8009875: Provide a default udp_preference_limit for krb5.conf

Reviewed-by: valeriep

8009875: Provide a default udp_preference_limit for krb5.conf
Reviewed-by: valeriep
245e7452 · weijun · a8554a29 · 245e7452 · 245e7452 · 245e7452
4 changed file
--- a/src/share/classes/sun/security/krb5/KdcComm.java
+++ b/src/share/classes/sun/security/krb5/KdcComm.java
@@ -138,7 +138,7 @@ public final class KdcComm {
        int timeout = -1;
        int max_retries = -1;
-        int udf_pref_limit = -1;
+        int udp_pref_limit = -1;
        try {
            Config cfg = Config.getInstance();
@@ -147,7 +147,7 @@ public final class KdcComm {
            temp = cfg.get("libdefaults", "max_retries");
            max_retries = parsePositiveIntString(temp);
            temp = cfg.get("libdefaults", "udp_preference_limit");
-            udf_pref_limit = parsePositiveIntString(temp);
+            udp_pref_limit = parsePositiveIntString(temp);
        } catch (Exception exc) {
           // ignore any exceptions; use default values
           if (DEBUG) {
@@ -159,7 +159,14 @@ public final class KdcComm {
        defaultKdcTimeout = timeout > 0 ? timeout : 30*1000; // 30 seconds
        defaultKdcRetryLimit =
                max_retries > 0 ? max_retries : Krb5.KDC_RETRY_LIMIT;
-        defaultUdpPrefLimit = udf_pref_limit;
+        if (udp_pref_limit < 0) {
+            defaultUdpPrefLimit = Krb5.KDC_DEFAULT_UDP_PREF_LIMIT;
+        } else if (udp_pref_limit > Krb5.KDC_HARD_UDP_LIMIT) {
+            defaultUdpPrefLimit = Krb5.KDC_HARD_UDP_LIMIT;
+        } else {
+            defaultUdpPrefLimit = udp_pref_limit;
+        }
        KdcAccessibility.reset();
    }

--- a/src/share/classes/sun/security/krb5/internal/Krb5.java
+++ b/src/share/classes/sun/security/krb5/internal/Krb5.java
@@ -130,6 +130,8 @@ public class Krb5 {
    // number of retries before giving up
    public static final int KDC_RETRY_LIMIT = 3;
+    public static final int KDC_DEFAULT_UDP_PREF_LIMIT = 1465;
+    public static final int KDC_HARD_UDP_LIMIT = 32700;
    //OSI authentication mechanism OID

--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java
@@ -923,29 +923,29 @@ public class KDC {
                        pas2 = new DerValue[] {
                            new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
                            new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
-                            new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
+                            new DerValue(new ETypeInfo2(1, realm, new byte[]{1}).asn1Encode()),
                        };
                        pas = new DerValue[] {
                            new DerValue(new ETypeInfo(1, null).asn1Encode()),
                            new DerValue(new ETypeInfo(1, "").asn1Encode()),
-                            new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+                            new DerValue(new ETypeInfo(1, realm).asn1Encode()),
                        };
                        break;
                    case 2:     // we still reject non-null s2kparams and prefer E2 over E
                        pas2 = new DerValue[] {
-                            new DerValue(new ETypeInfo2(1, OneKDC.REALM, new byte[]{1}).asn1Encode()),
+                            new DerValue(new ETypeInfo2(1, realm, new byte[]{1}).asn1Encode()),
                            new DerValue(new ETypeInfo2(1, null, null).asn1Encode()),
                            new DerValue(new ETypeInfo2(1, "", null).asn1Encode()),
                        };
                        pas = new DerValue[] {
-                            new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+                            new DerValue(new ETypeInfo(1, realm).asn1Encode()),
                            new DerValue(new ETypeInfo(1, null).asn1Encode()),
                            new DerValue(new ETypeInfo(1, "").asn1Encode()),
                        };
                        break;
                    case 3:     // but only E is wrong
                        pas = new DerValue[] {
-                            new DerValue(new ETypeInfo(1, OneKDC.REALM).asn1Encode()),
+                            new DerValue(new ETypeInfo(1, realm).asn1Encode()),
                            new DerValue(new ETypeInfo(1, null).asn1Encode()),
                            new DerValue(new ETypeInfo(1, "").asn1Encode()),
                        };

--- a/test/sun/security/krb5/config/DefUdpLimit.java
+++ b/test/sun/security/krb5/config/DefUdpLimit.java
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+/*
+ * @test
+ * @bug 8009875
+ * @summary Provide a default udp_preference_limit for krb5.conf
+ * @compile -XDignore.symbol.file DefUdpLimit.java
+ * @run main/othervm DefUdpLimit -1 1465
+ * @run main/othervm DefUdpLimit 0 0
+ * @run main/othervm DefUdpLimit 1234 1234
+ * @run main/othervm DefUdpLimit 12345 12345
+ * @run main/othervm DefUdpLimit 123456 32700
+ *
+ */
+import sun.security.krb5.KdcComm;
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+public class DefUdpLimit {
+    public static void main(String[] args) throws Exception {
+        int set = Integer.valueOf(args[0]);
+        int expected = Integer.valueOf(args[1]);
+        Field f = KdcComm.class.getDeclaredField("defaultUdpPrefLimit");
+        f.setAccessible(true);
+        writeConf(set);
+        int actual = (Integer)f.get(null);
+        if (actual != expected) {
+            throw new Exception("Expected: " + expected + ", get " + actual);
+        }
+    }
+    static void writeConf(int i) throws Exception {
+        String file = "krb5.conf." + i;
+        String content = "[libdefaults]\n";
+        if (i >= 0) {
+            content += "udp_preference_limit = " + i;
+        }
+        Files.write(Paths.get(file), content.getBytes());
+        System.setProperty("java.security.krb5.conf", file);
+    }
+}