]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 336a584)
tests/krb5: Test that computers (and, by extension, gMSAs) cannot perform interactive...
authorJo Sutton <josutton@catalyst.net.nz>
Fri, 26 Apr 2024 00:50:51 +0000 (12:50 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 16 May 2024 02:11:36 +0000 (02:11 +0000)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/krb5/gmsa_tests.py patch | blob | blame | history

diff --git a/python/samba/tests/krb5/gmsa_tests.py b/python/samba/tests/krb5/gmsa_tests.py
index fa77e198abf7fdd3b4381b3aef6f23a949ee4131..1ce6add528460961a652b2b715a7e9523301e4f7 100755 (executable)
--- a/python/samba/tests/krb5/gmsa_tests.py
+++ b/python/samba/tests/krb5/gmsa_tests.py
@@ -1520,6 +1520,22 @@ class GmsaTests(GkdiBaseTest, KDCBaseTest):
             validation_level=netlogon.NetlogonValidationSamInfo4,
         )
 
+    def test_computer_cannot_perform_interactive_logon(self):
+        self._test_samlogon(
+            self.get_mach_creds(),
+            netlogon.NetlogonInteractiveInformation,
+            expect_error=ntstatus.NT_STATUS_NO_SUCH_USER,
+            validation_level=netlogon.NetlogonValidationSamInfo4,
+        )
+
+    def test_gmsa_cannot_perform_interactive_logon(self):
+        self._test_samlogon(
+            self.gmsa_account(kerberos_enabled=False),
+            netlogon.NetlogonInteractiveInformation,
+            expect_error=ntstatus.NT_STATUS_NO_SUCH_USER,
+            validation_level=netlogon.NetlogonValidationSamInfo4,
+        )
+
     def _gmsa_can_perform_as_req(self, *, enctype: kcrypto.Enctype) -> None:
         self._as_req(self.gmsa_account(), self.get_service_creds(), enctype)
 
Mirror of https://github.com/samba-team/samba.git