mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
tests/krb5: Replace expected_cname_private with expected_anon parameter
This is used in the case where the KDC returns 'WELLKNOWN/ANONYMOUS' as the cname, and makes the reply checking logic easier to follow. This also removes the need to fetch the client credentials in the test methods. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
This commit is contained in:
Joseph Sutton
Andrew Bartlett
parent
3fd73b65a3
commit
bf55786fcd
@ -49,7 +49,6 @@ from samba.tests.krb5.rfc4120_constants import (
|
||||
KU_TICKET,
|
||||
NT_PRINCIPAL,
|
||||
NT_SRV_INST,
|
||||
NT_WELLKNOWN,
|
||||
PADATA_FX_COOKIE,
|
||||
PADATA_FX_FAST,
|
||||
PADATA_PAC_OPTIONS
|
||||
@ -1028,14 +1027,6 @@ class FAST_Tests(KDCBaseTest):
|
||||
])
|
||||
|
||||
def test_fast_hide_client_names(self):
|
||||
user_creds = self.get_client_creds()
|
||||
user_name = user_creds.get_username()
|
||||
user_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
|
||||
names=[user_name])
|
||||
|
||||
expected_cname = self.PrincipalName_create(
|
||||
name_type=NT_WELLKNOWN, names=['WELLKNOWN', 'ANONYMOUS'])
|
||||
|
||||
self._run_test_sequence([
|
||||
{
|
||||
'rep_type': KRB_AS_REP,
|
||||
@ -1044,7 +1035,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
|
||||
'gen_armor_tgt_fn': self.get_mach_tgt,
|
||||
'fast_options': '01', # hide client names
|
||||
'expected_cname': expected_cname
|
||||
'expected_anon': True
|
||||
},
|
||||
{
|
||||
'rep_type': KRB_AS_REP,
|
||||
@ -1054,20 +1045,11 @@ class FAST_Tests(KDCBaseTest):
|
||||
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
|
||||
'gen_armor_tgt_fn': self.get_mach_tgt,
|
||||
'fast_options': '01', # hide client names
|
||||
'expected_cname': expected_cname,
|
||||
'expected_cname_private': user_cname
|
||||
'expected_anon': True
|
||||
}
|
||||
])
|
||||
|
||||
def test_fast_tgs_hide_client_names(self):
|
||||
user_creds = self.get_client_creds()
|
||||
user_name = user_creds.get_username()
|
||||
user_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
|
||||
names=[user_name])
|
||||
|
||||
expected_cname = self.PrincipalName_create(
|
||||
name_type=NT_WELLKNOWN, names=['WELLKNOWN', 'ANONYMOUS'])
|
||||
|
||||
self._run_test_sequence([
|
||||
{
|
||||
'rep_type': KRB_TGS_REP,
|
||||
@ -1076,8 +1058,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
'gen_tgt_fn': self.get_user_tgt,
|
||||
'fast_armor': None,
|
||||
'fast_options': '01', # hide client names
|
||||
'expected_cname': expected_cname,
|
||||
'expected_cname_private': user_cname
|
||||
'expected_anon': True
|
||||
}
|
||||
])
|
||||
|
||||
@ -1259,8 +1240,8 @@ class FAST_Tests(KDCBaseTest):
|
||||
srealm = target_realm
|
||||
|
||||
expected_cname = kdc_dict.pop('expected_cname', client_cname)
|
||||
expected_cname_private = kdc_dict.pop('expected_cname_private',
|
||||
None)
|
||||
expected_anon = kdc_dict.pop('expected_anon',
|
||||
False)
|
||||
expected_crealm = kdc_dict.pop('expected_crealm', client_realm)
|
||||
expected_sname = kdc_dict.pop('expected_sname', sname)
|
||||
expected_srealm = kdc_dict.pop('expected_srealm', srealm)
|
||||
@ -1384,7 +1365,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
kdc_exchange_dict = self.as_exchange_dict(
|
||||
expected_crealm=expected_crealm,
|
||||
expected_cname=expected_cname,
|
||||
expected_cname_private=expected_cname_private,
|
||||
expected_anon=expected_anon,
|
||||
expected_srealm=expected_srealm,
|
||||
expected_sname=expected_sname,
|
||||
ticket_decryption_key=krbtgt_decryption_key,
|
||||
@ -1413,7 +1394,7 @@ class FAST_Tests(KDCBaseTest):
|
||||
kdc_exchange_dict = self.tgs_exchange_dict(
|
||||
expected_crealm=expected_crealm,
|
||||
expected_cname=expected_cname,
|
||||
expected_cname_private=expected_cname_private,
|
||||
expected_anon=expected_anon,
|
||||
expected_srealm=expected_srealm,
|
||||
expected_sname=expected_sname,
|
||||
ticket_decryption_key=target_decryption_key,
|
||||
|
||||
@ -1721,7 +1721,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
def as_exchange_dict(self,
|
||||
expected_crealm=None,
|
||||
expected_cname=None,
|
||||
expected_cname_private=None,
|
||||
expected_anon=False,
|
||||
expected_srealm=None,
|
||||
expected_sname=None,
|
||||
ticket_decryption_key=None,
|
||||
@ -1759,6 +1759,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'rep_encpart_asn1Spec': krb5_asn1.EncASRepPart,
|
||||
'expected_crealm': expected_crealm,
|
||||
'expected_cname': expected_cname,
|
||||
'expected_anon': expected_anon,
|
||||
'expected_srealm': expected_srealm,
|
||||
'expected_sname': expected_sname,
|
||||
'ticket_decryption_key': ticket_decryption_key,
|
||||
@ -1784,10 +1785,6 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'inner_req': inner_req,
|
||||
'outer_req': outer_req
|
||||
}
|
||||
if expected_cname_private is not None:
|
||||
kdc_exchange_dict['expected_cname_private'] = (
|
||||
expected_cname_private)
|
||||
|
||||
if callback_dict is None:
|
||||
callback_dict = {}
|
||||
|
||||
@ -1796,7 +1793,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
def tgs_exchange_dict(self,
|
||||
expected_crealm=None,
|
||||
expected_cname=None,
|
||||
expected_cname_private=None,
|
||||
expected_anon=False,
|
||||
expected_srealm=None,
|
||||
expected_sname=None,
|
||||
ticket_decryption_key=None,
|
||||
@ -1834,6 +1831,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'rep_encpart_asn1Spec': krb5_asn1.EncTGSRepPart,
|
||||
'expected_crealm': expected_crealm,
|
||||
'expected_cname': expected_cname,
|
||||
'expected_anon': expected_anon,
|
||||
'expected_srealm': expected_srealm,
|
||||
'expected_sname': expected_sname,
|
||||
'ticket_decryption_key': ticket_decryption_key,
|
||||
@ -1859,10 +1857,6 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
'inner_req': inner_req,
|
||||
'outer_req': outer_req
|
||||
}
|
||||
if expected_cname_private is not None:
|
||||
kdc_exchange_dict['expected_cname_private'] = (
|
||||
expected_cname_private)
|
||||
|
||||
if callback_dict is None:
|
||||
callback_dict = {}
|
||||
|
||||
@ -1874,7 +1868,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
rep):
|
||||
|
||||
expected_crealm = kdc_exchange_dict['expected_crealm']
|
||||
expected_cname = kdc_exchange_dict['expected_cname']
|
||||
expected_anon = kdc_exchange_dict['expected_anon']
|
||||
expected_srealm = kdc_exchange_dict['expected_srealm']
|
||||
expected_sname = kdc_exchange_dict['expected_sname']
|
||||
ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key']
|
||||
@ -1888,6 +1882,12 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
padata = self.getElementValue(rep, 'padata')
|
||||
if self.strict_checking:
|
||||
self.assertElementEqualUTF8(rep, 'crealm', expected_crealm)
|
||||
if expected_anon:
|
||||
expected_cname = self.PrincipalName_create(
|
||||
name_type=NT_WELLKNOWN,
|
||||
names=['WELLKNOWN', 'ANONYMOUS'])
|
||||
else:
|
||||
expected_cname = kdc_exchange_dict['expected_cname']
|
||||
self.assertElementEqualPrincipal(rep, 'cname', expected_cname)
|
||||
self.assertElementPresent(rep, 'ticket')
|
||||
ticket = self.getElementValue(rep, 'ticket')
|
||||
@ -2042,14 +2042,11 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
and kdc_options[canon_pos] == '1')
|
||||
|
||||
expected_crealm = kdc_exchange_dict['expected_crealm']
|
||||
expected_cname = kdc_exchange_dict['expected_cname']
|
||||
expected_srealm = kdc_exchange_dict['expected_srealm']
|
||||
expected_sname = kdc_exchange_dict['expected_sname']
|
||||
ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key']
|
||||
|
||||
try:
|
||||
expected_cname = kdc_exchange_dict['expected_cname_private']
|
||||
except KeyError:
|
||||
expected_cname = kdc_exchange_dict['expected_cname']
|
||||
|
||||
ticket = self.getElementValue(rep, 'ticket')
|
||||
|
||||
@ -2182,7 +2179,7 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
|
||||
rep_msg_type = kdc_exchange_dict['rep_msg_type']
|
||||
|
||||
expected_cname = kdc_exchange_dict['expected_cname']
|
||||
expected_anon = kdc_exchange_dict['expected_anon']
|
||||
expected_srealm = kdc_exchange_dict['expected_srealm']
|
||||
expected_sname = kdc_exchange_dict['expected_sname']
|
||||
expected_error_mode = kdc_exchange_dict['expected_error_mode']
|
||||
@ -2203,7 +2200,10 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
# error-code checked above
|
||||
if self.strict_checking:
|
||||
self.assertElementMissing(rep, 'crealm')
|
||||
if expected_cname['name-type'] == NT_WELLKNOWN and not inner:
|
||||
if expected_anon and not inner:
|
||||
expected_cname = self.PrincipalName_create(
|
||||
name_type=NT_WELLKNOWN,
|
||||
names=['WELLKNOWN', 'ANONYMOUS'])
|
||||
self.assertElementEqualPrincipal(rep, 'cname', expected_cname)
|
||||
else:
|
||||
self.assertElementMissing(rep, 'cname')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user