mirror of
https://github.com/samba-team/samba.git
synced 2025-02-25 17:57:42 +03:00
tests/krb5: Add tests for the Protected Users group
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton
Stefan Metzmacher
parent
eba1a9d964
commit
3e0c94a345
@ -30,7 +30,12 @@ import ldb
|
||||
from ldb import SCOPE_BASE
|
||||
from samba import generate_random_password
|
||||
from samba.auth import system_session
|
||||
from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS
|
||||
from samba.credentials import (
|
||||
Credentials,
|
||||
SPECIFIED,
|
||||
DONT_USE_KERBEROS,
|
||||
MUST_USE_KERBEROS,
|
||||
)
|
||||
from samba.dcerpc import drsblobs, drsuapi, misc, krb5pac, krb5ccache, security
|
||||
from samba.drs_utils import drs_Replicate, drsuapi_connect
|
||||
from samba.dsdb import (
|
||||
@ -240,6 +245,28 @@ class KDCBaseTest(RawKerberosTest):
|
||||
|
||||
return default_enctypes
|
||||
|
||||
def create_group(self, samdb, name, ou=None):
|
||||
if ou is None:
|
||||
ou = samdb.get_wellknown_dn(samdb.get_default_basedn(),
|
||||
DS_GUID_USERS_CONTAINER)
|
||||
|
||||
dn = f'CN={name},{ou}'
|
||||
|
||||
# Remove the group if it exists; this will happen if a previous test
|
||||
# run failed.
|
||||
delete_force(samdb, dn)
|
||||
|
||||
# Save the group name so it can be deleted in tearDownClass.
|
||||
self.accounts.append(dn)
|
||||
|
||||
details = {
|
||||
'dn': dn,
|
||||
'objectClass': 'group'
|
||||
}
|
||||
samdb.add(details)
|
||||
|
||||
return dn
|
||||
|
||||
def create_account(self, samdb, name, account_type=AccountType.USER,
|
||||
spn=None, upn=None, additional_details=None,
|
||||
ou=None, account_control=0, add_dollar=True):
|
||||
@ -618,16 +645,28 @@ class KDCBaseTest(RawKerberosTest):
|
||||
creds.set_tgs_supported_enctypes(supported_enctypes)
|
||||
creds.set_ap_supported_enctypes(supported_enctypes)
|
||||
|
||||
def add_to_group(self, account_dn, group_dn, group_attr):
|
||||
def add_to_group(self, account_dn, group_dn, group_attr, expect_attr=True):
|
||||
samdb = self.get_samdb()
|
||||
|
||||
res = samdb.search(base=group_dn,
|
||||
scope=ldb.SCOPE_BASE,
|
||||
attrs=[group_attr])
|
||||
orig_msg = res[0]
|
||||
self.assertIn(group_attr, orig_msg)
|
||||
try:
|
||||
res = samdb.search(base=group_dn,
|
||||
scope=ldb.SCOPE_BASE,
|
||||
attrs=[group_attr])
|
||||
except ldb.LdbError as err:
|
||||
num, _ = err.args
|
||||
if num != ldb.ERR_NO_SUCH_OBJECT:
|
||||
raise
|
||||
|
||||
members = list(orig_msg[group_attr])
|
||||
self.fail(err)
|
||||
|
||||
orig_msg = res[0]
|
||||
members = orig_msg.get(group_attr)
|
||||
if expect_attr:
|
||||
self.assertIsNotNone(members)
|
||||
elif members is None:
|
||||
members = ()
|
||||
|
||||
members = list(members)
|
||||
members.append(account_dn)
|
||||
|
||||
msg = ldb.Message()
|
||||
@ -642,6 +681,32 @@ class KDCBaseTest(RawKerberosTest):
|
||||
|
||||
return cleanup
|
||||
|
||||
def remove_from_group(self, account_dn, group_dn):
|
||||
samdb = self.get_samdb()
|
||||
|
||||
res = samdb.search(base=group_dn,
|
||||
scope=ldb.SCOPE_BASE,
|
||||
attrs=['member'])
|
||||
orig_msg = res[0]
|
||||
self.assertIn('member', orig_msg)
|
||||
members = list(orig_msg['member'])
|
||||
|
||||
account_dn = str(account_dn).encode('utf-8')
|
||||
self.assertIn(account_dn, members)
|
||||
members.remove(account_dn)
|
||||
|
||||
msg = ldb.Message()
|
||||
msg.dn = group_dn
|
||||
msg['member'] = ldb.MessageElement(members,
|
||||
ldb.FLAG_MOD_REPLACE,
|
||||
'member')
|
||||
|
||||
cleanup = samdb.msg_diff(msg, orig_msg)
|
||||
self.ldb_cleanups.append(cleanup)
|
||||
samdb.modify(msg)
|
||||
|
||||
return cleanup
|
||||
|
||||
def get_cached_creds(self, *,
|
||||
account_type,
|
||||
opts=None,
|
||||
@ -655,6 +720,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
'add_dollar': True,
|
||||
'upn': None,
|
||||
'spn': None,
|
||||
'additional_details': None,
|
||||
'allowed_replication': False,
|
||||
'allowed_replication_mock': False,
|
||||
'denied_replication': False,
|
||||
@ -668,6 +734,9 @@ class KDCBaseTest(RawKerberosTest):
|
||||
'delegation_from_dn': None,
|
||||
'trusted_to_auth_for_delegation': False,
|
||||
'fast_support': False,
|
||||
'member_of': None,
|
||||
'kerberos_enabled': True,
|
||||
'secure_channel_type': None,
|
||||
'id': None
|
||||
}
|
||||
|
||||
@ -697,6 +766,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
add_dollar,
|
||||
upn,
|
||||
spn,
|
||||
additional_details,
|
||||
allowed_replication,
|
||||
allowed_replication_mock,
|
||||
denied_replication,
|
||||
@ -710,6 +780,9 @@ class KDCBaseTest(RawKerberosTest):
|
||||
delegation_from_dn,
|
||||
trusted_to_auth_for_delegation,
|
||||
fast_support,
|
||||
member_of,
|
||||
kerberos_enabled,
|
||||
secure_channel_type,
|
||||
id):
|
||||
if account_type is self.AccountType.USER:
|
||||
self.assertIsNone(spn)
|
||||
@ -735,7 +808,10 @@ class KDCBaseTest(RawKerberosTest):
|
||||
if no_auth_data_required:
|
||||
user_account_control |= UF_NO_AUTH_DATA_REQUIRED
|
||||
|
||||
details = {}
|
||||
if additional_details:
|
||||
details = {k: v for k, v in additional_details}
|
||||
else:
|
||||
details = {}
|
||||
|
||||
enctypes = supported_enctypes
|
||||
if fast_support:
|
||||
@ -834,6 +910,19 @@ class KDCBaseTest(RawKerberosTest):
|
||||
|
||||
self.add_to_group(dn, mock_rodc_dn, 'msDS-NeverRevealGroup')
|
||||
|
||||
if member_of is not None:
|
||||
for group_dn in member_of:
|
||||
self.add_to_group(dn, ldb.Dn(samdb, group_dn), 'member',
|
||||
expect_attr=False)
|
||||
|
||||
if kerberos_enabled:
|
||||
creds.set_kerberos_state(MUST_USE_KERBEROS)
|
||||
else:
|
||||
creds.set_kerberos_state(DONT_USE_KERBEROS)
|
||||
|
||||
if secure_channel_type is not None:
|
||||
creds.set_secure_channel_type(secure_channel_type)
|
||||
|
||||
return creds
|
||||
|
||||
def get_new_username(self):
|
||||
@ -1348,7 +1437,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
return rep, enc_part
|
||||
|
||||
def get_service_ticket(self, tgt, target_creds, service='host',
|
||||
target_name=None,
|
||||
target_name=None, till=None, rc4_support=True,
|
||||
to_rodc=False, kdc_options=None,
|
||||
expected_flags=None, unexpected_flags=None,
|
||||
pac_request=True, expect_pac=True, fresh=False):
|
||||
@ -1357,6 +1446,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
target_name = target_creds.get_username()[:-1]
|
||||
cache_key = (user_name, target_name, service, to_rodc, kdc_options,
|
||||
pac_request, str(expected_flags), str(unexpected_flags),
|
||||
till, rc4_support,
|
||||
expect_pac)
|
||||
|
||||
if not fresh:
|
||||
@ -1395,12 +1485,14 @@ class KDCBaseTest(RawKerberosTest):
|
||||
kdc_options=kdc_options,
|
||||
pac_request=pac_request,
|
||||
expect_pac=expect_pac,
|
||||
rc4_support=rc4_support,
|
||||
to_rodc=to_rodc)
|
||||
|
||||
rep = self._generic_kdc_exchange(kdc_exchange_dict,
|
||||
cname=None,
|
||||
realm=srealm,
|
||||
sname=sname,
|
||||
till_time=till,
|
||||
etypes=etype)
|
||||
self.check_tgs_reply(rep)
|
||||
|
||||
@ -1428,6 +1520,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
pac_request=True, expect_pac=True,
|
||||
expect_pac_attrs=None, expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=None,
|
||||
rc4_support=True,
|
||||
fresh=False):
|
||||
if client_account is not None:
|
||||
user_name = client_account
|
||||
@ -1439,6 +1532,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
str(expected_flags), str(unexpected_flags),
|
||||
expected_account_name, expected_upn_name, expected_sid,
|
||||
str(expected_cname),
|
||||
rc4_support,
|
||||
expect_pac, expect_pac_attrs,
|
||||
expect_pac_attrs_pac_request, expect_requester_sid)
|
||||
|
||||
@ -1510,6 +1604,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
expect_pac_attrs=expect_pac_attrs,
|
||||
expect_pac_attrs_pac_request=expect_pac_attrs_pac_request,
|
||||
expect_requester_sid=expect_requester_sid,
|
||||
rc4_support=rc4_support,
|
||||
to_rodc=to_rodc)
|
||||
self.check_pre_authentication(rep)
|
||||
|
||||
@ -1519,7 +1614,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
etype_info2[0],
|
||||
creds.get_kvno())
|
||||
|
||||
ts_enc_padata = self.get_enc_timestamp_pa_data(creds, rep)
|
||||
ts_enc_padata = self.get_enc_timestamp_pa_data_from_key(preauth_key)
|
||||
|
||||
padata = [ts_enc_padata]
|
||||
|
||||
@ -1557,6 +1652,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
expect_pac_attrs=expect_pac_attrs,
|
||||
expect_pac_attrs_pac_request=expect_pac_attrs_pac_request,
|
||||
expect_requester_sid=expect_requester_sid,
|
||||
rc4_support=rc4_support,
|
||||
to_rodc=to_rodc)
|
||||
self.check_as_reply(rep)
|
||||
|
||||
|
||||
1195
python/samba/tests/krb5/protected_users_tests.py
Executable file
1195
python/samba/tests/krb5/protected_users_tests.py
Executable file
File diff suppressed because it is too large
Load Diff
@ -1214,18 +1214,28 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
|
||||
def PasswordKey_from_etype_info2(self, creds, etype_info2, kvno=None):
|
||||
e = etype_info2['etype']
|
||||
|
||||
salt = etype_info2.get('salt')
|
||||
|
||||
if e == kcrypto.Enctype.RC4:
|
||||
nthash = creds.get_nt_hash()
|
||||
return self.SessionKey_create(etype=e, contents=nthash, kvno=kvno)
|
||||
|
||||
params = etype_info2.get('s2kparams')
|
||||
return self.PasswordKey_from_etype(creds, e,
|
||||
kvno=kvno,
|
||||
salt=salt,
|
||||
params=params)
|
||||
|
||||
password = creds.get_password()
|
||||
def PasswordKey_from_creds(self, creds, etype):
|
||||
kvno = creds.get_kvno()
|
||||
salt = creds.get_salt()
|
||||
return self.PasswordKey_from_etype(creds, etype,
|
||||
kvno=kvno,
|
||||
salt=salt)
|
||||
|
||||
def PasswordKey_from_etype(self, creds, etype, kvno=None, salt=None, params=None):
|
||||
if etype == kcrypto.Enctype.RC4:
|
||||
nthash = creds.get_nt_hash()
|
||||
return self.SessionKey_create(etype=etype, contents=nthash, kvno=kvno)
|
||||
|
||||
password = creds.get_password().encode('utf-8')
|
||||
return self.PasswordKey_create(
|
||||
etype=e, pwd=password, salt=salt, kvno=kvno, params=params)
|
||||
etype=etype, pwd=password, salt=salt, kvno=kvno)
|
||||
|
||||
def TicketDecryptionKey_from_creds(self, creds, etype=None):
|
||||
|
||||
@ -2076,6 +2086,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expect_pac_attrs=None,
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=None,
|
||||
rc4_support=True,
|
||||
to_rodc=False):
|
||||
if expected_error_mode == 0:
|
||||
expected_error_mode = ()
|
||||
@ -2135,6 +2146,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'expect_pac_attrs': expect_pac_attrs,
|
||||
'expect_pac_attrs_pac_request': expect_pac_attrs_pac_request,
|
||||
'expect_requester_sid': expect_requester_sid,
|
||||
'rc4_support': rc4_support,
|
||||
'to_rodc': to_rodc
|
||||
}
|
||||
if callback_dict is None:
|
||||
@ -2191,6 +2203,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expect_requester_sid=None,
|
||||
expected_proxy_target=None,
|
||||
expected_transited_services=None,
|
||||
rc4_support=True,
|
||||
to_rodc=False):
|
||||
if expected_error_mode == 0:
|
||||
expected_error_mode = ()
|
||||
@ -2251,6 +2264,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'expect_requester_sid': expect_requester_sid,
|
||||
'expected_proxy_target': expected_proxy_target,
|
||||
'expected_transited_services': expected_transited_services,
|
||||
'rc4_support': rc4_support,
|
||||
'to_rodc': to_rodc
|
||||
}
|
||||
if callback_dict is None:
|
||||
@ -3042,6 +3056,8 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
if rep_msg_type == KRB_TGS_REP:
|
||||
self.assertTrue(sent_fast)
|
||||
|
||||
rc4_support = kdc_exchange_dict['rc4_support']
|
||||
|
||||
expect_etype_info2 = ()
|
||||
expect_etype_info = False
|
||||
expected_aes_type = 0
|
||||
@ -3056,7 +3072,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
if etype > expected_aes_type:
|
||||
expected_aes_type = etype
|
||||
if etype in (kcrypto.Enctype.RC4,) and error_code != 0:
|
||||
if etype > expected_rc4_type:
|
||||
if etype > expected_rc4_type and rc4_support:
|
||||
expected_rc4_type = etype
|
||||
|
||||
if expected_aes_type != 0:
|
||||
@ -3076,7 +3092,8 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_patypes += (PADATA_PAC_OPTIONS,)
|
||||
elif error_code != KDC_ERR_GENERIC:
|
||||
if expect_etype_info:
|
||||
self.assertGreater(len(expect_etype_info2), 0)
|
||||
if rc4_support:
|
||||
self.assertGreater(len(expect_etype_info2), 0)
|
||||
expected_patypes += (PADATA_ETYPE_INFO,)
|
||||
if len(expect_etype_info2) != 0:
|
||||
expected_patypes += (PADATA_ETYPE_INFO2,)
|
||||
@ -3229,7 +3246,8 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
self.assertEqual(len(etype_info), 1)
|
||||
e = self.getElementValue(etype_info[0], 'etype')
|
||||
self.assertEqual(e, kcrypto.Enctype.RC4)
|
||||
self.assertEqual(e, expect_etype_info2[0])
|
||||
if rc4_support:
|
||||
self.assertEqual(e, expect_etype_info2[0])
|
||||
salt = self.getElementValue(etype_info[0], 'salt')
|
||||
if self.strict_checking:
|
||||
self.assertIsNotNone(salt)
|
||||
@ -3919,6 +3937,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
etypes,
|
||||
padata,
|
||||
kdc_options,
|
||||
renew_time=None,
|
||||
expected_account_name=None,
|
||||
expected_upn_name=None,
|
||||
expected_sid=None,
|
||||
@ -3934,6 +3953,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=None,
|
||||
expect_edata=None,
|
||||
rc4_support=True,
|
||||
to_rodc=False):
|
||||
|
||||
def _generate_padata_copy(_kdc_exchange_dict,
|
||||
@ -3981,6 +4001,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expect_pac_attrs_pac_request=expect_pac_attrs_pac_request,
|
||||
expect_requester_sid=expect_requester_sid,
|
||||
expect_edata=expect_edata,
|
||||
rc4_support=rc4_support,
|
||||
to_rodc=to_rodc)
|
||||
|
||||
rep = self._generic_kdc_exchange(kdc_exchange_dict,
|
||||
@ -3988,6 +4009,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
realm=realm,
|
||||
sname=sname,
|
||||
till_time=till,
|
||||
renew_time=renew_time,
|
||||
etypes=etypes)
|
||||
|
||||
return rep, kdc_exchange_dict
|
||||
|
||||
@ -110,6 +110,7 @@ EXCLUDE_USAGE = {
|
||||
'python/samba/tests/krb5/test_min_domain_uid.py',
|
||||
'python/samba/tests/krb5/test_idmap_nss.py',
|
||||
'python/samba/tests/krb5/pac_align_tests.py',
|
||||
'python/samba/tests/krb5/protected_users_tests.py',
|
||||
}
|
||||
|
||||
EXCLUDE_HELP = {
|
||||
|
||||
@ -47,3 +47,46 @@
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_not_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_revealed
|
||||
#
|
||||
# Protected Users tests
|
||||
#
|
||||
# This test fails, which is fine, as we have an alternate test that considers a policy error as successful.
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_as_protected.ad_dc
|
||||
#
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes128_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes128_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes128_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes256_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes256_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes256_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des3_cbc_md5_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des3_cbc_sha1_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des_cbc_crc_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des_cbc_md5_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_forwardable_as_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_forwardable_tgs_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ntlm_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ntlm_protected_nested.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_protected_nt_hash.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_as_protected_policy_error.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_tgs_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes128_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes128_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes256_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes256_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samlogon_interactive_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samlogon_network_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samr_change_password_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_service_rc4_only_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_tgt_lifetime_longer_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_tgt_lifetime_shorter_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ticket_lifetime_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes256_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes256_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_protected_nested.ad_dc
|
||||
|
||||
@ -423,4 +423,49 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_nonexisting
|
||||
#
|
||||
# Protected Users tests
|
||||
#
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes128_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes128_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes128_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes256_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes256_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_aes256_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des3_cbc_md5_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des3_cbc_sha1_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des_cbc_crc_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_des_cbc_md5_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_forwardable_as_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_forwardable_tgs_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ntlm_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ntlm_protected_nested.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_protected_nt_hash.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_as_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_as_protected_policy_error.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_proxiable_tgs_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes128_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes128_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes256_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_aes256_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samlogon_interactive_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samlogon_network_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_samr_change_password_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_service_rc4_only_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_tgt_lifetime_longer_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_tgt_lifetime_shorter_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ticket_lifetime_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_mac_not_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_not_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes128_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes256_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_aes256_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_mac_not_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_mac_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_not_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_protected.ad_dc
|
||||
^samba.tests.krb5.protected_users_tests.samba.tests.krb5.protected_users_tests.ProtectedUsersTests.test_ts_rc4_protected_nested.ad_dc
|
||||
|
||||
@ -1666,6 +1666,10 @@ planoldpythontestsuite(
|
||||
'ad_dc',
|
||||
'samba.tests.krb5.pac_align_tests',
|
||||
environ=krb5_environ)
|
||||
planoldpythontestsuite(
|
||||
'ad_dc:local',
|
||||
'samba.tests.krb5.protected_users_tests',
|
||||
environ=krb5_environ)
|
||||
|
||||
for env in [
|
||||
'vampire_dc',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user