8043537: Changes for JDK-8039951 introduced circular dependency between Kerberos and com.sun.security.auth

Reviewed-by: alanb

jdk/make/mapfiles/libjava/mapfile-vers

@@ -270,7 +270,10 @@ SUNWprivate_1.1 {
                 Java_sun_misc_Version_getJvmVersionInfo;
                 Java_sun_misc_Version_getJvmSpecialVersion;
 		Java_sun_misc_VM_latestUserDefinedLoader;
-                Java_sun_misc_VM_isSetUID;
+                Java_sun_misc_VM_getuid;
+                Java_sun_misc_VM_geteuid;
+                Java_sun_misc_VM_getgid;
+                Java_sun_misc_VM_getegid;
                 Java_sun_misc_VM_initialize;
 		Java_sun_misc_VMSupport_initAgentProperties;
 		Java_sun_misc_VMSupport_getVMTemporaryDirectory;

jdk/src/share/classes/sun/misc/VM.java

@@ -370,7 +370,37 @@ public class VM {
     /**
      * Returns {@code true} if we are in a set UID program.
      */
-    public static native boolean isSetUID();
+    public static boolean isSetUID() {
+        long uid = getuid();
+        long euid = geteuid();
+        long gid = getgid();
+        long egid = getegid();
+        return uid != euid  || gid != egid;
+    }
+
+    /**
+     * Returns the real user ID of the calling process,
+     * or -1 if the value is not available.
+     */
+    public static native long getuid();
+
+    /**
+     * Returns the effective user ID of the calling process,
+     * or -1 if the value is not available.
+     */
+    public static native long geteuid();
+
+    /**
+     * Returns the real group ID of the calling process,
+     * or -1 if the value is not available.
+     */
+    public static native long getgid();
+
+    /**
+     * Returns the effective group ID of the calling process,
+     * or -1 if the value is not available.
+     */
+    public static native long getegid();
 
     static {
         initialize();

jdk/src/share/classes/sun/security/krb5/internal/rcache/DflCache.java

@@ -39,7 +39,6 @@ import java.nio.file.attribute.PosixFilePermission;
 import java.security.AccessController;
 import java.util.*;
 
-import com.sun.security.auth.module.UnixSystem;
 import sun.security.action.GetPropertyAction;
 import sun.security.krb5.internal.KerberosTime;
 import sun.security.krb5.internal.Krb5;
@@ -61,8 +60,7 @@ import sun.security.krb5.internal.ReplayCache;
  *
  *    service_euid
  *
- * Java does not have a method to get euid, so uid is used instead. This
- * should normally to be since a Java program is seldom used as a setuid app.
+ * in which euid is available as sun.misc.VM.geteuid().
  *
  * The file has a header:
  *
@@ -108,14 +106,8 @@ public class DflCache extends ReplayCache {
 
     private static long uid;
     static {
-        try {
-            // Available on Solaris, Linux and Mac. Otherwise, no _euid suffix
-            UnixSystem us = new com.sun.security.auth.module.UnixSystem();
-            uid = us.getUid();
-        } catch (Throwable e) {
-            // Cannot be only Exception, might be UnsatisfiedLinkError
-            uid = -1;
-        }
+        // Available on Solaris, Linux and Mac. Otherwise, -1 and no _euid suffix
+        uid = sun.misc.VM.geteuid();
     }
 
     public DflCache (String source) {

jdk/src/solaris/native/sun/misc/VM_md.c

@@ -27,12 +27,26 @@
 #include "jni_util.h"
 
 
-JNIEXPORT jboolean JNICALL
-Java_sun_misc_VM_isSetUID(JNIEnv *env, jclass thisclass) {
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_getuid(JNIEnv *env, jclass thisclass) {
 
-    /* Return true if we are in a set UID or set GID process. */
-    if (getuid() != geteuid() || getgid() != getegid()) {
-        return JNI_TRUE;
-    }
-    return JNI_FALSE;
+    return getuid();
+}
+
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_geteuid(JNIEnv *env, jclass thisclass) {
+
+    return geteuid();
+}
+
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_getgid(JNIEnv *env, jclass thisclass) {
+
+    return getgid();
+}
+
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_getegid(JNIEnv *env, jclass thisclass) {
+
+    return getegid();
 }

jdk/src/windows/native/sun/misc/VM_md.c

@@ -26,9 +26,30 @@
 #include "jni_util.h"
 
 
-JNIEXPORT jboolean JNICALL
-Java_sun_misc_VM_isSetUID(JNIEnv *env, jclass thisclass) {
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_getuid(JNIEnv *env, jclass thisclass) {
 
-    /* There is no set UID on Windows. */
-    return JNI_FALSE;
+    /* -1 means function not available. */
+    return -1;
+}
+
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_geteuid(JNIEnv *env, jclass thisclass) {
+
+    /* -1 means function not available. */
+    return -1;
+}
+
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_getgid(JNIEnv *env, jclass thisclass) {
+
+    /* -1 means function not available. */
+    return -1;
+}
+
+JNIEXPORT jlong JNICALL
+Java_sun_misc_VM_getegid(JNIEnv *env, jclass thisclass) {
+
+    /* -1 means function not available. */
+    return -1;
 }

jdk/test/sun/security/krb5/auto/ReplayCacheTestProc.java

@@ -40,7 +40,6 @@ import java.nio.file.StandardOpenOption;
 import java.security.MessageDigest;
 import java.util.*;
 
-import com.sun.security.auth.module.UnixSystem;
 import sun.security.jgss.GSSUtil;
 import sun.security.krb5.internal.APReq;
 import sun.security.krb5.internal.rcache.AuthTime;
@@ -79,13 +78,7 @@ public class ReplayCacheTestProc {
                 mode = -1;
             }
 
-            try {
-                UnixSystem us = new com.sun.security.auth.module.UnixSystem();
-                uid = us.getUid();
-            } catch (Throwable e) {
-                // Cannot be only Exception, might be UnsatisfiedLinkError
-                uid = -1;
-            }
+            uid = sun.misc.VM.geteuid();
 
             KDC kdc = KDC.create(OneKDC.REALM, HOST, 0, true);
             for (int i=0; i<nu; i++) {