]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Sign-extend kvno from 32-bit integer
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Mon, 13 Sep 2021 09:14:18 +0000 (21:14 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 15 Sep 2021 07:59:31 +0000 (07:59 +0000)
This helps to avoid problems with RODC kvnos that have the high bit set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python/samba/tests/krb5/raw_testcase.py

index 164d06b9788bc17e530b330cc3b30758c465c89a..cca38fb9480be631d75fdbcc6aedf9095a586c85 100644 (file)
@@ -294,6 +294,9 @@ class KerberosCredentials(Credentials):
         return self._get_krb5_etypes(self.ap_supported_enctypes)
 
     def set_kvno(self, kvno):
+        # Sign-extend from 32 bits.
+        if kvno & 1 << 31:
+            kvno |= -1 << 31
         self.kvno = kvno
 
     def get_kvno(self):