Discussion:
Assertion Error in MIT Kerberos 1.12.4
Vipul Mehta
2016-01-20 19:38:49 UTC
Permalink
Hi,

I am dynamically loading MIT Kerberos and calling gss/krb5 functions using
function pointers in my Kerberos Client-Server Linux.64 utility. My utility
also uses cURL. During compile time i link my utility with cURL built
without MIT Kerberos while during runtime i use cURL built with MIT
Kerberos. So my utility has no compile time dependency on MIT Kerberos.

In my setup, libkrb5.so.3 and libgssapi_krb5.so.2 are same as libkrb5.so
and libgssapi_krb5.so respectively.

Now when i use "libkrb5.so" and "libgssapi_krb5.so" library names for
dynamic loading, it crashes with following assertion error :
"thread.c:347: krb5int_key_register" Assertion failed:
destructors_set[keynum] == 0 failed."

My utility works fine if I use "libkrb5.so.3" and "libgssapi_krb5.so.2"
library names for dynamic loading.

I debugged and found that k5_key_register() was being called twice for
key_value = 1 in the first case in which it failed.

What is this key registration ? Is it part of library initialization
routine ? When it is supposed to be called ?

If Kerberized-cURL loads MIT Kerberos library during program startup and my
utility also loads it via dlopen(), what will be the behaviour of this key
registration call ?

------------------------------------
MIT Kerberos : 1.12.4
cURL : 7.37.1
Platform : RHEL v.6 64-Bit
-------------------------------------
--
Regards,
Vipul
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
Greg Hudson
2016-01-20 23:47:04 UTC
Permalink
Post by Vipul Mehta
In my setup, libkrb5.so.3 and libgssapi_krb5.so.2 are same as libkrb5.so
and libgssapi_krb5.so respectively.
Are they symlinks or copies of the same file? I believe it's normal to
use symlinks.
Post by Vipul Mehta
Now when i use "libkrb5.so" and "libgssapi_krb5.so" library names for
destructors_set[keynum] == 0 failed."
My utility works fine if I use "libkrb5.so.3" and "libgssapi_krb5.so.2"
library names for dynamic loading.
It sounds like in the failing case you are loading libkrb5 and
libgssapi_krb5 twice each, by using different sonames. In the
successful case, ldopen() returns handles to the already loaded
libraries. In both cases, libkrb5support (which manages the
destructors_set table) is only loaded once.
Post by Vipul Mehta
I debugged and found that k5_key_register() was being called twice for
key_value = 1 in the first case in which it failed.
What is this key registration ? Is it part of library initialization
routine ? When it is supposed to be called ?
I didn't write this code, but my understanding is that it is designed
with the assumption that OS thread-specific data keys are precious, and
therefore krb5 should use just one thread-specific data key, whose value
is an array of the thread-specific data units we need.
k5_key_register() registers the destructor for an internal
thread-specific data index. If the process has two copies of a library
hitting the same libkrb5support destructors table, then we can't easily
keep track of which destructor function pointer is still valid to call.
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Loading...