diff --git a/src/share/classes/sun/security/krb5/KdcComm.java b/src/share/classes/sun/security/krb5/KdcComm.java index 281cac4123e0b9f94ae118e5d0d37520b05d17ea..756beb989124c7d2d621642605d66720fcc0351a 100644 --- a/src/share/classes/sun/security/krb5/KdcComm.java +++ b/src/share/classes/sun/security/krb5/KdcComm.java @@ -365,37 +365,36 @@ public final class KdcComm { for (int i=1; i <= retries; i++) { String proto = useTCP?"TCP":"UDP"; - NetClient kdcClient = NetClient.getInstance( - proto, kdc, port, timeout); - if (DEBUG) { - System.out.println(">>> KDCCommunication: kdc=" + kdc - + " " + proto + ":" - + port + ", timeout=" - + timeout - + ",Attempt =" + i - + ", #bytes=" + obuf.length); - } - try { - /* - * Send the data to the kdc. - */ - kdcClient.send(obuf); - /* - * And get a response. - */ - ibuf = kdcClient.receive(); - break; - } catch (SocketTimeoutException se) { + try (NetClient kdcClient = NetClient.getInstance( + proto, kdc, port, timeout)) { if (DEBUG) { - System.out.println ("SocketTimeOutException with " + - "attempt: " + i); + System.out.println(">>> KDCCommunication: kdc=" + kdc + + " " + proto + ":" + + port + ", timeout=" + + timeout + + ",Attempt =" + i + + ", #bytes=" + obuf.length); } - if (i == retries) { - ibuf = null; - throw se; + try { + /* + * Send the data to the kdc. + */ + kdcClient.send(obuf); + /* + * And get a response. + */ + ibuf = kdcClient.receive(); + break; + } catch (SocketTimeoutException se) { + if (DEBUG) { + System.out.println ("SocketTimeOutException with " + + "attempt: " + i); + } + if (i == retries) { + ibuf = null; + throw se; + } } - } finally { - kdcClient.close(); } } return ibuf; diff --git a/src/share/classes/sun/security/krb5/internal/NetClient.java b/src/share/classes/sun/security/krb5/internal/NetClient.java index 2e9da75fb21771feaee5e5fec5a45727727e6cdb..f7f300d2863c8cc3949b1677e2626343bec153ea 100644 --- a/src/share/classes/sun/security/krb5/internal/NetClient.java +++ b/src/share/classes/sun/security/krb5/internal/NetClient.java @@ -34,7 +34,7 @@ package sun.security.krb5.internal; import java.io.*; import java.net.*; -public abstract class NetClient { +public abstract class NetClient implements AutoCloseable { public static NetClient getInstance(String protocol, String hostname, int port, int timeout) throws IOException { if (protocol.equals("TCP")) { @@ -45,9 +45,7 @@ public abstract class NetClient { } abstract public void send(byte[] data) throws IOException; - abstract public byte[] receive() throws IOException; - abstract public void close() throws IOException; } @@ -190,6 +188,7 @@ class UDPClient extends NetClient { iport = port; dgSocket = new DatagramSocket(); dgSocket.setSoTimeout(timeout); + dgSocket.connect(iaddr, iport); } @Override @@ -207,6 +206,9 @@ class UDPClient extends NetClient { dgSocket.receive(dgPacketIn); } catch (SocketException e) { + if (e instanceof PortUnreachableException) { + throw e; + } dgSocket.receive(dgPacketIn); } byte[] data = new byte[dgPacketIn.getLength()]; diff --git a/test/ProblemList.txt b/test/ProblemList.txt index 79c53f580db9548f7ea0a98dfec32a16ed6f9be4..b9a71893e8f05f81e76e0c52a41ee968a0f495b0 100644 --- a/test/ProblemList.txt +++ b/test/ProblemList.txt @@ -222,6 +222,9 @@ java/net/DatagramSocket/SendDatagramToBadAddress.java macosx-all sun/net/www/protocol/http/B6299712.java macosx-all java/net/CookieHandler/CookieManagerTest.java macosx-all +# 7164518 +sun/security/krb5/auto/Unreachable.java macosx-all + # JPRT needs to set 127.0.0.1 in proxy bypass list java/net/URLClassLoader/closetest/CloseTest.java macosx-all ############################################################################ diff --git a/test/sun/security/krb5/auto/BadKdc.java b/test/sun/security/krb5/auto/BadKdc.java index 55a4d9926f24fa287fc2ab4d723ddd01929836c1..86a464a4fe604a90711ab88c609dcd1e8b2eed9a 100644 --- a/test/sun/security/krb5/auto/BadKdc.java +++ b/test/sun/security/krb5/auto/BadKdc.java @@ -87,6 +87,10 @@ public class BadKdc { throws Exception { System.setProperty("sun.security.krb5.debug", "true"); + // Idle UDP sockets will trigger a SocketTimeoutException, without it, + // a PortUnreachableException will be thrown. + DatagramSocket d1 = null, d2 = null, d3 = null; + // Make sure KDCs' ports starts with 1 and 2 and 3, // useful for checking debug output. int p1 = 10000 + new java.util.Random().nextInt(10000); @@ -109,6 +113,8 @@ public class BadKdc { Config.refresh(); // Turn on k3 only + d1 = new DatagramSocket(p1); + d2 = new DatagramSocket(p2); KDC k3 = on(p3); test(expected[0]); @@ -117,10 +123,17 @@ public class BadKdc { test(expected[2]); k3.terminate(); // shutdown k3 + d3 = new DatagramSocket(p3); + + d2.close(); on(p2); // k2 is on + test(expected[3]); + d1.close(); on(p1); // k1 and k2 is on test(expected[4]); + + d3.close(); } private static KDC on(int p) throws Exception { diff --git a/test/sun/security/krb5/auto/MaxRetries.java b/test/sun/security/krb5/auto/MaxRetries.java index fec1bec68a64d1c7038e927aaa6b77b632aaf6ca..f4f86a3fc898af0f3115dda966b66a1f8c5aa9dd 100644 --- a/test/sun/security/krb5/auto/MaxRetries.java +++ b/test/sun/security/krb5/auto/MaxRetries.java @@ -24,11 +24,13 @@ /* * @test * @bug 6844193 + * @compile -XDignore.symbol.file MaxRetries.java * @run main/othervm/timeout=300 MaxRetries * @summary support max_retries in krb5.conf */ import java.io.*; +import java.net.DatagramSocket; import java.security.Security; public class MaxRetries { @@ -37,6 +39,10 @@ public class MaxRetries { System.setProperty("sun.security.krb5.debug", "true"); new OneKDC(null).writeJAASConf(); + + // An idle UDP socket to revent PortUnreachableException + DatagramSocket ds = new DatagramSocket(33333); + System.setProperty("java.security.krb5.conf", "alternative-krb5.conf"); // For tryLast @@ -78,6 +84,8 @@ public class MaxRetries { rewriteUdpPrefLimit(10000, 10); // realm rules test2("TCP"); + + ds.close(); } /** diff --git a/test/sun/security/krb5/auto/TcpTimeout.java b/test/sun/security/krb5/auto/TcpTimeout.java index df71d7c26bcbde5d6dc06d4871d720edf3211581..6f55391a57627c1adcf040238518ac9a3065a0d7 100644 --- a/test/sun/security/krb5/auto/TcpTimeout.java +++ b/test/sun/security/krb5/auto/TcpTimeout.java @@ -24,6 +24,7 @@ /* * @test * @bug 6952519 + * @compile -XDignore.symbol.file TcpTimeout.java * @run main/othervm TcpTimeout * @summary kdc_timeout is not being honoured when using TCP */ @@ -73,9 +74,7 @@ public class TcpTimeout { // 5 sec on p1, 5 sec on p1, fail // 5 sec on p2, 5 sec on p2, fail // p3 ok, p3 ok again for preauth. - // The total time should be 20sec + 2x. x is processing time for AS-REQ. int count = 6; - long start = System.currentTimeMillis(); ByteArrayOutputStream bo = new ByteArrayOutputStream(); PrintStream oldout = System.out; @@ -93,10 +92,5 @@ public class TcpTimeout { if (count != 0) { throw new Exception("Retry count is " + count + " less"); } - - long end = System.currentTimeMillis(); - if ((end - start)/1000L < 20) { - throw new Exception("Too fast? " + (end - start)/1000L); - } } } diff --git a/test/sun/security/krb5/auto/Unreachable.java b/test/sun/security/krb5/auto/Unreachable.java new file mode 100644 index 0000000000000000000000000000000000000000..52339786a9f11ab7d7f7d1108c7d8bf55ada521d --- /dev/null +++ b/test/sun/security/krb5/auto/Unreachable.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7162687 + * @summary enhance KDC server availability detection + * @compile -XDignore.symbol.file Unreachable.java + * @run main/othervm/timeout=10 Unreachable + */ + +import java.io.File; +import javax.security.auth.login.LoginException; +import sun.security.krb5.Config; + +public class Unreachable { + + public static void main(String[] args) throws Exception { + File f = new File( + System.getProperty("test.src", "."), "unreachable.krb5.conf"); + System.setProperty("java.security.krb5.conf", f.getPath()); + Config.refresh(); + + // If PortUnreachableException is not received, the login will consume + // about 3*3*30 seconds and the test will timeout. + try { + Context.fromUserPass("name", "pass".toCharArray(), true); + } catch (LoginException le) { + // This is OK + } + } +} diff --git a/test/sun/security/krb5/auto/unreachable.krb5.conf b/test/sun/security/krb5/auto/unreachable.krb5.conf new file mode 100644 index 0000000000000000000000000000000000000000..8ff4cc173aaacb72c56f799d7d9b7e1dc898a08d --- /dev/null +++ b/test/sun/security/krb5/auto/unreachable.krb5.conf @@ -0,0 +1,9 @@ +[libdefaults] + default_realm = RABBIT.HOLE +[realms] + +RABBIT.HOLE = { + kdc = 127.0.0.1:13434 + kdc = 127.0.0.1:13435 + kdc = 127.0.0.1:13436 +}