def get_tgt(self, creds, to_rodc=False, kdc_options=None,
expected_flags=None, unexpected_flags=None,
+ expected_account_name=None,
+ expected_sid=None,
pac_request=True, expect_pac=True, fresh=False):
user_name = creds.get_username()
cache_key = (user_name, to_rodc, kdc_options, pac_request)
expected_cname=cname,
expected_srealm=realm,
expected_sname=sname,
+ expected_account_name=expected_account_name,
+ expected_sid=expected_sid,
expected_salt=salt,
expected_flags=expected_flags,
unexpected_flags=unexpected_flags,
expected_anon=False,
expected_srealm=None,
expected_sname=None,
+ expected_account_name=None,
+ expected_sid=None,
expected_supported_etypes=None,
expected_flags=None,
unexpected_flags=None,
'expected_anon': expected_anon,
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
+ 'expected_account_name': expected_account_name,
+ 'expected_sid': expected_sid,
'expected_supported_etypes': expected_supported_etypes,
'expected_flags': expected_flags,
'unexpected_flags': unexpected_flags,
expected_anon=False,
expected_srealm=None,
expected_sname=None,
+ expected_account_name=None,
+ expected_sid=None,
expected_supported_etypes=None,
expected_flags=None,
unexpected_flags=None,
'expected_anon': expected_anon,
'expected_srealm': expected_srealm,
'expected_sname': expected_sname,
+ 'expected_account_name': expected_account_name,
+ 'expected_sid': expected_sid,
'expected_supported_etypes': expected_supported_etypes,
'expected_flags': expected_flags,
'unexpected_flags': unexpected_flags,
f'expected: {expected_types} '
f'got: {buffer_types}')
+ expected_account_name = kdc_exchange_dict['expected_account_name']
+ expected_sid = kdc_exchange_dict['expected_sid']
+
for pac_buffer in pac.buffers:
if pac_buffer.type == krb5pac.PAC_TYPE_CONSTRAINED_DELEGATION:
expected_proxy_target = kdc_exchange_dict[
self.assertEqual(account_name, pac_buffer.info.account_name)
+ elif pac_buffer.type == krb5pac.PAC_TYPE_LOGON_INFO:
+ logon_info = pac_buffer.info.info.info3.base
+
+ if expected_account_name is not None:
+ self.assertEqual(expected_account_name,
+ str(logon_info.account_name))
+
+ if expected_sid is not None:
+ expected_rid = int(expected_sid.rsplit('-', 1)[1])
+ self.assertEqual(expected_rid, logon_info.rid)
+
def generic_check_kdc_error(self,
kdc_exchange_dict,
callback_dict,
etypes,
padata,
kdc_options,
+ expected_account_name=None,
+ expected_sid=None,
expected_flags=None,
unexpected_flags=None,
expected_supported_etypes=None,
expected_cname=expected_cname,
expected_srealm=expected_srealm,
expected_sname=expected_sname,
+ expected_account_name=expected_account_name,
+ expected_sid=expected_sid,
expected_supported_etypes=expected_supported_etypes,
ticket_decryption_key=ticket_decryption_key,
generate_padata_fn=generate_padata_fn,
client_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
names=[client_name])
+ samdb = self.get_samdb()
+ client_dn = client_creds.get_dn()
+ sid = self.get_objectSid(samdb, client_dn)
+
service_name = service_creds.get_username()[:-1]
service_sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
names=['host', service_name])
expected_cname=client_cname,
expected_srealm=realm,
expected_sname=service_sname,
+ expected_account_name=client_name,
+ expected_sid=sid,
expected_flags=expected_flags,
unexpected_flags=unexpected_flags,
ticket_decryption_key=service_decryption_key,
account_type=self.AccountType.USER,
opts=client_opts)
+ samdb = self.get_samdb()
+ client_dn = client_creds.get_dn()
+ sid = self.get_objectSid(samdb, client_dn)
+
service1_opts = kdc_dict.pop('service1_opts', {})
service2_opts = kdc_dict.pop('service2_opts', {})
expected_cname=client_cname,
expected_srealm=service2_realm,
expected_sname=service2_sname,
+ expected_account_name=client_username,
+ expected_sid=sid,
expected_supported_etypes=service2_etypes,
ticket_decryption_key=service2_decryption_key,
check_error_fn=check_error_fn,
projects / thirdparty / samba.git / commitdiff
