diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-05-04 14:40:21 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-18 01:03:37 +0000 |
| commit | c1ab6036bb091dea69e8fce189c9badf10bdd753 (patch) | |
| tree | f455078b5097d43079868242ff52fc8cefd8f8e0 /python | |
| parent | 031f1c7632e32b52b686a11c1f587cd13da2d3ab (diff) | |
| download | samba-c1ab6036bb091dea69e8fce189c9badf10bdd753.tar.gz | |
tests/krb5: Allow specifying machine credentials to _test_samlogon()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/tests/krb5/kdc_base_test.py | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index cf9e1e7d8f9..cd4d35daff8 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -3308,22 +3308,24 @@ class KDCBaseTest(RawKerberosTest): # Test SamLogon. Authentication should succeed for non-protected accounts, # and fail for protected accounts. def _test_samlogon(self, creds, logon_type, expect_error=None, - validation_level=netlogon.NetlogonValidationSamInfo2): + validation_level=netlogon.NetlogonValidationSamInfo2, + domain_joined_mach_creds=None): samdb = self.get_samdb() + if domain_joined_mach_creds is None: + domain_joined_mach_creds = self.get_cached_creds( + account_type=self.AccountType.COMPUTER, + opts={'secure_channel_type': misc.SEC_CHAN_WKSTA}) + dc_server = samdb.host_dns_name() username, domain = creds.get_ntlm_username_domain() - workstation = 'Workstation' - - mach_creds = self.get_cached_creds( - account_type=self.AccountType.COMPUTER, - opts={'secure_channel_type': misc.SEC_CHAN_WKSTA}) + workstation = domain_joined_mach_creds.get_username() # Calling this initializes netlogon_creds on mach_creds, as is required # before calling mach_creds.encrypt_samr_password(). conn = netlogon.netlogon(f'ncacn_ip_tcp:{dc_server}[schannel,seal]', self.get_lp(), - mach_creds) + domain_joined_mach_creds) if logon_type == netlogon.NetlogonInteractiveInformation: logon = netlogon.netr_PasswordInfo() @@ -3333,7 +3335,7 @@ class KDCBaseTest(RawKerberosTest): nt_pass = samr.Password() nt_pass.hash = list(creds.get_nt_hash()) - mach_creds.encrypt_samr_password(nt_pass) + domain_joined_mach_creds.encrypt_samr_password(nt_pass) logon.lmpassword = lm_pass logon.ntpassword = nt_pass @@ -3388,7 +3390,7 @@ class KDCBaseTest(RawKerberosTest): try: (validation, authoritative, flags) = ( conn.netr_LogonSamLogonEx(dc_server, - mach_creds.get_workstation(), + domain_joined_mach_creds.get_workstation(), logon_type, logon, validation_level, |