How to get Service_key and the corresponding function call interface from the Samba source TGS_REP part

杨昌玉 ycy360 at 163.com
Fri Nov 15 05:48:33 MST 2013


Dear Everybody:
    My specific question and background  in detail are described below:


  1, My existing configuration environment are as follows:
      (1), Server_side, Redhat5.5 Enterprise with samba4.0.0 installed, Ip Address: 5.5.5.149; domain name: EXAMPLE.COM;
      (2), Client_side: windows Server 2003, Ip address: 5.5.5.45, host name: SMB1;
     I've followed http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO configuration is successful, that is the server-side is  configurated as AD DC.
   Now I can achieved that the client(SMB1) join to the domain EXAMPLE.COM. In the  process of SMB1 joining the EXAMPLE.COM, the kerberos authentication is occuring, At the same time, I captured AS_REQ, AS_REP, TGS_REQ and TGS_REP packets through Wireshark tool.
         
    2, My goal is find the corresponding function call interface of  Sevice_key in the source Samba from the Redhat5.5 server-side. From reading the kerberos related documentation, I learned that the Service_key is  exists in TGS_REP request packet, which used for access the server_side in the KRB_AP_REQ. 


    3、My Current Progress is that I have been found the call stacks of AS_REQ and TGS_REQ through single step debugging of gdb tool and setting the gdb level with 10.
    The call stacks are as follows:
     AS_REP call stack is:
  #0./source4/heimdal/kdc/kerberos5.c:1032
  #1../source4/heimdal/kdc/process.c:70 
       #2./source4/heimdal/kdc/process.c:242
  #3../source4/kdc/kdc.c:161
       #4../source4/kdc/kdc.c:519
  #5../lib/tevent/tevent_req.c:101
       .........


       TGS_REP call stack is:
  #0 ../source4/heimdal/kdc/krb5tgs.c:2355
  #1../source4/heimdal/kdc/process.c:97
       #2../source4/heimdal/kdc/process.c:242
       #3../source4/kdc/kdc.c:161
  #4../source4/kdc/kdc.c:519
  #5 ../lib/tevent/tevent_req.c:101
      .........
     Even so, the code is huge and very hard to learn because it related with encryption. My goal has not yet reached


      4, My urgent problems can be described: The related functions of AS_REQ, AS_REP, TGS_REQ,and TGS_REP packets are more difficult to understand, can you give a detailed explanation?
      Firstly, What are the corresponding function interface with AS_REQ, AS_REP, TGS_REQ,and TGS_REP?  In particular, the relevant parts with Service_key of TGS_REP? 
     Secondly, The call logical relationship of above packets?
    Thirdly, Specifically, as I am not very clear several functions
     1)/source4/heimdal/kdc/kerberos5.c:956 _kdc_as_rep();
     2) /source4/heimdal/kdc/krb5tgs.c:2288 _kdc_tgs_rep();
     3) /source4/heimdal/kdc/process.c:64 decode_AS_REQ() has no definition.


    Please provide some materials such as links to me if possible. Any help would be appreciated sincerely.
    Best wishes. 

                                                                                                                                     Yours sincerely, 
                                                                                                                                      Changyu Yang
                                                                                                                                Dalian University Of China



More information about the samba-technical mailing list