SELINUX设为Disable 影响java SSH工具包Jsch 0.1.49.jar的一个案例
2015-03-09 14:38 梁小白 阅读(457) 评论(0) 编辑 收藏 举报最近项目中遇到一个典型事件,当RHEL 的SELINUX设为DISABLE时
使用JAVA的Jsch 库调用SSH命令时将随机返回空字符串,我使用的版本是0.1.49,最新版本0.1.51未测试。
关于Jsch: http://www.jcraft.com/jsch/
为此,我特意写了一个程序测试:
package com.ibm.leo; import com.ibm.gts.cms.common.guestssh.api.GuestSshServiceFactory; import com.ibm.gts.cms.common.guestssh.api.IGuestSshProperties; import com.ibm.gts.cms.common.guestssh.api.IGuestSshService; import com.ibm.gts.cms.common.guestssh.api.IScriptResponse; public class GuestSSH { /** * This code snippet will validate that the guestssh service remove execute will return null randomly if the selinux was disabled. * */ public static void main(String[] args) { try{ int sshRC=-1; if(args.length<3){ System.out.println("Usage: java -jar testssh.jar <Host IP> <command> <count>"); System.exit(1); } int count=Integer.parseInt(args[2]); if(count==0) count=1; int nullCount=0; System.out.println("start test..."); // Run the command via SSH IGuestSshService sshService = GuestSshServiceFactory.GetService(); IGuestSshProperties props = sshService.makeGuestSshProperties(); props.setConnectTimeout(60000); // 60 seconds to establish connection with the guest props.setCommandTimeout(60 * 60 * 1000); // 1 hour to wait for command to complete (after connection) //props.setScriptInputStream(null); // stdin may be null, which is OK and means no stdin data for(int i=1;i<=count;i++){ IScriptResponse response = sshService.invoke("root", args[0], 22, null, args[1], null, props); sshRC = response.getReturnCode(); String[] stdoutLines = response.getStandardOutputLines(); if(stdoutLines[0].trim().equals("")) nullCount++; System.out.println("Exceute count:"+i+" returnCode: "+sshRC +" return Lines:"+stdoutLines.length); for (String line : stdoutLines) { System.out.println("Command return: "+line); } } System.out.println("End test, the total execute count is "+count+", and first line null return count is: " + nullCount); }catch(Exception e){ System.out.println(e.getMessage()); } } }
测试结果如下:
D:\tmp>java -jar testssh.jar 192.168.1.244 hostname 5 start test... Exceute count:1 returnCode: 0 return Lines:1 Command return: GMTDev Exceute count:2 returnCode: 0 return Lines:1 Command return: Exceute count:3 returnCode: 0 return Lines:1 Command return: Exceute count:4 returnCode: 0 return Lines:1 Command return: Exceute count:5 returnCode: 0 return Lines:1 Command return: GMTDev End test, the total execute count is 5, and first line null return count is: 3
从结果中可以看出,共取了5次主机名,只有两得到,3次虽然命令成功执行,但返回空值,这种情况只有当SELINUX=disabled时出现,而Enforcing和permissive返回值都正常。
或许是guestssh的一个BUG? 记录一下备查。
本文为原创内容,转载请注明出自 梁小白博客(http://biangbiang.cnblogs.com)