Bug 14864 - Heimdal prefers RC4 over AES for machine accounts
Summary: Heimdal prefers RC4 over AES for machine accounts
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.15.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-14 02:56 UTC by Joseph Sutton
Modified: 2021-10-28 17:02 UTC (History)
3 users (show)

See Also:


Attachments
don't prefer RC4 for service tickets (2.23 KB, patch)
2021-10-20 20:52 UTC, Andrew Bartlett
no flags Details
patch backported to 4.15 (only) (3.38 KB, patch)
2021-10-20 21:25 UTC, Andrew Bartlett
jsutton: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Sutton 2021-10-14 02:56:01 UTC
For the PREAUTH_REQUIRED error reply, when there is a choice of keys available, Heimdal prefers keys that use the default salt. This is meant for interoperability with older clients that ignore the returned salt value. For machine accounts, which use a different algorithm to calculate the salt string, this means that RC4, which does not use a salt, is preferred over AES. Preferring keys with the default salt should only be considered for older encryption types such as DES.
Comment 1 Samba QA Contact 2021-10-14 19:52:05 UTC
This bug was referenced in samba master:

8e1efd8bd3bf698dc0b6ed2081919f49b1412b53
Comment 2 Andrew Bartlett 2021-10-20 20:52:19 UTC
Created attachment 16861 [details]
don't prefer RC4 for service tickets

This impacts the checksum type used to sign a PAC and encrypt service tickets.

Changing this is a behaviour change and a breaking one at points due to needing to assert the target service knew the salt correctly.

When we get to the point of needing to agressivly kill RC4 we will want to look at using this.
Comment 3 Andrew Bartlett 2021-10-20 21:25:28 UTC
Created attachment 16862 [details]
patch backported to 4.15 (only)

This patch addresses the regression seen on the list here:

https://lists.samba.org/archive/samba/2021-October/237844.html
Comment 4 Andrew Bartlett 2021-10-21 00:08:06 UTC
Assigning to Jule for the backport to 4.15.next

Thanks!
Comment 5 Samba QA Contact 2021-10-22 08:55:14 UTC
This bug was referenced in samba v4-15-test:

be8fb0218af1a1529cd7a349a57a11dbfaeb7368
Comment 6 Jule Anger 2021-10-22 09:09:13 UTC
Closing out bug report.

Thanks!
Comment 7 Samba QA Contact 2021-10-27 13:11:48 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.1):

be8fb0218af1a1529cd7a349a57a11dbfaeb7368
Comment 8 Stefan Metzmacher 2021-10-28 13:20:00 UTC
Andrew, should we backport this to 4.14?
Comment 9 Andrew Bartlett 2021-10-28 17:02:14 UTC
This is not required except in Samba 4.15 unless b3ee034b4d457607ef25a5b01da64e1eaf5906dd is backported as:

-	kdc_config->preauth_use_strongest_session_key = false;
+	kdc_config->preauth_use_strongest_session_key = true;

Triggers a buggy codepath in Heimdal where the AES key for machine accounts is not preferred.