提交 353b06f6 编写于 作者: W weijun

8002344: Krb5LoginModule config class does not return proper KDC list from DNS

Reviewed-by: weijun
Contributed-by: NSeverin Gehwolf &lt;sgehwolf@redhat.com&gt;, Wang Weijun <weijun.wang@oracle.com>
上级 f533b173
...@@ -1123,7 +1123,7 @@ public class Config { ...@@ -1123,7 +1123,7 @@ public class Config {
*/ */
private String getKDCFromDNS(String realm) throws KrbException { private String getKDCFromDNS(String realm) throws KrbException {
// use DNS to locate KDC // use DNS to locate KDC
String kdcs = null; String kdcs = "";
String[] srvs = null; String[] srvs = null;
// locate DNS SRV record using UDP // locate DNS SRV record using UDP
if (DEBUG) { if (DEBUG) {
...@@ -1133,7 +1133,7 @@ public class Config { ...@@ -1133,7 +1133,7 @@ public class Config {
if (srvs == null) { if (srvs == null) {
// locate DNS SRV record using TCP // locate DNS SRV record using TCP
if (DEBUG) { if (DEBUG) {
System.out.println("getKDCFromDNS using UDP"); System.out.println("getKDCFromDNS using TCP");
} }
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp"); srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
} }
...@@ -1142,14 +1142,15 @@ public class Config { ...@@ -1142,14 +1142,15 @@ public class Config {
throw new KrbException(Krb5.KRB_ERR_GENERIC, throw new KrbException(Krb5.KRB_ERR_GENERIC,
"Unable to locate KDC for realm " + realm); "Unable to locate KDC for realm " + realm);
} }
if (srvs.length == 0) {
return null;
}
for (int i = 0; i < srvs.length; i++) { for (int i = 0; i < srvs.length; i++) {
String value = srvs[i]; kdcs += srvs[i].trim() + " ";
for (int j = 0; j < srvs[i].length(); j++) { }
// filter the KDC name kdcs = kdcs.trim();
if (value.charAt(j) == ':') { if (kdcs.equals("")) {
kdcs = (value.substring(0, j)).trim(); return null;
}
}
} }
return kdcs; return kdcs;
} }
......
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// See dns.sh.
import sun.security.krb5.Config;
public class DNS {
public static void main(String[] args) throws Exception {
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/nothing.conf");
Config config = Config.getInstance();
String kdcs = config.getKDCList("X");
if (!kdcs.equals("a.com.:88 b.com.:99") &&
!kdcs.equals("a.com. b.com.:99")) {
throw new Exception("Strange KDC: [" + kdcs + "]");
};
}
}
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.naming.spi;
import com.sun.jndi.dns.DnsContext;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
/**
* A fake javax.naming.spi.NamingManager. It allows reading a DNS
* record without contacting a real server.
*
* See DNS.java and dns.sh.
*/
public class NamingManager {
NamingManager() {}
public static Context getURLContext(
String scheme, Hashtable<?,?> environment)
throws NamingException {
return new DnsContext("", null, new Hashtable<String,String>()) {
public Attributes getAttributes(String name, String[] attrIds)
throws NamingException {
return new BasicAttributes() {
public Attribute get(String attrID) {
BasicAttribute ba = new BasicAttribute(attrID);
ba.add("1 1 99 b.com.");
ba.add("0 0 88 a.com."); // 2nd has higher priority
return ba;
}
};
}
};
}
}
#
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 8002344
# @summary Krb5LoginModule config class does not return proper KDC list from DNS
#
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
$TESTJAVA/bin/javac -d . \
${TESTSRC}/NamingManager.java ${TESTSRC}/DNS.java
$TESTJAVA/bin/java -Xbootclasspath/p:. DNS
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册