/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
*
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
* Copyright 1997 The Open Group Research Institute. All rights reserved.
*/
/**
* KrbTgsReq. This class is now communication only.
*/
public final class KdcComm {
// The following settings can be configured in [libdefaults]
// section of krb5.conf, which are global for all realms. Each of
// them can also be defined in a realm, which overrides value here.
/**
* max retry time for a single KDC, default Krb5.KDC_RETRY_LIMIT (3)
*/
private static int defaultKdcRetryLimit;
/**
* timeout requesting a ticket from KDC, in millisec, default 30 sec
*/
private static int defaultKdcTimeout;
/**
* max UDP packet size, default unlimited (-1)
*/
private static int defaultUdpPrefLimit;
/**
* What to do when a KDC is unavailable, specified in the
* java.security file with key krb5.kdc.bad.policy.
* Possible values can be TRY_LAST or TRY_LESS. Reloaded when refreshed.
*/
private enum BpType {
}
static {
initStatic();
}
/**
* Read global settings
*/
public static void initStatic() {
new PrivilegedAction<String>() {
}
});
try {
}
// Assign here in case of exception at params[1]
} catch (NumberFormatException nfe) {
// Ignored. Please note that tryLess is recognized and
// used, parameters using default values
if (DEBUG) {
" parameter for tryLess: " +
value + ", use default");
}
}
}
} else {
}
} else {
}
int timeout = -1;
int max_retries = -1;
int udf_pref_limit = -1;
try {
// ignore any exceptions; use default values
if (DEBUG) {
"settings, using default value " +
exc.getMessage());
}
}
}
/**
* The instance fields
*/
"Cannot find default realm");
}
}
}
throws IOException, KrbException {
}
throws IOException, KrbException {
return null;
"Cannot find default realm");
}
}
}
try {
try {
} catch (Exception e) {
// OK
}
}
break;
} catch (Exception e) {
if (DEBUG) {
tempKdc);
}
savedException = e;
}
}
if (savedException instanceof IOException) {
throw (IOException) savedException;
} else {
throw (KrbException) savedException;
}
}
return ibuf;
}
// send the AS Request to the specified KDC
throws IOException, KrbException {
return null;
int retries = getRealmSpecificValue(
int timeout = getRealmSpecificValue(
if (retries > tryLessMaxRetries) {
}
if (timeout > tryLessTimeout) {
}
}
if (pos == -1) {
}
}
}
} else {
} else {
} else { // 1 ":", hostname or IPv4 with port
}
}
}
if (tempPort > 0)
}
if (DEBUG) {
+ port + ", timeout="
+ timeout
+ ", number of retries ="
+ retries
}
try {
if (DEBUG) {
}
return ibuf;
} catch (PrivilegedActionException e) {
if (wrappedException instanceof IOException) {
throw (IOException) wrappedException;
} else {
throw (KrbException) wrappedException;
}
}
}
private static class KdcCommunication
implements PrivilegedExceptionAction<byte[]> {
private int port;
private boolean useTCP;
private int timeout;
private int retries;
private byte[] obuf;
}
// The caller only casts IOException and KrbException so don't
// add any new ones!
for (int i=1; i <= retries; i++) {
if (DEBUG) {
+ port + ", timeout="
+ timeout
+ ",Attempt =" + i
}
try {
/*
* Send the data to the kdc.
*/
/*
* And get a response.
*/
break;
} catch (SocketTimeoutException se) {
if (DEBUG) {
"attempt: " + i);
}
if (i == retries) {
throw se;
}
} finally {
}
}
return ibuf;
}
}
/**
* Returns krb5.conf setting of {@code key} for a specfic realm,
* which can be:
* 1. defined in the sub-stanza for the given realm inside [realms], or
* 2. defined in [libdefaults], or
* 3. defValue
* @param realm the given realm in which the setting is requested. Returns
* the global setting if null
* @param key the key for the setting
* @param defValue default value
* @return a value for the key
*/
int v = defValue;
int temp = -1;
try {
// Ignored, defValue will be picked up
}
return v;
}
return -1;
int ret = -1;
try {
return -1;
}
if (ret >= 0)
return ret;
return -1;
}
/**
* Maintains a KDC accessible list. Unavailable KDCs are put into a
* blacklist, when a KDC in the blacklist is available, it's removed
* from there. No insertion order in the blacklist.
*
* There are two methods to deal with KDCs in the blacklist. 1. Only try
* them when there's no KDC not on the blacklist. 2. Still try them, but
* with lesser number of retries and smaller timeout value.
*/
static class KdcAccessibility {
// Known bad KDCs
if (DEBUG) {
}
}
if (DEBUG) {
}
}
}
private static synchronized void reset() {
if (DEBUG) {
}
}
// Returns a preferred KDC list by putting the bad ones at the end
while (st.hasMoreTokens()) {
}
// Bad KDCs are put at last
} else {
// All KDCs are returned in their original order,
// This include TRY_LESS and NONE
while (st.hasMoreTokens()) {
}
}
}
}
}