Re: code review request: 7144530: KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix

Mon, 20 Feb 2012 16:14:10 -0800 

Looks fine to me.
Thanks,
Valerie

On 02/19/12 20:37, Weijun Wang wrote:

Hi Valerie

Please take a review on this fix:

   http://cr.openjdk.java.net/~weijun/7144530/webrev.00/

I plan to backport it to jdk7u6 once the dev workspace is re-opened.

Thanks
Max

On 02/14/2012 06:01 PM, [email protected] wrote:


*Change Request ID*: 7144530
*Synopsis*: KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix
=== *Description* ============================================================ 
FULL PRODUCT VERSION :
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]

A DESCRIPTION OF THE PROBLEM :
Under JDK6, sun.security.krb5.internal.ktab.KeyTab.getInstance() used to remove prefixes like "file:" from the keyTabName.
Using JDK7 this is no longer the case. Passing a File URI like "file:/..." now results in an empty KeyTab. What happens, is a FileNotFoundException is thrown when reading from the FileInputStream in the constructor. The exception is caught in the constructor and the "isMissing" flag is set to true.
However, when the default_keytab_name property is resolved in getDefaultTabName(), prefixes like "file:" *are* removed (by calling the parse method). 

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Construct a dummy keytab file using ktab.exe.
ktab.exe -a host/user@DOMAIN password -k dummy.keytab

2. Construct a KeyTab using a File URI.
KeyTab keyTab = KeyTab.getInstance("file:/C:/workspace/dummy.keytab");

3. Retrieve the entries from the KeyTab.
keyTab.getEntries()

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
keyTab.getEntries() should contain the entries of the keytab.
ACTUAL -
keyTab.getEntries() is always empty, i.e. keyTab.getEntries().length is always zero.
However, when using with the absolute path to the same file, i.e. KeyTab.getInstance("C:/workspace/dummy.keytab"), it will correctly read its entries. 

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import static org.junit.Assert.assertTrue;

import org.junit.Test;

import sun.security.krb5.internal.ktab.KeyTab;

public class KeyTabPrefixBug {
private static final String PATH_TO_KEY_TAB = "C:/workspace/dummy.keytab"; 

    @Test
    public void withUriPrefix() throws Exception {
        KeyTab keyTab = KeyTab.getInstance("file:/" + PATH_TO_KEY_TAB);
        assertTrue(keyTab.getEntries().length>  0); // fails
    }

    @Test
    public void withoutUriPrefix() throws Exception {
        KeyTab keyTab = KeyTab.getInstance(PATH_TO_KEY_TAB);
        assertTrue(keyTab.getEntries().length>  0); // succeeds
    }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Always use file paths (never URIs) when using the Kerberos API.

Reply via email to