8077102: dns_lookup_realm should be false by default

Reviewed-by: weijun

8077102: dns_lookup_realm should be false by default
Reviewed-by: weijun
023fdb9f · igerasim · fcd4e2bd · 023fdb9f · 023fdb9f · 023fdb9f
6 changed file
--- a/src/share/classes/sun/security/krb5/Config.java
+++ b/src/share/classes/sun/security/krb5/Config.java
@@ -231,6 +231,31 @@ public class Config {
        return v.lastElement();
    }

+    /**
+     * Gets the boolean value for the specified keys. Returns TRUE if the
+     * string value is "yes", or "true", FALSE if "no", or "false", or null
+     * if otherwise or not defined. The comparision is case-insensitive.
+     *
+     * @param keys the keys, see {@link #get(String...)}
+     * @return the boolean value, or null if there is no value defined or the
+     * value does not look like a boolean value.
+     * @throws IllegalArgumentException see {@link #get(String...)}
+     */
+    private Boolean getBooleanObject(String... keys) {
+        String s = get(keys);
+        if (s == null) {
+            return null;
+        }
+        switch (s.toLowerCase(Locale.US)) {
+            case "yes": case "true":
+                return Boolean.TRUE;
+            case "no": case "false":
+                return Boolean.FALSE;
+            default:
+                return null;
+        }
+    }
+
    /**
     * Gets all values for the specified keys.
     * @throws IllegalArgumentException if any of the keys is illegal
@@ -942,32 +967,30 @@ public class Config {
    /**
     * Check if need to use DNS to locate Kerberos services
     */
-    private boolean useDNS(String name) {
-        String value = get("libdefaults", name);
-        if (value == null) {
-            value = get("libdefaults", "dns_fallback");
-            if ("false".equalsIgnoreCase(value)) {
-                return false;
-            } else {
-                return true;
-            }
-        } else {
-            return value.equalsIgnoreCase("true");
+    private boolean useDNS(String name, boolean defaultValue) {
+        Boolean value = getBooleanObject("libdefaults", name);
+        if (value != null) {
+            return value.booleanValue();
+        }
+        value = getBooleanObject("libdefaults", "dns_fallback");
+        if (value != null) {
+            return value.booleanValue();
        }
+        return defaultValue;
    }

    /**
     * Check if need to use DNS to locate the KDC
     */
    private boolean useDNS_KDC() {
-        return useDNS("dns_lookup_kdc");
+        return useDNS("dns_lookup_kdc", true);
    }

    /*
     * Check if need to use DNS to locate the Realm
     */
    private boolean useDNS_Realm() {
-        return useDNS("dns_lookup_realm");
+        return useDNS("dns_lookup_realm", false);
    }

    /**

--- a/test/sun/security/krb5/ConfPlusProp.java
+++ b/test/sun/security/krb5/ConfPlusProp.java
@@ -35,6 +35,12 @@ import sun.security.krb5.Config;
 public class ConfPlusProp {
    Config config;
    public static void main(String[] args) throws Exception {
+        if (System.getenv("USERDNSDOMAIN") != null ||
+                System.getenv("LOGONSERVER") != null) {
+            System.out.println(
+                    "Looks like a Windows machine in a domain. Skip test.");
+            return;
+        }
        new ConfPlusProp().run();
    }

@@ -90,23 +96,8 @@ public class ConfPlusProp {
        check("R2", "old");
        check("R3", null);

-        int version = System.getProperty("java.version").charAt(2) - '0';
-        System.out.println("JDK version is " + version);
-
-        // Zero-config is supported since 1.7
-        if (version >= 7) {
-            // Point to a non-existing file
-            System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-            refresh();
-
-            // Default realm might come from DNS
-            //checkDefaultRealm(null);
-            check("R1", null);
-            check("R2", null);
-            check("R3", null);
-            if (config.get("libdefaults", "forwardable") != null) {
-                throw new Exception("Extra config error");
-            }
+        if (config.get("libdefaults", "forwardable") != null) {
+            throw new Exception("Extra config error");
        }

        // Add prop
@@ -136,14 +127,6 @@ public class ConfPlusProp {
        check("R2", "k2");
        check("R3", "k2");

-        // Point to a non-existing file
-        System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-        refresh();
-
-        checkDefaultRealm("R2");
-        check("R1", "k2");
-        check("R2", "k2");
-        check("R3", "k2");
        if (config.get("libdefaults", "forwardable") != null) {
            throw new Exception("Extra config error");
        }

--- a/test/sun/security/krb5/DnsFallback.java
+++ b/test/sun/security/krb5/DnsFallback.java
@@ -22,8 +22,7 @@
 */
 /*
 * @test
- * @bug 6673164
- * @bug 6552334
+ * @bug 6673164 6552334 8077102
 * @run main/othervm DnsFallback
 * @summary fix dns_fallback parse error, and use dns by default
 */
@@ -35,47 +34,66 @@ import sun.security.krb5.Config;
 public class DnsFallback {

    static Method useDNS_Realm;
+    static Method useDNS_KDC;

    public static void main(String[] args) throws Exception {

        useDNS_Realm = Config.class.getDeclaredMethod("useDNS_Realm");
        useDNS_Realm.setAccessible(true);
+        useDNS_KDC = Config.class.getDeclaredMethod("useDNS_KDC");
+        useDNS_KDC.setAccessible(true);


        // for 6673164
-        check("true", "true", true);
-        check("false", "true", false);
-        check("true", "false", true);
-        check("false", "false", false);
-        check("true", null, true);
-        check("false", null, false);
-        check(null, "true", true);
-        check(null, "false", false);
+        check("true", "true", true, true);
+        check("false", "true", false, false);
+        check("true", "false", true, true);
+        check("false", "false", false, false);
+        check("true", null, true, true);
+        check("false", null, false, false);
+        check(null, "true", true, true);
+        check(null, "false", false, false);

-        // for 6552334
-        check(null, null, true);
+        // for 6552334, no longer true
+        //check(null, null, true, true);
+
+        // 8077102
+        check(null, null, false, true);
    }

-    static void check(String realm, String fallback, boolean output)
+    /**
+     * Sets and checks.
+     *
+     * @param u dns_lookup_XXX value set, none if null
+     * @param f dns_fallback value set, none if null
+     * @param r expected useDNS_Realm
+     * @param k expected useDNS_KDC
+     */
+    static void check(String u, String f, boolean r, boolean k)
            throws Exception {

        try (PrintStream ps =
                new PrintStream(new FileOutputStream("dnsfallback.conf"))) {
            ps.println("[libdefaults]\n");
-            if (realm != null) {
-                ps.println("dns_lookup_realm=" + realm);
+            if (u != null) {
+                ps.println("dns_lookup_realm=" + u);
+                ps.println("dns_lookup_kdc=" + u);
            }
-            if (fallback != null) {
-                ps.println("dns_fallback=" + fallback);
+            if (f != null) {
+                ps.println("dns_fallback=" + f);
            }
        }

        System.setProperty("java.security.krb5.conf", "dnsfallback.conf");
        Config.refresh();
-        System.out.println("Testing " + realm + ", " + fallback + ", " + output);
+        System.out.println("Testing " + u + ", " + f + ", " + r + ", " + k);
+
+        if (!useDNS_Realm.invoke(Config.getInstance()).equals(r)) {
+            throw new Exception("useDNS_Realm Fail");
+        }

-        if (!useDNS_Realm.invoke(Config.getInstance()).equals(output)) {
-            throw new Exception("Fail");
+        if (!useDNS_KDC.invoke(Config.getInstance()).equals(k)) {
+            throw new Exception("useDNS_KDC Fail");
        }
    }
 }

--- a/test/sun/security/krb5/config/DNS.java
+++ b/test/sun/security/krb5/config/DNS.java
@@ -23,12 +23,22 @@

 // See dns.sh.
 import sun.security.krb5.Config;
+import sun.security.krb5.KrbException;

 public class DNS {
    public static void main(String[] args) throws Exception {
        System.setProperty("java.security.krb5.conf",
-                System.getProperty("test.src", ".") +"/nothing.conf");
+                System.getProperty("test.src", ".") +"/no-such-file.conf");
        Config config = Config.getInstance();
+        try {
+            String r = config.getDefaultRealm();
+            throw new Exception("What? There is a default realm " + r + "?");
+        } catch (KrbException ke) {
+            ke.printStackTrace();
+            if (ke.getCause() != null) {
+                throw new Exception("There should be no cause. Won't try DNS");
+            }
+        }
        String kdcs = config.getKDCList("X");
        if (!kdcs.equals("a.com.:88 b.com.:99") &&
                !kdcs.equals("a.com. b.com.:99")) {

--- a/test/sun/security/krb5/confplusprop.conf
+++ b/test/sun/security/krb5/confplusprop.conf
 [libdefaults]
 default_realm = R1
 forwardable = well
-dns_lookup_realm = false
+dns_lookup_kdc = false

 [realms]
 R1 = {

--- a/test/sun/security/krb5/confplusprop2.conf
+++ b/test/sun/security/krb5/confplusprop2.conf
 [libdefaults]
-dns_lookup_realm = false
+dns_lookup_kdc = false

 [realms]
 R1 = {