selftest: Add test_device_and_server_silo_restrictions to knownfail_mit_kdc

MIT KRB5 1.22 fixed a spurious FAST armor processing error. In
KRB5 1.21 this spurious error caused verify_access() with device FAST
armor to fail, which accidentally made the device silo restriction check
in test_device_and_server_silo_restrictions appear to work.

With KRB5 1.22 the spurious error is gone. Device authentication is
still not implemented in MIT Kerberos, so the second assertRaises block
(user has silo assigned, device does not) no longer raises NTSTATUSError
and the test fails.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

diff --git a/selftest/knownfail_mit_kdc.d/claims b/selftest/knownfail_mit_kdc.d/claims
index 800e9134a14110227f92dc775783f6ddd081c354..a3f77d1bd36c1d7a7dfd8d01df95fb04a44e6c3b 100644 (file)
--- a/selftest/knownfail_mit_kdc.d/claims
+++ b/selftest/knownfail_mit_kdc.d/claims
@@ -5,6 +5,7 @@
 # Device authentication is not implemented in MIT Kerberos
 ^samba.tests.blackbox.claims.samba.tests.blackbox.claims.ClaimsSupportTests.test_device_silo_restrictions.ad_dc
 ^samba.tests.blackbox.claims.samba.tests.blackbox.claims.ClaimsSupportTests.test_device_group_restrictions.ad_dc
+^samba.tests.blackbox.claims.samba.tests.blackbox.claims.ClaimsSupportTests.test_device_and_server_silo_restrictions.ad_dc
 
 ^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_device_claims_device_to_service_no_claims_support_in_pac_options.ad_dc
 ^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_device_claims_device_to_service_no_claims_valid_sid.ad_dc