krb5/auto/W83.java

	W83.java revision 3043
0N/A/*
553N/A * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
553N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
553N/A * or visit www.oracle.com if you need additional information or have any
553N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 6932525 6951366 6959292
0N/A * @summary kerberos login failure on win2008 with AD set to win2000 compat mode
0N/A * and cannot login if session key and preauth does not use the same etype
0N/A */
0N/Aimport com.sun.security.auth.module.Krb5LoginModule;
0N/Aimport java.io.File;
0N/Aimport sun.security.krb5.Config;
0N/Aimport sun.security.krb5.EncryptedData;
0N/Aimport sun.security.krb5.PrincipalName;
0N/Aimport sun.security.krb5.internal.crypto.EType;
0N/Aimport sun.security.krb5.internal.ktab.KeyTab;
0N/A
0N/Apublic class W83 {
0N/A    public static void main(String[] args) throws Exception {
0N/A
0N/A        W83 x = new W83();
0N/A
0N/A        // Cannot use OneKDC. kinit command cannot resolve
0N/A        // hostname kdc.rabbit.hole
0N/A        KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true);
0N/A        kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
0N/A        kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
0N/A        KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
0N/A        System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
0N/A        Config.refresh();
0N/A
0N/A        kdc.writeKtab(OneKDC.KTAB);
0N/A        new File(OneKDC.KRB5_CONF).deleteOnExit();
0N/A        new File(OneKDC.KTAB).deleteOnExit();
0N/A
0N/A        KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB);
0N/A        for (int etype: EType.getBuiltInDefaults()) {
0N/A            if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) {
0N/A                ktab.deleteEntries(new PrincipalName(OneKDC.USER), etype, -1);
0N/A            }
0N/A        }
0N/A        ktab.save();
0N/A
0N/A        // For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ
0N/A        // is not restricted to that of preauth
0N/A        kdc.setOption(KDC.Option.ONLY_RC4_TGT, true);
0N/A        x.go();
0N/A
0N/A        // For 6959292, make sure that when etype for enc-part in 2nd AS-REQ
0N/A        // is different from that of preauth, client can still decrypt it
0N/A        kdc.setOption(KDC.Option.ONLY_RC4_PREAUTH, true);
0N/A        x.go();
    }

    void go() throws Exception {
        Krb5LoginModule krb5 = new Krb5LoginModule();
        StringBuffer error = new StringBuffer();
        try {
            Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
        } catch (Exception e) {
            error.append("Krb5LoginModule password login error\n");
        }
        try {
            Context.fromUserKtab(OneKDC.USER, OneKDC.KTAB, false);
        } catch (Exception e) {
            error.append("Krb5LoginModule keytab login error\n");
        }
        try {
            Class.forName("sun.security.krb5.internal.tools.Kinit");
            String cmd = System.getProperty("java.home") +
                    System.getProperty("file.separator") +
                    "bin" +
                    System.getProperty("file.separator") +
                    "kinit";

            int p = execute(
                cmd,
                "-J-Djava.security.krb5.conf=" + OneKDC.KRB5_CONF,
                "-c", "cache1",
                OneKDC.USER,
                new String(OneKDC.PASS));
            if (p != 0) {
                error.append("kinit password login error\n");
            }
            p = execute(
                cmd,
                "-J-Djava.security.krb5.conf=" + OneKDC.KRB5_CONF,
                "-c", "cache2",
                "-k", "-t", OneKDC.KTAB,
                OneKDC.USER);
            if (p != 0) {
                error.append("kinit keytab login error\n");
            }
        } catch (ClassNotFoundException cnfe) {
            System.out.println("No kinit, test ignored.");
            // Ignore, not on windows
        }
        if (error.length() != 0) {
            throw new Exception(error.toString());
        }
    }

    private static int execute(String... args) throws Exception {
        for (String arg: args) {
            System.out.printf("%s ", arg);
        }
        System.out.println();
        Process p = Runtime.getRuntime().exec(args);
        return p.waitFor();
    }
}