--- a/jdk/src/share/classes/sun/security/krb5/Config.java Mon Jul 20 17:16:34 2009 -0400
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java Wed Jul 22 16:39:34 2009 +0800
@@ -70,7 +70,12 @@
private static final int BASE16_1 = 16;
private static final int BASE16_2 = 16 * 16;
private static final int BASE16_3 = 16 * 16 * 16;
- private String defaultRealm; // default kdc realm.
+
+ /**
+ * Specified by system properties. Must be both null or non-null.
+ */
+ private final String defaultRealm;
+ private final String defaultKDC;
// used for native interface
private static native String getWindowsDirectory(boolean isSystem);
@@ -81,9 +86,8 @@
* singleton) is returned.
*
* @exception KrbException if error occurs when constructing a Config
- * instance. Possible causes would be configuration file not
- * found, either of java.security.krb5.realm or java.security.krb5.kdc
- * not specified, error reading configuration file.
+ * instance. Possible causes would be either of java.security.krb5.realm or
+ * java.security.krb5.kdc not specified, error reading configuration file.
*/
public static synchronized Config getInstance() throws KrbException {
if (singleton == null) {
@@ -98,9 +102,8 @@
* the java.security.krb5.* system properties again.
*
* @exception KrbException if error occurs when constructing a Config
- * instance. Possible causes would be configuration file not
- * found, either of java.security.krb5.realm or java.security.krb5.kdc
- * not specified, error reading configuration file.
+ * instance. Possible causes would be either of java.security.krb5.realm or
+ * java.security.krb5.kdc not specified, error reading configuration file.
*/
public static synchronized void refresh() throws KrbException {
@@ -114,56 +117,37 @@
*/
private Config() throws KrbException {
/*
- * If these two system properties are being specified by the user,
- * we ignore configuration file. If either one system property is
- * specified, we throw exception. If neither of them are specified,
- * we load the information from configuration file.
+ * If either one system property is specified, we throw exception.
*/
- String kdchost =
+ String tmp =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.kdc"));
+ if (tmp != null) {
+ // The user can specify a list of kdc hosts separated by ":"
+ defaultKDC = tmp.replace(':', ' ');
+ } else {
+ defaultKDC = null;
+ }
defaultRealm =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.realm"));
- if ((kdchost == null && defaultRealm != null) ||
- (defaultRealm == null && kdchost != null)) {
+ if ((defaultKDC == null && defaultRealm != null) ||
+ (defaultRealm == null && defaultKDC != null)) {
throw new KrbException
("System property java.security.krb5.kdc and " +
"java.security.krb5.realm both must be set or " +
"neither must be set.");
}
- // Read the Kerberos configuration file
+ // Always read the Kerberos configuration file
try {
Vector<String> configFile;
configFile = loadConfigFile();
stanzaTable = parseStanzaTable(configFile);
} catch (IOException ioe) {
- // No krb5.conf, no problem. We'll use DNS etc.
- }
-
- if (kdchost != null) {
- /*
- * If configuration information is only specified by
- * properties java.security.krb5.kdc and
- * java.security.krb5.realm, we put both in the hashtable
- * under [libdefaults].
- */
- if (stanzaTable == null) {
- stanzaTable = new Hashtable<String,Object> ();
- }
- Hashtable<String,String> kdcs =
- (Hashtable<String,String>)stanzaTable.get("libdefaults");
- if (kdcs == null) {
- kdcs = new Hashtable<String,String> ();
- stanzaTable.put("libdefaults", kdcs);
- }
- kdcs.put("default_realm", defaultRealm);
- // The user can specify a list of kdc hosts separated by ":"
- kdchost = kdchost.replace(':', ' ');
- kdcs.put("kdc", kdchost);
+ // No krb5.conf, no problem. We'll use DNS or system property etc.
}
}
@@ -295,19 +279,6 @@
String result = null;
Hashtable subTable;
- /*
- * In the situation when kdc is specified by
- * java.security.krb5.kdc, we get the kdc from [libdefaults] in
- * hashtable.
- */
- if (name.equalsIgnoreCase("kdc") &&
- (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
- (java.security.AccessController.doPrivileged(
- new sun.security.action.
- GetPropertyAction("java.security.krb5.kdc")) != null)) {
- result = getDefault("kdc", "libdefaults");
- return result;
- }
if (stanzaTable != null) {
for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) {
stanzaName = (String)e.nextElement();
@@ -1035,13 +1006,13 @@
/**
* Resets the default kdc realm.
* We do not need to synchronize these methods since assignments are atomic
+ *
+ * This method was useless. Kept here in case some class still calls it.
*/
public void resetDefaultRealm(String realm) {
- defaultRealm = realm;
if (DEBUG) {
- System.out.println(">>> Config reset default kdc " + defaultRealm);
+ System.out.println(">>> Config try resetting default kdc " + realm);
}
-
}
/**
@@ -1098,6 +1069,9 @@
* @return the default realm, always non null
*/
public String getDefaultRealm() throws KrbException {
+ if (defaultRealm != null) {
+ return defaultRealm;
+ }
Exception cause = null;
String realm = getDefault("default_realm", "libdefaults");
if ((realm == null) && useDNS_Realm()) {
@@ -1142,6 +1116,9 @@
if (realm == null) {
realm = getDefaultRealm();
}
+ if (realm.equalsIgnoreCase(defaultRealm)) {
+ return defaultKDC;
+ }
Exception cause = null;
String kdcs = getDefault("kdc", realm);
if ((kdcs == null) && useDNS_KDC()) {
@@ -1171,6 +1148,9 @@
});
}
if (kdcs == null) {
+ if (defaultKDC != null) {
+ return defaultKDC;
+ }
KrbException ke = new KrbException("Cannot locate KDC");
if (cause != null) {
ke.initCause(cause);
--- a/jdk/src/share/classes/sun/security/krb5/KrbApReq.java Mon Jul 20 17:16:34 2009 -0400
+++ b/jdk/src/share/classes/sun/security/krb5/KrbApReq.java Wed Jul 22 16:39:34 2009 +0800
@@ -294,8 +294,6 @@
apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
- Config.getInstance().resetDefaultRealm(apReqMessg.ticket.realm.toString());
-
if (!authenticator.cname.equals(enc_ticketPart.cname))
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
--- a/jdk/test/sun/security/krb5/ConfPlusProp.java Mon Jul 20 17:16:34 2009 -0400
+++ b/jdk/test/sun/security/krb5/ConfPlusProp.java Wed Jul 22 16:39:34 2009 +0800
@@ -23,31 +23,56 @@
/*
* @test
* @bug 6857795
+ * @buf 6858589
* @summary krb5.conf ignored if system properties on realm and kdc are provided
*/
import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;
public class ConfPlusProp {
+ Config config;
public static void main(String[] args) throws Exception {
- System.setProperty("java.security.krb5.realm", "R2");
- System.setProperty("java.security.krb5.kdc", "k2");
+ new ConfPlusProp().run();
+ }
+
+ void refresh() throws Exception {
+ Config.refresh();
+ config = Config.getInstance();
+ }
+
+ void checkDefaultRealm(String r) throws Exception {
+ try {
+ if (!config.getDefaultRealm().equals(r)) {
+ throw new AssertionError("Default realm error");
+ }
+ } catch (Exception e) {
+ if (r != null) throw e;
+ }
+ }
+
+ void check(String r, String k) throws Exception {
+ try {
+ if (!config.getKDCList(r).equals(k)) {
+ throw new AssertionError(r + " kdc not " + k);
+ }
+ } catch (Exception e) {
+ if (k != null) throw e;
+ }
+ }
+
+ void run() throws Exception {
+
+ // No prop, only conf
// Point to a file with existing default_realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop.conf");
- Config config = Config.getInstance();
+ refresh();
- if (!config.getDefaultRealm().equals("R2")) {
- throw new Exception("Default realm error");
- }
- if (!config.getKDCList("R1").equals("k1")) {
- throw new Exception("R1 kdc error");
- }
- if (!config.getKDCList("R2").equals("k2")) {
- throw new Exception("R2 kdc error");
- }
+ checkDefaultRealm("R1");
+ check("R1", "k1");
+ check("R2", "old");
+ check("R3", null);
if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
throw new Exception("Extra config error");
}
@@ -55,38 +80,66 @@
// Point to a file with no libdefaults
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop2.conf");
- Config.refresh();
+ refresh();
+
+ checkDefaultRealm(null);
+ check("R1", "k12");
+ check("R2", "old");
+ check("R3", null);
+
+ int version = System.getProperty("java.version").charAt(2) - '0';
+ System.out.println("JDK version is " + version);
- config = Config.getInstance();
+ // Zero-config is supported since 1.7
+ if (version >= 7) {
+ // Point to a non-existing file
+ System.setProperty("java.security.krb5.conf", "i-am-not-a file");
+ refresh();
- if (!config.getDefaultRealm().equals("R2")) {
- throw new Exception("Default realm error again");
+ checkDefaultRealm(null);
+ check("R1", null);
+ check("R2", null);
+ check("R3", null);
+ if (config.getDefault("forwardable", "libdefaults") != null) {
+ throw new Exception("Extra config error");
+ }
}
- if (!config.getKDCList("R1").equals("k12")) {
- throw new Exception("R1 kdc error");
+
+ // Add prop
+ System.setProperty("java.security.krb5.realm", "R2");
+ System.setProperty("java.security.krb5.kdc", "k2");
+
+ // Point to a file with existing default_realm
+ System.setProperty("java.security.krb5.conf",
+ System.getProperty("test.src", ".") +"/confplusprop.conf");
+ refresh();
+
+ checkDefaultRealm("R2");
+ check("R1", "k1");
+ check("R2", "k2");
+ check("R3", "k2");
+ if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
+ throw new Exception("Extra config error");
}
- if (!config.getKDCList("R2").equals("k2")) {
- throw new Exception("R2 kdc error");
- }
+
+ // Point to a file with no libdefaults
+ System.setProperty("java.security.krb5.conf",
+ System.getProperty("test.src", ".") +"/confplusprop2.conf");
+ refresh();
+
+ checkDefaultRealm("R2");
+ check("R1", "k12");
+ check("R2", "k2");
+ check("R3", "k2");
// Point to a non-existing file
System.setProperty("java.security.krb5.conf", "i-am-not-a file");
- Config.refresh();
-
- config = Config.getInstance();
+ refresh();
- if (!config.getDefaultRealm().equals("R2")) {
- throw new Exception("Default realm error");
- }
- try {
- config.getKDCList("R1");
- throw new Exception("R1 is nowhere");
- } catch (KrbException ke) {
- // OK
- }
- if (!config.getKDCList("R2").equals("k2")) {
- throw new Exception("R2 kdc error");
- }
+ checkDefaultRealm("R2");
+ check("R1", "k2");
+ check("R2", "k2");
+ check("R3", "k2");
if (config.getDefault("forwardable", "libdefaults") != null) {
throw new Exception("Extra config error");
}