50 lines
1.7 KiB
Diff
50 lines
1.7 KiB
Diff
From 903a2e1a15a1eceff4e261145535b313e439cb14 Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Wed, 26 Oct 2022 14:29:54 +1300
|
|
Subject: [PATCH 10/54] CVE-2022-37966 tests/krb5: Add 'etypes' parameter to
|
|
_tgs_req()
|
|
|
|
This lets us select the encryption types we claim to support in the
|
|
request body.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
(similar to commit e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de)
|
|
[jsutton@samba.org Adapted to 4.17 version of function taking different
|
|
parameters]
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17695
|
|
---
|
|
python/samba/tests/krb5/kdc_tgs_tests.py | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
|
|
index f514e321fee1..cd023e5e32d9 100755
|
|
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
|
|
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
|
|
@@ -70,6 +70,7 @@ class KdcTgsBaseTests(KDCBaseTest):
|
|
srealm=None,
|
|
use_fast=False,
|
|
expect_claims=True,
|
|
+ etypes=None,
|
|
expect_pac=True,
|
|
expect_pac_attrs=None,
|
|
expect_pac_attrs_pac_request=None,
|
|
@@ -135,7 +136,8 @@ class KdcTgsBaseTests(KDCBaseTest):
|
|
|
|
pac_options = None
|
|
|
|
- etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
|
|
+ if etypes is None:
|
|
+ etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
|
|
|
|
if expected_error:
|
|
check_error_fn = self.generic_check_kdc_error
|
|
--
|
|
2.34.1
|