git.samba.org / metze / samba / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c642bd9) | patch
CVE-2022-37966 python:tests/krb5: test much more etype combinations
authorStefan Metzmacher <metze@samba.org>
Tue, 29 Nov 2022 16:11:01 +0000 (17:11 +0100)
committerStefan Metzmacher <metze@samba.org>
Wed, 14 Dec 2022 11:39:17 +0000 (11:39 +0000)
commit8273935239846045477f99f7dd655d9d37c8c43e
tree30e549ad7fa0454484fd1a2a448e060232b98ce3tree
parentc642bd9f2e98c9fbfe8d3f71def94fd1e76b65f0commit | diff
CVE-2022-37966 python:tests/krb5: test much more etype combinations

This tests work out the difference between
- msDS-SupportedEncryptionTypes value or it's default
- software defined extra flags for DC accounts
- accounts with only an nt hash being stored
- the resulting value in the KRB5_PADATA_SUPPORTED_ETYPES announcement

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1dfa91682efd3b12d7d6af75287efb12ebd9e526)
python/samba/tests/krb5/etype_tests.py diff | blob | history
selftest/knownfail.d/kdc-enctypes [new file with mode: 0644] blob
selftest/knownfail_mit_kdc diff | blob | history
Work in progress branches