diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2021-11-24 11:40:35 +1300 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-07-24 11:42:01 +0200 |
| commit | 651db77b1c19c036cf229c44b764b0155e1dc399 (patch) | |
| tree | 5b63db2bfc218aed788a85dfb5198ca3c7a6bd24 | |
| parent | bf1aa0927895b1007ecea738681235b5be2e6208 (diff) | |
| download | samba-651db77b1c19c036cf229c44b764b0155e1dc399.tar.gz | |
tests/krb5: Split out methods to create renewable or invalid tickets
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e930274aa43810d6485c3c8a7c82958ecb409630)
| -rwxr-xr-x | python/samba/tests/krb5/kdc_tgs_tests.py | 68 |
1 files changed, 36 insertions, 32 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index abac5a47a56..0578969ba69 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -1786,6 +1786,40 @@ class KdcTgsTests(KDCBaseTest): self._run_tgs(tgt, expected_error=KDC_ERR_C_PRINCIPAL_UNKNOWN) + def _modify_renewable(self, enc_part): + # Set the renewable flag. + renewable_flag = krb5_asn1.TicketFlags('renewable') + pos = len(tuple(renewable_flag)) - 1 + + flags = enc_part['flags'] + self.assertLessEqual(pos, len(flags)) + + new_flags = flags[:pos] + '1' + flags[pos + 1:] + enc_part['flags'] = new_flags + + # Set the renew-till time to be in the future. + renew_till = self.get_KerberosTime(offset=100 * 60 * 60) + enc_part['renew-till'] = renew_till + + return enc_part + + def _modify_invalid(self, enc_part): + # Set the invalid flag. + invalid_flag = krb5_asn1.TicketFlags('invalid') + pos = len(tuple(invalid_flag)) - 1 + + flags = enc_part['flags'] + self.assertLessEqual(pos, len(flags)) + + new_flags = flags[:pos] + '1' + flags[pos + 1:] + enc_part['flags'] = new_flags + + # Set the ticket start time to be in the past. + past_time = self.get_KerberosTime(offset=-100 * 60 * 60) + enc_part['starttime'] = past_time + + return enc_part + def _get_tgt(self, client_creds, renewable=False, @@ -1880,39 +1914,9 @@ class KdcTgsTests(KDCBaseTest): } if renewable: - def flags_modify_fn(enc_part): - # Set the renewable flag. - renewable_flag = krb5_asn1.TicketFlags('renewable') - pos = len(tuple(renewable_flag)) - 1 - - flags = enc_part['flags'] - self.assertLessEqual(pos, len(flags)) - - new_flags = flags[:pos] + '1' + flags[pos + 1:] - enc_part['flags'] = new_flags - - # Set the renew-till time to be in the future. - renew_till = self.get_KerberosTime(offset=100 * 60 * 60) - enc_part['renew-till'] = renew_till - - return enc_part + flags_modify_fn = self._modify_renewable elif invalid: - def flags_modify_fn(enc_part): - # Set the invalid flag. - invalid_flag = krb5_asn1.TicketFlags('invalid') - pos = len(tuple(invalid_flag)) - 1 - - flags = enc_part['flags'] - self.assertLessEqual(pos, len(flags)) - - new_flags = flags[:pos] + '1' + flags[pos + 1:] - enc_part['flags'] = new_flags - - # Set the ticket start time to be in the past. - past_time = self.get_KerberosTime(offset=-100 * 60 * 60) - enc_part['starttime'] = past_time - - return enc_part + flags_modify_fn = self._modify_invalid else: flags_modify_fn = None |