1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

tests/krb5: Add method to get DC credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2021-09-20 13:58:09 +12:00 committed by Andrew Bartlett
parent 38b4b334ca
commit 9d01043042

View File

@ -930,6 +930,48 @@ class KDCBaseTest(RawKerberosTest):
fallback_creds_fn=download_krbtgt_creds)
return c
def get_dc_creds(self,
require_keys=True,
require_strongest_key=False):
if require_strongest_key:
self.assertTrue(require_keys)
def download_dc_creds():
samdb = self.get_samdb()
dc_rid = 1000
dc_sid = '%s-%d' % (samdb.get_domain_sid(), dc_rid)
res = samdb.search(base='<SID=%s>' % dc_sid,
scope=ldb.SCOPE_BASE,
attrs=['sAMAccountName',
'msDS-KeyVersionNumber'])
dn = res[0].dn
username = str(res[0]['sAMAccountName'])
creds = KerberosCredentials()
creds.set_domain(self.env_get_var('DOMAIN', 'DC'))
creds.set_realm(self.env_get_var('REALM', 'DC'))
creds.set_username(username)
kvno = int(res[0]['msDS-KeyVersionNumber'][0])
creds.set_kvno(kvno)
creds.set_dn(dn)
keys = self.get_keys(samdb, dn)
self.creds_set_keys(creds, keys)
self.creds_set_enctypes(creds)
return creds
c = self._get_krb5_creds(prefix='DC',
allow_missing_password=True,
allow_missing_keys=not require_keys,
require_strongest_key=require_strongest_key,
fallback_creds_fn=download_dc_creds)
return c
def as_req(self, cname, sname, realm, etypes, padata=None, kdc_options=0):
'''Send a Kerberos AS_REQ, returns the undecoded response
'''