8327818: Implement Kerberos debug with sun.security.util.Debug
Reviewed-by: coffeys, ssahoo
This commit is contained in:
parent
dec68d7e36
commit
569b05addf
src
java.base/share/classes/sun/security/util
java.security.jgss
macosx/native/libosxkrb5
share
classes
javax/security/auth/kerberos
sun
net/www/protocol/http/spnego
security
jgss
GSSCredentialImpl.javaGSSHeader.javaGSSManagerImpl.javaGSSUtil.javaProviderList.java
krb5
spnego
wrapper
krb5
Checksum.javaConfig.javaCredentials.javaEncryptionKey.javaKdcComm.javaKrbApReq.javaKrbAsRep.javaKrbAsReq.javaKrbAsReqBuilder.javaKrbCred.javaKrbKdcRep.javaSCDynamicStoreConfig.java
internal
native/libj2gss
windows
classes/sun/security/krb5/internal/tools
native/libw2k_lsa_auth
jdk.security.auth/share/classes/com/sun/security/auth/module
test/jdk/sun/security/krb5
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -159,6 +159,33 @@ public class Debug {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a Debug object corresponding to the given option on the given
|
||||
* property value.
|
||||
* <p>
|
||||
* Note: unlike other {@code getInstance} methods, this method does not
|
||||
* use the {@code java.security.debug} system property.
|
||||
* <p>
|
||||
* Usually, this method is used by other individual area-specific debug
|
||||
* settings. For example,
|
||||
* {@snippet lang=java:
|
||||
* Map<String, String> settings = loadLoginSettings();
|
||||
* String property = settings.get("login");
|
||||
* Debug debug = Debug.of("login", property);
|
||||
* }
|
||||
* @param option the debug option name
|
||||
* @param property debug setting for this option
|
||||
* @return a new Debug object if the property is true
|
||||
*/
|
||||
public static Debug of(String option, String property) {
|
||||
if ("true".equalsIgnoreCase(property)) {
|
||||
Debug d = new Debug();
|
||||
d.prefix = option;
|
||||
return d;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* True if the system property "security.debug" contains the
|
||||
* string "option".
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -81,7 +81,7 @@ static jclass FindClass(JNIEnv *env, char *className)
|
||||
jclass cls = (*env)->FindClass(env, className);
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find %s\n", className);
|
||||
fprintf(stderr, "Couldn't find %s\n", className);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -129,49 +129,49 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *jvm, void *reserved)
|
||||
|
||||
ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "([B)V");
|
||||
if (ticketConstructor == 0) {
|
||||
printf("Couldn't find Ticket constructor\n");
|
||||
fprintf(stderr, "Couldn't find Ticket constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V");
|
||||
if (principalNameConstructor == 0) {
|
||||
printf("Couldn't find PrincipalName constructor\n");
|
||||
fprintf(stderr, "Couldn't find PrincipalName constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V");
|
||||
if (encryptionKeyConstructor == 0) {
|
||||
printf("Couldn't find EncryptionKey constructor\n");
|
||||
fprintf(stderr, "Couldn't find EncryptionKey constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V");
|
||||
if (ticketFlagsConstructor == 0) {
|
||||
printf("Couldn't find TicketFlags constructor\n");
|
||||
fprintf(stderr, "Couldn't find TicketFlags constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V");
|
||||
if (kerberosTimeConstructor == 0) {
|
||||
printf("Couldn't find KerberosTime constructor\n");
|
||||
fprintf(stderr, "Couldn't find KerberosTime constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V");
|
||||
if (integerConstructor == 0) {
|
||||
printf("Couldn't find Integer constructor\n");
|
||||
fprintf(stderr, "Couldn't find Integer constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V");
|
||||
if (hostAddressConstructor == 0) {
|
||||
printf("Couldn't find HostAddress constructor\n");
|
||||
fprintf(stderr, "Couldn't find HostAddress constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V");
|
||||
if (hostAddressesConstructor == 0) {
|
||||
printf("Couldn't find HostAddresses constructor\n");
|
||||
fprintf(stderr, "Couldn't find HostAddresses constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
@ -376,7 +376,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
|
||||
"(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
|
||||
if (krbcredsConstructor == 0) {
|
||||
printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
|
||||
fprintf(stderr, "Couldn't find sun.security.krb5.internal.Ticket constructor\n");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -447,43 +447,6 @@ public final class ServicePermission extends Permission
|
||||
s.defaultReadObject();
|
||||
init(getName(),getMask(actions));
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
public static void main(String[] args) throws Exception {
|
||||
ServicePermission this_ =
|
||||
new ServicePermission(args[0], "accept");
|
||||
ServicePermission that_ =
|
||||
new ServicePermission(args[1], "accept,initiate");
|
||||
System.out.println("-----\n");
|
||||
System.out.println("this.implies(that) = " + this_.implies(that_));
|
||||
System.out.println("-----\n");
|
||||
System.out.println("this = "+this_);
|
||||
System.out.println("-----\n");
|
||||
System.out.println("that = "+that_);
|
||||
System.out.println("-----\n");
|
||||
|
||||
KrbServicePermissionCollection nps =
|
||||
new KrbServicePermissionCollection();
|
||||
nps.add(this_);
|
||||
nps.add(new ServicePermission("nfs/example.com@EXAMPLE.COM",
|
||||
"accept"));
|
||||
nps.add(new ServicePermission("host/example.com@EXAMPLE.COM",
|
||||
"initiate"));
|
||||
System.out.println("nps.implies(that) = " + nps.implies(that_));
|
||||
System.out.println("-----\n");
|
||||
|
||||
Enumeration e = nps.elements();
|
||||
|
||||
while (e.hasMoreElements()) {
|
||||
ServicePermission x =
|
||||
(ServicePermission) e.nextElement();
|
||||
System.out.println("nps.e = " + x);
|
||||
}
|
||||
|
||||
}
|
||||
*/
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,7 +35,6 @@ import org.ietf.jgss.Oid;
|
||||
|
||||
import sun.net.www.protocol.http.HttpCallerInfo;
|
||||
import sun.net.www.protocol.http.Negotiator;
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
import sun.security.jgss.GSSManagerImpl;
|
||||
import sun.security.jgss.GSSContextImpl;
|
||||
@ -45,6 +44,8 @@ import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
|
||||
import sun.security.util.ChannelBindingException;
|
||||
import sun.security.util.TlsChannelBinding;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates all JAAS and JGSS API calls in a separate class
|
||||
* outside NegotiateAuthentication.java so that J2SE build can go smoothly
|
||||
@ -55,9 +56,6 @@ import sun.security.util.TlsChannelBinding;
|
||||
*/
|
||||
public class NegotiatorImpl extends Negotiator {
|
||||
|
||||
private static final boolean DEBUG =
|
||||
GetBooleanAction.privilegedGetProperty("sun.security.krb5.debug");
|
||||
|
||||
private GSSContext context;
|
||||
private byte[] oneToken;
|
||||
|
||||
@ -105,8 +103,8 @@ public class NegotiatorImpl extends Negotiator {
|
||||
((GSSContextImpl)context).requestDelegPolicy(true);
|
||||
}
|
||||
if (hci.serverCert != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Negotiate: Setting CBT");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Negotiate: Setting CBT");
|
||||
}
|
||||
// set the channel binding token
|
||||
TlsChannelBinding b = TlsChannelBinding.create(hci.serverCert);
|
||||
@ -123,8 +121,8 @@ public class NegotiatorImpl extends Negotiator {
|
||||
try {
|
||||
init(hci);
|
||||
} catch (GSSException | ChannelBindingException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Negotiate support not initiated, will " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Negotiate support not initiated, will " +
|
||||
"fallback to other scheme if allowed. Reason:");
|
||||
e.printStackTrace();
|
||||
}
|
||||
@ -160,9 +158,9 @@ public class NegotiatorImpl extends Negotiator {
|
||||
}
|
||||
return context.initSecContext(token, 0, token.length);
|
||||
} catch (GSSException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Negotiate support cannot continue. Reason:");
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Negotiate support cannot continue. Reason:");
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
throw new IOException("Negotiate support cannot continue", e);
|
||||
}
|
||||
@ -181,9 +179,9 @@ public class NegotiatorImpl extends Negotiator {
|
||||
context.dispose();
|
||||
}
|
||||
} catch (GSSException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Cannot release resources. Reason:");
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Cannot release resources. Reason:");
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
throw new IOException("Cannot release resources", e);
|
||||
};
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -90,7 +90,7 @@ public class GSSCredentialImpl implements GSSCredential {
|
||||
} catch (GSSException e) {
|
||||
if (defaultList) {
|
||||
// Try the next mechanism
|
||||
if (GSSUtil.DEBUG) {
|
||||
if (GSSUtil.DEBUG != null) {
|
||||
GSSUtil.debug("Ignore " + e + " while acquiring cred for "
|
||||
+ mechs[i]);
|
||||
// e.printStackTrace();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -317,25 +317,4 @@ public class GSSHeader {
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
// XXX Call these two in some central class
|
||||
private void debug(String str) {
|
||||
System.err.print(str);
|
||||
}
|
||||
|
||||
private String getHexBytes(byte[] bytes, int len)
|
||||
throws IOException {
|
||||
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (int i = 0; i < len; i++) {
|
||||
|
||||
int b1 = (bytes[i] >> 4) & 0x0f;
|
||||
int b2 = bytes[i] & 0x0f;
|
||||
|
||||
sb.append(Integer.toHexString(b1));
|
||||
sb.append(Integer.toHexString(b2));
|
||||
sb.append(' ');
|
||||
}
|
||||
return sb.toString();
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -88,7 +88,7 @@ public class GSSManagerImpl extends GSSManager {
|
||||
}
|
||||
} catch (GSSException e) {
|
||||
// Squelch it and just skip over this mechanism
|
||||
if (GSSUtil.DEBUG) {
|
||||
if (GSSUtil.DEBUG != null) {
|
||||
GSSUtil.debug("Skip " + mech +
|
||||
": error retrieving supported name types");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -45,8 +45,8 @@ import java.security.PrivilegedActionException;
|
||||
import javax.security.auth.callback.CallbackHandler;
|
||||
import javax.security.auth.login.LoginContext;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.util.ConsoleCallbackHandler;
|
||||
import sun.security.util.Debug;
|
||||
|
||||
/**
|
||||
* The GSSUtilImplementation that knows how to work with the internals of
|
||||
@ -67,12 +67,12 @@ public class GSSUtil {
|
||||
public static final Oid NT_GSS_KRB5_PRINCIPAL =
|
||||
GSSUtil.createOid("1.2.840.113554.1.2.2.1");
|
||||
|
||||
static final boolean DEBUG =
|
||||
GetBooleanAction.privilegedGetProperty("sun.security.jgss.debug");
|
||||
static final Debug DEBUG = Debug.of("jgss", GetPropertyAction
|
||||
.privilegedGetProperty("sun.security.jgss.debug"));
|
||||
|
||||
static void debug(String message) {
|
||||
assert(message != null);
|
||||
System.out.println(message);
|
||||
DEBUG.println(message);
|
||||
}
|
||||
|
||||
// NOTE: this method is only for creating Oid objects with
|
||||
@ -82,7 +82,7 @@ public class GSSUtil {
|
||||
try {
|
||||
return new Oid(oidStr);
|
||||
} catch (GSSException e) {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("Ignored invalid OID: " + oidStr);
|
||||
}
|
||||
return null;
|
||||
@ -138,7 +138,7 @@ public class GSSUtil {
|
||||
KerberosPrincipal krbPrinc = new KerberosPrincipal(krbName);
|
||||
krb5Principals.add(krbPrinc);
|
||||
} catch (GSSException ge) {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("Skipped name " + name + " due to " + ge);
|
||||
}
|
||||
}
|
||||
@ -151,7 +151,7 @@ public class GSSUtil {
|
||||
} else {
|
||||
privCredentials = new HashSet<>(); // empty Set
|
||||
}
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("Created Subject with the following");
|
||||
debug("principals=" + krb5Principals);
|
||||
debug("public creds=" + pubCredentials);
|
||||
@ -216,7 +216,7 @@ public class GSSUtil {
|
||||
credentials.add(cred);
|
||||
} else {
|
||||
// Ignore non-KerberosTicket and non-KerberosKey elements
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("Skipped cred element: " + cred);
|
||||
}
|
||||
}
|
||||
@ -314,7 +314,7 @@ public class GSSUtil {
|
||||
final Oid mech,
|
||||
final boolean initiate,
|
||||
final Class<? extends T> credCls) {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("Search Subject for " + getMechStr(mech) +
|
||||
(initiate ? " INIT" : " ACCEPT") + " cred (" +
|
||||
(name == null ? "<<DEF>>" : name.toString()) + ", " +
|
||||
@ -334,13 +334,13 @@ public class GSSUtil {
|
||||
(GSSCredentialImpl.class).iterator();
|
||||
while (iterator.hasNext()) {
|
||||
GSSCredentialImpl cred = iterator.next();
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("...Found cred" + cred);
|
||||
}
|
||||
try {
|
||||
GSSCredentialSpi ce =
|
||||
cred.getElement(mech, initiate);
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("......Found element: " + ce);
|
||||
}
|
||||
if (ce.getClass().equals(credCls) &&
|
||||
@ -348,24 +348,24 @@ public class GSSUtil {
|
||||
name.equals((Object) ce.getName()))) {
|
||||
result.add(credCls.cast(ce));
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("......Discard element");
|
||||
}
|
||||
}
|
||||
} catch (GSSException ge) {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("...Discard cred (" + ge + ")");
|
||||
}
|
||||
}
|
||||
}
|
||||
} else if (DEBUG) {
|
||||
} else if (DEBUG != null) {
|
||||
debug("No Subject");
|
||||
}
|
||||
return result;
|
||||
});
|
||||
return creds;
|
||||
} catch (PrivilegedActionException pae) {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
debug("Unexpected exception when searching Subject:");
|
||||
pae.printStackTrace();
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -135,7 +135,7 @@ public final class ProviderList {
|
||||
addProviderAtEnd(prov, null);
|
||||
} catch (GSSException ge) {
|
||||
// Move on to the next provider
|
||||
if (GSSUtil.DEBUG) {
|
||||
if (GSSUtil.DEBUG != null) {
|
||||
GSSUtil.debug("Error in adding provider " +
|
||||
prov.getName() + ": " + ge);
|
||||
}
|
||||
@ -420,7 +420,7 @@ public final class ProviderList {
|
||||
retVal = true;
|
||||
} catch (GSSException e) {
|
||||
// Skip to next property
|
||||
if (GSSUtil.DEBUG) {
|
||||
if (GSSUtil.DEBUG != null) {
|
||||
GSSUtil.debug("Ignore the invalid property " +
|
||||
prop + " from provider " + p.getName());
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -66,9 +66,6 @@ class CipherHelper {
|
||||
// key usage for MIC tokens used by MS
|
||||
private static final int KG_USAGE_SIGN_MS = 15;
|
||||
|
||||
// debug flag
|
||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
||||
|
||||
/**
|
||||
* A zero initial vector to be used for checksum calculation and for
|
||||
* DesCbc application data encryption/decryption.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -43,6 +43,8 @@ import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
import javax.security.auth.kerberos.KerberosTicket;
|
||||
import sun.security.krb5.internal.AuthorizationData;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the mechanism specific context class for the Kerberos v5
|
||||
* GSS-API mechanism.
|
||||
@ -121,7 +123,6 @@ class Krb5Context implements GSSContextSpi {
|
||||
private Credentials serviceCreds;
|
||||
private KrbApReq apReq;
|
||||
private final GSSCaller caller;
|
||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
||||
|
||||
/**
|
||||
* Constructor for Krb5Context to be called on the context initiator's
|
||||
@ -379,8 +380,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
|
||||
final void resetMySequenceNumber(int seqNumber) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context setting mySeqNumber to: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context setting mySeqNumber to: "
|
||||
+ seqNumber);
|
||||
}
|
||||
synchronized (mySeqNumberLock) {
|
||||
@ -389,8 +390,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
}
|
||||
|
||||
final void resetPeerSequenceNumber(int seqNumber) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context setting peerSeqNumber to: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context setting peerSeqNumber to: "
|
||||
+ seqNumber);
|
||||
}
|
||||
synchronized (peerSeqNumberLock) {
|
||||
@ -534,8 +535,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
// We will only try constrained delegation once (if necessary).
|
||||
if (!isConstrainedDelegationTried) {
|
||||
if (delegatedCred == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Constrained deleg from " + caller);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Constrained deleg from " + caller);
|
||||
}
|
||||
// The constrained delegation part. The acceptor needs to have
|
||||
// isInitiator=true in order to get a TGT, either earlier at
|
||||
@ -593,8 +594,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
byte[] retVal = null;
|
||||
InitialToken token = null;
|
||||
int errorCode = GSSException.FAILURE;
|
||||
if (DEBUG) {
|
||||
System.out.println("Entered Krb5Context.initSecContext with " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Entered Krb5Context.initSecContext with " +
|
||||
"state=" + printState(state));
|
||||
}
|
||||
if (!isInitiator()) {
|
||||
@ -660,14 +661,14 @@ class Krb5Context implements GSSContextSpi {
|
||||
}});
|
||||
kerbTicket = tmp;
|
||||
} catch (PrivilegedActionException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Attempt to obtain service"
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Attempt to obtain service"
|
||||
+ " ticket from the subject failed!");
|
||||
}
|
||||
}
|
||||
if (kerbTicket != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Found service ticket in " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Found service ticket in " +
|
||||
"the subject" +
|
||||
kerbTicket);
|
||||
}
|
||||
@ -681,8 +682,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
if (serviceCreds == null) {
|
||||
// either we did not find the serviceCreds in the
|
||||
// Subject or useSubjectCreds is false
|
||||
if (DEBUG) {
|
||||
System.out.println("Service ticket not found in " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Service ticket not found in " +
|
||||
"the subject");
|
||||
}
|
||||
// Get Service ticket using the Kerberos protocols
|
||||
@ -721,8 +722,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
});
|
||||
} else {
|
||||
// log it for debugging purpose
|
||||
if (DEBUG) {
|
||||
System.out.println("Subject is " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Subject is " +
|
||||
"readOnly;Kerberos Service "+
|
||||
"ticket not stored");
|
||||
}
|
||||
@ -738,8 +739,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
if (!getMutualAuthState()) {
|
||||
state = STATE_DONE;
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Created InitSecContextToken:\n"+
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Created InitSecContextToken:\n"+
|
||||
new HexDumpEncoder().encodeBuffer(retVal));
|
||||
}
|
||||
} else if (state == STATE_IN_PROCESS) {
|
||||
@ -750,12 +751,12 @@ class Krb5Context implements GSSContextSpi {
|
||||
state = STATE_DONE;
|
||||
} else {
|
||||
// XXX Use logging API?
|
||||
if (DEBUG) {
|
||||
System.out.println(state);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("state is " + state);
|
||||
}
|
||||
}
|
||||
} catch (KrbException e) {
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
GSSException gssException =
|
||||
@ -792,8 +793,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
|
||||
byte[] retVal = null;
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Entered Krb5Context.acceptSecContext with " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Entered Krb5Context.acceptSecContext with " +
|
||||
"state=" + printState(state));
|
||||
}
|
||||
|
||||
@ -839,8 +840,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
state = STATE_DONE;
|
||||
} else {
|
||||
// XXX Use logging API?
|
||||
if (DEBUG) {
|
||||
System.out.println(state);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("state is " + state);
|
||||
}
|
||||
}
|
||||
} catch (KrbException e) {
|
||||
@ -849,8 +850,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
gssException.initCause(e);
|
||||
throw gssException;
|
||||
} catch (IOException e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
GSSException gssException =
|
||||
new GSSException(GSSException.FAILURE, -1, e.getMessage());
|
||||
@ -898,8 +899,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
|
||||
public final byte[] wrap(byte[] inBuf, int offset, int len,
|
||||
MessageProp msgProp) throws GSSException {
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context.wrap: data=["
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.wrap: data=["
|
||||
+ getHexBytes(inBuf, offset, len)
|
||||
+ "]");
|
||||
}
|
||||
@ -919,8 +920,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
new WrapToken_v2(this, msgProp, inBuf, offset, len);
|
||||
encToken = token.encode();
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context.wrap: token=["
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.wrap: token=["
|
||||
+ getHexBytes(encToken, 0, encToken.length)
|
||||
+ "]");
|
||||
}
|
||||
@ -952,8 +953,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
new WrapToken_v2(this, msgProp, inBuf, inOffset, len);
|
||||
retVal = token.encode(outBuf, outOffset);
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context.wrap: token=["
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.wrap: token=["
|
||||
+ getHexBytes(outBuf, outOffset, retVal)
|
||||
+ "]");
|
||||
}
|
||||
@ -980,14 +981,14 @@ class Krb5Context implements GSSContextSpi {
|
||||
WrapToken token =
|
||||
new WrapToken(this, msgProp, inBuf, offset, len);
|
||||
token.encode(os);
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
encToken = token.encode();
|
||||
}
|
||||
} else if (cipherHelper.getProto() == 1) {
|
||||
WrapToken_v2 token =
|
||||
new WrapToken_v2(this, msgProp, inBuf, offset, len);
|
||||
token.encode(os);
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
encToken = token.encode();
|
||||
}
|
||||
}
|
||||
@ -998,8 +999,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
throw gssException;
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context.wrap: token=["
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.wrap: token=["
|
||||
+ getHexBytes(encToken, 0, encToken.length)
|
||||
+ "]");
|
||||
}
|
||||
@ -1025,8 +1026,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
MessageProp msgProp)
|
||||
throws GSSException {
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context.unwrap: token=["
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.unwrap: token=["
|
||||
+ getHexBytes(inBuf, offset, len)
|
||||
+ "]");
|
||||
}
|
||||
@ -1049,8 +1050,8 @@ class Krb5Context implements GSSContextSpi {
|
||||
setSequencingAndReplayProps(token, msgProp);
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Krb5Context.unwrap: data=["
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Krb5Context.unwrap: data=["
|
||||
+ getHexBytes(data, 0, data.length)
|
||||
+ "]");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -33,6 +33,8 @@ import javax.security.auth.kerberos.ServicePermission;
|
||||
import java.security.Provider;
|
||||
import java.util.Vector;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Krb5 Mechanism plug in for JGSS
|
||||
* This is the properties object required by the JGSS framework.
|
||||
@ -43,8 +45,6 @@ import java.util.Vector;
|
||||
|
||||
public final class Krb5MechFactory implements MechanismFactory {
|
||||
|
||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
||||
|
||||
static final Provider PROVIDER =
|
||||
new sun.security.jgss.SunProvider();
|
||||
|
||||
@ -152,8 +152,8 @@ public final class Krb5MechFactory implements MechanismFactory {
|
||||
try {
|
||||
sm.checkPermission(perm);
|
||||
} catch (SecurityException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Permission to initiate " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Permission to initiate " +
|
||||
"kerberos init credential" + e.getMessage());
|
||||
}
|
||||
throw e;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,7 +31,6 @@ import javax.security.auth.kerberos.KeyTab;
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.login.LoginException;
|
||||
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.jgss.GSSUtil;
|
||||
import sun.security.jgss.GSSCaller;
|
||||
|
||||
@ -47,9 +46,6 @@ import sun.security.krb5.PrincipalName;
|
||||
*/
|
||||
public class Krb5Util {
|
||||
|
||||
static final boolean DEBUG = GetBooleanAction
|
||||
.privilegedGetProperty("sun.security.krb5.debug");
|
||||
|
||||
/**
|
||||
* Default constructor
|
||||
*/
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -39,6 +39,8 @@ import java.util.Set;
|
||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
import javax.security.auth.kerberos.KeyTab;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This utility looks through the current Subject and retrieves private
|
||||
* credentials for the desired client/server principals.
|
||||
@ -49,8 +51,6 @@ import javax.security.auth.kerberos.KeyTab;
|
||||
|
||||
class SubjectComber {
|
||||
|
||||
private static final boolean DEBUG = Krb5Util.DEBUG;
|
||||
|
||||
/**
|
||||
* Default constructor
|
||||
*/
|
||||
@ -114,8 +114,8 @@ class SubjectComber {
|
||||
}
|
||||
}
|
||||
// Check passed, we can add now
|
||||
if (DEBUG) {
|
||||
System.out.println("Found " + credClass.getSimpleName()
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Found " + credClass.getSimpleName()
|
||||
+ " " + t);
|
||||
}
|
||||
if (oneOnly) {
|
||||
@ -132,8 +132,8 @@ class SubjectComber {
|
||||
KerberosKey t = iterator.next();
|
||||
String name = t.getPrincipal().getName();
|
||||
if (serverPrincipal == null || serverPrincipal.equals(name)) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Found " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Found " +
|
||||
credClass.getSimpleName() + " for " + name);
|
||||
}
|
||||
if (oneOnly) {
|
||||
@ -155,8 +155,8 @@ class SubjectComber {
|
||||
KerberosTicket ticket)) {
|
||||
continue;
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Found ticket for "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Found ticket for "
|
||||
+ ticket.getClient()
|
||||
+ " to go to "
|
||||
+ ticket.getServer()
|
||||
@ -171,15 +171,15 @@ class SubjectComber {
|
||||
iterator.remove();
|
||||
try {
|
||||
ticket.destroy();
|
||||
if (DEBUG) {
|
||||
System.out.println("Removed and destroyed "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Removed and destroyed "
|
||||
+ "the expired Ticket \n"
|
||||
+ ticket);
|
||||
|
||||
}
|
||||
} catch (DestroyFailedException dfe) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Expired ticket not" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Expired ticket not" +
|
||||
" destroyed successfully. " + dfe);
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -32,6 +32,8 @@ import sun.security.util.*;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the SPNEGO NegTokenInit token
|
||||
* as specified in RFC 2478
|
||||
@ -116,8 +118,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||
|
||||
// mechListMIC with CONTEXT 03
|
||||
if (mechListMIC != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenInit: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||
"sending MechListMIC");
|
||||
}
|
||||
DerOutputStream mic = new DerOutputStream();
|
||||
@ -163,8 +165,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||
ObjectIdentifier mech;
|
||||
for (int i = 0; i < mList.length; i++) {
|
||||
mech = mList[i].getOID();
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenInit: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||
"reading Mechanism Oid = " + mech);
|
||||
}
|
||||
mechTypeList[i] = new Oid(mech.toString());
|
||||
@ -174,8 +176,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||
// received reqFlags, skip it
|
||||
} else if (tmp2.isContextSpecific((byte)0x02)) {
|
||||
lastField = checkNextField(lastField, 2);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenInit: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||
"reading Mech Token");
|
||||
}
|
||||
mechToken = tmp2.data.getOctetString();
|
||||
@ -183,8 +185,8 @@ public class NegTokenInit extends SpNegoToken {
|
||||
lastField = checkNextField(lastField, 3);
|
||||
if (!GSSUtil.useMSInterop()) {
|
||||
mechListMIC = tmp2.data.getOctetString();
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenInit: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenInit: " +
|
||||
"MechListMIC Token = " +
|
||||
getHexBytes(mechListMIC));
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,6 +30,8 @@ import org.ietf.jgss.*;
|
||||
import sun.security.jgss.*;
|
||||
import sun.security.util.*;
|
||||
|
||||
import static sun.security.jgss.spnego.SpNegoContext.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the SPNEGO NegTokenTarg token
|
||||
* as specified in RFC 2478
|
||||
@ -103,8 +105,8 @@ public class NegTokenTarg extends SpNegoToken {
|
||||
|
||||
// mechListMIC with CONTEXT 03
|
||||
if (mechListMIC != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenTarg: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenTarg: " +
|
||||
"sending MechListMIC");
|
||||
}
|
||||
DerOutputStream mic = new DerOutputStream();
|
||||
@ -141,16 +143,16 @@ public class NegTokenTarg extends SpNegoToken {
|
||||
if (tmp2.isContextSpecific((byte)0x00)) {
|
||||
lastField = checkNextField(lastField, 0);
|
||||
negResult = tmp2.data.getEnumerated();
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenTarg: negotiated" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenTarg: negotiated" +
|
||||
" result = " + getNegoResultString(negResult));
|
||||
}
|
||||
} else if (tmp2.isContextSpecific((byte)0x01)) {
|
||||
lastField = checkNextField(lastField, 1);
|
||||
ObjectIdentifier mech = tmp2.data.getOID();
|
||||
supportedMech = new Oid(mech.toString());
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenTarg: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenTarg: " +
|
||||
"supported mechanism = " + supportedMech);
|
||||
}
|
||||
} else if (tmp2.isContextSpecific((byte)0x02)) {
|
||||
@ -160,8 +162,8 @@ public class NegTokenTarg extends SpNegoToken {
|
||||
lastField = checkNextField(lastField, 3);
|
||||
if (!GSSUtil.useMSInterop()) {
|
||||
mechListMIC = tmp2.data.getOctetString();
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoToken NegTokenTarg: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoToken NegTokenTarg: " +
|
||||
"MechListMIC Token = " +
|
||||
getHexBytes(mechListMIC));
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,6 +31,7 @@ import java.util.Objects;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
import sun.security.jgss.*;
|
||||
import sun.security.jgss.spi.*;
|
||||
import sun.security.util.*;
|
||||
@ -84,8 +85,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
private final SpNegoMechFactory factory;
|
||||
|
||||
// debug property
|
||||
static final boolean DEBUG = GetBooleanAction
|
||||
.privilegedGetProperty("sun.security.spnego.debug");
|
||||
static final Debug DEBUG = Debug.of("spnego", GetPropertyAction
|
||||
.privilegedGetProperty("sun.security.spnego.debug"));
|
||||
|
||||
/**
|
||||
* Constructor for SpNegoContext to be called on the context initiator's
|
||||
@ -294,8 +295,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
byte[] mechToken = null;
|
||||
int errorCode = GSSException.FAILURE;
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Entered SpNego.initSecContext with " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Entered SpNego.initSecContext with " +
|
||||
"state=" + printState(state));
|
||||
}
|
||||
if (!isInitiator()) {
|
||||
@ -323,8 +324,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// generate SPNEGO token
|
||||
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
|
||||
mechToken, null);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.initSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.initSecContext: " +
|
||||
"sending token of type = " +
|
||||
SpNegoToken.getTokenName(initToken.getType()));
|
||||
}
|
||||
@ -342,8 +343,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
errorCode = GSSException.DEFECTIVE_TOKEN;
|
||||
byte[] server_token = new byte[is.available()];
|
||||
SpNegoToken.readFully(is, server_token);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.initSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.initSecContext: " +
|
||||
"process received token = " +
|
||||
SpNegoToken.getHexBytes(server_token));
|
||||
}
|
||||
@ -352,8 +353,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// token will be validated when parsing
|
||||
NegTokenTarg targToken = new NegTokenTarg(server_token);
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.initSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.initSecContext: " +
|
||||
"received token of type = " +
|
||||
SpNegoToken.getTokenName(targToken.getType()));
|
||||
}
|
||||
@ -421,8 +422,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
if (isMechContextEstablished()) {
|
||||
state = STATE_DONE;
|
||||
retVal = mechToken;
|
||||
if (DEBUG) {
|
||||
System.out.println("SPNEGO Negotiated Mechanism = "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SPNEGO Negotiated Mechanism = "
|
||||
+ internal_mech + " " +
|
||||
GSSUtil.getMechStr(internal_mech));
|
||||
}
|
||||
@ -430,8 +431,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// generate SPNEGO token
|
||||
initToken = new NegTokenInit(null, null,
|
||||
mechToken, null);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.initSecContext:" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.initSecContext:" +
|
||||
" continue sending token of type = " +
|
||||
SpNegoToken.getTokenName(initToken.getType()));
|
||||
}
|
||||
@ -442,13 +443,13 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
|
||||
} else {
|
||||
// XXX Use logging API
|
||||
if (DEBUG) {
|
||||
System.out.println(state);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("state is " + state);
|
||||
}
|
||||
}
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
if (retVal != null) {
|
||||
System.out.println("SNegoContext.initSecContext: " +
|
||||
DEBUG.println("SNegoContext.initSecContext: " +
|
||||
"sending token = " + SpNegoToken.getHexBytes(retVal));
|
||||
}
|
||||
}
|
||||
@ -488,8 +489,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
SpNegoToken.NegoResult negoResult;
|
||||
boolean valid = true;
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Entered SpNegoContext.acceptSecContext with " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Entered SpNegoContext.acceptSecContext with " +
|
||||
"state=" + printState(state));
|
||||
}
|
||||
|
||||
@ -505,8 +506,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// read data
|
||||
byte[] token = new byte[is.available()];
|
||||
SpNegoToken.readFully(is, token);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"receiving token = " +
|
||||
SpNegoToken.getHexBytes(token));
|
||||
}
|
||||
@ -515,8 +516,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// token will be validated when parsing
|
||||
NegTokenInit initToken = new NegTokenInit(token);
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"received token of type = " +
|
||||
SpNegoToken.getTokenName(initToken.getType()));
|
||||
}
|
||||
@ -548,8 +549,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
(GSSUtil.isKerberosMech(mechList[0]) &&
|
||||
GSSUtil.isKerberosMech(mech_wanted))) {
|
||||
// get the mechanism token
|
||||
if (DEBUG && !mech_wanted.equals(mechList[0])) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null && !mech_wanted.equals(mechList[0])) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"negotiated mech adjusted to " + mechList[0]);
|
||||
}
|
||||
byte[] mechToken = initToken.getMechToken();
|
||||
@ -577,8 +578,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// now set the context flags for acceptor
|
||||
setContextFlags();
|
||||
// print the negotiated mech info
|
||||
if (DEBUG) {
|
||||
System.out.println("SPNEGO Negotiated Mechanism = "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SPNEGO Negotiated Mechanism = "
|
||||
+ internal_mech + " " +
|
||||
GSSUtil.getMechStr(internal_mech));
|
||||
}
|
||||
@ -591,18 +592,18 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
throw new GSSException(GSSException.FAILURE);
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"mechanism wanted = " + mech_wanted);
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"negotiated result = " + negoResult);
|
||||
}
|
||||
|
||||
// generate SPNEGO token
|
||||
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
|
||||
mech_wanted, accept_token, null);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"sending token of type = " +
|
||||
SpNegoToken.getTokenName(targToken.getType()));
|
||||
}
|
||||
@ -613,8 +614,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// read data
|
||||
byte[] token = new byte[is.available()];
|
||||
SpNegoToken.readFully(is, token);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"receiving token = " +
|
||||
SpNegoToken.getHexBytes(token));
|
||||
}
|
||||
@ -623,8 +624,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// token will be validated when parsing
|
||||
NegTokenTarg inputToken = new NegTokenTarg(token);
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"received token of type = " +
|
||||
SpNegoToken.getTokenName(inputToken.getType()));
|
||||
}
|
||||
@ -653,8 +654,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
// generate SPNEGO token
|
||||
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
|
||||
null, accept_token, null);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"sending token of type = " +
|
||||
SpNegoToken.getTokenName(targToken.getType()));
|
||||
}
|
||||
@ -663,12 +664,12 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
|
||||
} else {
|
||||
// XXX Use logging API
|
||||
if (DEBUG) {
|
||||
System.out.println("AcceptSecContext: state = " + state);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("AcceptSecContext: state = " + state);
|
||||
}
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext.acceptSecContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext.acceptSecContext: " +
|
||||
"sending token = " + SpNegoToken.getHexBytes(retVal));
|
||||
}
|
||||
} catch (IOException e) {
|
||||
@ -768,16 +769,16 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
|
||||
// sanity check the required input
|
||||
if (mechTypes == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: no MIC token included");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: no MIC token included");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// check if mechanism supports integrity
|
||||
if (!mechContext.getIntegState()) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: no MIC token included" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: no MIC token included" +
|
||||
" - mechanism does not support integrity");
|
||||
}
|
||||
return null;
|
||||
@ -788,14 +789,14 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
try {
|
||||
MessageProp prop = new MessageProp(0, true);
|
||||
mic = getMIC(mechTypes, 0, mechTypes.length, prop);
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: getMIC = " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: getMIC = " +
|
||||
SpNegoToken.getHexBytes(mic));
|
||||
}
|
||||
} catch (GSSException e) {
|
||||
mic = null;
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: no MIC token included" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: no MIC token included" +
|
||||
" - getMIC failed : " + e.getMessage());
|
||||
}
|
||||
}
|
||||
@ -810,16 +811,16 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
|
||||
// sanity check the input
|
||||
if (token == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: no MIC token validation");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: no MIC token validation");
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// check if mechanism supports integrity
|
||||
if (!mechContext.getIntegState()) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: no MIC token validation" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: no MIC token validation" +
|
||||
" - mechanism does not support integrity");
|
||||
}
|
||||
return true;
|
||||
@ -834,8 +835,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
valid = true;
|
||||
} catch (GSSException e) {
|
||||
valid = false;
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: MIC validation failed! " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: MIC validation failed! " +
|
||||
e.getMessage());
|
||||
}
|
||||
}
|
||||
@ -921,8 +922,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
for (int i = 0; i < supported_mechSet.length; i++) {
|
||||
for (int j = 0; j < mechSet.length; j++) {
|
||||
if (mechSet[j].equals(supported_mechSet[i])) {
|
||||
if (DEBUG) {
|
||||
System.out.println("SpNegoContext: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("SpNegoContext: " +
|
||||
"negotiated mechanism = " + mechSet[j]);
|
||||
}
|
||||
return (mechSet[j]);
|
||||
@ -940,8 +941,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
if (mechContext != null) {
|
||||
return mechContext.isEstablished();
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("The underlying mechanism context has " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("The underlying mechanism context has " +
|
||||
"not been initialized");
|
||||
}
|
||||
return false;
|
||||
@ -1053,8 +1054,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
peerName = targName.getElement(internal_mech);
|
||||
return peerName;
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("The underlying mechanism context has " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("The underlying mechanism context has " +
|
||||
"not been initialized");
|
||||
}
|
||||
return null;
|
||||
@ -1069,8 +1070,8 @@ public class SpNegoContext implements GSSContextSpi {
|
||||
myName = srcName.getElement(internal_mech);
|
||||
return myName;
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("The underlying mechanism context has " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("The underlying mechanism context has " +
|
||||
"not been initialized");
|
||||
}
|
||||
return null;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -59,9 +59,6 @@ abstract class SpNegoToken extends GSSToken {
|
||||
|
||||
private final int tokenType;
|
||||
|
||||
// property
|
||||
static final boolean DEBUG = SpNegoContext.DEBUG;
|
||||
|
||||
/**
|
||||
* The object identifier corresponding to the SPNEGO GSS-API
|
||||
* mechanism.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -65,7 +65,7 @@ public final class SunNativeProvider extends Provider {
|
||||
if (message == null) {
|
||||
throw new NullPointerException();
|
||||
}
|
||||
System.out.println(NAME + ": " + message);
|
||||
System.err.println(NAME + ": " + message);
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -73,8 +73,6 @@ public class Checksum {
|
||||
// draft-brezak-win2k-krb-rc4-hmac-04.txt
|
||||
public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138;
|
||||
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Constructs a new Checksum using the raw data and type.
|
||||
*
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -51,6 +51,8 @@ import sun.security.krb5.internal.crypto.EType;
|
||||
import sun.security.krb5.internal.Krb5;
|
||||
import sun.security.util.SecurityProperties;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class maintains key-value pairs of Kerberos configurable constants
|
||||
* from configuration file or from user specified system properties.
|
||||
@ -103,8 +105,6 @@ public class Config {
|
||||
*/
|
||||
private Hashtable<String,Object> stanzaTable = new Hashtable<>();
|
||||
|
||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
// these are used for hexadecimal calculation.
|
||||
private static final int BASE16_0 = 1;
|
||||
private static final int BASE16_1 = 16;
|
||||
@ -213,16 +213,16 @@ public class Config {
|
||||
if (fileName != null) {
|
||||
configFile = loadConfigFile(fileName);
|
||||
stanzaTable = parseStanzaTable(configFile);
|
||||
if (DEBUG) {
|
||||
System.out.println("Loaded from Java config");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Loaded from Java config");
|
||||
}
|
||||
} else {
|
||||
boolean found = false;
|
||||
if (isMacosLionOrBetter()) {
|
||||
try {
|
||||
stanzaTable = SCDynamicStoreConfig.getConfig();
|
||||
if (DEBUG) {
|
||||
System.out.println("Loaded from SCDynamicStoreConfig");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Loaded from SCDynamicStoreConfig");
|
||||
}
|
||||
found = true;
|
||||
} catch (IOException ioe) {
|
||||
@ -233,15 +233,15 @@ public class Config {
|
||||
fileName = getNativeFileName();
|
||||
configFile = loadConfigFile(fileName);
|
||||
stanzaTable = parseStanzaTable(configFile);
|
||||
if (DEBUG) {
|
||||
System.out.println("Loaded from native config");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Loaded from native config");
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (IOException ioe) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Exception thrown in loading config:");
|
||||
ioe.printStackTrace(System.out);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Exception thrown in loading config:");
|
||||
ioe.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
throw new KrbException("krb5.conf loading failed");
|
||||
}
|
||||
@ -440,11 +440,11 @@ public class Config {
|
||||
try {
|
||||
value = parseIntValue(result);
|
||||
} catch (NumberFormatException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Exception in getting value of " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Exception in getting value of " +
|
||||
Arrays.toString(keys) + ": " +
|
||||
e.getMessage());
|
||||
System.out.println("Setting " + Arrays.toString(keys) +
|
||||
DEBUG.println("Setting " + Arrays.toString(keys) +
|
||||
" to minimum value");
|
||||
}
|
||||
value = Integer.MIN_VALUE;
|
||||
@ -584,8 +584,8 @@ public class Config {
|
||||
Path file, List<String> content, Set<Path> dups)
|
||||
throws IOException {
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Loading krb5 profile at " + file);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Loading krb5 profile at " + file);
|
||||
}
|
||||
if (!file.isAbsolute()) {
|
||||
throw new IOException("Profile path not absolute");
|
||||
@ -628,8 +628,8 @@ public class Config {
|
||||
content, dups);
|
||||
} else {
|
||||
// Unsupported directives
|
||||
if (DEBUG) {
|
||||
System.out.println("Unknown directive: " + line);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Unknown directive: " + line);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
@ -670,8 +670,8 @@ public class Config {
|
||||
private List<String> loadConfigFile(final String fileName)
|
||||
throws IOException, KrbException {
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println("Loading config file from " + fileName);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Loading config file from " + fileName);
|
||||
}
|
||||
List<String> result = new ArrayList<>();
|
||||
List<String> raw = new ArrayList<>();
|
||||
@ -783,8 +783,8 @@ public class Config {
|
||||
throws KrbException {
|
||||
Hashtable<String,Object> current = stanzaTable;
|
||||
for (String line: v) {
|
||||
if (DEBUG) {
|
||||
System.out.println(line);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(line);
|
||||
}
|
||||
// There are only 3 kinds of lines
|
||||
// 1. a = b
|
||||
@ -872,8 +872,8 @@ public class Config {
|
||||
name = null;
|
||||
}
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Java config name: " + name);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Java config name: " + name);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
@ -935,8 +935,8 @@ public class Config {
|
||||
} else {
|
||||
name = "/etc/krb5.conf";
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Native config name: " + name);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Native config name: " + name);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
@ -984,21 +984,21 @@ public class Config {
|
||||
String default_enctypes;
|
||||
default_enctypes = get("libdefaults", configName);
|
||||
if (default_enctypes == null && !configName.equals("permitted_enctypes")) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Getting permitted_enctypes from libdefaults");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Getting permitted_enctypes from libdefaults");
|
||||
}
|
||||
default_enctypes = get("libdefaults", "permitted_enctypes");
|
||||
}
|
||||
int[] etype;
|
||||
if (default_enctypes == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("default_enctypes were null, using builtin default etypes for configuration " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("default_enctypes were null, using builtin default etypes for configuration " +
|
||||
configName);
|
||||
}
|
||||
etype = EType.getBuiltInDefaults();
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("default_enctypes:" + default_enctypes);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("default_enctypes:" + default_enctypes);
|
||||
}
|
||||
String delim = " ";
|
||||
StringTokenizer st;
|
||||
@ -1032,12 +1032,13 @@ public class Config {
|
||||
}
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.print("default etypes for " + configName + ":");
|
||||
if (DEBUG != null) {
|
||||
String s = "default etypes for " + configName + ":";
|
||||
for (int i = 0; i < etype.length; i++) {
|
||||
System.out.print(" " + etype[i]);
|
||||
s += " " + etype[i];
|
||||
}
|
||||
System.out.println(".");
|
||||
s += ".";
|
||||
DEBUG.println(s);
|
||||
}
|
||||
return etype;
|
||||
}
|
||||
@ -1135,8 +1136,8 @@ public class Config {
|
||||
* This method was useless. Kept here in case some class still calls it.
|
||||
*/
|
||||
public void resetDefaultRealm(String realm) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Config try resetting default kdc " + realm);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Config try resetting default kdc " + realm);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1319,8 +1320,8 @@ public class Config {
|
||||
* @return the realm if correct, or null otherwise
|
||||
*/
|
||||
private static String checkRealm(String mapRealm) {
|
||||
if (DEBUG) {
|
||||
System.out.println("getRealmFromDNS: trying " + mapRealm);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("getRealmFromDNS: trying " + mapRealm);
|
||||
}
|
||||
String[] records = null;
|
||||
String newRealm = mapRealm;
|
||||
@ -1351,14 +1352,14 @@ public class Config {
|
||||
String kdcs = "";
|
||||
String[] srvs = null;
|
||||
// locate DNS SRV record using UDP
|
||||
if (DEBUG) {
|
||||
System.out.println("getKDCFromDNS using UDP");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("getKDCFromDNS using UDP");
|
||||
}
|
||||
srvs = KrbServiceLocator.getKerberosService(realm, "_udp");
|
||||
if (srvs == null) {
|
||||
// locate DNS SRV record using TCP
|
||||
if (DEBUG) {
|
||||
System.out.println("getKDCFromDNS using TCP");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("getKDCFromDNS using TCP");
|
||||
}
|
||||
srvs = KrbServiceLocator.getKerberosService(realm, "_tcp");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -41,6 +41,8 @@ import java.io.IOException;
|
||||
import java.util.Date;
|
||||
import java.net.InetAddress;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates the concept of a Kerberos service
|
||||
* credential. That includes a Kerberos ticket and an associated
|
||||
@ -61,7 +63,6 @@ public class Credentials {
|
||||
KerberosTime renewTill;
|
||||
HostAddresses cAddr;
|
||||
AuthorizationData authzData;
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
static boolean alreadyLoaded = false;
|
||||
private static boolean alreadyTried = false;
|
||||
|
||||
@ -240,8 +241,8 @@ public class Credentials {
|
||||
try {
|
||||
retVal = ticket.asn1Encode();
|
||||
} catch (Asn1Exception | IOException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println(e);
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
return retVal;
|
||||
@ -330,21 +331,21 @@ public class Credentials {
|
||||
OperatingSystem.isMacOS()) {
|
||||
Credentials creds = acquireDefaultCreds();
|
||||
if (creds == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Found no TGT's in native ccache");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Found no TGT's in native ccache");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
if (princ != null) {
|
||||
if (creds.getClient().equals(princ)) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Obtained TGT from native ccache: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Obtained TGT from native ccache: "
|
||||
+ creds);
|
||||
}
|
||||
return creds;
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> native ccache contains TGT for "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> native ccache contains TGT for "
|
||||
+ creds.getClient()
|
||||
+ " not "
|
||||
+ princ);
|
||||
@ -352,8 +353,8 @@ public class Credentials {
|
||||
return null;
|
||||
}
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Obtained TGT from native ccache: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Obtained TGT from native ccache: "
|
||||
+ creds);
|
||||
}
|
||||
return creds;
|
||||
@ -381,8 +382,8 @@ public class Credentials {
|
||||
if (EType.isSupported(tgtCred.key.getEType())) {
|
||||
return tgtCred;
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>> unsupported key type found the default TGT: " +
|
||||
tgtCred.key.getEType());
|
||||
}
|
||||
@ -420,15 +421,15 @@ public class Credentials {
|
||||
if (cache != null) {
|
||||
Credentials temp = cache.getInitialCreds();
|
||||
if (temp != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbCreds found the default ticket"
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbCreds found the default ticket"
|
||||
+ " granting ticket in credential cache.");
|
||||
}
|
||||
if (EType.isSupported(temp.key.getEType())) {
|
||||
result = temp;
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>> unsupported key type found the default TGT: " +
|
||||
temp.key.getEType());
|
||||
}
|
||||
@ -444,8 +445,8 @@ public class Credentials {
|
||||
try {
|
||||
ensureLoaded();
|
||||
} catch (Exception e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Can not load native ccache library");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Can not load native ccache library");
|
||||
e.printStackTrace();
|
||||
}
|
||||
alreadyTried = true;
|
||||
@ -453,8 +454,8 @@ public class Credentials {
|
||||
}
|
||||
if (alreadyLoaded) {
|
||||
// There is some native code
|
||||
if (DEBUG) {
|
||||
System.out.println(">> Acquire default native Credentials");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">> Acquire default native Credentials");
|
||||
}
|
||||
try {
|
||||
result = acquireDefaultNativeCreds(
|
||||
@ -507,19 +508,19 @@ public class Credentials {
|
||||
* Prints out debug info.
|
||||
*/
|
||||
public static void printDebug(Credentials c) {
|
||||
System.out.println(">>> DEBUG: ----Credentials----");
|
||||
System.out.println("\tclient: " + c.client.toString());
|
||||
DEBUG.println(">>> DEBUG: ----Credentials----");
|
||||
DEBUG.println("\tclient: " + c.client.toString());
|
||||
if (c.clientAlias != null)
|
||||
System.out.println("\tclient alias: " + c.clientAlias.toString());
|
||||
System.out.println("\tserver: " + c.server.toString());
|
||||
DEBUG.println("\tclient alias: " + c.clientAlias.toString());
|
||||
DEBUG.println("\tserver: " + c.server.toString());
|
||||
if (c.serverAlias != null)
|
||||
System.out.println("\tserver alias: " + c.serverAlias.toString());
|
||||
System.out.println("\tticket: sname: " + c.ticket.sname.toString());
|
||||
DEBUG.println("\tserver alias: " + c.serverAlias.toString());
|
||||
DEBUG.println("\tticket: sname: " + c.ticket.sname.toString());
|
||||
if (c.startTime != null) {
|
||||
System.out.println("\tstartTime: " + c.startTime.getTime());
|
||||
DEBUG.println("\tstartTime: " + c.startTime.getTime());
|
||||
}
|
||||
System.out.println("\tendTime: " + c.endTime.getTime());
|
||||
System.out.println(" ----Credentials end----");
|
||||
DEBUG.println("\tendTime: " + c.endTime.getTime());
|
||||
DEBUG.println(" ----Credentials end----");
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -42,6 +42,8 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
||||
import javax.crypto.spec.DESKeySpec;
|
||||
import javax.crypto.spec.DESedeKeySpec;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates the concept of an EncryptionKey. An encryption
|
||||
* key is defined in RFC 4120 as:
|
||||
@ -74,8 +76,6 @@ public class EncryptionKey
|
||||
private byte[] keyValue;
|
||||
private Integer kvno; // not part of ASN1 encoding;
|
||||
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public synchronized int getEType() {
|
||||
return keyType;
|
||||
}
|
||||
@ -186,8 +186,8 @@ public class EncryptionKey
|
||||
stringToKey(password, salt, null, etypes[i]),
|
||||
etypes[i], null);
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("Encryption Type " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Encryption Type " +
|
||||
EType.toString(etypes[i]) +
|
||||
" is not supported/enabled");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -49,6 +49,8 @@ import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import sun.security.krb5.internal.KRBError;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* KDC-REQ/KDC-REP communication. No more base class for KrbAsReq and
|
||||
* KrbTgsReq. This class is now communication only.
|
||||
@ -72,8 +74,6 @@ public final class KdcComm {
|
||||
*/
|
||||
private static int defaultUdpPrefLimit;
|
||||
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* What to do when a KDC is unavailable, specified in the
|
||||
* java.security file with key krb5.kdc.bad.policy.
|
||||
@ -118,8 +118,8 @@ public final class KdcComm {
|
||||
} catch (NumberFormatException nfe) {
|
||||
// Ignored. Please note that tryLess is recognized and
|
||||
// used, parameters using default values
|
||||
if (DEBUG) {
|
||||
System.out.println("Invalid krb5.kdc.bad.policy" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Invalid krb5.kdc.bad.policy" +
|
||||
" parameter for tryLess: " +
|
||||
value + ", use default");
|
||||
}
|
||||
@ -151,8 +151,8 @@ public final class KdcComm {
|
||||
udp_pref_limit = parsePositiveIntString(temp);
|
||||
} catch (Exception exc) {
|
||||
// ignore any exceptions; use default values
|
||||
if (DEBUG) {
|
||||
System.out.println ("Exception in getting KDC communication " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println ("Exception in getting KDC communication " +
|
||||
"settings, using default value " +
|
||||
exc.getMessage());
|
||||
}
|
||||
@ -276,10 +276,10 @@ public final class KdcComm {
|
||||
KdcAccessibility.removeBad(tempKdc);
|
||||
return ibuf;
|
||||
} catch(Exception e) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbKdcReq send: error trying " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbKdcReq send: error trying " +
|
||||
tempKdc);
|
||||
e.printStackTrace(System.out);
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
KdcAccessibility.addBad(tempKdc);
|
||||
throw e;
|
||||
@ -345,8 +345,8 @@ public final class KdcComm {
|
||||
}
|
||||
|
||||
byte[] obuf = req.encoding();
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbKdcReq send: kdc=" + kdc
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbKdcReq send: kdc=" + kdc
|
||||
+ (useTCP ? " TCP:":" UDP:")
|
||||
+ port + ", timeout="
|
||||
+ timeout
|
||||
@ -360,8 +360,8 @@ public final class KdcComm {
|
||||
try {
|
||||
@SuppressWarnings("removal")
|
||||
byte[] ibuf = AccessController.doPrivileged(kdcCommunication);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbKdcReq send: #bytes read="
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbKdcReq send: #bytes read="
|
||||
+ (ibuf != null ? ibuf.length : 0));
|
||||
}
|
||||
return ibuf;
|
||||
@ -404,8 +404,8 @@ public final class KdcComm {
|
||||
|
||||
for (int i=1; i <= retries; i++) {
|
||||
String proto = useTCP?"TCP":"UDP";
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KDCCommunication: kdc=" + kdc
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KDCCommunication: kdc=" + kdc
|
||||
+ " " + proto + ":"
|
||||
+ port + ", timeout="
|
||||
+ timeout
|
||||
@ -418,8 +418,8 @@ public final class KdcComm {
|
||||
ibuf = kdcClient.receive();
|
||||
break;
|
||||
} catch (SocketTimeoutException se) {
|
||||
if (DEBUG) {
|
||||
System.out.println ("SocketTimeOutException with " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println ("SocketTimeOutException with " +
|
||||
"attempt: " + i);
|
||||
}
|
||||
if (i == retries) {
|
||||
@ -518,15 +518,15 @@ public final class KdcComm {
|
||||
private static Set<String> bads = new HashSet<>();
|
||||
|
||||
private static synchronized void addBad(String kdc) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KdcAccessibility: add " + kdc);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KdcAccessibility: add " + kdc);
|
||||
}
|
||||
bads.add(kdc);
|
||||
}
|
||||
|
||||
private static synchronized void removeBad(String kdc) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KdcAccessibility: remove " + kdc);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KdcAccessibility: remove " + kdc);
|
||||
}
|
||||
bads.remove(kdc);
|
||||
}
|
||||
@ -536,8 +536,8 @@ public final class KdcComm {
|
||||
}
|
||||
|
||||
private static synchronized void reset() {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KdcAccessibility: reset");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KdcAccessibility: reset");
|
||||
}
|
||||
bads.clear();
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -42,6 +42,8 @@ import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import sun.security.krb5.internal.rcache.AuthTimeWithHash;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates a KRB-AP-REQ that a client sends to a
|
||||
* server for authentication.
|
||||
@ -57,7 +59,6 @@ public class KrbApReq {
|
||||
|
||||
// Used by acceptor side
|
||||
private static ReplayCache rcache = ReplayCache.getInstance();
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
private static final char[] hexConst = "0123456789ABCDEF".toCharArray();
|
||||
|
||||
/**
|
||||
@ -109,8 +110,8 @@ public class KrbApReq {
|
||||
APOptions apOptions = (mutualRequired?
|
||||
new APOptions(Krb5.AP_OPTS_MUTUAL_REQUIRED):
|
||||
new APOptions());
|
||||
if (DEBUG)
|
||||
System.out.println(">>> KrbApReq: APOptions are " + apOptions);
|
||||
if (DEBUG != null)
|
||||
DEBUG.println(">>> KrbApReq: APOptions are " + apOptions);
|
||||
|
||||
EncryptionKey subKey = (useSubKey?
|
||||
new EncryptionKey(tgsCred.getSessionKey()):
|
||||
@ -329,8 +330,8 @@ public class KrbApReq {
|
||||
HostAddress sender = new HostAddress(initiator);
|
||||
if (enc_ticketPart.caddr != null
|
||||
&& !enc_ticketPart.caddr.inList(sender)) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbApReq: initiator is "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbApReq: initiator is "
|
||||
+ sender.getInetAddress()
|
||||
+ ", but caddr is "
|
||||
+ Arrays.toString(
|
||||
@ -374,8 +375,8 @@ public class KrbApReq {
|
||||
enc_ticketPart.renewTill,
|
||||
enc_ticketPart.caddr,
|
||||
enc_ticketPart.authorizationData);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbApReq: authenticate succeed.");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbApReq: authenticate succeed.");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -40,6 +40,8 @@ import java.util.Objects;
|
||||
import javax.security.auth.kerberos.KeyTab;
|
||||
import sun.security.jgss.krb5.Krb5Util;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates a AS-REP message that the KDC sends to the
|
||||
* client.
|
||||
@ -51,8 +53,6 @@ final class KrbAsRep extends KrbKdcRep {
|
||||
// message, created by initiator after calling
|
||||
// the decrypt() method
|
||||
|
||||
private boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
KrbAsRep(byte[] ibuf) throws
|
||||
KrbException, Asn1Exception, IOException {
|
||||
DerValue encoding = new DerValue(ibuf);
|
||||
@ -75,8 +75,8 @@ final class KrbAsRep extends KrbKdcRep {
|
||||
// no text sent from server
|
||||
ke = new KrbException(err);
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("KRBError received: " + eText);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("KRBError received: " + eText);
|
||||
}
|
||||
// override default text with server text
|
||||
ke = new KrbException(err, eText);
|
||||
@ -175,8 +175,8 @@ final class KrbAsRep extends KrbKdcRep {
|
||||
enc_part.endtime,
|
||||
enc_part.renewTill,
|
||||
enc_part.caddr);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
|
||||
req.reqBody.cname.getNameString());
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,6 +38,8 @@ import java.io.IOException;
|
||||
import java.time.Instant;
|
||||
import java.util.Arrays;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates the KRB-AS-REQ message that the client
|
||||
* sends to the KDC.
|
||||
@ -45,8 +47,6 @@ import java.util.Arrays;
|
||||
public class KrbAsReq extends KrbKdcReq {
|
||||
private ASReq asReqMessg;
|
||||
|
||||
private boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Constructs an AS-REQ message.
|
||||
*/
|
||||
@ -110,8 +110,8 @@ public class KrbAsReq extends KrbKdcReq {
|
||||
"default realm not specified ");
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbAsReq creating message");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbAsReq creating message");
|
||||
}
|
||||
|
||||
Config cfg = Config.getInstance();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,6 +37,8 @@ import sun.security.krb5.internal.Krb5;
|
||||
import sun.security.krb5.internal.PAData;
|
||||
import sun.security.krb5.internal.crypto.EType;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* A manager class for AS-REQ communications.
|
||||
*
|
||||
@ -348,8 +350,8 @@ public final class KrbAsReqBuilder {
|
||||
if (!preAuthFailedOnce && (
|
||||
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
|
||||
ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println("KrbAsReqBuilder: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("KrbAsReqBuilder: " +
|
||||
"PREAUTH FAILED/REQ, re-send AS-REQ");
|
||||
}
|
||||
preAuthFailedOnce = true;
|
||||
@ -403,8 +405,8 @@ public final class KrbAsReqBuilder {
|
||||
.getBooleanObject("libdefaults", "canonicalize") ==
|
||||
Boolean.TRUE;
|
||||
} catch (KrbException e) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println("Exception in getting canonicalize," +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Exception in getting canonicalize," +
|
||||
" using default value " +
|
||||
Boolean.valueOf(canonicalizeConfig) + ": " +
|
||||
e.getMessage());
|
||||
@ -450,8 +452,8 @@ public final class KrbAsReqBuilder {
|
||||
}
|
||||
}
|
||||
if (count < Config.MAX_REFERRALS && sendCanonicalize) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println("KrbAsReqBuilder: AS-REQ failed." +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("KrbAsReqBuilder: AS-REQ failed." +
|
||||
" Retrying with CANONICALIZE false.");
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,6 +37,8 @@ import java.io.IOException;
|
||||
|
||||
import sun.security.util.DerValue;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class encapsulates the KRB-CRED message that a client uses to
|
||||
* send its delegated credentials to a server.
|
||||
@ -46,8 +48,6 @@ import sun.security.util.DerValue;
|
||||
*/
|
||||
public class KrbCred {
|
||||
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
private byte[] obuf = null;
|
||||
private KRBCred credMessg = null;
|
||||
private Ticket ticket = null;
|
||||
@ -144,8 +144,8 @@ public class KrbCred {
|
||||
PrincipalName sname = credInfo.sname;
|
||||
HostAddresses caddr = credInfo.caddr;
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>Delegated Creds have pname=" + pname
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>Delegated Creds have pname=" + pname
|
||||
+ " sname=" + sname
|
||||
+ " authtime=" + authtime
|
||||
+ " starttime=" + starttime
|
||||
|
@ -34,6 +34,8 @@ import sun.security.krb5.internal.*;
|
||||
import sun.security.krb5.internal.crypto.KeyUsage;
|
||||
import sun.security.util.DerInputStream;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
abstract class KrbKdcRep {
|
||||
|
||||
static void check(
|
||||
@ -86,8 +88,8 @@ abstract class KrbKdcRep {
|
||||
for (int i = 2; i < 6; i++) {
|
||||
if (req.reqBody.kdcOptions.get(i) !=
|
||||
rep.encKDCRepPart.flags.get(i)) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println("> KrbKdcRep.check: at #" + i
|
||||
if (DEBUG == null) {
|
||||
DEBUG.println("> KrbKdcRep.check: at #" + i
|
||||
+ ". request for " + req.reqBody.kdcOptions.get(i)
|
||||
+ ", received " + rep.encKDCRepPart.flags.get(i));
|
||||
}
|
||||
@ -171,8 +173,8 @@ abstract class KrbKdcRep {
|
||||
req.asn1Encode(), replyKey,
|
||||
KeyUsage.KU_AS_REQ);
|
||||
} catch (Exception e) {
|
||||
if (Krb5.DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -33,6 +33,7 @@ import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
public class SCDynamicStoreConfig {
|
||||
private static native void installNotificationCallback();
|
||||
@ -42,7 +43,6 @@ public class SCDynamicStoreConfig {
|
||||
* (realm kdc* null) null (mapping-domain mapping-realm)*
|
||||
*/
|
||||
private static native List<String> getKerberosConfig();
|
||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
static {
|
||||
@SuppressWarnings("removal")
|
||||
@ -72,7 +72,7 @@ public class SCDynamicStoreConfig {
|
||||
throw new IOException(
|
||||
"Could not load configuration from SCDynamicStore");
|
||||
}
|
||||
if (DEBUG) System.out.println("Raw map from JNI: " + list);
|
||||
if (DEBUG != null) DEBUG.println("Raw map from JNI: " + list);
|
||||
|
||||
Hashtable<String,Object> v = new Hashtable<>();
|
||||
Hashtable<String,Object> realms = new Hashtable<>();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,6 +37,8 @@ import java.io.IOException;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class is a utility that contains much of the TGS-Exchange
|
||||
* protocol. It is used by ../Credentials.java for service ticket
|
||||
@ -44,8 +46,6 @@ import java.util.List;
|
||||
*/
|
||||
public class CredentialsUtil {
|
||||
|
||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
private static enum S4U2Type {
|
||||
NONE, SELF, PROXY
|
||||
}
|
||||
@ -193,8 +193,8 @@ public class CredentialsUtil {
|
||||
for (cTgt = localTGT, i = 0; i < realms.length;) {
|
||||
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>> Credentials acquireServiceCreds: main loop: ["
|
||||
+ i +"] tempService=" + tempService);
|
||||
}
|
||||
@ -206,8 +206,8 @@ public class CredentialsUtil {
|
||||
}
|
||||
|
||||
if (newTgt == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||
+ "no tgt; searching thru capath");
|
||||
}
|
||||
|
||||
@ -217,8 +217,8 @@ public class CredentialsUtil {
|
||||
for (newTgt = null, k = i+1;
|
||||
newTgt == null && k < realms.length; k++) {
|
||||
tempService = PrincipalName.tgsService(realms[k], realms[i]);
|
||||
if (DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>> Credentials acquireServiceCreds: "
|
||||
+ "inner loop: [" + k
|
||||
+ "] tempService=" + tempService);
|
||||
@ -232,8 +232,8 @@ public class CredentialsUtil {
|
||||
} // Ends 'if (newTgt == null)'
|
||||
|
||||
if (newTgt == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||
+ "no tgt; cannot get creds");
|
||||
}
|
||||
break;
|
||||
@ -245,16 +245,16 @@ public class CredentialsUtil {
|
||||
*/
|
||||
newTgtRealm = newTgt.getServer().getInstanceComponent();
|
||||
if (okAsDelegate[0] && !newTgt.checkDelegate()) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Credentials acquireServiceCreds: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Credentials acquireServiceCreds: " +
|
||||
"global OK-AS-DELEGATE turned off at " +
|
||||
newTgt.getServer());
|
||||
}
|
||||
okAsDelegate[0] = false;
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||
+ "got tgt");
|
||||
}
|
||||
|
||||
@ -283,8 +283,8 @@ public class CredentialsUtil {
|
||||
i = k;
|
||||
cTgt = newTgt;
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Credentials acquireServiceCreds: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Credentials acquireServiceCreds: "
|
||||
+ "continuing with main loop counter reset to " + i);
|
||||
}
|
||||
continue;
|
||||
@ -453,10 +453,10 @@ public class CredentialsUtil {
|
||||
String serviceRealm = refSname.getRealmString();
|
||||
if (!serviceRealm.equals(tgtRealm)) {
|
||||
// This is a cross-realm service request
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> serviceCredsSingle:" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> serviceCredsSingle:" +
|
||||
" cross-realm authentication");
|
||||
System.out.println(">>> serviceCredsSingle:" +
|
||||
DEBUG.println(">>> serviceCredsSingle:" +
|
||||
" obtaining credentials from " + tgtRealm +
|
||||
" to " + serviceRealm);
|
||||
}
|
||||
@ -465,8 +465,8 @@ public class CredentialsUtil {
|
||||
if (newTgt == null) {
|
||||
throw new KrbException("No service creds");
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Cross-realm TGT Credentials" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Cross-realm TGT Credentials" +
|
||||
" serviceCredsSingle: ");
|
||||
Credentials.printDebug(newTgt);
|
||||
}
|
||||
@ -475,16 +475,16 @@ public class CredentialsUtil {
|
||||
}
|
||||
asCreds = newTgt;
|
||||
cname = asCreds.getClient();
|
||||
} else if (DEBUG) {
|
||||
System.out.println(">>> Credentials serviceCredsSingle:" +
|
||||
} else if (DEBUG != null) {
|
||||
DEBUG.println(">>> Credentials serviceCredsSingle:" +
|
||||
" same realm");
|
||||
}
|
||||
KrbTgsReq req = new KrbTgsReq(options, asCreds, cname, clientAlias,
|
||||
refSname, sname, additionalCreds, extraPAs);
|
||||
theCreds = req.sendAndGetCreds();
|
||||
if (theCreds != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> TGS credentials serviceCredsSingle:");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> TGS credentials serviceCredsSingle:");
|
||||
Credentials.printDebug(theCreds);
|
||||
}
|
||||
if (!okAsDelegate[0]) {
|
||||
@ -502,8 +502,8 @@ public class CredentialsUtil {
|
||||
private static void handleS4U2SelfReferral(PAData[] pas,
|
||||
PrincipalName user, Credentials newCreds)
|
||||
throws Asn1Exception, KrbException, IOException {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Handling S4U2Self referral");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Handling S4U2Self referral");
|
||||
}
|
||||
for (int i = 0; i < pas.length; i++) {
|
||||
PAData pa = pas[i];
|
||||
@ -539,8 +539,8 @@ public class CredentialsUtil {
|
||||
private static String handleS4U2ProxyReferral(Credentials asCreds,
|
||||
Credentials[] credsInOut, PrincipalName sname)
|
||||
throws KrbException, IOException {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Handling S4U2Proxy referral");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Handling S4U2Proxy referral");
|
||||
}
|
||||
Credentials refTGT = null;
|
||||
// Get a credential for the middle service to the backend so we know
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,7 +31,6 @@
|
||||
|
||||
package sun.security.krb5.internal;
|
||||
|
||||
import sun.security.krb5.Config;
|
||||
import sun.security.krb5.Asn1Exception;
|
||||
import sun.security.util.*;
|
||||
import java.net.InetAddress;
|
||||
@ -41,6 +40,7 @@ import java.net.UnknownHostException;
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
/**
|
||||
* Implements the ASN.1 HostAddress type.
|
||||
*
|
||||
@ -63,7 +63,6 @@ public class HostAddress implements Cloneable {
|
||||
byte[] address = null;
|
||||
|
||||
private static InetAddress localInetAddress; //caches local inet address
|
||||
private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
private volatile int hashCode = 0;
|
||||
|
||||
private HostAddress(int dummy) {}
|
||||
@ -191,10 +190,10 @@ public class HostAddress implements Cloneable {
|
||||
if (new_address != null) {
|
||||
address = new_address.clone();
|
||||
}
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
if (addrType == Krb5.ADDRTYPE_INET ||
|
||||
addrType == Krb5.ADDRTYPE_INET6) {
|
||||
System.out.println("Host address is " +
|
||||
DEBUG.println("Host address is " +
|
||||
InetAddress.getByAddress(address));
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -42,6 +42,8 @@ import java.util.*;
|
||||
import java.io.IOException;
|
||||
import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the ASN.1 HostAddresses type.
|
||||
*
|
||||
@ -64,7 +66,6 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream;
|
||||
*/
|
||||
|
||||
public class HostAddresses implements Cloneable {
|
||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
private HostAddress[] addresses = null;
|
||||
private volatile int hashCode = 0;
|
||||
|
||||
@ -276,25 +277,25 @@ public class HostAddresses implements Cloneable {
|
||||
{
|
||||
Set<InetAddress> all = new LinkedHashSet<>();
|
||||
try {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KrbKdcReq local addresses are:");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KrbKdcReq local addresses are:");
|
||||
}
|
||||
String extra = Config.getInstance().getAll(
|
||||
"libdefaults", "extra_addresses");
|
||||
if (extra != null) {
|
||||
for (String s: extra.split("\\s+")) {
|
||||
all.add(InetAddress.getByName(s));
|
||||
if (DEBUG) {
|
||||
System.out.println(" extra_addresses: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(" extra_addresses: "
|
||||
+ InetAddress.getByName(s));
|
||||
}
|
||||
}
|
||||
}
|
||||
for (NetworkInterface ni:
|
||||
Collections.list(NetworkInterface.getNetworkInterfaces())) {
|
||||
if (DEBUG) {
|
||||
System.out.println(" NetworkInterface " + ni + ":");
|
||||
System.out.println(" "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(" NetworkInterface " + ni + ":");
|
||||
DEBUG.println(" "
|
||||
+ Collections.list(ni.getInetAddresses()));
|
||||
}
|
||||
all.addAll(Collections.list(ni.getInetAddresses()));
|
||||
|
@ -37,6 +37,8 @@ import sun.security.krb5.internal.util.KerberosFlags;
|
||||
import sun.security.util.*;
|
||||
import java.io.IOException;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the ASN.1 KDCOptions type.
|
||||
*
|
||||
@ -170,8 +172,6 @@ public class KDCOptions extends KerberosFlags {
|
||||
"VALIDATE", //31;
|
||||
};
|
||||
|
||||
private boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public static KDCOptions with(int... flags) {
|
||||
KDCOptions options = new KDCOptions();
|
||||
for (int flag: flags) {
|
||||
@ -321,8 +321,8 @@ public class KDCOptions extends KerberosFlags {
|
||||
}
|
||||
}
|
||||
} catch (KrbException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Exception in getting default values for " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Exception in getting default values for " +
|
||||
"KDC Options from the configuration ");
|
||||
e.printStackTrace();
|
||||
|
||||
|
@ -35,6 +35,8 @@ import sun.security.util.*;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the ASN.1 KDC-REP type.
|
||||
*
|
||||
@ -68,7 +70,6 @@ public class KDCRep {
|
||||
private int pvno;
|
||||
private int msgType;
|
||||
public PAData[] pAData = null; //optional
|
||||
private boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public KDCRep(
|
||||
PAData[] new_pAData,
|
||||
@ -131,8 +132,8 @@ public class KDCRep {
|
||||
KrbApErrException {
|
||||
DerValue der, subDer;
|
||||
if ((encoding.getTag() & 0x1F) != req_type) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KDCRep: init() " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KDCRep: init() " +
|
||||
"encoding tag is " +
|
||||
encoding.getTag() +
|
||||
" req type is " + req_type);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -47,6 +47,8 @@ import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
import sun.security.krb5.internal.util.KerberosString;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
/**
|
||||
* Implements the ASN.1 KRBError type.
|
||||
*
|
||||
@ -103,8 +105,6 @@ public class KRBError implements java.io.Serializable {
|
||||
|
||||
private PAData[] pa; // PA-DATA in eData
|
||||
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
private void readObject(ObjectInputStream is)
|
||||
throws IOException, ClassNotFoundException {
|
||||
try {
|
||||
@ -232,16 +232,16 @@ public class KRBError implements java.io.Serializable {
|
||||
// may fail.
|
||||
parsePAData(data);
|
||||
} catch (Exception e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Unable to parse eData field of KRB-ERROR:\n" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Unable to parse eData field of KRB-ERROR:\n" +
|
||||
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
|
||||
}
|
||||
throw new IOException(
|
||||
"Unable to parse eData field of KRB-ERROR", e);
|
||||
}
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("Unknown eData field of KRB-ERROR:\n" +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Unknown eData field of KRB-ERROR:\n" +
|
||||
new sun.security.util.HexDumpEncoder().encodeBuffer(data));
|
||||
}
|
||||
}
|
||||
@ -260,8 +260,8 @@ public class KRBError implements java.io.Serializable {
|
||||
DerValue tmp = derPA.data.getDerValue();
|
||||
PAData pa_data = new PAData(tmp);
|
||||
paList.add(pa_data);
|
||||
if (DEBUG) {
|
||||
System.out.println(pa_data);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(pa_data.toString());
|
||||
}
|
||||
}
|
||||
pa = paList.toArray(new PAData[paList.size()]);
|
||||
@ -389,35 +389,35 @@ public class KRBError implements java.io.Serializable {
|
||||
* For debug use only
|
||||
*/
|
||||
private void showDebug() {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KRBError:");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>KRBError:");
|
||||
if (cTime != null)
|
||||
System.out.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
|
||||
DEBUG.println("\t cTime is " + cTime.toDate().toString() + " " + cTime.toDate().getTime());
|
||||
if (cuSec != null) {
|
||||
System.out.println("\t cuSec is " + cuSec.intValue());
|
||||
DEBUG.println("\t cuSec is " + cuSec.intValue());
|
||||
}
|
||||
|
||||
System.out.println("\t sTime is " + sTime.toDate().toString
|
||||
DEBUG.println("\t sTime is " + sTime.toDate().toString
|
||||
() + " " + sTime.toDate().getTime());
|
||||
System.out.println("\t suSec is " + suSec);
|
||||
System.out.println("\t error code is " + errorCode);
|
||||
System.out.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
|
||||
DEBUG.println("\t suSec is " + suSec);
|
||||
DEBUG.println("\t error code is " + errorCode);
|
||||
DEBUG.println("\t error Message is " + Krb5.getErrorMessage(errorCode));
|
||||
if (crealm != null) {
|
||||
System.out.println("\t crealm is " + crealm.toString());
|
||||
DEBUG.println("\t crealm is " + crealm.toString());
|
||||
}
|
||||
if (cname != null) {
|
||||
System.out.println("\t cname is " + cname.toString());
|
||||
DEBUG.println("\t cname is " + cname.toString());
|
||||
}
|
||||
if (sname != null) {
|
||||
System.out.println("\t sname is " + sname.toString());
|
||||
DEBUG.println("\t sname is " + sname.toString());
|
||||
}
|
||||
if (eData != null) {
|
||||
System.out.println("\t eData provided.");
|
||||
DEBUG.println("\t eData provided.");
|
||||
}
|
||||
if (eCksum != null) {
|
||||
System.out.println("\t checksum provided.");
|
||||
DEBUG.println("\t checksum provided.");
|
||||
}
|
||||
System.out.println("\t msgType is " + msgType);
|
||||
DEBUG.println("\t msgType is " + msgType);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -43,6 +43,8 @@ import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
import java.util.TimeZone;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Implements the ASN.1 KerberosTime type. This is an immutable class.
|
||||
*
|
||||
@ -72,8 +74,6 @@ public class KerberosTime {
|
||||
private static long initMilli = System.currentTimeMillis();
|
||||
private static long initMicro = System.nanoTime() / 1000;
|
||||
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
// Do not make this public. It's a little confusing that micro
|
||||
// is only the last 3 digits of microsecond.
|
||||
private KerberosTime(long time, int micro) {
|
||||
@ -144,8 +144,8 @@ public class KerberosTime {
|
||||
long microElapsed = newMicro - initMicro;
|
||||
long calcMilli = initMilli + microElapsed/1000;
|
||||
if (calcMilli - newMilli > 100 || newMilli - calcMilli > 100) {
|
||||
if (DEBUG) {
|
||||
System.out.println("System time adjusted");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("System time adjusted");
|
||||
}
|
||||
initMilli = newMilli;
|
||||
initMicro = newMicro;
|
||||
@ -297,8 +297,8 @@ public class KerberosTime {
|
||||
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
|
||||
}
|
||||
} catch (KrbException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Exception in getting clockskew from " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Exception in getting clockskew from " +
|
||||
"Configuration " +
|
||||
"using default value: " +
|
||||
e.getMessage());
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -31,7 +31,8 @@
|
||||
|
||||
package sun.security.krb5.internal;
|
||||
|
||||
import sun.security.action.GetBooleanAction;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
import sun.security.util.Debug;
|
||||
|
||||
import java.util.Hashtable;
|
||||
|
||||
@ -315,8 +316,8 @@ public class Krb5 {
|
||||
}
|
||||
|
||||
// Warning: used by NativeCreds.c
|
||||
public static final boolean DEBUG = GetBooleanAction
|
||||
.privilegedGetProperty("sun.security.krb5.debug");
|
||||
public static final Debug DEBUG = Debug.of("krb5", GetPropertyAction
|
||||
.privilegedGetProperty("sun.security.krb5.debug"));
|
||||
|
||||
public static final sun.security.util.HexDumpEncoder hexDumper =
|
||||
new sun.security.util.HexDumpEncoder();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,6 +35,8 @@ import java.io.*;
|
||||
import java.net.*;
|
||||
import sun.security.util.IOUtils;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
public abstract class NetClient implements AutoCloseable {
|
||||
public static NetClient getInstance(String protocol, String hostname, int port,
|
||||
int timeout) throws IOException {
|
||||
@ -81,21 +83,21 @@ class TCPClient extends NetClient {
|
||||
int count = readFully(lenField, 4);
|
||||
|
||||
if (count != 4) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>>DEBUG: TCPClient could not read length field");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
int len = networkByteOrderToInt(lenField, 0, 4);
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>>DEBUG: TCPClient reading " + len + " bytes");
|
||||
}
|
||||
if (len <= 0) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>>DEBUG: TCPClient zero or negative length field: "+len);
|
||||
}
|
||||
return null;
|
||||
@ -104,8 +106,8 @@ class TCPClient extends NetClient {
|
||||
try {
|
||||
return IOUtils.readExactlyNBytes(in, len);
|
||||
} catch (IOException ioe) {
|
||||
if (Krb5.DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>>DEBUG: TCPClient could not read complete packet (" +
|
||||
len + "/" + count + ")");
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -42,6 +42,8 @@ import sun.security.krb5.internal.*;
|
||||
import sun.security.krb5.internal.util.KrbDataInputStream;
|
||||
import sun.security.util.IOUtils;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class extends KrbDataInputStream. It is used for parsing FCC-format
|
||||
* data from file to memory.
|
||||
@ -67,8 +69,6 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
*/
|
||||
/* V4 of the credentials cache format allows for header tags */
|
||||
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public CCacheInputStream(InputStream is){
|
||||
super(is);
|
||||
}
|
||||
@ -212,8 +212,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
addrType = read(2);
|
||||
addrLength = readLength4();
|
||||
if (!(addrLength == 4 || addrLength == 16)) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Incorrect address format.");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Incorrect address format.");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
@ -280,7 +280,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
flags[10] = true;
|
||||
if ((ticketFlags & 0x00100000) == TKT_FLG_HW_AUTH)
|
||||
flags[11] = true;
|
||||
if (DEBUG) {
|
||||
if (DEBUG != null) {
|
||||
String msg = ">>> CCacheInputStream: readFlags() ";
|
||||
if (flags[1] == true) {
|
||||
msg += " FORWARDABLE;";
|
||||
@ -316,7 +316,7 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
if (flags[11] == true) {
|
||||
msg += " HW_AUTH;";
|
||||
}
|
||||
System.out.println(msg);
|
||||
DEBUG.println(msg);
|
||||
}
|
||||
return flags;
|
||||
}
|
||||
@ -336,8 +336,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
// Do not return here. All data for this cred should be fully
|
||||
// consumed so that we can read the next one.
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> client principal is " + cpname);
|
||||
}
|
||||
PrincipalName spname = null;
|
||||
try {
|
||||
@ -345,12 +345,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
} catch (Exception e) {
|
||||
// same as above
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
|
||||
}
|
||||
EncryptionKey key = readKey(version);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
|
||||
}
|
||||
long[] times = readTimes();
|
||||
KerberosTime authtime = new KerberosTime(times[0]);
|
||||
@ -360,12 +360,12 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
KerberosTime renewTill =
|
||||
(times[3]==0) ? null : new KerberosTime(times[3]);
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> start time: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> start time: " +
|
||||
((starttime==null)?"null":starttime.toDate().toString()));
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
|
||||
System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
|
||||
DEBUG.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
|
||||
((renewTill==null)?"null":renewTill.toDate().toString()));
|
||||
}
|
||||
boolean skey = readskey();
|
||||
@ -404,8 +404,8 @@ public class CCacheInputStream extends KrbDataInputStream implements FileCCacheC
|
||||
ticketData != null ? new Ticket(ticketData) : null,
|
||||
ticketData2 != null ? new Ticket(ticketData2) : null);
|
||||
} catch (Exception e) { // If any of new Ticket(*) fails.
|
||||
if (DEBUG) {
|
||||
e.printStackTrace(System.out);
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -54,6 +54,7 @@ import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
||||
|
||||
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* CredentialsCache stores credentials(tickets, session keys, etc.) in a
|
||||
@ -70,7 +71,6 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
public Tag tag; // optional
|
||||
public PrincipalName primaryPrincipal;
|
||||
private Vector<Credentials> credentialsList;
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public static synchronized FileCredentialsCache acquireInstance(
|
||||
PrincipalName principal, String cache) {
|
||||
@ -92,8 +92,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
return fcc;
|
||||
} catch (IOException | KrbException e) {
|
||||
// we don't handle it now, instead we return a null at the end.
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
return null;
|
||||
@ -128,8 +128,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
return fcc;
|
||||
}
|
||||
catch (IOException | KrbException e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
return null;
|
||||
@ -213,8 +213,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
tmp.sname.getRealmString()))) {
|
||||
matched = true;
|
||||
if (c.endtime.getTime() >= tmp.endtime.getTime()) {
|
||||
if (DEBUG) {
|
||||
System.out.println(" >>> FileCredentialsCache "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(" >>> FileCredentialsCache "
|
||||
+ "Ticket matched, overwrite "
|
||||
+ "the old one.");
|
||||
}
|
||||
@ -224,8 +224,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
}
|
||||
if (!matched) {
|
||||
if (DEBUG) {
|
||||
System.out.println(" >>> FileCredentialsCache Ticket "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(" >>> FileCredentialsCache Ticket "
|
||||
+ "not exactly matched, "
|
||||
+ "add new one into cache.");
|
||||
}
|
||||
@ -349,8 +349,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
|
||||
CredentialsCache.ConfigEntry entry = getConfigEntry("proxy_impersonator");
|
||||
if (entry == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("get normal credential");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("get normal credential");
|
||||
}
|
||||
return tgt;
|
||||
}
|
||||
@ -363,8 +363,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
switch (prop) {
|
||||
case "no-impersonate": // never try impersonation
|
||||
if (DEBUG) {
|
||||
System.out.println("get normal credential");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("get normal credential");
|
||||
}
|
||||
return tgt;
|
||||
case "try-impersonate":
|
||||
@ -382,8 +382,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
PrincipalName service = new PrincipalName(
|
||||
new String(entry.getData(), StandardCharsets.UTF_8));
|
||||
if (!tgt.getClient().equals(service)) {
|
||||
if (DEBUG) {
|
||||
System.out.println("proxy_impersonator does not match service name");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("proxy_impersonator does not match service name");
|
||||
}
|
||||
return force ? null : tgt;
|
||||
}
|
||||
@ -397,18 +397,18 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
}
|
||||
}
|
||||
if (proxy == null) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Cannot find evidence ticket in ccache");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Cannot find evidence ticket in ccache");
|
||||
}
|
||||
return force ? null : tgt;
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println("Get proxied credential");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Get proxied credential");
|
||||
}
|
||||
return tgt.setProxy(proxy.setKrbCreds());
|
||||
} catch (KrbException e) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Impersonation with ccache failed");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Impersonation with ccache failed");
|
||||
}
|
||||
return force ? null : tgt;
|
||||
}
|
||||
@ -460,8 +460,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
return cache;
|
||||
});
|
||||
if (name != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KinitOptions cache name is " + name);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>KinitOptions cache name is " + name);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
@ -482,14 +482,14 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
if (uid != -1) {
|
||||
name = File.separator + "tmp" +
|
||||
File.separator + stdCacheNameComponent + "_" + uid;
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KinitOptions cache name is " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>KinitOptions cache name is " +
|
||||
name);
|
||||
}
|
||||
return name;
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println("Error in obtaining uid " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Error in obtaining uid " +
|
||||
"for Unix platforms " +
|
||||
"Using user's home directory");
|
||||
}
|
||||
@ -513,8 +513,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
name = user_home + File.separator + stdCacheNameComponent;
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KinitOptions cache name is " + name);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>KinitOptions cache name is " + name);
|
||||
}
|
||||
|
||||
return name;
|
||||
@ -562,8 +562,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
try {
|
||||
return (Runtime.getRuntime().exec(command));
|
||||
} catch (IOException e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
return null;
|
||||
}
|
||||
@ -592,8 +592,8 @@ public class FileCredentialsCache extends CredentialsCache
|
||||
commandResult.close();
|
||||
return s1;
|
||||
} catch (Exception e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
return null;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,9 +35,9 @@ import sun.security.krb5.Checksum;
|
||||
import sun.security.krb5.KrbCryptoException;
|
||||
import sun.security.krb5.internal.*;
|
||||
|
||||
public abstract class CksumType {
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
public abstract class CksumType {
|
||||
|
||||
public static CksumType getInstance(int cksumTypeConst)
|
||||
throws KdcErrException {
|
||||
@ -121,8 +121,8 @@ public abstract class CksumType {
|
||||
default:
|
||||
throw new KdcErrException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> CksumType: " + cksumTypeName);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> CksumType: " + cksumTypeName);
|
||||
}
|
||||
return cksumType;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -42,13 +42,13 @@ import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
//only needed if dataSize() implementation changes back to spec;
|
||||
//see dataSize() below
|
||||
|
||||
public abstract class EType {
|
||||
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
// etypes supported by JDK, including weak ones
|
||||
private static int[] supportedETypes;
|
||||
// common default etypes if not defined in krb5.conf
|
||||
@ -83,8 +83,8 @@ public abstract class EType {
|
||||
allowWeakCrypto = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
|
||||
== Boolean.TRUE;
|
||||
} catch (Exception exc) {
|
||||
if (DEBUG) {
|
||||
System.out.println ("Exception in getting allow_weak_crypto, " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println ("Exception in getting allow_weak_crypto, " +
|
||||
"using default value: " +
|
||||
exc.getMessage());
|
||||
}
|
||||
@ -160,8 +160,8 @@ public abstract class EType {
|
||||
+ " (" + eTypeConst + ")";
|
||||
throw new KdcErrException(Krb5.KDC_ERR_ETYPE_NOSUPP, msg);
|
||||
}
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> EType: " + eTypeName);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> EType: " + eTypeName);
|
||||
}
|
||||
return eType;
|
||||
}
|
||||
@ -245,10 +245,10 @@ public abstract class EType {
|
||||
try {
|
||||
config = Config.getInstance();
|
||||
} catch (KrbException exc) {
|
||||
if (DEBUG) {
|
||||
System.out.println("Exception while getting " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Exception while getting " +
|
||||
configName + ": " + exc.getMessage());
|
||||
System.out.println("Using default builtin etypes");
|
||||
DEBUG.println("Using default builtin etypes");
|
||||
}
|
||||
return getBuiltInDefaults();
|
||||
}
|
||||
|
@ -33,10 +33,11 @@ package sun.security.krb5.internal.crypto;
|
||||
import java.security.MessageDigestSpi;
|
||||
import java.security.DigestException;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
public final class crc32 extends MessageDigestSpi implements Cloneable {
|
||||
private static final int CRC32_LENGTH = 4; //32-bit
|
||||
private int seed;
|
||||
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
// buffer;
|
||||
// private int bufferIndex, bufferLeft;
|
||||
|
||||
@ -259,9 +260,9 @@ public final class crc32 extends MessageDigestSpi implements Cloneable {
|
||||
|
||||
public static byte[] byte2crc32sum_bytes(byte[] data, int size) {
|
||||
int temp = byte2crc32sum(0, data, size);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>crc32: " + Integer.toHexString(temp));
|
||||
System.out.println(">>>crc32: " + Integer.toBinaryString(temp));
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>crc32: " + Integer.toHexString(temp));
|
||||
DEBUG.println(">>>crc32: " + Integer.toBinaryString(temp));
|
||||
}
|
||||
return int2quad(temp);
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -140,7 +140,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||
int start, int len) throws GeneralSecurityException {
|
||||
|
||||
if (debug) {
|
||||
System.out.println("ARCFOUR: calculateChecksum with usage = " +
|
||||
System.err.println("ARCFOUR: calculateChecksum with usage = " +
|
||||
usage);
|
||||
}
|
||||
|
||||
@ -258,7 +258,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
System.out.println("ArcFour: ENCRYPT with key usage = " + usage);
|
||||
System.err.println("ArcFour: ENCRYPT with key usage = " + usage);
|
||||
}
|
||||
|
||||
// get the confounder
|
||||
@ -313,7 +313,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
|
||||
System.err.println("\nARCFOUR: encryptRaw with usage = " + usage);
|
||||
}
|
||||
|
||||
// Derive encryption key for data
|
||||
@ -352,7 +352,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||
+ usage);
|
||||
}
|
||||
if (debug) {
|
||||
System.out.println("\nARCFOUR: DECRYPT using key usage = " + usage);
|
||||
System.err.println("\nARCFOUR: DECRYPT using key usage = " + usage);
|
||||
}
|
||||
|
||||
// compute K1
|
||||
@ -424,7 +424,7 @@ public class ArcFourCrypto extends DkCrypto {
|
||||
+ usage);
|
||||
}
|
||||
if (debug) {
|
||||
System.out.println("\nARCFOUR: decryptRaw with usage = " + usage);
|
||||
System.err.println("\nARCFOUR: decryptRaw with usage = " + usage);
|
||||
}
|
||||
|
||||
// Derive encryption key for data
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -49,6 +49,8 @@ import java.util.StringTokenizer;
|
||||
import java.util.Vector;
|
||||
import sun.security.jgss.krb5.ServiceCreds;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class represents key table. The key table functions deal with storing
|
||||
* and retrieving service keys for use in authentication exchanges.
|
||||
@ -64,7 +66,6 @@ import sun.security.jgss.krb5.ServiceCreds;
|
||||
*/
|
||||
public class KeyTab implements KeyTabConstants {
|
||||
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
private static String defaultTabName = null;
|
||||
|
||||
// Attention: Currently there is no way to remove a keytab from this map,
|
||||
@ -101,14 +102,14 @@ public class KeyTab implements KeyTabConstants {
|
||||
} catch (FileNotFoundException e) {
|
||||
entries.clear();
|
||||
isMissing = true;
|
||||
if (DEBUG) {
|
||||
System.out.println("Cannot load keytab " + tabName + ": " + e);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Cannot load keytab " + tabName + ": " + e);
|
||||
}
|
||||
} catch (Exception ioe) {
|
||||
entries.clear();
|
||||
isValid = false;
|
||||
if (DEBUG) {
|
||||
System.out.println("Cannot load keytab " + tabName + ": " + ioe);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Cannot load keytab " + tabName + ": " + ioe);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -263,8 +264,8 @@ public class KeyTab implements KeyTabConstants {
|
||||
while (kis.available() > 0) {
|
||||
entryLength = kis.readEntryLength();
|
||||
entry = kis.readEntry(entryLength, kt_vno);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KeyTab: load() entry length: " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KeyTab: load() entry length: " +
|
||||
entryLength + "; type: " +
|
||||
(entry != null? entry.keyType : 0));
|
||||
}
|
||||
@ -293,8 +294,8 @@ public class KeyTab implements KeyTabConstants {
|
||||
EncryptionKey key;
|
||||
int size = entries.size();
|
||||
ArrayList<EncryptionKey> keys = new ArrayList<>(size);
|
||||
if (DEBUG) {
|
||||
System.out.println("Looking for keys for: " + service);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Looking for keys for: " + service);
|
||||
}
|
||||
for (int i = size-1; i >= 0; i--) {
|
||||
entry = entries.elementAt(i);
|
||||
@ -304,12 +305,12 @@ public class KeyTab implements KeyTabConstants {
|
||||
entry.keyType,
|
||||
entry.keyVersion);
|
||||
keys.add(key);
|
||||
if (DEBUG) {
|
||||
System.out.println("Added key: " + entry.keyType +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Added key: " + entry.keyType +
|
||||
", version: " + entry.keyVersion);
|
||||
}
|
||||
} else if (DEBUG) {
|
||||
System.out.println("Found unsupported keytype (" +
|
||||
} else if (DEBUG != null) {
|
||||
DEBUG.println("Found unsupported keytype (" +
|
||||
entry.keyType + ") for " + service);
|
||||
}
|
||||
}
|
||||
@ -347,8 +348,8 @@ public class KeyTab implements KeyTabConstants {
|
||||
if (entry.service.match(service)) {
|
||||
if (EType.isSupported(entry.keyType)) {
|
||||
return true;
|
||||
} else if (DEBUG) {
|
||||
System.out.println("Found unsupported keytype (" +
|
||||
} else if (DEBUG != null) {
|
||||
DEBUG.println("Found unsupported keytype (" +
|
||||
entry.keyType + ") for " + service);
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -35,6 +35,7 @@ import sun.security.krb5.*;
|
||||
import sun.security.krb5.internal.*;
|
||||
|
||||
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class represents a Key Table entry. Each entry contains the service principal of
|
||||
@ -49,7 +50,6 @@ public class KeyTabEntry implements KeyTabConstants {
|
||||
int keyVersion;
|
||||
int keyType;
|
||||
byte[] keyblock = null;
|
||||
boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
public KeyTabEntry (PrincipalName new_service, Realm new_realm, KerberosTime new_time,
|
||||
int new_keyVersion, int new_keyType, byte[] new_keyblock) {
|
||||
@ -95,8 +95,8 @@ public class KeyTabEntry implements KeyTabConstants {
|
||||
+ timestampSize + keyVersionSize
|
||||
+ keyTypeSize + keySize + keyblock.length;
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KeyTabEntry: key tab entry size is " + size);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KeyTabEntry: key tab entry size is " + size);
|
||||
}
|
||||
return size;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -39,6 +39,8 @@ import sun.security.krb5.internal.util.KrbDataInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class implements a buffered input stream. It is used for parsing key table
|
||||
* data to memory.
|
||||
@ -48,7 +50,6 @@ import java.io.InputStream;
|
||||
*/
|
||||
public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConstants {
|
||||
|
||||
boolean DEBUG = Krb5.DEBUG;
|
||||
int index;
|
||||
|
||||
public KeyTabInputStream(InputStream is) {
|
||||
@ -151,8 +152,8 @@ public class KeyTabInputStream extends KrbDataInputStream implements KeyTabConst
|
||||
read(bytes, 0, length);
|
||||
index -= length;
|
||||
name = new String(bytes);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> KeyTabInputStream, readName(): " + name);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> KeyTabInputStream, readName(): " + name);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,6 +38,8 @@ import sun.security.krb5.internal.KerberosTime;
|
||||
import sun.security.krb5.internal.KrbApErrException;
|
||||
import sun.security.krb5.internal.ReplayCache;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class stores replay caches. AuthTimeWithHash objects are categorized
|
||||
* into AuthLists keyed by the names of client and server.
|
||||
@ -48,7 +50,6 @@ public class MemoryCache extends ReplayCache {
|
||||
|
||||
// TODO: One day we'll need to read dynamic krb5.conf.
|
||||
private static final int lifespan = KerberosTime.getDefaultSkew();
|
||||
private static final boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
private final Map<String,AuthList> content = new ConcurrentHashMap<>();
|
||||
|
||||
@ -58,8 +59,8 @@ public class MemoryCache extends ReplayCache {
|
||||
String key = time.client + "|" + time.server;
|
||||
content.computeIfAbsent(key, k -> new AuthList(lifespan))
|
||||
.put(time, currTime);
|
||||
if (DEBUG) {
|
||||
System.out.println("MemoryCache: add " + time + " to " + key);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("MemoryCache: add " + time + " to " + key);
|
||||
}
|
||||
// TODO: clean up AuthList entries with only expired AuthTimeWithHash objects.
|
||||
}
|
||||
|
@ -99,9 +99,9 @@ Java_sun_security_jgss_wrapper_GSSLibStub_init(JNIEnv *env,
|
||||
MAX_MSG_SIZE,
|
||||
NULL);
|
||||
if (0 == dwRes) {
|
||||
printf("GSS-API: Unknown failure %d\n", dwError);
|
||||
TRACE1("GSS-API: Unknown failure %d", dwError);
|
||||
} else {
|
||||
printf("GSS-API: %s\n",szMsgBuf);
|
||||
TRACE1("GSS-API: %s",szMsgBuf);
|
||||
}
|
||||
#else
|
||||
char* error = dlerror();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -106,7 +106,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
/* Retrieve and store the classes in global ref */
|
||||
cls = (*env)->FindClass(env, "java/lang/Object");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find Object class\n");
|
||||
fprintf(stderr, "Couldn't find Object class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_Object = (*env)->NewGlobalRef(env, cls);
|
||||
@ -115,7 +115,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "java/lang/String");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find String class\n");
|
||||
fprintf(stderr, "Couldn't find String class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_String = (*env)->NewGlobalRef(env, cls);
|
||||
@ -124,7 +124,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "org/ietf/jgss/Oid");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find org.ietf.jgss.Oid class\n");
|
||||
fprintf(stderr, "Couldn't find org.ietf.jgss.Oid class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_Oid = (*env)->NewGlobalRef(env, cls);
|
||||
@ -133,7 +133,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "org/ietf/jgss/GSSException");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find org.ietf.jgss.GSSException class\n");
|
||||
fprintf(stderr, "Couldn't find org.ietf.jgss.GSSException class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_GSSException = (*env)->NewGlobalRef(env, cls);
|
||||
@ -142,7 +142,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSNameElement");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
|
||||
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSNameElement class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_GSSNameElement = (*env)->NewGlobalRef(env, cls);
|
||||
@ -151,7 +151,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSCredElement");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
|
||||
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSCredElement class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_GSSCredElement = (*env)->NewGlobalRef(env, cls);
|
||||
@ -160,7 +160,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/NativeGSSContext");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
|
||||
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.NativeGSSContext class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_NativeGSSContext = (*env)->NewGlobalRef(env, cls);
|
||||
@ -169,7 +169,7 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
}
|
||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/SunNativeProvider");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
|
||||
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.SunNativeProvider class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
CLS_SunNativeProvider = (*env)->NewGlobalRef(env, cls);
|
||||
@ -180,115 +180,115 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
MID_String_ctor = (*env)->GetMethodID(env, CLS_String,
|
||||
"<init>", "([B)V");
|
||||
if (MID_String_ctor == NULL) {
|
||||
printf("Couldn't find String(byte[]) constructor\n");
|
||||
fprintf(stderr, "Couldn't find String(byte[]) constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_Oid_ctor1 =
|
||||
(*env)->GetMethodID(env, CLS_Oid, "<init>", "([B)V");
|
||||
if (MID_Oid_ctor1 == NULL) {
|
||||
printf("Couldn't find Oid(byte[]) constructor\n");
|
||||
fprintf(stderr, "Couldn't find Oid(byte[]) constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_Oid_getDER = (*env)->GetMethodID(env, CLS_Oid, "getDER", "()[B");
|
||||
if (MID_Oid_getDER == NULL) {
|
||||
printf("Couldn't find Oid.getDER() method\n");
|
||||
fprintf(stderr, "Couldn't find Oid.getDER() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
cls = (*env)->FindClass(env, "org/ietf/jgss/MessageProp");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find org.ietf.jgss.MessageProp class\n");
|
||||
fprintf(stderr, "Couldn't find org.ietf.jgss.MessageProp class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_MessageProp_getPrivacy =
|
||||
(*env)->GetMethodID(env, cls, "getPrivacy", "()Z");
|
||||
if (MID_MessageProp_getPrivacy == NULL) {
|
||||
printf("Couldn't find MessageProp.getPrivacy() method\n");
|
||||
fprintf(stderr, "Couldn't find MessageProp.getPrivacy() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_MessageProp_getQOP = (*env)->GetMethodID(env, cls, "getQOP", "()I");
|
||||
if (MID_MessageProp_getQOP == NULL) {
|
||||
printf("Couldn't find MessageProp.getQOP() method\n");
|
||||
fprintf(stderr, "Couldn't find MessageProp.getQOP() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_MessageProp_setPrivacy =
|
||||
(*env)->GetMethodID(env, cls, "setPrivacy", "(Z)V");
|
||||
if (MID_MessageProp_setPrivacy == NULL) {
|
||||
printf("Couldn't find MessageProp.setPrivacy(boolean) method\n");
|
||||
fprintf(stderr, "Couldn't find MessageProp.setPrivacy(boolean) method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_MessageProp_setQOP = (*env)->GetMethodID(env, cls, "setQOP", "(I)V");
|
||||
if (MID_MessageProp_setQOP == NULL) {
|
||||
printf("Couldn't find MessageProp.setQOP(int) method\n");
|
||||
fprintf(stderr, "Couldn't find MessageProp.setQOP(int) method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_MessageProp_setSupplementaryStates =
|
||||
(*env)->GetMethodID(env, cls, "setSupplementaryStates",
|
||||
"(ZZZZILjava/lang/String;)V");
|
||||
if (MID_MessageProp_setSupplementaryStates == NULL) {
|
||||
printf("Couldn't find MessageProp.setSupplementaryStates(...) method\n");
|
||||
fprintf(stderr, "Couldn't find MessageProp.setSupplementaryStates(...) method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_GSSException_ctor3 = (*env)->GetMethodID
|
||||
(env, CLS_GSSException, "<init>", "(IILjava/lang/String;)V");
|
||||
if (MID_GSSException_ctor3 == NULL) {
|
||||
printf("Couldn't find GSSException(int, int, String) constructor\n");
|
||||
fprintf(stderr, "Couldn't find GSSException(int, int, String) constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
cls = (*env)->FindClass(env, "org/ietf/jgss/ChannelBinding");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find org.ietf.jgss.ChannelBinding class\n");
|
||||
fprintf(stderr, "Couldn't find org.ietf.jgss.ChannelBinding class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_ChannelBinding_getInitiatorAddr =
|
||||
(*env)->GetMethodID(env, cls, "getInitiatorAddress",
|
||||
"()Ljava/net/InetAddress;");
|
||||
if (MID_ChannelBinding_getInitiatorAddr == NULL) {
|
||||
printf("Couldn't find ChannelBinding.getInitiatorAddress() method\n");
|
||||
fprintf(stderr, "Couldn't find ChannelBinding.getInitiatorAddress() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_ChannelBinding_getAcceptorAddr =
|
||||
(*env)->GetMethodID(env, cls, "getAcceptorAddress",
|
||||
"()Ljava/net/InetAddress;");
|
||||
if (MID_ChannelBinding_getAcceptorAddr == NULL) {
|
||||
printf("Couldn't find ChannelBinding.getAcceptorAddress() method\n");
|
||||
fprintf(stderr, "Couldn't find ChannelBinding.getAcceptorAddress() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_ChannelBinding_getAppData =
|
||||
(*env)->GetMethodID(env, cls, "getApplicationData", "()[B");
|
||||
if (MID_ChannelBinding_getAppData == NULL) {
|
||||
printf("Couldn't find ChannelBinding.getApplicationData() method\n");
|
||||
fprintf(stderr, "Couldn't find ChannelBinding.getApplicationData() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
cls = (*env)->FindClass(env, "java/net/InetAddress");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find java.net.InetAddress class\n");
|
||||
fprintf(stderr, "Couldn't find java.net.InetAddress class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_InetAddress_getAddr = (*env)->GetMethodID(env, cls, "getAddress",
|
||||
"()[B");
|
||||
if (MID_InetAddress_getAddr == NULL) {
|
||||
printf("Couldn't find InetAddress.getAddress() method\n");
|
||||
fprintf(stderr, "Couldn't find InetAddress.getAddress() method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_GSSNameElement_ctor =
|
||||
(*env)->GetMethodID(env, CLS_GSSNameElement,
|
||||
"<init>", "(JLsun/security/jgss/wrapper/GSSLibStub;)V");
|
||||
if (MID_GSSNameElement_ctor == NULL) {
|
||||
printf("Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
|
||||
fprintf(stderr, "Couldn't find GSSNameElement(long, GSSLibStub) constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_GSSCredElement_ctor =
|
||||
(*env)->GetMethodID(env, CLS_GSSCredElement, "<init>",
|
||||
"(JLsun/security/jgss/wrapper/GSSNameElement;Lorg/ietf/jgss/Oid;)V");
|
||||
if (MID_GSSCredElement_ctor == NULL) {
|
||||
printf("Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
|
||||
fprintf(stderr, "Couldn't find GSSCredElement(long, GSSLibStub) constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
MID_NativeGSSContext_ctor =
|
||||
(*env)->GetMethodID(env, CLS_NativeGSSContext, "<init>",
|
||||
"(JLsun/security/jgss/wrapper/GSSLibStub;)V");
|
||||
if (MID_NativeGSSContext_ctor == NULL) {
|
||||
printf("Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext(long, GSSLibStub) constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
@ -296,78 +296,78 @@ DEF_JNI_OnLoad(JavaVM *jvm, void *reserved) {
|
||||
(*env)->GetMethodID(env, CLS_NativeGSSContext, "setContext",
|
||||
"(J)V");
|
||||
if (MID_NativeGSSContext_setContext == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.setContext(long) method\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.setContext(long) method\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
|
||||
/* Compute and cache the field ID */
|
||||
cls = (*env)->FindClass(env, "sun/security/jgss/wrapper/GSSLibStub");
|
||||
if (cls == NULL) {
|
||||
printf("Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
|
||||
fprintf(stderr, "Couldn't find sun.security.jgss.wrapper.GSSLibStub class\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_GSSLibStub_pMech =
|
||||
(*env)->GetFieldID(env, cls, "pMech", "J");
|
||||
if (FID_GSSLibStub_pMech == NULL) {
|
||||
printf("Couldn't find GSSLibStub.pMech field\n");
|
||||
fprintf(stderr, "Couldn't find GSSLibStub.pMech field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_pContext =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "pContext", "J");
|
||||
if (FID_NativeGSSContext_pContext == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.pContext field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.pContext field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_srcName =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "srcName",
|
||||
"Lsun/security/jgss/wrapper/GSSNameElement;");
|
||||
if (FID_NativeGSSContext_srcName == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.srcName field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.srcName field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_targetName =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "targetName",
|
||||
"Lsun/security/jgss/wrapper/GSSNameElement;");
|
||||
if (FID_NativeGSSContext_targetName == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.targetName field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.targetName field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_isInitiator =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isInitiator", "Z");
|
||||
if (FID_NativeGSSContext_isInitiator == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.isInitiator field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.isInitiator field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_isEstablished =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "isEstablished", "Z");
|
||||
if (FID_NativeGSSContext_isEstablished == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.isEstablished field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.isEstablished field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_delegatedCred =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "delegatedCred",
|
||||
"Lsun/security/jgss/wrapper/GSSCredElement;");
|
||||
if (FID_NativeGSSContext_delegatedCred == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.delegatedCred field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.delegatedCred field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_flags =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "flags", "I");
|
||||
if (FID_NativeGSSContext_flags == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.flags field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.flags field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_lifetime =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "lifetime", "I");
|
||||
if (FID_NativeGSSContext_lifetime == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.lifetime field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.lifetime field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
FID_NativeGSSContext_actualMech =
|
||||
(*env)->GetFieldID(env, CLS_NativeGSSContext, "actualMech",
|
||||
"Lorg/ietf/jgss/Oid;");
|
||||
if (FID_NativeGSSContext_actualMech == NULL) {
|
||||
printf("Couldn't find NativeGSSContext.actualMech field\n");
|
||||
fprintf(stderr, "Couldn't find NativeGSSContext.actualMech field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
return JNI_VERSION_1_2;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -84,10 +84,10 @@ extern "C" {
|
||||
extern jfieldID FID_NativeGSSContext_flags;
|
||||
extern jfieldID FID_NativeGSSContext_lifetime;
|
||||
extern jfieldID FID_NativeGSSContext_actualMech;
|
||||
#define TRACE0(s) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stdout); }}
|
||||
#define TRACE1(s, p1) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stdout); }}
|
||||
#define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stdout); }}
|
||||
#define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { printf("[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stdout); }}
|
||||
#define TRACE0(s) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] %s\n", __LINE__, s); fflush(stderr); }}
|
||||
#define TRACE1(s, p1) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1); fflush(stderr); }}
|
||||
#define TRACE2(s, p1, p2) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2); fflush(stderr); }}
|
||||
#define TRACE3(s, p1, p2, p3) { if (JGSS_DEBUG) { fprintf(stderr, "[GSSLibStub:%d] "s"\n", __LINE__, p1, p2, p3); fflush(stderr); }}
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -39,6 +39,8 @@ import java.util.Arrays;
|
||||
import sun.security.util.Password;
|
||||
import javax.security.auth.kerberos.KeyTab;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Kinit tool for obtaining Kerberos v5 tickets.
|
||||
*
|
||||
@ -48,7 +50,6 @@ import javax.security.auth.kerberos.KeyTab;
|
||||
public class Kinit {
|
||||
|
||||
private KinitOptions options;
|
||||
private static final boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* The main method is used to accept user command line input for ticket
|
||||
@ -180,8 +181,8 @@ public class Kinit {
|
||||
princName = principal.toString();
|
||||
}
|
||||
KrbAsReqBuilder builder;
|
||||
if (DEBUG) {
|
||||
System.out.println("Principal is " + principal);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println("Principal is " + principal);
|
||||
}
|
||||
char[] psswd = options.password;
|
||||
boolean useKeytab = options.useKeytabFile();
|
||||
@ -194,15 +195,15 @@ public class Kinit {
|
||||
System.out.print("Password for " + princName + ":");
|
||||
System.out.flush();
|
||||
psswd = Password.readPassword(System.in);
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Kinit console input " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Kinit console input " +
|
||||
new String(psswd));
|
||||
}
|
||||
}
|
||||
builder = new KrbAsReqBuilder(principal, psswd);
|
||||
} else {
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Kinit using keytab");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Kinit using keytab");
|
||||
}
|
||||
if (princName == null) {
|
||||
throw new IllegalArgumentException
|
||||
@ -210,8 +211,8 @@ public class Kinit {
|
||||
}
|
||||
String ktabName = options.keytabFileName();
|
||||
if (ktabName != null) {
|
||||
if (DEBUG) {
|
||||
System.out.println(
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(
|
||||
">>> Kinit keytab file name: " + ktabName);
|
||||
}
|
||||
}
|
||||
@ -230,15 +231,15 @@ public class Kinit {
|
||||
realm = Config.getInstance().getDefaultRealm();
|
||||
}
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Kinit realm name is " + realm);
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Kinit realm name is " + realm);
|
||||
}
|
||||
|
||||
PrincipalName sname = PrincipalName.tgsService(realm, realm);
|
||||
builder.setTarget(sname);
|
||||
|
||||
if (DEBUG) {
|
||||
System.out.println(">>> Creating KrbAsReq");
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>> Creating KrbAsReq");
|
||||
}
|
||||
|
||||
if (options.getAddressOption())
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -37,6 +37,8 @@ import java.io.IOException;
|
||||
import java.time.Instant;
|
||||
import java.io.FileInputStream;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* Maintains user-specific options or default settings when the user requests
|
||||
* a KDC ticket using Kinit.
|
||||
@ -63,7 +65,6 @@ class KinitOptions {
|
||||
public String realm;
|
||||
char[] password = null;
|
||||
public boolean keytab;
|
||||
private boolean DEBUG = Krb5.DEBUG;
|
||||
private boolean includeAddresses = true; // default.
|
||||
private boolean useKeytab = false; // default = false.
|
||||
private String ktabName; // keytab file name
|
||||
@ -193,26 +194,26 @@ class KinitOptions {
|
||||
}
|
||||
PrincipalName p = cis.readPrincipal(version);
|
||||
cis.close();
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KinitOptions principal name from " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>KinitOptions principal name from " +
|
||||
"the cache is: " + p);
|
||||
}
|
||||
return p;
|
||||
} catch (IOException e) {
|
||||
// ignore any exceptions; we will use the user name as the
|
||||
// principal name
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
} catch (RealmException e) {
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
|
||||
String username = System.getProperty("user.name");
|
||||
if (DEBUG) {
|
||||
System.out.println(">>>KinitOptions default username is: "
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println(">>>KinitOptions default username is: "
|
||||
+ username);
|
||||
}
|
||||
try {
|
||||
@ -220,10 +221,10 @@ class KinitOptions {
|
||||
return p;
|
||||
} catch (RealmException e) {
|
||||
// ignore exception , return null
|
||||
if (DEBUG) {
|
||||
System.out.println ("Exception in getting principal " +
|
||||
if (DEBUG != null) {
|
||||
DEBUG.println ("Exception in getting principal " +
|
||||
"name " + e.getMessage());
|
||||
e.printStackTrace();
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
}
|
||||
return null;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -39,6 +39,8 @@ import sun.security.krb5.internal.ccache.*;
|
||||
import sun.security.krb5.internal.ktab.*;
|
||||
import sun.security.krb5.internal.crypto.EType;
|
||||
|
||||
import static sun.security.krb5.internal.Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* This class can execute as a command-line tool to list entries in
|
||||
* credential cache and key tab.
|
||||
@ -54,7 +56,6 @@ public class Klist {
|
||||
String name; // the name of credentials cache and keytable.
|
||||
char action; // actions would be 'c' for credentials cache
|
||||
// and 'k' for keytable.
|
||||
private static boolean DEBUG = Krb5.DEBUG;
|
||||
|
||||
/**
|
||||
* The main program that can be invoked at command line.
|
||||
@ -321,8 +322,8 @@ public class Klist {
|
||||
} catch (RealmException e) {
|
||||
System.out.println("Error reading principal from "+
|
||||
"the entry.");
|
||||
if (DEBUG) {
|
||||
e.printStackTrace();
|
||||
if (DEBUG != null) {
|
||||
e.printStackTrace(DEBUG.getPrintStream());
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -124,24 +124,24 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
|
||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Krb5");
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find Krb5\n");
|
||||
fprintf(stderr, "LSA: Couldn't find Krb5\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Z");
|
||||
fldDEBUG = (*env)->GetStaticFieldID(env, cls, "DEBUG", "Lsun/security/util/Debug;");
|
||||
if (fldDEBUG == NULL) {
|
||||
printf("LSA: Krb5 has no DEBUG field\n");
|
||||
fprintf(stderr, "LSA: Krb5 has no DEBUG field\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
native_debug = (*env)->GetStaticBooleanField(env, cls, fldDEBUG);
|
||||
native_debug = (*env)->GetStaticObjectField(env, cls, fldDEBUG) != NULL;
|
||||
|
||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find Ticket\n");
|
||||
fprintf(stderr, "LSA: Couldn't find Ticket\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found Ticket\n");
|
||||
fprintf(stderr, "LSA: Found Ticket\n");
|
||||
}
|
||||
|
||||
ticketClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||
@ -149,17 +149,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Made NewWeakGlobalRef\n");
|
||||
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||
}
|
||||
|
||||
cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find PrincipalName\n");
|
||||
fprintf(stderr, "LSA: Couldn't find PrincipalName\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found PrincipalName\n");
|
||||
fprintf(stderr, "LSA: Found PrincipalName\n");
|
||||
}
|
||||
|
||||
principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||
@ -167,17 +167,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Made NewWeakGlobalRef\n");
|
||||
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||
}
|
||||
|
||||
cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find EncryptionKey\n");
|
||||
fprintf(stderr, "LSA: Couldn't find EncryptionKey\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found EncryptionKey\n");
|
||||
fprintf(stderr, "LSA: Found EncryptionKey\n");
|
||||
}
|
||||
|
||||
encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||
@ -185,17 +185,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Made NewWeakGlobalRef\n");
|
||||
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||
}
|
||||
|
||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find TicketFlags\n");
|
||||
fprintf(stderr, "LSA: Couldn't find TicketFlags\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found TicketFlags\n");
|
||||
fprintf(stderr, "LSA: Found TicketFlags\n");
|
||||
}
|
||||
|
||||
ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||
@ -203,17 +203,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Made NewWeakGlobalRef\n");
|
||||
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||
}
|
||||
|
||||
cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find KerberosTime\n");
|
||||
fprintf(stderr, "LSA: Couldn't find KerberosTime\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found KerberosTime\n");
|
||||
fprintf(stderr, "LSA: Found KerberosTime\n");
|
||||
}
|
||||
|
||||
kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||
@ -221,17 +221,17 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Made NewWeakGlobalRef\n");
|
||||
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||
}
|
||||
|
||||
cls = (*env)->FindClass(env,"java/lang/String");
|
||||
|
||||
if (cls == NULL) {
|
||||
printf("LSA: Couldn't find String\n");
|
||||
fprintf(stderr, "LSA: Couldn't find String\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found String\n");
|
||||
fprintf(stderr, "LSA: Found String\n");
|
||||
}
|
||||
|
||||
javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
|
||||
@ -239,61 +239,61 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Made NewWeakGlobalRef\n");
|
||||
fprintf(stderr, "LSA: Made NewWeakGlobalRef\n");
|
||||
}
|
||||
|
||||
ticketConstructor = (*env)->GetMethodID(env, ticketClass,
|
||||
"<init>", "([B)V");
|
||||
if (ticketConstructor == 0) {
|
||||
printf("LSA: Couldn't find Ticket constructor\n");
|
||||
fprintf(stderr, "LSA: Couldn't find Ticket constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found Ticket constructor\n");
|
||||
fprintf(stderr, "LSA: Found Ticket constructor\n");
|
||||
}
|
||||
|
||||
principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
|
||||
"<init>", "([Ljava/lang/String;Ljava/lang/String;)V");
|
||||
if (principalNameConstructor == 0) {
|
||||
printf("LSA: Couldn't find PrincipalName constructor\n");
|
||||
fprintf(stderr, "LSA: Couldn't find PrincipalName constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found PrincipalName constructor\n");
|
||||
fprintf(stderr, "LSA: Found PrincipalName constructor\n");
|
||||
}
|
||||
|
||||
encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
|
||||
"<init>", "(I[B)V");
|
||||
if (encryptionKeyConstructor == 0) {
|
||||
printf("LSA: Couldn't find EncryptionKey constructor\n");
|
||||
fprintf(stderr, "LSA: Couldn't find EncryptionKey constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found EncryptionKey constructor\n");
|
||||
fprintf(stderr, "LSA: Found EncryptionKey constructor\n");
|
||||
}
|
||||
|
||||
ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
|
||||
"<init>", "(I[B)V");
|
||||
if (ticketFlagsConstructor == 0) {
|
||||
printf("LSA: Couldn't find TicketFlags constructor\n");
|
||||
fprintf(stderr, "LSA: Couldn't find TicketFlags constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found TicketFlags constructor\n");
|
||||
fprintf(stderr, "LSA: Found TicketFlags constructor\n");
|
||||
}
|
||||
|
||||
kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
|
||||
"<init>", "(Ljava/lang/String;)V");
|
||||
if (kerberosTimeConstructor == 0) {
|
||||
printf("LSA: Couldn't find KerberosTime constructor\n");
|
||||
fprintf(stderr, "LSA: Couldn't find KerberosTime constructor\n");
|
||||
return JNI_ERR;
|
||||
}
|
||||
if (native_debug) {
|
||||
printf("LSA: Found KerberosTime constructor\n");
|
||||
fprintf(stderr, "LSA: Found KerberosTime constructor\n");
|
||||
}
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Finished OnLoad processing\n");
|
||||
fprintf(stderr, "LSA: Finished OnLoad processing\n");
|
||||
}
|
||||
|
||||
return JNI_VERSION_1_2;
|
||||
@ -383,13 +383,13 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
"Lsun/security/krb5/internal/KerberosTime;"
|
||||
"Lsun/security/krb5/internal/HostAddresses;)V");
|
||||
if (krbcredsConstructor == 0) {
|
||||
printf("LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
|
||||
fprintf(stderr, "LSA: Couldn't find sun.security.krb5.Credentials constructor\n");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Found KrbCreds constructor\n");
|
||||
fprintf(stderr, "LSA: Found KrbCreds constructor\n");
|
||||
}
|
||||
|
||||
//
|
||||
@ -400,7 +400,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
break;
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Got handle to Kerberos package\n");
|
||||
fprintf(stderr, "LSA: Got handle to Kerberos package\n");
|
||||
}
|
||||
|
||||
// Get the MS TGT from cache
|
||||
@ -419,7 +419,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
);
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Response size is %d\n", rspSize);
|
||||
fprintf(stderr, "LSA: Response size is %d\n", rspSize);
|
||||
}
|
||||
|
||||
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
||||
@ -443,7 +443,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
|
||||
// check TGT validity
|
||||
if (native_debug) {
|
||||
printf("LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
|
||||
fprintf(stderr, "LSA: TICKET SessionKey KeyType is %d\n", msticket->SessionKey.KeyType);
|
||||
}
|
||||
|
||||
if ((msticket->TicketFlags & KERB_TICKET_FLAGS_invalid) == 0) {
|
||||
@ -455,7 +455,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
if (etypes[i] == msticket->SessionKey.KeyType) {
|
||||
found = 1;
|
||||
if (native_debug) {
|
||||
printf("LSA: Valid etype found: %d\n", etypes[i]);
|
||||
fprintf(stderr, "LSA: Valid etype found: %d\n", etypes[i]);
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -465,7 +465,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
|
||||
if (!found) {
|
||||
if (native_debug) {
|
||||
printf("LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
|
||||
fprintf(stderr, "LSA: MS TGT in cache is invalid/not supported; request new ticket\n");
|
||||
}
|
||||
|
||||
// use domain to request Ticket
|
||||
@ -492,7 +492,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
);
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Response size is %d for %d\n", responseSize, etypes[i]);
|
||||
fprintf(stderr, "LSA: Response size is %d for %d\n", responseSize, etypes[i]);
|
||||
}
|
||||
|
||||
if (!LSA_SUCCESS(Status) || !LSA_SUCCESS(SubStatus)) {
|
||||
@ -509,7 +509,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
|
||||
|
||||
if (msticket->SessionKey.KeyType != etypes[i]) {
|
||||
if (native_debug) {
|
||||
printf("LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
|
||||
fprintf(stderr, "LSA: Response etype is %d for %d. Retry.\n", msticket->SessionKey.KeyType, etypes[i]);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
@ -809,7 +809,7 @@ ShowLastError(
|
||||
DWORD dwRes;
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Error calling function %s: %lu\n", szAPI, dwError);
|
||||
fprintf(stderr, "LSA: Error calling function %s: %lu\n", szAPI, dwError);
|
||||
}
|
||||
|
||||
dwRes = FormatMessage (
|
||||
@ -822,11 +822,11 @@ ShowLastError(
|
||||
NULL);
|
||||
if (native_debug) {
|
||||
if (0 == dwRes) {
|
||||
printf("LSA: FormatMessage failed with %d\n", GetLastError());
|
||||
fprintf(stderr, "LSA: FormatMessage failed with %d\n", GetLastError());
|
||||
// #define EXIT_FAILURE -1 // mdu
|
||||
// ExitProcess(EXIT_FAILURE);
|
||||
} else {
|
||||
printf("LSA: %S",szMsgBuf);
|
||||
fprintf(stderr, "LSA: %S",szMsgBuf);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -917,9 +917,9 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
|
||||
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
|
||||
|
||||
if (native_debug) {
|
||||
printf("LSA: Principal domain is %S\n", realm);
|
||||
printf("LSA: Name type is %x\n", principalName->NameType);
|
||||
printf("LSA: Name count is %x\n", principalName->NameCount);
|
||||
fprintf(stderr, "LSA: Principal domain is %S\n", realm);
|
||||
fprintf(stderr, "LSA: Name type is %x\n", principalName->NameType);
|
||||
fprintf(stderr, "LSA: Name count is %x\n", principalName->NameCount);
|
||||
}
|
||||
|
||||
nameCount = principalName->NameCount;
|
||||
@ -927,7 +927,7 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
|
||||
javaLangStringClass, NULL);
|
||||
if (stringArray == NULL) {
|
||||
if (native_debug) {
|
||||
printf("LSA: Can't allocate String array for Principal\n");
|
||||
fprintf(stderr, "LSA: Can't allocate String array for Principal\n");
|
||||
}
|
||||
goto cleanup;
|
||||
}
|
||||
@ -982,7 +982,7 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
|
||||
}
|
||||
if (i == cryptoKey->Length) {
|
||||
if (native_debug) {
|
||||
printf("LSA: Session key all zero. Stop.\n");
|
||||
fprintf(stderr, "LSA: Session key all zero. Stop.\n");
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@ -1057,7 +1057,7 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
|
||||
minute,
|
||||
second );
|
||||
if (native_debug) {
|
||||
printf("LSA: %S\n", (wchar_t *)timeString);
|
||||
fprintf(stderr, "LSA: %S\n", (wchar_t *)timeString);
|
||||
}
|
||||
stringTime = (*env)->NewString(env, timeString,
|
||||
(sizeof(timeString)/sizeof(WCHAR))-1);
|
||||
|
@ -42,6 +42,7 @@ import javax.security.auth.spi.*;
|
||||
import sun.security.krb5.*;
|
||||
import sun.security.jgss.krb5.Krb5Util;
|
||||
import sun.security.krb5.Credentials;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.HexDumpEncoder;
|
||||
import static sun.security.util.ResourcesMgr.getAuthResourceString;
|
||||
|
||||
@ -377,7 +378,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
private Map<String, ?> options;
|
||||
|
||||
// configurable option
|
||||
private boolean debug = false;
|
||||
private Debug debug = null;
|
||||
|
||||
private boolean storeKey = false;
|
||||
private boolean doNotPrompt = false;
|
||||
private boolean useTicketCache = false;
|
||||
@ -458,7 +460,7 @@ public class Krb5LoginModule implements LoginModule {
|
||||
|
||||
// initialize any configured options
|
||||
|
||||
debug = "true".equalsIgnoreCase((String)options.get("debug"));
|
||||
debug = Debug.of("krb5loginmodule", (String)options.get("debug"));
|
||||
storeKey = "true".equalsIgnoreCase((String)options.get("storeKey"));
|
||||
doNotPrompt = "true".equalsIgnoreCase((String)options.get
|
||||
("doNotPrompt"));
|
||||
@ -495,8 +497,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
"true".equalsIgnoreCase((String)options.get("storePass"));
|
||||
clearPass =
|
||||
"true".equalsIgnoreCase((String)options.get("clearPass"));
|
||||
if (debug) {
|
||||
System.out.print("Debug is " + debug
|
||||
if (debug != null) {
|
||||
debug.println("Debug is " + (debug != null)
|
||||
+ " storeKey " + storeKey
|
||||
+ " useTicketCache " + useTicketCache
|
||||
+ " useKeyTab " + useKeyTab
|
||||
@ -529,8 +531,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
|
||||
if (refreshKrb5Config) {
|
||||
try {
|
||||
if (debug) {
|
||||
System.out.println("Refreshing Kerberos configuration");
|
||||
if (debug != null) {
|
||||
debug.println("Refreshing Kerberos configuration");
|
||||
}
|
||||
sun.security.krb5.Config.refresh();
|
||||
} catch (KrbException ke) {
|
||||
@ -558,8 +560,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
if (tryFirstPass) {
|
||||
try {
|
||||
attemptAuthentication(true);
|
||||
if (debug)
|
||||
System.out.println("\t\t[Krb5LoginModule] " +
|
||||
if (debug != null)
|
||||
debug.println("\t\t[Krb5LoginModule] " +
|
||||
"authentication succeeded");
|
||||
succeeded = true;
|
||||
cleanState();
|
||||
@ -567,8 +569,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
} catch (LoginException le) {
|
||||
// authentication failed -- try again below by prompting
|
||||
cleanState();
|
||||
if (debug) {
|
||||
System.out.println("\t\t[Krb5LoginModule] " +
|
||||
if (debug != null) {
|
||||
debug.println("\t\t[Krb5LoginModule] " +
|
||||
"tryFirstPass failed with:" +
|
||||
le.getMessage());
|
||||
}
|
||||
@ -581,8 +583,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
return true;
|
||||
} catch (LoginException e) {
|
||||
// authentication failed -- clean out state
|
||||
if (debug) {
|
||||
System.out.println("\t\t[Krb5LoginModule] " +
|
||||
if (debug != null) {
|
||||
debug.println("\t\t[Krb5LoginModule] " +
|
||||
"authentication failed \n" +
|
||||
e.getMessage());
|
||||
}
|
||||
@ -602,8 +604,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
return true;
|
||||
} catch (LoginException e) {
|
||||
// authentication failed -- clean out state
|
||||
if (debug) {
|
||||
System.out.println("\t\t[Krb5LoginModule] " +
|
||||
if (debug != null) {
|
||||
debug.println("\t\t[Krb5LoginModule] " +
|
||||
"authentication failed \n" +
|
||||
e.getMessage());
|
||||
}
|
||||
@ -641,8 +643,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
try {
|
||||
if (useTicketCache) {
|
||||
// ticketCacheName == null implies the default cache
|
||||
if (debug)
|
||||
System.out.println("Acquire TGT from Cache");
|
||||
if (debug != null)
|
||||
debug.println("Acquire TGT from Cache");
|
||||
cred = Credentials.acquireTGTFromCache
|
||||
(principal, ticketCacheName);
|
||||
|
||||
@ -658,8 +660,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
if (!isCurrent(cred)) {
|
||||
// credentials have expired
|
||||
cred = null;
|
||||
if (debug)
|
||||
System.out.println("Credentials are" +
|
||||
if (debug != null)
|
||||
debug.println("Credentials are" +
|
||||
" no longer valid");
|
||||
}
|
||||
}
|
||||
@ -672,10 +674,10 @@ public class Krb5LoginModule implements LoginModule {
|
||||
: cred.getClient();
|
||||
}
|
||||
}
|
||||
if (debug) {
|
||||
System.out.println("Principal is " + principal);
|
||||
if (debug != null) {
|
||||
debug.println("Principal is " + principal);
|
||||
if (cred == null) {
|
||||
System.out.println
|
||||
debug.println
|
||||
("null credentials from Ticket Cache");
|
||||
}
|
||||
}
|
||||
@ -729,8 +731,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
if (Krb5Util.keysFromJavaxKeyTab(ktab, principal).length
|
||||
== 0) {
|
||||
ktab = null;
|
||||
if (debug) {
|
||||
System.out.println
|
||||
if (debug != null) {
|
||||
debug.println
|
||||
("Key for the principal " +
|
||||
principal +
|
||||
" not available in " +
|
||||
@ -765,14 +767,14 @@ public class Krb5LoginModule implements LoginModule {
|
||||
}
|
||||
builder.destroy();
|
||||
|
||||
if (debug) {
|
||||
System.out.println("principal is " + principal);
|
||||
if (debug != null) {
|
||||
debug.println("principal is " + principal);
|
||||
HexDumpEncoder hd = new HexDumpEncoder();
|
||||
if (ktab != null) {
|
||||
System.out.println("Will use keytab");
|
||||
debug.println("Will use keytab");
|
||||
} else if (storeKey) {
|
||||
for (int i = 0; i < encKeys.length; i++) {
|
||||
System.out.println("EncryptionKey: keyType=" +
|
||||
debug.println("EncryptionKey: keyType=" +
|
||||
encKeys[i].getEType() +
|
||||
" keyBytes (hex dump)=" +
|
||||
hd.encodeBuffer(encKeys[i].getBytes()));
|
||||
@ -800,20 +802,14 @@ public class Krb5LoginModule implements LoginModule {
|
||||
if (getPasswdFromSharedState) {
|
||||
// use the name saved by the first module in the stack
|
||||
username = (String)sharedState.get(NAME);
|
||||
if (debug) {
|
||||
System.out.println
|
||||
("username from shared state is " + username + "\n");
|
||||
if (debug != null) {
|
||||
debug.println
|
||||
("username from shared state is " + username + "\n");
|
||||
}
|
||||
if (username == null) {
|
||||
System.out.println
|
||||
("username from shared state is null\n");
|
||||
throw new LoginException
|
||||
("Username can not be obtained from sharedstate ");
|
||||
}
|
||||
if (debug) {
|
||||
System.out.println
|
||||
("username from shared state is " + username + "\n");
|
||||
}
|
||||
if (username != null && username.length() > 0) {
|
||||
krb5PrincName.insert(0, username);
|
||||
return;
|
||||
@ -863,15 +859,15 @@ public class Krb5LoginModule implements LoginModule {
|
||||
// use the password saved by the first module in the stack
|
||||
password = (char[])sharedState.get(PWD);
|
||||
if (password == null) {
|
||||
if (debug) {
|
||||
System.out.println
|
||||
if (debug != null) {
|
||||
debug.println
|
||||
("Password from shared state is null");
|
||||
}
|
||||
throw new LoginException
|
||||
("Password can not be obtained from sharedstate ");
|
||||
}
|
||||
if (debug) {
|
||||
System.out.println
|
||||
if (debug != null) {
|
||||
debug.println
|
||||
("password is " + new String(password));
|
||||
}
|
||||
return;
|
||||
@ -911,11 +907,11 @@ public class Krb5LoginModule implements LoginModule {
|
||||
for (int i = 0; i < tmpPassword.length; i++)
|
||||
tmpPassword[i] = ' ';
|
||||
tmpPassword = null;
|
||||
if (debug) {
|
||||
System.out.println("\t\t[Krb5LoginModule] " +
|
||||
if (debug != null) {
|
||||
debug.println("\t\t[Krb5LoginModule] " +
|
||||
"user entered username: " +
|
||||
krb5PrincName);
|
||||
System.out.println();
|
||||
debug.println();
|
||||
}
|
||||
} catch (java.io.IOException ioe) {
|
||||
throw new LoginException(ioe.getMessage());
|
||||
@ -1008,12 +1004,12 @@ public class Krb5LoginModule implements LoginModule {
|
||||
throw new RefreshFailedException("This ticket is past "
|
||||
+ "its last renewal time.");
|
||||
lcreds = creds.renew();
|
||||
if (debug)
|
||||
System.out.println("Renewed Kerberos Ticket");
|
||||
if (debug != null)
|
||||
debug.println("Renewed Kerberos Ticket");
|
||||
} catch (Exception e) {
|
||||
lcreds = null;
|
||||
if (debug)
|
||||
System.out.println("Ticket could not be renewed : "
|
||||
if (debug != null)
|
||||
debug.println("Ticket could not be renewed : "
|
||||
+ e.getMessage());
|
||||
}
|
||||
return lcreds;
|
||||
@ -1131,10 +1127,10 @@ public class Krb5LoginModule implements LoginModule {
|
||||
}
|
||||
encKeys[i].destroy();
|
||||
encKeys[i] = null;
|
||||
if (debug) {
|
||||
System.out.println("Added server's key"
|
||||
if (debug != null) {
|
||||
debug.println("Added server's key"
|
||||
+ kerbKeys[i]);
|
||||
System.out.println("\t\t[Krb5LoginModule] " +
|
||||
debug.println("\t\t[Krb5LoginModule] " +
|
||||
"added Krb5Principal " +
|
||||
kerbClientPrinc.toString()
|
||||
+ " to Subject");
|
||||
@ -1144,8 +1140,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
}
|
||||
}
|
||||
commitSucceeded = true;
|
||||
if (debug)
|
||||
System.out.println("Commit Succeeded \n");
|
||||
if (debug != null)
|
||||
debug.println("Commit Succeeded \n");
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -1194,8 +1190,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
*/
|
||||
public boolean logout() throws LoginException {
|
||||
|
||||
if (debug) {
|
||||
System.out.println("\t\t[Krb5LoginModule]: " +
|
||||
if (debug != null) {
|
||||
debug.println("\t\t[Krb5LoginModule]: " +
|
||||
"Entering logout");
|
||||
}
|
||||
|
||||
@ -1222,8 +1218,8 @@ public class Krb5LoginModule implements LoginModule {
|
||||
|
||||
succeeded = false;
|
||||
commitSucceeded = false;
|
||||
if (debug) {
|
||||
System.out.println("\t\t[Krb5LoginModule]: " +
|
||||
if (debug != null) {
|
||||
debug.println("\t\t[Krb5LoginModule]: " +
|
||||
"logged out Subject");
|
||||
}
|
||||
return true;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -78,8 +78,8 @@ public class IPv6 {
|
||||
|
||||
ByteArrayOutputStream bo = new ByteArrayOutputStream();
|
||||
PrintStream po = new PrintStream(bo);
|
||||
PrintStream oldout = System.out;
|
||||
System.setOut(po);
|
||||
PrintStream oldErr = System.err;
|
||||
System.setErr(po);
|
||||
|
||||
try {
|
||||
Subject subject = new Subject();
|
||||
@ -101,7 +101,7 @@ public class IPv6 {
|
||||
|
||||
po.flush();
|
||||
|
||||
System.setOut(oldout);
|
||||
System.setErr(oldErr);
|
||||
BufferedReader br = new BufferedReader(new StringReader(
|
||||
new String(bo.toByteArray())));
|
||||
int cc = 0;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -152,7 +152,7 @@ public class Cleaners {
|
||||
Proc.binOut(b.getMic(MSG));
|
||||
}
|
||||
}
|
||||
System.out.println("Prepare for GC");
|
||||
System.err.println("Prepare for GC");
|
||||
for (int i = 0; i < 10; i++) {
|
||||
System.gc();
|
||||
Thread.sleep(100);
|
||||
@ -162,9 +162,9 @@ public class Cleaners {
|
||||
private static void ensureCleanersCalled(Proc p) throws Exception {
|
||||
p.output()
|
||||
.shouldHaveExitValue(0)
|
||||
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
|
||||
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
|
||||
.stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
|
||||
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
|
||||
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
|
||||
.stderrShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
|
||||
}
|
||||
|
||||
private static Proc proc(String type) throws Exception {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -257,16 +257,16 @@ public class KdcPolicy {
|
||||
static void test(String... expected) throws Exception {
|
||||
|
||||
System.out.println("------------------TEST----------------------");
|
||||
PrintStream oldOut = System.out;
|
||||
PrintStream oldErr = System.err;
|
||||
boolean failed = false;
|
||||
ByteArrayOutputStream bo = new ByteArrayOutputStream();
|
||||
System.setOut(new PrintStream(bo));
|
||||
System.setErr(new PrintStream(bo));
|
||||
try {
|
||||
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
|
||||
} catch (Exception e) {
|
||||
failed = true;
|
||||
} finally {
|
||||
System.setOut(oldOut);
|
||||
System.setErr(oldErr);
|
||||
}
|
||||
|
||||
String[] lines = new String(bo.toByteArray()).split("\n");
|
||||
|
64
test/jdk/sun/security/krb5/auto/LoginModuleDebug.java
Normal file
64
test/jdk/sun/security/krb5/auto/LoginModuleDebug.java
Normal file
@ -0,0 +1,64 @@
|
||||
/*
|
||||
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8327818
|
||||
* @summary reimplement debug option in Krb5LoginModule
|
||||
* @library /test/lib
|
||||
*/
|
||||
import com.sun.security.auth.module.Krb5LoginModule;
|
||||
import jdk.test.lib.process.ProcessTools;
|
||||
|
||||
import java.util.Map;
|
||||
import javax.security.auth.Subject;
|
||||
|
||||
public class LoginModuleDebug {
|
||||
public static void main(String[] args) throws Exception {
|
||||
if (args.length == 0) {
|
||||
// debug option set to true
|
||||
ProcessTools.executeTestJava("LoginModuleDebug",
|
||||
"debug", "true")
|
||||
.stdoutShouldBeEmpty()
|
||||
.stderrShouldContain("krb5loginmodule:");
|
||||
// debug option set to false
|
||||
ProcessTools.executeTestJava("LoginModuleDebug",
|
||||
"debug", "false")
|
||||
.stdoutShouldBeEmpty()
|
||||
.stderrShouldNotContain("krb5loginmodule:");
|
||||
// no debug option
|
||||
ProcessTools.executeTestJava("LoginModuleDebug",
|
||||
"foo", "bar")
|
||||
.stdoutShouldBeEmpty()
|
||||
.stderrShouldNotContain("krb5loginmodule:");
|
||||
} else {
|
||||
test(args[0], args[1]);
|
||||
}
|
||||
}
|
||||
|
||||
static void test(String key, String prop)
|
||||
throws Exception {
|
||||
new Krb5LoginModule().initialize(
|
||||
new Subject(), null, Map.of(), Map.of(key, prop));
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user