Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 57a8a863 编写于 作者: W weijun
浏览文件
操作

8048030: Expectations should be consistent 

Reviewed-by: valeriep, mullan, ahgross
上级 0a1ffd04
隐藏空白更改
内联 并排
Showing with 189 addition and 73 deletion
src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
浏览文件 @ 57a8a863
......@@ -112,18 +112,7 @@ public final class KerberosPrincipal
* java.security.krb5.realm system property.
*/
public KerberosPrincipal(String name) {
PrincipalName krb5Principal = null;
try {
// Appends the default realm if it is missing
krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL);
} catch (KrbException e) {
throw new IllegalArgumentException(e.getMessage());
}
nameType = KRB_NT_PRINCIPAL; // default name type
fullName = krb5Principal.toString();
realm = krb5Principal.getRealmString();
this(name, KRB_NT_PRINCIPAL);
}
/**
......@@ -165,6 +154,20 @@ public final class KerberosPrincipal
throw new IllegalArgumentException(e.getMessage());
}
// A ServicePermission with a principal in the deduced realm and
// any action must be granted if no realm is provided by caller.
if (krb5Principal.isRealmDeduced() && !Realm.AUTODEDUCEREALM) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(new ServicePermission(
"@" + krb5Principal.getRealmAsString(), "-"));
} catch (SecurityException se) {
// Swallow the actual exception to hide info
throw new SecurityException("Cannot read realm info");
}
}
}
this.nameType = nameType;
fullName = krb5Principal.toString();
realm = krb5Principal.getRealmString();
......
src/share/classes/javax/security/auth/kerberos/ServicePermission.java
浏览文件 @ 57a8a863
......@@ -50,7 +50,7 @@ import java.io.IOException;
* used within.
* <p>
* The service principal name is the canonical name of the
* {@code KereberosPrincipal} supplying the service, that is
* {@code KerberosPrincipal} supplying the service, that is
* the KerberosPrincipal represents a Kerberos service
* principal. This name is treated in a case sensitive manner.
* An asterisk may appear by itself, to signify any service principal.
......@@ -145,6 +145,9 @@ public final class ServicePermission extends Permission
* @param action the action string
*/
public ServicePermission(String servicePrincipal, String action) {
// Note: servicePrincipal can be "@REALM" which means any principal in
// this realm implies it. action can be "-" which means any
// action implies it.
super(servicePrincipal);
init(servicePrincipal, getMask(action));
}
......@@ -188,7 +191,9 @@ public final class ServicePermission extends Permission
boolean impliesIgnoreMask(ServicePermission p) {
return ((this.getName().equals("*")) ||
this.getName().equals(p.getName()));
this.getName().equals(p.getName()) ||
(p.getName().startsWith("@") &&
this.getName().endsWith(p.getName())));
}
/**
......@@ -295,7 +300,10 @@ public final class ServicePermission extends Permission
/**
* Convert an action string to an integer actions mask.
*
* @param action the action string
* Note: if action is "-", action will be NONE, which means any
* action implies it.
*
* @param action the action string.
* @return the action mask
*/
private static int getMask(String action) {
......@@ -312,9 +320,11 @@ public final class ServicePermission extends Permission
char[] a = action.toCharArray();
int i = a.length - 1;
if (i < 0)
if (a.length == 1 && a[0] == '-') {
return mask;
}
int i = a.length - 1;
while (i != -1) {
char c;
......@@ -475,6 +485,17 @@ final class KrbServicePermissionCollection extends PermissionCollection
ServicePermission np = (ServicePermission) permission;
int desired = np.getMask();
if (desired == 0) {
for (Permission p: perms) {
ServicePermission sp = (ServicePermission)p;
if (sp.impliesIgnoreMask(np)) {
return true;
}
}
return false;
}
int effective = 0;
int needed = desired;
......
src/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
浏览文件 @ 57a8a863
......@@ -28,7 +28,10 @@ package sun.security.jgss.krb5;
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm;
import sun.security.krb5.KrbException;
import javax.security.auth.kerberos.ServicePermission;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
......@@ -126,6 +129,18 @@ public class Krb5NameElement
throw new GSSException(GSSException.BAD_NAME, -1, e.getMessage());
}
if (principalName.isRealmDeduced() && !Realm.AUTODEDUCEREALM) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(new ServicePermission(
"@" + principalName.getRealmAsString(), "-"));
} catch (SecurityException se) {
// Do not chain the actual exception to hide info
throw new GSSException(GSSException.FAILURE);
}
}
}
return new Krb5NameElement(principalName, gssNameStr, gssNameType);
}
......@@ -198,7 +213,7 @@ public class Krb5NameElement
* If either name denotes an anonymous principal, the call should
* return false.
*
* @param name to be compared with
* @param other to be compared with
* @returns true if they both refer to the same entity, else false
* @exception GSSException with major codes of BAD_NAMETYPE,
* BAD_NAME, FAILURE
......
src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
浏览文件 @ 57a8a863
......@@ -30,6 +30,7 @@ import java.security.Provider;
import java.security.Security;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import sun.security.krb5.Realm;
import sun.security.jgss.GSSUtil;
import sun.security.util.ObjectIdentifier;
import sun.security.util.DerInputStream;
......@@ -38,6 +39,8 @@ import sun.security.jgss.GSSUtil;
import sun.security.jgss.GSSExceptionImpl;
import sun.security.jgss.spi.GSSNameSpi;
import javax.security.auth.kerberos.ServicePermission;
/**
* This class is essentially a wrapper class for the gss_name_t
* structure of the native GSS library.
......@@ -150,6 +153,26 @@ public class GSSNameElement implements GSSNameSpi {
pName = cStub.importName(name, nameType);
setPrintables();
SecurityManager sm = System.getSecurityManager();
if (sm != null && !Realm.AUTODEDUCEREALM) {
String krbName = getKrbName();
int atPos = krbName.lastIndexOf('@');
if (atPos != -1) {
String atRealm = krbName.substring(atPos);
if (nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL)
&& new String(nameBytes).endsWith(atRealm)) {
// Created from Kerberos name with realm, no need to check
} else {
try {
sm.checkPermission(new ServicePermission(atRealm, "-"));
} catch (SecurityException se) {
// Do not chain the actual exception to hide info
throw new GSSException(GSSException.FAILURE);
}
}
}
}
SunNativeProvider.debug("Imported " + printableName + " w/ type " +
printableType);
}
......
src/share/classes/sun/security/krb5/KrbServiceLocator.java
浏览文件 @ 57a8a863
......@@ -25,6 +25,11 @@
package sun.security.krb5;
import sun.security.krb5.internal.Krb5;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Random;
......@@ -52,6 +57,8 @@ class KrbServiceLocator {
private static final Random random = new Random();
private static final boolean DEBUG = Krb5.DEBUG;
private KrbServiceLocator() {
}
......@@ -62,8 +69,7 @@ class KrbServiceLocator {
* Information on the mapping of DNS hostnames and domain names
* to Kerberos realms is stored using DNS TXT records
*
* @param domainName A string domain name.
* @param environment The possibly null environment of the context.
* @param realmName A string realm name.
* @return An ordered list of hostports for the Kerberos service or null if
* the service has not been located.
*/
......@@ -81,8 +87,18 @@ class KrbServiceLocator {
if (!(ctx instanceof DirContext)) {
return null; // cannot create a DNS context
}
Attributes attrs =
((DirContext)ctx).getAttributes(dnsUrl, SRV_TXT_ATTR);
Attributes attrs = null;
try {
// both connect and accept are needed since DNS is thru UDP
attrs = AccessController.doPrivileged(
(PrivilegedExceptionAction<Attributes>)
() -> ((DirContext)ctx).getAttributes(
dnsUrl, SRV_TXT_ATTR),
null,
new java.net.SocketPermission("*", "connect,accept"));
} catch (PrivilegedActionException e) {
throw (NamingException)e.getCause();
}
Attribute attr;
if (attrs != null && ((attr = attrs.get(SRV_TXT)) != null)) {
......@@ -124,7 +140,8 @@ class KrbServiceLocator {
* Queries DNS for a list of KERBEROS Service Location Records (SRV) for a
* given domain name.
*
* @param domainName A string domain name.
* @param realmName A string realm name.
* @param protocol the protocol string, can be "_udp" or "_tcp"
* @return An ordered list of hostports for the Kerberos service or null if
* the service has not been located.
*/
......@@ -142,8 +159,20 @@ class KrbServiceLocator {
if (!(ctx instanceof DirContext)) {
return null; // cannot create a DNS context
}
Attributes attrs =
((DirContext)ctx).getAttributes(dnsUrl, SRV_RR_ATTR);
Attributes attrs = null;
try {
// both connect and accept are needed since DNS is thru UDP
attrs = AccessController.doPrivileged(
(PrivilegedExceptionAction<Attributes>)
() -> ((DirContext)ctx).getAttributes(
dnsUrl, SRV_RR_ATTR),
null,
new java.net.SocketPermission("*", "connect,accept"));
} catch (PrivilegedActionException e) {
throw (NamingException)e.getCause();
}
Attribute attr;
if (attrs != null && ((attr = attrs.get(SRV_RR)) != null)) {
......
src/share/classes/sun/security/krb5/PrincipalName.java
浏览文件 @ 57a8a863
......@@ -123,6 +123,13 @@ public class PrincipalName implements Cloneable {
*/
private final Realm nameRealm; // not null
/**
* When constructing a PrincipalName, whether the realm is included in
* the input, or deduced from default realm or domain-realm mapping.
*/
private final boolean realmDeduced;
// cached default salt, not used in clone
private transient String salt = null;
......@@ -143,6 +150,7 @@ public class PrincipalName implements Cloneable {
this.nameType = nameType;
this.nameStrings = nameStrings.clone();
this.nameRealm = nameRealm;
this.realmDeduced = false;
}
// This method is called by Windows NativeCred.c
......@@ -150,11 +158,6 @@ public class PrincipalName implements Cloneable {
this(KRB_NT_UNKNOWN, nameParts, new Realm(realm));
}
public PrincipalName(String[] nameParts, int type)
throws IllegalArgumentException, RealmException {
this(type, nameParts, Realm.getDefault());
}
// Validate a nameStrings argument
private static void validateNameStrings(String[] ns) {
if (ns == null) {
......@@ -226,7 +229,7 @@ public class PrincipalName implements Cloneable {
* <a href="http://www.ietf.org/rfc/rfc4120.txt">
* http://www.ietf.org/rfc/rfc4120.txt</a>.
*
* @param encoding a Der-encoded data.
* @param encoding DER-encoded PrincipalName (without Realm)
* @param realm the realm for this name
* @exception Asn1Exception if an error occurs while decoding
* an ASN1 encoded data.
......@@ -240,6 +243,7 @@ public class PrincipalName implements Cloneable {
if (realm == null) {
throw new IllegalArgumentException("Null realm not allowed");
}
realmDeduced = false;
nameRealm = realm;
DerValue der;
if (encoding == null) {
......@@ -394,6 +398,10 @@ public class PrincipalName implements Cloneable {
if (realm == null) {
realm = Realm.parseRealmAtSeparator(name);
}
// No realm info from parameter and string, must deduce later
realmDeduced = realm == null;
switch (type) {
case KRB_NT_SRV_HST:
if (nameParts.length >= 2) {
......@@ -413,8 +421,8 @@ public class PrincipalName implements Cloneable {
hostName.toLowerCase(Locale.ENGLISH)+".")) {
hostName = canonicalized;
}
} catch (UnknownHostException e) {
// no canonicalization, use old
} catch (UnknownHostException | SecurityException e) {
// not canonicalized or no permission to do so, use old
}
nameParts[1] = hostName.toLowerCase(Locale.ENGLISH);
}
......@@ -680,4 +688,7 @@ public class PrincipalName implements Cloneable {
return result;
}
public boolean isRealmDeduced() {
return realmDeduced;
}
}
src/share/classes/sun/security/krb5/Realm.java
浏览文件 @ 57a8a863
......@@ -47,6 +47,12 @@ import sun.security.krb5.internal.util.KerberosString;
* This class is immutable.
*/
public class Realm implements Cloneable {
public static final boolean AUTODEDUCEREALM =
java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"sun.security.krb5.autodeducerealm"));
private final String realm; // not null nor empty
public Realm(String name) throws RealmException {
......
src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java
浏览文件 @ 57a8a863
......@@ -146,8 +146,9 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
}
try {
return new PrincipalName(
type,
result.toArray(new String[result.size()]),
type);
Realm.getDefault());
} catch (RealmException re) {
return null;
}
......
test/sun/security/krb5/auto/KDC.java
浏览文件 @ 57a8a863
......@@ -858,8 +858,9 @@ public class KDC {
PrincipalName service = asReq.reqBody.sname;
if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName(service.getNameStrings(),
(int)options.get(KDC.Option.RESP_NT));
service = new PrincipalName((int)options.get(KDC.Option.RESP_NT),
service.getNameStrings(),
Realm.getDefault());
}
try {
System.out.println(realm + "> " + asReq.reqBody.cname +
......
test/sun/security/krb5/auto/SSL.java
浏览文件 @ 57a8a863
......@@ -78,7 +78,10 @@ public class SSL extends SecurityManager {
return;
}
ServicePermission p = (ServicePermission)perm;
permChecks = permChecks + p.getActions().toUpperCase().charAt(0);
// ServicePermissions required to create GSSName are ignored
if (!p.getActions().isEmpty()) {
permChecks = permChecks + p.getActions().toUpperCase().charAt(0);
}
}
public static void main(String[] args) throws Exception {
......
test/sun/security/krb5/name/Constructors.java
浏览文件 @ 57a8a863
......@@ -40,22 +40,22 @@ public class Constructors {
// Good ones
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R", "R", "a");
checkName("a@R2", type, "R", "R", "a");
checkName("a/b", type, "R", "R", "a", "b");
checkName("a/b@R2", type, "R", "R", "a", "b");
checkName("a/b/c", type, "R", "R", "a", "b", "c");
checkName("a/b/c@R2", type, "R", "R", "a", "b", "c");
checkName("a", type, "R", "R", false, "a");
checkName("a@R2", type, "R", "R", false, "a");
checkName("a/b", type, "R", "R", false, "a", "b");
checkName("a/b@R2", type, "R", "R", false, "a", "b");
checkName("a/b/c", type, "R", "R", false, "a", "b", "c");
checkName("a/b/c@R2", type, "R", "R", false, "a", "b", "c");
// Weird ones
checkName("a\\/b", type, "R", "R", "a/b");
checkName("a\\/b\\/c", type, "R", "R", "a/b/c");
checkName("a\\/b\\@R2", type, "R", "R", "a/b@R2");
checkName("a\\/b", type, "R", "R", false, "a/b");
checkName("a\\/b\\/c", type, "R", "R", false, "a/b/c");
checkName("a\\/b\\@R2", type, "R", "R", false, "a/b@R2");
// Bad ones
checkName("a", type, "", null);
checkName("a/", type, "R", null);
checkName("/a", type, "R", null);
checkName("a//b", type, "R", null);
checkName("a@", type, null, null);
checkName("a", type, "", null, false);
checkName("a/", type, "R", null, false);
checkName("/a", type, "R", null, false);
checkName("a//b", type, "R", null, false);
checkName("a@", type, null, null, false);
type = PrincipalName.KRB_NT_SRV_HST;
// Part 2: on realm choices
......@@ -77,17 +77,17 @@ public class Constructors {
if (testNoDefaultDomain) {
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, null); // fail if none
checkName("a/b@R1", type, null, "R1", "a", "b");
checkName("a", type, "R1", "R1", false, "a"); // arg
checkName("a@R1", type, null, "R1", false, "a"); // or r in name
checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r
checkName("a", type, null, null, false); // fail if none
checkName("a/b@R1", type, null, "R1", false, "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
// Let's pray "b.h" won't be canonicalized
checkName("a/b.h", type, "R1", "R1", "a", "b.h"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h@R1", type, "R2", "R2", "a", "b.h"); // arg over r
checkName("a/b.h", type, null, null); // fail if none
checkName("a/b.h", type, "R1", "R1", false, "a", "b.h"); // arg
checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name
checkName("a/b.h@R1", type, "R2", "R2", false, "a", "b.h"); // arg over r
checkName("a/b.h", type, null, null, false); // fail if none
}
// When there is default realm
......@@ -96,25 +96,25 @@ public class Constructors {
Config.refresh();
type = PrincipalName.KRB_NT_UNKNOWN;
checkName("a", type, "R1", "R1", "a"); // arg
checkName("a@R1", type, null, "R1", "a"); // or r in name
checkName("a@R2", type, "R1", "R1", "a"); // arg over r
checkName("a", type, null, "R", "a"); // default
checkName("a/b", type, null, "R", "a", "b");
checkName("a", type, "R1", "R1", false, "a"); // arg
checkName("a@R1", type, null, "R1", false, "a"); // or r in name
checkName("a@R2", type, "R1", "R1", false, "a"); // arg over r
checkName("a", type, null, "R", true, "a"); // default
checkName("a/b", type, null, "R", true, "a", "b");
type = PrincipalName.KRB_NT_SRV_HST;
checkName("a/b.h3", type, "R1", "R1", "a", "b.h3"); // arg
checkName("a/b.h@R1", type, null, "R1", "a", "b.h"); // or r in name
checkName("a/b.h3@R2", type, "R1", "R1", "a", "b.h3"); // arg over r
checkName("a/b.h2", type, "R1", "R1", "a", "b.h2"); // arg over map
checkName("a/b.h2@R1", type, null, "R1", "a", "b.h2"); // r over map
checkName("a/b.h2", type, null, "R2", "a", "b.h2"); // map
checkName("a/b.h", type, null, "R", "a", "b.h"); // default
checkName("a/b.h3", type, "R1", "R1", false, "a", "b.h3"); // arg
checkName("a/b.h@R1", type, null, "R1", false, "a", "b.h"); // or r in name
checkName("a/b.h3@R2", type, "R1", "R1", false, "a", "b.h3"); // arg over r
checkName("a/b.h2", type, "R1", "R1", false, "a", "b.h2"); // arg over map
checkName("a/b.h2@R1", type, null, "R1", false, "a", "b.h2"); // r over map
checkName("a/b.h2", type, null, "R2", true, "a", "b.h2"); // map
checkName("a/b.h", type, null, "R", true, "a", "b.h"); // default
}
// Check if the creation matches the expected output.
// Note: realm == null means creation failure
static void checkName(String n, int t, String s,
String realm, String... parts)
String realm, boolean deduced, String... parts)
throws Exception {
PrincipalName pn = null;
try {
......@@ -131,5 +131,8 @@ public class Constructors {
throw new Exception(pn.toString() + " vs "
+ Arrays.toString(parts) + "@" + realm);
}
if (deduced != pn.isRealmDeduced()) {
throw new Exception("pn.realmDeduced is " + pn.isRealmDeduced());
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册