rpms/java-11-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add JDK-8275535 patch to fix LDAP authentication issue.

Browse Source 
Resolves: rhbz#2053523
This commit is contained in:
Andrew Hughes 2022-02-23 04:03:20 +00:00
parent 3e6e30fbbb
commit 9d274e8023
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
java-11-openjdk.spec
View File

@ -363,7 +363,7 @@
%global top_level_dir_name %{origin} %global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 1 %global buildver 1
%global rpmrelease 1 %global rpmrelease 2
#%%global tagsuffix %%{nil} #%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
@ -1290,6 +1290,8 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3695: Allow use of system crypto policy to be disabled by the user # PR3695: Allow use of system crypto policy to be disabled by the user
Patch7: pr3695-toggle_system_crypto_policy.patch Patch7: pr3695-toggle_system_crypto_policy.patch
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Patch8: jdk8275535-rh2053256-ldap_auth.patch
############################################# #############################################
# #
@ -1721,6 +1723,8 @@ popd # openjdk
%patch1015 %patch1015
%patch1016 %patch1016
%patch8
# Extract systemtap tapsets # Extract systemtap tapsets
%if %{with_systemtap} %if %{with_systemtap}
tar --strip-components=1 -x -I xz -f %{SOURCE8} tar --strip-components=1 -x -I xz -f %{SOURCE8}
@ -2492,6 +2496,10 @@ require "copy_jdk_configs.lua"
%endif %endif
%changelog %changelog
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-2
- Add JDK-8275535 patch to fix LDAP authentication issue.
- Resolves: rhbz#2053523
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-1 * Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-1
- Update to jdk-11.0.14.1+1 - Update to jdk-11.0.14.1+1
- Update release notes to 11.0.14.1+1 - Update release notes to 11.0.14.1+1

26
jdk8275535-rh2053256-ldap_auth.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
index 300f3682655..6f3eb6c450b 100644
--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@@ -226,6 +226,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
ctx = getLdapCtxFromUrl(
r.getDomainName(), url, new LdapURL(u), env);
return ctx;
+ } catch (AuthenticationException e) {
+ // do not retry on a different endpoint to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
// try the next element
lastException = e;
@@ -278,6 +282,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
for (String u : urls) {
try {
return getUsingURL(u, env);
+ } catch (AuthenticationException e) {
+ // do not retry on a different URL to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
ex = e;
}