CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29)
author: Stefan Metzmacher <metze@samba.org> 2022-11-29 14:15:40 +0100
committer: Stefan Metzmacher <metze@samba.org> 2022-12-14 10:28:17 +0000
commit: b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab (patch)
tree: d0dae0b26eb1b341b6d9ca318938e9ca4c793c3e
parent: 3ea9946f652a04373f3a51597aae4aa24c912eb0 (diff)
download: samba-b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index 2da67d7ee6e..9e0c03d8ab4 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -66,7 +66,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                 creds,
                 expected_error,
                 target_creds,
-                etype):
+                etype,
+                expected_ticket_etype=None):
         user_name = creds.get_username()
         cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                           names=user_name.split('/'))
@@ -87,7 +88,8 @@ class KdcTgsBaseTests(KDCBaseTest):
         till = self.get_KerberosTime(offset=36000)
 
         ticket_decryption_key = (
-            self.TicketDecryptionKey_from_creds(target_creds))
+            self.TicketDecryptionKey_from_creds(target_creds,
+                                                etype=expected_ticket_etype))
         expected_etypes = target_creds.tgs_supported_enctypes
 
         kdc_options = ('forwardable,'
@@ -179,6 +181,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                  use_fast=False,
                  expect_claims=True,
                  etypes=None,
+                 expected_ticket_etype=None,
+                 expected_supported_etypes=None,
                  expect_pac=True,
                  expect_pac_attrs=None,
                  expect_pac_attrs_pac_request=None,
@@ -218,7 +222,7 @@ class KdcTgsBaseTests(KDCBaseTest):
         else:
             additional_tickets = None
             decryption_key = self.TicketDecryptionKey_from_creds(
-                target_creds)
+                target_creds, etype=expected_ticket_etype)
 
         subkey = self.RandomKey(tgt.session_key.etype)
 
@@ -278,6 +282,7 @@ class KdcTgsBaseTests(KDCBaseTest):
             pac_options=pac_options,
             authenticator_subkey=subkey,
             kdc_options=kdc_options,
+            expected_supported_etypes=expected_supported_etypes,
             expect_edata=expect_edata,
             expect_pac=expect_pac,
             expect_pac_attrs=expect_pac_attrs,
author	Stefan Metzmacher <metze@samba.org>	2022-11-29 14:15:40 +0100
committer	Stefan Metzmacher <metze@samba.org>	2022-12-14 10:28:17 +0000
commit	b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab (patch)
tree	d0dae0b26eb1b341b6d9ca318938e9ca4c793c3e
parent	3ea9946f652a04373f3a51597aae4aa24c912eb0 (diff)
download	samba-b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab.tar.gz