diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2021-10-22 11:37:37 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-09 19:45:32 +0000 |
commit | 4125650a27c3be0f43f873843821751010090010 (patch) | |
tree | 7483f37c1790ea3dfc0ed451c894b8f77be4945c /python | |
parent | 873ac6d814c814fdf2088745dbd562cd91caddd3 (diff) | |
download | samba-4125650a27c3be0f43f873843821751010090010.tar.gz |
CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow create_ccache_with_user() to return a ticket without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/krb5/kdc_base_test.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index e77a940f411..aed4c427ab0 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -1672,7 +1672,7 @@ class KDCBaseTest(RawKerberosTest): return cachefile def create_ccache_with_user(self, user_credentials, mach_credentials, - service="host", target_name=None): + service="host", target_name=None, pac=True): # Obtain a service ticket authorising the user and place it into a # newly created credentials cache file. @@ -1689,6 +1689,9 @@ class KDCBaseTest(RawKerberosTest): service=service, target_name=target_name) + if not pac: + ticket = self.modified_ticket(ticket, exclude_pac=True) + # Write the ticket into a credentials cache file that can be ingested # by the main credentials code. cachefile = self.create_ccache(cname, ticket.ticket, |