[PATCH] heimdal-kdc: allow checksum of PA-FOR-USER to be HMAC_MD5

Isaac Boukris iboukris at gmail.com
Mon May 20 18:20:54 UTC 2019


Hi again,

On Mon, Nov 12, 2018 at 8:28 PM Isaac Boukris <iboukris at gmail.com> wrote:
>
> Find attached fix for s4u2self from windows and MIT clients using aes
> tgt session key against heimdal-kdc.
>
> Pipeline: https://gitlab.com/samba-team/devel/samba/pipelines/36299057
>
> Upstream PR: https://github.com/heimdal/heimdal/pull/439

Upstream PR finally landed (see also #576) so I'd like to re-propose
the new attached patch to Samba.
The changes are now exercised when kinit used rc4 enctype (should be
triggered in Samba's fl2003dc environment where AES isn't supported).

New pipeline:
https://gitlab.com/samba-team/devel/samba/pipelines/62234600

Thanks,
Isaac
-------------- next part --------------
From 7bf9a326a93c000c72e79fea029f1f1fc0340345 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris at gmail.com>
Date: Mon, 12 Nov 2018 12:26:25 +0200
Subject: [PATCH] kdc: allow checksum of PA-FOR-USER to be HMAC_MD5

even if tgt used an enctype with a different checksum.

Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always
HMAC_MD5, and that's what Windows and MIT clients send.

In heimdal both the client and kdc use instead the
checksum of the tgt, and therefore work with each other
but windows and MIT clients fail against heimdal KDC.

Both Windows and MIT KDC would allow any keyed checksum
to be used so Heimdal client work fine against it.

Change Heimdal KDC to allow HMAC_MD5 even for non RC4
based tgt in order to support per-spec clients.

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
---
 source4/heimdal/kdc/krb5tgs.c               | 30 +++++++++++++++++++++++------
 source4/heimdal/lib/krb5/version-script.map |  1 +
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index ff7d93138c0..186856387ef 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1946,12 +1946,30 @@ server_lookup:
 		goto out;
 	    }
 
-	    ret = krb5_verify_checksum(context,
-				       crypto,
-				       KRB5_KU_OTHER_CKSUM,
-				       datack.data,
-				       datack.length,
-				       &self.cksum);
+	    if (crypto->et->keyed_checksum != NULL &&
+	        crypto->et->keyed_checksum->type != self.cksum.cksumtype &&
+	        self.cksum.cksumtype == CKSUMTYPE_HMAC_MD5) {
+		unsigned char csdata[16];
+		Checksum cs;
+
+		cs.checksum.length = sizeof(csdata);
+		cs.checksum.data = &csdata;
+
+		ret = _krb5_HMAC_MD5_checksum(context, &crypto->key,
+					      datack.data, datack.length,
+					      KRB5_KU_OTHER_CKSUM, &cs);
+		if (ret == 0 &&
+		    krb5_data_ct_cmp(&cs.checksum, &self.cksum.checksum) != 0)
+		    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+	    }
+	    else {
+		ret = krb5_verify_checksum(context,
+					   crypto,
+					   KRB5_KU_OTHER_CKSUM,
+					   datack.data,
+					   datack.length,
+					   &self.cksum);
+	    }
 	    krb5_data_free(&datack);
 	    krb5_crypto_destroy(context, crypto);
 	    if (ret) {
diff --git a/source4/heimdal/lib/krb5/version-script.map b/source4/heimdal/lib/krb5/version-script.map
index ddae2a06764..b95ba92f4f6 100644
--- a/source4/heimdal/lib/krb5/version-script.map
+++ b/source4/heimdal/lib/krb5/version-script.map
@@ -764,6 +764,7 @@ HEIMDAL_KRB5_2.0 {
 		_krb5_principalname2krb5_principal;
 		_krb5_put_int;
 		_krb5_s4u2self_to_checksumdata;
+		_krb5_HMAC_MD5_checksum;
 
 		# kinit helper
 		krb5_get_init_creds_opt_set_pkinit_user_certs;
-- 
2.14.5



More information about the samba-technical mailing list