Bug 1431586 – GSSAPI mechanism does not correctly report or calculate SSF values for Kerberos

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1431586 - (rhel75-cyrus-sasl-kerberos) GSSAPI mechanism does not correctly report or calculate SSF values for Kerberos

Summary:	GSSAPI mechanism does not correctly report or calculate SSF values for Kerberos

Status:	CLOSED ERRATA

Aliases:	rhel75-cyrus-sasl-kerberos

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	cyrus-sasl (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Jakub Jelen
QA Contact:	Patrik Kis
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	1472956
Blocks:	1431589 1476743
	Show dependency tree / graph

Reported:	2017-03-13 07:15 EDT by Daniel Berrange
Modified:	2018-04-10 09:19 EDT (History)
CC List:	5 users (show)

See Also:	1526735
Fixed In Version:	cyrus-sasl-2.1.26-22
Doc Type:	Enhancement
Doc Text:	Feature: The cyrus-sasl GSSAPI plugin can query the SSF value for kerberos. Reason: The cyrus-sasl GSSAPI plugin was using hardcode value 56 for SSF, which no longer reflects reality. Result: The cyrus-sasl reports correct SSF values for GSSAPI mechanism with kerberos.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-04-10 09:18:53 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0777	None	None	None	2018-04-10 09:19 EDT

Groups: None (edit)

Description Daniel Berrange 2017-03-13 07:15:00 EDT

Description of problem:
Libvirtd uses the SASL library to provide authentication, and optionally session encryption. When using the GSSAPI mechanism it is possible to request a minimum security level for the session encryption by setting the 'min_ssf' parameter in the SASL_SECPROPS property. After negotiation takes place it is possible to query the actual security level via the SASL_SSF property.

Except these appear to be mostly hardcoded lies in the GSSAPI mechanism. The 'min_ssf' is does not appear to be checked against the actual kerberos security properties, rather the code checks against a compile time constant K5_MAX_SSF.

        if (secprops->min_ssf > (K5_MAX_SSF + external)) {
            return SASL_TOOWEAK;

Similarly when querying the SSF value it reports a fixed constant

        /* FIX ME: Need to extract the proper value here */
        oparams->mech_ssf = K5_MAX_SSF;



This constant is defined as follows


#ifdef WANT_KERBEROS5_3DES
/* Check if CyberSafe flag is defined */
#ifdef CSF_GSS_C_DES3_FLAG
#define K5_MAX_SSF      112
#endif

/* Heimdal and MIT use the following */
#ifdef GSS_KRB5_CONF_C_QOP_DES3_KD
#define K5_MAX_SSF      112
#endif

#endif

#ifndef K5_MAX_SSF
/* All Kerberos implementations support DES */
#define K5_MAX_SSF      56
#endif


Where 112 corresponds to the value for 3DES, while 56 corresponds to single-DES.   So even if Kerberos is using the much strong AES-256 algorithm, SASL is at best going to report its SSF as 112, and if the app puts a min-SSF of greater than 112 in order to try to force use of AES-256, the auth request will fail.

This really limits the ability of applications like libvirtd to accurately control or report the SSF security options.

Version-Release number of selected component (if applicable):
cyrus-sasl-2.1.26-21

How reproducible:
Always

Steps to Reproduce:
1. Set  min_ssf to 128 for SASL_SECPROPS
2. Negotiate a GSSAPI w/ Kerberos5 SASL handshake with session encryption, against a krb5 server/client using AES-256
3. Set min_ssf to 56 for SASL_SECPROPS
4. Try step 2 again

Actual results:
When min_ssf is set to 128, it will fail to complete a GSSAPI handshake due to too weak SSF, even if krb is using AES-256

When using min_ssf and querying the actal SSF it reports the hardcoded 56 / 112 value.

Comment 4 Simo Sorce 2017-03-31 13:13:48 EDT

Related upstream work here:
https://github.com/krb5/krb5/pull/625

Comment 5 Simo Sorce 2017-04-13 12:44:39 EDT

And the cyrus-sasl side here:
https://github.com/cyrusimap/cyrus-sasl/pull/429

Comment 6 Simo Sorce 2017-07-17 07:36:56 EDT

Now merged upstream.
Can we get it into 7.5 ?

Comment 11 Simo Sorce 2017-07-19 07:05:31 EDT

Ok added, I hope I did it right.

Comment 25 errata-xmlrpc 2018-04-10 09:18:53 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0777

Note You need to log in before you can comment on or make changes to this bug.