[16675] in Kerberos-V5-bugs
[krbdev.mit.edu #8970] Wrong Encryption types shown in MIT Kerberos
daemon@ATHENA.MIT.EDU (Oliver Freyermuth via RT)
Wed Dec 9 00:40:58 2020
From: "Oliver Freyermuth via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: <3bed0e9c-c630-2ebc-4797-da90c456feb1@googlemail.com>
Message-ID: <rt-4.4.4-48111-1607492441-974.8970-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8970":;
Date: Wed, 09 Dec 2020 00:40:41 -0500
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Wed Dec 09 00:40:41 2020: Request 8970 was acted upon.
Transaction: Ticket created by o.freyermuth@googlemail.com
Queue: krb5
Subject: Wrong Encryption types shown in MIT Kerberos Ticket Manager on Windows
Owner: Nobody
Requestors: o.freyermuth@googlemail.com
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8970 >
Dear Kerberos developers,
fetching a Kerberos TGT from a KDC which allows for a modern session key encryption (e.g. aes265) but a different TKT encryption only (e.g. 3DES),
this is shown correctly with "klist -Afe", but in the graphical Kerberos Ticket Manager, the Session Key enctype is shown for both the Session Key and the Ticket enctype,
i.e. I get:
Session Key: aes265-cts-hmac-sha1-96 Ticket: aes265-cts-hmac-sha1-96
in the GUI, but:
Etype (skey, tkt): aes265-cts-hmac-sha1-96, des3-cbc-sha1
for the same ticket in the same ticket cache in klist.
I'll spare you screenshots (unless you request them) and point to the (likely) issue in the code (I don't have a Windows developer environment set up, so no guarantees that this is the error):
This is how klist works (correctly):
https://github.com/krb5/krb5/blob/90fedf8188fc47aa5a476a969af34671555df389/src/clients/klist/klist.c#L747-L749
It calls "etype_string" twice, in different statements.
This is how leash/KrbListTickets works:
https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L148-L150
Note that it calls etype_string twice in the same statement to format the arguments to printf.
The problem lies in the fact that etype_string:
https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L77
uses a static const char* buffer. Calling it twice within the same printf statement clobbers that static string,
so a wrong formatted string results.
Cheers,
Oliver
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
