2176406 – Make sign_authdata() generate extended KDC signature [rhel-8]

Bug 2176406 - Make sign_authdata() generate extended KDC signature [rhel-8]

Summary: Make sign_authdata() generate extended KDC signature [rhel-8]

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	8.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Julien Rische
QA Contact:	Michal Polovka
Docs Contact:
URL:
Whiteboard:
Depends On:	2169477
Blocks:	2211387
TreeView+	depends on / blocked

Reported:	2023-03-08 10:10 UTC by Julien Rische
Modified:	2023-07-21 09:38 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ipa-4.9.12-4.module+el8.9.0+19311+cb2600ad
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2182671 2211387 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Fedora Pagure	freeipa issue 9373	None	None	None	2023-05-03 08:13:20 UTC
Github	freeipa freeipa pull 6785	None	open	[WIP] Handle PAC signatures based on domain and server capabilities	2023-04-24 11:42:55 UTC
Red Hat Issue Tracker	FREEIPA-9550	None	None	None	2023-03-08 10:11:16 UTC
Red Hat Issue Tracker	RHELPLAN-151030	None	None	None	2023-03-08 10:11:22 UTC

Description Julien Rische 2023-03-08 10:10:26 UTC

Support for the PAC extended KDC signature (or "full PAC checksum") has recently been implemented upstream[1] for MIT Kerberos. The fix for bug 2169477 backports the krb5_kdc_sign_ticket() function[2] to krb5 1.18.2. This function is a replacement for krb5_pac_sign() and krb5_pac_sign_ext() functions[3], which are currently used in IPA 4.9.11[4]. These two functions do not generate the extended KDC signature, only krb5_kdc_sign_ticket() does. This is the reason why we are backporting it.

The krb5_kdc_sign_ticket() function was initially introduced[5] to support the new "ticket signature" which was introduced by Microsoft[6] to mitigate CVE-2020-17049 (bronze bit attack). This is the reason why this function expects a krb5_enc_tkt_part[7] parameter representing the encrypted part of the ticket out of which the "ticket signature" is generated.

So, the krb5_kdc_sign_ticket() function generates both the "ticket signature" and the "extended KDC signature", and needs the encrypted part of the ticket.

However, on IPA 4.9.11 the PAC is generated by setting the sign_authdata() callback[8][9]. This callback does not provide the ticket's encrypted part as parameter, making krb5_kdc_sign_ticket() not usable in practice.

To be mentioned that, according to the document[10] that made CVE-2022-37967 public, the ticket signature does not have to be present for the PAC to be accepted.


[1]  https://github.com/krb5/krb5/commit/4602a10dbe380d75d1ec00f7d34479ac9d503735
[2]  https://github.com/krb5/krb5/blob/e35b32f81f9defbcce4f2398d93a975ffb807ee7/src/include/krb5/krb5.hin#L8365-L8393 
[3]  https://github.com/krb5/krb5/blob/e35b32f81f9defbcce4f2398d93a975ffb807ee7/src/include/krb5/krb5.hin#L8351-L8363
[4]  https://pagure.io/freeipa/blob/ipa-4-9/f/daemons/ipa-kdb/ipa_kdb_mspac_v6.c#_179
[5]  https://github.com/krb5/krb5/commit/ee4e3c5c9eee061048d5b7393b8f3820d1a563a8
[6]  https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-PAC/%5bMS-PAC%5d-201123-diff.pdf
     Page 26, section 2.8.3
[7]  https://github.com/krb5/krb5/blob/krb5-1.20.1-final/src/include/krb5/krb5.hin#L1927-L1938
[8]  https://github.com/krb5/krb5/blob/4c3063afb4a4b141b70d56aa381784f7efd637c9/src/include/kdb.h#L1277-L1360
[9]  https://pagure.io/freeipa/blob/ipa-4-9/f/daemons/ipa-kdb/ipa_kdb.c#_725
[10] https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Tervoort-Breaking-Kerberos-RC4-Cipher-and-Spoofing-Windows-PACs-wp.pdf
     Page 6, 1st paragraph

Comment 3 Julien Rische 2023-04-24 11:42:55 UTC

Upstream pull request:
https://github.com/freeipa/freeipa/pull/6785

Comment 4 Julien Rische 2023-05-03 08:13:19 UTC

Upstream ticket:
https://pagure.io/freeipa/issue/9373

Comment 5 Rob Crittenden 2023-05-16 18:35:00 UTC

Fixed upstream
ipa-4-9:
https://pagure.io/freeipa/c/922d13ae7847c078b2b71540c7ebda469f0c239f

Comment 7 Florence Blanc-Renaud 2023-05-24 11:22:55 UTC

Fixed upstream
master:
https://pagure.io/freeipa/c/9cd5f49c74f28dbe070b072b394747a039cef463
https://pagure.io/freeipa/c/3f1b373cb2028416e40a26e3dd99b0f4c82525c7
https://pagure.io/freeipa/c/545a363dd2f7f551fa3ec3fed66c80b30ae3c1e1

Comment 11 Florence Blanc-Renaud 2023-06-01 06:03:52 UTC

Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/630cda5c06428825dd5604493621b9cbdab70073
https://pagure.io/freeipa/c/bbe545ff9feb972e549c743025e4a26b14ef8f89
https://pagure.io/freeipa/c/7ea3b86696f5451f1d227d365018ab7dc53024af

Note You need to log in before you can comment on or make changes to this bug.