From 60c791339122b8b3f9be5bc085badd14e2ca6058 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Feb 2015 15:51:41 +1300 Subject: [PATCH] torture-krb5: Add additional assertions for non-canon TGS-REP This confirms that the KDC does not modify the returned principal in a TGS-REP unconditionally. Pair-programmed-with: Garming Sam Signed-off-by: Garming Sam Signed-off-by: Andrew Bartlett --- source4/torture/krb5/kdc-canon.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/source4/torture/krb5/kdc-canon.c b/source4/torture/krb5/kdc-canon.c index 8dbfd9374a5..d18905e64e2 100644 --- a/source4/torture/krb5/kdc-canon.c +++ b/source4/torture/krb5/kdc-canon.c @@ -647,6 +647,15 @@ static bool torture_krb5_post_recv_self_trust_tgs_req_test(struct torture_krb5_c test_context->tgs_req.req_body.sname->name_type, "Mismatch in name_type between request and ticket response"); + torture_assert_int_equal(test_context->tctx, + test_context->tgs_rep.ticket.sname.name_string.len, 2, + "Mismatch in name between request and expected request, expected krbtgt/realm"); + torture_assert_str_equal(test_context->tctx, + test_context->tgs_rep.ticket.sname.name_string.val[0], "krbtgt", + "Mismatch in name between request and expected request, expected krbtgt"); + torture_assert_str_equal(test_context->tctx, + test_context->tgs_rep.ticket.sname.name_string.val[1], test_context->test_data->realm, + "Mismatch in realm part of cross-realm request principal between response and expected request"); /* * We can confirm that the correct proxy behaviour is * in use on the KDC by checking the KVNO of the -- 2.11.4.GIT