samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

Author	SHA1	Message	Date
Joseph Sutton	45d81d56ab	tests/krb5: Allow additional unexpected padata types Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	6bf3610c5d	tests/krb5: Make edata checking less strict Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	dfe6ef6f3e	tests/krb5: Add tests for FAST with use-session-key flag and armor ticket This flag should be ignored and the FAST armor key used instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	9c050a4a03	tests/krb5: Add test for AD-fx-fast-armor in enc-authorization-data Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	1eb1049d2b	tests/krb5: Don't request renewable tickets This is not necessary for testing FAST, and was causing some of the tests to fail. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	f8e55b3670	tests/krb5: Adjust expected error codes for FAST tests This allows more of the tests to pass. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-07 07:40:33 +00:00
Joseph Sutton	f8b17214d0	tests/krb5: Add tests for enterprise principals with canonicalization Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	860065a3c9	tests/krb5: Add tests for AS-REQ with an SPN Using a SPN should only be permitted if it is also a UPN, and is not an enterprise principal. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	31900a0a58	tests/krb5: Add more AS-REQ ENC-TIMESTAMP tests with different encryption types Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	ff6d325e38	tests/krb5: Check ticket cname for Heimdal This is currently not checked in several places due to STRICT_CHECKING being set to 0. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	3fc9dc2395	tests/krb5: Check logon name in PAC for canonicalization tests This allows us to ensure that the correct name makes it through to the PAC. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	10983779bc	tests/krb5: Only create testing accounts once per test run This decreases the time that the tests take to run. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-06 22:08:32 +00:00
Joseph Sutton	192d6edfe9	tests/krb5: Add a test for S4U2Self with no authorization data required Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	73a4806346	tests/krb5: Add tests for renewal and validation of RODC TGTs with PAC requests Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	bac5f75059	tests/krb5: Add test for S4U2Self with wrong sname Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	749349efab	tests/krb5: Add comments for tests that fail against Windows Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	ca80c47406	tests/krb5: Add tests for validation with requester SID PAC buffer Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	ebc9137cee	tests/krb5: Align PAC buffer checking to more closely match Windows with PacRequestorEnforcement=2 We set EXPECT_EXTRA_PAC_BUFFERS to 0 for the moment. This signifies that these checks are currently not enforced, which avoids a lot of test failures. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	ec823c2a83	tests/krb5: Add TGS-REQ tests with FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	778029c1dc	tests/krb5: Add tests for TGS requests with a non-TGT Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	7574ba9f58	tests/krb5: Add tests for invalid TGTs Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	28d501875a	tests/krb5: Remove unnecessary expect_pac arguments The value of expect_pac is not considered if we are expecting an error. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	d95705172b	tests/krb5: Adjust error codes to better match Windows with PacRequestorEnforcement=2 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	e930274aa4	tests/krb5: Split out methods to create renewable or invalid tickets Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	a560c2e9ad	tests/krb5: Allow PasswordKey_create() to use s2kparams Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	167bd20704	tests/krb5: Run test_rpc against member server We were instead always running against the DC. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	f0b222e3ec	tests/krb5: Deduplicate AS-REQ tests salt_tests was running the tests defined in the base class as well as its own tests. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	57b1b76154	tests/krb5: Remove unused variable Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-30 02:42:31 +00:00
Joseph Sutton	494bf7de6f	CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org> [metze@samba.org removed unused tests for a feature that was removed before merging] Reviewed-by: Ralph Boehme <slow@samba.org>	2021-11-15 18:10:28 +00:00
Joseph Sutton	5ea347d367	CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>	2021-11-15 18:10:28 +00:00
Joseph Sutton	f5baabd987	CVE-2020-25719 tests/krb5: Add tests for using a ticket with a renamed account BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:34 +00:00
Joseph Sutton	b8c6fa20f4	CVE-2020-25718 tests/krb5: Only fetch RODC account credentials when necessary BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:34 +00:00
Andrew Bartlett	43983170fc	CVE-2020-25721 auth: Fill in the new HAS_SAM_NAME_AND_SID values BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>	2021-11-09 19:45:34 +00:00
Joseph Sutton	a461b7d4f8	CVE-2020-25719 tests/krb5: Add tests for mismatched names with user-to-user BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	26480ba2aa	CVE-2020-25719 tests/krb5: Add test for user-to-user with no sname BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	7ff05eb8d4	CVE-2020-25719 tests/krb5: Add tests for requester SID PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	2e1e57fca8	CVE-2020-25719 tests/krb5: Add tests for PAC-REQUEST padata BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	b8c85fe81c	CVE-2020-25719 tests/krb5: Add tests for PAC attributes buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	72f82d949a	CVE-2020-25719 tests/krb5: Add expected parameters to cache key for obtaining tickets If multiple calls to get_tgt() or get_service_ticket() specify different expected parameters, we want to perform the request again so that the checking can be performed, rather than reusing a previously obtained ticket and potentially skipping checks. It should be fine to cache tickets with the same expected parameters, as tickets that fail to be obtained will not be stored in the cache, so the checking will happen for every call. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	8752b83bb9	CVE-2020-25719 tests/krb5: Add EXPECT_PAC environment variable to expect pac from all TGS tickets BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	42405aa46b	CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_REQUESTER_SID PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	58455c4876	CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_ATTRIBUTES_INFO PAC buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	40a3f71818	CVE-2020-25719 tests/krb5: Add _modify_tgt() method for modifying already obtained tickets https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	2158ba1eb0	CVE-2020-25719 tests/krb5: Extend _get_tgt() method to allow more modifications to tickets BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	e647186c14	CVE-2020-25719 tests/krb5: tests/krb5: Adjust expected error code for S4U2Self no-PAC tests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	924f323188	CVE-2020-25719 tests/krb5: Adjust expected error codes for user-to-user tests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	faf47b0b6b	CVE-2020-25719 tests/krb5: Adjust PAC tests to prepare for new PAC_ATTRIBUTES_INFO buffer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	a236e2cc25	CVE-2020-25719 tests/krb5: Use correct credentials for user-to-user tests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	9602594585	CVE-2020-25719 tests/krb5: Return ticket from _tgs_req() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00
Joseph Sutton	21298ddfc5	CVE-2020-25719 tests/krb5: Expect 'renew-till' element when renewing a TGT BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:33 +00:00

1 2 3 4 5 ...

358 Commits