Mercurial > hg > release > icedtea7-forest-2.3 > jdk

changeset 6315:375646138f2e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix Kerberos cache support to check for null, fallback on old path support and not hardcode the krb5 library.
author andrew
date Fri, 04 Oct 2013 16:38:52 +0100
parents 5438973623f2
children 6200515176fa
files make/jdk_generic_profile.sh make/sun/security/Makefile make/sun/security/krb5/internal/ccache/Makefile src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
diffstat 4 files changed, 41 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/make/jdk_generic_profile.sh	Wed Feb 06 14:45:02 2013 -0800
+++ b/make/jdk_generic_profile.sh	Fri Oct 04 16:38:52 2013 +0100
@@ -454,9 +454,18 @@
 fi
 export GIF_LIBS
 
+# Export variables for system krb5
+# KRB5_CFLAGS and KRB5_LIBS tell the compiler how to compile and
+# link against Kerberos
+if [ "${KRB5_LIBS}" = "" ] ; then
+    KRB5_LIBS="-lkrb5"
+fi
+export KRB5_LIBS
+
 # IcedTea defaults; use system libraries
 export USE_SYSTEM_LCMS=true
 export USE_SYSTEM_ZLIB=true
 export USE_SYSTEM_JPEG=true
 export USE_SYSTEM_PNG=true
 export USE_SYSTEM_GIF=true
+export SYSTEM_KRB5=true
--- a/make/sun/security/Makefile	Wed Feb 06 14:45:02 2013 -0800
+++ b/make/sun/security/Makefile	Fri Oct 04 16:38:52 2013 +0100
@@ -56,7 +56,9 @@
 # Build krb5/internal/ccache only on Linux and Solaris platforms.
 KRB5_CCACHE =
 ifeq ($(PLATFORM), $(filter $(PLATFORM),linux solaris))
-  KRB5_CCACHE = krb5/internal/ccache
+  ifeq ($(SYSTEM_KRB5),true)
+    KRB5_CCACHE = krb5/internal/ccache
+  endif
 endif
 
 # Build Microsoft CryptoAPI provider only on Windows platform.
--- a/make/sun/security/krb5/internal/ccache/Makefile	Wed Feb 06 14:45:02 2013 -0800
+++ b/make/sun/security/krb5/internal/ccache/Makefile	Fri Oct 04 16:38:52 2013 +0100
@@ -44,5 +44,6 @@
 
 include $(BUILDDIR)/common/Library.gmk
 
-OTHER_LDLIBS = $(LIBDL) $(JVMLIB) -lkrb5
+OTHER_CFLAGS += $(KRB5_CFLAGS)
+OTHER_LDLIBS = $(LIBDL) $(JVMLIB) $(KRB5_LIBS)
 endif # PLATFORM
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Wed Feb 06 14:45:02 2013 -0800
+++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Fri Oct 04 16:38:52 2013 +0100
@@ -45,6 +45,9 @@
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
 
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+
 /**
  * CredentialsCache stores credentials(tickets, session keys, etc) in a
  * semi-permanent store
@@ -360,8 +363,9 @@
      *
      * 1. KRB5CCNAME
      * 2. location specified by Kerberos API on unix systems
-     * 3. <user.home>/krb5cc_<user.name>
-     * 4. <user.home>/krb5cc (if can't get <user.name>)
+     * 3. /tmp/krb5cc_<uid> on unix systems
+     * 4. <user.home>/krb5cc_<user.name>
+     * 5. <user.home>/krb5cc (if can't get <user.name>)
      */
 
     public static String getDefaultCacheName() {
@@ -429,16 +433,32 @@
                      * We require the default cache location to be a file name.
                      * DIR: can point to a cache collection, while DIR:: points
                      * to a specific cache file.
-                     *  
+                     *
                      * http://k5wiki.kerberos.org/wiki?title=Projects/Client_principal_selection&oldid=4118
                      */
-                    if (name.startsWith("FILE:") || name.startsWith("DIR::")) {
+                    if (name != null && (name.startsWith("FILE:") || name.startsWith("DIR::"))) {
                         name = name.substring(5);
                         if (DEBUG) {
                             System.out.println(">>>KinitOptions cache name is " +
                                     name);
                         }
                         return name;
+                    } else {
+                        long uid = 0;
+
+                        Class<?> c = Class.forName
+                            ("com.sun.security.auth.module.UnixSystem");
+                        Constructor<?> constructor = c.getConstructor();
+                        Object obj = constructor.newInstance();
+                        Method method = c.getMethod("getUid");
+                        uid =  ((Long)method.invoke(obj)).longValue();
+                        name = File.separator + "tmp" +
+                            File.separator + stdCacheNameComponent + "_" + uid;
+                        if (DEBUG) {
+                            System.out.println(">>>KinitOptions cache name is " +
+                                               name);
+                        }
+                        return name;
                     }
                 } catch (Exception e) {
                     if (DEBUG) {
@@ -483,7 +503,7 @@
 
         return name;
     }
-    
+
     private native static String nativeGetDefaultCacheName() throws Exception;
 
     public static String checkValidation(String name) {
@@ -566,7 +586,7 @@
         }
         return null;
     }
-    
+
     private static void ensureLoaded() {
         java.security.AccessController.doPrivileged(
                 new java.security.PrivilegedAction<Void> () {
@@ -577,5 +597,5 @@
                 });
         alreadyLoaded = true;
     }
-    
+
 }