CVE-2020-25719 tests/krb5: Use correct credentials for user-to-user tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index 11bf38766ae8c940b1d4870183e20cf2970370a6..2787185f04af73278634a7ebffca01e050784247 100755 (executable)
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -949,7 +949,7 @@ class KdcTgsTests(KDCBaseTest):
         creds = self._get_creds()
         tgt = self._get_tgt(creds)
 
-        user_name = self._get_mach_creds().get_username()
+        user_name = creds.get_username()
         sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                           names=['host', user_name])
 
@@ -960,18 +960,17 @@ class KdcTgsTests(KDCBaseTest):
         creds = self._get_creds()
         tgt = self._get_tgt(creds)
 
-        user_name = self._get_mach_creds().get_username()
+        user_name = creds.get_username()
         sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                           names=[user_name])
 
-        self._user2user(tgt, creds, sname=sname,
-                        expected_error=KDC_ERR_BADMATCH)
+        self._user2user(tgt, creds, sname=sname, expected_error=0)
 
     def test_user2user_wrong_sname(self):
         creds = self._get_creds()
         tgt = self._get_tgt(creds)
 
-        other_creds = self.get_service_creds()
+        other_creds = self._get_mach_creds()
         user_name = other_creds.get_username()
         sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
                                           names=[user_name])

diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index 342d69a6a0316a3f434f406c7b42c72f8d953ac1..90632f1e4b951aa22787d5719820ffb5a706e3d9 100644 (file)
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -161,7 +161,6 @@
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_user
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_host
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_no_host
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_non_existent_sname
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req

diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index ead0902b2d48b9ceee8d7ba09ef935a1847bbb5f..97269987d014c73829fecef6296e9097c9d208ce 100644 (file)
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -419,7 +419,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_upn_user
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_user
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_no_host
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_allowed_denied