tests/krb5: Have set_forced_key() also set the NT hash

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index b633fd235c6f31ff1f33bcc393714ec2186539c3..a21a49636799439951416addf7c27f8da9d1ea37 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -38,7 +38,7 @@ from pyasn1.codec.ber.encoder import BitStringEncoder
 from pyasn1.error import PyAsn1Error
 
 from samba.credentials import Credentials
-from samba.dcerpc import claims, krb5pac, netlogon, security
+from samba.dcerpc import claims, krb5pac, netlogon, samr, security
 from samba.gensec import FEATURE_SEAL
 from samba.ndr import ndr_pack, ndr_unpack
 from samba.dcerpc.misc import (
@@ -467,6 +467,14 @@ class KerberosCredentials(Credentials):
         key = kcrypto.Key(etype, contents)
         self.forced_keys[etype] = RodcPacEncryptionKey(key, self.kvno)
 
+        # Also set the NT hash of computer accounts for which we don’t know the
+        # password.
+        if etype == kcrypto.Enctype.RC4 and self.get_password() is None:
+            nt_hash = samr.Password()
+            nt_hash.hash = list(contents)
+
+            self.set_nt_hash(nt_hash)
+
     def get_forced_key(self, etype):
         etype = int(etype)
         return self.forced_keys.get(etype)