[jira] [Resolved] (DIRKRB-614) Kerby (simplekdc) fails to handle unknown PADATA

[Jiajia Li (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DIRKRB-614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiajia Li resolved DIRKRB-614.
------------------------------
    Resolution: Fixed

> Kerby (simplekdc) fails to handle unknown PADATA 
> -------------------------------------------------
>
>                 Key: DIRKRB-614
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-614
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC2
>         Environment: SimpleKDC 
>            Reporter: Bolke de Bruin
>            Assignee: Jiajia Li
>             Fix For: 1.0.1
>
>         Attachments: kerb_heimdal.pcapng, kerb.pcap
>
>
> I am using simplekdc wrapped in an application to allow CI for Apache Airflow.
> While testing I found out that on my development system (OS X - Heimdal with 
> MIT Shim) everything worked fine, but when moving over to the CI (MIT) system 
> it stopped working with the following error.
> {code}
> 2016-11-26 17:08:51,974 ERROR [pool-1-thread-3] impl.DefaultKdcHandler: Error 
> occured while processing request:
> org.apache.kerby.kerberos.kerb.KrbException: Decoding failed
>       at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:85)
>       at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:70)
>       at 
> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.kdcFindFast(KdcRequest.java:208)
>       at 
> org.apache.kerby.kerberos.kerb.server.request.KdcRequest.process(KdcRequest.java:168)
>       at 
> org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(KdcHandler.java:115)
>       at 
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.handleMessage(DefaultKdcHandler.java:67)
>       at 
> org.apache.kerby.kerberos.kerb.server.impl.DefaultKdcHandler.run(DefaultKdcHandler.java:52)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: Unexpected item context [0] [tag=0xA0, off=0, 
> len=3+198], expecting 0x30
>       at 
> org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:210)
>       at 
> org.apache.kerby.asn1.type.Asn1Encodeable.decode(Asn1Encodeable.java:197)
>       at org.apache.kerby.kerberos.kerb.KrbCodec.decode(KrbCodec.java:83)
>       ... 9 more
> {code}
> Digging in with Wireshark showed that the MIT libraries are sending extra 
> PAData which makes Kerby not respond (Wireshark records this as "Unknown 
> 136"). This behavior can be replicated by using "kvno". 
> Heimdal on OSX does not send this and gets a response.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)