6858589: more changes to Config on system properties

Reviewed-by: valeriep

src/share/classes/sun/security/krb5/Config.java

@@ -70,7 +70,12 @@ public class Config {
     private static final int BASE16_1 = 16;
     private static final int BASE16_2 = 16 * 16;
     private static final int BASE16_3 = 16 * 16 * 16;
-    private String defaultRealm;   // default kdc realm.
+
+    /**
+     * Specified by system properties. Must be both null or non-null.
+     */
+    private final String defaultRealm;
+    private final String defaultKDC;
 
     // used for native interface
     private static native String getWindowsDirectory(boolean isSystem);
@@ -81,9 +86,8 @@ public class Config {
      * singleton) is returned.
      *
      * @exception KrbException if error occurs when constructing a Config
-     * instance. Possible causes would be configuration file not
-     * found, either of java.security.krb5.realm or java.security.krb5.kdc
-     * not specified, error reading configuration file.
+     * instance. Possible causes would be either of java.security.krb5.realm or
+     * java.security.krb5.kdc not specified, error reading configuration file.
      */
     public static synchronized Config getInstance() throws KrbException {
         if (singleton == null) {
@@ -98,9 +102,8 @@ public class Config {
      * the java.security.krb5.* system properties again.
      *
      * @exception KrbException if error occurs when constructing a Config
-     * instance. Possible causes would be configuration file not
-     * found, either of java.security.krb5.realm or java.security.krb5.kdc
-     * not specified, error reading configuration file.
+     * instance. Possible causes would be either of java.security.krb5.realm or
+     * java.security.krb5.kdc not specified, error reading configuration file.
      */
 
     public static synchronized void refresh() throws KrbException {
@@ -114,56 +117,37 @@ public class Config {
      */
     private Config() throws KrbException {
         /*
-         * If these two system properties are being specified by the user,
-         * we ignore configuration file. If either one system property is
-         * specified, we throw exception. If neither of them are specified,
-         * we load the information from configuration file.
+         * If either one system property is specified, we throw exception.
          */
-        String kdchost =
+        String tmp =
             java.security.AccessController.doPrivileged(
                 new sun.security.action.GetPropertyAction
                     ("java.security.krb5.kdc"));
+        if (tmp != null) {
+            // The user can specify a list of kdc hosts separated by ":"
+            defaultKDC = tmp.replace(':', ' ');
+        } else {
+            defaultKDC = null;
+        }
         defaultRealm =
             java.security.AccessController.doPrivileged(
                 new sun.security.action.GetPropertyAction
                     ("java.security.krb5.realm"));
-        if ((kdchost == null && defaultRealm != null) ||
-            (defaultRealm == null && kdchost != null)) {
+        if ((defaultKDC == null && defaultRealm != null) ||
+            (defaultRealm == null && defaultKDC != null)) {
             throw new KrbException
                 ("System property java.security.krb5.kdc and " +
                  "java.security.krb5.realm both must be set or " +
                  "neither must be set.");
         }
 
-        // Read the Kerberos configuration file
+        // Always read the Kerberos configuration file
         try {
             Vector<String> configFile;
             configFile = loadConfigFile();
             stanzaTable = parseStanzaTable(configFile);
         } catch (IOException ioe) {
-            // No krb5.conf, no problem. We'll use DNS etc.
-        }
-
-        if (kdchost != null) {
-            /*
-             * If configuration information is only specified by
-             * properties java.security.krb5.kdc and
-             * java.security.krb5.realm, we put both in the hashtable
-             * under [libdefaults].
-             */
-            if (stanzaTable == null) {
-                stanzaTable = new Hashtable<String,Object> ();
-            }
-            Hashtable<String,String> kdcs =
-                    (Hashtable<String,String>)stanzaTable.get("libdefaults");
-            if (kdcs == null) {
-                kdcs = new Hashtable<String,String> ();
-                stanzaTable.put("libdefaults", kdcs);
-            }
-            kdcs.put("default_realm", defaultRealm);
-            // The user can specify a list of kdc hosts separated by ":"
-            kdchost = kdchost.replace(':', ' ');
-            kdcs.put("kdc", kdchost);
+            // No krb5.conf, no problem. We'll use DNS or system property etc.
         }
     }
 
@@ -295,19 +279,6 @@ public class Config {
         String result = null;
         Hashtable subTable;
 
-        /*
-         * In the situation when kdc is specified by
-         * java.security.krb5.kdc, we get the kdc from [libdefaults] in
-         * hashtable.
-         */
-        if (name.equalsIgnoreCase("kdc") &&
-            (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
-            (java.security.AccessController.doPrivileged(
-                new sun.security.action.
-                GetPropertyAction("java.security.krb5.kdc")) != null)) {
-            result = getDefault("kdc", "libdefaults");
-            return result;
-        }
         if (stanzaTable != null) {
             for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) {
                 stanzaName = (String)e.nextElement();
@@ -1035,13 +1006,13 @@ public class Config {
     /**
      * Resets the default kdc realm.
      * We do not need to synchronize these methods since assignments are atomic
+     *
+     * This method was useless. Kept here in case some class still calls it.
      */
     public void resetDefaultRealm(String realm) {
-        defaultRealm = realm;
         if (DEBUG) {
-            System.out.println(">>> Config reset default kdc " + defaultRealm);
+            System.out.println(">>> Config try resetting default kdc " + realm);
         }
-
     }
 
     /**
@@ -1098,6 +1069,9 @@ public class Config {
      * @return the default realm, always non null
      */
     public String getDefaultRealm() throws KrbException {
+        if (defaultRealm != null) {
+            return defaultRealm;
+        }
         Exception cause = null;
         String realm = getDefault("default_realm", "libdefaults");
         if ((realm == null) && useDNS_Realm()) {
@@ -1142,6 +1116,9 @@ public class Config {
         if (realm == null) {
             realm = getDefaultRealm();
         }
+        if (realm.equalsIgnoreCase(defaultRealm)) {
+            return defaultKDC;
+        }
         Exception cause = null;
         String kdcs = getDefault("kdc", realm);
         if ((kdcs == null) && useDNS_KDC()) {
@@ -1171,6 +1148,9 @@ public class Config {
             });
         }
         if (kdcs == null) {
+            if (defaultKDC != null) {
+                return defaultKDC;
+            }
             KrbException ke = new KrbException("Cannot locate KDC");
             if (cause != null) {
                 ke.initCause(cause);

src/share/classes/sun/security/krb5/KrbApReq.java

@@ -294,8 +294,6 @@ public class KrbApReq {
         apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
         enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
 
-        Config.getInstance().resetDefaultRealm(apReqMessg.ticket.realm.toString());
-
         if (!authenticator.cname.equals(enc_ticketPart.cname))
             throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
 

test/sun/security/krb5/ConfPlusProp.java

@@ -23,31 +23,56 @@
 /*
  * @test
  * @bug 6857795
+ * @buf 6858589
  * @summary krb5.conf ignored if system properties on realm and kdc are provided
  */
 
 import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;
 
 public class ConfPlusProp {
+    Config config;
     public static void main(String[] args) throws Exception {
-        System.setProperty("java.security.krb5.realm", "R2");
-        System.setProperty("java.security.krb5.kdc", "k2");
+        new ConfPlusProp().run();
+    }
 
-        // Point to a file with existing default_realm
-        System.setProperty("java.security.krb5.conf",
-                System.getProperty("test.src", ".") +"/confplusprop.conf");
-        Config config = Config.getInstance();
+    void refresh() throws Exception {
+        Config.refresh();
+        config = Config.getInstance();
+    }
+
+    void checkDefaultRealm(String r) throws Exception {
+        try {
+            if (!config.getDefaultRealm().equals(r)) {
+                throw new AssertionError("Default realm error");
+            }
+        } catch (Exception e) {
+            if (r != null) throw e;
+        }
+    }
 
-        if (!config.getDefaultRealm().equals("R2")) {
-            throw new Exception("Default realm error");
+    void check(String r, String k) throws Exception {
+        try {
+            if (!config.getKDCList(r).equals(k)) {
+                throw new AssertionError(r + " kdc not " + k);
             }
-        if (!config.getKDCList("R1").equals("k1")) {
-            throw new Exception("R1 kdc error");
+        } catch (Exception e) {
+            if (k != null) throw e;
         }
-        if (!config.getKDCList("R2").equals("k2")) {
-            throw new Exception("R2 kdc error");
     }
+
+    void run() throws Exception {
+
+        // No prop, only conf
+
+        // Point to a file with existing default_realm
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/confplusprop.conf");
+        refresh();
+
+        checkDefaultRealm("R1");
+        check("R1", "k1");
+        check("R2", "old");
+        check("R3", null);
         if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
             throw new Exception("Extra config error");
         }
@@ -55,38 +80,66 @@ public class ConfPlusProp {
         // Point to a file with no libdefaults
         System.setProperty("java.security.krb5.conf",
                 System.getProperty("test.src", ".") +"/confplusprop2.conf");
-        Config.refresh();
+        refresh();
 
-        config = Config.getInstance();
+        checkDefaultRealm(null);
+        check("R1", "k12");
+        check("R2", "old");
+        check("R3", null);
 
-        if (!config.getDefaultRealm().equals("R2")) {
-            throw new Exception("Default realm error again");
-        }
-        if (!config.getKDCList("R1").equals("k12")) {
-            throw new Exception("R1 kdc error");
-        }
-        if (!config.getKDCList("R2").equals("k2")) {
-            throw new Exception("R2 kdc error");
-        }
+        int version = System.getProperty("java.version").charAt(2) - '0';
+        System.out.println("JDK version is " + version);
 
+        // Zero-config is supported since 1.7
+        if (version >= 7) {
             // Point to a non-existing file
             System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-        Config.refresh();
-
-        config = Config.getInstance();
+            refresh();
 
-        if (!config.getDefaultRealm().equals("R2")) {
-            throw new Exception("Default realm error");
+            checkDefaultRealm(null);
+            check("R1", null);
+            check("R2", null);
+            check("R3", null);
+            if (config.getDefault("forwardable", "libdefaults") != null) {
+                throw new Exception("Extra config error");
             }
-        try {
-            config.getKDCList("R1");
-            throw new Exception("R1 is nowhere");
-        } catch (KrbException ke) {
-            // OK
         }
-        if (!config.getKDCList("R2").equals("k2")) {
-            throw new Exception("R2 kdc error");
+
+        // Add prop
+        System.setProperty("java.security.krb5.realm", "R2");
+        System.setProperty("java.security.krb5.kdc", "k2");
+
+        // Point to a file with existing default_realm
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/confplusprop.conf");
+        refresh();
+
+        checkDefaultRealm("R2");
+        check("R1", "k1");
+        check("R2", "k2");
+        check("R3", "k2");
+        if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
+            throw new Exception("Extra config error");
         }
+
+        // Point to a file with no libdefaults
+        System.setProperty("java.security.krb5.conf",
+                System.getProperty("test.src", ".") +"/confplusprop2.conf");
+        refresh();
+
+        checkDefaultRealm("R2");
+        check("R1", "k12");
+        check("R2", "k2");
+        check("R3", "k2");
+
+        // Point to a non-existing file
+        System.setProperty("java.security.krb5.conf", "i-am-not-a file");
+        refresh();
+
+        checkDefaultRealm("R2");
+        check("R1", "k2");
+        check("R2", "k2");
+        check("R3", "k2");
         if (config.getDefault("forwardable", "libdefaults") != null) {
             throw new Exception("Extra config error");
         }