diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-10-20 12:36:44 +1300 |
---|---|---|
committer | Björn Baumbach <bb@sernet.de> | 2022-12-14 16:59:49 +0100 |
commit | ff5d6ada80e90e5fd67086e52f7e82f91bbafcc0 (patch) | |
tree | b0c38ddfe7c2b2e057cd9a870fd9ecd33b6584a9 | |
parent | fd3cdcc1800a4185857494626de9ba1c368dbcdb (diff) | |
download | samba-ff5d6ada80e90e5fd67086e52f7e82f91bbafcc0.tar.gz |
tests/krb5: Add test requesting a TGT expiring post-2038
This demonstrates the behaviour of Windows 11 22H2 over Kerberos,
which changed to use a year 9999 date for a forever timetime in
tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 20 05:00:23 UTC 2022 on sn-devel-184
(backported from commit 50cbdecf2e276e5f87b9c2d95fd3ca86d11a08e2)
[abartlet@samba.org Adapted from 50cbdecf2e276e5f87b9c2d95fd3ca86d11a08e2
as the kerberos tests have changed parameters in newer versions
breaking the context]
-rwxr-xr-x | python/samba/tests/krb5/as_req_tests.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index da2c0b9d097..0d9a771b80d 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -42,7 +42,7 @@ global_hexdump = False class AsReqBaseTest(KDCBaseTest): def _run_as_req_enc_timestamp(self, client_creds, sname=None, - expected_error=None, + expected_error=None, till=None, expected_pa_error=None, expect_pa_edata=None): client_account = client_creds.get_username() client_as_etypes = self.get_default_enctypes() @@ -63,7 +63,8 @@ class AsReqBaseTest(KDCBaseTest): expected_sname = sname expected_salt = client_creds.get_salt() - till = self.get_KerberosTime(offset=36000) + if till is None: + till = self.get_KerberosTime(offset=36000) initial_etypes = client_as_etypes initial_kdc_options = krb5_asn1.KDCOptions('forwardable') @@ -252,6 +253,14 @@ class AsReqKerberosTests(AsReqBaseTest): sname=wrong_krbtgt_princ, expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN) + # Test that we can make a request for a ticket expiring post-2038. + def test_future_till(self): + client_creds = self.get_client_creds() + + self._run_as_req_enc_timestamp( + client_creds, + till='99990913024805Z') + if __name__ == "__main__": global_asn1_print = False |