Mercurial > hg > release > icedtea7-forest-2.3 > jdk
changeset 6315:375646138f2e
Fix Kerberos cache support to check for null, fallback on old path support and not hardcode the krb5 library.
author | andrew |
---|---|
date | Fri, 04 Oct 2013 16:38:52 +0100 |
parents | 5438973623f2 |
children | 6200515176fa |
files | make/jdk_generic_profile.sh make/sun/security/Makefile make/sun/security/krb5/internal/ccache/Makefile src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java |
diffstat | 4 files changed, 41 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/make/jdk_generic_profile.sh Wed Feb 06 14:45:02 2013 -0800 +++ b/make/jdk_generic_profile.sh Fri Oct 04 16:38:52 2013 +0100 @@ -454,9 +454,18 @@ fi export GIF_LIBS +# Export variables for system krb5 +# KRB5_CFLAGS and KRB5_LIBS tell the compiler how to compile and +# link against Kerberos +if [ "${KRB5_LIBS}" = "" ] ; then + KRB5_LIBS="-lkrb5" +fi +export KRB5_LIBS + # IcedTea defaults; use system libraries export USE_SYSTEM_LCMS=true export USE_SYSTEM_ZLIB=true export USE_SYSTEM_JPEG=true export USE_SYSTEM_PNG=true export USE_SYSTEM_GIF=true +export SYSTEM_KRB5=true
--- a/make/sun/security/Makefile Wed Feb 06 14:45:02 2013 -0800 +++ b/make/sun/security/Makefile Fri Oct 04 16:38:52 2013 +0100 @@ -56,7 +56,9 @@ # Build krb5/internal/ccache only on Linux and Solaris platforms. KRB5_CCACHE = ifeq ($(PLATFORM), $(filter $(PLATFORM),linux solaris)) - KRB5_CCACHE = krb5/internal/ccache + ifeq ($(SYSTEM_KRB5),true) + KRB5_CCACHE = krb5/internal/ccache + endif endif # Build Microsoft CryptoAPI provider only on Windows platform.
--- a/make/sun/security/krb5/internal/ccache/Makefile Wed Feb 06 14:45:02 2013 -0800 +++ b/make/sun/security/krb5/internal/ccache/Makefile Fri Oct 04 16:38:52 2013 +0100 @@ -44,5 +44,6 @@ include $(BUILDDIR)/common/Library.gmk -OTHER_LDLIBS = $(LIBDL) $(JVMLIB) -lkrb5 +OTHER_CFLAGS += $(KRB5_CFLAGS) +OTHER_LDLIBS = $(LIBDL) $(JVMLIB) $(KRB5_LIBS) endif # PLATFORM
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Wed Feb 06 14:45:02 2013 -0800 +++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java Fri Oct 04 16:38:52 2013 +0100 @@ -45,6 +45,9 @@ import java.io.BufferedReader; import java.io.InputStreamReader; +import java.lang.reflect.Constructor; +import java.lang.reflect.Method; + /** * CredentialsCache stores credentials(tickets, session keys, etc) in a * semi-permanent store @@ -360,8 +363,9 @@ * * 1. KRB5CCNAME * 2. location specified by Kerberos API on unix systems - * 3. <user.home>/krb5cc_<user.name> - * 4. <user.home>/krb5cc (if can't get <user.name>) + * 3. /tmp/krb5cc_<uid> on unix systems + * 4. <user.home>/krb5cc_<user.name> + * 5. <user.home>/krb5cc (if can't get <user.name>) */ public static String getDefaultCacheName() { @@ -429,16 +433,32 @@ * We require the default cache location to be a file name. * DIR: can point to a cache collection, while DIR:: points * to a specific cache file. - * + * * http://k5wiki.kerberos.org/wiki?title=Projects/Client_principal_selection&oldid=4118 */ - if (name.startsWith("FILE:") || name.startsWith("DIR::")) { + if (name != null && (name.startsWith("FILE:") || name.startsWith("DIR::"))) { name = name.substring(5); if (DEBUG) { System.out.println(">>>KinitOptions cache name is " + name); } return name; + } else { + long uid = 0; + + Class<?> c = Class.forName + ("com.sun.security.auth.module.UnixSystem"); + Constructor<?> constructor = c.getConstructor(); + Object obj = constructor.newInstance(); + Method method = c.getMethod("getUid"); + uid = ((Long)method.invoke(obj)).longValue(); + name = File.separator + "tmp" + + File.separator + stdCacheNameComponent + "_" + uid; + if (DEBUG) { + System.out.println(">>>KinitOptions cache name is " + + name); + } + return name; } } catch (Exception e) { if (DEBUG) { @@ -483,7 +503,7 @@ return name; } - + private native static String nativeGetDefaultCacheName() throws Exception; public static String checkValidation(String name) { @@ -566,7 +586,7 @@ } return null; } - + private static void ensureLoaded() { java.security.AccessController.doPrivileged( new java.security.PrivilegedAction<Void> () { @@ -577,5 +597,5 @@ }); alreadyLoaded = true; } - + }