Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
3781604c
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
3781604c
编写于
9月 18, 2013
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8012615: Realm.getRealmsList returns realms list in wrong
Reviewed-by: valeriep, xuelei
上级
433e57be
变更
5
展开全部
隐藏空白更改
内联
并排
Showing
5 changed file
with
260 addition
and
477 deletion
+260
-477
src/share/classes/sun/security/krb5/Config.java
src/share/classes/sun/security/krb5/Config.java
+27
-7
src/share/classes/sun/security/krb5/Realm.java
src/share/classes/sun/security/krb5/Realm.java
+126
-393
src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
...e/classes/sun/security/krb5/internal/CredentialsUtil.java
+5
-15
test/sun/security/krb5/ParseCAPaths.java
test/sun/security/krb5/ParseCAPaths.java
+60
-25
test/sun/security/krb5/krb5-capaths.conf
test/sun/security/krb5/krb5-capaths.conf
+42
-37
未找到文件。
src/share/classes/sun/security/krb5/Config.java
浏览文件 @
3781604c
...
...
@@ -225,19 +225,19 @@ public class Config {
* and has no sub-key at all (given "forwardable" is defined, otherwise,
* this method has no knowledge if it's a value name or a section name),
*/
@SuppressWarnings
(
"unchecked"
)
public
String
get
(
String
...
keys
)
{
Vector
<
String
>
v
=
get0
(
keys
);
Vector
<
String
>
v
=
get
String
0
(
keys
);
if
(
v
==
null
)
return
null
;
return
v
.
lastElement
();
}
/**
* Gets all values for the specified keys.
* @see #get(java.lang.String[])
* @throws IllegalArgumentException if any of the keys is illegal
* (See {@link #get})
*/
public
String
getAll
(
String
...
keys
)
{
Vector
<
String
>
v
=
get0
(
keys
);
Vector
<
String
>
v
=
get
String
0
(
keys
);
if
(
v
==
null
)
return
null
;
StringBuilder
sb
=
new
StringBuilder
();
boolean
first
=
true
;
...
...
@@ -252,17 +252,37 @@ public class Config {
return
sb
.
toString
();
}
// Internal method. Returns the vector of strings for keys.
/**
* Returns true if keys exists, can be either final string(s) or sub-stanza
* @throws IllegalArgumentException if any of the keys is illegal
* (See {@link #get})
*/
public
boolean
exists
(
String
...
keys
)
{
return
get0
(
keys
)
!=
null
;
}
// Returns final string value(s) for given keys.
@SuppressWarnings
(
"unchecked"
)
private
Vector
<
String
>
getString0
(
String
...
keys
)
{
try
{
return
(
Vector
<
String
>)
get0
(
keys
);
}
catch
(
ClassCastException
cce
)
{
throw
new
IllegalArgumentException
(
cce
);
}
}
// Internal method. Returns the value for keys, which can be a sub-stanza
// or final string value(s).
// The only method (except for toString) that reads stanzaTable directly.
@SuppressWarnings
(
"unchecked"
)
private
Vector
<
String
>
get0
(
String
...
keys
)
{
private
Object
get0
(
String
...
keys
)
{
Object
current
=
stanzaTable
;
try
{
for
(
String
key:
keys
)
{
current
=
((
Hashtable
<
String
,
Object
>)
current
).
get
(
key
);
if
(
current
==
null
)
return
null
;
}
return
(
Vector
<
String
>)
current
;
return
current
;
}
catch
(
ClassCastException
cce
)
{
throw
new
IllegalArgumentException
(
cce
);
}
...
...
src/share/classes/sun/security/krb5/Realm.java
浏览文件 @
3781604c
此差异已折叠。
点击以展开。
src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
浏览文件 @
3781604c
...
...
@@ -160,7 +160,7 @@ public class CredentialsUtil {
/**
* Gets a TGT to another realm
* @param localRealm this realm
* @param serviceRealm the other realm
* @param serviceRealm the other realm
, cannot equals to localRealm
* @param ccreds TGT in this realm
* @param okAsDelegate an [out] argument to receive the okAsDelegate
* property. True only if all realms allow delegation.
...
...
@@ -174,14 +174,6 @@ public class CredentialsUtil {
// Get a list of realms to traverse
String
[]
realms
=
Realm
.
getRealmsList
(
localRealm
,
serviceRealm
);
if
(
realms
==
null
||
realms
.
length
==
0
)
{
if
(
DEBUG
)
{
System
.
out
.
println
(
">>> Credentials acquireServiceCreds: no realms list"
);
}
return
null
;
}
int
i
=
0
,
k
=
0
;
Credentials
cTgt
=
null
,
newTgt
=
null
,
theTgt
=
null
;
PrincipalName
tempService
=
null
;
...
...
@@ -206,16 +198,14 @@ public class CredentialsUtil {
if
(
newTgt
==
null
)
{
if
(
DEBUG
)
{
System
.
out
.
println
(
">>> Credentials acquireServiceCreds: "
+
"no tgt; searching
backwards
"
);
+
"no tgt; searching
thru capath
"
);
}
/*
* No tgt found. Try to get one for a
* realm as close to the target as possible.
* That means traversing the realms list backwards.
* No tgt found. Let's go thru the realms list one by one.
*/
for
(
newTgt
=
null
,
k
=
realms
.
length
-
1
;
newTgt
==
null
&&
k
>
i
;
k
--
)
{
for
(
newTgt
=
null
,
k
=
i
+
1
;
newTgt
==
null
&&
k
<
realms
.
length
;
k
++
)
{
tempService
=
PrincipalName
.
tgsService
(
realms
[
k
],
realms
[
i
]);
if
(
DEBUG
)
{
System
.
out
.
println
(
...
...
test/sun/security/krb5/ParseCAPaths.java
浏览文件 @
3781604c
...
...
@@ -22,7 +22,7 @@
*/
/*
* @test
* @bug 6789935
* @bug 6789935
8012615
* @run main/othervm ParseCAPaths
* @summary cross-realm capath search error
*/
...
...
@@ -35,37 +35,75 @@ public class ParseCAPaths {
public
static
void
main
(
String
[]
args
)
throws
Exception
{
System
.
setProperty
(
"java.security.krb5.conf"
,
System
.
getProperty
(
"test.src"
,
"."
)
+
"/krb5-capaths.conf"
);
//System.setProperty("sun.security.krb5.debug", "true");
//
Standard example
//
MIT
check
(
"ANL.GOV"
,
"TEST.ANL.GOV"
,
"ANL.GOV"
);
check
(
"ANL.GOV"
,
"ES.NET"
,
"ANL.GOV"
);
check
(
"ANL.GOV"
,
"PNL.GOV"
,
"ANL.GOV"
,
"ES.NET"
);
check
(
"ANL.GOV"
,
"NERSC.GOV"
,
"ANL.GOV"
,
"ES.NET"
);
check
(
"NERSC.GOV"
,
"TEST.ANL.GOV"
,
"NERSC.GOV"
,
"ES.NET"
,
"ANL.GOV"
);
// RedHat
// 3.6.2.1. Configuring a Shared Hierarchy of Names
check
(
"AA.EXAMPLE.COM"
,
"BB.EXAMPLE.COM"
,
"AA.EXAMPLE.COM"
,
"EXAMPLE.COM"
);
check
(
"SITE1.SALES.EXAMPLE.COM"
,
"EVERYWHERE.EXAMPLE.COM"
,
"SITE1.SALES.EXAMPLE.COM"
,
"SALES.EXAMPLE.COM"
,
"EXAMPLE.COM"
);
check
(
"DEVEL.EXAMPLE.COM"
,
"PROD.EXAMPLE.ORG"
,
"DEVEL.EXAMPLE.COM"
,
"EXAMPLE.COM"
,
"COM"
,
"ORG"
,
"EXAMPLE.ORG"
);
// 3.6.2.2. Configuring Paths in krb5.conf
check
(
"A.EXAMPLE.COM"
,
"B.EXAMPLE.COM"
,
"A.EXAMPLE.COM"
);
check
(
"A.EXAMPLE.COM"
,
"C.EXAMPLE.COM"
,
"A.EXAMPLE.COM"
,
"B.EXAMPLE.COM"
);
check
(
"A.EXAMPLE.COM"
,
"D.EXAMPLE.COM"
,
"A.EXAMPLE.COM"
,
"B.EXAMPLE.COM"
,
"C.EXAMPLE.COM"
);
// The original JDK example
check
(
"TIVOLI.COM"
,
"IBM.COM"
,
"TIVOLI.COM"
,
"LDAPCENTRAL.NET"
,
"IBM_LDAPCENTRAL.COM"
,
"MOONLITE.ORG"
);
// Hierachical
check
(
"N1.N.COM"
,
"N2.N.COM"
,
"N1.N.COM"
,
"N.COM"
);
// 2 common
check
(
"N1.N.COM"
,
"N2.N3.COM"
,
"N1.N.COM"
,
"N.COM"
,
// 1 common
check
(
"N1.N.COM"
,
"N2.N.COM"
,
"N1.N.COM"
,
"N.COM"
);
check
(
"N1.N.COM"
,
"N2.N3.COM"
,
"N1.N.COM"
,
"N.COM"
,
"COM"
,
"N3.COM"
);
check
(
"N1.COM"
,
"N2.COM"
,
"N1.COM"
,
"COM"
);
// 1 common
check
(
"N1"
,
"N2"
,
"N1"
);
// 0 common
// Extra garbages
check
(
"A1.COM"
,
"A4.COM"
,
"A1.COM"
,
"A2.COM"
);
check
(
"N1.COM"
,
"N2.COM"
,
"N1.COM"
,
"COM"
);
check
(
"N1"
,
"N2"
,
"N1"
);
check
(
"N1.COM"
,
"N2.ORG"
,
"N1.COM"
,
"COM"
,
"ORG"
);
check
(
"N1.N.COM"
,
"N.COM"
,
"N1.N.COM"
);
check
(
"X.N1.N.COM"
,
"N.COM"
,
"X.N1.N.COM"
,
"N1.N.COM"
);
check
(
"N.COM"
,
"N1.N.COM"
,
"N.COM"
);
check
(
"N.COM"
,
"X.N1.N.COM"
,
"N.COM"
,
"N1.N.COM"
);
check
(
"A.B.C"
,
"D.E.F"
,
"A.B.C"
,
"B.C"
,
"C"
,
"F"
,
"E.F"
);
// Full path
check
(
"A1.COM"
,
"A2.COM"
,
"A1.COM"
);
check
(
"A1.COM"
,
"A3.COM"
,
"A1.COM"
,
"A2.COM"
);
check
(
"A1.COM"
,
"A4.COM"
,
"A1.COM"
,
"A2.COM"
,
"A3.COM"
);
// Shortest path
check
(
"B1.COM"
,
"B2.COM"
,
"B1.COM"
);
check
(
"B1.COM"
,
"B3.COM"
,
"B1.COM"
,
"B2.COM"
);
check
(
"B1.COM"
,
"B4.COM"
,
"B1.COM"
,
"B2.COM"
,
"B3.COM"
);
// Missing is "."
check
(
"C1.COM"
,
"C2.COM"
,
"C1.COM"
,
"COM"
);
check
(
"C1.COM"
,
"C3.COM"
,
"C1.COM"
,
"C2.COM"
);
// Multiple path
check
(
"D1.COM"
,
"D4.COM"
,
"D1.COM"
,
"D2.COM"
);
check
(
"E1.COM"
,
"E4.COM"
,
"E1.COM"
,
"E2.COM"
);
check
(
"F1.COM"
,
"F4.COM"
,
"F1.COM"
,
"F9.COM"
);
// Infinite loop
check
(
"G1.COM"
,
"G3.COM"
,
"G1.COM"
,
"COM"
);
check
(
"H1.COM"
,
"H3.COM"
,
"H1.COM"
);
// cRealm = .
check
(
"D1.COM"
,
"D2.COM"
,
"D1.COM"
);
// Bad cases
check
(
"E1.COM"
,
"E2.COM"
,
"E1.COM"
);
check
(
"E1.COM"
,
"E3.COM"
,
"E1.COM"
,
"E4.COM"
);
check
(
"G1.COM"
,
"G3.COM"
,
"G1.COM"
,
"G2.COM"
);
check
(
"I1.COM"
,
"I4.COM"
,
"I1.COM"
,
"I5.COM"
);
// J2=J1 is the same as J2=.
check
(
"J1.COM"
,
"J2.COM"
,
"J1.COM"
);
// 7019384
check
(
"A9.PRAGUE.XXX.CZ"
,
"SERVIS.XXX.CZ"
,
"A9.PRAGUE.XXX.CZ"
,
"PRAGUE.XXX.CZ"
,
"ROOT.XXX.CZ"
);
if
(
failed
!=
null
)
{
throw
failed
;
}
...
...
@@ -75,6 +113,7 @@ public class ParseCAPaths {
try
{
check2
(
from
,
to
,
paths
);
}
catch
(
Exception
e
)
{
System
.
out
.
println
(
" "
+
e
.
getMessage
());
failed
=
e
;
}
}
...
...
@@ -84,18 +123,14 @@ public class ParseCAPaths {
System
.
out
.
println
(
from
+
" -> "
+
to
);
System
.
out
.
println
(
" expected: "
+
Arrays
.
toString
(
paths
));
String
[]
result
=
Realm
.
getRealmsList
(
from
,
to
);
System
.
out
.
println
(
" result: "
+
Arrays
.
toString
(
result
));
if
(
result
==
null
)
{
if
(
paths
.
length
==
0
)
{
// OK
}
else
{
throw
new
Exception
(
"Shouldn't have a valid path."
);
}
if
(
result
==
null
||
result
.
length
==
0
)
{
throw
new
Exception
(
"There is always a valid path."
);
}
else
if
(
result
.
length
!=
paths
.
length
)
{
throw
new
Exception
(
"Length of path not correct"
);
}
else
{
for
(
int
i
=
0
;
i
<
result
.
length
;
i
++)
{
if
(!
result
[
i
].
equals
(
paths
[
i
]))
{
System
.
out
.
println
(
" result: "
+
Arrays
.
toString
(
result
));
throw
new
Exception
(
"Path not same"
);
}
}
...
...
test/sun/security/krb5/krb5-capaths.conf
浏览文件 @
3781604c
[
capaths
]
#
Standard
#
http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/capaths.html
ANL
.
GOV
= {
TEST
.
ANL
.
GOV
= .
...
...
@@ -14,81 +14,86 @@ TEST.ANL.GOV = {
PNL
.
GOV
= {
ANL
.
GOV
=
ES
.
NET
}
#NERSC.GOV = {
# ANL.GOV = ES.NET
#}
ES
.
NET
= {
ANL
.
GOV
= .
}
NERSC
.
GOV
= {
ANL
.
GOV
=
ES
.
NET
TEST
.
ANL
.
GOV
=
ES
.
NET
TEST
.
ANL
.
GOV
=
ANL
.
GOV
PNL
.
GOV
=
ES
.
NET
ES
.
NET
= .
}
ES
.
NET
= {
ANL
.
GOV
= .
# The original JDK example
TIVOLI
.
COM
= {
IBM
.
COM
=
IBM_LDAPCENTRAL
.
COM
MOONLITE
.
ORG
IBM_LDAPCENTRAL
.
COM
=
LDAPCENTRAL
.
NET
LDAPCENTRAL
.
NET
= .
}
# https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Setting_Up_Cross_Realm_Authentication.html
A
.
EXAMPLE
.
COM
= {
B
.
EXAMPLE
.
COM
= .
C
.
EXAMPLE
.
COM
=
B
.
EXAMPLE
.
COM
D
.
EXAMPLE
.
COM
=
B
.
EXAMPLE
.
COM
D
.
EXAMPLE
.
COM
=
C
.
EXAMPLE
.
COM
}
#
Extra garbages
#
Full path
A1
.
COM
= {
A2
.
COM
= .
A4
.
COM
=
A2
.
COM
A3
.
COM
=
A4
.
COM
A3
.
COM
=
A2
.
COM
A4
.
COM
=
A2
.
COM
A4
.
COM
=
A3
.
COM
}
# Shortest path
B1
.
COM
= {
B2
.
COM
= .
B3
.
COM
=
B2
.
COM
B
3
.
COM
=
B4
.
COM
B
4
.
COM
=
B3
.
COM
}
#
Missing is "."
#
If no sRealm key, fallback to hierarchy
C1
.
COM
= {
C3
.
COM
=
C2
.
COM
}
#
Multiple paths
#
cRealm is "."
D1
.
COM
= {
D2
.
COM
= .
D3
.
COM
= .
D4
.
COM
=
D2
.
COM
D4
.
COM
=
D3
.
COM
D2
.
COM
=
D1
.
COM
}
# Bad cases
E1
.
COM
= {
E2
.
COM
= .
E2
.
COM
=
E2
.
COM
E3
.
COM
=
E4
.
COM
E3
.
COM
= .
E4
.
COM
=
E2
.
COM
E3
.
COM
E2
.
COM
}
# Shortest or First?
F1
.
COM
= {
F2
.
COM
= .
F3
.
COM
=
F2
.
COM
F4
.
COM
=
F9
.
COM
F4
.
COM
=
F3
.
COM
F4
.
COM
=
F2
.
COM
}
# Infinite loop
G1
.
COM
= {
G2
.
COM
=
G3
.
COM
G3
.
COM
=
G2
.
COM
}
H1
.
COM
= {
H2
.
COM
=
H3
.
COM
H3
.
COM
=
H2
.
COM
H3
.
COM
= .
}
I1
.
COM
= {
I2
.
COM
=
I3
.
COM
I3
.
COM
=
I2
.
COM
I4
.
COM
=
I
2
.
COM
I
5
.
COM
I4
.
COM
=
I5
.
COM
}
J1
.
COM
= {
J2
.
COM
=
J1
.
COM
}
# 7019384
A9
.
PRAGUE
.
XXX
.
CZ
= {
PRAGUE
.
XXX
.
CZ
= .
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录