sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-21 20:23:50 +03:00
Code Activity
126,923 Commits 64 Branches 1,180 Tags
99e3b909edf27c751b959a3d0b672ddd2b7140e2
Commit Graph

63 Commits

Author SHA1 Message Date
Joseph Sutton
99e3b909ed tests/krb5: Add methods to determine whether elements were included in the request 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
dc7dac95ec tests/krb5: Add functions to get dicts of request padata 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
d878bd6404 tests/krb5: Check FAST response 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
4ca05402b3 tests/krb5: Add method to verify ticket checksum for FAST 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
b62488113f tests/krb5: Add method to check PA-FX-FAST-REPLY 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
16ce1a1d30 tests/krb5: Allow specifying parameters specific to the outer request body 
This is useful for testing FAST.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
0df385fc49 tests/krb5: Add FAST armor generation to _generic_kdc_exchange() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
5c2cd71ae7 tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
d554b6dc0f tests/krb5: Include authenticator_subkey in AS-REQ exchange dict 
This is needed for FAST.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
74f332c6f9 tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error() 
This method will also be useful in checking TGS-REP error replies.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
0808940674 tests/krb5: Add methods to calculate keys for FAST 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
69a66c0d2a tests/krb5: Add more methods to create ASN1 objects for FAST 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
025737deb5 tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
b6f96dd639 tests/krb5: Ensure generated padata is not None 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
4824dd4e9f tests/krb5: Add generate_ap_req() method 
This method will be useful to generate an AP-REQ for use as FAST armor.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
4951a105b0 tests/krb5: Check nonce in EncKDCRepPart 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
6df0e406f1 tests/krb5: Make checking less strict 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
98dc19e8c8 tests/krb5: Check version number of obtained ticket 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
3d1066e923 tests/krb5: Assert that more variables are not None 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
ba3c92f77b tests/krb5: Ensure in assertElementPresent() that container elements are not empty 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
7881865550 tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn 
This means that there can no longer be surprises where a test receives a
reply when it was expecting an error, or vice versa.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
8fe9589da2 tests/krb5: Include kdc_options in kdc_exchange_dict 
Make kdc_options an element of kdc_exchange_dict instead of a parameter
to _generic_kdc_exchange(). This allows testing code to adjust the reply
checking based on the options that were specified in the request.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
21c64fda8f tests/krb5: Always specify expected error code 
Now the expected error code is always determined by the test code itself
rather than by generic_check_as_error().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
f5689bb8fa tests/krb5: Add method to calculate account salt 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
ce379edf2e tests/krb5: Use encryption with admin credentials 
This ensures that account creation using admin credentials succeeds.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
bab7503e30 tests/krb5: Add get_EpochFromKerberosTime() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
fe8912e4a8 tests/krb5: Make _test_as_exchange() return value more consistent 
Always return the reply and the kdc_exchange_dict so that the caller has
more potentially useful information.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
cb332d8300 tests/krb5: Add method to return dict containing padata elements 
This makes checking multiple padata elements easier.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
d6a242e200 tests/krb5: Check Kerberos protocol version number 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
8194b2a261 tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
a0c6538a97 tests/krb5: Fix encpart_decryption_key with MIT KDC 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
bad5f4ee5f tests/krb5: Fix callback_dict parameter 
Items contained in a default-created callback_dict should not be carried
over between unrelated calls to {as,tgs}_as_exchange_dict().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
67ff72395c tests/krb5: Fix including enc-authorization-data 
Remove the EncAuthorizationData parameters from AS_REQ_create(), since
it should only be present in the TGS-REQ form. Also, fix a call to
EncryptedData_create() to supply the key usage when creating
enc-authorization-data.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
a2b183c179 tests/krb5: Remove magic constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
41c3e41034 tests/krb5: Simplify Python syntax 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
38b3a36181 tests/krb5: Use more compact dict lookup 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
1320ac0f91 tests/krb5: Remove unneeded statements 
A return statement is redundant as the last statement in a method, as
methods will otherwise return None. Also, code blocks consisting of a
single 'pass' statement can be safely omitted.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
df6623363a tests/krb5: formatting 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
9eb4c4b7b1 tests/krb5: Fix comment typo 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
3e621dcb69 tests/krb5: Deduplicate 'host' attribute initialisation 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
381223117e tests/krb5/raw_testcase.py: Check for an explicit 'unspecified kvno' value 
This is clearer than using the constant zero, which could be mistaken
for a valid kvno value.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
ec5c2b040b tests/krb5/raw_testcase.py: Simplify conditionals 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
e1601f2b56 tests/krb5/raw_testcase.py: Allow specifying a fallback credentials function 
This allows us to use other methods of obtaining credentials if getting
them from the environment fails.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
22a90aea82 tests/krb5/raw_testcase.py: Cache obtained credentials 
If credentials are used more than once, we can now use the credentials
that we already obtained and so avoid fetching them again.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
6a77c2b933 tests/krb5/raw_testcase.py: Add allow_missing_keys parameter for getting creds 
This allows us to require encryption keys in the case that a password
would not be required, such as for the krbtgt account.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
948bbc9cec tests/krb5/raw_testcase.py: Make env_get_var() a standalone method 
This allows it to be used elsewhere in the tests.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2021-07-01 17:46:31 +00:00
Joseph Sutton
5afae39da0 tests/krb5/raw_testcase.py: Add get_admin_creds() 
This method allows obtaining credentials that can be used for
administrative tasks such as creating accounts.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2021-07-01 17:46:31 +00:00
Stefan Metzmacher
6e2f2adc8e tests/krb5/raw_testcase.py: introduce a _generic_kdc_exchange() infrastructure 
This will allow us to write tests, which will all cross check almost
every aspect of the KDC response (including encrypted parts).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2021-07-01 17:46:31 +00:00
Stefan Metzmacher
69ce2a6408 tests/krb5/raw_testcase.py: Add TicketDecryptionKey_from_creds() 
This will allow building test_as_req_enc_timestamp()

It also introduces ways to specify keys in hex formated environment
variables ${PREFIX}_{AES256,AES128,RC4}_KEY_HEX.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2021-07-01 17:46:31 +00:00
Stefan Metzmacher
e390503584 tests/krb5/raw_testcase.py: add methods to iterate over etype permutations 
It's often useful to run tests over a lot of input parameter
permutations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2021-07-01 17:46:31 +00:00