code review request: 7077646: gssapi wrap for CFX per-message tokens always set FLAG_ACCEPTOR_SUBKEY
weijun.wang at oracle.com
Thu Sep 22 08:05:31 PDT 2011
According to RFC 4121 :
2. Key Derivation for Per-Message Tokens
During the context initiation and acceptance sequence, the acceptor
MAY assert a subkey in the AP-REP message. If the acceptor asserts a
subkey, the base key is the acceptor-asserted subkey and subsequent
per-message tokens MUST be flagged with "AcceptorSubkey", as
described in section 4.2.2. Otherwise, if the initiator asserts a
subkey in the AP-REQ message, the base key is this subkey; if the
initiator does not assert a subkey, the base key is the session key
in the service ticket.
Java has not checked where the key comes from and always sets the
AcceptorSubkey on. This has worked well with the MIT impl because it
seems the MIT impl only checks the flag if it should be on but doesn't
when it should be off. However, Heimdal is more strict and check in both
cases and an interop error happens between Java and Heimdal.
In the customer's case, the Apple iChat program uses Heimdal's krb5 impl
and cannot communicate well with the Openfire Java jabber server.
I would like >= 2 reviewers so it can be backported to a 7u release. I'm
still working on a 6u solution at the moment.
-------- Original Message --------
*Change Request ID*: 7077646
*Synopsis*: gssapi wrap for CFX per-message tokens always set
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
gssapi wrap for CFX per-message tokens always set FLAG_ACCEPTOR_SUBKEY
even though the acceptor doesn't send a sub key.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
attach debugger to client and see that the the acceptor doesn't send a
subkey in the authenticator, see what it sent FLAG_ACCEPTOR_SUBKEY in
all per-message tokens.
EXPECTED VERSUS ACTUAL BEHAVIOR :
send subkey or don't set flag.
This bug can be reproduced always.
More information about the security-dev