From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 21 Oct 2021 22:37:37 +0000 (+1300)
Subject: CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow create_ccache_with_user() to return... 
X-Git-Tag: samba-4.13.14~177
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fc5247aca3bc700734742e5082038a08d317871;p=thirdparty%2Fsamba.git

CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow create_ccache_with_user() to return a ticket without a PAC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index e77a940f411..aed4c427ab0 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1672,7 +1672,7 @@ class KDCBaseTest(RawKerberosTest):
         return cachefile
 
     def create_ccache_with_user(self, user_credentials, mach_credentials,
-                                service="host", target_name=None):
+                                service="host", target_name=None, pac=True):
         # Obtain a service ticket authorising the user and place it into a
         # newly created credentials cache file.
 
@@ -1689,6 +1689,9 @@ class KDCBaseTest(RawKerberosTest):
                                          service=service,
                                          target_name=target_name)
 
+        if not pac:
+            ticket = self.modified_ticket(ticket, exclude_pac=True)
+
         # Write the ticket into a credentials cache file that can be ingested
         # by the main credentials code.
         cachefile = self.create_ccache(cname, ticket.ticket,