SSSD / sssd

Clone

#260 krb5_child segfault with expired passwords
Closed: Fixed None Opened 14 years ago by jhrozek.

Closed: Fixed
Reopen Issue

When logging as an user with an expired password (default in IPA), krb5_child segfaults.

To reproduce:[[BR]]
1. server: ipa user-add foobar[[BR]]
2. server: ipa passwd[[BR]]
3. log in to a client using SSSD[[BR]]

The backtrace looks like:

(gdb) bt full
#0  0x001ebd89 in krb5_cc_destroy () from /usr/lib/libkrb5.so.3
No symbol table info available.
#1  0x0804aea3 in tgt_req_child (fd=1, kr=0x9380bf0) at providers/krb5/krb5_child.c:433
        ret = -1
        kerr = -1765328361
        err = 32
        pass_str = 0x0
        pam_status = 27
        resp = 0x93813b0
        __FUNCTION__ = "tgt_req_child"
#2  0x0804c48a in main (argc=3, argv=0xbf879a14) at providers/krb5/krb5_child.c:746
        buf = 0x93809b8  <incomplete sequence \361>
        ret = 0
        len = 84
        pd = 0x9380628
        kr = 0x9380bf0
        ccname = 0x9380760 "FILE:/tmp/krb5cc_132903518_XXXXXX"
        opt = -1
        pc = 0x93805f8
        debug_fd = 19
        long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x804d240, val = 0, descrip = 0x804ca12 "Help options:", argDescrip = 0x0}, 
          {longName = 0x804ca20 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x804d2b8, val = 0, descrip = 0x804ca2c "Debug level", 
            argDescrip = 0x0}, {longName = 0x804ca38 "debug-timestamps", shortName = 0 '\0', argInfo = 0, arg = 0x804d2bc, val = 0, 
            descrip = 0x804ca49 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x804ca5e "debug-fd", shortName = 0 '\0', argInfo = 2, 
            arg = 0xbf87992c, val = 0, descrip = 0x804ca49 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, 
            arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Fixed in:
42a21a6

resolution: => fixed
status: new => closed

Fields changed

component: SSSD => Kerberos Provider
fixedin: => 1.0.0rc
tests: 0 => 1
Is this only with IPA or any KDC ? description: When logging as an user with an expired password (default in IPA), krb5_child segfaults. To reproduce: 1. server: ipa user-add foobar 2. server: ipa passwd 3. log in to a client using SSSD The backtrace looks like: {{{ (gdb) bt full #0 0x001ebd89 in krb5_cc_destroy () from /usr/lib/libkrb5.so.3 No symbol table info available. #1 0x0804aea3 in tgt_req_child (fd=1, kr=0x9380bf0) at providers/krb5/krb5_child.c:433 ret = -1 kerr = -1765328361 err = 32 pass_str = 0x0 pam_status = 27 resp = 0x93813b0 __FUNCTION__ = "tgt_req_child" #2 0x0804c48a in main (argc=3, argv=0xbf879a14) at providers/krb5/krb5_child.c:746 buf = 0x93809b8 <incomplete sequence \361> ret = 0 len = 84 pd = 0x9380628 kr = 0x9380bf0 ccname = 0x9380760 "FILE:/tmp/krb5cc_132903518_XXXXXX" opt = -1 pc = 0x93805f8 debug_fd = 19 long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x804d240, val = 0, descrip = 0x804ca12 "Help options:", argDescrip = 0x0}, {longName = 0x804ca20 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x804d2b8, val = 0, descrip = 0x804ca2c "Debug level", argDescrip = 0x0}, {longName = 0x804ca38 "debug-timestamps", shortName = 0 '\0', argInfo = 0, arg = 0x804d2bc, val = 0, descrip = 0x804ca49 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x804ca5e "debug-fd", shortName = 0 '\0', argInfo = 2, arg = 0xbf87992c, val = 0, descrip = 0x804ca49 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main" }}} => When logging as an user with an expired password (default in IPA), krb5_child segfaults. To reproduce:[[BR]] 1. server: ipa user-add foobar[[BR]] 2. server: ipa passwd[[BR]] 3. log in to a client using SSSD[[BR]] The backtrace looks like: {{{ (gdb) bt full #0 0x001ebd89 in krb5_cc_destroy () from /usr/lib/libkrb5.so.3 No symbol table info available. #1 0x0804aea3 in tgt_req_child (fd=1, kr=0x9380bf0) at providers/krb5/krb5_child.c:433 ret = -1 kerr = -1765328361 err = 32 pass_str = 0x0 pam_status = 27 resp = 0x93813b0 __FUNCTION__ = "tgt_req_child" #2 0x0804c48a in main (argc=3, argv=0xbf879a14) at providers/krb5/krb5_child.c:746 buf = 0x93809b8 <incomplete sequence \361> ret = 0 len = 84 pd = 0x9380628 kr = 0x9380bf0 ccname = 0x9380760 "FILE:/tmp/krb5cc_132903518_XXXXXX" opt = -1 pc = 0x93805f8 debug_fd = 19 long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x804d240, val = 0, descrip = 0x804ca12 "Help options:", argDescrip = 0x0}, {longName = 0x804ca20 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x804d2b8, val = 0, descrip = 0x804ca2c "Debug level", argDescrip = 0x0}, {longName = 0x804ca38 "debug-timestamps", shortName = 0 '\0', argInfo = 0, arg = 0x804d2bc, val = 0, descrip = 0x804ca49 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x804ca5e "debug-fd", shortName = 0 '\0', argInfo = 2, arg = 0xbf87992c, val = 0, descrip = 0x804ca49 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main" }}}

This was a general problem, not only for IPA

Fields changed

tests: 1 => 0
testsupdated: 0 => 1

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.0 RC
7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1302

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
defect
Kerberos Provider
0.7.1
None
1
None
0
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.