From 70f8d973cf43a651dab0371a87428b9c1d35d039 Mon Sep 17 00:00:00 2001
From: mpgn <martial.puygrenier@gmail.com>
Date: Mon, 24 Oct 2022 09:01:30 -0400
Subject: [PATCH] add KDC_ERR_PREAUTH_FAILED error

---
 cme/protocols/ldap.py | 7 ++++---
 cme/protocols/smb.py  | 3 ++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/cme/protocols/ldap.py b/cme/protocols/ldap.py
index 03025e25..db6ac22f 100644
--- a/cme/protocols/ldap.py
+++ b/cme/protocols/ldap.py
@@ -35,7 +35,8 @@ ldap_error_status = {
     "773":"STATUS_PASSWORD_MUST_CHANGE",
     "775":"USER_ACCOUNT_LOCKED",
     "50":"LDAP_INSUFFICIENT_ACCESS",
-    "KDC_ERR_CLIENT_REVOKED":"KDC_ERR_CLIENT_REVOKED"
+    "KDC_ERR_CLIENT_REVOKED":"KDC_ERR_CLIENT_REVOKED",
+    "KDC_ERR_PREAUTH_FAILED":"KDC_ERR_PREAUTH_FAILED"
 }
 
 
@@ -292,7 +293,7 @@ class ldap(connection):
                                                 self.username,
                                                 " from ccache" if useCache
                                                 else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8),
-                                                str(e)),
+                                                str(error)),
                                                 color='magenta' if error in ldap_error_status else 'red')
             return False
         except KeyError as e:
@@ -356,7 +357,7 @@ class ldap(connection):
                                                         self.username,
                                                         " from ccache" if useCache
                                                         else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8),
-                                                        str(e)),
+                                                        str(error)),
                                                         color='magenta' if error in ldap_error_status else 'red')
                     return False
             else:
diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py
index bf1962e1..7e3ce0c3 100755
--- a/cme/protocols/smb.py
+++ b/cme/protocols/smb.py
@@ -55,7 +55,8 @@ smb_error_status = [
     "STATUS_PASSWORD_MUST_CHANGE",
     "STATUS_ACCESS_DENIED",
     "STATUS_NO_SUCH_FILE",
-    "KDC_ERR_CLIENT_REVOKED"
+    "KDC_ERR_CLIENT_REVOKED",
+    "KDC_ERR_PREAUTH_FAILED"
 ]
 
 def get_error_string(exception):