MS - Extensions kdc cores while making S4U2self request

Nikhil Mishra ls.niks at gmail.com
Mon Jan 26 17:00:09 EST 2009 

Hi All ,


I am trying to test MS - extensions (S4U) on kdc .
I am sending an S4U2self packet using the specifications laid by MS .

PADATA : type 129
                ENC-PART  - encrypt(krb5_pa_for_user) - type

name

realm

checksum

auth_package="Kerberos"


while taking a checksum , The specification says following :

cksum is computed by calling the KERB_CHECKSUM_HMAC_MD5 hash with the
following three parameters :

session key of TGT of the service making S4U2self request

value - 17

S4UByteArray - type - in littleendian
                        name
                        realm
                        auth_package


This is my checksum call with specified  parameters  :


krb5_c_make_checksum(context, -138 ,
                                        &(in_cred->keyblock),
                                        17,
                                        S4UByteArray, &(for_user->cksum)))


kdc cores out while processing this request.Find the debug log below :


(gdb) s
asn1_decode_pa_for_user (buf=0xbfb765c4, val=0x88712c8) at
asn1_k_decode.c:1210
1210        { begin_structure();
(gdb) n
1211            get_field(val->user,0,asn1_decode_principal_name);
(gdb) s
asn1_decode_principal_name (buf=0xbfb7657c, val=0x88712c8) at
asn1_k_decode.c:434
434         { begin_structure();
(gdb) n
435             get_field((*val)->type,0,asn1_decode_int32);
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0x00eee345 in asn1_decode_int32 (buf=0xbfb764b4, val=0x18) at
asn1_k_decode.c:389
389     integer_convert(asn1_decode_int32,krb5_int32)

(gdb) bt
#0  0x00eee345 in asn1_decode_int32 (buf=0xbfb764b4, val=0x18) at
asn1_k_decode.c:389
#1  0x00eee7c9 in asn1_decode_principal_name (buf=0xbfb7657c, val=0x88712c8)
at asn1_k_decode.c:435
#2  0x00efbab6 in asn1_decode_pa_for_user (buf=0xbfb765c4, val=0x88712c8) at
asn1_k_decode.c:1211
#3  0x00f0b320 in decode_krb5_pa_for_user (code=0xbfb76614, rep=0xbfb767a0)
at krb5_decode.c:973
#4  0x080521ce in kdc_process_s4u2self_req (context=0x88655e0,
request=0x8871978, client_princ=0x8871e20, server=0xbfb76968,
subkey=0x8871050,
    kdc_time=1233006406, for_user=0xbfb767a0, princ=0xbfb767f0,
nprincs=0xbfb767a8, status=0xbfb76834) at kdc_util.c:1924
#5  0x0804cdfa in process_tgs_req (pkt=0xbfb77b24, from=0xbfb77c40,
response=0xbfb77b20) at do_tgs_req.c:252
#6  0x0804b160 in dispatch (pkt=0xbfb77b24, from=0xbfb77c40,
response=0xbfb77b20) at dispatch.c:89
#7  0x0805a16f in process_packet (conn=0x8871830, prog=0xbfb79b5b "krb5kdc",
selflags=1) at network.c:1239
#8  0x0805ae7d in service_conn (conn=0x8871830, prog=0xbfb79b5b "krb5kdc",
selflags=1) at network.c:1568
#9  0x0805b19a in listen_and_process (prog=0xbfb79b5b "krb5kdc") at
network.c:1657
#10 0x080580a2 in main (argc=2, argv=0xbfb77da4) at main.c:725
(gdb)



Any help is appreciated .

Thanks

--Nikhil--



P.S : Although the mail is addressed to all , I am more than sure hatman
should be able to figure out better since he implemented this feature.

More information about the krbdev mailing list