From 903a2e1a15a1eceff4e261145535b313e439cb14 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 26 Oct 2022 14:29:54 +1300
Subject: [PATCH 10/54] CVE-2022-37966 tests/krb5: Add 'etypes' parameter to
 _tgs_req()

This lets us select the encryption types we claim to support in the
request body.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(similar to commit e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de)
[jsutton@samba.org Adapted to 4.17 version of function taking different
 parameters]

Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17695
---
 python/samba/tests/krb5/kdc_tgs_tests.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index f514e321fee1..cd023e5e32d9 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -70,6 +70,7 @@ class KdcTgsBaseTests(KDCBaseTest):
                  srealm=None,
                  use_fast=False,
                  expect_claims=True,
+                 etypes=None,
                  expect_pac=True,
                  expect_pac_attrs=None,
                  expect_pac_attrs_pac_request=None,
@@ -135,7 +136,8 @@ class KdcTgsBaseTests(KDCBaseTest):
 
             pac_options = None
 
-        etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
+        if etypes is None:
+            etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
 
         if expected_error:
             check_error_fn = self.generic_check_kdc_error
-- 
2.34.1