shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

feat: add gssapi key exchange

Browse Source 
feat: add generic functions for importing name and initializing ctx

feat: add suffix to gsskex algs dynamically

feat: move gssapi key exchange to another file

feat: add gssapi key exchange for server

refactor: remove unnecessary fields in gssapi struct

refactor: add some documentation and improve logging

fix: remove gss_dh callbacks

feat: add a check to see if GSSAPI is configured correctly

fix: memory leaks

feat: add client side "gssapi-keyex" auth

feat: add gssapi_key_exchange_algs for server

fix: some memory issues

feat: add gssapi kex options to config

feat: add check to see if GSSAPI key exchange was performed

feat: add more tests for gssapi key exchange

fix: add valgrind supp

Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Gauravsingh Sisodia
2024-07-17 05:49:24 +00:00
committed by Jakub Jelen
parent 701a2155a7
commit bc5211d055
39 changed files with 2100 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/client/CMakeLists.txt
View File

@@ -45,7 +45,8 @@ endif()
if (WITH_GSSAPI AND GSSAPI_FOUND AND GSSAPI_TESTING)
set(LIBSSH_CLIENT_TESTS
${LIBSSH_CLIENT_TESTS}
torture_gssapi_auth)
torture_gssapi_auth
torture_gssapi_key_exchange)
endif()
if (DEFAULT_C_NO_DEPRECATION_FLAGS)

258
tests/client/torture_gssapi_key_exchange.c Normal file
View File

@@ -0,0 +1,258 @@
#include "config.h"
#define LIBSSH_STATIC
#include "torture.h"
#include <libssh/libssh.h>
#include "libssh/crypto.h"
#include <errno.h>
#include <fcntl.h>
#include <gssapi.h>
#include <pwd.h>
static int
sshd_setup(void **state)
{
torture_setup_sshd_server(state, false);
torture_update_sshd_config(state,
"GSSAPIAuthentication yes\n"
"GSSAPIKeyExchange yes\n");
return 0;
}
static int
sshd_teardown(void **state)
{
assert_non_null(state);
torture_teardown_sshd_server(state);
return 0;
}
static int
session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
struct passwd *pwd = NULL;
int rc;
bool b = false;
pwd = getpwnam("bob");
assert_non_null(pwd);
rc = setuid(pwd->pw_uid);
assert_return_code(rc, errno);
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
ssh_options_set(s->ssh.session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
/* Make sure no other configuration options from system will get used */
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
assert_ssh_return_code(s->ssh.session, rc);
return 0;
}
static int
session_teardown(void **state)
{
struct torture_state *s = *state;
assert_non_null(s);
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);
return 0;
}
static void
torture_gssapi_key_exchange(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
bool t = true;
/* Valid */
torture_setup_kdc_server(
state,
"kadmin.local addprinc -randkey host/server.libssh.site \n"
"kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
"kadmin.local addprinc -pw bar alice \n"
"kadmin.local list_principals",
"echo bar | kinit alice");
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE, &t);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_connect(session);
assert_int_equal(rc, 0);
torture_teardown_kdc_server(state);
}
static void
torture_gssapi_key_exchange_no_tgt(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
bool t = true;
/* Don't run kinit */
torture_setup_kdc_server(
state,
"kadmin.local addprinc -randkey host/server.libssh.site \n"
"kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
"kadmin.local addprinc -pw bar alice \n"
"kadmin.local list_principals",
/* No TGT */
"");
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE, &t);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_connect(session);
assert_int_equal(rc, 0);
assert_int_not_equal(session->current_crypto->kex_type, SSH_GSS_KEX_DH_GROUP14_SHA256);
assert_int_not_equal(session->current_crypto->kex_type, SSH_GSS_KEX_DH_GROUP16_SHA512);
torture_teardown_kdc_server(state);
}
static void
torture_gssapi_key_exchange_gss_group14_sha256(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
bool t = true;
/* Valid */
torture_setup_kdc_server(
state,
"kadmin.local addprinc -randkey host/server.libssh.site \n"
"kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
"kadmin.local addprinc -pw bar alice \n"
"kadmin.local list_principals",
"echo bar | kinit alice");
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE, &t);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE_ALGS, "gss-group14-sha256-");
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_connect(session);
assert_int_equal(rc, 0);
assert_int_equal(session->current_crypto->kex_type, SSH_GSS_KEX_DH_GROUP14_SHA256);
torture_teardown_kdc_server(state);
}
static void
torture_gssapi_key_exchange_gss_group16_sha512(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
bool t = true;
/* Valid */
torture_setup_kdc_server(
state,
"kadmin.local addprinc -randkey host/server.libssh.site \n"
"kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
"kadmin.local addprinc -pw bar alice \n"
"kadmin.local list_principals",
"echo bar | kinit alice");
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE, &t);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE_ALGS, "gss-group16-sha512-");
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_connect(session);
assert_int_equal(rc, 0);
assert_true(session->current_crypto->kex_type == SSH_GSS_KEX_DH_GROUP16_SHA512);
torture_teardown_kdc_server(state);
}
static void
torture_gssapi_key_exchange_auth(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
bool t = true;
/* Valid */
torture_setup_kdc_server(
state,
"kadmin.local addprinc -randkey host/server.libssh.site \n"
"kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
"kadmin.local addprinc -pw bar alice \n"
"kadmin.local list_principals",
"echo bar | kinit alice");
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE, &t);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_connect(session);
assert_int_equal(rc, 0);
rc = ssh_userauth_gssapi_keyex(session);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
torture_teardown_kdc_server(state);
}
int
torture_run_tests(void)
{
int rc;
struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(torture_gssapi_key_exchange,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_gssapi_key_exchange_no_tgt,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_gssapi_key_exchange_gss_group14_sha256,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_gssapi_key_exchange_gss_group16_sha512,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_gssapi_key_exchange_auth,
session_setup,
session_teardown),
};
ssh_init();
torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
ssh_finalize();
pthread_exit((void *)&rc);
}

3
tests/server/CMakeLists.txt
View File

@@ -19,7 +19,8 @@ if (WITH_GSSAPI AND GSSAPI_FOUND AND GSSAPI_TESTING)
${LIBSSH_SERVER_TESTS}
torture_gssapi_server_auth
torture_gssapi_server_auth_cb
torture_gssapi_server_delegation)
torture_gssapi_server_delegation
torture_gssapi_server_key_exchange)
endif()
include_directories(${libssh_SOURCE_DIR}/include

1
tests/server/test_server/main.c
View File

@@ -295,6 +295,7 @@ static int init_server_state(struct server_state_st *state,
}
state->parse_global_config = arguments->with_global_config;
state->gssapi_key_exchange_algs = NULL;
if (arguments->config_file) {
state->config_file = arguments->config_file;

24
tests/server/test_server/test_server.c
View File

@@ -194,6 +194,30 @@ int run_server(struct server_state_st *state)
goto out;
}
#ifdef WITH_GSSAPI
rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_GSSAPI_KEY_EXCHANGE,
&(state->gssapi_key_exchange));
if (rc != 0) {
fprintf(stderr,
"Error setting GSSAPI key exchange: %s\n",
ssh_get_error(sshbind));
goto out;
}
if (state->gssapi_key_exchange_algs != NULL) {
rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_GSSAPI_KEY_EXCHANGE_ALGS,
state->gssapi_key_exchange_algs);
if (rc != 0) {
fprintf(stderr,
"Error setting GSSAPI key exchange: %s\n",
ssh_get_error(sshbind));
goto out;
}
}
#endif /* WITH_GSSAPI */
rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_BINDPORT,
&(state->port));

2
tests/server/test_server/test_server.h
View File

@@ -53,6 +53,8 @@ struct server_state_st {
bool parse_global_config;
char *log_file;
bool gssapi_key_exchange;
const char *gssapi_key_exchange_algs;
/* State */
int max_tries;

3
tests/server/torture_gssapi_server_auth.c
View File

@@ -160,6 +160,7 @@ setup_default_server(void **state)
ss = tss->ss;
s = tss->state;
setenv("NSS_WRAPPER_HOSTNAME", "server.libssh.site", 1);
/* Start the server using the default values */
pid = fork_run_server(ss, free_test_server_state, &tss);
if (pid < 0) {
@@ -335,7 +336,7 @@ torture_gssapi_server_auth_invalid_host(void **state)
"echo bar | kinit alice");
rc = ssh_userauth_gssapi(session);
assert_int_equal(rc, SSH_AUTH_ERROR);
assert_int_equal(rc, SSH_AUTH_DENIED);
torture_teardown_kdc_server((void **)&s);
}

1
tests/server/torture_gssapi_server_auth_cb.c
View File

@@ -238,6 +238,7 @@ setup_callback_server(void **state)
ss->server_cb->gssapi_verify_mic_function = verify_mic;
ss->server_cb->userdata = &sdata;
setenv("NSS_WRAPPER_HOSTNAME", "server.libssh.site", 1);
/* Start the server using the default values */
pid = fork_run_server(ss, free_test_server_state, &tss);
if (pid < 0) {

1
tests/server/torture_gssapi_server_delegation.c
View File

@@ -185,6 +185,7 @@ setup_callback_server(void **state)
ss->server_cb->auth_gssapi_mic_function = auth_gssapi_mic;
ss->server_cb->userdata = &sdata;
setenv("NSS_WRAPPER_HOSTNAME", "server.libssh.site", 1);
/* Start the server using the default values */
pid = fork_run_server(ss, free_test_server_state, &tss);
if (pid < 0) {

338
tests/server/torture_gssapi_server_key_exchange.c Normal file
View File

@@ -0,0 +1,338 @@
#include "config.h"
#define LIBSSH_STATIC
#include <errno.h>
#include <pwd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include "libssh/libssh.h"
#include "torture.h"
#include "torture_key.h"
#include "test_server.h"
#include "default_cb.h"
#define TORTURE_KNOWN_HOSTS_FILE "libssh_torture_knownhosts"
struct test_server_st {
struct torture_state *state;
struct server_state_st *ss;
char *cwd;
};
static void
free_test_server_state(void **state)
{
struct test_server_st *tss = *state;
torture_free_state(tss->state);
SAFE_FREE(tss);
}
static void
setup_config(void **state)
{
struct torture_state *s = NULL;
struct server_state_st *ss = NULL;
struct test_server_st *tss = NULL;
char ed25519_hostkey[1024] = {0};
char rsa_hostkey[1024];
char ecdsa_hostkey[1024];
// char trusted_ca_pubkey[1024];
char sshd_path[1024];
char log_file[1024];
char kdc_env[255] = {0};
int rc;
assert_non_null(state);
tss = (struct test_server_st *)calloc(1, sizeof(struct test_server_st));
assert_non_null(tss);
torture_setup_socket_dir((void **)&s);
assert_non_null(s->socket_dir);
assert_non_null(s->gss_dir);
torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
torture_set_env_from_str(kdc_env);
/* Set the default interface for the server */
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
setenv("PAM_WRAPPER", "1", 1);
snprintf(sshd_path, sizeof(sshd_path), "%s/sshd", s->socket_dir);
rc = mkdir(sshd_path, 0755);
assert_return_code(rc, errno);
snprintf(log_file, sizeof(log_file), "%s/sshd/log", s->socket_dir);
snprintf(ed25519_hostkey,
sizeof(ed25519_hostkey),
"%s/sshd/ssh_host_ed25519_key",
s->socket_dir);
torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
snprintf(rsa_hostkey,
sizeof(rsa_hostkey),
"%s/sshd/ssh_host_rsa_key",
s->socket_dir);
torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
snprintf(ecdsa_hostkey,
sizeof(ecdsa_hostkey),
"%s/sshd/ssh_host_ecdsa_key",
s->socket_dir);
torture_write_file(ecdsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
/* Create default server state */
ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));
assert_non_null(ss);
ss->address = strdup("127.0.0.10");
assert_non_null(ss->address);
ss->port = 22;
ss->ecdsa_key = strdup(ecdsa_hostkey);
assert_non_null(ss->ecdsa_key);
ss->ed25519_key = strdup(ed25519_hostkey);
assert_non_null(ss->ed25519_key);
ss->rsa_key = strdup(rsa_hostkey);
assert_non_null(ss->rsa_key);
ss->host_key = NULL;
/* Use default username and password (set in default_handle_session_cb) */
ss->expected_username = NULL;
ss->expected_password = NULL;
/* not to mix up the client and server messages */
ss->verbosity = torture_libssh_verbosity();
ss->log_file = strdup(log_file);
ss->auth_methods = SSH_AUTH_METHOD_GSSAPI_MIC;
#ifdef WITH_PCAP
ss->with_pcap = 1;
ss->pcap_file = strdup(s->pcap_file);
assert_non_null(ss->pcap_file);
#endif
/* TODO make configurable */
ss->max_tries = 3;
ss->error = 0;
/* Use the default session handling function */
ss->handle_session = default_handle_session_cb;
assert_non_null(ss->handle_session);
/* Do not use global configuration */
ss->parse_global_config = false;
/* Enable GSSAPI key exchange */
ss->gssapi_key_exchange = true;
ss->gssapi_key_exchange_algs = "gss-group14-sha256-,gss-group16-sha512-";
tss->state = s;
tss->ss = ss;
*state = tss;
}
static int
setup_default_server(void **state)
{
struct torture_state *s = NULL;
struct server_state_st *ss = NULL;
struct test_server_st *tss = NULL;
char pid_str[1024];
pid_t pid;
int rc;
setup_config(state);
tss = *state;
ss = tss->ss;
s = tss->state;
setenv("NSS_WRAPPER_HOSTNAME", "server.libssh.site", 1);
/* Start the server using the default values */
pid = fork_run_server(ss, free_test_server_state, &tss);
if (pid < 0) {
fail();
}
snprintf(pid_str, sizeof(pid_str), "%d", pid);
torture_write_file(s->srv_pidfile, (const char *)pid_str);
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
unsetenv("PAM_WRAPPER");
/* Wait until the sshd is ready to accept connections */
rc = torture_wait_for_daemon(5);
assert_int_equal(rc, 0);
*state = tss;
return 0;
}
static int
teardown_default_server(void **state)
{
struct torture_state *s = NULL;
struct server_state_st *ss = NULL;
struct test_server_st *tss = NULL;
tss = *state;
assert_non_null(tss);
s = tss->state;
assert_non_null(s);
ss = tss->ss;
assert_non_null(ss);
/* This function can be reused */
torture_teardown_sshd_server((void **)&s);
free_server_state(tss->ss);
SAFE_FREE(tss->ss);
SAFE_FREE(tss);
return 0;
}
static int
session_setup(void **state)
{
struct test_server_st *tss = *state;
struct torture_state *s;
int verbosity = torture_libssh_verbosity();
char *cwd = NULL;
bool b = false;
int rc;
assert_non_null(tss);
/* Make sure we do not test the agent */
unsetenv("SSH_AUTH_SOCK");
cwd = torture_get_current_working_dir();
assert_non_null(cwd);
tss->cwd = cwd;
s = tss->state;
assert_non_null(s);
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session,
SSH_OPTIONS_USER,
TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
/* Make sure no other configuration options from system will get used */
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
assert_ssh_return_code(s->ssh.session, rc);
return 0;
}
static int
session_teardown(void **state)
{
struct test_server_st *tss = *state;
struct torture_state *s;
int rc = 0;
assert_non_null(tss);
s = tss->state;
assert_non_null(s);
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);
rc = torture_change_dir(tss->cwd);
assert_int_equal(rc, 0);
SAFE_FREE(tss->cwd);
return 0;
}
static void
torture_gssapi_server_key_exchange(void **state)
{
struct test_server_st *tss = *state;
struct torture_state *s;
ssh_session session;
int rc;
bool t = true;
assert_non_null(tss);
s = tss->state;
assert_non_null(s);
session = s->ssh.session;
assert_non_null(session);
/* Valid */
torture_setup_kdc_server(
(void **)&s,
"kadmin.local addprinc -randkey host/server.libssh.site\n"
"kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site\n"
"kadmin.local addprinc -pw bar alice\n"
"kadmin.local list_principals",
"echo bar | kinit alice");
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE, &t);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_GSSAPI_KEY_EXCHANGE_ALGS, "gss-group16-sha512-");
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_connect(session);
fprintf(stderr, "%s", ssh_get_error(session));
assert_int_equal(rc, SSH_OK);
torture_teardown_kdc_server((void **)&s);
}
int
torture_run_tests(void)
{
int rc;
struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(torture_gssapi_server_key_exchange,
session_setup,
session_teardown),
};
ssh_init();
torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests,
setup_default_server,
teardown_default_server);
ssh_finalize();
pthread_exit((void *)&rc);
}

6
tests/unittests/torture_config.c
View File

@@ -93,7 +93,8 @@ extern LIBSSH_THREAD int ssh_log_level;
"\tGSSAPIServerIdentity example.com\n" \
"\tGSSAPIClientIdentity home.sweet\n" \
"\tUserKnownHostsFile "USER_KNOWN_HOSTS"\n" \
"\tRequiredRSASize 2233\n"
"\tRequiredRSASize 2233\n" \
"\tGSSAPIKexAlgorithms gss-group14-sha256-\n"
/* authentication methods */
#define LIBSSH_TESTCONFIG_STRING8 \
@@ -648,6 +649,9 @@ static void torture_config_new(void ** state,
assert_int_equal(session->opts.gss_delegate_creds, 1);
assert_string_equal(session->opts.gss_server_identity, "example.com");
assert_string_equal(session->opts.gss_client_identity, "home.sweet");
#ifdef WITH_GSSAPI
assert_string_equal(session->opts.gssapi_key_exchange_algs, "gss-group14-sha256-");
#endif /* WITH_GSSAPI */
assert_int_equal(ssh_get_log_level(), SSH_LOG_TRACE);
assert_int_equal(session->common.log_verbosity, SSH_LOG_TRACE);

64
tests/valgrind.supp
View File

@@ -255,6 +255,70 @@
## libkrb5
# krb5_mcc_generate_new allocates a hashtab on a static global variable
# It doesn't get freed.
{
Reachable memory from getaddrinfo
Memcheck:Leak
match-leak-kinds: reachable
fun:malloc
fun:malloc
fun:strdup
fun:_dl_load_cache_lookup
fun:_dl_map_object
fun:dl_open_worker_begin
fun:_dl_catch_exception
fun:dl_open_worker
fun:_dl_catch_exception
fun:_dl_open
fun:do_dlopen
fun:_dl_catch_exception
fun:_dl_catch_error
fun:dlerror_run
...
fun:getaddrinfo
...
fun:gss_init_sec_context
fun:ssh_gssapi_init_ctx
...
fun:ssh_userauth_gssapi
fun:torture_gssapi_auth_server_identity
...
fun:_cmocka_run_group_tests
fun:torture_run_tests
fun:main
}
{
Reachable memory from getaddrinfo
Memcheck:Leak
match-leak-kinds: reachable
fun:malloc
fun:UnknownInlinedFun
fun:_dl_new_object
fun:_dl_map_object_from_fd
fun:_dl_map_object
fun:dl_open_worker_begin
fun:_dl_catch_exception
fun:dl_open_worker
fun:_dl_catch_exception
fun:_dl_open
fun:do_dlopen
fun:_dl_catch_exception
fun:_dl_catch_error
fun:dlerror_run
...
fun:getaddrinfo
...
fun:gss_init_sec_context
fun:ssh_gssapi_init_ctx
...
fun:ssh_userauth_gssapi
fun:torture_gssapi_auth_server_identity
...
fun:_cmocka_run_group_tests
fun:torture_run_tests
fun:main
}
{
Reachable memory from libkrb5
Memcheck:Leak