diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-09-28 15:51:35 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-09-28 03:33:38 +0000 |
| commit | dfd2027d7e57e64b7b477706ce214cfec77586bb (patch) | |
| tree | de94e98c186851779d1a53006d63e18d0d7e5d57 /python | |
| parent | d054f583ead4c4a41d235db463dc968d67039313 (diff) | |
| download | samba-dfd2027d7e57e64b7b477706ce214cfec77586bb.tar.gz samba-dfd2027d7e57e64b7b477706ce214cfec77586bb.tar.bz2 samba-dfd2027d7e57e64b7b477706ce214cfec77586bb.zip | |
tests/krb5: Don’t bother regenerating the PAC if modify_pac_fn or update_pac_checksums are false
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/tests/krb5/raw_testcase.py | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py index a3837ff53a0..ed4765d95da 100644 --- a/python/samba/tests/krb5/raw_testcase.py +++ b/python/samba/tests/krb5/raw_testcase.py @@ -5554,7 +5554,7 @@ class RawKerberosTest(TestCase): modify_pac_fn=None, exclude_pac=False, allow_empty_authdata=False, - update_pac_checksums=True, + update_pac_checksums=None, checksum_keys=None, include_checksums=None): if checksum_keys is None: @@ -5578,10 +5578,12 @@ class RawKerberosTest(TestCase): self.assertLessEqual(checksum_keys.keys(), self.pac_checksum_types) self.assertLessEqual(include_checksums.keys(), self.pac_checksum_types) + if update_pac_checksums is None: + update_pac_checksums = not exclude_pac + if exclude_pac: self.assertIsNone(modify_pac_fn) - - update_pac_checksums = False + self.assertFalse(update_pac_checksums) if not update_pac_checksums: self.assertFalse(checksum_keys) @@ -5638,8 +5640,13 @@ class RawKerberosTest(TestCase): if expect_pac: self.assertIsNotNone(auth_data) if auth_data is not None: - new_pac = None - if not exclude_pac: + if exclude_pac: + need_to_call_replace_pac = True + new_pac = None + elif not modify_pac_fn and not update_pac_checksums: + need_to_call_replace_pac = False + else: + need_to_call_replace_pac = True # Get a copy of the authdata with an empty PAC, and the # existing PAC (if present). empty_pac = self.get_empty_pac() @@ -5680,11 +5687,12 @@ class RawKerberosTest(TestCase): # Replace the PAC in the authorization data and re-add it to the # ticket enc-part. - auth_data, _ = self.replace_pac( - auth_data, new_pac, - expect_pac=expect_pac, - allow_empty_authdata=allow_empty_authdata) - enc_part['authorization-data'] = auth_data + if need_to_call_replace_pac: + auth_data, _ = self.replace_pac( + auth_data, new_pac, + expect_pac=expect_pac, + allow_empty_authdata=allow_empty_authdata) + enc_part['authorization-data'] = auth_data # Re-encrypt the ticket enc-part with the new key. enc_part_new = self.der_encode(enc_part, |