SEC_CHAN_WKSTA,
SEC_CHAN_BDC,
)
-
+from samba.dsdb import (
+ UF_SMARTCARD_REQUIRED
+)
import samba.tests
from samba.tests import TestCase
'spn',
'tgs_supported_enctypes',
'upn',
+ 'user_account_control'
]
non_etype_bits = (
self.sid = None
self.account_type = None
+ self.user_account_control = None
+
self._private_key = None
def set_as_supported_enctypes(self, value):
def set_ap_supported_enctypes(self, value):
self.ap_supported_enctypes = int(value)
+ def set_user_account_control(self, value):
+ self.user_account_control = int(value)
+
etype_map = collections.OrderedDict([
(kcrypto.Enctype.AES256,
security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96),
creds = kdc_exchange_dict['creds']
nt_password = bytes(ntlm_package.nt_password.hash)
- self.assertEqual(creds.get_nt_hash(), nt_password)
+ if creds.user_account_control & UF_SMARTCARD_REQUIRED:
+ self.assertNotEqual(creds.get_nt_hash(), nt_password)
+ else:
+ self.assertEqual(creds.get_nt_hash(), nt_password)
lm_password = bytes(ntlm_package.lm_password.hash)
self.assertEqual(bytes(16), lm_password)