]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Add methods to determine whether elements were included in the request
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 27 Jul 2021 03:21:01 +0000 (15:21 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 18 Aug 2021 22:28:34 +0000 (22:28 +0000)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
python/samba/tests/krb5/raw_testcase.py

index 2963df7000348c8696d6f628c452be3574d430a4..d96cd1cfc155bd08e3c227f017c39cae4f006978 100644 (file)
@@ -69,6 +69,7 @@ from samba.tests.krb5.rfc4120_constants import (
     PADATA_FOR_USER,
     PADATA_FX_FAST,
     PADATA_KDC_REQ,
+    PADATA_PAC_OPTIONS,
     PADATA_PAC_REQUEST,
     PADATA_PK_AS_REQ,
     PADATA_PK_AS_REP_19
@@ -2382,6 +2383,30 @@ class RawKerberosTest(TestCaseInTempDir):
 
         return self.get_outer_pa_dict(kdc_exchange_dict)
 
+    def sent_fast(self, kdc_exchange_dict):
+        outer_pa_dict = self.get_outer_pa_dict(kdc_exchange_dict)
+
+        return PADATA_FX_FAST in outer_pa_dict
+
+    def sent_enc_challenge(self, kdc_exchange_dict):
+        fast_pa_dict = self.get_fast_pa_dict(kdc_exchange_dict)
+
+        return PADATA_ENCRYPTED_CHALLENGE in fast_pa_dict
+
+    def sent_claims(self, kdc_exchange_dict):
+        fast_pa_dict = self.get_fast_pa_dict(kdc_exchange_dict)
+
+        if PADATA_PAC_OPTIONS not in fast_pa_dict:
+            return False
+
+        pac_options = self.der_decode(fast_pa_dict[PADATA_PAC_OPTIONS],
+                                      asn1Spec=krb5_asn1.PA_PAC_OPTIONS())
+        pac_options = pac_options['options']
+        claims_pos = len(tuple(krb5_asn1.PACOptionFlags('claims'))) - 1
+
+        return (claims_pos < len(pac_options)
+                and pac_options[claims_pos] == '1')
+
     def _test_as_exchange(self,
                           cname,
                           realm,