[cups.bugs] [HIGH] STR #3434: cupsd crashes when keytab does not match kerberos tickets encryption type

Mon Nov 30 10:51:37 PST 2009

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

When doing a Kerberos authenticated request against a CUPS 1.4.1 server
from a CUPS 1.4.1 client the server crashes.
We found out why, but it would be nice if a developer could write some
code to handle the exception and print an error instead of the deamon
crashing. Othervise someone might accidentaly or deliberately bring down
the printing service.

Im also attaching a debug2 error_log from a request where the server
crashes.

root at fuligula:/etc/cups# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: korintep at USER.UU.SE

Valid starting     Expires            Service principal
11/30/09 14:45:36  12/01/09 00:45:47  krbtgt/USER.UU.SE at USER.UU.SE
        renew until 12/01/09 14:45:36, Etype (skey, tkt): AES-256 CTS mode
with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
11/30/09 14:50:40  12/01/09 00:45:47  HOST/fuligula.user.uu.se at USER.UU.SE
        renew until 12/01/09 14:45:36, Etype (skey, tkt): AES-256 CTS mode
with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC

root at fuligula:/etc/cups# klist -k /etc/krb5.keytab -e
Keytab name: WRFILE/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   3 HOST/fuligula.user.uu.se at USER.UU.SE (ArcFour with HMAC/md5)

root at fuligula:/etc/cups# kvno -k /etc/krb5.keytab -S HOST
fuligula.user.uu.se
kvno: Key table entry not found while decrypting ticket for
HOST/fuligula.user.uu.se at USER.UU.SE
HOST/fuligula.user.uu.se at USER.UU.SE: kvno = 5, keytab entry invalid

Link: http://www.cups.org/str.php?L3434
Version: 1.4.1
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: local authorised print - crashdebug.txt
URL: <http://lists.cups.org/pipermail/cups-devel/attachments/20091130/ac4d47d0/attachment.txt>