On Wed, Jul 03, 2013 at 10:09:00AM +0200, Petter Reinholdtsen wrote: > The machine in question get a short hostname (ltsp4115 or similar), and > while kinit is able to use the settings in /etc/resolv.conf to figure > out the Kerberos realm (using SRV records in DNS), krb5-auth-dialog is > not.
Is it possible that kinit is from MIT Kerberos? krb5-auth-dialog is linked against heimdal and these might behave differently in these regards. > Thus when I klick on the panel icon to ask for a kerberos ticket, > instead of getting the password dialog prompt, I get a dialog stating > that it could not find the realm. The dialog states (translated from > Norwegian): > > Kerberos authentication error > > Could not get kerberos ticket: 'unable to find realm of host ltsp4115' > [OK] > > If I start a terminal and run kinit there, I can set a password but > krb5-auth-dialog imediately crashes. Here is the valgrind output from > the crash run: > > ==7338== Memcheck, a memory error detector > ==7338== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. > ==7338== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info > ==7338== Command: krb5-auth-dialog > ==7338== > ==7338== Conditional jump or move depends on uninitialised value(s) > ==7338== at 0x551751E: ??? (in > /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0) > ==7338== by 0x5503987: ??? (in > /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0) > ==7338== by 0x54BA133: pixman_image_composite32 (in > /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0) > ==7338== by 0x5134A1C: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x5178EEB: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x5169554: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x516A03E: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x7F: ??? > ==7338== > ==7338== Conditional jump or move depends on uninitialised value(s) > ==7338== at 0x551778E: ??? (in > /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0) > ==7338== by 0x5503987: ??? (in > /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0) > ==7338== by 0x54BA133: pixman_image_composite32 (in > /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0) > ==7338== by 0x5134A1C: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x5178EEB: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x5169554: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x516A03E: ??? (in > /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2) > ==7338== by 0x51A: ??? > ==7338== > ==7338== Conditional jump or move depends on uninitialised value(s) > ==7338== at 0x7EE7621: ??? (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1) > ==7338== by 0x7EE8485: rsvg_handle_get_pixbuf_sub (in > /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1) > ==7338== by 0x7EE8502: rsvg_handle_get_pixbuf (in > /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1) > ==7338== by 0x5BD9ACF: ??? (in > /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so) > ==7338== by 0x4F632BA: gdk_pixbuf_loader_close (in > /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1) > ==7338== by 0x4F5F14C: ??? (in > /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1) > ==7338== by 0x4F60CA6: gdk_pixbuf_new_from_stream_at_scale (in > /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1) > ==7338== by 0x42B877D: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2) > ==7338== by 0x42BB7E0: gtk_icon_info_load_icon (in > /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2) > ==7338== by 0x42BBD14: gtk_icon_info_load_symbolic_for_context (in > /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2) > ==7338== by 0x42B65F5: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2) > ==7338== by 0x43744FE: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2) > ==7338== > ** Message: No plugins to load > > ** (krb5-auth-dialog:7338): WARNING **: Could not initialize NMClient > /org/freedesktop/NetworkManager: The name org.freedesktop.NetworkManager was > not provided by any .service files > > (krb5-auth-dialog:7338): GLib-GIO-CRITICAL **: GApplication subclass > 'KaApplet' failed to chain up on ::startup (from start of override function) > ==7338== Invalid read of size 4 > ==7338== at 0x40F3F47: krb5_principal_compare (in > /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0) I'd be good to know the values of the parameters krb5_principal_compare call in ka-kerberos.c. A gdb backtrace should hopefully reveal them. -- Guido > ==7338== by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog) > ==7338== by 0x53ED20C: ffi_call (in > /usr/lib/i386-linux-gnu/libffi.so.5.0.10) > ==7338== by 0x4810C79: g_cclosure_marshal_generic_va (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x4810120: ??? (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x4829278: g_signal_emit_valist (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x4829CD2: g_signal_emit (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x46EDA70: ??? (in > /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4) > ==7338== by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== by 0x48A26D2: g_main_context_dispatch (in > /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== by 0x48A2B50: g_main_context_iteration (in > /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== Address 0x0 is not stack'd, malloc'd or (recently) free'd > ==7338== > ==7338== > ==7338== Process terminating with default action of signal 11 (SIGSEGV) > ==7338== Access not within mapped region at address 0x0 > ==7338== at 0x40F3F47: krb5_principal_compare (in > /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0) > ==7338== by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog) > ==7338== by 0x53ED20C: ffi_call (in > /usr/lib/i386-linux-gnu/libffi.so.5.0.10) > ==7338== by 0x4810C79: g_cclosure_marshal_generic_va (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x4810120: ??? (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x4829278: g_signal_emit_valist (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x4829CD2: g_signal_emit (in > /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4) > ==7338== by 0x46EDA70: ??? (in > /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4) > ==7338== by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== by 0x48A26D2: g_main_context_dispatch (in > /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== by 0x48A2B50: g_main_context_iteration (in > /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4) > ==7338== If you believe this happened as a result of a stack > ==7338== overflow in your program's main thread (unlikely but > ==7338== possible), you can try to increase the size of the > ==7338== main thread stack using the --main-stacksize= flag. > ==7338== The main thread stack size used in this run was 8388608. > ==7338== > ==7338== HEAP SUMMARY: > ==7338== in use at exit: 1,620,516 bytes in 23,147 blocks > ==7338== total heap usage: 83,987 allocs, 60,840 frees, 6,257,291 bytes > allocated > ==7338== > ==7338== LEAK SUMMARY: > ==7338== definitely lost: 1,792 bytes in 6 blocks > ==7338== indirectly lost: 6,460 bytes in 320 blocks > ==7338== possibly lost: 1,041,607 bytes in 14,392 blocks > ==7338== still reachable: 570,657 bytes in 8,429 blocks > ==7338== suppressed: 0 bytes in 0 blocks > ==7338== Rerun with --leak-check=full to see details of leaked memory > ==7338== > ==7338== For counts of detected and suppressed errors, rerun with: -v > ==7338== Use --track-origins=yes to see where uninitialised values come from > ==7338== ERROR SUMMARY: 11 errors from 4 contexts (suppressed: 177 from 12) > > Can you change krb5-auth-dialog to use the same algorithm as kinit to > figure out the realm, to get it working also for hosts without a domain > part in their name? > > Can you fix the crash? > > And if you are able to fix these things, can you fix them in Wheezy too? > > -- > Happy hacking > Petter Reinholdtsen > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
