8002344: Krb5LoginModule config class does not return proper KDC list from DNS

Co-authored-by: Severin Gehwolf <sgehwolf@redhat.com> Reviewed-by: weijun
2012-11-19 11:13:08 +08:00 · 2012-11-19 11:13:08 +08:00 · 2aea4cbc8c
commit 2aea4cbc8c
parent 28ca680a31
4 changed files with 149 additions and 9 deletions
--- a/jdk/src/share/classes/sun/security/krb5/Config.java
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java
@ -1123,7 +1123,7 @@ public class Config {
     */
    private String getKDCFromDNS(String realm) throws KrbException {
        // use DNS to locate KDC
-        String kdcs = null;
+        String kdcs = "";
        String[] srvs = null;
        // locate DNS SRV record using UDP
        if (DEBUG) {
@ -1133,7 +1133,7 @@ public class Config {
        if (srvs == null) {
            // locate DNS SRV record using TCP
            if (DEBUG) {
-                System.out.println("getKDCFromDNS using UDP");
+                System.out.println("getKDCFromDNS using TCP");
            }
            srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
        }
@ -1142,14 +1142,15 @@ public class Config {
            throw new KrbException(Krb5.KRB_ERR_GENERIC,
                "Unable to locate KDC for realm " + realm);
        }
        if (srvs.length == 0) {
            return null;
        }
        for (int i = 0; i < srvs.length; i++) {
-            String value = srvs[i];
+            kdcs += srvs[i].trim() + " ";
-            for (int j = 0; j < srvs[i].length(); j++) {
+        }
-                // filter the KDC name
+        kdcs = kdcs.trim();
-                if (value.charAt(j) == ':') {
+        if (kdcs.equals("")) {
-                    kdcs = (value.substring(0, j)).trim();
+            return null;
                }
            }
        }
        return kdcs;
    }
--- a/jdk/test/sun/security/krb5/config/DNS.java
+++ b/jdk/test/sun/security/krb5/config/DNS.java
@ -0,0 +1,38 @@
 /*
 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 // See dns.sh.
 import sun.security.krb5.Config;
 public class DNS {
    public static void main(String[] args) throws Exception {
        System.setProperty("java.security.krb5.conf",
                System.getProperty("test.src", ".") +"/nothing.conf");
        Config config = Config.getInstance();
        String kdcs = config.getKDCList("X");
        if (!kdcs.equals("a.com.:88 b.com.:99") &&
                !kdcs.equals("a.com. b.com.:99")) {
            throw new Exception("Strange KDC: [" + kdcs + "]");
        };
    }
 }
--- a/jdk/test/sun/security/krb5/config/NamingManager.java
+++ b/jdk/test/sun/security/krb5/config/NamingManager.java
@ -0,0 +1,60 @@
 /*
 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 package javax.naming.spi;
 import com.sun.jndi.dns.DnsContext;
 import java.util.Hashtable;
 import javax.naming.Context;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 /**
 * A fake javax.naming.spi.NamingManager. It allows reading a DNS
 * record without contacting a real server.
 *
 * See DNS.java and dns.sh.
 */
 public class NamingManager {
    NamingManager() {}
    public static Context getURLContext(
            String scheme, Hashtable<?,?> environment)
            throws NamingException {
        return new DnsContext("", null, new Hashtable<String,String>()) {
            public Attributes getAttributes(String name, String[] attrIds)
                    throws NamingException {
                return new BasicAttributes() {
                    public Attribute get(String attrID) {
                        BasicAttribute ba  = new BasicAttribute(attrID);
                        ba.add("1 1 99 b.com.");
                        ba.add("0 0 88 a.com.");    // 2nd has higher priority
                        return ba;
                    }
                };
            }
        };
    }
 }
--- a/jdk/test/sun/security/krb5/config/dns.sh
+++ b/jdk/test/sun/security/krb5/config/dns.sh
@ -0,0 +1,41 @@
 #
 # Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License version 2 only, as
 # published by the Free Software Foundation.
 #
 # This code is distributed in the hope that it will be useful, but WITHOUT
 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 # version 2 for more details (a copy is included in the LICENSE file that
 # accompanied this code).
 #
 # You should have received a copy of the GNU General Public License version
 # 2 along with this work; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
 # @test
 # @bug 8002344
 # @summary Krb5LoginModule config class does not return proper KDC list from DNS
 #
 if [ "${TESTJAVA}" = "" ] ; then
  JAVAC_CMD=`which javac`
  TESTJAVA=`dirname $JAVAC_CMD`/..
 fi
 if [ "${TESTSRC}" = "" ] ; then
   TESTSRC="."
 fi
 $TESTJAVA/bin/javac -d . \
        ${TESTSRC}/NamingManager.java ${TESTSRC}/DNS.java
 $TESTJAVA/bin/java -Xbootclasspath/p:. DNS