From: Douglas Bagnall Date: Thu, 11 Dec 2025 20:35:44 +0000 (+1300) Subject: pytest:krb5 as_canonicalization checks no implicit $ return code X-Git-Tag: tdb-1.4.15~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0666d9196448e90a928502a7535fd732bd8ac2a;p=thirdparty%2Fsamba.git pytest:krb5 as_canonicalization checks no implicit $ return code We check here instead of selftest/expectedfail.d/* in part because on MIT some of these cases will fail to fail to ask for preauth. Signed-off-by: Douglas Bagnall Reviewed-by: Gary Lockyer --- diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py index 2da62bc4633..47fb787ebaf 100755 --- a/python/samba/tests/krb5/as_canonicalization_tests.py +++ b/python/samba/tests/krb5/as_canonicalization_tests.py @@ -47,6 +47,7 @@ from samba.tests.krb5.rfc4120_constants import ( NT_ENTERPRISE_PRINCIPAL, NT_PRINCIPAL, NT_SRV_INST, + KDC_ERR_C_PRINCIPAL_UNKNOWN, ) global_asn1_print = False @@ -309,6 +310,20 @@ class KerberosASCanonicalizationTests(KDCBaseTest): self.assertEqual( rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) + if (not self.uncanonicalized_implicit_dollar and + not data.canonicalize and + TestOptions.RemoveDollar.is_set(data.options) and + user_creds.get_username().endswith('$')): + # We expect the principal not to be found because + # a) smb.conf asked for foo -> foo$ to only match with canonicalization + # b) we as client are not requesting canonicalization + # c) we have removed a '$' from the true name + # + # These are the tests that combine "MachineCredentials" + # with "RemoveDollar" but not "Canonicalize". + self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) + return (None, None) + self.assertEqual( rep['error-code'], KDC_ERR_PREAUTH_REQUIRED, diff --git a/selftest/knownfail.d/krb5-implicit-canon b/selftest/knownfail.d/krb5-implicit-canon deleted file mode 100644 index 7f6c7b58ea0..00000000000 --- a/selftest/knownfail.d/krb5-implicit-canon +++ /dev/null @@ -1,64 +0,0 @@ -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_UPN_RemoveDollar\(ad_dc_ntvfs\) -^samba\.tests\.krb5\.as_canonicalization_tests\.samba\.tests\.krb5\.as_canonicalization_tests\.KerberosASCanonicalizationTests\.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\(ad_dc_ntvfs\)