From 7dfcbc4e381080b3e3e1777134aecef5522d1f01 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Thu, 9 Dec 2021 11:56:55 +1300 Subject: tests/krb5: Add tests for PAC buffer alignment Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- python/samba/tests/krb5/pac_align_tests.py | 93 ++++++++++++++++++++++++++++++ python/samba/tests/usage.py | 1 + 2 files changed, 94 insertions(+) create mode 100755 python/samba/tests/krb5/pac_align_tests.py (limited to 'python') diff --git a/python/samba/tests/krb5/pac_align_tests.py b/python/samba/tests/krb5/pac_align_tests.py new file mode 100755 index 00000000000..ff8b608dde1 --- /dev/null +++ b/python/samba/tests/krb5/pac_align_tests.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python3 +# Unix SMB/CIFS implementation. +# Copyright (C) Stefan Metzmacher 2020 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import sys +import os + +from samba.dcerpc import krb5pac +from samba.ndr import ndr_unpack +from samba.tests import DynamicTestCase +from samba.tests.krb5.kdc_base_test import KDCBaseTest + +sys.path.insert(0, 'bin/python') +os.environ['PYTHONUNBUFFERED'] = '1' + +global_asn1_print = False +global_hexdump = False + + +@DynamicTestCase +class PacAlignTests(KDCBaseTest): + + base_name = 'krbpac' + + @classmethod + def setUpDynamicTestCases(cls): + for length in range(len(cls.base_name), 21): + cls.generate_dynamic_test('test_pac_align', + f'{length}_chars', + length) + + def setUp(self): + super().setUp() + self.do_asn1_print = global_asn1_print + self.do_hexdump = global_hexdump + + def _test_pac_align_with_args(self, length): + samdb = self.get_samdb() + + account_name = self.base_name + 'a' * (length - len(self.base_name)) + creds, _ = self.create_account(samdb, account_name) + + tgt = self.get_tgt(creds, expect_pac=True) + + pac_data = self.get_ticket_pac(tgt) + self.assertIsNotNone(pac_data) + + self.assertEqual(0, len(pac_data) & 7) + + pac = ndr_unpack(krb5pac.PAC_DATA_RAW, pac_data) + for pac_buffer in pac.buffers: + buffer_type = pac_buffer.type + buffer_size = pac_buffer.ndr_size + + with self.subTest(buffer_type=buffer_type): + if buffer_type == krb5pac.PAC_TYPE_LOGON_NAME: + self.assertEqual(length * 2 + 10, buffer_size) + elif buffer_type == krb5pac.PAC_TYPE_REQUESTER_SID: + self.assertEqual(28, buffer_size) + elif buffer_type in {krb5pac.PAC_TYPE_SRV_CHECKSUM, + krb5pac.PAC_TYPE_KDC_CHECKSUM, + krb5pac.PAC_TYPE_TICKET_CHECKSUM}: + self.assertEqual(0, buffer_size & 3, + f'buffer type was: {buffer_type}, ' + f'buffer size was: {buffer_size}') + else: + self.assertEqual(0, buffer_size & 7, + f'buffer type was: {buffer_type}, ' + f'buffer size was: {buffer_size}') + + rounded_len = (buffer_size + 7) & ~7 + self.assertEqual(rounded_len, len(pac_buffer.info.remaining)) + + +if __name__ == '__main__': + global_asn1_print = False + global_hexdump = False + import unittest + unittest.main() diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py index cf66e0afe71..4b12bc29652 100644 --- a/python/samba/tests/usage.py +++ b/python/samba/tests/usage.py @@ -109,6 +109,7 @@ EXCLUDE_USAGE = { 'python/samba/tests/krb5/alias_tests.py', 'python/samba/tests/krb5/test_min_domain_uid.py', 'python/samba/tests/krb5/test_idmap_nss.py', + 'python/samba/tests/krb5/pac_align_tests.py', } EXCLUDE_HELP = { -- cgit v1.2.3