gensec_krb5_start() fails silently with tlocal_addr / tremote_addr is IPv6

Lorenz Schori lo at
Thu Jul 1 20:07:27 UTC 2021


The function gensec_krb5_start() returns NT_STATUS_INTERNAL_ERROR when
tlocal_addr / tremote_addr are IPv6. No debug messages are generated in
this case and nothing obvious shows up in strace. Only thing i see in
logs even with log level 10 are the following lines:

    Starting GENSEC mechanism krb5
    Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR

As a result things like kpasswd do not work.

Loking through the samba source there are not so many code paths through
gensec_krb5_start() without any DEBUG statements. Thus I believe what
happens is the following (from gensec_krb.c, see [1]).

		sockaddr_ret = tsocket_address_bsd_sockaddr(
			tlocal_addr, &, sizeof(;
		if (sockaddr_ret < 0) {

When tlocal_addr is IPv6, then sockaddr_ret will return an error.
Looking at other examples of tsocket_address_bsd_sockaddr it seems that
most of them use sizeof(struct sockaddr_storage) for the last param
except the one call shown above.

I suspect that this might be the problem. Consider the following test

$ cat <<EOF > /tmp/test.c
#include <netinet/in.h>
#include <stdio.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>

#define sockaddr_storage sockaddr_in6
struct samba_sockaddr {
	socklen_t sa_socklen;
	union {
		struct sockaddr sa;
		struct sockaddr_in in;
		struct sockaddr_in6 in6;
		struct sockaddr_un un;
		struct sockaddr_storage ss;
	} u;

int main(void) {
        struct samba_sockaddr addr;
        printf("sizeof( %ld\n", sizeof(;
        printf("sizeof(struct sockaddr_storage): %ld\n",
		sizeof(struct sockaddr_storage));
	return 0;


On my machine, this produces the following output:

sizeof( 16
sizeof(struct sockaddr_storage): 28


1) gensec_krb3.c:

More information about the samba-technical mailing list