sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-28 09:49:30 +03:00
Code Activity

tests/krb5: Add tests for renewal and validation of RODC TGTs with PAC requests

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 73a4806346)
This commit is contained in:
Joseph Sutton
2021-11-25 10:32:44 +13:00
committed by Jule Anger
parent 93a5264dd6
commit 4cd44326ce
3 changed files with 102 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
python/samba/tests/krb5/kdc_tgs_tests.py
View File

@ -1867,6 +1867,51 @@ class KdcTgsTests(KDCBaseTest):
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_rodc_renew_pac_request_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None)
tgt = self._modify_tgt(tgt, renewable=True, from_rodc=True)
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
expect_pac_attrs=False,
expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_rodc_renew_pac_request_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
tgt = self._modify_tgt(tgt, renewable=True, from_rodc=True)
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
expect_pac_attrs=False,
expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_rodc_renew_pac_request_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True)
tgt = self._modify_tgt(tgt, renewable=True, from_rodc=True)
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
expect_pac_attrs=False,
expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_validate_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
@ -1912,6 +1957,51 @@ class KdcTgsTests(KDCBaseTest):
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_rodc_validate_pac_request_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None)
tgt = self._modify_tgt(tgt, invalid=True, from_rodc=True)
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
expect_pac_attrs=False,
expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_rodc_validate_pac_request_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
tgt = self._modify_tgt(tgt, invalid=True, from_rodc=True)
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
expect_pac_attrs=False,
expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_rodc_validate_pac_request_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True)
tgt = self._modify_tgt(tgt, invalid=True, from_rodc=True)
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
expect_pac_attrs=False,
expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_s4u2self_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)

6
selftest/knownfail_heimdal_kdc
View File

@ -278,6 +278,12 @@
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_none
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_true
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_false
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_none
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_true
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_false
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_none
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_true
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_false
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_none
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_true

6
selftest/knownfail_mit_kdc
View File

@ -422,6 +422,12 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_service_ticket
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_false
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_none
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_renew_pac_request_true
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_false
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_none
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_true
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_no_pac
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_req