self._run_test_sequence([
{
'rep_type': KRB_AS_REP,
- 'expected_error_mode': KDC_ERR_POLICY,
+ 'expected_error_mode': (KDC_ERR_POLICY,
+ KDC_ERR_S_PRINCIPAL_UNKNOWN),
'use_fast': True,
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
'gen_armor_tgt_fn': self.get_user_service_ticket
self._run_test_sequence([
{
'rep_type': KRB_AS_REP,
- 'expected_error_mode': KDC_ERR_POLICY,
+ 'expected_error_mode': (KDC_ERR_POLICY,
+ KDC_ERR_S_PRINCIPAL_UNKNOWN),
'use_fast': True,
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
'gen_armor_tgt_fn': self.get_mach_service_ticket
self._run_test_sequence([
{
'rep_type': KRB_AS_REP,
- 'expected_error_mode': KDC_ERR_POLICY,
+ 'expected_error_mode': (KDC_ERR_POLICY,
+ KDC_ERR_S_PRINCIPAL_UNKNOWN),
'use_fast': True,
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
'gen_armor_tgt_fn': self.get_service_ticket_invalid_checksum
},
{
'rep_type': KRB_AS_REP,
- 'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
+ 'expected_error_mode': (KDC_ERR_PREAUTH_REQUIRED,
+ KDC_ERR_POLICY),
'use_fast': True,
'gen_padata_fn': self.generate_enc_timestamp_padata,
'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
self._user2user(service_ticket, creds,
expected_error=(KDC_ERR_MODIFIED, KDC_ERR_POLICY))
- # Expected to fail against Windows, which does not produce a policy error.
+ # Expected to fail against Windows, which does not produce an error.
def test_fast_service_ticket(self):
creds = self._get_creds()
tgt = self._get_tgt(creds)
service_ticket = self.get_service_ticket(tgt, service_creds)
self._fast(service_ticket, creds,
- expected_error=KDC_ERR_POLICY)
+ expected_error=(KDC_ERR_POLICY,
+ KDC_ERR_S_PRINCIPAL_UNKNOWN))
def test_pac_attrs_none(self):
creds = self._get_creds()
AD_WIN2K_PAC,
FX_FAST_ARMOR_AP_REQUEST,
KDC_ERR_GENERIC,
+ KDC_ERR_POLICY,
KDC_ERR_PREAUTH_FAILED,
KDC_ERR_SKEW,
KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS,
if len(expect_etype_info2) != 0:
expected_patypes += (PADATA_ETYPE_INFO2,)
- if error_code not in (KDC_ERR_PREAUTH_FAILED, KDC_ERR_SKEW):
+ if error_code not in (KDC_ERR_PREAUTH_FAILED, KDC_ERR_SKEW,
+ KDC_ERR_POLICY):
if sent_fast:
expected_patypes += (PADATA_ENCRYPTED_CHALLENGE,)
else: