global_asn1_print = False
global_hexdump = False
-@DynamicTestCase
-class AsReqKerberosTests(KDCBaseTest):
-
- @classmethod
- def setUpDynamicTestCases(cls):
- for (name, idx) in cls.etype_test_permutation_name_idx():
- for pac in [None, True, False]:
- tname = "%s_pac_%s" % (name, pac)
- targs = (idx, pac)
- cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs)
-
- def setUp(self):
- super(AsReqKerberosTests, self).setUp()
- self.do_asn1_print = global_asn1_print
- self.do_hexdump = global_hexdump
-
- def _test_as_req_nopreauth(self,
- initial_etypes,
- pac=None,
- initial_kdc_options=None):
- client_creds = self.get_client_creds()
- client_account = client_creds.get_username()
- client_as_etypes = self.get_default_enctypes()
- krbtgt_creds = self.get_krbtgt_creds(require_keys=False)
- krbtgt_account = krbtgt_creds.get_username()
- realm = krbtgt_creds.get_realm()
-
- cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
- names=[client_account])
- sname = self.PrincipalName_create(name_type=NT_SRV_INST,
- names=[krbtgt_account, realm])
-
- expected_crealm = realm
- expected_cname = cname
- expected_srealm = realm
- expected_sname = sname
- expected_salt = client_creds.get_salt()
-
- if any(etype in client_as_etypes and etype in initial_etypes
- for etype in (kcrypto.Enctype.AES256,
- kcrypto.Enctype.AES128,
- kcrypto.Enctype.RC4)):
- expected_error_mode = KDC_ERR_PREAUTH_REQUIRED
- else:
- expected_error_mode = KDC_ERR_ETYPE_NOSUPP
-
- kdc_exchange_dict = self.as_exchange_dict(
- expected_crealm=expected_crealm,
- expected_cname=expected_cname,
- expected_srealm=expected_srealm,
- expected_sname=expected_sname,
- generate_padata_fn=None,
- check_error_fn=self.generic_check_kdc_error,
- check_rep_fn=None,
- expected_error_mode=expected_error_mode,
- client_as_etypes=client_as_etypes,
- expected_salt=expected_salt,
- kdc_options=str(initial_kdc_options),
- pac_request=pac)
-
- self._generic_kdc_exchange(kdc_exchange_dict,
- cname=cname,
- realm=realm,
- sname=sname,
- etypes=initial_etypes)
-
- def _test_as_req_no_preauth_with_args(self, etype_idx, pac):
- name, etypes = self.etype_test_permutation_by_idx(etype_idx)
- self._test_as_req_nopreauth(
- pac=pac,
- initial_etypes=etypes,
- initial_kdc_options=krb5_asn1.KDCOptions('forwardable'))
-
- def test_as_req_enc_timestamp(self):
- client_creds = self.get_client_creds()
- self._run_as_req_enc_timestamp(client_creds)
-
- def test_as_req_enc_timestamp_mac(self):
- client_creds = self.get_mach_creds()
- self._run_as_req_enc_timestamp(client_creds)
+class AsReqBaseTest(KDCBaseTest):
def _run_as_req_enc_timestamp(self, client_creds):
client_account = client_creds.get_username()
client_as_etypes = self.get_default_enctypes()
return etype_info2
+@DynamicTestCase
+class AsReqKerberosTests(AsReqBaseTest):
+
+ @classmethod
+ def setUpDynamicTestCases(cls):
+ for (name, idx) in cls.etype_test_permutation_name_idx():
+ for pac in [None, True, False]:
+ tname = "%s_pac_%s" % (name, pac)
+ targs = (idx, pac)
+ cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs)
+
+ def setUp(self):
+ super(AsReqKerberosTests, self).setUp()
+ self.do_asn1_print = global_asn1_print
+ self.do_hexdump = global_hexdump
+
+ def _test_as_req_nopreauth(self,
+ initial_etypes,
+ pac=None,
+ initial_kdc_options=None):
+ client_creds = self.get_client_creds()
+ client_account = client_creds.get_username()
+ client_as_etypes = self.get_default_enctypes()
+ krbtgt_creds = self.get_krbtgt_creds(require_keys=False)
+ krbtgt_account = krbtgt_creds.get_username()
+ realm = krbtgt_creds.get_realm()
+
+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
+ names=[client_account])
+ sname = self.PrincipalName_create(name_type=NT_SRV_INST,
+ names=[krbtgt_account, realm])
+
+ expected_crealm = realm
+ expected_cname = cname
+ expected_srealm = realm
+ expected_sname = sname
+ expected_salt = client_creds.get_salt()
+
+ if any(etype in client_as_etypes and etype in initial_etypes
+ for etype in (kcrypto.Enctype.AES256,
+ kcrypto.Enctype.AES128,
+ kcrypto.Enctype.RC4)):
+ expected_error_mode = KDC_ERR_PREAUTH_REQUIRED
+ else:
+ expected_error_mode = KDC_ERR_ETYPE_NOSUPP
+
+ kdc_exchange_dict = self.as_exchange_dict(
+ expected_crealm=expected_crealm,
+ expected_cname=expected_cname,
+ expected_srealm=expected_srealm,
+ expected_sname=expected_sname,
+ generate_padata_fn=None,
+ check_error_fn=self.generic_check_kdc_error,
+ check_rep_fn=None,
+ expected_error_mode=expected_error_mode,
+ client_as_etypes=client_as_etypes,
+ expected_salt=expected_salt,
+ kdc_options=str(initial_kdc_options),
+ pac_request=pac)
+
+ self._generic_kdc_exchange(kdc_exchange_dict,
+ cname=cname,
+ realm=realm,
+ sname=sname,
+ etypes=initial_etypes)
+
+ def _test_as_req_no_preauth_with_args(self, etype_idx, pac):
+ name, etypes = self.etype_test_permutation_by_idx(etype_idx)
+ self._test_as_req_nopreauth(
+ pac=pac,
+ initial_etypes=etypes,
+ initial_kdc_options=krb5_asn1.KDCOptions('forwardable'))
+
+ def test_as_req_enc_timestamp(self):
+ client_creds = self.get_client_creds()
+ self._run_as_req_enc_timestamp(client_creds)
+
+ def test_as_req_enc_timestamp_mac(self):
+ client_creds = self.get_mach_creds()
+ self._run_as_req_enc_timestamp(client_creds)
+
+
if __name__ == "__main__":
global_asn1_print = False
global_hexdump = False
projects / thirdparty / samba.git / commitdiff
