Kerberos Ticket without principal?
Christian M Ambach
christian.ambach at de.ibm.com
Fri Jul 22 13:23:27 MDT 2011
Jeremy Allison <jra at samba.org> wrote on 07/22/2011 08:13:07 PM:
> Ok, I've checked into this carefully - and get_user_from_kerberos_info()
> is called from the smb and smb2 sessionsetup calls - after
ads_verify_ticket()
> has been called. princ_name can't be NULL if that call succeeds.
>
> The third place this is called is inside gssapi_server_get_user_info(),
> where I recently added a call to gse_get_client_name() that was missing
> recently which should ensure the princ_name is initialized if it returns
> NT_STATUS_OK. The git ref is ba6f88a6 for that addition.
>
> Does your v3-6-test tree have
>
e5f4b6e7aa1d102db023a491991684118875ee38..ba6f88a6720358bea75b162f193182b724b9411c
> in it ? This should ensure princ_name is initialized. When did you last
> git pull v3-6-test ?
Indeed, that tree was missing the patches for Bug #8304 and I finally
found the backtrace
again in /var/log/messages :)
smbd[2501236]: #4 bin/smbd(strchr_m+0x42) [0x7fe57d853ad2]
smbd[2501236]: #5 bin/smbd(get_user_from_kerberos_info+0x6b)
[0x7fe57d8b900b]
smbd[2501236]: #6 bin/smbd(gssapi_server_get_user_info+0x150)
[0x7fe57d75ff50]
smbd[2501236]: #7 bin/smbd(+0x33038c) [0x7fe57d75438c]
smbd[2501236]: #8 bin/smbd(+0x330922) [0x7fe57d754922]
smbd[2501236]: #9 bin/smbd(process_complete_pdu+0x10c8)
[0x7fe57d757ed8]
So your comment in 8304 that it is not just a compile warning was correct,
here is
the proof.
So I'll consider that one as already fixed and get my tree updated ASAP.
The one with the security=server crash was a checkout of v3-6-test from
yesterday
and it still happens with the latest tree.
Thanks for looking!
Cheers,
Christian
More information about the samba-technical
mailing list