directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiajia Li (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (DIRKRB-614) Kerby (simplekdc) fails to handle unknown PADATA
Date Mon, 19 Jun 2017 05:20:00 GMT

     [ https://issues.apache.org/jira/browse/DIRKRB-614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jiajia Li closed DIRKRB-614.
----------------------------
    Resolution: Fixed
      Assignee: Jiajia Li


commit a6224d2cf60e8e18ba5e307f1a4a2bc4c01a55b4
Author: plusplusjiajia <jiajia.li@intel.com>
Date:   Wed Jun 14 10:43:46 2017 +0800

    Fix DIRKRB-614 and DIRKRB-631.


> Kerby (simplekdc) fails to handle unknown PADATA 
> -------------------------------------------------
>
>                 Key: DIRKRB-614
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-614
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC2
>         Environment: SimpleKDC 
>            Reporter: Bolke de Bruin
>            Assignee: Jiajia Li
>         Attachments: kerb_heimdal.pcapng, kerb.pcap
>
>
> I am using simplekdc wrapped in an application to allow CI for Apache Airflow.
> While testing I found out that on my development system (OS X - Heimdal with MIT Shim)
everything worked fine, but when moving over to the CI (MIT) system it stopped working with
the following error.
> {code}
> 2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error occured
while processing request:
> org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
> 	at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:85)
> 	at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:70)
> 	at org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(KdcRequest.java:208)
> 	at org.apache.kerby.kerberos.kerb.server.request.KdcRequest.process(KdcRequest.java:168)
> 	at org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(KdcHandler.java:115)
> 	at org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.handleMessage(DefaultKdcHandler.java:67)
> 	at org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:52)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: Unexpected item context [0] [tag=0xA0, off=0, len=3+198],
expecting 0x30
> 	at org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:210)
> 	at org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:197)
> 	at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:83)
> 	... 9 more
> {code}
> Digging in with Wireshark showed that the MIT libraries are sending extra PAData which
makes Kerby not respond (Wireshark records this as "Unknown 136"). This behavior can be replicated
by using "kvno". 
> Heimdal on OSX does not send this and gets a response.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message