samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-12-20 16:23:51 +03:00

Author	SHA1	Message	Date
Joseph Sutton	79dda329f2	tests/krb5: Make e-data checking less strict Without this additional 'self.strict_checking' check, the tests in the following patches do not get far enough to trigger a crash with the MIT KDC, instead failing when obtaining a TGT for the user or machine. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	aa2c221f4e	tests/krb5: Check PADATA-FX-ERROR in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	66e1eb58be	tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0c857f67a3	tests/krb5: Check PADATA-PAC-OPTIONS in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	29070e74ba	tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	ab4e7028a6	tests/krb5: Make check_rep_padata() also work for checking TGS replies Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	95b54078c2	tests/krb5: Check PADATA-FX-COOKIE in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	2f7919db39	tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	44a44109db	tests/krb5: Adjust reply padata checking depending on whether FAST was sent Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	056fb71832	tests/krb5: Check reply FAST padata if request included FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	7a27b75621	tests/krb5: Check sname is krbtgt for FAST generic error Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	dbe98005d5	tests/krb5: Add get_krbtgt_sname() method Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	5edbabeb26	tests/krb5: Remove unused variables Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	705e45e37f	tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	79b9aac65b	tests/krb5: Add check_rep_padata() method to check padata in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	1389ba346d	tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	ea1ed63e88	tests/krb5: Include authdata in kdc_exchange_dict Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	2ee87dbf08	tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict This is useful for testing the 'hide client names' FAST option. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0c029e780c	tests/krb5: Check encrypted-pa-data Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	99e3b909ed	tests/krb5: Add methods to determine whether elements were included in the request Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	dc7dac95ec	tests/krb5: Add functions to get dicts of request padata Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	d878bd6404	tests/krb5: Check FAST response Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	4ca05402b3	tests/krb5: Add method to verify ticket checksum for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	b62488113f	tests/krb5: Add method to check PA-FX-FAST-REPLY Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	16ce1a1d30	tests/krb5: Allow specifying parameters specific to the outer request body This is useful for testing FAST. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0df385fc49	tests/krb5: Add FAST armor generation to _generic_kdc_exchange() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	5c2cd71ae7	tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	d554b6dc0f	tests/krb5: Include authenticator_subkey in AS-REQ exchange dict This is needed for FAST. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	74f332c6f9	tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error() This method will also be useful in checking TGS-REP error replies. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0808940674	tests/krb5: Add methods to calculate keys for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	69a66c0d2a	tests/krb5: Add more methods to create ASN1 objects for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	025737deb5	tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	b6f96dd639	tests/krb5: Ensure generated padata is not None Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	4824dd4e9f	tests/krb5: Add generate_ap_req() method This method will be useful to generate an AP-REQ for use as FAST armor. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	4951a105b0	tests/krb5: Check nonce in EncKDCRepPart Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	6df0e406f1	tests/krb5: Make checking less strict Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	98dc19e8c8	tests/krb5: Check version number of obtained ticket Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	3d1066e923	tests/krb5: Assert that more variables are not None Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	ba3c92f77b	tests/krb5: Ensure in assertElementPresent() that container elements are not empty Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	7881865550	tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn This means that there can no longer be surprises where a test receives a reply when it was expecting an error, or vice versa. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	8fe9589da2	tests/krb5: Include kdc_options in kdc_exchange_dict Make kdc_options an element of kdc_exchange_dict instead of a parameter to _generic_kdc_exchange(). This allows testing code to adjust the reply checking based on the options that were specified in the request. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	21c64fda8f	tests/krb5: Always specify expected error code Now the expected error code is always determined by the test code itself rather than by generic_check_as_error(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	f5689bb8fa	tests/krb5: Add method to calculate account salt Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	ce379edf2e	tests/krb5: Use encryption with admin credentials This ensures that account creation using admin credentials succeeds. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	bab7503e30	tests/krb5: Add get_EpochFromKerberosTime() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	fe8912e4a8	tests/krb5: Make _test_as_exchange() return value more consistent Always return the reply and the kdc_exchange_dict so that the caller has more potentially useful information. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	cb332d8300	tests/krb5: Add method to return dict containing padata elements This makes checking multiple padata elements easier. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	d6a242e200	tests/krb5: Check Kerberos protocol version number Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	8194b2a261	tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00
Joseph Sutton	a0c6538a97	tests/krb5: Fix encpart_decryption_key with MIT KDC Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:33 +00:00

1 2

82 Commits