]
for test in tests:
- for trust in ["wks", "bdc"]:
+ for trust in ["wks", "bdc", "rodc"]:
for auth3_flags in [0x603fffff, 0x613fffff, 0xe13fffff]:
setup_test(test, trust, "auth3", auth3_flags)
for auth3_flags in [0x00004004, 0x00004000, 0x01000000]:
'supported_enctypes': 0x18,
'secure_channel_type': misc.SEC_CHAN_BDC})
+ def get_rodc1_creds(self):
+ krbtgt_creds = self.get_mock_rodc_krbtgt_creds(preserve=False)
+ computer_creds = krbtgt_creds.get_rodc_computer_creds()
+ return computer_creds
+
def get_anon_conn(self):
dc_server = self.dc_server
conn = netlogon.netlogon(f'ncacn_ip_tcp:{dc_server}',
creds = self.get_wks1_creds()
elif trust == "bdc":
creds = self.get_bdc1_creds()
+ elif trust == "rodc":
+ creds = self.get_rodc1_creds()
self.assertIsNotNone(creds)
proposed_flags = flags
if ncreds.secure_channel_type == misc.SEC_CHAN_WKSTA:
expect_get_error = ntstatus.NT_STATUS_ACCESS_DENIED
+ elif ncreds.secure_channel_type == misc.SEC_CHAN_RODC:
+ expect_get_error = ntstatus.NT_STATUS_ACCESS_DENIED
else:
expect_get_error = None
self.do_ServerPasswordGet(ncreds, conn,
expect_not_found_error = ntstatus.NT_STATUS_ACCESS_DENIED
elif expect_broken_crypto:
expect_not_found_error = ntstatus.NT_STATUS_INVALID_PARAMETER
+ elif ncreds.secure_channel_type == misc.SEC_CHAN_RODC:
+ expect_not_found_error = ntstatus.NT_STATUS_INTERNAL_ERROR
else:
expect_not_found_error = ntstatus.NT_STATUS_OBJECT_NAME_NOT_FOUND
self.do_SendToSam(ncreds, conn, opaque_buffer,
expect_no_error = ntstatus.NT_STATUS_ACCESS_DENIED
elif expect_broken_crypto:
expect_no_error = ntstatus.NT_STATUS_INVALID_PARAMETER
+ elif ncreds.secure_channel_type == misc.SEC_CHAN_RODC:
+ expect_no_error = ntstatus.NT_STATUS_ACCESS_DENIED
else:
expect_no_error = None
self.do_SendToSam(ncreds, conn, opaque_buffer,
# This is not implemented yet
^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon
+# The RODC handling is wrong
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_auth3_01000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_auth3_613fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_auth3_e13fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_00000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_00000004
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_00004000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_01000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_01004004
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_400001ff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_413fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_603fbffb
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_613fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_80000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_e13fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_01000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_613fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_e13fffff
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_00000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_00004000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_603fbffb
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_80000000
+^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_authK_e13fffff
projects / thirdparty / samba.git / commitdiff
