[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3910) smbk5pwd and heimdal 0.7 is coredumping
Full_Name: Perry Nguyen
Version: 2.2.23 and 2.3.4
OS: Linux FedoraCore4
URL:
Submission from: (NULL) (66.245.252.239)
Copying from what I posted to the heimdal-discuss list, this is the problem as
follows:
I've recently installed Heimdal 0.7 fresh along with smbk5pwd, but I cannot
get smbk5pwd to load (sigsegv in slapd). I am able to successfully init the
realm and a test key into LDAP using kadmin -l. I've also run
/usr/heimdal/bin/kstash to get a key stored into /var/heimdal/m-key, and the
permissions are usable such that the user running slapd can read it.
Here are some details:
Slapd installed from fedoracore4 (also tried openldap 2.3.4)
I can run the kdc and kinit successfully.
Is there a compatibility problem with the newer versions of Heimdal? When
did the rename of master_key_set to hdb_master_key_set occur? Does anything
else need to be changed for smbk5pwd to work with the latest versions of
Heimdal krb5?
When compiling smbk5pwd.c, there was an error which I fixed with the
following diff:
--- smbk5pwd.c~ 2005-06-08 14:50:16.000000000 -0700
+++ smbk5pwd.c 2005-07-30 23:53:19.000000000 -0700
@@ -264,7 +264,7 @@
ent.keys.val = &ekey;
decode_Key((unsigned char *) a->a_vals[0].bv_val,
(size_t) a->a_vals[0].bv_len, &ent.keys.val[0], &l);
- if ( db->master_key_set )
+ if ( db->hdb_master_key_set )
hdb_unseal_keys( context, db, &ent );
krb5_string_to_key_salt( context, ekey.key.keytype,
cred->bv_val,
Backtrace output from gdb:
line 19 (pidfile /var/run/slapd.pid)
line 20 (argsfile /var/run/slapd.args)
line 23 (modulepath /etc/openldap/modules-2.3)
line 25 (moduleload smbk5pwd.la)
loaded module smbk5pwd.la
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208486208 (LWP 10954)]
0x0077eaa2 in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt
#0 0x0077eaa2 in pthread_mutex_lock () from /lib/libpthread.so.0
#1 0x002285d6 in krb5_clear_error_string (context=0x8c50d48)
at error_string.c:53
#2 0x00228632 in krb5_vset_error_string (context=0x8c50d48,
fmt=0x2444ec "encryption type %d not supported",
args=0xbfd871c8 " z B\223v\"") at error_string.c:78
#3 0x002286cd in krb5_set_error_string (context=0x8c50d48,
fmt=0x2444ec "encryption type %d not supported") at error_string.c:69
#4 0x00227721 in krb5_crypto_init (context=0x8c50d48, key=0x8c51350,
etype=1122794212, crypto=0x8c51360) at crypto.c:3996
#5 0x00290732 in hdb_read_master_key (context=0x8c50d48,
filename=0x8c50370 "/var/heimdal/m-key", mkey=0xbfd873c8) at mkey.c:133
#6 0x00290c84 in hdb_set_master_keyfile (context=0x8c50d48, db=0x8c510b8,
keyfile=0x8c50370 "/var/heimdal/m-key") at mkey.c:544
#7 0x0095f841 in kadm5_s_init_with_context (context=Variable "context" is
not available.
) at init_s.c:63
#8 0x004f3df5 in smbk5pwd_init () at smbk5pwd.c:526
#9 0x004f3f02 in init_module (argc=0, argv=0x0) at smbk5pwd.c:561
#10 0x080a2319 in module_load (file_name=0x8c340b0 "smbk5pwd.la", argc=0,
argv=0x0) at module.c:170
#11 0x0805bd93 in config_generic (c=0x8c304f8) at bconfig.c:1175
#12 0x08062cc0 in config_set_vals (Conf=0x8172738, c=0x8c304f8) at
config.c:250
Some strace output of the slapd process:
open("/var/heimdal/m-key", O_RDONLY|O_LARGEFILE) = 8
fstat64(8, {st_mode=S_IFREG|0644, st_size=130, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7
fca000
read(8, "\5\2\0\0\0<\0\2\0\tGOFTI.COM\0\1K\0\1M\0\0\0\1B\354z"..., 4096) =
130
fstat64(8, {st_mode=S_IFREG|0644, st_size=130, ...}) = 0
_llseek(8, 0, [0], SEEK_SET) = 0
read(8, "\5\2\0\0\0<\0\2\0\tGOFTI.COM\0\1K\0\1M\0\0\0\1B\354z"..., 4096) =
130
close(8) = 0
munmap(0xb7fca000, 4096) = 0
open("/var/heimdal/m-key", O_RDONLY|O_LARGEFILE) = 8
fcntl64(8, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0},
0xbfdd31
34) = 0
read(8, "\5\2\0\0\0<\0\2\0\tGOFTI.COM\0\1K\0\1M\0\0\0\1B\354z"..., 8192) =
130
_llseek(8, 0, [130], SEEK_CUR) = 0
_llseek(8, 130, [130], SEEK_SET) = 0
_llseek(8, 130, [130], SEEK_SET) = 0
_llseek(8, 130, [130], SEEK_SET) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Some additional investigations indicates that context is not properly getting
initialized during the call to krb5_init_context in smbk5pwd_init (for example,
context->mutex is not getting set):
Breakpoint 4, smbk5pwd_init () at smbk5pwd.c:521
521 ret = krb5_init_context(&context);
(gdb) n
522 if (ret) {
(gdb) print ((krb5_context) context)->mutex
$2 = (void *) 0x0
Some similar code that is in add-random-users.c of the heimdal distribution also
calls krb5_init_context and kadm5_s_init_with_password_ctx, in this instance
context->mutex is getting initialized. The code on both sides appears to be
"identical"
Breakpoint 2, main (argc=0, argv=Variable "argv" is not available.
) at add-random-users.c:118
118 ret = krb5_init_context(&context);
(gdb) n
119 if (ret)
(gdb)
121 ret = kadm5_s_init_with_password_ctx(context,
(gdb) s
kadm5_s_init_with_password_ctx (context=0x8f8a008,
client_name=0x80490af "kadmin/admin", password=0x0,
service_name=0x80490af "kadmin/admin", realm_params=0x1, struct_version=1,
api_version=1, server_handle=0x1) at init_s.c:94
94 return kadm5_s_init_with_context(context,
(gdb) print context->mutex
$2 = (void *) 0x8f8a190
Are there any sort of compile flags to smbk5pwd that prevents krb5_init_context
from working properly?