mirror of
https://github.com/samba-team/samba.git
synced 2025-02-24 13:57:43 +03:00
CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Andreas Schneider
Jule Anger
parent
b5adf7cc6d
commit
91a1b0955a
1
selftest/knownfail.d/kadmin_changepw
Normal file
1
selftest/knownfail.d/kadmin_changepw
Normal file
@ -0,0 +1 @@
|
||||
^samba4.blackbox.kpasswd.MIT kpasswd.change.user.password
|
||||
@ -7,7 +7,7 @@
|
||||
|
||||
if [ $# -lt 6 ]; then
|
||||
cat <<EOF
|
||||
Usage: test_passwords.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX SMBCLIENT
|
||||
Usage: test_kpasswd_heimdal.sh SERVER USERNAME PASSWORD REALM DOMAIN PREFIX SMBCLIENT
|
||||
EOF
|
||||
exit 1;
|
||||
fi
|
||||
@ -27,6 +27,8 @@ smbclient="$samba_bindir/smbclient"
|
||||
samba_kinit=$samba_bindir/samba4kinit
|
||||
samba_kpasswd=$samba_bindir/samba4kpasswd
|
||||
|
||||
mit_kpasswd="$(command -v kpasswd)"
|
||||
|
||||
samba_tool="$samba_bindir/samba-tool"
|
||||
net_tool="$samba_bindir/net"
|
||||
texpect="$samba_bindir/texpect"
|
||||
@ -142,6 +144,37 @@ testit "kpasswd change user password" \
|
||||
TEST_PASSWORD=$TEST_PASSWORD_NEW
|
||||
TEST_PASSWORD_NEW="testPaSS@03%"
|
||||
|
||||
###########################################################
|
||||
### CVE-2022-XXXXX
|
||||
###########################################################
|
||||
|
||||
if [ -n "${mit_kpasswd}" ]; then
|
||||
cat > "${PREFIX}/tmpkpasswdscript" <<EOF
|
||||
expect Password for ${TEST_PRINCIPAL}
|
||||
password ${TEST_PASSWORD}\n
|
||||
expect Enter new password
|
||||
send ${TEST_PASSWORD_NEW}\n
|
||||
expect Enter it again
|
||||
send ${TEST_PASSWORD_NEW}\n
|
||||
expect Password changed.
|
||||
EOF
|
||||
|
||||
SAVE_KRB5_CONFIG="${KRB5_CONFIG}"
|
||||
KRB5_CONFIG="${PREFIX}/tmpkrb5.conf"
|
||||
export KRB5_CONFIG
|
||||
sed -e 's/\[libdefaults\]/[libdefaults]\n canonicalize = yes/' \
|
||||
"${SAVE_KRB5_CONFIG}" > "${KRB5_CONFIG}"
|
||||
testit "MIT kpasswd change user password" \
|
||||
"${texpect}" "${PREFIX}/tmpkpasswdscript" "${mit_kpasswd}" \
|
||||
"${TEST_PRINCIPAL}" ||
|
||||
failed=$((failed + 1))
|
||||
KRB5_CONFIG="${SAVE_KRB5_CONFIG}"
|
||||
export KRB5_CONFIG
|
||||
fi
|
||||
|
||||
TEST_PASSWORD="${TEST_PASSWORD_NEW}"
|
||||
TEST_PASSWORD_NEW="testPaSS@03force%"
|
||||
|
||||
###########################################################
|
||||
### Force password change at login
|
||||
###########################################################
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user