提交 940e3ed9 编写于 作者: W weijun

8036779: sun.security.krb5.KdcComm interprets kdc_timeout as msec instead of sec

Reviewed-by: xuelei
上级 a112c854
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -144,7 +144,8 @@ public final class KdcComm { ...@@ -144,7 +144,8 @@ public final class KdcComm {
try { try {
Config cfg = Config.getInstance(); Config cfg = Config.getInstance();
String temp = cfg.get("libdefaults", "kdc_timeout"); String temp = cfg.get("libdefaults", "kdc_timeout");
timeout = parsePositiveIntString(temp); timeout = parseTimeString(temp);
temp = cfg.get("libdefaults", "max_retries"); temp = cfg.get("libdefaults", "max_retries");
max_retries = parsePositiveIntString(temp); max_retries = parsePositiveIntString(temp);
temp = cfg.get("libdefaults", "udp_preference_limit"); temp = cfg.get("libdefaults", "udp_preference_limit");
...@@ -425,6 +426,25 @@ public final class KdcComm { ...@@ -425,6 +426,25 @@ public final class KdcComm {
} }
} }
/**
* Parses a time value string. If it ends with "s", parses as seconds.
* Otherwise, parses as milliseconds.
* @param s the time string
* @return the integer value in milliseconds, or -1 if input is null or
* has an invalid format
*/
private static int parseTimeString(String s) {
if (s == null) {
return -1;
}
if (s.endsWith("s")) {
int seconds = parsePositiveIntString(s.substring(0, s.length()-1));
return (seconds < 0) ? -1 : (seconds*1000);
} else {
return parsePositiveIntString(s);
}
}
/** /**
* Returns krb5.conf setting of {@code key} for a specific realm, * Returns krb5.conf setting of {@code key} for a specific realm,
* which can be: * which can be:
...@@ -446,7 +466,11 @@ public final class KdcComm { ...@@ -446,7 +466,11 @@ public final class KdcComm {
try { try {
String value = String value =
Config.getInstance().get("realms", realm, key); Config.getInstance().get("realms", realm, key);
temp = parsePositiveIntString(value); if (key.equals("kdc_timeout")) {
temp = parseTimeString(value);
} else {
temp = parsePositiveIntString(value);
}
} catch (Exception exc) { } catch (Exception exc) {
// Ignored, defValue will be picked up // Ignored, defValue will be picked up
} }
......
...@@ -141,6 +141,8 @@ public class KDC { ...@@ -141,6 +141,8 @@ public class KDC {
private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100); private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100);
// Options // Options
private Map<Option,Object> options = new HashMap<>(); private Map<Option,Object> options = new HashMap<>();
// Realm-specific krb5.conf settings
private List<String> conf = new ArrayList<>();
private Thread thread1, thread2, thread3; private Thread thread1, thread2, thread3;
DatagramSocket u1 = null; DatagramSocket u1 = null;
...@@ -243,7 +245,7 @@ public class KDC { ...@@ -243,7 +245,7 @@ public class KDC {
/** /**
* Sets an option * Sets an option
* @param key the option name * @param key the option name
* @param obj the value * @param value the value
*/ */
public void setOption(Option key, Object value) { public void setOption(Option key, Object value) {
if (value == null) { if (value == null) {
...@@ -372,6 +374,13 @@ public class KDC { ...@@ -372,6 +374,13 @@ public class KDC {
return kdc; return kdc;
} }
/**
* Add realm-specific krb5.conf setting
*/
public void addConf(String s) {
conf.add(s);
}
/** /**
* Writes a krb5.conf for one or more KDC that includes KDC locations for * Writes a krb5.conf for one or more KDC that includes KDC locations for
* each realm and the default realm name. You can also add extra strings * each realm and the default realm name. You can also add extra strings
...@@ -397,6 +406,7 @@ public class KDC { ...@@ -397,6 +406,7 @@ public class KDC {
* [realms] * [realms]
* REALM.NAME = { * REALM.NAME = {
* kdc = host:port_number * kdc = host:port_number
* # realm-specific settings
* } * }
* </pre> * </pre>
* *
...@@ -444,10 +454,10 @@ public class KDC { ...@@ -444,10 +454,10 @@ public class KDC {
} }
} }
sb.append("\n[realms]\n"); sb.append("\n[realms]\n");
sb.append(realmLineForKDC(kdc)); sb.append(kdc.realmLine());
for (Object o: more) { for (Object o: more) {
if (o instanceof KDC) { if (o instanceof KDC) {
sb.append(realmLineForKDC((KDC)o)); sb.append(((KDC)o).realmLine());
} }
} }
FileOutputStream fos = new FileOutputStream(f); FileOutputStream fos = new FileOutputStream(f);
...@@ -1133,14 +1143,16 @@ public class KDC { ...@@ -1133,14 +1143,16 @@ public class KDC {
/** /**
* Generates a line for a KDC to put inside [realms] of krb5.conf * Generates a line for a KDC to put inside [realms] of krb5.conf
* @param kdc the KDC * @return REALM.NAME = { kdc = host:port etc }
* @return REALM.NAME = { kdc = host:port }
*/ */
private static String realmLineForKDC(KDC kdc) { private String realmLine() {
return String.format("%s = {\n kdc = %s:%d\n}\n", StringBuilder sb = new StringBuilder();
kdc.realm, sb.append(realm).append(" = {\n kdc = ")
kdc.kdc, .append(kdc).append(':').append(port).append('\n');
kdc.port); for (String s: conf) {
sb.append(" ").append(s).append('\n');
}
return sb.append("}\n").toString();
} }
/** /**
......
...@@ -43,9 +43,15 @@ public class UdpTcp { ...@@ -43,9 +43,15 @@ public class UdpTcp {
OneKDC kdc = new OneKDC(null); OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf(); kdc.writeJAASConf();
KDC.saveConfig(OneKDC.KRB5_CONF, kdc, // Two styles of kdc_timeout setting. One global, one realm-specific.
"udp_preference_limit = " if (args[0].equals("UDP")) {
+ (args[0].equals("UDP") ? "1000" : "100")); KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"kdc_timeout = 10s");
} else {
kdc.addConf("kdc_timeout = 10s");
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"udp_preference_limit = 1");
}
Config.refresh(); Config.refresh();
ByteArrayOutputStream bo = new ByteArrayOutputStream(); ByteArrayOutputStream bo = new ByteArrayOutputStream();
...@@ -56,7 +62,7 @@ public class UdpTcp { ...@@ -56,7 +62,7 @@ public class UdpTcp {
for (String line: new String(bo.toByteArray()).split("\n")) { for (String line: new String(bo.toByteArray()).split("\n")) {
if (line.contains(">>> KDCCommunication")) { if (line.contains(">>> KDCCommunication")) {
if (!line.contains(args[0])) { if (!line.contains(args[0]) || !line.contains("timeout=10000")) {
throw new Exception("No " + args[0] + " in: " + line); throw new Exception("No " + args[0] + " in: " + line);
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册