cupsd crashes when keytab does not match kerberos tickets encryption type

[michaelrsweet]

Version: 1.4.1
CUPS.org User: henriccarlstrom

When doing a Kerberos authenticated request against a CUPS 1.4.1 server from a CUPS 1.4.1 client the server crashes.
We found out why, but it would be nice if a developer could write some code to handle the exception and print an error instead of the deamon crashing. Othervise someone might accidentaly or deliberately bring down the printing service.

Im also attaching a debug2 error_log from a request where the server crashes.

root@fuligula:/etc/cups# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: korintep@USER.UU.SE

Valid starting Expires Service principal
11/30/09 14:45:36 12/01/09 00:45:47 krbtgt/USER.UU.SE@USER.UU.SE
renew until 12/01/09 14:45:36, Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
11/30/09 14:50:40 12/01/09 00:45:47 HOST/fuligula.user.uu.se@USER.UU.SE
renew until 12/01/09 14:45:36, Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC

root@fuligula:/etc/cups# klist -k /etc/krb5.keytab -e
Keytab name: WRFILE/etc/krb5.keytab
KVNO Principal

---

3 HOST/fuligula.user.uu.se@USER.UU.SE (ArcFour with HMAC/md5)

root@fuligula:/etc/cups# kvno -k /etc/krb5.keytab -S HOST fuligula.user.uu.se
kvno: Key table entry not found while decrypting ticket for HOST/fuligula.user.uu.se@USER.UU.SE
HOST/fuligula.user.uu.se@USER.UU.SE: kvno = 5, keytab entry invalid

[michaelrsweet]

CUPS.org User: henriccarlstrom

Suggested error:
krb5_keytab_badvno
Unsupported key table format version number other errors

[michaelrsweet]

CUPS.org User: mike

We need a backtrace from a debugger - the log file isn't enough to isolate the crash. All of the code in cupsdAuthorize is checking for return values from the GSSAPI functions, so we need the backtrace to determine why cupsd is crashing.

Thanks!

PS, you can get a backtrace by running cupsd in the debugger with:

sudo gdb /usr/sbin/cupsd
run -f
where

[michaelrsweet]

CUPS.org User: henriccarlstrom

It this enough?

---------- CUT ----------
root@cups:/etc# sudo gdb /usr/sbin/cupsd
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/sbin/cupsd...(no debugging symbols found)...done.
(gdb) run -f
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
where

Program received signal SIGSEGV, Segmentation fault.
0x004994d6 in ?? () from /usr/lib/libkrb5.so.3
(gdb) where
#0 0x004994d6 in ?? () from /usr/lib/libkrb5.so.3
#1 0x0049913c in krb5_rd_req () from /usr/lib/libkrb5.so.3
#2 0x00411adc in ?? () from /usr/lib/libgssapi_krb5.so.2
#3 0x00412bd9 in ?? () from /usr/lib/libgssapi_krb5.so.2
#4 0x004085a0 in gss_accept_sec_context () from /usr/lib/libgssapi_krb5.so.2
#5 0x0069dd0b in ?? () from /usr/sbin/cupsd
#6 0x006a6b2f in cupsdReadClient () from /usr/sbin/cupsd
#7 0x006e67d0 in ?? () from /usr/sbin/cupsd
#8 0x006b9191 in main () from /usr/sbin/cupsd
(gdb)
---------- CUT ----------

[michaelrsweet]

CUPS.org User: mike

Thanks, yes, that's exactly what we needed. The crash is happening inside the Kerberos library, so you'll need to file a bug upstream with Ubuntu to get a fix to the krb5 packages.