8009875: Provide a default udp_preference_limit for krb5.conf
Reviewed-by: valeriep
--- a/jdk/src/share/classes/sun/security/krb5/KdcComm.java Sat Mar 23 11:49:28 2013 +0800
+++ b/jdk/src/share/classes/sun/security/krb5/KdcComm.java Sat Mar 23 11:49:39 2013 +0800
@@ -138,7 +138,7 @@
int timeout = -1;
int max_retries = -1;
- int udf_pref_limit = -1;
+ int udp_pref_limit = -1;
try {
Config cfg = Config.getInstance();
@@ -147,7 +147,7 @@
temp = cfg.get("libdefaults", "max_retries");
max_retries = parsePositiveIntString(temp);
temp = cfg.get("libdefaults", "udp_preference_limit");
- udf_pref_limit = parsePositiveIntString(temp);
+ udp_pref_limit = parsePositiveIntString(temp);
} catch (Exception exc) {
// ignore any exceptions; use default values
if (DEBUG) {
@@ -159,7 +159,14 @@
defaultKdcTimeout = timeout > 0 ? timeout : 30*1000; // 30 seconds
defaultKdcRetryLimit =
max_retries > 0 ? max_retries : Krb5.KDC_RETRY_LIMIT;
- defaultUdpPrefLimit = udf_pref_limit;
+
+ if (udp_pref_limit < 0) {
+ defaultUdpPrefLimit = Krb5.KDC_DEFAULT_UDP_PREF_LIMIT;
+ } else if (udp_pref_limit > Krb5.KDC_HARD_UDP_LIMIT) {
+ defaultUdpPrefLimit = Krb5.KDC_HARD_UDP_LIMIT;
+ } else {
+ defaultUdpPrefLimit = udp_pref_limit;
+ }
KdcAccessibility.reset();
}
--- a/jdk/src/share/classes/sun/security/krb5/internal/Krb5.java Sat Mar 23 11:49:28 2013 +0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/Krb5.java Sat Mar 23 11:49:39 2013 +0800
@@ -130,6 +130,8 @@
// number of retries before giving up
public static final int KDC_RETRY_LIMIT = 3;
+ public static final int KDC_DEFAULT_UDP_PREF_LIMIT = 1465;
+ public static final int KDC_HARD_UDP_LIMIT = 32700;
//OSI authentication mechanism OID
--- a/jdk/test/sun/security/krb5/auto/KDC.java Sat Mar 23 11:49:28 2013 +0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Sat Mar 23 11:49:39 2013 +0800
@@ -923,29 +923,29 @@
pas2 = new DerValue[] {
new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
- new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
+ new DerValue(new ETypeInfo2(1, realm, new byte[]{1}).asn1Encode()),
};
pas = new DerValue[] {
new DerValue(new ETypeInfo(1, null).asn1Encode()),
new DerValue(new ETypeInfo(1, "").asn1Encode()),
- new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+ new DerValue(new ETypeInfo(1, realm).asn1Encode()),
};
break;
case 2: // we still reject non-null s2kparams and prefer E2 over E
pas2 = new DerValue[] {
- new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
+ new DerValue(new ETypeInfo2(1, realm, new byte[]{1}).asn1Encode()),
new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
};
pas = new DerValue[] {
- new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+ new DerValue(new ETypeInfo(1, realm).asn1Encode()),
new DerValue(new ETypeInfo(1, null).asn1Encode()),
new DerValue(new ETypeInfo(1, "").asn1Encode()),
};
break;
case 3: // but only E is wrong
pas = new DerValue[] {
- new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+ new DerValue(new ETypeInfo(1, realm).asn1Encode()),
new DerValue(new ETypeInfo(1, null).asn1Encode()),
new DerValue(new ETypeInfo(1, "").asn1Encode()),
};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/DefUdpLimit.java Sat Mar 23 11:49:39 2013 +0800
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8009875
+ * @summary Provide a default udp_preference_limit for krb5.conf
+ * @compile -XDignore.symbol.file DefUdpLimit.java
+ * @run main/othervm DefUdpLimit -1 1465
+ * @run main/othervm DefUdpLimit 0 0
+ * @run main/othervm DefUdpLimit 1234 1234
+ * @run main/othervm DefUdpLimit 12345 12345
+ * @run main/othervm DefUdpLimit 123456 32700
+ *
+ */
+
+import sun.security.krb5.KdcComm;
+
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+public class DefUdpLimit {
+
+ public static void main(String[] args) throws Exception {
+ int set = Integer.valueOf(args[0]);
+ int expected = Integer.valueOf(args[1]);
+ Field f = KdcComm.class.getDeclaredField("defaultUdpPrefLimit");
+ f.setAccessible(true);
+ writeConf(set);
+ int actual = (Integer)f.get(null);
+ if (actual != expected) {
+ throw new Exception("Expected: " + expected + ", get " + actual);
+ }
+ }
+
+ static void writeConf(int i) throws Exception {
+ String file = "krb5.conf." + i;
+ String content = "[libdefaults]\n";
+ if (i >= 0) {
+ content += "udp_preference_limit = " + i;
+ }
+ Files.write(Paths.get(file), content.getBytes());
+ System.setProperty("java.security.krb5.conf", file);
+ }
+}
+