Bug ID: JDK-4526183 Solaris: NoRouteToHostException with sec.mgr w/SocketPermissions in policy file

Type: Bug
Component: core-libs
Sub-Component: java.net
Affected Version: 1.4.0

Priority: P4
Status: Closed
Resolution: Not an Issue
OS: generic
CPU: generic

Submitted: 2001-11-12
Updated: 2001-11-13
Resolved: 2001-11-13

With the default of all permissions, executing this test 
          java secGetChannel
throws no socket exceptions. It tests two Socket constructors:
Socket (InetAddress remotehost, int port, InetAddress host, int localport)
Socket (     String remotehost, int port, InetAddress host, int localport)

 Executing the test with attached policy which gives all SocketPermission to 
the "localhost", and for the test's remote host, impulse.sfbay , in both forms
"10.5.35.3:0-" and "10.5.35.3:-1"

java -Djava.security.manager -Djava.security.policy=mysec.policy secGetChannel

throws NoRouteToHostException "Cannot assign requested address" for both constructors:

java.net.NoRouteToHostException: Cannot assign requested address
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:298)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:164)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:151)
        at java.net.Socket.connect(Socket.java:428)
        at java.net.Socket.connect(Socket.java:378)
        at java.net.Socket.<init>(Socket.java:293)
        at java.net.Socket.<init>(Socket.java:201)
        at secGetChannel.<init>(secGetChannel.java:28)


Executing the test on win98 in both default and sec mgr w/ policy mode
throws no exceptions.

EVALUATION When there is a security manager installed InetAddress.getLocalHost will call the security manager's checkCheck method. If this permission check fails then an InetAddress representing the loopback address is returned. In the test case InetAddress.getLocalHost is returning the loopback address when run on Solaris but is running the local address when run on Windows. This stems the inability to get the FQDN on Solaris when NIS is specified prior to DNS in the search order when resolving (nsswitch.conf). Without the FQDN the permission granted in the policy file is not matched. So on Solaris we are bound to the loopback address (127.0.0.1) and thus the socket cannot connect to other hosts. Hence the expected NoRouteToHostException "Cannot assign requested address" exception. On Windows we are bound to the local address and thus we can connect to other hosts - hence no failures. In summary this isn't a bug - instead the policy file should be updated to grant a socket permission allowing the connect action to the current host. ###@###.### 2001-11-13

13-11-2001