-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-cmdline\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-pac\-request\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-break\-pw\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-clock\-skew\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-aes\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-rc4\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-aes\-rc4\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-change\-server\-in\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-change\-server\-out\(schema_dc:local\)
-^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.as\-req\-change\-server\-both\(schema_dc:local\)
^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.canon\.no\-canon\.no\-enterprise\.lc\-user\.no\-win2k\.samaccountname\.normal\.no\-canon\.no\-enterprise\.lc\-user\.no\-win2k\.samaccountname\.normal\(schema_dc:local\)
^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.canon\.no\-canon\.no\-enterprise\.uc\-user\.no\-win2k\.samaccountname\.normal\.no\-canon\.no\-enterprise\.uc\-user\.no\-win2k\.samaccountname\.normal\(schema_dc:local\)
^samba4\.krb5\.kdc\ with\ machine\ account\ require\ canonicalization\.canon\.no\-canon\.no\-enterprise\.lc\-user\.win2k\.samaccountname\.normal\.no\-canon\.no\-enterprise\.lc\-user\.win2k\.samaccountname\.normal\(schema_dc:local\)
#include "source4/auth/kerberos/kerberos.h"
#include "source4/auth/kerberos/kerberos_util.h"
#include "lib/util/util_net.h"
+#include "param/param.h"
#define krb5_is_app_tag(dat,tag) \
((dat != NULL) && (dat)->length && \
KRB_ERROR error;
size_t used;
bool ok;
+ bool require_canon = lpcfg_kdc_require_canonicalization(
+ test_context->tctx->lp_ctx);
+
+ if (require_canon) {
+ torture_comment(test_context->tctx, "require_canon\n");
+ ok = torture_check_krb5_error(test_context,
+ recv_buf,
+ KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN,
+ false);
+ torture_assert(test_context->tctx,
+ ok,
+ "canonicalization required");
+ return true;
+ }
switch (test_context->test)
{
krb5_get_init_creds_opt *krb_options = NULL;
const char *realm;
const char *krb5_hostname = torture_setting_string(tctx, "krb5-hostname", "");
-
+ bool require_canon = lpcfg_kdc_require_canonicalization(tctx->lp_ctx);
ok = torture_krb5_init_context(tctx, test, &smb_krb5_context);
torture_assert(tctx, ok, "torture_krb5_init_context failed");
k5ret = krb5_get_init_creds_password(smb_krb5_context->krb5_context, &my_creds, principal,
password, NULL, NULL, 0,
NULL, krb_options);
+
+ if (require_canon) {
+ /*
+ * The clients in these requests are not using canonicalization, so
+ * in all cases where the server has 'require canonicalization = yes',
+ * the error code will be the same.
+ */
+ torture_assert_int_equal(tctx,
+ k5ret,
+ KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN,
+ "server requires client to ask for canonicalization");
+ return true;
+ }
+
krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
switch (test)
projects / thirdparty / samba.git / commitdiff
