[2613] in Kerberos-V5-bugs
krb5-libs/325: Error in SAM_RESPONSE generation
daemon@ATHENA.MIT.EDU (Kenneth D. Renard" (CICC/HPCD))
Tue Dec 24 10:34:21 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU,
"Kenneth D. Renard" (CICC/HPCD) <kdrenard@ARL.MIL>
Date: Tue, 24 Dec 96 10:31:46 EST
From: "Kenneth D. Renard" (CICC/HPCD) <kdrenard@ARL.MIL>
To: krb5-bugs@MIT.EDU
>Number: 325
>Category: krb5-libs
>Synopsis: required timestamp not included in SAM_RESPONSE generation
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Dec 24 10:34:00 EST 1996
>Last-Modified:
>Originator: Kenneth D. Renard <kdrenard@arl.mil>
>Organization:
Army Research Lab - Advanced Development Team
>Release: 1.0
>Environment:
All architectures
>Description:
AS_REQ generation with SAM preauth does not include required ASN.1
field (timestamp or nonce) when sam_challenge->sam_flags !=
KRB5_SAM_USE_SAD_AS_KEY)
>How-To-Repeat:
Create a preauth system that uses KRB5_SAM_SEND_ENCRYPTED_SAD,
and client will generate incomplete sam_response (no timestamp
or nonce). KDC will choke on ASN.1 decoding (missing required
field...) when decoding sam_response
>Fix:
<how to correct or work around the problem, if known (multiple lines)>
Move nonce/timestamp generation up a few lines for cases other than
"if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)"
$ rcsdiff -c -r1.1 preauth.c
===================================================================
RCS file: RCS/preauth.c,v
retrieving revision 1.1
diff -c -r1.1 preauth.c
*** 1.1 1996/12/23 15:03:41
--- preauth.c 1996/12/24 15:15:28
***************
*** 518,523 ****
--- 518,533 ----
}
enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
+ if (sam_challenge->sam_nonce) {
+ /* use nonce in the next AS request? */
+ } else {
+ retval = krb5_us_timeofday(context,
+ &enc_sam_response_enc.sam_timestamp,
+ &enc_sam_response_enc.sam_usec);
+ sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp;
+ }
+ if (retval)
+ return retval;
if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
/* encrypt passcode in key by stuffing it here */
int pcsize = 256;
***************
*** 533,548 ****
enc_sam_response_enc.sam_passcode.data = passcode;
enc_sam_response_enc.sam_passcode.length = pcsize;
} else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
- if (sam_challenge->sam_nonce) {
- /* use nonce in the next AS request? */
- } else {
- retval = krb5_us_timeofday(context,
- &enc_sam_response_enc.sam_timestamp,
- &enc_sam_response_enc.sam_usec);
- sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp;
- }
- if (retval)
- return retval;
prompt = handle_sam_labels(sam_challenge);
retval = sam_get_pass_from_user(context, etype_info, key_proc,
key_seed, request, &sam_use_key,
--- 543,548 ----
>Audit-Trail:
>Unformatted: