提交 2c547f6c 编写于 作者: W weijun

7184815: [macosx] Need to read Kerberos config in files

Reviewed-by: valeriep
上级 767b08f3
...@@ -115,7 +115,12 @@ public class Config { ...@@ -115,7 +115,12 @@ public class Config {
private static boolean isMacosLionOrBetter() { private static boolean isMacosLionOrBetter() {
// split the "10.x.y" version number // split the "10.x.y" version number
String osVersion = System.getProperty("os.version"); String osname = getProperty("os.name");
if (!osname.contains("OS X")) {
return false;
}
String osVersion = getProperty("os.version");
String[] fragments = osVersion.split("\\."); String[] fragments = osVersion.split("\\.");
// sanity check the "10." part of the version // sanity check the "10." part of the version
...@@ -140,20 +145,14 @@ public class Config { ...@@ -140,20 +145,14 @@ public class Config {
/* /*
* If either one system property is specified, we throw exception. * If either one system property is specified, we throw exception.
*/ */
String tmp = String tmp = getProperty("java.security.krb5.kdc");
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.kdc"));
if (tmp != null) { if (tmp != null) {
// The user can specify a list of kdc hosts separated by ":" // The user can specify a list of kdc hosts separated by ":"
defaultKDC = tmp.replace(':', ' '); defaultKDC = tmp.replace(':', ' ');
} else { } else {
defaultKDC = null; defaultKDC = null;
} }
defaultRealm = defaultRealm = getProperty("java.security.krb5.realm");
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction
("java.security.krb5.realm"));
if ((defaultKDC == null && defaultRealm != null) || if ((defaultKDC == null && defaultRealm != null) ||
(defaultRealm == null && defaultKDC != null)) { (defaultRealm == null && defaultKDC != null)) {
throw new KrbException throw new KrbException
...@@ -165,11 +164,34 @@ public class Config { ...@@ -165,11 +164,34 @@ public class Config {
// Always read the Kerberos configuration file // Always read the Kerberos configuration file
try { try {
Vector<String> configFile; Vector<String> configFile;
configFile = loadConfigFile(); String fileName = getJavaFileName();
if (configFile == null && isMacosLionOrBetter()) { if (fileName != null) {
stanzaTable = SCDynamicStoreConfig.getConfig(); configFile = loadConfigFile(fileName);
stanzaTable = parseStanzaTable(configFile);
if (DEBUG) {
System.out.println("Loaded from Java config");
}
} else { } else {
boolean found = false;
if (isMacosLionOrBetter()) {
try {
stanzaTable = SCDynamicStoreConfig.getConfig();
if (DEBUG) {
System.out.println("Loaded from SCDynamicStoreConfig");
}
found = true;
} catch (IOException ioe) {
// OK. Will go on with file
}
}
if (!found) {
fileName = getNativeFileName();
configFile = loadConfigFile(fileName);
stanzaTable = parseStanzaTable(configFile); stanzaTable = parseStanzaTable(configFile);
if (DEBUG) {
System.out.println("Loaded from native config");
}
}
} }
} catch (IOException ioe) { } catch (IOException ioe) {
// No krb5.conf, no problem. We'll use DNS or system property etc. // No krb5.conf, no problem. We'll use DNS or system property etc.
...@@ -546,10 +568,13 @@ public class Config { ...@@ -546,10 +568,13 @@ public class Config {
* [domain_realm] * [domain_realm]
* blue.sample.com = TEST.SAMPLE.COM * blue.sample.com = TEST.SAMPLE.COM
* .backup.com = EXAMPLE.COM * .backup.com = EXAMPLE.COM
*
* @params fileName the conf file, cannot be null
* @return the content, null if fileName is empty
* @throws IOException if there is an I/O or format error
*/ */
private Vector<String> loadConfigFile() throws IOException { private Vector<String> loadConfigFile(final String fileName) throws IOException {
try { try {
final String fileName = getFileName();
if (!fileName.equals("")) { if (!fileName.equals("")) {
BufferedReader br = new BufferedReader(new InputStreamReader( BufferedReader br = new BufferedReader(new InputStreamReader(
java.security.AccessController.doPrivileged( java.security.AccessController.doPrivileged(
...@@ -668,40 +693,51 @@ public class Config { ...@@ -668,40 +693,51 @@ public class Config {
} }
/** /**
* Gets the default configuration file name. This method will never * Gets the default Java configuration file name.
* return null.
* *
* If the system property "java.security.krb5.conf" is defined, we'll * If the system property "java.security.krb5.conf" is defined, we'll
* use its value, no matter if the file exists or not. Otherwise, * use its value, no matter if the file exists or not. Otherwise, we
* the file will be searched in a list of possible loations in the * will look at $JAVA_HOME/lib/security directory with "krb5.conf" name,
* following order: * and return it if the file exists.
*
* The method returns null if it cannot find a Java config file.
*/
private String getJavaFileName() {
String name = getProperty("java.security.krb5.conf");
if (name == null) {
name = getProperty("java.home") + File.separator +
"lib" + File.separator + "security" +
File.separator + "krb5.conf";
if (!fileExists(name)) {
name = null;
}
}
if (DEBUG) {
System.out.println("Java config name: " + name);
}
return name;
}
/**
* Gets the default native configuration file name.
* *
* 1. at Java home lib\security directory with "krb5.conf" name, * Depending on the OS type, the method returns the default native
* 2. at windows directory with the name of "krb5.ini" for Windows, * kerberos config file name, which is at windows directory with
* /etc/krb5/krb5.conf for Solaris, /etc/krb5.conf otherwise. * the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris,
* /etc/krb5.conf otherwise. Mac OSX X has a different file name.
* *
* Note: When the Terminal Service is started in Windows (from 2003), * Note: When the Terminal Service is started in Windows (from 2003),
* there are two kinds of Windows directories: A system one (say, * there are two kinds of Windows directories: A system one (say,
* C:\Windows), and a user-private one (say, C:\Users\Me\Windows). * C:\Windows), and a user-private one (say, C:\Users\Me\Windows).
* We will first look for krb5.ini in the user-private one. If not * We will first look for krb5.ini in the user-private one. If not
* found, try the system one instead. * found, try the system one instead.
*
* This method will always return a non-null non-empty file name,
* even if that file does not exist.
*/ */
private String getFileName() { private String getNativeFileName() {
String name = String name = null;
java.security.AccessController.doPrivileged( String osname = getProperty("os.name");
new sun.security.action.
GetPropertyAction("java.security.krb5.conf"));
if (name == null) {
name = java.security.AccessController.doPrivileged(
new sun.security.action.
GetPropertyAction("java.home")) + File.separator +
"lib" + File.separator + "security" +
File.separator + "krb5.conf";
if (!fileExists(name)) {
name = null;
String osname =
java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("os.name"));
if (osname.startsWith("Windows")) { if (osname.startsWith("Windows")) {
try { try {
Credentials.ensureLoaded(); Credentials.ensureLoaded();
...@@ -738,27 +774,25 @@ public class Config { ...@@ -738,27 +774,25 @@ public class Config {
} else if (osname.startsWith("SunOS")) { } else if (osname.startsWith("SunOS")) {
name = "/etc/krb5/krb5.conf"; name = "/etc/krb5/krb5.conf";
} else if (osname.contains("OS X")) { } else if (osname.contains("OS X")) {
if (isMacosLionOrBetter()) return "";
name = findMacosConfigFile(); name = findMacosConfigFile();
} else { } else {
name = "/etc/krb5.conf"; name = "/etc/krb5.conf";
} }
}
}
if (DEBUG) { if (DEBUG) {
System.out.println("Config name: " + name); System.out.println("Native config name: " + name);
} }
return name; return name;
} }
private String getProperty(String property) { private static String getProperty(String property) {
return java.security.AccessController.doPrivileged(new sun.security.action.GetPropertyAction(property)); return java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction(property));
} }
private String findMacosConfigFile() { private String findMacosConfigFile() {
String userHome = getProperty("user.home"); String userHome = getProperty("user.home");
final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos"; final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos";
String userPrefs=userHome + PREF_FILE; String userPrefs = userHome + PREF_FILE;
if (fileExists(userPrefs)) { if (fileExists(userPrefs)) {
return userPrefs; return userPrefs;
...@@ -768,13 +802,9 @@ public class Config { ...@@ -768,13 +802,9 @@ public class Config {
return PREF_FILE; return PREF_FILE;
} }
if (fileExists("/etc/krb5.conf")) {
return "/etc/krb5.conf"; return "/etc/krb5.conf";
} }
return "";
}
private static String trimmed(String s) { private static String trimmed(String s) {
s = s.trim(); s = s.trim();
if (s.charAt(0) == '"' && s.charAt(s.length()-1) == '"' || if (s.charAt(0) == '"' && s.charAt(s.length()-1) == '"' ||
...@@ -1344,32 +1374,52 @@ public class Config { ...@@ -1344,32 +1374,52 @@ public class Config {
} }
} }
// Shows the content of the Config object for debug purpose.
//
// {
// libdefaults = {
// default_realm = R
// }
// realms = {
// R = {
// kdc = [k1,k2]
// }
// }
// }
@Override @Override
public String toString() { public String toString() {
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
toStringIndented("", stanzaTable, sb); toStringInternal("", stanzaTable, sb);
return sb.toString(); return sb.toString();
} }
private static void toStringIndented(String prefix, Object obj, private static void toStringInternal(String prefix, Object obj,
StringBuffer sb) { StringBuffer sb) {
if (obj instanceof String) { if (obj instanceof String) {
sb.append(prefix); // A string value, just print it
sb.append(obj); sb.append(obj).append('\n');
sb.append('\n');
} else if (obj instanceof Hashtable) { } else if (obj instanceof Hashtable) {
// A table, start a new sub-section...
Hashtable<?, ?> tab = (Hashtable<?, ?>)obj; Hashtable<?, ?> tab = (Hashtable<?, ?>)obj;
sb.append("{\n");
for (Object o: tab.keySet()) { for (Object o: tab.keySet()) {
sb.append(prefix); // ...indent, print "key = ", and
sb.append(o); sb.append(prefix).append(" ").append(o).append(" = ");
sb.append(" = {\n"); // ...go recursively into value
toStringIndented(prefix + " ", tab.get(o), sb); toStringInternal(prefix + " ", tab.get(o), sb);
sb.append(prefix + "}\n");
} }
sb.append(prefix).append("}\n");
} else if (obj instanceof Vector) { } else if (obj instanceof Vector) {
// A vector of strings, print them inside [ and ]
Vector<?> v = (Vector<?>)obj; Vector<?> v = (Vector<?>)obj;
sb.append("[");
boolean first = true;
for (Object o: v.toArray()) { for (Object o: v.toArray()) {
toStringIndented(prefix + " ", o, sb); if (!first) sb.append(",");
sb.append(o);
first = false;
} }
sb.append("]\n");
} }
} }
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册