Kevin Bulebush created DIRKRB-97:
------------------------------------
Summary: NPE while calling KdcConnection.changePassword
Key: DIRKRB-97
URL: https://issues.apache.org/jira/browse/DIRKRB-97
Project: Directory Kerberos
Issue Type: Bug
Components: changepw
Affects Versions: 2.0.0-M12
Environment: Sun JDK 7 + Active Directory
Reporter: Kevin Bulebush
Assignee: Emmanuel Lecharny
Calling org.apache.directory.kerberos.client.KdcConnection.changePassword()
will result in an NPE if a reply is received from the ActiveDirectory server,
regardless of password change success or failure.
StackTrace:
org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException:
Request failed due to a hard error in processing the request.
at
org.apache.directory.kerberos.client.KdcConnection.changePassword(KdcConnection.java:619)
at com.test.PasswordChangeUtil.main(KPasswordChange.java:52)
Caused by: java.lang.NullPointerException
at
org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler.decrypt(CipherTextHandler.java:118)
at
org.apache.directory.kerberos.client.KdcConnection.changePassword(KdcConnection.java:605)
... 1 more
Fix:
The Change Password spec
(http://tools.ietf.org/html/draft-ietf-cat-kerb-chg-password-02) says:
"This KRB-PRIV message [OF THE REPLY] must be generated using the subkey in the
Authenticator in the AP-REQ data."
Therefore line 605 of KdcConnection is using the incorrect key.
byte[] data = cipherTextHandler.decrypt( encApRepPart.getSubkey(),
replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
Patch:
-byte[] data = cipherTextHandler.decrypt( encApRepPart.getSubkey(),
replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
+byte[] data = cipherTextHandler.decrypt( subKey, replyPriv.getEncPart(),
KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY )
This leaves a few unused variables that can be cleaned up as well.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
