From 5ebd1b8daefd2235a8aa68613fe234bddb2e65b6 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Thu, 26 Oct 2023 17:11:43 +1300 Subject: [PATCH] =?utf8?q?tests/krb5:=20Test=20Kerberos=20principal=20name?= =?utf8?q?s=20containing=20non=E2=80=93BMP=20Unicode=20characters?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- python/samba/tests/krb5/as_req_tests.py | 6 +++ python/samba/tests/krb5/kdc_tgs_tests.py | 57 ++++++++++++++++++++++++ selftest/knownfail_heimdal_kdc | 12 +++++ selftest/knownfail_mit_kdc | 7 +++ 4 files changed, 82 insertions(+) diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index c185c393cf6..12634012d8b 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -591,6 +591,12 @@ class AsReqKerberosTests(AsReqBaseTest): expected_pa_error=KDC_ERR_CLIENT_REVOKED, expect_pa_status=ntstatus.NT_STATUS_INVALID_LOGON_HOURS) + def test_as_req_unicode(self): + client_creds = self.get_cached_creds( + account_type=self.AccountType.USER, + opts={'name_prefix': '🔐'}) + self._run_as_req_enc_timestamp(client_creds) + if __name__ == "__main__": global_asn1_print = False diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index ae6d6bc28dc..cef5d0db95c 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -3024,6 +3024,63 @@ class KdcTgsTests(KdcTgsBaseTests): target_creds=target_creds, till='99990913024805Z') + def test_tgs_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._run_tgs(tgt, creds, expected_error=0) + + def test_renew_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds, renewable=True) + self._renew_tgt(tgt, creds, expected_error=0, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) + + def test_validate_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds, invalid=True) + self._validate_tgt(tgt, creds, expected_error=0, + expect_pac_attrs=True, + expect_pac_attrs_pac_request=True, + expect_requester_sid=True) + + def test_s4u2self_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._s4u2self(tgt, creds, + expected_error=0, + expect_edata=False) + + def test_user2user_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._user2user(tgt, creds, expected_error=0) + + def test_fast_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._fast(tgt, creds, expected_error=0) + + def test_fast_as_req_unicode(self): + creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'name_prefix': '🔐'}) + tgt = self._get_tgt(creds) + self._fast_as_req(tgt, creds, expected_error=0) + def _modify_renewable(self, enc_part): # Set the renewable flag. enc_part = self.modify_ticket_flag(enc_part, 'renewable', value=True) diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc index 62eab29cf5c..ca11d7ecd8e 100644 --- a/selftest/knownfail_heimdal_kdc +++ b/selftest/knownfail_heimdal_kdc @@ -35,6 +35,18 @@ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_rodc_not_revealed ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_rodc_not_revealed # +# Unicode tests +# +^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_unicode\(fl2008r2dc\)$ +^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_as_req_unicode\(fl2003dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_as_req_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_renew_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_s4u2self_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_tgs_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_user2user_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_validate_unicode\(ad_dc\)$ +# # Protected Users tests # # This test fails, which is fine, as we have an alternate test that considers a policy error as successful. diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc index d587abff363..de2569e0f62 100644 --- a/selftest/knownfail_mit_kdc +++ b/selftest/knownfail_mit_kdc @@ -255,6 +255,13 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ # ^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_tgs_req_from_rodc_extra_pac_buffers\(ad_dc\)$ # +# Unicode tests +# +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_as_req_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_fast_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_renew_unicode\(ad_dc\)$ +^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_validate_unicode\(ad_dc\)$ +# # MIT currently fails the following MS-KILE tests. # ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 -- 2.47.3