[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina edited comment on ELY-1472 at 12/21/17 1:20 PM:
-----------------------------------------------------------
Look like {{cb->initiator_address.length}} is not initialized in {{GSSLibStub.c}} in OpenJDK:
{code}
cb->initiator_address.length = 140608975239744 (should be 0?)
cb->acceptor_address.length = 0
{code}
=> wrong channel binding checksum in kg_checksum_channel_bindings in util_cksum.c in krb5
was (Author: honza889):
Look like {{cb->initiator_address.length}} is not initialized in {{GSSLibStub.c}} in OpenJDK:
{code}
cb->initiator_address.length = 140608975239744 (should be 0?)
cb->acceptor_address.length = 0
{code}
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina commented on ELY-1472:
---------------------------------
Look like {{cb->initiator_address.length}} is not initialized in {{GSSLibStub.c}} in OpenJDK:
{code}
cb->initiator_address.length = 140608975239744 (should be 0?)
cb->acceptor_address.length = 0
{code}
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina commented on ELY-1472:
---------------------------------
Edit: by RFC the GSS-CHANNEL-BINDINGS Structure must be used even when negotiated application level channel binding is unsupported (gs2-cb-flag=n) - need to investigate more...
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina updated ELY-1472:
----------------------------
Comment: was deleted
(was: If the setChannelBinding really should not be used, maybe this can resolve also ELY-1331 ...)
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina commented on ELY-1472:
---------------------------------
If the setChannelBinding really should not be used, maybe this can resolve also ELY-1331 ...
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina updated ELY-1472:
----------------------------
Description:
Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
This lead to following error when using native Kerberos library:
{code}
[GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
[GSSLibStub_acceptContext] before3: inToken.length=515
[GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
[GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
[GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
c/r/s = 0/4/0
{code}
Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
was:
gssContext's channelBinding is set even when channel binding is not used.
This lead to following error when using native Kerberos library:
{code}
[GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
[GSSLibStub_acceptContext] before3: inToken.length=515
[GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
[GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
[GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
c/r/s = 0/4/0
{code}
Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
Jan Kalina created ELY-1472:
-------------------------------
Summary: [native kerberos] setting channelBinding of gssContext when not used
Key: ELY-1472
URL: https://issues.jboss.org/browse/ELY-1472
Project: WildFly Elytron
Issue Type: Bug
Components: SASL
Affects Versions: 1.2.0.Beta11
Reporter: Jan Kalina
Assignee: Jan Kalina
gssContext's channelBinding is set even when channel binding is not used.
This lead to following error when using native Kerberos library:
{code}
[GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
[GSSLibStub_acceptContext] before3: inToken.length=515
[GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
[GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
[GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
c/r/s = 0/4/0
{code}
Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina updated ELY-1472:
----------------------------
Labels: kerberos native (was: )
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> gssContext's channelBinding is set even when channel binding is not used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.s... ]
Jan Kalina updated ELY-1472:
----------------------------
Labels: kerberos (was: kerberos native)
> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
> Key: ELY-1472
> URL: https://issues.jboss.org/browse/ELY-1472
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.2.0.Beta11
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Labels: kerberos
>
> gssContext's channelBinding is set even when channel binding is not used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (WFLY-9631) "Failed to reinstate timer" warning is shown when creating large number of EJB timers
by Matej Novotny (JIRA)
[ https://issues.jboss.org/browse/WFLY-9631?page=com.atlassian.jira.plugin.... ]
Matej Novotny commented on WFLY-9631:
-------------------------------------
Marian also mentioned that those two EAP servers *are not* clustered. They only share the underlying DB for timers.
> "Failed to reinstate timer" warning is shown when creating large number of EJB timers
> -------------------------------------------------------------------------------------
>
> Key: WFLY-9631
> URL: https://issues.jboss.org/browse/WFLY-9631
> Project: WildFly
> Issue Type: Bug
> Components: EJB
> Environment: EAP 7.0.8.GA
> Oracle 12 c
> [Configuration of datasources|https://github.com/MarianMacik/timers-testing/blob/c7dde64d27...] - XA Datasource for jBPM - our application - and a separate XA Datasource for EJB Timers in a different schema.
> Reporter: Marián Macik
> Assignee: Matej Novotny
>
> Hi, [~manovotn],
> as we discussed before, I am creating a JIRA for an issue I experienced when testing EJB Timers with jBPM.
> What I did was that I started a large number of processes with jBPM, let's say 10 000 and more. Each process contains a timer which jBPM will create an EJB Timer for. Each timer was configured to fire at exactly the same time, e.g. 12:00 PM. During the test I got this warning displayed about 5 times for each 10 000 timers created:
> {code:java}
> WARN [org.jboss.as.ejb3] (Timer-1) WFLYEJB0161: Failed to reinstate timer 'kie-server.kie-server.EJBTimerScheduler' (id=09afab21-6b0f-41b0-9338-403b4a12e507) from its persistent state: java.lang.IllegalStateException: WFLYCTL0075: Duplicate resource 09afab21-6b0f-41b0-9338-403b4a12e507
> at org.jboss.as.controller.registry.AbstractModelResource$DefaultResourceProvider.register(AbstractModelResource.java:290)
> at org.jboss.as.controller.registry.AbstractModelResource.registerChild(AbstractModelResource.java:169)
> at org.jboss.as.ejb3.subsystem.deployment.TimerServiceResource.timerCreated(TimerServiceResource.java:193)
> at org.jboss.as.ejb3.timerservice.TimerServiceImpl.registerTimerResource(TimerServiceImpl.java:1094)
> at org.jboss.as.ejb3.timerservice.TimerServiceImpl.startTimer(TimerServiceImpl.java:767)
> at org.jboss.as.ejb3.timerservice.TimerServiceImpl$TimerRefreshListener.timerAdded(TimerServiceImpl.java:1235)
> at org.jboss.as.ejb3.timerservice.persistence.database.DatabaseTimerPersistence$RefreshTask.run(DatabaseTimerPersistence.java:820)
> at java.util.TimerThread.mainLoop(Timer.java:555)
> at java.util.TimerThread.run(Timer.java:505)
> {code}
> The result of these warnings was that when I had only one EAP instance to fire these timers, it wouldn't fire exactly the timers with ids that were in those warnings, e.g. if it was id=09afab21-6b0f-41b0-9338-403b4a12e507 then this timer wouldn't fire. I had waited for minutes to be sure there is another tick of a refresh interval (configured to 1 min) but nothing happened. But when I started the second EAP instance, they were immediately picked up by that instance and fired. It seems that if there is this warning on a particular instance, the instance won't pick up the timer whatsoever. They will be picked up only by some other instances if there are any. With 2 EAP instances there were warnings too, but all timers fired since I guess affected timers were picked up each time by the other instance.
> Another interesting observation is that when I configured a refresh interval to be shorter, e.g. 5 seconds, these warnings were showing up almost every 5 seconds. When I set it to 30 minutes, I didn't get warnings at all, since all timers fired earlier than a refresh occurred.
> So I think it has something to do with refresh interval.
> Can you please have a look at it? For further configuration details, check the Environment field.
> Thank you very much!
> Marian Macik
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years