Your message dated Mon, 5 Sep 2022 09:47:28 +1000
with message-id <[email protected]>
and subject line Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit'
on the command line
has caused the Debian Bug report #715030,
regarding Fails to lookup kdc from DNS with short hostname
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
715030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715030
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: krb5-auth-dialog
Version: 3.2.1-1
Severity: important
User: [email protected]
Usertags: debian-edu
On a Debian Edu Wheezy diskless workstation, a user login end up without
a working Kerberos ticket (because it uses ldm which in turn do not
handle PAM properly), and this in turn exposes a crash bug in
krb5-auth-dialog.
The machine in question get a short hostname (ltsp4115 or similar), and
while kinit is able to use the settings in /etc/resolv.conf to figure
out the Kerberos realm (using SRV records in DNS), krb5-auth-dialog is
not.
Thus when I klick on the panel icon to ask for a kerberos ticket,
instead of getting the password dialog prompt, I get a dialog stating
that it could not find the realm. The dialog states (translated from
Norwegian):
Kerberos authentication error
Could not get kerberos ticket: 'unable to find realm of host ltsp4115'
[OK]
If I start a terminal and run kinit there, I can set a password but
krb5-auth-dialog imediately crashes. Here is the valgrind output from
the crash run:
==7338== Memcheck, a memory error detector
==7338== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==7338== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==7338== Command: krb5-auth-dialog
==7338==
==7338== Conditional jump or move depends on uninitialised value(s)
==7338== at 0x551751E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338== by 0x5503987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338== by 0x54BA133: pixman_image_composite32 (in
/usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338== by 0x5134A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x5178EEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x5169554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x516A03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x7F: ???
==7338==
==7338== Conditional jump or move depends on uninitialised value(s)
==7338== at 0x551778E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338== by 0x5503987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338== by 0x54BA133: pixman_image_composite32 (in
/usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338== by 0x5134A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x5178EEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x5169554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x516A03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338== by 0x51A: ???
==7338==
==7338== Conditional jump or move depends on uninitialised value(s)
==7338== at 0x7EE7621: ??? (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==7338== by 0x7EE8485: rsvg_handle_get_pixbuf_sub (in
/usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==7338== by 0x7EE8502: rsvg_handle_get_pixbuf (in
/usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==7338== by 0x5BD9ACF: ??? (in
/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so)
==7338== by 0x4F632BA: gdk_pixbuf_loader_close (in
/usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==7338== by 0x4F5F14C: ??? (in
/usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==7338== by 0x4F60CA6: gdk_pixbuf_new_from_stream_at_scale (in
/usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==7338== by 0x42B877D: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338== by 0x42BB7E0: gtk_icon_info_load_icon (in
/usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338== by 0x42BBD14: gtk_icon_info_load_symbolic_for_context (in
/usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338== by 0x42B65F5: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338== by 0x43744FE: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338==
** Message: No plugins to load
** (krb5-auth-dialog:7338): WARNING **: Could not initialize NMClient
/org/freedesktop/NetworkManager: The name org.freedesktop.NetworkManager was
not provided by any .service files
(krb5-auth-dialog:7338): GLib-GIO-CRITICAL **: GApplication subclass 'KaApplet'
failed to chain up on ::startup (from start of override function)
==7338== Invalid read of size 4
==7338== at 0x40F3F47: krb5_principal_compare (in
/usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
==7338== by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog)
==7338== by 0x53ED20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
==7338== by 0x4810C79: g_cclosure_marshal_generic_va (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x4810120: ??? (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x4829278: g_signal_emit_valist (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x4829CD2: g_signal_emit (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x46EDA70: ??? (in
/usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
==7338== by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== by 0x48A26D2: g_main_context_dispatch (in
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== by 0x48A2B50: g_main_context_iteration (in
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7338==
==7338==
==7338== Process terminating with default action of signal 11 (SIGSEGV)
==7338== Access not within mapped region at address 0x0
==7338== at 0x40F3F47: krb5_principal_compare (in
/usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
==7338== by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog)
==7338== by 0x53ED20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
==7338== by 0x4810C79: g_cclosure_marshal_generic_va (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x4810120: ??? (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x4829278: g_signal_emit_valist (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x4829CD2: g_signal_emit (in
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338== by 0x46EDA70: ??? (in
/usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
==7338== by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== by 0x48A26D2: g_main_context_dispatch (in
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== by 0x48A2B50: g_main_context_iteration (in
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338== If you believe this happened as a result of a stack
==7338== overflow in your program's main thread (unlikely but
==7338== possible), you can try to increase the size of the
==7338== main thread stack using the --main-stacksize= flag.
==7338== The main thread stack size used in this run was 8388608.
==7338==
==7338== HEAP SUMMARY:
==7338== in use at exit: 1,620,516 bytes in 23,147 blocks
==7338== total heap usage: 83,987 allocs, 60,840 frees, 6,257,291 bytes
allocated
==7338==
==7338== LEAK SUMMARY:
==7338== definitely lost: 1,792 bytes in 6 blocks
==7338== indirectly lost: 6,460 bytes in 320 blocks
==7338== possibly lost: 1,041,607 bytes in 14,392 blocks
==7338== still reachable: 570,657 bytes in 8,429 blocks
==7338== suppressed: 0 bytes in 0 blocks
==7338== Rerun with --leak-check=full to see details of leaked memory
==7338==
==7338== For counts of detected and suppressed errors, rerun with: -v
==7338== Use --track-origins=yes to see where uninitialised values come from
==7338== ERROR SUMMARY: 11 errors from 4 contexts (suppressed: 177 from 12)
Can you change krb5-auth-dialog to use the same algorithm as kinit to
figure out the realm, to get it working also for hosts without a domain
part in their name?
Can you fix the crash?
And if you are able to fix these things, can you fix them in Wheezy too?
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
Getting confused tracking this bug. But is so old, will assume fixed.
If it is not fixed, we need to open a new bug report upstream.
--
Brian May <[email protected]>
--- End Message ---
