From: Joseph Sutton Date: Wed, 11 Jan 2023 01:17:53 +0000 (+1300) Subject: tests/krb5: Refactor claims tests to use get_target() X-Git-Tag: talloc-2.4.1~1559 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9bec86229fdcae92e14baff02e0b59cf82591ceb;p=thirdparty%2Fsamba.git tests/krb5: Refactor claims tests to use get_target() This simplifies the code for getting the credentials of the target service. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/tests/krb5/claims_tests.py b/python/samba/tests/krb5/claims_tests.py index 9ca87d6b189..c8464b10331 100755 --- a/python/samba/tests/krb5/claims_tests.py +++ b/python/samba/tests/krb5/claims_tests.py @@ -303,10 +303,7 @@ class ClaimsTests(KDCBaseTest): if to_krbtgt: target_creds = self.get_krbtgt_creds() - srealm = target_creds.get_realm() - sname = self.PrincipalName_create( - name_type=NT_SRV_INST, - names=[target_creds.get_username(), srealm]) + sname = self.get_krbtgt_sname() else: target_creds = self.get_service_creds() sname = None @@ -349,25 +346,10 @@ class ClaimsTests(KDCBaseTest): b'tgsarmor') armor_key = Krb5EncryptionKey(armor_key, None) - if to_krbtgt: - target_creds = self.get_krbtgt_creds() - - srealm = target_creds.get_realm() - sname = self.PrincipalName_create( - name_type=NT_SRV_INST, - names=[target_creds.get_username(), srealm]) - else: - target_enctypes = security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED - target_creds = self.get_cached_creds( - account_type=self.AccountType.COMPUTER, - opts={ - 'supported_enctypes': target_enctypes, - }) - - srealm = target_creds.get_realm() - sname = self.PrincipalName_create( - name_type=NT_PRINCIPAL, - names=['host', target_creds.get_username()[:-1]]) + target_creds, sname = self.get_target( + to_krbtgt, + extra_enctypes=security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED) + srealm = target_creds.get_realm() decryption_key = self.TicketDecryptionKey_from_creds( target_creds) @@ -473,25 +455,10 @@ class ClaimsTests(KDCBaseTest): b'tgsarmor') armor_key = Krb5EncryptionKey(armor_key, None) - if to_krbtgt: - target_creds = self.get_krbtgt_creds() - - srealm = target_creds.get_realm() - sname = self.PrincipalName_create( - name_type=NT_SRV_INST, - names=[target_creds.get_username(), srealm]) - else: - target_enctypes = security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED - target_creds = self.get_cached_creds( - account_type=self.AccountType.COMPUTER, - opts={ - 'supported_enctypes': target_enctypes, - }) - - srealm = target_creds.get_realm() - sname = self.PrincipalName_create( - name_type=NT_PRINCIPAL, - names=['host', target_creds.get_username()[:-1]]) + target_creds, sname = self.get_target( + to_krbtgt, + extra_enctypes=security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED) + srealm = target_creds.get_realm() decryption_key = self.TicketDecryptionKey_from_creds( target_creds) diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 2dec5c8bde4..fee2922241e 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -1475,7 +1475,7 @@ class KDCBaseTest(RawKerberosTest): # Get the credentials and server principal name of either the krbtgt, or a # specially created account, with resource SID compression either supported # or unsupported. - def get_target(self, to_krbtgt, compression): + def get_target(self, to_krbtgt, compression=None, extra_enctypes=0): if to_krbtgt: self.assertIsNone(compression, "it's no good specifying compression support " @@ -1488,7 +1488,8 @@ class KDCBaseTest(RawKerberosTest): opts={ 'supported_enctypes': security.KERB_ENCTYPE_RC4_HMAC_MD5 | - security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96, + security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 | + extra_enctypes, 'sid_compression_support': compression, }) target_name = creds.get_username()