Core Dump with gsstest-1.26 and krb5-1.4.2

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen
Hi list,

I experimentize with kerberos, sncadapt and gsstest to maybe get Single
Sign-On work with a Windows Client (SAPGUI) to a Unix/Linux (SAP) Server.

So I compiled krb5-1.4.2 (./configure --enable-shared) and gsstest-1.26.
kinit and klist works. But when running gsstest I get a core dump.

$ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt
Sending verbose output to file "out.txt"
Segmentation fault (core dumped)

$ gdb ./gsstest core
[...]
#0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
     outprinc=0xffffe03c) at copy_princ.c:61
61              unsigned int len = krb5_princ_component(context,
inprinc, i)->length

I'm testig on a OpenPower 720 with SuSE Enterprise Linux 9 ppc.
Did I something wrong?

Head of out.txt
**************************************************************************
   ***
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program
   ***
   ***
   ***
   ***  Version 1.26    03-Sep-2002
   ***
   ***
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf
   ***
   ***
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and
   ***
   ***      robustness of GSS-API v2 mechanism implemenations
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP
AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
  ***
   *** EXCEED US$ 500.000.-
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in    999.999 millisec.

=====================================================================
   Current Date&Time :  Mon, 19-Sep-2005   14:01:36   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.60)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   Resolving SAP SNC-Adapter functions ...
     GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )
(missing)
     GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )
(missing)
     GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )
(missing)
   Resolving Misc Support functions ...
     GSS-API v1  "gss_indicate_mechs"                   (REQUIRED )    ok.
     GSS-API v1  "gss_display_status"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_buffer"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_oid_set"                  (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_names_for_mech"           (requested)    ok.
     GSS-API v2  "gss_create_empty_oid_set"             (  opt.   )    ok.
     GSS-API v2  "gss_add_oid_set_member"               (  opt.   )    ok.
     GSS-API v2  "gss_test_oid_set_member"              (  opt.   )    ok.
   Resolving Names management functions ...
     GSS-API v1  "gss_compare_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_display_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_import_name"                      (REQUIRED )    ok.
     GSS-API v1  "gss_release_name"                     (REQUIRED )    ok.
     GSS-API v2  "gss_canonicalize_name"                (requested)    ok.
     GSS-API v2  "gss_export_name"                      (requested)    ok.
     GSS-API v2  "gss_duplicate_name"                   (  opt.   )    ok.
     GSS-API v2  "gss_inquire_mechs_for_name"           (  opt.   )
(missing)
   Resolving Credentials management functions ...
     GSS-API v1  "gss_acquire_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_release_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_inquire_cred"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_cred_by_mech"             (requested)    ok.
     GSS-API v2  "gss_add_cred"                         (  opt.   )    ok.
   Resolving Context-level functions ...
     GSS-API v1  "gss_init_sec_context"                 (REQUIRED )    ok.
     GSS-API v1  "gss_accept_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_delete_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_context_time"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_context"                  (REQUIRED )    ok.
     GSS-API v2  "gss_export_sec_context"               (requested)    ok.
     GSS-API v2  "gss_import_sec_context"               (requested)    ok.
     GSS-API v2  "gss_wrap_size_limit"                  (requested)    ok.
     GSS-API v1  "gss_process_context_token"            (  opt.   )    ok.
   Resolving V2 message protection functions ...
     GSS-API v2  "gss_get_mic"                          (REQUIRED )    ok.
     GSS-API v2  "gss_verify_mic"                       (REQUIRED )    ok.
     GSS-API v2  "gss_wrap"                             (REQUIRED )    ok.
     GSS-API v2  "gss_unwrap"                           (REQUIRED )    ok.

INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing

Loading of GSS-API shared library completed.

cheers,
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Tom Yu
>>>>> "Christoph" == Christoph Weizen <[hidden email]> writes:

Christoph> $ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt
Christoph> Sending verbose output to file "out.txt"
Christoph> Segmentation fault (core dumped)

Christoph> $ gdb ./gsstest core
Christoph> [...]
Christoph> #0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
Christoph>      outprinc=0xffffe03c) at copy_princ.c:61
Christoph> 61              unsigned int len = krb5_princ_component(context,
Christoph> inprinc, i)->length

Could you please send us a backtrace?  (Use the "bt" command in gdb.)
There are quite a few ways that krb5_copy_principal() can get called.

---Tom
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

AW: Core Dump with gsstest-1.26 and krb5-1.4.2

Barbat, Calin
In reply to this post by Christoph Weizen
Try compiling the adapter and using it instead of the /usr/local/lib/libgssapi_krb5.so in the "-l" option to your call to gsstest.

krb5-1.3.5 and krb5-1.3.6 (with the adapter) worked well for me. As I didn't try further releases of krb5, I can't say anything about their behavior.

I'd be interested in the outcome of this investigation.

Mit freundlichen Grüßen / Best regards

Calin Barbat

-----Ursprüngliche Nachricht-----
Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Christoph Weizen
Gesendet: Montag, 19. September 2005 18:50
An: [hidden email]
Betreff: Core Dump with gsstest-1.26 and krb5-1.4.2

Hi list,

I experimentize with kerberos, sncadapt and gsstest to maybe get Single Sign-On work with a Windows Client (SAPGUI) to a Unix/Linux (SAP) Server.

So I compiled krb5-1.4.2 (./configure --enable-shared) and gsstest-1.26.
kinit and klist works. But when running gsstest I get a core dump.

$ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt Sending verbose output to file "out.txt"
Segmentation fault (core dumped)

$ gdb ./gsstest core
[...]
#0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
     outprinc=0xffffe03c) at copy_princ.c:61
61              unsigned int len = krb5_princ_component(context,
inprinc, i)->length

I'm testig on a OpenPower 720 with SuSE Enterprise Linux 9 ppc.
Did I something wrong?

Head of out.txt
**************************************************************************
   ***
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program
   ***
   ***
   ***
   ***  Version 1.26    03-Sep-2002
   ***
   ***
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf
   ***
   ***
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and
   ***
   ***      robustness of GSS-API v2 mechanism implemenations
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
  ***
   *** EXCEED US$ 500.000.-
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in    999.999 millisec.

=====================================================================
   Current Date&Time :  Mon, 19-Sep-2005   14:01:36   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.60)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   Resolving SAP SNC-Adapter functions ...
     GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )
(missing)
     GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )
(missing)
     GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )
(missing)
   Resolving Misc Support functions ...
     GSS-API v1  "gss_indicate_mechs"                   (REQUIRED )    ok.
     GSS-API v1  "gss_display_status"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_buffer"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_oid_set"                  (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_names_for_mech"           (requested)    ok.
     GSS-API v2  "gss_create_empty_oid_set"             (  opt.   )    ok.
     GSS-API v2  "gss_add_oid_set_member"               (  opt.   )    ok.
     GSS-API v2  "gss_test_oid_set_member"              (  opt.   )    ok.
   Resolving Names management functions ...
     GSS-API v1  "gss_compare_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_display_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_import_name"                      (REQUIRED )    ok.
     GSS-API v1  "gss_release_name"                     (REQUIRED )    ok.
     GSS-API v2  "gss_canonicalize_name"                (requested)    ok.
     GSS-API v2  "gss_export_name"                      (requested)    ok.
     GSS-API v2  "gss_duplicate_name"                   (  opt.   )    ok.
     GSS-API v2  "gss_inquire_mechs_for_name"           (  opt.   )
(missing)
   Resolving Credentials management functions ...
     GSS-API v1  "gss_acquire_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_release_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_inquire_cred"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_cred_by_mech"             (requested)    ok.
     GSS-API v2  "gss_add_cred"                         (  opt.   )    ok.
   Resolving Context-level functions ...
     GSS-API v1  "gss_init_sec_context"                 (REQUIRED )    ok.
     GSS-API v1  "gss_accept_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_delete_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_context_time"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_context"                  (REQUIRED )    ok.
     GSS-API v2  "gss_export_sec_context"               (requested)    ok.
     GSS-API v2  "gss_import_sec_context"               (requested)    ok.
     GSS-API v2  "gss_wrap_size_limit"                  (requested)    ok.
     GSS-API v1  "gss_process_context_token"            (  opt.   )    ok.
   Resolving V2 message protection functions ...
     GSS-API v2  "gss_get_mic"                          (REQUIRED )    ok.
     GSS-API v2  "gss_verify_mic"                       (REQUIRED )    ok.
     GSS-API v2  "gss_wrap"                             (REQUIRED )    ok.
     GSS-API v2  "gss_unwrap"                           (REQUIRED )    ok.

INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing

Loading of GSS-API shared library completed.

cheers,
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen
In reply to this post by Tom Yu
Tom Yu wrote:
> Christoph> $ ./gsstest -l /usr/local/lib/libgssapi_krb5.so -d 4 -p out.txt
> Christoph> Sending verbose output to file "out.txt"
> Christoph> Segmentation fault (core dumped)
>
> Could you please send us a backtrace?  (Use the "bt" command in gdb.)
> There are quite a few ways that krb5_copy_principal() can get called.
 >
Here is the backtrace:

# gdb ./gsstest core
[...]
#0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
     outprinc=0xffffdf8c) at copy_princ.c:61
61              unsigned int len = krb5_princ_component(context,
inprinc, i)->length;
(gdb) bt
#0  krb5_copy_principal (context=0x2f800001, inprinc=0xfeab2b4,
     outprinc=0xffffdf8c) at copy_princ.c:61
#1  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#2  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#3  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#4  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#5  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#6  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#7  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#8  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#9  0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#10 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#11 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
#12 0x0fe12364 in krb5_gss_duplicate_name (minor_status=0xffffe034,
     input_name=0xfeab2b4, dest_name=0xffffe094) at duplicate_name.c:52
Previous frame inner to this frame (corrupt stack?)

The output of gsstest don't look good either (RESULT not ok). I'm
worried about "No principal in keytab matches desired name". Maybe I
miss something?
I configured /etc/krb5.conf. kinit rzuser1, klist works.
/etc/krb5.keytab holds one entry for rzuser1.

**************************************************************************
   ***
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program
   ***
   ***
   ***
   ***  Version 1.26    03-Sep-2002
   ***
   ***
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf
   ***
   ***
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and
   ***
   ***      robustness of GSS-API v2 mechanism implemenations
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP
AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
  ***
   *** EXCEED US$ 500.000.-
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in   1000.000 millisec.

=====================================================================
   Current Date&Time :  Wed, 21-Sep-2005   18:35:06   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.60)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   mech_list from gss_indicate_mechs() #1 contains 2 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     [ 1] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
   }
SNC will recognize this mechanism OID and force this selection ---
   Selecting mechanism (1) from GSS shared library #1:
       {1 3 5 1 5 2}                       MECH= Kerberos 5 (PRE-rfc1964)

====================

Checking supported nametypes via gss_inquire_names_for_mech()
   name_types contains 8 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 1 1}         NT= GSS_C_NT_USER_NAME
     [ 1] = {1 2 840 113554 1 2 1 2}         NT= GSS_C_NT_MACHINE_UID_NAME
     [ 2] = {1 2 840 113554 1 2 1 3}         NT= GSS_C_NT_STRING_UID_NAME
     [ 3] = {1 2 840 113554 1 2 1 4}         NT= GSS_C_NT_HOSTBASED_SERVICE
     [ 4] = {1 3 6 1 5 6 2}                  NT=
(GSS_C_NT_HOSTBASED_SERVICE_X)
     [ 5] = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
     [ 6] = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
     [ 7] = {1 2 840 113554 1 2 2 2}         NT= Huh? This is not in
rfc1964!
   }

====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
RESULT  OK
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
RESULT  OK
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
   actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
   {
     [ 0] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
     [ 1] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
   }
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
RESULT  OK
   My own name/identity (from default creds) resolves to
     "[hidden email]"
   Nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
   Framing details for exported name (Section 3.2, GSS-API v2 spec):
     TOK_ID            :   00000: 04 01
     MECH_OID_LEN = 11 :   00002: 00 0b
         OID tag       :   00004: 06
         OID len =   9 :   00005: 09
         OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
           = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     NAME_LEN   =   15 :   0000f: 00 00 00 0f
     NAME              :   00013: 72 7a 75 73 65 72 31 40   rzuser1@
                           0001b: 52 4b 55 2e 4e 45 54      EXAMPLE.NET
RESULT  NOT ok (rc=2)
-------

   Since you didn't give me a target name, I'll try to talk to myself!

TEST: acquiring *default* initiating credentials (simple)
RESULT  OK
TEST: acquiring *default* initiating credentials (query)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT  NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
RESULT  OK
TEST: acquiring initiating credentials (printable name)
RESULT  OK
TEST: acquiring initiating credentials (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT  NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
   for identity "[hidden email]"
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
            "No principal in keytab matches desired name"
RESULT  NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
            "No principal in keytab matches desired name"
RESULT  NOT ok (rc=4)
-------
TEST: acquiring *default* accepting credentials (simple)

---
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: AW: Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen
In reply to this post by Barbat, Calin
I compiled snckrb5.so and tried it with gsstest -l.
The same thing. It core dumps with the same function.

Then I tried krb5-1.3.5. Same again, same function.
Nevertheless with krb5-1.4.2 I get something like:
-------
TEST: *default* initiating credentials (inquire_cred only)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
With krb5-1.3.5 this test is ok.

Furthermore I worrie about:
-------
TEST: acquiring initiating credentials (gss_name_t)
RESULT  OK
TEST: acquiring initiating credentials (printable name)
RESULT  OK
TEST: acquiring initiating credentials (can. printable name)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
ERROR: gss_export_name() FAILED to clear minor_status!
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
RESULT  NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
   for identity "[hidden email]"
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
            "No principal in keytab matches desired name"
RESULT  NOT ok (rc=1)
-------

I configured /etc/krb5.conf. kinit rzuser1, klist works.
/etc/krb5.keytab holds one entry for rzuser1.

---
Christoph

Barbat, Calin wrote:
> Try compiling the adapter and using it instead of the /usr/local/lib/libgssapi_krb5.so in the "-l" option to your call to gsstest.
>
> krb5-1.3.5 and krb5-1.3.6 (with the adapter) worked well for me. As I didn't try further releases of krb5, I can't say anything about their behavior.
>
> I'd be interested in the outcome of this investigation.
>
> Mit freundlichen Gr??en / Best regards
>
> Calin Barbat
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Tom Yu
In reply to this post by Christoph Weizen
>>>>> "Christoph" == Christoph Weizen <[hidden email]> writes:

Christoph> Here is the backtrace:

[...]

Thanks, even though it is rather perplexing.

Christoph> TEST: acquiring accepting credentials for target (can. printable name)
Christoph> ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Christoph> ERROR: gss_export_name() FAILED to clear minor_status!
Christoph> ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Christoph> Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
Christoph>           gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
Christoph>             "Miscellaneous failure"
Christoph>           gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
Christoph>             "No principal in keytab matches desired name"
Christoph> RESULT  NOT ok (rc=4)
Christoph> -------
Christoph> TEST: acquiring *default* accepting credentials (simple)

Is this the final output from the program before it dumps core?

---Tom
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen
Tom Yu wrote:
> Is this the final output from the program before it dumps core?
 >
Yes, it is. I think its time for the whole output and configuration.
Sorry for bandwidth. ;) With -d 4 it looks like:
 
**************************************************************************
   ***
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program
   ***
   ***
   ***
   ***  Version 1.26    03-Sep-2002
   ***
   ***
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf
   ***
   ***
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and
   ***
   ***      robustness of GSS-API v2 mechanism implemenations
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP
AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
  ***
   *** EXCEED US$ 500.000.-
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in   1000.000 millisec.

=====================================================================
   Current Date&Time :  Wed, 21-Sep-2005   20:27:48   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.50)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   Resolving SAP SNC-Adapter functions ...
     GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )
(missing)
     GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )
(missing)
     GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )
(missing)
   Resolving Misc Support functions ...
     GSS-API v1  "gss_indicate_mechs"                   (REQUIRED )    ok.
     GSS-API v1  "gss_display_status"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_buffer"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_oid_set"                  (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_names_for_mech"           (requested)    ok.
     GSS-API v2  "gss_create_empty_oid_set"             (  opt.   )    ok.
     GSS-API v2  "gss_add_oid_set_member"               (  opt.   )    ok.
     GSS-API v2  "gss_test_oid_set_member"              (  opt.   )    ok.
   Resolving Names management functions ...
     GSS-API v1  "gss_compare_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_display_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_import_name"                      (REQUIRED )    ok.
     GSS-API v1  "gss_release_name"                     (REQUIRED )    ok.
     GSS-API v2  "gss_canonicalize_name"                (requested)    ok.
     GSS-API v2  "gss_export_name"                      (requested)    ok.
     GSS-API v2  "gss_duplicate_name"                   (  opt.   )    ok.
     GSS-API v2  "gss_inquire_mechs_for_name"           (  opt.   )
(missing)
   Resolving Credentials management functions ...
     GSS-API v1  "gss_acquire_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_release_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_inquire_cred"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_cred_by_mech"             (requested)    ok.
     GSS-API v2  "gss_add_cred"                         (  opt.   )    ok.
   Resolving Context-level functions ...
     GSS-API v1  "gss_init_sec_context"                 (REQUIRED )    ok.
     GSS-API v1  "gss_accept_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_delete_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_context_time"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_context"                  (REQUIRED )    ok.
     GSS-API v2  "gss_export_sec_context"               (requested)    ok.
     GSS-API v2  "gss_import_sec_context"               (requested)    ok.
     GSS-API v2  "gss_wrap_size_limit"                  (requested)    ok.
     GSS-API v1  "gss_process_context_token"            (  opt.   )    ok.
   Resolving V2 message protection functions ...
     GSS-API v2  "gss_get_mic"                          (REQUIRED )    ok.
     GSS-API v2  "gss_verify_mic"                       (REQUIRED )    ok.
     GSS-API v2  "gss_wrap"                             (REQUIRED )    ok.
     GSS-API v2  "gss_unwrap"                           (REQUIRED )    ok.

INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing

Loading of GSS-API shared library completed.


Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
   mech_list from gss_indicate_mechs() contains 2 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     [ 1] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
   }
SNC will recognize this mechanism OID and force this selection ---
   Selecting mechanism (1) from GSS shared library #1:
       {1 3 5 1 5 2}                       MECH= Kerberos 5 (PRE-rfc1964)

====================

Checking supported nametypes via gss_inquire_names_for_mech()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)

====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)
   name_types contains 8 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 1 1}         NT= GSS_C_NT_USER_NAME
     [ 1] = {1 2 840 113554 1 2 1 2}         NT= GSS_C_NT_MACHINE_UID_NAME
     [ 2] = {1 2 840 113554 1 2 1 3}         NT= GSS_C_NT_STRING_UID_NAME
     [ 3] = {1 2 840 113554 1 2 1 4}         NT= GSS_C_NT_HOSTBASED_SERVICE
     [ 4] = {1 3 6 1 5 6 2}                  NT=
(GSS_C_NT_HOSTBASED_SERVICE_X)
     [ 5] = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
     [ 6] = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
     [ 7] = {1 2 840 113554 1 2 2 2}         NT= Huh? This is not in
rfc1964!
   }
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT  OK
-------
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
   actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
   {
     [ 0] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
     [ 1] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
   }
Status:  gss_display_name() == (GSS_S_COMPLETE)
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 12 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
   My own name/identity (from default creds) resolves to
     "[hidden email]"
   Nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 34, value= ptr:0x10049a88 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
   Framing details for exported name (Section 3.2, GSS-API v2 spec):
     TOK_ID            :   00000: 04 01
     MECH_OID_LEN = 11 :   00002: 00 0b
         OID tag       :   00004: 06
         OID len =   9 :   00005: 09
         OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
           = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     NAME_LEN   =   15 :   0000f: 00 00 00 0f
     NAME              :   00013: 72 7a 75 73 65 72 31 40   rzuser1@
                           0001b: 52 4b 55 2e 4e 45 54      EXAMPLE.NET
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=2)
-------

   Since you didn't give me a target name, I'll try to talk to myself!

TEST: acquiring *default* initiating credentials (simple)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring *default* initiating credentials (query)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 34, value= ptr:0x10048a10 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x100491d8 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 34, value= ptr:0x10048f38 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049118 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (printable name)
   input name buffer = { length= 15, value= ptr:0x10048c08 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10048790 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (can. printable name)
   input name buffer = { length= 15, value= ptr:0x10048c08 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10048678 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 34, value= ptr:0x10049910 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049d38 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 34, value= ptr:0x10048660 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049d58 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
   for identity "[hidden email]"
   input name buffer = { length= 15, value= ptr:0x10048518 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049cd8 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
            "No principal in keytab matches desired name"
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
   input name buffer = { length= 15, value= ptr:0x10048518 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049278 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 34, value= ptr:0x10048bc0 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049ed0 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 34, value= ptr:0x10049cd8 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 0f 72 7a 75 73 65  72 31 40 52 4b 55 2e 4e   ..,rzuse
[hidden email]
    00020: 45 54                                              ET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "[hidden email]"
   printable name buffer = { length= 15, value= ptr:0x10049f48 }
    00000: 72 7a 75 73 65 72 31 40  52 4b 55 2e 4e 45 54      rzuser1@
EXAMPLE.NET
     newly imported = "[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_FAILURE)
          gss_display_status(0x000d0000,GSS_S_GSS_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
            "Miscellaneous failure"
          gss_display_status(0x025ea101,GSS_S_MECH_CODE) =
Status:  gss_display_status() == (GSS_S_COMPLETE)
            "No principal in keytab matches desired name"
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=4)
-------
TEST: acquiring *default* accepting credentials (simple)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)


/etc/krb5.conf:
[libdefaults]
        default_realm = EXAMPLE.NET
        clockskew = 300
       
[realms]
        EXAMPLE.NET = {
                kdc = r2d2.example.net:88
                admin_server = r2d2.example.net:749
                default_domain = example.net
                kpasswd_server = r2d2.example.net
        }
        OTHER.REALM = {
                kdc = OTHER.COMPUTER
        }

[domain_realm]
        .example.net = EXAMPLE.NET
        example.net = EXAMPLE.NET

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log
        kadmind = FILE:/var/log/kadmind.log

[appdefaults]
        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 0
                debug = false
        }


klist:
Default principal: [hidden email]

Valid starting     Expires            Service principal
09/21/05 18:29:57  09/22/05 04:30:10  krbtgt/[hidden email]
         renew until 09/22/05 18:29:57


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


/etc/krb5.keytab:
# ktutil
ktutil:  rkt /etc/krb5.keytab
ktutil:  l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
    1    1         rzuser1/[hidden email]

---
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen
Oh, dear.
I found a brilliant howto from Calin Barbat. There he points out to
"kinit -k -t user.keytab user/domain/DOMAIN".
I just done a "kinit user".

So, when following Calin's command, worse output from gsstest are gone.
All is left is now: "FAILED to clear minor_status!"
 
**************************************************************************
   ***
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program
   ***
   ***
   ***
   ***  Version 1.26    03-Sep-2002
   ***
   ***
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf
   ***
   ***
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and
   ***
   ***      robustness of GSS-API v2 mechanism implemenations
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP
AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
  ***
   *** EXCEED US$ 500.000.-
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in   1000.000 millisec.

=====================================================================
   Current Date&Time :  Wed, 21-Sep-2005   21:37:03   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.60)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   Resolving SAP SNC-Adapter functions ...
     GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )
(missing)
     GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )
(missing)
     GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )
(missing)
   Resolving Misc Support functions ...
     GSS-API v1  "gss_indicate_mechs"                   (REQUIRED )    ok.
     GSS-API v1  "gss_display_status"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_buffer"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_oid_set"                  (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_names_for_mech"           (requested)    ok.
     GSS-API v2  "gss_create_empty_oid_set"             (  opt.   )    ok.
     GSS-API v2  "gss_add_oid_set_member"               (  opt.   )    ok.
     GSS-API v2  "gss_test_oid_set_member"              (  opt.   )    ok.
   Resolving Names management functions ...
     GSS-API v1  "gss_compare_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_display_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_import_name"                      (REQUIRED )    ok.
     GSS-API v1  "gss_release_name"                     (REQUIRED )    ok.
     GSS-API v2  "gss_canonicalize_name"                (requested)    ok.
     GSS-API v2  "gss_export_name"                      (requested)    ok.
     GSS-API v2  "gss_duplicate_name"                   (  opt.   )    ok.
     GSS-API v2  "gss_inquire_mechs_for_name"           (  opt.   )
(missing)
   Resolving Credentials management functions ...
     GSS-API v1  "gss_acquire_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_release_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_inquire_cred"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_cred_by_mech"             (requested)    ok.
     GSS-API v2  "gss_add_cred"                         (  opt.   )    ok.
   Resolving Context-level functions ...
     GSS-API v1  "gss_init_sec_context"                 (REQUIRED )    ok.
     GSS-API v1  "gss_accept_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_delete_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_context_time"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_context"                  (REQUIRED )    ok.
     GSS-API v2  "gss_export_sec_context"               (requested)    ok.
     GSS-API v2  "gss_import_sec_context"               (requested)    ok.
     GSS-API v2  "gss_wrap_size_limit"                  (requested)    ok.
     GSS-API v1  "gss_process_context_token"            (  opt.   )    ok.
   Resolving V2 message protection functions ...
     GSS-API v2  "gss_get_mic"                          (REQUIRED )    ok.
     GSS-API v2  "gss_verify_mic"                       (REQUIRED )    ok.
     GSS-API v2  "gss_wrap"                             (REQUIRED )    ok.
     GSS-API v2  "gss_unwrap"                           (REQUIRED )    ok.

INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing

Loading of GSS-API shared library completed.


Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
   mech_list from gss_indicate_mechs() contains 2 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     [ 1] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
   }
SNC will recognize this mechanism OID and force this selection ---
   Selecting mechanism (1) from GSS shared library #1:
       {1 3 5 1 5 2}                       MECH= Kerberos 5 (PRE-rfc1964)

====================

Checking supported nametypes via gss_inquire_names_for_mech()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)

====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)
   name_types contains 8 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 1 1}         NT= GSS_C_NT_USER_NAME
     [ 1] = {1 2 840 113554 1 2 1 2}         NT= GSS_C_NT_MACHINE_UID_NAME
     [ 2] = {1 2 840 113554 1 2 1 3}         NT= GSS_C_NT_STRING_UID_NAME
     [ 3] = {1 2 840 113554 1 2 1 4}         NT= GSS_C_NT_HOSTBASED_SERVICE
     [ 4] = {1 3 6 1 5 6 2}                  NT=
(GSS_C_NT_HOSTBASED_SERVICE_X)
     [ 5] = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
     [ 6] = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
     [ 7] = {1 2 840 113554 1 2 2 2}         NT= Huh? This is not in
rfc1964!
   }
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
RESULT  OK
-------
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
   actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
   {
     [ 0] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
     [ 1] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
   }
Status:  gss_display_name() == (GSS_S_COMPLETE)
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
   My own name/identity (from default creds) resolves to
     "rzuser1/[hidden email]"
   Nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10049390 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   Framing details for exported name (Section 3.2, GSS-API v2 spec):
     TOK_ID            :   00000: 04 01
     MECH_OID_LEN = 11 :   00002: 00 0b
         OID tag       :   00004: 06
         OID len =   9 :   00005: 09
         OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
           = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     NAME_LEN   =   32 :   0000f: 00 00 00 20
     NAME              :   00013: 72 7a 75 73 65 72 31 2f   rzuser1/
                           0001b: 72 32 64 63 65 30 30 31   r2d2
                           00023: 2e 72 6b 75 2e 6e 65 74   .example.net
                           0002b: 40 52 4b 55 2e 4e 45 54   @EXAMPLE.NET
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=2)
-------

   Since you didn't give me a target name, I'll try to talk to myself!

TEST: acquiring *default* initiating credentials (simple)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring *default* initiating credentials (query)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10048f80 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049140 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 51, value= ptr:0x10049d28 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049240 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (printable name)
   input name buffer = { length= 32, value= ptr:0x10048e28 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10048688 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  OK
-------
TEST: acquiring initiating credentials (can. printable name)
   input name buffer = { length= 32, value= ptr:0x10048e28 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049f18 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10048888 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004a1b8 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 51, value= ptr:0x10049f08 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004a098 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
   for identity "rzuser1/[hidden email]"
   input name buffer = { length= 32, value= ptr:0x100484a0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049c58 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004d390 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
   nametype = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   canonical identity "rzuser1/[hidden email]"
RESULT  NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
   input name buffer = { length= 32, value= ptr:0x100484a0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049bd0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10049030 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004d670 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 51, value= ptr:0x1004d538 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e
001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049bd0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54
.example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE)
Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
RESULT  NOT ok (rc=3)
-------
TEST: acquiring *default* accepting credentials (simple)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)

---
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

AW: Core Dump with gsstest-1.26 and krb5-1.4.2

Barbat, Calin
In reply to this post by Christoph Weizen
Hello,

let me make some more suggestions:

1. The following functions are in the SAP SNC Adapter (a wrapper between gsstest and libgssapi_krb5.so):

   Resolving SAP SNC-Adapter functions ...
     GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )
(missing)
     GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )
(missing)
     GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )
(missing)

2. By using the SAP SNC Adapter, the message "INcomplete GSS-API v2 implementation." will be gone.
I compiled it to snckrb5.o and then you invoke gsstest -l /path/to/snckrb5.o etc.

3. The SNC-Mechanism used will be "[ 0] = {1 2 840 113554 1 2 2} MECH= Kerberos 5 (v2 - rfc1964)".

4. I remember having used the "-a" option to gsstest too. Not sure what principal I gave it, so you may experiment and give it some service principal from the keytab or your user principal (equivalent to "talk to myself"-case).

5. Check if the date/time on the machines you use for your test is in sync, it may be a cause for "ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!".

And, keep me informed please, if krb5-1.4.x passes the gsstest.

Mit freundlichen Grüßen / Best regards

Calin Barbat

-----Ursprüngliche Nachricht-----
Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Christoph Weizen
Gesendet: Mittwoch, 21. September 2005 21:48
An: [hidden email]
Betreff: Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Oh, dear.
I found a brilliant howto from Calin Barbat. There he points out to "kinit -k -t user.keytab user/domain/DOMAIN".
I just done a "kinit user".

So, when following Calin's command, worse output from gsstest are gone.
All is left is now: "FAILED to clear minor_status!"
 
**************************************************************************
   ***
   ***
   ***  "gsstest" -- GSS-API v2  Shared Library API Test Program
   ***
   ***
   ***
   ***  Version 1.26    03-Sep-2002
   ***
   ***
   ***
   ***  This implementation is Copyright (c), 1998  SAP AG Walldorf
   ***
   ***
   ***
 
**************************************************************************
   ***      This tool may be freely used to test functionality and
   ***
   ***      robustness of GSS-API v2 mechanism implemenations
   ***
 
**************************************************************************
   *** THIS SOFTWARE IS PROVIDED BY SAP AG ``AS IS'' AND ANY EXPRESSED
   ***
   *** OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   ***
   *** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ***
   *** PURPOSE ARE DISCLAIMED. SAP AG SHALL BE LIABLE FOR ANY DAMAGES
   ***
   *** ARISING OUT OF THE USE OF THIS SOFTWARE ONLY IF CAUSED BY SAP AG'S ***
   *** INTENT OR GROSS NEGLIGENCE. IN CASE SAP AG IS LIABLE UNDER THIS
   ***
   *** AGREEMENT FOR DAMAGES CAUSED BY SAP AG'S GROSS NEGLIGENCE SAP AG
   ***
   *** FURTHER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, ***
   *** EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO,***
   *** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
   ***
   *** OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   ***
   *** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   ***
   *** OR TORT, AND SHALL NOT BE LIABLE IN EXCESS OF THE AMOUNT OF
   ***
   *** DAMAGES TYPICALLY FORESEEABLE FOR SAP AG, WHICH SHALL IN NO EVENT
  ***
   *** EXCEED US$ 500.000.-
   ***
 
**************************************************************************

Timer resolution of gettimeofday() is (at least)      0.001 millisec
1 second passed in   1000.000 millisec.

=====================================================================
   Current Date&Time :  Wed, 21-Sep-2005   21:37:03   GMT -02:00
   Operating System  :  Linux
           -Release  :  2.6.5-7.191-pseries64
   Hardware/Machine  :  ppc64
   scalar C-types    :  void* ptrdiff_t size_t time_t long int wchar_t char
     (sizes in bits) :   32      32s      32u    32s   32s 32s   32s    8u
   Perf-Index (p-90) :  dbg= 6.80   (opt= 3.60)
   Timer Resolution  :  0.001 millisec using "gettimeofday()"
   Hostname          :  rliss002
   Current user      :  root
=====================================================================

Loading GSS-API shared library #1 "/usr/local/lib/libgssapi_krb5.so" ...

   Resolving SAP SNC-Adapter functions ...
     GSS-API v2  "sapsnc_init_adapter"                  (  opt.   )
(missing)
     GSS-API v2  "sapsnc_export_cname_blob"             (  opt.   )
(missing)
     GSS-API v2  "sapsnc_import_cname_blob"             (  opt.   )
(missing)
   Resolving Misc Support functions ...
     GSS-API v1  "gss_indicate_mechs"                   (REQUIRED )    ok.
     GSS-API v1  "gss_display_status"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_buffer"                   (REQUIRED )    ok.
     GSS-API v1  "gss_release_oid_set"                  (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_names_for_mech"           (requested)    ok.
     GSS-API v2  "gss_create_empty_oid_set"             (  opt.   )    ok.
     GSS-API v2  "gss_add_oid_set_member"               (  opt.   )    ok.
     GSS-API v2  "gss_test_oid_set_member"              (  opt.   )    ok.
   Resolving Names management functions ...
     GSS-API v1  "gss_compare_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_display_name"                     (REQUIRED )    ok.
     GSS-API v1  "gss_import_name"                      (REQUIRED )    ok.
     GSS-API v1  "gss_release_name"                     (REQUIRED )    ok.
     GSS-API v2  "gss_canonicalize_name"                (requested)    ok.
     GSS-API v2  "gss_export_name"                      (requested)    ok.
     GSS-API v2  "gss_duplicate_name"                   (  opt.   )    ok.
     GSS-API v2  "gss_inquire_mechs_for_name"           (  opt.   )
(missing)
   Resolving Credentials management functions ...
     GSS-API v1  "gss_acquire_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_release_cred"                     (REQUIRED )    ok.
     GSS-API v1  "gss_inquire_cred"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_cred_by_mech"             (requested)    ok.
     GSS-API v2  "gss_add_cred"                         (  opt.   )    ok.
   Resolving Context-level functions ...
     GSS-API v1  "gss_init_sec_context"                 (REQUIRED )    ok.
     GSS-API v1  "gss_accept_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_delete_sec_context"               (REQUIRED )    ok.
     GSS-API v1  "gss_context_time"                     (REQUIRED )    ok.
     GSS-API v2  "gss_inquire_context"                  (REQUIRED )    ok.
     GSS-API v2  "gss_export_sec_context"               (requested)    ok.
     GSS-API v2  "gss_import_sec_context"               (requested)    ok.
     GSS-API v2  "gss_wrap_size_limit"                  (requested)    ok.
     GSS-API v1  "gss_process_context_token"            (  opt.   )    ok.
   Resolving V2 message protection functions ...
     GSS-API v2  "gss_get_mic"                          (REQUIRED )    ok.
     GSS-API v2  "gss_verify_mic"                       (REQUIRED )    ok.
     GSS-API v2  "gss_wrap"                             (REQUIRED )    ok.
     GSS-API v2  "gss_unwrap"                           (REQUIRED )    ok.

INcomplete GSS-API v2 implementation.
At least one of the "optional" calls is missing

Loading of GSS-API shared library completed.


Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
   mech_list from gss_indicate_mechs() contains 2 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     [ 1] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
   }
SNC will recognize this mechanism OID and force this selection ---
   Selecting mechanism (1) from GSS shared library #1:
       {1 3 5 1 5 2}                       MECH= Kerberos 5 (PRE-rfc1964)

====================

Checking supported nametypes via gss_inquire_names_for_mech()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)

====================
Testing generic gssapi functions ...
----------
TEST: passing mech_list from indicate_mechs() to release_oid_set()
Status:  gss_indicate_mechs() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE) RESULT  OK
-------
TEST: passing name_types from inquire_names_for_mech() to release_oid_set()
Status:  gss_inquire_names_for_mech() == (GSS_S_COMPLETE)
   name_types contains 8 gss_OID elements:
   {
     [ 0] = {1 2 840 113554 1 2 1 1}         NT= GSS_C_NT_USER_NAME
     [ 1] = {1 2 840 113554 1 2 1 2}         NT= GSS_C_NT_MACHINE_UID_NAME
     [ 2] = {1 2 840 113554 1 2 1 3}         NT= GSS_C_NT_STRING_UID_NAME
     [ 3] = {1 2 840 113554 1 2 1 4}         NT= GSS_C_NT_HOSTBASED_SERVICE
     [ 4] = {1 3 6 1 5 6 2}                  NT=
(GSS_C_NT_HOSTBASED_SERVICE_X)
     [ 5] = {1 3 6 1 5 6 4}                  NT= GSS_C_NT_EXPORTED_NAME
     [ 6] = {1 2 840 113554 1 2 2 1}         NT= GSS_KRB5_NT_PRINCIPAL_NAME
     [ 7] = {1 2 840 113554 1 2 2 2}         NT= Huh? This is not in
rfc1964!
   }
Status:  gss_release_oid_set() == (GSS_S_COMPLETE) RESULT  OK
-------
====================
Testing credentials management functions ...
----------
TEST: *default* initiating credentials (acquire_cred default mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
RESULT  NOT ok (rc=1)
-------
   actual_mechs from gss_acquire_cred() contains 2 gss_OID elements:
   {
     [ 0] = {1 3 5 1 5 2}                  MECH= Kerberos 5 (PRE-rfc1964)
     [ 1] = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
   }
Status:  gss_display_name() == (GSS_S_COMPLETE)
----------
TEST: *default* initiating credentials (acquire_cred specific mechs)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=1)
-------
TEST: *default* initiating credentials (inquire_cred only)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=1)
-------
TEST: named default initiating credentials (acquire_cred with name)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: OUCH! Lifetime has increased by 13 sec while 0 sec passed!
Status:  gss_compare_name() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=1)
-------
TEST: acquire_cred and inquire_cred with NO optional parameters
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE) RESULT  OK
-------
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
Status:  gss_release_oid_set() == (GSS_S_COMPLETE)
   My own name/identity (from default creds) resolves to
     "rzuser1/[hidden email]"
   Nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME

TEST: Examining the exported name framing
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10049390 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   Framing details for exported name (Section 3.2, GSS-API v2 spec):
     TOK_ID            :   00000: 04 01
     MECH_OID_LEN = 11 :   00002: 00 0b
         OID tag       :   00004: 06
         OID len =   9 :   00005: 09
         OID elements  :   00006: 2a 86 48 86 f7 12 01 02  02
           = {1 2 840 113554 1 2 2}         MECH= Kerberos 5 (v2 - rfc1964)
     NAME_LEN   =   32 :   0000f: 00 00 00 20
     NAME              :   00013: 72 7a 75 73 65 72 31 2f   rzuser1/
                           0001b: 72 32 64 63 65 30 30 31   r2d2
                           00023: 2e 72 6b 75 2e 6e 65 74   .example.net
                           0002b: 40 52 4b 55 2e 4e 45 54   @EXAMPLE.NET
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=2)
-------

   Since you didn't give me a target name, I'll try to talk to myself!

TEST: acquiring *default* initiating credentials (simple)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE) RESULT  OK
-------
TEST: acquiring *default* initiating credentials (query)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Ini() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10048f80 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049140 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 51, value= ptr:0x10049d28 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049240 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE) Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_cred() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=3)
-------
TEST: acquiring initiating credentials (gss_name_t)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE) RESULT  OK
-------
TEST: acquiring initiating credentials (printable name)
   input name buffer = { length= 32, value= ptr:0x10048e28 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10048688 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE) RESULT  OK
-------
TEST: acquiring initiating credentials (can. printable name)
   input name buffer = { length= 32, value= ptr:0x10048e28 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049f18 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10048888 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004a1b8 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 51, value= ptr:0x10049f08 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004a098 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE) Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Ini() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=3)
-------
TEST: acquiring accepting credentials for target (printable name)
   for identity "rzuser1/[hidden email]"
   input name buffer = { length= 32, value= ptr:0x100484a0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049c58 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004d390 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
   nametype = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   canonical identity "rzuser1/[hidden email]"
RESULT  NOT ok (rc=1)
-------
TEST: acquiring accepting credentials for target (can. printable name)
   input name buffer = { length= 32, value= ptr:0x100484a0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
   nametype oid = {1 2 840 113554 1 2 2 1}         NT=
GSS_KRB5_NT_PRINCIPAL_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049bd0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
ERROR: gss_export_name() FAILED to clear minor_status!
Status:  gss_export_name() == (GSS_S_COMPLETE)
   exported name buffer = { length= 51, value= ptr:0x10049030 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x1004d670 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
   input name buffer = { length= 51, value= ptr:0x1004d538 }
    00000: 04 01 00 0b 06 09 2a 86  48 86 f7 12 01 02 02 00   ......*.
H.......
    00010: 00 00 20 72 7a 75 73 65  72 31 2f 72 32 64 63 65   .. rzuse
r1/r2dce
    00020: 30 30 31 2e 72 6b 75 2e  6e 65 74 40 52 4b 55 2e 001.example. net@EXAMPLE.
    00030: 4e 45 54                                           NET
   nametype oid = {1 3 6 1 5 6 4}                  NT=
GSS_C_NT_EXPORTED_NAME
Status:  gss_import_name() == (GSS_S_COMPLETE)
Status:  gss_display_name() == (GSS_S_COMPLETE)
         gss_display_name() returned "rzuser1/[hidden email]"
   printable name buffer = { length= 32, value= ptr:0x10049bd0 }
    00000: 72 7a 75 73 65 72 31 2f  72 32 64 63 65 30 30 31   rzuser1/ r2d2
    00010: 2e 72 6b 75 2e 6e 65 74  40 52 4b 55 2e 4e 45 54 .example.net @EXAMPLE.NET
     newly imported = "rzuser1/[hidden email]"
Status:  gss_release_buffer() == (GSS_S_COMPLETE)
ERROR: gss_canonicalize_name() FAILED to clear minor_status!
Status:  gss_canonicalize_name() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_compare_name() == (GSS_S_COMPLETE) Name transformation: compare_name(src_name,dst_name)==TRUE
Status:  gss_release_name() == (GSS_S_COMPLETE)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_release_name() == (GSS_S_COMPLETE) RESULT  NOT ok (rc=3)
-------
TEST: acquiring *default* accepting credentials (simple)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)

---
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Tom Yu
In reply to this post by Christoph Weizen
>>>>> "Christoph" == Christoph Weizen <[hidden email]> writes:

Christoph> Here is the backtrace:

[...]

I have found the relevant bug.  It is ticket #3182 in our bug
database, and will be fixed in the next release.  gss_inquire_cred()
was copying out an uninitialized pointer.

Meanwhile, I have been running gsstest-1.26 under Purify, and have
found additional bugs in both gsstest and our gssapi library.  I'm
still working on fixing some of them.  (Most of them are memory
leaks.)

---Tom
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Core Dump with gsstest-1.26 and krb5-1.4.2

Christoph Weizen
Tom Yu wrote:
> I have found the relevant bug.  It is ticket #3182 in our bug
> database, and will be fixed in the next release.  gss_inquire_cred()
> was copying out an uninitialized pointer.
>
> Meanwhile, I have been running gsstest-1.26 under Purify, and have
> found additional bugs in both gsstest and our gssapi library.  I'm
> still working on fixing some of them.  (Most of them are memory
> leaks.)
 >
Thanks a lot for your great help.
I see that you changed the status of bug #3182 to resolved on
21.09.2005, 18:58. So I downloaded the nightly build (22.09.2005, 03:08)
and tried again gsstest.

Now all (gss)tests are "RESULT ok" despite of:
-------
TEST: acquiring *default* accepting credentials (simple)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)
ERROR: gss_inquire_cred() succeeded but failed to return name!
RESULT  NOT ok (rc=1)
-------
TEST: acquiring *default* accepting credentials (query)
Status:  gss_acquire_cred Acc() == (GSS_S_COMPLETE)
Status:  gss_inquire_cred Acc() == (GSS_S_COMPLETE)
ERROR: gss_inquire_cred() succeeded but failed to return name!
RESULT  NOT ok (rc=1)
-------

No core dump, gsstest ends successfully.

---
Christoph
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

AW: Core Dump with gsstest-1.26 and krb5-1.4.2

Barbat, Calin
In reply to this post by Christoph Weizen
Tom, could you please provide us with the source of the "purified" gsstest-1.26?
Is it still compatible with the behavior of current SAP R/3 systems, or will SAP have to upgrade their software accordingly?

If you didn't do it already: I would suggest to contact martin.rex _at_ sap.com about the bugs in gsstest as they may also concern their product. And the users of SAP R/3 could get the necessary patches against the memory leaks, etc.

In our implementation we currently have to (at least automatically) restart workprocesses of R/3 periodically due to this sort of leakages.

Best regards,

Calin Barbat

-----Ursprüngliche Nachricht-----
Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Tom Yu
Gesendet: Donnerstag, 22. September 2005 18:42
An: [hidden email]
Betreff: Re: Core Dump with gsstest-1.26 and krb5-1.4.2

>>>>> "Christoph" == Christoph Weizen <[hidden email]> writes:

Christoph> Here is the backtrace:

[...]

I have found the relevant bug.  It is ticket #3182 in our bug database, and will be fixed in the next release.  gss_inquire_cred() was copying out an uninitialized pointer.

Meanwhile, I have been running gsstest-1.26 under Purify, and have found additional bugs in both gsstest and our gssapi library.  I'm still working on fixing some of them.  (Most of them are memory
leaks.)

---Tom
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos