Joseph Sutton
2f7919db39
tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
44a44109db
tests/krb5: Adjust reply padata checking depending on whether FAST was sent
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
056fb71832
tests/krb5: Check reply FAST padata if request included FAST
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
7a27b75621
tests/krb5: Check sname is krbtgt for FAST generic error
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
dbe98005d5
tests/krb5: Add get_krbtgt_sname() method
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
5edbabeb26
tests/krb5: Remove unused variables
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
705e45e37f
tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
79b9aac65b
tests/krb5: Add check_rep_padata() method to check padata in reply
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
1389ba346d
tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
ea1ed63e88
tests/krb5: Include authdata in kdc_exchange_dict
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
2ee87dbf08
tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
...
This is useful for testing the 'hide client names' FAST option.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
0c029e780c
tests/krb5: Check encrypted-pa-data
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
99e3b909ed
tests/krb5: Add methods to determine whether elements were included in the request
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
dc7dac95ec
tests/krb5: Add functions to get dicts of request padata
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
d878bd6404
tests/krb5: Check FAST response
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
4ca05402b3
tests/krb5: Add method to verify ticket checksum for FAST
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
b62488113f
tests/krb5: Add method to check PA-FX-FAST-REPLY
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
16ce1a1d30
tests/krb5: Allow specifying parameters specific to the outer request body
...
This is useful for testing FAST.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
0df385fc49
tests/krb5: Add FAST armor generation to _generic_kdc_exchange()
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
5c2cd71ae7
tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
d554b6dc0f
tests/krb5: Include authenticator_subkey in AS-REQ exchange dict
...
This is needed for FAST.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
74f332c6f9
tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error()
...
This method will also be useful in checking TGS-REP error replies.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
0808940674
tests/krb5: Add methods to calculate keys for FAST
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
69a66c0d2a
tests/krb5: Add more methods to create ASN1 objects for FAST
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
025737deb5
tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange()
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
b6f96dd639
tests/krb5: Ensure generated padata is not None
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
4824dd4e9f
tests/krb5: Add generate_ap_req() method
...
This method will be useful to generate an AP-REQ for use as FAST armor.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
4951a105b0
tests/krb5: Check nonce in EncKDCRepPart
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
6df0e406f1
tests/krb5: Make checking less strict
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
98dc19e8c8
tests/krb5: Check version number of obtained ticket
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
3d1066e923
tests/krb5: Assert that more variables are not None
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
ba3c92f77b
tests/krb5: Ensure in assertElementPresent() that container elements are not empty
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
7881865550
tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn
...
This means that there can no longer be surprises where a test receives a
reply when it was expecting an error, or vice versa.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
8fe9589da2
tests/krb5: Include kdc_options in kdc_exchange_dict
...
Make kdc_options an element of kdc_exchange_dict instead of a parameter
to _generic_kdc_exchange(). This allows testing code to adjust the reply
checking based on the options that were specified in the request.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
21c64fda8f
tests/krb5: Always specify expected error code
...
Now the expected error code is always determined by the test code itself
rather than by generic_check_as_error().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:34 +00:00
Joseph Sutton
f5689bb8fa
tests/krb5: Add method to calculate account salt
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
ce379edf2e
tests/krb5: Use encryption with admin credentials
...
This ensures that account creation using admin credentials succeeds.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
bab7503e30
tests/krb5: Add get_EpochFromKerberosTime()
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
fe8912e4a8
tests/krb5: Make _test_as_exchange() return value more consistent
...
Always return the reply and the kdc_exchange_dict so that the caller has
more potentially useful information.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
cb332d8300
tests/krb5: Add method to return dict containing padata elements
...
This makes checking multiple padata elements easier.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
d6a242e200
tests/krb5: Check Kerberos protocol version number
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
8194b2a261
tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
a0c6538a97
tests/krb5: Fix encpart_decryption_key with MIT KDC
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
bad5f4ee5f
tests/krb5: Fix callback_dict parameter
...
Items contained in a default-created callback_dict should not be carried
over between unrelated calls to {as,tgs}_as_exchange_dict().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
67ff72395c
tests/krb5: Fix including enc-authorization-data
...
Remove the EncAuthorizationData parameters from AS_REQ_create(), since
it should only be present in the TGS-REQ form. Also, fix a call to
EncryptedData_create() to supply the key usage when creating
enc-authorization-data.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
a2b183c179
tests/krb5: Remove magic constants
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
41c3e41034
tests/krb5: Simplify Python syntax
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
38b3a36181
tests/krb5: Use more compact dict lookup
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
1320ac0f91
tests/krb5: Remove unneeded statements
...
A return statement is redundant as the last statement in a method, as
methods will otherwise return None. Also, code blocks consisting of a
single 'pass' statement can be safely omitted.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
Joseph Sutton
df6623363a
tests/krb5: formatting
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
Reviewed-by: Andrew Bartlett <abartlet@samba.org >
Reviewed-by: Andreas Schneider <asn@samba.org >
2021-08-18 22:28:33 +00:00
