sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

tests/krb5: Expect a status code with policy errors

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-10-17 14:03:33 +13:00 committed by Andrew Bartlett
parent b5b8b16a50
commit 52ea480543
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
python/samba/tests/krb5/conditional_ace_tests.py
View File

@ -2404,6 +2404,9 @@ class ConditionalAceTests(ConditionalAceBaseTests):
client_sids=client_sids,
expected_groups=client_sids,
code=KDC_ERR_POLICY,
status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
reason=AuditReason.ACCESS_DENIED,
edata=self.expect_padata_outer)
def test_tgs_without_aa_asserted_identity_device_from_rodc(self):
@ -2507,6 +2510,9 @@ class ConditionalAceTests(ConditionalAceBaseTests):
client_sids=client_sids,
expected_groups=client_sids,
code=KDC_ERR_POLICY,
status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
reason=AuditReason.ACCESS_DENIED,
edata=self.expect_padata_outer)
def test_tgs_without_service_asserted_identity_device_from_rodc(self):
@ -2610,6 +2616,9 @@ class ConditionalAceTests(ConditionalAceBaseTests):
client_sids=client_sids,
expected_groups=client_sids,
code=KDC_ERR_POLICY,
status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
reason=AuditReason.ACCESS_DENIED,
edata=self.expect_padata_outer)
def test_tgs_without_claims_valid_device_from_rodc(self):

2
selftest/knownfail_heimdal_kdc
View File

@ -150,10 +150,8 @@
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_aa_asserted_identity_client_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_aa_asserted_identity_device_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_claims_valid_both_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_claims_valid_client_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_claims_valid_device_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_service_asserted_identity_both_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_service_asserted_identity_client_from_rodc\(ad_dc\)
^samba.tests.krb5.conditional_ace_tests.samba.tests.krb5.conditional_ace_tests.ConditionalAceTests.test_tgs_without_service_asserted_identity_device_from_rodc\(ad_dc\)
#
# Conditional ACE device restrictions