[OpenAFS] OpenAFS 1.6.5/1.6.10 - server segfaults during migration
to rxkad-k5
Benjamin Kaduk
kaduk@MIT.EDU
Fri, 7 Nov 2014 12:13:59 -0500 (EST)
On Fri, 7 Nov 2014, Benjamin Kaduk wrote:
> On Fri, 7 Nov 2014, Volkmar Glauche wrote:
>
> > mit-krb5# ktutil
> > ktutil: rkt /etc/openafs/server/rxkad.keytab
> > ktutil: l
> > slot KVNO Principal
> > ---- ----
> > ---------------------------------------------------------------------
> > 1 0 afs/cell@REALM
> > 2 0 afs/cell@REALM
> > 3 0 afs/cell@REALM
>
> kvno 0 is special in some ways; I would suggest trying with a different
> kvno.
> (That may not be the actual problem, but is the first thing I would try.)
Having looked more closely, I do believe it will fix the problem.
The NULL krb5_principal is passed to krb5_kt_get_entry() from
pick_enctype_and_principal(), which should already have picked a principal
by then, in pick_principal():
% pick_principal(krb5_context context, krb5_keytab kt,
% krb5_principal *service_principal)
% {
% krb5_error_code code;
% krb5_kvno vno = 0;
initialized to zero
% krb5_kt_cursor c;
% krb5_keytab_entry n_entry;
%
% /* Nothing to do */
% if (*service_principal != NULL)
% return 0;
%
% memset(&n_entry, 0, sizeof(n_entry));
%
% code = krb5_kt_start_seq_get(context, kt, &c);
% if (code != 0)
% goto cleanup;
% while (code == 0 && krb5_kt_next_entry(context, kt, &n_entry, &c) == 0) {
% if (n_entry.vno > vno) {
This check never succeeds.
% vno = n_entry.vno;
% (void)krb5_free_principal(context, *service_principal);
% code = krb5_copy_principal(context, n_entry.principal,
% service_principal);
% }
% (void)krb5_free_keytab_entry_contents(context, &n_entry);
% }
% if (code != 0) {
% (void)krb5_kt_end_seq_get(context, kt, &c);
% goto cleanup;
% }
% code = krb5_kt_end_seq_get(context, kt, &c);
%
% cleanup:
This should probably return an error if service_principal is not set here.
% return code;
% }
-Ben