From 25402db19b95d6ce74faa252dbc4b7d86c0c1dbd Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Mon, 11 Apr 2022 15:43:00 +1200 Subject: [PATCH] CVE-2022-37966 tests/krb5: Allow passing expected etypes to get_keys() Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 2f17cbf3b295663a91e4facb0dc8f09ef4a77f4a) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 [jsutton@samba.org Removed changes to protected_users_tests.py] Reviewed-by: Stefan Metzmacher --- python/samba/tests/krb5/kdc_base_test.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index e42af00cdfc..367d3de2636 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -536,7 +536,7 @@ class KDCBaseTest(RawKerberosTest): return bind, identifier, attributes - def get_keys(self, samdb, dn): + def get_keys(self, samdb, dn, expected_etypes=None): admin_creds = self.get_admin_creds() bind, identifier, attributes = self.get_secrets( @@ -574,9 +574,10 @@ class KDCBaseTest(RawKerberosTest): pwd = attr.value_ctr.values[0].blob keys[kcrypto.Enctype.RC4] = pwd.hex() - default_enctypes = self.get_default_enctypes() + if expected_etypes is None: + expected_etypes = self.get_default_enctypes() - self.assertCountEqual(default_enctypes, keys) + self.assertCountEqual(expected_etypes, keys) return keys -- 2.47.2