mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
CVE-2020-25719 tests/krb5: Add _modify_tgt() method for modifying already obtained tickets
https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
2158ba1eb0
commit
40a3f71818
@ -1026,6 +1026,33 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
tgt = self.get_tgt(client_creds)
|
||||
|
||||
return self._modify_tgt(
|
||||
tgt=tgt,
|
||||
renewable=renewable,
|
||||
invalid=invalid,
|
||||
from_rodc=from_rodc,
|
||||
new_rid=new_rid,
|
||||
remove_pac=remove_pac,
|
||||
allow_empty_authdata=allow_empty_authdata,
|
||||
can_modify_logon_info=can_modify_logon_info,
|
||||
can_modify_requester_sid=can_modify_requester_sid,
|
||||
remove_pac_attrs=remove_pac_attrs,
|
||||
remove_requester_sid=remove_requester_sid)
|
||||
|
||||
def _modify_tgt(self,
|
||||
tgt,
|
||||
renewable=False,
|
||||
invalid=False,
|
||||
from_rodc=False,
|
||||
new_rid=None,
|
||||
remove_pac=False,
|
||||
allow_empty_authdata=False,
|
||||
cname=None,
|
||||
crealm=None,
|
||||
can_modify_logon_info=True,
|
||||
can_modify_requester_sid=True,
|
||||
remove_pac_attrs=False,
|
||||
remove_requester_sid=False):
|
||||
if from_rodc:
|
||||
krbtgt_creds = self.get_mock_rodc_krbtgt_creds()
|
||||
else:
|
||||
@ -1110,11 +1137,42 @@ class KdcTgsTests(KDCBaseTest):
|
||||
else:
|
||||
flags_modify_fn = None
|
||||
|
||||
if cname is not None or crealm is not None:
|
||||
def modify_fn(enc_part):
|
||||
if flags_modify_fn is not None:
|
||||
enc_part = flags_modify_fn(enc_part)
|
||||
|
||||
if cname is not None:
|
||||
enc_part['cname'] = cname
|
||||
|
||||
if crealm is not None:
|
||||
enc_part['crealm'] = crealm
|
||||
|
||||
return enc_part
|
||||
else:
|
||||
modify_fn = flags_modify_fn
|
||||
|
||||
if cname is not None:
|
||||
def modify_pac_fn(pac):
|
||||
if change_sid_fn is not None:
|
||||
pac = change_sid_fn(pac)
|
||||
|
||||
for pac_buffer in pac.buffers:
|
||||
if pac_buffer.type == krb5pac.PAC_TYPE_LOGON_NAME:
|
||||
logon_info = pac_buffer.info
|
||||
|
||||
logon_info.account_name = (
|
||||
cname['name-string'][0].decode('utf-8'))
|
||||
|
||||
return pac
|
||||
else:
|
||||
modify_pac_fn = change_sid_fn
|
||||
|
||||
return self.modified_ticket(
|
||||
tgt,
|
||||
new_ticket_key=krbtgt_key,
|
||||
modify_fn=flags_modify_fn,
|
||||
modify_pac_fn=change_sid_fn,
|
||||
modify_fn=modify_fn,
|
||||
modify_pac_fn=modify_pac_fn,
|
||||
exclude_pac=remove_pac,
|
||||
allow_empty_authdata=allow_empty_authdata,
|
||||
update_pac_checksums=not remove_pac,
|
||||
|
Loading…
Reference in New Issue
Block a user