[pbs-devel] applied: [PATCH proxmox-backup] auth: 'crypt' is not thread safe
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Jul 12 19:09:40 CEST 2021
On 12.07.21 18:30, Stefan Reiter wrote:
> According to crypt(3):
> "crypt places its result in a static storage area, which will be
> overwritten by subsequent calls to crypt. It is not safe to call crypt
> from multiple threads simultaneously."
>
> This means that multiple login calls as a PBS-realm user can collide and
> produce intermittent authentication failures. A visible case is for
> file-restore, where VMs with many disks lead to just as many auth-calls
> at the same time, as the GUI tries to expand each tree element on load.
>
> Instead, use the thread-safe variant 'crypt_r', which places the result
> into a pre-allocated buffer of type 'crypt_data'. The C struct is laid
> out according to 'lib/crypt.h.in' and the man page mentioned above.
>
> Use the opportunity and make both arguments to the rust 'crypt' function
> take a &[u8].
>
> Signed-off-by: Stefan Reiter <s.reiter at proxmox.com>
> ---
>
> Easier solution would of course be to just wrap the call in a Mutex<()> or
> similar, but that comes at the cost of locking...
>
> src/auth.rs | 57 +++++++++++++++++++++++++++++++++++++++--------------
> 1 file changed, 42 insertions(+), 15 deletions(-)
>
>
applied, thanks!
More information about the pbs-devel
mailing list