[1710] in Kerberos-V5-bugs
bug with error returning in AP_REQ
daemon@ATHENA.MIT.EDU (Brian Murrell)
Thu Nov 9 22:46:00 1995
Date: Thu, 9 Nov 1995 19:42:09 -0800 (PST)
From: Brian Murrell <murrell@bctel.net>
To: krb5-bugs@MIT.EDU
Hi Folx,
I'm trying to get Kerberos 5 running on our network here, so I've opted
for V5. I've ftp'd BETA 5 as of May 5, 1995 and got it compiled here on Solaris
2.4 using the SparcWorks compiler.
I seem to have a decryption integrity problem on a client when I try to
krlogin to it. This is not what I bug report however. I found that my krlogin
client and krlogind server would deadlock, waiting for data from each other.
I've traced it down to src/lib/krb5/krb/recvauth.c. I have added many lines of
debuggery to track this down, so my linenumbering will be out, however there is
a code segment in krb5_recvauth() which reads:
if (!problem) {
retval = krb5_write_message(context, fd, &outbuf);
if (outbuf.data)
krb5_xfree(outbuf.data);
if (retval)
goto cleanup;
} else {
/* We sent back an error, we need cleanup then return */
retval = problem;
goto cleanup;
}
This is found about 27 lines after the comment which reads:
/*
* If there was a problem, send back a krb5_error message,
* preceeded by the length of the krb5_error message. If
* everything's ok, send back 0 for the length.
*/
The code block above seems to contradict the comment. The reply is only sent
back to the client if there is NO ERROR. This is why my client and server
deadlock. I replace the above block with:
retval = krb5_write_message(context, fd, &outbuf);
if (outbuf.data)
krb5_xfree(outbuf.data);
if (retval) {
retval = problem;
goto cleanup;
}
which is essentially the same as what was done for success only. Now my krlogin
client returns with:
Couldn't authenticate to server: Server rejected authentication (during sendauth
exchange)
Server returned error code 31 (Decrypt integrity check failed)
Error text sent from server: Decrypt integrity check failed
rlogin: kcmd to host googol failed - Server rejected authentication (during
sendauth exchange)
trying normal rlogin (/bin/rlogin)
after attempting to connect. This is more like what I'd expect.
This was an ugly little bugger to track down. I must have been working
on it for the last day and a half. Mind you I figured out that I was getting
decrypt integrity check failures before I found the aboved detailed problem and
had the krlogin tell me that. :-)
Any ideas on why I'm getting a CRC error on my decrypted AP_REQ?? Are there any
patches available (I'm sure some code has been patched since May '95) to fix any
other bugs I hope to not come across??
Thanx,
b.
--
Brian J. Murrell murrell@bctel.net
BCTel Advanced Communications brian@ilinx.com
Vancouver, B.C. brian@wimsey.com
604 454 5261
