[krbdev.mit.edu #6880] Keytab file grows to 1Gb in size
The RT System itself via RT
rt-comment at krbdev.mit.edu
Wed Mar 9 14:56:34 EST 2011
>From krb5-bugs-incoming-bounces at PCH.mit.edu Wed Mar 9 14:56:33 2011
Return-Path: <krb5-bugs-incoming-bounces at PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id 854D03DC65;
Wed, 9 Mar 2011 14:56:33 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p29JuXtS028870;
Wed, 9 Mar 2011 14:56:33 -0500
Received: from mailhub-dmz-1.mit.edu (MAILHUB-DMZ-1.MIT.EDU [18.9.21.41])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p29JkrTe027394
for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 9 Mar 2011 14:46:54 -0500
Received: from dmz-mailsec-scanner-4.mit.edu (DMZ-MAILSEC-SCANNER-4.MIT.EDU
[18.9.25.15])
by mailhub-dmz-1.mit.edu (8.13.8/8.9.2) with ESMTP id p29Jjjg5021262
for <krb5-bugs at mit.edu>; Wed, 9 Mar 2011 14:46:53 -0500
X-AuditID: 1209190f-b7c1dae000000a2b-87-4d77d92c7831
Received: from sjciron01.datadomain.com ( [208.84.140.10])
by dmz-mailsec-scanner-4.mit.edu (Symantec Brightmail Gateway) with
SMTP id 51.2A.02603.C29D77D4; Wed, 9 Mar 2011 14:46:53 -0500 (EST)
X-IronPort-AV: E=Sophos;i="4.62,291,1297065600"; d="scan'208,217";a="32977342"
Received: from unknown (HELO SJCEXFE01.DataDomain.com) ([172.16.13.1])
by sjciron01.datadomain.com with ESMTP/TLS/RC4-MD5;
09 Mar 2011 11:46:52 -0800
Received: from SJCEXBE02.DataDomain.com ([10.24.17.52]) by
SJCEXFE01.DataDomain.com ([10.24.17.61]) with mapi;
Wed, 9 Mar 2011 11:46:51 -0800
From: Jim Uren <Jim.Uren at emc.com>
To: "krb5-bugs at mit.edu" <krb5-bugs at mit.edu>
Date: Wed, 9 Mar 2011 11:46:51 -0800
Subject: bug report: 1Gb krb5.keytab file generated
Thread-Topic: bug report: 1Gb krb5.keytab file generated
Thread-Index: AcvekrvzvEWDLjnRQcmUbBSCsEA0sg==
Message-ID: <C38669469756764EA77F5B406CE9AC7E326B812F at sjcexbe02.DataDomain.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_C38669469756764EA77F5B406CE9AC7E326B812Fsjcexbe02DataDo_"
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
X-Mailman-Approved-At: Wed, 09 Mar 2011 14:56:32 -0500
Cc: Jim Uren <jim.uren at emc.com>
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
--_000_C38669469756764EA77F5B406CE9AC7E326B812Fsjcexbe02DataDo_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
SEND-PR: -*- send-pr -*-
SEND-PR: Lines starting with `SEND-PR' will be removed automatically, as
SEND-PR: will all comments (text enclosed in `<' and `>').
SEND-PR:
SEND-PR: Please consult the send-pr man page `send-pr(1)' or the Texinfo
SEND-PR: manual if you are not sure how to fill out a problem report.
SEND-PR:
SEND-PR: Choose from the following categories:
SEND-PR:
SEND-PR: krb5-admin krb5-appl krb5-build krb5-clients
SEND-PR: krb5-doc krb5-kdc krb5-libs krb5-misc
SEND-PR: pty telnet test
SEND-PR:
To: krb5-bugs at mit.edu
Subject: /etc/krb5.keytab is 1Gb in size
From: sysadmin
Reply-To: sysadmin
Cc:
X-send-pr-version: 3.99
>Submitter-Id: net
>Originator: Jim.Uren at EMC.com<mailto:Jim.Uren at EMC.com>
>Organization: EMC Corporation
>Confidential: no
>Synopsis: Keytab file grows to 1Gb in size
>Severity: serious
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.4.1
>Environment:
<machine, os, target, libraries (multiple lines)>
System: Linux ccm2.chaos.local 2.6.23-ddr233377 #1 SMP Tue Mar 1 11:05:31 P=
ST 2011 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64
>Description:
Our product uses a CIFS server provided by Likewise.com, which in t=
urns ships its code with Kerberos.
We have seen a problem in which a huge /etc/krb5.keytab file is gen=
erated. This seems to be due to non-robust error handling.
The problem occurs when the current keytab file is truncated, and t=
he code generates a new keytab file.
>How-To-Repeat:
We are able to repro the problem by simulating a truncated keytab f=
ile.
vi /etc/krb5.keytab, use "$" to go to end of file. Use "x" to delet=
e 40 or 50 characters from the end of the keytab file.
Generate an updated keytab file, the new file becomes huge.
Here is ls output showing typical results. This keytab file, when co=
rrectly generated, should be about 2K in size.
# ls -l krb5.keytab*
-rw------- 1 root root 1140853107 Mar 7 17:58 krb5.keytab
-rw------- 1 root root 1128810938 Mar 7 17:17 krb5.keytab.old
-rw------- 1 root root 33082685 Mar 7 17:45 krb5.keytab.old2
-rw------- 1 root root 1128810930 Mar 7 17:49 krb5.keytab.old3
I got a backtrace of the process which was writing the keytab file,=
here is the Kerberos library part
Thread 1 (Thread 47272663262976 (LWP 19067)):
#0 0x00002afe85edad8b in __write_nocancel ()
from /auto/home/lsbuild/desktop-187870/lib64/libc.so.6
#1 0x00002afe85e94aed in _IO_new_file_write ()
from /auto/home/lsbuild/desktop-187870/lib64/libc.so.6
#2 0x00002afe85e93bb5 in new_do_write ()
from /auto/home/lsbuild/desktop-187870/lib64/libc.so.6
#3 0x00002afe85e94c6f in _IO_new_file_xsputn ()
from /auto/home/lsbuild/desktop-187870/lib64/libc.so.6
#4 0x00002afe85e8aaf5 in fwrite ()
from /auto/home/lsbuild/desktop-187870/lib64/libc.so.6
#5 0x00002afe8589bcff in krb5_ktfileint_find_slot (
context=3D<value optimized out>, id=3D0x59b7f0, size_needed=3D0x7fff282=
1cefc,
commit_point=3D0x7fff2821cef8) at kt_file.c:1692
#6 0x00002afe8589bf1a in krb5_ktfileint_write_entry (context=3D0x599270,
id=3D0x59b7f0, entry=3D0x7fff2821d010) at kt_file.c:1434
#7 0x00002afe8589c46f in krb5_ktfile_add (context=3D0x599270, id=3D0x59b7f=
0,
entry=3D0x7fff2821d010) at kt_file.c:841
#8 0x00002afe86a1d88b in KtKrb5AddKey (
pszPrincipal=3D0x59a870 "cifs/CCM2.chaos.local at CHAOS.LOCAL", pKey=3D0x5=
9b870,
dwKeyLen=3D16, pszSalt=3D0x59b8f0 "host/ccm2.chaos.local at CHAOS.LOCAL",
pszKtPath=3D0x0, pszDcName=3D0x59b9e0 "qadc0.chaos.local", dwKeyVer=3D9=
60)
at ddr/cifs/libkeytab/ktkrb5/keytab.c:332
#9 0x00002afe86a1e16b in KtKrb5AddKeyW (pwszPrincipal=3D0x59a340,
pKey=3D0x550110, dwKeyLen=3D16, pwszKtPath=3D0x0, pwszSalt=3D0x59a820,
pwszDcName=3D0x5181b0, dwKeyVersion=3D960)
at ddr/cifs/libkeytab/ktkrb5/keytab_w16.c:87
>Fix:
workaround: Delete the huge keytab and re-generate from scratch.
--_000_C38669469756764EA77F5B406CE9AC7E326B812Fsjcexbe02DataDo_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>SEND-PR: -*- sen=
d-pr -*-<o:p></o:p></p><p class=3DMsoNormal>SEND-PR: Lines starting with `S=
END-PR' will be removed automatically, as<o:p></o:p></p><p class=3DMsoNorma=
l>SEND-PR: will all comments (text enclosed in `<' and `>').<o:p></o:=
p></p><p class=3DMsoNormal>SEND-PR:<o:p></o:p></p><p class=3DMsoNormal>SEND=
-PR: Please consult the send-pr man page `send-pr(1)' or the Texinfo<o:p></=
o:p></p><p class=3DMsoNormal>SEND-PR: manual if you are not sure how to fil=
l out a problem report.<o:p></o:p></p><p class=3DMsoNormal>SEND-PR:<o:p></o=
:p></p><p class=3DMsoNormal>SEND-PR: Choose from the following categories:<=
o:p></o:p></p><p class=3DMsoNormal>SEND-PR:<o:p></o:p></p><p class=3DMsoNor=
mal>SEND-PR: krb5-admin krb5-appl krb5-build&=
nbsp; krb5-clients<o:p></o:p></p><p class=3DMsoNormal>SEND-PR: krb5-d=
oc krb5-kdc krb5-libs =
krb5-misc<o:p></o:p></p><p class=3DMsoNormal>SEND-PR: pty =
; telnet &=
nbsp; test<o:p></o:p></p><p class=3DMsoNormal>SEND-PR:<o:p></o:=
p></p><p class=3DMsoNormal>To: krb5-bugs at mit.edu<o:p></o:p></p><p class=3DM=
soNormal>Subject: /etc/krb5.keytab is 1Gb in size<o:p></o:p></p><p class=3D=
MsoNormal>From: sysadmin<o:p></o:p></p><p class=3DMsoNormal>Reply-To: sysad=
min<o:p></o:p></p><p class=3DMsoNormal>Cc:<o:p></o:p></p><p class=3DMsoNorm=
al>X-send-pr-version: 3.99<o:p></o:p></p><p class=3DMsoNormal><o:p> </=
o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>>=
Submitter-Id: net<o:p></o:p></p><p class=3DMsoNormal>>Originator:&=
nbsp; <a href=3D"mailto:Jim.Uren at EMC.com">Jim.Uren at EMC.com</a> &=
nbsp; <o:p></o:p></p><p cla=
ss=3DMsoNormal>>Organization: EMC Corporation<o:p></o:p></p><p cla=
ss=3DMsoNormal>>Confidential: no<o:p></o:p></p><p class=3DMsoNorma=
l>>Synopsis: Keytab file grows to 1Gb in s=
ize<o:p></o:p></p><p class=3DMsoNormal>>Severity:  =
; serious<o:p></o:p></p><p class=3DMsoNormal>>Priority:  =
; medium<o:p></o:p></p><p class=3DMsoNormal>>Category:=
krb5-libs<o:p></o:p></p><p class=3DMsoNormal=
>>Class: sw-bug<o:p></o:=
p></p><p class=3DMsoNormal>>Release: =
1.4.1<o:p></o:p></p><p class=3DMsoNormal>>Environment:<o:p></o:p></p><p=
class=3DMsoNormal> <machine, =
os, target, libraries (multiple lines)><o:p></o:p></p><p class=3DMsoNorm=
al>System: Linux ccm2.chaos.local 2.6.23-ddr233377 #1 SMP Tue Mar 1 11:05:3=
1 PST 2011 x86_64 x86_64 x86_64 GNU/Linux<o:p></o:p></p><p class=3DMsoNorma=
l>Architecture: x86_64<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p>=
</p><p class=3DMsoNormal>>Description:<o:p></o:p></p><p class=3DMsoNorma=
l> Our product uses a CIFS server=
provided by Likewise.com, which in turns ships its code with Kerberos.<o:p=
></o:p></p><p class=3DMsoNormal> =
We have seen a problem in which a huge /etc/krb5.keytab file is generated. =
This seems to be due to non-robust error handling.<o:p></o:p></p><p class=
=3DMsoNormal> The problem occurs =
when the current keytab file is truncated, and the code generates a new key=
tab file.<o:p></o:p></p><p class=3DMsoNormal>>How-To-Repeat:<o:p></o:p><=
/p><p class=3DMsoNormal> We are a=
ble to repro the problem by simulating a truncated keytab file.<o:p></o:p><=
/p><p class=3DMsoNormal> vi /etc/=
krb5.keytab, use “$” to go to end of file. Use “x” =
to delete 40 or 50 characters from the end of the keytab file.<o:p></o:p></=
p><p class=3DMsoNormal> Generate an upd=
ated keytab file, the new file becomes huge.<o:p></o:p></p><p class=3DMsoNo=
rmal> Here is ls output showing typical=
results. This keytab file, when correctly generated, should be about 2K in=
size.<o:p></o:p></p><p class=3DMsoNormal><span style=3D'font-size:10.0pt;f=
ont-family:"Courier New"'># ls -l krb5.keytab*<o:p></o:p></span></p><p clas=
s=3DMsoNormal><span style=3D'font-size:10.0pt;font-family:"Courier New"'>-r=
w------- 1 root root 1140853107 Mar 7 17:58 krb5.keytab<o:p></o=
:p></span></p><p class=3DMsoNormal><span style=3D'font-size:10.0pt;font-fam=
ily:"Courier New"'>-rw------- 1 root root 1128810938 Mar 7 17:1=
7 krb5.keytab.old<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'=
font-size:10.0pt;font-family:"Courier New"'>-rw------- 1 root root&nb=
sp; 33082685 Mar 7 17:45 krb5.keytab.old2<o:p></o:p></span></p>=
<p class=3DMsoNormal><span style=3D'font-size:10.0pt;font-family:"Courier N=
ew"'>-rw------- 1 root root 1128810930 Mar 7 17:49 krb5.keytab.=
old3<o:p></o:p></span></p><p class=3DMsoNormal><o:p> </o:p></p><p clas=
s=3DMsoNormal> I got a backtrace =
of the process which was writing the keytab file, here is the Kerberos libr=
ary part<o:p></o:p></p><pre>Thread 1 (Thread 47272663262976 (LWP 19067)):<o=
:p></o:p></pre><pre>#0 0x00002afe85edad8b in __write_nocancel ()<o:p>=
</o:p></pre><pre> from /auto/home/lsbuild/desktop-187870/lib64/=
libc.so.6<o:p></o:p></pre><pre>#1 0x00002afe85e94aed in _IO_new_file_=
write ()<o:p></o:p></pre><pre> from /auto/home/lsbuild/desktop-=
187870/lib64/libc.so.6<o:p></o:p></pre><pre>#2 0x00002afe85e93bb5 in =
new_do_write ()<o:p></o:p></pre><pre> from /auto/home/lsbuild/d=
esktop-187870/lib64/libc.so.6<o:p></o:p></pre><pre>#3 0x00002afe85e94=
c6f in _IO_new_file_xsputn ()<o:p></o:p></pre><pre> from /auto/=
home/lsbuild/desktop-187870/lib64/libc.so.6<o:p></o:p></pre><pre>#4 0=
x00002afe85e8aaf5 in fwrite ()<o:p></o:p></pre><pre> from /auto=
/home/lsbuild/desktop-187870/lib64/libc.so.6<o:p></o:p></pre><pre>#5 =
0x00002afe8589bcff in krb5_ktfileint_find_slot (<o:p></o:p></pre><pre> =
; context=3D<value optimized out>, id=3D0x59b7f0, size_ne=
eded=3D0x7fff2821cefc,<o:p></o:p></pre><pre> commit_point=
=3D0x7fff2821cef8) at kt_file.c:1692<o:p></o:p></pre><pre>#6 0x00002a=
fe8589bf1a in krb5_ktfileint_write_entry (context=3D0x599270,<o:p></o:p></p=
re><pre> id=3D0x59b7f0, entry=3D0x7fff2821d010) at kt_fil=
e.c:1434<o:p></o:p></pre><pre>#7 0x00002afe8589c46f in krb5_ktfile_ad=
d (context=3D0x599270, id=3D0x59b7f0,<o:p></o:p></pre><pre> &nbs=
p; entry=3D0x7fff2821d010) at kt_file.c:841<o:p></o:p></pre><pre>#8 0=
x00002afe86a1d88b in KtKrb5AddKey (<o:p></o:p></pre><pre> =
pszPrincipal=3D0x59a870 "cifs/CCM2.chaos.local at CHAOS.LOCAL", pKe=
y=3D0x59b870,<o:p></o:p></pre><pre> dwKeyLen=3D16, pszSal=
t=3D0x59b8f0 "host/ccm2.chaos.local at CHAOS.LOCAL",<o:p></o:p></pre=
><pre> pszKtPath=3D0x0, pszDcName=3D0x59b9e0 "qadc0.=
chaos.local", dwKeyVer=3D960)<o:p></o:p></pre><pre> =
at ddr/cifs/libkeytab/ktkrb5/keytab.c:332<o:p></o:p></pre><pre>#9 0x0=
0002afe86a1e16b in KtKrb5AddKeyW (pwszPrincipal=3D0x59a340,<o:p></o:p></pre=
><pre> pKey=3D0x550110, dwKeyLen=3D16, pwszKtPath=3D0x0, =
pwszSalt=3D0x59a820,<o:p></o:p></pre><pre> pwszDcName=3D0=
x5181b0, dwKeyVersion=3D960)<o:p></o:p></pre><pre> at ddr=
/cifs/libkeytab/ktkrb5/keytab_w16.c:87<o:p></o:p></pre><p class=3DMsoNormal=
><o:p> </o:p></p><p class=3DMsoNormal>>Fix:<o:p></o:p></p><p class=
=3DMsoNormal> workaround: Delete =
the huge keytab and re-generate from scratch.<o:p></o:p></p></div></body></=
html>=
--_000_C38669469756764EA77F5B406CE9AC7E326B812Fsjcexbe02DataDo_--
More information about the krb5-bugs
mailing list