Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9890:a6419eed11eb
8036779: sun.security.krb5.KdcComm interprets kdc_timeout as msec instead of sec
Reviewed-by: xuelei
author | weijun |
---|---|
date | Mon, 03 Feb 2020 01:42:43 +0000 |
parents | e37926332404 |
children | 19028b6e31fc |
files | src/share/classes/sun/security/krb5/KdcComm.java test/sun/security/krb5/auto/KDC.java test/sun/security/krb5/auto/UdpTcp.java |
diffstat | 3 files changed, 59 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/KdcComm.java Sat Jul 13 08:47:49 2013 +0800 +++ b/src/share/classes/sun/security/krb5/KdcComm.java Mon Feb 03 01:42:43 2020 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -143,7 +143,8 @@ try { Config cfg = Config.getInstance(); String temp = cfg.get("libdefaults", "kdc_timeout"); - timeout = parsePositiveIntString(temp); + timeout = parseTimeString(temp); + temp = cfg.get("libdefaults", "max_retries"); max_retries = parsePositiveIntString(temp); temp = cfg.get("libdefaults", "udp_preference_limit"); @@ -406,6 +407,25 @@ } /** + * Parses a time value string. If it ends with "s", parses as seconds. + * Otherwise, parses as milliseconds. + * @param s the time string + * @return the integer value in milliseconds, or -1 if input is null or + * has an invalid format + */ + private static int parseTimeString(String s) { + if (s == null) { + return -1; + } + if (s.endsWith("s")) { + int seconds = parsePositiveIntString(s.substring(0, s.length()-1)); + return (seconds < 0) ? -1 : (seconds*1000); + } else { + return parsePositiveIntString(s); + } + } + + /** * Returns krb5.conf setting of {@code key} for a specific realm, * which can be: * 1. defined in the sub-stanza for the given realm inside [realms], or @@ -426,7 +446,11 @@ try { String value = Config.getInstance().get("realms", realm, key); - temp = parsePositiveIntString(value); + if (key.equals("kdc_timeout")) { + temp = parseTimeString(value); + } else { + temp = parsePositiveIntString(value); + } } catch (Exception exc) { // Ignored, defValue will be picked up }
--- a/test/sun/security/krb5/auto/KDC.java Sat Jul 13 08:47:49 2013 +0800 +++ b/test/sun/security/krb5/auto/KDC.java Mon Feb 03 01:42:43 2020 +0000 @@ -157,6 +157,8 @@ private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100); // Options private Map<Option,Object> options = new HashMap<>(); + // Realm-specific krb5.conf settings + private List<String> conf = new ArrayList<>(); private Thread thread1, thread2, thread3; DatagramSocket u1 = null; @@ -248,7 +250,7 @@ /** * Sets an option * @param key the option name - * @param obj the value + * @param value the value */ public void setOption(Option key, Object value) { if (value == null) { @@ -394,6 +396,13 @@ } /** + * Add realm-specific krb5.conf setting + */ + public void addConf(String s) { + conf.add(s); + } + + /** * Writes a krb5.conf for one or more KDC that includes KDC locations for * each realm and the default realm name. You can also add extra strings * into the file. The method should be called like: @@ -418,6 +427,7 @@ * [realms] * REALM.NAME = { * kdc = host:port_number + * # realm-specific settings * } * </pre> * @@ -465,10 +475,10 @@ } } sb.append("\n[realms]\n"); - sb.append(realmLineForKDC(kdc)); + sb.append(kdc.realmLine()); for (Object o: more) { if (o instanceof KDC) { - sb.append(realmLineForKDC((KDC)o)); + sb.append(((KDC)o).realmLine()); } } FileOutputStream fos = new FileOutputStream(f); @@ -1149,14 +1159,16 @@ /** * Generates a line for a KDC to put inside [realms] of krb5.conf - * @param kdc the KDC - * @return REALM.NAME = { kdc = host:port } + * @return REALM.NAME = { kdc = host:port etc } */ - private static String realmLineForKDC(KDC kdc) { - return String.format("%s = {\n kdc = %s:%d\n}\n", - kdc.realm, - kdc.kdc, - kdc.port); + private String realmLine() { + StringBuilder sb = new StringBuilder(); + sb.append(realm).append(" = {\n kdc = ") + .append(kdc).append(':').append(port).append('\n'); + for (String s: conf) { + sb.append(" ").append(s).append('\n'); + } + return sb.append("}\n").toString(); } /**
--- a/test/sun/security/krb5/auto/UdpTcp.java Sat Jul 13 08:47:49 2013 +0800 +++ b/test/sun/security/krb5/auto/UdpTcp.java Mon Feb 03 01:42:43 2020 +0000 @@ -43,9 +43,15 @@ OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); - KDC.saveConfig(OneKDC.KRB5_CONF, kdc, - "udp_preference_limit = " - + (args[0].equals("UDP") ? "1000" : "100")); + // Two styles of kdc_timeout setting. One global, one realm-specific. + if (args[0].equals("UDP")) { + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "kdc_timeout = 10s"); + } else { + kdc.addConf("kdc_timeout = 10s"); + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "udp_preference_limit = 1"); + } Config.refresh(); ByteArrayOutputStream bo = new ByteArrayOutputStream(); @@ -56,7 +62,7 @@ for (String line: new String(bo.toByteArray()).split("\n")) { if (line.contains(">>> KDCCommunication")) { - if (!line.contains(args[0])) { + if (!line.contains(args[0]) || !line.contains("timeout=10000")) { throw new Exception("No " + args[0] + " in: " + line); } }