Bug 7394 - Segfault creating principal without PAC
Summary: Segfault creating principal without PAC
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-27 00:55 UTC by Marcel Ritter
Modified: 2010-04-27 02:43 UTC (History)
0 users

See Also:


Attachments
Fix no-pac principal creation (825 bytes, patch)
2010-04-27 01:12 UTC, Marcel Ritter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcel Ritter 2010-04-27 00:55:31 UTC
During my tests to use Samba4 as a kdc for kerberized NFS,
I found a bug in the KDC code, when generating a principal
without pac (e.g. with msktutil and option --no-pac), that
causes Samba4 to crash:

Running the following command on one of the client machines

  msktutil -c --upn nfs/testa.linex.org  -h testa.linex.org --computer-name testa-service-nfs  --server s4-dc1.linex.org --no-pac

results in this gdb backtrace on the samba4 dc (s4-dc1.linex.org):

  Program received signal SIGSEGV, Segmentation fault. 
  0x00000000005e82e6 in samba_make_krb5_pac ()
  Current language:  auto; currently asm
  (gdb) bt  
  #0  0x00000000005e82e6 in samba_make_krb5_pac ()
  #1  0x00000000004ce243 in samba_wdc_get_pac ()
  #2  0x000000000059290b in _kdc_pac_generate ()
  #3  0x0000000000588055 in _kdc_as_rep ()
  #4  0x00000000005922ec in kdc_as_req ()
  #5  0x000000000059258e in krb5_kdc_process_krb5_request ()
  #6  0x00000000005fc1dc in kdc_process ()
  #7  0x00000000005fc4bb in kdc_tcp_call_loop ()
  ...

Looking at the code, the error is quite easy to find: 

source4/kdc/wdc-samba4.c: krb5_error_code samba_wdc_get_pac()
   calls 

1.) source4/kdc/pac-glue.c: samba_kdc_get_pac_blob()

  /* The user account may be set not to want the PAC */
  ...
     *_pac_blob = NULL;

    and then calls

2. source4/kdc/pac-glue.c: samba_make_krb5_pac()
   which tries to use uninitalized "pac_blob" and segfaults


I'll attach a simple patch solved the problem for me.

Sorry Andrew, somehow even my second e-mail didn't make it
to the list, so let's try it the bugzilla way :-)
Comment 1 Marcel Ritter 2010-04-27 01:12:44 UTC
Created attachment 5659 [details]
Fix no-pac principal creation

Probably there's a better place to prevent this bug, however the patch is very simple and solves the problems for now.
Comment 2 Matthias Dieter Wallnöfer 2010-04-27 02:43:23 UTC
Applied and fixed. Thanks!