samba/backport-0043-CVE-2022-37966.patch

From 624731517772ace3051d922c58f8a222ce263e06 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 29 Nov 2022 14:15:40 +0100
Subject: [PATCH 43/54] CVE-2022-37966 python:tests/krb5: allow
 ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29)

Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17695
---
 python/samba/tests/krb5/kdc_tgs_tests.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index 1607818de1df..40001479f960 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -66,7 +66,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                 creds,
                 expected_error,
                 target_creds,
-                etype):
+                etype,
+                expected_ticket_etype=None):
         user_name = creds.get_username()
         cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                           names=user_name.split('/'))
@@ -87,7 +88,8 @@ class KdcTgsBaseTests(KDCBaseTest):
         till = self.get_KerberosTime(offset=36000)
 
         ticket_decryption_key = (
-            self.TicketDecryptionKey_from_creds(target_creds))
+            self.TicketDecryptionKey_from_creds(target_creds,
+                                                etype=expected_ticket_etype))
         expected_etypes = target_creds.tgs_supported_enctypes
 
         kdc_options = ('forwardable,'
@@ -179,6 +181,8 @@ class KdcTgsBaseTests(KDCBaseTest):
                  use_fast=False,
                  expect_claims=True,
                  etypes=None,
+                 expected_ticket_etype=None,
+                 expected_supported_etypes=None,
                  expect_pac=True,
                  expect_pac_attrs=None,
                  expect_pac_attrs_pac_request=None,
@@ -218,7 +222,7 @@ class KdcTgsBaseTests(KDCBaseTest):
         else:
             additional_tickets = None
             decryption_key = self.TicketDecryptionKey_from_creds(
-                target_creds)
+                target_creds, etype=expected_ticket_etype)
 
         subkey = self.RandomKey(tgt.session_key.etype)
 
@@ -278,6 +282,7 @@ class KdcTgsBaseTests(KDCBaseTest):
             pac_options=pac_options,
             authenticator_subkey=subkey,
             kdc_options=kdc_options,
+            expected_supported_etypes=expected_supported_etypes,
             expect_edata=expect_edata,
             expect_pac=expect_pac,
             expect_pac_attrs=expect_pac_attrs,
-- 
2.34.1