Skip Menu |

To: krb5-bugs@MIT.EDU
Subject: AES/GSS combination broken
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Fri, 18 Apr 2003 01:42:47 -0400
Our GSS krb5 mechanism code limits the enctypes used to those
supported by GSS before trying to acquire the service ticket. With
the AES support in the krb5 library checked in, and no support in the
GSS mechanism for it, this means a TGT with an AES session key cannot
be used to get a service ticket with a 3DES or DES session key.

I'll bring this up on the krbdev list for discussion.

In theory, the test suite should probably be limiting the ftp or host
service to the key types supported by the GSS implementation used for
the server, in case the client-supported list is different, but since
we're only really testing the same version of client and server code
at one time, and we've tended to add the support simultaneously, it's
not a priority.
Proposed fix from discussion:

Track config-file (or compiled-in) default_tgs_enctypes and
application-supplied list separately in krb5_context. When getting an
intermediate TGT, from the ccache or from a KDC, use the config-file
version only; when getting the ultimate application ticket (even if it's
a TGT for a user running a kvno-like program), prefer the
application-supplied list if any. Distinguish the two with some context
flag, or an added argument to some internal API (unspecified).

Then we should be able to acquire and use AES TGT session keys to get
GSS-supported tickets.

We may have problems with this when we start relying on KDC referrals.
Burn that bridge when we get to it.
Subject: CVS Commit
Add a new krb5_context field for the config-file tgs_enctypes, which
applications cannot override, and use it for ticket-granting tickets needed to
acquire some desired service ticket.

To generate a diff of this commit:

cvs diff -r1.357 -r1.358 krb5/src/include/ChangeLog
cvs diff -r1.138 -r1.139 krb5/src/include/k5-int.h
cvs diff -r5.390 -r5.391 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.48 -r5.49 krb5/src/lib/krb5/krb/gc_frm_kdc.c
cvs diff -r5.70 -r5.71 krb5/src/lib/krb5/krb/init_ctx.c
Just found a memory bug. Not ready for pullup yet. (Tag "enhancement"
isn't right, but I don't see a way in the web interface to remove the
tag altogether.)

Another bug in ticket forwarding may also result in changing some of
this code further.
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.5KiB
pullups from trunk. if there is still a memory management bug
relating to [1429] it should be opened as a separate bug.

To generate a diff of this commit:

cvs diff -r1.68.2.2 -r1.68.2.3 krb5/doc/ChangeLog
cvs diff -r1.13.2.1 -r1.13.2.2 krb5/doc/definitions.texinfo
cvs diff -r1.24 -r1.24.2.1 krb5/doc/install.texinfo
cvs diff -r1.348.2.7 -r1.348.2.8 krb5/src/include/ChangeLog
cvs diff -r1.135.2.3 -r1.135.2.4 krb5/src/include/k5-int.h
cvs diff -r5.136.2.1 -r5.136.2.2 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.9 -r5.9.2.1 krb5/src/lib/crypto/etypes.c
cvs diff -r5.4 -r5.4.2.1 krb5/src/lib/crypto/pbkdf2.c
cvs diff -r1.4.2.1 -r1.4.2.2 krb5/src/lib/crypto/aes/ChangeLog
cvs diff -r1.1 -r1.1.2.1 krb5/src/lib/crypto/aes/aes_s2k.c
cvs diff -r1.18 -r1.18.2.1 krb5/src/lib/crypto/dk/ChangeLog
cvs diff -r1.6 -r1.6.2.1 krb5/src/lib/crypto/dk/dk.h
cvs diff -r1.6 -r1.6.4.1 krb5/src/lib/crypto/dk/dk_decrypt.c
cvs diff -r1.19 -r1.19.2.1
cvs diff -r1.2 -r1.2.2.1 krb5/src/lib/crypto/enc_provider/aes.c
cvs diff -r1.88 -r1.88.2.1 krb5/src/lib/kadm5/ChangeLog
cvs diff -r1.35 -r1.35.2.1 krb5/src/lib/kadm5/alt_prof.c
cvs diff -r5.378.2.7 -r5.378.2.8 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.20 -r5.20.2.1 krb5/src/lib/krb5/krb/fwd_tgt.c
cvs diff -r5.47.2.1 -r5.47.2.2 krb5/src/lib/krb5/krb/gc_frm_kdc.c
cvs diff -r5.68 -r5.68.2.1 krb5/src/lib/krb5/krb/init_ctx.c
cvs diff -r1.72.2.1 -r1.72.2.2
cvs diff -r1.76.2.1 -r1.76.2.2
Just checked more carefully, and I don't think there's a memory
management problem after all. The enctype list in the krb5_context has
an associated count and no terminating 0 value, whereas the function
interfaces tend to use a 0 terminator and no count; the allocations
varying in the addition of one extra value (for the terminator) had me
concerned, but it looks okay.