]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Add tests for omitting sname in request
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Fri, 27 Aug 2021 01:02:04 +0000 (13:02 +1200)
committerAndreas Schneider <asn@cryptomilk.org>
Thu, 2 Sep 2021 13:41:28 +0000 (13:41 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
python/samba/tests/krb5/fast_tests.py
selftest/knownfail_heimdal_kdc
selftest/knownfail_mit_kdc

index 559f5dc14c6b0addad26abedb4436d3d07c8d650..2a423402c7ac4f160c0d3d3b3be76b529a5d4c52 100755 (executable)
@@ -105,6 +105,79 @@ class FAST_Tests(KDCBaseTest):
             }
         ])
 
+    def test_simple_no_sname(self):
+        krbtgt_creds = self.get_krbtgt_creds()
+        krbtgt_username = krbtgt_creds.get_username()
+        krbtgt_realm = krbtgt_creds.get_realm()
+        expected_sname = self.PrincipalName_create(
+            name_type=NT_SRV_INST, names=[krbtgt_username, krbtgt_realm])
+
+        self._run_test_sequence([
+            {
+                'rep_type': KRB_AS_REP,
+                'expected_error_mode': KDC_ERR_GENERIC,
+                'use_fast': False,
+                'sname': None,
+                'expected_sname': expected_sname
+            }
+        ])
+
+    def test_simple_tgs_no_sname(self):
+        krbtgt_creds = self.get_krbtgt_creds()
+        krbtgt_username = krbtgt_creds.get_username()
+        krbtgt_realm = krbtgt_creds.get_realm()
+        expected_sname = self.PrincipalName_create(
+            name_type=NT_SRV_INST, names=[krbtgt_username, krbtgt_realm])
+
+        self._run_test_sequence([
+            {
+                'rep_type': KRB_TGS_REP,
+                'expected_error_mode': KDC_ERR_GENERIC,
+                'use_fast': False,
+                'gen_tgt_fn': self.get_user_tgt,
+                'sname': None,
+                'expected_sname': expected_sname
+            }
+        ])
+
+    def test_fast_no_sname(self):
+        krbtgt_creds = self.get_krbtgt_creds()
+        krbtgt_username = krbtgt_creds.get_username()
+        krbtgt_realm = krbtgt_creds.get_realm()
+        expected_sname = self.PrincipalName_create(
+            name_type=NT_SRV_INST, names=[krbtgt_username, krbtgt_realm])
+
+        self._run_test_sequence([
+            {
+                'rep_type': KRB_AS_REP,
+                'expected_error_mode': KDC_ERR_GENERIC,
+                'use_fast': True,
+                'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
+                'gen_armor_tgt_fn': self.get_mach_tgt,
+                'sname': None,
+                'expected_sname': expected_sname
+            }
+        ])
+
+    def test_fast_tgs_no_sname(self):
+        krbtgt_creds = self.get_krbtgt_creds()
+        krbtgt_username = krbtgt_creds.get_username()
+        krbtgt_realm = krbtgt_creds.get_realm()
+        expected_sname = self.PrincipalName_create(
+            name_type=NT_SRV_INST, names=[krbtgt_username, krbtgt_realm])
+
+        self._run_test_sequence([
+            {
+                'rep_type': KRB_TGS_REP,
+                'expected_error_mode': KDC_ERR_GENERIC,
+                'use_fast': True,
+                'gen_tgt_fn': self.get_user_tgt,
+                'fast_armor': None,
+                'sname': None,
+                'expected_sname': expected_sname
+            }
+        ])
+
     def test_simple_tgs_wrong_principal(self):
         mach_creds = self.get_mach_creds()
         mach_name = mach_creds.get_username()
@@ -1137,11 +1210,17 @@ class FAST_Tests(KDCBaseTest):
             cname = client_cname if rep_type == KRB_AS_REP else None
             crealm = client_realm
 
+            if 'sname' in kdc_dict:
+                sname = kdc_dict.pop('sname')
+            else:
+                if rep_type == KRB_AS_REP:
+                    sname = krbtgt_sname
+                else:  # KRB_TGS_REP
+                    sname = target_sname
+
             if rep_type == KRB_AS_REP:
-                sname = krbtgt_sname
                 srealm = krbtgt_realm
             else:  # KRB_TGS_REP
-                sname = target_sname
                 srealm = target_realm
 
             expected_cname = kdc_dict.pop('expected_cname', client_cname)
index f430bda9cd85e505be81d4e7568cc238acd7f6bd..b336d6fb3e23db6183f9fd13d540cb2c07ecdc66 100644 (file)
@@ -67,3 +67,6 @@
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_unarmored_as_req.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_outer_no_sname.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc
index 02dbe1aa2fbb7b31e555289d2ee99c58c2434a18..41ad93b89c57cdbe41fd2c650b85e01f4425a204 100644 (file)
@@ -292,3 +292,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_unarmored_as_req.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_outer_no_sname.ad_dc
 ^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_outer_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_tgs_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_no_sname.ad_dc
+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_tgs_no_sname.ad_dc