Print

Print

A simple xrdfs stat using sss authentication reveals the problem:

(gdb) run eoshome-a.cern.ch stat /eos/
Starting program: /opt/eos/xrootd/bin/xrdfs eoshome-a.cern.ch stat /eos/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7ffff6ff1640 (LWP 2148217)]
[New Thread 0x7ffff67f0640 (LWP 2148218)]
[New Thread 0x7ffff5fef640 (LWP 2148219)]
[New Thread 0x7ffff57ee640 (LWP 2148220)]
[New Thread 0x7ffff4fed640 (LWP 2148221)]
sec_Client: protocol request for host eoshome-a.cern.ch token='&P=krb5,[log in to unmask]&P=gsi,v:10400,c:ssl,ca:5168735f.0|4339b4bc.0&P=sss,0.13:/etc/eos.keytab&P=unixgin%'
sec_PM: Loaded krb5 protocol object from libXrdSeckrb5.so
sec_PM: Using krb5 protocol, [log in to unmask]
Seckrb5: getCredentials
Seckrb5: context lock
Seckrb5: context locked
Seckrb5: credentials cache unset
Seckrb5: init context
Seckrb5: cc set default name
Seckrb5: cc default
Seckrb5: get_krbCreds: err copying client name to creds; No credentials cache found
sec_Client: protocol request for host eoshome-a.cern.ch token='&P=gsi,v:10400,c:ssl,ca:5168735f.0|4339b4bc.0&P=sss,0.13:/etc/eos.keytab&P=unixgin%'
sec_PM: Loaded gsi protocol object from libXrdSecgsi.so
Secgsi -------------------------------------------------------------------
Secgsi Mode: client
Secgsi Debug: 1
Secgsi CA dir: /etc/grid-security/certificates/
Secgsi CA verification level: verifyss
Secgsi CRL dir: /etc/grid-security/certificates/
Secgsi CRL extension: .r0
Secgsi CRL check level: try
Secgsi CRL refresh time: 86400
Secgsi Certificate: /root/.globus/usercert.pem
Secgsi Key: /root/.globus/userkey.pem
Secgsi Proxy file: /tmp/x509up_u0
Secgsi Proxy validity: 12:00
Secgsi Proxy dep length: 0
Secgsi Proxy bits: 512
Secgsi Proxy sign option: 1
Secgsi Proxy delegation option: 0
Secgsi Pure Cert/Key authentication allowed
Secgsi Allowed server names: [*/]<target host name>[/*]
Secgsi Crypto modules: ssl
Secgsi Ciphers: aes-128-cbc:bf-cbc:des-ede3-cbc
Secgsi MDigests: sha1:md5
Secgsi Trusting DNS for hostname checking
Secgsi -------------------------------------------------------------------
sec_PM: Using gsi protocol, args='v:10400,c:ssl,ca:5168735f.0|4339b4bc.0'
220614 13:14:36 2148217 cryptossl_X509::CertType: certificate has 10 extensions
220614 13:14:36 2148217 secgsi_VerifyCA: Warning: CA certificate not self-signed and integrity not checked: assuming OK (5168735f.0)
220614 13:14:36 2148217 cryptossl_X509::CertType: certificate has 10 extensions
220614 13:14:36 2148217 secgsi_QueryProxy: problems initializing proxy via external shell
sec_Client: protocol request for host eoshome-a.cern.ch token='&P=sss,0.13:/etc/eos.keytab&P=unixgin%'
sec_PM: Loaded sss protocol object from libXrdSecsss.so
[New Thread 0x7fffeffff640 (LWP 2148222)]
sec_sss: Client keytab='/etc/eos/fuse.sss.keytab'
sec_PM: Using sss protocol, args='0.13:/etc/eos.keytab'
sec_sss: getCreds: 0 ud: '' ip: '[::ffff:188.185.9.6]:33840'
sec_sss: Encode keyid: 6752069312392986625 bytes 187

Thread 2 "xrdfs" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff6ff1640 (LWP 2148217)]
0x00007ffff736cf78 in EVP_CIPHER_CTX_set_key_length (c=0x7ffff00d2bb0, keylen=32) at crypto/evp/evp_enc.c:979
Downloading source file /usr/src/debug/openssl-3.0.1-18.el9.x86_64/crypto/evp/evp_enc.c...
979        if (c->cipher->prov != NULL) {

Full stack:

(gdb) where
#0  0x00007ffff736cf78 in EVP_CIPHER_CTX_set_key_length (c=0x7ffff00d2bb0, keylen=32) at crypto/evp/evp_enc.c:979
#1  0x00007ffff47d155e in XrdCryptoLite_bf32::Encrypt (this=<optimized out>, key=0x7ffff6fef578 "\352=5\322\335d\255G\224\242\342\367I\237\323\304^\016\212Y\v\fO\370\242\004\234\276\302Dcl", keyLen=32, src=<optimized out>, srcLen=183, dst=0x7ffff0024ab0 "", 
    dstLen=187) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCrypto/XrdCryptoLite_bf32.cc:157
#2  0x00007ffff47db10d in XrdSecProtocolsss::Encode (this=this@entry=0x7ffff0129930, einfo=einfo@entry=0x7ffff6fef850, encKey=..., rrHdr=rrHdr@entry=0x7ffff6fef480, rrDHdr=0x7ffff0128c30, dLen=dLen@entry=183)
    at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSecsss/XrdSecProtocolsss.cc:501
#3  0x00007ffff47dc5e5 in XrdSecProtocolsss::getCredentials (this=0x7ffff0129930, parms=<optimized out>, einfo=0x7ffff6fef850) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSecsss/XrdSecProtocolsss.cc:693
#4  0x00007ffff7eaf4d5 in XrdCl::XRootDTransport::GetCredentials (this=<optimized out>, credentials=@0x7ffff6ff0108: 0x0, hsData=0x7ffff0000b60, info=0x48b020) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:2592
#5  0x00007ffff7eafd5a in XrdCl::XRootDTransport::DoAuthentication (this=0x48a2b0, hsData=0x7ffff0000b60, info=0x48b020) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:2345
#6  0x00007ffff7eb2723 in XrdCl::XRootDTransport::HandShakeMain (this=0x48a2b0, handShakeData=0x7ffff0000b60, channelData=...) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:539
#7  0x00007ffff7eb2a71 in XrdCl::XRootDTransport::HandShake (this=0x48a2b0, handShakeData=0x7ffff0000b60, channelData=...) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClXRootDTransport.cc:439
#8  0x00007ffff7f2e5c8 in XrdCl::AsyncSocketHandler::HandleHandShake (this=0x48b560, msg=...) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClAsyncSocketHandler.cc:539
#9  0x00007ffff7f2e99b in XrdCl::AsyncSocketHandler::OnReadWhileHandshaking (this=0x48b560) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClAsyncSocketHandler.cc:527
#10 0x00007ffff7f2eda5 in XrdCl::AsyncSocketHandler::Event (this=0x48b560, type=1 '\001') at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClAsyncSocketHandler.cc:227
#11 0x00007ffff7e9c686 in (anonymous namespace)::SocketCallBack::Event (this=0x48bbd0, chP=<optimized out>, cbArg=<optimized out>, evFlags=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdCl/XrdClPollerBuiltIn.cc:83
#12 0x00007ffff7c634f7 in XrdSys::IOEvents::Poller::CbkXeq (this=0x489010, cP=0x48bbf0, events=1, eNum=<optimized out>, eTxt=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSys/XrdSysIOEvents.cc:721
#13 0x00007ffff7c647ec in XrdSys::IOEvents::PollE::Dispatch (this=this@entry=0x489010, cP=0x48bbf0, pollEv=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/./XrdSys/XrdSysIOEventsPollE.icc:275
#14 0x00007ffff7c649e8 in XrdSys::IOEvents::PollE::Begin (this=0x489010, syncsem=<optimized out>, retcode=<optimized out>, eTxt=<optimized out>) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/./XrdSys/XrdSysIOEventsPollE.icc:230
#15 0x00007ffff7c613cd in XrdSys::IOEvents::BootStrap::Start (parg=0x7fffffffcf60) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSys/XrdSysIOEvents.cc:149
#16 0x00007ffff7c699a8 in XrdSysThread_Xeq (myargs=0x485500) at /usr/src/debug/eos-xrootd-5.4.4-1.el9.x86_64/src/XrdSys/XrdSysPthread.cc:86
#17 0x00007ffff778e83a in start_thread (arg=<optimized out>) at pthread_create.c:443
#18 0x00007ffff772e4c0 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb)


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/1725@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1725", "url": "https://github.com/xrootd/xrootd/issues/1725", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1