Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
crash in krb5kdc
17 views
Skip to first unread message
Sushmita Bhattacharya
Apr 1, 2021, 10:36:42 AM4/1/21
to kerb...@mit.edu
Hi,
I am facing an issue with a Kerberos(krb5kdc) crash in process_tgs_req function, krb5 version 1.15.1. Backtrace below:-
(gdb) bt
#0 0x00007fec38d8d387 in raise () from /lib64/libc.so.6
#1 0x00007fec38d8ea78 in abort () from /lib64/libc.so.6
#2 0x00007fec38d861a6 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007fec38d86252 in __assert_fail () from /lib64/libc.so.6
#4 0x00007fec3046d353 in ldap_get_values_len () from
/lib64/libldap_r-2.4.so.2
#5 0x00007fec3201422e in ipadb_ldap_attr_to_int () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#6 0x00007fec320173cb in ipadb_parse_ldap_entry () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#7 0x00007fec3201832b in ipadb_get_principal () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#8 0x00007fec3a918bb7 in krb5_db_get_principal () from /lib64/libkdb5.so.8
#9 0x000056443d95fff2 in kdc_get_server_key ()
#10 0x000056443d9603ce in kdc_process_tgs_req ()
#11 0x000056443d95ac97 in process_tgs_req ()
#12 0x000056443d958df3 in dispatch ()
#13 0x000056443d96c950 in process_tcp_connection_read ()
#14 0x00007fec39127b48 in verto_fire () from /lib64/libverto.so.1
#15 0x00007fec31242b13 in tevent_common_invoke_fd_handler () from
/lib64/libtevent.so.0
#16 0x00007fec31249087 in epoll_event_loop_once () from /lib64/libtevent.so.0
#17 0x00007fec31247057 in std_event_loop_once () from /lib64/libtevent.so.0
#18 0x00007fec3124225d in _tevent_loop_once () from /lib64/libtevent.so.0
#19 0x00007fec3912731f in verto_run () from /lib64/libverto.so.1
#20 0x000056443d957af6 in main ()
(gdb) q
We observed this crash with kerberos version 1.15.1.
The issue is that the ldap handle passed from function process_tgs_req , to function ipadb_parse_ldap_entry and eventually to openldap, is an invalid LDAP handle. Hence there is an assert failure in function ldap_get_values_len.
(gdb) f 4
#4 0x00007fec3046d353 in ldap_get_values_len (ld=ld@entry=0x56443f44b850,
entry=entry@entry=0x56443f5c4fe0,
target=target@entry=0x7fec3202192b "krbTicketFlags") at getvalues.c:98
98 assert( LDAP_VALID( ld ) );
(gdb) p ld->ldc->ldc_options.ldo_valid
$1 = -17435
(gdb) p/x ld->ldc->ldc_options.ldo_valid
$2 = 0xbbe5
(gdb) f 5
#5 0x00007fec3201422e in ipadb_ldap_attr_to_int
(lcontext=lcontext@entry=0x56443f44b850, le=le@entry=0x56443f5c4fe0,
attrname=attrname@entry=0x7fec3202192b "krbTicketFlags",
result=result@entry=0x7ffcdd2accc4) at ipa_kdb_common.c:383
383 vals = ldap_get_values_len(lcontext, le, attrname);
(gdb) f 7
#7 0x00007fec3201832b in ipadb_get_principal (kcontext=0x56443f47b920,
search_for=<optimized out>, flags=8192, entry=0x7ffcdd2acec8)
at ipa_kdb_principals.c:1311
1311 kerr = ipadb_parse_ldap_entry(kcontext, principal, lentry, entry,
&pol);
(gdb)
Any ideas on this issue ? Is there a specific fix available ? It looks like someone reported a similar crash here : https://pagure.io/freeipa/issue/5633, but there was no fix documented, and it got closed as there was insufficient info. Any help will be much appreciated.
Thanks,
Sushmita
I am facing an issue with a Kerberos(krb5kdc) crash in process_tgs_req function, krb5 version 1.15.1. Backtrace below:-
(gdb) bt
#0 0x00007fec38d8d387 in raise () from /lib64/libc.so.6
#1 0x00007fec38d8ea78 in abort () from /lib64/libc.so.6
#2 0x00007fec38d861a6 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007fec38d86252 in __assert_fail () from /lib64/libc.so.6
#4 0x00007fec3046d353 in ldap_get_values_len () from
/lib64/libldap_r-2.4.so.2
#5 0x00007fec3201422e in ipadb_ldap_attr_to_int () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#6 0x00007fec320173cb in ipadb_parse_ldap_entry () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#7 0x00007fec3201832b in ipadb_get_principal () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#8 0x00007fec3a918bb7 in krb5_db_get_principal () from /lib64/libkdb5.so.8
#9 0x000056443d95fff2 in kdc_get_server_key ()
#10 0x000056443d9603ce in kdc_process_tgs_req ()
#11 0x000056443d95ac97 in process_tgs_req ()
#12 0x000056443d958df3 in dispatch ()
#13 0x000056443d96c950 in process_tcp_connection_read ()
#14 0x00007fec39127b48 in verto_fire () from /lib64/libverto.so.1
#15 0x00007fec31242b13 in tevent_common_invoke_fd_handler () from
/lib64/libtevent.so.0
#16 0x00007fec31249087 in epoll_event_loop_once () from /lib64/libtevent.so.0
#17 0x00007fec31247057 in std_event_loop_once () from /lib64/libtevent.so.0
#18 0x00007fec3124225d in _tevent_loop_once () from /lib64/libtevent.so.0
#19 0x00007fec3912731f in verto_run () from /lib64/libverto.so.1
#20 0x000056443d957af6 in main ()
(gdb) q
We observed this crash with kerberos version 1.15.1.
The issue is that the ldap handle passed from function process_tgs_req , to function ipadb_parse_ldap_entry and eventually to openldap, is an invalid LDAP handle. Hence there is an assert failure in function ldap_get_values_len.
(gdb) f 4
#4 0x00007fec3046d353 in ldap_get_values_len (ld=ld@entry=0x56443f44b850,
entry=entry@entry=0x56443f5c4fe0,
target=target@entry=0x7fec3202192b "krbTicketFlags") at getvalues.c:98
98 assert( LDAP_VALID( ld ) );
(gdb) p ld->ldc->ldc_options.ldo_valid
$1 = -17435
(gdb) p/x ld->ldc->ldc_options.ldo_valid
$2 = 0xbbe5
(gdb) f 5
#5 0x00007fec3201422e in ipadb_ldap_attr_to_int
(lcontext=lcontext@entry=0x56443f44b850, le=le@entry=0x56443f5c4fe0,
attrname=attrname@entry=0x7fec3202192b "krbTicketFlags",
result=result@entry=0x7ffcdd2accc4) at ipa_kdb_common.c:383
383 vals = ldap_get_values_len(lcontext, le, attrname);
(gdb) f 7
#7 0x00007fec3201832b in ipadb_get_principal (kcontext=0x56443f47b920,
search_for=<optimized out>, flags=8192, entry=0x7ffcdd2acec8)
at ipa_kdb_principals.c:1311
1311 kerr = ipadb_parse_ldap_entry(kcontext, principal, lentry, entry,
&pol);
(gdb)
Any ideas on this issue ? Is there a specific fix available ? It looks like someone reported a similar crash here : https://pagure.io/freeipa/issue/5633, but there was no fix documented, and it got closed as there was insufficient info. Any help will be much appreciated.
Thanks,
Sushmita
Robbie Harwood
Apr 2, 2021, 11:41:40 AM4/2/21
to Sushmita Bhattacharya, kerb...@mit.edu
Sushmita Bhattacharya <sushmita.b...@oracle.com> writes:
> Any ideas on this issue ? Is there a specific fix available ? It looks
> like someone reported a similar crash here :
> https://pagure.io/freeipa/issue/5633, but there was no fix documented,
> and it got closed as there was insufficient info. Any help will be
> much appreciated.
Hi Sushmita, this is an ipa-kdb problem and so you might have more luck
> Any ideas on this issue ? Is there a specific fix available ? It looks
> like someone reported a similar crash here :
> https://pagure.io/freeipa/issue/5633, but there was no fix documented,
> and it got closed as there was insufficient info. Any help will be
> much appreciated.
on the ipa lists. However, my understanding is that it has to do with
IPA disconnecting from 389ds - libldap basically does `assert(connection
!= NULL;` and that's the crash. Some attempts to fix it have been made
(like [1]); whether they're complete hasn't been determined yet.
Thanks,
--Robbie
1: https://pagure.io/freeipa/c/95822c7953ea9f64976908bfd901450bf283c74e
0 new messages