]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5/raw_testcase.py: add KERB_PA_PAC_REQUEST_create()
authorStefan Metzmacher <metze@samba.org>
Thu, 16 Apr 2020 08:43:54 +0000 (10:43 +0200)
committerStefan Metzmacher <metze@samba.org>
Thu, 1 Jul 2021 17:46:31 +0000 (17:46 +0000)
This allows building the pre-authentication data that encodes
the request for the KDC (or more likely a request not to include)
the KRB5 PAC in the resulting ticket.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/krb5/raw_testcase.py

index 71a4753717fed5ac3ddd5dc204284544dd41fdbc..f341911ef53f6dc451461c76a104de1560e74380 100644 (file)
@@ -799,6 +799,21 @@ class RawKerberosTest(TestCaseInTempDir):
         }
         return PA_ENC_TS_ENC_obj
 
+    def KERB_PA_PAC_REQUEST_create(self, include_pac, pa_data_create=True):
+        #KERB-PA-PAC-REQUEST ::= SEQUENCE {
+        #        include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC.
+        #                               --If FALSE, and PAC present, remove PAC
+        #}
+        KERB_PA_PAC_REQUEST_obj = {
+            'include-pac': include_pac,
+        }
+        if not pa_data_create:
+            return KERB_PA_PAC_REQUEST_obj
+        pa_pac = self.der_encode(KERB_PA_PAC_REQUEST_obj,
+                                 asn1Spec=krb5_asn1.KERB_PA_PAC_REQUEST())
+        pa_data = self.PA_DATA_create(128, pa_pac) # PA-PAC-REQUEST
+        return pa_data
+
     def KDC_REQ_BODY_create(self,
                             kdc_options,
                             cname,