7152121: Krb5LoginModule no longer handles keyTabNames with "file:" prefix
Reviewed-by: mullan
--- a/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Fri Aug 24 22:55:49 2012 -0700
+++ b/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java Mon Aug 27 10:23:43 2012 +0800
@@ -458,6 +458,10 @@
useKeyTab = "true".equalsIgnoreCase((String)options.get("useKeyTab"));
ticketCacheName = (String)options.get("ticketCache");
keyTabName = (String)options.get("keyTab");
+ if (keyTabName != null) {
+ keyTabName = sun.security.krb5.internal.ktab.KeyTab.normalize(
+ keyTabName);
+ }
princName = (String)options.get("principal");
refreshKrb5Config =
"true".equalsIgnoreCase((String)options.get("refreshKrb5Config"));
--- a/jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java Fri Aug 24 22:55:49 2012 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java Mon Aug 27 10:23:43 2012 +0800
@@ -141,7 +141,7 @@
if (s == null) {
return getInstance();
} else {
- return getInstance0(parse(s));
+ return getInstance0(normalize(s));
}
}
@@ -191,7 +191,7 @@
if (keytab_names != null) {
StringTokenizer st = new StringTokenizer(keytab_names, " ");
while (st.hasMoreTokens()) {
- kname = parse(st.nextToken());
+ kname = normalize(st.nextToken());
if (new File(kname).exists()) {
break;
}
@@ -220,11 +220,13 @@
}
/**
- * Parses some common keytab name formats
+ * Normalizes some common keytab name formats into the bare file name.
+ * For example, FILE:/etc/krb5.keytab to /etc/krb5.keytab
* @param name never null
* @return never null
*/
- private static String parse(String name) {
+ // This method is used in this class and Krb5LoginModule
+ public static String normalize(String name) {
String kname;
if ((name.length() >= 5) &&
(name.substring(0, 5).equalsIgnoreCase("FILE:"))) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/FileKeyTab.java Mon Aug 27 10:23:43 2012 +0800
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7152121
+ * @summary Krb5LoginModule no longer handles keyTabNames with "file:" prefix
+ * @compile -XDignore.symbol.file FileKeyTab.java
+ * @run main/othervm FileKeyTab
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import sun.security.jgss.GSSUtil;
+
+// The basic krb5 test skeleton you can copy from
+public class FileKeyTab {
+
+ public static void main(String[] args) throws Exception {
+
+ new OneKDC(null).writeJAASConf();
+ String ktab = new File(OneKDC.KTAB).getAbsolutePath();
+ File f = new File(OneKDC.JAAS_CONF);
+ try (FileOutputStream fos = new FileOutputStream(f)) {
+ fos.write((
+ "server {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\n" +
+ " principal=\"" + OneKDC.SERVER + "\"\n" +
+ " useKeyTab=true\n" +
+ " keyTab=\"file:" + ktab + "\"\n" +
+ " storeKey=true;\n};\n"
+ ).getBytes());
+ }
+ Context.fromJAAS("server");
+ }
+}