sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code

CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow create_ccache_with_user() to return a ticket without a PAC

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2021-10-22 11:37:37 +13:00 committed by Jule Anger
parent 873ac6d814
commit 4125650a27
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
python/samba/tests/krb5/kdc_base_test.py
View File

@ -1672,7 +1672,7 @@ class KDCBaseTest(RawKerberosTest):
return cachefile
def create_ccache_with_user(self, user_credentials, mach_credentials,
service="host", target_name=None):
service="host", target_name=None, pac=True):
# Obtain a service ticket authorising the user and place it into a
# newly created credentials cache file.
@ -1689,6 +1689,9 @@ class KDCBaseTest(RawKerberosTest):
service=service,
target_name=target_name)
if not pac:
ticket = self.modified_ticket(ticket, exclude_pac=True)
# Write the ticket into a credentials cache file that can be ingested
# by the main credentials code.
cachefile = self.create_ccache(cname, ticket.ticket,