CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29)
author: Stefan Metzmacher <metze@samba.org> 2022-11-29 14:15:40 +0100
committer: Stefan Metzmacher <metze@samba.org> 2022-12-14 00:48:49 +0100
commit: 9049c5442aaeccba6e9e68f230679349fa38217a (patch)
tree: 13fbff27439807313c020af78da14c9ff822ef9f
parent: a1e91681158d24c453cd23ab9f8760189e7de813 (diff)
download: samba-9049c5442aaeccba6e9e68f230679349fa38217a.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index 391e06b92e9..e876efe1a6d 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -65,7 +65,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                 creds,
                 expected_error,
                 target_creds,
-                etype):
+                etype,
+                expected_ticket_etype=None):
         user_name = creds.get_username()
         cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                           names=user_name.split('/'))
@@ -86,7 +87,8 @@ class KdcTgsBaseTests(KDCBaseTest):
         till = self.get_KerberosTime(offset=36000)
 
         ticket_decryption_key = (
-            self.TicketDecryptionKey_from_creds(target_creds))
+            self.TicketDecryptionKey_from_creds(target_creds,
+                                                etype=expected_ticket_etype))
         expected_etypes = target_creds.tgs_supported_enctypes
 
         kdc_options = ('forwardable,'
@@ -178,6 +180,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                  use_fast=False,
                  expect_claims=True,
                  etypes=None,
+                 expected_ticket_etype=None,
+                 expected_supported_etypes=None,
                  expect_pac=True,
                  expect_pac_attrs=None,
                  expect_pac_attrs_pac_request=None,
@@ -217,7 +221,7 @@ class KdcTgsBaseTests(KDCBaseTest):
         else:
             additional_tickets = None
             decryption_key = self.TicketDecryptionKey_from_creds(
-                target_creds)
+                target_creds, etype=expected_ticket_etype)
 
         subkey = self.RandomKey(tgt.session_key.etype)
 
@@ -277,6 +281,7 @@ class KdcTgsBaseTests(KDCBaseTest):
             pac_options=pac_options,
             authenticator_subkey=subkey,
             kdc_options=kdc_options,
+            expected_supported_etypes=expected_supported_etypes,
             expect_edata=expect_edata,
             expect_pac=expect_pac,
             expect_pac_attrs=expect_pac_attrs,
author	Stefan Metzmacher <metze@samba.org>	2022-11-29 14:15:40 +0100
committer	Stefan Metzmacher <metze@samba.org>	2022-12-14 00:48:49 +0100
commit	9049c5442aaeccba6e9e68f230679349fa38217a (patch)
tree	13fbff27439807313c020af78da14c9ff822ef9f
parent	a1e91681158d24c453cd23ab9f8760189e7de813 (diff)
download	samba-9049c5442aaeccba6e9e68f230679349fa38217a.tar.gz