diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-04-14 11:51:31 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-05 02:54:31 +0000 |
commit | 762e184216fd9b809a05bf040ace23e229cbb410 (patch) | |
tree | 5c98c85a7611dadb3bd85617b02c271d250b961c /python | |
parent | c7295b1dc5431a7d5b1a532141e008e8af36b1cc (diff) | |
download | samba-762e184216fd9b809a05bf040ace23e229cbb410.tar.gz |
tests/krb5: Allow creating managed service accounts
These will be useful for testing authentication policies.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/tests/krb5/kdc_base_test.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 285a1c3f5f4..0fba62d645d 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -62,6 +62,7 @@ from samba.dsdb import ( DS_DOMAIN_FUNCTION_2008, DS_GUID_COMPUTERS_CONTAINER, DS_GUID_DOMAIN_CONTROLLERS_CONTAINER, + DS_GUID_MANAGED_SERVICE_ACCOUNTS_CONTAINER, DS_GUID_USERS_CONTAINER, GTYPE_SECURITY_DOMAIN_LOCAL_GROUP, GTYPE_SECURITY_GLOBAL_GROUP, @@ -145,6 +146,7 @@ class KDCBaseTest(RawKerberosTest): COMPUTER = object() SERVER = object() RODC = object() + MANAGED_SERVICE = object() @classmethod def setUpClass(cls): @@ -759,6 +761,8 @@ class KDCBaseTest(RawKerberosTest): if ou is None: if account_type is self.AccountType.COMPUTER: guid = DS_GUID_COMPUTERS_CONTAINER + elif account_type is self.AccountType.MANAGED_SERVICE: + guid = DS_GUID_MANAGED_SERVICE_ACCOUNTS_CONTAINER elif account_type is self.AccountType.SERVER: guid = DS_GUID_DOMAIN_CONTROLLERS_CONTAINER else: @@ -778,6 +782,10 @@ class KDCBaseTest(RawKerberosTest): if account_type is self.AccountType.USER: object_class = "user" account_control |= UF_NORMAL_ACCOUNT + elif account_type is self.AccountType.MANAGED_SERVICE: + object_class = "msDS-ManagedServiceAccount" + account_control |= UF_WORKSTATION_TRUST_ACCOUNT + secure_schannel_type = SEC_CHAN_WKSTA else: object_class = "computer" if account_type is self.AccountType.COMPUTER: |