mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
python/samba/tests/krb5: Allow PkInitTests.test_pkinit_ntlm_from_pac_must_change_now to pass on Samba/Heimdal
This flexiblity in the tests avoids requiring Samba/Heimdal to omit an NTSTATUS error return and just be consistent between the different authentication paths. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jun 10 05:32:54 UTC 2024 on atb-devel-224
This commit is contained in:
parent
15686fec98
commit
469b22b849
@ -783,10 +783,16 @@ class PkInitTests(KDCBaseTest):
|
||||
|
||||
freshness_token = self.create_freshness_token()
|
||||
|
||||
# Windows does not send an NTSTATUS in this case for an
|
||||
# expired password against PKINIT, but will for ENC-TS,
|
||||
# However Samba on Heimdal is consistent between both, so we
|
||||
# must set expect_status=None to allow the test to pass
|
||||
# against both.
|
||||
self._pkinit_req(client_creds, krbtgt_creds,
|
||||
freshness_token=freshness_token,
|
||||
expect_error=KDC_ERR_KEY_EXPIRED,
|
||||
expect_edata=True
|
||||
expect_edata=True,
|
||||
expected_status=ntstatus.NT_STATUS_PASSWORD_MUST_CHANGE,
|
||||
)
|
||||
|
||||
# AS-REQ will not succeed, password is still expired
|
||||
@ -1683,6 +1689,7 @@ class PkInitTests(KDCBaseTest):
|
||||
certificate=None,
|
||||
expect_error=0,
|
||||
expect_edata=False,
|
||||
expected_status=None,
|
||||
using_pkinit=PkInit.PUBLIC_KEY,
|
||||
etypes=None,
|
||||
pk_nonce=None,
|
||||
@ -1954,6 +1961,7 @@ class PkInitTests(KDCBaseTest):
|
||||
using_pkinit=using_pkinit,
|
||||
pk_nonce=pk_nonce,
|
||||
expect_edata=expect_edata,
|
||||
expected_status=expected_status,
|
||||
expect_matching_nt_hash_in_pac=expect_matching_nt_hash_in_pac)
|
||||
|
||||
till = self.get_KerberosTime(offset=36000)
|
||||
|
@ -72,8 +72,6 @@
|
||||
# PK-INIT tests
|
||||
#
|
||||
^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_no_des3.ad_dc
|
||||
^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_ntlm_from_pac_must_change_now\(
|
||||
^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_ntlm_from_pac_must_change_now_rotate_disabled
|
||||
#
|
||||
# Windows 2000 PK-INIT tests
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user