]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Check PADATA-PW-SALT element in e-data
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Fri, 27 Aug 2021 01:00:37 +0000 (13:00 +1200)
committerAndreas Schneider <asn@cryptomilk.org>
Thu, 2 Sep 2021 13:41:28 +0000 (13:41 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
python/samba/tests/krb5/raw_testcase.py

index ba6d07ce46515629d8278b65d598510d65c2ff72..4e7891ae89a6209aabb98a060ea064ffb749bc97 100644 (file)
@@ -2328,6 +2328,7 @@ class RawKerberosTest(TestCaseInTempDir):
         fast_error = None
         fx_fast = None
         pac_options = None
+        pw_salt = None
         for pa in rep_padata:
             patype = self.getElementValue(pa, 'padata-type')
             pavalue = self.getElementValue(pa, 'padata-value')
@@ -2380,6 +2381,11 @@ class RawKerberosTest(TestCaseInTempDir):
                 pac_options = pavalue
                 self.assertIsNotNone(pac_options)
                 continue
+            if patype == PADATA_PW_SALT:
+                self.assertIsNone(pw_salt)
+                pw_salt = pavalue
+                self.assertIsNotNone(pw_salt)
+                continue
 
         if fast_cookie is not None:
             kdc_exchange_dict['fast_cookie'] = fast_cookie
@@ -2395,6 +2401,14 @@ class RawKerberosTest(TestCaseInTempDir):
         if pac_options is not None:
             self.check_pac_options_claims_support(pac_options)
 
+        if pw_salt is not None:
+            self.assertEqual(12, len(pw_salt))
+
+            status = int.from_bytes(pw_salt[:4], 'little')
+            flags = int.from_bytes(pw_salt[8:], 'little')
+
+            self.assertEqual(3, flags)
+
         if enc_challenge is not None:
             if not sent_enc_challenge:
                 self.assertEqual(len(enc_challenge), 0)