mirror of
https://github.com/samba-team/samba.git
synced 2025-02-15 05:57:49 +03:00
tests/krb5: Adjust error codes to better match Windows with PacRequestorEnforcement=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d95705172bcf6fe24817800a4c0009e9cc8be595) [jsutton@samba.org Fixed MIT knownfail conflict]
This commit is contained in:
Joseph Sutton
Jule Anger
parent
651db77b1c
commit
1e9ad4246c
@ -28,7 +28,7 @@ from samba.tests.krb5.kdc_base_test import KDCBaseTest
|
||||
from samba.tests.krb5.rfc4120_constants import (
|
||||
AES256_CTS_HMAC_SHA1_96,
|
||||
ARCFOUR_HMAC_MD5,
|
||||
KDC_ERR_CLIENT_NAME_MISMATCH,
|
||||
KDC_ERR_TGT_REVOKED,
|
||||
NT_PRINCIPAL,
|
||||
)
|
||||
|
||||
@ -168,7 +168,7 @@ class AliasTests(KDCBaseTest):
|
||||
ctype=None)
|
||||
return [padata], req_body
|
||||
|
||||
expected_error_mode = KDC_ERR_CLIENT_NAME_MISMATCH
|
||||
expected_error_mode = KDC_ERR_TGT_REVOKED
|
||||
|
||||
# Make a request using S4U2Self. The request should fail.
|
||||
kdc_exchange_dict = self.tgs_exchange_dict(
|
||||
@ -184,7 +184,8 @@ class AliasTests(KDCBaseTest):
|
||||
tgt=tgt,
|
||||
authenticator_subkey=authenticator_subkey,
|
||||
kdc_options='0',
|
||||
expect_pac=True)
|
||||
expect_pac=True,
|
||||
expect_edata=False)
|
||||
|
||||
rep = self._generic_kdc_exchange(kdc_exchange_dict,
|
||||
cname=None,
|
||||
|
||||
@ -23,7 +23,7 @@ import os
|
||||
import ldb
|
||||
|
||||
|
||||
from samba import dsdb, ntstatus
|
||||
from samba import dsdb
|
||||
|
||||
from samba.dcerpc import krb5pac, security
|
||||
|
||||
@ -38,8 +38,6 @@ from samba.tests.krb5.rfc4120_constants import (
|
||||
KRB_ERROR,
|
||||
KRB_TGS_REP,
|
||||
KDC_ERR_BADMATCH,
|
||||
KDC_ERR_BADOPTION,
|
||||
KDC_ERR_CLIENT_NAME_MISMATCH,
|
||||
KDC_ERR_GENERIC,
|
||||
KDC_ERR_MODIFIED,
|
||||
KDC_ERR_POLICY,
|
||||
@ -262,7 +260,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
authenticator_subkey = self.RandomKey(kcrypto.Enctype.AES256)
|
||||
|
||||
if expect_error:
|
||||
expected_error_mode = KDC_ERR_BADOPTION
|
||||
expected_error_mode = KDC_ERR_TGT_REVOKED
|
||||
check_error_fn = self.generic_check_kdc_error
|
||||
check_rep_fn = None
|
||||
else:
|
||||
@ -288,7 +286,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
authenticator_subkey=authenticator_subkey,
|
||||
kdc_options=kdc_options,
|
||||
pac_request=pac_request,
|
||||
expect_pac=expect_pac)
|
||||
expect_pac=expect_pac,
|
||||
expect_edata=False)
|
||||
|
||||
rep = self._generic_kdc_exchange(kdc_exchange_dict,
|
||||
cname=cname,
|
||||
@ -516,8 +515,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_requester_sid=True)
|
||||
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=True,
|
||||
expect_requester_sid=False) # Note: not expected
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_req_no_pac_attrs(self):
|
||||
creds = self._get_creds()
|
||||
@ -531,11 +529,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, from_rodc=True, remove_requester_sid=True)
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=True,
|
||||
expect_requester_sid=True, expected_sid=sid)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_req_from_rodc_no_pac_attrs(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -548,101 +542,99 @@ class KdcTgsTests(KDCBaseTest):
|
||||
def test_tgs_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_pac=True)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_BADOPTION)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_renew_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, renewable=True, remove_pac=True)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_BADOPTION)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_validate_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, invalid=True, remove_pac=True)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_BADOPTION)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_s4u2self_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_pac=True)
|
||||
self._s4u2self(tgt, creds,
|
||||
expected_error=(KDC_ERR_GENERIC, KDC_ERR_BADOPTION),
|
||||
expected_status=ntstatus.NT_STATUS_INVALID_PARAMETER,
|
||||
expect_edata=True)
|
||||
expected_error=KDC_ERR_TGT_REVOKED,
|
||||
expect_edata=False)
|
||||
|
||||
def test_user2user_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_pac=True)
|
||||
self._user2user(tgt, creds, expected_error=KDC_ERR_BADOPTION)
|
||||
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
# Test making a request with authdata and without a PAC.
|
||||
def test_tgs_authdata_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_BADOPTION)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_renew_authdata_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, renewable=True, remove_pac=True,
|
||||
allow_empty_authdata=True)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_BADOPTION)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_validate_authdata_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, invalid=True, remove_pac=True,
|
||||
allow_empty_authdata=True)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_BADOPTION)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_s4u2self_authdata_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
|
||||
self._s4u2self(tgt, creds,
|
||||
expected_error=(KDC_ERR_GENERIC, KDC_ERR_BADOPTION),
|
||||
expected_status=ntstatus.NT_STATUS_INVALID_PARAMETER,
|
||||
expect_edata=True)
|
||||
expected_error=KDC_ERR_TGT_REVOKED,
|
||||
expect_edata=False)
|
||||
|
||||
def test_user2user_authdata_no_pac(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
|
||||
self._user2user(tgt, creds, expected_error=KDC_ERR_BADOPTION)
|
||||
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
# Test changing the SID in the PAC to that of another account.
|
||||
def test_tgs_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=existing_rid)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_renew_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, renewable=True, new_rid=existing_rid)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_validate_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, invalid=True, new_rid=existing_rid)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_s4u2self_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=existing_rid)
|
||||
self._s4u2self(tgt, creds,
|
||||
expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_user2user_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=existing_rid)
|
||||
self._user2user(tgt, creds,
|
||||
expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_requester_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=existing_rid,
|
||||
can_modify_logon_info=False)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_logon_info_sid_mismatch_existing(self):
|
||||
creds = self._get_creds()
|
||||
@ -656,49 +648,49 @@ class KdcTgsTests(KDCBaseTest):
|
||||
existing_rid = self._get_existing_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=existing_rid,
|
||||
remove_requester_sid=True)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
# Test changing the SID in the PAC to a non-existent one.
|
||||
def test_tgs_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_renew_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, renewable=True,
|
||||
new_rid=nonexistent_rid)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_validate_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, invalid=True,
|
||||
new_rid=nonexistent_rid)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_s4u2self_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
|
||||
self._s4u2self(tgt, creds,
|
||||
expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_user2user_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
|
||||
self._user2user(tgt, creds,
|
||||
expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_requester_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=nonexistent_rid,
|
||||
can_modify_logon_info=False)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_logon_info_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds()
|
||||
@ -712,7 +704,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, new_rid=nonexistent_rid,
|
||||
remove_requester_sid=True)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
# Test with an RODC-issued ticket where the client is revealed to the RODC.
|
||||
def test_tgs_rodc_revealed(self):
|
||||
@ -753,7 +745,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
existing_rid = self._get_existing_rid(replication_allowed=True,
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_renew_rodc_sid_mismatch_existing(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -762,7 +754,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, renewable=True, from_rodc=True,
|
||||
new_rid=existing_rid)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_validate_rodc_sid_mismatch_existing(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -771,7 +763,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, invalid=True, from_rodc=True,
|
||||
new_rid=existing_rid)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_s4u2self_rodc_sid_mismatch_existing(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -779,7 +771,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
existing_rid = self._get_existing_rid(replication_allowed=True,
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)
|
||||
self._s4u2self(tgt, creds, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_user2user_rodc_sid_mismatch_existing(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -788,7 +780,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)
|
||||
self._user2user(tgt, creds,
|
||||
expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_rodc_requester_sid_mismatch_existing(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -797,7 +789,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid,
|
||||
can_modify_logon_info=False)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_rodc_logon_info_sid_mismatch_existing(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -815,7 +807,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid,
|
||||
remove_requester_sid=True)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
# Test with an RODC-issued ticket where the SID in the PAC is changed to a
|
||||
# non-existent one.
|
||||
@ -824,7 +816,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
revealed_to_rodc=True)
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_renew_rodc_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -832,7 +824,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, renewable=True, from_rodc=True,
|
||||
new_rid=nonexistent_rid)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_validate_rodc_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -840,14 +832,14 @@ class KdcTgsTests(KDCBaseTest):
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, invalid=True, from_rodc=True,
|
||||
new_rid=nonexistent_rid)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_s4u2self_rodc_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
revealed_to_rodc=True)
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)
|
||||
self._s4u2self(tgt, creds, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_user2user_rodc_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -855,7 +847,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)
|
||||
self._user2user(tgt, creds,
|
||||
expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_rodc_requester_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -863,7 +855,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid,
|
||||
can_modify_logon_info=False)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_rodc_logon_info_sid_mismatch_nonexisting(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -879,7 +871,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
nonexistent_rid = self._get_non_existent_rid()
|
||||
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid,
|
||||
remove_requester_sid=True)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
# Test with an RODC-issued ticket where the client is not revealed to the
|
||||
# RODC.
|
||||
@ -1111,8 +1103,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
names=[user_name])
|
||||
|
||||
self._user2user(tgt, creds, sname=sname,
|
||||
expected_error=(KDC_ERR_BADMATCH,
|
||||
KDC_ERR_BADOPTION))
|
||||
expected_error=KDC_ERR_BADMATCH)
|
||||
|
||||
def test_user2user_other_sname(self):
|
||||
other_name = self.get_new_username()
|
||||
@ -1134,8 +1125,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
sname = self.get_krbtgt_sname()
|
||||
|
||||
self._user2user(tgt, creds, sname=sname,
|
||||
expected_error=(KDC_ERR_BADMATCH,
|
||||
KDC_ERR_BADOPTION))
|
||||
expected_error=KDC_ERR_BADMATCH)
|
||||
|
||||
def test_user2user_wrong_srealm(self):
|
||||
creds = self._get_creds()
|
||||
@ -1206,7 +1196,9 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
tgt = self._modify_tgt(tgt, cname=cname)
|
||||
|
||||
self._user2user(tgt, creds, expected_error=KDC_ERR_C_PRINCIPAL_UNKNOWN)
|
||||
self._user2user(tgt, creds,
|
||||
expected_error=(KDC_ERR_TGT_REVOKED,
|
||||
KDC_ERR_C_PRINCIPAL_UNKNOWN))
|
||||
|
||||
def test_user2user_non_existent_sname(self):
|
||||
creds = self._get_creds()
|
||||
@ -1522,8 +1514,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self._modify_tgt(tgt, renewable=True,
|
||||
remove_requester_sid=True)
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0, expect_pac=True,
|
||||
expect_requester_sid=False) # Note: not expected
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_requester_sid_missing_rodc_renew(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1539,9 +1530,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True,
|
||||
remove_requester_sid=True)
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0, expect_pac=True,
|
||||
expected_sid=sid,
|
||||
expect_requester_sid=True)
|
||||
self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_tgs_pac_request_none(self):
|
||||
creds = self._get_creds()
|
||||
@ -1655,10 +1644,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
creds = self._get_creds()
|
||||
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
|
||||
|
||||
ticket = self._s4u2self(tgt, creds, expected_error=0, expect_pac=False)
|
||||
ticket = self._s4u2self(tgt, creds, expected_error=0, expect_pac=True)
|
||||
|
||||
pac = self.get_ticket_pac(ticket, expect_pac=False)
|
||||
self.assertIsNone(pac)
|
||||
pac = self.get_ticket_pac(ticket)
|
||||
self.assertIsNotNone(pac)
|
||||
|
||||
def test_s4u2self_pac_request_true(self):
|
||||
creds = self._get_creds()
|
||||
@ -1753,10 +1742,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
|
||||
tgt = self._modify_tgt(tgt, from_rodc=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
|
||||
|
||||
pac = self.get_ticket_pac(ticket, expect_pac=False)
|
||||
self.assertIsNone(pac)
|
||||
self.assertIsNotNone(pac)
|
||||
|
||||
def test_tgs_rodc_pac_request_true(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1784,7 +1773,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
'sAMAccountName')
|
||||
samdb.modify(msg)
|
||||
|
||||
self._run_tgs(tgt, expected_error=KDC_ERR_C_PRINCIPAL_UNKNOWN)
|
||||
self._run_tgs(tgt, expected_error=(KDC_ERR_TGT_REVOKED,
|
||||
KDC_ERR_C_PRINCIPAL_UNKNOWN))
|
||||
|
||||
def _modify_renewable(self, enc_part):
|
||||
# Set the renewable flag.
|
||||
|
||||
@ -32,6 +32,7 @@ from samba.tests.krb5.rfc4120_constants import (
|
||||
NT_PRINCIPAL,
|
||||
NT_SRV_INST,
|
||||
KDC_ERR_C_PRINCIPAL_UNKNOWN,
|
||||
KDC_ERR_TGT_REVOKED,
|
||||
)
|
||||
|
||||
global_asn1_print = False
|
||||
@ -322,21 +323,10 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
|
||||
|
||||
(rep, enc_part) = self.tgs_req(
|
||||
cname, sname, uc.get_realm(), ticket, key, etype,
|
||||
service_creds=mc, expect_pac=False)
|
||||
self.check_tgs_reply(rep)
|
||||
|
||||
# Check the contents of the service ticket
|
||||
ticket = rep['ticket']
|
||||
enc_part = self.decode_service_ticket(mc, ticket)
|
||||
#
|
||||
# We get an empty authorization-data element in the ticket.
|
||||
# i.e. no PAC
|
||||
self.assertEqual([], enc_part['authorization-data'])
|
||||
# check the crealm and cname
|
||||
cname = enc_part['cname']
|
||||
self.assertEqual(NT_PRINCIPAL, cname['name-type'])
|
||||
self.assertEqual(alt_name.encode('UTF8'), cname['name-string'][0])
|
||||
self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm'])
|
||||
service_creds=mc, expect_pac=False,
|
||||
expect_edata=False,
|
||||
expected_error_mode=KDC_ERR_TGT_REVOKED)
|
||||
self.check_error_rep(rep, KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_nt_principal_step_4_b(self):
|
||||
''' Step 4, pre-authentication
|
||||
@ -703,21 +693,10 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
|
||||
|
||||
(rep, enc_part) = self.tgs_req(
|
||||
cname, sname, uc.get_realm(), ticket, key, etype,
|
||||
service_creds=mc, expect_pac=False)
|
||||
self.check_tgs_reply(rep)
|
||||
|
||||
# Check the contents of the service ticket
|
||||
ticket = rep['ticket']
|
||||
enc_part = self.decode_service_ticket(mc, ticket)
|
||||
#
|
||||
# We get an empty authorization-data element in the ticket.
|
||||
# i.e. no PAC
|
||||
self.assertEqual([], enc_part['authorization-data'])
|
||||
# check the crealm and cname
|
||||
cname = enc_part['cname']
|
||||
self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type'])
|
||||
self.assertEqual(ename.encode('UTF8'), cname['name-string'][0])
|
||||
self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm'])
|
||||
service_creds=mc, expect_pac=False,
|
||||
expect_edata=False,
|
||||
expected_error_mode=KDC_ERR_TGT_REVOKED)
|
||||
self.check_error_rep(rep, KDC_ERR_TGT_REVOKED)
|
||||
|
||||
def test_nt_enterprise_principal_step_6_b(self):
|
||||
''' Step 4, pre-authentication
|
||||
|
||||
@ -42,6 +42,7 @@ from samba.tests.krb5.rfc4120_constants import (
|
||||
KDC_ERR_INAPP_CKSUM,
|
||||
KDC_ERR_MODIFIED,
|
||||
KDC_ERR_SUMTYPE_NOSUPP,
|
||||
KDC_ERR_TGT_REVOKED,
|
||||
KU_PA_ENC_TIMESTAMP,
|
||||
KU_AS_REP_ENC_PART,
|
||||
KU_TGS_REP_ENC_PART_SUB_KEY,
|
||||
@ -278,6 +279,8 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
etypes = kdc_dict.pop('etypes', (AES256_CTS_HMAC_SHA1_96,
|
||||
ARCFOUR_HMAC_MD5))
|
||||
|
||||
expect_edata = kdc_dict.pop('expect_edata', None)
|
||||
|
||||
def generate_s4u2self_padata(_kdc_exchange_dict,
|
||||
_callback_dict,
|
||||
req_body):
|
||||
@ -309,7 +312,8 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
tgt=service_tgt,
|
||||
authenticator_subkey=authenticator_subkey,
|
||||
kdc_options=str(kdc_options),
|
||||
expect_claims=False)
|
||||
expect_claims=False,
|
||||
expect_edata=expect_edata)
|
||||
|
||||
self._generic_kdc_exchange(kdc_exchange_dict,
|
||||
cname=None,
|
||||
@ -343,15 +347,14 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
|
||||
self._run_s4u2self_test(
|
||||
{
|
||||
'expected_error_mode': (KDC_ERR_GENERIC,
|
||||
KDC_ERR_BADOPTION),
|
||||
'expected_status': ntstatus.NT_STATUS_INVALID_PARAMETER,
|
||||
'expected_error_mode': KDC_ERR_TGT_REVOKED,
|
||||
'client_opts': {
|
||||
'not_delegated': False
|
||||
},
|
||||
'kdc_options': 'forwardable',
|
||||
'modify_service_tgt_fn': forwardable_no_pac,
|
||||
'expected_flags': 'forwardable'
|
||||
'expected_flags': 'forwardable',
|
||||
'expect_edata': False
|
||||
})
|
||||
|
||||
# Test performing an S4U2Self operation without requesting a forwardable
|
||||
@ -674,8 +677,8 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
# contain a PAC.
|
||||
self._run_delegation_test(
|
||||
{
|
||||
'expected_error_mode': (KDC_ERR_BADOPTION,
|
||||
KDC_ERR_MODIFIED),
|
||||
'expected_error_mode': (KDC_ERR_MODIFIED,
|
||||
KDC_ERR_TGT_REVOKED),
|
||||
'allow_delegation': True,
|
||||
'modify_client_tkt_fn': self.remove_ticket_pac,
|
||||
'expect_edata': False
|
||||
@ -686,9 +689,10 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
# PAC.
|
||||
self._run_delegation_test(
|
||||
{
|
||||
'expected_error_mode': 0,
|
||||
'expected_error_mode': KDC_ERR_TGT_REVOKED,
|
||||
'allow_delegation': True,
|
||||
'modify_service_tgt_fn': self.remove_ticket_pac
|
||||
'modify_service_tgt_fn': self.remove_ticket_pac,
|
||||
'expect_edata': False
|
||||
})
|
||||
|
||||
def test_constrained_delegation_no_client_pac_no_auth_data_required(self):
|
||||
@ -696,8 +700,8 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
# contain a PAC.
|
||||
self._run_delegation_test(
|
||||
{
|
||||
'expected_error_mode': (KDC_ERR_BADOPTION,
|
||||
KDC_ERR_MODIFIED),
|
||||
'expected_error_mode': (KDC_ERR_MODIFIED,
|
||||
KDC_ERR_BADOPTION),
|
||||
'allow_delegation': True,
|
||||
'modify_client_tkt_fn': self.remove_ticket_pac,
|
||||
'expect_edata': False,
|
||||
@ -711,13 +715,14 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
# PAC.
|
||||
self._run_delegation_test(
|
||||
{
|
||||
'expected_error_mode': (KDC_ERR_BADOPTION,
|
||||
KDC_ERR_MODIFIED),
|
||||
'expected_error_mode': KDC_ERR_TGT_REVOKED,
|
||||
'allow_delegation': True,
|
||||
'modify_service_tgt_fn': self.remove_ticket_pac,
|
||||
'service2_opts': {
|
||||
'no_auth_data_required': True
|
||||
}
|
||||
},
|
||||
'expect_pac': False,
|
||||
'expect_edata': False
|
||||
})
|
||||
|
||||
def test_constrained_delegation_non_forwardable(self):
|
||||
@ -812,12 +817,11 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
# PAC.
|
||||
self._run_delegation_test(
|
||||
{
|
||||
'expected_error_mode': KDC_ERR_BADOPTION,
|
||||
'expected_status':
|
||||
ntstatus.NT_STATUS_NOT_FOUND,
|
||||
'expected_error_mode': KDC_ERR_TGT_REVOKED,
|
||||
'allow_rbcd': True,
|
||||
'pac_options': '0001', # supports RBCD
|
||||
'modify_service_tgt_fn': self.remove_ticket_pac
|
||||
'modify_service_tgt_fn': self.remove_ticket_pac,
|
||||
'expect_edata': False
|
||||
})
|
||||
|
||||
def test_rbcd_no_client_pac_no_auth_data_required_a(self):
|
||||
@ -858,15 +862,14 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
# PAC.
|
||||
self._run_delegation_test(
|
||||
{
|
||||
'expected_error_mode': KDC_ERR_BADOPTION,
|
||||
'expected_status':
|
||||
ntstatus.NT_STATUS_NOT_FOUND,
|
||||
'expected_error_mode': KDC_ERR_TGT_REVOKED,
|
||||
'allow_rbcd': True,
|
||||
'pac_options': '0001', # supports RBCD
|
||||
'modify_service_tgt_fn': self.remove_ticket_pac,
|
||||
'service2_opts': {
|
||||
'no_auth_data_required': True
|
||||
}
|
||||
},
|
||||
'expect_edata': False
|
||||
})
|
||||
|
||||
def test_rbcd_non_forwardable(self):
|
||||
@ -941,8 +944,8 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
for checksum in self.pac_checksum_types:
|
||||
with self.subTest(checksum=checksum):
|
||||
if checksum == krb5pac.PAC_TYPE_TICKET_CHECKSUM:
|
||||
expected_error_mode = (KDC_ERR_BADOPTION,
|
||||
KDC_ERR_MODIFIED)
|
||||
expected_error_mode = (KDC_ERR_MODIFIED,
|
||||
KDC_ERR_BADOPTION)
|
||||
else:
|
||||
expected_error_mode = KDC_ERR_GENERIC
|
||||
|
||||
@ -1061,8 +1064,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
for checksum in self.pac_checksum_types:
|
||||
with self.subTest(checksum=checksum):
|
||||
if checksum == krb5pac.PAC_TYPE_SRV_CHECKSUM:
|
||||
expected_error_mode = (KDC_ERR_MODIFIED,
|
||||
KDC_ERR_BAD_INTEGRITY)
|
||||
expected_error_mode = KDC_ERR_MODIFIED
|
||||
expected_status = ntstatus.NT_STATUS_WRONG_PASSWORD
|
||||
else:
|
||||
expected_error_mode = 0
|
||||
@ -1162,8 +1164,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
with self.subTest(checksum=checksum, ctype=ctype):
|
||||
if checksum == krb5pac.PAC_TYPE_SRV_CHECKSUM:
|
||||
if ctype == Cksumtype.SHA1:
|
||||
expected_error_mode = (KDC_ERR_SUMTYPE_NOSUPP,
|
||||
KDC_ERR_BAD_INTEGRITY)
|
||||
expected_error_mode = KDC_ERR_SUMTYPE_NOSUPP
|
||||
expected_status = ntstatus.NT_STATUS_LOGON_FAILURE
|
||||
else:
|
||||
expected_error_mode = KDC_ERR_GENERIC
|
||||
|
||||
@ -24,7 +24,10 @@ import ldb
|
||||
|
||||
from samba import NTSTATUSError, credentials
|
||||
from samba.dcerpc import lsa
|
||||
from samba.ntstatus import NT_STATUS_NO_IMPERSONATION_TOKEN
|
||||
from samba.ntstatus import (
|
||||
NT_STATUS_ACCESS_DENIED,
|
||||
NT_STATUS_NO_IMPERSONATION_TOKEN
|
||||
)
|
||||
|
||||
from samba.tests.krb5.kdc_base_test import KDCBaseTest
|
||||
|
||||
@ -103,7 +106,8 @@ class RpcTests(KDCBaseTest):
|
||||
self.fail()
|
||||
|
||||
enum, _ = e.args
|
||||
self.assertEqual(NT_STATUS_NO_IMPERSONATION_TOKEN, enum)
|
||||
self.assertIn(enum, {NT_STATUS_ACCESS_DENIED,
|
||||
NT_STATUS_NO_IMPERSONATION_TOKEN})
|
||||
return
|
||||
|
||||
(account_name, _) = conn.GetUserName(None, None, None)
|
||||
|
||||
@ -233,16 +233,21 @@
|
||||
# S4U tests
|
||||
#
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_bronze_bit_rbcd_old_checksum
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_client_pac(?!_no_auth_data_required)
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_service_pac\(.*\)$
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_service_pac_no_auth_data_required
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_existing_delegation_info
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_missing_client_checksum
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_a
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_client_pac_b
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_service_pac
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_service_pac_no_auth_data_required
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_client_checksum
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_service_checksum
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_client_checksum
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_service_checksum
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_forwardable
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_no_pac
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_trusted_empty_allowed
|
||||
#
|
||||
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_auth_data_required
|
||||
@ -259,3 +264,62 @@
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_not_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_revealed
|
||||
#
|
||||
# Alias tests
|
||||
#
|
||||
^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_create_alias_delete
|
||||
^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_create_alias_rename
|
||||
^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_dc_alias_delete
|
||||
^samba.tests.krb5.alias_tests.samba.tests.krb5.alias_tests.AliasTests.test_dc_alias_rename
|
||||
#
|
||||
# KDC TGS tests
|
||||
#
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_service_no_auth_data_required
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_requester_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_requester_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_false
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_pac_request_false
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_nonexisting
|
||||
|
||||
@ -390,6 +390,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
#
|
||||
# KDC TGT tests
|
||||
#
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_allowed_denied
|
||||
@ -401,6 +403,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_req
|
||||
@ -418,6 +422,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rename
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_allowed_denied
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_denied
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_no_krbtgt_link
|
||||
@ -427,6 +432,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_sname
|
||||
@ -462,6 +469,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_nonexisting
|
||||
#
|
||||
# PAC attributes tests
|
||||
#
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user