tests/krb5: Don’t expect groups if we’re expecting an error

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/conditional_ace_tests.py b/python/samba/tests/krb5/conditional_ace_tests.py
index 792400320506b9afa97e4e03ae0763ca87bfb71f..62f2e7a647a71b57c9ac30048229af8f8b467b58 100755 (executable)
--- a/python/samba/tests/krb5/conditional_ace_tests.py
+++ b/python/samba/tests/krb5/conditional_ace_tests.py
@@ -2396,7 +2396,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
 
         self._tgs(f'Member_of SID({self.aa_asserted_identity})',
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=KDC_ERR_POLICY,
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2412,7 +2411,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
         self._tgs(f'Member_of SID({self.aa_asserted_identity})',
                   client_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=KDC_ERR_POLICY,
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2428,7 +2426,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
         self._tgs(f'Member_of SID({self.aa_asserted_identity})',
                   device_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=(KDC_ERR_POLICY, CRASHES_WINDOWS),
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2445,7 +2442,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
                   client_from_rodc=True,
                   device_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=(KDC_ERR_POLICY, CRASHES_WINDOWS),
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2510,7 +2506,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
 
         self._tgs(f'Member_of SID({self.service_asserted_identity})',
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=KDC_ERR_POLICY,
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2526,7 +2521,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
         self._tgs(f'Member_of SID({self.service_asserted_identity})',
                   client_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=KDC_ERR_POLICY,
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2542,7 +2536,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
         self._tgs(f'Member_of SID({self.service_asserted_identity})',
                   device_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=(KDC_ERR_POLICY, CRASHES_WINDOWS),
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2559,7 +2552,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
                   client_from_rodc=True,
                   device_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=(KDC_ERR_POLICY, CRASHES_WINDOWS),
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2624,7 +2616,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
 
         self._tgs(f'Member_of SID({security.SID_CLAIMS_VALID})',
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=KDC_ERR_POLICY,
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2640,7 +2631,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
         self._tgs(f'Member_of SID({security.SID_CLAIMS_VALID})',
                   client_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=KDC_ERR_POLICY,
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2656,7 +2646,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
         self._tgs(f'Member_of SID({security.SID_CLAIMS_VALID})',
                   device_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=(KDC_ERR_POLICY, CRASHES_WINDOWS),
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,
@@ -2673,7 +2662,6 @@ class ConditionalAceTests(ConditionalAceBaseTests):
                   client_from_rodc=True,
                   device_from_rodc=True,
                   client_sids=client_sids,
-                  expected_groups=client_sids,
                   code=(KDC_ERR_POLICY, CRASHES_WINDOWS),
                   status=ntstatus.NT_STATUS_AUTHENTICATION_FIREWALL_FAILED,
                   event=AuditEvent.KERBEROS_SERVER_RESTRICTION,