tests/krb5: Allow creating accounts supporting claims or compound identity separately

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/fast_tests.py b/python/samba/tests/krb5/fast_tests.py
index f5125495fa249a2d168e968a8d8712d8bdcf7fcc..302fc98edf1200696ef4465dbc3a830d442029d2 100755 (executable)
--- a/python/samba/tests/krb5/fast_tests.py
+++ b/python/samba/tests/krb5/fast_tests.py
@@ -1921,6 +1921,8 @@ class FAST_Tests(KDCBaseTest):
             opts={
                 **opts,
                 'fast_support': True,
+                'claims_support': True,
+                'compound_id_support': True,
                 'supported_enctypes': (
                     security.KERB_ENCTYPE_RC4_HMAC_MD5 |
                     security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 5e2d7747e954dc066ec999837ea774747f3ac6b2..a07d4a23b73c113bbbb75df53580ec27a73e9f8c 100644 (file)
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1304,6 +1304,8 @@ class KDCBaseTest(RawKerberosTest):
             'delegation_from_dn': None,
             'trusted_to_auth_for_delegation': False,
             'fast_support': False,
+            'claims_support': False,
+            'compound_id_support': False,
             'sid_compression_support': True,
             'member_of': None,
             'kerberos_enabled': True,
@@ -1353,6 +1355,8 @@ class KDCBaseTest(RawKerberosTest):
                             delegation_from_dn,
                             trusted_to_auth_for_delegation,
                             fast_support,
+                            claims_support,
+                            compound_id_support,
                             sid_compression_support,
                             member_of,
                             kerberos_enabled,
@@ -1391,7 +1395,13 @@ class KDCBaseTest(RawKerberosTest):
         enctypes = supported_enctypes
         if fast_support:
             enctypes = enctypes or 0
-            enctypes |= KerberosCredentials.fast_supported_bits
+            enctypes |= security.KERB_ENCTYPE_FAST_SUPPORTED
+        if claims_support:
+            enctypes = enctypes or 0
+            enctypes |= security.KERB_ENCTYPE_CLAIMS_SUPPORTED
+        if compound_id_support:
+            enctypes = enctypes or 0
+            enctypes |= security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
         if sid_compression_support is False:
             enctypes = enctypes or 0
             enctypes |= security.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
@@ -1534,6 +1544,8 @@ class KDCBaseTest(RawKerberosTest):
                 account_type=self.AccountType.COMPUTER,
                 opts={
                     'fast_support': True,
+                    'claims_support': True,
+                    'compound_id_support': True,
                     'supported_enctypes': (
                         security.KERB_ENCTYPE_RC4_HMAC_MD5 |
                         security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK
@@ -1555,6 +1567,8 @@ class KDCBaseTest(RawKerberosTest):
                 opts={
                     'trusted_to_auth_for_delegation': True,
                     'fast_support': True,
+                    'claims_support': True,
+                    'compound_id_support': True,
                     'supported_enctypes': (
                         security.KERB_ENCTYPE_RC4_HMAC_MD5 |
                         security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index bcd5c87153cc6638bc9f83519e49e25b98c5d0ad..7911a2ca41ef0842e9bcf9dde4af593e92e1854d 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -370,11 +370,10 @@ class WrongLengthChecksumKey(RodcPacEncryptionKey):
 
 class KerberosCredentials(Credentials):
 
-    fast_supported_bits = (security.KERB_ENCTYPE_FAST_SUPPORTED |
-                           security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED |
-                           security.KERB_ENCTYPE_CLAIMS_SUPPORTED)
-
-    non_etype_bits = fast_supported_bits | (
+    non_etype_bits = (
+        security.KERB_ENCTYPE_FAST_SUPPORTED) | (
+        security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED) | (
+        security.KERB_ENCTYPE_CLAIMS_SUPPORTED) | (
         security.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED) | (
         security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK)