Package: autofs-ldap Version: 5.1.2-4 Severity: grave Justification: renders package unusable
Good morning. After the latest upgrade of libkrb5-3 (1.16.1-1 -> 1.16.2-1) automount starts but dies immediately after accessing a automounter point. Automount is configured to authenticate via GSSAPI using system keytab. After the GSSAPI authentication succeeded, any access to a configure automount entry causes automount to die with an assertion failure (followed by an abort()): root@dagon:~# /usr/sbin/automount -d -f Starting automounter version 5.1.2, master map /etc/auto.master using kernel protocol version 5.03 lookup_nss_read_master: reading master file /etc/auto.master do_init: parse(sun): init gathered global options: (null) lookup_read_master: lookup(file): read entry /home master_do_mount: mounting /home automount_path_to_fifo: fifo name /var/run/autofs.fifo-home lookup_nss_read_map: reading map ldap ldap:automountmapname=auto.home,cn=badphish,cn=automount,dc=badphish,dc=ypbind,dc=de parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:automountmapname=auto.home,cn=badphish,cn=automount,dc=badphish,dc=ypbind,dc=de". parse_server_string: lookup(ldap): server "(default)", base dn "automountmapname=auto.home,cn=badphish,cn=automount,dc=badphish,dc=ypbind,dc=de" parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 1, tls_required: 0, auth_required: 2, sasl_mech: GSSAPI parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: host/dagon.badphish.ypbind...@badphish.ypbind.de credential cache: (null) do_init: parse(sun): init gathered global options: rw,hard,intr,nosuid find_server: trying server uri ldap://ipa-1.badphish.ypbind.de do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_do_kinit: initializing kerberos ticket: client principal host/dagon.badphish.ypbind...@badphish.ypbind.de sasl_do_kinit: calling krb5_parse_name on client principal host/dagon.badphish.ypbind...@badphish.ypbind.de sasl_do_kinit: Using tgs name krbtgt/badphish.ypbind...@badphish.ypbind.de sasl_do_kinit: Kerberos authentication was successful! sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI sasl_log_func: GSSAPI client step 1 getuser_func: called with context (nil), id 16385. sasl_log_func: GSSAPI client step 1 getuser_func: called with context (nil), id 16385. sasl_log_func: GSSAPI client step 2 sasl_bind_mech: sasl bind with mechanism GSSAPI succeeded do_bind: lookup(ldap): autofs_sasl_bind returned 0 get_query_dn: lookup(ldap): found query dn automountmapname=auto.home,cn=badphish,cn=automount,dc=badphish,dc=ypbind,dc=de connected to uri ldap://ipa-1.badphish.ypbind.de read_one_map: lookup(ldap): searching for "(objectclass=automount)" under "automountmapname=auto.home,cn=badphish,cn=automount,dc=badphish,dc=ypbind,dc=de" do_get_entries: lookup(ldap): examining entries do_get_entries: lookup(ldap): failed to get next entry for query (objectclass=automount) read_one_map: lookup(ldap): done updating map remount_active_mount: trying to re-connect to mount /home mounted indirect on /home with timeout 300, freq 75 seconds remount_active_mount: re-connected to mount /home st_ready: st_ready(): state = 0 path /home ghosting enabled handle_packet: type = 3 handle_packet_missing_indirect: token 3, name maus, request pid 6541 attempting to mount entry /home/maus lookup_mount: lookup(ldap): looking up maus do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI sasl_log_func: GSSAPI client step 1 getuser_func: called with context (nil), id 16385. k5_mutex_lock: Received error 22 (Invalid argument) automount: ../../../../src/include/k5-thread.h:376: k5_mutex_lock: Assertion `r == 0' failed. Aborted (core dumped) Backtrace of the core dump: root@dagon:~# gdb /usr/sbin/automount /core GNU gdb (Debian 8.2-1) 8.2 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/sbin/automount...(no debugging symbols found)...done. [New LWP 6542] [New LWP 6521] [New LWP 6522] [New LWP 6523] [New LWP 6526] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/sbin/automount -d -f'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. [Current thread is 1 (Thread 0x7f80f0a69700 (LWP 6542))] (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f80f4863535 in __GI_abort () at abort.c:79 #2 0x00007f80f486340f in __assert_fail_base (fmt=0x7f80f49c5ee8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7f80f18e7029 "r == 0", file=0x7f80f18e6f58 "../../../../src/include/k5-thread.h", line=376, function=<optimized out>) at assert.c:92 #3 0x00007f80f48710a2 in __GI___assert_fail (assertion=0x7f80f18e7029 "r == 0", file=0x7f80f18e6f58 "../../../../src/include/k5-thread.h", line=376, function=0x7f80f18e7040 "k5_mutex_lock") at assert.c:101 #4 0x00007f80f188bea3 in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 #5 0x00007f80f188c677 in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 #6 0x00007f80f1894776 in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 #7 0x00007f80f188d2bd in krb5_cccol_have_content () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 #8 0x00007f80f1651b63 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #9 0x00007f80f1651e18 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #10 0x00007f80f1651f4c in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #11 0x00007f80f1654d9f in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #12 0x00007f80f1659a08 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #13 0x00007f80f165a702 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #14 0x00007f80f164522b in gss_init_sec_context () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 #15 0x00007f80f0b11637 in ?? () from /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so #16 0x00007f80f194502d in sasl_client_step () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 #17 0x00007f80f1945644 in sasl_client_start () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 #18 0x00007f80f19ee6c4 in sasl_bind_mech () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so #19 0x00007f80f19eea73 in autofs_sasl_bind () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so #20 0x00007f80f19e66cd in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so #21 0x00007f80f19e71c6 in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so #22 0x00007f80f19eab40 in lookup_mount () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so #23 0x0000561142bcc0ed in do_lookup_mount () #24 0x0000561142bcce39 in lookup_nss_mount () #25 0x0000561142bc2e25 in ?? () #26 0x00007f80f4bd0fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486 #27 0x00007f80f493a88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) bt full #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 set = {__val = {18446744067266836999, 140191557793744, 140191769960000, 140191835330183, 4222451712, 140191557793744, 140191557793744, 140191557793744, 140191557793744, 140191557793838, 140191557793844, 140191557793744, 140191557793844, 0, 0, 0}} pid = <optimized out> tid = <optimized out> ret = <optimized out> #1 0x00007f80f4863535 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x7f80e400b7d0, sa_sigaction = 0x7f80e400b7d0}, sa_mask = {__val = {0, 140191557746720, 140191836388992, 0, 0, 0, 140191769959656, 21474836480, 140191769959504, 140191836445360, 140191836430056, 0, 958733083460192768, 140191836414906, 0, 140191836430056}}, sa_flags = -242323624, sa_restorer = 0x7f80f18e7029} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f80f486340f in __assert_fail_base (fmt=0x7f80f49c5ee8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7f80f18e7029 "r == 0", file=0x7f80f18e6f58 "../../../../src/include/k5-thread.h", line=376, function=<optimized out>) at assert.c:92 str = 0x7f80e400b7d0 "" total = 4096 #3 0x00007f80f48710a2 in __GI___assert_fail (assertion=0x7f80f18e7029 "r == 0", file=0x7f80f18e6f58 "../../../../src/include/k5-thread.h", line=376, function=0x7f80f18e7040 "k5_mutex_lock") at assert.c:101 No locals. #4 0x00007f80f188bea3 in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 No symbol table info available. #5 0x00007f80f188c677 in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 No symbol table info available. #6 0x00007f80f1894776 in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 No symbol table info available. #7 0x00007f80f188d2bd in krb5_cccol_have_content () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3 No symbol table info available. #8 0x00007f80f1651b63 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #9 0x00007f80f1651e18 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #10 0x00007f80f1651f4c in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #11 0x00007f80f1654d9f in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #12 0x00007f80f1659a08 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #13 0x00007f80f165a702 in ?? () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #14 0x00007f80f164522b in gss_init_sec_context () from /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 No symbol table info available. #15 0x00007f80f0b11637 in ?? () from /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so No symbol table info available. #16 0x00007f80f194502d in sasl_client_step () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 No symbol table info available. #17 0x00007f80f1945644 in sasl_client_start () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 No symbol table info available. #18 0x00007f80f19ee6c4 in sasl_bind_mech () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so No symbol table info available. #19 0x00007f80f19eea73 in autofs_sasl_bind () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so No symbol table info available. #20 0x00007f80f19e66cd in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so No symbol table info available. #21 0x00007f80f19e71c6 in ?? () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so No symbol table info available. #22 0x00007f80f19eab40 in lookup_mount () from /usr/lib/x86_64-linux-gnu/autofs/lookup_ldap.so No symbol table info available. #23 0x0000561142bcc0ed in do_lookup_mount () No symbol table info available. #24 0x0000561142bcce39 in lookup_nss_mount () No symbol table info available. #25 0x0000561142bc2e25 in ?? () No symbol table info available. #26 0x00007f80f4bd0fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486 ret = <optimized out> pd = <optimized out> now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140191769990912, 2798758188214480326, 140191794821246, 140191794821247, 140191769990912, 0, -2749782977331499578, -2749791975297290810}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #27 0x00007f80f493a88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals. System keytab is valid and can be used to get a TGT: root@dagon:~# klist klist: No credentials cache found (filename: /tmp/krb5cc_0) root@dagon:~# kinit -kt /etc/krb5.keytab root@dagon:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: host/dagon.badphish.ypbind...@badphish.ypbind.de Valid starting Expires Service principal 01/03/2019 08:01:57 01/04/2019 08:01:57 krbtgt/badphish.ypbind...@badphish.ypbind.de Other "buster" systems using the previous version of libkrb5-3 (1.16.1-1) are working fine. So long, Andreas. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages autofs-ldap depends on: ii autofs 5.1.2-4 ii libc6 2.28-2 ii libcom-err2 1.44.5-1 ii libk5crypto3 1.16.2-1 ii libkrb5-3 1.16.2-1 ii libldap-2.4-2 2.4.47+dfsg-1 ii libsasl2-2 2.1.27~rc8-1 ii libxml2 2.9.4+dfsg1-7+b3 autofs-ldap recommends no packages. autofs-ldap suggests no packages. -- Configuration Files: /etc/autofs_ldap_auth.conf changed: <?xml version="1.0" ?> <!-- Managed by ansible This files contains a single entry with multiple attributes tied to it. See autofs_ldap_auth.conf(5) for more information. --> <autofs_ldap_sasl_conf usetls="yes" tlsrequired="no" authrequired="yes" authtype="GSSAPI" clientprinc="host/dagon.badphish.ypbind...@badphish.ypbind.de" /> -- no debconf information -- "Things that try to look like things often do look more like things than things. Well-known fact." Granny Weatherwax - "Wyrd sisters"
signature.asc
Description: PGP signature