tests/krb5/s4u_tests.py: add test_constrained_delegation_with_enc_auth_data_[no_]subkey()
This demonstrates that we use the correct key for EncAuthorizationData
together with constrained delegation.
The actual fix for the problem is already in place via
commit
75ec66c729faad60fa18b9504ba4053b3e2f47bc
third_party/heimdal: Import lorikeet-heimdal-
202306091507 (commit
7d8afc9d7e3d309ddccc2aea6405a8ca6280f6de)
The related patches are:
38c47c54f0c78fed5afc1aea9c5f6683e06ec842 kdc: fix memory leak when decryption AuthorizationData
61c0089ea3f5387953818a3ac99fb529244196e6 kdc: decrypt b->enc_authorization_data in tgs_build_reply()
fed5579814108ee90f701ca6bfb5500f7d839bc4 kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the keys from evidence_tkt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13131
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>