[krbdev.mit.edu #8970] Wrong Encryption types shown in MIT Kerberos Ticket Manager on Windows

Oliver Freyermuth via RT rt-comment at krbdev.mit.edu
Wed Dec 9 00:40:41 EST 2020 

Wed Dec 09 00:40:41 2020: Request 8970 was acted upon.
 Transaction: Ticket created by o.freyermuth at googlemail.com
       Queue: krb5
     Subject: Wrong Encryption types shown in MIT Kerberos Ticket Manager on Windows
       Owner: Nobody
  Requestors: o.freyermuth at googlemail.com
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8970 >


Dear Kerberos developers,

fetching a Kerberos TGT from a KDC which allows for a modern session key encryption (e.g. aes265) but a different TKT encryption only (e.g. 3DES),
this is shown correctly with "klist -Afe", but in the graphical Kerberos Ticket Manager, the Session Key enctype is shown for both the Session Key and the Ticket enctype,
i.e. I get:
  Session Key: aes265-cts-hmac-sha1-96  Ticket: aes265-cts-hmac-sha1-96
in the GUI, but:
  Etype (skey, tkt): aes265-cts-hmac-sha1-96, des3-cbc-sha1
for the same ticket in the same ticket cache in klist.

I'll spare you screenshots (unless you request them) and point to the (likely) issue in the code (I don't have a Windows developer environment set up, so no guarantees that this is the error):

  This is how klist works (correctly):
   https://github.com/krb5/krb5/blob/90fedf8188fc47aa5a476a969af34671555df389/src/clients/klist/klist.c#L747-L749
  It calls "etype_string" twice, in different statements.

  This is how leash/KrbListTickets works:
   https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L148-L150
  Note that it calls etype_string twice in the same statement to format the arguments to printf.

  The problem lies in the fact that etype_string:
   https://github.com/krb5/krb5/blob/0fdc59ef5e538fdf0fd65fa190483e84289f66c1/src/windows/leash/KrbListTickets.cpp#L77
  uses a static const char* buffer. Calling it twice within the same printf statement clobbers that static string,
  so a wrong formatted string results.

Cheers,
	Oliver

More information about the krb5-bugs mailing list