1 /* 2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.io.File; 25 import java.util.HashMap; 26 import java.util.Map; 27 import jdk.test.lib.process.ProcessTools; 28 import jdk.test.lib.process.OutputAnalyzer; 29 30 /* 31 * @test 32 * @bug 6857795 8075299 33 * @summary Checks if kinit uses both krb5 conf file and system properties 34 * @requires os.family == "windows" 35 * @library /test/lib 36 * @library /sun/security/krb5/auto 37 * @run main/othervm KinitConfPlusProps 38 */ 39 public class KinitConfPlusProps { 40 41 private static final String KINIT = System.getProperty("java.home") 42 + File.separator + "bin" + File.separator + "kinit"; 43 private static final String KLIST = System.getProperty("java.home") 44 + File.separator + "bin" + File.separator + "klist"; 45 private static final String REALM = "REALM"; 46 private static final String ANOTHER_REALM = "ANOTHER.REALM"; 47 private static final String HOST = "localhost"; 48 private static final String CC_FILENAME = "krb5cc_test"; 49 private static final String USER = "TESTER"; 50 private static final String USER_PRINCIPAL = USER + "@" + REALM; 51 private static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM; 52 private static final String KEYTAB_FILE = "test.keytab"; 53 private static final String KRB5_CONF_FILENAME = "krb5.conf"; 54 55 public static void main(String[] args) throws Exception { 56 // define principals 57 Map<String, String> principals = new HashMap<>(); 58 principals.put(USER_PRINCIPAL, null); 59 principals.put(KRBTGT_PRINCIPAL, null); 60 61 System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME); 62 63 // start a local KDC instance 64 KDC kdc = KDC.startKDC(HOST, null, REALM, principals, KEYTAB_FILE, 65 KDC.KtabMode.APPEND); 66 KDC.saveConfig(KRB5_CONF_FILENAME, kdc, 67 "forwardable = true", "proxiable = true"); 68 69 boolean success = true; 70 71 /* 72 * kinit should fail since java.security.krb5.kdc 73 * and java.security.krb5.realm properties override correct values 74 * in krb5 conf file 75 */ 76 String[] command = {KINIT, "-k", 77 "-J-Djava.security.krb5.realm=" + REALM, 78 "-J-Djava.security.krb5.kdc=" + HOST, // without port 79 "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, 80 "-t", KEYTAB_FILE, 81 "-c", CC_FILENAME, 82 USER 83 }; 84 85 try { 86 OutputAnalyzer out = ProcessTools.executeCommand(command); 87 out.shouldHaveExitValue(-1); 88 } catch(Throwable e) { 89 System.out.println("Unexpected exception: " + e); 90 e.printStackTrace(System.out); 91 success = false; 92 } 93 94 /* 95 * kinit should succeed 96 * since realm should be picked up from principal name 97 */ 98 command = new String[] {KINIT, "-k", 99 "-J-Djava.security.krb5.realm=" + ANOTHER_REALM, 100 "-J-Djava.security.krb5.kdc=" + HOST, 101 "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, 102 "-t", KEYTAB_FILE, 103 "-c", CC_FILENAME, 104 USER_PRINCIPAL 105 }; 106 107 try { 108 OutputAnalyzer out = ProcessTools.executeCommand(command); 109 out.shouldHaveExitValue(0); 110 out.shouldContain(CC_FILENAME); 111 } catch(Throwable e) { 112 System.out.println("Unexpected exception: " + e); 113 e.printStackTrace(System.out); 114 success = false; 115 } 116 117 success &= checkTicketFlags(); 118 119 /* 120 * kinit should succeed 121 * since realm should be picked up from principal name, 122 * and other data should come from krb5 conf file 123 */ 124 command = new String[] {KINIT, "-k", 125 "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, 126 "-t", KEYTAB_FILE, 127 "-c", CC_FILENAME, 128 USER_PRINCIPAL 129 }; 130 131 try { 132 OutputAnalyzer out = ProcessTools.executeCommand(command); 133 out.shouldHaveExitValue(0); 134 out.shouldContain(CC_FILENAME); 135 } catch(Throwable e) { 136 System.out.println("Unexpected exception: " + e); 137 e.printStackTrace(System.out); 138 success = false; 139 } 140 141 success &= checkTicketFlags(); 142 143 // kinit should succeed even if a principal name doesn't have realm 144 command = new String[] {KINIT, "-k", 145 "-J-Djava.security.krb5.conf=" + KRB5_CONF_FILENAME, 146 "-t", KEYTAB_FILE, 147 "-c", CC_FILENAME, 148 USER 149 }; 150 151 try { 152 OutputAnalyzer out = ProcessTools.executeCommand(command); 153 out.shouldHaveExitValue(0); 154 out.shouldContain(CC_FILENAME); 155 } catch(Throwable e) { 156 System.out.println("Unexpected exception: " + e); 157 e.printStackTrace(System.out); 158 success = false; 159 } 160 161 success &= checkTicketFlags(); 162 163 if (!success) { 164 throw new RuntimeException("At least one test case failed"); 165 } 166 System.out.println("Test passed"); 167 } 168 169 // check if a ticket has forwardable and proxiable flags 170 private static boolean checkTicketFlags() { 171 String[] command = new String[] {KLIST, "-f", "-c", CC_FILENAME}; 172 173 try { 174 OutputAnalyzer out = ProcessTools.executeCommand(command); 175 out.shouldHaveExitValue(0); 176 out.shouldContain("FORWARDABLE"); 177 out.shouldContain("PROXIABLE"); 178 } catch(Throwable e) { 179 System.out.println("Unexpected exception: " + e); 180 e.printStackTrace(System.out); 181 return false; 182 } 183 184 return true; 185 } 186 }