From: Stefan Metzmacher Date: Wed, 11 Oct 2023 13:54:15 +0000 (+0200) Subject: tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account X-Git-Tag: talloc-2.4.2~1288 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c99fe118fdf11c641d74a51d33b52ac411db95f5;p=thirdparty%2Fsamba.git tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index 7dccdf2479f..f6d8921635a 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -1076,6 +1076,29 @@ class KdcTgsTests(KdcTgsBaseTests): tgt = self._get_tgt(creds) self._user2user(tgt, creds, expected_error=0) + def test_user2user_user_self_req(self): + creds = self._get_user_creds() + tgt = self._get_tgt(creds) + username = creds.get_username() + sname = self.PrincipalName_create( + name_type=NT_PRINCIPAL, + names=[username]) + self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0) + + def test_user2user_computer_self_princ1_req(self): + creds = self._get_creds() + tgt = self._get_tgt(creds) + username = creds.get_username() + sname = self.PrincipalName_create( + name_type=NT_PRINCIPAL, + names=[username]) + self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0) + + def test_user2user_computer_self_princ2_req(self): + creds = self._get_creds() + tgt = self._get_tgt(creds) + self._user2user(tgt, creds, user_tgt=tgt, user_creds=creds, expected_error=0) + def test_fast_req(self): creds = self._get_creds() tgt = self._get_tgt(creds) @@ -3114,6 +3137,19 @@ class KdcTgsTests(KdcTgsBaseTests): 'id': 2 }) + def _get_user_creds(self, + replication_allowed=False, + replication_denied=False, + revealed_to_rodc=False): + return self.get_cached_creds( + account_type=self.AccountType.USER, + opts={ + 'allowed_replication_mock': replication_allowed, + 'denied_replication_mock': replication_denied, + 'revealed_to_mock_rodc': revealed_to_rodc, + 'id': 3 + }) + def _get_non_existent_rid(self): return (1 << 30) - 1 diff --git a/selftest/knownfail.d/krb5_user2user b/selftest/knownfail.d/krb5_user2user new file mode 100644 index 00000000000..44e2f8d9729 --- /dev/null +++ b/selftest/knownfail.d/krb5_user2user @@ -0,0 +1 @@ +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc index 22cc6f4358d..c89feb1dbb1 100644 --- a/selftest/knownfail_mit_kdc +++ b/selftest/knownfail_mit_kdc @@ -411,6 +411,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_existing ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_nonexisting ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_tgt_cname_host +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm