[CDRIVER-1207] Deprecated SASL functions and possible crash on OS X 10.11 Created: 20/Apr/16  Updated: 11/Dec/18  Resolved: 16/Dec/16

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.3.5
Fix Version/s: TBD

Type: Bug Priority: Minor - P4
Reporter: Jeremy Mikola Assignee: Backlog - C Driver Team
Resolution: Incomplete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OS X 10.11


Issue Links:
Depends
is depended on by PHPC-675 SASL crash using XAMPP on OS X 10.11 Closed
Related
is related to CDRIVER-530 SASL version check does not do what y... Closed
is related to CDRIVER-797 Stop depending on Cyrus for GSSAPI / ... Closed

 Description   

At least one user in mongodb/mongo-php-driver#247 reported build warnings when compiling the PHPC driver (bundled with libmongoc 1.3.x) on OSX 10.11:

/private/tmp/pear/temp/mongodb/src/libmongoc/src/mongoc/mongoc-init.c  -fno-common -DPIC -o src/libmongoc/src/mongoc/.libs/mongoc-init.o
/private/tmp/pear/temp/mongodb/src/libmongoc/src/mongoc/mongoc-init.c:85:4: warning: 'sasl_set_mutex' is deprecated: first deprecated in OS X 10.11 [-Wdeprecated-declarations]
   sasl_set_mutex (mongoc_sasl_mutex_alloc,
   ^
/usr/include/sasl/sasl.h:253:18: note: 'sasl_set_mutex' has been explicitly marked deprecated here
LIBSASL_API void sasl_set_mutex(sasl_mutex_alloc_t *, sasl_mutex_lock_t *,
                 ^
/private/tmp/pear/temp/mongodb/src/libmongoc/src/mongoc/mongoc-init.c:91:4: warning: 'sasl_client_init' is deprecated: first deprecated in OS X 10.11 [-Wdeprecated-declarations]
   sasl_client_init (NULL);
   ^
/usr/include/sasl/sasl.h:924:17: note: 'sasl_client_init' has been explicitly marked deprecated here
LIBSASL_API int sasl_client_init(const sasl_callback_t *callbacks) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_11,__IPHONE_NA,__IPHONE_NA);
                ^
/private/tmp/pear/temp/mongodb/src/libmongoc/src/mongoc/mongoc-init.c:130:4: warning: 'sasl_client_done' is deprecated: first deprecated in OS X 10.11 [-Wdeprecated-declarations]
   sasl_client_done ();
   ^
/usr/include/sasl/sasl.h:741:17: note: 'sasl_client_done' has been explicitly marked deprecated here
LIBSASL_API int sasl_client_done(void) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_11,__IPHONE_NA,__IPHONE_NA);
                ^

The same user reported a segfault when using PHPC (compiled with SASL support) in XAMPP. The following stack trace snippet hints at this being due to a SASL incompatibility:

20  libdyld.dylib                   0x00007fff8753e79c dlopen + 59
21  libsasl2.2.dylib                0x00007fff8604a8fc _sasl_get_plugin + 78
22  libsasl2.2.dylib                0x00007fff8604ac4d _sasl_load_plugins + 762
23  libsasl2.2.dylib                0x00007fff86042568 sasl_client_init + 240
24  mongodb.so                      0x000000010327ea98 _mongoc_do_init + 56
25  libsystem_pthread.dylib         0x00007fff8b494c0a __pthread_once_handler + 65
26  libsystem_platform.dylib        0x00007fff893ccfc4 _os_once + 41
27  libsystem_pthread.dylib         0x00007fff8b494ba9 pthread_once + 57
...
34  dyld                            0x00007fff688ea118 dlopen + 555
35  libdyld.dylib                   0x00007fff8753e79c dlopen + 59
36  libphp5.so                      0x0000000101f6bc86 php_load_extension + 134

I'm unsure if the segfault is directly related to the use of now-deprecated functions.



 Comments   
Comment by Hannes Magnusson [ 16/Dec/16 ]

I'm going to close this as Incomplete.

macOS has deprecated the use if libsasl, so the only way out of that is to use the OSX native sasl support (which I don't actually know what is). This is tracked in CDRIVER-797.

I cannot determine the cause of the segfault. There is only that one reference to it, and it doesn't seem to be reproducible by anyone else.
It might have happened when reloading the webserver, rather then restarting it, which might have triggered weird shared module loading when php was reloading its own module, such as the mongodb extension and subsequently libsasl.

There isn't much else I can imagine have happened, nor is there anything I can point at to fix at the moment

Comment by Jeremy Mikola [ 05/Aug/16 ]

I didn't find any reference to SASL from the IMAP extension, but there are numerous references throughout the LDAP extension. None of the users shared their PHP modules, but it also doesn't look like LDAP is initialized in the extensions' MINIT. LDAP initialization is deferred until PHP's ldap_connect() function, which I doubt any of these users are invoking. Separate from PHP, one of the users' crash reports for httpd does include mod_ldap.

Assuming OpenLDAP is being initialized, sasl_client_init() would be invoked from here.

Do we know how to repro this internally? Is it just installing XAMPP on OSX and then things go bad?

It appears to be a stock XAMPP install on OSX with a default install of the driver via XAMPP's pecl command.

Comment by Hannes Magnusson [ 05/Aug/16 ]

I think the imap extension has some sasl related code in it.

I also see libldap in that crash log, which I can imagine has some sasl support.

Do we know how to repro this internally? Is it just installing XAMPP on OSX and then things go bad?

Comment by A. Jesse Jiryu Davis [ 05/Aug/16 ]

Does PHP itself have SASL support built in, or is there an additional PHP plugin on the reporter's system? I'm thinking of other paths that might call sasl_client_init in the same process as the C Driver.

Comment by A. Jesse Jiryu Davis [ 05/Aug/16 ]

sasl_client_init tries to enforce once-only initialization, but it isn't thread-safe:

https://github.com/cyrusimap/cyrus-sasl/blob/9a9907b557a9e7/lib/client.c#L271

So we provide thread-safety in mongoc_init for both POSIX and Windows. Regardless it sounds like that's not the issue since you're calling mongoc_init early on the main thread?

Comment by Jeremy Mikola [ 05/Aug/16 ]

I see a second user reported a repro last week, but had that user disabled automatic cleanup or no?

Both users in that thread (erwinsetiawan and izhur) were using versions after 1.1.5, which would have included the MONGOC_NO_AUTOMATIC_GLOBALS fix from PHPC-632.

There's also a TODO item in the libmongoc code to add a logging callback for SASL (here). Implementing that (probably in a separate ticket) might be helpful to diagnose this down the line.

bjori: Given that mongoc_init() is only invoked from PHP_MINIT_FUNCTION(mongodb), is there any reason to suspect that it might be called multiple times on their XAMPP deployments (perhaps once per thread in the same httpd process)? Poking through your headers, it looks like mongoc_once() is defined to pthread_once() on non-Windows platforms. Is it kosher to initialize SASL multiple times from different threads in the same process? Disclaimer: I'm conjecturing here.

Comment by A. Jesse Jiryu Davis [ 05/Aug/16 ]

How do we make progress on this? I see a second user reported a repro last week, but had that user disabled automatic cleanup or no?

Comment by Jeremy Mikola [ 20/Apr/16 ]

I don't think the crash and the deprecation warnings are related.

I asked the user that supplied the crash stacktrace to clarify their driver version, in case it was is related to PHPC-632. I'll note that the original GitHub issue was opened before we fixed PHPC-632 in 1.1.5; however, that OP hasn't provided a stacktrace.

Comment by Hannes Magnusson [ 20/Apr/16 ]

http://opensource.apple.com//source/passwordserver_sasl/passwordserver_sasl-209/cyrus_sasl/include/sasl.h

/* dispose of all SASL plugins.  Connection
 * states have to be disposed of before calling this.
 *
 * This function is DEPRECATED in favour of sasl_server_done/
 * sasl_client_done.
 */
LIBSASL_API void sasl_done(void) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_11,__IPHONE_NA,__IPHONE_NA);
 
/* dispose of all SASL plugins.  Connection
 * states have to be disposed of before calling this.
 * This function should be called instead of sasl_done(),
   whenever possible.
 */
LIBSASL_API int sasl_server_done(void) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_11,__IPHONE_NA,__IPHONE_NA);
 
/* dispose of all SASL plugins.  Connection
 * states have to be disposed of before calling this.
 * This function should be called instead of sasl_done(),
   whenever possible.
 */
LIBSASL_API int sasl_client_done(void) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_11,__IPHONE_NA,__IPHONE_NA);

As you can see, all the above are deprecated. sasl_done() was deprecated in favor of sasl_[client|server]_done(), which was added in in 10.10 (I'm pretty sure that header is wrongly suggesting sasl_client_done was added in 10.0), but then was themselfs deprecated in 10.11 – without a suggestion of what to use instead. There are no similarities in upstream Cyrus SASL.

I don't see anything natively provided by OSX that is supposed to be used instead after a quick scan in their docs https://developer.apple.com/search/?q=sasl&platform=OS%20X

I don't think the crash and the deprecation warnings are related.

Generated at Wed Feb 07 21:11:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.