pytest:krb5:ms_kile: adjust for 'require canonicalization'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
index 59be116a6bb70077fcbb4d07cdaffc5b53d96768..ba9abfe1e847f194d11223cd9605d5adf3243711 100755 (executable)
--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
@@ -107,6 +107,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
             name_type=NT_SRV_INST, names=["krbtgt", realm])
 
         rep = self.as_req(cname, sname, realm, etype)
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
+
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ
@@ -172,6 +178,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
 
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
+
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ
@@ -236,6 +248,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
             name_type=NT_SRV_INST, names=["krbtgt", realm])
 
         rep = self.as_req(cname, sname, realm, etype)
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
+
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ
@@ -313,6 +331,11 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
             # principal should not be found in this case
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
 
         self.check_as_reply(rep)
         salt = "%s%s" % (realm.upper(), user_name)
@@ -371,6 +394,11 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
         if not self.uncanonicalized_implicit_dollar:
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
 
         self.check_pre_authentication(rep)
 
@@ -440,6 +468,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
         if not self.uncanonicalized_implicit_dollar:
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
+
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ
@@ -480,6 +514,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
             name_type=NT_SRV_INST, names=["krbtgt", realm])
 
         rep = self.as_req(cname, sname, realm, etype)
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
+
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ
@@ -544,6 +584,11 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
             name_type=NT_SRV_INST, names=["krbtgt", realm])
 
         rep = self.as_req(cname, sname, realm, etype)
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ
@@ -612,6 +657,11 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
         if not self.uncanonicalized_implicit_dollar:
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
 
         self.check_pre_authentication(rep)
 
@@ -690,6 +740,11 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
         if not self.uncanonicalized_implicit_dollar:
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
 
         self.check_as_reply(rep)
         salt = "%s%s" % (realm.upper(), user_name)
@@ -750,6 +805,11 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
         if not self.uncanonicalized_implicit_dollar:
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
 
         self.check_pre_authentication(rep)
 
@@ -820,6 +880,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
         if not self.uncanonicalized_implicit_dollar:
             self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
             return
+        if self.require_canonicalization:
+            # we have not provided the canonicalize (or any other) kdcoption
+            # so preauth will fail.
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return
+
         self.check_pre_authentication(rep)
 
         # Do the next AS-REQ

diff --git a/selftest/knownfail.d/krb5-require-canon b/selftest/knownfail.d/krb5-require-canon
index 11710f4dc8950baf598d499394399a6f5f5cab07..e797daf19cee61318ceff8a66866d7df041a8cb8 100644 (file)
--- a/selftest/knownfail.d/krb5-require-canon
+++ b/selftest/knownfail.d/krb5-require-canon
@@ -1,15 +1,3 @@
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_enterprise_principal_step_1_3\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_enterprise_principal_step_4\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_enterprise_principal_step_5\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_enterprise_principal_step_6_a\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_enterprise_principal_step_6_b\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_1\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_2\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_3\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_4_a\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_4_b\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_4_c\(schema_dc\)
-^samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.samba\.tests\.krb5\.ms_kile_client_principal_lookup_tests\.MS_Kile_Client_Principal_Lookup_Tests\.test_nt_principal_step_6_c\(schema_dc\)
 ^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_enc_timestamp\(schema_dc\)
 ^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_enc_timestamp_aes128_rc4\(schema_dc\)
 ^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_enc_timestamp_mac\(schema_dc\)