From 926be577b90b4ba8c436e7fefafd41732beb89b1 Mon Sep 17 00:00:00 2001 From: weijun Date: Fri, 15 Mar 2019 04:47:18 +0000 Subject: [PATCH] 8175120: Remove old tests on kdc timeout policy Reviewed-by: xuelei, shade --- test/sun/security/krb5/auto/BadKdc.java | 221 --------------- test/sun/security/krb5/auto/BadKdc1.java | 60 ---- test/sun/security/krb5/auto/BadKdc2.java | 55 ---- test/sun/security/krb5/auto/BadKdc3.java | 50 ---- test/sun/security/krb5/auto/BadKdc4.java | 50 ---- test/sun/security/krb5/auto/CommMatcher.java | 86 ------ test/sun/security/krb5/auto/MaxRetries.java | 278 ------------------- test/sun/security/krb5/auto/TcpTimeout.java | 107 ------- test/sun/security/krb5/auto/UdpTcp.java | 71 ----- 9 files changed, 978 deletions(-) delete mode 100644 test/sun/security/krb5/auto/BadKdc.java delete mode 100644 test/sun/security/krb5/auto/BadKdc1.java delete mode 100644 test/sun/security/krb5/auto/BadKdc2.java delete mode 100644 test/sun/security/krb5/auto/BadKdc3.java delete mode 100644 test/sun/security/krb5/auto/BadKdc4.java delete mode 100644 test/sun/security/krb5/auto/CommMatcher.java delete mode 100644 test/sun/security/krb5/auto/MaxRetries.java delete mode 100644 test/sun/security/krb5/auto/TcpTimeout.java delete mode 100644 test/sun/security/krb5/auto/UdpTcp.java diff --git a/test/sun/security/krb5/auto/BadKdc.java b/test/sun/security/krb5/auto/BadKdc.java deleted file mode 100644 index d1ace1a41..000000000 --- a/test/sun/security/krb5/auto/BadKdc.java +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.io.*; -import java.net.BindException; -import java.net.DatagramPacket; -import java.net.DatagramSocket; -import java.net.InetAddress; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import javax.security.auth.login.LoginException; -import sun.security.krb5.Asn1Exception; -import sun.security.krb5.Config; - -public class BadKdc { - - // Matches the krb5 debug output: - // >>> KDCCommunication: kdc=kdc.rabbit.hole UDP:14319, timeout=2000,... - // ^ kdc# ^ timeout - static final Pattern re = Pattern.compile( - ">>> KDCCommunication: kdc=kdc.rabbit.hole UDP:(\\d)...., " + - "timeout=(\\d+),"); - - // Ratio for timeout values of all timeout tests. Not final so that - // each test can choose their own. - static float ratio = 2f; - - static void setRatio(float ratio) { - BadKdc.ratio = ratio; - } - - static float getRatio() { - return ratio; - } - - // Gets real timeout value. This method is called when writing krb5.conf - static int toReal(int from) { - return (int)(from * ratio + .5); - } - - // De-ratio a millisecond value to second - static int toSymbolicSec(int from) { - return (int)(from / ratio / 1000f + 0.5); - } - - /* - * There are several cases this test fails: - * - * 1. The random selected port is used by another process. No good way to - * prevent this happening, coz krb5.conf must be written before KDC starts. - * There are two different outcomes: - * - * a. Cannot start the KDC. A BindException thrown. - * b. When trying to access a non-existing KDC, a response is received! - * Most likely a Asn1Exception thrown - * - * 2. Even if a KDC is started, and more than 20 seconds pass by, a timeout - * can still happens for the first UDP request. In fact, the KDC did not - * received it at all. This happens on almost all platforms, especially - * solaris-i586 and solaris-x64. - * - * To avoid them: - * - * 1. Catch those exceptions and ignore - * - * 2. a. Make the timeout longer? useless - * b. Read the output carefully, if there is a timeout, it's OK. - * Just make sure the retries times and KDCs are correct. - * This is tough. - * c. Feed the KDC a UDP packet first. The current "solution". - */ - public static void go(String... expected) - throws Exception { - try { - go0(expected); - } catch (BindException be) { - System.out.println("The random port is used by another process"); - } catch (LoginException le) { - Throwable cause = le.getCause(); - if (cause instanceof Asn1Exception) { - System.out.println("Bad packet possibly from another process"); - return; - } - throw le; - } - } - - public static void go0(String... expected) - throws Exception { - System.setProperty("sun.security.krb5.debug", "true"); - - // Idle UDP sockets will trigger a SocketTimeoutException, without it, - // a PortUnreachableException will be thrown. - DatagramSocket d1 = null, d2 = null, d3 = null; - - // Make sure KDCs' ports starts with 1 and 2 and 3, - // useful for checking debug output. - int p1 = 10000 + new java.util.Random().nextInt(10000); - int p2 = 20000 + new java.util.Random().nextInt(10000); - int p3 = 30000 + new java.util.Random().nextInt(10000); - - FileWriter fw = new FileWriter("alternative-krb5.conf"); - - fw.write("[libdefaults]\n" + - "default_realm = " + OneKDC.REALM + "\n" + - "kdc_timeout = " + toReal(2000) + "\n"); - fw.write("[realms]\n" + OneKDC.REALM + " = {\n" + - "kdc = " + OneKDC.KDCHOST + ":" + p1 + "\n" + - "kdc = " + OneKDC.KDCHOST + ":" + p2 + "\n" + - "kdc = " + OneKDC.KDCHOST + ":" + p3 + "\n" + - "}\n"); - - fw.close(); - System.setProperty("java.security.krb5.conf", "alternative-krb5.conf"); - Config.refresh(); - - // Turn on k3 only - d1 = new DatagramSocket(p1); - d2 = new DatagramSocket(p2); - KDC k3 = on(p3); - - test(expected[0]); - test(expected[1]); - Config.refresh(); - test(expected[2]); - - k3.terminate(); // shutdown k3 - d3 = new DatagramSocket(p3); - - d2.close(); - on(p2); // k2 is on - - test(expected[3]); - d1.close(); - on(p1); // k1 and k2 is on - test(expected[4]); - - d3.close(); - } - - private static KDC on(int p) throws Exception { - KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p, true); - k.addPrincipal(OneKDC.USER, OneKDC.PASS); - k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); - // Feed a packet to newly started KDC to warm it up - System.err.println("-------- IGNORE THIS ERROR MESSAGE --------"); - new DatagramSocket().send( - new DatagramPacket("Hello".getBytes(), 5, - InetAddress.getByName(OneKDC.KDCHOST), p)); - return k; - } - - private static void test(String expected) throws Exception { - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - System.out.println("----------------- TEST -----------------"); - try { - test0(bo, expected); - } catch (Exception e) { - System.out.println("----------------- ERROR -----------------"); - System.out.println(new String(bo.toByteArray())); - System.out.println("--------------- ERROR END ---------------"); - throw e; - } - } - - /** - * One round of test for max_retries and timeout. - * @param expected the expected kdc# timeout kdc# timeout... - */ - private static void test0(ByteArrayOutputStream bo, String expected) - throws Exception { - PrintStream oldout = System.out; - boolean failed = false; - System.setOut(new PrintStream(bo)); - try { - Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); - } catch (Exception e) { - failed = true; - } finally { - System.setOut(oldout); - } - - String[] lines = new String(bo.toByteArray()).split("\n"); - StringBuilder sb = new StringBuilder(); - for (String line: lines) { - Matcher m = re.matcher(line); - if (m.find()) { - System.out.println(line); - sb.append(m.group(1)) - .append(toSymbolicSec(Integer.parseInt(m.group(2)))); - } - } - if (failed) sb.append('-'); - - String output = sb.toString(); - System.out.println("Expected: " + expected + ", actual " + output); - if (!output.matches(expected)) { - throw new Exception("Does not match"); - } - } -} diff --git a/test/sun/security/krb5/auto/BadKdc1.java b/test/sun/security/krb5/auto/BadKdc1.java deleted file mode 100644 index 0170cd356..000000000 --- a/test/sun/security/krb5/auto/BadKdc1.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6843127 - * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc1 - * @summary krb5 should not try to access unavailable kdc too often - */ - -import java.security.Security; - -public class BadKdc1 { - - public static void main(String[] args) - throws Exception { - - // 5 sec is default timeout for tryLess - if (BadKdc.getRatio() > 2.5) { - Security.setProperty("krb5.kdc.bad.policy", - "tryLess:1," + BadKdc.toReal(2000)); - } else { - Security.setProperty("krb5.kdc.bad.policy", "tryLess"); - } - - BadKdc.go( - "121212222222(32){1,2}1222(32){1,2}", // 1 2 - // The above line means try kdc1 for 2 seconds then kdc1 - // for 2 seconds... finally kdc3 for 2 seconds. - "1222(32){1,2}1222(32){1,2}", // 1 2 - // refresh - "121212222222(32){1,2}1222(32){1,2}", // 1 2 - // k3 off k2 on - "(122212(22){1,2}|1222323232-)", // 1 - // k1 on - "(12(12){1,2}|122232-)" // empty - ); - } -} - diff --git a/test/sun/security/krb5/auto/BadKdc2.java b/test/sun/security/krb5/auto/BadKdc2.java deleted file mode 100644 index 218aa7b95..000000000 --- a/test/sun/security/krb5/auto/BadKdc2.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6843127 - * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc2 - * @summary krb5 should not try to access unavailable kdc too often - */ - -import java.io.*; -import java.security.Security; - -public class BadKdc2 { - - public static void main(String[] args) - throws Exception { - - // 1 sec is too short. - BadKdc.setRatio(3.0f); - - Security.setProperty( - "krb5.kdc.bad.policy", "tryLess:2," + BadKdc.toReal(1000)); - BadKdc.go( - "121212222222(32){1,2}11112121(32){1,2}", // 1 2 - "11112121(32){1,2}11112121(32){1,2}", // 1 2 - // refresh - "121212222222(32){1,2}11112121(32){1,2}", // 1 2 - // k3 off k2 on - "1111(21){1,2}1111(22){1,2}", // 1 - // k1 on - "(11){1,2}(12){1,2}" // empty - ); - } -} diff --git a/test/sun/security/krb5/auto/BadKdc3.java b/test/sun/security/krb5/auto/BadKdc3.java deleted file mode 100644 index d5c5f877b..000000000 --- a/test/sun/security/krb5/auto/BadKdc3.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6843127 - * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc3 - * @summary krb5 should not try to access unavailable kdc too often - */ - -import java.io.*; -import java.security.Security; - -public class BadKdc3 { - - public static void main(String[] args) - throws Exception { - Security.setProperty("krb5.kdc.bad.policy", "tryLast"); - BadKdc.go( - "121212222222(32){2,4}", // 1 2 - "(32){2,4}", // 1 2 - // refresh - "121212222222(32){2,4}", // 1 2 - // k3 off k2 on - "323232121212(22){2,4}", // 1 3 - // k1 on - "(22){2,4}" // 1 3 - ); - } -} diff --git a/test/sun/security/krb5/auto/BadKdc4.java b/test/sun/security/krb5/auto/BadKdc4.java deleted file mode 100644 index 14f078e75..000000000 --- a/test/sun/security/krb5/auto/BadKdc4.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6843127 - * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock BadKdc4 - * @summary krb5 should not try to access unavailable kdc too often - */ - -import java.io.*; -import java.security.Security; - -public class BadKdc4 { - - public static void main(String[] args) - throws Exception { - Security.setProperty("krb5.kdc.bad.policy", ""); - BadKdc.go( - "121212222222(32){1,2}121212222222(32){1,2}", - "121212222222(32){1,2}121212222222(32){1,2}", - // refresh - "121212222222(32){1,2}121212222222(32){1,2}", - // k3 off k2 on - "121212(22){1,2}121212(22){1,2}", - // k1 on - "(12){2,4}" - ); - } -} diff --git a/test/sun/security/krb5/auto/CommMatcher.java b/test/sun/security/krb5/auto/CommMatcher.java deleted file mode 100644 index 1cfe25a5d..000000000 --- a/test/sun/security/krb5/auto/CommMatcher.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * Matches the krb5 debug output: - * >>> KDCCommunication: kdc=host UDP:11555, timeout=100,Attempt =1, #bytes=138 - * - * Example: - * CommMatcher cm = new CommMatcher(); - * cm.addPort(12345).addPort(23456); - * for (String line : debugOutput) { - * if (cm.match(line)) { - * println("KDC: %c, %s, Timeout: %d\n", - * cm.kdc(), cm.protocol(), cm.timeout()); - * } - * } - */ -public class CommMatcher { - - static final Pattern re = Pattern.compile( - ">>> KDCCommunication: kdc=\\S+ (TCP|UDP):(\\d+), " + - "timeout=(\\d+),Attempt\\s*=(\\d+)"); - - List kdcPorts = new ArrayList<>(); - Matcher matcher; - - /** - * Add KDC ports one by one. The 1st KDC will be 'a' in {@link #kdc()}, - * 2nd is 'b', etc, etc. - */ - public CommMatcher addPort(int port) { - if (port > 0) { - kdcPorts.add(port); - } else { - kdcPorts.clear(); - } - return this; - } - - public boolean match(String line) { - matcher = re.matcher(line); - return matcher.find(); - } - - public String protocol() { - return matcher.group(1); - } - - public char kdc() { - int port = Integer.parseInt(matcher.group(2)); - return (char)(kdcPorts.indexOf(port) + 'a'); - } - - public int timeout() { - return BadKdc.toSymbolicSec(Integer.parseInt(matcher.group(3))); - } - - public int attempt() { - return Integer.parseInt(matcher.group(4)); - } -} diff --git a/test/sun/security/krb5/auto/MaxRetries.java b/test/sun/security/krb5/auto/MaxRetries.java deleted file mode 100644 index de0d17589..000000000 --- a/test/sun/security/krb5/auto/MaxRetries.java +++ /dev/null @@ -1,278 +0,0 @@ -/* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6844193 - * @compile -XDignore.symbol.file MaxRetries.java - * @run main/othervm/timeout=300 -Dsun.net.spi.nameservice.provider.1=ns,mock MaxRetries - * @summary support max_retries in krb5.conf - */ - -import javax.security.auth.login.LoginException; -import java.io.*; -import java.net.DatagramSocket; -import java.security.Security; - -public class MaxRetries { - - static int idlePort = -1; - static CommMatcher cm = new CommMatcher(); - - public static void main(String[] args) - throws Exception { - - System.setProperty("sun.security.krb5.debug", "true"); - OneKDC kdc = new OneKDC(null).writeJAASConf(); - - // An idle UDP socket to prevent PortUnreachableException - DatagramSocket ds = new DatagramSocket(); - idlePort = ds.getLocalPort(); - - cm.addPort(idlePort); - cm.addPort(kdc.getPort()); - - System.setProperty("java.security.krb5.conf", "alternative-krb5.conf"); - - Security.setProperty("krb5.kdc.bad.policy", "trylast"); - - // We always make the real timeout to be 1 second - BadKdc.setRatio(0.25f); - rewriteMaxRetries(4); - - // Explanation: In this case, max_retries=4 and timeout=4s. - // For AS-REQ without preauth, we will see 4 4s timeout on kdc#1 - // ("a4" repeat 4 times), and one 4s timeout on kdc#2 ("b4"). For - // AS-REQ with preauth, one 4s timeout on kdc#2 (second "b4"). - // we tolerate 4 real timeout on kdc#2, so make it "(b4){2,6}". - test1("a4a4a4a4b4b4", "a4a4a4a4(b4){2,6}"); - test1("b4b4", "(b4){2,6}"); - - BadKdc.setRatio(1f); - rewriteMaxRetries(1); - // Explanation: Since max_retries=1 only, we could fail in 1st or 2nd - // AS-REQ to kdc#2. - String actual = test1("a1b1b1", "(a1b1b1|a1b1x|a1b1b1x)"); - if (actual.endsWith("x")) { - // If 1st attempt fails, all bads are back available - test1("a1b1b1", "(a1b1b1|a1b1x|a1b1b1x)"); - } else { - test1("b1b1", "(b1b1|b1x|b1b1x)"); - } - - BadKdc.setRatio(0.2f); - rewriteMaxRetries(-1); - test1("a5a5a5b5b5", "a5a5a5(b5){2,4}"); - test1("b5b5", "(b5){2,4}"); - - BadKdc.setRatio(0.25f); - Security.setProperty("krb5.kdc.bad.policy", - "tryless:1,1000"); - rewriteMaxRetries(4); - test1("a4a4a4a4b4a4b4", "a4a4a4a4(b4){1,3}a4(b4){1,3}"); - test1("a4b4a4b4", "a4(b4){1,3}a4(b4){1,3}"); - - BadKdc.setRatio(1f); - rewriteMaxRetries(1); - actual = test1("a1b1a1b1", "(a1b1|a1b1x|a1b1a1b1|a1b1a1b1x)"); - if (actual.endsWith("x")) { - test1("a1b1a1b1", "(a1b1|a1b1x|a1b1a1b1|a1b1a1b1x)"); - } else { - test1("a1b1a1b1", "(a1b1|a1b1x|a1b1a1b1|a1b1a1b1x)"); - } - - BadKdc.setRatio(.2f); - rewriteMaxRetries(-1); - test1("a5a5a5b5a5b5", "a5a5a5(b5){1,2}a5(b5){1,2}"); - test1("a5b5a5b5", "a5(b5){1,2}a5(b5){1,2}"); - - BadKdc.setRatio(1f); - rewriteMaxRetries(2); - if (BadKdc.toReal(2000) > 1000) { - // Explanation: if timeout is longer than 1s in tryLess, - // we will see "a1" at 2nd kdc#1 access - test1("a2a2b2a1b2", "a2a2(b2){1,2}a1(b2){1,2}"); - } else { - test1("a2a2b2a2b2", "a2a2(b2){1,2}a2(b2){1,2}"); - } - - BadKdc.setRatio(1f); - - rewriteUdpPrefLimit(-1, -1); // default, no limit - test2("UDP"); - - rewriteUdpPrefLimit(10, -1); // global rules - test2("TCP"); - - rewriteUdpPrefLimit(10, 10000); // realm rules - test2("UDP"); - - rewriteUdpPrefLimit(10000, 10); // realm rules - test2("TCP"); - - ds.close(); - } - - /** - * One round of test for max_retries and timeout. - * - * @param exact the expected exact match, where no timeout - * happens for real KDCs - * @param relaxed the expected relaxed match, where some timeout - * could happen for real KDCs - * @return the actual result - */ - private static String test1(String exact, String relaxed) throws Exception { - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - PrintStream oldout = System.out; - System.setOut(new PrintStream(bo)); - boolean failed = false; - long start = System.nanoTime(); - try { - Context c = Context.fromJAAS("client"); - } catch (LoginException e) { - failed = true; - } - System.setOut(oldout); - - String[] lines = new String(bo.toByteArray()).split("\n"); - System.out.println("----------------- TEST (" + exact - + ") -----------------"); - - // Result, a series of timeout + kdc# - StringBuilder sb = new StringBuilder(); - for (String line: lines) { - if (cm.match(line)) { - System.out.println(line); - sb.append(cm.kdc()).append(cm.timeout()); - } - } - if (failed) { - sb.append("x"); - } - System.out.println("Time: " + (System.nanoTime() - start) / 1000000000d); - String actual = sb.toString(); - System.out.println("Actual: " + actual); - if (actual.equals(exact)) { - System.out.println("Exact match: " + exact); - } else if (actual.matches(relaxed)) { - System.out.println("!!!! Tolerant match: " + relaxed); - } else { - throw new Exception("Match neither " + exact + " nor " + relaxed); - } - return actual; - } - - /** - * One round of test for udp_preference_limit. - * @param proto the expected protocol used - */ - private static void test2(String proto) throws Exception { - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - PrintStream oldout = System.out; - System.setOut(new PrintStream(bo)); - Context c = Context.fromJAAS("client"); - System.setOut(oldout); - - int count = 2; - String[] lines = new String(bo.toByteArray()).split("\n"); - System.out.println("----------------- TEST -----------------"); - for (String line: lines) { - if (cm.match(line)) { - System.out.println(line); - count--; - if (!cm.protocol().equals(proto)) { - throw new Exception("Wrong protocol value"); - } - } - } - if (count != 0) { - throw new Exception("Retry count is " + count + " less"); - } - } - - /** - * Set udp_preference_limit for global and realm - */ - private static void rewriteUdpPrefLimit(int global, int realm) - throws Exception { - BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF)); - FileWriter fw = new FileWriter("alternative-krb5.conf"); - while (true) { - String s = fr.readLine(); - if (s == null) { - break; - } - if (s.startsWith("[realms]")) { - // Reconfig global setting - fw.write("kdc_timeout = 5000\n"); - if (global != -1) { - fw.write("udp_preference_limit = " + global + "\n"); - } - } else if (s.trim().startsWith("kdc = ")) { - if (realm != -1) { - // Reconfig for realm - fw.write(" udp_preference_limit = " + realm + "\n"); - } - } - fw.write(s + "\n"); - } - fr.close(); - fw.close(); - sun.security.krb5.Config.refresh(); - } - - /** - * Set max_retries and timeout value for realm. The global value is always - * 3 and 5000. - * - * @param value max_retries and timeout/1000 for a realm, -1 means none. - */ - private static void rewriteMaxRetries(int value) throws Exception { - BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF)); - FileWriter fw = new FileWriter("alternative-krb5.conf"); - while (true) { - String s = fr.readLine(); - if (s == null) { - break; - } - if (s.startsWith("[realms]")) { - // Reconfig global setting - fw.write("max_retries = 3\n"); - fw.write("kdc_timeout = " + BadKdc.toReal(5000) + "\n"); - } else if (s.trim().startsWith("kdc = ")) { - if (value != -1) { - // Reconfig for realm - fw.write(" max_retries = " + value + "\n"); - fw.write(" kdc_timeout = " + BadKdc.toReal(value*1000) + "\n"); - } - // Add a bad KDC as the first candidate - fw.write(" kdc = localhost:" + idlePort + "\n"); - } - fw.write(s + "\n"); - } - fr.close(); - fw.close(); - sun.security.krb5.Config.refresh(); - } -} diff --git a/test/sun/security/krb5/auto/TcpTimeout.java b/test/sun/security/krb5/auto/TcpTimeout.java deleted file mode 100644 index 14cacc9d1..000000000 --- a/test/sun/security/krb5/auto/TcpTimeout.java +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 6952519 - * @compile -XDignore.symbol.file TcpTimeout.java - * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock TcpTimeout - * @summary kdc_timeout is not being honoured when using TCP - */ - -import java.io.*; -import java.net.ServerSocket; -import sun.security.krb5.Config; - -public class TcpTimeout { - public static void main(String[] args) - throws Exception { - - // Set debug to grab debug output like ">>> KDCCommunication" - System.setProperty("sun.security.krb5.debug", "true"); - - // Called before new ServerSocket on p1 and p2 to make sure - // customized nameservice is used - KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, 0, true); - int p3 = k.getPort(); - k.addPrincipal(OneKDC.USER, OneKDC.PASS); - k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); - - // Start two listener that does not communicate, simulate timeout - ServerSocket ss1 = null; - ServerSocket ss2 = null; - - try { - ss1 = new ServerSocket(0); - ss2 = new ServerSocket(0); - int p1 = ss1.getLocalPort(); - int p2 = ss2.getLocalPort(); - - FileWriter fw = new FileWriter("alternative-krb5.conf"); - - fw.write("[libdefaults]\n" + - "udp_preference_limit = 1\n" + - "max_retries = 2\n" + - "default_realm = " + OneKDC.REALM + "\n" + - "kdc_timeout = " + BadKdc.toReal(5000) + "\n"); - fw.write("[realms]\n" + OneKDC.REALM + " = {\n" + - "kdc = " + OneKDC.KDCHOST + ":" + p1 + "\n" + - "kdc = " + OneKDC.KDCHOST + ":" + p2 + "\n" + - "kdc = " + OneKDC.KDCHOST + ":" + p3 + "\n" + - "}\n"); - - fw.close(); - System.setProperty("java.security.krb5.conf", - "alternative-krb5.conf"); - Config.refresh(); - - System.out.println("Ports opened on " + p1 + ", " + p2 + ", " + p3); - - // The correct behavior should be: - // 5 sec on p1, 5 sec on p1, fail - // 5 sec on p2, 5 sec on p2, fail - // p3 ok, p3 ok again for preauth. - int count = 6; - - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - PrintStream oldout = System.out; - System.setOut(new PrintStream(bo)); - Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); - System.setOut(oldout); - - String[] lines = new String(bo.toByteArray()).split("\n"); - for (String line: lines) { - if (line.startsWith(">>> KDCCommunication")) { - System.out.println(line); - count--; - } - } - if (count != 0) { - throw new Exception("Retry count is " + count + " less"); - } - } finally { - if (ss1 != null) ss1.close(); - if (ss2 != null) ss2.close(); - } - } -} diff --git a/test/sun/security/krb5/auto/UdpTcp.java b/test/sun/security/krb5/auto/UdpTcp.java deleted file mode 100644 index a8d4f23cb..000000000 --- a/test/sun/security/krb5/auto/UdpTcp.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4966382 8039132 - * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UdpTcp UDP - * @run main/othervm -Dsun.net.spi.nameservice.provider.1=ns,mock UdpTcp TCP - * @summary udp or tcp - */ - -import java.io.ByteArrayOutputStream; -import java.io.PrintStream; -import sun.security.krb5.Config; - -public class UdpTcp { - - public static void main(String[] args) - throws Exception { - - System.setProperty("sun.security.krb5.debug", "true"); - - OneKDC kdc = new OneKDC(null); - kdc.writeJAASConf(); - - // Two styles of kdc_timeout setting. One global, one realm-specific. - if (args[0].equals("UDP")) { - KDC.saveConfig(OneKDC.KRB5_CONF, kdc, - "kdc_timeout = 10s"); - } else { - kdc.addConf("kdc_timeout = 10s"); - KDC.saveConfig(OneKDC.KRB5_CONF, kdc, - "udp_preference_limit = 1"); - } - Config.refresh(); - - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - PrintStream oldout = System.out; - System.setOut(new PrintStream(bo)); - Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); - System.setOut(oldout); - - for (String line: new String(bo.toByteArray()).split("\n")) { - if (line.contains(">>> KDCCommunication")) { - if (!line.contains(args[0]) || !line.contains("timeout=10000")) { - throw new Exception("No " + args[0] + " in: " + line); - } - } - } - } -} -- GitLab