mirror of
https://github.com/samba-team/samba.git
synced 2025-03-11 16:58:40 +03:00
python:tests: Add support for expected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andreas Schneider
Andreas Schneider
parent
fc8a29435e
commit
61b2231915
@ -2049,6 +2049,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_srealm=None,
|
||||
expected_sname=None,
|
||||
expected_account_name=None,
|
||||
expected_groups=None,
|
||||
expected_upn_name=None,
|
||||
expected_sid=None,
|
||||
expected_supported_etypes=None,
|
||||
@ -2109,6 +2110,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'expected_srealm': expected_srealm,
|
||||
'expected_sname': expected_sname,
|
||||
'expected_account_name': expected_account_name,
|
||||
'expected_groups': expected_groups,
|
||||
'expected_upn_name': expected_upn_name,
|
||||
'expected_sid': expected_sid,
|
||||
'expected_supported_etypes': expected_supported_etypes,
|
||||
@ -2165,6 +2167,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_srealm=None,
|
||||
expected_sname=None,
|
||||
expected_account_name=None,
|
||||
expected_groups=None,
|
||||
expected_upn_name=None,
|
||||
expected_sid=None,
|
||||
expected_supported_etypes=None,
|
||||
@ -2226,6 +2229,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'expected_srealm': expected_srealm,
|
||||
'expected_sname': expected_sname,
|
||||
'expected_account_name': expected_account_name,
|
||||
'expected_groups': expected_groups,
|
||||
'expected_upn_name': expected_upn_name,
|
||||
'expected_sid': expected_sid,
|
||||
'expected_supported_etypes': expected_supported_etypes,
|
||||
@ -2800,6 +2804,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
require_strict=require_strict)
|
||||
|
||||
expected_account_name = kdc_exchange_dict['expected_account_name']
|
||||
expected_groups = kdc_exchange_dict['expected_groups']
|
||||
expected_sid = kdc_exchange_dict['expected_sid']
|
||||
|
||||
expect_upn_dns_info_ex = kdc_exchange_dict['expect_upn_dns_info_ex']
|
||||
@ -2832,7 +2837,8 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
self.assertEqual(account_name, pac_buffer.info.account_name)
|
||||
|
||||
elif pac_buffer.type == krb5pac.PAC_TYPE_LOGON_INFO:
|
||||
logon_info = pac_buffer.info.info.info3.base
|
||||
info3 = pac_buffer.info.info.info3
|
||||
logon_info = info3.base
|
||||
|
||||
if expected_account_name is not None:
|
||||
self.assertEqual(expected_account_name,
|
||||
@ -2842,6 +2848,20 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_rid = int(expected_sid.rsplit('-', 1)[1])
|
||||
self.assertEqual(expected_rid, logon_info.rid)
|
||||
|
||||
if expected_groups is not None:
|
||||
self.assertIsNotNone(info3.sids)
|
||||
got_sids = {str(sid_attr.sid) for sid_attr in info3.sids}
|
||||
self.assertEqual(info3.sidcount,
|
||||
len(got_sids),
|
||||
'Found duplicate SIDs')
|
||||
|
||||
match_count = 0
|
||||
for g in expected_groups:
|
||||
for sid_attr in info3.sids:
|
||||
if g == str(sid_attr.sid):
|
||||
match_count += 1
|
||||
self.assertEqual(match_count, len(expected_groups))
|
||||
|
||||
elif pac_buffer.type == krb5pac.PAC_TYPE_UPN_DNS_INFO:
|
||||
upn_dns_info = pac_buffer.info
|
||||
upn_dns_info_ex = upn_dns_info.ex
|
||||
@ -3943,6 +3963,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
kdc_options,
|
||||
renew_time=None,
|
||||
expected_account_name=None,
|
||||
expected_groups=None,
|
||||
expected_upn_name=None,
|
||||
expected_sid=None,
|
||||
expected_flags=None,
|
||||
@ -3983,6 +4004,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expected_srealm=expected_srealm,
|
||||
expected_sname=expected_sname,
|
||||
expected_account_name=expected_account_name,
|
||||
expected_groups=expected_groups,
|
||||
expected_upn_name=expected_upn_name,
|
||||
expected_sid=expected_sid,
|
||||
expected_supported_etypes=expected_supported_etypes,
|
||||
|
||||
@ -283,6 +283,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
ARCFOUR_HMAC_MD5))
|
||||
|
||||
expect_edata = kdc_dict.pop('expect_edata', None)
|
||||
expected_groups = kdc_dict.pop('expected_groups', None)
|
||||
|
||||
def generate_s4u2self_padata(_kdc_exchange_dict,
|
||||
_callback_dict,
|
||||
@ -301,6 +302,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
expected_srealm=realm,
|
||||
expected_sname=service_sname,
|
||||
expected_account_name=client_name,
|
||||
expected_groups=expected_groups,
|
||||
expected_sid=sid,
|
||||
expected_flags=expected_flags,
|
||||
unexpected_flags=unexpected_flags,
|
||||
@ -570,6 +572,8 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
account_type=self.AccountType.COMPUTER,
|
||||
opts=service1_opts)
|
||||
|
||||
expected_groups = kdc_dict.pop('expected_groups', None)
|
||||
|
||||
client_tkt_options = kdc_dict.pop('client_tkt_options', 'forwardable')
|
||||
expected_flags = krb5_asn1.TicketFlags(client_tkt_options)
|
||||
|
||||
@ -654,6 +658,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
expected_srealm=service2_realm,
|
||||
expected_sname=service2_sname,
|
||||
expected_account_name=client_username,
|
||||
expected_groups=expected_groups,
|
||||
expected_sid=sid,
|
||||
expected_supported_etypes=service2_etypes,
|
||||
ticket_decryption_key=service2_decryption_key,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user