C++ program crash when using gss_acquire_cred

lizhong lizhong at ncic.ac.cn
Sat Sep 16 04:03:27 EDT 2006 

Hi all,
    I am trying to use gssapi to encrypt a C++ program's data on the network.But when I used gss_acquire_cred to get the ticket info, the program crashed.
    I wrote a little example to find the reason. This example is test.cxx at the last of this email. You can simply create your test.cxx and copy the content into it.Then compile and run it with the following commands.
    I found that if I use this cmd "c++ test.cxx -o test  -lgssapi_krb5" to compile the program, and then run "./test test", I would get the following msg:
[root at gdnode013 test]# c++ test.cxx -o test  -lgssapi_krb5
[root at gdnode013 test]# ./test aaa
here is the service name:  aaa
Service name : aaa/gdnode013 at test.com 
¶Î´íÎó   // <-----This refers to a segment error. Sorry for my linux supports chinese,and this error msg is in chinese.

    But if I add the -O flag to optimize the compiling, I will get the right result. For some reason the -O flag makes it work correctly. The function gss_acquire_cred will return -1 for there is no such a ticket as aaa/gdnode013 at test.com.
[root at gdnode013 test]# c++ test.cxx -o test  -lgssapi_krb5 -O
[root at gdnode013 test]# ./test aaa
here is the service name:  aaa
Service name : aaa/gdnode013 at test.com 
222
-1
    I have read and tested the gss-server.c/gss-client.c for many times, and I know well how dose it work. The sample of gssapi :gss-server/gss-client are written in C language,not C++. And the makefile of them can both work well with or without the flag -O.
    But my program is in C++ form.Is there other way to avoid the crash? Because the program I need to modify for security is TOO LARGE, I can hardly find every place which need the flag -O. I have been struggling this problem for over two days. 
    Could anyone help me? 

//test.cxx
#include <stdio.h>
#include <string.h>
#include <gssapi/gssapi_generic.h>

int server_acquire_creds(char *service_name, gss_cred_id_t *server_creds)
{
    gss_buffer_desc name_buf;
    gss_name_t server_name;
    OM_uint32 maj_stat, min_stat;
    gss_OID oid;
    printf("here is the service name:  %s\n",service_name);
    name_buf.value = service_name;
    name_buf.length = strlen(service_name) + 1;
        maj_stat = gss_import_name(&min_stat, &name_buf,
                               (gss_OID) gss_nt_service_name, &server_name);
    if (maj_stat != GSS_S_COMPLETE) {
        return -1;
    }
    gss_buffer_desc out_name;

    gss_display_name ( &min_stat,server_name,&out_name,&oid);
    printf("Service name : %s \n",out_name.value);

    maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
                                GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
                                server_creds, NULL, NULL);
    printf("222\n");
    if (maj_stat != GSS_S_COMPLETE) {
        return -1;
    }

    (void) gss_release_name(&min_stat, &server_name);

    return 0;
}

int main( int argc, char **argv )
{
        gss_cred_id_t *creds;
        int result = server_acquire_creds(*(argv+1),creds);
        printf("%d\n",result);
        return 0;
}

More information about the Kerberos mailing list