changeset 11979:c9ffd40e80b9

8077102: dns_lookup_realm should be false by default Reviewed-by: valeriep
author weijun
date Tue, 19 May 2015 09:09:09 +0800
parents ed6386375068
children 12931f7ace25
files src/java.security.jgss/share/classes/sun/security/krb5/Config.java test/sun/security/krb5/config/ConfPlusProp.java test/sun/security/krb5/config/DNS.java test/sun/security/krb5/config/DnsFallback.java test/sun/security/krb5/config/confplusprop.conf test/sun/security/krb5/config/confplusprop2.conf
diffstat 6 files changed, 67 insertions(+), 53 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Config.java	Mon May 18 13:34:56 2015 -0700
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Config.java	Tue May 19 09:09:09 2015 +0800
@@ -1085,27 +1085,30 @@
      * Check if need to use DNS to locate Kerberos services for name. If not
      * defined, check dns_fallback, whose default value is true.
      */
-    private boolean useDNS(String name) {
+    private boolean useDNS(String name, boolean defaultValue) {
         Boolean value = getBooleanObject("libdefaults", name);
         if (value != null) {
             return value.booleanValue();
-        } else {
-            return getBooleanObject("libdefaults", "dns_fallback") != Boolean.FALSE;
         }
+        value = getBooleanObject("libdefaults", "dns_fallback");
+        if (value != null) {
+            return value.booleanValue();
+        }
+        return defaultValue;
     }
 
     /**
      * Check if need to use DNS to locate the KDC
      */
     private boolean useDNS_KDC() {
-        return useDNS("dns_lookup_kdc");
+        return useDNS("dns_lookup_kdc", true);
     }
 
     /*
      * Check if need to use DNS to locate the Realm
      */
     private boolean useDNS_Realm() {
-        return useDNS("dns_lookup_realm");
+        return useDNS("dns_lookup_realm", false);
     }
 
     /**
--- a/test/sun/security/krb5/config/ConfPlusProp.java	Mon May 18 13:34:56 2015 -0700
+++ b/test/sun/security/krb5/config/ConfPlusProp.java	Tue May 19 09:09:09 2015 +0800
@@ -35,6 +35,12 @@
 public class ConfPlusProp {
     Config config;
     public static void main(String[] args) throws Exception {
+        if (System.getenv("USERDNSDOMAIN") != null ||
+                System.getenv("LOGONSERVER") != null) {
+            System.out.println(
+                    "Looks like a Windows machine in a domain. Skip test.");
+            return;
+        }
         new ConfPlusProp().run();
     }
 
@@ -90,23 +96,8 @@
         check("R2", "old");
         check("R3", null);
 
-        int version = System.getProperty("java.version").charAt(2) - '0';
-        System.out.println("JDK version is " + version);
-
-        // Zero-config is supported since 1.7
-        if (version >= 7) {
-            // Point to a non-existing file
-            System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-            refresh();
-
-            // Default realm might come from DNS
-            //checkDefaultRealm(null);
-            check("R1", null);
-            check("R2", null);
-            check("R3", null);
-            if (config.get("libdefaults", "forwardable") != null) {
-                throw new Exception("Extra config error");
-            }
+        if (config.get("libdefaults", "forwardable") != null) {
+            throw new Exception("Extra config error");
         }
 
         // Add prop
@@ -136,14 +127,6 @@
         check("R2", "k2");
         check("R3", "k2");
 
-        // Point to a non-existing file
-        System.setProperty("java.security.krb5.conf", "i-am-not-a file");
-        refresh();
-
-        checkDefaultRealm("R2");
-        check("R1", "k2");
-        check("R2", "k2");
-        check("R3", "k2");
         if (config.get("libdefaults", "forwardable") != null) {
             throw new Exception("Extra config error");
         }
--- a/test/sun/security/krb5/config/DNS.java	Mon May 18 13:34:56 2015 -0700
+++ b/test/sun/security/krb5/config/DNS.java	Tue May 19 09:09:09 2015 +0800
@@ -23,12 +23,22 @@
 
 // See dns.sh.
 import sun.security.krb5.Config;
+import sun.security.krb5.KrbException;
 
 public class DNS {
     public static void main(String[] args) throws Exception {
         System.setProperty("java.security.krb5.conf",
-                System.getProperty("test.src", ".") +"/nothing.conf");
+                System.getProperty("test.src", ".") +"/no-such-file.conf");
         Config config = Config.getInstance();
+        try {
+            String r = config.getDefaultRealm();
+            throw new Exception("What? There is a default realm " + r + "?");
+        } catch (KrbException ke) {
+            ke.printStackTrace();
+            if (ke.getCause() != null) {
+                throw new Exception("There should be no cause. Won't try DNS");
+            }
+        }
         String kdcs = config.getKDCList("X");
         if (!kdcs.equals("a.com.:88 b.com.:99") &&
                 !kdcs.equals("a.com. b.com.:99")) {
--- a/test/sun/security/krb5/config/DnsFallback.java	Mon May 18 13:34:56 2015 -0700
+++ b/test/sun/security/krb5/config/DnsFallback.java	Tue May 19 09:09:09 2015 +0800
@@ -22,8 +22,7 @@
  */
 /*
  * @test
- * @bug 6673164
- * @bug 6552334
+ * @bug 6673164 6552334 8077102
  * @run main/othervm DnsFallback
  * @summary fix dns_fallback parse error, and use dns by default
  */
@@ -35,47 +34,66 @@
 public class DnsFallback {
 
     static Method useDNS_Realm;
+    static Method useDNS_KDC;
 
     public static void main(String[] args) throws Exception {
 
         useDNS_Realm = Config.class.getDeclaredMethod("useDNS_Realm");
         useDNS_Realm.setAccessible(true);
+        useDNS_KDC = Config.class.getDeclaredMethod("useDNS_KDC");
+        useDNS_KDC.setAccessible(true);
 
 
         // for 6673164
-        check("true", "true", true);
-        check("false", "true", false);
-        check("true", "false", true);
-        check("false", "false", false);
-        check("true", null, true);
-        check("false", null, false);
-        check(null, "true", true);
-        check(null, "false", false);
+        check("true", "true", true, true);
+        check("false", "true", false, false);
+        check("true", "false", true, true);
+        check("false", "false", false, false);
+        check("true", null, true, true);
+        check("false", null, false, false);
+        check(null, "true", true, true);
+        check(null, "false", false, false);
 
-        // for 6552334
-        check(null, null, true);
+        // for 6552334, no longer true
+        //check(null, null, true, true);
+
+        // 8077102
+        check(null, null, false, true);
     }
 
-    static void check(String realm, String fallback, boolean output)
+    /**
+     * Sets and checks.
+     *
+     * @param u dns_lookup_XXX value set, none if null
+     * @param f dns_fallback value set, none if null
+     * @param r expected useDNS_Realm
+     * @param k expected useDNS_KDC
+     */
+    static void check(String u, String f, boolean r, boolean k)
             throws Exception {
 
         try (PrintStream ps =
                 new PrintStream(new FileOutputStream("dnsfallback.conf"))) {
             ps.println("[libdefaults]\n");
-            if (realm != null) {
-                ps.println("dns_lookup_realm=" + realm);
+            if (u != null) {
+                ps.println("dns_lookup_realm=" + u);
+                ps.println("dns_lookup_kdc=" + u);
             }
-            if (fallback != null) {
-                ps.println("dns_fallback=" + fallback);
+            if (f != null) {
+                ps.println("dns_fallback=" + f);
             }
         }
 
         System.setProperty("java.security.krb5.conf", "dnsfallback.conf");
         Config.refresh();
-        System.out.println("Testing " + realm + ", " + fallback + ", " + output);
+        System.out.println("Testing " + u + ", " + f + ", " + r + ", " + k);
 
-        if (!useDNS_Realm.invoke(Config.getInstance()).equals(output)) {
-            throw new Exception("Fail");
+        if (!useDNS_Realm.invoke(Config.getInstance()).equals(r)) {
+            throw new Exception("useDNS_Realm Fail");
+        }
+
+        if (!useDNS_KDC.invoke(Config.getInstance()).equals(k)) {
+            throw new Exception("useDNS_KDC Fail");
         }
     }
 }
--- a/test/sun/security/krb5/config/confplusprop.conf	Mon May 18 13:34:56 2015 -0700
+++ b/test/sun/security/krb5/config/confplusprop.conf	Tue May 19 09:09:09 2015 +0800
@@ -1,7 +1,7 @@
 [libdefaults]
 default_realm = R1
 forwardable = well
-dns_lookup_realm = false
+dns_lookup_kdc = false
 
 [realms]
 R1 = {
--- a/test/sun/security/krb5/config/confplusprop2.conf	Mon May 18 13:34:56 2015 -0700
+++ b/test/sun/security/krb5/config/confplusprop2.conf	Tue May 19 09:09:09 2015 +0800
@@ -1,5 +1,5 @@
 [libdefaults]
-dns_lookup_realm = false
+dns_lookup_kdc = false
 
 [realms]
 R1 = {