oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: require strengthen_key when FAST + GSS PA

Browse Source 
Always require a strengthen key to be used if GSS pre-authentication is used
within FAST. TRhis avoids a MITM attack that could result in unintended
privilege escalation, should a KDC add additional positive authorization data
from the armor ticket to the issued ticket.

An upcoming revision of the draft will reflect this.
This commit is contained in:
Luke Howard
2021-12-13 12:36:27 +11:00
parent 007cc9fdc3
commit f95f4bc99e
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/krb5/init_creds_pw.c
View File

@@ -1336,8 +1336,22 @@ pa_data_to_md_gss(krb5_context context,
(ctx->fast_state.flags & KRB5_FAST_EXPECTED) &&
(ctx->fast_state.flags & KRB5_FAST_KDC_VERIFIED))
ret = 0;
if (ret == 0)
if (ret == 0) {
/*
* Always require a strengthen key if FAST was used, to avoid a MITM
* attack that could result in unintended privilege escalation should
* the KDC add positive authorization data from the armor ticket.
*/
if ((ctx->fast_state.flags & KRB5_FAST_EXPECTED) &&
ctx->fast_state.strengthen_key == NULL) {
krb5_set_error_message(context, HEIM_ERR_PA_CANT_CONTINUE,
"FAST GSS pre-authentication without strengthen key");
ret = KRB5_KDCREP_MODIFIED;
goto out;
}
pa_gss_ctx->open = 1;
}
if (output_token.length) {
ret = krb5_padata_add(context, out_md, KRB5_PADATA_GSS,