mirror of
https://github.com/samba-team/samba.git
synced 2024-12-31 17:18:04 +03:00
python:tests/krb5: let netlogon.py test strong key without arcfour
It shows that there's no encryption on buffers... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
parent
c7a0efb29e
commit
e296b912b2
@ -66,7 +66,7 @@ class NetlogonSchannel(KDCBaseTest):
|
||||
for trust in ["wks", "bdc"]:
|
||||
for auth3_flags in [0x603fffff, 0x613fffff]:
|
||||
setup_test(test, trust, "auth3", auth3_flags)
|
||||
for auth3_flags in [0x00004004, 0x01000000]:
|
||||
for auth3_flags in [0x00004004, 0x00004000, 0x01000000]:
|
||||
setup_test(test, trust, "auth3", auth3_flags)
|
||||
|
||||
def setUp(self):
|
||||
@ -939,6 +939,10 @@ class NetlogonSchannel(KDCBaseTest):
|
||||
expect_set2_encrypted = expect_encrypted
|
||||
encryption_set2_ncreds = ncreds
|
||||
|
||||
if not (ncreds.negotiate_flags & 0x01000004):
|
||||
# Without aes or arcfour this uses no encryption
|
||||
expect_set2_encrypted = False
|
||||
|
||||
if ncreds.secure_channel_type == misc.SEC_CHAN_WKSTA:
|
||||
expect_get_error = ntstatus.NT_STATUS_ACCESS_DENIED
|
||||
else:
|
||||
@ -1063,6 +1067,10 @@ class NetlogonSchannel(KDCBaseTest):
|
||||
|
||||
expect_broken_crypto = False
|
||||
|
||||
if not (ncreds.negotiate_flags & 0x01000004):
|
||||
# Without aes or arcfour this uses no encryption
|
||||
expect_encrypted = False
|
||||
|
||||
opaque_buffer = b'invalid_opaque_buffer'
|
||||
if ncreds.secure_channel_type == misc.SEC_CHAN_WKSTA:
|
||||
expect_invalid_error = ntstatus.NT_STATUS_ACCESS_DENIED
|
||||
@ -1359,6 +1367,10 @@ class NetlogonSchannel(KDCBaseTest):
|
||||
else:
|
||||
expect_error = None
|
||||
|
||||
if not (ncreds.negotiate_flags & 0x01000004):
|
||||
# Without aes or arcfour this uses no encryption
|
||||
expect_encrypted = False
|
||||
|
||||
krbtgt_creds = self.get_krbtgt_creds()
|
||||
krbtgt_key = self.TicketDecryptionKey_from_creds(krbtgt_creds)
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
# Without AES we currently get DOWNGRADE_DETECTED
|
||||
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_00004000
|
||||
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_00004004
|
||||
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_603fffff
|
||||
# This is not implemented yet
|
||||
|
Loading…
Reference in New Issue
Block a user