8132111: Do not request for addresses for forwarded TGT

Reviewed-by: mbalao, shade
author: andrew <unknown> 2020-01-15 20:05:09 +0000
committer: bell-sw <liberica@bell-sw.com> 2020-01-19 09:13:28 +0300
commit: e4c899fda33cc58bb87d7624f1893bfffc108a22 (patch)
tree: ab74898a75f49cca995a62c856bd6a30748e47c1
parent: 00e6887ff48fa51ca98407cc2363f77709771b7e (diff)
download: jdk8u_jdk-e4c899fda33cc58bb87d7624f1893bfffc108a22.tar.gz
4 files changed, 16 insertions, 26 deletions
diff --git a/src/share/classes/sun/security/krb5/KrbCred.java b/src/share/classes/sun/security/krb5/KrbCred.java
index 7f02df8ef0..0ce26efc4a 100644
--- a/src/share/classes/sun/security/krb5/KrbCred.java
+++ b/src/share/classes/sun/security/krb5/KrbCred.java
@@ -34,8 +34,6 @@ package sun.security.krb5;
 import sun.security.krb5.internal.*;
 import sun.security.krb5.internal.crypto.KeyUsage;
 import java.io.IOException;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
 
 import sun.security.util.DerValue;
 
@@ -65,7 +63,6 @@ public class KrbCred {
 
         PrincipalName client = tgt.getClient();
         PrincipalName tgService = tgt.getServer();
-        PrincipalName server = serviceTicket.getServer();
         if (!serviceTicket.getClient().equals(client))
             throw new KrbException(Krb5.KRB_ERR_GENERIC,
                                 "Client principal does not match");
@@ -78,29 +75,9 @@ public class KrbCred {
         options.set(KDCOptions.FORWARDED, true);
         options.set(KDCOptions.FORWARDABLE, true);
 
-        HostAddresses sAddrs = null;
-
-        // GSSName.NT_HOSTBASED_SERVICE should display with KRB_NT_SRV_HST
-        if (server.getNameType() == PrincipalName.KRB_NT_SRV_HST) {
-            sAddrs = new HostAddresses(server);
-        } else if (server.getNameType() == PrincipalName.KRB_NT_UNKNOWN) {
-            // Sometimes this is also a server
-            if (server.getNameStrings().length >= 2) {
-                String host = server.getNameStrings()[1];
-                try {
-                    InetAddress[] addr = InetAddress.getAllByName(host);
-                    if (addr != null && addr.length > 0) {
-                        sAddrs = new HostAddresses(addr);
-                    }
-                } catch (UnknownHostException ioe) {
-                    // maybe we guessed wrong, let sAddrs be null
-                }
-            }
-        }
-
         KrbTgsReq tgsReq = new KrbTgsReq(options, tgt, tgService,
                 null, null, null, null, null,
-                sAddrs, // Only non-null for KRB_NT_SRV_HST, see JDK-8132111
+                null,   // No easy way to get addresses right
                 null, null, null);
         credMessg = createMessage(tgsReq.sendAndGetCreds(), key);
 
@@ -113,7 +90,6 @@ public class KrbCred {
         EncryptionKey sessionKey
             = delegatedCreds.getSessionKey();
         PrincipalName princ = delegatedCreds.getClient();
-        Realm realm = princ.getRealm();
         PrincipalName tgService = delegatedCreds.getServer();
 
         KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
diff --git a/src/share/classes/sun/security/krb5/internal/HostAddress.java b/src/share/classes/sun/security/krb5/internal/HostAddress.java
index f3d1d87467..77e00a0d61 100644
--- a/src/share/classes/sun/security/krb5/internal/HostAddress.java
+++ b/src/share/classes/sun/security/krb5/internal/HostAddress.java
@@ -39,6 +39,7 @@ import java.net.Inet4Address;
 import java.net.Inet6Address;
 import java.net.UnknownHostException;
 import java.io.IOException;
+import java.util.Arrays;
 
 /**
  * Implements the ASN.1 HostAddress type.
@@ -295,4 +296,11 @@ public class HostAddress implements Cloneable {
         }
     }
 
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append(Arrays.toString(address));
+        sb.append('(').append(addrType).append(')');
+        return sb.toString();
+    }
 }
diff --git a/src/share/classes/sun/security/krb5/internal/HostAddresses.java b/src/share/classes/sun/security/krb5/internal/HostAddresses.java
index 04eeb5de99..38bb6a348b 100644
--- a/src/share/classes/sun/security/krb5/internal/HostAddresses.java
+++ b/src/share/classes/sun/security/krb5/internal/HostAddresses.java
@@ -338,4 +338,9 @@ public class HostAddresses implements Cloneable {
         for (int i = 0; i < inetAddresses.length; i++)
             addresses[i] = new HostAddress(inetAddresses[i]);
     }
+
+    @Override
+    public String toString() {
+        return Arrays.toString(addresses);
+    }
 }
diff --git a/test/sun/security/krb5/auto/KDC.java b/test/sun/security/krb5/auto/KDC.java
index fa4ab5a658..0c5a891664 100644
--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java
@@ -903,9 +903,10 @@ public class KDC {
                     bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
                 }
             }
+            // We do not request for addresses for FORWARDED tickets
             if (options.containsKey(Option.CHECK_ADDRESSES)
                     && body.kdcOptions.get(KDCOptions.FORWARDED)
-                    && body.addresses == null) {
+                    && body.addresses != null) {
                 throw new KrbException(Krb5.KDC_ERR_BADOPTION);
             }
             if (body.kdcOptions.get(KDCOptions.FORWARDED) ||
author	andrew <unknown>	2020-01-15 20:05:09 +0000
committer	bell-sw <liberica@bell-sw.com>	2020-01-19 09:13:28 +0300
commit	e4c899fda33cc58bb87d7624f1893bfffc108a22 (patch)
tree	ab74898a75f49cca995a62c856bd6a30748e47c1
parent	00e6887ff48fa51ca98407cc2363f77709771b7e (diff)
download	jdk8u_jdk-e4c899fda33cc58bb87d7624f1893bfffc108a22.tar.gz