]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
tests/krb5: Add method to calculate account salt
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Thu, 22 Jul 2021 04:22:09 +0000 (16:22 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 18 Aug 2021 22:28:33 +0000 (22:28 +0000)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
python/samba/tests/krb5/kdc_base_test.py
python/samba/tests/krb5/raw_testcase.py

index 21e2c04cea1513f49732d6f94794602c2c85d62d..0dbaeab4a0e5c74f1164ccb45df4a6cc8fb0fdaa 100644 (file)
@@ -192,6 +192,8 @@ class KDCBaseTest(RawKerberosTest):
         creds.set_username(account_name)
         if machine_account:
             creds.set_workstation(name)
+        else:
+            creds.set_workstation('')
         #
         # Save the account name so it can be deleted in tearDownClass
         self.accounts.add(dn)
index e48d501ad196e27814e648edc962a4b57e1fc5b3..2dbcc39114a70f29b27e9f65337b842b93d667fd 100644 (file)
@@ -295,6 +295,20 @@ class KerberosCredentials(Credentials):
     def get_forced_salt(self):
         return self.forced_salt
 
+    def get_salt(self):
+        if self.forced_salt is not None:
+            return self.forced_salt
+
+        if self.get_workstation():
+            salt_string = '%shost%s.%s' % (
+                self.get_realm().upper(),
+                self.get_username().lower().rsplit('$', 1)[0],
+                self.get_realm().lower())
+        else:
+            salt_string = self.get_realm().upper() + self.get_username()
+
+        return salt_string.encode('utf-8')
+
 
 class KerberosTicketCreds:
     def __init__(self, ticket, session_key,
@@ -940,10 +954,7 @@ class RawKerberosTest(TestCaseInTempDir):
 
         password = creds.get_password()
         self.assertIsNotNone(password, msg=fail_msg)
-        salt = creds.get_forced_salt()
-        if salt is None:
-            salt = bytes("%s%s" % (creds.get_realm(), creds.get_username()),
-                         encoding='utf-8')
+        salt = creds.get_salt()
         return self.PasswordKey_create(etype=etype,
                                        pwd=password,
                                        salt=salt,