tests python krb5: add arcfour salt tests

MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected,
Heimdal does not.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184

diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py
index 5990d2ce8dfb5f8f111ed396135523c9dd2f3228..e4b1453e71227e04e01d0dc81c13bdae9d45ca00 100755 (executable)
--- a/python/samba/tests/krb5/compatability_tests.py
+++ b/python/samba/tests/krb5/compatability_tests.py
@@ -87,6 +87,26 @@ class SimpleKerberosTests(RawKerberosTest):
         # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests
         self.assertFalse(ENC_PA_REP_FLAG & flags)
 
+    def test_mit_arcfour_salt(self):
+        creds = self.get_user_creds()
+        etypes = (ARCFOUR_HMAC_MD5,)
+        (rep, *_) = self.as_pre_auth_req(creds, etypes)
+        self.check_preauth_rep(rep)
+        etype_info2 = self.get_etype_info2(rep)
+        if 'salt' not in etype_info2[0]:
+            self.fail(
+                "(MIT) Salt not populated for ARCFOUR_HMAC_MD5 encryption")
+
+    def test_heimdal_arcfour_salt(self):
+        creds = self.get_user_creds()
+        etypes = (ARCFOUR_HMAC_MD5,)
+        (rep, *_) = self.as_pre_auth_req(creds, etypes)
+        self.check_preauth_rep(rep)
+        etype_info2 = self.get_etype_info2(rep)
+        if 'salt' in etype_info2[0]:
+            self.fail(
+                "(Heimdal) Salt populated for ARCFOUR_HMAC_MD5 encryption")
+
     def as_pre_auth_req(self, creds, etypes):
         user = creds.get_username()
         realm = creds.get_realm()