code review request: 7016698: test sun/security/krb5/runNameEquals.sh failed on Ubuntu
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Fri Feb 11 19:38:07 UTC 2011
Looks good to me.
Thanks,
Valerie
On 02/10/11 11:20 PM, Weijun Wang wrote:
> Good. Suggestion #2:
>
> http://cr.openjdk.java.net/~weijun/7016698/webrev.00/
>
> Thanks
> Max
>
>
> On 02/11/2011 03:14 AM, Valerie (Yu-Ching) Peng wrote:
>> Max,
>>
>> As long as the GSS library can be found, users don't care about the
>> default values for the "sun.security.jgss.lib" property since they don't
>> need to use it.
>>
>> Once we add the new name to known libname list, i.e. "gssLibs", for
>> Linux, then this particular scenario would work.
>> If some other library name is desired, user can override w/ the existing
>> security property "sun.security.jgss.lib". I don't see the need to
>> support multiple libraries under that security property.
>>
>> Is the CCC for changing the format of the security property so users can
>> specify multiple library names?
>> There is no default value for that security property since it's meant to
>> override what we have in place and I prefer to keep it this way for
>> simplicity.
>>
>> So, my preference would be closer to your suggestion#2.
>>
>> Thanks,
>> Valerie
>>
>> On 02/09/11 05:47 PM, Weijun Wang wrote:
>>> Hi Valerie
>>>
>>> I just looked into to this bug, the reason is that the failed Ubuntu
>>> has a libgssapi_krb5.so.2 but no libgssapi_krb5.so.
>>>
>>> Turns out that a newly installed Ubuntu only has the GSS/krb5 runtime
>>> installed, which include the .so.2 file. On the other hand, the .so
>>> file (simply a symlink to the .so.2 file) is provided by the
>>> libkrb5-dev package, normally not installed by end users. This is
>>> similar to the JRE vs JDK difference.
>>>
>>> I have 3 choices now:
>>>
>>> 1. Do not fix, and tell the user to add
>>> -Dsun.security.jgss.lib=libgssapi_krb5.so.2
>>>
>>> We still need to fix the test, probably add lines like
>>>
>>> if [ -e /usr/lib/libgssapi_krb5.so ]; then
>>>
>>> 2. Add the new name to known libname list, we've already had 2:
>>>
>>> gssLibs = new String[]{
>>> "libgssapi.so",
>>> "libgssapi_krb5.so",
>>> + "libgssapi_krb5.so.2",
>>> };
>>>
>>> 3. Change the hardcoded names above to a security property also named
>>> "sun.security.jgss.lib". We can provide different default values for
>>> solaris and linux. This needs a CCC.
>>>
>>> I prefer 3. Your suggestion?
>>>
>>> Thanks
>>> Max
>>>
>>>
>>>
>>>
>>> -------- Original Message --------
>>> *Change Request ID*: 7016698
>>> *Synopsis*: test sun/security/krb5/runNameEquals.sh failed on Ubuntu
>>>
>>>
>>> === *Description*
>>> ============================================================
>>> Testsuite name: regression
>>> test
>>> sun/security/krb5/runNameEquals.sh
>>> failed :
>>>
>>> command: shell runNameEquals.sh []
>>> reason: Assumed action based on file name: run shell runNameEquals.sh
>>> elapsed time (seconds): 0.587
>>> ----------System.out:(4/73)----------
>>> Testing native provider
>>> Native provider fails
>>> Testing java provider
>>> Done
>>> ----------System.err:(9/630)----------
>>> Exception in thread "main" GSSException: Unsupported mechanism
>>> requested: 1.2.840.113554.1.2.2
>>> at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:204)
>>> at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:171)
>>> at
>>> sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:201)
>>>
>>> at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
>>> at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
>>> at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
>>> at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
>>> at Krb5NameEquals.main(Krb5NameEquals.java:53)
>>> result: Failed. Execution failed: exit code 1
>>>
>>> I did not see the failures on Suse or Solaris.
>>>
>>> JDK/JRE tested: build 1.7.0-ea-b126
>>> OS/architecture: Ubuntu
>>> stt-robot at stt-89:~$ cat /etc/*release*
>>> DISTRIB_ID=Ubuntu
>>> DISTRIB_RELEASE=10.04
>>> DISTRIB_CODENAME=lucid
>>> DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"
>>>
>>>
>>> === *Evaluation*
>>> =============================================================
>>> Debug message shows:
>>>
>>> SunNativeGSS: [GSSLibStub_init] libName=libgssapi.so
>>> SunNativeGSS: libgssapi.so: cannot open shared object file: No such
>>> file or directory
>>> SunNativeGSS: [GSSLibStub_init] libName=libgssapi_krb5.so
>>> SunNativeGSS: libgssapi_krb5.so: cannot open shared object file: No
>>> such file or directory
>>>
>>> The problem is that there is no libgssapi_krb5.so:
>>>
>>> $ ls -al /usr/lib/libgssap*
>>> lrwxrwxrwx 1 root root 21 2011-01-27 12:23
>>> /usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
>>> -rw-r--r-- 1 root root 191280 2010-12-08 19:22
>>> /usr/lib/libgssapi_krb5.so.2.2
>>>
>>> Is this normal on Linux systems? On my Ubuntu, there is an extra
>>> symlink:
>>>
>>> $ l /usr/lib/libgssapi_krb5*
>>> lrwxrwxrwx 1 root root 26 2010-12-10 09:04 /usr/lib/libgssapi_krb5.so
>>> -> mit-krb5/libgssapi_krb5.so
>>> lrwxrwxrwx 1 root root 21 2010-12-10 09:04
>>> /usr/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
>>> -rw-r--r-- 1 root root 213784 2010-12-09 00:25
>>> /usr/lib/libgssapi_krb5.so.2.2
>>> $ cat /etc/*release*
>>> DISTRIB_ID=Ubuntu
>>> DISTRIB_RELEASE=10.04
>>> DISTRIB_CODENAME=lucid
>>> DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS"
>>>
>>> *** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
>>>
>>> === *Workaround*
>>> =============================================================
>>> Add system property -Dsun.security.jgss.lib=libgssapi_krb5.so.2
>>>
>>> *** (#1 of 1): 2011-02-09 09:04:49 GMT+00:00 weijun.wang at oracle.com
>>> *** Last Edit: 2011-02-09 09:31:18 GMT+00:00 weijun.wang at oracle.com
>>>
>>>
>>
More information about the security-dev
mailing list