From: Joseph Sutton Date: Wed, 26 Oct 2022 01:29:54 +0000 (+1300) Subject: CVE-2022-37966 tests/krb5: Add 'etypes' parameter to _tgs_req() X-Git-Tag: samba-4.15.13~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92763515d9f0bb8ed56c721d752db1fb7a268407;p=thirdparty%2Fsamba.git CVE-2022-37966 tests/krb5: Add 'etypes' parameter to _tgs_req() This lets us select the encryption types we claim to support in the request body. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (similar to commit e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de) [jsutton@samba.org Adapted to 4.17 version of function taking different parameters] --- diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index 91d0bb575b0..4e26a011669 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -69,6 +69,7 @@ class KdcTgsBaseTests(KDCBaseTest): srealm=None, use_fast=False, expect_claims=True, + etypes=None, expect_pac=True, expect_pac_attrs=None, expect_pac_attrs_pac_request=None, @@ -134,7 +135,8 @@ class KdcTgsBaseTests(KDCBaseTest): pac_options = None - etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) + if etypes is None: + etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) if expected_error: check_error_fn = self.generic_check_kdc_error