1 /*
2 * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8005447
27 * @summary default principal can act as anyone
28 * @modules java.base/sun.net.spi.nameservice
29 * java.base/sun.security.util
30 * java.security.jgss/sun.security.jgss
31 * java.security.jgss/sun.security.krb5
32 * java.security.jgss/sun.security.krb5.internal
33 * java.security.jgss/sun.security.krb5.internal.ccache
34 * java.security.jgss/sun.security.krb5.internal.crypto
35 * java.security.jgss/sun.security.krb5.internal.ktab
36 * @compile -XDignore.symbol.file DiffNameSameKey.java
37 * @run main/othervm/fail DiffNameSameKey a
38 * @run main/othervm DiffNameSameKey b
39 */
40
41 import sun.security.jgss.GSSUtil;
42 import sun.security.krb5.PrincipalName;
43
44 /**
45 * This test confirms the compatibility codes described in
46 * ServiceCreds.getEKeys(). If the acceptor starts as x.us.oracle.com
47 * but client requests for x.us, as long as the KDC supports both names
48 * and the keys are the same, the auth should succeed.
49 */
50 public class DiffNameSameKey {
51
52 static final String SERVER2 = "x" + OneKDC.SERVER;
53
54 public static void main(String[] args) throws Exception {
55
56 OneKDC kdc = new KDC2();
57 kdc.addPrincipal(SERVER2, "samepass".toCharArray());
58 kdc.addPrincipal(OneKDC.SERVER, "samepass".toCharArray());
59 kdc.writeJAASConf();
60 kdc.writeKtab(OneKDC.KTAB);
61
62 Context c, s;
63 c = Context.fromJAAS("client");
64 s = Context.fromJAAS("server");
65
66 switch (args[0]) {
67 case "a": // If server starts as another service, should fail
68 c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
69 s.startAsServer(SERVER2.replace('/', '@'),
70 GSSUtil.GSS_SPNEGO_MECH_OID);
71 break;
72 case "b": // If client requests another server with the same keys,
73 // succeed to be compatible
74 c.startAsClient(SERVER2, GSSUtil.GSS_SPNEGO_MECH_OID);
75 s.startAsServer(OneKDC.SERVER.replace('/', '@'),
76 GSSUtil.GSS_SPNEGO_MECH_OID);
77 break;
78 }
79
80 Context.handshake(c, s);
81
82 s.dispose();
83 c.dispose();
84 }
85
86 /**
87 * This KDC returns the same salt for all principals. This means same
88 * passwords generate same keys.
89 */
90 static class KDC2 extends OneKDC {
91 KDC2() throws Exception {
92 super(null);
93 }
94 @Override
95 public String getSalt(PrincipalName pn) {
96 return "SAME";
97 }
98 }
99 }