CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 54beae22718385998374132df574b3ee2b9c9f37..4cc006c6faf2bea8281366b2c8e6326db9a1c1f6 100644 (file)
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1157,6 +1157,7 @@ class KDCBaseTest(RawKerberosTest):
 
             kvno = int(res[0]['msDS-KeyVersionNumber'][0])
             creds.set_kvno(kvno)
+            creds.set_workstation(username[:-1])
             creds.set_dn(dn)
 
             keys = self.get_keys(samdb, dn)

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index d0c28fb2002c2e34f736cd33d93775380877eaab..8d2b84c9d7f748e4ecbc49127721c8f2572a48b8 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -869,6 +869,7 @@ class RawKerberosTest(TestCaseInTempDir):
                                  allow_missing_password=allow_missing_password,
                                  allow_missing_keys=allow_missing_keys)
         c.set_gensec_features(c.get_gensec_features() | FEATURE_SEAL)
+        c.set_workstation('')
         return c
 
     def get_rodc_krbtgt_creds(self,