8002344: Krb5LoginModule config class does not return proper KDC list from DNS
authorweijun
Mon, 19 Nov 2012 11:13:08 +0800
changeset 14515 f67149f8daf6
parent 14514 46a8ed03c7fc
child 14516 51de2e3a1037
8002344: Krb5LoginModule config class does not return proper KDC list from DNS Reviewed-by: weijun Contributed-by: Severin Gehwolf <sgehwolf@redhat.com>, Wang Weijun <weijun.wang@oracle.com>
jdk/src/share/classes/sun/security/krb5/Config.java
jdk/test/sun/security/krb5/config/DNS.java
jdk/test/sun/security/krb5/config/NamingManager.java
jdk/test/sun/security/krb5/config/dns.sh
--- a/jdk/src/share/classes/sun/security/krb5/Config.java	Sun Nov 18 01:31:44 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java	Mon Nov 19 11:13:08 2012 +0800
@@ -1123,7 +1123,7 @@
      */
     private String getKDCFromDNS(String realm) throws KrbException {
         // use DNS to locate KDC
-        String kdcs = null;
+        String kdcs = "";
         String[] srvs = null;
         // locate DNS SRV record using UDP
         if (DEBUG) {
@@ -1133,7 +1133,7 @@
         if (srvs == null) {
             // locate DNS SRV record using TCP
             if (DEBUG) {
-                System.out.println("getKDCFromDNS using UDP");
+                System.out.println("getKDCFromDNS using TCP");
             }
             srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
         }
@@ -1142,14 +1142,15 @@
             throw new KrbException(Krb5.KRB_ERR_GENERIC,
                 "Unable to locate KDC for realm " + realm);
         }
+        if (srvs.length == 0) {
+            return null;
+        }
         for (int i = 0; i < srvs.length; i++) {
-            String value = srvs[i];
-            for (int j = 0; j < srvs[i].length(); j++) {
-                // filter the KDC name
-                if (value.charAt(j) == ':') {
-                    kdcs = (value.substring(0, j)).trim();
-                }
-            }
+            kdcs += srvs[i].trim() + " ";
+        }
+        kdcs = kdcs.trim();
+        if (kdcs.equals("")) {
+            return null;
         }
         return kdcs;
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/DNS.java	Mon Nov 19 11:13:08 2012 +0800
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+// See dns.sh.
+import sun.security.krb5.Config;
+
+public class DNS {
+    public static void main(String[] args) throws Exception {
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/nothing.conf");
+        Config config = Config.getInstance();
+        String kdcs = config.getKDCList("X");
+        if (!kdcs.equals("a.com.:88 b.com.:99") &&
+                !kdcs.equals("a.com. b.com.:99")) {
+            throw new Exception("Strange KDC: [" + kdcs + "]");
+        };
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/NamingManager.java	Mon Nov 19 11:13:08 2012 +0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package javax.naming.spi;
+
+import com.sun.jndi.dns.DnsContext;
+import java.util.Hashtable;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+/**
+ * A fake javax.naming.spi.NamingManager. It allows reading a DNS
+ * record without contacting a real server.
+ *
+ * See DNS.java and dns.sh.
+ */
+public class NamingManager {
+    NamingManager() {}
+    public static Context getURLContext(
+            String scheme, Hashtable<?,?> environment)
+            throws NamingException {
+        return new DnsContext("", null, new Hashtable<String,String>()) {
+            public Attributes getAttributes(String name, String[] attrIds)
+                    throws NamingException {
+                return new BasicAttributes() {
+                    public Attribute get(String attrID) {
+                        BasicAttribute ba  = new BasicAttribute(attrID);
+                        ba.add("1 1 99 b.com.");
+                        ba.add("0 0 88 a.com.");    // 2nd has higher priority
+                        return ba;
+                    }
+                };
+            }
+        };
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/config/dns.sh	Mon Nov 19 11:13:08 2012 +0800
@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8002344
+# @summary Krb5LoginModule config class does not return proper KDC list from DNS
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+if [ "${TESTSRC}" = "" ] ; then
+   TESTSRC="."
+fi
+
+$TESTJAVA/bin/javac -d . \
+        ${TESTSRC}/NamingManager.java ${TESTSRC}/DNS.java
+$TESTJAVA/bin/java -Xbootclasspath/p:. DNS
+