JDK-7019384 : Realm.getRealmsList returns realms list in wrong (reverse) order
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 6u23
- Priority: P4
- Status: Closed
- Resolution: Fixed
- OS: windows_2008
- CPU: x86
- Submitted: 2011-02-14
- Updated: 2013-04-18
- Resolved: 2011-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 |
|---|
7 b138Fixed  |
Related Reports
|
Relates :
|
Description
FULL PRODUCT VERSION :
Checked on Java SE 6.23 and OpenJDK 7.
A DESCRIPTION OF THE PROBLEM :
sun.security.krb5.Realm.getRealmsList returns realms list in wrong order:
- cRealm is always first (this is OK)
- the rest however is in reverse order
For one intermediate realm nothing happens. For two or more intermediate realms sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds traverses realms in wrong order and cann't get service ticket.
Checked on Java SE 6.23 and OpenJDK 7.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
[capaths]
A9.PRAGUE.XXX.CZ = {
PRAGUE.XXX.CZ = .
ROOT.XXX.CZ = PRAGUE.XXX.CZ
SERVIS.XXX.CZ = ROOT.XXX.CZ
}
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
>>> Realm parseCapaths [0]=A9.PRAGUE.XXX.CZ
>>> Realm parseCapaths [1]=PRAGUE.XXX.CZ
>>> Realm parseCapaths [2]=ROOT.XXX.CZ
ACTUAL -
>>> Realm parseCapaths [0]=A9.PRAGUE.XXX.CZ
>>> Realm parseCapaths [1]=ROOT.XXX.CZ
>>> Realm parseCapaths [2]=PRAGUE.XXX.CZ
ERROR MESSAGES/STACK TRACES THAT OCCUR :
>>> Realm doInitialParse: cRealm=[A9.PRAGUE.XXX.CZ], sRealm=[SERVIS.XXX.CZ]
>>> Realm parseCapaths: loop 1: target=SERVIS.XXX.CZ
>>> Realm parseCapaths: loop 1: intermediaries=[ROOT.XXX.CZ]
>>> Realm parseCapaths: loop 1: pushed realm on to stack: ROOT.XXX.CZ
>>> Realm parseCapaths: loop 1: added intermediary to list: ROOT.XXX.CZ
>>> Realm parseCapaths: loop 2: target=ROOT.XXX.CZ
>>> Realm parseCapaths: loop 2: intermediaries=[PRAGUE.XXX.CZ]
>>> Realm parseCapaths: loop 2: pushed realm on to stack: PRAGUE.XXX.CZ
>>> Realm parseCapaths: loop 2: added intermediary to list: PRAGUE.XXX.CZ
>>> Realm parseCapaths: loop 3: target=PRAGUE.XXX.CZ
>>> Realm parseCapaths: loop 3: no intermediaries
>>> Realm parseCapaths [0]=A9.PRAGUE.XXX.CZ
>>> Realm parseCapaths [1]=ROOT.XXX.CZ
>>> Realm parseCapaths [2]=PRAGUE.XXX.CZ
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Enhancements for OpenJDK 7 test suite:
Add to b/test/sun/security/krb5/krb5-capaths.conf:
[capaths]
A9.PRAGUE.XXX.CZ = {
PRAGUE.XXX.CZ = .
ROOT.XXX.CZ = PRAGUE.XXX.CZ
SERVIS.XXX.CZ = ROOT.XXX.CZ
}
Add to b/test/sun/security/krb5/ParseCAPaths.java:
// Multiple intermediate realms
check("A9.PRAGUE.XXX.CZ", "SERVIS.XXX.CZ", "A9.PRAGUE.XXX.CZ", "PRAGUE.XXX.CZ", "ROOT.XXX.CZ");
---------- END SOURCE ----------
Comments
|