changeset 5269:9c586a733dc1

7184815: [macosx] Need to read Kerberos config in files Reviewed-by: valeriep
author weijun
date Wed, 29 Aug 2012 11:03:02 +0800
parents 8a738039cd7e
children aa5a30249beb
files src/share/classes/sun/security/krb5/Config.java
diffstat 1 files changed, 150 insertions(+), 100 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/Config.java	Wed Aug 29 11:52:44 2012 +0400
+++ b/src/share/classes/sun/security/krb5/Config.java	Wed Aug 29 11:03:02 2012 +0800
@@ -116,7 +116,12 @@
 
     private static boolean isMacosLionOrBetter() {
         // split the "10.x.y" version number
-        String osVersion = System.getProperty("os.version");
+        String osname = getProperty("os.name");
+        if (!osname.contains("OS X")) {
+            return false;
+        }
+
+        String osVersion = getProperty("os.version");
         String[] fragments = osVersion.split("\\.");
 
         // sanity check the "10." part of the version
@@ -141,20 +146,14 @@
         /*
          * If either one system property is specified, we throw exception.
          */
-        String tmp =
-            java.security.AccessController.doPrivileged(
-                new sun.security.action.GetPropertyAction
-                    ("java.security.krb5.kdc"));
+        String tmp = getProperty("java.security.krb5.kdc");
         if (tmp != null) {
             // The user can specify a list of kdc hosts separated by ":"
             defaultKDC = tmp.replace(':', ' ');
         } else {
             defaultKDC = null;
         }
-        defaultRealm =
-            java.security.AccessController.doPrivileged(
-                new sun.security.action.GetPropertyAction
-                    ("java.security.krb5.realm"));
+        defaultRealm = getProperty("java.security.krb5.realm");
         if ((defaultKDC == null && defaultRealm != null) ||
             (defaultRealm == null && defaultKDC != null)) {
             throw new KrbException
@@ -166,11 +165,34 @@
         // Always read the Kerberos configuration file
         try {
             Vector<String> configFile;
-            configFile = loadConfigFile();
-            if (configFile == null && isMacosLionOrBetter()) {
-                stanzaTable = SCDynamicStoreConfig.getConfig();
+            String fileName = getJavaFileName();
+            if (fileName != null) {
+                configFile = loadConfigFile(fileName);
+                stanzaTable = parseStanzaTable(configFile);
+                if (DEBUG) {
+                    System.out.println("Loaded from Java config");
+                }
             } else {
-                stanzaTable = parseStanzaTable(configFile);
+                boolean found = false;
+                if (isMacosLionOrBetter()) {
+                    try {
+                        stanzaTable = SCDynamicStoreConfig.getConfig();
+                        if (DEBUG) {
+                            System.out.println("Loaded from SCDynamicStoreConfig");
+                        }
+                        found = true;
+                    } catch (IOException ioe) {
+                        // OK. Will go on with file
+                    }
+                }
+                if (!found) {
+                    fileName = getNativeFileName();
+                    configFile = loadConfigFile(fileName);
+                    stanzaTable = parseStanzaTable(configFile);
+                    if (DEBUG) {
+                        System.out.println("Loaded from native config");
+                    }
+                }
             }
         } catch (IOException ioe) {
             // No krb5.conf, no problem. We'll use DNS or system property etc.
@@ -538,10 +560,13 @@
      * [domain_realm]
      *          blue.sample.com = TEST.SAMPLE.COM
      *          .backup.com     = EXAMPLE.COM
+     *
+     * @params fileName the conf file, cannot be null
+     * @return the content, null if fileName is empty
+     * @throws IOException if there is an I/O or format error
      */
-    private Vector<String> loadConfigFile() throws IOException {
+    private Vector<String> loadConfigFile(final String fileName) throws IOException {
         try {
-            final String fileName = getFileName();
             if (!fileName.equals("")) {
                 BufferedReader br = new BufferedReader(new InputStreamReader(
                 java.security.AccessController.doPrivileged(
@@ -660,97 +685,106 @@
     }
 
     /**
-     * Gets the default configuration file name. This method will never
-     * return null.
+     * Gets the default Java configuration file name.
      *
      * If the system property "java.security.krb5.conf" is defined, we'll
-     * use its value, no matter if the file exists or not. Otherwise,
-     * the file will be searched in a list of possible loations in the
-     * following order:
+     * use its value, no matter if the file exists or not. Otherwise, we
+     * will look at $JAVA_HOME/lib/security directory with "krb5.conf" name,
+     * and return it if the file exists.
      *
-     * 1. at Java home lib\security directory with "krb5.conf" name,
-     * 2. at windows directory with the name of "krb5.ini" for Windows,
-     * /etc/krb5/krb5.conf for Solaris, /etc/krb5.conf otherwise.
+     * The method returns null if it cannot find a Java config file.
+     */
+    private String getJavaFileName() {
+        String name = getProperty("java.security.krb5.conf");
+        if (name == null) {
+            name = getProperty("java.home") + File.separator +
+                                "lib" + File.separator + "security" +
+                                File.separator + "krb5.conf";
+            if (!fileExists(name)) {
+                name = null;
+            }
+        }
+        if (DEBUG) {
+            System.out.println("Java config name: " + name);
+        }
+        return name;
+    }
+
+    /**
+     * Gets the default native configuration file name.
+     *
+     * Depending on the OS type, the method returns the default native
+     * kerberos config file name, which is at windows directory with
+     * the name of "krb5.ini" for Windows, /etc/krb5/krb5.conf for Solaris,
+     * /etc/krb5.conf otherwise. Mac OSX X has a different file name.
      *
      * Note: When the Terminal Service is started in Windows (from 2003),
      * there are two kinds of Windows directories: A system one (say,
      * C:\Windows), and a user-private one (say, C:\Users\Me\Windows).
      * We will first look for krb5.ini in the user-private one. If not
      * found, try the system one instead.
+     *
+     * This method will always return a non-null non-empty file name,
+     * even if that file does not exist.
      */
-    private String getFileName() {
-        String name =
-            java.security.AccessController.doPrivileged(
-                                new sun.security.action.
-                                GetPropertyAction("java.security.krb5.conf"));
-        if (name == null) {
-            name = java.security.AccessController.doPrivileged(
-                        new sun.security.action.
-                        GetPropertyAction("java.home")) + File.separator +
-                                "lib" + File.separator + "security" +
-                                File.separator + "krb5.conf";
-            if (!fileExists(name)) {
-                name = null;
-                String osname =
-                        java.security.AccessController.doPrivileged(
-                        new sun.security.action.GetPropertyAction("os.name"));
-                if (osname.startsWith("Windows")) {
-                    try {
-                        Credentials.ensureLoaded();
-                    } catch (Exception e) {
-                        // ignore exceptions
+    private String getNativeFileName() {
+        String name = null;
+        String osname = getProperty("os.name");
+        if (osname.startsWith("Windows")) {
+            try {
+                Credentials.ensureLoaded();
+            } catch (Exception e) {
+                // ignore exceptions
+            }
+            if (Credentials.alreadyLoaded) {
+                String path = getWindowsDirectory(false);
+                if (path != null) {
+                    if (path.endsWith("\\")) {
+                        path = path + "krb5.ini";
+                    } else {
+                        path = path + "\\krb5.ini";
                     }
-                    if (Credentials.alreadyLoaded) {
-                        String path = getWindowsDirectory(false);
-                        if (path != null) {
-                            if (path.endsWith("\\")) {
-                                path = path + "krb5.ini";
-                            } else {
-                                path = path + "\\krb5.ini";
-                            }
-                            if (fileExists(path)) {
-                                name = path;
-                            }
+                    if (fileExists(path)) {
+                        name = path;
+                    }
+                }
+                if (name == null) {
+                    path = getWindowsDirectory(true);
+                    if (path != null) {
+                        if (path.endsWith("\\")) {
+                            path = path + "krb5.ini";
+                        } else {
+                            path = path + "\\krb5.ini";
                         }
-                        if (name == null) {
-                            path = getWindowsDirectory(true);
-                            if (path != null) {
-                                if (path.endsWith("\\")) {
-                                    path = path + "krb5.ini";
-                                } else {
-                                    path = path + "\\krb5.ini";
-                                }
-                                name = path;
-                            }
-                        }
+                        name = path;
                     }
-                    if (name == null) {
-                        name = "c:\\winnt\\krb5.ini";
-                    }
-                } else if (osname.startsWith("SunOS")) {
-                    name =  "/etc/krb5/krb5.conf";
-                } else if (osname.contains("OS X")) {
-                    if (isMacosLionOrBetter()) return "";
-                    name = findMacosConfigFile();
-                } else {
-                    name =  "/etc/krb5.conf";
                 }
             }
+            if (name == null) {
+                name = "c:\\winnt\\krb5.ini";
+            }
+        } else if (osname.startsWith("SunOS")) {
+            name =  "/etc/krb5/krb5.conf";
+        } else if (osname.contains("OS X")) {
+            name = findMacosConfigFile();
+        } else {
+            name =  "/etc/krb5.conf";
         }
         if (DEBUG) {
-            System.out.println("Config name: " + name);
+            System.out.println("Native config name: " + name);
         }
         return name;
     }
 
-    private String getProperty(String property) {
-        return (String)java.security.AccessController.doPrivileged(new sun.security.action.GetPropertyAction(property));
+    private static String getProperty(String property) {
+        return java.security.AccessController.doPrivileged(
+                new sun.security.action.GetPropertyAction(property));
     }
 
     private String findMacosConfigFile() {
         String userHome = getProperty("user.home");
         final String PREF_FILE = "/Library/Preferences/edu.mit.Kerberos";
-        String userPrefs=userHome + PREF_FILE;
+        String userPrefs = userHome + PREF_FILE;
 
         if (fileExists(userPrefs)) {
             return userPrefs;
@@ -760,11 +794,7 @@
             return PREF_FILE;
         }
 
-        if (fileExists("/etc/krb5.conf")) {
-            return "/etc/krb5.conf";
-        }
-
-        return "";
+        return "/etc/krb5.conf";
     }
 
     private static String trimmed(String s) {
@@ -1334,32 +1364,52 @@
         }
     }
 
+    // Shows the content of the Config object for debug purpose.
+    //
+    // {
+    //      libdefaults = {
+    //          default_realm = R
+    //      }
+    //      realms = {
+    //          R = {
+    //              kdc = [k1,k2]
+    //          }
+    //      }
+    // }
+
     @Override
     public String toString() {
         StringBuffer sb = new StringBuffer();
-        toStringIndented("", stanzaTable, sb);
+        toStringInternal("", stanzaTable, sb);
         return sb.toString();
     }
-    private static void toStringIndented(String prefix, Object obj,
+    private static void toStringInternal(String prefix, Object obj,
             StringBuffer sb) {
         if (obj instanceof String) {
-            sb.append(prefix);
-            sb.append(obj);
-            sb.append('\n');
+            // A string value, just print it
+            sb.append(obj).append('\n');
         } else if (obj instanceof Hashtable) {
-            Hashtable tab = (Hashtable)obj;
+            // A table, start a new sub-section...
+            Hashtable<?, ?> tab = (Hashtable<?, ?>)obj;
+            sb.append("{\n");
             for (Object o: tab.keySet()) {
-                sb.append(prefix);
+                // ...indent, print "key = ", and
+                sb.append(prefix).append("    ").append(o).append(" = ");
+                // ...go recursively into value
+                toStringInternal(prefix + "    ", tab.get(o), sb);
+            }
+            sb.append(prefix).append("}\n");
+        } else if (obj instanceof Vector) {
+            // A vector of strings, print them inside [ and ]
+            Vector<?> v = (Vector<?>)obj;
+            sb.append("[");
+            boolean first = true;
+            for (Object o: v.toArray()) {
+                if (!first) sb.append(",");
                 sb.append(o);
-                sb.append(" = {\n");
-                toStringIndented(prefix + "    ", tab.get(o), sb);
-                sb.append(prefix + "}\n");
+                first = false;
             }
-        } else if (obj instanceof Vector) {
-            Vector v = (Vector)obj;
-            for (Object o: v.toArray()) {
-                toStringIndented(prefix + "    ", o, sb);
-            }
+            sb.append("]\n");
         }
     }
 }