From 371d7e63fcb966ab54915a3dedb888d48adbf0c0 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 18 Nov 2022 12:11:39 +1300
Subject: CVE-2022-37966 selftest: Add tests for Kerberos session key behaviour
 since ENC_HMAC_SHA1_96_AES256_SK was added

ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE
to indicate that additionally, AES session keys are available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 selftest/target/Samba4.pm | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'selftest/target')

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index acf74aa899a..d15156a538b 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1491,6 +1491,8 @@ sub provision_promoted_dc($$$)
 
         ntlm auth = ntlmv2-only
 
+	kdc force enable rc4 weak session keys = yes
+
 [sysvol]
 	path = $ctx->{statedir}/sysvol
 	read only = yes
-- 
cgit v1.2.1