sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

tests/krb5: Add tests for TGS requests with a non-TGT

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2021-11-24 12:10:45 +13:00 committed by Andrew Bartlett
parent 7574ba9f58
commit 778029c1dc
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
python/samba/tests/krb5/kdc_tgs_tests.py
View File

@ -40,6 +40,7 @@ from samba.tests.krb5.rfc4120_constants import (
KDC_ERR_BADMATCH, KDC_ERR_BADMATCH,
KDC_ERR_GENERIC, KDC_ERR_GENERIC,
KDC_ERR_MODIFIED, KDC_ERR_MODIFIED,
KDC_ERR_NOT_US,
KDC_ERR_POLICY, KDC_ERR_POLICY,
KDC_ERR_C_PRINCIPAL_UNKNOWN, KDC_ERR_C_PRINCIPAL_UNKNOWN,
KDC_ERR_S_PRINCIPAL_UNKNOWN, KDC_ERR_S_PRINCIPAL_UNKNOWN,
@ -1234,6 +1235,56 @@ class KdcTgsTests(KDCBaseTest):
expected_error=(KDC_ERR_GENERIC, expected_error=(KDC_ERR_GENERIC,
KDC_ERR_S_PRINCIPAL_UNKNOWN)) KDC_ERR_S_PRINCIPAL_UNKNOWN))
def test_tgs_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
service_creds = self.get_service_creds()
service_ticket = self.get_service_ticket(tgt, service_creds)
self._run_tgs(service_ticket,
expected_error=(KDC_ERR_NOT_US, KDC_ERR_POLICY))
def test_renew_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
service_creds = self.get_service_creds()
service_ticket = self.get_service_ticket(tgt, service_creds)
service_ticket = self.modified_ticket(
service_ticket,
modify_fn=self._modify_renewable,
checksum_keys=self.get_krbtgt_checksum_key())
self._renew_tgt(service_ticket,
expected_error=KDC_ERR_POLICY)
def test_validate_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
service_creds = self.get_service_creds()
service_ticket = self.get_service_ticket(tgt, service_creds)
service_ticket = self.modified_ticket(
service_ticket,
modify_fn=self._modify_invalid,
checksum_keys=self.get_krbtgt_checksum_key())
self._validate_tgt(service_ticket,
expected_error=KDC_ERR_POLICY)
def test_s4u2self_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
service_creds = self.get_service_creds()
service_ticket = self.get_service_ticket(tgt, service_creds)
self._s4u2self(service_ticket, creds,
expected_error=(KDC_ERR_NOT_US, KDC_ERR_POLICY))
def test_user2user_service_ticket(self): def test_user2user_service_ticket(self):
creds = self._get_creds() creds = self._get_creds()
tgt = self._get_tgt(creds) tgt = self._get_tgt(creds)

2
selftest/knownfail_mit_kdc
View File

@ -381,6 +381,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_service_ticket
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_nonexisting
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac
@ -442,6 +443,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_revealed ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_revealed
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_service_ticket
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_nonexisting
# #