[cups.bugs] [HIGH] STR #3434: cupsd crashes when keytab does not match kerberos tickets encryption type
Henric Carlström
henric.carlstrom at ricoh.se
Mon Nov 30 10:51:37 PST 2009
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
When doing a Kerberos authenticated request against a CUPS 1.4.1 server
from a CUPS 1.4.1 client the server crashes.
We found out why, but it would be nice if a developer could write some
code to handle the exception and print an error instead of the deamon
crashing. Othervise someone might accidentaly or deliberately bring down
the printing service.
Im also attaching a debug2 error_log from a request where the server
crashes.
root at fuligula:/etc/cups# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: korintep at USER.UU.SE
Valid starting Expires Service principal
11/30/09 14:45:36 12/01/09 00:45:47 krbtgt/USER.UU.SE at USER.UU.SE
renew until 12/01/09 14:45:36, Etype (skey, tkt): AES-256 CTS mode
with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
11/30/09 14:50:40 12/01/09 00:45:47 HOST/fuligula.user.uu.se at USER.UU.SE
renew until 12/01/09 14:45:36, Etype (skey, tkt): AES-256 CTS mode
with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
root at fuligula:/etc/cups# klist -k /etc/krb5.keytab -e
Keytab name: WRFILE/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
3 HOST/fuligula.user.uu.se at USER.UU.SE (ArcFour with HMAC/md5)
root at fuligula:/etc/cups# kvno -k /etc/krb5.keytab -S HOST
fuligula.user.uu.se
kvno: Key table entry not found while decrypting ticket for
HOST/fuligula.user.uu.se at USER.UU.SE
HOST/fuligula.user.uu.se at USER.UU.SE: kvno = 5, keytab entry invalid
Link: http://www.cups.org/str.php?L3434
Version: 1.4.1
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: local authorised print - crashdebug.txt
URL: <https://lists.cups.org/pipermail/cups/attachments/20091130/ac4d47d0/attachment.txt>
More information about the cups
mailing list