6858589: more changes to Config on system properties

Reviewed-by: valeriep

6858589: more changes to Config on system properties
Reviewed-by: valeriep
08174460 · weijun · d882736a · 08174460 · 08174460 · 08174460
3 changed file
--- a/src/share/classes/sun/security/krb5/Config.java
+++ b/src/share/classes/sun/security/krb5/Config.java
@@ -70,7 +70,12 @@ public class Config {
    private static final int BASE16_1 = 16;
    private static final int BASE16_2 = 16 * 16;
    private static final int BASE16_3 = 16 * 16 * 16;
-    private String defaultRealm;   // default kdc realm.
+
+    /**
+     * Specified by system properties. Must be both null or non-null.
+     */
+    private final String defaultRealm;
+    private final String defaultKDC;

    // used for native interface
    private static native String getWindowsDirectory(boolean isSystem);
@@ -81,9 +86,8 @@ public class Config {
     * singleton) is returned.
     *
     * @exception KrbException if error occurs when constructing a Config
-     * instance. Possible causes would be configuration file not
-     * found, either of java.security.krb5.realm or java.security.krb5.kdc
-     * not specified, error reading configuration file.
+     * instance. Possible causes would be either of java.security.krb5.realm or
+     * java.security.krb5.kdc not specified, error reading configuration file.
     */
    public static synchronized Config getInstance() throws KrbException {
        if (singleton == null) {
@@ -98,9 +102,8 @@ public class Config {
     * the java.security.krb5.* system properties again.
     *
     * @exception KrbException if error occurs when constructing a Config
-     * instance. Possible causes would be configuration file not
-     * found, either of java.security.krb5.realm or java.security.krb5.kdc
-     * not specified, error reading configuration file.
+     * instance. Possible causes would be either of java.security.krb5.realm or
+     * java.security.krb5.kdc not specified, error reading configuration file.
     */

    public static synchronized void refresh() throws KrbException {
@@ -114,56 +117,37 @@ public class Config {
     */
    private Config() throws KrbException {
        /*
-         * If these two system properties are being specified by the user,
-         * we ignore configuration file. If either one system property is
-         * specified, we throw exception. If neither of them are specified,
-         * we load the information from configuration file.
+         * If either one system property is specified, we throw exception.
         */
-        String kdchost =
+        String tmp =
            java.security.AccessController.doPrivileged(
                new sun.security.action.GetPropertyAction
                    ("java.security.krb5.kdc"));
+        if (tmp != null) {
+            // The user can specify a list of kdc hosts separated by ":"
+            defaultKDC = tmp.replace(':', ' ');
+        } else {
+            defaultKDC = null;
+        }
        defaultRealm =
            java.security.AccessController.doPrivileged(
                new sun.security.action.GetPropertyAction
                    ("java.security.krb5.realm"));
-        if ((kdchost == null && defaultRealm != null) ||
-            (defaultRealm == null && kdchost != null)) {
+        if ((defaultKDC == null && defaultRealm != null) ||
+            (defaultRealm == null && defaultKDC != null)) {
            throw new KrbException
                ("System property java.security.krb5.kdc and " +
                 "java.security.krb5.realm both must be set or " +
                 "neither must be set.");
        }

-        // Read the Kerberos configuration file
+        // Always read the Kerberos configuration file
        try {
            Vector<String> configFile;
            configFile = loadConfigFile();
            stanzaTable = parseStanzaTable(configFile);
        } catch (IOException ioe) {
-            // No krb5.conf, no problem. We'll use DNS etc.
-        }
-
-        if (kdchost != null) {
-            /*
-             * If configuration information is only specified by
-             * properties java.security.krb5.kdc and
-             * java.security.krb5.realm, we put both in the hashtable
-             * under [libdefaults].
-             */
-            if (stanzaTable == null) {
-                stanzaTable = new Hashtable<String,Object> ();
-            }
-            Hashtable<String,String> kdcs =
-                    (Hashtable<String,String>)stanzaTable.get("libdefaults");
-            if (kdcs == null) {
-                kdcs = new Hashtable<String,String> ();
-                stanzaTable.put("libdefaults", kdcs);
-            }
-            kdcs.put("default_realm", defaultRealm);
-            // The user can specify a list of kdc hosts separated by ":"
-            kdchost = kdchost.replace(':', ' ');
-            kdcs.put("kdc", kdchost);
+            // No krb5.conf, no problem. We'll use DNS or system property etc.
        }
    }

@@ -295,19 +279,6 @@ public class Config {
        String result = null;
        Hashtable subTable;

-        /*
-         * In the situation when kdc is specified by
-         * java.security.krb5.kdc, we get the kdc from [libdefaults] in
-         * hashtable.
-         */
-        if (name.equalsIgnoreCase("kdc") &&
-            (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
-            (java.security.AccessController.doPrivileged(
-                new sun.security.action.
-                GetPropertyAction("java.security.krb5.kdc")) != null)) {
-            result = getDefault("kdc", "libdefaults");
-            return result;
-        }
        if (stanzaTable != null) {
            for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) {
                stanzaName = (String)e.nextElement();
@@ -1035,13 +1006,13 @@ public class Config {
    /**
     * Resets the default kdc realm.
     * We do not need to synchronize these methods since assignments are atomic
+     *
+     * This method was useless. Kept here in case some class still calls it.
     */
    public void resetDefaultRealm(String realm) {
-        defaultRealm = realm;
        if (DEBUG) {
-            System.out.println(">>> Config reset default kdc " + defaultRealm);
+            System.out.println(">>> Config try resetting default kdc " + realm);
        }
-
    }

    /**
@@ -1098,6 +1069,9 @@ public class Config {
     * @return the default realm, always non null
     */
    public String getDefaultRealm() throws KrbException {
+        if (defaultRealm != null) {
+            return defaultRealm;
+        }
        Exception cause = null;
        String realm = getDefault("default_realm", "libdefaults");
        if ((realm == null) && useDNS_Realm()) {
@@ -1142,6 +1116,9 @@ public class Config {
        if (realm == null) {
            realm = getDefaultRealm();
        }
+        if (realm.equalsIgnoreCase(defaultRealm)) {
+            return defaultKDC;
+        }
        Exception cause = null;
        String kdcs = getDefault("kdc", realm);
        if ((kdcs == null) && useDNS_KDC()) {
@@ -1171,6 +1148,9 @@ public class Config {
            });
        }
        if (kdcs == null) {
+            if (defaultKDC != null) {
+                return defaultKDC;
+            }
            KrbException ke = new KrbException("Cannot locate KDC");
            if (cause != null) {
                ke.initCause(cause);

--- a/src/share/classes/sun/security/krb5/KrbApReq.java
+++ b/src/share/classes/sun/security/krb5/KrbApReq.java
@@ -294,8 +294,6 @@ public class KrbApReq {
        apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
        enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);

-        Config.getInstance().resetDefaultRealm(apReqMessg.ticket.realm.toString());
-
        if (!authenticator.cname.equals(enc_ticketPart.cname))
            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);


--- a/test/sun/security/krb5/ConfPlusProp.java
+++ b/test/sun/security/krb5/ConfPlusProp.java
@@ -23,31 +23,56 @@
 /*
 * @test
 * @bug 6857795
+ * @buf 6858589
 * @summary krb5.conf ignored if system properties on realm and kdc are provided
 */

 import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;

 public class ConfPlusProp {
+    Config config;
    public static void main(String[] args) throws Exception {
-        System.setProperty("java.security.krb5.realm", "R2");
-        System.setProperty("java.security.krb5.kdc", "k2");
+        new ConfPlusProp().run();
+    }
+
+    void refresh() throws Exception {
+        Config.refresh();
+        config = Config.getInstance();
+    }
+
+    void checkDefaultRealm(String r) throws Exception {
+        try {
+            if (!config.getDefaultRealm().equals(r)) {
+                throw new AssertionError("Default realm error");
+            }
+        } catch (Exception e) {
+            if (r != null) throw e;
+        }
+    }
+
+    void check(String r, String k) throws Exception {
+        try {
+            if (!config.getKDCList(r).equals(k)) {
+                throw new AssertionError(r + " kdc not " + k);
+            }
+        } catch (Exception e) {
+            if (k != null) throw e;
+        }
+    }
+
+    void run() throws Exception {
+
+        // No prop, only conf

        // Point to a file with existing default_realm
        System.setProperty("java.security.krb5.conf",
                System.getProperty("test.src", ".") +"/confplusprop.conf");
-        Config config = Config.getInstance();
+        refresh();

-        if (!config.getDefaultRealm().equals("R2")) {
-            throw new Exception("Default realm error");
-        }
-        if (!config.getKDCList("R1").equals("k1")) {
-            throw new Exception("R1 kdc error");
-        }
-        if (!config.getKDCList("R2").equals("k2")) {
-            throw new Exception("R2 kdc error");
-        }
+        checkDefaultRealm("R1");
+        check("R1", "k1");
+        check("R2", "old");
+        check("R3", null);
        if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
            throw new Exception("Extra config error");
        }
@@ -55,38 +80,66 @@ public class ConfPlusProp {
        // Point to a file with no libdefaults
        System.setProperty("java.security.krb5.conf",
                System.getProperty("test.src", ".") +"/confplusprop2.conf");
-        Config.refresh();
+        refresh();

-        config = Config.getInstance();
+        checkDefaultRealm(null);
+        check("R1", "k12");
+        check("R2", "old");
+        check("R3", null);

-        if (!config.getDefaultRealm().equals("R2")) {
-            throw new Exception("Default realm error again");
-        }
-        if (!config.getKDCList("R1").equals("k12")) {
-            throw new Exception("R1 kdc error");
+        int version = System.getProperty("java.version").charAt(2) - '0';
+        System.out.println("JDK version is " + version);
+
+        // Zero-config is supported since 1.7
+        if (version >= 7) {
+            // Point to a non-existing file
+            System.setProperty("java.security.krb5.conf", "i-am-not-a file");
+            refresh();
+
+            checkDefaultRealm(null);
+            check("R1", null);
+            check("R2", null);
+            check("R3", null);
+            if (config.getDefault("forwardable", "libdefaults") != null) {
+                throw new Exception("Extra config error");
+            }
        }
-        if (!config.getKDCList("R2").equals("k2")) {
-            throw new Exception("R2 kdc error");
+
+        // Add prop
+        System.setProperty("java.security.krb5.realm", "R2");
+        System.setProperty("java.security.krb5.kdc", "k2");
+
+        // Point to a file with existing default_realm
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/confplusprop.conf");
+        refresh();
+
+        checkDefaultRealm("R2");
+        check("R1", "k1");
+        check("R2", "k2");
+        check("R3", "k2");
+        if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
+            throw new Exception("Extra config error");
        }

+        // Point to a file with no libdefaults
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/confplusprop2.conf");
+        refresh();
+
+        checkDefaultRealm("R2");
+        check("R1", "k12");
+        check("R2", "k2");
+        check("R3", "k2");
+
        // Point to a non-existing file
        System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-        Config.refresh();
+        refresh();

-        config = Config.getInstance();
-
-        if (!config.getDefaultRealm().equals("R2")) {
-            throw new Exception("Default realm error");
-        }
-        try {
-            config.getKDCList("R1");
-            throw new Exception("R1 is nowhere");
-        } catch (KrbException ke) {
-            // OK
-        }
-        if (!config.getKDCList("R2").equals("k2")) {
-            throw new Exception("R2 kdc error");
-        }
+        checkDefaultRealm("R2");
+        check("R1", "k2");
+        check("R2", "k2");
+        check("R3", "k2");
        if (config.getDefault("forwardable", "libdefaults") != null) {
            throw new Exception("Extra config error");
        }