From 3b4f517a3a403943877e925ae0eb1745611b996f Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 5 May 2019 18:53:27 -0400 Subject: [PATCH] Simplify SAM-2 as_key handling The ctx->gak_fct() call in sam2_process() used an empty salt instead of the default salt when the KDC did not supply an explicit salt. This bug arose when commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 changed the internal contracts around salts but did not adjust the SAM-2 code. Commit e9aa891fcdb4c08d39902ab89afb268042b60c86 fixed the resulting bug, but mistakenly did not adjust the gak_fct call to use the correct salt. Later on, the code contains a redundant call to krb5_c_string_to_key() in the non-USE_SAD_AS_KEY modes, replacing ctx->as_key. This call was properly adjusted by commit e9aa891fcdb4c08d39902ab89afb268042b60c86, so the improper gak_fct call did not manifest as a bug. Fix the gak_fct call to supply the correct salt, and remove the redundant string_to_key operation. (cherry picked from commit d48670c51460e9a74b4f4a9966f85ca6f77c1d8b) --- src/lib/krb5/krb/preauth_sam2.c | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c index 4c70021a9..c7484c47e 100644 --- a/src/lib/krb5/krb/preauth_sam2.c +++ b/src/lib/krb5/krb/preauth_sam2.c @@ -95,7 +95,6 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_prompt kprompt; krb5_prompt_type prompt_type; krb5_data defsalt, *salt; - struct gak_password *gakpw; krb5_checksum **cksum; krb5_data *scratch = NULL; krb5_boolean valid_cksum = 0; @@ -152,9 +151,8 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata, salt = ctx->default_salt ? NULL : &ctx->salt; retval = ctx->gak_fct(context, request->client, sc2b->sam_etype, - prompter, prompter_data, &ctx->salt, - &ctx->s2kparams, &ctx->as_key, - ctx->gak_data, ctx->rctx.items); + prompter, prompter_data, salt, &ctx->s2kparams, + &ctx->as_key, ctx->gak_data, ctx->rctx.items); if (retval) { krb5_free_sam_challenge_2(context, sc2); krb5_free_sam_challenge_2_body(context, sc2b); @@ -212,24 +210,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata, /* Get encryption key to be used for checksum and sam_response */ if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) { - /* as_key = string_to_key(password) */ - - if (ctx->as_key.length) { - krb5_free_keyblock_contents(context, &ctx->as_key); - ctx->as_key.length = 0; - } - - /* generate a key using the supplied password */ - gakpw = ctx->gak_data; - retval = krb5_c_string_to_key(context, sc2b->sam_etype, - gakpw->password, salt, &ctx->as_key); - - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - if (defsalt.length) free(defsalt.data); - return(retval); - } + /* Retain as_key from above gak_fct call. */ if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) { /* as_key = combine_key (as_key, string_to_key(SAD)) */