Kerberos Ticket without principal?
Jeremy Allison
jra at samba.org
Fri Jul 22 11:59:03 MDT 2011
On Fri, Jul 22, 2011 at 07:20:54PM +0200, Christian M Ambach wrote:
> Hi list,
>
> I have seen a smbd built from v3-6-test crashing today in
> get_user_from_kerberos_info()
> because princ_name was null and it then tripped over that in the following
> line:
> strchr_m(princ_name, '@').
> Unfortunately, I couldn't save away a log or core file and I wasn't able
> to
> recreate it yet :(
>
> What do you think might have gone wrong here? Did the Windows box send an
> invalid
> Kerberos ticket or did we fail to parse it somewhere?
>
> My naive approach to prevent further coredumps would be to add a safeguard
> before the
> strchr_m line, something like:
>
> --- a/source3/auth/user_krb5.c
> +++ b/source3/auth/user_krb5.c
> @@ -49,6 +49,11 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX
> *mem_ctx,
>
> DEBUG(3, ("Kerberos ticket principal name is [%s]\n",
> princ_name));
>
> + if (!princ_name) {
> + DEBUG(3, ("Ticket as empty principal!\n"));
> + return NT_STATUS_LOGON_FAILURE;
> + }
> +
> p = strchr_m(princ_name, '@');
> if (!p) {
> DEBUG(3, ("[%s] Doesn't look like a valid principal\n",
>
> Would that be good enough without having more debug data?
> Other proposals?
Please open a blocker bug for this + attach the patch. Have to have all crash
bugs fixed before rc3 ships.
I'm going to investigate this and the "security=share" reported crash today.
Jeremy.
More information about the samba-technical
mailing list