samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-12-20 16:23:51 +03:00

Author	SHA1	Message	Date
Joseph Sutton	c0db1ba54d	tests/krb5: add options to kdc_exchange_dict to specify including PAC-REQUEST or PAC-OPTIONS Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>	2021-09-13 23:11:35 +00:00
Joseph Sutton	1f23b16ef3	tests/krb5: Move padata generation methods to base class This allows them to be used directly from RawKerberosTest. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>	2021-09-13 23:11:35 +00:00
Joseph Sutton	9973b51e48	tests/krb5: Keep track of account DN in credentials object Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>	2021-09-13 23:11:35 +00:00
Joseph Sutton	bf55786fcd	tests/krb5: Replace expected_cname_private with expected_anon parameter This is used in the case where the KDC returns 'WELLKNOWN/ANONYMOUS' as the cname, and makes the reply checking logic easier to follow. This also removes the need to fetch the client credentials in the test methods. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>	2021-09-13 23:11:35 +00:00
Joseph Sutton	3fd73b65a3	tests/krb5: Use more compact dict lookup Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>	2021-09-13 23:11:35 +00:00
Joseph Sutton	448b661bf8	tests/krb5: Use signed integers to represent key version numbers in ASN.1 As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses signed 32-bit integers to represent key version numbers. This makes a difference for an RODC with a msDS-SecondaryKrbTgtNumber greater than 32767, where the kvno should be encoded in four bytes rather than five. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>	2021-09-13 23:11:35 +00:00
Joseph Sutton	ebd673e976	tests/krb5: Allow expected_error_mode to be a container type This allows a range of possible error codes to be checked against, for cases when the particular error code returned is not so important. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	c6d7e19ecf	tests/krb5: Allow specifying parameters specific to the inner FAST request body BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	1e4d757394	tests/krb5: Check PADATA-PW-SALT element in e-data BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	e373c6461a	tests/krb5: Check e-data element for TGS-REP errors without FAST BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	36798f5b65	tests/krb5: Make cname checking less strict Without this additional 'self.strict_checking' check, the tests in the following patches do not get far enough to trigger a crash with the MIT KDC. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	79dda329f2	tests/krb5: Make e-data checking less strict Without this additional 'self.strict_checking' check, the tests in the following patches do not get far enough to trigger a crash with the MIT KDC, instead failing when obtaining a TGT for the user or machine. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-09-02 13:41:28 +00:00
Joseph Sutton	aa2c221f4e	tests/krb5: Check PADATA-FX-ERROR in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	66e1eb58be	tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0c857f67a3	tests/krb5: Check PADATA-PAC-OPTIONS in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	29070e74ba	tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	ab4e7028a6	tests/krb5: Make check_rep_padata() also work for checking TGS replies Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	95b54078c2	tests/krb5: Check PADATA-FX-COOKIE in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	2f7919db39	tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	44a44109db	tests/krb5: Adjust reply padata checking depending on whether FAST was sent Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	056fb71832	tests/krb5: Check reply FAST padata if request included FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	7a27b75621	tests/krb5: Check sname is krbtgt for FAST generic error Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	dbe98005d5	tests/krb5: Add get_krbtgt_sname() method Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	5edbabeb26	tests/krb5: Remove unused variables Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	705e45e37f	tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	79b9aac65b	tests/krb5: Add check_rep_padata() method to check padata in reply Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	1389ba346d	tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	ea1ed63e88	tests/krb5: Include authdata in kdc_exchange_dict Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	2ee87dbf08	tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict This is useful for testing the 'hide client names' FAST option. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0c029e780c	tests/krb5: Check encrypted-pa-data Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	99e3b909ed	tests/krb5: Add methods to determine whether elements were included in the request Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	dc7dac95ec	tests/krb5: Add functions to get dicts of request padata Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	d878bd6404	tests/krb5: Check FAST response Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	4ca05402b3	tests/krb5: Add method to verify ticket checksum for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	b62488113f	tests/krb5: Add method to check PA-FX-FAST-REPLY Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	16ce1a1d30	tests/krb5: Allow specifying parameters specific to the outer request body This is useful for testing FAST. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0df385fc49	tests/krb5: Add FAST armor generation to _generic_kdc_exchange() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	5c2cd71ae7	tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	d554b6dc0f	tests/krb5: Include authenticator_subkey in AS-REQ exchange dict This is needed for FAST. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	74f332c6f9	tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error() This method will also be useful in checking TGS-REP error replies. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	0808940674	tests/krb5: Add methods to calculate keys for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	69a66c0d2a	tests/krb5: Add more methods to create ASN1 objects for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	025737deb5	tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	b6f96dd639	tests/krb5: Ensure generated padata is not None Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	4824dd4e9f	tests/krb5: Add generate_ap_req() method This method will be useful to generate an AP-REQ for use as FAST armor. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	4951a105b0	tests/krb5: Check nonce in EncKDCRepPart Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	6df0e406f1	tests/krb5: Make checking less strict Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	98dc19e8c8	tests/krb5: Check version number of obtained ticket Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	3d1066e923	tests/krb5: Assert that more variables are not None Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00
Joseph Sutton	ba3c92f77b	tests/krb5: Ensure in assertElementPresent() that container elements are not empty Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-08-18 22:28:34 +00:00

1 2

93 Commits