Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen cwei at gmx.net
Wed Sep 21 12:48:30 EDT 2005


Tom Yu wrote:
> Christoph> $ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt
> Christoph> Sending verbose output to file "out.txt"
> Christoph> Segmentation fault (core dumped)
> 
> Could you please send us a backtrace?  (Use the "bt" command in gdb.)
> There are quite a few ways that krb5_copy_principal() can get called.
 >
Here is the backtrace:

# gdb ./gsstest core
[...]
#0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
     outprinc=0xffffdf8c) at copy_princ.c:61
61              unsigned int len = krb5_princ_component(context, 
inprinc, i)->length;
(gdb) bt
#0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
     outprinc=0xffffdf8c) at copy_princ.c:61
#1  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#2  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#3  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#4  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#5  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#6  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#7  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#8  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#9  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#10 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#11 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#12 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
Previous frame inner to this frame (corrupt stack?)

The output of gsstest don't look good either (RESULT not ok). I'm 
worried about "No principal in keytab matches desired name". Maybe I 
miss something?
I configured /etc/krb5.conf. kinit rzuser1, klist works. 
/etc/krb5.keytab holds one entry for rzuser1.

**************************************************************************
   *** 
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program 
   ***
   *** 
   ***
   ***  Version 1.26    03-Sep-2002 
   ***
   *** 
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf 
   ***
   *** 
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and 
   ***
   ***      robustness of GSS-API v2 mechanism implemenations 
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED 
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES 
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP 
AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS 
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG 
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, 
SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF 
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT 
  ***
   *** EXCEED US$ 500.000.- 
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in   1000.000 millisec.

=====================================================================
   Current Date&Time :  Wed, 21-Sep-2005   18:35:06   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.60)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   mech_list from gss_indicate_mechs() #1 contains 2 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     [ 1] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
   }
SNC will recognize this mechanism OID and force this selection ---
   Selecting mechanism (1) from GSS shared library #1:
       {1 3 5 1 5 2}                       MECH= Kerberos 5 (PRE-rfc1964)

====================

Checking supported nametypes via gss_inquire_names_for_mech()
   name_types contains 8 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 1 1}         NT= GSS_C_NT_USER_NAME
     [ 1] = {1 2 840 113554 1 2 1 2}         NT= GSS_C_NT_MACHINE_UID_NAME
     [ 2] = {1 2 840 113554 1 2 1 3}         NT= GSS_C_NT_STRING_UID_NAME
     [ 3] = {1 2 840 113554 1 2 1 4}         NT= GSS_C_NT_HOSTBASED_SERVICE
     [ 4] = {1 3 6 1 5 6 2}                  NT= 
(GSS_C_NT_HOSTBASED_SERVICE_X)
     [ 5] = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
     [ 6] = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
     [ 7] = {1 2 840 113554 1 2 2 2}         NT= Huh? This is not in 
rfc1964!
   }

====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
RESULT  OK
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
RESULT  OK
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
   actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
   {
     [ 0] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
     [ 1] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
   }
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
RESULT  OK
   My own name/identity (from default creds) resolves to
     "rzuser1 at EXAMPLE.NET"
   Nametype oid = {1 2 840 113554 1 2 2 1}         NT= 
GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
   Framing details for exported name (Section 3.2, GSS-API v2 spec):
     TOK_ID            :   00000: 04 01
     MECH_OID_LEN = 11 :   00002: 00 0b
         OID tag       :   00004: 06
         OID len =   9 :   00005: 09
         OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
           = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     NAME_LEN   =   15 :   0000f: 00 00 00 0f
     NAME              :   00013: 72 7a 75 73 65 72 31 40   rzuser1@
                           0001b: 52 4b 55 2e 4e 45 54      EXAMPLE.NET
RESULT  NOT ok (rc=2)
-------

   Since you didn't give me a target name, I'll try to talk to myself!

TEST: acquiring *default* initiating credentials (simple)
RESULT  OK
TEST: acquiring *default* initiating credentials (query)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT  NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
RESULT  OK
TEST: acquiring initiating credentials (printable name)
RESULT  OK
TEST: acquiring initiating credentials (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT  NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
   for identity "rzuser1 at EXAMPLE.NET"
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
            "No principal in keytab matches desired name"
RESULT  NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
            "No principal in keytab matches desired name"
RESULT  NOT ok (rc=4)
-------
TEST: acquiring *default* accepting credentials (simple)

---
Christoph


More information about the Kerberos mailing list