Issue with gssapi on OpenSolaris

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with gssapi on OpenSolaris

Markus Moeller
I have a problem on OpenSolaris with the GSSAPI. When I use the MIT
gss-sample program (with minor changes e.g. included gssapi header file)
I don't get all the context flags transfered to the server. It looks like a
bug
somewhere in the gssapi. Has anybody seen this issue or know what is
wrong in the sample program ? BTW it works on Solaris 10.

Thanks
Markus

On OpenSolaris:

$ uname -a
SunOS server1.test.com 5.11 snv_23 i86pc i386 i86pc

The first and second request sends flags:
GSS_C_MUTUAL_FLAG
GSS_C_REPLAY_FLAG
GSS_C_CONF_FLAG
GSS_C_IN TEG_FLAG


$ ./gss-client -port 10000 server1.test.com host Hello
Sending init_sec_context token (size=1759)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[hidden email]" to "host/[hidden email]", lifetime 24621, flags
1b6, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 2 }
2: { 1 2 840 113554 1 2 1 3 }
3: { 1 3 6 1 5 6 2 }
4: { 1 3 6 1 5 6 2 }
5: { 1 3 6 1 5 6 4 }
6: { 1 2 840 113554 1 2 1 1 }
7: { 1 2 840 113554 1 2 2 2 }
Signature verified.

$ ./gss-client -port 10000 server1.test.com host Hello
Sending init_sec_context token (size=1758)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[hidden email]" to "host/[hidden email]", lifetime 24618, flags
1b6, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 2 }
2: { 1 2 840 113554 1 2 1 3 }
3: { 1 3 6 1 5 6 2 }
4: { 1 3 6 1 5 6 2 }
5: { 1 3 6 1 5 6 4 }
6: { 1 2 840 113554 1 2 1 1 }
7: { 1 2 840 113554 1 2 2 2 }
Signature verified.


The server receives for the first request:
GSS_C_DELEG_FLAG
GSS_C_REPLAY_FLAG
GSS_C_INTEG_FLAG

an d for the second only:
GSS_C_DELEG_FLAG


$ /src/user1/gss-sample/gss-server -port 10000 host
context flag: GSS_C_DELEG_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_INTEG_FLAG
Accepted connection: "[hidden email]"
Received message: "Hello"
NOOP token
context flag: GSS_C_DELEG_FLAG
Accepted connection: "[hidden email]"
Received message: "Hello"
NOOP token


Wheras on Solaris 10 I get the expected result with the server getting the
exact 4 flags the client sent:
GSS_C_MUTUAL_FLAG
GSS_C_REPLAY_FLAG
GSS_C_CONF_FLAG
GSS_C_INT EG_FLAG


Solaris 10
$ uname -a
SunOS server2.test.com 5.10 Generic_118822-18 sun4u sparc SUNW,Ultra-5_10


$ ./gss-client -port 10000 server2.test.com host Hello
Sending init_sec_context token (size=1755)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[hidden email]" to "host/[hidden email]", lifetime 26716, flags
1b6, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 2 }
2: { 1 2 840 113554 1 2 1 3 }
3: { 1 3 6 1 5 6 2 }
4: { 1 3 6 1 5 6 2 }
5: { 1 3 6 1 5 6 4 }
6: { 1 2 840 113554 1 2 1 1 }
7: { 1 2 840 113554 1 2 2 2 }
Signature verified.



$ ./gss-client -port 10000 server2.test.com host Hello
Sending init_sec_context token (size=1756)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"[hidden email]" to "host/[hidden email]", lifetime 26714, flags
1b6, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 2 }
2: { 1 2 840 113554 1 2 1 3 }
3: { 1 3 6 1 5 6 2 }
4: { 1 3 6 1 5 6 2 }
5: { 1 3 6 1 5 6 4 }
6: { 1 2 840 113554 1 2 1 1 }
7: { 1 2 840 113554 1 2 2 2 }
Signature verified.

$ ./gss-server -port 10000 host
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Accepted connection: "[hidden email]"
Received message: "Hello"
NOOP token
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Accepted connection: "[hidden email]"
Received message: "Hello"
NOOP token





________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Issue with gssapi on OpenSolaris

Markus Moeller
I think I found the issue. It is bug 6310540

http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6310540

Markus

"Markus Moeller" <[hidden email]> wrote in message
news:di89u0$epj$[hidden email]...

>I have a problem on OpenSolaris with the GSSAPI. When I use the MIT
> gss-sample program (with minor changes e.g. included gssapi header file)
> I don't get all the context flags transfered to the server. It looks like
> a bug
> somewhere in the gssapi. Has anybody seen this issue or know what is
> wrong in the sample program ? BTW it works on Solaris 10.
>
> Thanks
> Markus
>
> On OpenSolaris:
>
> $ uname -a
> SunOS server1.test.com 5.11 snv_23 i86pc i386 i86pc
>
> The first and second request sends flags:
> GSS_C_MUTUAL_FLAG
> GSS_C_REPLAY_FLAG
> GSS_C_CONF_FLAG
> GSS_C_IN TEG_FLAG
>
>
> $ ./gss-client -port 10000 server1.test.com host Hello
> Sending init_sec_context token (size=1759)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "[hidden email]" to "host/[hidden email]", lifetime 24621,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
> $ ./gss-client -port 10000 server1.test.com host Hello
> Sending init_sec_context token (size=1758)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "[hidden email]" to "host/[hidden email]", lifetime 24618,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
>
> The server receives for the first request:
> GSS_C_DELEG_FLAG
> GSS_C_REPLAY_FLAG
> GSS_C_INTEG_FLAG
>
> an d for the second only:
> GSS_C_DELEG_FLAG
>
>
> $ /src/user1/gss-sample/gss-server -port 10000 host
> context flag: GSS_C_DELEG_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_INTEG_FLAG
> Accepted connection: "[hidden email]"
> Received message: "Hello"
> NOOP token
> context flag: GSS_C_DELEG_FLAG
> Accepted connection: "[hidden email]"
> Received message: "Hello"
> NOOP token
>
>
> Wheras on Solaris 10 I get the expected result with the server getting the
> exact 4 flags the client sent:
> GSS_C_MUTUAL_FLAG
> GSS_C_REPLAY_FLAG
> GSS_C_CONF_FLAG
> GSS_C_INT EG_FLAG
>
>
> Solaris 10
> $ uname -a
> SunOS server2.test.com 5.10 Generic_118822-18 sun4u sparc SUNW,Ultra-5_10
>
>
> $ ./gss-client -port 10000 server2.test.com host Hello
> Sending init_sec_context token (size=1755)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "[hidden email]" to "host/[hidden email]", lifetime 26716,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
>
>
> $ ./gss-client -port 10000 server2.test.com host Hello
> Sending init_sec_context token (size=1756)...continue needed...
>
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> "[hidden email]" to "host/[hidden email]", lifetime 26714,
> flags
> 1b6, locally initiated, open
> Name type of source name is { 1 2 840 113554 1 2 1 1 }.
> Mechanism { 1 2 840 113554 1 2 2 } supports 8 names
> 0: { 1 2 840 113554 1 2 1 1 }
> 1: { 1 2 840 113554 1 2 1 2 }
> 2: { 1 2 840 113554 1 2 1 3 }
> 3: { 1 3 6 1 5 6 2 }
> 4: { 1 3 6 1 5 6 2 }
> 5: { 1 3 6 1 5 6 4 }
> 6: { 1 2 840 113554 1 2 1 1 }
> 7: { 1 2 840 113554 1 2 2 2 }
> Signature verified.
>
> $ ./gss-server -port 10000 host
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> Accepted connection: "[hidden email]"
> Received message: "Hello"
> NOOP token
> context flag: GSS_C_MUTUAL_FLAG
> context flag: GSS_C_REPLAY_FLAG
> context flag: GSS_C_CONF_FLAG
> context flag: GSS_C_INTEG_FLAG
> Accepted connection: "[hidden email]"
> Received message: "Hello"
> NOOP token
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Issue with gssapi on OpenSolaris

Nicolas Williams
On Sat, Oct 08, 2005 at 01:10:52PM +0100, Markus Moeller wrote:
> I think I found the issue. It is bug 6310540
>
> http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6310540

Indeed, it is.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos