Skip to content

Commit

Permalink
Add tests for cross-realm RBCD request authdata
Browse files Browse the repository at this point in the history 
ticket: 8866
  • Loading branch information
@iboukris @greghudson
iboukris authored and greghudson committed Jan 22, 2020
1 parent 94f7c97 commit fba0109
Showing 1 changed file with 28 additions and 3 deletions.
31 changes: 28 additions & 3 deletions src/tests/t_authdata.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,14 +291,19 @@
a_kconf = {'realms': {'$realm': {'database_module': 'test'}},
'dbmodules': {'test': {'db_library': 'test',
'delegation': {'impersonator' : 'resource'},
'princs': a_princs}}}
'princs': a_princs,
'alias': {'service/rb.b': '@B'}}}}

b_princs = {'krbtgt/B': {'keys': 'aes128-cts'},
'krbtgt/A': {'keys': 'aes128-cts'},
'user': {'keys': 'aes128-cts', 'flags': '+preauth'}}
'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
'rb': {'keys': 'aes128-cts'}}
b_kconf = {'realms': {'$realm': {'database_module': 'test'}},
'dbmodules': {'test': {'db_library': 'test',
'princs': b_princs}}}
'princs': b_princs,
'rbcd': {'rb@B': 'impersonator@A'},
'alias': {'service/rb.b': 'rb',
'impersonator@A': '@A'}}}}

ra, rb = cross_realms(2, xtgts=(),
args=({'realm': 'A', 'kdc_conf': a_kconf},
Expand All @@ -318,6 +323,26 @@
ra.kinit('impersonator@A', None, ['-f', '-k', '-t', ra.keytab])
ra.run(['./s4u2proxy', usercache, 'resource@A'])

mark('Cross realm S4U authdata tests')

ra.kinit('impersonator@A', None, ['-k', '-t', ra.keytab])
ra.run(['./s4u2self', rb.user_princ, 'impersonator@A', usercache, '-2',
'cross_s4u_self_ad'])
out = ra.run(['./adata', '-c', usercache, '-p', rb.user_princ,
'impersonator@A', '-2', 'cross_s4u_self_ad'])
if out.count(' -2: cross_s4u_self_ad') != 1:
fail('expected one cross_s4u_self_ad, got: %s' % count)

ra.run(['./s4u2proxy', usercache, 'service/rb.b', '-2',
'cross_s4u_proxy_ad'])
rb.extract_keytab('service/rb.b', ra.keytab)
out = ra.run(['./adata', '-p', rb.user_princ, 'service/rb.b', '-2',
'cross_s4u_proxy_ad'])
if out.count(' -2: cross_s4u_self_ad') != 1:
fail('expected one cross_s4u_self_ad, got: %s' % count)
if out.count(' -2: cross_s4u_proxy_ad') != 1:
fail('expected one cross_s4u_proxy_ad, got: %s' % count)

ra.stop()
rb.stop()

Expand Down

0 comments on commit fba0109

Please sign in to comment.