From: Jo Sutton Date: Thu, 21 Mar 2024 23:58:19 +0000 (+1300) Subject: tests/krb5: Fix PK-INIT test framework to allow expired password keys X-Git-Tag: samba-4.19.8~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c64cd3f2e02f88ebd16c6785e0d1fa34926aebb;p=thirdparty%2Fsamba.git tests/krb5: Fix PK-INIT test framework to allow expired password keys Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 7cc8f455191faacf32efc474c27e99d45ef2e024) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 --- diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index db4db9c9e85..f3f7778c841 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -65,6 +65,7 @@ from samba.tests.krb5.rfc4120_constants import ( FX_FAST_ARMOR_AP_REQUEST, KDC_ERR_CLIENT_REVOKED, KDC_ERR_GENERIC, + KDC_ERR_KEY_EXPIRED, KDC_ERR_POLICY, KDC_ERR_PREAUTH_FAILED, KDC_ERR_SKEW, @@ -5031,6 +5032,8 @@ class RawKerberosTest(TestCase): if ('1' in sent_pac_options and error_code not in (0, KDC_ERR_GENERIC)): expected_patypes += (PADATA_PAC_OPTIONS,) + elif error_code == KDC_ERR_KEY_EXPIRED: + expected_patypes += (PADATA_PK_AS_REP,) elif error_code != KDC_ERR_GENERIC: if expect_etype_info: expected_patypes += (PADATA_ETYPE_INFO,) diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py index 583ffbaf6af..a5dc83db7ab 100644 --- a/python/samba/tests/krb5/rfc4120_constants.py +++ b/python/samba/tests/krb5/rfc4120_constants.py @@ -99,6 +99,7 @@ KDC_ERR_ETYPE_NOSUPP = 14 KDC_ERR_SUMTYPE_NOSUPP = 15 KDC_ERR_CLIENT_REVOKED = 18 KDC_ERR_TGT_REVOKED = 20 +KDC_ERR_KEY_EXPIRED = 23 KDC_ERR_PREAUTH_FAILED = 24 KDC_ERR_PREAUTH_REQUIRED = 25 KDC_ERR_BAD_INTEGRITY = 31