pytest:krb5 as_canonicalization checks no implicit $ return code

We check here instead of selftest/expectedfail.d/* in part because
on MIT some of these cases will fail to fail to ask for preauth.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py
index 2da62bc463303ac222e77a2b6d4e9f47cf34ebaf..47fb787ebafd4703f385a6c09a5d23fa0baa1218 100755 (executable)
--- a/python/samba/tests/krb5/as_canonicalization_tests.py
+++ b/python/samba/tests/krb5/as_canonicalization_tests.py
@@ -47,6 +47,7 @@ from samba.tests.krb5.rfc4120_constants import (
     NT_ENTERPRISE_PRINCIPAL,
     NT_PRINCIPAL,
     NT_SRV_INST,
+    KDC_ERR_C_PRINCIPAL_UNKNOWN,
 )
 
 global_asn1_print = False
@@ -309,6 +310,20 @@ class KerberosASCanonicalizationTests(KDCBaseTest):
         self.assertEqual(
             rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data)))
 
+        if (not self.uncanonicalized_implicit_dollar and
+            not data.canonicalize and
+            TestOptions.RemoveDollar.is_set(data.options) and
+            user_creds.get_username().endswith('$')):
+            # We expect the principal not to be found because
+            # a) smb.conf asked for foo -> foo$ to only match with canonicalization
+            # b) we as client are not requesting canonicalization
+            # c) we have removed a '$' from the true name
+            #
+            # These are the tests that combine "MachineCredentials"
+            # with "RemoveDollar" but not "Canonicalize".
+            self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN)
+            return (None, None)
+
         self.assertEqual(
             rep['error-code'],
             KDC_ERR_PREAUTH_REQUIRED,

diff --git a/selftest/knownfail.d/krb5-implicit-canon b/selftest/knownfail.d/krb5-implicit-canon
deleted file mode 100644 (file)
index 7f6c7b5..0000000
--- a/selftest/knownfail.d/krb5-implicit-canon
+++ /dev/null
@@ -1,64 +0,0 @@
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)