Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
f9b04d2e
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
f9b04d2e
编写于
6月 05, 2012
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7172701: KDC tests cleanup
Reviewed-by: xuelei
上级
e22bd11b
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
59 addition
and
263 deletion
+59
-263
test/sun/security/krb5/auto/KDC.java
test/sun/security/krb5/auto/KDC.java
+14
-54
test/sun/security/krb5/auto/OkAsDelegate.java
test/sun/security/krb5/auto/OkAsDelegate.java
+28
-2
test/sun/security/krb5/auto/OkAsDelegateXRealm.java
test/sun/security/krb5/auto/OkAsDelegateXRealm.java
+17
-10
test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh
test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh
+0
-79
test/sun/security/krb5/auto/ok-as-delegate.sh
test/sun/security/krb5/auto/ok-as-delegate.sh
+0
-118
未找到文件。
test/sun/security/krb5/auto/KDC.java
浏览文件 @
f9b04d2e
/*
* Copyright (c) 2008, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 201
2
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -67,10 +67,6 @@ import sun.security.util.DerValue;
* <ul>
* <li>test.kdc.save.ccache
* </ul>
* Support policies:
* <ul>
* <li>ok-as-delegate
* </ul>
* Issues and TODOs:
* <ol>
* <li> Generates krb5.conf to be used on another machine, currently the kdc is
...
...
@@ -178,6 +174,10 @@ public class KDC {
* Multiple ETYPE-INFO-ENTRY with same etype but different salt
*/
DUP_ETYPE
,
/**
* What backend server can be delegated to
*/
OK_AS_DELEGATE
,
};
static
{
...
...
@@ -232,7 +232,11 @@ public class KDC {
* @param obj the value
*/
public
void
setOption
(
Option
key
,
Object
value
)
{
options
.
put
(
key
,
value
);
if
(
value
==
null
)
{
options
.
remove
(
key
);
}
else
{
options
.
put
(
key
,
value
);
}
}
/**
...
...
@@ -579,53 +583,6 @@ public class KDC {
}
}
private
Map
<
String
,
String
>
policies
=
new
HashMap
<>();
public
void
setPolicy
(
String
rule
,
String
value
)
{
if
(
value
==
null
)
{
policies
.
remove
(
rule
);
}
else
{
policies
.
put
(
rule
,
value
);
}
}
/**
* If the provided client/server pair matches a rule
*
* A system property named test.kdc.policy.RULE will be consulted.
* If it's unset, returns false. If its value is "", any pair is
* matched. Otherwise, it should contains the server name matched.
*
* TODO: client name is not used currently.
*
* @param c client name
* @param s server name
* @param rule rule name
* @return if a match is found
*/
private
boolean
configMatch
(
String
c
,
String
s
,
String
rule
)
{
String
policy
=
policies
.
get
(
rule
);
boolean
result
=
false
;
if
(
policy
==
null
)
{
result
=
false
;
}
else
if
(
policy
.
length
()
==
0
)
{
result
=
true
;
}
else
{
String
[]
names
=
policy
.
split
(
"\\s+"
);
for
(
String
name:
names
)
{
if
(
name
.
equals
(
s
))
{
result
=
true
;
break
;
}
}
}
if
(
result
)
{
System
.
out
.
printf
(
">>>> Policy match result (%s vs %s on %s) %b\n"
,
c
,
s
,
rule
,
result
);
}
return
result
;
}
/**
* Processes an incoming request and generates a response.
* @param in the request
...
...
@@ -724,7 +681,10 @@ public class KDC {
bFlags
[
Krb5
.
TKT_OPTS_MAY_POSTDATE
]
=
true
;
}
if
(
configMatch
(
""
,
service
.
getNameString
(),
"ok-as-delegate"
))
{
String
okAsDelegate
=
(
String
)
options
.
get
(
Option
.
OK_AS_DELEGATE
);
if
(
okAsDelegate
!=
null
&&
(
okAsDelegate
.
isEmpty
()
||
okAsDelegate
.
contains
(
service
.
getNameString
())))
{
bFlags
[
Krb5
.
TKT_OPTS_DELEGATE
]
=
true
;
}
bFlags
[
Krb5
.
TKT_OPTS_INITIAL
]
=
true
;
...
...
test/sun/security/krb5/auto/OkAsDelegate.java
浏览文件 @
f9b04d2e
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009,
2012,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -21,6 +21,32 @@
* questions.
*/
/*
* @test
* @bug 6853328 7172701
* @run main/othervm OkAsDelegate false true true false false false
* FORWARDABLE ticket not allowed, always fail
* @run main/othervm OkAsDelegate true false false false false false
* Service ticket no OK-AS-DELEGATE. Request nothing, gain nothing
* @run main/othervm OkAsDelegate true false true false false false
* Service ticket no OK-AS-DELEGATE. Request deleg policy, gain nothing
* @run main/othervm OkAsDelegate true true false true false true
* Service ticket no OK-AS-DELEGATE. Request deleg, granted
* @run main/othervm OkAsDelegate true true true true false true
* Service ticket no OK-AS-DELEGATE. Request deleg and deleg policy, granted, with info not by policy
* @run main/othervm -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true false true true true true
* Service ticket has OK-AS-DELEGATE. Request deleg policy, granted
* @run main/othervm -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true true true true true true
* Service ticket has OK-AS-DELEGATE. granted, with info by policy
* @run main/othervm -Dtest.spnego OkAsDelegate false true true false false false
* @run main/othervm -Dtest.spnego OkAsDelegate true false false false false false
* @run main/othervm -Dtest.spnego OkAsDelegate true false true false false false
* @run main/othervm -Dtest.spnego OkAsDelegate true true false true false true
* @run main/othervm -Dtest.spnego OkAsDelegate true true true true false true
* @run main/othervm -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true false true true true true
* @run main/othervm -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate true true true true true true
* @summary Support OK-AS-DELEGATE flag
*/
import
com.sun.security.jgss.ExtendedGSSContext
;
import
org.ietf.jgss.GSSCredential
;
import
org.ietf.jgss.GSSException
;
...
...
@@ -52,7 +78,7 @@ public class OkAsDelegate {
boolean
delegated
)
throws
Exception
{
OneKDC
kdc
=
new
OneKDC
(
null
);
kdc
.
set
Policy
(
"ok-as-delegate"
,
kdc
.
set
Option
(
KDC
.
Option
.
OK_AS_DELEGATE
,
System
.
getProperty
(
"test.kdc.policy.ok-as-delegate"
));
kdc
.
writeJAASConf
();
if
(!
forwardable
)
{
...
...
test/sun/security/krb5/auto/OkAsDelegateXRealm.java
浏览文件 @
f9b04d2e
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009,
2012,
Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -21,8 +21,19 @@
* questions.
*/
import
com.sun.security.jgss.ExtendedGSSContext
;
import
java.io.File
;
/*
* @test
* @bug 6853328 7172701
* @run main/othervm OkAsDelegateXRealm false
* KDC no OK-AS-DELEGATE, fail
* @run main/othervm -Dtest.kdc.policy.ok-as-delegate OkAsDelegateXRealm true
* KDC set OK-AS-DELEGATE for all, succeed
* @run main/othervm -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local OkAsDelegateXRealm false
* KDC set OK-AS-DELEGATE for host/host.r3.local only, fail
* @run main/othervm -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local,krbtgt/R2,krbtgt/R3 OkAsDelegateXRealm true
* KDC set OK-AS-DELEGATE for all three, succeed
* @summary Support OK-AS-DELEGATE flag
*/
import
java.io.FileOutputStream
;
import
java.io.IOException
;
import
java.security.Security
;
...
...
@@ -31,11 +42,7 @@ import javax.security.auth.callback.CallbackHandler;
import
javax.security.auth.callback.NameCallback
;
import
javax.security.auth.callback.PasswordCallback
;
import
javax.security.auth.callback.UnsupportedCallbackException
;
import
org.ietf.jgss.GSSContext
;
import
org.ietf.jgss.GSSCredential
;
import
org.ietf.jgss.GSSException
;
import
org.ietf.jgss.GSSManager
;
import
org.ietf.jgss.GSSName
;
import
sun.security.jgss.GSSUtil
;
import
sun.security.krb5.Config
;
...
...
@@ -50,21 +57,21 @@ public class OkAsDelegateXRealm implements CallbackHandler {
// Create and start the KDCs. Here we have 3 realms: R1, R2 and R3.
// R1 is trusted by R2, and R2 trusted by R3.
KDC
kdc1
=
KDC
.
create
(
"R1"
);
kdc1
.
set
Policy
(
"ok-as-delegate"
,
kdc1
.
set
Option
(
KDC
.
Option
.
OK_AS_DELEGATE
,
System
.
getProperty
(
"test.kdc.policy.ok-as-delegate"
));
kdc1
.
addPrincipal
(
"dummy"
,
"bogus"
.
toCharArray
());
kdc1
.
addPrincipalRandKey
(
"krbtgt/R1"
);
kdc1
.
addPrincipal
(
"krbtgt/R2@R1"
,
"r1->r2"
.
toCharArray
());
KDC
kdc2
=
KDC
.
create
(
"R2"
);
kdc2
.
set
Policy
(
"ok-as-delegate"
,
kdc2
.
set
Option
(
KDC
.
Option
.
OK_AS_DELEGATE
,
System
.
getProperty
(
"test.kdc.policy.ok-as-delegate"
));
kdc2
.
addPrincipalRandKey
(
"krbtgt/R2"
);
kdc2
.
addPrincipal
(
"krbtgt/R2@R1"
,
"r1->r2"
.
toCharArray
());
kdc2
.
addPrincipal
(
"krbtgt/R3@R2"
,
"r2->r3"
.
toCharArray
());
KDC
kdc3
=
KDC
.
create
(
"R3"
);
kdc3
.
set
Policy
(
"ok-as-delegate"
,
kdc3
.
set
Option
(
KDC
.
Option
.
OK_AS_DELEGATE
,
System
.
getProperty
(
"test.kdc.policy.ok-as-delegate"
));
kdc3
.
addPrincipalRandKey
(
"krbtgt/R3"
);
kdc3
.
addPrincipal
(
"krbtgt/R3@R2"
,
"r2->r3"
.
toCharArray
());
...
...
test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh
已删除
100644 → 0
浏览文件 @
e22bd11b
#
# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 6853328
# @summary Support OK-AS-DELEGATE flag
# @run shell/timeout=600 ok-as-delegate-xrealm.sh
#
if
[
"
${
TESTSRC
}
"
=
""
]
;
then
TESTSRC
=
`
dirname
$0
`
fi
if
[
"
${
TESTJAVA
}
"
=
""
]
;
then
JAVAC_CMD
=
`
which javac
`
TESTJAVA
=
`
dirname
$JAVAC_CMD
`
/..
fi
# set platform-dependent variables
OS
=
`
uname
-s
`
case
"
$OS
"
in
Windows_
*
)
FS
=
"
\\
"
SEP
=
";"
;;
CYGWIN
*
)
FS
=
"/"
SEP
=
";"
;;
*
)
FS
=
"/"
SEP
=
":"
;;
esac
${
TESTJAVA
}${
FS
}
bin
${
FS
}
javac
-XDignore
.symbol.file
-d
.
\
${
TESTSRC
}${
FS
}
OkAsDelegateXRealm.java
\
${
TESTSRC
}${
FS
}
KDC.java
\
${
TESTSRC
}${
FS
}
OneKDC.java
\
${
TESTSRC
}${
FS
}
Action.java
\
${
TESTSRC
}${
FS
}
Context.java
\
||
exit
10
# Add $TESTSRC to classpath so that customized nameservice can be used
J
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
java -cp
$TESTSRC
${
SEP
}
."
# KDC no OK-AS-DELEGATE, fail
$J
OkAsDelegateXRealm
false
||
exit
1
# KDC set OK-AS-DELEGATE for all, succeed
$J
-Dtest
.kdc.policy.ok-as-delegate OkAsDelegateXRealm
true
||
exit
2
# KDC set OK-AS-DELEGATE for host/host.r3.local only, fail
$J
-Dtest
.kdc.policy.ok-as-delegate
=
host/host.r3.local OkAsDelegateXRealm
false
||
exit
3
# KDC set OK-AS-DELEGATE for all, succeed
$J
"-Dtest.kdc.policy.ok-as-delegate=host/host.r3.local krbtgt/R2 krbtgt/R3"
OkAsDelegateXRealm
true
||
exit
4
exit
0
test/sun/security/krb5/auto/ok-as-delegate.sh
已删除
100644 → 0
浏览文件 @
e22bd11b
#
# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 6853328
# @summary Support OK-AS-DELEGATE flag
# @run shell/timeout=600 ok-as-delegate.sh
#
if
[
"
${
TESTSRC
}
"
=
""
]
;
then
TESTSRC
=
`
dirname
$0
`
fi
if
[
"
${
TESTJAVA
}
"
=
""
]
;
then
JAVAC_CMD
=
`
which javac
`
TESTJAVA
=
`
dirname
$JAVAC_CMD
`
/..
fi
# set platform-dependent variables
OS
=
`
uname
-s
`
case
"
$OS
"
in
Windows_
*
)
FS
=
"
\\
"
SEP
=
";"
;;
CYGWIN
*
)
FS
=
"/"
SEP
=
";"
;;
*
)
FS
=
"/"
SEP
=
":"
;;
esac
${
TESTJAVA
}${
FS
}
bin
${
FS
}
javac
-XDignore
.symbol.file
-d
.
\
${
TESTSRC
}${
FS
}
OkAsDelegate.java
\
${
TESTSRC
}${
FS
}
KDC.java
\
${
TESTSRC
}${
FS
}
OneKDC.java
\
${
TESTSRC
}${
FS
}
Action.java
\
${
TESTSRC
}${
FS
}
Context.java
\
||
exit
10
# Testing Kerberos 5
# Add $TESTSRC to classpath so that customized nameservice can be used
J
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
java -cp
$TESTSRC
${
SEP
}
. OkAsDelegate"
JOK
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
java -cp
$TESTSRC
${
SEP
}
. -Dtest.kdc.policy.ok-as-delegate OkAsDelegate"
# FORWARDABLE ticket not allowed, always fail
$J
false true true false false false
||
exit
1
# Service ticket no OK-AS-DELEGATE
# Request nothing, gain nothing
$J
true false false false false false
||
exit
2
# Request deleg policy, gain nothing
$J
true false true false false false
||
exit
3
# Request deleg, granted
$J
true true false true false true
||
exit
4
# Request deleg and deleg policy, granted, with info not by policy
$J
true true true true false true
||
exit
5
# Service ticket has OK-AS-DELEGATE
# Request deleg policy, granted
$JOK
true false true true true true
||
exit
6
# Request deleg and deleg policy, granted, with info by policy
$JOK
true true true true true true
||
exit
7
# Testing SPNEGO
# Add $TESTSRC to classpath so that customized nameservice can be used
J
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
java -cp
$TESTSRC
${
SEP
}
. -Dtest.spnego OkAsDelegate"
JOK
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
java -cp
$TESTSRC
${
SEP
}
. -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate"
# FORWARDABLE ticket not allowed, always fail
$J
false true true false false false
||
exit
11
# Service ticket no OK-AS-DELEGATE
# Request nothing, gain nothing
$J
true false false false false false
||
exit
12
# Request deleg policy, gain nothing
$J
true false true false false false
||
exit
13
# Request deleg, granted
$J
true true false true false true
||
exit
14
# Request deleg and deleg policy, granted, with info not by policy
$J
true true true true false true
||
exit
15
# Service ticket has OK-AS-DELEGATE
# Request deleg policy, granted
$JOK
true false true true true true
||
exit
16
# Request deleg and deleg policy, granted, with info by policy
$JOK
true true true true true true
||
exit
17
exit
0
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录