diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index 99a91528fa8..f14439a4ab5 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -497,12 +497,18 @@ class KdcTgsTests(KDCBaseTest): def test_renew_req(self): creds = self._get_creds() tgt = self._get_tgt(creds, renewable=True) - self._renew_tgt(tgt, expected_error=0) + self._renew_tgt(tgt, expected_error=0, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) def test_validate_req(self): creds = self._get_creds() tgt = self._get_tgt(creds, invalid=True) - self._validate_tgt(tgt, expected_error=0) + self._validate_tgt(tgt, expected_error=0, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) def test_s4u2self_req(self): creds = self._get_creds() @@ -774,13 +780,17 @@ class KdcTgsTests(KDCBaseTest): creds = self._get_creds(replication_allowed=True, revealed_to_rodc=True) tgt = self._get_tgt(creds, renewable=True, from_rodc=True) - self._renew_tgt(tgt, expected_error=0) + self._renew_tgt(tgt, expected_error=0, + expect_pac_attrs=False, + expect_requester_sid=True) def test_validate_rodc_revealed(self): creds = self._get_creds(replication_allowed=True, revealed_to_rodc=True) tgt = self._get_tgt(creds, invalid=True, from_rodc=True) - self._validate_tgt(tgt, expected_error=0) + self._validate_tgt(tgt, expected_error=0, + expect_pac_attrs=False, + expect_requester_sid=True) def test_s4u2self_rodc_revealed(self): creds = self._get_creds(replication_allowed=True, @@ -1434,7 +1444,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, expect_pac_attrs=True, - expect_pac_attrs_pac_request=None) + expect_pac_attrs_pac_request=None, + expect_requester_sid=True) def test_pac_attrs_renew_false(self): creds = self._get_creds() @@ -1447,7 +1458,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, expect_pac_attrs=True, - expect_pac_attrs_pac_request=False) + expect_pac_attrs_pac_request=False, + expect_requester_sid=True) def test_pac_attrs_renew_true(self): creds = self._get_creds() @@ -1460,7 +1472,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, expect_pac_attrs=True, - expect_pac_attrs_pac_request=True) + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) def test_pac_attrs_rodc_renew_none(self): creds = self._get_creds(replication_allowed=True, @@ -1473,8 +1486,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=True, - expect_pac_attrs_pac_request=None) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_rodc_renew_false(self): creds = self._get_creds(replication_allowed=True, @@ -1487,8 +1500,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=True, - expect_pac_attrs_pac_request=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_rodc_renew_true(self): creds = self._get_creds(replication_allowed=True, @@ -1501,8 +1514,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=True, - expect_pac_attrs_pac_request=True) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_missing_renew_none(self): creds = self._get_creds() @@ -1515,7 +1528,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_missing_renew_false(self): creds = self._get_creds() @@ -1528,7 +1542,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_missing_renew_true(self): creds = self._get_creds() @@ -1541,7 +1556,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_missing_rodc_renew_none(self): creds = self._get_creds(replication_allowed=True, @@ -1555,7 +1571,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_missing_rodc_renew_false(self): creds = self._get_creds(replication_allowed=True, @@ -1569,7 +1586,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_pac_attrs_missing_rodc_renew_true(self): creds = self._get_creds(replication_allowed=True, @@ -1583,7 +1601,8 @@ class KdcTgsTests(KDCBaseTest): self._renew_tgt(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=False) + expect_pac_attrs=False, + expect_requester_sid=True) def test_tgs_pac_attrs_none(self): creds = self._get_creds() @@ -1593,8 +1612,7 @@ class KdcTgsTests(KDCBaseTest): expect_pac_attrs_pac_request=None) self._run_tgs(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=True, - expect_pac_attrs_pac_request=None) + expect_pac_attrs=False) def test_tgs_pac_attrs_false(self): creds = self._get_creds() @@ -1603,7 +1621,8 @@ class KdcTgsTests(KDCBaseTest): expect_pac_attrs=True, expect_pac_attrs_pac_request=False) - self._run_tgs(tgt, expected_error=0, expect_pac=False) + self._run_tgs(tgt, expected_error=0, expect_pac=False, + expect_pac_attrs=False) def test_tgs_pac_attrs_true(self): creds = self._get_creds() @@ -1613,8 +1632,7 @@ class KdcTgsTests(KDCBaseTest): expect_pac_attrs_pac_request=True) self._run_tgs(tgt, expected_error=0, expect_pac=True, - expect_pac_attrs=True, - expect_pac_attrs_pac_request=True) + expect_pac_attrs=False) def test_as_requester_sid(self): creds = self._get_creds() @@ -1639,8 +1657,7 @@ class KdcTgsTests(KDCBaseTest): expect_requester_sid=True) self._run_tgs(tgt, expected_error=0, expect_pac=True, - expected_sid=sid, - expect_requester_sid=True) + expect_requester_sid=False) def test_tgs_requester_sid_renew(self): creds = self._get_creds() @@ -1655,6 +1672,8 @@ class KdcTgsTests(KDCBaseTest): tgt = self._modify_tgt(tgt, renewable=True) self._renew_tgt(tgt, expected_error=0, expect_pac=True, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=None, expected_sid=sid, expect_requester_sid=True) @@ -1672,6 +1691,7 @@ class KdcTgsTests(KDCBaseTest): tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True) self._renew_tgt(tgt, expected_error=0, expect_pac=True, + expect_pac_attrs=False, expected_sid=sid, expect_requester_sid=True) @@ -1738,7 +1758,10 @@ class KdcTgsTests(KDCBaseTest): tgt = self.get_tgt(creds, pac_request=None) tgt = self._modify_tgt(tgt, renewable=True) - tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None) + tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=None, + expect_requester_sid=True) ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True) @@ -1750,7 +1773,10 @@ class KdcTgsTests(KDCBaseTest): tgt = self.get_tgt(creds, pac_request=False, expect_pac=None) tgt = self._modify_tgt(tgt, renewable=True) - tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None) + tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=False, + expect_requester_sid=True) ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False) @@ -1762,7 +1788,10 @@ class KdcTgsTests(KDCBaseTest): tgt = self.get_tgt(creds, pac_request=True) tgt = self._modify_tgt(tgt, renewable=True) - tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None) + tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True) @@ -1774,7 +1803,10 @@ class KdcTgsTests(KDCBaseTest): tgt = self.get_tgt(creds, pac_request=None) tgt = self._modify_tgt(tgt, invalid=True) - tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None) + tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=None, + expect_requester_sid=True) ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True) @@ -1786,7 +1818,10 @@ class KdcTgsTests(KDCBaseTest): tgt = self.get_tgt(creds, pac_request=False, expect_pac=None) tgt = self._modify_tgt(tgt, invalid=True) - tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None) + tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=False, + expect_requester_sid=True) ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False) @@ -1798,7 +1833,10 @@ class KdcTgsTests(KDCBaseTest): tgt = self.get_tgt(creds, pac_request=True) tgt = self._modify_tgt(tgt, invalid=True) - tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None) + tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True) @@ -1946,7 +1984,7 @@ class KdcTgsTests(KDCBaseTest): ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True) - pac = self.get_ticket_pac(ticket, expect_pac=False) + pac = self.get_ticket_pac(ticket) self.assertIsNotNone(pac) def test_tgs_rodc_pac_request_true(self): @@ -2279,12 +2317,21 @@ class KdcTgsTests(KDCBaseTest): expect_requester_sid=expect_requester_sid, expected_sid=expected_sid) - def _validate_tgt(self, tgt, expected_error, expect_pac=True): + def _validate_tgt(self, tgt, expected_error, expect_pac=True, + expect_pac_attrs=None, + expect_pac_attrs_pac_request=None, + expect_requester_sid=None, + expected_sid=None): krbtgt_creds = self.get_krbtgt_creds() kdc_options = str(krb5_asn1.KDCOptions('validate')) - return self._tgs_req(tgt, expected_error, krbtgt_creds, - kdc_options=kdc_options, - expect_pac=expect_pac) + return self._tgs_req( + tgt, expected_error, krbtgt_creds, + kdc_options=kdc_options, + expect_pac=expect_pac, + expect_pac_attrs=expect_pac_attrs, + expect_pac_attrs_pac_request=expect_pac_attrs_pac_request, + expect_requester_sid=expect_requester_sid, + expected_sid=expected_sid) def _s4u2self(self, tgt, tgt_creds, expected_error, expect_pac=True, expect_edata=False, expected_status=None): diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index da3f69c79c6..14e655313fc 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -602,6 +602,13 @@ class RawKerberosTest(TestCaseInTempDir): expect_pac = '1' cls.expect_pac = bool(int(expect_pac)) + expect_extra_pac_buffers = samba.tests.env_get_var_value( + 'EXPECT_EXTRA_PAC_BUFFERS', + allow_missing=True) + if expect_extra_pac_buffers is None: + expect_extra_pac_buffers = '1' + cls.expect_extra_pac_buffers = bool(int(expect_extra_pac_buffers)) + def setUp(self): super().setUp() self.do_asn1_print = False @@ -2624,17 +2631,34 @@ class RawKerberosTest(TestCaseInTempDir): if not self.tkt_sig_support: require_strict.add(krb5pac.PAC_TYPE_TICKET_CHECKSUM) + expect_extra_pac_buffers = rep_msg_type == KRB_AS_REP + expect_pac_attrs = kdc_exchange_dict['expect_pac_attrs'] + + if expect_pac_attrs: + expect_pac_attrs_pac_request = kdc_exchange_dict[ + 'expect_pac_attrs_pac_request'] + else: + expect_pac_attrs_pac_request = kdc_exchange_dict[ + 'pac_request'] + + if expect_pac_attrs is None: + if self.expect_extra_pac_buffers: + expect_pac_attrs = expect_extra_pac_buffers + else: + require_strict.add(krb5pac.PAC_TYPE_ATTRIBUTES_INFO) if expect_pac_attrs: expected_types.append(krb5pac.PAC_TYPE_ATTRIBUTES_INFO) - elif expect_pac_attrs is None: - require_strict.add(krb5pac.PAC_TYPE_ATTRIBUTES_INFO) expect_requester_sid = kdc_exchange_dict['expect_requester_sid'] + + if expect_requester_sid is None: + if self.expect_extra_pac_buffers: + expect_requester_sid = expect_extra_pac_buffers + else: + require_strict.add(krb5pac.PAC_TYPE_REQUESTER_SID) if expect_requester_sid: expected_types.append(krb5pac.PAC_TYPE_REQUESTER_SID) - elif expect_requester_sid is None: - require_strict.add(krb5pac.PAC_TYPE_REQUESTER_SID) buffer_types = [pac_buffer.type for pac_buffer in pac.buffers] @@ -2722,9 +2746,6 @@ class RawKerberosTest(TestCaseInTempDir): requested_pac = bool(flags & 1) given_pac = bool(flags & 2) - expect_pac_attrs_pac_request = kdc_exchange_dict[ - 'expect_pac_attrs_pac_request'] - self.assertEqual(expect_pac_attrs_pac_request is True, requested_pac) self.assertEqual(expect_pac_attrs_pac_request is None, @@ -2734,8 +2755,8 @@ class RawKerberosTest(TestCaseInTempDir): and expect_requester_sid): requester_sid = pac_buffer.info.sid - self.assertIsNotNone(expected_sid) - self.assertEqual(expected_sid, str(requester_sid)) + if expected_sid is not None: + self.assertEqual(expected_sid, str(requester_sid)) def generic_check_kdc_error(self, kdc_exchange_dict, diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc index 42b70e97f60..475abc03182 100644 --- a/selftest/knownfail_heimdal_kdc +++ b/selftest/knownfail_heimdal_kdc @@ -127,11 +127,15 @@ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_nonexisting +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_false +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_pac_attrs_rodc_renew_true ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_service_no_auth_data_required ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_revealed ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_sid_mismatch_existing @@ -147,10 +151,14 @@ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_pac_attrs_true ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_requester_sid ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid(?!_) ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_renew ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_rodc_renew +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_rodc_renew ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_pac_request_false @@ -170,6 +178,7 @@ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_revealed ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_sid_mismatch_existing diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc index 1723481c931..1e63bb33d03 100644 --- a/selftest/knownfail_mit_kdc +++ b/selftest/knownfail_mit_kdc @@ -389,6 +389,9 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_logon_info_only_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_req ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_allowed_denied ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_denied ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_rodc_no_krbtgt_link @@ -451,6 +454,9 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_no_pac +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_pac_request_none +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_pac_request_true +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_req ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_allowed_denied ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_denied ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_no_krbtgt_link diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 7435d9d9d27..0570f9e116f 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -915,12 +915,14 @@ for env in ['fileserver_smb1', 'nt4_member', 'clusteredmember', 'ktest', 'nt4_dc have_fast_support = int('SAMBA_USES_MITKDC' in config_hash) tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash) expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash) +extra_pac_buffers = 0 planoldpythontestsuite("none", "samba.tests.krb5.kcrypto") planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", environ={'SERVICE_USERNAME':'$SERVER', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac}) + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", environ={'ADMIN_USERNAME':'$USERNAME', 'ADMIN_PASSWORD':'$PASSWORD', @@ -928,21 +930,24 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", 'STRICT_CHECKING':'0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac}) + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests", environ={'ADMIN_USERNAME':'$USERNAME', 'ADMIN_PASSWORD':'$PASSWORD', 'STRICT_CHECKING':'0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac}) + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns") planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests", environ={'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac}) + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", environ={ @@ -951,7 +956,8 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap", environ={ @@ -960,7 +966,8 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap", 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) for env in ['ad_dc_default', 'ad_member']: planoldpythontestsuite(env, "samba.tests.krb5.test_rpc", @@ -970,7 +977,8 @@ for env in ['ad_dc_default', 'ad_member']: 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb", environ={ @@ -979,7 +987,8 @@ planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb", 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planoldpythontestsuite("ad_member_idmap_nss:local", "samba.tests.krb5.test_min_domain_uid", @@ -1002,7 +1011,8 @@ planoldpythontestsuite("ad_member_idmap_nss:local", 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) for env in ["ad_dc", smbv1_disabled_testenv]: @@ -1597,7 +1607,8 @@ for env in ["fl2008r2dc", "fl2003dc"]: 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests', @@ -1607,7 +1618,8 @@ planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests', 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: @@ -1630,7 +1642,8 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", 'ADMIN_PASSWORD': '$PASSWORD', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests", environ={ @@ -1639,12 +1652,14 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests", 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests", environ={'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac}) + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) planpythontestsuite( "ad_dc", "samba.tests.krb5.kdc_tgs_tests", @@ -1654,7 +1669,8 @@ planpythontestsuite( 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planpythontestsuite( "ad_dc", @@ -1665,7 +1681,8 @@ planpythontestsuite( 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planpythontestsuite( "ad_dc", @@ -1676,7 +1693,8 @@ planpythontestsuite( 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planpythontestsuite( "ad_dc", @@ -1687,7 +1705,8 @@ planpythontestsuite( 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) planpythontestsuite( "ad_dc", @@ -1698,7 +1717,8 @@ planpythontestsuite( 'STRICT_CHECKING': '0', 'FAST_SUPPORT': have_fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, - 'EXPECT_PAC': expect_pac + 'EXPECT_PAC': expect_pac, + 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers }) for env in [