提交 940e3ed9 编写于 作者: W weijun

8036779: sun.security.krb5.KdcComm interprets kdc_timeout as msec instead of sec

Reviewed-by: xuelei
上级 a112c854
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -144,7 +144,8 @@ public final class KdcComm {
try {
Config cfg = Config.getInstance();
String temp = cfg.get("libdefaults", "kdc_timeout");
timeout = parsePositiveIntString(temp);
timeout = parseTimeString(temp);
temp = cfg.get("libdefaults", "max_retries");
max_retries = parsePositiveIntString(temp);
temp = cfg.get("libdefaults", "udp_preference_limit");
......@@ -425,6 +426,25 @@ public final class KdcComm {
}
}
/**
* Parses a time value string. If it ends with "s", parses as seconds.
* Otherwise, parses as milliseconds.
* @param s the time string
* @return the integer value in milliseconds, or -1 if input is null or
* has an invalid format
*/
private static int parseTimeString(String s) {
if (s == null) {
return -1;
}
if (s.endsWith("s")) {
int seconds = parsePositiveIntString(s.substring(0, s.length()-1));
return (seconds < 0) ? -1 : (seconds*1000);
} else {
return parsePositiveIntString(s);
}
}
/**
* Returns krb5.conf setting of {@code key} for a specific realm,
* which can be:
......@@ -446,7 +466,11 @@ public final class KdcComm {
try {
String value =
Config.getInstance().get("realms", realm, key);
temp = parsePositiveIntString(value);
if (key.equals("kdc_timeout")) {
temp = parseTimeString(value);
} else {
temp = parsePositiveIntString(value);
}
} catch (Exception exc) {
// Ignored, defValue will be picked up
}
......
......@@ -141,6 +141,8 @@ public class KDC {
private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100);
// Options
private Map<Option,Object> options = new HashMap<>();
// Realm-specific krb5.conf settings
private List<String> conf = new ArrayList<>();
private Thread thread1, thread2, thread3;
DatagramSocket u1 = null;
......@@ -243,7 +245,7 @@ public class KDC {
/**
* Sets an option
* @param key the option name
* @param obj the value
* @param value the value
*/
public void setOption(Option key, Object value) {
if (value == null) {
......@@ -372,6 +374,13 @@ public class KDC {
return kdc;
}
/**
* Add realm-specific krb5.conf setting
*/
public void addConf(String s) {
conf.add(s);
}
/**
* Writes a krb5.conf for one or more KDC that includes KDC locations for
* each realm and the default realm name. You can also add extra strings
......@@ -397,6 +406,7 @@ public class KDC {
* [realms]
* REALM.NAME = {
* kdc = host:port_number
* # realm-specific settings
* }
* </pre>
*
......@@ -444,10 +454,10 @@ public class KDC {
}
}
sb.append("\n[realms]\n");
sb.append(realmLineForKDC(kdc));
sb.append(kdc.realmLine());
for (Object o: more) {
if (o instanceof KDC) {
sb.append(realmLineForKDC((KDC)o));
sb.append(((KDC)o).realmLine());
}
}
FileOutputStream fos = new FileOutputStream(f);
......@@ -1133,14 +1143,16 @@ public class KDC {
/**
* Generates a line for a KDC to put inside [realms] of krb5.conf
* @param kdc the KDC
* @return REALM.NAME = { kdc = host:port }
* @return REALM.NAME = { kdc = host:port etc }
*/
private static String realmLineForKDC(KDC kdc) {
return String.format("%s = {\n kdc = %s:%d\n}\n",
kdc.realm,
kdc.kdc,
kdc.port);
private String realmLine() {
StringBuilder sb = new StringBuilder();
sb.append(realm).append(" = {\n kdc = ")
.append(kdc).append(':').append(port).append('\n');
for (String s: conf) {
sb.append(" ").append(s).append('\n');
}
return sb.append("}\n").toString();
}
/**
......
......@@ -43,9 +43,15 @@ public class UdpTcp {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"udp_preference_limit = "
+ (args[0].equals("UDP") ? "1000" : "100"));
// Two styles of kdc_timeout setting. One global, one realm-specific.
if (args[0].equals("UDP")) {
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"kdc_timeout = 10s");
} else {
kdc.addConf("kdc_timeout = 10s");
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"udp_preference_limit = 1");
}
Config.refresh();
ByteArrayOutputStream bo = new ByteArrayOutputStream();
......@@ -56,7 +62,7 @@ public class UdpTcp {
for (String line: new String(bo.toByteArray()).split("\n")) {
if (line.contains(">>> KDCCommunication")) {
if (!line.contains(args[0])) {
if (!line.contains(args[0]) || !line.contains("timeout=10000")) {
throw new Exception("No " + args[0] + " in: " + line);
}
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册