** Description changed: This is a Focal-only SRU. [Impact (from https://bugzilla.samba.org/show_bug.cgi?id=14344#c2)] If there is a problem reading credential cache then smbclient can core with double free. e.g. something like smbclient -L //foo.bar.com can result in Enter TUX-NET\tux's password: Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found) *** Error in `smbclient': double free or corruption (fasttop): 0x0000560cd2ea8890 *** Aborted (core dumped) [Test Plan] Setting up a reproducer is not easy as the crash is not 100% reproducible, however the samba package ships with autopkgtests which - can be used for regression testing. + can be used for regression testing of the "base" samba functionalities, + but they do not cover integration with Kerberos. Proper testing requires + setting up a krb5 and making samba authenticate against with when the + krb5 credential cache is unresolved. Test PPA (amd64, ppc64el, s390x): https://launchpad.net/~paride/+archive/ubuntu/samba-lp1892145 [Regression Potential] The patch is a cherry-pick from upstream and has a little and well defined scope: it removes a free() in a given situation. The patch is a cherry-pick from upstream and has already been released in stable upstream branches and as such it's already shipped in a stable release of Ubuntu (Hirsute), in the current devel release (Impish) and in Debian Bullseye (currently testing). Therefore it can be considered field tested. The patch doesn't modify the behavior of any interface or user- facing component. The regression potential can be considered low. [Development Fix] The patch is included in the following upstream and Ubuntu releases: * >= 4.11.9 * >= 4.12.3 * >= 4.13.0 (>= Hirsute) [Original Description] It is not possible anymore to connect anonymously to a Samba server, if there is a Kerberos environment. It does not matter if there is a valid Kerberos ticket or not. I'm using FreeIPA. This is with smbclient 2:4.11.6+dfsg-0ubuntu1.4 For example, $ smbclient -L '//dist.ghs.nl/space' -N Failed to resolve credential cache 'KEYRING:persistent:60001'! (Unknown credential cache type) free(): double free detected in tcache 2 Aborted (core dumped) On Ubuntu 18.04, with smbclient 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 it works as expected (albeit with many messages about failing krb5_init_context and smb_krb5_context_init_basic) The combination Samba + FreeIPA + Ubuntu has never worked since I started using FreeIPA a few years ago. But anonymous access to a Samba server did work, until I switched to Ubuntu 20.04.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: [SRU] smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
