self.do_asn1_print = global_asn1_print
self.do_hexdump = global_hexdump
- def test_tgs_req_cname_does_not_not_match_authenticator_cname(self):
+ def _metze_test_tgs_req_cname_does_not_not_match_authenticator_cname(self):
""" Try and obtain a ticket from the TGS, but supply a cname
that differs from that provided to the krbtgt
"""
rep['error-code'],
"rep = {%s}" % rep)
- def test_ldap_service_ticket(self):
+ def _metze_test_ldap_service_ticket(self):
"""Get a ticket to the ldap service
"""
# Create the user account
self.check_tgs_reply(rep)
- def test_get_ticket_for_host_service_of_machine_account(self):
+ def _metze_test_get_ticket_for_host_service_of_machine_account(self):
# Create a user and machine account for the test.
#
pac_data.account_sid,
"rep = {%s},%s" % (rep, pac_data))
- def test_request(self):
+ def _make_tgs_request(self, client_creds, service_creds, tgt,
+ client_account=None,
+ client_name_type=NT_PRINCIPAL,
+ kdc_options=None,
+ pac_request=None, expect_pac=True,
+ expect_error=False,
+ expected_cname=None,
+ expected_account_name=None,
+ expected_upn_name=None,
+ expected_sid=None):
+ if client_account is None:
+ client_account = client_creds.get_username()
+ cname = self.PrincipalName_create(name_type=client_name_type,
+ names=client_account.split('/'))
+
+ service_account = service_creds.get_username()
+ sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,
+ names=[service_account])
+
+ realm = service_creds.get_realm()
+
+ expected_crealm = realm
+ if expected_cname is None:
+ expected_cname = cname
+ expected_srealm = realm
+ expected_sname = sname
+
+ expected_supported_etypes = service_creds.tgs_supported_enctypes
+
+ etypes = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
+
+ if kdc_options is None:
+ kdc_options = 'canonicalize'
+ kdc_options = str(krb5_asn1.KDCOptions(kdc_options))
+
+ target_decryption_key = self.TicketDecryptionKey_from_creds(
+ service_creds)
+
+ authenticator_subkey = self.RandomKey(kcrypto.Enctype.AES256)
+
+ if expect_error:
+ expected_error_mode = KDC_ERR_TGT_REVOKED
+ check_error_fn = self.generic_check_kdc_error
+ check_rep_fn = None
+ else:
+ expected_error_mode = 0
+ check_error_fn = None
+ check_rep_fn = self.generic_check_kdc_rep
+
+ kdc_exchange_dict = self.tgs_exchange_dict(
+ expected_crealm=expected_crealm,
+ expected_cname=expected_cname,
+ expected_srealm=expected_srealm,
+ expected_sname=expected_sname,
+ expected_account_name=expected_account_name,
+ expected_upn_name=expected_upn_name,
+ expected_sid=expected_sid,
+ expected_supported_etypes=expected_supported_etypes,
+ ticket_decryption_key=target_decryption_key,
+ check_error_fn=check_error_fn,
+ check_rep_fn=check_rep_fn,
+ check_kdc_private_fn=self.generic_check_kdc_private,
+ expected_error_mode=expected_error_mode,
+ tgt=tgt,
+ authenticator_subkey=authenticator_subkey,
+ kdc_options=kdc_options,
+ pac_request=pac_request,
+ expect_pac=expect_pac,
+ expect_edata=False)
+
+ rep = self._generic_kdc_exchange(kdc_exchange_dict,
+ cname=cname,
+ realm=realm,
+ sname=sname,
+ etypes=etypes)
+ if expect_error:
+ self.check_error_rep(rep, expected_error_mode)
+
+ return None
+ else:
+ self.check_reply(rep, KRB_TGS_REP)
+
+ return kdc_exchange_dict['rep_ticket_creds']
+
+ def _metze_test_request(self):
client_creds = self.get_client_creds()
service_creds = self.get_service_creds()
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_request_no_pac(self):
+ def _metze_test_request_no_pac(self):
client_creds = self.get_client_creds()
service_creds = self.get_service_creds()
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_request_enterprise_canon(self):
+ def _metze_test_request_enterprise_canon(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_canon_case(self):
+ def _metze_test_request_enterprise_canon_case(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_canon_mac(self):
+ def _metze_test_request_enterprise_canon_mac(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_canon_case_mac(self):
+ def _metze_test_request_enterprise_canon_case_mac(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_no_canon(self):
+ def _metze_test_request_enterprise_no_canon(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_no_canon_case(self):
+ def _metze_test_request_enterprise_no_canon_case(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_no_canon_mac(self):
+ def _metze_test_request_enterprise_no_canon_mac(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_request_enterprise_no_canon_case_mac(self):
+ def _metze_test_request_enterprise_no_canon_case_mac(self):
upn = self.get_new_username()
client_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
expected_account_name=user_name,
kdc_options=kdc_options)
- def test_client_no_auth_data_required(self):
+ def _metze_test_client_no_auth_data_required(self):
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
opts={'no_auth_data_required': True})
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_no_pac_client_no_auth_data_required(self):
+ def _metze_test_no_pac_client_no_auth_data_required(self):
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
opts={'no_auth_data_required': True})
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_service_no_auth_data_required(self):
+ def _metze_test_service_no_auth_data_required(self):
client_creds = self.get_client_creds()
service_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_no_pac_service_no_auth_data_required(self):
+ def _metze_test_no_pac_service_no_auth_data_required(self):
client_creds = self.get_client_creds()
service_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_remove_pac_service_no_auth_data_required(self):
+ def _metze_test_remove_pac_service_no_auth_data_required(self):
client_creds = self.get_client_creds()
service_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
self._make_tgs_request(client_creds, service_creds, tgt,
expect_error=True)
- def test_remove_pac_client_no_auth_data_required(self):
+ def _metze_test_remove_pac_client_no_auth_data_required(self):
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
opts={'no_auth_data_required': True})
self._make_tgs_request(client_creds, service_creds, tgt,
expect_error=True)
- def test_remove_pac(self):
+ def _metze_test_remove_pac(self):
client_creds = self.get_client_creds()
service_creds = self.get_service_creds()
self._make_tgs_request(client_creds, service_creds, tgt,
expect_error=True)
- def test_upn_dns_info_ex_user(self):
+ def _metze_test_upn_dns_info_ex_user(self):
client_creds = self.get_client_creds()
self._run_upn_dns_info_ex_test(client_creds)
- def test_upn_dns_info_ex_mac(self):
+ def _metze_test_upn_dns_info_ex_mac(self):
mach_creds = self.get_mach_creds()
self._run_upn_dns_info_ex_test(mach_creds)
- def test_upn_dns_info_ex_upn_user(self):
+ def _metze_test_upn_dns_info_ex_upn_user(self):
client_creds = self.get_cached_creds(
account_type=self.AccountType.USER,
opts={'upn': 'upn_dns_info_test_upn0@bar'})
self._run_upn_dns_info_ex_test(client_creds)
- def test_upn_dns_info_ex_upn_mac(self):
+ def _metze_test_upn_dns_info_ex_upn_mac(self):
mach_creds = self.get_cached_creds(
account_type=self.AccountType.COMPUTER,
opts={'upn': 'upn_dns_info_test_upn1@bar'})
expected_sid=sid)
# Test making a TGS request.
- def test_tgs_req(self):
+ def _metze_test_tgs_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._run_tgs(tgt, creds, expected_error=0)
- def test_renew_req(self):
+ def _metze_test_renew_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, renewable=True)
self._renew_tgt(tgt, creds, expected_error=0,
expect_pac_attrs_pac_request=True,
expect_requester_sid=True)
- def test_validate_req(self):
+ def _metze_test_validate_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True)
self._validate_tgt(tgt, creds, expected_error=0,
expect_pac_attrs_pac_request=True,
expect_requester_sid=True)
- def test_s4u2self_req(self):
+ def _metze_test_s4u2self_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._s4u2self(tgt, creds, expected_error=0)
- def test_user2user_req(self):
+ def _metze_test_user2user_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, expected_error=0)
- def test_user2user_user_self_req(self):
+ def metze_test_user2user_user_self_req(self):
creds = self._get_user_creds()
tgt = self._get_tgt(creds)
username = creds.get_username()
names=[username])
self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
- def test_user2user_computer_self_princ1_req(self):
+ def _metze_test_user2user_computer_self_princ1_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
username = creds.get_username()
names=[username])
self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
- def test_user2user_computer_self_princ2_req(self):
+ def _metze_test_user2user_computer_self_princ2_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, user_tgt=tgt, user_creds=creds, expected_error=0)
- def test_fast_req(self):
+ def _metze_test_fast_req(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._fast(tgt, creds, expected_error=0)
- def test_tgs_req_invalid(self):
+ def _metze_test_tgs_req_invalid(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True)
self._run_tgs(tgt, creds, expected_error=KRB_ERR_TKT_NYV)
- def test_s4u2self_req_invalid(self):
+ def _metze_test_s4u2self_req_invalid(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True)
self._s4u2self(tgt, creds, expected_error=KRB_ERR_TKT_NYV)
- def test_user2user_req_invalid(self):
+ def _metze_test_user2user_req_invalid(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True)
self._user2user(tgt, creds, expected_error=KRB_ERR_TKT_NYV)
- def test_fast_req_invalid(self):
+ def _metze_test_fast_req_invalid(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True)
self._fast(tgt, creds, expected_error=KRB_ERR_TKT_NYV,
expected_sname=self.get_krbtgt_sname())
- def test_tgs_req_no_requester_sid(self):
+ def _metze_test_tgs_req_no_requester_sid(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_requester_sid=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_req_no_pac_attrs(self):
+ def _metze_test_tgs_req_no_pac_attrs(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac_attrs=True)
self._run_tgs(tgt, creds, expected_error=0, expect_pac=True,
expect_pac_attrs=False)
- def test_tgs_req_from_rodc_no_requester_sid(self):
+ def _metze_test_tgs_req_from_rodc_no_requester_sid(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True, remove_requester_sid=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_req_from_rodc_no_pac_attrs(self):
+ def _metze_test_tgs_req_from_rodc_no_pac_attrs(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True, remove_pac_attrs=True)
self._run_tgs(tgt, creds, expected_error=0)
# Test making a request without a PAC.
- def test_tgs_no_pac(self):
+ def _metze_test_tgs_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_no_pac(self):
+ def _metze_test_renew_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, renewable=True, remove_pac=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_no_pac(self):
+ def _metze_test_validate_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True, remove_pac=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_no_pac(self):
+ def _metze_test_s4u2self_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True)
self._s4u2self(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED,
expect_edata=False)
- def test_user2user_no_pac(self):
+ def _metze_test_user2user_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True)
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_no_pac(self):
+ def _metze_test_fast_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True)
self._fast(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
# Test making a request with authdata and without a PAC.
- def test_tgs_authdata_no_pac(self):
+ def _metze_test_tgs_authdata_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_authdata_no_pac(self):
+ def _metze_test_renew_authdata_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, renewable=True, remove_pac=True,
allow_empty_authdata=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_authdata_no_pac(self):
+ def _metze_test_validate_authdata_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, invalid=True, remove_pac=True,
allow_empty_authdata=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_authdata_no_pac(self):
+ def _metze_test_s4u2self_authdata_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
self._s4u2self(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED,
expect_edata=False)
- def test_user2user_authdata_no_pac(self):
+ def _metze_test_user2user_authdata_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_authdata_no_pac(self):
+ def _metze_test_fast_authdata_no_pac(self):
creds = self._get_creds()
tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)
self._fast(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
# Test changing the SID in the PAC to that of another account.
- def test_tgs_sid_mismatch_existing(self):
+ def _metze_test_tgs_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_sid_mismatch_existing(self):
+ def _metze_test_renew_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, renewable=True, new_rid=existing_rid)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_sid_mismatch_existing(self):
+ def _metze_test_validate_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, invalid=True, new_rid=existing_rid)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_sid_mismatch_existing(self):
+ def _metze_test_s4u2self_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid)
self._s4u2self(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_sid_mismatch_existing(self):
+ def _metze_test_user2user_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid)
self._user2user(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_sid_mismatch_existing(self):
+ def _metze_test_fast_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid)
expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
- def test_fast_as_req_sid_mismatch_existing(self):
+ def _metze_test_fast_as_req_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid)
expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
- def test_requester_sid_mismatch_existing(self):
+ def _metze_test_requester_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid,
can_modify_logon_info=False)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_logon_info_sid_mismatch_existing(self):
+ def _metze_test_logon_info_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid,
can_modify_requester_sid=False)
self._run_tgs(tgt, creds, expected_error=0)
- def test_logon_info_only_sid_mismatch_existing(self):
+ def _metze_test_logon_info_only_sid_mismatch_existing(self):
creds = self._get_creds()
existing_rid = self._get_existing_rid()
tgt = self._get_tgt(creds, new_rid=existing_rid,
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
# Test changing the SID in the PAC to a non-existent one.
- def test_tgs_sid_mismatch_nonexisting(self):
+ def _metze_test_tgs_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_sid_mismatch_nonexisting(self):
+ def _metze_test_renew_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, renewable=True,
new_rid=nonexistent_rid)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_sid_mismatch_nonexisting(self):
+ def _metze_test_validate_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, invalid=True,
new_rid=nonexistent_rid)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_sid_mismatch_nonexisting(self):
+ def _metze_test_s4u2self_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
self._s4u2self(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_sid_mismatch_nonexisting(self):
+ def _metze_test_user2user_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
self._user2user(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_sid_mismatch_nonexisting(self):
+ def _metze_test_fast_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
- def test_fast_as_req_sid_mismatch_nonexisting(self):
+ def _metze_test_fast_as_req_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid)
expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
- def test_requester_sid_mismatch_nonexisting(self):
+ def _metze_test_requester_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid,
can_modify_logon_info=False)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_logon_info_sid_mismatch_nonexisting(self):
+ def _metze_test_logon_info_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid,
can_modify_requester_sid=False)
self._run_tgs(tgt, creds, expected_error=0)
- def test_logon_info_only_sid_mismatch_nonexisting(self):
+ def _metze_test_logon_info_only_sid_mismatch_nonexisting(self):
creds = self._get_creds()
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, new_rid=nonexistent_rid,
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
# Test with an RODC-issued ticket where the client is revealed to the RODC.
- def test_tgs_rodc_revealed(self):
+ def _metze_test_tgs_rodc_revealed(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._run_tgs(tgt, creds, expected_error=0)
- def test_renew_rodc_revealed(self):
+ def _metze_test_renew_rodc_revealed(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_validate_rodc_revealed(self):
+ def _metze_test_validate_rodc_revealed(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._s4u2self(tgt, creds,
expected_error=KDC_ERR_C_PRINCIPAL_UNKNOWN)
- def test_user2user_rodc_revealed(self):
+ def _metze_test_user2user_rodc_revealed(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
# Test with an RODC-issued ticket where the SID in the PAC is changed to
# that of another account.
- def test_tgs_rodc_sid_mismatch_existing(self):
+ def _metze_test_tgs_rodc_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_rodc_sid_mismatch_existing(self):
+ def _metze_test_renew_rodc_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
new_rid=existing_rid)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_rodc_sid_mismatch_existing(self):
+ def _metze_test_validate_rodc_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
new_rid=existing_rid)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_rodc_sid_mismatch_existing(self):
+ def _metze_test_s4u2self_rodc_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_rodc_sid_mismatch_existing(self):
+ def _metze_test_user2user_rodc_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
self._user2user(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_rodc_sid_mismatch_existing(self):
+ def _metze_test_fast_rodc_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
- def test_tgs_rodc_requester_sid_mismatch_existing(self):
+ def _metze_test_tgs_rodc_requester_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
can_modify_logon_info=False)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_rodc_logon_info_sid_mismatch_existing(self):
+ def _metze_test_tgs_rodc_logon_info_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
can_modify_requester_sid=False)
self._run_tgs(tgt, creds, expected_error=0)
- def test_tgs_rodc_logon_info_only_sid_mismatch_existing(self):
+ def _metze_test_tgs_rodc_logon_info_only_sid_mismatch_existing(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
existing_rid = self._get_existing_rid(replication_allowed=True,
# Test with an RODC-issued ticket where the SID in the PAC is changed to a
# non-existent one.
- def test_tgs_rodc_sid_mismatch_nonexisting(self):
+ def _metze_test_tgs_rodc_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_rodc_sid_mismatch_nonexisting(self):
+ def _metze_test_renew_rodc_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
new_rid=nonexistent_rid)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_rodc_sid_mismatch_nonexisting(self):
+ def _metze_test_validate_rodc_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
new_rid=nonexistent_rid)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_rodc_sid_mismatch_nonexisting(self):
+ def _metze_test_s4u2self_rodc_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_rodc_sid_mismatch_nonexisting(self):
+ def _metze_test_user2user_rodc_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
self._user2user(tgt, creds,
expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_rodc_sid_mismatch_nonexisting(self):
+ def _metze_test_fast_rodc_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
expected_error=KDC_ERR_TGT_REVOKED,
expected_sname=self.get_krbtgt_sname())
- def test_tgs_rodc_requester_sid_mismatch_nonexisting(self):
+ def _metze_test_tgs_rodc_requester_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
can_modify_logon_info=False)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_rodc_logon_info_sid_mismatch_nonexisting(self):
+ def _metze_test_tgs_rodc_logon_info_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
can_modify_requester_sid=False)
self._run_tgs(tgt, creds, expected_error=0)
- def test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting(self):
+ def _metze_test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
nonexistent_rid = self._get_non_existent_rid()
# Test with an RODC-issued ticket where the client is not revealed to the
# RODC.
- def test_tgs_rodc_not_revealed(self):
+ def _metze_test_tgs_rodc_not_revealed(self):
creds = self._get_creds(replication_allowed=True)
tgt = self._get_tgt(creds, from_rodc=True)
# TODO: error code
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_rodc_not_revealed(self):
+ def _metze_test_renew_rodc_not_revealed(self):
creds = self._get_creds(replication_allowed=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_rodc_not_revealed(self):
+ def _metze_test_validate_rodc_not_revealed(self):
creds = self._get_creds(replication_allowed=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_rodc_not_revealed(self):
+ def _metze_test_s4u2self_rodc_not_revealed(self):
creds = self._get_creds(replication_allowed=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_rodc_not_revealed(self):
+ def _metze_test_user2user_rodc_not_revealed(self):
creds = self._get_creds(replication_allowed=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
# Test with an RODC-issued ticket where the RODC account does not have the
# PARTIAL_SECRETS bit set.
- def test_tgs_rodc_no_partial_secrets(self):
+ def _metze_test_tgs_rodc_no_partial_secrets(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._remove_rodc_partial_secrets()
self._run_tgs(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_renew_rodc_no_partial_secrets(self):
+ def _metze_test_renew_rodc_no_partial_secrets(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
self._remove_rodc_partial_secrets()
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_validate_rodc_no_partial_secrets(self):
+ def _metze_test_validate_rodc_no_partial_secrets(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._remove_rodc_partial_secrets()
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_s4u2self_rodc_no_partial_secrets(self):
+ def _metze_test_s4u2self_rodc_no_partial_secrets(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._remove_rodc_partial_secrets()
self._s4u2self(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_user2user_rodc_no_partial_secrets(self):
+ def _metze_test_user2user_rodc_no_partial_secrets(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._remove_rodc_partial_secrets()
self._user2user(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_fast_rodc_no_partial_secrets(self):
+ def _metze_test_fast_rodc_no_partial_secrets(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
# Test with an RODC-issued ticket where the RODC account does not have an
# msDS-KrbTgtLink.
- def test_tgs_rodc_no_krbtgt_link(self):
+ def _metze_test_tgs_rodc_no_krbtgt_link(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._remove_rodc_krbtgt_link()
self._run_tgs(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_renew_rodc_no_krbtgt_link(self):
+ def _metze_test_renew_rodc_no_krbtgt_link(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
self._remove_rodc_krbtgt_link()
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_validate_rodc_no_krbtgt_link(self):
+ def _metze_test_validate_rodc_no_krbtgt_link(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._remove_rodc_krbtgt_link()
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_s4u2self_rodc_no_krbtgt_link(self):
+ def _metze_test_s4u2self_rodc_no_krbtgt_link(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._remove_rodc_krbtgt_link()
self._s4u2self(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_user2user_rodc_no_krbtgt_link(self):
+ def _metze_test_user2user_rodc_no_krbtgt_link(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._remove_rodc_krbtgt_link()
self._user2user(tgt, creds, expected_error=KDC_ERR_POLICY)
- def test_fast_rodc_no_krbtgt_link(self):
+ def _metze_test_fast_rodc_no_krbtgt_link(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
# Test with an RODC-issued ticket where the client is not allowed to
# replicate to the RODC.
- def test_tgs_rodc_not_allowed(self):
+ def _metze_test_tgs_rodc_not_allowed(self):
creds = self._get_creds(revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_rodc_not_allowed(self):
+ def _metze_test_renew_rodc_not_allowed(self):
creds = self._get_creds(revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_rodc_not_allowed(self):
+ def _metze_test_validate_rodc_not_allowed(self):
creds = self._get_creds(revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_rodc_not_allowed(self):
+ def _metze_test_s4u2self_rodc_not_allowed(self):
creds = self._get_creds(revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_rodc_not_allowed(self):
+ def _metze_test_user2user_rodc_not_allowed(self):
creds = self._get_creds(revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_rodc_not_allowed(self):
+ def _metze_test_fast_rodc_not_allowed(self):
creds = self._get_creds(revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._fast(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED,
# Test with an RODC-issued ticket where the client is denied from
# replicating to the RODC.
- def test_tgs_rodc_denied(self):
+ def _metze_test_tgs_rodc_denied(self):
creds = self._get_creds(replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_rodc_denied(self):
+ def _metze_test_renew_rodc_denied(self):
creds = self._get_creds(replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_rodc_denied(self):
+ def _metze_test_validate_rodc_denied(self):
creds = self._get_creds(replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_rodc_denied(self):
+ def _metze_test_s4u2self_rodc_denied(self):
creds = self._get_creds(replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_rodc_denied(self):
+ def _metze_test_user2user_rodc_denied(self):
creds = self._get_creds(replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_rodc_denied(self):
+ def _metze_test_fast_rodc_denied(self):
creds = self._get_creds(replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
# Test with an RODC-issued ticket where the client is both allowed and
# denied replicating to the RODC.
- def test_tgs_rodc_allowed_denied(self):
+ def _metze_test_tgs_rodc_allowed_denied(self):
creds = self._get_creds(replication_allowed=True,
replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._run_tgs(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_renew_rodc_allowed_denied(self):
+ def _metze_test_renew_rodc_allowed_denied(self):
creds = self._get_creds(replication_allowed=True,
replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, renewable=True, from_rodc=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_validate_rodc_allowed_denied(self):
+ def _metze_test_validate_rodc_allowed_denied(self):
creds = self._get_creds(replication_allowed=True,
replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, invalid=True, from_rodc=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_s4u2self_rodc_allowed_denied(self):
+ def _metze_test_s4u2self_rodc_allowed_denied(self):
creds = self._get_creds(replication_allowed=True,
replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_user2user_rodc_allowed_denied(self):
+ def _metze_test_user2user_rodc_allowed_denied(self):
creds = self._get_creds(replication_allowed=True,
replication_denied=True,
revealed_to_rodc=True)
tgt = self._get_tgt(creds, from_rodc=True)
self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_fast_rodc_allowed_denied(self):
+ def _metze_test_fast_rodc_allowed_denied(self):
creds = self._get_creds(replication_allowed=True,
replication_denied=True,
revealed_to_rodc=True)
self._fast(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
# Test user-to-user with incorrect service principal names.
- def test_user2user_matching_sname_host(self):
+ def _metze_test_user2user_matching_sname_host(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, sname=sname,
expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)
- def test_user2user_matching_sname_no_host(self):
+ def _metze_test_user2user_matching_sname_no_host(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, sname=sname, expected_error=0)
- def test_user2user_wrong_sname(self):
+ def _metze_test_user2user_wrong_sname(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, sname=sname,
expected_error=KDC_ERR_BADMATCH)
- def test_user2user_other_sname(self):
+ def _metze_test_user2user_other_sname(self):
other_name = self.get_new_username()
spn = f'host/{other_name}'
creds = self.get_cached_creds(
self._user2user(tgt, creds, sname=sname, expected_error=0)
- def test_user2user_wrong_sname_krbtgt(self):
+ def _metze_test_user2user_wrong_sname_krbtgt(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, sname=sname,
expected_error=KDC_ERR_BADMATCH)
- def test_user2user_wrong_srealm(self):
+ def _metze_test_user2user_wrong_srealm(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
expected_error=(KDC_ERR_WRONG_REALM,
KDC_ERR_S_PRINCIPAL_UNKNOWN))
- def test_user2user_tgt_correct_realm(self):
+ def _metze_test_user2user_tgt_correct_realm(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds,
expected_error=0)
- def test_user2user_tgt_wrong_realm(self):
+ def _metze_test_user2user_tgt_wrong_realm(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
expect_edata=True,
expected_status=ntstatus.NT_STATUS_NO_MATCH)
- def test_user2user_tgt_correct_cname(self):
+ def _metze_test_user2user_tgt_correct_cname(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, expected_error=0)
- def test_user2user_tgt_other_cname(self):
+ def _metze_test_user2user_tgt_other_cname(self):
samdb = self.get_samdb()
other_name = self.get_new_username()
self._user2user(tgt, creds, expected_error=0)
- def test_user2user_tgt_cname_host(self):
+ def _metze_test_user2user_tgt_cname_host(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
expected_error=(KDC_ERR_TGT_REVOKED,
KDC_ERR_C_PRINCIPAL_UNKNOWN))
- def test_user2user_non_existent_sname(self):
+ def _metze_test_user2user_non_existent_sname(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._user2user(tgt, creds, sname=sname,
expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)
- def test_user2user_no_sname(self):
+ def _metze_test_user2user_no_sname(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
expected_error=(KDC_ERR_GENERIC,
KDC_ERR_S_PRINCIPAL_UNKNOWN))
- def test_tgs_service_ticket(self):
+ def _metze_test_tgs_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._run_tgs(service_ticket, creds,
expected_error=(KDC_ERR_NOT_US, KDC_ERR_POLICY))
- def test_renew_service_ticket(self):
+ def _metze_test_renew_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._renew_tgt(service_ticket, creds,
expected_error=KDC_ERR_POLICY)
- def test_validate_service_ticket(self):
+ def _metze_test_validate_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._validate_tgt(service_ticket, creds,
expected_error=KDC_ERR_POLICY)
- def test_s4u2self_service_ticket(self):
+ def _metze_test_s4u2self_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
self._s4u2self(service_ticket, creds,
expected_error=(KDC_ERR_NOT_US, KDC_ERR_POLICY))
- def test_user2user_service_ticket(self):
+ def _metze_test_user2user_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
expected_error=(KDC_ERR_MODIFIED, KDC_ERR_POLICY))
# Expected to fail against Windows, which does not produce an error.
- def test_fast_service_ticket(self):
+ def _metze_test_fast_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
expected_error=(KDC_ERR_POLICY,
KDC_ERR_S_PRINCIPAL_UNKNOWN))
- def test_single_component_krbtgt_requester_sid_as_req(self):
+ def _metze_test_single_component_krbtgt_requester_sid_as_req(self):
"""Test that TGTs issued to a single‐component krbtgt principal always
contain a requester SID PAC buffer.
"""
kdc_options=kdc_options,
expect_requester_sid=True)
- def test_single_component_krbtgt_requester_sid_tgs_req(self):
+ def _metze_test_single_component_krbtgt_requester_sid_tgs_req(self):
"""Test that TGTs issued to a single‐component krbtgt principal always
contain a requester SID PAC buffer.
"""
kdc_options=kdc_options,
expect_requester_sid=True)
- def test_single_component_krbtgt_no_pac_as_req(self):
+ def _metze_test_single_component_krbtgt_no_pac_as_req(self):
"""Test that TGTs issued to a single‐component krbtgt principal always
contain a PAC.
"""
# Ensure that a PAC is issued nonetheless.
expect_pac=True)
- def test_single_component_krbtgt_no_pac_tgs_req(self):
+ def _metze_test_single_component_krbtgt_no_pac_tgs_req(self):
"""Test that TGTs issued to a single‐component krbtgt principal always
contain a PAC.
"""
expect_pac_attrs=True,
expect_pac_attrs_pac_request=True)
- def test_single_component_krbtgt_service_ticket(self):
+ def _metze_test_single_component_krbtgt_service_ticket(self):
"""Test that TGTs issued to a single‐component krbtgt principal can be
used to get service tickets.
"""
# Ensure that we can use the TGT to get a service ticket.
self._run_tgs(tgt, creds, expected_error=0)
- def test_pac_attrs_none(self):
+ def _metze_test_pac_attrs_none(self):
creds = self._get_creds()
self.get_tgt(creds, pac_request=None,
expect_pac=True,
expect_pac_attrs=True,
expect_pac_attrs_pac_request=None)
- def test_pac_attrs_false(self):
+ def _metze_test_pac_attrs_false(self):
creds = self._get_creds()
self.get_tgt(creds, pac_request=False,
expect_pac=True,
expect_pac_attrs=True,
expect_pac_attrs_pac_request=False)
- def test_pac_attrs_true(self):
+ def _metze_test_pac_attrs_true(self):
creds = self._get_creds()
self.get_tgt(creds, pac_request=True,
expect_pac=True,
expect_pac_attrs=True,
expect_pac_attrs_pac_request=True)
- def test_pac_attrs_renew_none(self):
+ def _metze_test_pac_attrs_renew_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None,
expect_pac=True,
expect_pac_attrs_pac_request=None,
expect_requester_sid=True)
- def test_pac_attrs_renew_false(self):
+ def _metze_test_pac_attrs_renew_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False,
expect_pac=True,
expect_pac_attrs_pac_request=False,
expect_requester_sid=True)
- def test_pac_attrs_renew_true(self):
+ def _metze_test_pac_attrs_renew_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True,
expect_pac=True,
expect_pac_attrs_pac_request=True,
expect_requester_sid=True)
- def test_pac_attrs_rodc_renew_none(self):
+ def _metze_test_pac_attrs_rodc_renew_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_rodc_renew_false(self):
+ def _metze_test_pac_attrs_rodc_renew_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_rodc_renew_true(self):
+ def _metze_test_pac_attrs_rodc_renew_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_missing_renew_none(self):
+ def _metze_test_pac_attrs_missing_renew_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None,
expect_pac=True,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_missing_renew_false(self):
+ def _metze_test_pac_attrs_missing_renew_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False,
expect_pac=True,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_missing_renew_true(self):
+ def _metze_test_pac_attrs_missing_renew_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True,
expect_pac=True,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_missing_rodc_renew_none(self):
+ def _metze_test_pac_attrs_missing_rodc_renew_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_missing_rodc_renew_false(self):
+ def _metze_test_pac_attrs_missing_rodc_renew_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_pac_attrs_missing_rodc_renew_true(self):
+ def _metze_test_pac_attrs_missing_rodc_renew_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True,
expect_pac_attrs=False,
expect_requester_sid=True)
- def test_tgs_pac_attrs_none(self):
+ def _metze_test_tgs_pac_attrs_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None,
expect_pac=True,
self._run_tgs(tgt, creds, expected_error=0, expect_pac=True,
expect_pac_attrs=False)
- def test_tgs_pac_attrs_false(self):
+ def _metze_test_tgs_pac_attrs_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False,
expect_pac=True,
self._run_tgs(tgt, creds, expected_error=0, expect_pac=False,
expect_pac_attrs=False)
- def test_tgs_pac_attrs_true(self):
+ def _metze_test_tgs_pac_attrs_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True,
expect_pac=True,
self._run_tgs(tgt, creds, expected_error=0, expect_pac=True,
expect_pac_attrs=False)
- def test_as_requester_sid(self):
+ def _metze_test_as_requester_sid(self):
creds = self._get_creds()
sid = creds.get_sid()
expected_sid=sid,
expect_requester_sid=True)
- def test_tgs_requester_sid(self):
+ def _metze_test_tgs_requester_sid(self):
creds = self._get_creds()
sid = creds.get_sid()
self._run_tgs(tgt, creds, expected_error=0, expect_pac=True,
expect_requester_sid=False)
- def test_tgs_requester_sid_renew(self):
+ def _metze_test_tgs_requester_sid_renew(self):
creds = self._get_creds()
sid = creds.get_sid()
expected_sid=sid,
expect_requester_sid=True)
- def test_tgs_requester_sid_rodc_renew(self):
+ def _metze_test_tgs_requester_sid_rodc_renew(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
expected_sid=sid,
expect_requester_sid=True)
- def test_tgs_requester_sid_missing_renew(self):
+ def _metze_test_tgs_requester_sid_missing_renew(self):
creds = self._get_creds()
sid = creds.get_sid()
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_requester_sid_missing_rodc_renew(self):
+ def _metze_test_tgs_requester_sid_missing_rodc_renew(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_requester_sid_validate(self):
+ def _metze_test_tgs_requester_sid_validate(self):
creds = self._get_creds()
sid = creds.get_sid()
expected_sid=sid,
expect_requester_sid=True)
- def test_tgs_requester_sid_rodc_validate(self):
+ def _metze_test_tgs_requester_sid_rodc_validate(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
expected_sid=sid,
expect_requester_sid=True)
- def test_tgs_requester_sid_missing_validate(self):
+ def _metze_test_tgs_requester_sid_missing_validate(self):
creds = self._get_creds()
sid = creds.get_sid()
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_requester_sid_missing_rodc_validate(self):
+ def _metze_test_tgs_requester_sid_missing_rodc_validate(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)
- def test_tgs_pac_request_none(self):
+ def _metze_test_tgs_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_tgs_pac_request_false(self):
+ def _metze_test_tgs_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_tgs_pac_request_true(self):
+ def _metze_test_tgs_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_renew_pac_request_none(self):
+ def _metze_test_renew_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
tgt = self._modify_tgt(tgt, renewable=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_renew_pac_request_false(self):
+ def _metze_test_renew_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
tgt = self._modify_tgt(tgt, renewable=True)
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_renew_pac_request_true(self):
+ def _metze_test_renew_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True)
tgt = self._modify_tgt(tgt, renewable=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_rodc_renew_pac_request_none(self):
+ def _metze_test_rodc_renew_pac_request_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_rodc_renew_pac_request_false(self):
+ def _metze_test_rodc_renew_pac_request_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_rodc_renew_pac_request_true(self):
+ def _metze_test_rodc_renew_pac_request_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_validate_pac_request_none(self):
+ def _metze_test_validate_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
tgt = self._modify_tgt(tgt, invalid=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_validate_pac_request_false(self):
+ def _metze_test_validate_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
tgt = self._modify_tgt(tgt, invalid=True)
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_validate_pac_request_true(self):
+ def _metze_test_validate_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True)
tgt = self._modify_tgt(tgt, invalid=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_rodc_validate_pac_request_none(self):
+ def _metze_test_rodc_validate_pac_request_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_rodc_validate_pac_request_false(self):
+ def _metze_test_rodc_validate_pac_request_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_rodc_validate_pac_request_true(self):
+ def _metze_test_rodc_validate_pac_request_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_s4u2self_pac_request_none(self):
+ def _metze_test_s4u2self_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_s4u2self_pac_request_false(self):
+ def _metze_test_s4u2self_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_s4u2self_pac_request_true(self):
+ def _metze_test_s4u2self_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_user2user_pac_request_none(self):
+ def _metze_test_user2user_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_user2user_pac_request_false(self):
+ def _metze_test_user2user_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
pac = self.get_ticket_pac(ticket, expect_pac=True)
self.assertIsNotNone(pac)
- def test_user2user_pac_request_true(self):
+ def _metze_test_user2user_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_user2user_user_pac_request_none(self):
+ def _metze_test_user2user_user_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_user2user_user_pac_request_false(self):
+ def _metze_test_user2user_user_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds)
pac = self.get_ticket_pac(ticket, expect_pac=False)
self.assertIsNone(pac)
- def test_user2user_user_pac_request_true(self):
+ def _metze_test_user2user_user_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_fast_pac_request_none(self):
+ def _metze_test_fast_pac_request_none(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_fast_pac_request_false(self):
+ def _metze_test_fast_pac_request_false(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=False)
pac = self.get_ticket_pac(ticket, expect_pac=True)
self.assertIsNotNone(pac)
- def test_fast_pac_request_true(self):
+ def _metze_test_fast_pac_request_true(self):
creds = self._get_creds()
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_tgs_rodc_pac_request_none(self):
+ def _metze_test_tgs_rodc_pac_request_none(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_tgs_rodc_pac_request_false(self):
+ def _metze_test_tgs_rodc_pac_request_false(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_tgs_rodc_pac_request_true(self):
+ def _metze_test_tgs_rodc_pac_request_true(self):
creds = self._get_creds(replication_allowed=True,
revealed_to_rodc=True)
tgt = self.get_tgt(creds, pac_request=True)
pac = self.get_ticket_pac(ticket)
self.assertIsNotNone(pac)
- def test_tgs_rename(self):
+ def _metze_test_tgs_rename(self):
creds = self.get_cached_creds(account_type=self.AccountType.USER,
use_cache=False)
tgt = self.get_tgt(creds)