def get_tgt(self, creds, to_rodc=False, kdc_options=None,
expected_flags=None, unexpected_flags=None,
- expected_account_name=None,
+ expected_account_name=None, expected_upn_name=None,
expected_sid=None,
pac_request=True, expect_pac=True, fresh=False):
user_name = creds.get_username()
expected_srealm=realm,
expected_sname=sname,
expected_account_name=expected_account_name,
+ expected_upn_name=expected_upn_name,
expected_sid=expected_sid,
expected_salt=salt,
expected_flags=expected_flags,
def _make_tgs_request(self, client_creds, service_creds, tgt,
pac_request=None, expect_pac=True,
- expect_error=False):
+ expect_error=False,
+ expected_account_name=None,
+ expected_upn_name=None,
+ expected_sid=None):
client_account = client_creds.get_username()
cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
names=[client_account])
expected_cname=expected_cname,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
+ expected_account_name=expected_account_name,
+ expected_upn_name=expected_upn_name,
+ expected_sid=expected_sid,
expected_supported_etypes=expected_supported_etypes,
ticket_decryption_key=target_decryption_key,
check_error_fn=check_error_fn,
self._make_tgs_request(client_creds, service_creds, tgt,
expect_pac=False, expect_error=True)
+ def test_upn_dns_info_ex_user(self):
+ client_creds = self.get_client_creds()
+ self._run_upn_dns_info_ex_test(client_creds)
+
+ def test_upn_dns_info_ex_mac(self):
+ mach_creds = self.get_mach_creds()
+ self._run_upn_dns_info_ex_test(mach_creds)
+
+ def test_upn_dns_info_ex_upn_user(self):
+ client_creds = self.get_cached_creds(
+ account_type=self.AccountType.USER,
+ opts={'upn': 'upn_dns_info_test_upn0@bar'})
+ self._run_upn_dns_info_ex_test(client_creds)
+
+ def test_upn_dns_info_ex_upn_mac(self):
+ mach_creds = self.get_cached_creds(
+ account_type=self.AccountType.COMPUTER,
+ opts={'upn': 'upn_dns_info_test_upn1@bar'})
+ self._run_upn_dns_info_ex_test(mach_creds)
+
+ def _run_upn_dns_info_ex_test(self, client_creds):
+ service_creds = self.get_service_creds()
+
+ samdb = self.get_samdb()
+ dn = client_creds.get_dn()
+
+ account_name = client_creds.get_username()
+ upn_name = client_creds.get_upn()
+ if upn_name is None:
+ realm = client_creds.get_realm().lower()
+ upn_name = f'{account_name}@{realm}'
+ sid = self.get_objectSid(samdb, dn)
+
+ tgt = self.get_tgt(client_creds,
+ expected_account_name=account_name,
+ expected_upn_name=upn_name,
+ expected_sid=sid)
+
+ self._make_tgs_request(client_creds, service_creds, tgt,
+ expected_account_name=account_name,
+ expected_upn_name=upn_name,
+ expected_sid=sid)
+
# Test making a TGS request.
def test_tgs_req(self):
creds = self._get_creds()
expected_srealm=None,
expected_sname=None,
expected_account_name=None,
+ expected_upn_name=None,
expected_sid=None,
expected_supported_etypes=None,
expected_flags=None,
expect_edata=None,
expect_pac=True,
expect_claims=True,
+ expect_upn_dns_info_ex=None,
to_rodc=False):
if expected_error_mode == 0:
expected_error_mode = ()
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
'expected_account_name': expected_account_name,
+ 'expected_upn_name': expected_upn_name,
'expected_sid': expected_sid,
'expected_supported_etypes': expected_supported_etypes,
'expected_flags': expected_flags,
'expect_edata': expect_edata,
'expect_pac': expect_pac,
'expect_claims': expect_claims,
+ 'expect_upn_dns_info_ex': expect_upn_dns_info_ex,
'to_rodc': to_rodc
}
if callback_dict is None:
expected_srealm=None,
expected_sname=None,
expected_account_name=None,
+ expected_upn_name=None,
expected_sid=None,
expected_supported_etypes=None,
expected_flags=None,
expect_edata=None,
expect_pac=True,
expect_claims=True,
+ expect_upn_dns_info_ex=None,
expected_proxy_target=None,
expected_transited_services=None,
to_rodc=False):
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
'expected_account_name': expected_account_name,
+ 'expected_upn_name': expected_upn_name,
'expected_sid': expected_sid,
'expected_supported_etypes': expected_supported_etypes,
'expected_flags': expected_flags,
'expect_edata': expect_edata,
'expect_pac': expect_pac,
'expect_claims': expect_claims,
+ 'expect_upn_dns_info_ex': expect_upn_dns_info_ex,
'expected_proxy_target': expected_proxy_target,
'expected_transited_services': expected_transited_services,
'to_rodc': to_rodc
expected_account_name = kdc_exchange_dict['expected_account_name']
expected_sid = kdc_exchange_dict['expected_sid']
+ expect_upn_dns_info_ex = kdc_exchange_dict['expect_upn_dns_info_ex']
+ if expect_upn_dns_info_ex is None and (
+ expected_account_name is not None
+ or expected_sid is not None):
+ expect_upn_dns_info_ex = True
+
for pac_buffer in pac.buffers:
if pac_buffer.type == krb5pac.PAC_TYPE_CONSTRAINED_DELEGATION:
expected_proxy_target = kdc_exchange_dict[
expected_rid = int(expected_sid.rsplit('-', 1)[1])
self.assertEqual(expected_rid, logon_info.rid)
+ elif pac_buffer.type == krb5pac.PAC_TYPE_UPN_DNS_INFO:
+ upn_dns_info = pac_buffer.info
+ upn_dns_info_ex = upn_dns_info.ex
+
+ expected_realm = kdc_exchange_dict['expected_crealm']
+ self.assertEqual(expected_realm,
+ upn_dns_info.dns_domain_name)
+
+ expected_upn_name = kdc_exchange_dict['expected_upn_name']
+ if expected_upn_name is not None:
+ self.assertEqual(expected_upn_name,
+ upn_dns_info.upn_name)
+
+ if expect_upn_dns_info_ex:
+ self.assertIsNotNone(upn_dns_info_ex)
+
+ if upn_dns_info_ex is not None:
+ if expected_account_name is not None:
+ self.assertEqual(expected_account_name,
+ upn_dns_info_ex.samaccountname)
+
+ if expected_sid is not None:
+ self.assertEqual(expected_sid,
+ str(upn_dns_info_ex.objectsid))
+
def generic_check_kdc_error(self,
kdc_exchange_dict,
callback_dict,
padata,
kdc_options,
expected_account_name=None,
+ expected_upn_name=None,
expected_sid=None,
expected_flags=None,
unexpected_flags=None,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
expected_account_name=expected_account_name,
+ expected_upn_name=expected_upn_name,
expected_sid=expected_sid,
expected_supported_etypes=expected_supported_etypes,
ticket_decryption_key=ticket_decryption_key,
tgt=service_tgt,
authenticator_subkey=authenticator_subkey,
kdc_options=str(kdc_options),
+ expect_upn_dns_info_ex=False,
expect_claims=False)
self._generic_kdc_exchange(kdc_exchange_dict,
kdc_options=kdc_options,
pac_options=pac_options,
expect_edata=expect_edata,
+ expect_upn_dns_info_ex=False,
expected_proxy_target=expected_proxy_target,
expected_transited_services=expected_transited_services,
expect_pac=expect_pac)
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_nonexisting
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_nonexisting
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_mac
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_upn_mac
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_upn_user
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_user
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_host
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_no_host
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_sid_mismatch_nonexisting
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_sid_mismatch_nonexisting
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_mac
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_upn_mac
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_upn_user
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_upn_dns_info_ex_user
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_authdata_no_pac
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_matching_sname_no_host
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_no_pac
projects / thirdparty / samba.git / commitdiff
