python:tests/krb5: let _{get,modify}_tgt() also change the objectsid in UPN_DNS_INFO

author Stefan Metzmacher <metze@samba.org>

Wed, 12 Mar 2025 20:02:03 +0000 (21:02 +0100)

committer Ralph Boehme <slow@samba.org>

Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 12 Mar 2025 20:02:03 +0000 (21:02 +0100)
committer Ralph Boehme <slow@samba.org>
Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py

index 58ed49d27c02b97cab8b029b8aee29e87bd39292..de52378e5910ad59fa55d5e7c86329a144499359 100755 (executable)
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -3111,6 +3111,7 @@ class KdcTgsTests(KdcTgsBaseTests):
                   allow_empty_authdata=False,
                   can_modify_logon_info=True,
                   can_modify_requester_sid=True,
+                 can_modify_upn_dns_ex=True,
                   remove_pac_attrs=False,
                   remove_requester_sid=False,
                   etype=None,
@@ -3133,6 +3134,7 @@ class KdcTgsTests(KdcTgsBaseTests):
              allow_empty_authdata=allow_empty_authdata,
              can_modify_logon_info=can_modify_logon_info,
              can_modify_requester_sid=can_modify_requester_sid,
+            can_modify_upn_dns_ex=can_modify_upn_dns_ex,
              remove_pac_attrs=remove_pac_attrs,
              remove_requester_sid=remove_requester_sid,
              etype=etype,
@@ -3152,6 +3154,7 @@ class KdcTgsTests(KdcTgsBaseTests):
                      crealm=None,
                      can_modify_logon_info=True,
                      can_modify_requester_sid=True,
+                    can_modify_upn_dns_ex=True,
                      remove_pac_attrs=False,
                      remove_requester_sid=False,
                      etype=None,
@@ -3173,6 +3176,16 @@ class KdcTgsTests(KdcTgsBaseTests):
                              logon_info = pac_buffer.info.info
  
                              logon_info.info3.base.rid = new_rid
+                    elif pac_buffer.type == krb5pac.PAC_TYPE_UPN_DNS_INFO:
+                        if new_rid is not None and can_modify_upn_dns_ex:
+                            upn_dns = pac_buffer.info
+
+                            samdb = self.get_samdb()
+                            domain_sid = samdb.get_domain_sid()
+
+                            new_sid = f'{domain_sid}-{new_rid}'
+                            if upn_dns.flags & krb5pac.PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID:
+                                upn_dns.ex.objectsid = security.dom_sid(new_sid)
                      elif pac_buffer.type == krb5pac.PAC_TYPE_REQUESTER_SID:
                          if remove_requester_sid:
                              pac.num_buffers -= 1
author	Stefan Metzmacher <metze@samba.org>
	Wed, 12 Mar 2025 20:02:03 +0000 (21:02 +0100)
committer	Ralph Boehme <slow@samba.org>
	Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)