diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-29 14:15:40 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-14 10:28:17 +0000 |
commit | b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab (patch) | |
tree | d0dae0b26eb1b341b6d9ca318938e9ca4c793c3e | |
parent | 3ea9946f652a04373f3a51597aae4aa24c912eb0 (diff) | |
download | samba-b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab.tar.gz |
CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29)
-rwxr-xr-x | python/samba/tests/krb5/kdc_tgs_tests.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index 2da67d7ee6e..9e0c03d8ab4 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -66,7 +66,8 @@ class KdcTgsBaseTests(KDCBaseTest): creds, expected_error, target_creds, - etype): + etype, + expected_ticket_etype=None): user_name = creds.get_username() cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, names=user_name.split('/')) @@ -87,7 +88,8 @@ class KdcTgsBaseTests(KDCBaseTest): till = self.get_KerberosTime(offset=36000) ticket_decryption_key = ( - self.TicketDecryptionKey_from_creds(target_creds)) + self.TicketDecryptionKey_from_creds(target_creds, + etype=expected_ticket_etype)) expected_etypes = target_creds.tgs_supported_enctypes kdc_options = ('forwardable,' @@ -179,6 +181,8 @@ class KdcTgsBaseTests(KDCBaseTest): use_fast=False, expect_claims=True, etypes=None, + expected_ticket_etype=None, + expected_supported_etypes=None, expect_pac=True, expect_pac_attrs=None, expect_pac_attrs_pac_request=None, @@ -218,7 +222,7 @@ class KdcTgsBaseTests(KDCBaseTest): else: additional_tickets = None decryption_key = self.TicketDecryptionKey_from_creds( - target_creds) + target_creds, etype=expected_ticket_etype) subkey = self.RandomKey(tgt.session_key.etype) @@ -278,6 +282,7 @@ class KdcTgsBaseTests(KDCBaseTest): pac_options=pac_options, authenticator_subkey=subkey, kdc_options=kdc_options, + expected_supported_etypes=expected_supported_etypes, expect_edata=expect_edata, expect_pac=expect_pac, expect_pac_attrs=expect_pac_attrs, |