tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account
authorStefan Metzmacher <metze@samba.org>
Wed, 11 Oct 2023 13:54:15 +0000 (15:54 +0200)
committerStefan Metzmacher <metze@samba.org>
Mon, 16 Oct 2023 14:39:33 +0000 (14:39 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/krb5/kdc_tgs_tests.py
selftest/knownfail.d/krb5_user2user [new file with mode: 0644]
selftest/knownfail_mit_kdc

index 7dccdf2479ff634f8baa7b66d25e6f1c769d5df7..f6d8921635a3fdd6192f933b07a0e0df9391b9d3 100755 (executable)
@@ -1076,6 +1076,29 @@ class KdcTgsTests(KdcTgsBaseTests):
         tgt = self._get_tgt(creds)
         self._user2user(tgt, creds, expected_error=0)
 
+    def test_user2user_user_self_req(self):
+        creds = self._get_user_creds()
+        tgt = self._get_tgt(creds)
+        username = creds.get_username()
+        sname = self.PrincipalName_create(
+                        name_type=NT_PRINCIPAL,
+                        names=[username])
+        self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
+
+    def test_user2user_computer_self_princ1_req(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds)
+        username = creds.get_username()
+        sname = self.PrincipalName_create(
+                        name_type=NT_PRINCIPAL,
+                        names=[username])
+        self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
+
+    def test_user2user_computer_self_princ2_req(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds)
+        self._user2user(tgt, creds, user_tgt=tgt, user_creds=creds, expected_error=0)
+
     def test_fast_req(self):
         creds = self._get_creds()
         tgt = self._get_tgt(creds)
@@ -3114,6 +3137,19 @@ class KdcTgsTests(KdcTgsBaseTests):
                 'id': 2
             })
 
+    def _get_user_creds(self,
+                   replication_allowed=False,
+                   replication_denied=False,
+                   revealed_to_rodc=False):
+        return self.get_cached_creds(
+            account_type=self.AccountType.USER,
+            opts={
+                'allowed_replication_mock': replication_allowed,
+                'denied_replication_mock': replication_denied,
+                'revealed_to_mock_rodc': revealed_to_rodc,
+                'id': 3
+            })
+
     def _get_non_existent_rid(self):
         return (1 << 30) - 1
 
diff --git a/selftest/knownfail.d/krb5_user2user b/selftest/knownfail.d/krb5_user2user
new file mode 100644 (file)
index 0000000..44e2f8d
--- /dev/null
@@ -0,0 +1 @@
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req
index 22cc6f4358de4fb204400d68045b909e6e123104..c89feb1dbb1736b3d7b4bac5d4e556a573295443 100644 (file)
@@ -411,6 +411,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_existing
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_nonexisting
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_tgt_cname_host
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm