sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

tests/krb5: Check ticket cname for Heimdal

Browse Source 
This is currently not checked in several places due to STRICT_CHECKING
being set to 0.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2021-11-25 16:16:52 +13:00 committed by Andrew Bartlett
parent 3fc9dc2395
commit ff6d325e38
2 changed files with 55 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
python/samba/tests/krb5/raw_testcase.py
View File

@ -609,6 +609,12 @@ class RawKerberosTest(TestCaseInTempDir):
expect_extra_pac_buffers = '1' expect_extra_pac_buffers = '1'
cls.expect_extra_pac_buffers = bool(int(expect_extra_pac_buffers)) cls.expect_extra_pac_buffers = bool(int(expect_extra_pac_buffers))
cname_checking = samba.tests.env_get_var_value('CHECK_CNAME',
allow_missing=True)
if cname_checking is None:
cname_checking = '1'
cls.cname_checking = bool(int(cname_checking))
def setUp(self): def setUp(self):
super().setUp() super().setUp()
self.do_asn1_print = False self.do_asn1_print = False
@ -2232,6 +2238,7 @@ class RawKerberosTest(TestCaseInTempDir):
padata = self.getElementValue(rep, 'padata') padata = self.getElementValue(rep, 'padata')
if self.strict_checking: if self.strict_checking:
self.assertElementEqualUTF8(rep, 'crealm', expected_crealm) self.assertElementEqualUTF8(rep, 'crealm', expected_crealm)
if self.cname_checking:
if expected_anon: if expected_anon:
expected_cname = self.PrincipalName_create( expected_cname = self.PrincipalName_create(
name_type=NT_WELLKNOWN, name_type=NT_WELLKNOWN,
@ -2452,7 +2459,7 @@ class RawKerberosTest(TestCaseInTempDir):
ticket_session_key = self.EncryptionKey_import(ticket_key) ticket_session_key = self.EncryptionKey_import(ticket_key)
self.assertElementEqualUTF8(ticket_private, 'crealm', self.assertElementEqualUTF8(ticket_private, 'crealm',
expected_crealm) expected_crealm)
if self.strict_checking: if self.cname_checking:
self.assertElementEqualPrincipal(ticket_private, 'cname', self.assertElementEqualPrincipal(ticket_private, 'cname',
expected_cname) expected_cname)
self.assertElementPresent(ticket_private, 'transited') self.assertElementPresent(ticket_private, 'transited')
@ -2695,7 +2702,7 @@ class RawKerberosTest(TestCaseInTempDir):
elif pac_buffer.type == krb5pac.PAC_TYPE_LOGON_NAME: elif pac_buffer.type == krb5pac.PAC_TYPE_LOGON_NAME:
expected_cname = kdc_exchange_dict['expected_cname'] expected_cname = kdc_exchange_dict['expected_cname']
account_name = expected_cname['name-string'][0] account_name = '/'.join(expected_cname['name-string'])
self.assertEqual(account_name, pac_buffer.info.account_name) self.assertEqual(account_name, pac_buffer.info.account_name)
@ -2785,15 +2792,15 @@ class RawKerberosTest(TestCaseInTempDir):
self.assertElementPresent(rep, 'stime') self.assertElementPresent(rep, 'stime')
self.assertElementPresent(rep, 'susec') self.assertElementPresent(rep, 'susec')
# error-code checked above # error-code checked above
if expected_anon and not inner:
expected_cname = self.PrincipalName_create(
name_type=NT_WELLKNOWN,
names=['WELLKNOWN', 'ANONYMOUS'])
self.assertElementEqualPrincipal(rep, 'cname', expected_cname)
elif self.strict_checking:
self.assertElementMissing(rep, 'cname')
if self.strict_checking: if self.strict_checking:
self.assertElementMissing(rep, 'crealm') self.assertElementMissing(rep, 'crealm')
if expected_anon and not inner:
expected_cname = self.PrincipalName_create(
name_type=NT_WELLKNOWN,
names=['WELLKNOWN', 'ANONYMOUS'])
self.assertElementEqualPrincipal(rep, 'cname', expected_cname)
else:
self.assertElementMissing(rep, 'cname')
self.assertElementEqualUTF8(rep, 'realm', expected_srealm) self.assertElementEqualUTF8(rep, 'realm', expected_srealm)
self.assertElementEqualPrincipal(rep, 'sname', expected_sname) self.assertElementEqualPrincipal(rep, 'sname', expected_sname)
self.assertElementMissing(rep, 'e-text') self.assertElementMissing(rep, 'e-text')

58
source4/selftest/tests.py
View File

@ -944,13 +944,15 @@ have_fast_support = int('SAMBA_USES_MITKDC' in config_hash)
tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash) tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash) expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash) extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto") planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
environ={'SERVICE_USERNAME':'$SERVER', environ={'SERVICE_USERNAME':'$SERVER',
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname})
planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
environ={'ADMIN_USERNAME':'$USERNAME', environ={'ADMIN_USERNAME':'$USERNAME',
'ADMIN_PASSWORD':'$PASSWORD', 'ADMIN_PASSWORD':'$PASSWORD',
@ -959,7 +961,8 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname})
planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests", planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
environ={'ADMIN_USERNAME':'$USERNAME', environ={'ADMIN_USERNAME':'$USERNAME',
'ADMIN_PASSWORD':'$PASSWORD', 'ADMIN_PASSWORD':'$PASSWORD',
@ -967,7 +970,8 @@ planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname})
planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns") planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
@ -975,7 +979,8 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
environ={'FAST_SUPPORT': have_fast_support, environ={'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname})
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
environ={ environ={
@ -985,7 +990,8 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap", planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
environ={ environ={
@ -995,7 +1001,8 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
for env in ['ad_dc_default', 'ad_member']: for env in ['ad_dc_default', 'ad_member']:
planoldpythontestsuite(env, "samba.tests.krb5.test_rpc", planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
@ -1006,7 +1013,8 @@ for env in ['ad_dc_default', 'ad_member']:
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb", planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
environ={ environ={
@ -1016,7 +1024,8 @@ planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planoldpythontestsuite("ad_member_idmap_nss:local", planoldpythontestsuite("ad_member_idmap_nss:local",
"samba.tests.krb5.test_min_domain_uid", "samba.tests.krb5.test_min_domain_uid",
@ -1040,7 +1049,8 @@ planoldpythontestsuite("ad_member_idmap_nss:local",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
for env in ["ad_dc", smbv1_disabled_testenv]: for env in ["ad_dc", smbv1_disabled_testenv]:
@ -1636,7 +1646,8 @@ for env in ["fl2008r2dc", "fl2003dc"]:
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests', planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
@ -1647,7 +1658,8 @@ planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
@ -1671,7 +1683,8 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests", planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
environ={ environ={
@ -1681,13 +1694,15 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests", planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
environ={'FAST_SUPPORT': have_fast_support, environ={'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers}) 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname})
planpythontestsuite( planpythontestsuite(
"ad_dc", "ad_dc",
"samba.tests.krb5.kdc_tgs_tests", "samba.tests.krb5.kdc_tgs_tests",
@ -1698,7 +1713,8 @@ planpythontestsuite(
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planpythontestsuite( planpythontestsuite(
"ad_dc", "ad_dc",
@ -1710,7 +1726,8 @@ planpythontestsuite(
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planpythontestsuite( planpythontestsuite(
"ad_dc", "ad_dc",
@ -1722,7 +1739,8 @@ planpythontestsuite(
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planpythontestsuite( planpythontestsuite(
"ad_dc", "ad_dc",
@ -1734,7 +1752,8 @@ planpythontestsuite(
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
planpythontestsuite( planpythontestsuite(
"ad_dc", "ad_dc",
@ -1746,7 +1765,8 @@ planpythontestsuite(
'FAST_SUPPORT': have_fast_support, 'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support, 'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac, 'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
'CHECK_CNAME': check_cname
}) })
for env in [ for env in [