cname_checking = '1'
cls.cname_checking = bool(int(cname_checking))
+ padata_checking = samba.tests.env_get_var_value('CHECK_PADATA',
+ allow_missing=True)
+ if padata_checking is None:
+ padata_checking = '1'
+ cls.padata_checking = bool(int(padata_checking))
+
def setUp(self):
super().setUp()
self.do_asn1_print = False
self.assertElementPresent(encpart, 'cipher')
encpart_cipher = self.getElementValue(encpart, 'cipher')
+ if self.padata_checking:
+ self.check_reply_padata(kdc_exchange_dict,
+ callback_dict,
+ encpart,
+ padata)
+
ticket_checksum = None
# Get the decryption key for the encrypted part
return rep
+ def check_reply_padata(self,
+ kdc_exchange_dict,
+ callback_dict,
+ encpart,
+ rep_padata):
+ expected_patypes = ()
+
+ sent_fast = self.sent_fast(kdc_exchange_dict)
+ rep_msg_type = kdc_exchange_dict['rep_msg_type']
+
+ if sent_fast:
+ expected_patypes += (PADATA_FX_FAST,)
+ elif rep_msg_type == KRB_AS_REP:
+ chosen_etype = self.getElementValue(encpart, 'etype')
+ self.assertIsNotNone(chosen_etype)
+
+ if chosen_etype in {kcrypto.Enctype.AES256,
+ kcrypto.Enctype.AES128}:
+ expected_patypes += (PADATA_ETYPE_INFO2,)
+
+ got_patypes = tuple(pa['padata-type'] for pa in rep_padata)
+ self.assertSequenceElementsEqual(expected_patypes, got_patypes)
+
+ if not expected_patypes:
+ return None
+
+ pa_dict = self.get_pa_dict(rep_padata)
+
+ etype_info2 = pa_dict.get(PADATA_ETYPE_INFO2)
+ if etype_info2 is not None:
+ etype_info2 = self.der_decode(etype_info2,
+ asn1Spec=krb5_asn1.ETYPE_INFO2())
+ self.assertEqual(len(etype_info2), 1)
+ elem = etype_info2[0]
+
+ e = self.getElementValue(elem, 'etype')
+ self.assertEqual(e, chosen_etype)
+ salt = self.getElementValue(elem, 'salt')
+ self.assertIsNotNone(salt)
+ expected_salt = kdc_exchange_dict['expected_salt']
+ if expected_salt is not None:
+ self.assertEqual(salt, expected_salt)
+ s2kparams = self.getElementValue(elem, 's2kparams')
+ if self.strict_checking:
+ self.assertIsNone(s2kparams)
+
def check_rep_padata(self,
kdc_exchange_dict,
callback_dict,
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
check_cname = int('SAMBA4_USES_HEIMDAL' in config_hash)
+check_padata = int('SAMBA4_USES_HEIMDAL' in config_hash)
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
environ={'SERVICE_USERNAME':'$SERVER',
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname})
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata})
planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
environ={'ADMIN_USERNAME':'$USERNAME',
'ADMIN_PASSWORD':'$PASSWORD',
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname})
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata})
planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
environ={'ADMIN_USERNAME':'$USERNAME',
'ADMIN_PASSWORD':'$PASSWORD',
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname})
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata})
planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname})
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata})
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
environ={
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
environ={
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
for env in ['ad_dc_default', 'ad_member']:
planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
environ={
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planoldpythontestsuite("ad_member_idmap_nss:local",
"samba.tests.krb5.test_min_domain_uid",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
for env in ["ad_dc", smbv1_disabled_testenv]:
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
environ={
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
environ={'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname})
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata})
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.kdc_tgs_tests",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planpythontestsuite(
"ad_dc",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planpythontestsuite(
"ad_dc",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planpythontestsuite(
"ad_dc",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planpythontestsuite(
"ad_dc",
'TKT_SIG_SUPPORT': tkt_sig_support,
'EXPECT_PAC': expect_pac,
'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
- 'CHECK_CNAME': check_cname
+ 'CHECK_CNAME': check_cname,
+ 'CHECK_PADATA': check_padata
})
planoldpythontestsuite(
'ad_dc',
projects / thirdparty / samba.git / commitdiff
