]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2fd5166)
python/tests/krb5: Prepare to allow tests that use the PAC returned NT hash
authorAndrew Bartlett <abartlet@samba.org>
Tue, 26 Mar 2024 01:29:49 +0000 (14:29 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 28 Mar 2024 01:50:41 +0000 (01:50 +0000)
We want to use the PAC returned NT hash in the UF_SMARTCARD_REQUIRED case
as it will usually be random bytes so we can not just assert on the
value any more.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
python/samba/tests/krb5/pkinit_tests.py patch | blob | blame | history
python/samba/tests/krb5/raw_testcase.py patch | blob | blame | history

diff --git a/python/samba/tests/krb5/pkinit_tests.py b/python/samba/tests/krb5/pkinit_tests.py
index ac54d8e890046e1c0a8ef0c23c2e9d400a9750b0..998fe86d53481e0565cb63ff177f60116319962d 100755 (executable)
--- a/python/samba/tests/krb5/pkinit_tests.py
+++ b/python/samba/tests/krb5/pkinit_tests.py
@@ -584,7 +584,11 @@ class PkInitTests(KDCBaseTest):
                 send_enc_ts=False,
                 ):
         if send_enc_ts:
-            preauth_key = self.PasswordKey_from_creds(creds, kcrypto.Enctype.AES256)
+            if creds.get_password() is None:
+                # Try the NT hash if there isn't a password
+                preauth_key = self.PasswordKey_from_creds(creds, kcrypto.Enctype.RC4)
+            else:
+                preauth_key = self.PasswordKey_from_creds(creds, kcrypto.Enctype.AES256)
         else:
             preauth_key = None
 
@@ -1235,7 +1239,7 @@ class PkInitTests(KDCBaseTest):
             return None
 
         self.check_as_reply(rep)
-        return kdc_exchange_dict['rep_ticket_creds']
+        return kdc_exchange_dict
 
 
 if __name__ == '__main__':
diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index 72e5f41cfaa935a9219957e8055d8e357a1921b7..1a821632597ac9f9de55710d8594a73bf536e52a 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -4785,6 +4785,8 @@ class RawKerberosTest(TestCase):
                 else:
                     self.assertEqual(creds.get_nt_hash(), nt_password)
 
+                kdc_exchange_dict['nt_hash_from_pac'] = ntlm_package.nt_password
+
                 lm_password = bytes(ntlm_package.lm_password.hash)
                 self.assertEqual(bytes(16), lm_password)
 
Mirror of https://github.com/samba-team/samba.git