kpasswdd dumps on OpenBSD6.3

classic Classic list List threaded Threaded
29 messages Options
12
ASV
Reply | Threaded
Open this post in threaded view
|

kpasswdd dumps on OpenBSD6.3

ASV
Hi everyone,
I'm experiencing a frustrating issue with Heimdal 7.5.0p0 installed on
OpenBSD 6.3 and at this point I'm at a dead end.
Everything is working well but kpasswdd. Everytime I try to reset a
password from any computer after few seconds the daemon core dumps!

(ON A WORKSTATION)
% kpasswd
[hidden email]'s Password:
New password:
Verify password - New password:
(IT GETS STUCK FOR A FEW SECONDS HERE AND THEN ...)
kpasswd: krb5_set_password_using_ccache: Unable to reach any changepw
server  in realm BLA.NET

DNS is OK and the server is powerful enough (16GB of storage, 1GB RAM
[+600mb still free when this happens]).
I've tried to deinstall the standard package and libraries and re-
install from ports (recompiled it all) but nothing changes.
I've tried to get a little info more:

(ON THE SERVER)
# gdb --args /usr/local/heimdal/libexec/kpasswdd -r BLA.NET
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are welcome to change it and/or distribute copies of it under
certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "amd64-unknown-openbsd6.3"...(no debugging
symbols found)
                           
(gdb) r
Starting program: /usr/local/heimdal/libexec/kpasswdd -r BLA.NET

(THE FOLLOWING APPEARS AT THE PASSWORD CHANGE ATTEMPT)
                                     
Program received signal SIGSEGV, Segmentation fault.
0x00001db26a5615d6 in change () from
/usr/local/heimdal/lib/libkadm5srv.so.3.0
Current language:  auto; currently minimal
(gdb) The program is running.  Exit anyway? (y or n) n
Not confirmed.
(gdb) backtrace
#0  0x00001db26a5615d6 in change () from
/usr/local/heimdal/lib/libkadm5srv.so.3.0
#1  0x00001db26a56155f in kadm5_s_chpass_principal_cond () from
/usr/local/heimdal/lib/libkadm5srv.so.3.0
#2  0x00001dafc3001b90 in ?? () from
/usr/local/heimdal/libexec/kpasswdd
#3  0x00001dafc3000996 in ?? () from
/usr/local/heimdal/libexec/kpasswdd
#4  0x0000000000000000 in ?? ()

Any help would be highly appreciated.
Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2


> On Aug 2, 2018, at 12:33 PM, ASV <[hidden email]> wrote:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00001db26a5615d6 in change () from
> /usr/local/heimdal/lib/libkadm5srv.so.3.0
> Current language:  auto; currently minimal
> (gdb) The program is running.  Exit anyway? (y or n) n
> Not confirmed.
> (gdb) backtrace
> #0  0x00001db26a5615d6 in change () from
> /usr/local/heimdal/lib/libkadm5srv.so.3.0
> #1  0x00001db26a56155f in kadm5_s_chpass_principal_cond () from
> /usr/local/heimdal/lib/libkadm5srv.so.3.0
> #2  0x00001dafc3001b90 in ?? () from
> /usr/local/heimdal/libexec/kpasswdd
> #3  0x00001dafc3000996 in ?? () from
> /usr/local/heimdal/libexec/kpasswdd
> #4  0x0000000000000000 in ?? ()
>
> Any help would be highly appreciated.
> Thanks in advance.

1.  Please rebuild heimdal with debugging symbols:

        CFLAGS="-g -ggdb3 -O0"

    that should make possible a stack trace with line numbers, ...

2.  What happens when you try to change the password as root via
    "kadmin -l cpw ..."?  Does that work?

3.  It might be helpful to know what HDB backend you're using.

4.  Even without symbols you can ask GDB for the faulting instruction:

        x/i $pc

    and print the register values:

  i reg

This may help to understand whether this a NULL pointer dereference,
or something else.

--
        Viktor.

ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
Hello and thanks for your time.
Changing password as suggested (kadmin -l cpw ...) works even if I've realised that at my first attempt kpasswdd was still down (since yesterday) and I wasn't notified about any failure straight away (only the daemon logs on authlog...when is up), it just completed the command with no output; obviously didn't change the password.
After starting back the daemon it worked well.

I'm using the HDB3 which I believe is part of the package itself (if I properly understood your question).

This is the output of the procedure on the newly re-compiled heimdal with the CFLAGS="-g -ggdb3 -O0" but doesn't look much different from the previous non-debugging version to me (hopefully I didn't make any mistake). A snippet of the compilation at the very end of this email.

(gdb) bt
#0  0x00000ae0709ed5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
#1  0x00000ae0709ed55f in kadm5_s_chpass_principal_cond () from /usr/local/heimdal/lib/libkadm5srv.so.3.0                                                                                    
#2  0x00000ade6d002bfb in ?? () from /usr/local/heimdal/libexec/kpasswdd
#3  0x00000ade6d001b89 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#4  0x00000ade6d0017d9 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#5  0x00000ade6d001073 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#6  0x00000ade6d0009a6 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#7  0x0000000000000000 in ?? ()
(gdb) x/i $pc
0xae0709ed5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
(gdb) i reg
rax            0x76118487c2646c07       8507726889696390151
rbx            0x1      1
rcx            0x0      0
rdx            0x1      1
rsi            0xae13fbbe1a0    11962553196960
rdi            0x0      0
rbp            0x7f7ffffd58b0   0x7f7ffffd58b0
rsp            0x7f7ffffd57a0   0x7f7ffffd57a0
r8             0x0      0
r9             0xae13fbbe4e0    11962553197792
r10            0xae0a1066ab0    11959890504368
r11            0xae0a299e000    11959916945408
r12            0xae13fbbe1a0    11962553196960
r13            0x0      0
r14            0x0      0
r15            0xae13fbbe4e0    11962553197792
rip            0xae0709ed5d6    0xae0709ed5d6 <change+102>
eflags         0x10206  66054
cs             0x2b     43
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x23     35
gs             0x23     35


........
/usr/bin/libtool  --tag=CC    --mode=link cc  -Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow  -Wno-extra -Wno-missing-field-initializers -Wno-strict-aliasing -Wno-shadow -DINET6 -g -ggdb3 -O0 -pthread   -L/usr/local/lib -o nt_gss_server nt_gss_server.o  nt_gss_common.o ../../lib/gssapi/libgssapi.la ../../lib/krb5/libkrb5.la  ../../lib/hcrypto/libhcrypto.la  ../../lib/asn1/libasn1.la  ../../lib/vers/libvers.la ../../lib/roken/libroken.la   -pthread
libtool: link: cc -o .libs/nt_gss_server -pthread -Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow -Wno-extra -Wno-missing-field-initializers -Wno-strict-aliasing -Wno-shadow -DINET6 -g -ggdb3 -O0 nt_gss_server.o nt_gss_common.o /usr/ports/pobj/heimdal-7.5.0/heimdal-7.5.0/lib/vers/.libs/libvers.a -L.libs -lgssapi -lheimntlm -lkrb5 -lasn1 -lcom_err -lroken -lutil -lwind -lheimbase -lhx509 -lhcrypto -lcrypto -lheimsqlite -Wl,-rpath,/usr/local/heimdal/lib
.libs/libcom_err.so.21.0: warning: strcat() is almost always misused, please use strlcat()
.libs/libhcrypto.so.0.0: warning: rand() may return deterministic values, is that what you want?
cc  -DHAVE_CONFIG_H -I. -I. -I../../include -I../../include  -I../../lib/roken -I../../lib/roken  -I/usr/local/include -D_LARGE_FILES= -Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow  -Wno-extra -Wno-missing-field-initializers -Wno-strict-aliasing -Wno-shadow -DINET6 -g -ggdb3 -O0 -pthread -MT nt_gss_client.o -MD -MP -MF .deps/nt_gss_client.Tpo -c -o nt_gss_client.o nt_gss_client.c
mv -f .deps/nt_gss_client.Tpo .deps/nt_gss_client.Po
/usr/bin/libtool  --tag=CC    --mode=link cc  -Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow  -Wno-extra -Wno-missing-field-initializers -Wno-strict-aliasing -Wno-shadow -DINET6 -g -ggdb3 -O0 -pthread   -L/usr/local/lib -o nt_gss_client nt_gss_client.o  nt_gss_common.o common.o ../../lib/gssapi/libgssapi.la ../../lib/krb5/libkrb5.la  ../../lib/hcrypto/libhcrypto.la  ../../lib/asn1/libasn1.la  ../../lib/vers/libvers.la ../../lib/roken/libroken.la   -pthread
libtool: link: cc -o .libs/nt_gss_client -pthread -Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -Wshadow -Wno-extra -Wno-missing-field-initializers -Wno-strict-aliasing -Wno-shadow -DINET6 -g -ggdb3 -O0 nt_gss_client.o nt_gss_common.o common.o /usr/ports/pobj/heimdal-7.5.0/heimdal-7.5.0/lib/vers/.libs/libvers.a -L.libs -lgssapi -lheimntlm -lkrb5 -lasn1 -lcom_err -lroken -lutil -lwind -lheimbase -lhx509 -lhcrypto -lcrypto -lheimsqlite -Wl,-rpath,/usr/local/heimdal/lib
........

On Thu, 2018-08-02 at 12:44 -0400, Viktor Dukhovni wrote:

> > On Aug 2, 2018, at 12:33 PM, ASV <[hidden email]> wrote:
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00001db26a5615d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > Current language:  auto; currently minimal
> > (gdb) The program is running.  Exit anyway? (y or n) n
> > Not confirmed.
> > (gdb) backtrace
> > #0  0x00001db26a5615d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #1  0x00001db26a56155f in kadm5_s_chpass_principal_cond () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #2  0x00001dafc3001b90 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #3  0x00001dafc3000996 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #4  0x0000000000000000 in ?? ()
> >
> > Any help would be highly appreciated.
> > Thanks in advance.
>
> 1.  Please rebuild heimdal with debugging symbols:
>
> CFLAGS="-g -ggdb3 -O0"
>
>     that should make possible a stack trace with line numbers, ...
>
> 2.  What happens when you try to change the password as root via
>     "kadmin -l cpw ..."?  Does that work?
>
> 3.  It might be helpful to know what HDB backend you're using.
>
> 4.  Even without symbols you can ask GDB for the faulting
> instruction:
>
> x/i $pc
>
>     and print the register values:
>
>   i reg
>
> This may help to understand whether this a NULL pointer dereference,
> or something else.
>
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2


> On Aug 3, 2018, at 5:27 AM, ASV <[hidden email]> wrote:
>
> Changing password as suggested (kadmin -l cpw ...) works

No crashes, right?  Modulo authentication of the user, UDP transport, ...
ultimately "kadmin -l cpw" and "kpasswd" should end up calling the
same change() function in much the same way.

> After starting back the daemon it worked well.

What does "it worked well" mean?

> I'm using the HDB3 which I believe is part of the package itself (if I properly understood your question).

Yes, thanks.

> This is the output of the procedure on the newly re-compiled heimdal with the CFLAGS="-g -ggdb3 -O0" but doesn't look much different from the previous non-debugging version to me (hopefully I didn't make any mistake).

It looks like something stripped the built binaries, please make sure your
build process does not strip the binaries, and that you're running the
binaries with the debug symbols.

> A snippet of the compilation at the very end of this email.
>
> (gdb) bt
> #0  0x00000ae0709ed5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
> #1  0x00000ae0709ed55f in kadm5_s_chpass_principal_cond () from /usr/local/heimdal/lib/libkadm5srv.so.3.0                                                                                    
> #2  0x00000ade6d002bfb in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #3  0x00000ade6d001b89 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #4  0x00000ade6d0017d9 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #5  0x00000ade6d001073 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #6  0x00000ade6d0009a6 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #7  0x0000000000000000 in ?? ()
> (gdb) x/i $pc
> 0xae0709ed5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)

This is a structure member dereference at offset 200 from
a structure at $r14, which we see below is a NULL pointer:

> (gdb) i reg
> rax            0x76118487c2646c07       8507726889696390151
> rbx            0x1      1
> rcx            0x0      0
> rdx            0x1      1
> rsi            0xae13fbbe1a0    11962553196960
> rdi            0x0      0
> rbp            0x7f7ffffd58b0   0x7f7ffffd58b0
> rsp            0x7f7ffffd57a0   0x7f7ffffd57a0
> r8             0x0      0
> r9             0xae13fbbe4e0    11962553197792
> r10            0xae0a1066ab0    11959890504368
> r11            0xae0a299e000    11959916945408
> r12            0xae13fbbe1a0    11962553196960
> r13            0x0      0
> r14            0x0      0
> r15            0xae13fbbe4e0    11962553197792
> rip            0xae0709ed5d6    0xae0709ed5d6 <change+102>

Looking at the code for change(), this seems to be the
test condition for block:

    if (!context->keep_open) {
        ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
        if(ret)
            return ret;
    }

So somehow the server_handle passed to change() is NULL.  Which
means that the kadm5_handle that kpasswdd passes to
kadm5_s_chpass_principal_cond() is NULL.  The handle is initialized via:

    ret = kadm5_init_with_password_ctx(context,
                                       admin,
                                       NULL,
                                       KADM5_ADMIN_SERVICE,
                                       &conf, 0, 0,
                                       &kadm5_handle);

And failure short-circuits the call to kadm5_s_chpass_principal_cond()
so it is not clear how this could happen.  Debugging symbols are needed.

--
        Viktor.

ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
No, no crashes using "kadmin -l". Crashes always using kpasswd from a remote machine or directly on the KDC itself.

With "it worked well" I was just referring to the fact that "kadmin -l cpw ..." doesn't work when kpasswdd is down and it doesn't give any error output, surprisingly. Once the daemon is up again "worked well" hence still no output but the password was changed.

Unfortunately I don't know why you do not get enough debug.
I've compiled with the right flags. I've tried even to compile manually from the tar.gz package (./configure ... make) modifying the Makefile prior to proceed but it fails after a short while:

.....
  CC       strlwr.lo                                                                                                                                                                          
  CC       strsep_copy.lo                                                                                                                                                                    
  CC       strupr.lo                                                                                                                                                                          
  CCLD     libroken.la                                                                                                                                                                        
  CC       libtest_la-strftime.lo                                                                                                                                                            
  CC       libtest_la-strptime.lo                                                                                                                                                            
  CC       libtest_la-snprintf.lo                                                                                                                                                            
  CC       libtest_la-tsearch.lo                                                                                                                                                              
  CCLD     libtest.la                                                                                                                                                                        
  CC       snprintf_test-snprintf-test.o                                                                                                                                                      
  CCLD     snprintf-test                                                                                                                                                                      
snprintf_test-snprintf-test.o: In function `try':                                                                                                                                            
/root/heimdal-7.5.0/lib/roken/snprintf-test.c:53: warning: vsprintf() is often misused, please use vsnprintf()                                                                                
./.libs/libroken.so.19.0: undefined reference to `arc4random_stir'                                                                                                                            
collect2: ld returned 1 exit status                                                                                                      
*** Error 1 in lib/roken (Makefile:1123 'snprintf-test': @echo "  CCLD    " snprintf-test;/bin/sh ../../libtool --silent --tag=CC    --mode=...)    
*** Error 1 in lib/roken (Makefile:972 'all')                                                                                                            
*** Error 1 in lib (Makefile:589 'all-recursive')                                                                                                                  
*** Error 1 in /root/heimdal-7.5.0 (Makefile:636 'all-recursive')



I've even tried to run the daemon under ktrace and it just dies at the end as you can see below but I don't think that's gonna be useful for you.
I'm not a developer so unfortunately the amount of help I can give you is pretty limited on this. :(

 41873 kpasswdd RET   read 2819/0xb03
 41873 kpasswdd CALL  close(6)
 41873 kpasswdd RET   close 0
 41873 kpasswdd CALL  kbind(0x7f7fffff7f70,24,0xc5f5073165aed820)
 41873 kpasswdd RET   kbind 0
 41873 kpasswdd CALL  kbind(0x7f7fffff7fb0,24,0xc5f5073165aed820)
 41873 kpasswdd RET   kbind 0
 41873 kpasswdd CALL  getpid()
 41873 kpasswdd RET   getpid 41873/0xa391
 41873 kpasswdd CALL  sendsyslog(0x7f7fffff5f50,62,0<>)
 41873 kpasswdd GIO   fd -1 wrote 62 bytes
       "<38>kpasswdd[41873]: Changing password for [hidden email]"
 41873 kpasswdd RET   sendsyslog 0
 41873 kpasswdd CALL  kbind(0x7f7fffff8140,24,0xc5f5073165aed820)
 41873 kpasswdd RET   kbind 0
 41873 kpasswdd CALL  kbind(0x7f7fffff8290,24,0xc5f5073165aed820)
 41873 kpasswdd RET   kbind 0
 41873 kpasswdd CALL  kbind(0x7f7fffff8290,24,0xc5f5073165aed820)
 41873 kpasswdd RET   kbind 0
 41873 kpasswdd PSIG  SIGSEGV SIG_DFL code SEGV_MAPERR<1> addr=0xc8 trapno=6
 41873 kpasswdd NAMI  "kpasswdd.core"



On Fri, 2018-08-03 at 10:59 -0400, Viktor Dukhovni wrote:

> > On Aug 3, 2018, at 5:27 AM, ASV <[hidden email]> wrote:
> >
> > Changing password as suggested (kadmin -l cpw ...) works
>
> No crashes, right?  Modulo authentication of the user, UDP transport,
> ...
> ultimately "kadmin -l cpw" and "kpasswd" should end up calling the
> same change() function in much the same way.
>
> > After starting back the daemon it worked well.
>
> What does "it worked well" mean?
>
> > I'm using the HDB3 which I believe is part of the package itself
> > (if I properly understood your question).
>
> Yes, thanks.
>
> > This is the output of the procedure on the newly re-compiled
> > heimdal with the CFLAGS="-g -ggdb3 -O0" but doesn't look much
> > different from the previous non-debugging version to me (hopefully
> > I didn't make any mistake).
>
> It looks like something stripped the built binaries, please make sure
> your
> build process does not strip the binaries, and that you're running
> the
> binaries with the debug symbols.
>
> > A snippet of the compilation at the very end of this email.
> >
> > (gdb) bt
> > #0  0x00000ae0709ed5d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #1  0x00000ae0709ed55f in kadm5_s_chpass_principal_cond () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0                          
> >                                                          
> > #2  0x00000ade6d002bfb in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #3  0x00000ade6d001b89 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #4  0x00000ade6d0017d9 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #5  0x00000ade6d001073 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #6  0x00000ade6d0009a6 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #7  0x0000000000000000 in ?? ()
> > (gdb) x/i $pc
> > 0xae0709ed5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
>
> This is a structure member dereference at offset 200 from
> a structure at $r14, which we see below is a NULL pointer:
>
> > (gdb) i reg
> > rax            0x76118487c2646c07       8507726889696390151
> > rbx            0x1      1
> > rcx            0x0      0
> > rdx            0x1      1
> > rsi            0xae13fbbe1a0    11962553196960
> > rdi            0x0      0
> > rbp            0x7f7ffffd58b0   0x7f7ffffd58b0
> > rsp            0x7f7ffffd57a0   0x7f7ffffd57a0
> > r8             0x0      0
> > r9             0xae13fbbe4e0    11962553197792
> > r10            0xae0a1066ab0    11959890504368
> > r11            0xae0a299e000    11959916945408
> > r12            0xae13fbbe1a0    11962553196960
> > r13            0x0      0
> > r14            0x0      0
> > r15            0xae13fbbe4e0    11962553197792
> > rip            0xae0709ed5d6    0xae0709ed5d6 <change+102>
>
> Looking at the code for change(), this seems to be the
> test condition for block:
>
>     if (!context->keep_open) {
>         ret = context->db->hdb_open(context->context, context->db,
> O_RDWR, 0);
>         if(ret)
>             return ret;
>     }
>
> So somehow the server_handle passed to change() is NULL.  Which
> means that the kadm5_handle that kpasswdd passes to
> kadm5_s_chpass_principal_cond() is NULL.  The handle is initialized
> via:
>
>     ret = kadm5_init_with_password_ctx(context,
>                                        admin,
>                                        NULL,
>                                        KADM5_ADMIN_SERVICE,
>                                        &conf, 0, 0,
>                                        &kadm5_handle);
>
> And failure short-circuits the call to
> kadm5_s_chpass_principal_cond()
> so it is not clear how this could happen.  Debugging symbols are
> needed.
>
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2


> On Aug 3, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
>
> No, no crashes using "kadmin -l".

This shows that "kadmin" and the libkadm5srv.so library work fine.

Which libraries is "kadmin" linked with (post ldd output)?

Which libraries is "kpasswdd" linked with (post ldd output) and make
sure you're reporting the results for the right executable.

> With "it worked well" I was just referring to the fact that "kadmin -l cpw ..." doesn't work when kpasswdd is down

That's not possible.  The "kadmin -l cpw" command makes local changes
directly in the HDB and does not use "kpasswdd".  Its behaviour cannot
depend on whether kpasswdd is running or not.  It is operates silently.

> Unfortunately I don't know why you do not get enough debug.

Presumably you did not install an executable with the debug symbols.

--
        Viktor.

ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
> > On Aug 3, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
> >
> > No, no crashes using "kadmin -l".
>
> This shows that "kadmin" and the libkadm5srv.so library work fine.
>
> Which libraries is "kadmin" linked with (post ldd output)?
# ldd /usr/local/heimdal/bin/kadmin
/usr/local/heimdal/bin/kadmin:
        Start            End              Type  Open Ref GrpRef Name
        00000686bb600000 00000686bb81c000 exe   2    0   0      /usr/local/heimdal/bin/kadmin
        0000068994916000 0000068994b23000 rlib  0    1   0      /usr/local/heimdal/lib/libkadm5clnt.so.3.0
        0000068915230000 0000068915434000 rlib  0    9   0      /usr/local/lib/libcom_err.so.21.0
        00000688da241000 00000688da4d7000 rlib  0    4   0      /usr/local/heimdal/lib/libkrb5.so.22.0
        0000068944098000 0000068944342000 rlib  0    7   0      /usr/local/heimdal/lib/libasn1.so.22.0
        00000688fd6d7000 00000688fd8ec000 rlib  0    9   0      /usr/local/heimdal/lib/libroken.so.3.0
        00000689b9623000 00000689b9830000 rlib  0    10   0      /usr/lib/libutil.so.13.0
        00000688fe849000 00000688fea73000 rlib  0    6   0      /usr/local/heimdal/lib/libwind.so.3.0
        00000689b15ca000 00000689b17da000 rlib  0    7   0      /usr/local/heimdal/lib/libheimbase.so.2.0
        000006896c15e000 000006896c3b2000 rlib  0    5   0      /usr/local/heimdal/lib/libhx509.so.1.0
        00000688f28ff000 00000688f2b41000 rlib  0    6   0      /usr/local/heimdal/lib/libhcrypto.so.0.0
        0000068975d14000 00000689760f0000 rlib  0    7   0      /usr/lib/libcrypto.so.43.1
        000006892568c000 000006892598a000 rlib  0    5   0      /usr/local/heimdal/lib/libheimsqlite.so.1.0
        00000689af3af000 00000689af5c5000 rlib  0    1   0      /usr/local/heimdal/lib/libkadm5srv.so.3.0
        000006899ac6a000 000006899ae91000 rlib  0    2   0      /usr/local/heimdal/lib/libhdb.so.3.0
        00000689b368f000 00000689b3895000 rlib  0    1   0      /usr/local/heimdal/lib/libsl.so.1.0
        00000688ca70a000 00000688ca941000 rlib  0    2   0      /usr/local/heimdal/lib/libheimedit.so.1.0
        000006890dd52000 000006890dfa8000 rlib  0    3   0      /usr/lib/libcurses.so.14.0
        0000068923cc5000 0000068923ece000 rlib  0    13   0      /usr/lib/libpthread.so.25.1
        00000688eb50d000 00000688eb7ed000 rlib  0    1   0      /usr/lib/libc.so.92.3
        0000068924a00000 0000068924a00000 ld.so 0    1   0      /usr/libexec/ld.so
> Which libraries is "kpasswdd" linked with (post ldd output) and make
> sure you're reporting the results for the right executable.
# ldd /usr/local/heimdal/bin/kpasswd
/usr/local/heimdal/bin/kpasswd:
        Start            End              Type  Open Ref GrpRef Name
        000019fca7d00000 000019fca7f04000 exe   2    0   0      /usr/local/heimdal/bin/kpasswd
        000019ff4295c000 000019ff42bf2000 rlib  0    1   0      /usr/local/heimdal/lib/libkrb5.so.22.0
        000019ff9d5f6000 000019ff9d8a0000 rlib  0    4   0      /usr/local/heimdal/lib/libasn1.so.22.0
        000019ff68568000 000019ff6876c000 rlib  0    6   0      /usr/local/lib/libcom_err.so.21.0
        000019fed6dab000 000019fed6fc0000 rlib  0    6   0      /usr/local/heimdal/lib/libroken.so.3.0
        000019fec573d000 000019fec594a000 rlib  0    7   0      /usr/lib/libutil.so.13.0
        000019ff28c6a000 000019ff28e94000 rlib  0    3   0      /usr/local/heimdal/lib/libwind.so.3.0
        000019ff6bed7000 000019ff6c0e7000 rlib  0    4   0      /usr/local/heimdal/lib/libheimbase.so.2.0
        000019fef522c000 000019fef5480000 rlib  0    2   0      /usr/local/heimdal/lib/libhx509.so.1.0
        000019ffa531e000 000019ffa5560000 rlib  0    3   0      /usr/local/heimdal/lib/libhcrypto.so.0.0
        000019ff51dc7000 000019ff521a3000 rlib  0    4   0      /usr/lib/libcrypto.so.43.1
        000019fef6cf8000 000019fef6ff6000 rlib  0    2   0      /usr/local/heimdal/lib/libheimsqlite.so.1.0
        000019ff49167000 000019ff49370000 rlib  0    9   0      /usr/lib/libpthread.so.25.1
        000019ff38f04000 000019ff391e4000 rlib  0    1   0      /usr/lib/libc.so.92.3
        000019ff0f000000 000019ff0f000000 ld.so 0    1   0      /usr/libexec/ld.so

And yes, these are the right executable called by the rc scripts.

> > With "it worked well" I was just referring to the fact that "kadmin
> > -l cpw ..." doesn't work when kpasswdd is down
>
> That's not possible.  The "kadmin -l cpw" command makes local changes
> directly in the HDB and does not use "kpasswdd".  Its behaviour
> cannot
> depend on whether kpasswdd is running or not.  It is operates
> silently.
Sorry that was my bad. I've verified it and the only circumstance this
could possibly happen is when the two passwords do not match. So they
did not match and it failed, silently, and it tricked me.

> > Unfortunately I don't know why you do not get enough debug.
>
> Presumably you did not install an executable with the debug symbols.
About this I do not know what to say, I've seen the CFLAGS in the
compiling output lines and I even posted in the email.
I will try again as soon as I can.

Thank you.
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2


> On Aug 4, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
>
> On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
>>> On Aug 3, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
>>>
>>> No, no crashes using "kadmin -l".
>>
>> This shows that "kadmin" and the libkadm5srv.so library work fine.
>>
>> Which libraries is "kadmin" linked with (post ldd output)?
> # ldd /usr/local/heimdal/bin/kadmin
> /usr/local/heimdal/bin/kadmin:

OK, thanks.

>> Which libraries is "kpasswdd" linked with (post ldd output) and make
>> sure you're reporting the results for the right executable.
> # ldd /usr/local/heimdal/bin/kpasswd
> /usr/local/heimdal/bin/kpasswd:

That's the "kpasswd" client, NOT the "kpasswdd" server.  Please post the
"ldd" output for "kpasswdd" making sure to check that the daemon that's
segfaulting is that one, and not some other executable in another location.

The code to build with debugging symbols should ideally be the source for
the installed package, as modified by the OpenBSD maintainers, not the
upstream source (if different).

--
--
        Viktor.

ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
In reply to this post by Viktor Dukhovni-2
Please DISCARD the previous email where I've erroneously posted the
libraries linked to kpasswd and not to kpasswdd.

On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
> > On Aug 3, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
> >
> > No, no crashes using "kadmin -l".
>
> This shows that "kadmin" and the libkadm5srv.so library work fine.
>
> Which libraries is "kadmin" linked with (post ldd output)?
# ldd /usr/local/heimdal/bin/kadmin      
/usr/local/heimdal/bin/kadmin:
        Start            End              Type  Open Ref GrpRef Name
        0000031952d00000 0000031952f1c000 exe   2    0   0      /usr/local/heimdal/bin/kadmin
        0000031be7982000 0000031be7b8f000 rlib  0    1   0      /usr/local/heimdal/lib/libkadm5clnt.so.3.0
        0000031c15b68000 0000031c15d6c000 rlib  0    9   0      /usr/local/lib/libcom_err.so.21.0
        0000031c1b05f000 0000031c1b2f5000 rlib  0    4   0      /usr/local/heimdal/lib/libkrb5.so.22.0
        0000031bfbe9d000 0000031bfc147000 rlib  0    7   0      /usr/local/heimdal/lib/libasn1.so.22.0
        0000031b81fe8000 0000031b821fd000 rlib  0    9   0      /usr/local/heimdal/lib/libroken.so.3.0
        0000031b99afb000 0000031b99d08000 rlib  0    10   0      /usr/lib/libutil.so.13.0
        0000031c2c46a000 0000031c2c694000 rlib  0    6   0      /usr/local/heimdal/lib/libwind.so.3.0
        0000031c3a5b1000 0000031c3a7c1000 rlib  0    7   0      /usr/local/heimdal/lib/libheimbase.so.2.0
        0000031b96fec000 0000031b97240000 rlib  0    5   0      /usr/local/heimdal/lib/libhx509.so.1.0
        0000031ba3106000 0000031ba3348000 rlib  0    6   0      /usr/local/heimdal/lib/libhcrypto.so.0.0
        0000031bb87b9000 0000031bb8b95000 rlib  0    7   0      /usr/lib/libcrypto.so.43.1
        0000031bcda56000 0000031bcdd54000 rlib  0    5   0      /usr/local/heimdal/lib/libheimsqlite.so.1.0
        0000031c30a61000 0000031c30c77000 rlib  0    1   0      /usr/local/heimdal/lib/libkadm5srv.so.3.0
        0000031c213fe000 0000031c21625000 rlib  0    2   0      /usr/local/heimdal/lib/libhdb.so.3.0
        0000031bed128000 0000031bed32e000 rlib  0    1   0      /usr/local/heimdal/lib/libsl.so.1.0
        0000031bef6db000 0000031bef912000 rlib  0    2   0      /usr/local/heimdal/lib/libheimedit.so.1.0
        0000031c26ee6000 0000031c2713c000 rlib  0    3   0      /usr/lib/libcurses.so.14.0
        0000031bbe100000 0000031bbe309000 rlib  0    13   0      /usr/lib/libpthread.so.25.1
        0000031b86a1f000 0000031b86cff000 rlib  0    1   0      /usr/lib/libc.so.92.3
        0000031bbc700000 0000031bbc700000 ld.so 0    1   0      /usr/libexec/ld.so

> Which libraries is "kpasswdd" linked with (post ldd output) and make
> sure you're reporting the results for the right executable.
# ldd /usr/local/heimdal/libexec/kpasswdd
/usr/local/heimdal/libexec/kpasswdd:
        Start            End              Type  Open Ref GrpRef Name
        00001a995ac00000 00001a995ae08000 exe   2    0   0      /usr/local/heimdal/libexec/kpasswdd
        00001a9c00c4d000 00001a9c00e63000 rlib  0    1   0      /usr/local/heimdal/lib/libkadm5srv.so.3.0
        00001a9b8f900000 00001a9b8fb04000 rlib  0    8   0      /usr/local/lib/libcom_err.so.21.0
        00001a9ba5981000 00001a9ba5c17000 rlib  0    3   0      /usr/local/heimdal/lib/libkrb5.so.22.0
        00001a9b7f5e9000 00001a9b7f893000 rlib  0    6   0      /usr/local/heimdal/lib/libasn1.so.22.0
        00001a9b6757d000 00001a9b67792000 rlib  0    8   0      /usr/local/heimdal/lib/libroken.so.3.0
        00001a9c23577000 00001a9c23784000 rlib  0    9   0      /usr/lib/libutil.so.13.0
        00001a9c1dc73000 00001a9c1de9d000 rlib  0    5   0      /usr/local/heimdal/lib/libwind.so.3.0
        00001a9c2b942000 00001a9c2bb52000 rlib  0    6   0      /usr/local/heimdal/lib/libheimbase.so.2.0
        00001a9b5f9db000 00001a9b5fc2f000 rlib  0    4   0      /usr/local/heimdal/lib/libhx509.so.1.0
        00001a9c2e2b5000 00001a9c2e4f7000 rlib  0    5   0      /usr/local/heimdal/lib/libhcrypto.so.0.0
        00001a9c287f4000 00001a9c28bd0000 rlib  0    6   0      /usr/lib/libcrypto.so.43.1
        00001a9b66371000 00001a9b6666f000 rlib  0    4   0      /usr/local/heimdal/lib/libheimsqlite.so.1.0
        00001a9bc584c000 00001a9bc5a73000 rlib  0    2   0      /usr/local/heimdal/lib/libhdb.so.3.0
        00001a9c40344000 00001a9c4054d000 rlib  0    11   0      /usr/lib/libpthread.so.25.1
        00001a9b62ed2000 00001a9b631b2000 rlib  0    1   0      /usr/lib/libc.so.92.3
        00001a9c07800000 00001a9c07800000 ld.so 0    1   0      /usr/libexec/ld.so

And yes, these are the right executable called by the rc scripts.

> > With "it worked well" I was just referring to the fact that "kadmin
> > -l cpw ..." doesn't work when kpasswdd is down
>
> That's not possible.  The "kadmin -l cpw" command makes local changes
> directly in the HDB and does not use "kpasswdd".  Its behaviour
> cannot
> depend on whether kpasswdd is running or not.  It is operates
> silently.

Sorry that was my bad. I've verified it and the only circumstance this
could possibly happen is when the two passwords do not match. So they
did not match and it failed, silently, and it tricked me.

> > Unfortunately I don't know why you do not get enough debug.
>
> Presumably you did not install an executable with the debug symbols.

About this I do not know what to say, I've seen the CFLAGS in the
compiling output lines and I even posted in the email.
I will try again as soon as I can.

Thank you.
ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
In reply to this post by Viktor Dukhovni-2
You've been 23 secs faster to reply than me to correct the email with
the wrong output! :D

So, the correct one has been sent already. About the source code, well
I've tried with both but the upstream didn't compile so I'll stick to
the OpenBSD one from ports.

On Sat, 2018-08-04 at 14:04 -0400, Viktor Dukhovni wrote:

> > On Aug 4, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
> >
> > On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
> > > > On Aug 3, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
> > > >
> > > > No, no crashes using "kadmin -l".
> > >
> > > This shows that "kadmin" and the libkadm5srv.so library work
> > > fine.
> > >
> > > Which libraries is "kadmin" linked with (post ldd output)?
> >
> > # ldd /usr/local/heimdal/bin/kadmin
> > /usr/local/heimdal/bin/kadmin:
>
> OK, thanks.
>
> > > Which libraries is "kpasswdd" linked with (post ldd output) and
> > > make
> > > sure you're reporting the results for the right executable.
> >
> > # ldd /usr/local/heimdal/bin/kpasswd
> > /usr/local/heimdal/bin/kpasswd:
>
> That's the "kpasswd" client, NOT the "kpasswdd" server.  Please post
> the
> "ldd" output for "kpasswdd" making sure to check that the daemon
> that's
> segfaulting is that one, and not some other executable in another
> location.
>
> The code to build with debugging symbols should ideally be the source
> for
> the installed package, as modified by the OpenBSD maintainers, not
> the
> upstream source (if different).
>
> --
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2
In reply to this post by ASV
On Aug 4, 2018, at 2:05 PM, ASV <[hidden email]> wrote:

> On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
>>> On Aug 3, 2018, at 1:43 PM, ASV <[hidden email]> wrote:
>>>
>>> No, no crashes using "kadmin -l".
>>
>> This shows that "kadmin" and the libkadm5srv.so library work fine.
>>
>> Which libraries is "kadmin" linked with (post ldd output)?
> # ldd /usr/local/heimdal/bin/kadmin      
> /usr/local/heimdal/bin/kadmin:

[ Thanks, same libraries for both ]

>
>> Which libraries is "kpasswdd" linked with (post ldd output) and make
>> sure you're reporting the results for the right executable.
> # ldd /usr/local/heimdal/libexec/kpasswdd
> /usr/local/heimdal/libexec/kpasswdd:
>        Start            End              Type  Open Ref GrpRef Name

[ Ditto ]

> And yes, these are the right executable called by the rc scripts.

So change() in /usr/local/heimdal/lib/libkadm5srv.so.3.0 works when invoked
via "kadmin -l cpw", but segfaults via "kpasswdd", with a likely NULL kadm5
handle.

We can confirm the guess about the NULL handle by printing more of the
machine instructions of change().  If the crash is still at change+102,
please report the output of (first one confirms the 102 offset, adjust
the next if different):

        x/i $pc
        x/40i $pc-102

This should indicate what happened in change() before the crash.  But
really, at this point symbols are needed, and we'd need to look up
the call stack to see how the handle got to be NULL.

> About this I do not know what to say, I've seen the CFLAGS in the
> compiling output lines and I even posted in the email.
> I will try again as soon as I can.

That seems to be the main path forward.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2
In reply to this post by ASV


> On Aug 4, 2018, at 2:36 PM, ASV <[hidden email]> wrote:
>
> You've been 23 secs faster to reply than me to correct the email with
> the wrong output! :D
>
> So, the correct one has been sent already. About the source code, well
> I've tried with both but the upstream didn't compile so I'll stick to
> the OpenBSD one from ports.

Yes, that's best.  Build that with debugging symbols, and make sure
that the build does not then strip the binaries.

--
        Viktor.

ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
I think that I finally got it, did I?


Program received signal SIGSEGV, Segmentation fault.
0x000007fe9c69d5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
Current language:  auto; currently minimal
(gdb) bt
#0  0x000007fe9c69d5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
#1  0x000007fe9c69d55f in kadm5_s_chpass_principal_cond () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
#2  0x000007fbfc702bfb in ?? () from /usr/local/heimdal/libexec/kpasswdd
#3  0x000007fbfc701b89 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#4  0x000007fbfc7017d9 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#5  0x000007fbfc701073 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#6  0x000007fbfc7009a6 in ?? () from /usr/local/heimdal/libexec/kpasswdd
#7  0x0000000000000000 in ?? ()
(gdb) x/i $pc                                                                                                                                                                              
0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
(gdb) x/40i $pc-102
0x7fe9c69d570 <change>: push   %rbp
0x7fe9c69d571 <change+1>:       mov    %rsp,%rbp
0x7fe9c69d574 <change+4>:       push   %r15
0x7fe9c69d576 <change+6>:       push   %r14
0x7fe9c69d578 <change+8>:       push   %r13
0x7fe9c69d57a <change+10>:      push   %r12
0x7fe9c69d57c <change+12>:      push   %rbx
0x7fe9c69d57d <change+13>:      sub    $0xe8,%rsp
0x7fe9c69d584 <change+20>:      mov    %r9,%r15
0x7fe9c69d587 <change+23>:      mov    %r8,%r13
0x7fe9c69d58a <change+26>:      mov    %ecx,0xffffffffffffff04(%rbp)
0x7fe9c69d590 <change+32>:      mov    %edx,%ebx
0x7fe9c69d592 <change+34>:      mov    %rsi,%r12
0x7fe9c69d595 <change+37>:      mov    %rdi,%r14
0x7fe9c69d598 <change+40>:      mov    2174785(%rip),%rax        # 0x7fe9c8b04e0 <__guard_local>
0x7fe9c69d59f <change+47>:      mov    %rax,0xffffffffffffffd0(%rbp)
0x7fe9c69d5a3 <change+51>:      xorps  %xmm0,%xmm0
0x7fe9c69d5a6 <change+54>:      movaps %xmm0,0xffffffffffffffc0(%rbp)
0x7fe9c69d5aa <change+58>:      movaps %xmm0,0xffffffffffffffb0(%rbp)
0x7fe9c69d5ae <change+62>:      movaps %xmm0,0xffffffffffffffa0(%rbp)
0x7fe9c69d5b2 <change+66>:      movaps %xmm0,0xffffffffffffff90(%rbp)
0x7fe9c69d5b6 <change+70>:      movaps %xmm0,0xffffffffffffff80(%rbp)
0x7fe9c69d5ba <change+74>:      movaps %xmm0,0xffffffffffffff70(%rbp)
0x7fe9c69d5c1 <change+81>:      movaps %xmm0,0xffffffffffffff60(%rbp)
0x7fe9c69d5c8 <change+88>:      movaps %xmm0,0xffffffffffffff50(%rbp)
0x7fe9c69d5cf <change+95>:      movaps %xmm0,0xffffffffffffff40(%rbp)
0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
0x7fe9c69d5de <change+110>:     je     0x7fe9c69d60f <change+159>
0x7fe9c69d5e0 <change+112>:     mov    %r13,0xfffffffffffffef0(%rbp)
0x7fe9c69d5e7 <change+119>:     mov    %r14,%rdi
0x7fe9c69d5ea <change+122>:     callq  0x7fe9c69cf00 <_init+3104>
0x7fe9c69d5ef <change+127>:     mov    %eax,%r13d
0x7fe9c69d5f2 <change+130>:     test   %r13d,%r13d
0x7fe9c69d5f5 <change+133>:     je     0x7fe9c69d64a <change+218>
0x7fe9c69d5f7 <change+135>:     cmpl   $0x0,0xc8(%r14)
0x7fe9c69d5ff <change+143>:     je     0x7fe9c69d88f <change+799>
0x7fe9c69d605 <change+149>:     mov    %r13d,%edi
0x7fe9c69d608 <change+152>:     callq  0x7fe9c69c670 <_init+912>
0x7fe9c69d60d <change+157>:     jmp    0x7fe9c69d627 <change+183>
0x7fe9c69d60f <change+159>:     mov    (%r14),%rdi

On Sat, 2018-08-04 at 14:45 -0400, Viktor Dukhovni wrote:

> > On Aug 4, 2018, at 2:36 PM, ASV <[hidden email]> wrote:
> >
> > You've been 23 secs faster to reply than me to correct the email
> > with
> > the wrong output! :D
> >
> > So, the correct one has been sent already. About the source code,
> > well
> > I've tried with both but the upstream didn't compile so I'll stick
> > to
> > the OpenBSD one from ports.
>
> Yes, that's best.  Build that with debugging symbols, and make sure
> that the build does not then strip the binaries.
>
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2


> On Aug 4, 2018, at 3:28 PM, ASV <[hidden email]> wrote:
>
> I think that I finally got it, did I?

Still no symbols, but yes, you got the instruction decode.

> Program received signal SIGSEGV, Segmentation fault.
> 0x000007fe9c69d5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
> Current language:  auto; currently minimal
> (gdb) bt
> #0  0x000007fe9c69d5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
> #1  0x000007fe9c69d55f in kadm5_s_chpass_principal_cond () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
> #2  0x000007fbfc702bfb in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #3  0x000007fbfc701b89 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #4  0x000007fbfc7017d9 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #5  0x000007fbfc701073 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #6  0x000007fbfc7009a6 in ?? () from /usr/local/heimdal/libexec/kpasswdd
> #7  0x0000000000000000 in ?? ()
> (gdb) x/i $pc                                                                                                                
> 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
> (gdb) x/40i $pc-102
> 0x7fe9c69d570 <change>: push   %rbp
> 0x7fe9c69d571 <change+1>:       mov    %rsp,%rbp
> 0x7fe9c69d574 <change+4>:       push   %r15
> 0x7fe9c69d576 <change+6>:       push   %r14
> 0x7fe9c69d578 <change+8>:       push   %r13
> 0x7fe9c69d57a <change+10>:      push   %r12
> 0x7fe9c69d57c <change+12>:      push   %rbx
> 0x7fe9c69d57d <change+13>:      sub    $0xe8,%rsp
> 0x7fe9c69d584 <change+20>:      mov    %r9,%r15
> 0x7fe9c69d587 <change+23>:      mov    %r8,%r13
> 0x7fe9c69d58a <change+26>:      mov    %ecx,0xffffffffffffff04(%rbp)
> 0x7fe9c69d590 <change+32>:      mov    %edx,%ebx
> 0x7fe9c69d592 <change+34>:      mov    %rsi,%r12
> 0x7fe9c69d595 <change+37>:      mov    %rdi,%r14
> 0x7fe9c69d598 <change+40>:      mov    2174785(%rip),%rax        # 0x7fe9c8b04e0 <__guard_local>
> 0x7fe9c69d59f <change+47>:      mov    %rax,0xffffffffffffffd0(%rbp)
> 0x7fe9c69d5a3 <change+51>:      xorps  %xmm0,%xmm0
> 0x7fe9c69d5a6 <change+54>:      movaps %xmm0,0xffffffffffffffc0(%rbp)
> 0x7fe9c69d5aa <change+58>:      movaps %xmm0,0xffffffffffffffb0(%rbp)
> 0x7fe9c69d5ae <change+62>:      movaps %xmm0,0xffffffffffffffa0(%rbp)
> 0x7fe9c69d5b2 <change+66>:      movaps %xmm0,0xffffffffffffff90(%rbp)
> 0x7fe9c69d5b6 <change+70>:      movaps %xmm0,0xffffffffffffff80(%rbp)
> 0x7fe9c69d5ba <change+74>:      movaps %xmm0,0xffffffffffffff70(%rbp)
> 0x7fe9c69d5c1 <change+81>:      movaps %xmm0,0xffffffffffffff60(%rbp)
> 0x7fe9c69d5c8 <change+88>:      movaps %xmm0,0xffffffffffffff50(%rbp)
> 0x7fe9c69d5cf <change+95>:      movaps %xmm0,0xffffffffffffff40(%rbp)
> 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)

This is confirms the guess, the kadm5 handle is NULL.  We now need debugging
symbols.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Antoine Jacoutot-7
In reply to this post by ASV
> > Presumably you did not install an executable with the debug symbols.
>
> About this I do not know what to say, I've seen the CFLAGS in the
> compiling output lines and I even posted in the email.
> I will try again as soon as I can.

If you build from ports, add INSTALL_STRIP="" to your make command, otherwise
the binaries will be stripped at install time.

--
Antoine
ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
Thank you Antoine,
I'll try and post the results ASAP.

On Sat, 2018-08-04 at 23:01 +0200, Antoine Jacoutot wrote:

> > > Presumably you did not install an executable with the debug
> > > symbols.
> >
> > About this I do not know what to say, I've seen the CFLAGS in the
> > compiling output lines and I even posted in the email.
> > I will try again as soon as I can.
>
> If you build from ports, add INSTALL_STRIP="" to your make command,
> otherwise
> the binaries will be stripped at install time.
>
ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
In reply to this post by Viktor Dukhovni-2
Good morning,
this looks more exhaustive to me. :)

(gdb) r
Starting program: /usr/local/heimdal/libexec/kpasswdd

Program received signal SIGSEGV, Segmentation fault.
0x00001fe263d185d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
Current language:  auto; currently minimal
(gdb) bt
#0  0x00001fe263d185d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
#1  0x00001fe263d1855f in kadm5_s_chpass_principal_cond () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
#2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080, admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7ffffe0968, sa_size=16, in_data=0x7f7ffffe0310) at kpasswdd.c:410
#3  0x00001fe05dc01b89 in process (keytab=0x1fe27c7a0c00, s=8, this_addr=0x1fe261684330, sa=0x7f7ffffe0968, sa_size=16, msg=0x7f7ffffe0460 "\002\200\002\bn\202\002\0040\202\002", len=676)
    at kpasswdd.c:633
#4  0x00001fe05dc017d9 in doit (keytab=0x1fe27c7a0c00, port=53249) at kpasswdd.c:767
#5  0x00001fe05dc01073 in main (argc=1, argv=0x7f7ffffe0c08) at kpasswdd.c:906
(gdb) x/i $pc
0x1fe263d185d6 <change+102>:    cmpl   $0x0,0xc8(%r14)
(gdb) i reg
rax            0xb216510a6421fab2       -5614210780399273294
rbx            0x1      1
rcx            0x0      0
rdx            0x1      1
rsi            0x1fe318612740   35060227057472
rdi            0x0      0
rbp            0x7f7ffffe0050   0x7f7ffffe0050
rsp            0x7f7ffffdff40   0x7f7ffffdff40
r8             0x0      0
r9             0x1fe2b9c4c5d0   35058639750608
r10            0x1fe2d5235b30   35059098934064
r11            0x0      0
r12            0x1fe318612740   35060227057472
r13            0x0      0
r14            0x0      0
r15            0x1fe2b9c4c5d0   35058639750608
rip            0x1fe263d185d6   0x1fe263d185d6 <change+102>
eflags         0x10202  66050
cs             0x2b     43
ss             0x23     35
ds             0x23     35
es             0x23     35
fs             0x23     35
gs             0x23     35



On Sat, 2018-08-04 at 15:44 -0400, Viktor Dukhovni wrote:

> > On Aug 4, 2018, at 3:28 PM, ASV <[hidden email]> wrote:
> >
> > I think that I finally got it, did I?
>
> Still no symbols, but yes, you got the instruction decode.
>
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x000007fe9c69d5d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > Current language:  auto; currently minimal
> > (gdb) bt
> > #0  0x000007fe9c69d5d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #1  0x000007fe9c69d55f in kadm5_s_chpass_principal_cond () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #2  0x000007fbfc702bfb in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #3  0x000007fbfc701b89 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #4  0x000007fbfc7017d9 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #5  0x000007fbfc701073 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #6  0x000007fbfc7009a6 in ?? () from
> > /usr/local/heimdal/libexec/kpasswdd
> > #7  0x0000000000000000 in ?? ()
> > (gdb) x/i
> > $pc                                                                
> >                                                  
> > 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
> > (gdb) x/40i $pc-102
> > 0x7fe9c69d570 <change>: push   %rbp
> > 0x7fe9c69d571 <change+1>:       mov    %rsp,%rbp
> > 0x7fe9c69d574 <change+4>:       push   %r15
> > 0x7fe9c69d576 <change+6>:       push   %r14
> > 0x7fe9c69d578 <change+8>:       push   %r13
> > 0x7fe9c69d57a <change+10>:      push   %r12
> > 0x7fe9c69d57c <change+12>:      push   %rbx
> > 0x7fe9c69d57d <change+13>:      sub    $0xe8,%rsp
> > 0x7fe9c69d584 <change+20>:      mov    %r9,%r15
> > 0x7fe9c69d587 <change+23>:      mov    %r8,%r13
> > 0x7fe9c69d58a
> > <change+26>:      mov    %ecx,0xffffffffffffff04(%rbp)
> > 0x7fe9c69d590 <change+32>:      mov    %edx,%ebx
> > 0x7fe9c69d592 <change+34>:      mov    %rsi,%r12
> > 0x7fe9c69d595 <change+37>:      mov    %rdi,%r14
> > 0x7fe9c69d598 <change+40>:      mov    2174785(%rip),%rax        #
> > 0x7fe9c8b04e0 <__guard_local>
> > 0x7fe9c69d59f
> > <change+47>:      mov    %rax,0xffffffffffffffd0(%rbp)
> > 0x7fe9c69d5a3 <change+51>:      xorps  %xmm0,%xmm0
> > 0x7fe9c69d5a6 <change+54>:      movaps
> > %xmm0,0xffffffffffffffc0(%rbp)
> > 0x7fe9c69d5aa <change+58>:      movaps
> > %xmm0,0xffffffffffffffb0(%rbp)
> > 0x7fe9c69d5ae <change+62>:      movaps
> > %xmm0,0xffffffffffffffa0(%rbp)
> > 0x7fe9c69d5b2 <change+66>:      movaps
> > %xmm0,0xffffffffffffff90(%rbp)
> > 0x7fe9c69d5b6 <change+70>:      movaps
> > %xmm0,0xffffffffffffff80(%rbp)
> > 0x7fe9c69d5ba <change+74>:      movaps
> > %xmm0,0xffffffffffffff70(%rbp)
> > 0x7fe9c69d5c1 <change+81>:      movaps
> > %xmm0,0xffffffffffffff60(%rbp)
> > 0x7fe9c69d5c8 <change+88>:      movaps
> > %xmm0,0xffffffffffffff50(%rbp)
> > 0x7fe9c69d5cf <change+95>:      movaps
> > %xmm0,0xffffffffffffff40(%rbp)
> > 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
>
> This is confirms the guess, the kadm5 handle is NULL.  We now need
> debugging
> symbols.
>
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2
On Aug 5, 2018, at 5:20 AM, ASV <[hidden email]> wrote:
>
> Good morning,
> this looks more exhaustive to me. :)

You have debugging symbols in the "kpasswdd" executable, but NOT in the
libkadm5srv.so library.  Please also install the re-compiled library and
rerun the test, but first:

> (gdb) bt
> #0  0x00001fe263d185d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
> #1  0x00001fe263d1855f in kadm5_s_chpass_principal_cond () from /usr/local/heimdal/lib/libkadm5srv.so.3.0

[ No symbols in frames 0 and 1 ]

> #2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080, admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7ffffe0968, sa_size=16, in_data=0x7f7ffffe0310) at kpasswdd.c:410

This is the call to kadm5_s_chpass_principal_cond in kpasswdd.c:

    410     ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp);

It would already be useful to see the value of "kadm5_handle".  You can report the
output of:

        (gdb) frame 2
        (gdb) p kadm5_handle
        (gdb) p principal->name.name_string.val[0]
        (gdb) p principal->name.name_string.val[1]
        (gdb) p admin_principal->name.name_string[0]
        (gdb) p admin_principal->name.name_string[1]
        (gdb) p pwd_data->length
        (gdb) p context[0]

If this proves insufficient, we'll need the debugging symbols for library,
but it is possible that symbols in the library will not be needed.

> #3  0x00001fe05dc01b89 in process (keytab=0x1fe27c7a0c00, s=8, this_addr=0x1fe261684330, sa=0x7f7ffffe0968, sa_size=16, msg=0x7f7ffffe0460 "\002\200\002\bn\202\002\0040\202\002", len=676)
>    at kpasswdd.c:633
> #4  0x00001fe05dc017d9 in doit (keytab=0x1fe27c7a0c00, port=53249) at kpasswdd.c:767
> #5  0x00001fe05dc01073 in main (argc=1, argv=0x7f7ffffe0c08) at kpasswdd.c:906
> (gdb) x/i $pc
> 0x1fe263d185d6 <change+102>:    cmpl   $0x0,0xc8(%r14)
> (gdb) i reg
> rax            0xb216510a6421fab2       -5614210780399273294
> rbx            0x1      1
> rcx            0x0      0
> rdx            0x1      1
> rsi            0x1fe318612740   35060227057472
> rdi            0x0      0
> rbp            0x7f7ffffe0050   0x7f7ffffe0050
> rsp            0x7f7ffffdff40   0x7f7ffffdff40
> r8             0x0      0
> r9             0x1fe2b9c4c5d0   35058639750608
> r10            0x1fe2d5235b30   35059098934064
> r11            0x0      0
> r12            0x1fe318612740   35060227057472
> r13            0x0      0
> r14            0x0      0
> r15            0x1fe2b9c4c5d0   35058639750608
> rip            0x1fe263d185d6   0x1fe263d185d6 <change+102>
> eflags         0x10202  66050
> cs             0x2b     43
> ss             0x23     35
> ds             0x23     35
> es             0x23     35
> fs             0x23     35
> gs             0x23     35
>
>
>
> On Sat, 2018-08-04 at 15:44 -0400, Viktor Dukhovni wrote:
>>> On Aug 4, 2018, at 3:28 PM, ASV <[hidden email]> wrote:
>>>
>>> I think that I finally got it, did I?
>>
>> Still no symbols, but yes, you got the instruction decode.
>>
>>> Program received signal SIGSEGV, Segmentation fault.
>>> 0x000007fe9c69d5d6 in change () from
>>> /usr/local/heimdal/lib/libkadm5srv.so.3.0
>>> Current language:  auto; currently minimal
>>> (gdb) bt
>>> #0  0x000007fe9c69d5d6 in change () from
>>> /usr/local/heimdal/lib/libkadm5srv.so.3.0
>>> #1  0x000007fe9c69d55f in kadm5_s_chpass_principal_cond () from
>>> /usr/local/heimdal/lib/libkadm5srv.so.3.0
>>> #2  0x000007fbfc702bfb in ?? () from
>>> /usr/local/heimdal/libexec/kpasswdd
>>> #3  0x000007fbfc701b89 in ?? () from
>>> /usr/local/heimdal/libexec/kpasswdd
>>> #4  0x000007fbfc7017d9 in ?? () from
>>> /usr/local/heimdal/libexec/kpasswdd
>>> #5  0x000007fbfc701073 in ?? () from
>>> /usr/local/heimdal/libexec/kpasswdd
>>> #6  0x000007fbfc7009a6 in ?? () from
>>> /usr/local/heimdal/libexec/kpasswdd
>>> #7  0x0000000000000000 in ?? ()
>>> (gdb) x/i
>>> $pc                                                                
>>>
>>> 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
>>> (gdb) x/40i $pc-102
>>> 0x7fe9c69d570 <change>: push   %rbp
>>> 0x7fe9c69d571 <change+1>:       mov    %rsp,%rbp
>>> 0x7fe9c69d574 <change+4>:       push   %r15
>>> 0x7fe9c69d576 <change+6>:       push   %r14
>>> 0x7fe9c69d578 <change+8>:       push   %r13
>>> 0x7fe9c69d57a <change+10>:      push   %r12
>>> 0x7fe9c69d57c <change+12>:      push   %rbx
>>> 0x7fe9c69d57d <change+13>:      sub    $0xe8,%rsp
>>> 0x7fe9c69d584 <change+20>:      mov    %r9,%r15
>>> 0x7fe9c69d587 <change+23>:      mov    %r8,%r13
>>> 0x7fe9c69d58a
>>> <change+26>:      mov    %ecx,0xffffffffffffff04(%rbp)
>>> 0x7fe9c69d590 <change+32>:      mov    %edx,%ebx
>>> 0x7fe9c69d592 <change+34>:      mov    %rsi,%r12
>>> 0x7fe9c69d595 <change+37>:      mov    %rdi,%r14
>>> 0x7fe9c69d598 <change+40>:      mov    2174785(%rip),%rax        #
>>> 0x7fe9c8b04e0 <__guard_local>
>>> 0x7fe9c69d59f
>>> <change+47>:      mov    %rax,0xffffffffffffffd0(%rbp)
>>> 0x7fe9c69d5a3 <change+51>:      xorps  %xmm0,%xmm0
>>> 0x7fe9c69d5a6 <change+54>:      movaps
>>> %xmm0,0xffffffffffffffc0(%rbp)
>>> 0x7fe9c69d5aa <change+58>:      movaps
>>> %xmm0,0xffffffffffffffb0(%rbp)
>>> 0x7fe9c69d5ae <change+62>:      movaps
>>> %xmm0,0xffffffffffffffa0(%rbp)
>>> 0x7fe9c69d5b2 <change+66>:      movaps
>>> %xmm0,0xffffffffffffff90(%rbp)
>>> 0x7fe9c69d5b6 <change+70>:      movaps
>>> %xmm0,0xffffffffffffff80(%rbp)
>>> 0x7fe9c69d5ba <change+74>:      movaps
>>> %xmm0,0xffffffffffffff70(%rbp)
>>> 0x7fe9c69d5c1 <change+81>:      movaps
>>> %xmm0,0xffffffffffffff60(%rbp)
>>> 0x7fe9c69d5c8 <change+88>:      movaps
>>> %xmm0,0xffffffffffffff50(%rbp)
>>> 0x7fe9c69d5cf <change+95>:      movaps
>>> %xmm0,0xffffffffffffff40(%rbp)
>>> 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
>>
>> This is confirms the guess, the kadm5 handle is NULL.  We now need
>> debugging
>> symbols.
>>

--
        Viktor.

ASV
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

ASV
Here we go:

(gdb) frame 2
#2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080, admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7ffffe0968, sa_size=16, in_data=0x7f7ffffe0310) at kpasswdd.c:410
410         ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp);
(gdb) p kadm5_handle
$1 = (void *) 0x0
(gdb) p principal->name.name_string.val[0]
$2 = 0x1fe312b39eb0 "vaxxxxx"
(gdb) p principal->name.name_string.val[1]
$3 = 0x0
(gdb) p admin_principal->name.name_string[0]
Structure has no component named operator[].
(gdb) p admin_principal->name.name_string[1]
Structure has no component named operator[].
(gdb) p pwd_data->length
$4 = 16
(gdb) p context[0]
Cannot perform pointer math on incomplete type "krb5_context_data", try casting to a known type, or void *.



On Sun, 2018-08-05 at 12:11 -0400, Viktor Dukhovni wrote:

> On Aug 5, 2018, at 5:20 AM, ASV <[hidden email]> wrote:
> >
> > Good morning,
> > this looks more exhaustive to me. :)
>
> You have debugging symbols in the "kpasswdd" executable, but NOT in
> the
> libkadm5srv.so library.  Please also install the re-compiled library
> and
> rerun the test, but first:
>
> > (gdb) bt
> > #0  0x00001fe263d185d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #1  0x00001fe263d1855f in kadm5_s_chpass_principal_cond () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
>
> [ No symbols in frames 0 and 1 ]
>
> > #2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080,
> > admin_principal=0x1fe318614860, version=65408, s=8,
> > sa=0x7f7ffffe0968, sa_size=16, in_data=0x7f7ffffe0310) at
> > kpasswdd.c:410
>
> This is the call to kadm5_s_chpass_principal_cond in kpasswdd.c:
>
>     410     ret = kadm5_s_chpass_principal_cond (kadm5_handle,
> principal, 1, tmp);
>
> It would already be useful to see the value of "kadm5_handle".  You
> can report the
> output of:
>
> (gdb) frame 2
> (gdb) p kadm5_handle
>         (gdb) p principal->name.name_string.val[0]
> (gdb) p principal->name.name_string.val[1]
> (gdb) p admin_principal->name.name_string[0]
> (gdb) p admin_principal->name.name_string[1]
> (gdb) p pwd_data->length
> (gdb) p context[0]
>
> If this proves insufficient, we'll need the debugging symbols for
> library,
> but it is possible that symbols in the library will not be needed.
>
> > #3  0x00001fe05dc01b89 in process (keytab=0x1fe27c7a0c00, s=8,
> > this_addr=0x1fe261684330, sa=0x7f7ffffe0968, sa_size=16,
> > msg=0x7f7ffffe0460 "\002\200\002\bn\202\002\0040\202\002", len=676)
> >    at kpasswdd.c:633
> > #4  0x00001fe05dc017d9 in doit (keytab=0x1fe27c7a0c00, port=53249)
> > at kpasswdd.c:767
> > #5  0x00001fe05dc01073 in main (argc=1, argv=0x7f7ffffe0c08) at
> > kpasswdd.c:906
> > (gdb) x/i $pc
> > 0x1fe263d185d6 <change+102>:    cmpl   $0x0,0xc8(%r14)
> > (gdb) i reg
> > rax            0xb216510a6421fab2       -5614210780399273294
> > rbx            0x1      1
> > rcx            0x0      0
> > rdx            0x1      1
> > rsi            0x1fe318612740   35060227057472
> > rdi            0x0      0
> > rbp            0x7f7ffffe0050   0x7f7ffffe0050
> > rsp            0x7f7ffffdff40   0x7f7ffffdff40
> > r8             0x0      0
> > r9             0x1fe2b9c4c5d0   35058639750608
> > r10            0x1fe2d5235b30   35059098934064
> > r11            0x0      0
> > r12            0x1fe318612740   35060227057472
> > r13            0x0      0
> > r14            0x0      0
> > r15            0x1fe2b9c4c5d0   35058639750608
> > rip            0x1fe263d185d6   0x1fe263d185d6 <change+102>
> > eflags         0x10202  66050
> > cs             0x2b     43
> > ss             0x23     35
> > ds             0x23     35
> > es             0x23     35
> > fs             0x23     35
> > gs             0x23     35
> >
> >
> >
> > On Sat, 2018-08-04 at 15:44 -0400, Viktor Dukhovni wrote:
> > > > On Aug 4, 2018, at 3:28 PM, ASV <[hidden email]> wrote:
> > > >
> > > > I think that I finally got it, did I?
> > >
> > > Still no symbols, but yes, you got the instruction decode.
> > >
> > > > Program received signal SIGSEGV, Segmentation fault.
> > > > 0x000007fe9c69d5d6 in change () from
> > > > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > > > Current language:  auto; currently minimal
> > > > (gdb) bt
> > > > #0  0x000007fe9c69d5d6 in change () from
> > > > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > > > #1  0x000007fe9c69d55f in kadm5_s_chpass_principal_cond () from
> > > > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > > > #2  0x000007fbfc702bfb in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #3  0x000007fbfc701b89 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #4  0x000007fbfc7017d9 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #5  0x000007fbfc701073 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #6  0x000007fbfc7009a6 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #7  0x0000000000000000 in ?? ()
> > > > (gdb) x/i
> > > > $pc                                                            
> > > >    
> > > >
> > > > 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
> > > > (gdb) x/40i $pc-102
> > > > 0x7fe9c69d570 <change>: push   %rbp
> > > > 0x7fe9c69d571 <change+1>:       mov    %rsp,%rbp
> > > > 0x7fe9c69d574 <change+4>:       push   %r15
> > > > 0x7fe9c69d576 <change+6>:       push   %r14
> > > > 0x7fe9c69d578 <change+8>:       push   %r13
> > > > 0x7fe9c69d57a <change+10>:      push   %r12
> > > > 0x7fe9c69d57c <change+12>:      push   %rbx
> > > > 0x7fe9c69d57d <change+13>:      sub    $0xe8,%rsp
> > > > 0x7fe9c69d584 <change+20>:      mov    %r9,%r15
> > > > 0x7fe9c69d587 <change+23>:      mov    %r8,%r13
> > > > 0x7fe9c69d58a
> > > > <change+26>:      mov    %ecx,0xffffffffffffff04(%rbp)
> > > > 0x7fe9c69d590 <change+32>:      mov    %edx,%ebx
> > > > 0x7fe9c69d592 <change+34>:      mov    %rsi,%r12
> > > > 0x7fe9c69d595 <change+37>:      mov    %rdi,%r14
> > > > 0x7fe9c69d598
> > > > <change+40>:      mov    2174785(%rip),%rax        #
> > > > 0x7fe9c8b04e0 <__guard_local>
> > > > 0x7fe9c69d59f
> > > > <change+47>:      mov    %rax,0xffffffffffffffd0(%rbp)
> > > > 0x7fe9c69d5a3 <change+51>:      xorps  %xmm0,%xmm0
> > > > 0x7fe9c69d5a6 <change+54>:      movaps
> > > > %xmm0,0xffffffffffffffc0(%rbp)
> > > > 0x7fe9c69d5aa <change+58>:      movaps
> > > > %xmm0,0xffffffffffffffb0(%rbp)
> > > > 0x7fe9c69d5ae <change+62>:      movaps
> > > > %xmm0,0xffffffffffffffa0(%rbp)
> > > > 0x7fe9c69d5b2 <change+66>:      movaps
> > > > %xmm0,0xffffffffffffff90(%rbp)
> > > > 0x7fe9c69d5b6 <change+70>:      movaps
> > > > %xmm0,0xffffffffffffff80(%rbp)
> > > > 0x7fe9c69d5ba <change+74>:      movaps
> > > > %xmm0,0xffffffffffffff70(%rbp)
> > > > 0x7fe9c69d5c1 <change+81>:      movaps
> > > > %xmm0,0xffffffffffffff60(%rbp)
> > > > 0x7fe9c69d5c8 <change+88>:      movaps
> > > > %xmm0,0xffffffffffffff50(%rbp)
> > > > 0x7fe9c69d5cf <change+95>:      movaps
> > > > %xmm0,0xffffffffffffff40(%rbp)
> > > > 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
> > >
> > > This is confirms the guess, the kadm5 handle is NULL.  We now
> > > need
> > > debugging
> > > symbols.
> > >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: kpasswdd dumps on OpenBSD6.3

Viktor Dukhovni-2


> On Aug 5, 2018, at 12:33 PM, ASV <[hidden email]> wrote:
>
> Here we go:
>
> (gdb) frame 2
> #2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080, admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7ffffe0968, sa_size=16, in_data=0x7f7ffffe0310) at kpasswdd.c:410
> 410         ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp);
> (gdb) p kadm5_handle
> $1 = (void *) 0x0

OK, so no need for a debugging version of the libkadm5srv.so library, ...
Passing it a NULL kadm5_handle is expected to segfault.  The kpasswdd
program should not be doing that!

So the question is how the handle ended up being NULL without kpasswdd
bailing out earlier.

The function that creates the handle is kadm5_init_with_password_ctx(),
which after a bit of indirection ends up in kadm5_s_init_with_context():

 99     ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
100     if (ret == 0)
101         ret = _kadm5_acl_init(ctx);
102     if (ret)
103         kadm5_s_destroy(ctx);
104     else
105         *server_handle = ctx;
106     return 0;

Line 106 of that function is incorrect.  It should be "return ret",
NOT "return 0".  If either krb5_parse_name() or _kadm5_acl_init()
fail, you'll end up with a NULL kadm5 handle, and a success (0)
return code.

Most likely there's some sort of problem with your admin ACL file.
And we need to fix line 106 of "lib/kadm5/init_s.c".

Thanks for the problem report.

--
--
        Viktor.

12