1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-31 17:18:04 +03:00

python:tests/krb5: let netlogon.py test strong key without arcfour

It shows that there's no encryption on buffers...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2024-11-26 18:51:07 +01:00 committed by Andreas Schneider
parent c7a0efb29e
commit e296b912b2
2 changed files with 14 additions and 1 deletions

View File

@ -66,7 +66,7 @@ class NetlogonSchannel(KDCBaseTest):
for trust in ["wks", "bdc"]:
for auth3_flags in [0x603fffff, 0x613fffff]:
setup_test(test, trust, "auth3", auth3_flags)
for auth3_flags in [0x00004004, 0x01000000]:
for auth3_flags in [0x00004004, 0x00004000, 0x01000000]:
setup_test(test, trust, "auth3", auth3_flags)
def setUp(self):
@ -939,6 +939,10 @@ class NetlogonSchannel(KDCBaseTest):
expect_set2_encrypted = expect_encrypted
encryption_set2_ncreds = ncreds
if not (ncreds.negotiate_flags & 0x01000004):
# Without aes or arcfour this uses no encryption
expect_set2_encrypted = False
if ncreds.secure_channel_type == misc.SEC_CHAN_WKSTA:
expect_get_error = ntstatus.NT_STATUS_ACCESS_DENIED
else:
@ -1063,6 +1067,10 @@ class NetlogonSchannel(KDCBaseTest):
expect_broken_crypto = False
if not (ncreds.negotiate_flags & 0x01000004):
# Without aes or arcfour this uses no encryption
expect_encrypted = False
opaque_buffer = b'invalid_opaque_buffer'
if ncreds.secure_channel_type == misc.SEC_CHAN_WKSTA:
expect_invalid_error = ntstatus.NT_STATUS_ACCESS_DENIED
@ -1359,6 +1367,10 @@ class NetlogonSchannel(KDCBaseTest):
else:
expect_error = None
if not (ncreds.negotiate_flags & 0x01000004):
# Without aes or arcfour this uses no encryption
expect_encrypted = False
krbtgt_creds = self.get_krbtgt_creds()
krbtgt_key = self.TicketDecryptionKey_from_creds(krbtgt_creds)

View File

@ -1,4 +1,5 @@
# Without AES we currently get DOWNGRADE_DETECTED
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_00004000
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_00004004
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_603fffff
# This is not implemented yet