]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Cache obtained tickets
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Mon, 20 Sep 2021 23:51:20 +0000 (11:51 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 21 Sep 2021 23:05:41 +0000 (23:05 +0000)
Now tickets obtained with get_tgt() and get_service_ticket() make use of
a cache so they can be reused, unless the 'fresh' parameter is specified
as true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/krb5/kdc_base_test.py

index 28d34210fcef3c4d1dd269af8f358aa82c7ee502..59175c7bb2ff1b35d5da7d5b505e07c31814e57f 100644 (file)
@@ -110,6 +110,7 @@ class KDCBaseTest(RawKerberosTest):
         cls.accounts = set()
 
         cls.account_cache = {}
+        cls.tkt_cache = {}
 
         cls._rodc_ctx = None
 
@@ -1125,7 +1126,17 @@ class KDCBaseTest(RawKerberosTest):
         return rep, enc_part
 
     def get_service_ticket(self, tgt, target_creds, service='host',
-                           to_rodc=False):
+                           to_rodc=False, fresh=False):
+        user_name = tgt.cname['name-string'][0]
+        target_name = target_creds.get_username()
+        cache_key = (user_name, target_name, service, to_rodc)
+
+        if not fresh:
+            ticket = self.tkt_cache.get(cache_key)
+
+            if ticket is not None:
+                return ticket
+
         etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
 
         key = tgt.session_key
@@ -1157,11 +1168,23 @@ class KDCBaseTest(RawKerberosTest):
                                                    sname=sname,
                                                    decryption_key=target_key)
 
+        self.tkt_cache[cache_key] = service_ticket_creds
+
         return service_ticket_creds
 
     def get_tgt(self, creds, to_rodc=False, kdc_options=None,
-                expected_flags=None, unexpected_flags=None):
+                expected_flags=None, unexpected_flags=None,
+                fresh=False):
         user_name = creds.get_username()
+        cache_key = (user_name, to_rodc, kdc_options,
+                     expected_flags, unexpected_flags)
+
+        if not fresh:
+            tgt = self.tkt_cache.get(cache_key)
+
+            if tgt is not None:
+                return tgt
+
         realm = creds.get_realm()
 
         salt = creds.get_salt()
@@ -1253,6 +1276,8 @@ class KDCBaseTest(RawKerberosTest):
 
         ticket_creds = kdc_exchange_dict['rep_ticket_creds']
 
+        self.tkt_cache[cache_key] = ticket_creds
+
         return ticket_creds
 
     # Named tuple to contain values of interest when the PAC is decoded.