[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

heimdal 0.1m: hprop cores dumping ka-db; is hprop{,d} deprecated?

#0  krb5_mk_priv (context=0x0, auth_context=0x0, userdata=0xefff6e58, 
    outbuf=0xefff6dd8, outdata=0x0) at mk_priv.c:69
#1  0x13bd8 in send_priv (context=0x74c58, ac=0xefff6dd8, data=0xefff6e58, 
    fd=6) at hprop-common.c:50
#2  0x129f4 in v5_prop (context=0x74c58, db=0x0, entry=0xefff6e58, 
    appdata=0xeffff230) at hprop.c:145
#3  0x13200 in ka_convert (pd=0xeffff230, fd=7, ent=0xefff7028, 
    cell=0xeffff52c "ece.cmu.edu") at hprop.c:369
#4  0x13330 in ka_dump (pd=0xeffff230, file=0xeffff120 "", 
    cell=0xeffff52c "ece.cmu.edu") at hprop.c:395
#5  0x13570 in iterate (context=0x74c58, database=0xeffff120 "", 
    afs_cell=0xeffff52c "ece.cmu.edu", db=0xef563108, v4_db=0, ka_db=1, 
    pd=0xeffff230) at hprop.c:491
#6  0x13740 in propagate_database (context=0x74c58, v4_db=0, ka_db=1, 
    database=0xeffff50d "/usr/afs/db/kaserver.DB0", 
    afs_cell=0xeffff52c "ece.cmu.edu", db=0xef563108, ccache=0x77118, 
    optind=13, argc=14, argv=0xeffff35c) at hprop.c:575
#7  0x13ba8 in main (argc=14, argv=0xeffff35c) at hprop.c:685

The "context=0x0" is gdb being confused by optimization (context
actually has a value); but the auth_context is actually NULL.  This is
because of the following code in hprop.c:

static int
dump_database (krb5_context context, int v4_db, int ka_db,
               const char *database, const char *afs_cell,
               HDB *db)
    struct prop_data pd;
    pd.context      = context; 
    pd.auth_context = NULL;
    pd.sock         = STDOUT_FILENO;
    iterate (context, database, afs_cell, db, v4_db, ka_db, &pd);
    return 0;

pd.auth_context is never set to anything else in the code path used by
dump_database.  (BTW, I had to make a patch to hprop to get even that
far, because hprop tries to open the specified kaserver.DB0 as a v5
principal database.)

Between this and the code in hpropd.c (apparently it's a one-shot
standalone server unless run with --stdin, in which case it does no
authentication and uses plaintext) it looks rather as if hprop/hpropd is
not really supposed to be used any more, except via hprop --stdout |
hpropd --stdin.  Correct?  Then is ipropd_{client,server} the only
approved way to maintain slave KDCs?

brandon s. allbery	   os/2,linux,solaris,perl	allbery@kf8nh.apk.net
system administrator	   kthkrb,heimdal,gnome,rt	  allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering			kf8nh
    We are Linux. Resistance is an indication that you missed the point.