Skip Menu |
 

Download (untitled) / with headers
text/plain 13.6KiB
From fcusack@ratbert.iconnet.net Tue Dec 1 22:09:41 1998
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id WAA09596 for <bugs@RT-11.MIT.EDU>; Tue, 1 Dec 1998 22:09:41 -0500
Received: from ratbert.iconnet.net by MIT.EDU with SMTP
id AA28995; Tue, 1 Dec 98 22:09:20 EST
Received: (from fcusack@localhost)
by ratbert.iconnet.net (8.9.1/8.9.1) id WAA07512;
Tue, 1 Dec 1998 22:10:25 -0500 (EST)
Message-Id: <199812020310.WAA07512@ratbert.iconnet.net>
Date: Tue, 1 Dec 1998 22:10:25 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
Subject: SAM replay detection
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 670
>Category: krb5-kdc
>Synopsis: SAM doesn't protect against replays.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Dec 01 22:10:01 EST 1998
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Icon CMT Corp.
Show quoted text
>Release: krb5-current-19981119
>Environment:
N/A
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
>Description:
The sam-track-id generally contains all info needed to
verify the SAD, but it's not protected against replay.

This is the start of fixes to do that. One more fix
is needed, adding the client identity into the track-id.
Otherwise a principal can authenticate as someone else.

I'll submit the fixes for that in a day or so.

This fix probably depends on my other kdc patches;
662-665 and 668 (something like that). hmm... who
the hell got 666??? :)
Show quoted text
>How-To-Repeat:
>Fix:
Index: include/k5-int.h
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/include/k5-int.h,v
retrieving revision 1.6
diff -u -r1.6 k5-int.h
--- k5-int.h 1998/12/01 02:06:21 1.6
+++ k5-int.h 1998/12/02 03:01:03
@@ -348,6 +348,8 @@
krb5_magic magic;
krb5_keyblock sam_key;
krb5_int32 kdc_id; /* some magic to avoid esre replays */
+ krb5_timestamp stime;
+ krb5_int32 susec; /* more replay detection */
krb5_data msd; /* mechanism specific data */
} krb5_predicted_sam_response;

Index: kdc/main.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/main.c,v
retrieving revision 1.2
diff -u -r1.2 main.c
--- main.c 1998/11/25 23:34:39 1.2
+++ main.c 1998/12/02 03:01:08
@@ -60,6 +60,9 @@
static int rkey_init_done = 0;

krb5_int32 kdc_id; /* hostid for SAM replay detection */
+#ifdef USE_RCACHE
+krb5_deltat rc_lifetime;
+#endif /* USE_RCACHE */

#ifdef POSIX_SIGNALS
static struct sigaction s_action;
@@ -97,6 +100,7 @@
if (sname)
free(sname);
}
+ rc_lifetime = kcontext->clockskew;
}
if (retval)
krb5_rc_close(kcontext, kdc_rcache);
Index: kdc/preauth/pa_sam.h
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam.h,v
retrieving revision 1.3
diff -u -r1.3 pa_sam.h
--- pa_sam.h 1998/12/01 02:06:21 1.3
+++ pa_sam.h 1998/12/02 03:01:10
@@ -26,6 +26,9 @@
#include "k5-int.h"

extern krb5_int32 kdc_id;
+#ifdef USE_RCACHE
+extern krb5_deltat rc_lifetime;
+#endif /* USE_RCACHE */

/* XXX These probably need windows callconv defines? */
typedef krb5_error_code (*sam_generate_proc)
Index: kdc/preauth/pa_sam_cryptocard.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_cryptocard.c,v
retrieving revision 1.6
diff -u -r1.6 pa_sam_cryptocard.c
--- pa_sam_cryptocard.c 1998/12/01 02:06:21 1.6
+++ pa_sam_cryptocard.c 1998/12/02 03:01:20
@@ -245,6 +245,12 @@
/* Convert the SAD into a key. */
psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
psr.kdc_id = kdc_id;
+#ifdef USE_RCACHE
+ /* XXX Watch these types when time_t or krb5_timestamp changes. */
+ if (retval = krb5_us_timeofday(context, &psr.stime, &psr.susec))
+ goto cleanup;
+#endif /* USE_RCACHE */
+
if (retval = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
&predict_response, 0 /* salt */,
&psr.sam_key)) {
@@ -420,6 +426,36 @@
goto cleanup;
}

+ if (retval = krb5_timeofday(context, &timenow))
+ goto cleanup;
+
+#ifdef USE_RCACHE
+ {
+ krb5_donot_replay rep;
+ /*
+ * Verify this response came back in a timely manner.
+ * We do this b/c otherwise very old (expunged from the rcache)
+ * psr's would be able to be replayed.
+ */
+ if ((timenow < psr->stime) || /* Clock was set back */
+ (timenow - psr->stime > rc_lifetime)) {
+ com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+ "rb1 psr came back too late");
+ goto cleanup;
+ }
+
+ /* Now check the replay cache. */
+ rep.client = "sam/rc"; /* Any fixed value will do, although this */
+ rep.server = "sam/rc"; /* should not match any principal name. */
+ rep.ctime = psr->stime;
+ rep.cusec = psr->susec;
+ if (retval = krb5_rc_store(kdc_context, kdc_rcache, &rep)) {
+ com_err("krb5kdc", retval, "rb1 track-data replayed!");
+ goto cleanup;
+ }
+ }
+#endif /* USE_RCACHE */
+
scratch.length = sr->sam_enc_nonce_or_ts.ciphertext.length;
if (!scratch.length) {
com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
@@ -451,9 +487,6 @@
retval = KRB5KDC_ERR_PREAUTH_FAILED;
goto cleanup;
}
-
- if (retval = krb5_timeofday(context, &timenow))
- goto cleanup;

if (labs(timenow - sr->sam_patimestamp) > context->clockskew) {
retval = KRB5KRB_AP_ERR_SKEW;
Index: kdc/preauth/pa_sam_digi_path.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_digi_path.c,v
retrieving revision 1.6
diff -u -r1.6 pa_sam_digi_path.c
--- pa_sam_digi_path.c 1998/12/01 02:06:21 1.6
+++ pa_sam_digi_path.c 1998/12/02 03:01:21
@@ -153,6 +153,11 @@
/* Convert the SAD into a key. */
psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
psr.kdc_id = kdc_id;
+#ifdef USE_RCACHE
+ /* XXX Watch these types when time_t or krb5_timestamp changes. */
+ if (retval = krb5_us_timeofday(context, &psr.stime, &psr.susec))
+ goto cleanup;
+#endif /* USE_RCACHE */

if (retval = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
&predict_response, 0 /* salt */,
@@ -320,6 +325,36 @@
goto cleanup;
}

+ if (retval = krb5_timeofday(context, &timenow))
+ goto cleanup;
+
+#ifdef USE_RCACHE
+ {
+ krb5_donot_replay rep;
+ /*
+ * Verify this response came back in a timely manner.
+ * We do this b/c otherwise very old (expunged from the rcache)
+ * psr's would be able to be replayed.
+ */
+ if ((timenow < psr->stime) || /* Clock was set back */
+ (timenow - psr->stime > rc_lifetime)) {
+ com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+ "snk4 psr came back too late");
+ goto cleanup;
+ }
+
+ /* Now check the replay cache. */
+ rep.client = "sam/rc"; /* Any fixed value will do, although this */
+ rep.server = "sam/rc"; /* should not match any principal name. */
+ rep.stime = psr->stime;
+ rep.cusec = psr->susec;
+ if (retval = krb5_rc_store(kdc_context, kdc_rcache, &rep)) {
+ com_err("krb5kdc", retval, "snk4 track-data replayed!");
+ goto cleanup;
+ }
+ }
+#endif /* USE_RCACHE */
+
scratch.length = sr->sam_enc_nonce_or_ts.ciphertext.length;
if (!scratch.length) {
com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
@@ -350,9 +385,6 @@
retval = KRB5KDC_ERR_PREAUTH_FAILED;
goto cleanup;
}
-
- if (retval = krb5_timeofday(context, &timenow))
- goto cleanup;

if (labs(timenow - sr->sam_patimestamp) > context->clockskew) {
retval = KRB5KRB_AP_ERR_SKEW;
Index: kdc/preauth/pa_sam_grail.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_grail.c,v
retrieving revision 1.4
diff -u -r1.4 pa_sam_grail.c
--- pa_sam_grail.c 1998/12/01 02:06:22 1.4
+++ pa_sam_grail.c 1998/12/02 03:01:21
@@ -70,6 +70,11 @@

psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
psr.kdc_id = kdc_id;
+#ifdef USE_RCACHE
+ /* XXX Watch these types when time_t or krb5_timestamp changes. */
+ if (retval = krb5_us_timeofday(context, &psr.stime, &psr.susec))
+ goto cleanup;
+#endif /* USE_RCACHE */

/* For GRAIL, we ignore the sam_key, and use our own fixed key. */
if (retval = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
@@ -222,6 +227,36 @@
goto cleanup;
}

+ if (retval = krb5_timeofday(context, &timenow))
+ goto cleanup;
+
+#ifdef USE_RCACHE
+ {
+ krb5_donot_replay rep;
+ /*
+ * Verify this response came back in a timely manner.
+ * We do this b/c otherwise very old (expunged from the rcache)
+ * psr's would be able to be replayed.
+ */
+ if ((timenow < psr->stime) || /* Clock was set back */
+ (timenow - psr->stime > rc_lifetime)) {
+ com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+ "Grail psr came back too late");
+ goto cleanup;
+ }
+
+ /* Now check the replay cache. */
+ rep.client = "sam/rc"; /* Any fixed value will do, although this */
+ rep.server = "sam/rc"; /* should not match any principal name. */
+ rep.ctime = psr->stime;
+ rep.cusec = psr->susec;
+ if (retval = krb5_rc_store(kdc_context, kdc_rcache, &rep)) {
+ com_err("krb5kdc", retval, "Grail track-data replayed!");
+ goto cleanup;
+ }
+ }
+#endif /* USE_RCACHE */
+
scratch.length = sr->sam_enc_nonce_or_ts.ciphertext.length;
if (!scratch.length) {
com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
@@ -252,9 +287,6 @@
retval = KRB5KDC_ERR_PREAUTH_FAILED;
goto cleanup;
}
-
- if (retval = krb5_timeofday(context, &timenow))
- goto cleanup;

if (labs(timenow - sr->sam_patimestamp) > context->clockskew) {
retval = KRB5KRB_AP_ERR_SKEW;
Index: kdc/preauth/pa_sam_securid.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_securid.c,v
retrieving revision 1.5
diff -u -r1.5 pa_sam_securid.c
--- pa_sam_securid.c 1998/12/01 02:06:22 1.5
+++ pa_sam_securid.c 1998/12/02 03:01:21
@@ -145,6 +145,12 @@
psr.kdc_id = kdc_id;
psr.msd.data = &g_sid_track_data;
psr.msd.length = sizeof(g_sid_track_data);
+#ifdef USE_RCACHE
+ /* XXX Watch these types when time_t or krb5_timestamp changes. */
+ if (retval = krb5_us_timeofday(context, &psr.stime, &psr.susec))
+ goto cleanup;
+#endif /* USE_RCACHE */
+
/* esre will be encrypted w/ client longterm key (send-encrypted-sad) */
krb5_copy_keyblock_contents(context, &client_key, &psr.sam_key);

@@ -378,6 +384,34 @@
"Warning - possible SAM replay attack!");
goto cleanup;
}
+
+#ifdef USE_RCACHE
+ /* Probably not useful for SecurID, but what the hell. */
+ {
+ krb5_donot_replay rep;
+ /*
+ * Verify this response came back in a timely manner.
+ * We do this b/c otherwise very old (expunged from the rcache)
+ * psr's would be able to be replayed.
+ */
+ if ((timenow < psr->stime) || /* Clock was set back */
+ (timenow - psr->stime > rc_lifetime)) {
+ com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+ "SecurID psr came back too late");
+ goto cleanup;
+ }
+
+ /* Now check the replay cache. */
+ rep.client = "sam/rc"; /* Any fixed value will do, although this */
+ rep.server = "sam/rc"; /* should not match any principal name. */
+ rep.ctime = psr->stime;
+ rep.cusec = psr->susec;
+ if (retval = krb5_rc_store(kdc_context, kdc_rcache, &rep)) {
+ com_err("krb5kdc", retval, "SecurID track-data replayed!");
+ goto cleanup;
+ }
+ }
+#endif /* USE_RCACHE */

/* Sanity check */
if (psr->msd.length != sizeof(g_sid_track_data)) {
Index: lib/krb5/asn.1/asn1_k_decode.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/asn.1/asn1_k_decode.c,v
retrieving revision 1.6
diff -u -r1.6 asn1_k_decode.c
--- asn1_k_decode.c 1998/12/01 02:06:22 1.6
+++ asn1_k_decode.c 1998/12/02 03:01:27
@@ -815,6 +815,8 @@
get_field(val->sam_key,0,asn1_decode_encryption_key);
get_field(val->kdc_id,1,asn1_decode_int32);
opt_string(val->msd,2,asn1_decode_generalstring);
+ get_field(val->stime,3,asn1_decode_kerberos_time);
+ get_field(val->susec,4,asn1_decode_int32);
end_structure();
val->magic = KV5M_PREDICTED_SAM_RESPONSE;
}
Index: lib/krb5/asn.1/asn1_k_encode.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/asn.1/asn1_k_encode.c,v
retrieving revision 1.6
diff -u -r1.6 asn1_k_encode.c
--- asn1_k_encode.c 1998/12/01 02:06:22 1.6
+++ asn1_k_encode.c 1998/12/02 03:01:30
@@ -949,6 +949,8 @@
{
asn1_setup();

+ asn1_addfield(val->susec,4,asn1_encode_integer);
+ asn1_addfield(val->stime,3,asn1_encode_kerberos_time);
add_optstring(val->msd,2,asn1_encode_generalstring);
asn1_addfield(val->kdc_id,1,asn1_encode_integer);
asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key);
Index: lib/krb5/asn.1/krb5_decode.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/lib/krb5/asn.1/krb5_decode.c,v
retrieving revision 1.3
diff -u -r1.3 krb5_decode.c
--- krb5_decode.c 1998/12/01 02:06:22 1.3
+++ krb5_decode.c 1998/12/02 03:01:31
@@ -828,7 +828,7 @@
const krb5_data * code;
krb5_predicted_sam_response **rep;
{
- setup_buf_only(); /* preallocated */
+ setup_buf_only();
alloc_field(*rep,krb5_predicted_sam_response);

retval = asn1_decode_predicted_sam_response(&buf,*rep);
Show quoted text
>Audit-Trail:
>Unformatted:
From fcusack@ratbert.iconnet.net Wed Dec 2 16:55:32 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA14405 for <bugs@RT-11.MIT.EDU>; Wed, 2 Dec 1998 16:55:32 -0500
Received: from ratbert.iconnet.net by MIT.EDU with SMTP
id AA11250; Wed, 2 Dec 98 16:55:36 EST
Received: (from fcusack@localhost)
by ratbert.iconnet.net (8.9.1/8.9.1) id QAA10937;
Wed, 2 Dec 1998 16:56:27 -0500 (EST)
Message-Id: <199812022156.QAA10937@ratbert.iconnet.net>
Date: Wed, 2 Dec 1998 16:56:27 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
Subject: obvious fix for SAM replay detection
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 671
>Category: krb5-kdc
>Synopsis: I made an error in my last patch; krb5_donot_replay
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Dec 02 16:56:01 EST 1998
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Icon CMT Corp.
Show quoted text
>Release: krb5-current-19981119
>Environment:
N/A
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
>Description:
in krb5_donot_replay field name is ctime; not stime.
Show quoted text
>How-To-Repeat:
>Fix:
Index: kdc/preauth/pa_sam_digi_path.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_digi_path.c,v
retrieving revision 1.7
diff -u -r1.7 pa_sam_digi_path.c
--- pa_sam_digi_path.c 1998/12/02 03:10:57 1.7
+++ pa_sam_digi_path.c 1998/12/02 21:52:19
@@ -346,7 +346,7 @@
/* Now check the replay cache. */
rep.client = "sam/rc"; /* Any fixed value will do, although this */
rep.server = "sam/rc"; /* should not match any principal name. */
- rep.stime = psr->stime;
+ rep.ctime = psr->stime;
rep.cusec = psr->susec;
if (retval = krb5_rc_store(kdc_context, kdc_rcache, &rep)) {
com_err("krb5kdc", retval, "snk4 track-data replayed!");
Show quoted text
>Audit-Trail:
>Unformatted: