• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
GSSAPI on x86_64 dying?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GSSAPI on x86_64 dying?

  • Subject: GSSAPI on x86_64 dying?
  • From: Edward Thomson <email@hidden>
  • Date: Tue, 24 Mar 2009 09:38:24 -0500
I'm having difficulties using GSSAPI on x86_64. When I build a simple program using GSSAPI to do SPNEGO, it crashes on the x86_64 architecture. (It works fine on Mac OS for both x86 and ppc architectures, as well as the non-Mac architectures we support.) Sample code is included below.

This is 10.5.6 (9G55).

I'm hoping someone can shed some light on this?

(Note that principal names have spaces added to hopefully avoid email address mangling. If that fails, they are http at HOST.)

This is the expected behavior - working correctly on i386:
% gcc test.c -o test -g -lgssapi_krb5 -arch i386
% file test
test: Mach-O executable i386
% ./test
Beginning authentication for http @ HOST.DOMAIN.COM
Received auth token of length 2571

This is the behavior on x86_64:
% gcc test.c -o test -g -lgssapi_krb5 -arch x86_64
% file test
test: Mach-O 64-bit executable x86_64
% ./test
Beginning authentication for http @ HOST.DOMAIN.COM
2009-03-24 09:28:55.428 test[594:10b] *** NSInvocation: warning: object 0x100079040 of class 'ReplicaFile' does not implement methodSignatureForSelector: -- trouble ahead
2009-03-24 09:28:55.429 test[594:10b] *** NSInvocation: warning: object 0x100079040 of class 'ReplicaFile' does not implement doesNotRecognizeSelector: -- abort
Trace/BPT trap

Stack trace:
Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007fff804e4c15 in ___forwarding___ ()
(gdb) bt
#0 0x00007fff804e4c15 in ___forwarding___ ()
#1 0x00007fff804e4dd8 in __forwarding_prep_0___ ()
#2 0x0000000100019e81 in apply_ldap_hints ()
#3 0x000000010001a53d in get_real_ip_for_loopback ()
#4 0x00007fff83472b65 in krb5int_locate_server ()
#5 0x00007fff83474545 in krb5_sendto_kdc ()
#6 0x00007fff8346aa11 in krb5_send_tgs ()
#7 0x00007fff8345ba46 in krb5_get_cred_via_tkt ()
#8 0x00007fff8345a71e in krb5_fwd_tgt_creds ()
#9 0x00007fff8347b5a9 in make_gss_checksum ()
#10 0x00007fff83461f65 in krb5_mk_req_extended ()
#11 0x00007fff834168da in krb5_gss_init_sec_context ()
#12 0x00007fff83415f67 in gss_init_sec_context ()
#13 0x00007fff834881bb in spnego_gss_init_sec_context ()
#14 0x00007fff83415f67 in gss_init_sec_context ()
#15 0x0000000100000e32 in main (argc=1, argv=0x7fff5fbff470) at test.c: 37

test.c:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <gssapi.h>
#include <krb5.h>

static gss_OID_desc auth_oid_negotiate = { 6, (void *) "\x2b \x06\x01\x05\x05\x02" };

int main(int argc, char **argv)
{
    char *target = "http @ HOST.DOMAIN.COM";
    char *output = NULL;
    int outputlen = 0;

    gss_OID mechanism_oid = &auth_oid_negotiate;
    gss_ctx_id_t gsscontext = NULL;
    OM_uint32 statusMajor, statusMinor;
    gss_buffer_desc target_buffer = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
    gss_name_t server;

    printf("Beginning authentication for %s\n", target);

    target_buffer.value = (target != NULL) ? (void *) target : "";
    target_buffer.length = (target != NULL) ? strlen(target) + 1 : 0;

statusMajor = gss_import_name(&statusMinor, &target_buffer, GSS_C_NT_HOSTBASED_SERVICE, &server);

if (GSS_ERROR(statusMajor))
{
fprintf(stderr, "could not locate principal: %x.%x (%s)", statusMajor, statusMinor, error_message(statusMinor));
return;
}

    statusMajor = gss_init_sec_context(
        &statusMinor,
        GSS_C_NO_CREDENTIAL,
        &gsscontext,
        server,
        mechanism_oid,
        GSS_C_DELEG_FLAG | GSS_C_MUTUAL_FLAG,
        GSS_C_INDEFINITE,
        GSS_C_NO_CHANNEL_BINDINGS,
        input_token_ptr,
        NULL,
        &output_token,
        NULL,
        NULL);

if (GSS_ERROR(statusMajor))
{
fprintf(stderr, "negotiate failure: %x.%x (%s)\n", statusMajor, statusMinor, error_message(statusMinor));
return;
}

    printf("Received auth token of length %d\n", output_token.length);
    return;
}


Please let me know if I can provide more information. Thanks for your time.

Sincerely,
Edward Thomson <email@hidden>
Teamprise

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: Can CFReadStream use proxy set in the system configuration	automatically?

    • 

  • Next by Date:
Getting accurate timestamps for received datagrams

    • 

  • Previous by thread:
Socket recv problems in real-time context : lock or priority	inversion issues?

    • 

  • Next by thread:
Getting accurate timestamps for received datagrams

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •