RFR: 8277489: Rewrite JAAS UnixLoginModule with FFM [v5]
Weijun Wang
weijun at openjdk.org
Mon Jan 5 16:49:05 UTC 2026
On Mon, 5 Jan 2026 16:36:50 GMT, Martin Doerr <mdoerr at openjdk.org> wrote:
>> Maybe we can call `Integer.toUnsignedLong()` on `pw_uid` and `pw_gid`? In `UnixSystem`, they are `long`s.
>>
>> Also, I want to discuss on the `username` issue again. Do you think it's good to login successfully without a `UnixPrincipal`? Now that there is a way on AIX to get it, I'm more inclined to revert the changes made to `UnixLoginModule`. While the old `Unix.c` seems to support username being `null` we know it would fail immediately with an NPE so this has never really worked before. My current understanding is that silent passing the login without a username might hide a bug and if the user takes it for granted that there should be a `UnixPrincipal` there will be a problem sooner or later. In fact, I would suggest we just throw an exception in `UnixSystem` if `getpwuid_r` cannot find the username.
>
>> Maybe we can call Integer.toUnsignedLong() on pw_uid and pw_gid? In UnixSystem, they are longs.
>
> Yes, I had thought about this, too. But, I think we will need to distinguish between the platforms. PPC64 and s390 (and also SPARC which is no longer supported) pass smaller integer type values as 64 bit `long` and `Integer.toUnsignedLong()` would be correct when we change the signature to use `long` instead of `int`.
> However, other platforms may require to pass the values as 4 Byte `int`. Especially when they are passed on stack. (Not sure if any supported platform does that. Probably not.) It's unfortunate that the FFM doesn't provide a good abstraction for passing `uint32_t`. Maybe we should implement an enhancement?
> In hotspot, `CCallingConventionRequiresIntsAsLongs` is used to decide if 4 Byte integer types need to get extended.
>
>> I would suggest we just throw an exception in UnixSystem if getpwuid_r cannot find the username.
>
> Fine with me. I don't like ignoring getpwuid_r failures, either.
I created fake account and group on my linux-x64 with numbers bigger than `Integer.MAX_VALUE` and call `getgroups` and `getpwuid_r`. The results always look good after a `Integer.toUnsignedLong()` conversion.
I would think it's safe because it's only called after the C functions.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28931#discussion_r2662146915
More information about the build-dev
mailing list