tests/krb5: Adjust unknown critical FAST option test

Heimdal does not check FAST options when no preauth data is supplied, so
the original test could not pass against Heimdal.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/fast_tests.py b/python/samba/tests/krb5/fast_tests.py
index ee0a6ef7a4919159fe171ff344b84d67e0a51040..54b74c067e841222105fbbb22d003ab63e084512 100755 (executable)
--- a/python/samba/tests/krb5/fast_tests.py
+++ b/python/samba/tests/krb5/fast_tests.py
@@ -407,10 +407,18 @@ class FAST_Tests(KDCBaseTest):
 
     def test_fast_unknown_critical_option(self):
         self._run_test_sequence([
+            {
+                'rep_type': KRB_AS_REP,
+                'expected_error_mode': KDC_ERR_PREAUTH_REQUIRED,
+                'use_fast': True,
+                'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
+                'gen_armor_tgt_fn': self.get_mach_tgt
+            },
             {
                 'rep_type': KRB_AS_REP,
                 'expected_error_mode': KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS,
                 'use_fast': True,
+                'gen_padata_fn': self.generate_enc_challenge_padata,
                 'fast_options': '001',  # unsupported critical option
                 'fast_armor': FX_FAST_ARMOR_AP_REQUEST,
                 'gen_armor_tgt_fn': self.get_mach_tgt