Closed msimacek closed 9 years ago
Debugging note: When calling gss_display_name_ext()
, input_name->name_type->elements
needs to exist; in this case, the problem is that input_name->name_type
is NULL
.
This doesn't seem to be our fault -- the problem seems to be that krb5 doesn't do a NULL
check before using the g_OID_equal
macro (see src/lib/gssapi/mechglue/g_dsp_name_ext.c
lines 97 and 117).
A workaround here is tricky -- we shouldn't prevent display_as
when Name#name_type
returns None
, since this should work (it will return an error in MIT krb5, but it should be valid).
Furthermore, testing seems to indicate that for a mechanism name (canonical name), display_name
(which is used to fetch the name type) will always return NameType.kerberos_principal
, even if the underlying C name->name_type
value is NULL
(see lib/gssapi/mechglue/g_dsp_name.c:94-103 and lib/gssapi/krb5/disp_name.c:38.
We should put in a patch to MIT krb5, but in the mean time, I'm open to suggestions.
Let's patch MIT, and go from there. I'd really like to not have to care about this issue in our codebase, and if they can include the fix in an incremental that would be ideal.
I'll try to get to writing a patch later this week
Relevant: https://github.com/krb5/krb5/pull/320
We really don't want to have to do a version check in the main code, so I think we're stuck with writing something to the effect of "unless you're on 1.13.3+ or you can guarantee that your name was actually created with a name_type (you can't just check name_type for reasons specified above), do not use display_as
(P.S. you probably don't want to use it anyway, since it doesn't do what you think it does in krb5 anyways)."
I'm hopefully using the correct type this time but still getting segfault. Also seems to happen with other name types. Reproducer: python -c 'import gssapi as g;n=g.Name("x");n.display_as(g.NameType.kerberos_principal)'
Stack:
0 0x00007fffef31a46f in gss_display_name_ext () from /lib64/libgssapi_krb5.so.2
1 0x00007fffeb29416d in __pyx_pw_6gssapi_3raw_11ext_rfc6680_1display_name_ext ()
from /usr/lib64/python2.7/site-packages/gssapi/raw/ext_rfc6680.so
2 0x00007ffff7af28be in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
3 0x00007ffff7af2666 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
4 0x00007ffff7af36b4 in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
5 0x00007ffff7af37d9 in PyEval_EvalCode () from /lib64/libpython2.7.so.1.0
6 0x00007ffff7b0cbdf in run_mod () from /lib64/libpython2.7.so.1.0
7 0x00007ffff7b0da54 in PyRun_StringFlags () from /lib64/libpython2.7.so.1.0
8 0x00007ffff7b0f36b in PyRun_SimpleStringFlags () from /lib64/libpython2.7.so.1.0
9 0x00007ffff7b20b80 in Py_Main () from /lib64/libpython2.7.so.1.0
10 0x00007ffff6d3f630 in __libc_start_main () from /lib64/libc.so.6
11 0x0000555555554839 in _start ()
Version info: Running freshly installed Fedora Rawhide. python-gssapi-1.1.2-1.fc24.x86_64 krb5-libs-1.13.2-6.fc23.x86_64