git.samba.org / metze / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9924dd9)
tests/krb5: Use signed integers to represent key version numbers in ASN.1
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Wed, 1 Sep 2021 03:57:26 +0000 (15:57 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 13 Sep 2021 23:11:35 +0000 (23:11 +0000)
As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses
signed 32-bit integers to represent key version numbers. This makes a
difference for an RODC with a msDS-SecondaryKrbTgtNumber greater than
32767, where the kvno should be encoded in four bytes rather than five.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
python/samba/tests/krb5/raw_testcase.py patch | blob | history
python/samba/tests/krb5/rfc4120.asn1 patch | blob | history
python/samba/tests/krb5/rfc4120_pyasn1.py patch | blob | history

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index 6db17f2a11868995016683c6cce3069c9daad3e8..c5ee5eb608374198df2eb4211825627a278a90e8 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -995,7 +995,7 @@ class RawKerberosTest(TestCaseInTempDir):
     def EncryptedData_create(self, key, usage, plaintext):
         # EncryptedData   ::= SEQUENCE {
         #         etype   [0] Int32 -- EncryptionType --,
-        #         kvno    [1] UInt32 OPTIONAL,
+        #         kvno    [1] Int32 OPTIONAL,
         #         cipher  [2] OCTET STRING -- ciphertext
         # }
         ciphertext = key.encrypt(usage, plaintext)
diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1
index f47c1d002029f70ff503b8ce375a23beabedbcd0..a37011ae932aaceccfc5697c0108cd5f9624df0f 100644 (file)
--- a/python/samba/tests/krb5/rfc4120.asn1
+++ b/python/samba/tests/krb5/rfc4120.asn1
@@ -124,7 +124,7 @@ KerberosFlags   ::= BIT STRING (SIZE (1..32))
 
 EncryptedData   ::= SEQUENCE {
         etype   [0] EncryptionType, --Int32 EncryptionType --
-        kvno    [1] UInt32 OPTIONAL,
+        kvno    [1] Int32 OPTIONAL,
         cipher  [2] OCTET STRING -- ciphertext
 }
 
diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py
index 39ec8ed798268b2325a628b4401c7a832bbe2060..a9e4bcbb18ffc1892c1144dd7e33cb018a953e9c 100644 (file)
--- a/python/samba/tests/krb5/rfc4120_pyasn1.py
+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py
@@ -120,7 +120,7 @@ class EncryptedData(univ.Sequence):
 
 EncryptedData.componentType = namedtype.NamedTypes(
     namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-    namedtype.OptionalNamedType('kvno', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('kvno', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
     namedtype.NamedType('cipher', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
 )
 
Unnamed repository; edit this file 'description' to name the repository.