From 4125650a27c3be0f43f873843821751010090010 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 22 Oct 2021 11:37:37 +1300
Subject: [PATCH] CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow
 create_ccache_with_user() to return a ticket without a PAC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 python/samba/tests/krb5/kdc_base_test.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index e77a940f411..aed4c427ab0 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1672,7 +1672,7 @@ class KDCBaseTest(RawKerberosTest):
         return cachefile
 
     def create_ccache_with_user(self, user_credentials, mach_credentials,
-                                service="host", target_name=None):
+                                service="host", target_name=None, pac=True):
         # Obtain a service ticket authorising the user and place it into a
         # newly created credentials cache file.
 
@@ -1689,6 +1689,9 @@ class KDCBaseTest(RawKerberosTest):
                                          service=service,
                                          target_name=target_name)
 
+        if not pac:
+            ticket = self.modified_ticket(ticket, exclude_pac=True)
+
         # Write the ticket into a credentials cache file that can be ingested
         # by the main credentials code.
         cachefile = self.create_ccache(cname, ticket.ticket,
-- 
2.47.2