mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
tests/krb5: Make use of KerberosCredentials.get_sid()
KerberosCredentials objects now keep track of their account’s SID, which removes the need to look it up with KDCBaseTest.get_objectSid(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton
Andrew Bartlett
parent
490c451a79
commit
fb260e1f46
@ -94,7 +94,7 @@ class AliasTests(KDCBaseTest):
|
||||
samdb, mach_name, account_type=self.AccountType.COMPUTER)
|
||||
self.addCleanup(delete_force, samdb, mach_dn)
|
||||
|
||||
mach_sid = self.get_objectSid(samdb, mach_dn)
|
||||
mach_sid = mach_creds.get_sid()
|
||||
realm = mach_creds.get_realm()
|
||||
|
||||
# The account salt doesn't change when the account is renamed.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -437,7 +437,7 @@ class ClaimsTests(KDCBaseTest):
|
||||
user_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
|
||||
names=[user_name])
|
||||
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
user_sid = user_creds.get_sid()
|
||||
|
||||
mach_realm = mach_creds.get_realm()
|
||||
|
||||
@ -1616,7 +1616,7 @@ class ClaimsTests(KDCBaseTest):
|
||||
user_creds = self.get_cached_creds(
|
||||
account_type=self.AccountType.USER)
|
||||
user_dn = user_creds.get_dn()
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
user_sid = user_creds.get_sid()
|
||||
|
||||
mach_name = self.get_new_username()
|
||||
mach_creds, mach_dn_str = self.create_account(
|
||||
@ -1625,7 +1625,7 @@ class ClaimsTests(KDCBaseTest):
|
||||
account_type=self.AccountType.COMPUTER,
|
||||
additional_details=details)
|
||||
mach_dn = ldb.Dn(samdb, mach_dn_str)
|
||||
mach_sid = self.get_objectSid(samdb, mach_dn)
|
||||
mach_sid = mach_creds.get_sid()
|
||||
|
||||
user_principal = Principal(user_dn, user_sid)
|
||||
mach_principal = Principal(mach_dn, mach_sid)
|
||||
|
||||
@ -1915,7 +1915,7 @@ class DeviceTests(KDCBaseTest):
|
||||
account_type=self.AccountType.USER,
|
||||
use_cache=user_use_cache)
|
||||
user_dn = user_creds.get_dn()
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
user_sid = user_creds.get_sid()
|
||||
user_name = user_creds.get_username()
|
||||
|
||||
trust_user_rid = random.randint(2000, 0xfffffffe)
|
||||
@ -1942,7 +1942,7 @@ class DeviceTests(KDCBaseTest):
|
||||
use_cache=mach_use_cache)
|
||||
mach_dn = mach_creds.get_dn()
|
||||
mach_dn_str = str(mach_dn)
|
||||
mach_sid = self.get_objectSid(samdb, mach_dn)
|
||||
mach_sid = mach_creds.get_sid()
|
||||
|
||||
user_principal = Principal(user_dn, user_sid)
|
||||
mach_principal = Principal(mach_dn, mach_sid)
|
||||
|
||||
@ -221,7 +221,7 @@ class GroupTests(KDCBaseTest):
|
||||
})
|
||||
|
||||
# Get the SID and RID of the user account.
|
||||
user_sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
user_sid = creds.get_sid()
|
||||
user_rid = int(user_sid.rsplit('-', 1)[1])
|
||||
|
||||
# Get the SID and RID of the universal group.
|
||||
@ -288,7 +288,7 @@ class GroupTests(KDCBaseTest):
|
||||
})
|
||||
|
||||
# Get the SID and RID of the user account.
|
||||
user_sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
user_sid = creds.get_sid()
|
||||
user_rid = int(user_sid.rsplit('-', 1)[1])
|
||||
|
||||
# Get the SID and RID of the universal group.
|
||||
@ -365,7 +365,7 @@ class GroupTests(KDCBaseTest):
|
||||
})
|
||||
|
||||
# Get the SID and RID of the user account.
|
||||
user_sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
user_sid = creds.get_sid()
|
||||
user_rid = int(user_sid.rsplit('-', 1)[1])
|
||||
|
||||
# Get the SID and RID of the universal group.
|
||||
@ -1809,7 +1809,7 @@ class GroupTests(KDCBaseTest):
|
||||
account_type=self.AccountType.USER,
|
||||
use_cache=False)
|
||||
user_dn = user_creds.get_dn()
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
user_sid = user_creds.get_sid()
|
||||
user_name = user_creds.get_username()
|
||||
salt = user_creds.get_salt()
|
||||
|
||||
|
||||
@ -3203,7 +3203,7 @@ class KDCBaseTest(TestCaseInTempDir, RawKerberosTest):
|
||||
attrs=['tokenGroups'])
|
||||
self.assertEqual(1, len(res))
|
||||
|
||||
sid = self.get_objectSid(samdb, dn)
|
||||
sid = creds.get_sid()
|
||||
|
||||
token_groups = res[0].get('tokenGroups', idx=0)
|
||||
token_sid = ndr_unpack(security.dom_sid, token_groups)
|
||||
|
||||
@ -471,7 +471,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
enc_part = self.decode_service_ticket(mc, ticket)
|
||||
|
||||
pac_data = self.get_pac_data(enc_part['authorization-data'])
|
||||
sid = self.get_objectSid(samdb, dn)
|
||||
sid = uc.get_sid()
|
||||
upn = "%s@%s" % (uc.get_username(), realm)
|
||||
self.assertEqual(
|
||||
uc.get_username(),
|
||||
@ -896,7 +896,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
if upn_name is None:
|
||||
realm = client_creds.get_realm().lower()
|
||||
upn_name = f'{account_name}@{realm}'
|
||||
sid = self.get_objectSid(samdb, dn)
|
||||
sid = client_creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(client_creds,
|
||||
expected_account_name=account_name,
|
||||
@ -2147,7 +2147,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
creds = self._get_creds()
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2158,7 +2158,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
creds = self._get_creds()
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2172,7 +2172,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
creds = self._get_creds()
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2191,7 +2191,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
revealed_to_rodc=True)
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2208,7 +2208,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
creds = self._get_creds()
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2224,7 +2224,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
revealed_to_rodc=True)
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2239,7 +2239,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
creds = self._get_creds()
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2258,7 +2258,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
revealed_to_rodc=True)
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2275,7 +2275,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
creds = self._get_creds()
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2291,7 +2291,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
revealed_to_rodc=True)
|
||||
|
||||
samdb = self.get_samdb()
|
||||
sid = self.get_objectSid(samdb, creds.get_dn())
|
||||
sid = creds.get_sid()
|
||||
|
||||
tgt = self.get_tgt(creds, pac_request=None,
|
||||
expect_pac=True,
|
||||
@ -2949,11 +2949,7 @@ class KdcTgsTests(KdcTgsBaseTests):
|
||||
'id': 1
|
||||
})
|
||||
|
||||
samdb = self.get_samdb()
|
||||
|
||||
other_dn = other_creds.get_dn()
|
||||
other_sid = self.get_objectSid(samdb, other_dn)
|
||||
|
||||
other_sid = other_creds.get_sid()
|
||||
other_rid = int(other_sid.rsplit('-', 1)[1])
|
||||
|
||||
return other_rid
|
||||
|
||||
@ -518,7 +518,7 @@ class KpasswdTests(KDCBaseTest):
|
||||
sd_utils = SDUtils(samdb)
|
||||
|
||||
user_dn = creds.get_dn()
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
user_sid = creds.get_sid()
|
||||
|
||||
# Give the user control access on their account.
|
||||
ace = f'(A;;CR;;;{user_sid})'
|
||||
@ -636,17 +636,11 @@ class KpasswdTests(KDCBaseTest):
|
||||
names=['krbtgt', realm])
|
||||
ticket.set_sname(krbtgt_sname)
|
||||
|
||||
# Get the user's SID.
|
||||
samdb = self.get_samdb()
|
||||
|
||||
user_dn = creds.get_dn()
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
|
||||
# Modify the ticket to add a requester SID and give it two minutes to
|
||||
# live.
|
||||
ticket = self.modify_lifetime(ticket,
|
||||
lifetime=2 * 60,
|
||||
requester_sid=user_sid)
|
||||
requester_sid=creds.get_sid())
|
||||
|
||||
# Try to use that ticket to get a service ticket.
|
||||
service_creds = self.get_service_creds()
|
||||
@ -670,17 +664,11 @@ class KpasswdTests(KDCBaseTest):
|
||||
names=['krbtgt', realm])
|
||||
ticket.set_sname(krbtgt_sname)
|
||||
|
||||
# Get the user's SID.
|
||||
samdb = self.get_samdb()
|
||||
|
||||
user_dn = creds.get_dn()
|
||||
user_sid = self.get_objectSid(samdb, user_dn)
|
||||
|
||||
# Modify the ticket to add a requester SID and give it two minutes and
|
||||
# ten seconds to live.
|
||||
ticket = self.modify_lifetime(ticket,
|
||||
lifetime=2 * 60 + 10,
|
||||
requester_sid=user_sid)
|
||||
requester_sid=creds.get_sid())
|
||||
|
||||
# Try to use that ticket to get a service ticket.
|
||||
service_creds = self.get_service_creds()
|
||||
|
||||
@ -53,7 +53,6 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
|
||||
def check_pac(self, samdb, auth_data, dn, uc, name, upn=None):
|
||||
|
||||
pac_data = self.get_pac_data(auth_data)
|
||||
sid = self.get_objectSid(samdb, dn)
|
||||
if upn is None:
|
||||
upn = "%s@%s" % (name, uc.get_realm().lower())
|
||||
if name.endswith('$'):
|
||||
@ -76,7 +75,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
|
||||
pac_data.upn,
|
||||
"pac_data = {%s}" % str(pac_data))
|
||||
self.assertEqual(
|
||||
sid,
|
||||
uc.get_sid(),
|
||||
pac_data.account_sid,
|
||||
"pac_data = {%s}" % str(pac_data))
|
||||
|
||||
|
||||
@ -246,10 +246,6 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
client_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
|
||||
names=[client_name])
|
||||
|
||||
samdb = self.get_samdb()
|
||||
client_dn = client_creds.get_dn()
|
||||
sid = self.get_objectSid(samdb, client_dn)
|
||||
|
||||
service_name = kdc_dict.pop('service_name', None)
|
||||
if service_name is None:
|
||||
service_name = service_creds.get_username()[:-1]
|
||||
@ -313,7 +309,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
expected_account_name=client_name,
|
||||
expected_groups=expected_groups,
|
||||
unexpected_groups=unexpected_groups,
|
||||
expected_sid=sid,
|
||||
expected_sid=client_creds.get_sid(),
|
||||
expected_flags=expected_flags,
|
||||
unexpected_flags=unexpected_flags,
|
||||
ticket_decryption_key=service_decryption_key,
|
||||
@ -568,9 +564,7 @@ class S4UKerberosTests(KDCBaseTest):
|
||||
account_type=self.AccountType.USER,
|
||||
opts=client_opts)
|
||||
|
||||
samdb = self.get_samdb()
|
||||
client_dn = client_creds.get_dn()
|
||||
sid = self.get_objectSid(samdb, client_dn)
|
||||
sid = client_creds.get_sid()
|
||||
|
||||
service1_opts = kdc_dict.pop('service1_opts', {})
|
||||
service2_opts = kdc_dict.pop('service2_opts', {})
|
||||
|
||||
Loading…
Reference in New Issue
Block a user