From: Joseph Sutton Date: Mon, 26 Jul 2021 23:06:15 +0000 (+1200) Subject: tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn X-Git-Tag: ldb-2.5.0~937 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78818655505b3183251940e86270cd40bae73206;p=thirdparty%2Fsamba.git tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn This means that there can no longer be surprises where a test receives a reply when it was expecting an error, or vice versa. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index ed97a10b616..d9a66f99ecf 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -96,7 +96,7 @@ class AsReqKerberosTests(KDCBaseTest): expected_sname=expected_sname, generate_padata_fn=_generate_padata_copy, check_error_fn=self.generic_check_as_error, - check_rep_fn=self.generic_check_kdc_rep, + check_rep_fn=None, expected_error_mode=expected_error_mode, client_as_etypes=client_as_etypes, expected_salt=expected_salt, diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index 00f90c5dea9..d7813387941 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -1453,6 +1453,7 @@ class RawKerberosTest(TestCaseInTempDir): req_asn1Spec = kdc_exchange_dict['req_asn1Spec'] rep_msg_type = kdc_exchange_dict['rep_msg_type'] + expected_error_mode = kdc_exchange_dict['expected_error_mode'] kdc_options = kdc_exchange_dict['kdc_options'] if till_time is None: @@ -1497,12 +1498,17 @@ class RawKerberosTest(TestCaseInTempDir): msg_type = self.getElementValue(rep, 'msg-type') self.assertIsNotNone(msg_type) - allowed_msg_types = () + expected_msg_type = None if check_error_fn is not None: - allowed_msg_types = (KRB_ERROR,) + expected_msg_type = KRB_ERROR + self.assertIsNone(check_rep_fn) + self.assertNotEqual(0, expected_error_mode) if check_rep_fn is not None: - allowed_msg_types += (rep_msg_type,) - self.assertIn(msg_type, allowed_msg_types) + expected_msg_type = rep_msg_type + self.assertIsNone(check_error_fn) + self.assertEqual(0, expected_error_mode) + self.assertIsNotNone(expected_msg_type) + self.assertEqual(msg_type, expected_msg_type) if msg_type == KRB_ERROR: return check_error_fn(kdc_exchange_dict, @@ -2039,6 +2045,13 @@ class RawKerberosTest(TestCaseInTempDir): as_rep_usage = KU_AS_REP_ENC_PART return preauth_key, as_rep_usage + if expected_error_mode == 0: + check_error_fn = None + check_rep_fn = self.generic_check_kdc_rep + else: + check_error_fn = self.generic_check_as_error + check_rep_fn = None + kdc_exchange_dict = self.as_exchange_dict( expected_crealm=expected_crealm, expected_cname=expected_cname, @@ -2046,8 +2059,8 @@ class RawKerberosTest(TestCaseInTempDir): expected_sname=expected_sname, ticket_decryption_key=ticket_decryption_key, generate_padata_fn=_generate_padata_copy, - check_error_fn=self.generic_check_as_error, - check_rep_fn=self.generic_check_kdc_rep, + check_error_fn=check_error_fn, + check_rep_fn=check_rep_fn, check_padata_fn=_check_padata_preauth_key, check_kdc_private_fn=self.generic_check_kdc_private, expected_error_mode=expected_error_mode,