From: Joseph Sutton Date: Fri, 27 Aug 2021 01:00:37 +0000 (+1200) Subject: tests/krb5: Check PADATA-PW-SALT element in e-data X-Git-Tag: ldb-2.5.0~800 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e4d757394a0bbda587d5ff91801f88539b712b1;p=thirdparty%2Fsamba.git tests/krb5: Check PADATA-PW-SALT element in e-data BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton Reviewed-by: Andreas Schneider --- diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index ba6d07ce465..4e7891ae89a 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -2328,6 +2328,7 @@ class RawKerberosTest(TestCaseInTempDir): fast_error = None fx_fast = None pac_options = None + pw_salt = None for pa in rep_padata: patype = self.getElementValue(pa, 'padata-type') pavalue = self.getElementValue(pa, 'padata-value') @@ -2380,6 +2381,11 @@ class RawKerberosTest(TestCaseInTempDir): pac_options = pavalue self.assertIsNotNone(pac_options) continue + if patype == PADATA_PW_SALT: + self.assertIsNone(pw_salt) + pw_salt = pavalue + self.assertIsNotNone(pw_salt) + continue if fast_cookie is not None: kdc_exchange_dict['fast_cookie'] = fast_cookie @@ -2395,6 +2401,14 @@ class RawKerberosTest(TestCaseInTempDir): if pac_options is not None: self.check_pac_options_claims_support(pac_options) + if pw_salt is not None: + self.assertEqual(12, len(pw_salt)) + + status = int.from_bytes(pw_salt[:4], 'little') + flags = int.from_bytes(pw_salt[8:], 'little') + + self.assertEqual(3, flags) + if enc_challenge is not None: if not sent_enc_challenge: self.assertEqual(len(enc_challenge), 0)