From c7047421487c0e616b881c0922937bc759114233 Mon Sep 17 00:00:00 2001

From: Nathaniel McCallum <npmccallum@redhat.com>

Date: Fri, 3 May 2013 15:44:44 -0400

Subject: [PATCH 1/3] Check for keys in encrypted timestamp/challenge

Encrypted timestamp and encrypted challenge cannot succeed if the

client has no long-term key matching the request enctypes, so do not

offer them in that case.

ticket: 7630

NPM - This is a backport from the upstream fix. See upstream commits:

  https://github.com/krb5/krb5/commit/e50482720a805ecd8c160e4a8f4a846e6327dca2

  https://github.com/krb5/krb5/commit/9593d1311fa5e6e841c429653ad35a63d17c2fdd

---

 src/kdc/kdc_preauth_ec.c    | 23 +++++++++++++++++++++--

 src/kdc/kdc_preauth_encts.c | 22 ++++++++++++++++++++--

 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c

index 9d7236c..db3ad07 100644

--- a/src/kdc/kdc_preauth_ec.c

+++ b/src/kdc/kdc_preauth_ec.c

@@ -39,8 +39,27 @@ ec_edata(krb5_context context, krb5_kdc_req *request,

          krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,

          krb5_kdcpreauth_edata_respond_fn respond, void *arg)

 {

-    krb5_keyblock *armor_key = cb->fast_armor(context, rock);

-    (*respond)(arg, (armor_key == NULL) ? ENOENT : 0, NULL);

+    krb5_boolean have_client_keys = FALSE;

+    krb5_keyblock *armor_key;

+    krb5_key_data *kd;

+    int i;

+

+    armor_key = cb->fast_armor(context, rock);

+

+    for (i = 0; i < rock->request->nktypes; i++) {

+        if (krb5_dbe_find_enctype(context, rock->client,

+                                  rock->request->ktype[i],

+                                  -1, 0, &kd) == 0) {

+            have_client_keys = TRUE;

+            break;

+        }

+    }

+

+    /* Encrypted challenge only works with FAST, and requires a client key. */

+    if (armor_key == NULL || !have_client_keys)

+        (*respond)(arg, ENOENT, NULL);

+    else

+        (*respond)(arg, 0, NULL);

 }

 static void

diff --git a/src/kdc/kdc_preauth_encts.c b/src/kdc/kdc_preauth_encts.c

index d708061..adde6e2 100644

--- a/src/kdc/kdc_preauth_encts.c

+++ b/src/kdc/kdc_preauth_encts.c

@@ -34,9 +34,27 @@ enc_ts_get(krb5_context context, krb5_kdc_req *request,

            krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,

            krb5_kdcpreauth_edata_respond_fn respond, void *arg)

 {

-    krb5_keyblock *armor_key = cb->fast_armor(context, rock);

+    krb5_boolean have_client_keys = FALSE;

+    krb5_keyblock *armor_key;

+    krb5_key_data *kd;

+    int i;

+

+    armor_key = cb->fast_armor(context, rock);

+

+    for (i = 0; i < rock->request->nktypes; i++) {

+        if (krb5_dbe_find_enctype(context, rock->client,

+                                  rock->request->ktype[i],

+                                  -1, 0, &kd) == 0) {

+            have_client_keys = TRUE;

+            break;

+        }

+    }

-    (*respond)(arg, (armor_key != NULL) ? ENOENT : 0, NULL);

+    /* Encrypted timestamp must not be used with FAST, and requires a key. */

+    if (armor_key != NULL || !have_client_keys)

+        (*respond)(arg, ENOENT, NULL);

+    else

+        (*respond)(arg, 0, NULL);

 }

 static void

-- 

1.8.2.1

From 4d19790527e2c9d52bb05abd6048a63a1a8c222c Mon Sep 17 00:00:00 2001

From: Greg Hudson <ghudson@mit.edu>

Date: Mon, 29 Apr 2013 14:55:31 -0400

Subject: [PATCH 2/3] Don't send empty etype info from KDC

RFC 4120 prohibits empty ETYPE-INFO2 sequences (though not ETYPE-INFO

sequences), and our client errors out if it sees an empty sequence of

either.

ticket: 7630

---

 src/kdc/kdc_preauth.c | 5 +++++

 1 file changed, 5 insertions(+)

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c

index 42a37a8..5c3b615 100644

--- a/src/kdc/kdc_preauth.c

+++ b/src/kdc/kdc_preauth.c

@@ -1404,6 +1404,11 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,

             seen_des++;

         }

     }

+

+    /* If the list is empty, don't send it at all. */

+    if (i == 0)

+        goto cleanup;

+

     if (etype_info2)

         retval = encode_krb5_etype_info2(entry, &scratch);

     else

-- 

1.8.2.1

From a04cf2e89f4101eb6c2ec44ef1948976fe5fe9d3 Mon Sep 17 00:00:00 2001

From: Greg Hudson <ghudson@mit.edu>

Date: Thu, 2 May 2013 16:15:32 -0400

Subject: [PATCH 3/3] Make AS requests work with no client key

If we cannot find a client key while preparing an AS reply, give

preauth mechanisms a chance to replace the reply key before erroring

out.

ticket: 7630

---

 src/kdc/do_as_req.c   | 36 ++++++++++++++++++++----------------

 src/kdc/kdc_preauth.c |  6 ++++++

 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c

index 79da300..cb91803 100644

--- a/src/kdc/do_as_req.c

+++ b/src/kdc/do_as_req.c

@@ -195,23 +195,18 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)

                                    useenctype, -1, 0, &client_key))

             break;

     }

-    if (!(client_key)) {

-        /* Cannot find an appropriate key */

-        state->status = "CANT_FIND_CLIENT_KEY";

-        errcode = KRB5KDC_ERR_ETYPE_NOSUPP;

-        goto egress;

-    }

-    state->rock.client_key = client_key;

-    /* convert client.key_data into a real key */

-    if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, NULL,

-                                             client_key,

-                                             &state->client_keyblock,

-                                             NULL))) {

-        state->status = "DECRYPT_CLIENT_KEY";

-        goto egress;

+    if (client_key != NULL) {

+        /* Decrypt the client key data entry to get the real reply key. */

+        errcode = krb5_dbe_decrypt_key_data(kdc_context, NULL, client_key,

+                                            &state->client_keyblock, NULL);

+        if (errcode) {

+            state->status = "DECRYPT_CLIENT_KEY";

+            goto egress;

+        }

+        state->client_keyblock.enctype = useenctype;

+        state->rock.client_key = client_key;

     }

-    state->client_keyblock.enctype = useenctype;

     /* Start assembling the response */

     state->reply.msg_type = KRB5_AS_REP;

@@ -248,6 +243,14 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)

         goto egress;

     }

+    /* If we didn't find a client long-term key and no preauth mechanism

+     * replaced the reply key, error out now. */

+    if (state->client_keyblock.enctype == ENCTYPE_NULL) {

+        state->status = "CANT_FIND_CLIENT_KEY";

+        errcode = KRB5KDC_ERR_ETYPE_NOSUPP;

+        goto egress;

+    }

+

     errcode = handle_authdata(kdc_context,

                               state->c_flags,

                               state->client,

@@ -306,7 +309,8 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)

                                   &state->reply_encpart, 0,

                                   as_encrypting_key,

                                   &state->reply, &response);

-    state->reply.enc_part.kvno = client_key->key_data_kvno;

+    if (client_key != NULL)

+        state->reply.enc_part.kvno = client_key->key_data_kvno;

     if (errcode) {

         state->status = "ENCODE_KDC_REP";

         goto egress;

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c

index 5c3b615..5d12346 100644

--- a/src/kdc/kdc_preauth.c

+++ b/src/kdc/kdc_preauth.c

@@ -1473,6 +1473,9 @@ etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata,

     krb5_etype_info_entry **entry = NULL;

     krb5_data *scratch = NULL;

+    if (client_key == NULL)

+        return 0;

+

     /*

      * Skip PA-ETYPE-INFO completely if AS-REQ lists any "newer"

      * enctypes.

@@ -1576,6 +1579,9 @@ return_pw_salt(krb5_context context, krb5_pa_data *in_padata,

     krb5_key_data *     client_key = rock->client_key;

     int i;

+    if (client_key == NULL)

+        return 0;

+

     for (i = 0; i < request->nktypes; i++) {

         if (enctype_requires_etype_info_2(request->ktype[i]))

             return 0;

-- 

1.8.2.1