From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 11 Oct 2023 13:54:15 +0000 (+0200)
Subject: tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=4929a559eb688274a8013e6a37798f6b1d93a976;p=metze%2Fsamba%2Fwip.git

tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py
index a9c61e951504..a8c84244b9e1 100755
--- a/python/samba/tests/krb5/kdc_tgs_tests.py
+++ b/python/samba/tests/krb5/kdc_tgs_tests.py
@@ -924,6 +924,29 @@ class KdcTgsTests(KdcTgsBaseTests):
         tgt = self._get_tgt(creds)
         self._user2user(tgt, creds, expected_error=0)
 
+    def test_user2user_user_self_req(self):
+        creds = self._get_user_creds()
+        tgt = self._get_tgt(creds)
+        username = creds.get_username()
+        sname = self.PrincipalName_create(
+                        name_type=NT_PRINCIPAL,
+                        names=[username])
+        self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
+
+    def test_user2user_computer_self_princ1_req(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds)
+        username = creds.get_username()
+        sname = self.PrincipalName_create(
+                        name_type=NT_PRINCIPAL,
+                        names=[username])
+        self._user2user(tgt, creds, sname=sname, user_tgt=tgt, user_creds=creds, expected_error=0)
+
+    def test_user2user_computer_self_princ2_req(self):
+        creds = self._get_creds()
+        tgt = self._get_tgt(creds)
+        self._user2user(tgt, creds, user_tgt=tgt, user_creds=creds, expected_error=0)
+
     def test_fast_req(self):
         creds = self._get_creds()
         tgt = self._get_tgt(creds)
@@ -2909,6 +2932,19 @@ class KdcTgsTests(KdcTgsBaseTests):
                 'id': 2
             })
 
+    def _get_user_creds(self,
+                   replication_allowed=False,
+                   replication_denied=False,
+                   revealed_to_rodc=False):
+        return self.get_cached_creds(
+            account_type=self.AccountType.USER,
+            opts={
+                'allowed_replication_mock': replication_allowed,
+                'denied_replication_mock': replication_denied,
+                'revealed_to_mock_rodc': revealed_to_rodc,
+                'id': 3
+            })
+
     def _get_non_existent_rid(self):
         return (1 << 30) - 1
 
diff --git a/selftest/knownfail.d/krb5_user2user b/selftest/knownfail.d/krb5_user2user
new file mode 100644
index 000000000000..44e2f8d97299
--- /dev/null
+++ b/selftest/knownfail.d/krb5_user2user
@@ -0,0 +1 @@
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req
diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index 8d1406fd6e6e..f4db8a645392 100644
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -378,6 +378,7 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_existing
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_sid_mismatch_nonexisting
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_tgt_cname_host
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_user_self_req
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_sname_krbtgt
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_wrong_srealm