diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-12-15 11:04:02 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2016-12-20 01:11:24 +0100 |
commit | dab9456cfc4f42e4a7d95443e02460e59816ecbd (patch) | |
tree | e13f74fc9b8f47ab3f17348690a60eb93945f48d /python | |
parent | 7c344fbbe0568734beb982bb6e0f3c81e6eb5843 (diff) | |
download | samba-dab9456cfc4f42e4a7d95443e02460e59816ecbd.tar.gz |
auth/credentials: handle situations without a configured (default) realm
We should not have cli_credentials_get_realm() return "" without a
configured (default) realm in smb.conf.
Note that the existing tests with creds.get_realm() == lp.get("realm")
also work with "" as string.
At the same time we should never let cli_credentials_get_principal()
return "@REALM.EXAMPLE.COM" nor "username@".
If cli_credentials_parse_string() gets "OTHERDOMAIN\username"
we must not use cli_credentials_get_realm() to generate
a principal unless cli_credentials_get_domain() returns
also "OTHERDOMAIN". What we need to do is using
username@OTHERDOMAIN as principal, whild we still
use cli_credentials_get_realm to get a default kdc,
(which may route us to the correct kdc with WRONG_REALM
messages).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/credentials.py | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/python/samba/tests/credentials.py b/python/samba/tests/credentials.py index 0a64179d102..1cbd540eac9 100644 --- a/python/samba/tests/credentials.py +++ b/python/samba/tests/credentials.py @@ -60,10 +60,12 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): def test_set_domain(self): self.creds.set_domain("ABMAS") self.assertEqual("ABMAS", self.creds.get_domain()) + self.assertEqual(self.creds.get_principal(), None) def test_set_realm(self): self.creds.set_realm("myrealm") self.assertEqual("MYREALM", self.creds.get_realm()) + self.assertEqual(self.creds.get_principal(), None) def test_parse_string_anon(self): self.creds.parse_string("%") @@ -140,7 +142,8 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): creds.guess(lp) self.assertEqual(creds.get_username(), "env_user") self.assertEqual(creds.get_domain(), lp.get("workgroup").upper()) - self.assertEqual(creds.get_realm(), lp.get("realm").upper()) + self.assertEqual(creds.get_realm(), None) + self.assertEqual(creds.get_principal(), "env_user@%s" % creds.get_domain()) self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), False) @@ -153,6 +156,7 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): self.assertEqual(creds.get_username(), "") self.assertEqual(creds.get_domain(), "") self.assertEqual(creds.get_realm(), None) + self.assertEqual(creds.get_principal(), None) self.assertEqual(creds.is_anonymous(), True) self.assertEqual(creds.authentication_requested(), False) @@ -186,7 +190,8 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): creds.parse_string("user") self.assertEqual(creds.get_username(), "user") self.assertEqual(creds.get_domain(), lp.get("workgroup").upper()) - self.assertEqual(creds.get_realm(), lp.get("realm").upper()) + self.assertEqual(creds.get_realm(), None) + self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup").upper()) self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), True) @@ -198,7 +203,8 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): creds.parse_string("domain\user") self.assertEqual(creds.get_username(), "user") self.assertEqual(creds.get_domain(), "DOMAIN") - self.assertEqual(creds.get_realm(), lp.get("realm").upper()) + self.assertEqual(creds.get_realm(), None) + self.assertEqual(creds.get_principal(), "user@DOMAIN") self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), True) @@ -211,6 +217,7 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): self.assertEqual(creds.get_username(), "env_user") self.assertEqual(creds.get_domain(), lp.get("workgroup").upper()) self.assertEqual(creds.get_realm(), "SAMBA.ORG") + self.assertEqual(creds.get_principal(), "user@samba.org") self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), True) @@ -223,7 +230,8 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): self.assertEqual(creds.get_username(), "user") self.assertEqual(creds.get_password(), "pass") self.assertEqual(creds.get_domain(), lp.get("workgroup")) - self.assertEqual(creds.get_realm(), lp.get("realm")) + self.assertEqual(creds.get_realm(), None) + self.assertEqual(creds.get_principal(), "user@%s" % lp.get("workgroup")) self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), True) @@ -236,7 +244,8 @@ class CredentialsTests(samba.tests.TestCaseInTempDir): self.assertEqual(creds.get_username(), "user") self.assertEqual(creds.get_domain(), "DOMAIN") self.assertEqual(creds.get_password(), "pass") - self.assertEqual(creds.get_realm(), lp.get("realm")) + self.assertEqual(creds.get_realm(), None) + self.assertEqual(creds.get_principal(), "user@DOMAIN") self.assertEqual(creds.is_anonymous(), False) self.assertEqual(creds.authentication_requested(), True) |