sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Code

CVE-2022-2031 tests/krb5: Add new definitions for kpasswd

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Joseph Sutton 2022-05-24 19:13:54 +12:00 committed by Jule Anger
parent 245d9a4232
commit f7fad997cc
3 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
python/samba/tests/krb5/rfc4120.asn1
View File

@ -567,6 +567,12 @@ PA-FX-FAST-REPLY ::= CHOICE {
...
}
ChangePasswdDataMS ::= SEQUENCE {
newpasswd [0] OCTET STRING,
targname [1] PrincipalName OPTIONAL,
targrealm [2] Realm OPTIONAL
}
-- MS-KILE End
--
--

13
python/samba/tests/krb5/rfc4120_constants.py
View File

@ -27,11 +27,13 @@ ARCFOUR_HMAC_MD5 = int(
# Message types
KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error'))
KRB_AP_REP = int(krb5_asn1.MessageTypeValues('krb-ap-rep'))
KRB_AP_REQ = int(krb5_asn1.MessageTypeValues('krb-ap-req'))
KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep'))
KRB_AS_REQ = int(krb5_asn1.MessageTypeValues('krb-as-req'))
KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep'))
KRB_TGS_REQ = int(krb5_asn1.MessageTypeValues('krb-tgs-req'))
KRB_PRIV = int(krb5_asn1.MessageTypeValues('krb-priv'))
# PAData types
PADATA_ENC_TIMESTAMP = int(
@ -76,6 +78,7 @@ KDC_ERR_TGT_REVOKED = 20
KDC_ERR_PREAUTH_FAILED = 24
KDC_ERR_PREAUTH_REQUIRED = 25
KDC_ERR_BAD_INTEGRITY = 31
KDC_ERR_TKT_EXPIRED = 32
KRB_ERR_TKT_NYV = 33
KDC_ERR_NOT_US = 35
KDC_ERR_BADMATCH = 36
@ -87,6 +90,16 @@ KDC_ERR_WRONG_REALM = 68
KDC_ERR_CLIENT_NAME_MISMATCH = 75
KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS = 93
# Kpasswd error codes
KPASSWD_SUCCESS = 0
KPASSWD_MALFORMED = 1
KPASSWD_HARDERROR = 2
KPASSWD_AUTHERROR = 3
KPASSWD_SOFTERROR = 4
KPASSWD_ACCESSDENIED = 5
KPASSWD_BAD_VERSION = 6
KPASSWD_INITIAL_FLAG_NEEDED = 7
# Extended error types
KERB_AP_ERR_TYPE_SKEW_RECOVERY = int(
krb5_asn1.KerbErrorDataTypeValues('kERB-AP-ERR-TYPE-SKEW-RECOVERY'))

13
python/samba/tests/krb5/rfc4120_pyasn1.py
View File

@ -1,5 +1,5 @@
# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
# (last modified on 2021-06-25 12:10:34.484667)
# (last modified on 2022-05-13 20:03:06.039817)
# KerberosV5Spec2
from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
@ -364,6 +364,17 @@ Authenticator.componentType = namedtype.NamedTypes(
)
class ChangePasswdDataMS(univ.Sequence):
pass
ChangePasswdDataMS.componentType = namedtype.NamedTypes(
namedtype.NamedType('newpasswd', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('targname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('targrealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class ChecksumTypeValues(univ.Integer):
pass