mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
tests/krb5: Add method to get DC credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
38b4b334ca
commit
9d01043042
@ -930,6 +930,48 @@ class KDCBaseTest(RawKerberosTest):
|
||||
fallback_creds_fn=download_krbtgt_creds)
|
||||
return c
|
||||
|
||||
def get_dc_creds(self,
|
||||
require_keys=True,
|
||||
require_strongest_key=False):
|
||||
if require_strongest_key:
|
||||
self.assertTrue(require_keys)
|
||||
|
||||
def download_dc_creds():
|
||||
samdb = self.get_samdb()
|
||||
|
||||
dc_rid = 1000
|
||||
dc_sid = '%s-%d' % (samdb.get_domain_sid(), dc_rid)
|
||||
|
||||
res = samdb.search(base='<SID=%s>' % dc_sid,
|
||||
scope=ldb.SCOPE_BASE,
|
||||
attrs=['sAMAccountName',
|
||||
'msDS-KeyVersionNumber'])
|
||||
dn = res[0].dn
|
||||
username = str(res[0]['sAMAccountName'])
|
||||
|
||||
creds = KerberosCredentials()
|
||||
creds.set_domain(self.env_get_var('DOMAIN', 'DC'))
|
||||
creds.set_realm(self.env_get_var('REALM', 'DC'))
|
||||
creds.set_username(username)
|
||||
|
||||
kvno = int(res[0]['msDS-KeyVersionNumber'][0])
|
||||
creds.set_kvno(kvno)
|
||||
creds.set_dn(dn)
|
||||
|
||||
keys = self.get_keys(samdb, dn)
|
||||
self.creds_set_keys(creds, keys)
|
||||
|
||||
self.creds_set_enctypes(creds)
|
||||
|
||||
return creds
|
||||
|
||||
c = self._get_krb5_creds(prefix='DC',
|
||||
allow_missing_password=True,
|
||||
allow_missing_keys=not require_keys,
|
||||
require_strongest_key=require_strongest_key,
|
||||
fallback_creds_fn=download_dc_creds)
|
||||
return c
|
||||
|
||||
def as_req(self, cname, sname, realm, etypes, padata=None, kdc_options=0):
|
||||
'''Send a Kerberos AS_REQ, returns the undecoded response
|
||||
'''
|
||||
|
Loading…
Reference in New Issue
Block a user