You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2023/11/29 10:50:00 UTC
[jira] [Assigned] (DIRKRB-767) data race when multi KrbClients visit KdcServer
[ https://issues.apache.org/jira/browse/DIRKRB-767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned DIRKRB-767:
------------------------------------------
Assignee: Colm O hEigeartaigh
> data race when multi KrbClients visit KdcServer
> -----------------------------------------------
>
> Key: DIRKRB-767
> URL: https://issues.apache.org/jira/browse/DIRKRB-767
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 2.0.3
> Reporter: lujie
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> when KDCServer started, it will run a thread to check if has a client request in
> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run() method.
> *server test code:*
> {code:java}
> // server test code
> import org.apache.kerby.kerberos.kerb.KrbException;
> import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
> public class TestServer2 {
> public static void main(String[] args) throws KrbException {
> SimpleKdcServer simpleKdcServer = new SimpleKdcServer();
> simpleKdcServer.setKdcHost("0.0.0.0");
> simpleKdcServer.setKdcRealm("service.ws.apache.org");
> simpleKdcServer.setKdcTcpPort(12345);
> simpleKdcServer.setAllowUdp(true);
> simpleKdcServer.setKdcUdpPort(12346);
> simpleKdcServer.init();
> // Create principals
> String alice = "alice@service.ws.apache.org";
> String bob = "bob/service.ws.apache.org@service.ws.apache.org";
> // simpleKdcServer.set
> simpleKdcServer.createPrincipal(alice, "alice");
> simpleKdcServer.createPrincipal(bob,"bob");
> simpleKdcServer.start();
> }
> } {code}
> *client test Code*
> {code:java}
> // client test Code
> import org.apache.kerby.kerberos.kerb.KrbException;
> import org.apache.kerby.kerberos.kerb.client.KrbClient;
> import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
> import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
> import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
> public class TestClient3 {
> public static void main(String[] args) {
> for (int i = 0; i < 10; i++) {
> System.out.println(i);
> new Thread(()->{
> try {
> KrbClient client = new KrbClient();
> client.setKdcHost("0.0.0.0");
> client.setKdcTcpPort(12345);
> client.setKdcUdpPort(12346);
> client.setKdcRealm("TEST2.COM");
> client.init();
> TgtTicket tgt;
> SgtTicket tkt;
> tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
> tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
> } catch (KrbException e) {
> }
> }).start();
> }
> }
> }
> {code}
> *method : org.apache.kerby.kerberos.kerb.server.preauth.pkinit.PkinitPreauth.initWith(KdcContext kdcContext)*
> *In order to make the results more visible, I inserted several lines of code, such as {{System.out.println()}} and {{{}Thread.sleep(new Random().nextInt(10)){}}}. Please let me know if there are any syntax errors.*
> {code:java}
> public void initWith(KdcContext kdcContext) {
> super.initWith(kdcContext);
> PkinitKdcContext tmp = new PkinitKdcContext();
> tmp.realm = kdcContext.getKdcRealm();
> String pkinitIdentity = kdcContext.getConfig().getPkinitIdentity();
> tmp.identityOpts.setIdentity(pkinitIdentity);
> System.out.println("start::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());
> try {
> Thread.sleep(new Random().nextInt(10));
> } catch (InterruptedException e) {
> throw new RuntimeException(e);
> }
> pkinitContexts.put(kdcContext.getKdcRealm(), tmp);
> System.out.println("end::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());
> }{code}
> After run the server and client, we will get the part of result:
> {panel}
> start::pool-1-thread-6 357333366 1688116403609
> start::pool-1-thread-4 357333366 1688116403609
> end::pool-1-thread-6 357333366 1688116403610
> start::pool-1-thread-1 357333366 1688116403609
> start::pool-1-thread-9 357333366 1688116403609
> start::pool-1-thread-2 357333366 1688116403609
> start::pool-1-thread-7 357333366 1688116403609
> start::pool-1-thread-5 357333366 1688116403609
> start::pool-1-thread-3 357333366 1688116403609
> start::pool-1-thread-10 357333366 1688116403609
> start::pool-1-thread-8 357333366 1688116403609
> end::pool-1-thread-5 357333366 1688116403613
> end::pool-1-thread-2 357333366 1688116403613
> end::pool-1-thread-4 357333366 1688116403614
> end::pool-1-thread-1 357333366 1688116403614
> end::pool-1-thread-7 357333366 1688116403617
> end::pool-1-thread-10 357333366 1688116403617
> end::pool-1-thread-3 357333366 1688116403617
> end::pool-1-thread-9 357333366 1688116403619
> end::pool-1-thread-8 357333366 1688116403619
> start::pool-1-thread-10 357333366 1688116403715
> start::pool-1-thread-6 357333366 1688116403716
> start::pool-1-thread-2 357333366 1688116403716
> start::pool-1-thread-4 357333366 1688116403715
> start::pool-1-thread-8 357333366 1688116403715
> start::pool-1-thread-3 357333366 1688116403716
> start::pool-1-thread-9 357333366 1688116403715
> start::pool-1-thread-1 357333366 1688116403715
> start::pool-1-thread-5 357333366 1688116403715
> end::pool-1-thread-5 357333366 1688116403716
> start::pool-1-thread-7 357333366 1688116403716
> end::pool-1-thread-10 357333366 1688116403719
> end::pool-1-thread-2 357333366 1688116403719
> end::pool-1-thread-6 357333366 1688116403719
> end::pool-1-thread-1 357333366 1688116403721
> end::pool-1-thread-7 357333366 1688116403721
> end::pool-1-thread-8 357333366 1688116403724
> end::pool-1-thread-4 357333366 1688116403726
> end::pool-1-thread-3 357333366 1688116403726
> end::pool-1-thread-9 357333366 1688116403726
> {panel}
> Different thread visits pkinitContexts object without any lock, then will couses a data race.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org