Bug 2169985
| Summary: | add krb5 principal failed with specific datetime string in pwexpire option (s390x, coredump) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Filip Dvorak <fdvorak> |
| Component: | krb5 | Assignee: | Julien Rische <jrische> |
| Status: | CLOSED ERRATA | QA Contact: | Filip Dvorak <fdvorak> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.2 | CC: | fdvorak, jrische |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | s390x | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | krb5-1.20.1-8.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-09 08:25:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The cause seems to be an invalid value assigned to yyMeridian in the Yacc-generated source file:
===
Hardware watchpoint 2: yyMeridian
Old value = MER24
New value = (MERpm | unknown: 0x4)
getdate_yyparse () at y.tab.c:1428
1428 break;
(gdb) l
1423 yyMinutes = (yyvsp[-1].Number);
1424 yySeconds = 0;
1425 yyMeridian = (yyvsp[0].Meridian);
1426 }
1427 #line 1428 "y.tab.c"
1428 break;
1429
1430 case 12: /* time: tUNUMBER ':' tUNUMBER tSNUMBER */
1431 #line 231 "getdate.y"
1432 {
(gdb) bt
#0 getdate_yyparse () at y.tab.c:1428
#1 0x000002aa00009fc8 in get_date_rel (p=<optimized out>, nowtime=<optimized out>) at getdate.y:950
#2 0x000002aa0000acfa in parse_date (now=<optimized out>, str=0x3ffffffa24a "January 23, 2030 08:05am") at kadmin.c:162
#3 kadmin_parse_princ_args (argc=<optimized out>, argv=0x2aa000bb4e0, oprinc=0x3ffffff9320, mask=0x3ffffff9318, pass=<optimized out>, randkey=<optimized out>, nokey=<optimized out>, ks_tuple=<optimized out>, n_ks_tuple=<optimized out>, caller=<optimized out>) at kadmin.c:1039
#4 0x000002aa0000b0e8 in kadmin_addprinc (argc=<optimized out>, argv=<optimized out>) at kadmin.c:1209
#5 0x000003fff7e82922 in really_execute_command () from /lib64/libss.so.2
#6 0x000003fff7e837ba in ss_execute_line () from /lib64/libss.so.2
#7 0x000002aa00004fd4 in main (argc=<optimized out>, argv=<optimized out>) at ss_wrapper.c:66
===
The reason was an invalid type for meridian suffices in the YACC file. This regression was probably introduced in: https://github.com/krb5/krb5/commit/d3356bc42191c1896ab06835a2fb245e00471420 Upstream pull request: https://github.com/krb5/krb5/pull/1290 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: krb5 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2570 |
Description of problem: Adding of a new user principal with a specific datetime string into krb5kdc failed on s390x. Version-Release number of selected component (if applicable): krb5-server-1.20.1-5.el9.s390x RHEL9.2 How reproducible: Steps to Reproduce: 1. set krb5 (kdc.conf was in a default conf.) sed -i "s/\[libdefaults\]/[libdefaults]\n default_realm = TEST.COM/" /etc/krb5.conf sed -i "s/\[realms\]/[realms]\n TEST.COM = {\n kdc = $KDC_HostName\n admin_server = $KDC_HostName\n }/" /etc/krb5.conf sed -i "s/\[domain_realm\]/[domain_realm]\n .$KDC_DomainName = TEST.COM\n $KDC_DomainName = TEST.COM/" /etc/krb5.conf 2. Create kdc db kdb5_util create -s -r TEST.COM -P <passwd> 3. add user into db kadmin.local -q "addprinc -pwexpire \"January 23, 2030 08:05am\" -pw <passwd> user" Actual results: kadmin.local: addprinc -pwexpire "January 23, 2030 08:05am" -pw Secret123 user_whole_datetime.COM Aborted (core dumped) Expected results: user should be created