代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/openjdk-1.8.0 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
Date: Fri, 9 Jun 2023 09:31:14 +0800
Subject: 8210821: Support dns_canonicalize_hostname in krb5.conf
Bug url: https://bugs.openjdk.org/browse/JDK-8210821
---
.../sun/security/krb5/PrincipalName.java | 47 ++++++-----
.../krb5/auto/DnsCanonicalizeHostname.java | 81 +++++++++++++++++++
.../krb5/auto/dns_canonicalize_hostname.hosts | 8 ++
3 files changed, 118 insertions(+), 18 deletions(-)
create mode 100644 jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java
create mode 100644 jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts
diff --git a/jdk/src/share/classes/sun/security/krb5/PrincipalName.java b/jdk/src/share/classes/sun/security/krb5/PrincipalName.java
index e2dadb326..c1dc762ac 100644
--- a/jdk/src/share/classes/sun/security/krb5/PrincipalName.java
+++ b/jdk/src/share/classes/sun/security/krb5/PrincipalName.java
@@ -411,26 +411,37 @@ public class PrincipalName implements Cloneable {
case KRB_NT_SRV_HST:
if (nameParts.length >= 2) {
String hostName = nameParts[1];
+ Boolean option;
try {
- // RFC4120 does not recommend canonicalizing a hostname.
- // However, for compatibility reason, we will try
- // canonicalize it and see if the output looks better.
-
- String canonicalized = (InetAddress.getByName(hostName)).
- getCanonicalHostName();
-
- // Looks if canonicalized is a longer format of hostName,
- // we accept cases like
- // bunny -> bunny.rabbit.hole
- if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
- hostName.toLowerCase(Locale.ENGLISH)+".")) {
- hostName = canonicalized;
- }
- } catch (UnknownHostException | SecurityException e) {
- // not canonicalized or no permission to do so, use old
+ // If true, try canonicalizing and accept it if it starts
+ // with the short name. Otherwise, never. Default true.
+ option = Config.getInstance().getBooleanObject(
+ "libdefaults", "dns_canonicalize_hostname");
+ } catch (KrbException e) {
+ option = null;
}
- if (hostName.endsWith(".")) {
- hostName = hostName.substring(0, hostName.length() - 1);
+ if (option != Boolean.FALSE) {
+ try {
+ // RFC4120 does not recommend canonicalizing a hostname.
+ // However, for compatibility reason, we will try
+ // canonicalizing it and see if the output looks better.
+
+ String canonicalized = (InetAddress.getByName(hostName)).
+ getCanonicalHostName();
+
+ // Looks if canonicalized is a longer format of hostName,
+ // we accept cases like
+ // bunny -> bunny.rabbit.hole
+ if (canonicalized.toLowerCase(Locale.ENGLISH).startsWith(
+ hostName.toLowerCase(Locale.ENGLISH) + ".")) {
+ hostName = canonicalized;
+ }
+ } catch (UnknownHostException | SecurityException e) {
+ // not canonicalized or no permission to do so, use old
+ }
+ if (hostName.endsWith(".")) {
+ hostName = hostName.substring(0, hostName.length() - 1);
+ }
}
nameParts[1] = hostName.toLowerCase(Locale.ENGLISH);
}
diff --git a/jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java b/jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java
new file mode 100644
index 000000000..7b33d4b91
--- /dev/null
+++ b/jdk/test/sun/security/krb5/auto/DnsCanonicalizeHostname.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import jdk.testlibrary.Asserts;
+import sun.security.krb5.PrincipalName;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Arrays;
+
+/*
+ * @test
+ * @bug 8210821
+ * @summary Support dns_canonicalize_hostname in krb5.conf
+ * @library /lib/testlibrary
+ * /lib
+ * @compile -XDignore.symbol.file DnsCanonicalizeHostname.java
+ * @run main jdk.test.lib.FileInstaller dns_canonicalize_hostname.hosts hosts
+ * @run main/othervm -Djdk.net.hosts.file=hosts DnsCanonicalizeHostname false
+ */
+public class DnsCanonicalizeHostname {
+
+ // In dns_canonicalize_hostname.hosts, all "dummy.example.com", "dummy",
+ // and "bogus" are resolved to 127.0.0.1. Since "dummy.example.com" is on
+ // the first line, it is returned at the reverse lookup.
+
+ public static void main(String[] args) throws Exception {
+
+ Files.write(Paths.get("krb5.conf"), Arrays.asList(
+ "[libdefaults]",
+ "default_realm = R",
+ args[0].equals("none")
+ ? "# empty line"
+ : "dns_canonicalize_hostname = " + args[0],
+ "",
+ "[realms]",
+ "R = {",
+ " kdc = 127.0.0.1",
+ "}"
+ ));
+ System.setProperty("java.security.krb5.conf", "krb5.conf");
+
+ String n1 = new PrincipalName("host/dummy", PrincipalName.KRB_NT_SRV_HST)
+ .getNameStrings()[1];
+ String n2 = new PrincipalName("host/bogus", PrincipalName.KRB_NT_SRV_HST)
+ .getNameStrings()[1];
+
+ switch (args[0]) {
+ case "none":
+ case "true":
+ Asserts.assertEQ(n1, "dummy.example.com");
+ Asserts.assertEQ(n2, "bogus");
+ break;
+ case "false":
+ Asserts.assertEQ(n1, "dummy");
+ Asserts.assertEQ(n2, "bogus");
+ break;
+ }
+ }
+}
diff --git a/jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts b/jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts
new file mode 100644
index 000000000..d34f97611
--- /dev/null
+++ b/jdk/test/sun/security/krb5/auto/dns_canonicalize_hostname.hosts
@@ -0,0 +1,8 @@
+# The preferred name at reverse lookup
+127.0.0.1 dummy.example.com
+
+# The short name
+127.0.0.1 dummy
+
+# The strange name
+127.0.0.1 bogus
\ No newline at end of file
--
2.22.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。