NT_SRV_INST,
PADATA_FX_COOKIE,
PADATA_FX_FAST,
+ PADATA_REQ_ENC_PA_REP,
)
import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1
import samba.tests.krb5.kcrypto as kcrypto
}
])
+ def test_simple_enc_pa_rep(self):
+ self._run_test_sequence([
+ {
+ 'rep_type': KRB_AS_REP,
+ 'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
+ 'use_fast': False
+ },
+ {
+ 'rep_type': KRB_AS_REP,
+ 'expected_error_mode': 0,
+ 'use_fast': False,
+ 'gen_padata_fn': self.generate_enc_pa_rep_timestamp_padata,
+ 'expected_flags': 'enc-pa-rep'
+ }
+ ])
+
+ # Currently we only send PADATA-REQ-ENC-PA-REP for AS-REQ requests.
+ def test_simple_tgs_enc_pa_rep(self):
+ self._run_test_sequence([
+ {
+ 'rep_type': KRB_TGS_REP,
+ 'expected_error_mode': 0,
+ 'use_fast': False,
+ 'gen_tgt_fn': self.get_user_tgt,
+ 'gen_padata_fn': self.generate_enc_pa_rep_padata,
+ 'expected_flags': 'enc-pa-rep'
+ }
+ ])
+
def test_simple_no_sname(self):
expected_sname = self.get_krbtgt_sname()
}
])
+ # Expected to fail against Windows - Windows does not produce an error.
def test_fast_unknown_critical_option(self):
self._run_test_sequence([
{
}
])
+ # Expected to fail against Windows - Windows does not produce an error.
def test_fast_encrypted_challenge_clock_skew(self):
# The KDC is supposed to confirm that the timestamp is within its
# current clock skew, and return KRB_APP_ERR_SKEW if it is not (RFC6113
}
])
+ def test_fast_enc_pa_rep(self):
+ self._run_test_sequence([
+ {
+ 'rep_type': KRB_AS_REP,
+ 'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
+ 'use_fast': True,
+ 'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
+ 'gen_armor_tgt_fn': self.get_mach_tgt,
+ 'expected_flags': 'enc-pa-rep'
+ },
+ {
+ 'rep_type': KRB_AS_REP,
+ 'expected_error_mode': 0,
+ 'use_fast': True,
+ 'gen_padata_fn': self.generate_enc_pa_rep_challenge_padata,
+ 'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
+ 'gen_armor_tgt_fn': self.get_mach_tgt,
+ 'expected_flags': 'enc-pa-rep'
+ }
+ ])
+
+ # Currently we only send PADATA-REQ-ENC-PA-REP for AS-REQ requests.
+ def test_fast_tgs_enc_pa_rep(self):
+ self._run_test_sequence([
+ {
+ 'rep_type': KRB_TGS_REP,
+ 'expected_error_mode': 0,
+ 'use_fast': True,
+ 'gen_tgt_fn': self.get_user_tgt,
+ 'fast_armor': None,
+ 'gen_padata_fn': self.generate_enc_pa_rep_padata,
+ 'expected_flags': 'enc-pa-rep'
+ }
+ ])
+
+ # Currently we only send PADATA-REQ-ENC-PA-REP for AS-REQ requests.
+ def test_fast_tgs_armor_enc_pa_rep(self):
+ self._run_test_sequence([
+ {
+ 'rep_type': KRB_TGS_REP,
+ 'expected_error_mode': 0,
+ 'use_fast': True,
+ 'gen_tgt_fn': self.get_user_tgt,
+ 'gen_armor_tgt_fn': self.get_mach_tgt,
+ 'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
+ 'gen_padata_fn': self.generate_enc_pa_rep_padata,
+ 'expected_flags': 'enc-pa-rep'
+ }
+ ])
+
def test_fast_outer_wrong_realm(self):
self._run_test_sequence([
{
# Ensure we used all the parameters given to us.
self.assertEqual({}, kdc_dict)
+ def generate_enc_pa_rep_padata(self,
+ kdc_exchange_dict,
+ callback_dict,
+ req_body):
+ padata = self.PA_DATA_create(PADATA_REQ_ENC_PA_REP, b'')
+
+ return [padata], req_body
+
+ def generate_enc_pa_rep_challenge_padata(self,
+ kdc_exchange_dict,
+ callback_dict,
+ req_body):
+ padata, req_body = self.generate_enc_challenge_padata(kdc_exchange_dict,
+ callback_dict,
+ req_body)
+
+ padata.append(self.PA_DATA_create(PADATA_REQ_ENC_PA_REP, b''))
+
+ return padata, req_body
+
+ def generate_enc_pa_rep_timestamp_padata(self,
+ kdc_exchange_dict,
+ callback_dict,
+ req_body):
+ padata, req_body = self.generate_enc_timestamp_padata(kdc_exchange_dict,
+ callback_dict,
+ req_body)
+
+ padata.append(self.PA_DATA_create(PADATA_REQ_ENC_PA_REP, b''))
+
+ return padata, req_body
+
def generate_fast_armor_auth_data(self):
auth_data = self.AuthorizationData_create(AD_FX_FAST_ARMOR, b'')
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_ad_fx_fast_armor_ticket.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_ad_fx_fast_armor_ticket2.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_authdata_fast_not_used.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_enc_pa_rep.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_enc_timestamp.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_as_req_self.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_outer_wrong_realm.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_outer_wrong_till.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_session_key.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_armor_enc_pa_rep.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_enc_pa_rep.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_hide_client_names.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_subkey.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_flags.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_realm.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_wrong_till.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_unknown_critical_option.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_enc_pa_rep.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_enc_pa_rep.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_unarmored_as_req.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_outer_no_sname.ad_dc
^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_no_sname.ad_dc
projects / thirdparty / samba.git / commitdiff
