A perl program crashes in libkrb5.so.3.3 library when calling credential cache functions using the Authen::Krb5 module

Solution Verified - Updated -

Issue

  • A perl program crashes in libkrb5.so.3.3 library when calling credential cache functions using the Authen::Krb5 module
  • The program:

#!/usr/bin/perl
#
#
use Authen::Krb5;

sub get_tgt_keytab
{
    my ($client, $server, @a, $ccname, $keytab, $err);
    undef $retval;

    my $context = Authen::Krb5::init_context();
    Authen::Krb5::init_ets();

    # Our admin user
    $client = Authen::Krb5::parse_name('testprinc');
    if ( ! $client ) {
        $retval = "ERROR: Unable to parse principal name!";
        goto CLEANUP;
    }#/* if */

    ## We're getting just a TGT service ticket
    #$server = Authen::Krb5::parse_name('krbtgt/FOOBAR.TEST');
    #if ( ! $server ) {
    #    $retval = "ERROR: Unable to parse TGT name!";
    #    goto CLEANUP;
    #}#/* if */

    my $cache_name;
    # Setup the credentials cache
    do {
        @a = (0 .. 9, 'a' .. 'z', 'A' .. 'Z');
        $ccname = join '', map { $a[int rand @a] } 0 .. 7;
        $cache_name = "/tmp/reghost_$ccname";
    } until (! -e $cache_name );

    # Set KRB5CCNAME environment
    $ENV{KRB5CCNAME} = $cache_name;

    $cc = Authen::Krb5::cc_resolve($cache_name);

    if ( ! $cc ) {
        $retval="ERROR: Unable to resolve cache!";
        goto CLEANUP;  
    }#/* if */

    $cc->initialize($client);

    # Set KRB5CCNAME environment
    $ENV{KRB5CCNAME} = $cc->get_name();

    # What keytab we're using - use the cron keytab by default...
    $keytab = Authen::Krb5::kt_resolve('FILE:/etc/cron.keytab');

    if ( ! $keytab ) {
        $retval = "ERROR: Unable to resolve keytab!";
        goto CLEANUP;
    }#/* if */

    # Get our TGT and store it in our credentials cache...
    my $creds = Authen::Krb5::get_init_creds_keytab($client,$keytab);
    if (defined($creds)) {
        if ($cc) {
            $cc->store_cred($creds);
        }#/* if */   
    } else {
        $retval = "ERROR: Unable to get TGT from keytab!";
        goto CLEANUP;
    }#/* if-else */

CLEANUP:
    if ($context) {
        Authen::Krb5::free_context();
    }# /* if */
    if (! defined($retval) ){
        return($cc);
    } else {
        if ($cc) {
            $cc->destroy;
        }# /* if */
        return($retval);
    }#/* if-else */
}

for ($count = 0; $count <= 100000; $count++) {
    print "$count\n";
    my $cc =  get_tgt_keytab();
    if (($cc) && $cc =~ /ERROR/) {
        print $cc;
    } elsif ($cc) {
        $cc->destroy;
    }# /* if-else */
}# /* for */

Environment

  • Red Hat Enterprise Linux 5
  • perl
  • krb5-libs
  • Authen::perl module obtained using 'cpan install'

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content