From 2c547f6c02876d8ad91dbae5a3112f5f0288636c Mon Sep 17 00:00:00 2001 From: weijun Date: Wed, 29 Aug 2012 11:03:02 +0800 Subject: [PATCH] 7184815: [macosx] Need to read Kerberos config in files Reviewed-by: valeriep --- .../classes/sun/security/krb5/Config.java | 242 +++++++++++------- 1 file changed, 146 insertions(+), 96 deletions(-) diff --git a/src/share/classes/sun/security/krb5/Config.java b/src/share/classes/sun/security/krb5/Config.java index 61a3c7c12..596fa80a0 100644 --- a/src/share/classes/sun/security/krb5/Config.java +++ b/src/share/classes/sun/security/krb5/Config.java @@ -115,7 +115,12 @@ public class Config { private static boolean isMacosLionOrBetter() { // split the "10.x.y" version number - String osVersion = System.getProperty("os.version"); + String osname = getProperty("os.name"); + if (!osname.contains("OS X")) { + return false; + } + + String osVersion = getProperty("os.version"); String[] fragments = osVersion.split("\\."); // sanity check the "10." part of the version @@ -140,20 +145,14 @@ public class Config { /* * If either one system property is specified, we throw exception. */ - String tmp = - java.security.AccessController.doPrivileged( - new sun.security.action.GetPropertyAction - ("java.security.krb5.kdc")); + String tmp = getProperty("java.security.krb5.kdc"); if (tmp != null) { // The user can specify a list of kdc hosts separated by ":" defaultKDC = tmp.replace(':', ' '); } else { defaultKDC = null; } - defaultRealm = - java.security.AccessController.doPrivileged( - new sun.security.action.GetPropertyAction - ("java.security.krb5.realm")); + defaultRealm = getProperty("java.security.krb5.realm"); if ((defaultKDC == null && defaultRealm != null) || (defaultRealm == null && defaultKDC != null)) { throw new KrbException @@ -165,11 +164,34 @@ public class Config { // Always read the Kerberos configuration file try { Vector configFile; - configFile = loadConfigFile(); - if (configFile == null && isMacosLionOrBetter()) { - stanzaTable = SCDynamicStoreConfig.getConfig(); - } else { + String fileName = getJavaFileName(); + if (fileName != null) { + configFile = loadConfigFile(fileName); stanzaTable = parseStanzaTable(configFile); + if (DEBUG) { + System.out.println("Loaded from Java config"); + } + } else { + boolean found = false; + if (isMacosLionOrBetter()) { + try { + stanzaTable = SCDynamicStoreConfig.getConfig(); + if (DEBUG) { + System.out.println("Loaded from SCDynamicStoreConfig"); + } + found = true; + } catch (IOException ioe) { + // OK. Will go on with file + } + } + if (!found) { + fileName = getNativeFileName(); + configFile = loadConfigFile(fileName); + stanzaTable = parseStanzaTable(configFile); + if (DEBUG) { + System.out.println("Loaded from native config"); + } + } } } catch (IOException ioe) { // No krb5.conf, no problem. We'll use DNS or system property etc. @@ -546,10 +568,13 @@ public class Config { * [domain_realm] * blue.sample.com = TEST.SAMPLE.COM * .backup.com = EXAMPLE.COM + * + * @params fileName the conf file, cannot be null + * @return the content, null if fileName is empty + * @throws IOException if there is an I/O or format error */ - private Vector loadConfigFile() throws IOException { + private Vector loadConfigFile(final String fileName) throws IOException { try { - final String fileName = getFileName(); if (!fileName.equals("")) { BufferedReader br = new BufferedReader(new InputStreamReader( java.security.AccessController.doPrivileged( @@ -668,97 +693,106 @@ public class Config { } /** - * Gets the default configuration file name. This method will never - * return null. + * Gets the default Java configuration file name. * * If the system property "java.security.krb5.conf" is defined, we'll - * use its value, no matter if the file exists or not. Otherwise, - * the file will be searched in a list of possible loations in the - * following order: + * use its value, no matter if the file exists or not. Otherwise, we + * will look at $JAVA_HOME/lib/security directory with "krb5.conf" name, + * and return it if the file exists. + * + * The method returns null if it cannot find a Java config file. + */ + private String getJavaFileName() { + String name = getProperty("java.security.krb5.conf"); + if (name == null) { + name = getProperty("java.home") + File.separator + + "lib" + File.separator + "security" + + File.separator + "krb5.conf"; + if (!fileExists(name)) { + name = null; + } + } + if (DEBUG) { + System.out.println("Java config name: " + name); + } + return name; + } + + /** + * Gets the default native configuration file name. * - * 1. at Java home lib\security directory with "krb5.conf" name, - * 2. at windows directory with the name of "krb5.ini" for Windows, - * /etc/krb5/krb5.conf for Solaris, /etc/krb5.conf otherwise. + * Depending on the OS type, the method returns the default native + * kerberos config file name, which is at windows directory with + * the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris, + * /etc/krb5.conf otherwise. Mac OSX X has a different file name. * * Note: When the Terminal Service is started in Windows (from 2003), * there are two kinds of Windows directories: A system one (say, * C:\Windows), and a user-private one (say, C:\Users\Me\Windows). * We will first look for krb5.ini in the user-private one. If not * found, try the system one instead. + * + * This method will always return a non-null non-empty file name, + * even if that file does not exist. */ - private String getFileName() { - String name = - java.security.AccessController.doPrivileged( - new sun.security.action. - GetPropertyAction("java.security.krb5.conf")); - if (name == null) { - name = java.security.AccessController.doPrivileged( - new sun.security.action. - GetPropertyAction("java.home")) + File.separator + - "lib" + File.separator + "security" + - File.separator + "krb5.conf"; - if (!fileExists(name)) { - name = null; - String osname = - java.security.AccessController.doPrivileged( - new sun.security.action.GetPropertyAction("os.name")); - if (osname.startsWith("Windows")) { - try { - Credentials.ensureLoaded(); - } catch (Exception e) { - // ignore exceptions + private String getNativeFileName() { + String name = null; + String osname = getProperty("os.name"); + if (osname.startsWith("Windows")) { + try { + Credentials.ensureLoaded(); + } catch (Exception e) { + // ignore exceptions + } + if (Credentials.alreadyLoaded) { + String path = getWindowsDirectory(false); + if (path != null) { + if (path.endsWith("\\")) { + path = path + "krb5.ini"; + } else { + path = path + "\\krb5.ini"; } - if (Credentials.alreadyLoaded) { - String path = getWindowsDirectory(false); - if (path != null) { - if (path.endsWith("\\")) { - path = path + "krb5.ini"; - } else { - path = path + "\\krb5.ini"; - } - if (fileExists(path)) { - name = path; - } - } - if (name == null) { - path = getWindowsDirectory(true); - if (path != null) { - if (path.endsWith("\\")) { - path = path + "krb5.ini"; - } else { - path = path + "\\krb5.ini"; - } - name = path; - } - } + if (fileExists(path)) { + name = path; } - if (name == null) { - name = "c:\\winnt\\krb5.ini"; + } + if (name == null) { + path = getWindowsDirectory(true); + if (path != null) { + if (path.endsWith("\\")) { + path = path + "krb5.ini"; + } else { + path = path + "\\krb5.ini"; + } + name = path; } - } else if (osname.startsWith("SunOS")) { - name = "/etc/krb5/krb5.conf"; - } else if (osname.contains("OS X")) { - if (isMacosLionOrBetter()) return ""; - name = findMacosConfigFile(); - } else { - name = "/etc/krb5.conf"; } } + if (name == null) { + name = "c:\\winnt\\krb5.ini"; + } + } else if (osname.startsWith("SunOS")) { + name = "/etc/krb5/krb5.conf"; + } else if (osname.contains("OS X")) { + name = findMacosConfigFile(); + } else { + name = "/etc/krb5.conf"; } if (DEBUG) { - System.out.println("Config name: " + name); + System.out.println("Native config name: " + name); } return name; } - private String getProperty(String property) { - return java.security.AccessController.doPrivileged(new sun.security.action.GetPropertyAction(property)); + private static String getProperty(String property) { + return java.security.AccessController.doPrivileged( + new sun.security.action.GetPropertyAction(property)); } private String findMacosConfigFile() { String userHome = getProperty("user.home"); final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos"; - String userPrefs=userHome + PREF_FILE; + String userPrefs = userHome + PREF_FILE; if (fileExists(userPrefs)) { return userPrefs; @@ -768,11 +802,7 @@ public class Config { return PREF_FILE; } - if (fileExists("/etc/krb5.conf")) { - return "/etc/krb5.conf"; - } - - return ""; + return "/etc/krb5.conf"; } private static String trimmed(String s) { @@ -1344,32 +1374,52 @@ public class Config { } } + // Shows the content of the Config object for debug purpose. + // + // { + // libdefaults = { + // default_realm = R + // } + // realms = { + // R = { + // kdc = [k1,k2] + // } + // } + // } + @Override public String toString() { StringBuffer sb = new StringBuffer(); - toStringIndented("", stanzaTable, sb); + toStringInternal("", stanzaTable, sb); return sb.toString(); } - private static void toStringIndented(String prefix, Object obj, + private static void toStringInternal(String prefix, Object obj, StringBuffer sb) { if (obj instanceof String) { - sb.append(prefix); - sb.append(obj); - sb.append('\n'); + // A string value, just print it + sb.append(obj).append('\n'); } else if (obj instanceof Hashtable) { + // A table, start a new sub-section... Hashtable tab = (Hashtable)obj; + sb.append("{\n"); for (Object o: tab.keySet()) { - sb.append(prefix); - sb.append(o); - sb.append(" = {\n"); - toStringIndented(prefix + " ", tab.get(o), sb); - sb.append(prefix + "}\n"); + // ...indent, print "key = ", and + sb.append(prefix).append(" ").append(o).append(" = "); + // ...go recursively into value + toStringInternal(prefix + " ", tab.get(o), sb); } + sb.append(prefix).append("}\n"); } else if (obj instanceof Vector) { + // A vector of strings, print them inside [ and ] Vector v = (Vector)obj; + sb.append("["); + boolean first = true; for (Object o: v.toArray()) { - toStringIndented(prefix + " ", o, sb); + if (!first) sb.append(","); + sb.append(o); + first = false; } + sb.append("]\n"); } } } -- GitLab