[PATCH] heimdal-kdc: allow checksum of PA-FOR-USER to be HMAC_MD5
Isaac Boukris
iboukris at gmail.com
Mon Nov 12 19:28:36 UTC 2018
Find attached fix for s4u2self from windows and MIT clients using aes
tgt session key against heimdal-kdc.
Pipeline: https://gitlab.com/samba-team/devel/samba/pipelines/36299057
Upstream PR: https://github.com/heimdal/heimdal/pull/439
There is no easy way to add an automated test. To reproduce with MIT
client, set an spn on the user account, kinit the user and then run:
$ kvno -U other_user at REALM@REALM user at REALM
Note, with the fix you'd see a successful TGS response, but MIT client
code still fail as for some reason with AES enctype it expect to find
a KRB5_PADATA_S4U_X509_USER along (see verify_s4u2self_reply).
However, s4u2self on windows 7 works ok after the patch.
Thanks!
-------------- next part --------------
From 13c15ea6db356202cde2defef6337f47049eac3b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris at gmail.com>
Date: Mon, 12 Nov 2018 12:26:25 +0200
Subject: [PATCH] kdc: allow checksum of PA-FOR-USER to be HMAC_MD5
even if the tgt session key uses different hmac.
Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.
In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.
Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
---
source4/heimdal/kdc/krb5tgs.c | 30 +++++++++++++++++++++++------
source4/heimdal/lib/krb5/version-script.map | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index a888788bb6f..d2233c95051 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1939,12 +1939,30 @@ server_lookup:
goto out;
}
- ret = krb5_verify_checksum(context,
- crypto,
- KRB5_KU_OTHER_CKSUM,
- datack.data,
- datack.length,
- &self.cksum);
+ if (crypto->et->keyed_checksum != NULL &&
+ crypto->et->keyed_checksum->type != self.cksum.cksumtype &&
+ self.cksum.cksumtype == CKSUMTYPE_HMAC_MD5) {
+ unsigned char csdata[16];
+ Checksum cs;
+
+ cs.checksum.length = sizeof(csdata);
+ cs.checksum.data = &csdata;
+
+ ret = _krb5_HMAC_MD5_checksum(context, &crypto->key,
+ datack.data, datack.length,
+ KRB5_KU_OTHER_CKSUM, &cs);
+ if (ret == 0 &&
+ krb5_data_ct_cmp(&cs.checksum, &self.cksum.checksum) != 0)
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ }
+ else {
+ ret = krb5_verify_checksum(context,
+ crypto,
+ KRB5_KU_OTHER_CKSUM,
+ datack.data,
+ datack.length,
+ &self.cksum);
+ }
krb5_data_free(&datack);
krb5_crypto_destroy(context, crypto);
if (ret) {
diff --git a/source4/heimdal/lib/krb5/version-script.map b/source4/heimdal/lib/krb5/version-script.map
index ddae2a06764..b95ba92f4f6 100644
--- a/source4/heimdal/lib/krb5/version-script.map
+++ b/source4/heimdal/lib/krb5/version-script.map
@@ -764,6 +764,7 @@ HEIMDAL_KRB5_2.0 {
_krb5_principalname2krb5_principal;
_krb5_put_int;
_krb5_s4u2self_to_checksumdata;
+ _krb5_HMAC_MD5_checksum;
# kinit helper
krb5_get_init_creds_opt_set_pkinit_user_certs;
--
2.14.3
More information about the samba-technical
mailing list