mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
CVE-2020-25719 tests/krb5: Add test for user-to-user with no sname
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
7ff05eb8d4
commit
26480ba2aa
@ -1122,6 +1122,14 @@ class KdcTgsTests(KDCBaseTest):
|
|||||||
self._user2user(tgt, creds, sname=sname,
|
self._user2user(tgt, creds, sname=sname,
|
||||||
expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)
|
expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)
|
||||||
|
|
||||||
|
def test_user2user_no_sname(self):
|
||||||
|
creds = self._get_creds()
|
||||||
|
tgt = self._get_tgt(creds)
|
||||||
|
|
||||||
|
self._user2user(tgt, creds, sname=False,
|
||||||
|
expected_error=(KDC_ERR_GENERIC,
|
||||||
|
KDC_ERR_S_PRINCIPAL_UNKNOWN))
|
||||||
|
|
||||||
def test_user2user_service_ticket(self):
|
def test_user2user_service_ticket(self):
|
||||||
creds = self._get_creds()
|
creds = self._get_creds()
|
||||||
tgt = self._get_tgt(creds)
|
tgt = self._get_tgt(creds)
|
||||||
@ -2025,16 +2033,24 @@ class KdcTgsTests(KDCBaseTest):
|
|||||||
expected_status=None):
|
expected_status=None):
|
||||||
srealm = target_creds.get_realm()
|
srealm = target_creds.get_realm()
|
||||||
|
|
||||||
if sname is None:
|
if sname is False:
|
||||||
target_name = target_creds.get_username()
|
sname = None
|
||||||
if target_name == 'krbtgt':
|
expected_sname = self.get_krbtgt_sname()
|
||||||
sname = self.PrincipalName_create(name_type=NT_SRV_INST,
|
else:
|
||||||
names=[target_name, srealm])
|
if sname is None:
|
||||||
else:
|
target_name = target_creds.get_username()
|
||||||
if target_name[-1] == '$':
|
if target_name == 'krbtgt':
|
||||||
target_name = target_name[:-1]
|
sname = self.PrincipalName_create(
|
||||||
sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
|
name_type=NT_SRV_INST,
|
||||||
names=['host', target_name])
|
names=[target_name, srealm])
|
||||||
|
else:
|
||||||
|
if target_name[-1] == '$':
|
||||||
|
target_name = target_name[:-1]
|
||||||
|
sname = self.PrincipalName_create(
|
||||||
|
name_type=NT_PRINCIPAL,
|
||||||
|
names=['host', target_name])
|
||||||
|
|
||||||
|
expected_sname = sname
|
||||||
|
|
||||||
if additional_ticket is not None:
|
if additional_ticket is not None:
|
||||||
additional_tickets = [additional_ticket.ticket]
|
additional_tickets = [additional_ticket.ticket]
|
||||||
@ -2062,7 +2078,7 @@ class KdcTgsTests(KDCBaseTest):
|
|||||||
expected_crealm=tgt.crealm,
|
expected_crealm=tgt.crealm,
|
||||||
expected_cname=expected_cname,
|
expected_cname=expected_cname,
|
||||||
expected_srealm=srealm,
|
expected_srealm=srealm,
|
||||||
expected_sname=sname,
|
expected_sname=expected_sname,
|
||||||
ticket_decryption_key=decryption_key,
|
ticket_decryption_key=decryption_key,
|
||||||
generate_padata_fn=generate_padata_fn,
|
generate_padata_fn=generate_padata_fn,
|
||||||
check_error_fn=check_error_fn,
|
check_error_fn=check_error_fn,
|
||||||
|
@ -161,6 +161,7 @@
|
|||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_host
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_host
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
|
||||||
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_sname
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_non_existent_sname
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_non_existent_sname
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_allowed_denied
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_allowed_denied
|
||||||
|
@ -419,6 +419,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
|||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_user
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_user
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
|
||||||
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_sname
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_req
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_allowed_denied
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_allowed_denied
|
||||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_denied
|
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_denied
|
||||||
|
Loading…
Reference in New Issue
Block a user