Bug 2095 - Signal 11 on kerberos auth
Signal 11 on kerberos auth
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: nmbd
3.0.8
x86 Linux
: P3 critical
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-27 17:25 UTC by Bård Kalbakk
Modified: 2005-08-24 10:24 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bård Kalbakk 2004-11-27 17:25:24 UTC
I have set up samba with security = ads
I have a kerberos ticket and want to use this when authenticating with samba:
smbclient -U bard -k -L //daisy
session setup failed: Call returned zero bytes (EOF)

from `/usr/sbin/smbd -i -d 10` :

name_to_fqdn: lookup for DAISY -> daisy.
krb5_rd_req succeeded for principal daisy$@LOCALDOMAIN
secrets_named_mutex: released mutex for replay cache mutex
Got KRB5 session key of length 8
===============================================================
INTERNAL ERROR: Signal 11 in pid 19925 (3.0.8-Debian)
Please read the appendix Bugs of the Samba HOWTO collection
===============================================================
smb_panic(): calling panic action [/usr/share/samba/panic-action 19925]
smb_panic(): action returned status 0
PANIC: internal error
BACKTRACE: 15 stack frames:
 #0 smbd(smb_panic2+0x111) [0x81dfd51]
 #1 smbd(smb_panic+0x1a) [0x81dfc3a]
 #2 smbd [0x81cc118]
 #3 [0xffffe420]
 #4 smbd(ads_verify_ticket+0x5e5) [0x824c075]
 #5 smbd [0x80ad8d6]
 #6 smbd [0x80ae5af]
 #7 smbd [0x80aea5b]
 #8 smbd(reply_sesssetup_and_X+0xe6b) [0x80afa0b]
 #9 smbd [0x80d3056]
 #10 smbd [0x80d32e0]
 #11 smbd(process_smb+0x8c) [0x80d34ec]
 #12 smbd(smbd_process+0x168) [0x80d4228]
 #13 smbd(main+0x4ea) [0x8256b6a]
 #14 /lib/tls/libc.so.6(__libc_start_main+0x108) [0xb7d457f8]
Aborted

Kerberos setup is working with ssh , pam-krb5 etc.
Is smb.conf nessesary?
Comment 1 Bård Kalbakk 2004-11-27 17:31:14 UTC
This only happens if smb.conf contains 
use kerberos keytab = yes
if not I just get 
session setup failed: NT_STATUS_LOGON_FAILURE
when running smbclient
Comment 2 Bård Kalbakk 2004-11-27 20:22:34 UTC
Tested with Samba 3.1 , it didn't SIGSEV

I got this:
name_to_fqdn: lookup for DAISY -> daisy.
secrets_named_mutex: got mutex for replay cache mutex
ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad
encryption type
ads_secrets_verify_ticket: enc type [17] failed to decrypt with error Bad
encryption type
ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Decrypt
integrity check failed
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Bad
encryption type
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad
encryption type
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad
encryption type
ads_secrets_verify_ticket: enc type [2] failed to decrypt with error Bad
encryption type
secrets_named_mutex: released mutex for replay cache mutex
ads_verify_ticket: krb5_rd_req with auth failed (Success)
Failed to verify incoming ticket!


It looks to me like MIT krb5 is using an encryption method that samba doesn't
support, but I haven't figured that one out. I guess that's offtopic regarding
this bug report
Comment 3 Bård Kalbakk 2004-12-02 12:47:13 UTC
Jeremy Allison(jra@samba.org) provided this patch
It solved the problem

> Index: libsmb/clikrb5.c
> ===================================================================
> --- libsmb/clikrb5.c  (revision 4019)
> +++ libsmb/clikrb5.c  (working copy)
> @@ -184,7 +184,7 @@
>   void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt)
>  {
>  #if defined(HAVE_KRB5_TKT_ENC_PART2)
> -     if (tkt->enc_part2)
> +     if (tkt->enc_part2 && tkt->enc_part2->authorization_data &&
tkt->enc_part2->authorization_data[0] &&
tkt->enc_part2->authorization_data[0]->length)
>               *auth_data =
data_blob(tkt->enc_part2->authorization_data[0]->contents,
>                       tkt->enc_part2->authorization_data[0]->length);
>  #else
Comment 4 Gerald (Jerry) Carter 2004-12-02 13:12:44 UTC
duplicate of a bug reported on Samba technical 
svn -r4020 SAMBA_3_0
Comment 5 Gerald (Jerry) Carter 2005-08-24 10:24:56 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.