Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12698

Elytron GS2-KRB5 SASL mechanism implementation throws NullPointerException on IBM JDK

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Blocker
    • None
    • 7.1.0.ER3
    • Security
    • Hide

      You can use reproducer for ELY-1328 - just another method from the testcase is called:

      export JAVA_HOME=/path/to/IBMJDK
export PATH=$JAVA_HOME/bin:$PATH
git clone -b ELY-1328-reproducer https://github.com/kwart/wildfly-core.git
cd wildfly-core
mvn clean install -DskipTests -Dcheckstyle.skip -Denforcer.skip
cd testsuite/elytron
mvn clean test -Dcheckstyle.skip -Denforcer.skip -DtestLogToFile=false -Dtest=KerberosMgmtSaslTestCase#testGs2Krb5WithoutSsl
      Show
      You can use reproducer for ELY-1328 - just another method from the testcase is called: export JAVA_HOME=/path/to/IBMJDK export PATH=$JAVA_HOME/bin:$PATH git clone -b ELY-1328-reproducer https: //github.com/kwart/wildfly-core.git cd wildfly-core mvn clean install -DskipTests -Dcheckstyle.skip -Denforcer.skip cd testsuite/elytron mvn clean test -Dcheckstyle.skip -Denforcer.skip -DtestLogToFile= false -Dtest=KerberosMgmtSaslTestCase#testGs2Krb5WithoutSsl

    Description

      The Elytron GS2-KRB5 SASL mechanism doesn't work on IBM JDK. When GSSAPI is used the call works.

      If a user tries to use the GS2-KRB5, then the connection hangs until it times out.

      Following NPE comes on the client:

      java.lang.NullPointerException
	at com.ibm.security.krb5.internal.HostAddress.<init>(HostAddress.java:62)
	at com.ibm.security.jgss.mech.krb5.Z.<init>(Z.java:71)
	at com.ibm.security.jgss.mech.krb5.g.setChannelBinding(g.java:1108)
	at com.ibm.security.jgss.GSSContextImpl.setChannelBinding(GSSContextImpl.java:287)
	at org.wildfly.security.sasl.gs2.Gs2SaslClient.<init>(Gs2SaslClient.java:120)
	at org.wildfly.security.sasl.gs2.Gs2SaslClientFactory.createSaslClient(Gs2SaslClientFactory.java:116)
	at org.wildfly.security.sasl.util.SecurityProviderSaslClientFactory.createSaslClient(SecurityProviderSaslClientFactory.java:110)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
	at org.wildfly.security.sasl.util.ProtocolSaslClientFactory.createSaslClient(ProtocolSaslClientFactory.java:50)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
	at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
	at org.wildfly.security.sasl.util.PropertiesSaslClientFactory.createSaslClient(PropertiesSaslClientFactory.java:54)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
	at org.wildfly.security.sasl.util.ServerNameSaslClientFactory.createSaslClient(ServerNameSaslClientFactory.java:50)
	at org.wildfly.security.sasl.util.FilterMechanismSaslClientFactory.createSaslClient(FilterMechanismSaslClientFactory.java:102)
	at org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory.createSaslClient(AbstractDelegatingSaslClientFactory.java:66)
	at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory.createSaslClient(LocalPrincipalSaslClientFactory.java:74)
	at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.lambda$createSaslClient$0(PrivilegedSaslClientFactory.java:64)
	at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory$$Lambda$77.00000000FC19A650.run(Unknown Source)
	at java.security.AccessController.doPrivileged(AccessController.java:686)
	at org.wildfly.security.sasl.util.PrivilegedSaslClientFactory.createSaslClient(PrivilegedSaslClientFactory.java:64)
	at org.wildfly.security.auth.client.AuthenticationConfiguration.createSaslClient(AuthenticationConfiguration.java:1237)
	at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.createSaslClient(AuthenticationContextConfigurationClient.java:347)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:418)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1331 Elytron GS2-KRB5 SASL mechanism implementation throws NullPointerException on IBM JDK

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12745 Unexpected authentication failure leads to connection hang

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          relates to

          Task - Represents a small unit of work that is not end-user facing. JBEAP-11775 Add Elytron Kerberos tests for native management interface

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: