A simple xrdfs stat using sss authentication reveals the problem: ``` (gdb) run eoshome-a.cern.ch stat /eos/ Starting program: /opt/eos/xrootd/bin/xrdfs eoshome-a.cern.ch stat /eos/ [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [New Thread 0x7ffff6ff1640 (LWP 2148217)] [New Thread 0x7ffff67f0640 (LWP 2148218)] [New Thread 0x7ffff5fef640 (LWP 2148219)] [New Thread 0x7ffff57ee640 (LWP 2148220)] [New Thread 0x7ffff4fed640 (LWP 2148221)] sec_Client: protocol request for host eoshome-a.cern.ch token='&P=krb5,[log in to unmask]&P=gsi,v:10400,c:ssl,ca:5168735f.0|4339b4bc.0&P=sss,0.13:/etc/eos.keytab&P=unixgin%' sec_PM: Loaded krb5 protocol object from libXrdSeckrb5.so sec_PM: Using krb5 protocol, [log in to unmask] Seckrb5: getCredentials Seckrb5: context lock Seckrb5: context locked Seckrb5: credentials cache unset Seckrb5: init context Seckrb5: cc set default name Seckrb5: cc default Seckrb5: get_krbCreds: err copying client name to creds; No credentials cache found sec_Client: protocol request for host eoshome-a.cern.ch token='&P=gsi,v:10400,c:ssl,ca:5168735f.0|4339b4bc.0&P=sss,0.13:/etc/eos.keytab&P=unixgin%' sec_PM: Loaded gsi protocol object from libXrdSecgsi.so Secgsi ------------------------------------------------------------------- Secgsi Mode: client Secgsi Debug: 1 Secgsi CA dir: /etc/grid-security/certificates/ Secgsi CA verification level: verifyss Secgsi CRL dir: /etc/grid-security/certificates/ Secgsi CRL extension: .r0 Secgsi CRL check level: try Secgsi CRL refresh time: 86400 Secgsi Certificate: /root/.globus/usercert.pem Secgsi Key: /root/.globus/userkey.pem Secgsi Proxy file: /tmp/x509up_u0 Secgsi Proxy validity: 12:00 Secgsi Proxy dep length: 0 Secgsi Proxy bits: 512 Secgsi Proxy sign option: 1 Secgsi Proxy delegation option: 0 Secgsi Pure Cert/Key authentication allowed Secgsi Allowed server names: [*/]<target host name>[/*] Secgsi Crypto modules: ssl Secgsi Ciphers: aes-128-cbc:bf-cbc:des-ede3-cbc Secgsi MDigests: sha1:md5 Secgsi Trusting DNS for hostname checking Secgsi ------------------------------------------------------------------- sec_PM: Using gsi protocol, args='v:10400,c:ssl,ca:5168735f.0|4339b4bc.0' 220614 13:14:36 2148217 cryptossl_X509::CertType: certificate has 10 extensions 220614 13:14:36 2148217 secgsi_VerifyCA: Warning: CA certificate not self-signed and integrity not checked: assuming OK (5168735f.0) 220614 13:14:36 2148217 cryptossl_X509::CertType: certificate has 10 extensions 220614 13:14:36 2148217 secgsi_QueryProxy: problems initializing proxy via external shell sec_Client: protocol request for host eoshome-a.cern.ch token='&P=sss,0.13:/etc/eos.keytab&P=unixgin%' sec_PM: Loaded sss protocol object from libXrdSecsss.so [New Thread 0x7fffeffff640 (LWP 2148222)] sec_sss: Client keytab='/etc/eos/fuse.sss.keytab' sec_PM: Using sss protocol, args='0.13:/etc/eos.keytab' sec_sss: getCreds: 0 ud: '' ip: '[::ffff:188.185.9.6]:33840' sec_sss: Encode keyid: 6752069312392986625 bytes 187 Thread 2 "xrdfs" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff6ff1640 (LWP 2148217)] 0x00007ffff736cf78 in EVP_CIPHER_CTX_set_key_length (c=0x7ffff00d2bb0, keylen=32) at crypto/evp/evp_enc.c:979 Downloading source file /usr/src/debug/openssl-3.0.1-18.el9.x86_64/crypto/evp/evp_enc.c... 979 if (c->cipher->prov != NULL) { ``` Full stack: ``` (gdb) where #0 0x00007ffff736cf78 in EVP_CIPHER_CTX_set_key_length (c=0x7ffff00d2bb0, keylen=32) at crypto/evp/evp_enc.c:979 #1 0x00007ffff47d155e in XrdCryptoLite_bf32::Encrypt (this=<optimized out>, key=0x7ffff6fef578 "\352=5\322\335d\255G\224\242\342\367I\237\323\304^\016\212Y\v\fO\370\242\004\234\276\302Dcl", keyLen=32, src=<optimized out>, srcLen=183, dst=0x7ffff0024ab0 "", dstLen=187) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCrypto/XrdCryptoLite_bf32.cc:157 #2 0x00007ffff47db10d in XrdSecProtocolsss::Encode (this=this@entry=0x7ffff0129930, einfo=einfo@entry=0x7ffff6fef850, encKey=..., rrHdr=rrHdr@entry=0x7ffff6fef480, rrDHdr=0x7ffff0128c30, dLen=dLen@entry=183) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSecsss/XrdSecProtocolsss.cc:501 #3 0x00007ffff47dc5e5 in XrdSecProtocolsss::getCredentials (this=0x7ffff0129930, parms=<optimized out>, einfo=0x7ffff6fef850) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSecsss/XrdSecProtocolsss.cc:693 #4 0x00007ffff7eaf4d5 in XrdCl::XRootDTransport::GetCredentials (this=<optimized out>, credentials=@0x7ffff6ff0108: 0x0, hsData=0x7ffff0000b60, info=0x48b020) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:2592 #5 0x00007ffff7eafd5a in XrdCl::XRootDTransport::DoAuthentication (this=0x48a2b0, hsData=0x7ffff0000b60, info=0x48b020) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:2345 #6 0x00007ffff7eb2723 in XrdCl::XRootDTransport::HandShakeMain (this=0x48a2b0, handShakeData=0x7ffff0000b60, channelData=...) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:539 #7 0x00007ffff7eb2a71 in XrdCl::XRootDTransport::HandShake (this=0x48a2b0, handShakeData=0x7ffff0000b60, channelData=...) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:439 #8 0x00007ffff7f2e5c8 in XrdCl::AsyncSocketHandler::HandleHandShake (this=0x48b560, msg=...) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClAsyncSocketHandler.cc:539 #9 0x00007ffff7f2e99b in XrdCl::AsyncSocketHandler::OnReadWhileHandshaking (this=0x48b560) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClAsyncSocketHandler.cc:527 #10 0x00007ffff7f2eda5 in XrdCl::AsyncSocketHandler::Event (this=0x48b560, type=1 '\001') at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClAsyncSocketHandler.cc:227 #11 0x00007ffff7e9c686 in (anonymous namespace)::SocketCallBack::Event (this=0x48bbd0, chP=<optimized out>, cbArg=<optimized out>, evFlags=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClPollerBuiltIn.cc:83 #12 0x00007ffff7c634f7 in XrdSys::IOEvents::Poller::CbkXeq (this=0x489010, cP=0x48bbf0, events=1, eNum=<optimized out>, eTxt=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSys/XrdSysIOEvents.cc:721 #13 0x00007ffff7c647ec in XrdSys::IOEvents::PollE::Dispatch (this=this@entry=0x489010, cP=0x48bbf0, pollEv=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/./XrdSys/XrdSysIOEventsPollE.icc:275 #14 0x00007ffff7c649e8 in XrdSys::IOEvents::PollE::Begin (this=0x489010, syncsem=<optimized out>, retcode=<optimized out>, eTxt=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/./XrdSys/XrdSysIOEventsPollE.icc:230 #15 0x00007ffff7c613cd in XrdSys::IOEvents::BootStrap::Start (parg=0x7fffffffcf60) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSys/XrdSysIOEvents.cc:149 #16 0x00007ffff7c699a8 in XrdSysThread_Xeq (myargs=0x485500) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSys/XrdSysPthread.cc:86 #17 0x00007ffff778e83a in start_thread (arg=<optimized out>) at pthread_create.c:443 #18 0x00007ffff772e4c0 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 (gdb) ``` -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1725 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1