Projects
Mega:24.03:SP1:Everything
openjdk-1.8.0
_service:tar_scm:0035-8210821-Support-dns_canon...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:0035-8210821-Support-dns_canonicalize_hostname-in-krb5.co.patch of Package openjdk-1.8.0
Date: Fri, 9 Jun 2023 09:31:14 +0800 Subject: 8210821: Support dns_canonicalize_hostname in krb5.conf Bug url: https://bugs.openjdk.org/browse/JDK-8210821 --- .../sun/security/krb5/PrincipalName.java | 47 ++++++----- .../krb5/auto/DnsCanonicalizeHostname.java | 81 +++++++++++++++++++ .../krb5/auto/dns_canonicalize_hostname.hosts | 8 ++ 3 files changed, 118 insertions(+), 18 deletions(-) create mode 100644 jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java create mode 100644 jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts diff --git a/jdk/src/share/classes/sun/security/krb5/PrincipalName.java b/jdk/src/share/classes/sun/security/krb5/PrincipalName.java index e2dadb326..c1dc762ac 100644 --- a/jdk/src/share/classes/sun/security/krb5/PrincipalName.java +++ b/jdk/src/share/classes/sun/security/krb5/PrincipalName.java @@ -411,26 +411,37 @@ public class PrincipalName implements Cloneable { case KRB_NT_SRV_HST: if (nameParts.length >= 2) { String hostName = nameParts[1]; + Boolean option; try { - // RFC4120 does not recommend canonicalizing a hostname. - // However, for compatibility reason, we will try - // canonicalize it and see if the output looks better. - - String canonicalized = (InetAddress.getByName(hostName)). - getCanonicalHostName(); - - // Looks if canonicalized is a longer format of hostName, - // we accept cases like - // bunny -> bunny.rabbit.hole - if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith( - hostName.toLowerCase(Locale.ENGLISH)+".")) { - hostName = canonicalized; - } - } catch (UnknownHostException | SecurityException e) { - // not canonicalized or no permission to do so, use old + // If true, try canonicalizing and accept it if it starts + // with the short name. Otherwise, never. Default true. + option = Config.getInstance().getBooleanObject( + "libdefaults", "dns_canonicalize_hostname"); + } catch (KrbException e) { + option = null; } - if (hostName.endsWith(".")) { - hostName = hostName.substring(0, hostName.length() - 1); + if (option != Boolean.FALSE) { + try { + // RFC4120 does not recommend canonicalizing a hostname. + // However, for compatibility reason, we will try + // canonicalizing it and see if the output looks better. + + String canonicalized = (InetAddress.getByName(hostName)). + getCanonicalHostName(); + + // Looks if canonicalized is a longer format of hostName, + // we accept cases like + // bunny -> bunny.rabbit.hole + if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith( + hostName.toLowerCase(Locale.ENGLISH) + ".")) { + hostName = canonicalized; + } + } catch (UnknownHostException | SecurityException e) { + // not canonicalized or no permission to do so, use old + } + if (hostName.endsWith(".")) { + hostName = hostName.substring(0, hostName.length() - 1); + } } nameParts[1] = hostName.toLowerCase(Locale.ENGLISH); } diff --git a/jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java b/jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java new file mode 100644 index 000000000..7b33d4b91 --- /dev/null +++ b/jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.testlibrary.Asserts; +import sun.security.krb5.PrincipalName; + +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.Arrays; + +/* + * @test + * @bug 8210821 + * @summary Support dns_canonicalize_hostname in krb5.conf + * @library /lib/testlibrary + * /lib + * @compile -XDignore.symbol.file DnsCanonicalizeHostname.java + * @run main jdk.test.lib.FileInstaller dns_canonicalize_hostname.hosts hosts + * @run main/othervm -Djdk.net.hosts.file=hosts DnsCanonicalizeHostname false + */ +public class DnsCanonicalizeHostname { + + // In dns_canonicalize_hostname.hosts, all "dummy.example.com", "dummy", + // and "bogus" are resolved to 127.0.0.1. Since "dummy.example.com" is on + // the first line, it is returned at the reverse lookup. + + public static void main(String[] args) throws Exception { + + Files.write(Paths.get("krb5.conf"), Arrays.asList( + "[libdefaults]", + "default_realm = R", + args[0].equals("none") + ? "# empty line" + : "dns_canonicalize_hostname = " + args[0], + "", + "[realms]", + "R = {", + " kdc = 127.0.0.1", + "}" + )); + System.setProperty("java.security.krb5.conf", "krb5.conf"); + + String n1 = new PrincipalName("host/dummy", PrincipalName.KRB_NT_SRV_HST) + .getNameStrings()[1]; + String n2 = new PrincipalName("host/bogus", PrincipalName.KRB_NT_SRV_HST) + .getNameStrings()[1]; + + switch (args[0]) { + case "none": + case "true": + Asserts.assertEQ(n1, "dummy.example.com"); + Asserts.assertEQ(n2, "bogus"); + break; + case "false": + Asserts.assertEQ(n1, "dummy"); + Asserts.assertEQ(n2, "bogus"); + break; + } + } +} diff --git a/jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts b/jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts new file mode 100644 index 000000000..d34f97611 --- /dev/null +++ b/jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts @@ -0,0 +1,8 @@ +# The preferred name at reverse lookup +127.0.0.1 dummy.example.com + +# The short name +127.0.0.1 dummy + +# The strange name +127.0.0.1 bogus \ No newline at end of file -- 2.22.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2