1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

tests/krb5: Cache drsuapi connection

We call get_keys() a lot, and it's more efficient if we aren't creating
a new connection for every new account we create.

To allow us to maintain a single cached connection, remove the samdb
parameter from get_keys() and get_secrets(). No-one was using it anyway.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-03-07 15:28:21 +13:00 committed by Andrew Bartlett
parent f90a46765a
commit 12a1fabd12
4 changed files with 26 additions and 20 deletions

View File

@ -151,6 +151,8 @@ class KDCBaseTest(RawKerberosTest):
cls._ldb = None cls._ldb = None
cls._rodc_ldb = None cls._rodc_ldb = None
cls._drsuapi_connection = None
cls._functional_level = None cls._functional_level = None
# An identifier to ensure created accounts have unique names. Windows # An identifier to ensure created accounts have unique names. Windows
@ -281,6 +283,18 @@ class KDCBaseTest(RawKerberosTest):
return self._rodc_ldb return self._rodc_ldb
def get_drsuapi_connection(self):
if self._drsuapi_connection is None:
admin_creds = self.get_admin_creds()
samdb = self.get_samdb()
dns_hostname = samdb.host_dns_name()
type(self)._drsuapi_connection = drsuapi_connect(dns_hostname,
self.get_lp(),
admin_creds,
ip=self.dc_host)
return self._drsuapi_connection
def get_server_dn(self, samdb): def get_server_dn(self, samdb):
server = samdb.get_serverName() server = samdb.get_serverName()
@ -686,7 +700,6 @@ class KDCBaseTest(RawKerberosTest):
rodc_ctx = self.get_mock_rodc_ctx() rodc_ctx = self.get_mock_rodc_ctx()
self.get_secrets( self.get_secrets(
samdb,
dn, dn,
destination_dsa_guid=rodc_ctx.ntds_guid, destination_dsa_guid=rodc_ctx.ntds_guid,
source_dsa_invocation_id=misc.GUID(samdb.invocation_id)) source_dsa_invocation_id=misc.GUID(samdb.invocation_id))
@ -712,16 +725,10 @@ class KDCBaseTest(RawKerberosTest):
else: else:
self.assertNotIn(str(dn), revealed_dns) self.assertNotIn(str(dn), revealed_dns)
def get_secrets(self, samdb, dn, def get_secrets(self, dn,
destination_dsa_guid, destination_dsa_guid,
source_dsa_invocation_id): source_dsa_invocation_id):
admin_creds = self.get_admin_creds() bind, handle, _ = self.get_drsuapi_connection()
dns_hostname = samdb.host_dns_name()
(bind, handle, _) = drsuapi_connect(dns_hostname,
self.get_lp(),
admin_creds,
ip=self.dc_host)
req = drsuapi.DsGetNCChangesRequest8() req = drsuapi.DsGetNCChangesRequest8()
@ -773,11 +780,11 @@ class KDCBaseTest(RawKerberosTest):
return bind, identifier, attributes return bind, identifier, attributes
def get_keys(self, samdb, dn, expected_etypes=None): def get_keys(self, dn, expected_etypes=None):
admin_creds = self.get_admin_creds() admin_creds = self.get_admin_creds()
samdb = self.get_samdb()
bind, identifier, attributes = self.get_secrets( bind, identifier, attributes = self.get_secrets(
samdb,
str(dn), str(dn),
destination_dsa_guid=misc.GUID(samdb.get_ntds_GUID()), destination_dsa_guid=misc.GUID(samdb.get_ntds_GUID()),
source_dsa_invocation_id=misc.GUID()) source_dsa_invocation_id=misc.GUID())
@ -1444,7 +1451,7 @@ class KDCBaseTest(RawKerberosTest):
expected_etypes = None expected_etypes = None
if force_nt4_hash: if force_nt4_hash:
expected_etypes = {kcrypto.Enctype.RC4} expected_etypes = {kcrypto.Enctype.RC4}
keys = self.get_keys(samdb, dn, expected_etypes=expected_etypes) keys = self.get_keys(dn, expected_etypes=expected_etypes)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
# Handle secret replication to the RODC. # Handle secret replication to the RODC.
@ -1628,7 +1635,7 @@ class KDCBaseTest(RawKerberosTest):
creds.set_kvno(rodc_kvno) creds.set_kvno(rodc_kvno)
creds.set_dn(krbtgt_dn) creds.set_dn(krbtgt_dn)
keys = self.get_keys(samdb, krbtgt_dn) keys = self.get_keys(krbtgt_dn)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
# The RODC krbtgt account should support the default enctypes, # The RODC krbtgt account should support the default enctypes,
@ -1681,7 +1688,7 @@ class KDCBaseTest(RawKerberosTest):
creds.set_kvno(rodc_kvno) creds.set_kvno(rodc_kvno)
creds.set_dn(dn) creds.set_dn(dn)
keys = self.get_keys(samdb, dn) keys = self.get_keys(dn)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
extra_bits = (security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 | extra_bits = (security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 |
@ -1729,7 +1736,7 @@ class KDCBaseTest(RawKerberosTest):
creds.set_kvno(kvno) creds.set_kvno(kvno)
creds.set_dn(dn) creds.set_dn(dn)
keys = self.get_keys(samdb, dn) keys = self.get_keys(dn)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
# The krbtgt account should support the default enctypes, although # The krbtgt account should support the default enctypes, although
@ -1780,7 +1787,7 @@ class KDCBaseTest(RawKerberosTest):
creds.set_workstation(username[:-1]) creds.set_workstation(username[:-1])
creds.set_dn(dn) creds.set_dn(dn)
keys = self.get_keys(samdb, dn) keys = self.get_keys(dn)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
extra_bits = (security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 | extra_bits = (security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 |
@ -1827,7 +1834,7 @@ class KDCBaseTest(RawKerberosTest):
creds.set_kvno(kvno) creds.set_kvno(kvno)
creds.set_dn(dn) creds.set_dn(dn)
keys = self.get_keys(samdb, dn) keys = self.get_keys(dn)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
extra_bits = (security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 | extra_bits = (security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 |

View File

@ -47,7 +47,6 @@ class NtHashTests(KDCBaseTest):
admin_creds = self.get_admin_creds() admin_creds = self.get_admin_creds()
bind, identifier, attributes = self.get_secrets( bind, identifier, attributes = self.get_secrets(
samdb,
dn, dn,
destination_dsa_guid=misc.GUID(samdb.get_ntds_GUID()), destination_dsa_guid=misc.GUID(samdb.get_ntds_GUID()),
source_dsa_invocation_id=misc.GUID()) source_dsa_invocation_id=misc.GUID())

View File

@ -291,7 +291,7 @@ class ProtectedUsersTests(KDCBaseTest):
client_creds.set_password(new_password) client_creds.set_password(new_password)
self.get_keys(samdb, client_dn, self.get_keys(client_dn,
expected_etypes={kcrypto.Enctype.AES256, expected_etypes={kcrypto.Enctype.AES256,
kcrypto.Enctype.AES128, kcrypto.Enctype.AES128,
kcrypto.Enctype.RC4}) kcrypto.Enctype.RC4})

View File

@ -199,7 +199,7 @@ class SpnTests(KDCBaseTest):
kvno = int(res[0].get('msDS-KeyVersionNumber', idx=0)) kvno = int(res[0].get('msDS-KeyVersionNumber', idx=0))
creds.set_kvno(kvno) creds.set_kvno(kvno)
keys = self.get_keys(samdb, rodc_dn) keys = self.get_keys(rodc_dn)
self.creds_set_keys(creds, keys) self.creds_set_keys(creds, keys)
return creds return creds