diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2020-11-10 16:57:11 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2020-11-12 22:54:22 +0000 |
| commit | 2ba6d596ff0a3580eca9285fd83569bcb147ce77 (patch) | |
| tree | 0b75b14f6bfc37dd768c83a7d7577164d16d79c1 /python | |
| parent | d492355f293e2da400318665035b056dfaba852c (diff) | |
| download | samba-2ba6d596ff0a3580eca9285fd83569bcb147ce77.tar.gz | |
tests python krb5: add arcfour salt tests
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected,
Heimdal does not.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184
Diffstat (limited to 'python')
| -rwxr-xr-x | python/samba/tests/krb5/compatability_tests.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py index 5990d2ce8df..e4b1453e712 100755 --- a/python/samba/tests/krb5/compatability_tests.py +++ b/python/samba/tests/krb5/compatability_tests.py @@ -87,6 +87,26 @@ class SimpleKerberosTests(RawKerberosTest): # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests self.assertFalse(ENC_PA_REP_FLAG & flags) + def test_mit_arcfour_salt(self): + creds = self.get_user_creds() + etypes = (ARCFOUR_HMAC_MD5,) + (rep, *_) = self.as_pre_auth_req(creds, etypes) + self.check_preauth_rep(rep) + etype_info2 = self.get_etype_info2(rep) + if 'salt' not in etype_info2[0]: + self.fail( + "(MIT) Salt not populated for ARCFOUR_HMAC_MD5 encryption") + + def test_heimdal_arcfour_salt(self): + creds = self.get_user_creds() + etypes = (ARCFOUR_HMAC_MD5,) + (rep, *_) = self.as_pre_auth_req(creds, etypes) + self.check_preauth_rep(rep) + etype_info2 = self.get_etype_info2(rep) + if 'salt' in etype_info2[0]: + self.fail( + "(Heimdal) Salt populated for ARCFOUR_HMAC_MD5 encryption") + def as_pre_auth_req(self, creds, etypes): user = creds.get_username() realm = creds.get_realm() |