7016698: test sun/security/krb5/runNameEquals.sh failed on Ubuntu

Weijun Wang weijun.wang at oracle.com
Thu Feb 10 01:47:38 UTC 2011 

Hi Valerie

I just looked into to this bug, the reason is that the failed Ubuntu has 
a libgssapi_krb5.so.2 but no libgssapi_krb5.so.

Turns out that a newly installed Ubuntu only has the GSS/krb5 runtime 
installed, which include the .so.2 file. On the other hand, the .so file 
(simply a symlink to the .so.2 file) is provided by the libkrb5-dev 
package, normally not installed by end users. This is similar to the JRE 
vs JDK difference.

I have 3 choices now:

1. Do not fix, and tell the user to add
      -Dsun.security.jgss.lib=libgssapi_krb5.so.2

    We still need to fix the test, probably add lines like

      if [ -e /usr/lib/libgssapi_krb5.so ]; then

2. Add the new name to known libname list, we've already had 2:

                                  gssLibs = new String[]{
                                      "libgssapi.so",
                                      "libgssapi_krb5.so",
+                                    "libgssapi_krb5.so.2",
                                  };

3. Change the hardcoded names above to a security property also named 
"sun.security.jgss.lib". We can provide different default values for 
solaris and linux. This needs a CCC.

I prefer 3. Your suggestion?

Thanks
Max




-------- Original Message --------
*Change Request ID*: 7016698
*Synopsis*: test sun/security/krb5/runNameEquals.sh failed on Ubuntu


=== *Description* 
============================================================
Testsuite name: regression
test
sun/security/krb5/runNameEquals.sh
failed :

command: shell runNameEquals.sh []
reason: Assumed action based on file name: run shell runNameEquals.sh
elapsed time (seconds): 0.587
----------System.out:(4/73)----------
Testing native provider
Native provider fails
Testing java provider
Done
----------System.err:(9/630)----------
Exception in thread "main" GSSException: Unsupported mechanism 
requested: 1.2.840.113554.1.2.2
	at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:204)
	at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:171)
	at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:201)
	at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
	at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
	at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
	at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
	at Krb5NameEquals.main(Krb5NameEquals.java:53)
result: Failed. Execution failed: exit code 1

I did not see the failures on Suse or Solaris.

JDK/JRE tested: build 1.7.0-ea-b126
OS/architecture: Ubuntu
stt-robot at stt-89:~$ cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"


=== *Evaluation* 
=============================================================
Debug message shows:

SunNativeGSS: [GSSLibStub_init] libName=libgssapi.so
SunNativeGSS: libgssapi.so: cannot open shared object file: No such file 
or directory
SunNativeGSS: [GSSLibStub_init] libName=libgssapi_krb5.so
SunNativeGSS: libgssapi_krb5.so: cannot open shared object file: No such 
file or directory

The problem is that there is no libgssapi_krb5.so:

$ ls -al /usr/lib/libgssap*
lrwxrwxrwx 1 root root     21 2011-01-27 12:23 
/usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
-rw-r--r-- 1 root root 191280 2010-12-08 19:22 
/usr/lib/libgssapi_krb5.so.2.2

Is this normal on Linux systems? On my Ubuntu, there is an extra symlink:

$ l /usr/lib/libgssapi_krb5*
lrwxrwxrwx 1 root root     26 2010-12-10 09:04 
/usr/lib/libgssapi_krb5.so -> mit-krb5/libgssapi_krb5.so
lrwxrwxrwx 1 root root     21 2010-12-10 09:04 
/usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
-rw-r--r-- 1 root root 213784 2010-12-09 00:25 
/usr/lib/libgssapi_krb5.so.2.2
$ cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS"

*** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com

=== *Workaround* 
=============================================================
Add system property -Dsun.security.jgss.lib=libgssapi_krb5.so.2

*** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
*** Last Edit: 2011-02-09 09:31:18 GMT+00:00 weijun.wang at oracle.com

More information about the security-dev mailing list