def test_renew_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, renewable=True)
- self._renew_tgt(tgt, expected_error=0)
+ self._renew_tgt(tgt, expected_error=0,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=True,
+ expect_requester_sid=True)
def test_validate_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True)
- self._validate_tgt(tgt, expected_error=0)
+ self._validate_tgt(tgt, expected_error=0,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=True,
+ expect_requester_sid=True)
def test_s4u2self_req(self):
creds = self._get_creds()
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
- self._renew_tgt(tgt, expected_error=0)
+ self._renew_tgt(tgt, expected_error=0,
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_validate_rodc_revealed(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
- self._validate_tgt(tgt, expected_error=0)
+ self._validate_tgt(tgt, expected_error=0,
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_s4u2self_rodc_revealed(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
expect_pac_attrs=True,
- expect_pac_attrs_pac_request=None)
+ expect_pac_attrs_pac_request=None,
+ expect_requester_sid=True)
def test_pac_attrs_renew_false(self):
creds = self._get_creds()
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
expect_pac_attrs=True,
- expect_pac_attrs_pac_request=False)
+ expect_pac_attrs_pac_request=False,
+ expect_requester_sid=True)
def test_pac_attrs_renew_true(self):
creds = self._get_creds()
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
expect_pac_attrs=True,
- expect_pac_attrs_pac_request=True)
+ expect_pac_attrs_pac_request=True,
+ expect_requester_sid=True)
def test_pac_attrs_rodc_renew_none(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=True,
- expect_pac_attrs_pac_request=None)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_rodc_renew_false(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=True,
- expect_pac_attrs_pac_request=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_rodc_renew_true(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=True,
- expect_pac_attrs_pac_request=True)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_missing_renew_none(self):
creds = self._get_creds()
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_missing_renew_false(self):
creds = self._get_creds()
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_missing_renew_true(self):
creds = self._get_creds()
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_missing_rodc_renew_none(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_missing_rodc_renew_false(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_pac_attrs_missing_rodc_renew_true(self):
creds = self._get_creds(replication_allowed=True,
self._renew_tgt(tgt, expected_error=0,
expect_pac=True,
- expect_pac_attrs=False)
+ expect_pac_attrs=False,
+ expect_requester_sid=True)
def test_tgs_pac_attrs_none(self):
creds = self._get_creds()
expect_pac_attrs_pac_request=None)
self._run_tgs(tgt, expected_error=0, expect_pac=True,
- expect_pac_attrs=True,
- expect_pac_attrs_pac_request=None)
+ expect_pac_attrs=False)
def test_tgs_pac_attrs_false(self):
creds = self._get_creds()
expect_pac_attrs=True,
expect_pac_attrs_pac_request=False)
- self._run_tgs(tgt, expected_error=0, expect_pac=False)
+ self._run_tgs(tgt, expected_error=0, expect_pac=False,
+ expect_pac_attrs=False)
def test_tgs_pac_attrs_true(self):
creds = self._get_creds()
expect_pac_attrs_pac_request=True)
self._run_tgs(tgt, expected_error=0, expect_pac=True,
- expect_pac_attrs=True,
- expect_pac_attrs_pac_request=True)
+ expect_pac_attrs=False)
def test_as_requester_sid(self):
creds = self._get_creds()
expect_requester_sid=True)
self._run_tgs(tgt, expected_error=0, expect_pac=True,
- expected_sid=sid,
- expect_requester_sid=True)
+ expect_requester_sid=False)
def test_tgs_requester_sid_renew(self):
creds = self._get_creds()
tgt = self._modify_tgt(tgt, renewable=True)
self._renew_tgt(tgt, expected_error=0, expect_pac=True,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=None,
expected_sid=sid,
expect_requester_sid=True)
tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True)
self._renew_tgt(tgt, expected_error=0, expect_pac=True,
+ expect_pac_attrs=False,
expected_sid=sid,
expect_requester_sid=True)
tgt = self.get_tgt(creds, pac_request=None)
tgt = self._modify_tgt(tgt, renewable=True)
- tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)
+ tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=None,
+ expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
tgt = self._modify_tgt(tgt, renewable=True)
- tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)
+ tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=False,
+ expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)
tgt = self.get_tgt(creds, pac_request=True)
tgt = self._modify_tgt(tgt, renewable=True)
- tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)
+ tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=True,
+ expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
tgt = self.get_tgt(creds, pac_request=None)
tgt = self._modify_tgt(tgt, invalid=True)
- tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)
+ tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=None,
+ expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
tgt = self._modify_tgt(tgt, invalid=True)
- tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)
+ tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=False,
+ expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)
tgt = self.get_tgt(creds, pac_request=True)
tgt = self._modify_tgt(tgt, invalid=True)
- tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)
+ tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None,
+ expect_pac_attrs=True,
+ expect_pac_attrs_pac_request=True,
+ expect_requester_sid=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)
- pac = self.get_ticket_pac(ticket, expect_pac=False)
+ pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
def test_tgs_rodc_pac_request_true(self):
expect_requester_sid=expect_requester_sid,
expected_sid=expected_sid)
- def _validate_tgt(self, tgt, expected_error, expect_pac=True):
+ def _validate_tgt(self, tgt, expected_error, expect_pac=True,
+ expect_pac_attrs=None,
+ expect_pac_attrs_pac_request=None,
+ expect_requester_sid=None,
+ expected_sid=None):
krbtgt_creds = self.get_krbtgt_creds()
kdc_options = str(krb5_asn1.KDCOptions('validate'))
- return self._tgs_req(tgt, expected_error, krbtgt_creds,
- kdc_options=kdc_options,
- expect_pac=expect_pac)
+ return self._tgs_req(
+ tgt, expected_error, krbtgt_creds,
+ kdc_options=kdc_options,
+ expect_pac=expect_pac,
+ expect_pac_attrs=expect_pac_attrs,
+ expect_pac_attrs_pac_request=expect_pac_attrs_pac_request,
+ expect_requester_sid=expect_requester_sid,
+ expected_sid=expected_sid)
def _s4u2self(self, tgt, tgt_creds, expected_error, expect_pac=True,
expect_edata=False, expected_status=None):
have_fast_support = int('SAMBA_USES_MITKDC' in config_hash)
tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
+extra_pac_buffers = 0
planoldpythontestsuite("none", "samba.tests.krb5.kcrypto")
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests",
environ={'SERVICE_USERNAME':'$SERVER',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac})
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests",
environ={'ADMIN_USERNAME':'$USERNAME',
'ADMIN_PASSWORD':'$PASSWORD',
'STRICT_CHECKING':'0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac})
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
planoldpythontestsuite("rodc:local", "samba.tests.krb5.rodc_tests",
environ={'ADMIN_USERNAME':'$USERNAME',
'ADMIN_PASSWORD':'$PASSWORD',
'STRICT_CHECKING':'0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac})
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
planoldpythontestsuite("ad_dc_default", "samba.tests.dsdb_dns")
planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests",
environ={'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac})
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache",
environ={
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap",
environ={
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
for env in ['ad_dc_default', 'ad_member']:
planoldpythontestsuite(env, "samba.tests.krb5.test_rpc",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb",
environ={
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planoldpythontestsuite("ad_member_idmap_nss:local",
"samba.tests.krb5.test_min_domain_uid",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
for env in ["ad_dc", smbv1_disabled_testenv]:
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planoldpythontestsuite('fl2008r2dc', 'samba.tests.krb5.salt_tests',
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]:
'ADMIN_PASSWORD': '$PASSWORD',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests",
environ={
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests",
environ={'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac})
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers})
planpythontestsuite(
"ad_dc",
"samba.tests.krb5.kdc_tgs_tests",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planpythontestsuite(
"ad_dc",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planpythontestsuite(
"ad_dc",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planpythontestsuite(
"ad_dc",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
planpythontestsuite(
"ad_dc",
'STRICT_CHECKING': '0',
'FAST_SUPPORT': have_fast_support,
'TKT_SIG_SUPPORT': tkt_sig_support,
- 'EXPECT_PAC': expect_pac
+ 'EXPECT_PAC': expect_pac,
+ 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers
})
for env in [