7016698: test sun/security/krb5/runNameEquals.sh failed on Ubuntu

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Thu Feb 10 19:14:30 UTC 2011 

Max,

As long as the GSS library can be found, users don't care about the 
default values for the "sun.security.jgss.lib" property since they don't 
need to use it.

Once we add the new name to known libname list, i.e. "gssLibs", for 
Linux, then this particular scenario would work.
If some other library name is desired, user can override w/ the existing 
security property "sun.security.jgss.lib". I don't see the need to 
support multiple libraries under that security property.

Is the CCC for changing the format of the security property so users can 
specify multiple library names?
There is no default value for that security property since it's meant to 
override what we have in place and I prefer to keep it this way for 
simplicity.

So, my preference would be closer to your suggestion#2.

Thanks,
Valerie

On 02/09/11 05:47 PM, Weijun Wang wrote:
> Hi Valerie
>
> I just looked into to this bug, the reason is that the failed Ubuntu 
> has a libgssapi_krb5.so.2 but no libgssapi_krb5.so.
>
> Turns out that a newly installed Ubuntu only has the GSS/krb5 runtime 
> installed, which include the .so.2 file. On the other hand, the .so 
> file (simply a symlink to the .so.2 file) is provided by the 
> libkrb5-dev package, normally not installed by end users. This is 
> similar to the JRE vs JDK difference.
>
> I have 3 choices now:
>
> 1. Do not fix, and tell the user to add
>      -Dsun.security.jgss.lib=libgssapi_krb5.so.2
>
>    We still need to fix the test, probably add lines like
>
>      if [ -e /usr/lib/libgssapi_krb5.so ]; then
>
> 2. Add the new name to known libname list, we've already had 2:
>
>                                  gssLibs = new String[]{
>                                      "libgssapi.so",
>                                      "libgssapi_krb5.so",
> +                                    "libgssapi_krb5.so.2",
>                                  };
>
> 3. Change the hardcoded names above to a security property also named 
> "sun.security.jgss.lib". We can provide different default values for 
> solaris and linux. This needs a CCC.
>
> I prefer 3. Your suggestion?
>
> Thanks
> Max
>
>
>
>
> -------- Original Message --------
> *Change Request ID*: 7016698
> *Synopsis*: test sun/security/krb5/runNameEquals.sh failed on Ubuntu
>
>
> === *Description* 
> ============================================================
> Testsuite name: regression
> test
> sun/security/krb5/runNameEquals.sh
> failed :
>
> command: shell runNameEquals.sh []
> reason: Assumed action based on file name: run shell runNameEquals.sh
> elapsed time (seconds): 0.587
> ----------System.out:(4/73)----------
> Testing native provider
> Native provider fails
> Testing java provider
> Done
> ----------System.err:(9/630)----------
> Exception in thread "main" GSSException: Unsupported mechanism 
> requested: 1.2.840.113554.1.2.2
>     at 
> sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:204)
>     at 
> sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:171)
>     at 
> sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:201)
>     at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
>     at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
>     at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
>     at 
> sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
>     at Krb5NameEquals.main(Krb5NameEquals.java:53)
> result: Failed. Execution failed: exit code 1
>
> I did not see the failures on Suse or Solaris.
>
> JDK/JRE tested: build 1.7.0-ea-b126
> OS/architecture: Ubuntu
> stt-robot at stt-89:~$ cat /etc/*release*
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=10.04
> DISTRIB_CODENAME=lucid
> DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"
>
>
> === *Evaluation* 
> =============================================================
> Debug message shows:
>
> SunNativeGSS: [GSSLibStub_init] libName=libgssapi.so
> SunNativeGSS: libgssapi.so: cannot open shared object file: No such 
> file or directory
> SunNativeGSS: [GSSLibStub_init] libName=libgssapi_krb5.so
> SunNativeGSS: libgssapi_krb5.so: cannot open shared object file: No 
> such file or directory
>
> The problem is that there is no libgssapi_krb5.so:
>
> $ ls -al /usr/lib/libgssap*
> lrwxrwxrwx 1 root root     21 2011-01-27 12:23 
> /usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
> -rw-r--r-- 1 root root 191280 2010-12-08 19:22 
> /usr/lib/libgssapi_krb5.so.2.2
>
> Is this normal on Linux systems? On my Ubuntu, there is an extra symlink:
>
> $ l /usr/lib/libgssapi_krb5*
> lrwxrwxrwx 1 root root     26 2010-12-10 09:04 
> /usr/lib/libgssapi_krb5.so -> mit-krb5/libgssapi_krb5.so
> lrwxrwxrwx 1 root root     21 2010-12-10 09:04 
> /usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
> -rw-r--r-- 1 root root 213784 2010-12-09 00:25 
> /usr/lib/libgssapi_krb5.so.2.2
> $ cat /etc/*release*
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=10.04
> DISTRIB_CODENAME=lucid
> DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS"
>
> *** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
>
> === *Workaround* 
> =============================================================
> Add system property -Dsun.security.jgss.lib=libgssapi_krb5.so.2
>
> *** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
> *** Last Edit: 2011-02-09 09:31:18 GMT+00:00 weijun.wang at oracle.com
>
>

More information about the security-dev mailing list