Code review of ts jgss jdk12 #1
Draft
Commits on Sep 26, 2018
Commits on Oct 2, 2018
-
-
Fix error handling in GSSLibStub
Also improve object size handling in NativeUtil.
-
-
-
-
-
-
Add createCredential() with password
Also avoid memory allocation in newGSSOIDSet() renamed to makeGSSOIDset() which now takes a singleton set argument and either assigns the requested OID or with SPNEGO returns a static list of all the supported mechs. With this we no longer need deleteGSSOIDSet().
-
JGSS: Don't dispose() of creds too eagerly
We must not dispose() of any credential handle passed to the NativeGSSContext() constructor. But we must dispose() of credentials that are acquired in NativeGSSContext. This is very important because the JVM does not know about the size of the JNI credential objects, so it doesn't readily recognize memory pressure from them, leading to memory pressure issues in SASL and GSS server applications.
-
Fix SpNego multi-round-trip bug
There is only one token that we can extract an actual mechanism OID from in the SPNEGO case when the native GSS library doesn't provide that (though it should) in the API. If the SPNEGO exchange ends up requiring more than two tokens, then the previous code failed to establish a security context. Also, never raise if we cannot get an actual mech OID from SPNEGO tokens.
-
-
ServicePermission empty realm support
Also use empty realm as wildcard for krbtgt names
-
-
-
-
This module is to be used for GSS applications in preference to Krb5LoginModule, especially when using the native GSS provider.
-
Engage GssLoginModule (only) when native=true
Also don't force same name for acceptor and initiator.
-
Add commentary about native in Krb5LoginModule
-
-
-
-
-
JGSS: Simplify context permissions checks
We were reacquiring the initiator/acceptor credential upon security context full establishment in order to indirectly perform a permission check on the srcName/targName once we find out what they are. But this is just one more way to end up failing, which happens with Heimdal when using SPNEGO because we ask to acquire a Kerberos credentials using a SPNEGO MN and that fails. Also, there was a security bug here: if the permission check fails then we raise, but if the application already has a context handle, then it can use it anyways if it catches the exception! The fix for this is to dispose() when the permission check fails.
-
Dispose of delegated cred handles early
Native objects are memory icebergs: they are much larger than the JVM knows, so the GC might not dispose of them soon enough.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.