mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
tests/krb5: Add AS-REQ PAC tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
f94bdb41fc
commit
775bfc7250
@ -113,6 +113,84 @@ class FAST_Tests(KDCBaseTest):
|
|||||||
}
|
}
|
||||||
], client_account=self.AccountType.COMPUTER)
|
], client_account=self.AccountType.COMPUTER)
|
||||||
|
|
||||||
|
def test_simple_as_req_self_no_auth_data(self):
|
||||||
|
self._run_test_sequence(
|
||||||
|
[
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
|
||||||
|
'use_fast': False,
|
||||||
|
'as_req_self': True
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': 0,
|
||||||
|
'use_fast': False,
|
||||||
|
'gen_padata_fn': self.generate_enc_timestamp_padata,
|
||||||
|
'as_req_self': True,
|
||||||
|
'expect_pac': True
|
||||||
|
}
|
||||||
|
],
|
||||||
|
client_account=self.AccountType.COMPUTER,
|
||||||
|
client_opts={'no_auth_data_required': True})
|
||||||
|
|
||||||
|
def test_simple_as_req_self_pac_request_false(self):
|
||||||
|
self._run_test_sequence([
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
|
||||||
|
'use_fast': False,
|
||||||
|
'as_req_self': True
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': 0,
|
||||||
|
'use_fast': False,
|
||||||
|
'gen_padata_fn': self.generate_enc_timestamp_padata,
|
||||||
|
'as_req_self': True,
|
||||||
|
'pac_request': False,
|
||||||
|
'expect_pac': False
|
||||||
|
}
|
||||||
|
], client_account=self.AccountType.COMPUTER)
|
||||||
|
|
||||||
|
def test_simple_as_req_self_pac_request_none(self):
|
||||||
|
self._run_test_sequence([
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
|
||||||
|
'use_fast': False,
|
||||||
|
'as_req_self': True
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': 0,
|
||||||
|
'use_fast': False,
|
||||||
|
'gen_padata_fn': self.generate_enc_timestamp_padata,
|
||||||
|
'as_req_self': True,
|
||||||
|
'pac_request': None,
|
||||||
|
'expect_pac': True
|
||||||
|
}
|
||||||
|
], client_account=self.AccountType.COMPUTER)
|
||||||
|
|
||||||
|
def test_simple_as_req_self_pac_request_true(self):
|
||||||
|
self._run_test_sequence([
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
|
||||||
|
'use_fast': False,
|
||||||
|
'as_req_self': True
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'rep_type': KRB_AS_REP,
|
||||||
|
'expected_error_mode': 0,
|
||||||
|
'use_fast': False,
|
||||||
|
'gen_padata_fn': self.generate_enc_timestamp_padata,
|
||||||
|
'as_req_self': True,
|
||||||
|
'pac_request': True,
|
||||||
|
'expect_pac': True
|
||||||
|
}
|
||||||
|
], client_account=self.AccountType.COMPUTER)
|
||||||
|
|
||||||
def test_simple_tgs(self):
|
def test_simple_tgs(self):
|
||||||
self._run_test_sequence([
|
self._run_test_sequence([
|
||||||
{
|
{
|
||||||
@ -1381,14 +1459,16 @@ class FAST_Tests(KDCBaseTest):
|
|||||||
return fast_padata
|
return fast_padata
|
||||||
|
|
||||||
def _run_test_sequence(self, test_sequence,
|
def _run_test_sequence(self, test_sequence,
|
||||||
client_account=KDCBaseTest.AccountType.USER):
|
client_account=KDCBaseTest.AccountType.USER,
|
||||||
|
client_opts=None):
|
||||||
if self.strict_checking:
|
if self.strict_checking:
|
||||||
self.check_kdc_fast_support()
|
self.check_kdc_fast_support()
|
||||||
|
|
||||||
kdc_options_default = str(krb5_asn1.KDCOptions('forwardable,'
|
kdc_options_default = str(krb5_asn1.KDCOptions('forwardable,'
|
||||||
'canonicalize'))
|
'canonicalize'))
|
||||||
|
|
||||||
client_creds = self.get_cached_creds(account_type=client_account)
|
client_creds = self.get_cached_creds(account_type=client_account,
|
||||||
|
opts=client_opts)
|
||||||
target_creds = self.get_service_creds()
|
target_creds = self.get_service_creds()
|
||||||
krbtgt_creds = self.get_krbtgt_creds()
|
krbtgt_creds = self.get_krbtgt_creds()
|
||||||
|
|
||||||
@ -1564,6 +1644,9 @@ class FAST_Tests(KDCBaseTest):
|
|||||||
padata):
|
padata):
|
||||||
return list(padata), req_body
|
return list(padata), req_body
|
||||||
|
|
||||||
|
pac_request = kdc_dict.pop('pac_request', None)
|
||||||
|
expect_pac = kdc_dict.pop('expect_pac', True)
|
||||||
|
|
||||||
pac_options = kdc_dict.pop('pac_options', '1') # claims support
|
pac_options = kdc_dict.pop('pac_options', '1') # claims support
|
||||||
|
|
||||||
kdc_options = kdc_dict.pop('kdc_options', kdc_options_default)
|
kdc_options = kdc_dict.pop('kdc_options', kdc_options_default)
|
||||||
@ -1666,7 +1749,8 @@ class FAST_Tests(KDCBaseTest):
|
|||||||
kdc_options=kdc_options,
|
kdc_options=kdc_options,
|
||||||
inner_req=inner_req,
|
inner_req=inner_req,
|
||||||
outer_req=outer_req,
|
outer_req=outer_req,
|
||||||
pac_request=True,
|
expect_pac=expect_pac,
|
||||||
|
pac_request=pac_request,
|
||||||
pac_options=pac_options,
|
pac_options=pac_options,
|
||||||
fast_ap_options=fast_ap_options,
|
fast_ap_options=fast_ap_options,
|
||||||
strict_edata_checking=strict_edata_checking,
|
strict_edata_checking=strict_edata_checking,
|
||||||
@ -1702,7 +1786,8 @@ class FAST_Tests(KDCBaseTest):
|
|||||||
kdc_options=kdc_options,
|
kdc_options=kdc_options,
|
||||||
inner_req=inner_req,
|
inner_req=inner_req,
|
||||||
outer_req=outer_req,
|
outer_req=outer_req,
|
||||||
pac_request=None,
|
expect_pac=expect_pac,
|
||||||
|
pac_request=pac_request,
|
||||||
pac_options=pac_options,
|
pac_options=pac_options,
|
||||||
fast_ap_options=fast_ap_options,
|
fast_ap_options=fast_ap_options,
|
||||||
strict_edata_checking=strict_edata_checking,
|
strict_edata_checking=strict_edata_checking,
|
||||||
@ -1724,6 +1809,14 @@ class FAST_Tests(KDCBaseTest):
|
|||||||
|
|
||||||
fast_cookie = None
|
fast_cookie = None
|
||||||
preauth_etype_info2 = None
|
preauth_etype_info2 = None
|
||||||
|
|
||||||
|
# Check whether the ticket contains a PAC.
|
||||||
|
ticket = kdc_exchange_dict['rep_ticket_creds']
|
||||||
|
pac = self.get_ticket_pac(ticket, expect_pac=expect_pac)
|
||||||
|
if expect_pac:
|
||||||
|
self.assertIsNotNone(pac)
|
||||||
|
else:
|
||||||
|
self.assertIsNone(pac)
|
||||||
else:
|
else:
|
||||||
self.check_error_rep(rep, expected_error_mode)
|
self.check_error_rep(rep, expected_error_mode)
|
||||||
|
|
||||||
|
@ -52,6 +52,7 @@
|
|||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_realm.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_realm.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_till.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_till.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_unknown_critical_option.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_unknown_critical_option.ad_dc
|
||||||
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_false
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_enc_pa_rep.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_enc_pa_rep.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_unarmored_as_req.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_unarmored_as_req.ad_dc
|
||||||
|
@ -353,6 +353,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
|||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor_session_key.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor_session_key.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_enc_pa_rep.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_enc_pa_rep.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_sname.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_sname.ad_dc
|
||||||
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_no_auth_data.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_no_sname.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_no_sname.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc
|
||||||
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc
|
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc
|
||||||
|
Loading…
Reference in New Issue
Block a user