Hi,
We have a problem using in-house code using TomCat to provide an
authenticating server. This code works alright on Linux, SGI, AIX and
MacOSX for simultaneous requests. It does not, however, work for Solaris
with simultaneous requests (single requests do work).
The flow of the server is:
TomCat4.0.3 <-> Java Server <-> JNI <-> execve'd SUID program <-> execve'd
applications
The Java server passes commands to the JNI program (C). Typically such
a command is to run one of the applications. The JNI forks/execve's an SUID
control program which sets itself to be the required user and then
the required application is itself forked/execve'd.
Pipes for stdin (fd0), stdout (fd1) and stderr (fd2) are established
via pipe(2) and dup2(2) between the JNI and the SUID control program,
and for fd1 and fd2 between the SUID program and the final application.
This allows the application to send its stdout/stderr directly
back to the JNI. The stdin (fd0) pipe is used by the JNI for sending
commands to the SUID program.
The JNI code has been designed to be non-blocking using ioctl/fcntl
calls throughout. The JNI code uses:
pipe(2)
fork(2)
execve(2)
dup2(2)
read(2)
write(2)
waitpid(2)
select(2)
malloc(2)
It also uses various stdio prints and scans plus some dynamic string
routines from an in-house library.
The offending OS is Solaris 8 (latest patchlevel). Both JDK1.3.1_02 and
JDK1.4 have been tried. The C code has been compiled with the latest Sun
CC using -D_REENTRANT and -lthread throughout. The code uses BSD-style
system calls, it can be converted to POSIX if needed.
The symptoms we see are the following 4 SOAP errors:
"Connection reset by peer: socket write error"
"Error opening socket: null"
"bad record MAC"
"Interrupted system call"
One of these errors is seen for one of the simultaneous requests, the
other request most often succeeds. In previous versions of our code (using
sockets for communication rather than fd0) the tomcat server has gone into
a CPU-consuming infinite loop state, hence we tried pipe-only as above.
The previous socket code also displayed the above errors occasionally
though.
As our code works alright on 4 out of 5 tested operating systems we assume
we're not doing something fundamentally wrong. Any hints as to what we are
doing wrong for Solaris would be much appreciated.
Alan Bleasby
Tim Carver
UK MRC HGMP-RC
Hinxton
Cambridge
UK
CB10 1SB
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
