sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

tests/krb5: Add more tests of the device belonging to certain groups

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-10-25 14:59:27 +13:00 committed by Andrew Bartlett
parent 2543bc0453
commit 49dca84731
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
python/samba/tests/krb5/conditional_ace_tests.py
View File

@ -3450,6 +3450,19 @@ class DeviceRestrictionTests(ConditionalAceBaseTests):
def test_device_in_authenticated_users(self):
self._check_device_in_group(security.SID_NT_AUTHENTICATED_USERS)
def test_device_in_aa_asserted_identity(self):
self._check_device_in_group(
security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY)
def test_device_in_service_asserted_identity(self):
self._check_device_not_in_group(security.SID_SERVICE_ASSERTED_IDENTITY)
def test_device_in_compounded_authentication(self):
self._check_device_not_in_group(security.SID_COMPOUNDED_AUTHENTICATION)
def test_device_in_claims_valid(self):
self._check_device_in_group(security.SID_CLAIMS_VALID)
def _check_device_in_group(self, group):
self._check_device_membership(group, expect_in_group=True)
@ -4444,6 +4457,19 @@ class TgsReqServicePolicyTests(ConditionalAceBaseTests):
def test_device_in_authenticated_users(self):
self._check_device_in_group(security.SID_NT_AUTHENTICATED_USERS)
def test_device_in_aa_asserted_identity(self):
self._check_device_in_group(
security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY)
def test_device_in_service_asserted_identity(self):
self._check_device_not_in_group(security.SID_SERVICE_ASSERTED_IDENTITY)
def test_device_in_compounded_authentication(self):
self._check_device_not_in_group(security.SID_COMPOUNDED_AUTHENTICATION)
def test_device_in_claims_valid(self):
self._check_device_in_group(security.SID_CLAIMS_VALID)
def _check_device_in_group(self, group):
self._check_device_membership(group, expect_in_group=True)

8
selftest/knownfail_mit_kdc
View File

@ -4064,8 +4064,12 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
#
# Conditional ACE device restrictions
#
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_aa_asserted_identity\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_authenticated_users\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_claims_valid\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_compounded_authentication\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_network_group\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_service_asserted_identity\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_device_in_world_group\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_pac_claims_invalid\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_pac_claims_not_present\(ad_dc\)
@ -4075,7 +4079,11 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_pac_resource_groups_present_to_service_no_sid_compression\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_pac_resource_groups_present_to_service_sid_compression\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.DeviceRestrictionTests.test_pac_well_known_groups_not_present\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_aa_asserted_identity\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_authenticated_users\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_claims_valid\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_compounded_authentication\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_network_group\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_service_asserted_identity\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_device_in_world_group\(ad_dc\)$
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.TgsReqServicePolicyTests.test_simple_as_req_client_and_target_policy\(ad_dc\)