diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-29 14:15:40 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 13:07:30 +0000 |
commit | d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29 (patch) | |
tree | 832b7efd8277122e8746e5f6dbec33990996985c /python | |
parent | e0f89b7bc8025db615dccf096aab4ca87e655368 (diff) | |
download | samba-d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29.tar.gz |
CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rwxr-xr-x | python/samba/tests/krb5/kdc_tgs_tests.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index f8190a254bd..a9c61e95150 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -66,7 +66,8 @@ class KdcTgsBaseTests(KDCBaseTest): creds, expected_error, target_creds, - etype): + etype, + expected_ticket_etype=None): user_name = creds.get_username() cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, names=user_name.split('/')) @@ -87,7 +88,8 @@ class KdcTgsBaseTests(KDCBaseTest): till = self.get_KerberosTime(offset=36000) ticket_decryption_key = ( - self.TicketDecryptionKey_from_creds(target_creds)) + self.TicketDecryptionKey_from_creds(target_creds, + etype=expected_ticket_etype)) expected_etypes = target_creds.tgs_supported_enctypes kdc_options = ('forwardable,' @@ -179,6 +181,8 @@ class KdcTgsBaseTests(KDCBaseTest): use_fast=False, till=None, etypes=None, + expected_ticket_etype=None, + expected_supported_etypes=None, expect_pac=True, expect_pac_attrs=None, expect_pac_attrs_pac_request=None, @@ -218,7 +222,7 @@ class KdcTgsBaseTests(KDCBaseTest): else: additional_tickets = None decryption_key = self.TicketDecryptionKey_from_creds( - target_creds) + target_creds, etype=expected_ticket_etype) subkey = self.RandomKey(tgt.session_key.etype) @@ -278,6 +282,7 @@ class KdcTgsBaseTests(KDCBaseTest): pac_options=pac_options, authenticator_subkey=subkey, kdc_options=kdc_options, + expected_supported_etypes=expected_supported_etypes, expect_edata=expect_edata, expect_pac=expect_pac, expect_pac_attrs=expect_pac_attrs, |