From 98e23d7eed6e7e89e8565f56ff35630f6799e80b Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Fri, 28 Apr 2023 16:24:31 +1200 Subject: tests/krb5: Have set_forced_key() also set the NT hash Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- python/samba/tests/krb5/raw_testcase.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'python') diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index b633fd235c6..a21a4963679 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -38,7 +38,7 @@ from pyasn1.codec.ber.encoder import BitStringEncoder from pyasn1.error import PyAsn1Error from samba.credentials import Credentials -from samba.dcerpc import claims, krb5pac, netlogon, security +from samba.dcerpc import claims, krb5pac, netlogon, samr, security from samba.gensec import FEATURE_SEAL from samba.ndr import ndr_pack, ndr_unpack from samba.dcerpc.misc import ( @@ -467,6 +467,14 @@ class KerberosCredentials(Credentials): key = kcrypto.Key(etype, contents) self.forced_keys[etype] = RodcPacEncryptionKey(key, self.kvno) + # Also set the NT hash of computer accounts for which we don’t know the + # password. + if etype == kcrypto.Enctype.RC4 and self.get_password() is None: + nt_hash = samr.Password() + nt_hash.hash = list(contents) + + self.set_nt_hash(nt_hash) + def get_forced_key(self, etype): etype = int(etype) return self.forced_keys.get(etype) -- cgit v1.2.1