client-tools crash with heimdal and expired accounts

Guenther Deschner gd at sernet.de
Sat Nov 13 00:44:20 GMT 2004


Hi Love,

thanks for your quick response again.

On Fri, Nov 12, 2004 at 02:28:38AM +0100, Love wrote:
> Why does heimdal fall over ? I create test program and it doesn't seem to
> happen (attached).

Yes. That's true for heimdal-0.6.3, It's the way
krb5_get_init_creds_password() is called from within
source/libads/kerberos.c in samba3: We pass NULL instead of
krb5_get_init_creds_opt. But if we would pass 

	krb5_get_init_creds_opt opt;
	krb5_get_init_creds_opt_init(&opt);

we would get a perfect password-change with an empty password with our
prompter :)

The current behaviour (triggered by "net ads status -U
expired_account%expired_pass) with heimdal-0.6.3:

-----8<------------------snip--------------8<--------------
Program received signal SIGSEGV, Segmentation fault.
krb5_get_init_creds_password (context=0x8295048, creds=0xbfffea10,
client=0x82949f8, password=0x8292a50 "suse", prompter=0x813e8e0
<kerb_prompter>, data=0x0,
    start_time=0, in_tkt_service=0x0, options=0x0) at init_creds_pw.c:296
296         if (old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)
----->8------------------snap-------------->8--------------


BTW: I noticed your test program segfaults with 0.6-snapshots as of
yesterday after a couple of loops in krb5_get_in_cred:

-----8<------------------snip--------------8<--------------
Program received signal SIGSEGV, Segmentation fault.
free_ETYPE_INFO_ENTRY (data=0x75b96ff2) at asn1_ETYPE_INFO_ENTRY.c:174
174     if((data)->salt) {
(gdb) bt full
#0  free_ETYPE_INFO_ENTRY (data=0x75b96ff2) at asn1_ETYPE_INFO_ENTRY.c:174
No locals.
#1  0x08067509 in free_ETYPE_INFO (data=0x8087a04) at asn1_ETYPE_INFO.c:79
No locals.
#2  0x0805ef9f in krb5_get_in_cred (context=0x8086008, options=0,
addrs=0x0, etypes=0x0, ptypes=0x8084950, preauth=0x8085460,
    key_proc=0x805f410 <krb5_password_key_proc>, keyseed=0xbffff3fb,
decrypt_proc=0, decryptarg=0x0, creds=0xbffff010, ret_as_reply=0xbfffef40)
at get_in_tkt.c:683
        error = {pvno = 5, msg_type = krb_error, ctime = 0x0, cusec = 0x0,
stime = 1100306031, susec = 71915, error_code = -1765328332, crealm = 0x0,
cname = 0x0,
  realm = 0x0, sname = {name_type = KRB5_NT_PRINCIPAL, name_string = {len
= 0, val = 0x0}}, e_text = 0x0, e_data = 0x0}
        ret2 = Variable "ret2" is not available.
----->8------------------snap-------------->8--------------

To get back to my initial proposal: shouldn't we delete the kerb_prompter
completly from samba, as it is just there apparently to workaround an old
and buggy MIT-release? We rely on working kerberos-libraries on several
other occasions (for example a fixed heimdal-release to avoid memleaks
within samba in conjunction with in-memory credential-caches). Or should
we start having configure.in-checks for library-segfaults now ? ;-)

> I talked to Tom Yu at IETF about the api, and it seems it was created
> sometimes in 1997 by cygnus folk in cooperation with mit (any maybe assar,
> can't remember). The discuession should be in archives somewhere,
> maybe. Only only text I've been able to find in in heimdal sourcetree
> $heimdalsrc/doc/init-creds. I'll fold that into the man documentation in
> Heimdal.

thanks! I really appreciate more docs in heimdal.

Guenther

-- 
Guenther Deschner,  SerNet Service Network GmbH
Phone: +49-(0)551-370000-0,  Fax: +49-(0)551-370000-9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20041113/b57395c3/attachment.bin


More information about the samba-technical mailing list