From c51805f90c09b40236765c9594693fcb66a55715 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Thu, 16 Dec 2021 14:21:18 +1300 Subject: [PATCH] tests/krb5: Adjust expected error codes Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher --- python/samba/tests/krb5/fast_tests.py | 12 ++++++++---- python/samba/tests/krb5/kdc_tgs_tests.py | 5 +++-- python/samba/tests/krb5/raw_testcase.py | 4 +++- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/python/samba/tests/krb5/fast_tests.py b/python/samba/tests/krb5/fast_tests.py index 6a6fdfa786e..dbd4e4e4ce2 100755 --- a/python/samba/tests/krb5/fast_tests.py +++ b/python/samba/tests/krb5/fast_tests.py @@ -605,7 +605,8 @@ class FAST_Tests(KDCBaseTest): self._run_test_sequence([ { 'rep_type': KRB_AS_REP, - 'expected_error_mode': KDC_ERR_POLICY, + 'expected_error_mode': (KDC_ERR_POLICY, + KDC_ERR_S_PRINCIPAL_UNKNOWN), 'use_fast': True, 'fast_armor': FX_FAST_ARMOR_AP_REQUEST, 'gen_armor_tgt_fn': self.get_user_service_ticket @@ -620,7 +621,8 @@ class FAST_Tests(KDCBaseTest): self._run_test_sequence([ { 'rep_type': KRB_AS_REP, - 'expected_error_mode': KDC_ERR_POLICY, + 'expected_error_mode': (KDC_ERR_POLICY, + KDC_ERR_S_PRINCIPAL_UNKNOWN), 'use_fast': True, 'fast_armor': FX_FAST_ARMOR_AP_REQUEST, 'gen_armor_tgt_fn': self.get_mach_service_ticket @@ -637,7 +639,8 @@ class FAST_Tests(KDCBaseTest): self._run_test_sequence([ { 'rep_type': KRB_AS_REP, - 'expected_error_mode': KDC_ERR_POLICY, + 'expected_error_mode': (KDC_ERR_POLICY, + KDC_ERR_S_PRINCIPAL_UNKNOWN), 'use_fast': True, 'fast_armor': FX_FAST_ARMOR_AP_REQUEST, 'gen_armor_tgt_fn': self.get_service_ticket_invalid_checksum @@ -657,7 +660,8 @@ class FAST_Tests(KDCBaseTest): }, { 'rep_type': KRB_AS_REP, - 'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED, + 'expected_error_mode': (KDC_ERR_PREAUTH_REQUIRED, + KDC_ERR_POLICY), 'use_fast': True, 'gen_padata_fn': self.generate_enc_timestamp_padata, 'fast_armor': FX_FAST_ARMOR_AP_REQUEST, diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index b418a087df8..df95523144f 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -1644,7 +1644,7 @@ class KdcTgsTests(KDCBaseTest): self._user2user(service_ticket, creds, expected_error=(KDC_ERR_MODIFIED, KDC_ERR_POLICY)) - # Expected to fail against Windows, which does not produce a policy error. + # Expected to fail against Windows, which does not produce an error. def test_fast_service_ticket(self): creds = self._get_creds() tgt = self._get_tgt(creds) @@ -1653,7 +1653,8 @@ class KdcTgsTests(KDCBaseTest): service_ticket = self.get_service_ticket(tgt, service_creds) self._fast(service_ticket, creds, - expected_error=KDC_ERR_POLICY) + expected_error=(KDC_ERR_POLICY, + KDC_ERR_S_PRINCIPAL_UNKNOWN)) def test_pac_attrs_none(self): creds = self._get_creds() diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index 1496ff961cd..7054dc543aa 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -47,6 +47,7 @@ from samba.tests.krb5.rfc4120_constants import ( AD_WIN2K_PAC, FX_FAST_ARMOR_AP_REQUEST, KDC_ERR_GENERIC, + KDC_ERR_POLICY, KDC_ERR_PREAUTH_FAILED, KDC_ERR_SKEW, KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS, @@ -2958,7 +2959,8 @@ class RawKerberosTest(TestCaseInTempDir): if len(expect_etype_info2) != 0: expected_patypes += (PADATA_ETYPE_INFO2,) - if error_code not in (KDC_ERR_PREAUTH_FAILED, KDC_ERR_SKEW): + if error_code not in (KDC_ERR_PREAUTH_FAILED, KDC_ERR_SKEW, + KDC_ERR_POLICY): if sent_fast: expected_patypes += (PADATA_ENCRYPTED_CHALLENGE,) else: