1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

python/samba/tests/krb5: Allow PkInitTests.test_pkinit_ntlm_from_pac_must_change_now to pass on Samba/Heimdal

This flexiblity in the tests avoids requiring Samba/Heimdal to omit an NTSTATUS error
return and just be consistent between the different authentication paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 10 05:32:54 UTC 2024 on atb-devel-224
This commit is contained in:
Andrew Bartlett 2024-06-04 13:26:18 +12:00
parent 15686fec98
commit 469b22b849
2 changed files with 9 additions and 3 deletions

View File

@ -783,10 +783,16 @@ class PkInitTests(KDCBaseTest):
freshness_token = self.create_freshness_token()
# Windows does not send an NTSTATUS in this case for an
# expired password against PKINIT, but will for ENC-TS,
# However Samba on Heimdal is consistent between both, so we
# must set expect_status=None to allow the test to pass
# against both.
self._pkinit_req(client_creds, krbtgt_creds,
freshness_token=freshness_token,
expect_error=KDC_ERR_KEY_EXPIRED,
expect_edata=True
expect_edata=True,
expected_status=ntstatus.NT_STATUS_PASSWORD_MUST_CHANGE,
)
# AS-REQ will not succeed, password is still expired
@ -1683,6 +1689,7 @@ class PkInitTests(KDCBaseTest):
certificate=None,
expect_error=0,
expect_edata=False,
expected_status=None,
using_pkinit=PkInit.PUBLIC_KEY,
etypes=None,
pk_nonce=None,
@ -1954,6 +1961,7 @@ class PkInitTests(KDCBaseTest):
using_pkinit=using_pkinit,
pk_nonce=pk_nonce,
expect_edata=expect_edata,
expected_status=expected_status,
expect_matching_nt_hash_in_pac=expect_matching_nt_hash_in_pac)
till = self.get_KerberosTime(offset=36000)

View File

@ -72,8 +72,6 @@
# PK-INIT tests
#
^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_no_des3.ad_dc
^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_ntlm_from_pac_must_change_now\(
^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_ntlm_from_pac_must_change_now_rotate_disabled
#
# Windows 2000 PK-INIT tests
#