[Samba] Samba4 segfault
Marcel Ritter
Marcel.Ritter at rrze.uni-erlangen.de
Mon Apr 19 08:46:09 MDT 2010
Hi,
during my tests to use Samba4 as a kdc for kerberized NFS,
I found a bug in the KDC code, when generating a principal
without pac (e.g. with msktutil and option --no-pac), that
causes Samba4 to crash:
Running the following command on one of the client machines
msktutil -c --upn nfs/testa.linex.org -h testa.linex.org
--computer-name testa-service-nfs --server s4-dc1.linex.org --no-pac
results in this gdb backtrace on the samba4 dc (s4-dc1.linex.org):
Program received signal SIGSEGV, Segmentation fault.
0x00000000005e82e6 in samba_make_krb5_pac ()
Current language: auto; currently asm
(gdb) bt
#0 0x00000000005e82e6 in samba_make_krb5_pac ()
#1 0x00000000004ce243 in samba_wdc_get_pac ()
#2 0x000000000059290b in _kdc_pac_generate ()
#3 0x0000000000588055 in _kdc_as_rep ()
#4 0x00000000005922ec in kdc_as_req ()
#5 0x000000000059258e in krb5_kdc_process_krb5_request ()
#6 0x00000000005fc1dc in kdc_process ()
#7 0x00000000005fc4bb in kdc_tcp_call_loop ()
...
Looking at the code, the error is quite easy to find:
source4/kdc/wdc-samba4.c: krb5_error_code samba_wdc_get_pac()
calls
1.) source4/kdc/pac-glue.c: samba_kdc_get_pac_blob()
/* The user account may be set not to want the PAC */
...
*_pac_blob = NULL;
and then calls
2. source4/kdc/pac-glue.c: samba_make_krb5_pac()
which tries to use uninitalized "pac_blob" and segfaults
A simple patch is attached that solved the problem for me.
Bye,
Marcel
More information about the samba
mailing list