mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
tests/krb5: Align PAC buffer checking to more closely match Windows with PacRequestorEnforcement=2
We set EXPECT_EXTRA_PAC_BUFFERS to 0 for the moment. This signifies that these checks are currently not enforced, which avoids a lot of test failures. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
ec823c2a83
commit
ebc9137cee
@ -497,12 +497,18 @@ class KdcTgsTests(KDCBaseTest):
|
||||
def test_renew_req(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, renewable=True)
|
||||
self._renew_tgt(tgt, expected_error=0)
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_validate_req(self):
|
||||
creds = self._get_creds()
|
||||
tgt = self._get_tgt(creds, invalid=True)
|
||||
self._validate_tgt(tgt, expected_error=0)
|
||||
self._validate_tgt(tgt, expected_error=0,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_s4u2self_req(self):
|
||||
creds = self._get_creds()
|
||||
@ -774,13 +780,17 @@ class KdcTgsTests(KDCBaseTest):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
|
||||
self._renew_tgt(tgt, expected_error=0)
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_validate_rodc_revealed(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
revealed_to_rodc=True)
|
||||
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
|
||||
self._validate_tgt(tgt, expected_error=0)
|
||||
self._validate_tgt(tgt, expected_error=0,
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_s4u2self_rodc_revealed(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1434,7 +1444,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=None)
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_renew_false(self):
|
||||
creds = self._get_creds()
|
||||
@ -1447,7 +1458,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=False)
|
||||
expect_pac_attrs_pac_request=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_renew_true(self):
|
||||
creds = self._get_creds()
|
||||
@ -1460,7 +1472,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True)
|
||||
expect_pac_attrs_pac_request=True,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_rodc_renew_none(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1473,8 +1486,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=None)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_rodc_renew_false(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1487,8 +1500,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_rodc_renew_true(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1501,8 +1514,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_missing_renew_none(self):
|
||||
creds = self._get_creds()
|
||||
@ -1515,7 +1528,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_missing_renew_false(self):
|
||||
creds = self._get_creds()
|
||||
@ -1528,7 +1542,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_missing_renew_true(self):
|
||||
creds = self._get_creds()
|
||||
@ -1541,7 +1556,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_missing_rodc_renew_none(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1555,7 +1571,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_missing_rodc_renew_false(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1569,7 +1586,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_pac_attrs_missing_rodc_renew_true(self):
|
||||
creds = self._get_creds(replication_allowed=True,
|
||||
@ -1583,7 +1601,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0,
|
||||
expect_pac=True,
|
||||
expect_pac_attrs=False)
|
||||
expect_pac_attrs=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
def test_tgs_pac_attrs_none(self):
|
||||
creds = self._get_creds()
|
||||
@ -1593,8 +1612,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
expect_pac_attrs_pac_request=None)
|
||||
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=None)
|
||||
expect_pac_attrs=False)
|
||||
|
||||
def test_tgs_pac_attrs_false(self):
|
||||
creds = self._get_creds()
|
||||
@ -1603,7 +1621,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=False)
|
||||
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=False)
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=False,
|
||||
expect_pac_attrs=False)
|
||||
|
||||
def test_tgs_pac_attrs_true(self):
|
||||
creds = self._get_creds()
|
||||
@ -1613,8 +1632,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
expect_pac_attrs_pac_request=True)
|
||||
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True)
|
||||
expect_pac_attrs=False)
|
||||
|
||||
def test_as_requester_sid(self):
|
||||
creds = self._get_creds()
|
||||
@ -1639,8 +1657,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
expect_requester_sid=True)
|
||||
|
||||
self._run_tgs(tgt, expected_error=0, expect_pac=True,
|
||||
expected_sid=sid,
|
||||
expect_requester_sid=True)
|
||||
expect_requester_sid=False)
|
||||
|
||||
def test_tgs_requester_sid_renew(self):
|
||||
creds = self._get_creds()
|
||||
@ -1655,6 +1672,8 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self._modify_tgt(tgt, renewable=True)
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0, expect_pac=True,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expected_sid=sid,
|
||||
expect_requester_sid=True)
|
||||
|
||||
@ -1672,6 +1691,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True)
|
||||
|
||||
self._renew_tgt(tgt, expected_error=0, expect_pac=True,
|
||||
expect_pac_attrs=False,
|
||||
expected_sid=sid,
|
||||
expect_requester_sid=True)
|
||||
|
||||
@ -1738,7 +1758,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=None)
|
||||
tgt = self._modify_tgt(tgt, renewable=True)
|
||||
|
||||
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)
|
||||
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
|
||||
|
||||
@ -1750,7 +1773,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
|
||||
tgt = self._modify_tgt(tgt, renewable=True)
|
||||
|
||||
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)
|
||||
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)
|
||||
|
||||
@ -1762,7 +1788,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=True)
|
||||
tgt = self._modify_tgt(tgt, renewable=True)
|
||||
|
||||
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)
|
||||
tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True,
|
||||
expect_requester_sid=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
|
||||
|
||||
@ -1774,7 +1803,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=None)
|
||||
tgt = self._modify_tgt(tgt, invalid=True)
|
||||
|
||||
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)
|
||||
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
|
||||
|
||||
@ -1786,7 +1818,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
|
||||
tgt = self._modify_tgt(tgt, invalid=True)
|
||||
|
||||
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)
|
||||
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=False,
|
||||
expect_requester_sid=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)
|
||||
|
||||
@ -1798,7 +1833,10 @@ class KdcTgsTests(KDCBaseTest):
|
||||
tgt = self.get_tgt(creds, pac_request=True)
|
||||
tgt = self._modify_tgt(tgt, invalid=True)
|
||||
|
||||
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)
|
||||
tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
|
||||
expect_pac_attrs=True,
|
||||
expect_pac_attrs_pac_request=True,
|
||||
expect_requester_sid=True)
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
|
||||
|
||||
@ -1946,7 +1984,7 @@ class KdcTgsTests(KDCBaseTest):
|
||||
|
||||
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
|
||||
|
||||
pac = self.get_ticket_pac(ticket, expect_pac=False)
|
||||
pac = self.get_ticket_pac(ticket)
|
||||
self.assertIsNotNone(pac)
|
||||
|
||||
def test_tgs_rodc_pac_request_true(self):
|
||||
@ -2279,12 +2317,21 @@ class KdcTgsTests(KDCBaseTest):
|
||||
expect_requester_sid=expect_requester_sid,
|
||||
expected_sid=expected_sid)
|
||||
|
||||
def _validate_tgt(self, tgt, expected_error, expect_pac=True):
|
||||
def _validate_tgt(self, tgt, expected_error, expect_pac=True,
|
||||
expect_pac_attrs=None,
|
||||
expect_pac_attrs_pac_request=None,
|
||||
expect_requester_sid=None,
|
||||
expected_sid=None):
|
||||
krbtgt_creds = self.get_krbtgt_creds()
|
||||
kdc_options = str(krb5_asn1.KDCOptions('validate'))
|
||||
return self._tgs_req(tgt, expected_error, krbtgt_creds,
|
||||
kdc_options=kdc_options,
|
||||
expect_pac=expect_pac)
|
||||
return self._tgs_req(
|
||||
tgt, expected_error, krbtgt_creds,
|
||||
kdc_options=kdc_options,
|
||||
expect_pac=expect_pac,
|
||||
expect_pac_attrs=expect_pac_attrs,
|
||||
expect_pac_attrs_pac_request=expect_pac_attrs_pac_request,
|
||||
expect_requester_sid=expect_requester_sid,
|
||||
expected_sid=expected_sid)
|
||||
|
||||
def _s4u2self(self, tgt, tgt_creds, expected_error, expect_pac=True,
|
||||
expect_edata=False, expected_status=None):
|
||||
|
@ -602,6 +602,13 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
expect_pac = '1'
|
||||
cls.expect_pac = bool(int(expect_pac))
|
||||
|
||||
expect_extra_pac_buffers = samba.tests.env_get_var_value(
|
||||
'EXPECT_EXTRA_PAC_BUFFERS',
|
||||
allow_missing=True)
|
||||
if expect_extra_pac_buffers is None:
|
||||
expect_extra_pac_buffers = '1'
|
||||
cls.expect_extra_pac_buffers = bool(int(expect_extra_pac_buffers))
|
||||
|
||||
def setUp(self):
|
||||
super().setUp()
|
||||
self.do_asn1_print = False
|
||||
@ -2624,17 +2631,34 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
if not self.tkt_sig_support:
|
||||
require_strict.add(krb5pac.PAC_TYPE_TICKET_CHECKSUM)
|
||||
|
||||
expect_extra_pac_buffers = rep_msg_type == KRB_AS_REP
|
||||
|
||||
expect_pac_attrs = kdc_exchange_dict['expect_pac_attrs']
|
||||
|
||||
if expect_pac_attrs:
|
||||
expect_pac_attrs_pac_request = kdc_exchange_dict[
|
||||
'expect_pac_attrs_pac_request']
|
||||
else:
|
||||
expect_pac_attrs_pac_request = kdc_exchange_dict[
|
||||
'pac_request']
|
||||
|
||||
if expect_pac_attrs is None:
|
||||
if self.expect_extra_pac_buffers:
|
||||
expect_pac_attrs = expect_extra_pac_buffers
|
||||
else:
|
||||
require_strict.add(krb5pac.PAC_TYPE_ATTRIBUTES_INFO)
|
||||
if expect_pac_attrs:
|
||||
expected_types.append(krb5pac.PAC_TYPE_ATTRIBUTES_INFO)
|
||||
elif expect_pac_attrs is None:
|
||||
require_strict.add(krb5pac.PAC_TYPE_ATTRIBUTES_INFO)
|
||||
|
||||
expect_requester_sid = kdc_exchange_dict['expect_requester_sid']
|
||||
|
||||
if expect_requester_sid is None:
|
||||
if self.expect_extra_pac_buffers:
|
||||
expect_requester_sid = expect_extra_pac_buffers
|
||||
else:
|
||||
require_strict.add(krb5pac.PAC_TYPE_REQUESTER_SID)
|
||||
if expect_requester_sid:
|
||||
expected_types.append(krb5pac.PAC_TYPE_REQUESTER_SID)
|
||||
elif expect_requester_sid is None:
|
||||
require_strict.add(krb5pac.PAC_TYPE_REQUESTER_SID)
|
||||
|
||||
buffer_types = [pac_buffer.type
|
||||
for pac_buffer in pac.buffers]
|
||||
@ -2722,9 +2746,6 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
requested_pac = bool(flags & 1)
|
||||
given_pac = bool(flags & 2)
|
||||
|
||||
expect_pac_attrs_pac_request = kdc_exchange_dict[
|
||||
'expect_pac_attrs_pac_request']
|
||||
|
||||
self.assertEqual(expect_pac_attrs_pac_request is True,
|
||||
requested_pac)
|
||||
self.assertEqual(expect_pac_attrs_pac_request is None,
|
||||
@ -2734,8 +2755,8 @@ class RawKerberosTest(TestCaseInTempDir):
|
||||
and expect_requester_sid):
|
||||
requester_sid = pac_buffer.info.sid
|
||||
|
||||
self.assertIsNotNone(expected_sid)
|
||||
self.assertEqual(expected_sid, str(requester_sid))
|
||||
if expected_sid is not None:
|
||||
self.assertEqual(expected_sid, str(requester_sid))
|
||||
|
||||
def generic_check_kdc_error(self,
|
||||
kdc_exchange_dict,
|
||||
|
@ -127,11 +127,15 @@
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_false
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_none
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_true
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_service_no_auth_data_required
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_existing
|
||||
@ -147,10 +151,14 @@
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_none
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_true
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid(?!_)
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_rodc_renew
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_pac_request_false
|
||||
@ -170,6 +178,7 @@
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_revealed
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_existing
|
||||
|
@ -389,6 +389,9 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_nonexisting
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_pac_request_none
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_pac_request_true
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_req
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_allowed_denied
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_denied
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_no_krbtgt_link
|
||||
@ -451,6 +454,9 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_authdata_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_no_pac
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_pac_request_none
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_pac_request_true
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_req
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_allowed_denied
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_denied
|
||||
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_no_krbtgt_link
|
||||
|
@ -915,12 +915,14 @@ for env in ['fileserver_smb1', 'nt4_member', 'clusteredmember', 'ktest', 'nt4_dc
|
||||
have_fast_support = int('SAMBA_USES_MITKDC' in config_hash)
|
||||
tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
|
||||
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
|
||||
extra_pac_buffers = 0
|
||||
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
|
||||
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
|
||||
environ={'SERVICE_USERNAME':'$SERVER',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac})
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
|
||||
planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
|
||||
environ={'ADMIN_USERNAME':'$USERNAME',
|
||||
'ADMIN_PASSWORD':'$PASSWORD',
|
||||
@ -928,21 +930,24 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
|
||||
'STRICT_CHECKING':'0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac})
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
|
||||
planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
|
||||
environ={'ADMIN_USERNAME':'$USERNAME',
|
||||
'ADMIN_PASSWORD':'$PASSWORD',
|
||||
'STRICT_CHECKING':'0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac})
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
|
||||
|
||||
planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
|
||||
|
||||
planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
|
||||
environ={'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac})
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
|
||||
|
||||
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
|
||||
environ={
|
||||
@ -951,7 +956,8 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
|
||||
environ={
|
||||
@ -960,7 +966,8 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
for env in ['ad_dc_default', 'ad_member']:
|
||||
planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
|
||||
@ -970,7 +977,8 @@ for env in ['ad_dc_default', 'ad_member']:
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
|
||||
environ={
|
||||
@ -979,7 +987,8 @@ planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planoldpythontestsuite("ad_member_idmap_nss:local",
|
||||
"samba.tests.krb5.test_min_domain_uid",
|
||||
@ -1002,7 +1011,8 @@ planoldpythontestsuite("ad_member_idmap_nss:local",
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
|
||||
for env in ["ad_dc", smbv1_disabled_testenv]:
|
||||
@ -1597,7 +1607,8 @@ for env in ["fl2008r2dc", "fl2003dc"]:
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
|
||||
planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
|
||||
@ -1607,7 +1618,8 @@ planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
|
||||
for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
|
||||
@ -1630,7 +1642,8 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
|
||||
'ADMIN_PASSWORD': '$PASSWORD',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
|
||||
environ={
|
||||
@ -1639,12 +1652,14 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
|
||||
environ={'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac})
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
|
||||
planpythontestsuite(
|
||||
"ad_dc",
|
||||
"samba.tests.krb5.kdc_tgs_tests",
|
||||
@ -1654,7 +1669,8 @@ planpythontestsuite(
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planpythontestsuite(
|
||||
"ad_dc",
|
||||
@ -1665,7 +1681,8 @@ planpythontestsuite(
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planpythontestsuite(
|
||||
"ad_dc",
|
||||
@ -1676,7 +1693,8 @@ planpythontestsuite(
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planpythontestsuite(
|
||||
"ad_dc",
|
||||
@ -1687,7 +1705,8 @@ planpythontestsuite(
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
planpythontestsuite(
|
||||
"ad_dc",
|
||||
@ -1698,7 +1717,8 @@ planpythontestsuite(
|
||||
'STRICT_CHECKING': '0',
|
||||
'FAST_SUPPORT': have_fast_support,
|
||||
'TKT_SIG_SUPPORT': tkt_sig_support,
|
||||
'EXPECT_PAC': expect_pac
|
||||
'EXPECT_PAC': expect_pac,
|
||||
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
|
||||
})
|
||||
|
||||
for env in [
|
||||
|
Loading…
Reference in New Issue
Block a user