stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

7201053: Krb5LoginModule shows NPE when both useTicketCache and storeKey are set to true

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2012-10-08 10:42:43 +08:00
parent 18688c3a56
commit a5312cbadb
2 changed files with 81 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
View File

@ -1064,12 +1064,17 @@ public class Krb5LoginModule implements LoginModule {
if (storeKey) {
if (encKeys == null) {
if (!privCredSet.contains(ktab)) {
privCredSet.add(ktab);
// Compatibility; also add keys to privCredSet
for (KerberosKey key: ktab.getKeys(kerbClientPrinc)) {
privCredSet.add(new Krb5Util.KeysFromKeyTab(key));
if (ktab != null) {
if (!privCredSet.contains(ktab)) {
privCredSet.add(ktab);
// Compatibility; also add keys to privCredSet
for (KerberosKey key: ktab.getKeys(kerbClientPrinc)) {
privCredSet.add(new Krb5Util.KeysFromKeyTab(key));
}
}
} else {
succeeded = false;
throw new LoginException("No key to store");
}
} else {
for (int i = 0; i < kerbKeys.length; i ++) {

71
jdk/test/sun/security/krb5/auto/UseCacheAndStoreKey.java Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7201053
* @summary Krb5LoginModule shows NPE when both useTicketCache and storeKey
* are set to true
* @compile -XDignore.symbol.file UseCacheAndStoreKey.java
* @run main/othervm UseCacheAndStoreKey
*/
import java.io.FileOutputStream;
import javax.security.auth.login.LoginException;
// The basic krb5 test skeleton you can copy from
public class UseCacheAndStoreKey {
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
// KDC would save ccache for client
System.setProperty("test.kdc.save.ccache", "cache.here");
try (FileOutputStream fos = new FileOutputStream(OneKDC.JAAS_CONF)) {
fos.write((
"me {\n" +
" com.sun.security.auth.module.Krb5LoginModule required\n" +
" principal=\"" + OneKDC.USER + "\"\n" +
" useTicketCache=true\n" +
" ticketCache=cache.here\n" +
" isInitiator=true\n" +
" storeKey=true;\n};\n"
).getBytes());
}
// The first login will use default callback and succeed
Context.fromJAAS("me");
// The second login uses ccache and won't be able to store the keys
try {
Context.fromJAAS("me");
throw new Exception("Should fail");
} catch (LoginException le) {
if (le.getMessage().indexOf("NullPointerException") >= 0
|| le.getCause() instanceof NullPointerException) {
throw new Exception("NPE");
}
}
}
}