unexpected_flags = krb5_asn1.TicketFlags(unexpected_flags)
expected_error_mode = kdc_dict.pop('expected_error_mode', 0)
+ expect_status = kdc_dict.pop('expect_status', None)
expected_status = kdc_dict.pop('expected_status', None)
if expected_error_mode:
check_error_fn = self.generic_check_kdc_error
check_error_fn = None
check_rep_fn = self.generic_check_kdc_rep
+ self.assertIsNone(expect_status)
self.assertIsNone(expected_status)
kdc_options = kdc_dict.pop('kdc_options', '0')
return [pa_s4u], req_body
- expect_status = self.expect_nt_status and expected_status is not None
-
kdc_exchange_dict = self.tgs_exchange_dict(
expected_crealm=realm,
expected_cname=client_cname,
service2_etypes = service2_creds.tgs_supported_enctypes
expected_error_mode = kdc_dict.pop('expected_error_mode')
+ expect_status = kdc_dict.pop('expect_status', None)
expected_status = kdc_dict.pop('expected_status', None)
if expected_error_mode:
check_error_fn = self.generic_check_kdc_error
check_error_fn = None
check_rep_fn = self.generic_check_kdc_rep
+ self.assertIsNone(expect_status)
self.assertIsNone(expected_status)
expect_edata = kdc_dict.pop('expect_edata', None)
transited_service = f'host/{service1_name}@{service1_realm}'
expected_transited_services.append(transited_service)
- expect_status = self.expect_nt_status and expected_status is not None
-
kdc_exchange_dict = self.tgs_exchange_dict(
expected_crealm=client_realm,
expected_cname=client_cname,
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_BADOPTION,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_delegation': False
})
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_BADOPTION,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_ACCOUNT_RESTRICTION,
'allow_delegation': True,
'modify_client_tkt_fn': functools.partial(
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_BADOPTION,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_FOUND,
'allow_rbcd': False,
'pac_options': '0001' # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_MODIFIED,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_MODIFIED,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NO_MATCH,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_MODIFIED,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_MODIFIED,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NO_MATCH,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_BADOPTION,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_ACCOUNT_RESTRICTION,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_BADOPTION,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
'pac_options': '1' # does not support RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_BADOPTION,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NO_MATCH,
'allow_rbcd': True,
'pac_options': '1', # does not support RBCD
{
'expected_error_mode': (KDC_ERR_MODIFIED,
KDC_ERR_BAD_INTEGRITY),
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_GENERIC,
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ 'expect_status': None,
'expected_status':
ntstatus.NT_STATUS_INSUFFICIENT_RESOURCES,
'allow_delegation': True,
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ 'expect_status': None,
'expected_status':
ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_GENERIC,
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ 'expect_status': None,
'expected_status':
ntstatus.NT_STATUS_INSUFFICIENT_RESOURCES,
'allow_rbcd': True,
if checksum == krb5pac.PAC_TYPE_SRV_CHECKSUM:
expected_error_mode = (KDC_ERR_MODIFIED,
KDC_ERR_BAD_INTEGRITY)
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ expect_status = None
expected_status = ntstatus.NT_STATUS_WRONG_PASSWORD
else:
expected_error_mode = 0
+ expect_status = None
expected_status = None
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ 'expect_status': expect_status,
'expected_status': expected_status,
'allow_delegation': True,
'modify_service_tgt_fn': functools.partial(
self._run_delegation_test(
{
'expected_error_mode': KDC_ERR_MODIFIED,
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ 'expect_status': None,
'expected_status':
ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
with self.subTest(checksum=checksum):
if checksum == krb5pac.PAC_TYPE_SRV_CHECKSUM:
expected_error_mode = KDC_ERR_MODIFIED
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ expect_status = None
expected_status = ntstatus.NT_STATUS_WRONG_PASSWORD
else:
expected_error_mode = 0
+ expect_status = None
expected_status = None
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ 'expect_status': expect_status,
'expected_status': expected_status,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
for ctype in self.unkeyed_ctypes:
with self.subTest(checksum=checksum, ctype=ctype):
if checksum == krb5pac.PAC_TYPE_SRV_CHECKSUM:
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ expect_status = None
if ctype == Cksumtype.SHA1:
expected_error_mode = (KDC_ERR_SUMTYPE_NOSUPP,
KDC_ERR_INAPP_CKSUM)
ntstatus.NT_STATUS_INSUFFICIENT_RESOURCES)
else:
expected_error_mode = 0
+ expect_status = None
expected_status = None
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ 'expect_status': expect_status,
'expected_status': expected_status,
'allow_delegation': True,
'modify_service_tgt_fn': functools.partial(
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ # We aren’t particular about whether or not we get
+ # an NTSTATUS.
+ 'expect_status': None,
'expected_status':
ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
for ctype in self.unkeyed_ctypes:
with self.subTest(checksum=checksum, ctype=ctype):
if checksum == krb5pac.PAC_TYPE_SRV_CHECKSUM:
+ # We aren’t particular about whether or not we get an
+ # NTSTATUS.
+ expect_status = None
if ctype == Cksumtype.SHA1:
expected_error_mode = KDC_ERR_SUMTYPE_NOSUPP
expected_status = ntstatus.NT_STATUS_LOGON_FAILURE
ntstatus.NT_STATUS_INSUFFICIENT_RESOURCES)
else:
expected_error_mode = 0
+ expect_status = None
expected_status = None
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ 'expect_status': expect_status,
'expected_status': expected_status,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD
self._run_delegation_test(
{
'expected_error_mode': expected_error_mode,
+ # We aren’t particular about whether or not we get an NTSTATUS.
+ 'expect_status': None,
'expected_status': ntstatus.NT_STATUS_NOT_SUPPORTED,
'allow_rbcd': True,
'pac_options': '0001', # supports RBCD