locked
CRITICAL_PROCESS_FAULT_c0000005_kerberos.dll!ASN1Enc_KERB_KDC_REQUEST_BODY RRS feed

  • Question

  • I am writing a custom key storage provider using CNG to do a logon using certificates. 

    At the moment I am stuck with an exception in the kerberos.dll that I just can't resolve. My KSP get's called by winlogon, delivers the certificate and sign's it. However, after the second call to sign the logon process crashes with the following stack:

    00000082`abafcb10 00007fff`0cac159b : 00000276`3f8cfeb0 00000000`00000a79 00000276`3f8cfeb0 00000082`00000a83 : kerberos!ASN1Enc_KERB_KDC_REQUEST_BODY+0x480
    00000082`abafcb60 00007fff`0d154d50 : 00000276`3f8cfeb0 00000276`000009fa 00000000`00000010 00000000`000009eb : kerberos!ASN1Enc_KERB_AS_REQUEST+0x24b
    00000082`abafcbb0 00007fff`0cabd1c6 : 00000000`0000003c 00000082`abafcd00 00000000`00000000 00000000`00000000 : msasn1!ASN1_Encode+0xa0
    00000082`abafcbe0 00007fff`0cabba0d : 00000276`3fa4aa48 00000082`abafd540 00000276`3fa4aa48 00000000`00000000 : kerberos!KerbGetAuthenticationTicketEx+0x14e6
    00000082`abafd420 00007fff`0cb0c9f7 : 00000276`3fa4a9c0 00000000`00000000 00000000`00000000 00000000`00000000 : kerberos!KerbGetTicketGrantingTicket+0x29d
    00000082`abafd5e0 00007fff`0cb0ecf6 : 00000082`abafe6c0 00000082`abafe6c8 00000082`abafe6b0 00000082`abafe22c : kerberos!KerbILogonUserEx2+0x20e7
    00000082`abafdba0 00007fff`0cde12d0 : 00000000`80090311 00000082`abafdce0 00000000`c000005e 000001e2`bf0d3f40 : kerberos!LsaApLogonUserEx2+0xa6
    00000082`abafdc40 00007fff`0cde0946 : 00000276`3f844270 00000276`3f844270 00000000`00000002 00000000`00000000 : lsasrv!NegLogonUserEx2Worker+0x6a8
    00000082`abafddd0 00007fff`0cde0515 : 00007fff`0c7b8db8 00000000`00000009 00000000`00000001 00000082`abafe160 : lsasrv!NegLogonUserEx2+0x2b6
    00000082`abafe0b0 00007fff`0cdfd94e : 00000000`00000001 00000276`3ed1ce78 00000276`3ed1ce78 00000000`00000001 : lsasrv!LsapCallAuthPackageForLogon+0x101
    00000082`abafe160 00007fff`0cde4390 : 00000000`000000f4 00000276`00000002 00000276`3f844270 00000000`00000002 : lsasrv!LsapAuApiDispatchLogonUser+0x38e
    00000082`abafe530 00007fff`0c371467 : 00000276`00000000 00000000`00000004 00000000`00000bb0 00007fff`1053e61e : lsasrv!SspiExLogonUser+0x3c0
    00000082`abafe900 00007fff`10587de3 : 00000276`3fa4c7b0 00000276`3f8441f0 00000276`3f844200 00000000`00000002 : sspisrv!SspirLogonUser+0x247
    00000082`abafea80 00007fff`105ebc6d : 00000276`3f86ee60 00000082`abafeea0 00000000`0000000a 00007fff`0c374820 : rpcrt4!Invoke+0x73
    00000082`abafeb40 00007fff`1051a8dc : 00000000`017d7840 0000644a`812e2b07 00000276`3f8ef468 00007fff`10cc0202 : rpcrt4!Ndr64StubWorker+0xbfd
    00000082`abaff210 00007fff`1056a194 : 00000000`00000001 00007fff`1056889a 00000276`3ec80000 00007fff`10ca86ec : rpcrt4!NdrServerCallAll+0x3c
    00000082`abaff260 00007fff`105690ad : ffffffff`000000d0 00000276`00000000 00000082`abaff440 00000276`000000d0 : rpcrt4!DispatchToStubInCNoAvrf+0x24
    00000082`abaff2b0 00007fff`1056995b : 00000000`00000000 abababab`dededede 00000276`00000000 00000000`00000000 : rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x1bd
    00000082`abaff380 00007fff`10549afc : 00000082`abaff520 00000276`3f86ee60 00000000`00000001 00007fff`1056862d : rpcrt4!RPC_INTERFACE::DispatchToStub+0xcb
    00000082`abaff3e0 00007fff`10549f7c : 00000000`0001ccc0 00000276`3edf3610 00000082`abaff589 00000276`3f844170 : rpcrt4!LRPC_SCALL::DispatchRequest+0x34c
    00000082`abaff4c0 00007fff`1056426c : 0000009a`00000000 00000276`3edb4000 00000000`00000000 00000000`00000000 : rpcrt4!LRPC_SCALL::HandleRequest+0x2bc
    00000082`abaff5e0 00007fff`10565acb : 00000276`3ed507f0 00000276`3ed507f0 00000276`00000001 00000276`3edd0000 : rpcrt4!LRPC_ADDRESS::HandleRequest+0x36c
    00000082`abaff690 00007fff`105585ca : 00000000`00000001 00000082`abaffb38 00000000`00000000 00007fff`10600f74 : rpcrt4!LRPC_ADDRESS::ProcessIO+0x91b
    00000082`abaff7d0 00007fff`10ca2bbe : 00000276`3f86ee60 00000276`3edd0940 00000000`7ffe03b0 00000276`3ec80000 : rpcrt4!LrpcIoComplete+0xaa
    00000082`abaff870 00007fff`10ca3699 : 00000000`00000004 00000276`00000000 00000276`3fa61040 00000000`00000000 : ntdll!TppAlpcpExecuteCallback+0x25e
    00000082`abaff920 00007fff`0fde8364 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x8d9
    00000082`abaffd20 00007fff`10cd70d1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
    00000082`abaffd50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
    

    I assume that the encryption is failing somewhere reading my certificate, unfortunately I don't know what exactly is wrong as the certificate is valid, read from a pem file and converted to DER using the CryptStringToBinaryA-Function that returns without error. Has anybody got an idea what could be wrong?

    Regards,

    Frank

    Thursday, February 23, 2017 2:25 PM