CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBa...

author Stefan Metzmacher <metze@samba.org>

Tue, 29 Nov 2022 13:15:40 +0000 (14:15 +0100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 13 Dec 2022 23:48:49 +0000 (00:48 +0100)
author Stefan Metzmacher <metze@samba.org>
Tue, 29 Nov 2022 13:15:40 +0000 (14:15 +0100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 13 Dec 2022 23:48:49 +0000 (00:48 +0100)
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py

index 391e06b92e9fee933e757f26dccdf2b612125860..e876efe1a6dd160a112a9376f83eb3289693bf56 100755 (executable)
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -65,7 +65,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                  creds,
                  expected_error,
                  target_creds,
-                etype):
+                etype,
+                expected_ticket_etype=None):
          user_name = creds.get_username()
          cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                            names=user_name.split('/'))
@@ -86,7 +87,8 @@ class KdcTgsBaseTests(KDCBaseTest):
          till = self.get_KerberosTime(offset=36000)
  
          ticket_decryption_key = (
-            self.TicketDecryptionKey_from_creds(target_creds))
+            self.TicketDecryptionKey_from_creds(target_creds,
+                                                etype=expected_ticket_etype))
          expected_etypes = target_creds.tgs_supported_enctypes
  
          kdc_options = ('forwardable,'
@@ -178,6 +180,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                   use_fast=False,
                   expect_claims=True,
                   etypes=None,
+                 expected_ticket_etype=None,
+                 expected_supported_etypes=None,
                   expect_pac=True,
                   expect_pac_attrs=None,
                   expect_pac_attrs_pac_request=None,
@@ -217,7 +221,7 @@ class KdcTgsBaseTests(KDCBaseTest):
          else:
              additional_tickets = None
              decryption_key = self.TicketDecryptionKey_from_creds(
-                target_creds)
+                target_creds, etype=expected_ticket_etype)
  
          subkey = self.RandomKey(tgt.session_key.etype)
  
@@ -277,6 +281,7 @@ class KdcTgsBaseTests(KDCBaseTest):
              pac_options=pac_options,
              authenticator_subkey=subkey,
              kdc_options=kdc_options,
+            expected_supported_etypes=expected_supported_etypes,
              expect_edata=expect_edata,
              expect_pac=expect_pac,
              expect_pac_attrs=expect_pac_attrs,
author	Stefan Metzmacher <metze@samba.org>
	Tue, 29 Nov 2022 13:15:40 +0000 (14:15 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Dec 2022 23:48:49 +0000 (00:48 +0100)