diff --git a/src/share/classes/sun/security/jgss/GSSContextImpl.java b/src/share/classes/sun/security/jgss/GSSContextImpl.java index a506394703bd9996ebc2cc0f5a1d8353a28bc527..046f6478277b108d1405ff7025a1602e8804dac2 100644 --- a/src/share/classes/sun/security/jgss/GSSContextImpl.java +++ b/src/share/classes/sun/security/jgss/GSSContextImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -284,7 +284,8 @@ class GSSContextImpl implements GSSContext { ByteArrayOutputStream bos = new ByteArrayOutputStream(100); acceptSecContext(new ByteArrayInputStream(inTok, offset, len), bos); - return bos.toByteArray(); + byte[] out = bos.toByteArray(); + return (out.length == 0) ? null : out; } public void acceptSecContext(InputStream inStream, diff --git a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java index 5ea5cd36aeae95c48984a93edc464002738d363e..7185b0e08a720a7ce66fd045111a1094f50e5d66 100644 --- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java +++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -413,13 +413,14 @@ public class SpNegoContext implements GSSContextSpi { // pull out the mechanism token byte[] accept_token = targToken.getResponseToken(); if (accept_token == null) { - // return wth failure - throw new GSSException(errorCode, -1, - "mechansim token from server is null"); + if (!isMechContextEstablished()) { + // return with failure + throw new GSSException(errorCode, -1, + "mechanism token from server is null"); + } + } else { + mechToken = GSS_initSecContext(accept_token); } - - mechToken = GSS_initSecContext(accept_token); - // verify MIC if (!GSSUtil.useMSInterop()) { byte[] micToken = targToken.getMechListMIC(); @@ -428,7 +429,6 @@ public class SpNegoContext implements GSSContextSpi { "verification of MIC on MechList Failed!"); } } - if (isMechContextEstablished()) { state = STATE_DONE; retVal = mechToken; @@ -556,9 +556,6 @@ public class SpNegoContext implements GSSContextSpi { // get the token for mechanism byte[] accept_token = GSS_acceptSecContext(mechToken); - if (accept_token == null) { - valid = false; - } // verify MIC if (!GSSUtil.useMSInterop() && valid) { diff --git a/test/sun/security/krb5/auto/Context.java b/test/sun/security/krb5/auto/Context.java index 9f52dad1f1a08183be268ce5faee1b4123501e97..4bdaa252842fd0faf7415360e3181e6b6e483079 100644 --- a/test/sun/security/krb5/auto/Context.java +++ b/test/sun/security/krb5/auto/Context.java @@ -360,6 +360,10 @@ public class Context { if (me.x.isEstablished()) { me.f = true; System.out.println(c.name + " side established"); + if (input != null) { + throw new Exception("Context established but " + + "still receive token at " + c.name); + } return null; } else { System.out.println(c.name + " call initSecContext"); @@ -374,6 +378,10 @@ public class Context { if (me.x.isEstablished()) { me.f = true; System.out.println(s.name + " side established"); + if (input != null) { + throw new Exception("Context established but " + + "still receive token at " + s.name); + } return null; } else { System.out.println(s.name + " called acceptSecContext"); diff --git a/test/sun/security/krb5/auto/NonMutualSpnego.java b/test/sun/security/krb5/auto/NonMutualSpnego.java new file mode 100644 index 0000000000000000000000000000000000000000..f2e7812c3ed317ee375d7b200057a6d85e9b6cb5 --- /dev/null +++ b/test/sun/security/krb5/auto/NonMutualSpnego.java @@ -0,0 +1,58 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6733095 + * @summary Failure when SPNEGO request non-Mutual + */ + +import sun.security.jgss.GSSUtil; + +public class NonMutualSpnego { + + public static void main(String[] args) + throws Exception { + + // Create and start the KDC + new OneKDC(null).writeJAASConf(); + new NonMutualSpnego().go(); + } + + void go() throws Exception { + Context c = Context.fromJAAS("client"); + Context s = Context.fromJAAS("server"); + + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); + c.x().requestMutualAuth(false); + s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID); + + Context.handshake(c, s); + + Context.transmit("i say high --", c, s); + Context.transmit(" you say low", s, c); + + c.dispose(); + s.dispose(); + } +}