sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

tests/krb5: Add method to replace client or device claims in a PAC

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-09-28 16:13:08 +13:00 committed by Andrew Bartlett
parent 6f5368dd32
commit 0e7e46c396
1 changed files with 102 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
python/samba/tests/krb5/kdc_base_test.py
View File

@ -1825,6 +1825,108 @@ class KDCBaseTest(TestCaseInTempDir, RawKerberosTest):
return pac
def set_pac_claims(self, pac, *, client_claims=None, device_claims=None, claim_ids=None):
if claim_ids is None:
claim_ids = {}
if client_claims is not None:
self.assertIsNone(device_claims,
'dont specify both client and device claims')
pac_claims = client_claims
pac_buffer_type = krb5pac.PAC_TYPE_CLIENT_CLAIMS_INFO
else:
self.assertIsNotNone(device_claims,
'please specify client or device claims')
pac_claims = device_claims
pac_buffer_type = krb5pac.PAC_TYPE_DEVICE_CLAIMS_INFO
claim_value_types = {
claims.CLAIM_TYPE_INT64: claims.CLAIM_INT64,
claims.CLAIM_TYPE_UINT64: claims.CLAIM_UINT64,
claims.CLAIM_TYPE_STRING: claims.CLAIM_STRING,
claims.CLAIM_TYPE_BOOLEAN: claims.CLAIM_UINT64,
}
claims_arrays = []
for pac_claim_array in pac_claims:
pac_claim_source_type, pac_claim_entries = (
pac_claim_array)
claim_entries = []
for pac_claim_entry in pac_claim_entries:
pac_claim_id, pac_claim_type, pac_claim_values = (
pac_claim_entry)
claim_values_type = claim_value_types.get(
pac_claim_type, claims.CLAIM_STRING)
claim_values_enum = claim_values_type()
claim_values_enum.values = pac_claim_values
claim_values_enum.value_count = len(
pac_claim_values)
claim_entry = claims.CLAIM_ENTRY()
try:
claim_entry.id = pac_claim_id.format_map(
claim_ids)
except KeyError as err:
raise RuntimeError(
f'unknown claim name(s) '
f'in {pac_claim_id}'
) from err
claim_entry.type = pac_claim_type
claim_entry.values = claim_values_enum
claim_entries.append(claim_entry)
claims_array = claims.CLAIMS_ARRAY()
claims_array.claims_source_type = pac_claim_source_type
claims_array.claim_entries = claim_entries
claims_array.claims_count = len(claim_entries)
claims_arrays.append(claims_array)
claims_set = claims.CLAIMS_SET()
claims_set.claims_arrays = claims_arrays
claims_set.claims_array_count = len(claims_arrays)
claims_ctr = claims.CLAIMS_SET_CTR()
claims_ctr.claims = claims_set
claims_ndr = claims.CLAIMS_SET_NDR()
claims_ndr.claims = claims_ctr
metadata = claims.CLAIMS_SET_METADATA()
metadata.claims_set = claims_ndr
metadata.compression_format = (
claims.CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF)
metadata_ctr = claims.CLAIMS_SET_METADATA_CTR()
metadata_ctr.metadata = metadata
metadata_ndr = claims.CLAIMS_SET_METADATA_NDR()
metadata_ndr.claims = metadata_ctr
pac_buffers = pac.buffers
for pac_buffer in pac_buffers:
if pac_buffer.type == pac_buffer_type:
break
else:
pac_buffer = krb5pac.PAC_BUFFER()
pac_buffer.type = pac_buffer_type
pac_buffer.info = krb5pac.DATA_BLOB_REM()
pac_buffers.append(pac_buffer)
pac_buffer.info.remaining = ndr_pack(metadata_ndr)
pac.buffers = pac_buffers
pac.num_buffers = len(pac_buffers)
return pac
def get_cached_creds(self, *,
account_type,
opts=None,