From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 24 May 2022 07:06:53 +0000 (+1200)
Subject: CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts
X-Git-Tag: samba-4.17.0rc1~306
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ebccd0440aa6739a46e057dac738dc13a7d9a42a;p=thirdparty%2Fsamba.git

CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 54beae22718..4cc006c6faf 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1157,6 +1157,7 @@ class KDCBaseTest(RawKerberosTest):
 
             kvno = int(res[0]['msDS-KeyVersionNumber'][0])
             creds.set_kvno(kvno)
+            creds.set_workstation(username[:-1])
             creds.set_dn(dn)
 
             keys = self.get_keys(samdb, dn)
diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index d0c28fb2002..8d2b84c9d7f 100644
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -869,6 +869,7 @@ class RawKerberosTest(TestCaseInTempDir):
                                  allow_missing_password=allow_missing_password,
                                  allow_missing_keys=allow_missing_keys)
         c.set_gensec_features(c.get_gensec_features() | FEATURE_SEAL)
+        c.set_workstation('')
         return c
 
     def get_rodc_krbtgt_creds(self,