]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Require ticket checksums if decryption key is available
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 5 Oct 2021 02:39:11 +0000 (15:39 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 14 Oct 2021 18:59:31 +0000 (18:59 +0000)
We perform this check conditionally, because MIT doesn't currently add
ticket checksums.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/krb5/raw_testcase.py

index 1f7c51c07a53ba7c348f33d44b3f9b63799f19b6..2e289c90ce7953ee658dccae2ea41aa8a685ab24 100644 (file)
@@ -2493,15 +2493,14 @@ class RawKerberosTest(TestCaseInTempDir):
             ticket_private=ticket_private,
             encpart_private=encpart_private)
 
-        # TODO: This parameter should be removed when all service tickets are
-        # issued with ticket checksums.
         expect_ticket_checksum = kdc_exchange_dict['expect_ticket_checksum']
         if expect_ticket_checksum:
             self.assertIsNotNone(ticket_decryption_key)
 
         if ticket_decryption_key is not None:
             self.verify_ticket(ticket_creds, krbtgt_key, expect_pac=expect_pac,
-                               expect_ticket_checksum=expect_ticket_checksum)
+                               expect_ticket_checksum=expect_ticket_checksum
+                               or self.tkt_sig_support)
 
         kdc_exchange_dict['rep_ticket_creds'] = ticket_creds