From 9e71fcd5db98fb7ace02e8684486cc7f092d82ad Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 17 Apr 2019 17:07:46 -0400
Subject: [PATCH] Remove support for no-flags SAM-2 preauth

When neither the send-encrypted-sad nor the use-sad-as-key flag is set
in the SAM-2 challenge, the protocol calls for the AS key to be
combined with the string-to-key of the SAD using a key combination
method which has only been implemented for DES and 3DES enctypes.
Rather than extending key combination, remove support for this case.

[ghudson@mit.edu: rewrote commit message, added comment]

ticket: 8812 (new)
(cherry picked from commit c30e0af224ef3716513744fd86aec3eeea90abf9)
---
 src/lib/krb5/krb/preauth_sam2.c | 40 +++++++++------------------------
 1 file changed, 11 insertions(+), 29 deletions(-)

diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index c7484c47e..fda86bee2 100644
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -211,38 +211,20 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
     /* Get encryption key to be used for checksum and sam_response */
     if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
         /* Retain as_key from above gak_fct call. */
-
-        if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
-            /* as_key = combine_key (as_key, string_to_key(SAD)) */
-            krb5_keyblock tmp_kb;
-
-            retval = krb5_c_string_to_key(context, sc2b->sam_etype,
-                                          &response_data, salt, &tmp_kb);
-
-            if (retval) {
-                krb5_free_sam_challenge_2(context, sc2);
-                krb5_free_sam_challenge_2_body(context, sc2b);
-                if (defsalt.length) free(defsalt.data);
-                return(retval);
-            }
-
-            /* This should be a call to the crypto library some day */
-            /* key types should already match the sam_etype */
-            retval = krb5int_c_combine_keys(context, &ctx->as_key, &tmp_kb,
-                                            &ctx->as_key);
-
-            if (retval) {
-                krb5_free_sam_challenge_2(context, sc2);
-                krb5_free_sam_challenge_2_body(context, sc2b);
-                if (defsalt.length) free(defsalt.data);
-                return(retval);
-            }
-            krb5_free_keyblock_contents(context, &tmp_kb);
-        }
-
         if (defsalt.length)
             free(defsalt.data);
 
+        if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
+            /*
+             * If no flags are set, the protocol calls for us to combine the
+             * initial reply key with the SAD, using a method which is only
+             * specified for DES and 3DES enctypes.  We no longer support this
+             * case.
+             */
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(KRB5_SAM_UNSUPPORTED);
+        }
     } else {
         /* as_key = string_to_key(SAD) */