tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 63 insertions, 0 deletions

diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py
index c185c393cf6..12634012d8b 100755
--- a/python/samba/tests/krb5/as_req_tests.py
+++ b/python/samba/tests/krb5/as_req_tests.py
@@ -591,6 +591,12 @@ class AsReqKerberosTests(AsReqBaseTest):
             expected_pa_error=KDC_ERR_CLIENT_REVOKED,
             expect_pa_status=ntstatus.NT_STATUS_INVALID_LOGON_HOURS)
 
+    def test_as_req_unicode(self):
+        client_creds = self.get_cached_creds(
+            account_type=self.AccountType.USER,
+            opts={'name_prefix': '🔐'})
+        self._run_as_req_enc_timestamp(client_creds)
+
 
 if __name__ == "__main__":
     global_asn1_print = False
diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index ae6d6bc28dc..cef5d0db95c 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -3024,6 +3024,63 @@ class KdcTgsTests(KdcTgsBaseTests):
             target_creds=target_creds,
             till='99990913024805Z')
 
+    def test_tgs_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds)
+        self._run_tgs(tgt, creds, expected_error=0)
+
+    def test_renew_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds, renewable=True)
+        self._renew_tgt(tgt, creds, expected_error=0,
+                        expect_pac_attrs=True,
+                        expect_pac_attrs_pac_request=True,
+                        expect_requester_sid=True)
+
+    def test_validate_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds, invalid=True)
+        self._validate_tgt(tgt, creds, expected_error=0,
+                           expect_pac_attrs=True,
+                           expect_pac_attrs_pac_request=True,
+                           expect_requester_sid=True)
+
+    def test_s4u2self_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds)
+        self._s4u2self(tgt, creds,
+                       expected_error=0,
+                       expect_edata=False)
+
+    def test_user2user_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds)
+        self._user2user(tgt, creds, expected_error=0)
+
+    def test_fast_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds)
+        self._fast(tgt, creds, expected_error=0)
+
+    def test_fast_as_req_unicode(self):
+        creds = self.get_cached_creds(
+            account_type=self.AccountType.COMPUTER,
+            opts={'name_prefix': '🔐'})
+        tgt = self._get_tgt(creds)
+        self._fast_as_req(tgt, creds, expected_error=0)
+
     def _modify_renewable(self, enc_part):
         # Set the renewable flag.
         enc_part = self.modify_ticket_flag(enc_part, 'renewable', value=True)