[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problems

To: heimdal-discuss@sics.se
Subject: Re: problems
From: Arkadiusz Miśkiewicz <misiek@misiek.eu.org>
Date: Wed, 7 Jul 1999 15:00:37 +0200
In-Reply-To: <5lwvweucd2.fsf@assaris.sics.se>
References: <19990705102606.C29747@zsz2.starachowice.pl> <5lwvweucd2.fsf@assaris.sics.se>
Sender: owner-heimdal-discuss@sics.se


[poniedziałek, 05 lipiec 1999], Assar Westerlund napisał(a):

> > when I run port scanning using nmap then kdc exit with SIGSEGV (nmap myserver)
> 
> This is (partially) due to a bug in the handling of recvfrom in linux,
> but I the following patch should work around that and make things more
> robust.
> 
> diff -u -w -r1.62 -r1.64
> --- connect.c	1999/06/23 13:12:39	1.62
> +++ connect.c	1999/07/05 19:11:50	1.64
[cut]
thnx, now port scanning doesn't cause SIGSEGV

> > 2)
> > Also:
> > root@linstar /root#  /usr/heimdal/sbin/dump_log
> > Segmentation fault
> 
> I'm not able to reproduce this bug.  What is the contents of your
> /var/heimdal directory?
root@linstar /root# ls -l /var/heimdal/
razem 13
-rw-------   1 root     root         8192 Jul  5 18:27 heimdal.db
-rw-------   1 root     root            0 Jul  5 18:10 kadmind.acl
-rw-------   1 root     root         4986 Jul  5 18:27 log
root@linstar /root#

>  And can you run gdb on the core so that I can
> see where it's failing?
gdb on dump_log show
Starting program: /usr/heimdal/sbin/./dump_log
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x4005d292 in initialize_error_table_r () from /usr/heimdal/lib/libkrb5.so.1

> > 4)
> > misiek@linstar bin$ ./kinit misiek
> > misiek@ZSZ2.STARACHOWICE.PL's Password:
> > kinit: krb5_get_init_creds: Program lacks support for checksum type
> > misiek@linstar bin$
> 
> Somehow the client doesn't handle des3-cbc-sha1.  Did you compile both
> client and server with --enable-new-des3-code?
simply ./configure --enable-new-des3-code && make from main dir of heimdal-0.1g

I'm for 99% sure that client and server is compiled with new-des3 because I compiled
even with CFLAGS+="-DNEW_DES3_CODE=1".

For test I added to lib/krb5/crypto.c
        DES3_CBC_encrypt,
    },
#if NEW_DES3_CODE
+#error "Error"
    {
        ETYPE_DES3_CBC_SHA1,
        "des3-cbc-sha1",

and:
make[2]: Entering directory
`/home/users/misiek/rpm/BUILD/heimdal-0.1g/lib/krb5'
../../libtool --mode=compile gcc  -DHAVE_CONFIG_H -I. -I. -I../../include
-I../../include    -Wall -Wmissing-prototypes -Wpointer-arith
-Wbad-function-cast -Wmissing-declarations -Wnested-externs -DINET6 -O2
-mpentium -c crypto.c
gcc -DHAVE_CONFIG_H -I. -I. -I../../include -I../../include -Wall
-Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-Wmissing-declarations -Wnested-externs -DINET6 -O2 -mpentium -c -fPIC -DPIC
crypto.c -o crypto.lo
crypto.c:1407: #error "Error"
make[2]: *** [crypto.lo] Error 1

That same thing in lib/krb5/krb5.h
#if NEW_DES3_CODE
+#error "Error"

In file included from krb5_locl.h:125,
                 from crypto.c:39:
krb5.h:100: #error "Error"
make[2]: *** [crypto.lo] Error 1

Maybe the problem is here (krb5.h):
#if NEW_DES3_CODE
  ETYPE_NEW_DES3_CBC_SHA1       = 7,
  ETYPE_DES3_CBC_SHA1           = ETYPE_NEW_DES3_CBC_SHA1,
                                  ^^^^^^^^^^^^^^^^^^^^^^^
#else

but in crypto.c is:
#if NEW_DES3_CODE
    {
        ETYPE_DES3_CBC_SHA1,
        "des3-cbc-sha1",
        8,
        8,
        &keytype_des3_derived,
        &checksum_sha1,
        &checksum_hmac_sha1_des3,
        F_DERIVED,
        DES3_CBC_encrypt,
    },
#else
^^^^^
    {
        ETYPE_NEW_DES3_CBC_SHA1,
        ^^^^^^^^^^^^^^^^^^^^^^^^
        "new-des3-cbc-sha1",
        8,
        8,
        &keytype_des3_derived,
        &checksum_sha1,
        &checksum_hmac_sha1_des3,
        F_DERIVED,
        DES3_CBC_encrypt,
    },

but I'm not sure because I'm not a C programmer :(

Of course kinit -e des-cbc-crc (or des-cbc-md4 or des-cbc-md5) is working fine.
Only des3-cbc-sha1 cause problems.

> Can you do a `kadmin
> -l get -l misiek' on your KDC?
root@linstar sbin# ./kadmin -l get -l misiek | grep Keytypes
         Keytypes(salts): des-cbc-crc(pw-salt), des-cbc-md4(pw-salt), des-cbc-md5(pw-salt), des3-cbc-sha1(pw-salt)

I have one more question about IPv6 ....
Is IPv6 one of features with high priority in heimdal project or maybe
it's only for testing etc ? (kdc doesn't work via IPv6 - doesn't bind to IPv6 socket...)

> 
> /assar

-- 
 _____  __    ____       arkadiusz miśkiewicz      misiek@pld.org.pl
 \  _  \\  \  \    \  tel. +48 604395925  sysadm: zsz2.starachowice.pl
 |   __/|  |__|  |  | http://www.pld.org.pl/ http://www.misiek.eu.org/
 /__/   /____//____/     Polish Linux Distribution with IPv6 support

Follow-Ups:
- Re: problems
  - From: Assar Westerlund <assar@sics.se>

References:
- problems
  - From: Arkadiusz Miśkiewicz <misiek@misiek.eu.org>
- Re: problems
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: Arla and Heimdal?
Next by Date: Re: Arla and Heimdal?
Prev by thread: Re: problems
Next by thread: Re: problems
Index(es):
- Date
- Thread