KU_TICKET,
NT_PRINCIPAL,
NT_SRV_INST,
- NT_WELLKNOWN,
PADATA_FX_COOKIE,
PADATA_FX_FAST,
PADATA_PAC_OPTIONS
])
def test_fast_hide_client_names(self):
- user_creds = self.get_client_creds()
- user_name = user_creds.get_username()
- user_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
- names=[user_name])
-
- expected_cname = self.PrincipalName_create(
- name_type=NT_WELLKNOWN, names=['WELLKNOWN', 'ANONYMOUS'])
-
self._run_test_sequence([
{
'rep_type': KRB_AS_REP,
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
'gen_armor_tgt_fn': self.get_mach_tgt,
'fast_options': '01', # hide client names
- 'expected_cname': expected_cname
+ 'expected_anon': True
},
{
'rep_type': KRB_AS_REP,
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
'gen_armor_tgt_fn': self.get_mach_tgt,
'fast_options': '01', # hide client names
- 'expected_cname': expected_cname,
- 'expected_cname_private': user_cname
+ 'expected_anon': True
}
])
def test_fast_tgs_hide_client_names(self):
- user_creds = self.get_client_creds()
- user_name = user_creds.get_username()
- user_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
- names=[user_name])
-
- expected_cname = self.PrincipalName_create(
- name_type=NT_WELLKNOWN, names=['WELLKNOWN', 'ANONYMOUS'])
-
self._run_test_sequence([
{
'rep_type': KRB_TGS_REP,
'gen_tgt_fn': self.get_user_tgt,
'fast_armor': None,
'fast_options': '01', # hide client names
- 'expected_cname': expected_cname,
- 'expected_cname_private': user_cname
+ 'expected_anon': True
}
])
srealm = target_realm
expected_cname = kdc_dict.pop('expected_cname', client_cname)
- expected_cname_private = kdc_dict.pop('expected_cname_private',
- None)
+ expected_anon = kdc_dict.pop('expected_anon',
+ False)
expected_crealm = kdc_dict.pop('expected_crealm', client_realm)
expected_sname = kdc_dict.pop('expected_sname', sname)
expected_srealm = kdc_dict.pop('expected_srealm', srealm)
kdc_exchange_dict = self.as_exchange_dict(
expected_crealm=expected_crealm,
expected_cname=expected_cname,
- expected_cname_private=expected_cname_private,
+ expected_anon=expected_anon,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
ticket_decryption_key=krbtgt_decryption_key,
kdc_exchange_dict = self.tgs_exchange_dict(
expected_crealm=expected_crealm,
expected_cname=expected_cname,
- expected_cname_private=expected_cname_private,
+ expected_anon=expected_anon,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
ticket_decryption_key=target_decryption_key,
def as_exchange_dict(self,
expected_crealm=None,
expected_cname=None,
- expected_cname_private=None,
+ expected_anon=False,
expected_srealm=None,
expected_sname=None,
ticket_decryption_key=None,
'rep_encpart_asn1Spec': krb5_asn1.EncASRepPart,
'expected_crealm': expected_crealm,
'expected_cname': expected_cname,
+ 'expected_anon': expected_anon,
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
'ticket_decryption_key': ticket_decryption_key,
'inner_req': inner_req,
'outer_req': outer_req
}
- if expected_cname_private is not None:
- kdc_exchange_dict['expected_cname_private'] = (
- expected_cname_private)
-
if callback_dict is None:
callback_dict = {}
def tgs_exchange_dict(self,
expected_crealm=None,
expected_cname=None,
- expected_cname_private=None,
+ expected_anon=False,
expected_srealm=None,
expected_sname=None,
ticket_decryption_key=None,
'rep_encpart_asn1Spec': krb5_asn1.EncTGSRepPart,
'expected_crealm': expected_crealm,
'expected_cname': expected_cname,
+ 'expected_anon': expected_anon,
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
'ticket_decryption_key': ticket_decryption_key,
'inner_req': inner_req,
'outer_req': outer_req
}
- if expected_cname_private is not None:
- kdc_exchange_dict['expected_cname_private'] = (
- expected_cname_private)
-
if callback_dict is None:
callback_dict = {}
rep):
expected_crealm = kdc_exchange_dict['expected_crealm']
- expected_cname = kdc_exchange_dict['expected_cname']
+ expected_anon = kdc_exchange_dict['expected_anon']
expected_srealm = kdc_exchange_dict['expected_srealm']
expected_sname = kdc_exchange_dict['expected_sname']
ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key']
padata = self.getElementValue(rep, 'padata')
if self.strict_checking:
self.assertElementEqualUTF8(rep, 'crealm', expected_crealm)
+ if expected_anon:
+ expected_cname = self.PrincipalName_create(
+ name_type=NT_WELLKNOWN,
+ names=['WELLKNOWN', 'ANONYMOUS'])
+ else:
+ expected_cname = kdc_exchange_dict['expected_cname']
self.assertElementEqualPrincipal(rep, 'cname', expected_cname)
self.assertElementPresent(rep, 'ticket')
ticket = self.getElementValue(rep, 'ticket')
and kdc_options[canon_pos] == '1')
expected_crealm = kdc_exchange_dict['expected_crealm']
+ expected_cname = kdc_exchange_dict['expected_cname']
expected_srealm = kdc_exchange_dict['expected_srealm']
expected_sname = kdc_exchange_dict['expected_sname']
ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key']
- try:
- expected_cname = kdc_exchange_dict['expected_cname_private']
- except KeyError:
- expected_cname = kdc_exchange_dict['expected_cname']
ticket = self.getElementValue(rep, 'ticket')
rep_msg_type = kdc_exchange_dict['rep_msg_type']
- expected_cname = kdc_exchange_dict['expected_cname']
+ expected_anon = kdc_exchange_dict['expected_anon']
expected_srealm = kdc_exchange_dict['expected_srealm']
expected_sname = kdc_exchange_dict['expected_sname']
expected_error_mode = kdc_exchange_dict['expected_error_mode']
# error-code checked above
if self.strict_checking:
self.assertElementMissing(rep, 'crealm')
- if expected_cname['name-type'] == NT_WELLKNOWN and not inner:
+ if expected_anon and not inner:
+ expected_cname = self.PrincipalName_create(
+ name_type=NT_WELLKNOWN,
+ names=['WELLKNOWN', 'ANONYMOUS'])
self.assertElementEqualPrincipal(rep, 'cname', expected_cname)
else:
self.assertElementMissing(rep, 'cname')