From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 26 Oct 2021 08:15:53 +0000 (+1300)
Subject: CVE-2020-25719 tests/krb5: Adjust PAC tests to prepare for new PAC_ATTRIBUTES_INFO... 
X-Git-Tag: samba-4.13.14~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97e5b765f281dc14f436b8c70a4dcd40a2babea9;p=thirdparty%2Fsamba.git

CVE-2020-25719 tests/krb5: Adjust PAC tests to prepare for new PAC_ATTRIBUTES_INFO buffer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index 2787185f04a..10a146a5e59 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -324,10 +324,10 @@ class KdcTgsTests(KDCBaseTest):
         self.assertIsNotNone(pac)
 
         ticket = self._make_tgs_request(client_creds, service_creds, tgt,
-                                        pac_request=False)
+                                        pac_request=False, expect_pac=False)
 
-        pac = self.get_ticket_pac(ticket)
-        self.assertIsNotNone(pac)
+        pac = self.get_ticket_pac(ticket, expect_pac=False)
+        self.assertIsNone(pac)
 
     def test_client_no_auth_data_required(self):
         client_creds = self.get_cached_creds(
@@ -351,13 +351,13 @@ class KdcTgsTests(KDCBaseTest):
             opts={'no_auth_data_required': True})
         service_creds = self.get_service_creds()
 
-        tgt = self.get_tgt(client_creds, pac_request=False)
+        tgt = self.get_tgt(client_creds)
 
         pac = self.get_ticket_pac(tgt)
         self.assertIsNotNone(pac)
 
         ticket = self._make_tgs_request(client_creds, service_creds, tgt,
-                                        pac_request=False)
+                                        pac_request=False, expect_pac=True)
 
         pac = self.get_ticket_pac(ticket)
         self.assertIsNotNone(pac)
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index 42f02473272..1ddf812da25 100644
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -265,7 +265,6 @@
 #
 # KDC TGS PAC tests
 #
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_client_no_auth_data_required
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_service_no_auth_data_required
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required
diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index daf8012be43..720d243e05c 100644
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -278,7 +278,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 #
 # KDC TGS PAC tests
 #
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_client_no_auth_data_required\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_service_no_auth_data_required\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required\(ad_dc\)