packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0049-CVE-2022-2031-CVE-2022-32744.patch

44 lines
2.1 KiB
Diff
Raw Blame History

From a6231af1f1c03cd81614332f867916e1748e03a8 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 23 Jun 2022 13:59:11 +1200
Subject: [PATCH 97/99] CVE-2022-2031 testprogs: Add test for short-lived
ticket across an incoming trust
We ensure that the KDC does not reject a TGS-REQ with our short-lived
TGT over an incoming trust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
[jsutton@samba.org Changed --use-krb5-ccache to -k yes to match
surrounding usage]
---
testprogs/blackbox/test_kinit_trusts_heimdal.sh | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/testprogs/blackbox/test_kinit_trusts_heimdal.sh b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
index bf0b81a0473..621434eac35 100755
--- a/testprogs/blackbox/test_kinit_trusts_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
@@ -54,6 +54,10 @@ testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppa
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
rm -rf $KRB5CCNAME_PATH
+testit "kinit with password and two minute lifetime" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac --server=krbtgt/$REALM@$TRUST_REALM --lifetime=2m $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache and two minute lifetime" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+rm -rf $KRB5CCNAME_PATH
+
# Test with smbclient4
smbclient="$samba4bindir/smbclient4"
testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
@@ -94,5 +98,5 @@ testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domai
test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
-rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache
+rm -f $PREFIX/tmpccache $PREFIX/tmppassfile
exit $failed
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink