[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
(gdb) p ent.principal
$1 = (Principal *) 0x0
(gdb) p princ
$2 = 0x80591c0
Note that ent.principal was set to princ earlier, but is now nil, while princ
is still a valid pointer. I found that in the function LDAP_message2entry which
is called from context->db->hdb_fetch() above, we see this:
static krb5_error_code
LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
hdb_entry * ent)
{
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL;
char *samba_acct_flags = NULL;
int ret;
unsigned long tmp;
struct berval **keys;
char **values;
int tmp_time;
=> memset(ent, 0, sizeof(*ent));
Even though ent is passed in as a parameter to be used, it is cleared here.
If I comment that line out, I get a bus error in another location.
(gdb) where
#0 0x281e2c9d in free_general_string (str=0xd8f8fc81) at der_free.c:41
#1 0x282098f1 in free_PrincipalName (data=0x28057bc8)
at asn1_PrincipalName.c:159
#2 0x2820904f in free_Principal (data=0x28057bc8) at asn1_Principal.c:132
#3 0x28099b66 in free_Event (data=0xbfbff73c) at asn1_Event.c:138
#4 0x2809df2d in free_hdb_entry (data=0xbfbff72c) at asn1_hdb_entry.c:606
#5 0x2809509c in hdb_free_entry (context=0x8058000, ent=0xbfbff72c)
at hdb.c:144
#6 0x28093d72 in LDAP_message2entry (context=0x8058000, db=0x805b000,
msg=0x8057500, ent=0xbfbff72c) at hdb-ldap.c:1277
#7 0x28094465 in LDAP_fetch (context=0x8058000, db=0x805b000, flags=1,
entry=0xbfbff72c) at hdb-ldap.c:1500
#8 0x28082e08 in kadm5_s_get_principal (server_handle=0x805a100,
princ=0x80591c0, out=0xbfbff7d4, mask=1) at get_s.c:52
#9 0x280766b4 in kadm5_get_principal (server_handle=0x805a100,
princ=0x80591c0, out=0xbfbff7d4, mask=1) at common_glue.c:92
#10 0x0804c8da in do_get_entry (principal=0x80591c0, data=0xbfbff884)
at get.c:282
#11 0x08050994 in foreach_principal (exp=0xbfbffb87 "jfh",
func=0x804c890 <do_get_entry>, funcname=0x8053138 "get", data=0xbfbff884)
at util.c:528
#12 0x0804cd2c in getit (opt=0xbfbff980, name=0x805318c "list", argc=1,
argv=0xbfbffa70) at get.c:382
#13 0x0804ce16 in list_princs (opt=0xbfbff980, argc=1, argv=0xbfbffa70)
at get.c:405
#14 0x0805259b in list_wrap (argc=2, argv=0xbfbffa6c) at kadmin-commands.c:495
#15 0x280a383f in sl_command (cmds=0x80563b8, argc=2, argv=0xbfbffa6c)
at sl.c:234
#16 0x0804dcfe in main (argc=2, argv=0xbfbffa6c) at kadmin.c:261
#17 0x0804a5be in _start ()
(gdb)
Checking in frame 8, I find this:
kadm5_ret_t
kadm5_s_get_principal(void *server_handle,
krb5_principal princ,
kadm5_principal_ent_t out,
u_int32_t mask)
{
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
hdb_entry ent;
ent.principal = princ;
ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
if(ret)
return ret;
=> ret = context->db->hdb_fetch(context->context, context->db,
HDB_F_DECRYPT, &ent);
It appears ent is never initialized. After adding this line:
hdb_entry ent;
+ memset(&ent, 0, sizeof(ent));
ent.principal = princ;
kadmin list works:
<root@palm:/var/tmp/heimdal-20041209> # kadmin -l list -l jfh
Principal: jfh@EXAMPLE.EDU
Principal expires: never
Password expires: 2038-01-19 03:14:07 UTC
Last password change: never
Max ticket life: unlimited
Max renewable life: unlimited
Kvno: 0
Mkvno: 0
Last successful login: never
Last failed login: never
Failed login count: 0
Last modified: 2004-12-10 16:36:19 UTC
Modifier: unknown
Attributes: disallow-svr, disallow-proxiable, disallow-renewable, disallow-postdated
Keytypes: arcfour-hmac-md5(pw-salt)
kadmin in free(): warning: chunk is already free
Unfortunately, there are still problems as seen by the free warning.
The cpw still crashes, and if I try to list all princs, kadmin crashes
now as well:
<root@palm:/var/tmp/heimdal-20041209> # kadmin -l list '*'
kadmin in free(): warning: junk pointer, too high to make sense
zsh: segmentation fault (core dumped) kadmin -l list '*'
The code is get_s.c:53 (kadm5_s_get_principal), and the crash is in
a different place:
Program received signal SIGSEGV, Segmentation fault.
0x28082e11 in kadm5_s_get_principal (server_handle=0x805a100, princ=0x80591a0,
out=0xbfbff7d4, mask=1) at get_s.c:53
(gdb) where
#0 0x28082e11 in kadm5_s_get_principal (server_handle=0x805a100,
princ=0x80591a0, out=0xbfbff7d4, mask=1) at get_s.c:53
#1 0x280766b4 in kadm5_get_principal (server_handle=0x805a100,
princ=0x80591a0, out=0xbfbff7d4, mask=1) at common_glue.c:92
#2 0x0804c8da in do_get_entry (principal=0x80591a0, data=0xbfbff884)
at get.c:282
#3 0x08050994 in foreach_principal (exp=0xbfbffb87 "*",
func=0x804c890 <do_get_entry>, funcname=0x8053138 "get", data=0xbfbff884)
at util.c:528
#4 0x0804cd2c in getit (opt=0xbfbff980, name=0x805318c "list", argc=1,
argv=0xbfbffa70) at get.c:382
#5 0x0804ce16 in list_princs (opt=0xbfbff980, argc=1, argv=0xbfbffa70)
at get.c:405
#6 0x0805259b in list_wrap (argc=2, argv=0xbfbffa6c) at kadmin-commands.c:495
#7 0x280a383f in sl_command (cmds=0x80563b8, argc=2, argv=0xbfbffa6c)
at sl.c:234
#8 0x0804dcfe in main (argc=2, argv=0xbfbffa6c) at kadmin.c:261
#9 0x0804a5be in _start ()
(gdb) p context->db
$1 = (HDB *) 0x11
(gdb)
Now, context->db is corrupted, and it's getting harder to track down.
I'm willing to keep hacking around, but I'd like to know from folks more
familiar with the code if the mods I've made make sense and I'm on the
right track, or if I'm way off base and doing things incorrectly that
trigger bugs in little-used paths in the code. Is anyone interested?
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
--Multipart=_Fri__10_Dec_2004_13_19_42_-0500_qgjLFOCpZsI=lTBD
Content-Type: text/plain;
name="slapd.conf"
Content-Disposition: attachment;
filename="slapd.conf"
Content-Transfer-Encoding: quoted-printable
## schema files (core.schema is required by default)
include /usr/local/etc/openldap/schema/core.schema
## needed for sambaSamAccount
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
# It is recommended that you maintain some indices on some of the most usef=
ul attributes, as in the
# following example, to speed up searches made on sambaSamAccount objectcla=
sses (and possibly
# posixAccount and posixGroup as well):
#
#
#
allow bind_v2
allow bind_anon_cred
allow bind_anon_dn
allow update_anon
database bdb
suffix dc=3Dexample,dc=3Dedu
rootdn cn=3Dldapadmin,dc=3Dexample,dc=3Dedu
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}TrmEqj7FK5HLCIY+nntFvqeF2vD0m4Vh
# The database directory MUST exist prior to running slapd AND=20
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/ldap/db
# SASL configuration
sasl_host palm.cise.ufl.edu
sasl_realm EXAMPLE.EDU
#sasl-secprops minssf=3D112
password-hash {SSHA}
# Indices to maintain
## required by OpenLDAP
index objectclass eq
index cn pres,sub,eq
index sn pres,sub,eq
## required to support pdb_getsampwnam
index uid pres,sub,eq
## required to support pdb_getsambapwrid()
index displayName pres,sub,eq
## uncomment these if you are storing posixAccount and
## posixGroup entries in the directory as well
##index uidNumber eq
##index gidNumber eq
##index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
# SSL
TLSCACertificateFile /usr/local/lib/ssl/certs/cise-cacert.pem
TLSCertificateKeyFile /usr/local/lib/ssl/certs/palm.cise.ufl.edu-key.pem
TLSCertificateFile /usr/local/lib/ssl/certs/palm.cise.ufl.edu-cert.pem
access to *
by dn=3D"cn=3Dldapadmin,dc=3Dexample,dc=3Dedu" write
sasl-regexp "uidNumber=3D0\\\+gidNumber=3D.*,cn=3Dpeercred,cn=3Dexternal,cn=
=3Dauth"
"cn=3Dldapadmin,dc=3Dexample,dc=3Dedu"
sasl-regexp "uidNumber=3D0\\\+gidNumber=3D.*,cn=3Dpeercred,cn=3Dexternal,cn=
=3Dauth"
"krb5PrincipalName=3Dkadmin/admin@EXAMPLE.EDU,sambaDomainName=3DEXA=
MPLE,dc=3Dexample,dc=3Dedu"
access to dn.regex=3D"(.*,)?dc=3Dexample,dc=3Dedu"
attr=3D"userPassword,sambaLMPassword,sambaNTPassword"
by dn=3D"cn=3Dldapadmin,dc=3Dexample,dc=3Dedu" write
by * auth
access to dn.regex=3D".*,dc=3Dexample,dc=3Dedu"=20
by dn=3D"cn=3Dldapadmin,dc=3Dexample,dc=3Dedu" write
by self write
by * read
access to dn.regex=3D".*,dc=3Dexample,dc=3Dedu"=20
by dn=3D"cn=3Dldapadmin,dc=3Dexample,dc=3Dedu" write
by self write
by * read
access to attr=3DsupportedSASLMechanisms,subschemaSubentry
by anonymous read
by * read
# Allow read access of root DSE to ALL
access to dn=3D""
by * read
=20
access to dn.base=3D"cn=3DSubschema"
by * read
--Multipart=_Fri__10_Dec_2004_13_19_42_-0500_qgjLFOCpZsI=lTBD
Content-Type: text/plain;
name="samba-pdc-1.ldif"
Content-Disposition: attachment;
filename="samba-pdc-1.ldif"
Content-Transfer-Encoding: quoted-printable
dn: dc=3Dexample,dc=3Dedu
objectClass: dcObject
objectclass: organization
dc: example
o: example,dc=3Dedu
dn: cn=3Dldapadmin,dc=3Dexample,dc=3Dedu
objectclass: organizationalRole
cn: ldapadmin
description: Directory Manager
dn: ou=3DUsers,dc=3Dexample,dc=3Dedu
objectClass: organizationalUnit
ou: Users
dn: ou=3DGroups,dc=3Dexample,dc=3Dedu
objectClass: organizationalUnit
ou: Groups
dn: ou=3DComputers,dc=3Dexample,dc=3Dedu
objectClass: organizationalUnit
ou: Computers
dn: uid=3Droot,ou=3DUsers,dc=3Dexample,dc=3Dedu
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 512
uid: root
uidNumber: 0
homeDirectory: /root
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\palm\root
sambaHomeDrive: H:
sambaProfilePath: \\palm\profiles\root
sambaPrimaryGroupSID: S-1-5-21-3516781642-1962870000-3438800000-512
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-3516781642-1962870000-3438800000-2996
loginShell: /bin/sh
gecos: Netbios Domain Administrator
dn: uid=3Dnobody,ou=3DUsers,dc=3Dexample,dc=3Dedu
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 514
uid: nobody
uidNumber: 65534
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\palm\nobody
sambaHomeDrive: H:
sambaProfilePath: \\palm\profiles\root
sambaPrimaryGroupSID: S-1-5-21-3516781642-1962870000-3438800000-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NU ]
sambaSID: S-1-5-21-3516781642-1962870000-3438800000-2998
loginShell: /bin/false
--Multipart=_Fri__10_Dec_2004_13_19_42_-0500_qgjLFOCpZsI=lTBD
Content-Type: text/plain;
name="jfh.ldif"
Content-Disposition: attachment;
filename="jfh.ldif"
Content-Transfer-Encoding: quoted-printable
dn: uid=3Djfh,ou=3DUsers,dc=3Dexample,dc=3Dedu
cn: James F. Hranicky
sn: Hranicky
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 512
uid: jfh
uidNumber: 987
homeDirectory: /cise/homes/jfh
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
sambaLogonHours: 0
sambaHomePath: \\palm\jfh
sambaHomeDrive: H:
sambaProfilePath: \\palm\profiles\jfh
sambaPrimaryGroupSID: S-1-5-21-3516781642-1962870000-3438800000-512
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-3516781642-1962870000-3438800000-3000
loginShell: /usr/local/bin/tcsh
gecos: James F. Hranicky, E314 CSE, 352-392-1499
--Multipart=_Fri__10_Dec_2004_13_19_42_-0500_qgjLFOCpZsI=lTBD
Content-Type: text/plain;
name="smb.conf"
Content-Disposition: attachment;
filename="smb.conf"
Content-Transfer-Encoding: quoted-printable
[global] =20
netbios name =3D PALM
workgroup =3D EXAMPLE
passdb backend =3D ldapsam:ldapi:///
ldap admin dn =3D cn=3Dldapadmin,dc=3Dexample,dc=3Dedu
ldap suffix =3D dc=3Dexample,dc=3Dedu
os level =3D 33 =20
preferred master =3D yes =20
domain master =3D yes =20
local master =3D yes =20
security =3D user
domain logons =3D yes =20
logon path =3D \\%N\profiles\%u =20
logon drive =3D H: =20
logon home =3D \\homeserver\%u\winprofile
logon script =3D logon.cmd
[netlogon] =20
path =3D /var/lib/samba/netlogon
read only =3D yes =20
write list =3D ntadmin =20
[profiles]
path =3D /var/lib/samba/profiles
read only =3D no
create mask =3D 0600 =20
directory mask =3D 0700 =20
[homes]
comment =3D Home Directories
browseable =3D yes
writable =3D yes
path =3D /cise/homes/%u
create mode =3D 0600
directory mode =3D 0700
inherit permissions =3D yes
--Multipart=_Fri__10_Dec_2004_13_19_42_-0500_qgjLFOCpZsI=lTBD
Content-Type: text/plain;
name="krb5.conf"
Content-Disposition: attachment;
filename="krb5.conf"
Content-Transfer-Encoding: quoted-printable
[libdefaults]
ticket_lifetime =3D 300
default_realm =3D EXAMPLE.EDU
default_tkt_enctypes =3D des3-hmac-sha1
default_tgs_enctypes =3D des3-hmac-sha1
default_etypes =3D arcfour-hmac-md5
[realms]
EXAMPLE.EDU =3D {=20
kdc =3D palm.cise.ufl.edu:88
admin_server =3D palm.cise.ufl.edu:749
default_domain =3D cise.ufl.edu
}
[domain_realm]
.example.edu =3D EXAMPLE.EDU
example.edu =3D EXAMPLE.EDU
[logging]
kdc =3D FILE:/var/log/krb5kdc.log
admin_server =3D FILE:/var/log/kadmin.log
default =3D FILE:/var/log/krb5lib.log
[kdc]
database =3D {
realm =3D EXAMPLE.EDU
dbname =3D ldap:dc=3Dexample,dc=3Dedu
hdb-ldap-add-base =3D dc=3Dexample,dc=3Dedu
acl_file =3D /tmp/kadmind.acl
}
--Multipart=_Fri__10_Dec_2004_13_19_42_-0500_qgjLFOCpZsI=lTBD--