tests/krb5: Add tests for invalid TGTs

author Joseph Sutton <josephsutton@catalyst.net.nz>

Mon, 29 Nov 2021 20:26:40 +0000 (09:26 +1300)

committer Jule Anger <janger@samba.org>

Sun, 24 Jul 2022 09:42:01 +0000 (11:42 +0200)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Mon, 29 Nov 2021 20:26:40 +0000 (09:26 +1300)
committer Jule Anger <janger@samba.org>
Sun, 24 Jul 2022 09:42:01 +0000 (11:42 +0200)
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py

index 6160ef649e86ad60bfd25c8cadb1b69f423c4a3b..f5f091610aceb092be7a1adc6aa51dc2a84ca20e 100755 (executable)
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -44,6 +44,7 @@ from samba.tests.krb5.rfc4120_constants import (
      KDC_ERR_C_PRINCIPAL_UNKNOWN,
      KDC_ERR_S_PRINCIPAL_UNKNOWN,
      KDC_ERR_TGT_REVOKED,
+    KRB_ERR_TKT_NYV,
      KDC_ERR_WRONG_REALM,
      NT_PRINCIPAL,
      NT_SRV_INST,
@@ -511,6 +512,21 @@ class KdcTgsTests(KDCBaseTest):
          tgt = self._get_tgt(creds)
          self._user2user(tgt, creds, expected_error=0)
  
+    def test_tgs_req_invalid(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds, invalid=True)
+        self._run_tgs(tgt, expected_error=KRB_ERR_TKT_NYV)
+
+    def test_s4u2self_req_invalid(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds, invalid=True)
+        self._s4u2self(tgt, creds, expected_error=KRB_ERR_TKT_NYV)
+
+    def test_user2user_req_invalid(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds, invalid=True)
+        self._user2user(tgt, creds, expected_error=KRB_ERR_TKT_NYV)
+
      def test_tgs_req_no_requester_sid(self):
          creds = self._get_creds()
          tgt = self._get_tgt(creds, remove_requester_sid=True)
diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py

index 5251e291fde1883b7b70ca7df4b618c073fbce7e..a9fdc5735ddc80dfc30a3f5b167765f93c696415 100644 (file)
--- a/python/samba/tests/krb5/rfc4120_constants.py
+++ b/python/samba/tests/krb5/rfc4120_constants.py
@@ -76,6 +76,7 @@ KDC_ERR_TGT_REVOKED = 20
  KDC_ERR_PREAUTH_FAILED = 24
  KDC_ERR_PREAUTH_REQUIRED = 25
  KDC_ERR_BAD_INTEGRITY = 31
+KRB_ERR_TKT_NYV = 33
  KDC_ERR_NOT_US = 35
  KDC_ERR_BADMATCH = 36
  KDC_ERR_SKEW = 37
diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc

index cc12499bb500df56e3f839de5528b29eb756140e..3aacec0087021d027b569761f06ffe223726cbbd 100644 (file)
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -422,6 +422,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rename
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_invalid
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_allowed_denied
  ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_denied
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Mon, 29 Nov 2021 20:26:40 +0000 (09:26 +1300)
committer	Jule Anger <janger@samba.org>
	Sun, 24 Jul 2022 09:42:01 +0000 (11:42 +0200)
python/samba/tests/krb5/kdc_tgs_tests.py		patch \| blob \| history
python/samba/tests/krb5/rfc4120_constants.py		patch \| blob \| history
selftest/knownfail_mit_kdc		patch \| blob \| history