sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-10-08 07:33:19 +03:00
Code Activity

tests/krb5: Pass client credentials down into kdc_exchange_dict

Browse Source 
These are useful inside the test infrastructure.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton
2023-04-06 11:09:31 +12:00
committed by Andrew Bartlett
parent c07ac15462
commit e4ec3d6f3d
12 changed files with 198 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/samba/tests/krb5/as_req_tests.py
View File

@@ -97,6 +97,7 @@ class AsReqBaseTest(KDCBaseTest):
etypes,
None,
kdc_options,
creds=client_creds,
expected_supported_etypes=krbtgt_supported_etypes,
expected_account_name=user_name,
pac_request=True,
@@ -199,6 +200,7 @@ class AsReqKerberosTests(AsReqBaseTest):
expected_error_mode = KDC_ERR_ETYPE_NOSUPP
kdc_exchange_dict = self.as_exchange_dict(
creds=client_creds,
expected_crealm=expected_crealm,
expected_cname=expected_cname,
expected_srealm=expected_srealm,

3
python/samba/tests/krb5/claims_tests.py
View File

@@ -462,6 +462,7 @@ class ClaimsTests(KDCBaseTest):
# Perform constrained delegation.
kdc_exchange_dict = self.tgs_exchange_dict(
creds=user_creds,
expected_crealm=user_realm,
expected_cname=user_cname,
expected_srealm=service_realm,
@@ -683,6 +684,7 @@ class ClaimsTests(KDCBaseTest):
# attribute is still present on the account.
kdc_exchange_dict = self.tgs_exchange_dict(
creds=user_creds,
expected_crealm=user_tgt.crealm,
expected_cname=user_tgt.cname,
expected_srealm=srealm,
@@ -1736,6 +1738,7 @@ class ClaimsTests(KDCBaseTest):
# armor TGT. The claim value should not have changed.
kdc_exchange_dict = self.tgs_exchange_dict(
creds=user_creds,
expected_crealm=user_tgt.crealm,
expected_cname=user_tgt.cname,
expected_srealm=srealm,

1
python/samba/tests/krb5/device_tests.py
View File

@@ -2072,6 +2072,7 @@ class DeviceTests(KDCBaseTest):
# Perform a TGS-REQ with the user account.
kdc_exchange_dict = self.tgs_exchange_dict(
creds=user_creds,
expected_crealm=user_tgt.crealm,
expected_cname=user_tgt.cname,
expected_srealm=srealm,

18
python/samba/tests/krb5/etype_tests.py
View File

@@ -308,7 +308,7 @@ class EtypeTests(KdcTgsBaseTests):
# Perform the TGS-REQ.
ticket = self._tgs_req(tgt, expected_error=expected_error,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
kdc_options=str(krb5_asn1.KDCOptions('canonicalize')),
expected_supported_etypes=target_creds.tgs_supported_enctypes,
expected_ticket_etype=expected_etype,
@@ -459,7 +459,7 @@ class EtypeTests(KdcTgsBaseTests):
target_creds = self._server_creds(supported=aes256_bit)
ticket = self._tgs_req(tgt, expected_error=0,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(AES256_CTS_HMAC_SHA1_96,))
self.assertEqual(AES256_CTS_HMAC_SHA1_96, ticket.decryption_key.etype)
@@ -479,7 +479,7 @@ class EtypeTests(KdcTgsBaseTests):
expected_error = KDC_ERR_ETYPE_NOSUPP
ticket = self._tgs_req(tgt, expected_error=expected_error,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(ARCFOUR_HMAC_MD5,))
if not self.forced_rc4:
@@ -498,7 +498,7 @@ class EtypeTests(KdcTgsBaseTests):
target_creds = self._server_creds(supported=aes256_bit | aes256_sk_bit)
ticket = self._tgs_req(tgt, expected_error=0,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(AES256_CTS_HMAC_SHA1_96,))
self.assertEqual(AES256_CTS_HMAC_SHA1_96, ticket.decryption_key.etype)
@@ -519,7 +519,7 @@ class EtypeTests(KdcTgsBaseTests):
expected_error = KDC_ERR_ETYPE_NOSUPP
ticket = self._tgs_req(tgt, expected_error=expected_error,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(ARCFOUR_HMAC_MD5,))
if not self.forced_rc4:
@@ -537,7 +537,7 @@ class EtypeTests(KdcTgsBaseTests):
target_creds = self._server_creds(supported=rc4_bit)
self._tgs_req(tgt, expected_error=KDC_ERR_ETYPE_NOSUPP,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(AES256_CTS_HMAC_SHA1_96,))
# Perform a TGS-REQ for a service ticket, specifying RC4, when the target
@@ -550,7 +550,7 @@ class EtypeTests(KdcTgsBaseTests):
target_creds = self._server_creds(supported=rc4_bit)
ticket = self._tgs_req(tgt, expected_error=0,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(ARCFOUR_HMAC_MD5,))
self.assertEqual(ARCFOUR_HMAC_MD5, ticket.decryption_key.etype)
@@ -567,7 +567,7 @@ class EtypeTests(KdcTgsBaseTests):
target_creds = self._server_creds(supported=rc4_bit | aes256_sk_bit)
ticket = self._tgs_req(tgt, expected_error=0,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(AES256_CTS_HMAC_SHA1_96,))
self.assertEqual(ARCFOUR_HMAC_MD5, ticket.decryption_key.etype)
@@ -583,7 +583,7 @@ class EtypeTests(KdcTgsBaseTests):
target_creds = self._server_creds(supported=rc4_bit | aes256_sk_bit)
ticket = self._tgs_req(tgt, expected_error=0,
target_creds=target_creds,
creds=creds, target_creds=target_creds,
etypes=(ARCFOUR_HMAC_MD5,))
self.assertEqual(ARCFOUR_HMAC_MD5, ticket.decryption_key.etype)

2
python/samba/tests/krb5/fast_tests.py
View File

@@ -1752,6 +1752,7 @@ class FAST_Tests(KDCBaseTest):
decryption_key = krbtgt_decryption_key
kdc_exchange_dict = self.as_exchange_dict(
creds=client_creds,
expected_crealm=expected_crealm,
expected_cname=expected_cname,
expected_anon=expected_anon,
@@ -1789,6 +1790,7 @@ class FAST_Tests(KDCBaseTest):
expect_edata=expect_edata)
else: # KRB_TGS_REP
kdc_exchange_dict = self.tgs_exchange_dict(
creds=client_creds,
expected_crealm=expected_crealm,
expected_cname=expected_cname,
expected_anon=expected_anon,

2
python/samba/tests/krb5/group_tests.py
View File

@@ -1875,6 +1875,7 @@ class GroupTests(KDCBaseTest):
# Perform an AS-REQ with the user account.
as_rep, kdc_exchange_dict = self._test_as_exchange(
creds=user_creds,
cname=cname,
realm=realm,
sname=sname,
@@ -1934,6 +1935,7 @@ class GroupTests(KDCBaseTest):
# Perform a TGS-REQ with the user account.
kdc_exchange_dict = self.tgs_exchange_dict(
creds=user_creds,
expected_crealm=ticket.crealm,
expected_cname=cname,
expected_srealm=realm,

5
python/samba/tests/krb5/kdc_base_test.py
View File

@@ -2265,7 +2265,7 @@ class KDCBaseTest(RawKerberosTest):
def tgs_req(self, cname, sname, realm, ticket, key, etypes,
expected_error_mode=0, padata=None, kdc_options=0,
to_rodc=False, service_creds=None, expect_pac=True,
to_rodc=False, creds=None, service_creds=None, expect_pac=True,
expect_edata=None, expected_flags=None, unexpected_flags=None):
'''Send a TGS-REQ, returns the response and the decrypted and
decoded enc-part
@@ -2302,6 +2302,7 @@ class KDCBaseTest(RawKerberosTest):
return padata, req_body
kdc_exchange_dict = self.tgs_exchange_dict(
creds=creds,
expected_crealm=realm,
expected_cname=cname,
expected_srealm=realm,
@@ -2542,6 +2543,7 @@ class KDCBaseTest(RawKerberosTest):
pac_options = '1' # supports claims
rep, kdc_exchange_dict = self._test_as_exchange(
creds=creds,
cname=cname,
realm=realm,
sname=sname,
@@ -2594,6 +2596,7 @@ class KDCBaseTest(RawKerberosTest):
expected_realm = realm.upper()
rep, kdc_exchange_dict = self._test_as_exchange(
creds=creds,
cname=cname,
realm=realm,
sname=sname,

288
python/samba/tests/krb5/kdc_tgs_tests.py
View File

File diff suppressed because it is too large Load Diff

1
python/samba/tests/krb5/lockout_tests.py
View File

@@ -151,6 +151,7 @@ def connect_kdc(pipe,
# Try making a Kerberos AS-REQ to the KDC. This should fail, either due to
# the user's account being locked out or due to using the wrong password.
as_rep, kdc_exchange_dict = as_req_base._test_as_exchange(
creds=user_creds,
cname=cname,
realm=realm,
sname=sname,

20
python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
View File

@@ -129,7 +129,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket
@@ -187,7 +187,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, mc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=mc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket
@@ -251,7 +251,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the service ticket
@@ -323,7 +323,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc, expect_pac=False,
creds=uc, service_creds=mc, expect_pac=False,
expect_edata=False,
expected_error_mode=KDC_ERR_TGT_REVOKED)
self.check_error_rep(rep, KDC_ERR_TGT_REVOKED)
@@ -382,7 +382,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket
@@ -487,7 +487,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket
@@ -552,7 +552,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket
@@ -618,7 +618,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket
@@ -693,7 +693,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc, expect_pac=False,
creds=uc, service_creds=mc, expect_pac=False,
expect_edata=False,
expected_error_mode=KDC_ERR_TGT_REVOKED)
self.check_error_rep(rep, KDC_ERR_TGT_REVOKED)
@@ -754,7 +754,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
(rep, enc_part) = self.tgs_req(
cname, sname, uc.get_realm(), ticket, key, etype,
service_creds=mc)
creds=uc, service_creds=mc)
self.check_tgs_reply(rep)
# Check the contents of the pac, and the ticket

4
python/samba/tests/krb5/protected_users_tests.py
View File

@@ -841,6 +841,7 @@ class ProtectedUsersTests(KDCBaseTest):
expected_error_mode = KDC_ERR_PREAUTH_REQUIRED
rep, kdc_exchange_dict = self._test_as_exchange(
creds=creds,
cname=cname,
realm=realm,
sname=sname,
@@ -884,6 +885,7 @@ class ProtectedUsersTests(KDCBaseTest):
expected_realm = realm.upper()
rep, kdc_exchange_dict = self._test_as_exchange(
creds=creds,
cname=cname,
realm=realm,
sname=sname,
@@ -953,6 +955,7 @@ class ProtectedUsersTests(KDCBaseTest):
unexpected_flags = krb5_asn1.TicketFlags(unexpected_flags)
rep, kdc_exchange_dict = self._test_as_exchange(
creds=creds,
cname=cname,
realm=realm,
sname=sname,
@@ -987,6 +990,7 @@ class ProtectedUsersTests(KDCBaseTest):
expected_error = KDC_ERR_POLICY if expect_error else 0
rep, kdc_exchange_dict = self._test_as_exchange(
creds=creds,
cname=cname,
realm=realm,
sname=sname,

6
python/samba/tests/krb5/raw_testcase.py
View File

@@ -2459,6 +2459,7 @@ class RawKerberosTest(TestCaseInTempDir):
return check_rep_fn(kdc_exchange_dict, callback_dict, rep)
def as_exchange_dict(self,
creds=None,
expected_crealm=None,
expected_cname=None,
expected_anon=False,
@@ -2531,6 +2532,7 @@ class RawKerberosTest(TestCaseInTempDir):
'rep_msg_type': KRB_AS_REP,
'rep_asn1Spec': krb5_asn1.AS_REP,
'rep_encpart_asn1Spec': krb5_asn1.EncASRepPart,
'creds': creds,
'expected_crealm': expected_crealm,
'expected_cname': expected_cname,
'expected_anon': expected_anon,
@@ -2599,6 +2601,7 @@ class RawKerberosTest(TestCaseInTempDir):
return kdc_exchange_dict
def tgs_exchange_dict(self,
creds=None,
expected_crealm=None,
expected_cname=None,
expected_anon=False,
@@ -2674,6 +2677,7 @@ class RawKerberosTest(TestCaseInTempDir):
'rep_msg_type': KRB_TGS_REP,
'rep_asn1Spec': krb5_asn1.TGS_REP,
'rep_encpart_asn1Spec': krb5_asn1.EncTGSRepPart,
'creds': creds,
'expected_crealm': expected_crealm,
'expected_cname': expected_cname,
'expected_anon': expected_anon,
@@ -4904,6 +4908,7 @@ class RawKerberosTest(TestCaseInTempDir):
etypes,
padata,
kdc_options,
creds=None,
renew_time=None,
expected_account_name=None,
expected_groups=None,
@@ -4950,6 +4955,7 @@ class RawKerberosTest(TestCaseInTempDir):
generate_padata_fn = None
kdc_exchange_dict = self.as_exchange_dict(
creds=creds,
expected_crealm=expected_crealm,
expected_cname=expected_cname,
expected_srealm=expected_srealm,