git.samba.org / bjacke / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8277d7a)
tests/krb5: Test that root key data is the correct length in bytes
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Wed, 20 Dec 2023 03:38:33 +0000 (16:38 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 22 Dec 2023 05:33:31 +0000 (05:33 +0000)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/gkdi.py patch | blob | history
python/samba/tests/krb5/gkdi_tests.py patch | blob | history
selftest/knownfail.d/gkdi patch | blob | history

diff --git a/python/samba/tests/gkdi.py b/python/samba/tests/gkdi.py
index 53cd6146aa6c9347576b5a8069a14059af5bf9fc..53b49a315564c7393e88d4b0267ae6b9329a0215 100644 (file)
--- a/python/samba/tests/gkdi.py
+++ b/python/samba/tests/gkdi.py
@@ -514,12 +514,6 @@ class GkdiBaseTest(TestCase):
 
         if data is None:
             data = secrets.token_bytes(KEY_LEN_BYTES)
-        else:
-            self.assertEqual(
-                KEY_LEN_BYTES,
-                len(data),
-                f"root key data must be {KEY_LEN_BYTES} bytes",
-            )
 
         create_time = current_nt_time = self.current_nt_time()
 
diff --git a/python/samba/tests/krb5/gkdi_tests.py b/python/samba/tests/krb5/gkdi_tests.py
index edb15023737648c413b4b6e9153e030541d350d9..a2a074f81ec7e5a8e6908eac7323e095ee5067c4 100755 (executable)
--- a/python/samba/tests/krb5/gkdi_tests.py
+++ b/python/samba/tests/krb5/gkdi_tests.py
@@ -32,6 +32,7 @@ from samba.gkdi import (
     Algorithm,
     Gkid,
     KEY_CYCLE_DURATION,
+    KEY_LEN_BYTES,
     MAX_CLOCK_SKEW,
     NtTime,
     NtTimeDelta,
@@ -287,6 +288,30 @@ class GkdiExplicitRootKeyTests(GkdiKdcBaseTest):
             "using a non‐existent root key should fail with NO_KEY",
         )
 
+    def test_root_key_wrong_length(self):
+        """Attempt to use a root key that is the wrong length."""
+        root_key_id = self.new_root_key(data=bytes(KEY_LEN_BYTES // 2))
+
+        gkid = self.current_gkid()
+
+        with self.assertRaises(GetKeyError) as err:
+            self.get_key(self.get_samdb(), self.gmsa_sd, root_key_id, gkid)
+
+        self.assertEqual(
+            HRES_NTE_BAD_KEY,
+            err.exception.args[0],
+            "using a root key that is the wrong length should fail with BAD_KEY",
+        )
+
+        with self.assertRaises(GetKeyError) as rpc_err:
+            self.rpc_get_key(self.gkdi_conn(), self.gmsa_sd, root_key_id, gkid)
+
+        self.assertEqual(
+            HRES_NTE_BAD_KEY,
+            rpc_err.exception.args[0],
+            "using a root key that is the wrong length should fail with BAD_KEY",
+        )
+
 
 class GkdiImplicitRootKeyTests(GkdiKdcBaseTest):
     _root_key: ClassVar[misc.GUID]
diff --git a/selftest/knownfail.d/gkdi b/selftest/knownfail.d/gkdi
index 68f3dffd42ee65af728869c304653b8440275aff..fbea302922fd472a0acc4d67c8f43640df063a78 100644 (file)
--- a/selftest/knownfail.d/gkdi
+++ b/selftest/knownfail.d/gkdi
@@ -10,6 +10,7 @@
 ^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_previous_l0_idx\(ad_dc\)$
 ^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_root_key_use_start_time_too_low\(ad_dc\)$
 ^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_root_key_use_start_time_zero\(ad_dc\)$
+^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiExplicitRootKeyTests\.test_root_key_wrong_length\(ad_dc\)$
 ^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_both_seed_keys\(ad_dc\)$
 ^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_l1_seed_key\(ad_dc\)$
 ^samba\.tests\.krb5\.gkdi_tests\.samba\.tests\.krb5\.gkdi_tests\.GkdiImplicitRootKeyTests\.test_l2_seed_key\(ad_dc\)$
Unnamed repository; edit this file 'description' to name the repository.