From: Joseph Sutton Date: Tue, 23 Nov 2021 22:34:11 +0000 (+1300) Subject: tests/krb5: Deduplicate AS-REQ tests X-Git-Tag: samba-4.14.14~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=837453d34799f44653d0d6d690d3e3d5eb074993;p=thirdparty%2Fsamba.git tests/krb5: Deduplicate AS-REQ tests salt_tests was running the tests defined in the base class as well as its own tests. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit f0b222e3ecf72c8562bc97bedd9f3a92980b60d5) --- diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index 08081928363..315720f85d6 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -38,87 +38,8 @@ from samba.tests.krb5.rfc4120_constants import ( global_asn1_print = False global_hexdump = False -@DynamicTestCase -class AsReqKerberosTests(KDCBaseTest): - - @classmethod - def setUpDynamicTestCases(cls): - for (name, idx) in cls.etype_test_permutation_name_idx(): - for pac in [None, True, False]: - tname = "%s_pac_%s" % (name, pac) - targs = (idx, pac) - cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs) - - def setUp(self): - super(AsReqKerberosTests, self).setUp() - self.do_asn1_print = global_asn1_print - self.do_hexdump = global_hexdump - - def _test_as_req_nopreauth(self, - initial_etypes, - pac=None, - initial_kdc_options=None): - client_creds = self.get_client_creds() - client_account = client_creds.get_username() - client_as_etypes = self.get_default_enctypes() - krbtgt_creds = self.get_krbtgt_creds(require_keys=False) - krbtgt_account = krbtgt_creds.get_username() - realm = krbtgt_creds.get_realm() - - cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, - names=[client_account]) - sname = self.PrincipalName_create(name_type=NT_SRV_INST, - names=[krbtgt_account, realm]) - - expected_crealm = realm - expected_cname = cname - expected_srealm = realm - expected_sname = sname - expected_salt = client_creds.get_salt() - - if any(etype in client_as_etypes and etype in initial_etypes - for etype in (kcrypto.Enctype.AES256, - kcrypto.Enctype.AES128, - kcrypto.Enctype.RC4)): - expected_error_mode = KDC_ERR_PREAUTH_REQUIRED - else: - expected_error_mode = KDC_ERR_ETYPE_NOSUPP - - kdc_exchange_dict = self.as_exchange_dict( - expected_crealm=expected_crealm, - expected_cname=expected_cname, - expected_srealm=expected_srealm, - expected_sname=expected_sname, - generate_padata_fn=None, - check_error_fn=self.generic_check_kdc_error, - check_rep_fn=None, - expected_error_mode=expected_error_mode, - client_as_etypes=client_as_etypes, - expected_salt=expected_salt, - kdc_options=str(initial_kdc_options), - pac_request=pac) - - self._generic_kdc_exchange(kdc_exchange_dict, - cname=cname, - realm=realm, - sname=sname, - etypes=initial_etypes) - - def _test_as_req_no_preauth_with_args(self, etype_idx, pac): - name, etypes = self.etype_test_permutation_by_idx(etype_idx) - self._test_as_req_nopreauth( - pac=pac, - initial_etypes=etypes, - initial_kdc_options=krb5_asn1.KDCOptions('forwardable')) - - def test_as_req_enc_timestamp(self): - client_creds = self.get_client_creds() - self._run_as_req_enc_timestamp(client_creds) - - def test_as_req_enc_timestamp_mac(self): - client_creds = self.get_mach_creds() - self._run_as_req_enc_timestamp(client_creds) +class AsReqBaseTest(KDCBaseTest): def _run_as_req_enc_timestamp(self, client_creds): client_account = client_creds.get_username() client_as_etypes = self.get_default_enctypes() @@ -207,6 +128,88 @@ class AsReqKerberosTests(KDCBaseTest): return etype_info2 +@DynamicTestCase +class AsReqKerberosTests(AsReqBaseTest): + + @classmethod + def setUpDynamicTestCases(cls): + for (name, idx) in cls.etype_test_permutation_name_idx(): + for pac in [None, True, False]: + tname = "%s_pac_%s" % (name, pac) + targs = (idx, pac) + cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs) + + def setUp(self): + super(AsReqKerberosTests, self).setUp() + self.do_asn1_print = global_asn1_print + self.do_hexdump = global_hexdump + + def _test_as_req_nopreauth(self, + initial_etypes, + pac=None, + initial_kdc_options=None): + client_creds = self.get_client_creds() + client_account = client_creds.get_username() + client_as_etypes = self.get_default_enctypes() + krbtgt_creds = self.get_krbtgt_creds(require_keys=False) + krbtgt_account = krbtgt_creds.get_username() + realm = krbtgt_creds.get_realm() + + cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, + names=[client_account]) + sname = self.PrincipalName_create(name_type=NT_SRV_INST, + names=[krbtgt_account, realm]) + + expected_crealm = realm + expected_cname = cname + expected_srealm = realm + expected_sname = sname + expected_salt = client_creds.get_salt() + + if any(etype in client_as_etypes and etype in initial_etypes + for etype in (kcrypto.Enctype.AES256, + kcrypto.Enctype.AES128, + kcrypto.Enctype.RC4)): + expected_error_mode = KDC_ERR_PREAUTH_REQUIRED + else: + expected_error_mode = KDC_ERR_ETYPE_NOSUPP + + kdc_exchange_dict = self.as_exchange_dict( + expected_crealm=expected_crealm, + expected_cname=expected_cname, + expected_srealm=expected_srealm, + expected_sname=expected_sname, + generate_padata_fn=None, + check_error_fn=self.generic_check_kdc_error, + check_rep_fn=None, + expected_error_mode=expected_error_mode, + client_as_etypes=client_as_etypes, + expected_salt=expected_salt, + kdc_options=str(initial_kdc_options), + pac_request=pac) + + self._generic_kdc_exchange(kdc_exchange_dict, + cname=cname, + realm=realm, + sname=sname, + etypes=initial_etypes) + + def _test_as_req_no_preauth_with_args(self, etype_idx, pac): + name, etypes = self.etype_test_permutation_by_idx(etype_idx) + self._test_as_req_nopreauth( + pac=pac, + initial_etypes=etypes, + initial_kdc_options=krb5_asn1.KDCOptions('forwardable')) + + def test_as_req_enc_timestamp(self): + client_creds = self.get_client_creds() + self._run_as_req_enc_timestamp(client_creds) + + def test_as_req_enc_timestamp_mac(self): + client_creds = self.get_mach_creds() + self._run_as_req_enc_timestamp(client_creds) + + if __name__ == "__main__": global_asn1_print = False global_hexdump = False diff --git a/python/samba/tests/krb5/salt_tests.py b/python/samba/tests/krb5/salt_tests.py index ecbf618e40e..db777f8b7bc 100755 --- a/python/samba/tests/krb5/salt_tests.py +++ b/python/samba/tests/krb5/salt_tests.py @@ -21,7 +21,7 @@ import os import ldb -from samba.tests.krb5.as_req_tests import AsReqKerberosTests +from samba.tests.krb5.as_req_tests import AsReqBaseTest import samba.tests.krb5.kcrypto as kcrypto sys.path.insert(0, "bin/python") @@ -31,7 +31,7 @@ global_asn1_print = False global_hexdump = False -class SaltTests(AsReqKerberosTests): +class SaltTests(AsReqBaseTest): def setUp(self): super().setUp()