tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index a9c61e951504c23afc7425d3f86f3f3b27d00908..a8c84244b9e12a55cfc65f10cfc5b0cd120b4162 100755 (executable)
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -924,6 +924,29 @@ class KdcTgsTests(KdcTgsBaseTests):
         tgt = self._get_tgt(creds)
         self._user2user(tgt, creds, expected_error=0)
 
+    def test_user2user_user_self_req(self):
+        creds = self._get_user_creds()
+        tgt = self._get_tgt(creds)
+        username = creds.get_username()
+        sname = self.PrincipalName_create(
+                        name_type=NT_PRINCIPAL,
+                        names=[username])
+        self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
+
+    def test_user2user_computer_self_princ1_req(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds)
+        username = creds.get_username()
+        sname = self.PrincipalName_create(
+                        name_type=NT_PRINCIPAL,
+                        names=[username])
+        self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
+
+    def test_user2user_computer_self_princ2_req(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds)
+        self._user2user(tgt, creds, user_tgt=tgt, user_creds=creds, expected_error=0)
+
     def test_fast_req(self):
         creds = self._get_creds()
         tgt = self._get_tgt(creds)
@@ -2909,6 +2932,19 @@ class KdcTgsTests(KdcTgsBaseTests):
                 'id': 2
             })
 
+    def _get_user_creds(self,
+                   replication_allowed=False,
+                   replication_denied=False,
+                   revealed_to_rodc=False):
+        return self.get_cached_creds(
+            account_type=self.AccountType.USER,
+            opts={
+                'allowed_replication_mock': replication_allowed,
+                'denied_replication_mock': replication_denied,
+                'revealed_to_mock_rodc': revealed_to_rodc,
+                'id': 3
+            })
+
     def _get_non_existent_rid(self):
         return (1 << 30) - 1
 

diff --git a/selftest/knownfail.d/krb5_user2user b/selftest/knownfail.d/krb5_user2user
new file mode 100644 (file)
index 0000000..44e2f8d
--- /dev/null
+++ b/selftest/knownfail.d/krb5_user2user
@@ -0,0 +1 @@
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req

diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index 8d1406fd6e6e29eb86636345da6ede6e7710c2c2..f4db8a645392f6708e42c6a7bffe86ca00aeb04b 100644 (file)
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -378,6 +378,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_existing
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_nonexisting
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_tgt_cname_host
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm