From: Joseph Sutton Date: Thu, 28 Oct 2021 21:27:41 +0000 (+1300) Subject: CVE-2020-25719 CVE-2020-25717 tests/krb5: Adapt tests for connecting without a PAC... X-Git-Tag: samba-4.13.14~166 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2aa37d595e4204a7c30daf2e7ee64d96df1b13df;p=thirdparty%2Fsamba.git CVE-2020-25719 CVE-2020-25717 tests/krb5: Adapt tests for connecting without a PAC to new error codes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py index cb5061b92d9..d21ec84796e 100755 --- a/python/samba/tests/krb5/test_ccache.py +++ b/python/samba/tests/krb5/test_ccache.py @@ -25,7 +25,7 @@ from samba import NTSTATUSError, gensec from samba.auth import AuthContext from samba.dcerpc import security from samba.ndr import ndr_unpack -from samba.ntstatus import NT_STATUS_ACCESS_DENIED +from samba.ntstatus import NT_STATUS_NO_IMPERSONATION_TOKEN from samba.tests.krb5.kdc_base_test import KDCBaseTest @@ -84,6 +84,7 @@ class CcacheTests(KDCBaseTest): # cached credentials. lp = self.get_lp() + lp.set('server role', 'active directory domain controller') settings = {} settings["lp_ctx"] = lp @@ -135,7 +136,7 @@ class CcacheTests(KDCBaseTest): self.fail() enum, _ = e.args - self.assertEqual(NT_STATUS_ACCESS_DENIED, enum) + self.assertEqual(NT_STATUS_NO_IMPERSONATION_TOKEN, enum) return token = session.security_token diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py index 31e50487338..0205bdf6fb7 100755 --- a/python/samba/tests/krb5/test_ldap.py +++ b/python/samba/tests/krb5/test_ldap.py @@ -96,7 +96,7 @@ class LdapTests(KDCBaseTest): enum, estr = e.args self.assertEqual(ERR_OPERATIONS_ERROR, enum) - self.assertIn('NT_STATUS_ACCESS_DENIED', estr) + self.assertIn('NT_STATUS_NO_IMPERSONATION_TOKEN', estr) return ldb_res = ldb_as_user.search('', diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py index 54ad7cf0e48..0f2170a8ded 100755 --- a/python/samba/tests/krb5/test_rpc.py +++ b/python/samba/tests/krb5/test_rpc.py @@ -22,7 +22,7 @@ import os from samba import NTSTATUSError, credentials from samba.dcerpc import lsa -from samba.ntstatus import NT_STATUS_ACCESS_DENIED +from samba.ntstatus import NT_STATUS_NO_IMPERSONATION_TOKEN from samba.tests.krb5.kdc_base_test import KDCBaseTest @@ -84,7 +84,7 @@ class RpcTests(KDCBaseTest): self.fail() enum, _ = e.args - self.assertEqual(NT_STATUS_ACCESS_DENIED, enum) + self.assertEqual(NT_STATUS_NO_IMPERSONATION_TOKEN, enum) return (account_name, _) = conn.GetUserName(None, None, None) diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py index 79ff16ac879..7408e5dbece 100755 --- a/python/samba/tests/krb5/test_smb.py +++ b/python/samba/tests/krb5/test_smb.py @@ -24,7 +24,7 @@ from ldb import SCOPE_SUBTREE from samba import NTSTATUSError from samba.dcerpc import security from samba.ndr import ndr_unpack -from samba.ntstatus import NT_STATUS_ACCESS_DENIED +from samba.ntstatus import NT_STATUS_NO_IMPERSONATION_TOKEN from samba.samba3 import libsmb_samba_internal as libsmb from samba.samba3 import param as s3param @@ -114,7 +114,7 @@ class SmbTests(KDCBaseTest): self.fail() enum, _ = e.args - self.assertEqual(NT_STATUS_ACCESS_DENIED, enum) + self.assertEqual(NT_STATUS_NO_IMPERSONATION_TOKEN, enum) return else: self.assertFalse(expect_error)