Merge tag jb8u232-b1638.6

Change-Id: I5b42bd7c94ffa67028549cac0264d79e24b2febd
author: Dana Dahlstrom <dahlstrom@google.com> 2020-01-30 12:00:00 -0800
committer: Dana Dahlstrom <dahlstrom@google.com> 2020-02-10 12:00:00 -0800
commit: 48adcc45b3935045b1ff2013ecfd05e6f3bdb1cc (patch)
tree: 7e47ce0d2a402a9e765541e514aa969ef8325928 /src/share/native/sun/security/krb5/nativeccache.c
parent: e5752ae568d3c43497ae4f33d731fadf4ef165d4 (diff)
parent: 5b42bd7c94ffa67028549cac0264d79e24b2febd (diff)
download: jdk8u_jdk-48adcc45b3935045b1ff2013ecfd05e6f3bdb1cc.tar.gz
1 files changed, 44 insertions, 0 deletions
diff --git a/src/share/native/sun/security/krb5/nativeccache.c b/src/share/native/sun/security/krb5/nativeccache.c
index beb5bf0262..1b50a2e176 100644
--- a/src/share/native/sun/security/krb5/nativeccache.c
+++ b/src/share/native/sun/security/krb5/nativeccache.c
@@ -291,6 +291,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
 
     int netypes;
     jint *etypes = NULL;
+    int proxy_flag = 0;
 
     /* Initialize the Kerberos 5 context */
     err = krb5_init_context (&kcontext);
@@ -303,6 +304,48 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ
         err = krb5_cc_set_flags (kcontext, ccache, flags); /* turn off OPENCLOSE */
     }
 
+    // First round read. The proxy_impersonator config flag is not supported.
+    // This ccache will not be used if this flag exists.
+    if (!err) {
+        err = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
+    }
+
+    if (!err) {
+        while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
+            char *serverName = NULL;
+
+            if (!err) {
+                err = krb5_unparse_name (kcontext, creds.server, &serverName);
+                printiferr (err, "while unparsing server name");
+            }
+
+            if (!err) {
+                if (!strcmp(serverName, "krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF:")) {
+                    proxy_flag = 1;
+                }
+            }
+
+            if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
+
+            krb5_free_cred_contents (kcontext, &creds);
+
+            if (proxy_flag) break;
+        }
+
+        if (err == KRB5_CC_END) { err = 0; }
+        printiferr (err, "while retrieving a ticket");
+    }
+
+    if (!err) {
+        err = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
+        printiferr (err, "while finishing ticket retrieval");
+    }
+
+    if (proxy_flag) {
+        goto outer_cleanup;
+    }
+    // End of first round read
+
     if (!err) {
         err = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
     }
@@ -430,6 +473,7 @@ cleanup:
         printiferr (err, "while finishing ticket retrieval");
     }
 
+outer_cleanup:
     if (!err) {
         flags = KRB5_TC_OPENCLOSE; /* restore OPENCLOSE mode */
         err = krb5_cc_set_flags (kcontext, ccache, flags);
author	Dana Dahlstrom <dahlstrom@google.com>	2020-01-30 12:00:00 -0800
committer	Dana Dahlstrom <dahlstrom@google.com>	2020-02-10 12:00:00 -0800
commit	48adcc45b3935045b1ff2013ecfd05e6f3bdb1cc (patch)
tree	7e47ce0d2a402a9e765541e514aa969ef8325928 /src/share/native/sun/security/krb5/nativeccache.c
parent	e5752ae568d3c43497ae4f33d731fadf4ef165d4 (diff)
parent	5b42bd7c94ffa67028549cac0264d79e24b2febd (diff)
download	jdk8u_jdk-48adcc45b3935045b1ff2013ecfd05e6f3bdb1cc.tar.gz