Bug 1172492

Summary:	LoginException thrown by security tests on IPv6 with OpenJDK6
Product:	[JBoss] JBoss Enterprise Application Platform 6	Reporter:	Petr Kremensky <pkremens>
Component:	Testsuite	Assignee:	Josef Cacek <jcacek>
Status:	CLOSED WONTFIX	QA Contact:	Petr Kremensky <pkremens>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	6.4.0	CC:	cdewolf, mkopecky, olukas, ozizka, thofman
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2015-01-12 09:45:25 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Petr Kremensky 2014-12-10 08:11:41 UTC

Description of problem:
Some security tests fails on IPv6+OpenJDK6 combination with:
javax.security.auth.login.LoginException: [2620
	at java.net.InetAddress.getAllByName(InetAddress.java:1119)

Version-Release number of selected component (if applicable):
 EAP 6.4.0.DR12 (these would fail also in previous relesaes, but were hidden by issues like BZ1011056)

How reproducible:
 IPv6 + OpenJDK6

List of tests failing on OpenJDK6 w/ IPv6 due to 'javax.security.auth.login.LoginException: [2620'

org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test1
org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test2
org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test3
org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test4
org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager
org.jboss.as.test.integration.security.picketlink.SAML2KerberosAuthenticationTestCase.testJDukeRoles
org.jboss.as.test.integration.security.picketlink.SAML2KerberosAuthenticationTestCase.testJDukePrincipal
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testForHostAsteriskKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testNotSuitableKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testWrongPrincipalKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testWrongRealmKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testDoNotRemoveKerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testRemoveKerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInWrong1KerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInWrong2KerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInWrong3KerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInKerberosRealm

See 
https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-6x-as-testsuite-IPv6-rhel/26/RELEASE=6.4.0,jdk=openjdk1.6_local,label_exp=linux-pure-ipv6/testReport/

Comment 1 Tomas Hofman 2015-01-06 11:33:14 UTC

Looks like a bug in OpenJDK 1.6. 

KDC address in krb5 configuration file is parsed incorrectly - it presumes that address part after ':' character is a port number and therefore only the first segment of given IPv6 address is taken as a host address, which throws UnknownHostException during login attempt.

Problem seems to be in sun.security.krb5.KrbKdcReq#send(String, String, boolean):

        StringTokenizer strTok = new StringTokenizer(tempKdc, ":"); // tempKdc = "[2001::1]:6088"
        String kdc = strTok.nextToken();
        if (strTok.hasMoreTokens()) {
            String portStr = strTok.nextToken();
            int tempPort = parsePositiveIntString(portStr);
            if (tempPort > 0)
                port = tempPort;
        }