Core Dump with gsstest-1.26 and krb5-1.4.2
Christoph Weizen
cwei at gmx.net
Wed Sep 21 12:48:30 EDT 2005
Tom Yu wrote:
> Christoph> $ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt
> Christoph> Sending verbose output to file "out.txt"
> Christoph> Segmentation fault (core dumped)
>
> Could you please send us a backtrace? (Use the "bt" command in gdb.)
> There are quite a few ways that krb5_copy_principal() can get called.
>
Here is the backtrace:
# gdb ./gsstest core
[...]
#0 krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
outprinc=0xffffdf8c) at copy_princ.c:61
61 unsigned int len = krb5_princ_component(context,
inprinc, i)->length;
(gdb) bt
#0 krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
outprinc=0xffffdf8c) at copy_princ.c:61
#1 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#2 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#3 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#4 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#5 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#6 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#7 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#8 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#9 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#10 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#11 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#12 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
Previous frame inner to this frame (corrupt stack?)
The output of gsstest don't look good either (RESULT not ok). I'm
worried about "No principal in keytab matches desired name". Maybe I
miss something?
I configured /etc/krb5.conf. kinit rzuser1, klist works.
/etc/krb5.keytab holds one entry for rzuser1.
**************************************************************************
***
***
*** "gsstest" -- GSS-API v2 Shared Library API Test Program
***
***
***
*** Version 1.26 03-Sep-2002
***
***
***
*** This implementation is Copyright (c), 1998 SAP AG Walldorf
***
***
***
**************************************************************************
*** This tool may be freely used to test functionality and
***
*** robustness of GSS-API v2 mechanism implemenations
***
**************************************************************************
*** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
***
*** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
***
*** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR ***
*** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
***
*** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP
AG'S ***
*** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
***
*** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
***
*** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL, ***
*** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
*** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
***
*** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
***
*** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
***
*** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
***
*** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
***
*** EXCEED US$ 500.000.-
***
**************************************************************************
Timer resolution of gettimeofday() is (at least) 0.001 millisec
1 second passed in 1000.000 millisec.
=====================================================================
Current Date&Time : Wed, 21-Sep-2005 18:35:06 GMT -02:00
Operating System : Linux
-Release : 2.6.5-7.191-pseries64
Hardware/Machine : ppc64
scalar C-types : void* ptrdiff_t size_t time_t long int wchar_t char
(sizes in bits) : 32 32s 32u 32s 32s 32s 32s 8u
Perf-Index (p-90) : dbg= 6.80 (opt= 3.60)
Timer Resolution : 0.001 millisec using "gettimeofday()"
Hostname : rliss002
Current user : root
=====================================================================
Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...
mech_list from gss_indicate_mechs() #1 contains 2 gss_OID elements:
{
[ 0] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
[ 1] = {1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
}
SNC will recognize this mechanism OID and force this selection ---
Selecting mechanism (1) from GSS shared library #1:
{1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
====================
Checking supported nametypes via gss_inquire_names_for_mech()
name_types contains 8 gss_OID elements:
{
[ 0] = {1 2 840 113554 1 2 1 1} NT= GSS_C_NT_USER_NAME
[ 1] = {1 2 840 113554 1 2 1 2} NT= GSS_C_NT_MACHINE_UID_NAME
[ 2] = {1 2 840 113554 1 2 1 3} NT= GSS_C_NT_STRING_UID_NAME
[ 3] = {1 2 840 113554 1 2 1 4} NT= GSS_C_NT_HOSTBASED_SERVICE
[ 4] = {1 3 6 1 5 6 2} NT=
(GSS_C_NT_HOSTBASED_SERVICE_X)
[ 5] = {1 3 6 1 5 6 4} NT= GSS_C_NT_EXPORTED_NAME
[ 6] = {1 2 840 113554 1 2 2 1} NT= GSS_KRB5_NT_PRINCIPAL_NAME
[ 7] = {1 2 840 113554 1 2 2 2} NT= Huh? This is not in
rfc1964!
}
====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
RESULT OK
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
RESULT OK
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT NOT ok (rc=1)
-------
actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
{
[ 0] = {1 3 5 1 5 2} MECH= Kerberos 5 (PRE-rfc1964)
[ 1] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
}
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
RESULT OK
My own name/identity (from default creds) resolves to
"rzuser1 at EXAMPLE.NET"
Nametype oid = {1 2 840 113554 1 2 2 1} NT=
GSS_KRB5_NT_PRINCIPAL_NAME
TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
Framing details for exported name (Section 3.2, GSS-API v2 spec):
TOK_ID : 00000: 04 01
MECH_OID_LEN = 11 : 00002: 00 0b
OID tag : 00004: 06
OID len = 9 : 00005: 09
OID elements : 00006: 2a 86 48 86 f7 12 01 02 02
= {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)
NAME_LEN = 15 : 0000f: 00 00 00 0f
NAME : 00013: 72 7a 75 73 65 72 31 40 rzuser1@
0001b: 52 4b 55 2e 4e 45 54 EXAMPLE.NET
RESULT NOT ok (rc=2)
-------
Since you didn't give me a target name, I'll try to talk to myself!
TEST: acquiring *default* initiating credentials (simple)
RESULT OK
TEST: acquiring *default* initiating credentials (query)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
RESULT OK
TEST: acquiring initiating credentials (printable name)
RESULT OK
TEST: acquiring initiating credentials (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
for identity "rzuser1 at EXAMPLE.NET"
Status: gss_acquire_cred Acc() == (GSS_S_FAILURE)
gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
"Miscellaneous failure"
gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
"No principal in keytab matches desired name"
RESULT NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status: gss_acquire_cred Acc() == (GSS_S_FAILURE)
gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
"Miscellaneous failure"
gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
"No principal in keytab matches desired name"
RESULT NOT ok (rc=4)
-------
TEST: acquiring *default* accepting credentials (simple)
---
Christoph
More information about the Kerberos
mailing list