From: Joseph Sutton Date: Thu, 2 Mar 2023 23:20:06 +0000 (+1300) Subject: tests/krb5: Allow creating accounts supporting claims or compound identity separately X-Git-Tag: talloc-2.4.1~1469 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23ce6f30e289fcc5ebc4e54a2cd0dd3e47adda6e;p=thirdparty%2Fsamba.git tests/krb5: Allow creating accounts supporting claims or compound identity separately Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/tests/krb5/fast_tests.py b/python/samba/tests/krb5/fast_tests.py index f5125495fa2..302fc98edf1 100755 --- a/python/samba/tests/krb5/fast_tests.py +++ b/python/samba/tests/krb5/fast_tests.py @@ -1921,6 +1921,8 @@ class FAST_Tests(KDCBaseTest): opts={ **opts, 'fast_support': True, + 'claims_support': True, + 'compound_id_support': True, 'supported_enctypes': ( security.KERB_ENCTYPE_RC4_HMAC_MD5 | security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 5e2d7747e95..a07d4a23b73 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -1304,6 +1304,8 @@ class KDCBaseTest(RawKerberosTest): 'delegation_from_dn': None, 'trusted_to_auth_for_delegation': False, 'fast_support': False, + 'claims_support': False, + 'compound_id_support': False, 'sid_compression_support': True, 'member_of': None, 'kerberos_enabled': True, @@ -1353,6 +1355,8 @@ class KDCBaseTest(RawKerberosTest): delegation_from_dn, trusted_to_auth_for_delegation, fast_support, + claims_support, + compound_id_support, sid_compression_support, member_of, kerberos_enabled, @@ -1391,7 +1395,13 @@ class KDCBaseTest(RawKerberosTest): enctypes = supported_enctypes if fast_support: enctypes = enctypes or 0 - enctypes |= KerberosCredentials.fast_supported_bits + enctypes |= security.KERB_ENCTYPE_FAST_SUPPORTED + if claims_support: + enctypes = enctypes or 0 + enctypes |= security.KERB_ENCTYPE_CLAIMS_SUPPORTED + if compound_id_support: + enctypes = enctypes or 0 + enctypes |= security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED if sid_compression_support is False: enctypes = enctypes or 0 enctypes |= security.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED @@ -1534,6 +1544,8 @@ class KDCBaseTest(RawKerberosTest): account_type=self.AccountType.COMPUTER, opts={ 'fast_support': True, + 'claims_support': True, + 'compound_id_support': True, 'supported_enctypes': ( security.KERB_ENCTYPE_RC4_HMAC_MD5 | security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK @@ -1555,6 +1567,8 @@ class KDCBaseTest(RawKerberosTest): opts={ 'trusted_to_auth_for_delegation': True, 'fast_support': True, + 'claims_support': True, + 'compound_id_support': True, 'supported_enctypes': ( security.KERB_ENCTYPE_RC4_HMAC_MD5 | security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index bcd5c87153c..7911a2ca41e 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -370,11 +370,10 @@ class WrongLengthChecksumKey(RodcPacEncryptionKey): class KerberosCredentials(Credentials): - fast_supported_bits = (security.KERB_ENCTYPE_FAST_SUPPORTED | - security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED | - security.KERB_ENCTYPE_CLAIMS_SUPPORTED) - - non_etype_bits = fast_supported_bits | ( + non_etype_bits = ( + security.KERB_ENCTYPE_FAST_SUPPORTED) | ( + security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED) | ( + security.KERB_ENCTYPE_CLAIMS_SUPPORTED) | ( security.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED) | ( security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK)