代码改变世界

SELINUX设为Disable 影响java SSH工具包Jsch 0.1.49.jar的一个案例

2015-03-09 14:38  梁小白  阅读(447)  评论(0编辑  收藏  举报

最近项目中遇到一个典型事件,当RHEL 的SELINUX设为DISABLE时

使用JAVA的Jsch 库调用SSH命令时将随机返回空字符串,我使用的版本是0.1.49,最新版本0.1.51未测试。

关于Jsch: http://www.jcraft.com/jsch/

为此,我特意写了一个程序测试:

package com.ibm.leo;

import com.ibm.gts.cms.common.guestssh.api.GuestSshServiceFactory;
import com.ibm.gts.cms.common.guestssh.api.IGuestSshProperties;
import com.ibm.gts.cms.common.guestssh.api.IGuestSshService;
import com.ibm.gts.cms.common.guestssh.api.IScriptResponse;

public class GuestSSH {
    /**
     * This code snippet will validate that the guestssh service remove execute will return null randomly  if the selinux was disabled. 
     * */
	public static void main(String[] args) {
		try{
		int sshRC=-1;
		if(args.length<3){
			System.out.println("Usage: java -jar testssh.jar <Host IP> <command> <count>");
			System.exit(1);
		}
		
		int count=Integer.parseInt(args[2]);
		if(count==0) count=1;
		
		int nullCount=0;
		System.out.println("start test...");
		// Run the command via SSH
			IGuestSshService sshService = GuestSshServiceFactory.GetService();
			IGuestSshProperties props = sshService.makeGuestSshProperties();
			props.setConnectTimeout(60000);  //  60 seconds to establish connection with the guest
			props.setCommandTimeout(60 * 60 * 1000); // 1 hour to wait for command to complete (after connection)
			//props.setScriptInputStream(null); // stdin may be null, which is OK and means no stdin data
			for(int i=1;i<=count;i++){
				IScriptResponse response = sshService.invoke("root", args[0], 22, null, args[1], null, props);
				sshRC = response.getReturnCode();
				String[] stdoutLines = response.getStandardOutputLines();
				if(stdoutLines[0].trim().equals("")) nullCount++;
				System.out.println("Exceute count:"+i+"  returnCode: "+sshRC +" return Lines:"+stdoutLines.length);
				for (String line : stdoutLines) {
					System.out.println("Command return: "+line);
				}
			}
			System.out.println("End test, the total execute count is "+count+", and  first line null return count is: " + nullCount);
		}catch(Exception e){
			System.out.println(e.getMessage());
		}
	}

}

 测试结果如下:

D:\tmp>java -jar testssh.jar 192.168.1.244 hostname 5
start test...
Exceute count:1  returnCode: 0 return Lines:1
Command return: GMTDev
Exceute count:2  returnCode: 0 return Lines:1
Command return:
Exceute count:3  returnCode: 0 return Lines:1
Command return:
Exceute count:4  returnCode: 0 return Lines:1
Command return:
Exceute count:5  returnCode: 0 return Lines:1
Command return: GMTDev
End test, the total execute count is 5, and  first line null return count is: 3

 从结果中可以看出,共取了5次主机名,只有两得到,3次虽然命令成功执行,但返回空值,这种情况只有当SELINUX=disabled时出现,而Enforcing和permissive返回值都正常。

或许是guestssh的一个BUG? 记录一下备查。