sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

tests/krb5: Fix including enc-authorization-data

Browse Source 
Remove the EncAuthorizationData parameters from AS_REQ_create(), since
it should only be present in the TGS-REQ form. Also, fix a call to
EncryptedData_create() to supply the key usage when creating
enc-authorization-data.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
(cherry picked from commit 67ff72395cec2e5170c0ebae8db416a1f226df72)
This commit is contained in:
Joseph Sutton 2021-07-26 17:14:08 +12:00 committed by Jule Anger
parent b7e7120418
commit 2261df73ce
8 changed files with 21 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
python/samba/tests/krb5/as_canonicalization_tests.py
View File

@ -257,8 +257,6 @@ class KerberosASCanonicalizationTests(KDCBaseTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)
@ -314,8 +312,6 @@ class KerberosASCanonicalizationTests(KDCBaseTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)

4
python/samba/tests/krb5/compatability_tests.py
View File

@ -147,8 +147,6 @@ class SimpleKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
@ -209,8 +207,6 @@ class SimpleKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)

2
python/samba/tests/krb5/kdc_base_test.py
View File

@ -390,8 +390,6 @@ class KDCBaseTest(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
return rep

2
python/samba/tests/krb5/kdc_tests.py
View File

@ -79,8 +79,6 @@ class KdcTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
return rep

31
python/samba/tests/krb5/raw_testcase.py
View File

@ -53,6 +53,8 @@ from samba.tests.krb5.rfc4120_constants import (
KU_TGS_REP_ENC_PART_SUB_KEY,
KU_TGS_REQ_AUTH,
KU_TGS_REQ_AUTH_CKSUM,
KU_TGS_REQ_AUTH_DAT_SESSION,
KU_TGS_REQ_AUTH_DAT_SUBKEY,
KU_TICKET,
PADATA_ENC_TIMESTAMP,
PADATA_ETYPE_INFO,
@ -1022,9 +1024,10 @@ class RawKerberosTest(TestCaseInTempDir):
nonce,
etypes,
addresses,
additional_tickets,
EncAuthorizationData,
EncAuthorizationData_key,
additional_tickets,
EncAuthorizationData_usage,
asn1_print=None,
hexdump=None):
# KDC-REQ-BODY ::= SEQUENCE {
@ -1054,8 +1057,9 @@ class RawKerberosTest(TestCaseInTempDir):
asn1Spec=krb5_asn1.AuthorizationData(),
asn1_print=asn1_print,
hexdump=hexdump)
enc_ad = self.EncryptedData_create(
EncAuthorizationData_key, enc_ad_plain)
enc_ad = self.EncryptedData_create(EncAuthorizationData_key,
EncAuthorizationData_usage,
enc_ad_plain)
else:
enc_ad = None
KDC_REQ_BODY_obj = {
@ -1123,8 +1127,6 @@ class RawKerberosTest(TestCaseInTempDir):
nonce, # required
etypes, # required
addresses, # optional
EncAuthorizationData,
EncAuthorizationData_key,
additional_tickets,
native_decoded_only=True,
asn1_print=None,
@ -1170,9 +1172,10 @@ class RawKerberosTest(TestCaseInTempDir):
nonce,
etypes,
addresses,
EncAuthorizationData,
EncAuthorizationData_key,
additional_tickets,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
EncAuthorizationData_usage=None,
asn1_print=asn1_print,
hexdump=hexdump)
obj, decoded = self.KDC_REQ_create(
@ -1290,6 +1293,11 @@ class RawKerberosTest(TestCaseInTempDir):
# -- NOTE: not empty
# }
if authenticator_subkey is not None:
EncAuthorizationData_usage = KU_TGS_REQ_AUTH_DAT_SUBKEY
else:
EncAuthorizationData_usage = KU_TGS_REQ_AUTH_DAT_SESSION
req_body = self.KDC_REQ_BODY_create(
kdc_options=kdc_options,
cname=None,
@ -1301,9 +1309,10 @@ class RawKerberosTest(TestCaseInTempDir):
nonce=nonce,
etypes=etypes,
addresses=addresses,
additional_tickets=additional_tickets,
EncAuthorizationData=EncAuthorizationData,
EncAuthorizationData_key=EncAuthorizationData_key,
additional_tickets=additional_tickets)
EncAuthorizationData_usage=EncAuthorizationData_usage)
req_body_blob = self.der_encode(req_body,
asn1Spec=krb5_asn1.KDC_REQ_BODY(),
asn1_print=asn1_print, hexdump=hexdump)
@ -1397,9 +1406,10 @@ class RawKerberosTest(TestCaseInTempDir):
nonce=None, # required
etypes=None, # required
addresses=None, # optional
additional_tickets=None, # optional
EncAuthorizationData=None, # optional
EncAuthorizationData_key=None, # optional
additional_tickets=None): # optional
EncAuthorizationData_usage=None): # optional
check_error_fn = kdc_exchange_dict['check_error_fn']
check_rep_fn = kdc_exchange_dict['check_rep_fn']
@ -1425,9 +1435,10 @@ class RawKerberosTest(TestCaseInTempDir):
nonce=nonce,
etypes=etypes,
addresses=addresses,
additional_tickets=additional_tickets,
EncAuthorizationData=EncAuthorizationData,
EncAuthorizationData_key=EncAuthorizationData_key,
additional_tickets=additional_tickets)
EncAuthorizationData_usage=EncAuthorizationData_usage)
if generate_padata_fn is not None:
# This can alter req_body...
padata, req_body = generate_padata_fn(kdc_exchange_dict,

4
python/samba/tests/krb5/s4u_tests.py
View File

@ -69,8 +69,6 @@ class S4UKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)
@ -113,8 +111,6 @@ class S4UKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)

4
python/samba/tests/krb5/simple_tests.py
View File

@ -69,8 +69,6 @@ class SimpleKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)
@ -113,8 +111,6 @@ class SimpleKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)

4
python/samba/tests/krb5/xrealm_tests.py
View File

@ -68,8 +68,6 @@ class XrealmKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)
@ -112,8 +110,6 @@ class XrealmKerberosTests(RawKerberosTest):
nonce=0x7fffffff,
etypes=etypes,
addresses=None,
EncAuthorizationData=None,
EncAuthorizationData_key=None,
additional_tickets=None)
rep = self.send_recv_transaction(req)
self.assertIsNotNone(rep)