CVE-2022-2031 tests/krb5: Add new definitions for kpasswd

author Joseph Sutton <josephsutton@catalyst.net.nz>

Tue, 24 May 2022 07:13:54 +0000 (19:13 +1200)

committer Jule Anger <janger@samba.org>

Wed, 27 Jul 2022 10:52:36 +0000 (10:52 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Tue, 24 May 2022 07:13:54 +0000 (19:13 +1200)
committer Jule Anger <janger@samba.org>
Wed, 27 Jul 2022 10:52:36 +0000 (10:52 +0000)
diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1

index 7b14601554899ae3dfce7baaf23226b19e19b94c..e2f96829370890bcecff1200bee27336a62b3cac 100644 (file)
--- a/python/samba/tests/krb5/rfc4120.asn1
+++ b/python/samba/tests/krb5/rfc4120.asn1
@@ -568,6 +568,12 @@ PA-FX-FAST-REPLY ::= CHOICE {
          ...
  }
  
+ChangePasswdDataMS ::= SEQUENCE {
+        newpasswd       [0] OCTET STRING,
+        targname        [1] PrincipalName OPTIONAL,
+        targrealm       [2] Realm OPTIONAL
+}
+
  -- MS-KILE End
  --
  --
diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py

index 28d83407ac5f98976edd1036cb179c574e63205b..7d20093f97dce615798e4c7307825d536877d8b9 100644 (file)
--- a/python/samba/tests/krb5/rfc4120_constants.py
+++ b/python/samba/tests/krb5/rfc4120_constants.py
@@ -35,11 +35,13 @@ DES3_CBC_SHA1 = int(
  
  # Message types
  KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error'))
+KRB_AP_REP = int(krb5_asn1.MessageTypeValues('krb-ap-rep'))
  KRB_AP_REQ = int(krb5_asn1.MessageTypeValues('krb-ap-req'))
  KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep'))
  KRB_AS_REQ = int(krb5_asn1.MessageTypeValues('krb-as-req'))
  KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep'))
  KRB_TGS_REQ = int(krb5_asn1.MessageTypeValues('krb-tgs-req'))
+KRB_PRIV = int(krb5_asn1.MessageTypeValues('krb-priv'))
  
  # PAData types
  PADATA_ENC_TIMESTAMP = int(
@@ -90,6 +92,7 @@ KDC_ERR_TGT_REVOKED = 20
  KDC_ERR_PREAUTH_FAILED = 24
  KDC_ERR_PREAUTH_REQUIRED = 25
  KDC_ERR_BAD_INTEGRITY = 31
+KDC_ERR_TKT_EXPIRED = 32
  KRB_ERR_TKT_NYV = 33
  KDC_ERR_NOT_US = 35
  KDC_ERR_BADMATCH = 36
@@ -101,6 +104,16 @@ KDC_ERR_WRONG_REALM = 68
  KDC_ERR_CLIENT_NAME_MISMATCH = 75
  KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS = 93
  
+# Kpasswd error codes
+KPASSWD_SUCCESS = 0
+KPASSWD_MALFORMED = 1
+KPASSWD_HARDERROR = 2
+KPASSWD_AUTHERROR = 3
+KPASSWD_SOFTERROR = 4
+KPASSWD_ACCESSDENIED = 5
+KPASSWD_BAD_VERSION = 6
+KPASSWD_INITIAL_FLAG_NEEDED = 7
+
  # Extended error types
  KERB_AP_ERR_TYPE_SKEW_RECOVERY = int(
      krb5_asn1.KerbErrorDataTypeValues('kERB-AP-ERR-TYPE-SKEW-RECOVERY'))
diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py

index d789ab96b43552200edf0ae2ea19d4f2f9444478..ef77ac19ce34ba0cae3bf9ba7390abc9ff515951 100644 (file)
--- a/python/samba/tests/krb5/rfc4120_pyasn1.py
+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py
@@ -1,5 +1,5 @@
  # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
-# (last modified on 2021-06-25 12:10:34.484667)
+# (last modified on 2022-05-13 20:03:06.039817)
  
  # KerberosV5Spec2
  from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
@@ -364,6 +364,17 @@ Authenticator.componentType = namedtype.NamedTypes(
  )
  
  
+class ChangePasswdDataMS(univ.Sequence):
+    pass
+
+
+ChangePasswdDataMS.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('newpasswd', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('targname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.OptionalNamedType('targrealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
  class ChecksumTypeValues(univ.Integer):
      pass
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Tue, 24 May 2022 07:13:54 +0000 (19:13 +1200)
committer	Jule Anger <janger@samba.org>
	Wed, 27 Jul 2022 10:52:36 +0000 (10:52 +0000)
python/samba/tests/krb5/rfc4120.asn1		patch \| blob \| blame \| history
python/samba/tests/krb5/rfc4120_constants.py		patch \| blob \| blame \| history
python/samba/tests/krb5/rfc4120_pyasn1.py		patch \| blob \| blame \| history