Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 663F1200C25 for ; Fri, 24 Feb 2017 12:25:48 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 64CC8160B69; Fri, 24 Feb 2017 11:25:48 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id AB2B5160B5C for ; Fri, 24 Feb 2017 12:25:47 +0100 (CET) Received: (qmail 19380 invoked by uid 500); 24 Feb 2017 11:25:46 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 19370 invoked by uid 99); 24 Feb 2017 11:25:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2017 11:25:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 2CFA3C09C7 for ; Fri, 24 Feb 2017 11:25:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.451 X-Spam-Level: * X-Spam-Status: No, score=1.451 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id G8Ij4QLQP4Y7 for ; Fri, 24 Feb 2017 11:25:45 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 12A0A5F647 for ; Fri, 24 Feb 2017 11:25:45 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 7A2C6E039F for ; Fri, 24 Feb 2017 11:25:44 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 1ABD32412D for ; Fri, 24 Feb 2017 11:25:44 +0000 (UTC) Date: Fri, 24 Feb 2017 11:25:44 +0000 (UTC) From: "Emmanuel Lecharny (JIRA)" To: dev@directory.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (DIRKRB-620) KerberosChannel does not read whole response MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 24 Feb 2017 11:25:48 -0000 [ https://issues.apache.org/jira/browse/DIRKRB-620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emmanuel Lecharny resolved DIRKRB-620. -------------------------------------- Resolution: Fixed Fix Version/s: 2.0.0-RC1 Fixed with http://svn.apache.org/viewvc?rev=1784265&view=rev > KerberosChannel does not read whole response > -------------------------------------------- > > Key: DIRKRB-620 > URL: https://issues.apache.org/jira/browse/DIRKRB-620 > Project: Directory Kerberos > Issue Type: Bug > Components: changepw > Reporter: Maciej Miklas > Fix For: 2.0.0-RC1 > > > We have in production some customers who cannot change their password. In log we observe following exception: > {noformat} > 20.02.2017 10:59:11,987 DEBUG [http-bio-127.22.1.62-80-exec-383] org.apache.directory.api.asn1.ber.Asn1Decoder - <<<========================================== > 20.02.2017 10:59:11,987 ERROR [http-bio-127.22.1.62-80-exec-383] org.apache.directory.kerberos.client.KdcConnection - Authentication failed : timeout occured > 20.02.2017 10:59:11,987 WARN [http-bio-127.22.1.62-80-exec-383] org.apache.directory.kerberos.client.KdcConnection - failed to change the password > org.apache.directory.shared.kerberos.exceptions.KerberosException: TimeOut occured > at org.apache.directory.kerberos.client.KdcConnection._getTgt(KdcConnection.java:294) > at org.apache.directory.kerberos.client.KdcConnection.getTgt(KdcConnection.java:181) > at org.apache.directory.kerberos.client.KdcConnection.changePassword(KdcConnection.java:535) > {noformat} > Real reason for this error is incorrect socket implementation: > {code:title=org.apache.directory.kerberos.client.KerberosChannel|borderStyle=solid} > byte[] tmp = new byte[ 1024 * 8 ]; > while ( in.available() > 0 ) > { > int read = in.read( tmp ); > repData.put( tmp, 0, read ); > } > {code} > You should not relay on _available()_ - it returns only assumption. In our case for some users it returns 0 before whole message has been consumed. > In order to fix it, you should first read header of the message in order to figure out its size. Now use _in.read(...)_ until you consume expected amount of bytes. Eventually you will run into timeout, which is fine and happens if server does not keep its promise from header and cuts the message. > I've changed code into this: > {code:title=org.apache.directory.kerberos.client.KerberosChannel|borderStyle=solid} > byte[] tmp = new byte[1024 * 8]; > int read; > try { > while ((read = in.read(tmp)) > 0) { > repData.put(tmp, 0, read); > } > } > catch (SocketTimeoutException e) { > // OK > } > {code} > and customers now can change their password. Obviously this implementation is *incorrect*, because it runs into timeout with every call. Bu it proves that using _available()_ does not work. -- This message was sent by Atlassian JIRA (v6.3.15#6346)