Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b/wrzJ649dGUsk6UHGN+glwOYaHrHfDhLC40lua51j4=; b=jhMtbpCc/VbakpM1pUJdOdrLtsJiU+5FlnHlvhF3sXweTriz+R4/jlsE2sX5uU4RV3oHK5MdrXde7UCWuQtct+8NiyINCxRBiA05rWd7DUNGp9ea6k3iR94h1lT6F4NMef3wVoMD0HDaDcCVF7Vokc7IkYHC243sVxgFLBiCPsw= Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:to:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=b/wrzJ649dGUsk6UHGN+glwOYaHrHfDhLC40lua51j4=; b=kBtTvuh+7lGbdEW91vm5Jo1rehQSeqnjvXSXq2kUcrsr0VHTRLb26gi1Iwv06sYJfw 1mfZme6OJQ2uR8wNH8QYrqFCDwXVkI56cY1IFZrvl2IwTIdKv9c47r7XiS8q2wrTQQoO sJHtG1RyoQv4D8PGSy6WNKZ8Qp3eViX7vMptPJd0nzDBVWlhTCvY/lMDYEVFiBewoGpd ZcZU/HyJ4iAJVGFIcdqtJ01WXdsxLw/iz9hF9oZsT7J3hlPMzq/ZgHvL814KMvmqJx8H WcHpG0K6DVcM2pRTTIVOoe9ZNfp35tV+YFvj91QRAZ8KN5G9XQedN+Zo/zshrPVRIH+U /MGQ== Arc-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q6ugye94PwLN/K0z11kCGdtMFsuHZ2/EOw3Z4jDwUn1zW/Uhb5fgEoOF9swjCImmP/+L1U63dYpmiPCJBW06NCVrZNl/9e4YAbm2aLeQznO0Ht9/j1a63cdztBk6kt4SAVnmXSgWJHSSail+Gs5UGsmqq25hk87YaOOwQkeS18+zyxK0kRPdpUpmcpCxpUQZ+sbydC8MQ6Dhq1ys0yJQnB5jj86hWjfj7l48eMVOalxfXGsgJPAiE/B98cGDsGcA8LH94kPaF/xlW73WaaEOGm/324s35W/PJGyfIROWPQ/eWFa4Rf+NN0gMLJLiAUMDjWO+pTn7DcAWqXerWA582w== MIME-Version: 1.0 X-MS-Oob-TLC-Oobclassifiers: OLM:5516; X-Auto-Response-Suppress: DR, OOF, AutoReply X-Mailman-Approved-At: Wed, 09 Dec 2020 00:29:20 -0500 X-MS-Exchange-Crosstenant-Fromentityheader: Internet To: krb5-bugs@mit.edu X-MS-Traffictypediagnostic: BL0PR01MB4001: X-Mailman-Version: 2.1.6 Content-Transfer-Encoding: 8bit Sender: krb5-bugs-incoming-bounces@PCH.mit.edu From: "Oliver Freyermuth" content-type: text/plain; charset="utf-8"; format="flowed" Return-Path: Subject: Wrong Encryption types shown in MIT Kerberos Ticket Manager on Windows X-Microsoft-Antispam: BCL:0; User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 X-Received: by 2002:a1c:43c5:: with SMTP id q188mr36204wma.163.1607468108038; Tue, 08 Dec 2020 14:55:08 -0800 (PST) X-Google-Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=b/wrzJ649dGUsk6UHGN+glwOYaHrHfDhLC40lua51j4=; b=eFdfyNfkSzqC05BmXTnu+VaIgZK37B564ndyB/STZEwNEtXH+ZueKAlOH6VHT6gX9j iJ/HiiapkLsR2RfZpUUvWyaObkTuUgoxqWl8m/0Qh9Hn20jabOzkfkYoCqjrab1exMh5 wj66RDmY5G/Q0HOyTkPwAgyXovPeWfhkOcrThhm/kOviJPf5yRM1t5apnsWZt2cu395U P3CNCNLVzHLR+o/OgKNgyLTXGV8EWbvevBL1W6UD8VcLmzGH5Zp5pC4jHc6xAdkU1rs6 lVIdCP9TSvxwDG+Y47rJGvBr3vxBY4RRvMT3jCqXP60yeEgbNothH91Llzh/NNrEBty4 SNSg== X-MS-Exchange-Crosstenant-Authas: Anonymous X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr X-MS-Exchange-Crosstenant-ID: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b/wrzJ649dGUsk6UHGN+glwOYaHrHfDhLC40lua51j4=; b=is1h5egtXv2A0n+pcTO7VgcdmpEeGr0kX3m0aAQssW3fyJXaLJ5geQqy4Hvs1D6qK98PKYY/05jsKFC/vi1/XfnfoWG3QqPamYNS6vc7mLLRomwnlhkzmFJ4tIod5Dt4Uam2QKX3iVqEYHmcE4UhjE92iVCVTE7BCesU3kf3XrFhuvMrbehw/2Z3StbxbvsNoDgfh3W8EbRvHBBXmtDZeyT4MPvzH0OQE0fFoLl77KJszaUzIw7WY7vHNcnjOgovKrFJpbY0t73Tf/12Bbv43iqkAs1LTZR1SBiwGBzl53rBGvPUfrmj6NVUTC9EVNBKM3IIEI5bP6kUFbnplBtLKA== X-MS-Exchange-Crosstenant-Authsource: BN8NAM11FT015.eop-nam11.prod.protection.outlook.com X-Eoptenantattributedmessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0 X-MS-Office365-Filtering-Correlation-ID: 3cd2e6f6-6ec1-4f97-7a0c-08d89bcc5059 Content-Language: en-GB X-MS-Exchange-Crosstenant-Network-Message-ID: 3cd2e6f6-6ec1-4f97-7a0c-08d89bcc5059 X-Google-SMTP-Source: ABdhPJxYD/Bd+fwnRLtVp4SuRlI2WwnVSORq06wm4srAICsa/mR2b3x8T7cKcc1/CQjgaAL/R2NHsQ== Date: Tue, 8 Dec 2020 23:55:06 +0100 Authentication-Results: spf=pass (sender IP is 209.85.128.42) smtp.mailfrom=googlemail.com; mit.edu; dkim=pass (signature was verified) header.d=googlemail.com;mit.edu; dmarc=pass action=none header.from=googlemail.com; X-MS-Exchange-Transport-Forked: True X-MS-Exchange-Crosstenant-Originalarrivaltime: 08 Dec 2020 22:55:09.6570 (UTC) X-MS-Publictraffictype: Email X-MS-Exchange-Transport-Crosstenantheadersstamped: BL0PR01MB4001 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Originatororg: mitprod.onmicrosoft.com X-Forefront-Antispam-Report: CIP:209.85.128.42; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail-wm1-f42.google.com; PTR:mail-wm1-f42.google.com; CAT:NONE; SFS:(4636009)(346002)(136003)(376002)(2906002)(7636003)(70586007)(34206002)(7596003)(356005)(82202003)(68406010)(83380400001)(5660300002)(8676002)(86362001)(36756003)(786003)(31686004)(966005)(76482006)(508600001)(426003)(336012)(2616005)(31696002)(26005)(43740500002); DIR:OUT; SFP:1102; Received: from PCH.mit.edu (PCH.MIT.EDU [18.7.21.50]) by krbdev.mit.edu (Postfix) with ESMTPS id B6CC540B0C; Wed, 9 Dec 2020 00:40:40 -0500 (EST) Received: from PCH.MIT.EDU (localhost.localdomain [127.0.0.1]) by PCH.mit.edu (8.14.7/8.12.8) with ESMTP id 0B95eeLq015223; Wed, 9 Dec 2020 00:40:40 -0500 Received: from outgoing-exchange-7.mit.edu (OUTGOING-EXCHANGE-7.MIT.EDU [18.9.28.58]) by PCH.mit.edu (8.14.7/8.12.8) with ESMTP id 0B8MtCka031767 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 8 Dec 2020 17:55:12 -0500 Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-7.mit.edu (8.14.7/8.12.4) with ESMTP id 0B8MtCUu018664 for ; Tue, 8 Dec 2020 17:55:12 -0500 Received: from oc11expo31.exchange.mit.edu (18.9.4.104) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 8 Dec 2020 17:54:22 -0500 Received: from oc11exhyb3.exchange.mit.edu (18.9.1.99) by oc11expo31.exchange.mit.edu (18.9.4.104) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 8 Dec 2020 17:55:11 -0500 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.176) by oc11exhyb3.exchange.mit.edu (18.9.1.99) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 8 Dec 2020 17:55:11 -0500 Received: from BN6PR19CA0072.namprd19.prod.outlook.com (2603:10b6:404:e3::34) by BL0PR01MB4001.prod.exchangelabs.com (2603:10b6:208:41::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Tue, 8 Dec 2020 22:55:10 +0000 Received: from BN8NAM11FT015.eop-nam11.prod.protection.outlook.com (2603:10b6:404:e3:cafe::4c) by BN6PR19CA0072.outlook.office365.com (2603:10b6:404:e3::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 8 Dec 2020 22:55:10 +0000 Received: from mail-wm1-f42.google.com (209.85.128.42) by BN8NAM11FT015.mail.protection.outlook.com (10.13.176.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Tue, 8 Dec 2020 22:55:09 +0000 Received: by mail-wm1-f42.google.com with SMTP id a6so10159wmc.2 for ; Tue, 08 Dec 2020 14:55:09 -0800 (PST) Received: from ?IPv6:2a02:6d40:2b80:c700:f8f0:890b:e6e8:cbd? ([2a02:6d40:2b80:c700:f8f0:890b:e6e8:cbd]) by smtp.googlemail.com with ESMTPSA id q15sm512732wrw.75.2020.12.08.14.55.07 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 08 Dec 2020 14:55:07 -0800 (PST) X-MS-Exchange-Atpmessageproperties: SA Precedence: list Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu Received-SPF: Pass (protection.outlook.com: domain of googlemail.com designates 209.85.128.42 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.128.42; helo=mail-wm1-f42.google.com; X-Eopattributedmessage: 0 X-GM-Message-State: AOAM531+uqpvX361a+s7BXtJTDhNvAiUs98IbM7opm67sLI7LxpjPYnJ /GCs7j75erbdEOH8pb1O4kcSPUbGdEzBkw== From krb5-bugs-incoming-bounces@PCH.mit.edu Wed Dec 9 00:40:40 2020 X-Microsoft-Antispam-PRVS: Arc-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none X-MS-Exchange-Senderadcheck: 0 X-Microsoft-Antispam-Message-Info: B1ohHG2vFNJKJn+nrX3wt795vvgbONFjRCre9AtAKIN4lLdX9QYBcjQ8mj7sKLW5fjuOSCfZ+gXibYSj0fU3u0Z5I+E682wKDaHDRPS46HJbXXcqDbPNvNk2yT0rmwDkLKgZW3bF6ADkwuOMzHXNcHsuZrjBJlLDMP4WFC81/B76dwQGANowo9AqsKS4a4Xgxo9UE/LZCuhgBKMUsLcl9gBMSXmmpP5VoIHJEFrn36WUbZ8x2JRktcDkSggC/beEY3ri//4X3ZsGMt7UXrk7v4DwADA4AjqxqydsM2DJ7M7eVeJKChLpmDsjSVxWEg/7Q8baBf8tNoYCBz1WVHeZz2vs5+3xkvAElOS/2norAb/efecOVTE6YxwCIN9R/C9i3cu/RrvMWBzn0k8XIDwVA2A5XvMMYnDxrLkh6dzUYjIE/eJ/a0Xd7mPfjXFuk+CAbczrElInooLLBHSpfuh+0GSoH0e8zTSwgewgcLul3PYwvn6QzAJESZwpOajrrog5 Message-ID: <3bed0e9c-c630-2ebc-4797-da90c456feb1@googlemail.com> X-RT-Incoming-Encryption: Not encrypted X-RT-Original-Encoding: utf-8 X-RT-Interface: Email Content-Length: 1573 Dear Kerberos developers, fetching a Kerberos TGT from a KDC which allows for a modern session key encryption (e.g. aes265) but a different TKT encryption only (e.g. 3DES), this is shown correctly with "klist -Afe", but in the graphical Kerberos Ticket Manager, the Session Key enctype is shown for both the Session Key and the Ticket enctype, i.e. I get: Session Key: aes265-cts-hmac-sha1-96 Ticket: aes265-cts-hmac-sha1-96 in the GUI, but: Etype (skey, tkt): aes265-cts-hmac-sha1-96, des3-cbc-sha1 for the same ticket in the same ticket cache in klist. I'll spare you screenshots (unless you request them) and point to the (likely) issue in the code (I don't have a Windows developer environment set up, so no guarantees that this is the error): This is how klist works (correctly): https://github.com/krb5/krb5/blob/90fedf8188fc47aa5a476a969af34671555df389/src/clients/klist/klist.c#L747-L749 It calls "etype_string" twice, in different statements. This is how leash/KrbListTickets works: https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L148-L150 Note that it calls etype_string twice in the same statement to format the arguments to printf. The problem lies in the fact that etype_string: https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L77 uses a static const char* buffer. Calling it twice within the same printf statement clobbers that static string, so a wrong formatted string results. Cheers, Oliver