mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
tests/krb5: Fix checking for presence of error data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
7fba83c6c6
commit
ab92dc16d2
@ -107,7 +107,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'expected_error_mode': (KDC_ERR_GENERIC, KDC_ERR_S_PRINCIPAL_UNKNOWN),
|
||||
'use_fast': False,
|
||||
'sname': None,
|
||||
'expected_sname': expected_sname
|
||||
'expected_sname': expected_sname,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -121,7 +122,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'use_fast': False,
|
||||
'gen_tgt_fn': self.get_user_tgt,
|
||||
'sname': None,
|
||||
'expected_sname': expected_sname
|
||||
'expected_sname': expected_sname,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -206,6 +208,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
'expected_error_mode': KDC_ERR_NOT_US,
|
||||
'use_fast': False,
|
||||
'gen_tgt_fn': self.get_user_service_ticket,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -216,6 +219,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
'expected_error_mode': KDC_ERR_NOT_US,
|
||||
'use_fast': False,
|
||||
'gen_tgt_fn': self.get_mach_service_ticket,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -328,7 +332,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'expected_error_mode': KDC_ERR_ETYPE_NOSUPP,
|
||||
'use_fast': False,
|
||||
'gen_tgt_fn': self.get_mach_tgt,
|
||||
'etypes': ()
|
||||
'etypes': (),
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -376,7 +381,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'use_fast': True,
|
||||
'gen_fast_fn': self.generate_empty_fast,
|
||||
'fast_armor': None,
|
||||
'gen_armor_tgt_fn': self.get_mach_tgt
|
||||
'gen_armor_tgt_fn': self.get_mach_tgt,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -399,7 +405,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'expected_error_mode': KDC_ERR_GENERIC,
|
||||
'use_fast': True,
|
||||
'fast_armor': None, # no armor,
|
||||
'gen_armor_tgt_fn': self.get_mach_tgt
|
||||
'gen_armor_tgt_fn': self.get_mach_tgt,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -858,7 +865,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
# should be KRB_APP_ERR_MODIFIED
|
||||
'use_fast': False,
|
||||
'gen_authdata_fn': self.generate_fast_used_auth_data,
|
||||
'gen_tgt_fn': self.get_user_tgt
|
||||
'gen_tgt_fn': self.get_user_tgt,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -885,7 +893,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'gen_authdata_fn': self.generate_fast_armor_auth_data,
|
||||
'gen_tgt_fn': self.get_user_tgt,
|
||||
'fast_armor': None,
|
||||
'expected_sname': expected_sname
|
||||
'expected_sname': expected_sname,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -935,7 +944,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'use_fast': True,
|
||||
'gen_tgt_fn': self.gen_tgt_fast_armor_auth_data,
|
||||
'fast_armor': None,
|
||||
'expected_sname': expected_sname
|
||||
'expected_sname': expected_sname,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -1007,7 +1017,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
'gen_tgt_fn': self.get_user_tgt,
|
||||
'fast_armor': None,
|
||||
'include_subkey': False,
|
||||
'expected_sname': expected_sname
|
||||
'expected_sname': expected_sname,
|
||||
'expect_edata': False
|
||||
}
|
||||
])
|
||||
|
||||
@ -1258,6 +1269,10 @@ class FAST_Tests(KDCBaseTest):
|
||||
else:
|
||||
tgt_cname = client_cname
|
||||
|
||||
expect_edata = kdc_dict.pop('expect_edata', None)
|
||||
if expect_edata is not None:
|
||||
self.assertTrue(expected_error_mode)
|
||||
|
||||
expected_cname = kdc_dict.pop('expected_cname', tgt_cname)
|
||||
expected_anon = kdc_dict.pop('expected_anon',
|
||||
False)
|
||||
@ -1392,7 +1407,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
inner_req=inner_req,
|
||||
outer_req=outer_req,
|
||||
pac_request=True,
|
||||
pac_options=pac_options)
|
||||
pac_options=pac_options,
|
||||
expect_edata=expect_edata)
|
||||
else: # KRB_TGS_REP
|
||||
kdc_exchange_dict = self.tgs_exchange_dict(
|
||||
expected_crealm=expected_crealm,
|
||||
@ -1425,7 +1441,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
inner_req=inner_req,
|
||||
outer_req=outer_req,
|
||||
pac_request=None,
|
||||
pac_options=pac_options)
|
||||
pac_options=pac_options,
|
||||
expect_edata=expect_edata)
|
||||
|
||||
repeat = kdc_dict.pop('repeat', 1)
|
||||
for _ in range(repeat):
|
||||
|
@ -1162,7 +1162,8 @@ class KDCBaseTest(RawKerberosTest):
|
||||
|
||||
def tgs_req(self, cname, sname, realm, ticket, key, etypes,
|
||||
expected_error_mode=0, padata=None, kdc_options=0,
|
||||
to_rodc=False, service_creds=None, expect_pac=True):
|
||||
to_rodc=False, service_creds=None, expect_pac=True,
|
||||
expect_edata=None):
|
||||
'''Send a TGS-REQ, returns the response and the decrypted and
|
||||
decoded enc-part
|
||||
'''
|
||||
@ -1209,6 +1210,7 @@ class KDCBaseTest(RawKerberosTest):
|
||||
tgt=tgt,
|
||||
authenticator_subkey=subkey,
|
||||
kdc_options=str(kdc_options),
|
||||
expect_edata=expect_edata,
|
||||
expect_pac=expect_pac,
|
||||
to_rodc=to_rodc)
|
||||
|
||||
|
@ -85,7 +85,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
names=["host", samdb.host_dns_name()])
|
||||
|
||||
(rep, enc_part) = self.tgs_req(cname, sname, realm, ticket, key, etype,
|
||||
expected_error_mode=KDC_ERR_BADMATCH)
|
||||
expected_error_mode=KDC_ERR_BADMATCH,
|
||||
expect_edata=False)
|
||||
|
||||
self.assertIsNone(
|
||||
enc_part,
|
||||
|
@ -1959,6 +1959,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
outer_req=None,
|
||||
pac_request=None,
|
||||
pac_options=None,
|
||||
expect_edata=None,
|
||||
expect_pac=True,
|
||||
to_rodc=False):
|
||||
if expected_error_mode == 0:
|
||||
@ -2005,6 +2006,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'outer_req': outer_req,
|
||||
'pac_request': pac_request,
|
||||
'pac_options': pac_options,
|
||||
'expect_edata': expect_edata,
|
||||
'expect_pac': expect_pac,
|
||||
'to_rodc': to_rodc
|
||||
}
|
||||
@ -2046,6 +2048,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
outer_req=None,
|
||||
pac_request=None,
|
||||
pac_options=None,
|
||||
expect_edata=None,
|
||||
expect_pac=True,
|
||||
to_rodc=False):
|
||||
if expected_error_mode == 0:
|
||||
@ -2091,6 +2094,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'outer_req': outer_req,
|
||||
'pac_request': pac_request,
|
||||
'pac_options': pac_options,
|
||||
'expect_edata': expect_edata,
|
||||
'expect_pac': expect_pac,
|
||||
'to_rodc': to_rodc
|
||||
}
|
||||
@ -2477,20 +2481,20 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
self.assertElementEqualUTF8(rep, 'realm', expected_srealm)
|
||||
self.assertElementEqualPrincipal(rep, 'sname', expected_sname)
|
||||
self.assertElementMissing(rep, 'e-text')
|
||||
if (error_code == KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS
|
||||
or (rep_msg_type == KRB_TGS_REP
|
||||
and not sent_fast)
|
||||
or (sent_fast and fast_armor_type is not None
|
||||
and fast_armor_type != FX_FAST_ARMOR_AP_REQUEST)
|
||||
or inner):
|
||||
expected_status = kdc_exchange_dict['expected_status']
|
||||
expect_edata = kdc_exchange_dict['expect_edata']
|
||||
if expect_edata is None:
|
||||
expect_edata = (error_code != KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS
|
||||
and (not sent_fast or fast_armor_type is None
|
||||
or fast_armor_type == FX_FAST_ARMOR_AP_REQUEST)
|
||||
and not inner)
|
||||
if not expect_edata:
|
||||
self.assertIsNone(expected_status)
|
||||
self.assertElementMissing(rep, 'e-data')
|
||||
return rep
|
||||
edata = self.getElementValue(rep, 'e-data')
|
||||
if self.strict_checking:
|
||||
if error_code != KDC_ERR_GENERIC:
|
||||
# Predicting whether an ERR_GENERIC error contains e-data is
|
||||
# more complicated.
|
||||
self.assertIsNotNone(edata)
|
||||
self.assertIsNotNone(edata)
|
||||
if edata is not None:
|
||||
if rep_msg_type == KRB_TGS_REP and not sent_fast:
|
||||
error_data = self.der_decode(
|
||||
@ -2506,12 +2510,11 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
status = int.from_bytes(extended_error[:4], 'little')
|
||||
flags = int.from_bytes(extended_error[8:], 'little')
|
||||
|
||||
expected_status = kdc_exchange_dict['expected_status']
|
||||
self.assertEqual(expected_status, status)
|
||||
|
||||
self.assertEqual(3, flags)
|
||||
else:
|
||||
self.assertIsNone(kdc_exchange_dict['expected_status'])
|
||||
self.assertIsNone(expected_status)
|
||||
|
||||
rep_padata = self.der_decode(edata,
|
||||
asn1Spec=krb5_asn1.METHOD_DATA())
|
||||
|
Loading…
Reference in New Issue
Block a user