You are viewing a plain text version of this content. The canonical link for it is here.
Posted to proton@qpid.apache.org by "michael goulish (JIRA)" <ji...@apache.org> on 2015/09/10 16:58:47 UTC
[jira] [Created] (PROTON-992) Proton's use of Cyrus SASL is not
thread-safe.
michael goulish created PROTON-992:
--------------------------------------
Summary: Proton's use of Cyrus SASL is not thread-safe.
Key: PROTON-992
URL: https://issues.apache.org/jira/browse/PROTON-992
Project: Qpid Proton
Issue Type: Bug
Components: proton-c
Affects Versions: 0.10
Reporter: michael goulish
Priority: Critical
Documentation for the Cyrus SASL library says that the library is believed to be thread-safe only if the code that uses it meets several requirements.
The requirements are:
* you supply mutex functions (see sasl_set_mutex())
* you make no libsasl calls until sasl_client/server_init() completes
* no libsasl calls are made after sasl_done() is begun
* when using GSSAPI, you use a thread-safe GSS / Kerberos 5 library.
It says explicitly that that sasl_set* calls are not thread safe, since they set global state.
The proton library makes calls to sasl_set* functions in :
pni_init_client()
pni_init_server(), and
pni_process_init()
Since those are internal functions, there is no way for code that uses Proton to lock around those calls.
I think proton needs a new API call to let applications call sasl_set_mutex(). Or something.
We probably also need other protections to meet the other requirements specified in the Cyrus documentation (and quoted above).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)