[8u] RFR 8201627: Kerberos sequence number issues

Martin Balao mbalao at redhat.com
Sat Dec 21 05:41:35 UTC 2019 

Hello Andrew,

Thanks for having a look.

On 12/16/19 3:14 PM, Andrew John Hughes wrote:
> 
> I think there's a case here for backporting JDK-8154231 or at least
> bringing over the remaining two methods for GetPropertyAction that
> weren't part of JDK-8181048.
> 

What finally introduces a default value argument for
privilegedGetProperty seems to be 8155775 [1] [2], that depends on
8154231 [3] [4]. If you are okay with the approach taken for 8181048
(cherry picking from 8155775 and 8154231 and including them as part of
8181048), I can propose to have privilegedGetProperty with a default
value argument and privilegedGetProperties as part of the 8u backport of
8201627. privilegedGetProperties is not used by 8201627 though.

>>
>>  * test/sun/security/krb5/auto/BasicProc.java (several adjustments)
> 
> What are these "several adjustments"? It looks to me like the
> refactoring in JDK-8186884 needs backporting first, as this patch seems
> to drag in some of those changes as well.
> 

8186884 is far from applying cleanly to 8u. I've not analyzed all the
dependencies, but have seen many hook failures.

In Basic.java, what happens is that jtreg run header has the old way of
specifying a custom NameService to resolve domains:
-Dsun.net.spi.nameservice.provider.1=ns,mock instead of
-Djdk.net.hosts.file=TestHosts. I duplicated the run jtreg header to add
-Dsun.security.krb5.acceptor.sequence.number.nonmutual=zero parameter.
The @bug jtreg header hook does not apply cleanly because 8194486 is not
in 8u.

In BasicProc.java, the jtreg header hook does not apply cleanly because
of some patches missing in 8u: 8186884 and 8194486. The other changes
-probably because of the lack of 8186884 in 8u- are intended to keep the
semantics. For example, for "client" I added a request to have mutual
authentication, removed the "Token" variable, sent the wrapped message
and the message integrity code (MIC). I can continue describing all the
changes but would be easier to compare file vs file.

If it helps, no regressions were introduced to the sun/security/krb5
test category (116 / 116 passes).

My concern is that all 8155775, 8154231, 8186884 and possible
8186884-dependencies are quite big patches not critical for Jan 2020
CPU. 8201627 is critical though.

I've tagged 8201627 with jdk8u-critical-request label.

Thanks,
Martin.-

--
[1] - https://bugs.openjdk.java.net/browse/JDK-8155775
[2] - http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/930d3aef37ee#l51.32
[3] - https://bugs.openjdk.java.net/browse/JDK-8154231
[4] - http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/50d4d6b772d1#l51.1

More information about the jdk8u-dev mailing list