You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "lujie (Jira)" <ji...@apache.org> on 2023/06/30 09:10:00 UTC
[jira] [Created] (DIRKRB-767) data race when multi KrbClients visit KdcServer

lujie created DIRKRB-767:
----------------------------

             Summary: data race when multi KrbClients visit KdcServer
                 Key: DIRKRB-767
                 URL: https://issues.apache.org/jira/browse/DIRKRB-767
             Project: Directory Kerberos
          Issue Type: Bug
    Affects Versions: 2.0.3
            Reporter: lujie


when KDCServer started, it will run a thread to check if has a client request in

org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run() method.

*server test code:* 
{code:java}
// server test code
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;

public class TestServer2 {
    public static void main(String[] args) throws KrbException {
        SimpleKdcServer simpleKdcServer = new SimpleKdcServer();

        simpleKdcServer.setKdcHost("0.0.0.0");
        simpleKdcServer.setKdcRealm("service.ws.apache.org");
        simpleKdcServer.setKdcTcpPort(12345);
        simpleKdcServer.setAllowUdp(true);
        simpleKdcServer.setKdcUdpPort(12346);
        simpleKdcServer.init();
// Create principals
        String alice = "alice@service.ws.apache.org";
        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
//        simpleKdcServer.set
        simpleKdcServer.createPrincipal(alice, "alice");
        simpleKdcServer.createPrincipal(bob,"bob");

        simpleKdcServer.start();
    }
} {code}
*client test Code*
{code:java}
// client test Code
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;

public class TestClient3 {
    public static void main(String[] args) {
        for (int i = 0; i < 10; i++) {
            System.out.println(i);
            new Thread(()->{
                try {
                    KrbClient client = new KrbClient();
                    client.setKdcHost("0.0.0.0");
                    client.setKdcTcpPort(12345);
                    client.setKdcUdpPort(12346);
                    client.setKdcRealm("TEST2.COM");
                    client.init();

                    TgtTicket tgt;
                    SgtTicket tkt;

                    tgt = client.requestTgt("alice@service.ws.apache.org", "alice");

                    tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
                } catch (KrbException e) {

                }
            }).start();

        }

    }
}
 {code}
*method : org.apache.kerby.kerberos.kerb.server.preauth.pkinit.PkinitPreauth.initWith(KdcContext kdcContext)*

*I insert two line coded thoes are "System.out.println("start::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());"  and "System.out.println("end::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());"*
{code:java}
// code placeholder
public void initWith(KdcContext kdcContext) {
    super.initWith(kdcContext);

    PkinitKdcContext tmp = new PkinitKdcContext();
    tmp.realm = kdcContext.getKdcRealm();

    String pkinitIdentity = kdcContext.getConfig().getPkinitIdentity();
    tmp.identityOpts.setIdentity(pkinitIdentity);

    System.out.println("start::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());
    pkinitContexts.put(kdcContext.getKdcRealm(), tmp);
    System.out.println("end::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());
} {code}
 After run the server and client, we will get the part of result:
{panel}
start::pool-1-thread-7 434495522 1688115500240
start::pool-1-thread-1 434495522 1688115500240
start::pool-1-thread-10 434495522 1688115500240
start::pool-1-thread-4 434495522 1688115500240
start::pool-1-thread-6 434495522 1688115500240
start::pool-1-thread-2 434495522 1688115500240
start::pool-1-thread-5 434495522 1688115500240
start::pool-1-thread-3 434495522 1688115500240
start::pool-1-thread-9 434495522 1688115500240
end::pool-1-thread-9 434495522 1688115500240
start::pool-1-thread-8 434495522 1688115500240
end::pool-1-thread-3 434495522 1688115500240
end::pool-1-thread-5 434495522 1688115500240
end::pool-1-thread-2 434495522 1688115500240
end::pool-1-thread-6 434495522 1688115500240
end::pool-1-thread-4 434495522 1688115500240
end::pool-1-thread-10 434495522 1688115500240
end::pool-1-thread-1 434495522 1688115500240
end::pool-1-thread-7 434495522 1688115500240
end::pool-1-thread-8 434495522 1688115500240

....
{panel}
Different thread visits pkinitContexts object without any lock, then will couses a data race.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org