diff --git a/src/share/classes/sun/security/krb5/Config.java b/src/share/classes/sun/security/krb5/Config.java index e036776f53e1c964c6e164f1355dd1e48a57ba3a..8adcba81f5327bdd8656df3d6b0d3df4ae640797 100644 --- a/src/share/classes/sun/security/krb5/Config.java +++ b/src/share/classes/sun/security/krb5/Config.java @@ -123,7 +123,7 @@ public class Config { java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction ("java.security.krb5.kdc")); - defaultRealm = + defaultRealm = java.security.AccessController.doPrivileged( new sun.security.action.GetPropertyAction ("java.security.krb5.realm")); @@ -134,6 +134,16 @@ public class Config { "java.security.krb5.realm both must be set or " + "neither must be set."); } + + // Read the Kerberos configuration file + try { + Vector configFile; + configFile = loadConfigFile(); + stanzaTable = parseStanzaTable(configFile); + } catch (IOException ioe) { + // No krb5.conf, no problem. We'll use DNS etc. + } + if (kdchost != null) { /* * If configuration information is only specified by @@ -141,22 +151,19 @@ public class Config { * java.security.krb5.realm, we put both in the hashtable * under [libdefaults]. */ - Hashtable kdcs = new Hashtable (); + if (stanzaTable == null) { + stanzaTable = new Hashtable (); + } + Hashtable kdcs = + (Hashtable)stanzaTable.get("libdefaults"); + if (kdcs == null) { + kdcs = new Hashtable (); + stanzaTable.put("libdefaults", kdcs); + } kdcs.put("default_realm", defaultRealm); // The user can specify a list of kdc hosts separated by ":" kdchost = kdchost.replace(':', ' '); kdcs.put("kdc", kdchost); - stanzaTable = new Hashtable (); - stanzaTable.put("libdefaults", kdcs); - } else { - // Read the Kerberos configuration file - try { - Vector configFile; - configFile = loadConfigFile(); - stanzaTable = parseStanzaTable(configFile); - } catch (IOException ioe) { - // No krb5.conf, no problem. We'll use DNS etc. - } } } @@ -294,7 +301,7 @@ public class Config { * hashtable. */ if (name.equalsIgnoreCase("kdc") && - (!section.equalsIgnoreCase("libdefaults")) && + (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) && (java.security.AccessController.doPrivileged( new sun.security.action. GetPropertyAction("java.security.krb5.kdc")) != null)) { diff --git a/test/sun/security/krb5/ConfPlusProp.java b/test/sun/security/krb5/ConfPlusProp.java new file mode 100644 index 0000000000000000000000000000000000000000..b1ea2ca5e7526013fc7b48534d8dca7c5dd29319 --- /dev/null +++ b/test/sun/security/krb5/ConfPlusProp.java @@ -0,0 +1,94 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ +/* + * @test + * @bug 6857795 + * @summary krb5.conf ignored if system properties on realm and kdc are provided + */ + +import sun.security.krb5.Config; +import sun.security.krb5.KrbException; + +public class ConfPlusProp { + public static void main(String[] args) throws Exception { + System.setProperty("java.security.krb5.realm", "R2"); + System.setProperty("java.security.krb5.kdc", "k2"); + + // Point to a file with existing default_realm + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") +"/confplusprop.conf"); + Config config = Config.getInstance(); + + if (!config.getDefaultRealm().equals("R2")) { + throw new Exception("Default realm error"); + } + if (!config.getKDCList("R1").equals("k1")) { + throw new Exception("R1 kdc error"); + } + if (!config.getKDCList("R2").equals("k2")) { + throw new Exception("R2 kdc error"); + } + if (!config.getDefault("forwardable", "libdefaults").equals("well")) { + throw new Exception("Extra config error"); + } + + // Point to a file with no libdefaults + System.setProperty("java.security.krb5.conf", + System.getProperty("test.src", ".") +"/confplusprop2.conf"); + Config.refresh(); + + config = Config.getInstance(); + + if (!config.getDefaultRealm().equals("R2")) { + throw new Exception("Default realm error again"); + } + if (!config.getKDCList("R1").equals("k12")) { + throw new Exception("R1 kdc error"); + } + if (!config.getKDCList("R2").equals("k2")) { + throw new Exception("R2 kdc error"); + } + + // Point to a non-existing file + System.setProperty("java.security.krb5.conf", "i-am-not-a file"); + Config.refresh(); + + config = Config.getInstance(); + + if (!config.getDefaultRealm().equals("R2")) { + throw new Exception("Default realm error"); + } + try { + config.getKDCList("R1"); + throw new Exception("R1 is nowhere"); + } catch (KrbException ke) { + // OK + } + if (!config.getKDCList("R2").equals("k2")) { + throw new Exception("R2 kdc error"); + } + if (config.getDefault("forwardable", "libdefaults") != null) { + throw new Exception("Extra config error"); + } + } +} diff --git a/test/sun/security/krb5/confplusprop.conf b/test/sun/security/krb5/confplusprop.conf new file mode 100644 index 0000000000000000000000000000000000000000..80c925b14cd9ecce85d656c02256cd7c07b47e12 --- /dev/null +++ b/test/sun/security/krb5/confplusprop.conf @@ -0,0 +1,11 @@ +[libdefaults] +default_realm = R1 +forwardable = well + +[realms] +R1 = { + kdc = k1 +} +R2 = { + kdc = old +} diff --git a/test/sun/security/krb5/confplusprop2.conf b/test/sun/security/krb5/confplusprop2.conf new file mode 100644 index 0000000000000000000000000000000000000000..df00eccbccfdafa995b21634bb43e2738d26ca08 --- /dev/null +++ b/test/sun/security/krb5/confplusprop2.conf @@ -0,0 +1,7 @@ +[realms] +R1 = { + kdc = k12 +} +R2 = { + kdc = old +}