From: Joseph Sutton Date: Thu, 26 Oct 2023 04:11:43 +0000 (+1300) Subject: tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters X-Git-Tag: talloc-2.4.2~798 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ebd1b8daefd2235a8aa68613fe234bddb2e65b6;p=thirdparty%2Fsamba.git tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index c185c393cf6..12634012d8b 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -591,6 +591,12 @@ class AsReqKerberosTests(AsReqBaseTest): expected_pa_error=KDC_ERR_CLIENT_REVOKED, expect_pa_status=ntstatus.NT_STATUS_INVALID_LOGON_HOURS) + def test_as_req_unicode(self): + client_creds = self.get_cached_creds( + account_type=self.AccountType.USER, + opts={'name_prefix': '🔐'}) + self._run_as_req_enc_timestamp(client_creds) + if __name__ == "__main__": global_asn1_print = False diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index ae6d6bc28dc..cef5d0db95c 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -3024,6 +3024,63 @@ class KdcTgsTests(KdcTgsBaseTests): target_creds=target_creds, till='99990913024805Z') + def test_tgs_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._run_tgs(tgt, creds, expected_error=0) + + def test_renew_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds, renewable=True) + self._renew_tgt(tgt, creds, expected_error=0, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) + + def test_validate_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds, invalid=True) + self._validate_tgt(tgt, creds, expected_error=0, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) + + def test_s4u2self_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._s4u2self(tgt, creds, + expected_error=0, + expect_edata=False) + + def test_user2user_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._user2user(tgt, creds, expected_error=0) + + def test_fast_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._fast(tgt, creds, expected_error=0) + + def test_fast_as_req_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._fast_as_req(tgt, creds, expected_error=0) + def _modify_renewable(self, enc_part): # Set the renewable flag. enc_part = self.modify_ticket_flag(enc_part, 'renewable', value=True) diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc index 62eab29cf5c..ca11d7ecd8e 100644 --- a/selftest/knownfail_heimdal_kdc +++ b/selftest/knownfail_heimdal_kdc @@ -35,6 +35,18 @@ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_revealed ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_revealed # +# Unicode tests +# +^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_unicode\(fl2008r2dc\)$ +^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_unicode\(fl2003dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_as_req_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_renew_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_s4u2self_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_tgs_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_user2user_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_validate_unicode\(ad_dc\)$ +# # Protected Users tests # # This test fails, which is fine, as we have an alternate test that considers a policy error as successful. diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc index d587abff363..de2569e0f62 100644 --- a/selftest/knownfail_mit_kdc +++ b/selftest/knownfail_mit_kdc @@ -255,6 +255,13 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ # ^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_tgs_req_from_rodc_extra_pac_buffers\(ad_dc\)$ # +# Unicode tests +# +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_as_req_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_renew_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_validate_unicode\(ad_dc\)$ +# # MIT currently fails the following MS-KILE tests. # ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3