1 /*
2 * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 6844193
27 * @compile -XDignore.symbol.file MaxRetries.java
28 * @run main/othervm/timeout=300 MaxRetries
29 * @summary support max_retries in krb5.conf
30 */
31
32 import java.io.*;
33 import java.net.DatagramSocket;
34 import java.security.Security;
35
36 public class MaxRetries {
37 public static void main(String[] args)
38 throws Exception {
39
40 System.setProperty("sun.security.krb5.debug", "true");
41 new OneKDC(null).writeJAASConf();
42
43 // An idle UDP socket to revent PortUnreachableException
44 DatagramSocket ds = new DatagramSocket(33333);
45
46 System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
47
48 // For tryLast
49 Security.setProperty("krb5.kdc.bad.policy", "trylast");
50 rewriteMaxRetries(4);
51 test1(4000, 6); // 1 1 1 1 2 2
52 test1(4000, 2); // 2 2
53
54 rewriteMaxRetries(1);
55 test1(1000, 3); // 1 2 2
56 test1(1000, 2); // 2 2
57
58 rewriteMaxRetries(-1);
59 test1(5000, 4); // 1 1 2 2
60 test1(5000, 2); // 2 2
61
62 // For tryLess
63 Security.setProperty("krb5.kdc.bad.policy", "tryless:1," + BadKdc.toReal(5000));
64 rewriteMaxRetries(4);
65 test1(4000, 7); // 1 1 1 1 2 1 2
66 test1(4000, 4); // 1 2 1 2
67
68 rewriteMaxRetries(1);
69 test1(1000, 4); // 1 2 1 2
70 test1(1000, 4); // 1 2 1 2
71
72 rewriteMaxRetries(-1);
73 test1(5000, 5); // 1 1 2 1 2
74 test1(5000, 4); // 1 2 1 2
75
76 rewriteUdpPrefLimit(-1, -1); // default, no limit
77 test2("UDP");
78
79 rewriteUdpPrefLimit(10, -1); // global rules
80 test2("TCP");
81
82 rewriteUdpPrefLimit(10, 10000); // realm rules
83 test2("UDP");
84
85 rewriteUdpPrefLimit(10000, 10); // realm rules
86 test2("TCP");
87
88 ds.close();
89 }
90
91 /**
92 * One round of test for max_retries and timeout.
93 * @param timeout the expected timeout
94 * @param count the expected total try
95 */
96 private static void test1(int timeout, int count) throws Exception {
97 String timeoutTag = "timeout=" + BadKdc.toReal(timeout);
98 ByteArrayOutputStream bo = new ByteArrayOutputStream();
99 PrintStream oldout = System.out;
100 System.setOut(new PrintStream(bo));
101 Context c = Context.fromJAAS("client");
102 System.setOut(oldout);
103
104 String[] lines = new String(bo.toByteArray()).split("\n");
105 System.out.println("----------------- TEST (" + timeout + "," +
106 count + ") -----------------");
107 for (String line: lines) {
108 if (line.startsWith(">>> KDCCommunication")) {
109 System.out.println(line);
110 if (line.indexOf(timeoutTag) < 0) {
111 throw new Exception("Wrong timeout value" + timeoutTag);
112 }
113 count--;
114 }
115 }
116 if (count != 0) {
117 throw new Exception("Retry count is " + count + " less");
118 }
119 }
120
121 /**
122 * One round of test for udp_preference_limit.
123 * @param proto the expected protocol used
124 */
125 private static void test2(String proto) throws Exception {
126 ByteArrayOutputStream bo = new ByteArrayOutputStream();
127 PrintStream oldout = System.out;
128 System.setOut(new PrintStream(bo));
129 Context c = Context.fromJAAS("client");
130 System.setOut(oldout);
131
132 int count = 2;
133 String[] lines = new String(bo.toByteArray()).split("\n");
134 System.out.println("----------------- TEST -----------------");
135 for (String line: lines) {
136 if (line.startsWith(">>> KDCCommunication")) {
137 System.out.println(line);
138 count--;
139 if (line.indexOf(proto) < 0) {
140 throw new Exception("Wrong timeout value");
141 }
142 }
143 }
144 if (count != 0) {
145 throw new Exception("Retry count is " + count + " less");
146 }
147 }
148
149 /**
150 * Set udp_preference_limit for global and realm
151 */
152 private static void rewriteUdpPrefLimit(int global, int realm)
153 throws Exception {
154 BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
155 FileWriter fw = new FileWriter("alternative-krb5.conf");
156 while (true) {
157 String s = fr.readLine();
158 if (s == null) {
159 break;
160 }
161 if (s.startsWith("[realms]")) {
162 // Reconfig global setting
163 if (global != -1) {
164 fw.write("udp_preference_limit = " + global + "\n");
165 }
166 } else if (s.trim().startsWith("kdc = ")) {
167 if (realm != -1) {
168 // Reconfig for realm
169 fw.write(" udp_preference_limit = " + realm + "\n");
170 }
171 }
172 fw.write(s + "\n");
173 }
174 fr.close();
175 fw.close();
176 sun.security.krb5.Config.refresh();
177 }
178
179 /**
180 * Set max_retries and timeout value for realm. The global value is always
181 * 2 and 5000.
182 * @param value max_retries and timeout/1000 for a realm, -1 means none.
183 */
184 private static void rewriteMaxRetries(int value) throws Exception {
185 BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
186 FileWriter fw = new FileWriter("alternative-krb5.conf");
187 while (true) {
188 String s = fr.readLine();
189 if (s == null) {
190 break;
191 }
192 if (s.startsWith("[realms]")) {
193 // Reconfig global setting
194 fw.write("max_retries = 2\n");
195 fw.write("kdc_timeout = " + BadKdc.toReal(5000) + "\n");
196 } else if (s.trim().startsWith("kdc = ")) {
197 if (value != -1) {
198 // Reconfig for realm
199 fw.write(" max_retries = " + value + "\n");
200 fw.write(" kdc_timeout = " + BadKdc.toReal(value*1000) + "\n");
201 }
202 // Add a bad KDC as the first candidate
203 fw.write(" kdc = localhost:33333\n");
204 }
205 fw.write(s + "\n");
206 }
207 fr.close();
208 fw.close();
209 sun.security.krb5.Config.refresh();
210 }
211 }