1 /* 2 * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8005447 8194486 27 * @summary default principal can act as anyone 28 * @library /test/lib 29 * @compile -XDignore.symbol.file TwoOrThree.java 30 * @run main jdk.test.lib.FileInstaller TestHosts TestHosts 31 * @run main/othervm -Djdk.net.hosts.file=TestHosts TwoOrThree first first 32 * @run main/othervm/fail -Djdk.net.hosts.file=TestHosts TwoOrThree first second 33 * @run main/othervm -Djdk.net.hosts.file=TestHosts TwoOrThree - first 34 * @run main/othervm -Djdk.net.hosts.file=TestHosts TwoOrThree - second 35 * @run main/othervm/fail -Djdk.net.hosts.file=TestHosts TwoOrThree - third 36 */ 37 38 import java.nio.file.Files; 39 import java.nio.file.Paths; 40 import java.nio.file.StandardOpenOption; 41 import javax.security.auth.Subject; 42 import sun.security.jgss.GSSUtil; 43 44 /* 45 * The JAAS login has two krb5 modules 46 * 1. principal is A 47 * 2. principal is B 48 * A named principal can only accept itself. The default principal can accept 49 * either, but not any other service even if the keytab also include its keys. 50 */ 51 public class TwoOrThree { 52 main(String[] args)53 public static void main(String[] args) throws Exception { 54 55 String server = args[0].equals("-") ? null : args[0]; 56 String target = args[1]; 57 OneKDC kdc = new OneKDC(null); 58 kdc.addPrincipal("first", "first".toCharArray()); 59 kdc.addPrincipal("second", "second".toCharArray()); 60 kdc.addPrincipal("third", "third".toCharArray()); 61 kdc.writeKtab(OneKDC.KTAB); 62 63 Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); 64 65 // Using keytabs 66 Subject sub4s = new Subject(); 67 Context.fromUserKtab(sub4s, "first", OneKDC.KTAB, true); 68 Context s = Context.fromUserKtab(sub4s, "second", OneKDC.KTAB, true); 69 c.startAsClient(target, GSSUtil.GSS_KRB5_MECH_OID); 70 s.startAsServer(server, GSSUtil.GSS_KRB5_MECH_OID); 71 Context.handshake(c, s); 72 73 // Using keys 74 sub4s = new Subject(); 75 Context.fromUserPass(sub4s, "first", "first".toCharArray(), true); 76 s = Context.fromUserPass(sub4s, "second", "second".toCharArray(), true); 77 c.startAsClient(target, GSSUtil.GSS_KRB5_MECH_OID); 78 s.startAsServer(server, GSSUtil.GSS_KRB5_MECH_OID); 79 Context.handshake(c, s); 80 81 s.dispose(); 82 c.dispose(); 83 } 84 } 85