From c9d6a3dd66501187f5f7094bdee67a5a6bb764a8 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Fri, 11 Aug 2023 09:42:25 +1200 Subject: [PATCH] tests/krb5: Allow specifying KDC options when requesting a TGT Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- python/samba/tests/krb5/authn_policy_tests.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/python/samba/tests/krb5/authn_policy_tests.py b/python/samba/tests/krb5/authn_policy_tests.py index 3e695b232e3..c8d25498182 100755 --- a/python/samba/tests/krb5/authn_policy_tests.py +++ b/python/samba/tests/krb5/authn_policy_tests.py @@ -990,6 +990,9 @@ class AuthnPolicyBaseTests(AuthLogTestBase, KdcTgsBaseTests): def _get_tgt(self, creds, *, armor_tgt=None, till=None, + kdc_options=None, + expected_flags=None, + unexpected_flags=None, expected_error=0, expect_status=None, expected_status=None): @@ -1017,10 +1020,11 @@ class AuthnPolicyBaseTests(AuthLogTestBase, KdcTgsBaseTests): expected_etypes = krbtgt_creds.tgs_supported_enctypes - kdc_options = str(krb5_asn1.KDCOptions('renewable')) - # Contrary to Microsoft’s documentation, the returned ticket is - # renewable. - expected_flags = krb5_asn1.TicketFlags('renewable') + if kdc_options is None: + kdc_options = str(krb5_asn1.KDCOptions('renewable')) + # Contrary to Microsoft’s documentation, the returned ticket is + # renewable. + expected_flags = krb5_asn1.TicketFlags('renewable') preauth_key = self.PasswordKey_from_creds(creds, kcrypto.Enctype.AES256) @@ -1086,6 +1090,7 @@ class AuthnPolicyBaseTests(AuthLogTestBase, KdcTgsBaseTests): expected_sname=expected_sname, expected_salt=salt, expected_flags=expected_flags, + unexpected_flags=unexpected_flags, expected_supported_etypes=expected_etypes, generate_padata_fn=generate_padata_fn, generate_fast_padata_fn=generate_fast_padata_fn,