samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-12-19 12:23:49 +03:00

Author	SHA1	Message	Date
Andreas Schneider	36325f1ee9	python:tests: Don't require an emtpy 'authorization-data' to be present Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Joseph Sutton <jsutton@samba.org> Autobuild-Date(master): Mon Dec 20 08:26:45 UTC 2021 on sn-devel-184	2021-12-20 08:26:45 +00:00
Joseph Sutton	100be7eb8e	tests/krb5: Correctly determine whether tickets are service tickets Previously we expected tickets to contain a ticket checksum if the sname was not the krbtgt. However, the ticket checksum should not be present if we are performing an AS-REQ to our own account. Now we determine a ticket is a service ticket only if the request is also a TGS-REQ. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-15 03:41:32 +00:00
Joseph Sutton	221569a14c	tests/krb5: Allow PADATA-ENCRYPTED-CHALLENGE to be missing for skew errors A skew error means the client just tried using PADATA-ENC-TIMESTAMP or PADATA-ENCRYPTED-CHALLENGE, so it might not be necessary to announce them in that case. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Dec 7 08:32:42 UTC 2021 on sn-devel-184	2021-12-07 08:32:42 +00:00
Joseph Sutton	9844a33186	tests/krb5: Allow 'renew-till' element to be present if STRICT_CHECKING=0 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	d5cb6a1449	tests/krb5: Don't require claims PAC buffers if STRICT_CHECKING=0 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	45d81d56ab	tests/krb5: Allow additional unexpected padata types Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	6bf3610c5d	tests/krb5: Make edata checking less strict Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	dfe6ef6f3e	tests/krb5: Add tests for FAST with use-session-key flag and armor ticket This flag should be ignored and the FAST armor key used instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	860065a3c9	tests/krb5: Add tests for AS-REQ with an SPN Using a SPN should only be permitted if it is also a UPN, and is not an enterprise principal. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	ff6d325e38	tests/krb5: Check ticket cname for Heimdal This is currently not checked in several places due to STRICT_CHECKING being set to 0. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	ebc9137cee	tests/krb5: Align PAC buffer checking to more closely match Windows with PacRequestorEnforcement=2 We set EXPECT_EXTRA_PAC_BUFFERS to 0 for the moment. This signifies that these checks are currently not enforced, which avoids a lot of test failures. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	a560c2e9ad	tests/krb5: Allow PasswordKey_create() to use s2kparams Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	57b1b76154	tests/krb5: Remove unused variable Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	8752b83bb9	CVE-2020-25719 tests/krb5: Add EXPECT_PAC environment variable to expect pac from all TGS tickets BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	42405aa46b	CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_REQUESTER_SID PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	58455c4876	CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_ATTRIBUTES_INFO PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	21298ddfc5	CVE-2020-25719 tests/krb5: Expect 'renew-till' element when renewing a TGT BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	383bedd6fd	CVE-2020-25719 tests/krb5: Don't expect a kvno for user-to-user BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	dd251f26df	CVE-2020-25719 tests/krb5: Allow update_pac_checksums=True if the PAC is not present BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	903ab1a027	CVE-2020-25721 tests/krb5: Add tests for extended PAC_UPN_DNS_INFO PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:32 +00:00
Joseph Sutton	24be204834	CVE-2020-25719 tests/krb5: Add tests for including authdata without a PAC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:32 +00:00
Joseph Sutton	23dc0cbd53	CVE-2020-25721 tests/krb5: Check PAC buffer types when STRICT_CHECKING=0 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:32 +00:00
Joseph Sutton	4ac05264a7	MS CVE-2020-17049 tests/krb5: Allow tests to pass if ticket signature checksum type is wrong BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:32 +00:00
Joseph Sutton	4a792ad92d	CVE-2020-25719 tests/krb5: Add is_tgt() helper method BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:32 +00:00
Joseph Sutton	c174e9ebe7	tests/krb5: Check account name and SID in PAC for S4U tests Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 25 09:23:35 UTC 2021 on sn-devel-184	2021-10-25 09:23:35 +00:00
Joseph Sutton	25bdf4c994	tests/krb5: Fix account salt calculation to match Windows BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2021-10-20 12:02:33 +00:00
Joseph Sutton	889476d175	tests/krb5: Allow specifying the UPN for test accounts BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2021-10-20 12:02:33 +00:00
Joseph Sutton	cc3d27596b	tests/krb5: Ensure PAC is not present if expect_pac is false BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2021-10-20 08:31:31 +00:00
Joseph Sutton	288355896a	tests/krb5: Add method to get the PAC from a ticket BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-17 22:53:37 +00:00
Joseph Sutton	0dc69c1327	tests/krb5: Allow specifying whether to expect a PAC with _test_as_exchange() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-17 22:53:37 +00:00
Joseph Sutton	1a08399cd8	tests/krb5: Don't include empty AD-IF-RELEVANT BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	bf63221722	tests/krb5: Require ticket checksums if decryption key is available We perform this check conditionally, because MIT doesn't currently add ticket checksums. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	ae2c57fb03	tests/krb5: Add TKT_SIG_SUPPORT environment variable This lets us indicate that service tickets should be issued with ticket checksums in the PAC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	5233f00200	tests/krb5: Provide clearer assertion messages for test failures BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	cf3ca6ac45	tests/krb5: Simplify padata checking BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	e7c39cc44f	tests/krb5: Check logon name in PAC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	bd22dcd9cc	tests/krb5: Check padata types when STRICT_CHECKING=0 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	238f52bad8	tests/krb5: Add environment variable to specify KDC FAST support BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	72265227e9	tests/krb5: Fix padata checking at functional level 2003 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	ee2b7e2c77	tests/krb5: Clarify checksum type assertion message BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	ef24fe982d	tests/krb5: Add parameter to enforce presence of ticket checksums This allows existing tests to pass before this functionality is implemented. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	bb58b4b58c	tests/krb5: Save account SPN This is useful for testing delegation. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	0e232fa1c9	tests/krb5: Check constrained delegation PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	aa2e583fde	tests/krb5: Check buffer types in PAC with STRICT_CHECKING=1 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	7cfc225b54	tests/krb5: Add expect_claims parameter to kdc_exchange_dict BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	ab92dc16d2	tests/krb5: Fix checking for presence of error data BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	788b3a29ee	tests/krb5: Fix assertElementFlags() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	8f6d369d70	tests/krb5: Make expected_sname checking more explicit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	012b6fcd19	tests/krb5: Fix status code checking The type used to encode the status code is actually KERB-ERROR-DATA, rather than PA-DATA. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00
Joseph Sutton	a4bc712ee0	tests/krb5: Fix handling authdata with missing PAC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-10-14 18:59:31 +00:00

1 2 3 4

177 Commits