1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

tests/krb5: Allow specifying ticket flags expected to be set or reset

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
This commit is contained in:
Joseph Sutton 2021-09-01 19:13:11 +12:00 committed by Andrew Bartlett
parent 571265257f
commit 85ddfc1afc
2 changed files with 49 additions and 2 deletions

View File

@ -1352,6 +1352,13 @@ class FAST_Tests(KDCBaseTest):
inner_req = kdc_dict.pop('inner_req', None)
outer_req = kdc_dict.pop('outer_req', None)
expected_flags = kdc_dict.pop('expected_flags', None)
if expected_flags is not None:
expected_flags = krb5_asn1.KDCOptions(expected_flags)
unexpected_flags = kdc_dict.pop('unexpected_flags', None)
if unexpected_flags is not None:
unexpected_flags = krb5_asn1.KDCOptions(unexpected_flags)
if rep_type == KRB_AS_REP:
kdc_exchange_dict = self.as_exchange_dict(
expected_crealm=expected_crealm,
@ -1359,6 +1366,8 @@ class FAST_Tests(KDCBaseTest):
expected_anon=expected_anon,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
expected_flags=expected_flags,
unexpected_flags=unexpected_flags,
ticket_decryption_key=krbtgt_decryption_key,
generate_fast_fn=generate_fast_fn,
generate_fast_armor_fn=generate_fast_armor_fn,
@ -1390,6 +1399,8 @@ class FAST_Tests(KDCBaseTest):
expected_anon=expected_anon,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
expected_flags=expected_flags,
unexpected_flags=unexpected_flags,
ticket_decryption_key=target_decryption_key,
generate_fast_fn=generate_fast_fn,
generate_fast_armor_fn=generate_fast_armor_fn,

View File

@ -896,6 +896,24 @@ class RawKerberosTest(TestCaseInTempDir):
else:
self.assertIsNone(v)
def assertElementFlags(self, obj, elem, expected, unexpected):
v = self.getElementValue(obj, elem)
self.assertIsNotNone(v)
if expected is not None:
self.assertIsInstance(expected, krb5_asn1.KDCOptions)
for i, flag in enumerate(expected):
if flag == 1:
self.assertEqual('1', v[i],
f"'{expected.namedValues[i]}' "
f"expected in {v}")
if unexpected is not None:
self.assertIsInstance(unexpected, krb5_asn1.KDCOptions)
for i, flag in enumerate(unexpected):
if flag == 1:
self.assertEqual('0', v[i],
f"'{unexpected.namedValues[i]}' "
f"unexpected in {v}")
def get_KerberosTimeWithUsec(self, epoch=None, offset=None):
if epoch is None:
epoch = time.time()
@ -1761,6 +1779,8 @@ class RawKerberosTest(TestCaseInTempDir):
expected_anon=False,
expected_srealm=None,
expected_sname=None,
expected_flags=None,
unexpected_flags=None,
ticket_decryption_key=None,
generate_fast_fn=None,
generate_fast_armor_fn=None,
@ -1801,6 +1821,8 @@ class RawKerberosTest(TestCaseInTempDir):
'expected_anon': expected_anon,
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
'expected_flags': expected_flags,
'unexpected_flags': unexpected_flags,
'ticket_decryption_key': ticket_decryption_key,
'generate_fast_fn': generate_fast_fn,
'generate_fast_armor_fn': generate_fast_armor_fn,
@ -1837,6 +1859,8 @@ class RawKerberosTest(TestCaseInTempDir):
expected_anon=False,
expected_srealm=None,
expected_sname=None,
expected_flags=None,
unexpected_flags=None,
ticket_decryption_key=None,
generate_fast_fn=None,
generate_fast_armor_fn=None,
@ -1877,6 +1901,8 @@ class RawKerberosTest(TestCaseInTempDir):
'expected_anon': expected_anon,
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
'expected_flags': expected_flags,
'unexpected_flags': unexpected_flags,
'ticket_decryption_key': ticket_decryption_key,
'generate_fast_fn': generate_fast_fn,
'generate_fast_armor_fn': generate_fast_armor_fn,
@ -2092,6 +2118,8 @@ class RawKerberosTest(TestCaseInTempDir):
expected_sname = kdc_exchange_dict['expected_sname']
ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key']
expected_flags = kdc_exchange_dict.get('expected_flags')
unexpected_flags = kdc_exchange_dict.get('unexpected_flags')
ticket = self.getElementValue(rep, 'ticket')
@ -2101,7 +2129,9 @@ class RawKerberosTest(TestCaseInTempDir):
ticket_session_key = None
if ticket_private is not None:
self.assertElementPresent(ticket_private, 'flags')
self.assertElementFlags(ticket_private, 'flags',
expected_flags,
unexpected_flags)
self.assertElementPresent(ticket_private, 'key')
ticket_key = self.getElementValue(ticket_private, 'key')
self.assertIsNotNone(ticket_key)
@ -2137,7 +2167,9 @@ class RawKerberosTest(TestCaseInTempDir):
kdc_exchange_dict['nonce'])
# TODO self.assertElementPresent(encpart_private,
# 'key-expiration')
self.assertElementPresent(encpart_private, 'flags')
self.assertElementFlags(ticket_private, 'flags',
expected_flags,
unexpected_flags)
self.assertElementPresent(encpart_private, 'authtime')
if self.strict_checking:
self.assertElementPresent(encpart_private, 'starttime')
@ -2843,6 +2875,8 @@ class RawKerberosTest(TestCaseInTempDir):
etypes,
padata,
kdc_options,
expected_flags=None,
unexpected_flags=None,
preauth_key=None,
ticket_decryption_key=None,
pac_request=None,
@ -2886,6 +2920,8 @@ class RawKerberosTest(TestCaseInTempDir):
expected_error_mode=expected_error_mode,
client_as_etypes=client_as_etypes,
expected_salt=expected_salt,
expected_flags=expected_flags,
unexpected_flags=unexpected_flags,
kdc_options=str(kdc_options),
pac_request=pac_request,
pac_options=pac_options)