python:tests: Don't require an emtpy 'authorization-data' to be present

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 20 17:01:11 UTC 2021 on sn-devel-184

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index d11f628d7b67c6cb922ec815c6acf5f88f8d10dd..1496ff961cd862511d3b8013b330dea4241fc99b 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -2490,8 +2490,21 @@ class RawKerberosTest(TestCaseInTempDir):
             if self.strict_checking:
                 self.assertElementEqual(ticket_private, 'caddr', [])
             if expect_pac is not None:
-                self.assertElementPresent(ticket_private, 'authorization-data',
-                                          expect_empty=not expect_pac)
+                if expect_pac:
+                    self.assertElementPresent(ticket_private,
+                                              'authorization-data',
+                                              expect_empty=not expect_pac)
+                else:
+                    # It is more correct to not have an authorization-data
+                    # present than an empty one.
+                    #
+                    # https://github.com/krb5/krb5/pull/1225#issuecomment-995104193
+                    v = self.getElementValue(ticket_private,
+                                             'authorization-data')
+                    if v is not None:
+                        self.assertElementPresent(ticket_private,
+                                                  'authorization-data',
+                                                  expect_empty=True)
 
         encpart_session_key = None
         if encpart_private is not None: