git.ipfire.org Git - thirdparty/samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Tue, 24 Aug 2021 15:11:24 +0000 (17:11 +0200)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:32 +0000 (19:45 +0000)
commit	9fe1b719e1b35ae4053cbb13f29f76f4b2f950ef
tree	dafa0f5694a5c4def661d74d229bfa6a5ba29c29	tree \| snapshot
parent	903ab1a02776504ba3b4eb59470cfb8bdf4f2a90	commit \| diff

CVE-2020-25719 CVE-2020-25717 tests/krb5: Add tests for connecting to services anonymously and without a PAC

At the end of the patchset we assume NT_STATUS_NO_IMPERSONATION_TOKEN if
no PAC is available.

For now we want to look for ACCESS_DENIED as this allows
the test to pass (showing that gensec:require_pac = true
is a useful partial mitigation).

This will also help others doing backports that do not
take the full patch set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python/samba/tests/krb5/test_ccache.py		diff \| blob \| blame \| history
python/samba/tests/krb5/test_ldap.py		diff \| blob \| blame \| history
python/samba/tests/krb5/test_rpc.py		diff \| blob \| blame \| history
python/samba/tests/krb5/test_smb.py		diff \| blob \| blame \| history
source4/selftest/tests.py		diff \| blob \| blame \| history