tests/krb5: Add method to calculate account salt

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2021-07-22 16:22:09 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2021-08-18 22:28:33 +0000
commit: f5689bb8fab82d5fcbdbd3c63b86e7618834aac5 (patch)
tree: 9374e7f8cbc9f8e67ebf474f32d7ef4b169f5816 /python
parent: 50d743bafc7aa9f7b4688bae652a501001e9fdbb (diff)
download: samba-f5689bb8fab82d5fcbdbd3c63b86e7618834aac5.tar.gz
2 files changed, 17 insertions, 4 deletions
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 21e2c04cea1..0dbaeab4a0e 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -192,6 +192,8 @@ class KDCBaseTest(RawKerberosTest):
         creds.set_username(account_name)
         if machine_account:
             creds.set_workstation(name)
+        else:
+            creds.set_workstation('')
         #
         # Save the account name so it can be deleted in tearDownClass
         self.accounts.add(dn)
diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index e48d501ad19..2dbcc39114a 100644
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -295,6 +295,20 @@ class KerberosCredentials(Credentials):
     def get_forced_salt(self):
         return self.forced_salt
 
+    def get_salt(self):
+        if self.forced_salt is not None:
+            return self.forced_salt
+
+        if self.get_workstation():
+            salt_string = '%shost%s.%s' % (
+                self.get_realm().upper(),
+                self.get_username().lower().rsplit('$', 1)[0],
+                self.get_realm().lower())
+        else:
+            salt_string = self.get_realm().upper() + self.get_username()
+
+        return salt_string.encode('utf-8')
+
 
 class KerberosTicketCreds:
     def __init__(self, ticket, session_key,
@@ -940,10 +954,7 @@ class RawKerberosTest(TestCaseInTempDir):
 
         password = creds.get_password()
         self.assertIsNotNone(password, msg=fail_msg)
-        salt = creds.get_forced_salt()
-        if salt is None:
-            salt = bytes("%s%s" % (creds.get_realm(), creds.get_username()),
-                         encoding='utf-8')
+        salt = creds.get_salt()
         return self.PasswordKey_create(etype=etype,
                                        pwd=password,
                                        salt=salt,
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2021-07-22 16:22:09 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2021-08-18 22:28:33 +0000
commit	f5689bb8fab82d5fcbdbd3c63b86e7618834aac5 (patch)
tree	9374e7f8cbc9f8e67ebf474f32d7ef4b169f5816 /python
parent	50d743bafc7aa9f7b4688bae652a501001e9fdbb (diff)
download	samba-f5689bb8fab82d5fcbdbd3c63b86e7618834aac5.tar.gz