2176406 – Make sign_authdata() generate extended KDC signature [rhel-8]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2176406 - Make sign_authdata() generate extended KDC signature [rhel-8]

Summary: Make sign_authdata() generate extended KDC signature [rhel-8]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	8.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Julien Rische
QA Contact:	Michal Polovka
Docs Contact:
URL:
Whiteboard:
Depends On:	2169477
Blocks:	2211387
TreeView+	depends on / blocked

Reported:	2023-03-08 10:10 UTC by Julien Rische
Modified:	2023-11-21 12:46 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ipa-4.9.12-4.module+el8.9.0+19311+cb2600ad
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2182671 2211387 (view as bug list)
Environment:
Last Closed:	2023-11-14 15:32:50 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Fedora Pagure	freeipa issue 9373	None	None	None	2023-05-03 08:13:20 UTC
Github	freeipa freeipa pull 6785	None	open	[WIP] Handle PAC signatures based on domain and server capabilities	2023-04-24 11:42:55 UTC
Red Hat Issue Tracker	FREEIPA-9550	None	None	None	2023-03-08 10:11:16 UTC
Red Hat Issue Tracker	RHELPLAN-151030	None	None	None	2023-03-08 10:11:22 UTC
Red Hat Product Errata	RHBA-2023:6977	None	None	None	2023-11-14 15:33:36 UTC

Description Julien Rische 2023-03-08 10:10:26 UTC

Support for the PAC extended KDC signature (or "full PAC checksum") has recently been implemented upstream[1] for MIT Kerberos. The fix for bug 2169477 backports the krb5_kdc_sign_ticket() function[2] to krb5 1.18.2. This function is a replacement for krb5_pac_sign() and krb5_pac_sign_ext() functions[3], which are currently used in IPA 4.9.11[4]. These two functions do not generate the extended KDC signature, only krb5_kdc_sign_ticket() does. This is the reason why we are backporting it.

The krb5_kdc_sign_ticket() function was initially introduced[5] to support the new "ticket signature" which was introduced by Microsoft[6] to mitigate CVE-2020-17049 (bronze bit attack). This is the reason why this function expects a krb5_enc_tkt_part[7] parameter representing the encrypted part of the ticket out of which the "ticket signature" is generated.

So, the krb5_kdc_sign_ticket() function generates both the "ticket signature" and the "extended KDC signature", and needs the encrypted part of the ticket.

However, on IPA 4.9.11 the PAC is generated by setting the sign_authdata() callback[8][9]. This callback does not provide the ticket's encrypted part as parameter, making krb5_kdc_sign_ticket() not usable in practice.

To be mentioned that, according to the document[10] that made CVE-2022-37967 public, the ticket signature does not have to be present for the PAC to be accepted.


[1]  https://github.com/krb5/krb5/commit/4602a10dbe380d75d1ec00f7d34479ac9d503735
[2]  https://github.com/krb5/krb5/blob/e35b32f81f9defbcce4f2398d93a975ffb807ee7/src/include/krb5/krb5.hin#L8365-L8393 
[3]  https://github.com/krb5/krb5/blob/e35b32f81f9defbcce4f2398d93a975ffb807ee7/src/include/krb5/krb5.hin#L8351-L8363
[4]  https://pagure.io/freeipa/blob/ipa-4-9/f/daemons/ipa-kdb/ipa_kdb_mspac_v6.c#_179
[5]  https://github.com/krb5/krb5/commit/ee4e3c5c9eee061048d5b7393b8f3820d1a563a8
[6]  https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-PAC/%5bMS-PAC%5d-201123-diff.pdf
     Page 26, section 2.8.3
[7]  https://github.com/krb5/krb5/blob/krb5-1.20.1-final/src/include/krb5/krb5.hin#L1927-L1938
[8]  https://github.com/krb5/krb5/blob/4c3063afb4a4b141b70d56aa381784f7efd637c9/src/include/kdb.h#L1277-L1360
[9]  https://pagure.io/freeipa/blob/ipa-4-9/f/daemons/ipa-kdb/ipa_kdb.c#_725
[10] https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Tervoort-Breaking-Kerberos-RC4-Cipher-and-Spoofing-Windows-PACs-wp.pdf
     Page 6, 1st paragraph

Comment 3 Julien Rische 2023-04-24 11:42:55 UTC

Upstream pull request:
https://github.com/freeipa/freeipa/pull/6785

Comment 4 Julien Rische 2023-05-03 08:13:19 UTC

Upstream ticket:
https://pagure.io/freeipa/issue/9373

Comment 5 Rob Crittenden 2023-05-16 18:35:00 UTC

Fixed upstream
ipa-4-9:
https://pagure.io/freeipa/c/922d13ae7847c078b2b71540c7ebda469f0c239f

Comment 7 Florence Blanc-Renaud 2023-05-24 11:22:55 UTC

Fixed upstream
master:
https://pagure.io/freeipa/c/9cd5f49c74f28dbe070b072b394747a039cef463
https://pagure.io/freeipa/c/3f1b373cb2028416e40a26e3dd99b0f4c82525c7
https://pagure.io/freeipa/c/545a363dd2f7f551fa3ec3fed66c80b30ae3c1e1

Comment 11 Florence Blanc-Renaud 2023-06-01 06:03:52 UTC

Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/630cda5c06428825dd5604493621b9cbdab70073
https://pagure.io/freeipa/c/bbe545ff9feb972e549c743025e4a26b14ef8f89
https://pagure.io/freeipa/c/7ea3b86696f5451f1d227d365018ab7dc53024af

Comment 23 errata-xmlrpc 2023-11-14 15:32:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (idm:client and idm:DL1 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6977

Note You need to log in before you can comment on or make changes to this bug.