excessive SHA1 calls
tridge at samba.org
tridge at samba.org
Thu Nov 24 07:33:53 GMT 2005
Andrew and Love,
I've found out why smbd under valgrind with krb5 enabled is so
slow. Each SMB authentication with kerberos calls SHA1 around 24500
times. That seems a little excessive :-)
This is also whats causing the 2 failures on fort in the build
farm. The connections are timing out waiting for the server to respond
to the negprot.
Here's a backtrace from one of these calls in case it gives you any
clues as to whats happening:
(gdb) bt
#0 SHA1_Init (m=0xbfdf3c98) at heimdal/lib/des/sha.c:53
#1 0x081ebcf5 in SHA1_checksum (context=0x8681158, key=0xbfdf3da4, data=0x86813c8,
len=84, usage=0, C=0xbfdf3d8c) at heimdal/lib/krb5/crypto.c:1629
#2 0x081ebec3 in hmac (context=0x8681158, cm=0x8669768, data=0x8681378, len=20,
usage=0, keyblock=0xbfdf3da4, result=0xbfdf3d8c)
at heimdal/lib/krb5/crypto.c:1678
#3 0x081ea555 in _krb5_PKCS5_PBKDF2 (context=0x8681158, cktype=CKSUMTYPE_SHA1,
password={length = 12, data = 0x867b5e0}, salt=
{salttype = KRB5_PW_SALT, saltvalue = {length = 46, data = 0x8681318}},
iter=4095, type=KEYTYPE_AES256, key=0xbfdf400c) at heimdal/lib/krb5/crypto.c:681
#4 0x081ea6d9 in AES_string_to_key (context=0x8681158,
enctype=ETYPE_AES256_CTS_HMAC_SHA1_96, password=
{length = 12, data = 0x867b5e0}, salt=
{salttype = KRB5_PW_SALT, saltvalue = {length = 46, data = 0x8681318}},
opaque={length = 0, data = 0x0}, key=0xbfdf400c)
at heimdal/lib/krb5/crypto.c:731
#5 0x081eb0c3 in krb5_string_to_key_data_salt_opaque (context=0x8681158,
enctype=ETYPE_AES256_CTS_HMAC_SHA1_96, password=
{length = 12, data = 0x867b5e0}, salt=
---Type <return> to continue, or q <return> to quit---
{salttype = KRB5_PW_SALT, saltvalue = {length = 46, data = 0x8681318}},
opaque={length = 0, data = 0x0}, key=0xbfdf400c)
at heimdal/lib/krb5/crypto.c:1233
#6 0x081eb01a in krb5_string_to_key_data_salt (context=0x8681158,
enctype=ETYPE_AES256_CTS_HMAC_SHA1_96, password=
{length = 12, data = 0x867b5e0}, salt=
{salttype = KRB5_PW_SALT, saltvalue = {length = 46, data = 0x8681318}},
key=0xbfdf400c) at heimdal/lib/krb5/crypto.c:1206
#7 0x081eb169 in krb5_string_to_key_salt (context=0x8681158,
enctype=ETYPE_AES256_CTS_HMAC_SHA1_96, password=0x867b5e0 "LpRPE1Vmj8-S", salt=
{salttype = KRB5_PW_SALT, saltvalue = {length = 46, data = 0x8681318}},
key=0xbfdf400c) at heimdal/lib/krb5/crypto.c:1256
#8 0x085065cd in create_kerberos_key_from_string (context=0x8681158,
host_princ=0x8686830, password=0xbfdf4048, key=0xbfdf400c,
enctype=ETYPE_AES256_CTS_HMAC_SHA1_96) at auth/kerberos/clikrb5.c:114
#9 0x085079d8 in create_memory_keytab (parent_ctx=0x86830f0,
machine_account=0x86830f0, smb_krb5_context=0x8689b48,
keytab_container=0xbfdf40bc) at auth/kerberos/kerberos_util.c:346
#10 0x08268029 in cli_credentials_get_keytab (cred=0x86830f0, _ktc=0x8682ef8)
---Type <return> to continue, or q <return> to quit---
at auth/credentials/credentials_krb5.c:377
#11 0x08520a5b in gensec_gssapi_server_start (gensec_security=0x868a6b8)
at auth/gensec/gensec_gssapi.c:189
#12 0x0843fc81 in gensec_start_mech (gensec_security=0x868a6b8)
at auth/gensec/gensec.c:447
#13 0x0843feb9 in gensec_start_mech_by_ops (gensec_security=0x868a6b8,
ops=0x865e260) at auth/gensec/gensec.c:522
#14 0x0851a0d8 in gensec_spnego_create_negTokenInit (gensec_security=0x8684788,
spnego_state=0x8681960, out_mem_ctx=0x867f840, in={data = 0x0, length = 0},
out=0xbfdf449c) at auth/gensec/spnego.c:430
#15 0x0851a80c in gensec_spnego_update (gensec_security=0x8684788,
out_mem_ctx=0x867f840, in={data = 0x0, length = 0}, out=0xbfdf449c)
at auth/gensec/spnego.c:611
#16 0x08440497 in gensec_update (gensec_security=0x8684788, out_mem_ctx=0x867f840,
in={data = 0x0, length = 0}, out=0xbfdf449c) at auth/gensec/gensec.c:725
#17 0x0824f6a4 in reply_nt1 (req=0x867f840, choice=9)
at smb_server/smb/negprot.c:377
#18 0x0824fa07 in reply_negprot (req=0x867f840) at smb_server/smb/negprot.c:465
More information about the samba-technical
mailing list