stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8210821: Support dns_canonicalize_hostname in krb5.conf

Browse Source 
Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2018-10-02 16:02:35 +08:00
parent 33c38f2ccb
commit 9452b88d93
3 changed files with 119 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -406,26 +406,37 @@ public class PrincipalName implements Cloneable {
case KRB_NT_SRV_HST: case KRB_NT_SRV_HST:
if (nameParts.length >= 2) { if (nameParts.length >= 2) {
String hostName = nameParts[1]; String hostName = nameParts[1];
Boolean option;
try { try {
// RFC4120 does not recommend canonicalizing a hostname. // If true, try canonicalizing and accept it if it starts
// However, for compatibility reason, we will try // with the short name. Otherwise, never. Default true.
// canonicalize it and see if the output looks better. option = Config.getInstance().getBooleanObject(
"libdefaults", "dns_canonicalize_hostname");
String canonicalized = (InetAddress.getByName(hostName)). } catch (KrbException e) {
getCanonicalHostName(); option = null;
// Looks if canonicalized is a longer format of hostName,
// we accept cases like
// bunny -> bunny.rabbit.hole
if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
hostName.toLowerCase(Locale.ENGLISH)+".")) {
hostName = canonicalized;
}
} catch (UnknownHostException | SecurityException e) {
// not canonicalized or no permission to do so, use old
} }
if (hostName.endsWith(".")) { if (option != Boolean.FALSE) {
hostName = hostName.substring(0, hostName.length() - 1); try {
// RFC4120 does not recommend canonicalizing a hostname.
// However, for compatibility reason, we will try
// canonicalizing it and see if the output looks better.
String canonicalized = (InetAddress.getByName(hostName)).
getCanonicalHostName();
// Looks if canonicalized is a longer format of hostName,
// we accept cases like
// bunny -> bunny.rabbit.hole
if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
hostName.toLowerCase(Locale.ENGLISH) + ".")) {
hostName = canonicalized;
}
} catch (UnknownHostException | SecurityException e) {
// not canonicalized or no permission to do so, use old
}
if (hostName.endsWith(".")) {
hostName = hostName.substring(0, hostName.length() - 1);
}
} }
nameParts[1] = hostName.toLowerCase(Locale.ENGLISH); nameParts[1] = hostName.toLowerCase(Locale.ENGLISH);
} }

81
test/jdk/sun/security/krb5/auto/DnsCanonicalizeHostname.java Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import jdk.test.lib.Asserts;
import sun.security.krb5.PrincipalName;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
/*
* @test
* @bug 8210821
* @summary Support dns_canonicalize_hostname in krb5.conf
* @library /test/lib
* @compile -XDignore.symbol.file DnsCanonicalizeHostname.java
* @run main jdk.test.lib.FileInstaller dns_canonicalize_hostname.hosts hosts
* @run main/othervm -Djdk.net.hosts.file=hosts DnsCanonicalizeHostname none
* @run main/othervm -Djdk.net.hosts.file=hosts DnsCanonicalizeHostname true
* @run main/othervm -Djdk.net.hosts.file=hosts DnsCanonicalizeHostname false
*/
public class DnsCanonicalizeHostname {
// In dns_canonicalize_hostname.hosts, all "dummy.example.com", "dummy",
// and "bogus" are resolved to 127.0.0.1. Since "dummy.example.com" is on
// the first line, it is returned at the reverse lookup.
public static void main(String[] args) throws Exception {
Files.write(Path.of("krb5.conf"), List.of(
"[libdefaults]",
"default_realm = R",
args[0].equals("none")
? "# empty line"
: "dns_canonicalize_hostname = " + args[0],
"",
"[realms]",
"R = {",
" kdc = 127.0.0.1",
"}"
));
System.setProperty("java.security.krb5.conf", "krb5.conf");
String n1 = new PrincipalName("host/dummy", PrincipalName.KRB_NT_SRV_HST)
.getNameStrings()[1];
String n2 = new PrincipalName("host/bogus", PrincipalName.KRB_NT_SRV_HST)
.getNameStrings()[1];
switch (args[0]) {
case "none":
case "true":
Asserts.assertEQ(n1, "dummy.example.com");
Asserts.assertEQ(n2, "bogus");
break;
case "false":
Asserts.assertEQ(n1, "dummy");
Asserts.assertEQ(n2, "bogus");
break;
}
}
}

8
test/jdk/sun/security/krb5/auto/dns_canonicalize_hostname.hosts Normal file
View File

@ -0,0 +1,8 @@
# The preferred name at reverse lookup
127.0.0.1 dummy.example.com
# The short name
127.0.0.1 dummy
# The strange name
127.0.0.1 bogus