sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00
Code

tests/krb5: Refactor get_pa_data()

Browse Source 
The function now returns a single padata object rather than a list,
making it easier to combine multiple padata elements into a request. The
new name 'get_enc_timestamp_pa_data' also makes it clearer as to what
the method generates.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Joseph Sutton 2021-07-06 10:16:01 +12:00 committed by Andrew Bartlett
parent a5e5f8fdfe
commit 2c80f7f851
4 changed files with 42 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
python/samba/tests/krb5/kdc_base_test.py
View File

@ -413,7 +413,7 @@ class KDCBaseTest(RawKerberosTest):
creds.get_kvno())
return key
def get_pa_data(self, creds, rep, skew=0):
def get_enc_timestamp_pa_data(self, creds, rep, skew=0):
'''generate the pa_data data element for an AS-REQ
'''
key = self.get_as_rep_key(creds, rep)
@ -427,7 +427,7 @@ class KDCBaseTest(RawKerberosTest):
padata = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, padata)
return [padata]
return padata
def get_as_rep_enc_data(self, key, rep):
''' Decrypt and Decode the encrypted data in an AS-REP
@ -795,9 +795,9 @@ class KDCBaseTest(RawKerberosTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(user_credentials, rep)
padata = self.get_enc_timestamp_pa_data(user_credentials, rep)
key = self.get_as_rep_key(user_credentials, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account

25
python/samba/tests/krb5/kdc_tests.py
View File

@ -83,7 +83,7 @@ class KdcTests(RawKerberosTest):
rep = self.send_recv_transaction(req)
return rep
def get_pa_data(self, creds, rep, skew=0):
def get_enc_timestamp_pa_data(self, creds, rep, skew=0):
rep_padata = self.der_decode(
rep['e-data'],
asn1Spec=krb5_asn1.METHOD_DATA())
@ -107,8 +107,7 @@ class KdcTests(RawKerberosTest):
pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts)
padata = [pa_ts]
return padata
return pa_ts
def check_pre_authenication(self, rep):
""" Check that the kdc response was pre-authentication required
@ -160,8 +159,8 @@ class KdcTests(RawKerberosTest):
rep = self.as_req(creds, etype)
self.check_pre_authenication(rep)
padata = self.get_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=padata)
padata = self.get_enc_timestamp_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=[padata])
self.check_as_reply(rep)
etype = rep['enc-part']['etype']
@ -174,8 +173,8 @@ class KdcTests(RawKerberosTest):
rep = self.as_req(creds, etype)
self.check_pre_authenication(rep)
padata = self.get_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=padata)
padata = self.get_enc_timestamp_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=[padata])
self.check_as_reply(rep)
etype = rep['enc-part']['etype']
@ -188,8 +187,8 @@ class KdcTests(RawKerberosTest):
rep = self.as_req(creds, etype)
self.check_pre_authenication(rep)
padata = self.get_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=padata)
padata = self.get_enc_timestamp_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=[padata])
self.check_as_reply(rep)
etype = rep['enc-part']['etype']
@ -202,8 +201,8 @@ class KdcTests(RawKerberosTest):
rep = self.as_req(creds, etype)
self.check_pre_authenication(rep)
padata = self.get_pa_data(creds, rep, skew=3600)
rep = self.as_req(creds, etype, padata=padata)
padata = self.get_enc_timestamp_pa_data(creds, rep, skew=3600)
rep = self.as_req(creds, etype, padata=[padata])
self.check_error_rep(rep, KDC_ERR_SKEW)
@ -216,8 +215,8 @@ class KdcTests(RawKerberosTest):
rep = self.as_req(creds, etype)
self.check_pre_authenication(rep)
padata = self.get_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=padata)
padata = self.get_enc_timestamp_pa_data(creds, rep)
rep = self.as_req(creds, etype, padata=[padata])
self.check_error_rep(rep, KDC_ERR_PREAUTH_FAILED)

12
python/samba/tests/krb5/kdc_tgs_tests.py
View File

@ -66,9 +66,9 @@ class KdcTgsTests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a service ticket, but use a cname that does not match
@ -116,9 +116,9 @@ class KdcTgsTests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
enc_part2 = self.get_as_rep_enc_data(key, rep)
@ -157,9 +157,9 @@ class KdcTgsTests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account

40
python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
View File

@ -109,9 +109,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -168,9 +168,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(mc, rep)
padata = self.get_enc_timestamp_pa_data(mc, rep)
key = self.get_as_rep_key(mc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -230,9 +230,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -368,13 +368,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
# Note: although we used the alt security id for the pre-auth
# we need to use the username for the auth
cname = self.PrincipalName_create(
name_type=NT_PRINCIPAL, names=[user_name])
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -436,12 +436,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
# Use the alternate security identifier
# this should fail
cname = self.PrincipalName_create(
name_type=NT_PRINCIPAL, names=[alt_sec])
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
def test_enterprise_principal_step_1_3(self):
@ -475,9 +475,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -538,9 +538,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -602,9 +602,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(mc, rep)
padata = self.get_enc_timestamp_pa_data(mc, rep)
key = self.get_as_rep_key(mc, rep)
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -744,13 +744,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
key = self.get_as_rep_key(uc, rep)
# Note: although we used the alt security id for the pre-auth
# we need to use the username for the auth
cname = self.PrincipalName_create(
name_type=NT_ENTERPRISE_PRINCIPAL, names=[uname])
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_as_reply(rep)
# Request a ticket to the host service on the machine account
@ -813,12 +813,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.check_pre_authentication(rep)
# Do the next AS-REQ
padata = self.get_pa_data(uc, rep)
padata = self.get_enc_timestamp_pa_data(uc, rep)
# Use the alternate security identifier
# this should fail
cname = self.PrincipalName_create(
name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename])
rep = self.as_req(cname, sname, realm, etype, padata=padata)
rep = self.as_req(cname, sname, realm, etype, padata=[padata])
self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)