Ticket History #2914: size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4

# Thu Feb 03 22:16:58 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Ticket created

Date:	Thu, 03 Feb 2005 18:22:45 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	krb5-bugs@mit.edu
Subject:	size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4

Download (untitled) / with headers
text/plain 1.1KiB

There was a size change in some variable between krb5-1.2.8 and krb5-1.3
which broke our ability to generate an AFS token from the kerberos ticket
cache.

Using the krb5-1.2.8 kinit:

K4 cache:
tru64-build:~> ls -l /tmp/tkt54046
-rw------- 1 quanah root 236 Feb 3 18:20 /tmp/tkt54046

K5 cache:
tru64-build:~> ls -l /tmp/krb5cc_p18752
-rw------- 1 quanah root 427 Feb 3 18:20 /tmp/krb5cc_p18752

Using the krb5-1.3.6 kinit:

K4 cache:
ls -l /tmp/tkt54046
-rw------- 1 quanah root 147 Feb 3 18:21 /tmp/tkt54046

K5 cache:
ls -l /tmp/krb5cc_p18752
-rw------- 1 quanah root 405 Feb 3 18:21 /tmp/krb5cc_p18752

The worthless error from aklog is:
aklog: Failed getting tokens for cell (local cell) in realm (local realm).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Thu Feb 03 22:37:37 2005 Russ Allbery <rra@stanford.edu> - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
From:	Russ Allbery <rra@stanford.edu>
Date:	Thu, 03 Feb 2005 19:37:33 -0800
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.2KiB

Quanah Gibson-Mount via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text

> There was a size change in some variable between krb5-1.2.8 and krb5-1.3
> which broke our ability to generate an AFS token from the kerberos
> ticket cache.

Show quoted text

> Using the krb5-1.2.8 kinit:

Show quoted text

> K4 cache:
> tru64-build:~> ls -l /tmp/tkt54046
> -rw------- 1 quanah root 236 Feb 3 18:20 /tmp/tkt54046

Show quoted text

> Using the krb5-1.3.6 kinit:

Show quoted text

> K4 cache:
> ls -l /tmp/tkt54046
> -rw------- 1 quanah root 147 Feb 3 18:21 /tmp/tkt54046

The first one above is with an AFS service ticket while the second one
does not have an AFS service ticket. The possibly more useful difference
without that change is:

-rw------- 1 rra root 132 Feb 3 19:35 /tmp/tkt11857
-rw------- 1 rra root 136 Feb 3 19:36 /tmp/tkt11857

suspiciously four bytes too long. Quanah, you may want to make sure that
in the process of fixing the uint64_t thing you didn't use a long long
somewhere that you didn't want to, or a long somewhere that an int should
be, but it might be another issue.

Show quoted text

> The worthless error from aklog is:
> aklog: Failed getting tokens for cell (local cell) in realm (local realm).

And by aklog, we mean the KTH afslog program.

--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>

# Thu Feb 03 22:57:54 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Comments added

Date:	Thu, 03 Feb 2005 19:57:49 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
RT-Send-Cc:

Download (untitled) / with headers
text/plain 883B

--On Thursday, February 03, 2005 10:37 PM -0500 Russ Allbery via RT
<rt-comment@krbdev.mit.edu> wrote:

Show quoted text

> suspiciously four bytes too long. Quanah, you may want to make sure that
> in the process of fixing the uint64_t thing you didn't use a long long
> somewhere that you didn't want to, or a long somewhere that an int should
> be, but it might be another issue.

I only changed the uint64_t bit on krb5-1.4. The problem happens in 1.3 as
well.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Fri Feb 04 16:13:08 2005 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
From:	Tom Yu <tlyu@MIT.EDU>
Date:	Fri, 04 Feb 2005 16:13:02 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 577B

Show quoted text

>>>>> "Russ" == Russ Allbery via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text

Russ> -rw------- 1 rra root 132 Feb 3 19:35 /tmp/tkt11857
Russ> -rw------- 1 rra root 136 Feb 3 19:36 /tmp/tkt11857

Show quoted text

Russ> suspiciously four bytes too long. Quanah, you may want to make sure that
Russ> in the process of fixing the uint64_t thing you didn't use a long long
Russ> somewhere that you didn't want to, or a long somewhere that an int should
Russ> be, but it might be another issue.

Ok, is it certain that only the krb4 ticket files are affected?

---Tom

# Fri Feb 04 16:29:05 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Comments added

Date:	Fri, 04 Feb 2005 13:29:01 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.3KiB

--On Friday, February 04, 2005 4:13 PM -0500 Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:

Show quoted text

>>>>>> "Russ" == Russ Allbery via RT <rt-comment@krbdev.mit.edu> writes:

>

> Russ> -rw------- 1 rra root 132 Feb 3 19:35

> /tmp/tkt11857 Russ> -rw------- 1 rra root 136 Feb 3
> 19:36 /tmp/tkt11857
>

> Russ> suspiciously four bytes too long. Quanah, you may want to make

> sure that Russ> in the process of fixing the uint64_t thing you didn't
> use a long long Russ> somewhere that you didn't want to, or a long
> somewhere that an int should Russ> be, but it might be another issue.
>
> Ok, is it certain that only the krb4 ticket files are affected?

The k5 file size changed for me, but it decreased, not increased:

k5-1.2.8
-rw------- 1 quanah root 427 Feb 4 13:24 /tmp/krb5cc_p4169

k5-1.3.6
-rw------- 1 quanah root 405 Feb 4 13:25 /tmp/krb5cc_p4169

which may be something totally unrelated.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Fri Feb 04 17:40:28 2005 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
From:	Tom Yu <tlyu@MIT.EDU>
Date:	Fri, 04 Feb 2005 17:40:24 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 716B

Show quoted text

>>>>> "Quanah" == Quanah Gibson-Mount via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text

Quanah> The k5 file size changed for me, but it decreased, not increased:

Show quoted text

Quanah> k5-1.2.8
Quanah> -rw------- 1 quanah root 427 Feb 4 13:24 /tmp/krb5cc_p4169

Show quoted text

Quanah> k5-1.3.6
Quanah> -rw------- 1 quanah root 405 Feb 4 13:25 /tmp/krb5cc_p4169

Show quoted text

Quanah> which may be something totally unrelated.

It's probably not related.

Could you please send the output of "od -tax1" on two krb4 ticket
files (after the credentials expire, of course) from identical
invocations of kinit using your two sets of binaries?

I can't reproduce this on krb5-1.2.4 and krb5-1.3.5 on an Alpha which
I have access to.

---Tom

# Fri Feb 04 17:48:48 2005 tlyu (Taylor Yu) - Ticket 2914 RefersTo ticket 1288.

# Fri Feb 04 18:19:53 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Comments added

Date:	Fri, 04 Feb 2005 15:19:49 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
RT-Send-Cc:

Download (untitled) / with headers
text/plain 3.2KiB

--On Friday, February 04, 2005 5:40 PM -0500 Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:

Show quoted text

> Could you please send the output of "od -tax1" on two krb4 ticket
> files (after the credentials expire, of course) from identical
> invocations of kinit using your two sets of binaries?
>
> I can't reproduce this on krb5-1.2.4 and krb5-1.3.5 on an Alpha which
> I have access to.

Tom,

Is it 4.0f?

Here's the krb5-1.2.8 od -tax1 output:

tru64-build:~> od -tax1 /tmp/tkt54046
0000000 q u a n a h nul nul k r b t g t nul I
71 75 61 6e 61 68 00 00 6b 72 62 74 67 74 00 49
0000020 R . S T A N F O R D . E D U nul I
52 2e 53 54 41 4e 46 4f 52 44 2e 45 44 55 00 49
0000040 R . S T A N F O R D . E D U nul W
52 2e 53 54 41 4e 46 4f 52 44 2e 45 44 55 00 57
0000060 O sub dle Q i can 2 soh nul nul nul R nul nul nul H
4f 1a 10 51 e9 98 32 01 00 00 00 52 00 00 00 48
0000100 nul nul nul / ^ U = 4 ] } s [ A 3 P .
00 00 00 af de d5 bd b4 5d fd f3 db 41 33 d0 2e
0000120 . [ dc2 nak U nl > / 3 B U y c r + y
2e db 92 15 d5 8a 3e af 33 42 55 f9 63 f2 2b 79
0000140 esc rs ` [ 6 nak enq G ] etb $ enq em G ; ,
1b 9e e0 db b6 95 85 47 dd 97 24 85 19 c7 3b 2c
0000160 X | r % X stx fs . | dc3 cr j G ht C sub
d8 7c 72 25 d8 82 9c ae fc 93 0d ea c7 09 43 1a
0000200 P _ x del o c f syn g } si i } etx B
d0 df f8 ff ef 63 e6 96 67 fd 8f 69 fd 03 42
0000217

Here is the krb5-1.3.6 od -tax1 output:

tru64-build:~> od -tax1 /tmp/tkt54046
0000000 q u a n a h nul nul k r b t g t nul I
71 75 61 6e 61 68 00 00 6b 72 62 74 67 74 00 49
0000020 R . S T A N F O R D . E D U nul I
52 2e 53 54 41 4e 46 4f 52 44 2e 45 44 55 00 49
0000040 R . S T A N F O R D . E D U nul p
52 2e 53 54 41 4e 46 4f 52 44 2e 45 44 55 00 70
0000060 " E s 6 5 z 6 soh nul nul nul R nul nul nul H
a2 45 73 b6 b5 7a b6 01 00 00 00 52 00 00 00 48
0000100 nul nul nul / ^ U = 4 ] } s [ A 3 P .
00 00 00 af de d5 bd b4 5d fd f3 db 41 33 d0 2e
0000120 . [ dc2 nak U nl > / 3 B U 9 eot @ vt soh
2e db 92 15 d5 8a 3e af 33 42 55 b9 84 40 8b 81
0000140 x } nak @ j U + w P U X can 4 { % =
f8 7d 95 40 ea 55 2b 77 50 55 58 18 b4 7b a5 3d
0000160 P & L < so 4 w 6 $ d n ! I G k $
d0 26 4c bc 8e b4 77 36 a4 e4 ee a1 49 47 eb 24
0000200 P 9 / H : y w dc1 w ` d stx soh eot B nul
50 b9 2f c8 ba f9 f7 11 77 e0 64 02 01 04 42 00
0000220 nul nul nul
00 00 00
0000223

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Fri Feb 04 18:55:48 2005 raeburn (Ken Raeburn) - Correspondence added

From:	Ken Raeburn <raeburn@MIT.EDU>
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
Date:	Fri, 4 Feb 2005 18:55:43 -0500
To:	rt@krbdev.mit.edu
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.5KiB

On Feb 4, 2005, at 18:19, Quanah Gibson-Mount via RT wrote:

Show quoted text

>> I can't reproduce this on krb5-1.2.4 and krb5-1.3.5 on an Alpha which
>> I have access to.

>
> Tom,
>
> Is it 4.0f?

We have 5.1a, which is why the 4.0 stuff is completely untested.
Well, our having 5.1a, plus no feedback on the beta versions. Hint,
hint. :-)

Show quoted text

> Here's the krb5-1.2.8 od -tax1 output:
>
> tru64-build:~> od -tax1 /tmp/tkt54046
> 0000160 X | r % X stx fs . | dc3 cr j G ht C sub
> d8 7c 72 25 d8 82 9c ae fc 93 0d ea c7 09 43 1a
> 0000200 P _ x del o c f syn g } si i } etx B
> d0 df f8 ff ef 63 e6 96 67 fd 8f 69 fd 03 42
> 0000217

In the 1.2.7 sources I have lying around, and a 1.2.8 tree I just
checked out, the last thing written to the file by tf_save_cred in
lib/krb4/tf_util.c is one of the arguments declared "long issue_date",
and written using sizeof(long). So I'm surprised that last field looks
like a four-byte timestamp.

Show quoted text

> Here is the krb5-1.3.6 od -tax1 output:
> 0000200 P 9 / H : y w dc1 w ` d stx soh eot B nul
> 50 b9 2f c8 ba f9 f7 11 77 e0 64 02 01 04 42 00
> 0000220 nul nul nul
> 00 00 00
> 0000223

This is more like what I'd expect... 4 bytes of "normal" timestamp
(with a value 921 seconds after the 1.2.8 example) plus 4 bytes of zero
to make the full "long" value.

You don't have any local patches to 1.2.8 that might influence this?
(Maybe trying to make 1.2.8 compatible with some previous version we
accidentally broke compatibility with?)

Ken

# Fri Feb 04 19:04:57 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Comments added

Date:	Fri, 04 Feb 2005 16:04:52 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
RT-Send-Cc:

Download (untitled) / with headers
text/plain 2.3KiB

--On Friday, February 04, 2005 6:55 PM -0500 Ken Raeburn via RT
<rt-comment@krbdev.mit.edu> wrote:

Show quoted text

> On Feb 4, 2005, at 18:19, Quanah Gibson-Mount via RT wrote:

>>> I can't reproduce this on krb5-1.2.4 and krb5-1.3.5 on an Alpha which
>>> I have access to.

>>
>> Tom,
>>
>> Is it 4.0f?

>
> We have 5.1a, which is why the 4.0 stuff is completely untested.
> Well, our having 5.1a, plus no feedback on the beta versions. Hint,
> hint. :-)

Yeah, we might be able to give more input on this in the future if we keep
our alpha's around. ;)

Show quoted text

>> Here's the krb5-1.2.8 od -tax1 output:
>>
>> tru64-build:~> od -tax1 /tmp/tkt54046
>> 0000160 X | r % X stx fs . | dc3 cr j G ht C sub
>> d8 7c 72 25 d8 82 9c ae fc 93 0d ea c7 09 43 1a
>> 0000200 P _ x del o c f syn g } si i } etx B
>> d0 df f8 ff ef 63 e6 96 67 fd 8f 69 fd 03 42
>> 0000217

>
> In the 1.2.7 sources I have lying around, and a 1.2.8 tree I just
> checked out, the last thing written to the file by tf_save_cred in
> lib/krb4/tf_util.c is one of the arguments declared "long issue_date",
> and written using sizeof(long). So I'm surprised that last field looks
> like a four-byte timestamp.
>

>> Here is the krb5-1.3.6 od -tax1 output:
>> 0000200 P 9 / H : y w dc1 w ` d stx soh eot B nul
>> 50 b9 2f c8 ba f9 f7 11 77 e0 64 02 01 04 42 00
>> 0000220 nul nul nul
>> 00 00 00
>> 0000223

>
> This is more like what I'd expect... 4 bytes of "normal" timestamp
> (with a value 921 seconds after the 1.2.8 example) plus 4 bytes of zero
> to make the full "long" value.
>
> You don't have any local patches to 1.2.8 that might influence this?
> (Maybe trying to make 1.2.8 compatible with some previous version we
> accidentally broke compatibility with?)

We do have local patches, but they are applied to both 1.2.8, 1.3.6, and
1.4.

In the lib/krb4 area, the files we patch are:

g_in_tkt.c
kuserok.c
password_to_key.c
rd_req.c

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Thu Feb 10 18:55:43 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Comments added

Date:	Thu, 10 Feb 2005 15:55:33 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1KiB

--On Friday, February 04, 2005 6:55 PM -0500 Ken Raeburn via RT
<rt-comment@krbdev.mit.edu> wrote:

Show quoted text

> In the 1.2.7 sources I have lying around, and a 1.2.8 tree I just
> checked out, the last thing written to the file by tf_save_cred in
> lib/krb4/tf_util.c is one of the arguments declared "long issue_date",
> and written using sizeof(long). So I'm surprised that last field looks
> like a four-byte timestamp.

Ken,

My 1.2.8 tree doesn't agree with you then.

In diff'ing 1.2.8 with 1.3.6, I find:

527c519
< KRB4_32 issue_date;
---

Show quoted text

> long issue_date;

I bet on alpha this changed the size somehow.

I'll poke further at that.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Thu Feb 10 19:35:29 2005 Quanah Gibson-Mount <quanah@stanford.edu> - Comments added

Date:	Thu, 10 Feb 2005 16:35:25 -0800
From:	Quanah Gibson-Mount <quanah@stanford.edu>
To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #2914] size change in cache breaks alpha-dux40 for krb5-1.3, krb5-1.4
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.4KiB

--On Thursday, February 10, 2005 3:55 PM -0800 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:

Show quoted text

>
>
> --On Friday, February 04, 2005 6:55 PM -0500 Ken Raeburn via RT
> <rt-comment@krbdev.mit.edu> wrote:
>

>> In the 1.2.7 sources I have lying around, and a 1.2.8 tree I just
>> checked out, the last thing written to the file by tf_save_cred in
>> lib/krb4/tf_util.c is one of the arguments declared "long issue_date",
>> and written using sizeof(long). So I'm surprised that last field looks
>> like a four-byte timestamp.

>
> Ken,
>
> My 1.2.8 tree doesn't agree with you then.
>
> In diff'ing 1.2.8 with 1.3.6, I find:
>
> 527c519
> < KRB4_32 issue_date;
> ---

>> long issue_date;

>
> I bet on alpha this changed the size somehow.
>
> I'll poke further at that.

Looking at the des.h from 1.2.8, it appears that on alpha, the size is
"int" not long:

#ifndef __alpha
#ifdef __sparcv9
/* On 64bit solaris long's are 64 bits, doh... */
#define KRB4_32 int
#else
#define KRB4_32 long
#endif
#else
#define KRB4_32 int
#endif

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

# Mon Oct 20 18:00:52 2008 tlyu (Taylor Yu) - Status changed from 'new' to 'resolved'

# Mon Oct 20 18:00:52 2008 tlyu (Taylor Yu) - Tags unsupported added

# Mon Jan 04 23:38:56 2010 tlyu (Taylor Yu) - Version_Fixed 1.8 added

# Tue Jan 05 18:49:13 2010 tlyu (Taylor Yu) - CustomField 1.8 deleted