diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-10-04 12:25:08 +1300 |
|---|---|---|
| committer | Björn Baumbach <bb@sernet.de> | 2022-12-14 16:59:49 +0100 |
| commit | fd3cdcc1800a4185857494626de9ba1c368dbcdb (patch) | |
| tree | a95938ba9e246df1b437acdcb90cfaf101236c97 | |
| parent | d1cfdcf3a3dd44be993f3c543eaf65c53ecdf7a9 (diff) | |
| download | samba-fd3cdcc1800a4185857494626de9ba1c368dbcdb.tar.gz | |
tests/krb5: Add test requesting a service ticket expiring post-2038
Windows 11 22H2 performs such requests, with year 9999.
The test fails with KDC_ERR_BAD_INTEGRITY on older
Heimdal versions, which are unable to verify a checksum
over the modified request body (due to a re-encoding failure).
REF: https://github.com/heimdal/heimdal/issues/1011
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
[abartlet@samba.org Add knownfail for backport - as Samba
4.15 and earlier fail this test, adapted commit
67811e121fbef08337675d473390160793544719 to test
paraemters in 4.15]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(backported from commit 67811e121fbef08337675d473390160793544719)
| -rwxr-xr-x | python/samba/tests/krb5/kdc_tgs_tests.py | 14 | ||||
| -rw-r--r-- | selftest/knownfail.d/windows11-22h2 | 2 |
2 files changed, 16 insertions, 0 deletions
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index e876efe1a6d..37a13ba9024 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -178,6 +178,7 @@ class KdcTgsBaseTests(KDCBaseTest): sname=None, srealm=None, use_fast=False, + till=None, expect_claims=True, etypes=None, expected_ticket_etype=None, @@ -294,6 +295,7 @@ class KdcTgsBaseTests(KDCBaseTest): cname=None, realm=srealm, sname=sname, + till_time=till, etypes=etypes, additional_tickets=additional_tickets) if expected_error: @@ -2392,6 +2394,18 @@ class KdcTgsTests(KdcTgsBaseTests): self._run_tgs(tgt, expected_error=(KDC_ERR_TGT_REVOKED, KDC_ERR_C_PRINCIPAL_UNKNOWN)) + # Test making a TGS request for a ticket expiring post-2038. + def test_tgs_req_future_till(self): + creds = self._get_creds() + tgt = self._get_tgt(creds) + + target_creds = self.get_service_creds() + self._tgs_req( + tgt=tgt, + expected_error=0, + target_creds=target_creds, + till='99990913024805Z') + def _modify_renewable(self, enc_part): # Set the renewable flag. enc_part = self.modify_ticket_flag(enc_part, 'renewable', value=True) diff --git a/selftest/knownfail.d/windows11-22h2 b/selftest/knownfail.d/windows11-22h2 new file mode 100644 index 00000000000..69980ce763a --- /dev/null +++ b/selftest/knownfail.d/windows11-22h2 @@ -0,0 +1,2 @@ +# This tests shows the new timestamp from Windows 11 22H2 which fails in this version +^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_future_till
\ No newline at end of file |