You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2023/11/29 10:50:00 UTC
[jira] [Assigned] (DIRKRB-767) data race when multi KrbClients visit KdcServer

     [ https://issues.apache.org/jira/browse/DIRKRB-767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh reassigned DIRKRB-767:
------------------------------------------

    Assignee: Colm O hEigeartaigh

> data race when multi KrbClients visit KdcServer
> -----------------------------------------------
>
>                 Key: DIRKRB-767
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-767
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 2.0.3
>            Reporter: lujie
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 2.1.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> when KDCServer started, it will run a thread to check if has a client request in
> org.apache.kerby.kerberos.kerb.transport.KdcNetwork.run() method.
> *server test code:* 
> {code:java}
> // server test code
> import org.apache.kerby.kerberos.kerb.KrbException;
> import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
> public class TestServer2 {
>     public static void main(String[] args) throws KrbException {
>         SimpleKdcServer simpleKdcServer = new SimpleKdcServer();
>         simpleKdcServer.setKdcHost("0.0.0.0");
>         simpleKdcServer.setKdcRealm("service.ws.apache.org");
>         simpleKdcServer.setKdcTcpPort(12345);
>         simpleKdcServer.setAllowUdp(true);
>         simpleKdcServer.setKdcUdpPort(12346);
>         simpleKdcServer.init();
> // Create principals
>         String alice = "alice@service.ws.apache.org";
>         String bob = "bob/service.ws.apache.org@service.ws.apache.org";
> //        simpleKdcServer.set
>         simpleKdcServer.createPrincipal(alice, "alice");
>         simpleKdcServer.createPrincipal(bob,"bob");
>         simpleKdcServer.start();
>     }
> } {code}
> *client test Code*
> {code:java}
> // client test Code
> import org.apache.kerby.kerberos.kerb.KrbException;
> import org.apache.kerby.kerberos.kerb.client.KrbClient;
> import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
> import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
> import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
> public class TestClient3 {
>     public static void main(String[] args) {
>         for (int i = 0; i < 10; i++) {
>             System.out.println(i);
>             new Thread(()->{
>                 try {
>                     KrbClient client = new KrbClient();
>                     client.setKdcHost("0.0.0.0");
>                     client.setKdcTcpPort(12345);
>                     client.setKdcUdpPort(12346);
>                     client.setKdcRealm("TEST2.COM");
>                     client.init();
>                     TgtTicket tgt;
>                     SgtTicket tkt;
>                     tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
>                     tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
>                 } catch (KrbException e) {
>                 }
>             }).start();
>         }
>     }
> }
>  {code}
> *method : org.apache.kerby.kerberos.kerb.server.preauth.pkinit.PkinitPreauth.initWith(KdcContext kdcContext)*
> *In order to make the results more visible, I inserted several lines of code, such as {{System.out.println()}} and {{{}Thread.sleep(new Random().nextInt(10)){}}}. Please let me know if there are any syntax errors.*
> {code:java}
> public void initWith(KdcContext kdcContext) {
>     super.initWith(kdcContext);
>     PkinitKdcContext tmp = new PkinitKdcContext();
>     tmp.realm = kdcContext.getKdcRealm();
>     String pkinitIdentity = kdcContext.getConfig().getPkinitIdentity();
>     tmp.identityOpts.setIdentity(pkinitIdentity);
>     System.out.println("start::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());
>     try {
>         Thread.sleep(new Random().nextInt(10));
>     } catch (InterruptedException e) {
>         throw new RuntimeException(e);
>     }
>     pkinitContexts.put(kdcContext.getKdcRealm(), tmp);
>     System.out.println("end::" +Thread.currentThread().getName()+ " "+System.identityHashCode(pkinitContexts)+" "+ System.currentTimeMillis());
> }{code}
>  After run the server and client, we will get the part of result:
> {panel}
> start::pool-1-thread-6 357333366 1688116403609
> start::pool-1-thread-4 357333366 1688116403609
> end::pool-1-thread-6 357333366 1688116403610
> start::pool-1-thread-1 357333366 1688116403609
> start::pool-1-thread-9 357333366 1688116403609
> start::pool-1-thread-2 357333366 1688116403609
> start::pool-1-thread-7 357333366 1688116403609
> start::pool-1-thread-5 357333366 1688116403609
> start::pool-1-thread-3 357333366 1688116403609
> start::pool-1-thread-10 357333366 1688116403609
> start::pool-1-thread-8 357333366 1688116403609
> end::pool-1-thread-5 357333366 1688116403613
> end::pool-1-thread-2 357333366 1688116403613
> end::pool-1-thread-4 357333366 1688116403614
> end::pool-1-thread-1 357333366 1688116403614
> end::pool-1-thread-7 357333366 1688116403617
> end::pool-1-thread-10 357333366 1688116403617
> end::pool-1-thread-3 357333366 1688116403617
> end::pool-1-thread-9 357333366 1688116403619
> end::pool-1-thread-8 357333366 1688116403619
> start::pool-1-thread-10 357333366 1688116403715
> start::pool-1-thread-6 357333366 1688116403716
> start::pool-1-thread-2 357333366 1688116403716
> start::pool-1-thread-4 357333366 1688116403715
> start::pool-1-thread-8 357333366 1688116403715
> start::pool-1-thread-3 357333366 1688116403716
> start::pool-1-thread-9 357333366 1688116403715
> start::pool-1-thread-1 357333366 1688116403715
> start::pool-1-thread-5 357333366 1688116403715
> end::pool-1-thread-5 357333366 1688116403716
> start::pool-1-thread-7 357333366 1688116403716
> end::pool-1-thread-10 357333366 1688116403719
> end::pool-1-thread-2 357333366 1688116403719
> end::pool-1-thread-6 357333366 1688116403719
> end::pool-1-thread-1 357333366 1688116403721
> end::pool-1-thread-7 357333366 1688116403721
> end::pool-1-thread-8 357333366 1688116403724
> end::pool-1-thread-4 357333366 1688116403726
> end::pool-1-thread-3 357333366 1688116403726
> end::pool-1-thread-9 357333366 1688116403726
> {panel}
> Different thread visits pkinitContexts object without any lock, then will couses a data race.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org