changeset 5261:d50a753bf368

7152121: Krb5LoginModule no longer handles keyTabNames with "file:" prefix Reviewed-by: mullan
author weijun
date Mon, 27 Aug 2012 10:23:43 +0800
parents 3898abcc7c28
children 589c21e1aa30
files src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java test/sun/security/krb5/auto/FileKeyTab.java
diffstat 3 files changed, 66 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Fri Aug 24 16:40:10 2012 +0400
+++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Mon Aug 27 10:23:43 2012 +0800
@@ -454,6 +454,10 @@
         useKeyTab = "true".equalsIgnoreCase((String)options.get("useKeyTab"));
         ticketCacheName = (String)options.get("ticketCache");
         keyTabName = (String)options.get("keyTab");
+        if (keyTabName != null) {
+            keyTabName = sun.security.krb5.internal.ktab.KeyTab.normalize(
+                         keyTabName);
+        }
         princName = (String)options.get("principal");
         refreshKrb5Config =
             "true".equalsIgnoreCase((String)options.get("refreshKrb5Config"));
--- a/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java	Fri Aug 24 16:40:10 2012 +0400
+++ b/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java	Mon Aug 27 10:23:43 2012 +0800
@@ -141,7 +141,7 @@
         if (s == null) {
             return getInstance();
         } else {
-            return getInstance0(parse(s));
+            return getInstance0(normalize(s));
         }
     }
 
@@ -191,7 +191,7 @@
                 if (keytab_names != null) {
                     StringTokenizer st = new StringTokenizer(keytab_names, " ");
                     while (st.hasMoreTokens()) {
-                        kname = parse(st.nextToken());
+                        kname = normalize(st.nextToken());
                         if (new File(kname).exists()) {
                             break;
                         }
@@ -220,11 +220,13 @@
     }
 
     /**
-     * Parses some common keytab name formats
+     * Normalizes some common keytab name formats into the bare file name.
+     * For example, FILE:/etc/krb5.keytab to /etc/krb5.keytab
      * @param name never null
      * @return never null
      */
-    private static String parse(String name) {
+    // This method is used in this class and Krb5LoginModule
+    public static String normalize(String name) {
         String kname;
         if ((name.length() >= 5) &&
             (name.substring(0, 5).equalsIgnoreCase("FILE:"))) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/krb5/auto/FileKeyTab.java	Mon Aug 27 10:23:43 2012 +0800
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7152121
+ * @summary Krb5LoginModule no longer handles keyTabNames with "file:" prefix
+ * @compile -XDignore.symbol.file FileKeyTab.java
+ * @run main/othervm FileKeyTab
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import sun.security.jgss.GSSUtil;
+
+// The basic krb5 test skeleton you can copy from
+public class FileKeyTab {
+
+    public static void main(String[] args) throws Exception {
+
+        new OneKDC(null).writeJAASConf();
+        String ktab = new File(OneKDC.KTAB).getAbsolutePath();
+        File f = new File(OneKDC.JAAS_CONF);
+        try (FileOutputStream fos = new FileOutputStream(f)) {
+            fos.write((
+                "server {\n" +
+                "    com.sun.security.auth.module.Krb5LoginModule required\n" +
+                "    principal=\"" + OneKDC.SERVER + "\"\n" +
+                "    useKeyTab=true\n" +
+                "    keyTab=\"file:" + ktab + "\"\n" +
+                "    storeKey=true;\n};\n"
+                ).getBytes());
+        }
+        Context.fromJAAS("server");
+    }
+}