APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: Java callstack: Caused by: javax.security.sasl.SaslException: Privacy not protected at com.ibm.security.sasl.gsskerb.GssKrb5Base.unwrap(Unknown Source) at org.apache.hadoop.security.SaslRpcClient$WrappedInputStream.read NextRpcPacket(SaslRpcClient.java:611) at org.apache.hadoop.security.SaslRpcClient$WrappedInputStream.read (SaslRpcClient.java:578) at java.io.BufferedInputStream.fill(BufferedInputStream.java:257) at java.io.BufferedInputStream.read1(BufferedInputStream.java:297) at java.io.BufferedInputStream.read(BufferedInputStream.java:356) at java.io.DataInputStream.read(DataInputStream.java:160) at java.io.FilterInputStream.read(FilterInputStream.java:144) at org.apache.hadoop.ipc.Client$Connection$PingInputStream.read(Cli ent.java:581) at java.io.DataInputStream.readFully(DataInputStream.java:206) at java.io.DataInputStream.readInt(DataInputStream.java:398) at org.apache.hadoop.ipc.Client$IpcStreams.readResponse(Client.java :1871) at org.apache.hadoop.ipc.Client$Connection.receiveRpcResponse(Clien t.java:1182) at org.apache.hadoop.ipc.Client$Connection.run(Client.java:1078) .
Local fix
N/A
Problem summary
The Rc4HMacWrapToken.decode() and DesWrapToken.decode() methods are not updating the privacy field in the msgProp parameter with the incoming token value for validation by the caller after completion of the unwrap operation. This resulted an incorrectly returned privacy value of false, regardless of the actual value.
Problem conclusion
Modified the Rc4HMacWrapToken.decode() and DesWrapToken.decode() methods to update the privacy field in the msgProp parameter to make it available to the caller for validation. The files affected by this APAR are: ibmjgssprovider.jar (Java 7 & 7.1: build_20210426--85, Java 8: build_20210426--84). The associated Hursley RTC Problem Report is 145239. The associated Austin Git issue is Issue# 21 for IBMJGSS. The associated Austin APAR issue is IJ32244. The fix was delivered for: Java 7.0 SR10 FP90, Java 7.1 SR4 FP90, & Java 8.0 SR6 FP35. . This APAR will be fixed in the following Java Releases: 8 SR6 FP35 (8.0.6.35) 7 SR10 FP90 (7.0.10.90) 7 R1 SR4 FP90 (7.1.4.90) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ32328
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-04-26
Closed date
2021-04-27
Last modified date
2021-04-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
28 April 2021