To: | krb5-bugs@mit.edu |
From: | "Oliver Freyermuth" <o.freyermuth@googlemail.com> |
Subject: | Wrong Encryption types shown in MIT Kerberos Ticket Manager on Windows |
Date: | Tue, 8 Dec 2020 23:55:06 +0100 |
Dear Kerberos developers,
fetching a Kerberos TGT from a KDC which allows for a modern session key encryption (e.g. aes265) but a different TKT encryption only (e.g. 3DES),
this is shown correctly with "klist -Afe", but in the graphical Kerberos Ticket Manager, the Session Key enctype is shown for both the Session Key and the Ticket enctype,
i.e. I get:
Session Key: aes265-cts-hmac-sha1-96 Ticket: aes265-cts-hmac-sha1-96
in the GUI, but:
Etype (skey, tkt): aes265-cts-hmac-sha1-96, des3-cbc-sha1
for the same ticket in the same ticket cache in klist.
I'll spare you screenshots (unless you request them) and point to the (likely) issue in the code (I don't have a Windows developer environment set up, so no guarantees that this is the error):
This is how klist works (correctly):
https://github.com/krb5/krb5/blob/90fedf8188fc47aa5a476a969af34671555df389/src/clients/klist/klist.c#L747-L749
It calls "etype_string" twice, in different statements.
This is how leash/KrbListTickets works:
https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L148-L150
Note that it calls etype_string twice in the same statement to format the arguments to printf.
The problem lies in the fact that etype_string:
https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L77
uses a static const char* buffer. Calling it twice within the same printf statement clobbers that static string,
so a wrong formatted string results.
Cheers,
Oliver
fetching a Kerberos TGT from a KDC which allows for a modern session key encryption (e.g. aes265) but a different TKT encryption only (e.g. 3DES),
this is shown correctly with "klist -Afe", but in the graphical Kerberos Ticket Manager, the Session Key enctype is shown for both the Session Key and the Ticket enctype,
i.e. I get:
Session Key: aes265-cts-hmac-sha1-96 Ticket: aes265-cts-hmac-sha1-96
in the GUI, but:
Etype (skey, tkt): aes265-cts-hmac-sha1-96, des3-cbc-sha1
for the same ticket in the same ticket cache in klist.
I'll spare you screenshots (unless you request them) and point to the (likely) issue in the code (I don't have a Windows developer environment set up, so no guarantees that this is the error):
This is how klist works (correctly):
https://github.com/krb5/krb5/blob/90fedf8188fc47aa5a476a969af34671555df389/src/clients/klist/klist.c#L747-L749
It calls "etype_string" twice, in different statements.
This is how leash/KrbListTickets works:
https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L148-L150
Note that it calls etype_string twice in the same statement to format the arguments to printf.
The problem lies in the fact that etype_string:
https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L77
uses a static const char* buffer. Calling it twice within the same printf statement clobbers that static string,
so a wrong formatted string results.
Cheers,
Oliver