diff --git a/make/docs/CORE_PKGS.gmk b/make/docs/CORE_PKGS.gmk index 86aeae9501d02786601609620833d677a4185619..d55bb8b664e730892dcea773528479365664b352 100644 --- a/make/docs/CORE_PKGS.gmk +++ b/make/docs/CORE_PKGS.gmk @@ -128,9 +128,9 @@ CORE_PKGS = \ java.text \ java.text.spi \ java.time \ - java.time.temporal \ - java.time.calendar \ + java.time.chrono \ java.time.format \ + java.time.temporal \ java.time.zone \ java.util \ java.util.concurrent \ diff --git a/make/java/java/FILES_java.gmk b/make/java/java/FILES_java.gmk index bf0f983367068afb0f53761bceb1ba18648d2f9c..8c2f80c5248f4cc03d1d6437e38c7b9b73c3efbc 100644 --- a/make/java/java/FILES_java.gmk +++ b/make/java/java/FILES_java.gmk @@ -255,7 +255,6 @@ JAVA_JAVA_java = \ java/util/SimpleTimeZone.java \ sun/util/calendar/ZoneInfo.java \ sun/util/calendar/ZoneInfoFile.java \ - sun/util/calendar/TzIDOldMapping.java \ java/util/TooManyListenersException.java \ java/util/Comparator.java \ java/util/Collections.java \ @@ -389,6 +388,7 @@ JAVA_JAVA_java = \ java/util/concurrent/locks/ReadWriteLock.java \ java/util/concurrent/locks/ReentrantLock.java \ java/util/concurrent/locks/ReentrantReadWriteLock.java \ + java/util/concurrent/locks/StampedLock.java \ java/util/regex/Pattern.java \ java/util/regex/Matcher.java \ java/util/regex/MatchResult.java \ diff --git a/make/jprt.properties b/make/jprt.properties index a6d2ea1d0d4c7d8d94ef4f304afc6acd38e4d5f5..8f7038e1f3b62915a9e60c1cca37976e81d56553 100644 --- a/make/jprt.properties +++ b/make/jprt.properties @@ -63,6 +63,7 @@ jprt.vm.default.test.targets= \ ${jprt.my.test.target.set:TESTNAME=jvm98} # Default jdk test targets (testset=default) +# NOTE: This does not match test/Makefile :: jdk_default jprt.make.rule.default.test.targets= \ ${jprt.my.test.target.set:TESTNAME=jdk_lang}, \ ${jprt.my.test.target.set:TESTNAME=jdk_math} @@ -72,6 +73,7 @@ jprt.vm.core.test.targets= \ ${jprt.vm.default.test.targets} # Core jdk test targets (testset=core) +# NOTE: please keep this in sync with test/Makefile :: jdk_core jprt.make.rule.core.test.targets= \ ${jprt.make.rule.default.test.targets}, \ ${jprt.my.test.target.set:TESTNAME=jdk_util}, \ @@ -97,6 +99,7 @@ jprt.vm.all.test.targets= \ ${jprt.my.test.target.set:TESTNAME=jbb_default} # All jdk test targets (testset=all) +# NOTE: This does not match test/Makefile :: jdk_all jprt.make.rule.all.test.targets= \ ${jprt.make.rule.core.test.targets}, \ ${jprt.my.test.target.set:TESTNAME=jdk_awt}, \ diff --git a/make/sun/Makefile b/make/sun/Makefile index 3d26ee5e0b4d1887f256ade0de6e07189cb48a55..35fb554a81a68b7fd812aea651b8754849b5159c 100644 --- a/make/sun/Makefile +++ b/make/sun/Makefile @@ -70,7 +70,7 @@ else endif # nio need to be compiled before awt to have all charsets ready -SUBDIRS = jar security javazic misc net nio text util launcher cldr tzdb +SUBDIRS = jar security misc net nio text util launcher cldr tzdb ifdef BUILD_HEADLESS_ONLY DISPLAY_LIBS = awt $(HEADLESS_SUBDIR) diff --git a/make/sun/javazic/Makefile b/make/sun/javazic/Makefile index 23280317162139bfd5b913a128bf17b4a3b11b2a..9ae3c00b142ba6e2ec4f4a5ff0a67dfc86f5a4db 100644 --- a/make/sun/javazic/Makefile +++ b/make/sun/javazic/Makefile @@ -33,11 +33,11 @@ include $(BUILDDIR)/common/Defs.gmk # Time zone data file creation TZDATA = ./tzdata/ -TZDATA_VER = `$(GREP) '^tzdata' $(TZDATA)VERSION` +TZDATA_VER := $(shell $(GREP) '^tzdata' $(TZDATA)VERSION) TZFILE = \ africa antarctica asia australasia europe northamerica \ pacificnew southamerica backward \ - etcetera solar87 solar88 solar89 systemv + etcetera systemv JDKTZDATA = ./tzdata_jdk/ JDKTZFILES = gmt jdk11_backward TZFILES = \ diff --git a/make/sun/javazic/tzdata/gmt b/make/sun/javazic/tzdata/gmt new file mode 100644 index 0000000000000000000000000000000000000000..0be31797d7fd84d4ffbdc465f2f1c64755343e7b --- /dev/null +++ b/make/sun/javazic/tzdata/gmt @@ -0,0 +1,27 @@ +# +# Copyright (c) 2000, 2005, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# Zone NAME GMTOFF RULES FORMAT [UNTIL] +Zone GMT 0:00 - GMT diff --git a/make/sun/javazic/tzdata/jdk11_backward b/make/sun/javazic/tzdata/jdk11_backward new file mode 100644 index 0000000000000000000000000000000000000000..5404ceaae4c49288a3aadf32831f7632f2bc26b7 --- /dev/null +++ b/make/sun/javazic/tzdata/jdk11_backward @@ -0,0 +1,51 @@ +# +# Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# +# JDK 1.1.x compatible time zone IDs +# + +# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S +Rule SystemV min 1973 - Apr lastSun 2:00 1:00 D +Rule SystemV min 1973 - Oct lastSun 2:00 0 S +Rule SystemV 1974 only - Jan 6 2:00 1:00 D +Rule SystemV 1974 only - Nov lastSun 2:00 0 S +Rule SystemV 1975 only - Feb 23 2:00 1:00 D +Rule SystemV 1975 only - Oct lastSun 2:00 0 S +Rule SystemV 1976 max - Apr lastSun 2:00 1:00 D +Rule SystemV 1976 max - Oct lastSun 2:00 0 S + +# Zone NAME GMTOFF RULES/SAVE FORMAT [UNTIL] +Zone SystemV/AST4ADT -4:00 SystemV A%sT +Zone SystemV/EST5EDT -5:00 SystemV E%sT +Zone SystemV/CST6CDT -6:00 SystemV C%sT +Zone SystemV/MST7MDT -7:00 SystemV M%sT +Zone SystemV/PST8PDT -8:00 SystemV P%sT +Zone SystemV/YST9YDT -9:00 SystemV Y%sT +Zone SystemV/AST4 -4:00 - AST +Zone SystemV/EST5 -5:00 - EST +Zone SystemV/CST6 -6:00 - CST +Zone SystemV/MST7 -7:00 - MST +Zone SystemV/PST8 -8:00 - PST +Zone SystemV/YST9 -9:00 - YST +Zone SystemV/HST10 -10:00 - HST diff --git a/make/sun/tzdb/Makefile b/make/sun/tzdb/Makefile index d09a1251b1de074d79270fa483977ba3c18e1d5a..14fd87a5e69f9d9b3200e38fc9397098f56673e5 100644 --- a/make/sun/tzdb/Makefile +++ b/make/sun/tzdb/Makefile @@ -43,9 +43,15 @@ BUILD_MANIFEST=true # TZDATA_DIR := ../javazic/tzdata TZDATA_VER := $(subst tzdata,,$(shell $(GREP) '^tzdata' $(TZDATA_DIR)/VERSION)) -TZFILE := africa antarctica asia australasia europe northamerica southamerica backward etcetera +TZFILE := \ + africa antarctica asia australasia europe northamerica \ + pacificnew southamerica backward etcetera \ + gmt jdk11_backward + TZFILES := $(addprefix $(TZDATA_DIR)/,$(TZFILE)) + + TZDB_JAR = tzdb.jar # @@ -61,7 +67,7 @@ build: $(LIBDIR)/$(TZDB_JAR) $(LIBDIR)/$(TZDB_JAR): $(TZFILES) $(prep-target) echo build tzdb from version $(TZDATA_VER) - $(BOOT_JAVA_CMD) -jar $(BUILDTOOLJARDIR)/tzdb.jar -verbose \ + $(BOOT_JAVA_CMD) -jar $(BUILDTOOLJARDIR)/tzdb.jar \ -version $(TZDATA_VER) -srcdir $(TZDATA_DIR) -dstdir $(LIBDIR) $(TZFILE) clean clobber:: diff --git a/make/tools/Makefile b/make/tools/Makefile index 586a169948658cda877e84acb2dff6982e11014d..e01f77ea03d16fa1dbdbbce82a83e070e884b66e 100644 --- a/make/tools/Makefile +++ b/make/tools/Makefile @@ -48,7 +48,6 @@ SUBDIRS = \ hasher_classes \ jarreorder \ jarsplit \ - javazic \ jdwpgen \ makeclasslist \ strip_properties \ diff --git a/make/tools/src/build/tools/javazic/Zoneinfo.java b/make/tools/src/build/tools/javazic/Zoneinfo.java index 5614a3c25f315382d9f44a182b45d9f5005e99a7..129f87c57d29fdbf70fa2b8947c2bd8c02dfef7a 100644 --- a/make/tools/src/build/tools/javazic/Zoneinfo.java +++ b/make/tools/src/build/tools/javazic/Zoneinfo.java @@ -490,11 +490,16 @@ class Zoneinfo { tz.addUsedRec(rrec); usedZone = true; } - } else { + } else { // fromTime == minTime int save = rrec.getSave(); - tz.addTransition(fromTime, + tz.addTransition(minTime, + tz.getOffsetIndex(gmtOffset), + tz.getDstOffsetIndex(0)); + + tz.addTransition(transition, tz.getOffsetIndex(gmtOffset+save), tz.getDstOffsetIndex(save)); + tz.addUsedRec(rrec); usedZone = true; } diff --git a/make/tools/src/build/tools/tzdb/TzdbZoneRulesCompiler.java b/make/tools/src/build/tools/tzdb/TzdbZoneRulesCompiler.java index 7b32ccf267a3a617d5cf087ad2262b4f6207d429..6f42dd9f60027d44c546320211d42cc7b655dda1 100644 --- a/make/tools/src/build/tools/tzdb/TzdbZoneRulesCompiler.java +++ b/make/tools/src/build/tools/tzdb/TzdbZoneRulesCompiler.java @@ -227,6 +227,7 @@ public final class TzdbZoneRulesCompiler { Map> allBuiltZones = new TreeMap<>(); Set allRegionIds = new TreeSet(); Set allRules = new HashSet(); + Map> allLinks = new TreeMap<>(); for (File srcDir : srcDirs) { // source files in this directory @@ -242,7 +243,8 @@ public final class TzdbZoneRulesCompiler { } // compile - String loopVersion = srcDir.getName(); + String loopVersion = (srcDirs.size() == 1 && version != null) + ? version : srcDir.getName(); TzdbZoneRulesCompiler compiler = new TzdbZoneRulesCompiler(loopVersion, srcFiles, verbose); try { // compile @@ -255,12 +257,13 @@ public final class TzdbZoneRulesCompiler { if (verbose) { System.out.println("Outputting file: " + dstFile); } - outputFile(dstFile, loopVersion, builtZones); + outputFile(dstFile, loopVersion, builtZones, compiler.links); // create totals allBuiltZones.put(loopVersion, builtZones); allRegionIds.addAll(builtZones.keySet()); allRules.addAll(builtZones.values()); + allLinks.put(loopVersion, compiler.links); } catch (Exception ex) { System.out.println("Failed: " + ex.toString()); ex.printStackTrace(); @@ -274,7 +277,7 @@ public final class TzdbZoneRulesCompiler { if (verbose) { System.out.println("Outputting combined file: " + dstFile); } - outputFile(dstFile, allBuiltZones, allRegionIds, allRules); + outputFile(dstFile, allBuiltZones, allRegionIds, allRules, allLinks); } } @@ -283,12 +286,15 @@ public final class TzdbZoneRulesCompiler { */ private static void outputFile(File dstFile, String version, - SortedMap builtZones) { + SortedMap builtZones, + Map links) { Map> loopAllBuiltZones = new TreeMap<>(); loopAllBuiltZones.put(version, builtZones); Set loopAllRegionIds = new TreeSet(builtZones.keySet()); Set loopAllRules = new HashSet(builtZones.values()); - outputFile(dstFile, loopAllBuiltZones, loopAllRegionIds, loopAllRules); + Map> loopAllLinks = new TreeMap<>(); + loopAllLinks.put(version, links); + outputFile(dstFile, loopAllBuiltZones, loopAllRegionIds, loopAllRules, loopAllLinks); } /** @@ -297,10 +303,10 @@ public final class TzdbZoneRulesCompiler { private static void outputFile(File dstFile, Map> allBuiltZones, Set allRegionIds, - Set allRules) - { + Set allRules, + Map> allLinks) { try (JarOutputStream jos = new JarOutputStream(new FileOutputStream(dstFile))) { - outputTZEntry(jos, allBuiltZones, allRegionIds, allRules); + outputTZEntry(jos, allBuiltZones, allRegionIds, allRules, allLinks); } catch (Exception ex) { System.out.println("Failed: " + ex.toString()); ex.printStackTrace(); @@ -314,7 +320,8 @@ public final class TzdbZoneRulesCompiler { private static void outputTZEntry(JarOutputStream jos, Map> allBuiltZones, Set allRegionIds, - Set allRules) { + Set allRules, + Map> allLinks) { // this format is not publicly specified try { jos.putNextEntry(new ZipEntry("TZDB.dat")); @@ -359,6 +366,16 @@ public final class TzdbZoneRulesCompiler { out.writeShort(rulesIndex); } } + // alias-region + for (String version : allLinks.keySet()) { + out.writeShort(allLinks.get(version).size()); + for (Map.Entry entry : allLinks.get(version).entrySet()) { + int aliasIndex = Arrays.binarySearch(regionArray, entry.getKey()); + int regionIndex = Arrays.binarySearch(regionArray, entry.getValue()); + out.writeShort(aliasIndex); + out.writeShort(regionIndex); + } + } out.flush(); jos.closeEntry(); } catch (Exception ex) { @@ -621,7 +638,8 @@ public final class TzdbZoneRulesCompiler { private int parseYear(String str, int defaultYear) { if (YEAR.reset(str).matches()) { if (YEAR.group("min") != null) { - return YEAR_MIN_VALUE; + //return YEAR_MIN_VALUE; + return 1900; // systemv has min } else if (YEAR.group("max") != null) { return YEAR_MAX_VALUE; } else if (YEAR.group("only") != null) { @@ -742,16 +760,20 @@ public final class TzdbZoneRulesCompiler { if (realRules == null) { throw new IllegalArgumentException("Alias '" + aliasId + "' links to invalid zone '" + realId + "' for '" + version + "'"); } + links.put(aliasId, realId); + } builtZones.put(aliasId, realRules); } // remove UTC and GMT - builtZones.remove("UTC"); - builtZones.remove("GMT"); - builtZones.remove("GMT0"); + //builtZones.remove("UTC"); + //builtZones.remove("GMT"); + //builtZones.remove("GMT0"); builtZones.remove("GMT+0"); builtZones.remove("GMT-0"); + links.remove("GMT+0"); + links.remove("GMT-0"); } //----------------------------------------------------------------------- @@ -785,7 +807,6 @@ public final class TzdbZoneRulesCompiler { boolean endOfDay; /** The time of the cutover. */ TimeDefinition timeDefinition = TimeDefinition.WALL; - void adjustToFowards(int year) { if (adjustForwards == false && dayOfMonth > 0) { LocalDate adjustedDate = LocalDate.of(year, month, dayOfMonth).minusDays(6); diff --git a/makefiles/GendataTZDB.gmk b/makefiles/GendataTZDB.gmk index 3c608fb06ba611c7dcee0497b833ff45ecc7619c..51289dd1b6c141849477f26edbdec74381385778 100644 --- a/makefiles/GendataTZDB.gmk +++ b/makefiles/GendataTZDB.gmk @@ -30,7 +30,7 @@ GENDATA_TZDB := # TZDATA_DIR := $(JDK_TOPDIR)/make/sun/javazic/tzdata TZDATA_VER := $(subst tzdata,,$(shell $(GREP) '^tzdata' $(TZDATA_DIR)/VERSION)) -TZDATA_TZFILE := africa antarctica asia australasia europe northamerica southamerica backward etcetera +TZDATA_TZFILE := africa antarctica asia australasia europe northamerica pacificnew southamerica backward etcetera gmt jdk11_backward TZDATA_TZFILES := $(addprefix $(TZDATA_DIR)/,$(TZDATA_TZFILE)) GENDATA_TZDB_DST := $(JDK_OUTPUTDIR)/lib @@ -39,6 +39,6 @@ GENDATA_TZDB_JAR := tzdb.jar $(GENDATA_TZDB_DST)/$(GENDATA_TZDB_JAR) : $(TZDATA_TZFILES) $(RM) $(GENDATA_TZDB_DST)/$(GENDATA_TZDB_JAR) echo building tzdb from version $(TZDATA_VER) - $(TOOL_TZDB) -verbose -version $(TZDATA_VER) -srcdir $(TZDATA_DIR) -dstdir $(GENDATA_TZDB_DST) $(TZDATA_TZFILE) + $(TOOL_TZDB) -version $(TZDATA_VER) -srcdir $(TZDATA_DIR) -dstdir $(GENDATA_TZDB_DST) $(TZDATA_TZFILE) GENDATA_TZDB += $(GENDATA_TZDB_DST)/$(GENDATA_TZDB_JAR) diff --git a/makefiles/GendataTimeZone.gmk b/makefiles/GendataTimeZone.gmk index dcca735b8f564690c28b5e0722de70a00752c99a..1a482dcc04454b8f6249835a0fbbe83c3181a107 100644 --- a/makefiles/GendataTimeZone.gmk +++ b/makefiles/GendataTimeZone.gmk @@ -34,7 +34,7 @@ GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone TZFILE0 := \ africa antarctica asia australasia europe northamerica \ pacificnew southamerica backward \ - etcetera solar87 solar88 solar89 systemv + etcetera systemv TZFILE1 := \ gmt jdk11_backward diff --git a/makefiles/GenerateData.gmk b/makefiles/GenerateData.gmk index 7d7e16b690353561adbbcbf6bc7fce72169d135a..f35cf3278df6ca6c87c72d3e2be8e72cabbece68 100644 --- a/makefiles/GenerateData.gmk +++ b/makefiles/GenerateData.gmk @@ -44,9 +44,6 @@ GENDATA += $(BREAK_ITERATOR) include GendataFontConfig.gmk GENDATA += $(GENDATA_FONT_CONFIG) -include GendataTimeZone.gmk -GENDATA += $(GENDATA_TIMEZONE) - include GendataTZDB.gmk GENDATA += $(GENDATA_TZDB) diff --git a/makefiles/Tools.gmk b/makefiles/Tools.gmk index 811dd47fe28c00590d04bfd4c1dc874d1a86284e..6a9fd0fe7909b2fa50680e42e1fb06d344bbed80 100644 --- a/makefiles/Tools.gmk +++ b/makefiles/Tools.gmk @@ -103,9 +103,6 @@ TOOL_HASHER=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \ TOOL_JARSPLIT=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \ build.tools.jarsplit.JarSplit -TOOL_JAVAZIC=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \ - build.tools.javazic.Main - TOOL_TZDB=$(JAVA) -cp $(JDK_OUTPUTDIR)/btclasses \ build.tools.tzdb.TzdbZoneRulesCompiler diff --git a/src/share/bin/parse_manifest.c b/src/share/bin/parse_manifest.c index ec3014931f22330f3ebe89cc1664e7d28b3fc1c5..61b0bbf4884461b58ff88529114e30b36f427948 100644 --- a/src/share/bin/parse_manifest.c +++ b/src/share/bin/parse_manifest.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -106,8 +106,9 @@ inflate_file(int fd, zentry *entry, int *size_out) *size_out = (int)entry->isize; } return (out); - } else - return (NULL); + } + free(in); + return (NULL); } static jboolean zip64_present = JNI_FALSE; @@ -563,7 +564,7 @@ JLI_ParseManifest(char *jarfile, manifest_info *info) if ((fd = open(jarfile, O_RDONLY #ifdef O_LARGEFILE - | O_LARGEFILE /* large file mode on solaris */ + | O_LARGEFILE /* large file mode */ #endif #ifdef O_BINARY | O_BINARY /* use binary mode on windows */ @@ -618,6 +619,9 @@ JLI_JarUnpackFile(const char *jarfile, const char *filename, int *size) { void *data = NULL; fd = open(jarfile, O_RDONLY +#ifdef O_LARGEFILE + | O_LARGEFILE /* large file mode */ +#endif #ifdef O_BINARY | O_BINARY /* use binary mode on windows */ #endif @@ -661,6 +665,9 @@ JLI_ManifestIterate(const char *jarfile, attribute_closure ac, void *user_data) int rc; if ((fd = open(jarfile, O_RDONLY +#ifdef O_LARGEFILE + | O_LARGEFILE /* large file mode */ +#endif #ifdef O_BINARY | O_BINARY /* use binary mode on windows */ #endif diff --git a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java index 3d1744ba172c1383966a49b3b97199375a052702..719aeee76d48d1e0d7d11c64241edba9bb2acad7 100644 --- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java +++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java @@ -52,16 +52,19 @@ import sun.misc.HexDumpEncoder; * principal set and private credentials set are updated only when * commit is called. * When commit is called, the KerberosPrincipal - * is added to the Subject's - * principal set and KerberosTicket is + * is added to the Subject's principal set (unless the + * principal is specified as "*"). If isInitiator + * is true, the KerberosTicket is * added to the Subject's private credentials. * *

If the configuration entry for KerberosLoginModule * has the option storeKey set to true, then - * KerberosKey will also be added to the + * KerberosKey or KeyTab will also be added to the * subject's private credentials. KerberosKey, the principal's - * key will be either obtained from the keytab or - * derived from user's password. + * key(s) will be derived from user's password, and KeyTab is + * the keytab used when useKeyTab is set to true. The + * KeyTab object is restricted to be used by the specified + * principal unless the principal value is "*". * *

This LoginModule recognizes the doNotPrompt * option. If set to true the user will not be prompted for the password. @@ -75,8 +78,8 @@ import sun.misc.HexDumpEncoder; * *

The principal name can be specified in the configuration entry * by using the option principal. The principal name - * can either be a simple user name or a service name such as - * host/mission.eng.sun.com. The principal can also + * can either be a simple user name, a service name such as + * host/mission.eng.sun.com, or "*". The principal can also * be set using the system property sun.security.krb5.principal. * This property is checked during login. If this property is not set, then * the principal name from the configuration is used. In the @@ -87,11 +90,10 @@ import sun.misc.HexDumpEncoder; * *

The following is a list of configuration options supported * for Krb5LoginModule: - *

- *
refreshKrb5Config:
+ *
+ *
refreshKrb5Config:
*
Set this to true, if you want the configuration * to be refreshed before the login method is called.
- *

*

useTicketCache:
*
Set this to true, if you want the * TGT to be obtained @@ -112,19 +114,16 @@ import sun.misc.HexDumpEncoder; * ticketCache. * For Windows, if a ticket cannot be retrieved from the file ticket cache, * it will use Local Security Authority (LSA) API to get the TGT. - *

*

ticketCache:
*
Set this to the name of the ticket * cache that contains user's TGT. * If this is set, useTicketCache * must also be set to true; Otherwise a configuration error will * be returned.
- *

*

renewTGT:
*
Set this to true, if you want to renew * the TGT. If this is set, useTicketCache must also be * set to true; otherwise a configuration error will be returned.
- *

*

doNotPrompt:
*
Set this to true if you do not want to be * prompted for the password @@ -132,7 +131,6 @@ import sun.misc.HexDumpEncoder; * or through shared state.(Default is false) * If set to true, credential must be obtained through cache, keytab, * or shared state. Otherwise, authentication will fail.
- *

*

useKeyTab:
*
Set this to true if you * want the module to get the principal's key from the @@ -144,15 +142,15 @@ import sun.misc.HexDumpEncoder; * If it is not specified in the Kerberos configuration file * then it will look for the file * {user.home}{file.separator}krb5.keytab.
- *

*

keyTab:
*
Set this to the file name of the * keytab to get principal's secret key.
- *

*

storeKey:
- *
Set this to true to if you want the - * principal's key to be stored in the Subject's private credentials.
- *

+ *

Set this to true to if you want the keytab or the + * principal's key to be stored in the Subject's private credentials. + * For isInitiator being false, if principal + * is "*", the {@link KeyTab} stored can be used by anyone, otherwise, + * it's restricted to be used by the specified principal only.
*
principal:
*
The name of the principal that should * be used. The principal can be a simple username such as @@ -165,8 +163,13 @@ import sun.misc.HexDumpEncoder; * sun.security.krb5.principal. In addition, if this * system property is defined, then it will be used. If this property * is not set, then the principal name from the configuration will be - * used.
- *

+ * used. + * The principal name can be set to "*" when isInitiator is false. + * In this case, the acceptor is not bound to a single principal. It can + * act as any principal an initiator requests if keys for that principal + * can be found. When isInitiator is true, the principal name + * cannot be set to "*". + * *

isInitiator:
*
Set this to true, if initiator. Set this to false, if acceptor only. * (Default is true). @@ -177,18 +180,20 @@ import sun.misc.HexDumpEncoder; * Configuration * options that enable you to share username and passwords across different * authentication modules: - * 
+ * 

  *
- *    useFirstPass   if, true, this LoginModule retrieves the
+ *    
useFirstPass:

+ *                   
if, true, this LoginModule retrieves the
  *                   username and password from the module's shared state,
  *                   using "javax.security.auth.login.name" and
  *                   "javax.security.auth.login.password" as the respective
  *                   keys. The retrieved values are used for authentication.
  *                   If authentication fails, no attempt for a retry
  *                   is made, and the failure is reported back to the
- *                   calling application.
+ *                   calling application.

  *
- *    tryFirstPass   if, true, this LoginModule retrieves the
+ *    
tryFirstPass:

+ *                   
if, true, this LoginModule retrieves the
  *                   the username and password from the module's shared
  *                   state using "javax.security.auth.login.name" and
  *                   "javax.security.auth.login.password" as the respective
@@ -198,26 +203,28 @@ import sun.misc.HexDumpEncoder;
  *                   CallbackHandler to retrieve a new username
  *                   and password, and another attempt to authenticate
  *                   is made. If the authentication fails,
- *                   the failure is reported back to the calling application
+ *                   the failure is reported back to the calling application

  *
- *    storePass      if, true, this LoginModule stores the username and
+ *    
storePass:

+ *                   
if, true, this LoginModule stores the username and
  *                   password obtained from the CallbackHandler in the
  *                   modules shared state, using
  *                   "javax.security.auth.login.name" and
  *                   "javax.security.auth.login.password" as the respective
  *                   keys.  This is not performed if existing values already
  *                   exist for the username and password in the shared
- *                   state, or if authentication fails.
+ *                   state, or if authentication fails.

  *
- *    clearPass      if, true, this LoginModule clears the
+ *    
clearPass:

+ *                   
if, true, this LoginModule clears the
  *                   username and password stored in the module's shared
  *                   state  after both phases of authentication
- *                   (login and commit) have completed.
- *
+ * (login and commit) have completed.
+ *
*

If the principal system property or key is already provided, the value of * "javax.security.auth.login.name" in the shared state is ignored. *

When multiple mechanisms to retrieve a ticket or key is provided, the - * preference order looks like this: + * preference order is: *

    *
  1. ticket cache *
  2. keytab @@ -225,7 +232,7 @@ import sun.misc.HexDumpEncoder; *
  3. user prompt *
*

Note that if any step fails, it will fallback to the next step. - * There's only one exception, it the shared state step fails and + * There's only one exception, if the shared state step fails and * useFirstPass=true, no user prompt is made. *

Examples of some configuration values for Krb5LoginModule in * JAAS config file and the results are: @@ -318,7 +325,7 @@ import sun.misc.HexDumpEncoder; *

useKeyTab = true * keyTab=<keytabname> * storeKey=true - * doNotPrompt=true; + * doNotPrompt=false; * *

The user will be prompted for the service principal name. * If the principal's @@ -328,6 +335,14 @@ import sun.misc.HexDumpEncoder; * If successful the TGT will be added to the * Subject's private credentials set. Otherwise the authentication will * fail. + *

    + *

    isInitiator = false useKeyTab = true + * keyTab=<keytabname> + * storeKey=true + * principal=*; + *

+ *

The acceptor will be an unbound acceptor and it can act as any principal + * as long that principal has keys in the keytab. *