changeset 10776:4e2fc4ce3a1a

8077102: dns_lookup_realm should be false by default Reviewed-by: weijun
author igerasim
date Thu, 21 May 2015 14:06:29 +0300
parents 18b73cac68ec
children 0ac5a4aa69e6
files src/share/classes/sun/security/krb5/Config.java test/sun/security/krb5/ConfPlusProp.java test/sun/security/krb5/DnsFallback.java test/sun/security/krb5/config/DNS.java test/sun/security/krb5/confplusprop.conf test/sun/security/krb5/confplusprop2.conf
diffstat 6 files changed, 95 insertions(+), 61 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/krb5/Config.java	Wed May 20 15:31:37 2015 -0700
+++ b/src/share/classes/sun/security/krb5/Config.java	Thu May 21 14:06:29 2015 +0300
@@ -232,6 +232,31 @@
     }
 
     /**
+     * Gets the boolean value for the specified keys. Returns TRUE if the
+     * string value is "yes", or "true", FALSE if "no", or "false", or null
+     * if otherwise or not defined. The comparision is case-insensitive.
+     *
+     * @param keys the keys, see {@link #get(String...)}
+     * @return the boolean value, or null if there is no value defined or the
+     * value does not look like a boolean value.
+     * @throws IllegalArgumentException see {@link #get(String...)}
+     */
+    private Boolean getBooleanObject(String... keys) {
+        String s = get(keys);
+        if (s == null) {
+            return null;
+        }
+        switch (s.toLowerCase(Locale.US)) {
+            case "yes": case "true":
+                return Boolean.TRUE;
+            case "no": case "false":
+                return Boolean.FALSE;
+            default:
+                return null;
+        }
+    }
+
+    /**
      * Gets all values for the specified keys.
      * @throws IllegalArgumentException if any of the keys is illegal
      *         (See {@link #get})
@@ -942,32 +967,30 @@
     /**
      * Check if need to use DNS to locate Kerberos services
      */
-    private boolean useDNS(String name) {
-        String value = get("libdefaults", name);
-        if (value == null) {
-            value = get("libdefaults", "dns_fallback");
-            if ("false".equalsIgnoreCase(value)) {
-                return false;
-            } else {
-                return true;
-            }
-        } else {
-            return value.equalsIgnoreCase("true");
+    private boolean useDNS(String name, boolean defaultValue) {
+        Boolean value = getBooleanObject("libdefaults", name);
+        if (value != null) {
+            return value.booleanValue();
         }
+        value = getBooleanObject("libdefaults", "dns_fallback");
+        if (value != null) {
+            return value.booleanValue();
+        }
+        return defaultValue;
     }
 
     /**
      * Check if need to use DNS to locate the KDC
      */
     private boolean useDNS_KDC() {
-        return useDNS("dns_lookup_kdc");
+        return useDNS("dns_lookup_kdc", true);
     }
 
     /*
      * Check if need to use DNS to locate the Realm
      */
     private boolean useDNS_Realm() {
-        return useDNS("dns_lookup_realm");
+        return useDNS("dns_lookup_realm", false);
     }
 
     /**
--- a/test/sun/security/krb5/ConfPlusProp.java	Wed May 20 15:31:37 2015 -0700
+++ b/test/sun/security/krb5/ConfPlusProp.java	Thu May 21 14:06:29 2015 +0300
@@ -35,6 +35,12 @@
 public class ConfPlusProp {
     Config config;
     public static void main(String[] args) throws Exception {
+        if (System.getenv("USERDNSDOMAIN") != null ||
+                System.getenv("LOGONSERVER") != null) {
+            System.out.println(
+                    "Looks like a Windows machine in a domain. Skip test.");
+            return;
+        }
         new ConfPlusProp().run();
     }
 
@@ -90,23 +96,8 @@
         check("R2", "old");
         check("R3", null);
 
-        int version = System.getProperty("java.version").charAt(2) - '0';
-        System.out.println("JDK version is " + version);
-
-        // Zero-config is supported since 1.7
-        if (version >= 7) {
-            // Point to a non-existing file
-            System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-            refresh();
-
-            // Default realm might come from DNS
-            //checkDefaultRealm(null);
-            check("R1", null);
-            check("R2", null);
-            check("R3", null);
-            if (config.get("libdefaults", "forwardable") != null) {
-                throw new Exception("Extra config error");
-            }
+        if (config.get("libdefaults", "forwardable") != null) {
+            throw new Exception("Extra config error");
         }
 
         // Add prop
@@ -136,14 +127,6 @@
         check("R2", "k2");
         check("R3", "k2");
 
-        // Point to a non-existing file
-        System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-        refresh();
-
-        checkDefaultRealm("R2");
-        check("R1", "k2");
-        check("R2", "k2");
-        check("R3", "k2");
         if (config.get("libdefaults", "forwardable") != null) {
             throw new Exception("Extra config error");
         }
--- a/test/sun/security/krb5/DnsFallback.java	Wed May 20 15:31:37 2015 -0700
+++ b/test/sun/security/krb5/DnsFallback.java	Thu May 21 14:06:29 2015 +0300
@@ -22,8 +22,7 @@
  */
 /*
  * @test
- * @bug 6673164
- * @bug 6552334
+ * @bug 6673164 6552334 8077102
  * @run main/othervm DnsFallback
  * @summary fix dns_fallback parse error, and use dns by default
  */
@@ -35,47 +34,66 @@
 public class DnsFallback {
 
     static Method useDNS_Realm;
+    static Method useDNS_KDC;
 
     public static void main(String[] args) throws Exception {
 
         useDNS_Realm = Config.class.getDeclaredMethod("useDNS_Realm");
         useDNS_Realm.setAccessible(true);
+        useDNS_KDC = Config.class.getDeclaredMethod("useDNS_KDC");
+        useDNS_KDC.setAccessible(true);
 
 
         // for 6673164
-        check("true", "true", true);
-        check("false", "true", false);
-        check("true", "false", true);
-        check("false", "false", false);
-        check("true", null, true);
-        check("false", null, false);
-        check(null, "true", true);
-        check(null, "false", false);
+        check("true", "true", true, true);
+        check("false", "true", false, false);
+        check("true", "false", true, true);
+        check("false", "false", false, false);
+        check("true", null, true, true);
+        check("false", null, false, false);
+        check(null, "true", true, true);
+        check(null, "false", false, false);
 
-        // for 6552334
-        check(null, null, true);
+        // for 6552334, no longer true
+        //check(null, null, true, true);
+
+        // 8077102
+        check(null, null, false, true);
     }
 
-    static void check(String realm, String fallback, boolean output)
+    /**
+     * Sets and checks.
+     *
+     * @param u dns_lookup_XXX value set, none if null
+     * @param f dns_fallback value set, none if null
+     * @param r expected useDNS_Realm
+     * @param k expected useDNS_KDC
+     */
+    static void check(String u, String f, boolean r, boolean k)
             throws Exception {
 
         try (PrintStream ps =
                 new PrintStream(new FileOutputStream("dnsfallback.conf"))) {
             ps.println("[libdefaults]\n");
-            if (realm != null) {
-                ps.println("dns_lookup_realm=" + realm);
+            if (u != null) {
+                ps.println("dns_lookup_realm=" + u);
+                ps.println("dns_lookup_kdc=" + u);
             }
-            if (fallback != null) {
-                ps.println("dns_fallback=" + fallback);
+            if (f != null) {
+                ps.println("dns_fallback=" + f);
             }
         }
 
         System.setProperty("java.security.krb5.conf", "dnsfallback.conf");
         Config.refresh();
-        System.out.println("Testing " + realm + ", " + fallback + ", " + output);
+        System.out.println("Testing " + u + ", " + f + ", " + r + ", " + k);
 
-        if (!useDNS_Realm.invoke(Config.getInstance()).equals(output)) {
-            throw new Exception("Fail");
+        if (!useDNS_Realm.invoke(Config.getInstance()).equals(r)) {
+            throw new Exception("useDNS_Realm Fail");
+        }
+
+        if (!useDNS_KDC.invoke(Config.getInstance()).equals(k)) {
+            throw new Exception("useDNS_KDC Fail");
         }
     }
 }
--- a/test/sun/security/krb5/config/DNS.java	Wed May 20 15:31:37 2015 -0700
+++ b/test/sun/security/krb5/config/DNS.java	Thu May 21 14:06:29 2015 +0300
@@ -23,12 +23,22 @@
 
 // See dns.sh.
 import sun.security.krb5.Config;
+import sun.security.krb5.KrbException;
 
 public class DNS {
     public static void main(String[] args) throws Exception {
         System.setProperty("java.security.krb5.conf",
-                System.getProperty("test.src", ".") +"/nothing.conf");
+                System.getProperty("test.src", ".") +"/no-such-file.conf");
         Config config = Config.getInstance();
+        try {
+            String r = config.getDefaultRealm();
+            throw new Exception("What? There is a default realm " + r + "?");
+        } catch (KrbException ke) {
+            ke.printStackTrace();
+            if (ke.getCause() != null) {
+                throw new Exception("There should be no cause. Won't try DNS");
+            }
+        }
         String kdcs = config.getKDCList("X");
         if (!kdcs.equals("a.com.:88 b.com.:99") &&
                 !kdcs.equals("a.com. b.com.:99")) {
--- a/test/sun/security/krb5/confplusprop.conf	Wed May 20 15:31:37 2015 -0700
+++ b/test/sun/security/krb5/confplusprop.conf	Thu May 21 14:06:29 2015 +0300
@@ -1,7 +1,7 @@
 [libdefaults]
 default_realm = R1
 forwardable = well
-dns_lookup_realm = false
+dns_lookup_kdc = false
 
 [realms]
 R1 = {
--- a/test/sun/security/krb5/confplusprop2.conf	Wed May 20 15:31:37 2015 -0700
+++ b/test/sun/security/krb5/confplusprop2.conf	Thu May 21 14:06:29 2015 +0300
@@ -1,5 +1,5 @@
 [libdefaults]
-dns_lookup_realm = false
+dns_lookup_kdc = false
 
 [realms]
 R1 = {