security/krb5/KdcComm.java
jdk/src/share/classes/sun/security/krb5/internal/Krb5.java
jdk/test/sun/security/krb5/auto/KDC.java
jdk/test/sun/security/krb5/config/DefUdpLimit.java
--- a/jdk/src/share/classes/sun/security/krb5/KdcComm.java	Sat Mar 23 11:49:28 2013 +0800
+++ b/jdk/src/share/classes/sun/security/krb5/KdcComm.java	Sat Mar 23 11:49:39 2013 +0800
@@ -138,7 +138,7 @@
 
         int timeout = -1;
         int max_retries = -1;
-        int udf_pref_limit = -1;
+        int udp_pref_limit = -1;
 
         try {
             Config cfg = Config.getInstance();
@@ -147,7 +147,7 @@
             temp = cfg.get("libdefaults", "max_retries");
             max_retries = parsePositiveIntString(temp);
             temp = cfg.get("libdefaults", "udp_preference_limit");
-            udf_pref_limit = parsePositiveIntString(temp);
+            udp_pref_limit = parsePositiveIntString(temp);
         } catch (Exception exc) {
            // ignore any exceptions; use default values
            if (DEBUG) {
@@ -159,7 +159,14 @@
         defaultKdcTimeout = timeout > 0 ? timeout : 30*1000; // 30 seconds
         defaultKdcRetryLimit =
                 max_retries > 0 ? max_retries : Krb5.KDC_RETRY_LIMIT;
-        defaultUdpPrefLimit = udf_pref_limit;
+
+        if (udp_pref_limit < 0) {
+            defaultUdpPrefLimit = Krb5.KDC_DEFAULT_UDP_PREF_LIMIT;
+        } else if (udp_pref_limit > Krb5.KDC_HARD_UDP_LIMIT) {
+            defaultUdpPrefLimit = Krb5.KDC_HARD_UDP_LIMIT;
+        } else {
+            defaultUdpPrefLimit = udp_pref_limit;
+        }
 
         KdcAccessibility.reset();
     }
--- a/jdk/src/share/classes/sun/security/krb5/internal/Krb5.java	Sat Mar 23 11:49:28 2013 +0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/Krb5.java	Sat Mar 23 11:49:39 2013 +0800
@@ -130,6 +130,8 @@
     // number of retries before giving up
 
     public static final int KDC_RETRY_LIMIT = 3;
+    public static final int KDC_DEFAULT_UDP_PREF_LIMIT = 1465;
+    public static final int KDC_HARD_UDP_LIMIT = 32700;
 
     //OSI authentication mechanism OID
 
--- a/jdk/test/sun/security/krb5/auto/KDC.java	Sat Mar 23 11:49:28 2013 +0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java	Sat Mar 23 11:49:39 2013 +0800
@@ -923,29 +923,29 @@
                         pas2 = new DerValue[] {
                             new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
                             new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
-                            new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
+                            new DerValue(new ETypeInfo2(1, realm, new byte[]{1}).asn1Encode()),
                         };
                         pas = new DerValue[] {
                             new DerValue(new ETypeInfo(1, null).asn1Encode()),
                             new DerValue(new ETypeInfo(1, "").asn1Encode()),
-                            new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+                            new DerValue(new ETypeInfo(1, realm).asn1Encode()),
                         };
                         break;
                     case 2:     // we still reject non-null s2kparams and prefer E2 over E
                         pas2 = new DerValue[] {
-                            new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
+                            new DerValue(new ETypeInfo2(1, realm, new byte[]{1}).asn1Encode()),
                             new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
                             new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
                         };
                         pas = new DerValue[] {
-                            new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+                            new DerValue(new ETypeInfo(1, realm).asn1Encode()),
                             new DerValue(new ETypeInfo(1, null).asn1Encode()),
                             new DerValue(new ETypeInfo(1, "").asn1Encode()),
                         };
                         break;
                     case 3:     // but only E is wrong
                         pas = new DerValue[] {
-                            new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+                            new DerValue(new ETypeInfo(1, realm).asn1Encode()),
                             new DerValue(new ETypeInfo(1, null).asn1Encode()),
                             new DerValue(new ETypeInfo(1, "").asn1Encode()),
                         };
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/DefUdpLimit.java	Sat Mar 23 11:49:39 2013 +0800
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8009875
+ * @summary Provide a default udp_preference_limit for krb5.conf
+ * @compile -XDignore.symbol.file DefUdpLimit.java
+ * @run main/othervm DefUdpLimit -1 1465
+ * @run main/othervm DefUdpLimit 0 0
+ * @run main/othervm DefUdpLimit 1234 1234
+ * @run main/othervm DefUdpLimit 12345 12345
+ * @run main/othervm DefUdpLimit 123456 32700
+ *
+ */
+
+import sun.security.krb5.KdcComm;
+
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+public class DefUdpLimit {
+
+    public static void main(String[] args) throws Exception {
+        int set = Integer.valueOf(args[0]);
+        int expected = Integer.valueOf(args[1]);
+        Field f = KdcComm.class.getDeclaredField("defaultUdpPrefLimit");
+        f.setAccessible(true);
+        writeConf(set);
+        int actual = (Integer)f.get(null);
+        if (actual != expected) {
+            throw new Exception("Expected: " + expected + ", get " + actual);
+        }
+    }
+
+    static void writeConf(int i) throws Exception {
+        String file = "krb5.conf." + i;
+        String content = "[libdefaults]\n";
+        if (i >= 0) {
+            content += "udp_preference_limit = " + i;
+        }
+        Files.write(Paths.get(file), content.getBytes());
+        System.setProperty("java.security.krb5.conf", file);
+    }
+}
+