提交 3efae8d9 编写于 作者: W weijun

6857795: krb5.conf ignored if system properties on realm and kdc are provided

Reviewed-by: xuelei
上级 1a2aac7d
...@@ -123,7 +123,7 @@ public class Config { ...@@ -123,7 +123,7 @@ public class Config {
java.security.AccessController.doPrivileged( java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction new sun.security.action.GetPropertyAction
("java.security.krb5.kdc")); ("java.security.krb5.kdc"));
defaultRealm = defaultRealm =
java.security.AccessController.doPrivileged( java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction new sun.security.action.GetPropertyAction
("java.security.krb5.realm")); ("java.security.krb5.realm"));
...@@ -134,6 +134,16 @@ public class Config { ...@@ -134,6 +134,16 @@ public class Config {
"java.security.krb5.realm both must be set or " + "java.security.krb5.realm both must be set or " +
"neither must be set."); "neither must be set.");
} }
// Read the Kerberos configuration file
try {
Vector<String> configFile;
configFile = loadConfigFile();
stanzaTable = parseStanzaTable(configFile);
} catch (IOException ioe) {
// No krb5.conf, no problem. We'll use DNS etc.
}
if (kdchost != null) { if (kdchost != null) {
/* /*
* If configuration information is only specified by * If configuration information is only specified by
...@@ -141,22 +151,19 @@ public class Config { ...@@ -141,22 +151,19 @@ public class Config {
* java.security.krb5.realm, we put both in the hashtable * java.security.krb5.realm, we put both in the hashtable
* under [libdefaults]. * under [libdefaults].
*/ */
Hashtable<String,String> kdcs = new Hashtable<String,String> (); if (stanzaTable == null) {
stanzaTable = new Hashtable<String,Object> ();
}
Hashtable<String,String> kdcs =
(Hashtable<String,String>)stanzaTable.get("libdefaults");
if (kdcs == null) {
kdcs = new Hashtable<String,String> ();
stanzaTable.put("libdefaults", kdcs);
}
kdcs.put("default_realm", defaultRealm); kdcs.put("default_realm", defaultRealm);
// The user can specify a list of kdc hosts separated by ":" // The user can specify a list of kdc hosts separated by ":"
kdchost = kdchost.replace(':', ' '); kdchost = kdchost.replace(':', ' ');
kdcs.put("kdc", kdchost); kdcs.put("kdc", kdchost);
stanzaTable = new Hashtable<String,Object> ();
stanzaTable.put("libdefaults", kdcs);
} else {
// Read the Kerberos configuration file
try {
Vector<String> configFile;
configFile = loadConfigFile();
stanzaTable = parseStanzaTable(configFile);
} catch (IOException ioe) {
// No krb5.conf, no problem. We'll use DNS etc.
}
} }
} }
...@@ -294,7 +301,7 @@ public class Config { ...@@ -294,7 +301,7 @@ public class Config {
* hashtable. * hashtable.
*/ */
if (name.equalsIgnoreCase("kdc") && if (name.equalsIgnoreCase("kdc") &&
(!section.equalsIgnoreCase("libdefaults")) && (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
(java.security.AccessController.doPrivileged( (java.security.AccessController.doPrivileged(
new sun.security.action. new sun.security.action.
GetPropertyAction("java.security.krb5.kdc")) != null)) { GetPropertyAction("java.security.krb5.kdc")) != null)) {
......
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6857795
* @summary krb5.conf ignored if system properties on realm and kdc are provided
*/
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;
public class ConfPlusProp {
public static void main(String[] args) throws Exception {
System.setProperty("java.security.krb5.realm", "R2");
System.setProperty("java.security.krb5.kdc", "k2");
// Point to a file with existing default_realm
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop.conf");
Config config = Config.getInstance();
if (!config.getDefaultRealm().equals("R2")) {
throw new Exception("Default realm error");
}
if (!config.getKDCList("R1").equals("k1")) {
throw new Exception("R1 kdc error");
}
if (!config.getKDCList("R2").equals("k2")) {
throw new Exception("R2 kdc error");
}
if (!config.getDefault("forwardable", "libdefaults").equals("well")) {
throw new Exception("Extra config error");
}
// Point to a file with no libdefaults
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/confplusprop2.conf");
Config.refresh();
config = Config.getInstance();
if (!config.getDefaultRealm().equals("R2")) {
throw new Exception("Default realm error again");
}
if (!config.getKDCList("R1").equals("k12")) {
throw new Exception("R1 kdc error");
}
if (!config.getKDCList("R2").equals("k2")) {
throw new Exception("R2 kdc error");
}
// Point to a non-existing file
System.setProperty("java.security.krb5.conf", "i-am-not-a file");
Config.refresh();
config = Config.getInstance();
if (!config.getDefaultRealm().equals("R2")) {
throw new Exception("Default realm error");
}
try {
config.getKDCList("R1");
throw new Exception("R1 is nowhere");
} catch (KrbException ke) {
// OK
}
if (!config.getKDCList("R2").equals("k2")) {
throw new Exception("R2 kdc error");
}
if (config.getDefault("forwardable", "libdefaults") != null) {
throw new Exception("Extra config error");
}
}
}
[libdefaults]
default_realm = R1
forwardable = well
[realms]
R1 = {
kdc = k1
}
R2 = {
kdc = old
}
[realms]
R1 = {
kdc = k12
}
R2 = {
kdc = old
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册