[rfc][icedtea7] Handle alternative Kerberos credential cache locations

Andrew Hughes gnu.andrew at redhat.com
Wed Aug 14 09:56:32 PDT 2013 


----- Original Message -----
> 
> 
> ----- Original Message -----
> > Hi Andrew,
> > 
> > On 08/14/2013 10:54 AM, Andrew Hughes wrote:
> > > ----- Original Message -----
> > >> Hi,
> > >>
> > >> Kerberos 1.11 introduced a new configuration variable to override the
> > >> default location of the credential cache at build time. Fedora 18 and up
> > >> have used this new configuration variable to define an alternate default
> > >> cache location (/run/user/$UID/krb5cc/tkt). This bug was initially
> > >> reported against Fedora [1].
> > >>
> > >> On Linux and Solaris systems, FileCredentialsCache.getDefaultCacheName()
> > >> defaults to the previously hard-coded location (/tmp/krb5cc_$UID). This
> > >> location will be incorrect if Kerberos was built with an alternative
> > >> credential cache location set. Since this credential cache location can
> > >> be arbitrary, we need to query the Kerberos API for the correct
> > >> location. This patch implements this query using a new JNI call, which
> > >> adds a dependency on libkrb5 for Linux and Solaris systems.
> > >>
> > >> This patch was prepared against icedtea7-forest/jdk, changeset
> > >> afaedb56b499.
> > >>
> > >> 2013-08-12  Elliott Baron <ebaron at redhat.com>
> > >>       * make/sun/security/Makefile: Build krb5/internal/ccache on Linux
> > >> and Solaris.
> > >>       *
> > >> src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java:
> > >> Replace
> > >>       hard-coded cache location with native call to Kerberos API.
> > >>       * make/sun/security/krb5/internal/ccache/Makefile: New file;
> > >>       builds
> > >> JNI wrapper for
> > >>       needed Kerberos API.
> > >>       *
> > >> src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c: New
> > >> file; JNI function
> > >>       to query default cache location from Kerberos API.
> > >>
> > >> Thanks,
> > >> Elliott
> > >>
> > >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=991170
> > >>
> > >>
> > > I'm building this now and will commit if it builds fine.  I noticed that
> > > the
> > > copyright header on the new Makefile didn't match that on the new source
> > > file,
> > > so I copied over the one from the source file, as I assume you didn't
> > > change
> > > to working for Oracle mid-patch ;)
> > 
> > Thanks! As far as I know I didn't switch jobs mid-patch ;). The header
> > was actually intentional, since this new Makefile is heavily derived
> > from one of the existing JNI Makefiles. I was a bit unsure how to deal
> > with this header.
> > 
> 
> I revised them slightly in the committed version:
> 
> http://icedtea.classpath.org/hg/icedtea7-forest/jdk/rev/3e4e1a4ef584
> 
> Did you actually test on Solaris?  If not, you probably shouldn't enable
> it there.  I have a feeling the _GNU_SOURCE won't work there.
> 

>From my build log, it seems you may not need it...

/usr/bin/gcc  -O2   -fno-strict-aliasing -fPIC -W -Wall  -Wno-unused -Wno-parentheses -pipe -fno-omit-frame-pointer -D_LITTLE_E\
NDIAN -g   -DNDEBUG -DARCH='"amd64"' -Damd64 -DLINUX -DRELEASE='"1.7.0-internal"' -D_LARGEFILE64_SOURCE -D_GNU_SOURCE -D_REENTR\
ANT -D_LP64=1 -I. -I/home/andrew/builder/icedtea-2.5/tmp/sun/sun.security.krb5.internal.ccache/CClassHeaders -I../../../../../.\
./src/solaris/javavm/export -I../../../../../../src/share/javavm/export -I../../../../../../src/share/native/common -I../../../\
../../../src/solaris/native/common -I../../../../../../src/share/native/sun/security/krb5/internal/ccache -I../../../../../../s\
rc/solaris/native/sun/security/krb5/internal/ccache    -c -o /home/andrew/builder/icedtea-2.5/tmp/sun/sun.security.krb5.interna\
l.ccache/obj64/krb5ccache.o  ../../../../../../src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c
../../../../../../src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c:26:0: warning: "_GNU_SOURCE" redefined [ena\
bled by default]
 #define _GNU_SOURCE
 ^
<command-line>:0:0: note: this is the location of the previous definition
../../../../../../src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c: In function 'Java_sun_security_krb5_intern\
al_ccache_FileCredentialsCache_nativeGetDefaultCacheName':
../../../../../../src/solaris/native/sun/security/krb5/internal/ccache/krb5ccache.c:43:22: warning: unused parameter 'krbcredsC\
lass' [-Wunused-parameter]
 (JNIEnv *env, jclass krbcredsClass)


-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the distro-pkg-dev mailing list