mirror of
https://github.com/samba-team/samba.git
synced 2025-12-20 16:23:51 +03:00
tests/krb5: Correctly check PA-SUPPORTED-ENCTYPES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton
committed by
Andrew Bartlett
Andrew Bartlett
parent
b6eaf2cf44
commit
14cd933a9d
@@ -1169,6 +1169,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
name_type=NT_SRV_INST, names=[krbtgt_username, krbtgt_realm])
|
||||
krbtgt_decryption_key = self.TicketDecryptionKey_from_creds(
|
||||
krbtgt_creds)
|
||||
krbtgt_etypes = krbtgt_creds.tgs_supported_enctypes
|
||||
|
||||
target_username = target_creds.get_username()[:-1]
|
||||
target_realm = target_creds.get_realm()
|
||||
@@ -1177,6 +1178,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
name_type=NT_SRV_INST, names=[target_service, target_username])
|
||||
target_decryption_key = self.TicketDecryptionKey_from_creds(
|
||||
target_creds)
|
||||
target_etypes = target_creds.tgs_supported_enctypes
|
||||
|
||||
fast_cookie = None
|
||||
preauth_etype_info2 = None
|
||||
@@ -1365,6 +1367,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
expected_anon=expected_anon,
|
||||
expected_srealm=expected_srealm,
|
||||
expected_sname=expected_sname,
|
||||
expected_supported_etypes=krbtgt_etypes,
|
||||
expected_flags=expected_flags,
|
||||
unexpected_flags=unexpected_flags,
|
||||
ticket_decryption_key=krbtgt_decryption_key,
|
||||
@@ -1398,6 +1401,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
expected_anon=expected_anon,
|
||||
expected_srealm=expected_srealm,
|
||||
expected_sname=expected_sname,
|
||||
expected_supported_etypes=target_etypes,
|
||||
expected_flags=expected_flags,
|
||||
unexpected_flags=unexpected_flags,
|
||||
ticket_decryption_key=target_decryption_key,
|
||||
|
||||
@@ -1267,6 +1267,8 @@ class KDCBaseTest(RawKerberosTest):
|
||||
expected_sname = self.PrincipalName_create(
|
||||
name_type=NT_SRV_INST, names=['krbtgt', realm.upper()])
|
||||
|
||||
expected_etypes = krbtgt_creds.tgs_supported_enctypes
|
||||
|
||||
rep, kdc_exchange_dict = self._test_as_exchange(
|
||||
cname=cname,
|
||||
realm=realm,
|
||||
@@ -1279,6 +1281,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
expected_srealm=expected_realm,
|
||||
expected_sname=expected_sname,
|
||||
expected_salt=salt,
|
||||
expected_supported_etypes=expected_etypes,
|
||||
etypes=etype,
|
||||
padata=padata,
|
||||
kdc_options=kdc_options,
|
||||
|
||||
@@ -1879,6 +1879,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_anon=False,
|
||||
expected_srealm=None,
|
||||
expected_sname=None,
|
||||
expected_supported_etypes=None,
|
||||
expected_flags=None,
|
||||
unexpected_flags=None,
|
||||
ticket_decryption_key=None,
|
||||
@@ -1923,6 +1924,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'expected_anon': expected_anon,
|
||||
'expected_srealm': expected_srealm,
|
||||
'expected_sname': expected_sname,
|
||||
'expected_supported_etypes': expected_supported_etypes,
|
||||
'expected_flags': expected_flags,
|
||||
'unexpected_flags': unexpected_flags,
|
||||
'ticket_decryption_key': ticket_decryption_key,
|
||||
@@ -1963,6 +1965,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_anon=False,
|
||||
expected_srealm=None,
|
||||
expected_sname=None,
|
||||
expected_supported_etypes=None,
|
||||
expected_flags=None,
|
||||
unexpected_flags=None,
|
||||
ticket_decryption_key=None,
|
||||
@@ -2006,6 +2009,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'expected_anon': expected_anon,
|
||||
'expected_srealm': expected_srealm,
|
||||
'expected_sname': expected_sname,
|
||||
'expected_supported_etypes': expected_supported_etypes,
|
||||
'expected_flags': expected_flags,
|
||||
'unexpected_flags': unexpected_flags,
|
||||
'ticket_decryption_key': ticket_decryption_key,
|
||||
@@ -2312,19 +2316,19 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
if canonicalize:
|
||||
self.assertIn(PADATA_SUPPORTED_ETYPES, enc_pa_dict)
|
||||
|
||||
expected_supported_etypes = kdc_exchange_dict[
|
||||
'expected_supported_etypes']
|
||||
expected_supported_etypes |= (
|
||||
security.KERB_ENCTYPE_DES_CBC_CRC |
|
||||
security.KERB_ENCTYPE_DES_CBC_MD5 |
|
||||
security.KERB_ENCTYPE_RC4_HMAC_MD5)
|
||||
|
||||
(supported_etypes,) = struct.unpack(
|
||||
'<L',
|
||||
enc_pa_dict[PADATA_SUPPORTED_ETYPES])
|
||||
|
||||
self.assertTrue(
|
||||
security.KERB_ENCTYPE_FAST_SUPPORTED
|
||||
& supported_etypes)
|
||||
self.assertTrue(
|
||||
security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
|
||||
& supported_etypes)
|
||||
self.assertTrue(
|
||||
security.KERB_ENCTYPE_CLAIMS_SUPPORTED
|
||||
& supported_etypes)
|
||||
self.assertEqual(supported_etypes,
|
||||
expected_supported_etypes)
|
||||
else:
|
||||
self.assertNotIn(PADATA_SUPPORTED_ETYPES, enc_pa_dict)
|
||||
|
||||
@@ -3396,6 +3400,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
kdc_options,
|
||||
expected_flags=None,
|
||||
unexpected_flags=None,
|
||||
expected_supported_etypes=None,
|
||||
preauth_key=None,
|
||||
ticket_decryption_key=None,
|
||||
pac_request=None,
|
||||
@@ -3424,6 +3429,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_cname=expected_cname,
|
||||
expected_srealm=expected_srealm,
|
||||
expected_sname=expected_sname,
|
||||
expected_supported_etypes=expected_supported_etypes,
|
||||
ticket_decryption_key=ticket_decryption_key,
|
||||
generate_padata_fn=generate_padata_fn,
|
||||
check_error_fn=check_error_fn,
|
||||
|
||||
Reference in New Issue
Block a user