From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 26 Oct 2021 07:47:53 +0000 (+1300)
Subject: CVE-2020-25719 tests/krb5: Allow update_pac_checksums=True if the PAC is not present
X-Git-Tag: samba-4.13.14~89
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e60e6301ad8ab6f7163c70c3b5eec862cee3d870;p=thirdparty%2Fsamba.git

CVE-2020-25719 tests/krb5: Allow update_pac_checksums=True if the PAC is not present

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index 18ee8738eaa..39ca4a69e1c 100644
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -3293,7 +3293,7 @@ class RawKerberosTest(TestCaseInTempDir):
             self.assertFalse(checksum_keys)
             self.assertFalse(include_checksums)
 
-        expect_pac = update_pac_checksums or modify_pac_fn is not None
+        expect_pac = modify_pac_fn is not None
 
         key = ticket.decryption_key