[2613] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-libs/325: Error in SAM_RESPONSE generation

daemon@ATHENA.MIT.EDU (Kenneth D. Renard" (CICC/HPCD))
Tue Dec 24 10:34:21 1996

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU,
        "Kenneth D. Renard" (CICC/HPCD) <kdrenard@ARL.MIL>
Date: Tue, 24 Dec 96 10:31:46 EST
From: "Kenneth D. Renard" (CICC/HPCD) <kdrenard@ARL.MIL>
To: krb5-bugs@MIT.EDU


>Number:         325
>Category:       krb5-libs
>Synopsis:       required timestamp not included in SAM_RESPONSE generation
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue Dec 24 10:34:00 EST 1996
>Last-Modified:
>Originator:     Kenneth D. Renard <kdrenard@arl.mil>
>Organization:
Army Research Lab - Advanced Development Team

>Release:        1.0
>Environment:

 All architectures
                               
>Description:

        AS_REQ generation with SAM preauth does not include required ASN.1
        field (timestamp or nonce) when sam_challenge->sam_flags !=
        KRB5_SAM_USE_SAD_AS_KEY)

>How-To-Repeat:

        Create a preauth system that uses KRB5_SAM_SEND_ENCRYPTED_SAD,
        and client will generate incomplete sam_response (no timestamp
        or nonce).  KDC will choke on ASN.1 decoding (missing required
        field...) when decoding sam_response

>Fix:
        <how to correct or work around the problem, if known (multiple lines)>
        Move nonce/timestamp generation up a few lines for cases other than
        "if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)"
                               
$ rcsdiff -c -r1.1 preauth.c
===================================================================
RCS file: RCS/preauth.c,v
retrieving revision 1.1
diff -c -r1.1 preauth.c
*** 1.1 1996/12/23 15:03:41
--- preauth.c   1996/12/24 15:15:28
***************
*** 518,523 ****
--- 518,533 ----
      }

      enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
+     if (sam_challenge->sam_nonce) {
+       /* use nonce in the next AS request? */
+     } else {
+       retval = krb5_us_timeofday(context,
+                                  &enc_sam_response_enc.sam_timestamp,
+                                  &enc_sam_response_enc.sam_usec);
+       sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp;
+     }
+     if (retval)
+       return retval;
      if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
        /* encrypt passcode in key by stuffing it here */
        int pcsize = 256;
***************
*** 533,548 ****
        enc_sam_response_enc.sam_passcode.data = passcode;
        enc_sam_response_enc.sam_passcode.length = pcsize;
      } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
-       if (sam_challenge->sam_nonce) {
-       /* use nonce in the next AS request? */
-       } else {
-       retval = krb5_us_timeofday(context,
-                                  &enc_sam_response_enc.sam_timestamp,
-                                  &enc_sam_response_enc.sam_usec);
-       sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp;
-       }
-       if (retval)
-       return retval;
        prompt = handle_sam_labels(sam_challenge);
        retval = sam_get_pass_from_user(context, etype_info, key_proc,
                                      key_seed, request, &sam_use_key,
--- 543,548 ----

>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post