changeset 950:33bc32405045

6789935: cross-realm capath search error Reviewed-by: xuelei
author weijun
date Mon, 23 Feb 2009 10:04:25 +0800
parents 9b1bc2e28518
children ec98d5f9b338
files src/share/classes/sun/security/krb5/Realm.java test/sun/security/krb5/ParseCAPaths.java test/sun/security/krb5/krb5-capaths.conf
diffstat 3 files changed, 212 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/Realm.java	Mon Feb 23 10:03:36 2009 +0800
+++ b/src/share/classes/sun/security/krb5/Realm.java	Mon Feb 23 10:04:25 2009 +0800
@@ -39,7 +39,6 @@
 import sun.security.krb5.internal.Krb5;
 import sun.security.util.*;
 import java.io.IOException;
-import java.io.OutputStream;
 import java.util.StringTokenizer;
 import java.util.Vector;
 import java.util.Stack;
@@ -364,7 +363,6 @@
         }
 
         String tempTarget = null, tempRealm = null;
-        StringTokenizer strTok = null;
         Stack<String> iStack = new Stack<String> ();
 
         /*
@@ -382,7 +380,7 @@
             tempTarget = sRealm;
         }
 
-        do {
+        out: do {
             if (DEBUG) {
                 count++;
                 System.out.println(">>> Realm parseCapaths: loop " +
@@ -400,15 +398,21 @@
 
                 /*
                  * We have one or more space-separated intermediary realms.
-                 * Stack them.
+                 * Stack them. A null is always added between intermedies of
+                 * different targets. When this null is popped, it means none
+                 * of the intermedies for this target is useful (because of
+                 * infinite loop), the target is then removed from the partial
+                 * tempList, and the next possible intermediary is tried.
                  */
-                strTok = new StringTokenizer(intermediaries, " ");
-                while (strTok.hasMoreTokens())
+                iStack.push(null);
+                String[] ints = intermediaries.split("\\s+");
+                for (int i = ints.length-1; i>=0; i--)
                 {
-                    tempRealm = strTok.nextToken();
-                    if (!tempRealm.equals(PrincipalName.
-                                          REALM_COMPONENT_SEPARATOR_STR) &&
-                        !iStack.contains(tempRealm)) {
+                    tempRealm = ints[i];
+                    if (tempRealm.equals(PrincipalName.REALM_COMPONENT_SEPARATOR_STR)) {
+                        break out;
+                    }
+                    if (!tempList.contains(tempRealm)) {
                         iStack.push(tempRealm);
                         if (DEBUG) {
                             System.out.println(">>> Realm parseCapaths: loop " +
@@ -418,16 +422,18 @@
                         }
                     } else if (DEBUG) {
                         System.out.println(">>> Realm parseCapaths: loop " +
-
                                            count +
                                            ": ignoring realm: [" +
                                            tempRealm + "]");
                     }
                 }
-            } else if (DEBUG) {
-                System.out.println(">>> Realm parseCapaths: loop " +
-                                   count +
-                                   ": no intermediaries");
+            } else {
+                if (DEBUG) {
+                    System.out.println(">>> Realm parseCapaths: loop " +
+                                       count +
+                                       ": no intermediaries");
+                }
+                break;
             }
 
             /*
@@ -435,7 +441,12 @@
              */
 
             try {
-                tempTarget = iStack.pop();
+                while ((tempTarget = iStack.pop()) == null) {
+                    tempList.removeElementAt(tempList.size()-1);
+                    if (DEBUG) {
+                        System.out.println(">>> Realm parseCapaths: backtrack, remove tail");
+                    }
+                }
             } catch (EmptyStackException exc) {
                 tempTarget = null;
             }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/krb5/ParseCAPaths.java	Mon Feb 23 10:04:25 2009 +0800
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6789935
+ * @summary cross-realm capath search error
+ */
+
+import java.util.Arrays;
+import sun.security.krb5.Realm;
+
+public class ParseCAPaths {
+    static boolean failed = false;
+    public static void main(String[] args) throws Exception {
+        System.setProperty("java.security.krb5.conf", System.getProperty("test.src", ".") +"/krb5-capaths.conf");
+        //System.setProperty("sun.security.krb5.debug", "true");
+
+        // Standard example
+        check("ANL.GOV", "TEST.ANL.GOV", "ANL.GOV");
+        check("ANL.GOV", "ES.NET", "ANL.GOV");
+        check("ANL.GOV", "PNL.GOV", "ANL.GOV", "ES.NET");
+        check("ANL.GOV", "NERSC.GOV", "ANL.GOV", "ES.NET");
+        // Hierachical
+        check("N1.N.COM", "N2.N.COM", "N1.N.COM", "N.COM");     // 2 common
+        check("N1.N.COM", "N2.N3.COM", "N1.N.COM", "N.COM",     // 1 common
+                "COM", "N3.COM");
+        check("N1.COM", "N2.COM", "N1.COM", "COM");             // 1 common
+        check("N1", "N2", "N1");                                // 0 common
+        // Extra garbages
+        check("A1.COM", "A4.COM", "A1.COM", "A2.COM");
+        check("B1.COM", "B3.COM", "B1.COM", "B2.COM");
+        // Missing is "."
+        check("C1.COM", "C3.COM", "C1.COM", "C2.COM");
+        // Multiple path
+        check("D1.COM", "D4.COM", "D1.COM", "D2.COM");
+        check("E1.COM", "E4.COM", "E1.COM", "E2.COM");
+        check("F1.COM", "F4.COM", "F1.COM", "F9.COM");
+        // Infinite loop
+        check("G1.COM", "G3.COM", "G1.COM", "COM");
+        check("H1.COM", "H3.COM", "H1.COM");
+        check("I1.COM", "I4.COM", "I1.COM", "I5.COM");
+
+        if (failed) {
+            throw new Exception("Failed somewhere.");
+        }
+    }
+
+    static void check(String from, String to, String... paths) {
+        try {
+            check2(from, to, paths);
+        } catch (Exception e) {
+            failed = true;
+            e.printStackTrace();
+        }
+    }
+    static void check2(String from, String to, String... paths)
+            throws Exception {
+        System.out.println(from + " -> " + to);
+        System.out.println("    expected: " + Arrays.toString(paths));
+        String[] result = Realm.getRealmsList(from, to);
+        System.out.println("    result:   " + Arrays.toString(result));
+        if (result == null) {
+            if (paths.length == 0) {
+                // OK
+            } else {
+                throw new Exception("Shouldn't have a valid path.");
+            }
+        } else if(result.length != paths.length) {
+            throw new Exception("Length of path not correct");
+        } else {
+            for (int i=0; i<result.length; i++) {
+                if (!result[i].equals(paths[i])) {
+                    throw new Exception("Path not same");
+                }
+            }
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/krb5/krb5-capaths.conf	Mon Feb 23 10:04:25 2009 +0800
@@ -0,0 +1,87 @@
+[capaths]
+
+# Standard
+
+ANL.GOV = {
+    TEST.ANL.GOV = .
+    PNL.GOV = ES.NET
+    NERSC.GOV = ES.NET
+    ES.NET = .
+}
+TEST.ANL.GOV = {
+    ANL.GOV = .
+}
+PNL.GOV = {
+    ANL.GOV = ES.NET
+}
+NERSC.GOV = {
+    ANL.GOV = ES.NET
+}
+ES.NET = {
+    ANL.GOV = .
+}
+
+# Extra garbages
+
+A1.COM = {
+    A2.COM = .
+    A4.COM = A2.COM
+    A3.COM = A4.COM
+    A3.COM = A2.COM
+}
+
+B1.COM = {
+    B2.COM = .
+    B3.COM = B2.COM
+    B3.COM = B4.COM
+}
+
+# Missing is "."
+
+C1.COM = {
+    C3.COM = C2.COM
+}
+
+# Multiple paths
+
+D1.COM = {
+    D2.COM = .
+    D3.COM = .
+    D4.COM = D2.COM
+    D4.COM = D3.COM
+}
+
+E1.COM = {
+    E2.COM = .
+    E3.COM = .
+    E4.COM = E2.COM   E3.COM   E2.COM
+}
+
+# Shortest or First?
+
+F1.COM = {
+    F2.COM = .
+    F3.COM = F2.COM
+    F4.COM = F9.COM
+    F4.COM = F3.COM
+    F4.COM = F2.COM
+}
+
+# Infinite loop
+
+G1.COM = {
+    G2.COM = G3.COM
+    G3.COM = G2.COM
+}
+
+H1.COM = {
+    H2.COM = H3.COM
+    H3.COM = H2.COM
+    H3.COM = .
+}
+
+I1.COM = {
+    I2.COM = I3.COM
+    I3.COM = I2.COM
+    I4.COM = I2.COM I5.COM
+}