code review request: 7016698: test sun/security/krb5/runNameEquals.sh failed on Ubuntu
Weijun Wang
weijun.wang at oracle.com
Fri Feb 11 07:20:57 UTC 2011
Good. Suggestion #2:
http://cr.openjdk.java.net/~weijun/7016698/webrev.00/
Thanks
Max
On 02/11/2011 03:14 AM, Valerie (Yu-Ching) Peng wrote:
> Max,
>
> As long as the GSS library can be found, users don't care about the
> default values for the "sun.security.jgss.lib" property since they don't
> need to use it.
>
> Once we add the new name to known libname list, i.e. "gssLibs", for
> Linux, then this particular scenario would work.
> If some other library name is desired, user can override w/ the existing
> security property "sun.security.jgss.lib". I don't see the need to
> support multiple libraries under that security property.
>
> Is the CCC for changing the format of the security property so users can
> specify multiple library names?
> There is no default value for that security property since it's meant to
> override what we have in place and I prefer to keep it this way for
> simplicity.
>
> So, my preference would be closer to your suggestion#2.
>
> Thanks,
> Valerie
>
> On 02/09/11 05:47 PM, Weijun Wang wrote:
>> Hi Valerie
>>
>> I just looked into to this bug, the reason is that the failed Ubuntu
>> has a libgssapi_krb5.so.2 but no libgssapi_krb5.so.
>>
>> Turns out that a newly installed Ubuntu only has the GSS/krb5 runtime
>> installed, which include the .so.2 file. On the other hand, the .so
>> file (simply a symlink to the .so.2 file) is provided by the
>> libkrb5-dev package, normally not installed by end users. This is
>> similar to the JRE vs JDK difference.
>>
>> I have 3 choices now:
>>
>> 1. Do not fix, and tell the user to add
>> -Dsun.security.jgss.lib=libgssapi_krb5.so.2
>>
>> We still need to fix the test, probably add lines like
>>
>> if [ -e /usr/lib/libgssapi_krb5.so ]; then
>>
>> 2. Add the new name to known libname list, we've already had 2:
>>
>> gssLibs = new String[]{
>> "libgssapi.so",
>> "libgssapi_krb5.so",
>> + "libgssapi_krb5.so.2",
>> };
>>
>> 3. Change the hardcoded names above to a security property also named
>> "sun.security.jgss.lib". We can provide different default values for
>> solaris and linux. This needs a CCC.
>>
>> I prefer 3. Your suggestion?
>>
>> Thanks
>> Max
>>
>>
>>
>>
>> -------- Original Message --------
>> *Change Request ID*: 7016698
>> *Synopsis*: test sun/security/krb5/runNameEquals.sh failed on Ubuntu
>>
>>
>> === *Description*
>> ============================================================
>> Testsuite name: regression
>> test
>> sun/security/krb5/runNameEquals.sh
>> failed :
>>
>> command: shell runNameEquals.sh []
>> reason: Assumed action based on file name: run shell runNameEquals.sh
>> elapsed time (seconds): 0.587
>> ----------System.out:(4/73)----------
>> Testing native provider
>> Native provider fails
>> Testing java provider
>> Done
>> ----------System.err:(9/630)----------
>> Exception in thread "main" GSSException: Unsupported mechanism
>> requested: 1.2.840.113554.1.2.2
>> at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:204)
>> at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:171)
>> at
>> sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:201)
>> at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
>> at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
>> at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
>> at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
>> at Krb5NameEquals.main(Krb5NameEquals.java:53)
>> result: Failed. Execution failed: exit code 1
>>
>> I did not see the failures on Suse or Solaris.
>>
>> JDK/JRE tested: build 1.7.0-ea-b126
>> OS/architecture: Ubuntu
>> stt-robot at stt-89:~$ cat /etc/*release*
>> DISTRIB_ID=Ubuntu
>> DISTRIB_RELEASE=10.04
>> DISTRIB_CODENAME=lucid
>> DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"
>>
>>
>> === *Evaluation*
>> =============================================================
>> Debug message shows:
>>
>> SunNativeGSS: [GSSLibStub_init] libName=libgssapi.so
>> SunNativeGSS: libgssapi.so: cannot open shared object file: No such
>> file or directory
>> SunNativeGSS: [GSSLibStub_init] libName=libgssapi_krb5.so
>> SunNativeGSS: libgssapi_krb5.so: cannot open shared object file: No
>> such file or directory
>>
>> The problem is that there is no libgssapi_krb5.so:
>>
>> $ ls -al /usr/lib/libgssap*
>> lrwxrwxrwx 1 root root 21 2011-01-27 12:23
>> /usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
>> -rw-r--r-- 1 root root 191280 2010-12-08 19:22
>> /usr/lib/libgssapi_krb5.so.2.2
>>
>> Is this normal on Linux systems? On my Ubuntu, there is an extra symlink:
>>
>> $ l /usr/lib/libgssapi_krb5*
>> lrwxrwxrwx 1 root root 26 2010-12-10 09:04 /usr/lib/libgssapi_krb5.so
>> -> mit-krb5/libgssapi_krb5.so
>> lrwxrwxrwx 1 root root 21 2010-12-10 09:04
>> /usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
>> -rw-r--r-- 1 root root 213784 2010-12-09 00:25
>> /usr/lib/libgssapi_krb5.so.2.2
>> $ cat /etc/*release*
>> DISTRIB_ID=Ubuntu
>> DISTRIB_RELEASE=10.04
>> DISTRIB_CODENAME=lucid
>> DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS"
>>
>> *** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
>>
>> === *Workaround*
>> =============================================================
>> Add system property -Dsun.security.jgss.lib=libgssapi_krb5.so.2
>>
>> *** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
>> *** Last Edit: 2011-02-09 09:31:18 GMT+00:00 weijun.wang at oracle.com
>>
>>
>
More information about the security-dev
mailing list