zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ph...@apache.org
Subject zookeeper git commit: ZOOKEEPER-2908: quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on java 9
Date Thu, 05 Oct 2017 15:20:10 GMT
Repository: zookeeper
Updated Branches:
  refs/heads/branch-3.4 370e2d79e -> 59bef3987


ZOOKEEPER-2908: quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on java 9

ZOOKEEPER-2908: quorum.auth.MiniKdcTest.testKerberosLogin failing with NPE on Java 9

Cause:

The NPE exception in the MiniKdcTest.testKerberosLogin() unit test is caused by a duplicate
loginContext.logout() call: one logout() call at the end of the test inside the try block
and another logout() call in the finally block. When the test finishes, the first logout()
call removes the kerbClientPrinc KerberosPrincipal in Krb5LoginModule, so when logout() is
called for the second time in the finally block, it tries to remove a null kerbClientPrinc
at Krb5LoginModule.java:1193:

subject.getPrincipals().remove(kerbClientPrinc);

where subject is a javax.security.auth.Subject,
getPrincipals() returns Set<Principal>
and the Set implementation is a javax.security.auth.Subject.SecureSet.

In Java 9, SecureSet's remove() method has introduced a new requireNonNull check for its parameter
Object o, which fails if someone tries to remove a null from a SecureSet:

Objects.requireNonNull(o,ResourcesMgr.getString(“invalid.null.input.s.”));

Java 8 (and before) did not have this check in the SecureSet.remove() method, and this is
the reason why this NPE appeared in Java 9.

Solution:

The unit test was fixed by adding an additional condition before running the logout() call
in the finally block: logout() is called only if the Set of Principals is not empty i.e. logout()
was not already called inside the try block.

Note: Inside ZK, LoginContext logout() is called only once in the org.apache.zookeeper.Login
reLogin() method, when ZK does a re-login after refreshing the Kerberos tickets.

Author: Mark Fenes <mfenes@cloudera.com>

Reviewers: Patrick Hunt <phunt@apache.org>

Closes #390 from mfenes/ZOOKEEPER-2908

Change-Id: I018124a578d8a382cac567466407278947705cd6
(cherry picked from commit 5894da317de6f025a172408048e097e89157b73d)
Signed-off-by: Patrick Hunt <phunt@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo
Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/59bef398
Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/59bef398
Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/59bef398

Branch: refs/heads/branch-3.4
Commit: 59bef3987b640f1faf26aaa24820be3c616c1cf3
Parents: 370e2d7
Author: Mark Fenes <mfenes@cloudera.com>
Authored: Thu Oct 5 08:19:51 2017 -0700
Committer: Patrick Hunt <phunt@apache.org>
Committed: Thu Oct 5 08:20:04 2017 -0700

----------------------------------------------------------------------
 .../test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zookeeper/blob/59bef398/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java
----------------------------------------------------------------------
diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java
index 196d8be..f5317f7 100644
--- a/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java
+++ b/src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java
@@ -175,7 +175,8 @@ public class MiniKdcTest extends KerberosSecurityTestcase {
             loginContext.logout();
 
         } finally {
-            if (loginContext != null) {
+            if (loginContext != null && loginContext.getSubject() != null
+                    && !loginContext.getSubject().getPrincipals().isEmpty()) {
                 loginContext.logout();
             }
         }


Mime
View raw message