From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 11 Apr 2022 03:43:00 +0000 (+1200)
Subject: CVE-2022-37966 tests/krb5: Allow passing expected etypes to get_keys()
X-Git-Tag: samba-4.15.13~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25402db19b95d6ce74faa252dbc4b7d86c0c1dbd;p=thirdparty%2Fsamba.git

CVE-2022-37966 tests/krb5: Allow passing expected etypes to get_keys()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2f17cbf3b295663a91e4facb0dc8f09ef4a77f4a)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

[jsutton@samba.org Removed changes to protected_users_tests.py]
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index e42af00cdfc..367d3de2636 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -536,7 +536,7 @@ class KDCBaseTest(RawKerberosTest):
 
         return bind, identifier, attributes
 
-    def get_keys(self, samdb, dn):
+    def get_keys(self, samdb, dn, expected_etypes=None):
         admin_creds = self.get_admin_creds()
 
         bind, identifier, attributes = self.get_secrets(
@@ -574,9 +574,10 @@ class KDCBaseTest(RawKerberosTest):
                 pwd = attr.value_ctr.values[0].blob
                 keys[kcrypto.Enctype.RC4] = pwd.hex()
 
-        default_enctypes = self.get_default_enctypes()
+        if expected_etypes is None:
+            expected_etypes = self.get_default_enctypes()
 
-        self.assertCountEqual(default_enctypes, keys)
+        self.assertCountEqual(expected_etypes, keys)
 
         return keys