diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2021-11-30 09:26:40 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-07-24 11:42:01 +0200 |
commit | eb0ed5f4f6d725c49fda97bc8f7aae89f90bd913 (patch) | |
tree | 8a240b6e0e976fed2d8e20c739c1e04e8b1e08fa | |
parent | ea82822a5c451df50feed15c5da3501df2b5c106 (diff) | |
download | samba-eb0ed5f4f6d725c49fda97bc8f7aae89f90bd913.tar.gz |
tests/krb5: Add tests for invalid TGTs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7574ba9f580fca552b80532a49d00e657fbdf4fd)
[jsutton@samba.org Removed some MIT knownfail changes]
-rwxr-xr-x | python/samba/tests/krb5/kdc_tgs_tests.py | 16 | ||||
-rw-r--r-- | python/samba/tests/krb5/rfc4120_constants.py | 1 | ||||
-rw-r--r-- | selftest/knownfail_mit_kdc | 1 |
3 files changed, 18 insertions, 0 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index 6160ef649e8..f5f091610ac 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -44,6 +44,7 @@ from samba.tests.krb5.rfc4120_constants import ( KDC_ERR_C_PRINCIPAL_UNKNOWN, KDC_ERR_S_PRINCIPAL_UNKNOWN, KDC_ERR_TGT_REVOKED, + KRB_ERR_TKT_NYV, KDC_ERR_WRONG_REALM, NT_PRINCIPAL, NT_SRV_INST, @@ -511,6 +512,21 @@ class KdcTgsTests(KDCBaseTest): tgt = self._get_tgt(creds) self._user2user(tgt, creds, expected_error=0) + def test_tgs_req_invalid(self): + creds = self._get_creds() + tgt = self._get_tgt(creds, invalid=True) + self._run_tgs(tgt, expected_error=KRB_ERR_TKT_NYV) + + def test_s4u2self_req_invalid(self): + creds = self._get_creds() + tgt = self._get_tgt(creds, invalid=True) + self._s4u2self(tgt, creds, expected_error=KRB_ERR_TKT_NYV) + + def test_user2user_req_invalid(self): + creds = self._get_creds() + tgt = self._get_tgt(creds, invalid=True) + self._user2user(tgt, creds, expected_error=KRB_ERR_TKT_NYV) + def test_tgs_req_no_requester_sid(self): creds = self._get_creds() tgt = self._get_tgt(creds, remove_requester_sid=True) diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py index 5251e291fde..a9fdc5735dd 100644 --- a/python/samba/tests/krb5/rfc4120_constants.py +++ b/python/samba/tests/krb5/rfc4120_constants.py @@ -76,6 +76,7 @@ KDC_ERR_TGT_REVOKED = 20 KDC_ERR_PREAUTH_FAILED = 24 KDC_ERR_PREAUTH_REQUIRED = 25 KDC_ERR_BAD_INTEGRITY = 31 +KRB_ERR_TKT_NYV = 33 KDC_ERR_NOT_US = 35 KDC_ERR_BADMATCH = 36 KDC_ERR_SKEW = 37 diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc index cc12499bb50..3aacec00870 100644 --- a/selftest/knownfail_mit_kdc +++ b/selftest/knownfail_mit_kdc @@ -422,6 +422,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_authdata_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_no_pac ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rename +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_invalid ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_allowed_denied ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_rodc_denied |