def tgs_req(self, cname, sname, realm, ticket, key, etypes,
expected_error_mode=0, padata=None, kdc_options=0,
- to_rodc=False, service_creds=None):
+ to_rodc=False, service_creds=None, expect_pac=True):
'''Send a TGS-REQ, returns the response and the decrypted and
decoded enc-part
'''
tgt=tgt,
authenticator_subkey=subkey,
kdc_options=str(kdc_options),
+ expect_pac=expect_pac,
to_rodc=to_rodc)
rep = self._generic_kdc_exchange(kdc_exchange_dict,
names=[mc.get_username()])
(rep, enc_part) = self.tgs_req(
- cname, sname, uc.get_realm(), ticket, key, etype)
+ cname, sname, uc.get_realm(), ticket, key, etype,
+ expect_pac=False)
self.check_tgs_reply(rep)
# Check the contents of the service ticket
names=[mc.get_username()])
(rep, enc_part) = self.tgs_req(
- cname, sname, uc.get_realm(), ticket, key, etype)
+ cname, sname, uc.get_realm(), ticket, key, etype,
+ expect_pac=False)
self.check_tgs_reply(rep)
# Check the contents of the service ticket
v = self.getElementValue(obj, elem)
self.assertIsNone(v)
- def assertElementPresent(self, obj, elem):
+ def assertElementPresent(self, obj, elem, expect_empty=False):
v = self.getElementValue(obj, elem)
self.assertIsNotNone(v)
if self.strict_checking:
if isinstance(v, collections.abc.Container):
- self.assertNotEqual(0, len(v))
+ if expect_empty:
+ self.assertEqual(0, len(v))
+ else:
+ self.assertNotEqual(0, len(v))
def assertElementEqual(self, obj, elem, value):
v = self.getElementValue(obj, elem)
outer_req=None,
pac_request=None,
pac_options=None,
+ expect_pac=True,
to_rodc=False):
if expected_error_mode == 0:
expected_error_mode = ()
'outer_req': outer_req,
'pac_request': pac_request,
'pac_options': pac_options,
+ 'expect_pac': expect_pac,
'to_rodc': to_rodc
}
if callback_dict is None:
outer_req=None,
pac_request=None,
pac_options=None,
+ expect_pac=True,
to_rodc=False):
if expected_error_mode == 0:
expected_error_mode = ()
'outer_req': outer_req,
'pac_request': pac_request,
'pac_options': pac_options,
+ 'expect_pac': expect_pac,
'to_rodc': to_rodc
}
if callback_dict is None:
armor_key = kdc_exchange_dict['armor_key']
self.verify_ticket_checksum(ticket, ticket_checksum, armor_key)
+ expect_pac = kdc_exchange_dict['expect_pac']
+
ticket_session_key = None
if ticket_private is not None:
self.assertElementFlags(ticket_private, 'flags',
self.assertElementMissing(ticket_private, 'renew-till')
if self.strict_checking:
self.assertElementEqual(ticket_private, 'caddr', [])
- self.assertElementPresent(ticket_private, 'authorization-data')
+ self.assertElementPresent(ticket_private, 'authorization-data',
+ expect_empty=not expect_pac)
encpart_session_key = None
if encpart_private is not None: