Test your AI Agents with the all-new Agent to Agent Testing Platform.Learn More
How to use _get_creds method in tempest
Best Python code snippet using tempest_python
kdc_tgs_tests.py
Source:kdc_tgs_tests.py 
...385 expected_upn_name=upn_name,386 expected_sid=sid)387 # Test making a TGS request.388 def test_tgs_req(self):389 creds = self._get_creds()390 tgt = self._get_tgt(creds)391 self._run_tgs(tgt, expected_error=0)392 def test_renew_req(self):393 creds = self._get_creds()394 tgt = self._get_tgt(creds, renewable=True)395 self._renew_tgt(tgt, expected_error=0)396 def test_validate_req(self):397 creds = self._get_creds()398 tgt = self._get_tgt(creds, invalid=True)399 self._validate_tgt(tgt, expected_error=0)400 def test_s4u2self_req(self):401 creds = self._get_creds()402 tgt = self._get_tgt(creds)403 self._s4u2self(tgt, creds, expected_error=0)404 def test_user2user_req(self):405 creds = self._get_creds()406 tgt = self._get_tgt(creds)407 self._user2user(tgt, creds, expected_error=0)408 def test_tgs_req_no_requester_sid(self):409 creds = self._get_creds()410 tgt = self._get_tgt(creds, remove_requester_sid=True)411 self._run_tgs(tgt, expected_error=0, expect_pac=True,412 expect_requester_sid=False) # Note: not expected413 def test_tgs_req_no_pac_attrs(self):414 creds = self._get_creds()415 tgt = self._get_tgt(creds, remove_pac_attrs=True)416 self._run_tgs(tgt, expected_error=0, expect_pac=True,417 expect_pac_attrs=False)418 def test_tgs_req_from_rodc_no_requester_sid(self):419 creds = self._get_creds(replication_allowed=True,420 revealed_to_rodc=True)421 tgt = self._get_tgt(creds, from_rodc=True, remove_requester_sid=True)422 samdb = self.get_samdb()423 sid = self.get_objectSid(samdb, creds.get_dn())424 self._run_tgs(tgt, expected_error=0, expect_pac=True,425 expect_requester_sid=True, expected_sid=sid)426 def test_tgs_req_from_rodc_no_pac_attrs(self):427 creds = self._get_creds(replication_allowed=True,428 revealed_to_rodc=True)429 tgt = self._get_tgt(creds, from_rodc=True, remove_pac_attrs=True)430 self._run_tgs(tgt, expected_error=0, expect_pac=True,431 expect_pac_attrs=False)432 # Test making a request without a PAC.433 def test_tgs_no_pac(self):434 creds = self._get_creds()435 tgt = self._get_tgt(creds, remove_pac=True)436 self._run_tgs(tgt, expected_error=KDC_ERR_BADOPTION)437 def test_renew_no_pac(self):438 creds = self._get_creds()439 tgt = self._get_tgt(creds, renewable=True, remove_pac=True)440 self._renew_tgt(tgt, expected_error=KDC_ERR_BADOPTION)441 def test_validate_no_pac(self):442 creds = self._get_creds()443 tgt = self._get_tgt(creds, invalid=True, remove_pac=True)444 self._validate_tgt(tgt, expected_error=KDC_ERR_BADOPTION)445 def test_s4u2self_no_pac(self):446 creds = self._get_creds()447 tgt = self._get_tgt(creds, remove_pac=True)448 self._s4u2self(tgt, creds,449 expected_error=(KDC_ERR_GENERIC, KDC_ERR_BADOPTION),450 expected_status=ntstatus.NT_STATUS_INVALID_PARAMETER,451 expect_edata=True)452 def test_user2user_no_pac(self):453 creds = self._get_creds()454 tgt = self._get_tgt(creds, remove_pac=True)455 self._user2user(tgt, creds, expected_error=KDC_ERR_BADOPTION)456 # Test making a request with authdata and without a PAC.457 def test_tgs_authdata_no_pac(self):458 creds = self._get_creds()459 tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)460 self._run_tgs(tgt, expected_error=KDC_ERR_BADOPTION)461 def test_renew_authdata_no_pac(self):462 creds = self._get_creds()463 tgt = self._get_tgt(creds, renewable=True, remove_pac=True,464 allow_empty_authdata=True)465 self._renew_tgt(tgt, expected_error=KDC_ERR_BADOPTION)466 def test_validate_authdata_no_pac(self):467 creds = self._get_creds()468 tgt = self._get_tgt(creds, invalid=True, remove_pac=True,469 allow_empty_authdata=True)470 self._validate_tgt(tgt, expected_error=KDC_ERR_BADOPTION)471 def test_s4u2self_authdata_no_pac(self):472 creds = self._get_creds()473 tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)474 self._s4u2self(tgt, creds,475 expected_error=(KDC_ERR_GENERIC, KDC_ERR_BADOPTION),476 expected_status=ntstatus.NT_STATUS_INVALID_PARAMETER,477 expect_edata=True)478 def test_user2user_authdata_no_pac(self):479 creds = self._get_creds()480 tgt = self._get_tgt(creds, remove_pac=True, allow_empty_authdata=True)481 self._user2user(tgt, creds, expected_error=KDC_ERR_BADOPTION)482 # Test changing the SID in the PAC to that of another account.483 def test_tgs_sid_mismatch_existing(self):484 creds = self._get_creds()485 existing_rid = self._get_existing_rid()486 tgt = self._get_tgt(creds, new_rid=existing_rid)487 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)488 def test_renew_sid_mismatch_existing(self):489 creds = self._get_creds()490 existing_rid = self._get_existing_rid()491 tgt = self._get_tgt(creds, renewable=True, new_rid=existing_rid)492 self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)493 def test_validate_sid_mismatch_existing(self):494 creds = self._get_creds()495 existing_rid = self._get_existing_rid()496 tgt = self._get_tgt(creds, invalid=True, new_rid=existing_rid)497 self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)498 def test_s4u2self_sid_mismatch_existing(self):499 creds = self._get_creds()500 existing_rid = self._get_existing_rid()501 tgt = self._get_tgt(creds, new_rid=existing_rid)502 self._s4u2self(tgt, creds,503 expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)504 def test_user2user_sid_mismatch_existing(self):505 creds = self._get_creds()506 existing_rid = self._get_existing_rid()507 tgt = self._get_tgt(creds, new_rid=existing_rid)508 self._user2user(tgt, creds,509 expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)510 def test_requester_sid_mismatch_existing(self):511 creds = self._get_creds()512 existing_rid = self._get_existing_rid()513 tgt = self._get_tgt(creds, new_rid=existing_rid,514 can_modify_logon_info=False)515 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)516 def test_logon_info_sid_mismatch_existing(self):517 creds = self._get_creds()518 existing_rid = self._get_existing_rid()519 tgt = self._get_tgt(creds, new_rid=existing_rid,520 can_modify_requester_sid=False)521 self._run_tgs(tgt, expected_error=0)522 def test_logon_info_only_sid_mismatch_existing(self):523 creds = self._get_creds()524 existing_rid = self._get_existing_rid()525 tgt = self._get_tgt(creds, new_rid=existing_rid,526 remove_requester_sid=True)527 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)528 # Test changing the SID in the PAC to a non-existent one.529 def test_tgs_sid_mismatch_nonexisting(self):530 creds = self._get_creds()531 nonexistent_rid = self._get_non_existent_rid()532 tgt = self._get_tgt(creds, new_rid=nonexistent_rid)533 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)534 def test_renew_sid_mismatch_nonexisting(self):535 creds = self._get_creds()536 nonexistent_rid = self._get_non_existent_rid()537 tgt = self._get_tgt(creds, renewable=True,538 new_rid=nonexistent_rid)539 self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)540 def test_validate_sid_mismatch_nonexisting(self):541 creds = self._get_creds()542 nonexistent_rid = self._get_non_existent_rid()543 tgt = self._get_tgt(creds, invalid=True,544 new_rid=nonexistent_rid)545 self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)546 def test_s4u2self_sid_mismatch_nonexisting(self):547 creds = self._get_creds()548 nonexistent_rid = self._get_non_existent_rid()549 tgt = self._get_tgt(creds, new_rid=nonexistent_rid)550 self._s4u2self(tgt, creds,551 expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)552 def test_user2user_sid_mismatch_nonexisting(self):553 creds = self._get_creds()554 nonexistent_rid = self._get_non_existent_rid()555 tgt = self._get_tgt(creds, new_rid=nonexistent_rid)556 self._user2user(tgt, creds,557 expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)558 def test_requester_sid_mismatch_nonexisting(self):559 creds = self._get_creds()560 nonexistent_rid = self._get_non_existent_rid()561 tgt = self._get_tgt(creds, new_rid=nonexistent_rid,562 can_modify_logon_info=False)563 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)564 def test_logon_info_sid_mismatch_nonexisting(self):565 creds = self._get_creds()566 nonexistent_rid = self._get_non_existent_rid()567 tgt = self._get_tgt(creds, new_rid=nonexistent_rid,568 can_modify_requester_sid=False)569 self._run_tgs(tgt, expected_error=0)570 def test_logon_info_only_sid_mismatch_nonexisting(self):571 creds = self._get_creds()572 nonexistent_rid = self._get_non_existent_rid()573 tgt = self._get_tgt(creds, new_rid=nonexistent_rid,574 remove_requester_sid=True)575 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)576 # Test with an RODC-issued ticket where the client is revealed to the RODC.577 def test_tgs_rodc_revealed(self):578 creds = self._get_creds(replication_allowed=True,579 revealed_to_rodc=True)580 tgt = self._get_tgt(creds, from_rodc=True)581 self._run_tgs(tgt, expected_error=0)582 def test_renew_rodc_revealed(self):583 creds = self._get_creds(replication_allowed=True,584 revealed_to_rodc=True)585 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)586 self._renew_tgt(tgt, expected_error=0)587 def test_validate_rodc_revealed(self):588 creds = self._get_creds(replication_allowed=True,589 revealed_to_rodc=True)590 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)591 self._validate_tgt(tgt, expected_error=0)592 def test_s4u2self_rodc_revealed(self):593 creds = self._get_creds(replication_allowed=True,594 revealed_to_rodc=True)595 tgt = self._get_tgt(creds, from_rodc=True)596 self._s4u2self(tgt, creds, expected_error=0)597 def test_user2user_rodc_revealed(self):598 creds = self._get_creds(replication_allowed=True,599 revealed_to_rodc=True)600 tgt = self._get_tgt(creds, from_rodc=True)601 self._user2user(tgt, creds, expected_error=0)602 # Test with an RODC-issued ticket where the SID in the PAC is changed to603 # that of another account.604 def test_tgs_rodc_sid_mismatch_existing(self):605 creds = self._get_creds(replication_allowed=True,606 revealed_to_rodc=True)607 existing_rid = self._get_existing_rid(replication_allowed=True,608 revealed_to_rodc=True)609 tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)610 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)611 def test_renew_rodc_sid_mismatch_existing(self):612 creds = self._get_creds(replication_allowed=True,613 revealed_to_rodc=True)614 existing_rid = self._get_existing_rid(replication_allowed=True,615 revealed_to_rodc=True)616 tgt = self._get_tgt(creds, renewable=True, from_rodc=True,617 new_rid=existing_rid)618 self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)619 def test_validate_rodc_sid_mismatch_existing(self):620 creds = self._get_creds(replication_allowed=True,621 revealed_to_rodc=True)622 existing_rid = self._get_existing_rid(replication_allowed=True,623 revealed_to_rodc=True)624 tgt = self._get_tgt(creds, invalid=True, from_rodc=True,625 new_rid=existing_rid)626 self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)627 def test_s4u2self_rodc_sid_mismatch_existing(self):628 creds = self._get_creds(replication_allowed=True,629 revealed_to_rodc=True)630 existing_rid = self._get_existing_rid(replication_allowed=True,631 revealed_to_rodc=True)632 tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)633 self._s4u2self(tgt, creds, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)634 def test_user2user_rodc_sid_mismatch_existing(self):635 creds = self._get_creds(replication_allowed=True,636 revealed_to_rodc=True)637 existing_rid = self._get_existing_rid(replication_allowed=True,638 revealed_to_rodc=True)639 tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid)640 self._user2user(tgt, creds,641 expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)642 def test_tgs_rodc_requester_sid_mismatch_existing(self):643 creds = self._get_creds(replication_allowed=True,644 revealed_to_rodc=True)645 existing_rid = self._get_existing_rid(replication_allowed=True,646 revealed_to_rodc=True)647 tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid,648 can_modify_logon_info=False)649 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)650 def test_tgs_rodc_logon_info_sid_mismatch_existing(self):651 creds = self._get_creds(replication_allowed=True,652 revealed_to_rodc=True)653 existing_rid = self._get_existing_rid(replication_allowed=True,654 revealed_to_rodc=True)655 tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid,656 can_modify_requester_sid=False)657 self._run_tgs(tgt, expected_error=0)658 def test_tgs_rodc_logon_info_only_sid_mismatch_existing(self):659 creds = self._get_creds(replication_allowed=True,660 revealed_to_rodc=True)661 existing_rid = self._get_existing_rid(replication_allowed=True,662 revealed_to_rodc=True)663 tgt = self._get_tgt(creds, from_rodc=True, new_rid=existing_rid,664 remove_requester_sid=True)665 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)666 # Test with an RODC-issued ticket where the SID in the PAC is changed to a667 # non-existent one.668 def test_tgs_rodc_sid_mismatch_nonexisting(self):669 creds = self._get_creds(replication_allowed=True,670 revealed_to_rodc=True)671 nonexistent_rid = self._get_non_existent_rid()672 tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)673 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)674 def test_renew_rodc_sid_mismatch_nonexisting(self):675 creds = self._get_creds(replication_allowed=True,676 revealed_to_rodc=True)677 nonexistent_rid = self._get_non_existent_rid()678 tgt = self._get_tgt(creds, renewable=True, from_rodc=True,679 new_rid=nonexistent_rid)680 self._renew_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)681 def test_validate_rodc_sid_mismatch_nonexisting(self):682 creds = self._get_creds(replication_allowed=True,683 revealed_to_rodc=True)684 nonexistent_rid = self._get_non_existent_rid()685 tgt = self._get_tgt(creds, invalid=True, from_rodc=True,686 new_rid=nonexistent_rid)687 self._validate_tgt(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)688 def test_s4u2self_rodc_sid_mismatch_nonexisting(self):689 creds = self._get_creds(replication_allowed=True,690 revealed_to_rodc=True)691 nonexistent_rid = self._get_non_existent_rid()692 tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)693 self._s4u2self(tgt, creds, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)694 def test_user2user_rodc_sid_mismatch_nonexisting(self):695 creds = self._get_creds(replication_allowed=True,696 revealed_to_rodc=True)697 nonexistent_rid = self._get_non_existent_rid()698 tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid)699 self._user2user(tgt, creds,700 expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)701 def test_tgs_rodc_requester_sid_mismatch_nonexisting(self):702 creds = self._get_creds(replication_allowed=True,703 revealed_to_rodc=True)704 nonexistent_rid = self._get_non_existent_rid()705 tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid,706 can_modify_logon_info=False)707 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)708 def test_tgs_rodc_logon_info_sid_mismatch_nonexisting(self):709 creds = self._get_creds(replication_allowed=True,710 revealed_to_rodc=True)711 nonexistent_rid = self._get_non_existent_rid()712 tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid,713 can_modify_requester_sid=False)714 self._run_tgs(tgt, expected_error=0)715 def test_tgs_rodc_logon_info_only_sid_mismatch_nonexisting(self):716 creds = self._get_creds(replication_allowed=True,717 revealed_to_rodc=True)718 nonexistent_rid = self._get_non_existent_rid()719 tgt = self._get_tgt(creds, from_rodc=True, new_rid=nonexistent_rid,720 remove_requester_sid=True)721 self._run_tgs(tgt, expected_error=KDC_ERR_CLIENT_NAME_MISMATCH)722 # Test with an RODC-issued ticket where the client is not revealed to the723 # RODC.724 def test_tgs_rodc_not_revealed(self):725 creds = self._get_creds(replication_allowed=True)726 tgt = self._get_tgt(creds, from_rodc=True)727 # TODO: error code728 self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)729 def test_renew_rodc_not_revealed(self):730 creds = self._get_creds(replication_allowed=True)731 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)732 self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)733 def test_validate_rodc_not_revealed(self):734 creds = self._get_creds(replication_allowed=True)735 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)736 self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)737 def test_s4u2self_rodc_not_revealed(self):738 creds = self._get_creds(replication_allowed=True)739 tgt = self._get_tgt(creds, from_rodc=True)740 self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)741 def test_user2user_rodc_not_revealed(self):742 creds = self._get_creds(replication_allowed=True)743 tgt = self._get_tgt(creds, from_rodc=True)744 self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)745 # Test with an RODC-issued ticket where the RODC account does not have the746 # PARTIAL_SECRETS bit set.747 def test_tgs_rodc_no_partial_secrets(self):748 creds = self._get_creds(replication_allowed=True,749 revealed_to_rodc=True)750 tgt = self._get_tgt(creds, from_rodc=True)751 self._remove_rodc_partial_secrets()752 self._run_tgs(tgt, expected_error=KDC_ERR_POLICY)753 def test_renew_rodc_no_partial_secrets(self):754 creds = self._get_creds(replication_allowed=True,755 revealed_to_rodc=True)756 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)757 self._remove_rodc_partial_secrets()758 self._renew_tgt(tgt, expected_error=KDC_ERR_POLICY)759 def test_validate_rodc_no_partial_secrets(self):760 creds = self._get_creds(replication_allowed=True,761 revealed_to_rodc=True)762 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)763 self._remove_rodc_partial_secrets()764 self._validate_tgt(tgt, expected_error=KDC_ERR_POLICY)765 def test_s4u2self_rodc_no_partial_secrets(self):766 creds = self._get_creds(replication_allowed=True,767 revealed_to_rodc=True)768 tgt = self._get_tgt(creds, from_rodc=True)769 self._remove_rodc_partial_secrets()770 self._s4u2self(tgt, creds, expected_error=KDC_ERR_POLICY)771 def test_user2user_rodc_no_partial_secrets(self):772 creds = self._get_creds(replication_allowed=True,773 revealed_to_rodc=True)774 tgt = self._get_tgt(creds, from_rodc=True)775 self._remove_rodc_partial_secrets()776 self._user2user(tgt, creds, expected_error=KDC_ERR_POLICY)777 # Test with an RODC-issued ticket where the RODC account does not have an778 # msDS-KrbTgtLink.779 def test_tgs_rodc_no_krbtgt_link(self):780 creds = self._get_creds(replication_allowed=True,781 revealed_to_rodc=True)782 tgt = self._get_tgt(creds, from_rodc=True)783 self._remove_rodc_krbtgt_link()784 self._run_tgs(tgt, expected_error=KDC_ERR_POLICY)785 def test_renew_rodc_no_krbtgt_link(self):786 creds = self._get_creds(replication_allowed=True,787 revealed_to_rodc=True)788 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)789 self._remove_rodc_krbtgt_link()790 self._renew_tgt(tgt, expected_error=KDC_ERR_POLICY)791 def test_validate_rodc_no_krbtgt_link(self):792 creds = self._get_creds(replication_allowed=True,793 revealed_to_rodc=True)794 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)795 self._remove_rodc_krbtgt_link()796 self._validate_tgt(tgt, expected_error=KDC_ERR_POLICY)797 def test_s4u2self_rodc_no_krbtgt_link(self):798 creds = self._get_creds(replication_allowed=True,799 revealed_to_rodc=True)800 tgt = self._get_tgt(creds, from_rodc=True)801 self._remove_rodc_krbtgt_link()802 self._s4u2self(tgt, creds, expected_error=KDC_ERR_POLICY)803 def test_user2user_rodc_no_krbtgt_link(self):804 creds = self._get_creds(replication_allowed=True,805 revealed_to_rodc=True)806 tgt = self._get_tgt(creds, from_rodc=True)807 self._remove_rodc_krbtgt_link()808 self._user2user(tgt, creds, expected_error=KDC_ERR_POLICY)809 # Test with an RODC-issued ticket where the client is not allowed to810 # replicate to the RODC.811 def test_tgs_rodc_not_allowed(self):812 creds = self._get_creds(revealed_to_rodc=True)813 tgt = self._get_tgt(creds, from_rodc=True)814 self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)815 def test_renew_rodc_not_allowed(self):816 creds = self._get_creds(revealed_to_rodc=True)817 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)818 self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)819 def test_validate_rodc_not_allowed(self):820 creds = self._get_creds(revealed_to_rodc=True)821 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)822 self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)823 def test_s4u2self_rodc_not_allowed(self):824 creds = self._get_creds(revealed_to_rodc=True)825 tgt = self._get_tgt(creds, from_rodc=True)826 self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)827 def test_user2user_rodc_not_allowed(self):828 creds = self._get_creds(revealed_to_rodc=True)829 tgt = self._get_tgt(creds, from_rodc=True)830 self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)831 # Test with an RODC-issued ticket where the client is denied from832 # replicating to the RODC.833 def test_tgs_rodc_denied(self):834 creds = self._get_creds(replication_denied=True,835 revealed_to_rodc=True)836 tgt = self._get_tgt(creds, from_rodc=True)837 self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)838 def test_renew_rodc_denied(self):839 creds = self._get_creds(replication_denied=True,840 revealed_to_rodc=True)841 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)842 self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)843 def test_validate_rodc_denied(self):844 creds = self._get_creds(replication_denied=True,845 revealed_to_rodc=True)846 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)847 self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)848 def test_s4u2self_rodc_denied(self):849 creds = self._get_creds(replication_denied=True,850 revealed_to_rodc=True)851 tgt = self._get_tgt(creds, from_rodc=True)852 self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)853 def test_user2user_rodc_denied(self):854 creds = self._get_creds(replication_denied=True,855 revealed_to_rodc=True)856 tgt = self._get_tgt(creds, from_rodc=True)857 self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)858 # Test with an RODC-issued ticket where the client is both allowed and859 # denied replicating to the RODC.860 def test_tgs_rodc_allowed_denied(self):861 creds = self._get_creds(replication_allowed=True,862 replication_denied=True,863 revealed_to_rodc=True)864 tgt = self._get_tgt(creds, from_rodc=True)865 self._run_tgs(tgt, expected_error=KDC_ERR_TGT_REVOKED)866 def test_renew_rodc_allowed_denied(self):867 creds = self._get_creds(replication_allowed=True,868 replication_denied=True,869 revealed_to_rodc=True)870 tgt = self._get_tgt(creds, renewable=True, from_rodc=True)871 self._renew_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)872 def test_validate_rodc_allowed_denied(self):873 creds = self._get_creds(replication_allowed=True,874 replication_denied=True,875 revealed_to_rodc=True)876 tgt = self._get_tgt(creds, invalid=True, from_rodc=True)877 self._validate_tgt(tgt, expected_error=KDC_ERR_TGT_REVOKED)878 def test_s4u2self_rodc_allowed_denied(self):879 creds = self._get_creds(replication_allowed=True,880 replication_denied=True,881 revealed_to_rodc=True)882 tgt = self._get_tgt(creds, from_rodc=True)883 self._s4u2self(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)884 def test_user2user_rodc_allowed_denied(self):885 creds = self._get_creds(replication_allowed=True,886 replication_denied=True,887 revealed_to_rodc=True)888 tgt = self._get_tgt(creds, from_rodc=True)889 self._user2user(tgt, creds, expected_error=KDC_ERR_TGT_REVOKED)890 # Test user-to-user with incorrect service principal names.891 def test_user2user_matching_sname_host(self):892 creds = self._get_creds()893 tgt = self._get_tgt(creds)894 user_name = creds.get_username()895 sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,896 names=['host', user_name])897 self._user2user(tgt, creds, sname=sname,898 expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)899 def test_user2user_matching_sname_no_host(self):900 creds = self._get_creds()901 tgt = self._get_tgt(creds)902 user_name = creds.get_username()903 sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,904 names=[user_name])905 self._user2user(tgt, creds, sname=sname, expected_error=0)906 def test_user2user_wrong_sname(self):907 creds = self._get_creds()908 tgt = self._get_tgt(creds)909 other_creds = self._get_mach_creds()910 user_name = other_creds.get_username()911 sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,912 names=[user_name])913 self._user2user(tgt, creds, sname=sname,914 expected_error=(KDC_ERR_BADMATCH,915 KDC_ERR_BADOPTION))916 def test_user2user_other_sname(self):917 other_name = self.get_new_username()918 spn = f'host/{other_name}'919 creds = self.get_cached_creds(920 account_type=self.AccountType.COMPUTER,921 opts={'spn': spn})922 tgt = self._get_tgt(creds)923 sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,924 names=['host', other_name])925 self._user2user(tgt, creds, sname=sname, expected_error=0)926 def test_user2user_wrong_sname_krbtgt(self):927 creds = self._get_creds()928 tgt = self._get_tgt(creds)929 sname = self.get_krbtgt_sname()930 self._user2user(tgt, creds, sname=sname,931 expected_error=(KDC_ERR_BADMATCH,932 KDC_ERR_BADOPTION))933 def test_user2user_wrong_srealm(self):934 creds = self._get_creds()935 tgt = self._get_tgt(creds)936 self._user2user(tgt, creds, srealm='OTHER.REALM',937 expected_error=(KDC_ERR_WRONG_REALM,938 KDC_ERR_S_PRINCIPAL_UNKNOWN))939 def test_user2user_tgt_correct_realm(self):940 creds = self._get_creds()941 tgt = self._get_tgt(creds)942 realm = creds.get_realm().encode('utf-8')943 tgt = self._modify_tgt(tgt, realm)944 self._user2user(tgt, creds,945 expected_error=0)946 def test_user2user_tgt_wrong_realm(self):947 creds = self._get_creds()948 tgt = self._get_tgt(creds)949 tgt = self._modify_tgt(tgt, b'OTHER.REALM')950 self._user2user(tgt, creds,951 expected_error=0)952 def test_user2user_tgt_correct_cname(self):953 creds = self._get_creds()954 tgt = self._get_tgt(creds)955 user_name = creds.get_username()956 user_name = user_name.encode('utf-8')957 cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,958 names=[user_name])959 tgt = self._modify_tgt(tgt, cname=cname)960 self._user2user(tgt, creds, expected_error=0)961 def test_user2user_tgt_other_cname(self):962 samdb = self.get_samdb()963 other_name = self.get_new_username()964 upn = f'{other_name}@{samdb.domain_dns_name()}'965 creds = self.get_cached_creds(966 account_type=self.AccountType.COMPUTER,967 opts={'upn': upn})968 tgt = self._get_tgt(creds)969 cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,970 names=[other_name.encode('utf-8')])971 tgt = self._modify_tgt(tgt, cname=cname)972 self._user2user(tgt, creds, expected_error=0)973 def test_user2user_tgt_cname_host(self):974 creds = self._get_creds()975 tgt = self._get_tgt(creds)976 user_name = creds.get_username()977 user_name = user_name.encode('utf-8')978 cname = self.PrincipalName_create(name_type=NT_PRINCIPAL,979 names=[b'host', user_name])980 tgt = self._modify_tgt(tgt, cname=cname)981 self._user2user(tgt, creds, expected_error=KDC_ERR_C_PRINCIPAL_UNKNOWN)982 def test_user2user_non_existent_sname(self):983 creds = self._get_creds()984 tgt = self._get_tgt(creds)985 sname = self.PrincipalName_create(name_type=NT_PRINCIPAL,986 names=['host', 'non_existent_user'])987 self._user2user(tgt, creds, sname=sname,988 expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)989 def test_user2user_no_sname(self):990 creds = self._get_creds()991 tgt = self._get_tgt(creds)992 self._user2user(tgt, creds, sname=False,993 expected_error=(KDC_ERR_GENERIC,994 KDC_ERR_S_PRINCIPAL_UNKNOWN))995 def test_user2user_service_ticket(self):996 creds = self._get_creds()997 tgt = self._get_tgt(creds)998 service_creds = self.get_service_creds()999 service_ticket = self.get_service_ticket(tgt, service_creds)1000 self._user2user(service_ticket, creds,1001 expected_error=(KDC_ERR_MODIFIED, KDC_ERR_POLICY))1002 def test_pac_attrs_none(self):1003 creds = self._get_creds()1004 self.get_tgt(creds, pac_request=None,1005 expect_pac=True,1006 expect_pac_attrs=True,1007 expect_pac_attrs_pac_request=None)1008 def test_pac_attrs_false(self):1009 creds = self._get_creds()1010 self.get_tgt(creds, pac_request=False,1011 expect_pac=True,1012 expect_pac_attrs=True,1013 expect_pac_attrs_pac_request=False)1014 def test_pac_attrs_true(self):1015 creds = self._get_creds()1016 self.get_tgt(creds, pac_request=True,1017 expect_pac=True,1018 expect_pac_attrs=True,1019 expect_pac_attrs_pac_request=True)1020 def test_pac_attrs_renew_none(self):1021 creds = self._get_creds()1022 tgt = self.get_tgt(creds, pac_request=None,1023 expect_pac=True,1024 expect_pac_attrs=True,1025 expect_pac_attrs_pac_request=None)1026 tgt = self._modify_tgt(tgt, renewable=True)1027 self._renew_tgt(tgt, expected_error=0,1028 expect_pac=True,1029 expect_pac_attrs=True,1030 expect_pac_attrs_pac_request=None)1031 def test_pac_attrs_renew_false(self):1032 creds = self._get_creds()1033 tgt = self.get_tgt(creds, pac_request=False,1034 expect_pac=True,1035 expect_pac_attrs=True,1036 expect_pac_attrs_pac_request=False)1037 tgt = self._modify_tgt(tgt, renewable=True)1038 self._renew_tgt(tgt, expected_error=0,1039 expect_pac=True,1040 expect_pac_attrs=True,1041 expect_pac_attrs_pac_request=False)1042 def test_pac_attrs_renew_true(self):1043 creds = self._get_creds()1044 tgt = self.get_tgt(creds, pac_request=True,1045 expect_pac=True,1046 expect_pac_attrs=True,1047 expect_pac_attrs_pac_request=True)1048 tgt = self._modify_tgt(tgt, renewable=True)1049 self._renew_tgt(tgt, expected_error=0,1050 expect_pac=True,1051 expect_pac_attrs=True,1052 expect_pac_attrs_pac_request=True)1053 def test_pac_attrs_rodc_renew_none(self):1054 creds = self._get_creds(replication_allowed=True,1055 revealed_to_rodc=True)1056 tgt = self.get_tgt(creds, pac_request=None,1057 expect_pac=True,1058 expect_pac_attrs=True,1059 expect_pac_attrs_pac_request=None)1060 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True)1061 self._renew_tgt(tgt, expected_error=0,1062 expect_pac=True,1063 expect_pac_attrs=True,1064 expect_pac_attrs_pac_request=None)1065 def test_pac_attrs_rodc_renew_false(self):1066 creds = self._get_creds(replication_allowed=True,1067 revealed_to_rodc=True)1068 tgt = self.get_tgt(creds, pac_request=False,1069 expect_pac=True,1070 expect_pac_attrs=True,1071 expect_pac_attrs_pac_request=False)1072 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True)1073 self._renew_tgt(tgt, expected_error=0,1074 expect_pac=True,1075 expect_pac_attrs=True,1076 expect_pac_attrs_pac_request=False)1077 def test_pac_attrs_rodc_renew_true(self):1078 creds = self._get_creds(replication_allowed=True,1079 revealed_to_rodc=True)1080 tgt = self.get_tgt(creds, pac_request=True,1081 expect_pac=True,1082 expect_pac_attrs=True,1083 expect_pac_attrs_pac_request=True)1084 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True)1085 self._renew_tgt(tgt, expected_error=0,1086 expect_pac=True,1087 expect_pac_attrs=True,1088 expect_pac_attrs_pac_request=True)1089 def test_pac_attrs_missing_renew_none(self):1090 creds = self._get_creds()1091 tgt = self.get_tgt(creds, pac_request=None,1092 expect_pac=True,1093 expect_pac_attrs=True,1094 expect_pac_attrs_pac_request=None)1095 tgt = self._modify_tgt(tgt, renewable=True,1096 remove_pac_attrs=True)1097 self._renew_tgt(tgt, expected_error=0,1098 expect_pac=True,1099 expect_pac_attrs=False)1100 def test_pac_attrs_missing_renew_false(self):1101 creds = self._get_creds()1102 tgt = self.get_tgt(creds, pac_request=False,1103 expect_pac=True,1104 expect_pac_attrs=True,1105 expect_pac_attrs_pac_request=False)1106 tgt = self._modify_tgt(tgt, renewable=True,1107 remove_pac_attrs=True)1108 self._renew_tgt(tgt, expected_error=0,1109 expect_pac=True,1110 expect_pac_attrs=False)1111 def test_pac_attrs_missing_renew_true(self):1112 creds = self._get_creds()1113 tgt = self.get_tgt(creds, pac_request=True,1114 expect_pac=True,1115 expect_pac_attrs=True,1116 expect_pac_attrs_pac_request=True)1117 tgt = self._modify_tgt(tgt, renewable=True,1118 remove_pac_attrs=True)1119 self._renew_tgt(tgt, expected_error=0,1120 expect_pac=True,1121 expect_pac_attrs=False)1122 def test_pac_attrs_missing_rodc_renew_none(self):1123 creds = self._get_creds(replication_allowed=True,1124 revealed_to_rodc=True)1125 tgt = self.get_tgt(creds, pac_request=None,1126 expect_pac=True,1127 expect_pac_attrs=True,1128 expect_pac_attrs_pac_request=None)1129 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True,1130 remove_pac_attrs=True)1131 self._renew_tgt(tgt, expected_error=0,1132 expect_pac=True,1133 expect_pac_attrs=False)1134 def test_pac_attrs_missing_rodc_renew_false(self):1135 creds = self._get_creds(replication_allowed=True,1136 revealed_to_rodc=True)1137 tgt = self.get_tgt(creds, pac_request=False,1138 expect_pac=True,1139 expect_pac_attrs=True,1140 expect_pac_attrs_pac_request=False)1141 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True,1142 remove_pac_attrs=True)1143 self._renew_tgt(tgt, expected_error=0,1144 expect_pac=True,1145 expect_pac_attrs=False)1146 def test_pac_attrs_missing_rodc_renew_true(self):1147 creds = self._get_creds(replication_allowed=True,1148 revealed_to_rodc=True)1149 tgt = self.get_tgt(creds, pac_request=True,1150 expect_pac=True,1151 expect_pac_attrs=True,1152 expect_pac_attrs_pac_request=True)1153 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True,1154 remove_pac_attrs=True)1155 self._renew_tgt(tgt, expected_error=0,1156 expect_pac=True,1157 expect_pac_attrs=False)1158 def test_tgs_pac_attrs_none(self):1159 creds = self._get_creds()1160 tgt = self.get_tgt(creds, pac_request=None,1161 expect_pac=True,1162 expect_pac_attrs=True,1163 expect_pac_attrs_pac_request=None)1164 self._run_tgs(tgt, expected_error=0, expect_pac=True,1165 expect_pac_attrs=True,1166 expect_pac_attrs_pac_request=None)1167 def test_tgs_pac_attrs_false(self):1168 creds = self._get_creds()1169 tgt = self.get_tgt(creds, pac_request=False,1170 expect_pac=True,1171 expect_pac_attrs=True,1172 expect_pac_attrs_pac_request=False)1173 self._run_tgs(tgt, expected_error=0, expect_pac=False)1174 def test_tgs_pac_attrs_true(self):1175 creds = self._get_creds()1176 tgt = self.get_tgt(creds, pac_request=True,1177 expect_pac=True,1178 expect_pac_attrs=True,1179 expect_pac_attrs_pac_request=True)1180 self._run_tgs(tgt, expected_error=0, expect_pac=True,1181 expect_pac_attrs=True,1182 expect_pac_attrs_pac_request=True)1183 def test_as_requester_sid(self):1184 creds = self._get_creds()1185 samdb = self.get_samdb()1186 sid = self.get_objectSid(samdb, creds.get_dn())1187 self.get_tgt(creds, pac_request=None,1188 expect_pac=True,1189 expected_sid=sid,1190 expect_requester_sid=True)1191 def test_tgs_requester_sid(self):1192 creds = self._get_creds()1193 samdb = self.get_samdb()1194 sid = self.get_objectSid(samdb, creds.get_dn())1195 tgt = self.get_tgt(creds, pac_request=None,1196 expect_pac=True,1197 expected_sid=sid,1198 expect_requester_sid=True)1199 self._run_tgs(tgt, expected_error=0, expect_pac=True,1200 expected_sid=sid,1201 expect_requester_sid=True)1202 def test_tgs_requester_sid_renew(self):1203 creds = self._get_creds()1204 samdb = self.get_samdb()1205 sid = self.get_objectSid(samdb, creds.get_dn())1206 tgt = self.get_tgt(creds, pac_request=None,1207 expect_pac=True,1208 expected_sid=sid,1209 expect_requester_sid=True)1210 tgt = self._modify_tgt(tgt, renewable=True)1211 self._renew_tgt(tgt, expected_error=0, expect_pac=True,1212 expected_sid=sid,1213 expect_requester_sid=True)1214 def test_tgs_requester_sid_rodc_renew(self):1215 creds = self._get_creds(replication_allowed=True,1216 revealed_to_rodc=True)1217 samdb = self.get_samdb()1218 sid = self.get_objectSid(samdb, creds.get_dn())1219 tgt = self.get_tgt(creds, pac_request=None,1220 expect_pac=True,1221 expected_sid=sid,1222 expect_requester_sid=True)1223 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True)1224 self._renew_tgt(tgt, expected_error=0, expect_pac=True,1225 expected_sid=sid,1226 expect_requester_sid=True)1227 def test_tgs_requester_sid_missing_renew(self):1228 creds = self._get_creds()1229 samdb = self.get_samdb()1230 sid = self.get_objectSid(samdb, creds.get_dn())1231 tgt = self.get_tgt(creds, pac_request=None,1232 expect_pac=True,1233 expected_sid=sid,1234 expect_requester_sid=True)1235 tgt = self._modify_tgt(tgt, renewable=True,1236 remove_requester_sid=True)1237 self._renew_tgt(tgt, expected_error=0, expect_pac=True,1238 expect_requester_sid=False) # Note: not expected1239 def test_tgs_requester_sid_missing_rodc_renew(self):1240 creds = self._get_creds(replication_allowed=True,1241 revealed_to_rodc=True)1242 samdb = self.get_samdb()1243 sid = self.get_objectSid(samdb, creds.get_dn())1244 tgt = self.get_tgt(creds, pac_request=None,1245 expect_pac=True,1246 expected_sid=sid,1247 expect_requester_sid=True)1248 tgt = self._modify_tgt(tgt, from_rodc=True, renewable=True,1249 remove_requester_sid=True)1250 self._renew_tgt(tgt, expected_error=0, expect_pac=True,1251 expected_sid=sid,1252 expect_requester_sid=True)1253 def test_tgs_pac_request_none(self):1254 creds = self._get_creds()1255 tgt = self.get_tgt(creds, pac_request=None)1256 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1257 pac = self.get_ticket_pac(ticket)1258 self.assertIsNotNone(pac)1259 def test_tgs_pac_request_false(self):1260 creds = self._get_creds()1261 tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)1262 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)1263 pac = self.get_ticket_pac(ticket, expect_pac=False)1264 self.assertIsNone(pac)1265 def test_tgs_pac_request_true(self):1266 creds = self._get_creds()1267 tgt = self.get_tgt(creds, pac_request=True)1268 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1269 pac = self.get_ticket_pac(ticket)1270 self.assertIsNotNone(pac)1271 def test_renew_pac_request_none(self):1272 creds = self._get_creds()1273 tgt = self.get_tgt(creds, pac_request=None)1274 tgt = self._modify_tgt(tgt, renewable=True)1275 tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)1276 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1277 pac = self.get_ticket_pac(ticket)1278 self.assertIsNotNone(pac)1279 def test_renew_pac_request_false(self):1280 creds = self._get_creds()1281 tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)1282 tgt = self._modify_tgt(tgt, renewable=True)1283 tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)1284 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)1285 pac = self.get_ticket_pac(ticket, expect_pac=False)1286 self.assertIsNone(pac)1287 def test_renew_pac_request_true(self):1288 creds = self._get_creds()1289 tgt = self.get_tgt(creds, pac_request=True)1290 tgt = self._modify_tgt(tgt, renewable=True)1291 tgt = self._renew_tgt(tgt, expected_error=0, expect_pac=None)1292 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1293 pac = self.get_ticket_pac(ticket)1294 self.assertIsNotNone(pac)1295 def test_validate_pac_request_none(self):1296 creds = self._get_creds()1297 tgt = self.get_tgt(creds, pac_request=None)1298 tgt = self._modify_tgt(tgt, invalid=True)1299 tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)1300 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1301 pac = self.get_ticket_pac(ticket)1302 self.assertIsNotNone(pac)1303 def test_validate_pac_request_false(self):1304 creds = self._get_creds()1305 tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)1306 tgt = self._modify_tgt(tgt, invalid=True)1307 tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)1308 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)1309 pac = self.get_ticket_pac(ticket, expect_pac=False)1310 self.assertIsNone(pac)1311 def test_validate_pac_request_true(self):1312 creds = self._get_creds()1313 tgt = self.get_tgt(creds, pac_request=True)1314 tgt = self._modify_tgt(tgt, invalid=True)1315 tgt = self._validate_tgt(tgt, expected_error=0, expect_pac=None)1316 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1317 pac = self.get_ticket_pac(ticket)1318 self.assertIsNotNone(pac)1319 def test_s4u2self_pac_request_none(self):1320 creds = self._get_creds()1321 tgt = self.get_tgt(creds, pac_request=None)1322 ticket = self._s4u2self(tgt, creds, expected_error=0, expect_pac=True)1323 pac = self.get_ticket_pac(ticket)1324 self.assertIsNotNone(pac)1325 def test_s4u2self_pac_request_false(self):1326 creds = self._get_creds()1327 tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)1328 ticket = self._s4u2self(tgt, creds, expected_error=0, expect_pac=False)1329 pac = self.get_ticket_pac(ticket, expect_pac=False)1330 self.assertIsNone(pac)1331 def test_s4u2self_pac_request_true(self):1332 creds = self._get_creds()1333 tgt = self.get_tgt(creds, pac_request=True)1334 ticket = self._s4u2self(tgt, creds, expected_error=0, expect_pac=True)1335 pac = self.get_ticket_pac(ticket)1336 self.assertIsNotNone(pac)1337 def test_user2user_pac_request_none(self):1338 creds = self._get_creds()1339 tgt = self.get_tgt(creds, pac_request=None)1340 ticket = self._user2user(tgt, creds, expected_error=0, expect_pac=True)1341 pac = self.get_ticket_pac(ticket)1342 self.assertIsNotNone(pac)1343 def test_user2user_pac_request_false(self):1344 creds = self._get_creds()1345 tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)1346 ticket = self._user2user(tgt, creds, expected_error=0,1347 expect_pac=True)1348 pac = self.get_ticket_pac(ticket, expect_pac=True)1349 self.assertIsNotNone(pac)1350 def test_user2user_pac_request_true(self):1351 creds = self._get_creds()1352 tgt = self.get_tgt(creds, pac_request=True)1353 ticket = self._user2user(tgt, creds, expected_error=0, expect_pac=True)1354 pac = self.get_ticket_pac(ticket)1355 self.assertIsNotNone(pac)1356 def test_user2user_user_pac_request_none(self):1357 creds = self._get_creds()1358 tgt = self.get_tgt(creds)1359 user_creds = self._get_mach_creds()1360 user_tgt = self.get_tgt(user_creds, pac_request=None)1361 ticket = self._user2user(tgt, creds, expected_error=0,1362 user_tgt=user_tgt, expect_pac=True)1363 pac = self.get_ticket_pac(ticket)1364 self.assertIsNotNone(pac)1365 def test_user2user_user_pac_request_false(self):1366 creds = self._get_creds()1367 tgt = self.get_tgt(creds)1368 user_creds = self._get_mach_creds()1369 user_tgt = self.get_tgt(user_creds, pac_request=False, expect_pac=None)1370 ticket = self._user2user(tgt, creds, expected_error=0,1371 user_tgt=user_tgt, expect_pac=False)1372 pac = self.get_ticket_pac(ticket, expect_pac=False)1373 self.assertIsNone(pac)1374 def test_user2user_user_pac_request_true(self):1375 creds = self._get_creds()1376 tgt = self.get_tgt(creds)1377 user_creds = self._get_mach_creds()1378 user_tgt = self.get_tgt(user_creds, pac_request=True)1379 ticket = self._user2user(tgt, creds, expected_error=0,1380 user_tgt=user_tgt, expect_pac=True)1381 pac = self.get_ticket_pac(ticket)1382 self.assertIsNotNone(pac)1383 def test_tgs_rodc_pac_request_none(self):1384 creds = self._get_creds(replication_allowed=True,1385 revealed_to_rodc=True)1386 tgt = self.get_tgt(creds, pac_request=None)1387 tgt = self._modify_tgt(tgt, from_rodc=True)1388 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1389 pac = self.get_ticket_pac(ticket)1390 self.assertIsNotNone(pac)1391 def test_tgs_rodc_pac_request_false(self):1392 creds = self._get_creds(replication_allowed=True,1393 revealed_to_rodc=True)1394 tgt = self.get_tgt(creds, pac_request=False, expect_pac=None)1395 tgt = self._modify_tgt(tgt, from_rodc=True)1396 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=False)1397 pac = self.get_ticket_pac(ticket, expect_pac=False)1398 self.assertIsNone(pac)1399 def test_tgs_rodc_pac_request_true(self):1400 creds = self._get_creds(replication_allowed=True,1401 revealed_to_rodc=True)1402 tgt = self.get_tgt(creds, pac_request=True)1403 tgt = self._modify_tgt(tgt, from_rodc=True)1404 ticket = self._run_tgs(tgt, expected_error=0, expect_pac=True)1405 pac = self.get_ticket_pac(ticket)1406 self.assertIsNotNone(pac)1407 def test_tgs_rename(self):1408 creds = self.get_cached_creds(account_type=self.AccountType.USER,1409 use_cache=False)1410 tgt = self.get_tgt(creds)1411 # Rename the account.1412 new_name = self.get_new_username()1413 samdb = self.get_samdb()1414 msg = ldb.Message(creds.get_dn())1415 msg['sAMAccountName'] = ldb.MessageElement(new_name,1416 ldb.FLAG_MOD_REPLACE,1417 'sAMAccountName')1418 samdb.modify(msg)1419 self._run_tgs(tgt, expected_error=KDC_ERR_C_PRINCIPAL_UNKNOWN)1420 def _get_tgt(self,1421 client_creds,1422 renewable=False,1423 invalid=False,1424 from_rodc=False,1425 new_rid=None,1426 remove_pac=False,1427 allow_empty_authdata=False,1428 can_modify_logon_info=True,1429 can_modify_requester_sid=True,1430 remove_pac_attrs=False,1431 remove_requester_sid=False):1432 self.assertFalse(renewable and invalid)1433 if remove_pac:1434 self.assertIsNone(new_rid)1435 tgt = self.get_tgt(client_creds)1436 return self._modify_tgt(1437 tgt=tgt,1438 renewable=renewable,1439 invalid=invalid,1440 from_rodc=from_rodc,1441 new_rid=new_rid,1442 remove_pac=remove_pac,1443 allow_empty_authdata=allow_empty_authdata,1444 can_modify_logon_info=can_modify_logon_info,1445 can_modify_requester_sid=can_modify_requester_sid,1446 remove_pac_attrs=remove_pac_attrs,1447 remove_requester_sid=remove_requester_sid)1448 def _modify_tgt(self,1449 tgt,1450 renewable=False,1451 invalid=False,1452 from_rodc=False,1453 new_rid=None,1454 remove_pac=False,1455 allow_empty_authdata=False,1456 cname=None,1457 crealm=None,1458 can_modify_logon_info=True,1459 can_modify_requester_sid=True,1460 remove_pac_attrs=False,1461 remove_requester_sid=False):1462 if from_rodc:1463 krbtgt_creds = self.get_mock_rodc_krbtgt_creds()1464 else:1465 krbtgt_creds = self.get_krbtgt_creds()1466 if new_rid is not None or remove_requester_sid or remove_pac_attrs:1467 def change_sid_fn(pac):1468 pac_buffers = pac.buffers1469 for pac_buffer in pac_buffers:1470 if pac_buffer.type == krb5pac.PAC_TYPE_LOGON_INFO:1471 if new_rid is not None and can_modify_logon_info:1472 logon_info = pac_buffer.info.info1473 logon_info.info3.base.rid = new_rid1474 elif pac_buffer.type == krb5pac.PAC_TYPE_REQUESTER_SID:1475 if remove_requester_sid:1476 pac.num_buffers -= 11477 pac_buffers.remove(pac_buffer)1478 elif new_rid is not None and can_modify_requester_sid:1479 requester_sid = pac_buffer.info1480 samdb = self.get_samdb()1481 domain_sid = samdb.get_domain_sid()1482 new_sid = f'{domain_sid}-{new_rid}'1483 requester_sid.sid = security.dom_sid(new_sid)1484 elif pac_buffer.type == krb5pac.PAC_TYPE_ATTRIBUTES_INFO:1485 if remove_pac_attrs:1486 pac.num_buffers -= 11487 pac_buffers.remove(pac_buffer)1488 pac.buffers = pac_buffers1489 return pac1490 else:1491 change_sid_fn = None1492 krbtgt_key = self.TicketDecryptionKey_from_creds(krbtgt_creds)1493 if remove_pac:1494 checksum_keys = None1495 else:1496 checksum_keys = {1497 krb5pac.PAC_TYPE_KDC_CHECKSUM: krbtgt_key1498 }1499 if renewable:1500 def flags_modify_fn(enc_part):1501 # Set the renewable flag.1502 renewable_flag = krb5_asn1.TicketFlags('renewable')1503 pos = len(tuple(renewable_flag)) - 11504 flags = enc_part['flags']1505 self.assertLessEqual(pos, len(flags))1506 new_flags = flags[:pos] + '1' + flags[pos + 1:]1507 enc_part['flags'] = new_flags1508 # Set the renew-till time to be in the future.1509 renew_till = self.get_KerberosTime(offset=100 * 60 * 60)1510 enc_part['renew-till'] = renew_till1511 return enc_part1512 elif invalid:1513 def flags_modify_fn(enc_part):1514 # Set the invalid flag.1515 invalid_flag = krb5_asn1.TicketFlags('invalid')1516 pos = len(tuple(invalid_flag)) - 11517 flags = enc_part['flags']1518 self.assertLessEqual(pos, len(flags))1519 new_flags = flags[:pos] + '1' + flags[pos + 1:]1520 enc_part['flags'] = new_flags1521 # Set the ticket start time to be in the past.1522 past_time = self.get_KerberosTime(offset=-100 * 60 * 60)1523 enc_part['starttime'] = past_time1524 return enc_part1525 else:1526 flags_modify_fn = None1527 if cname is not None or crealm is not None:1528 def modify_fn(enc_part):1529 if flags_modify_fn is not None:1530 enc_part = flags_modify_fn(enc_part)1531 if cname is not None:1532 enc_part['cname'] = cname1533 if crealm is not None:1534 enc_part['crealm'] = crealm1535 return enc_part1536 else:1537 modify_fn = flags_modify_fn1538 if cname is not None:1539 def modify_pac_fn(pac):1540 if change_sid_fn is not None:1541 pac = change_sid_fn(pac)1542 for pac_buffer in pac.buffers:1543 if pac_buffer.type == krb5pac.PAC_TYPE_LOGON_NAME:1544 logon_info = pac_buffer.info1545 logon_info.account_name = (1546 cname['name-string'][0].decode('utf-8'))1547 return pac1548 else:1549 modify_pac_fn = change_sid_fn1550 return self.modified_ticket(1551 tgt,1552 new_ticket_key=krbtgt_key,1553 modify_fn=modify_fn,1554 modify_pac_fn=modify_pac_fn,1555 exclude_pac=remove_pac,1556 allow_empty_authdata=allow_empty_authdata,1557 update_pac_checksums=not remove_pac,1558 checksum_keys=checksum_keys)1559 def _remove_rodc_partial_secrets(self):1560 samdb = self.get_samdb()1561 rodc_ctx = self.get_mock_rodc_ctx()1562 rodc_dn = ldb.Dn(samdb, rodc_ctx.acct_dn)1563 def add_rodc_partial_secrets():1564 msg = ldb.Message()1565 msg.dn = rodc_dn1566 msg['userAccountControl'] = ldb.MessageElement(1567 str(rodc_ctx.userAccountControl),1568 ldb.FLAG_MOD_REPLACE,1569 'userAccountControl')1570 samdb.modify(msg)1571 self.addCleanup(add_rodc_partial_secrets)1572 uac = rodc_ctx.userAccountControl & ~dsdb.UF_PARTIAL_SECRETS_ACCOUNT1573 msg = ldb.Message()1574 msg.dn = rodc_dn1575 msg['userAccountControl'] = ldb.MessageElement(1576 str(uac),1577 ldb.FLAG_MOD_REPLACE,1578 'userAccountControl')1579 samdb.modify(msg)1580 def _remove_rodc_krbtgt_link(self):1581 samdb = self.get_samdb()1582 rodc_ctx = self.get_mock_rodc_ctx()1583 rodc_dn = ldb.Dn(samdb, rodc_ctx.acct_dn)1584 def add_rodc_krbtgt_link():1585 msg = ldb.Message()1586 msg.dn = rodc_dn1587 msg['msDS-KrbTgtLink'] = ldb.MessageElement(1588 rodc_ctx.new_krbtgt_dn,1589 ldb.FLAG_MOD_ADD,1590 'msDS-KrbTgtLink')1591 samdb.modify(msg)1592 self.addCleanup(add_rodc_krbtgt_link)1593 msg = ldb.Message()1594 msg.dn = rodc_dn1595 msg['msDS-KrbTgtLink'] = ldb.MessageElement(1596 [],1597 ldb.FLAG_MOD_DELETE,1598 'msDS-KrbTgtLink')1599 samdb.modify(msg)1600 def _get_creds(self,1601 replication_allowed=False,1602 replication_denied=False,1603 revealed_to_rodc=False):1604 return self.get_cached_creds(1605 account_type=self.AccountType.COMPUTER,1606 opts={1607 'allowed_replication_mock': replication_allowed,1608 'denied_replication_mock': replication_denied,1609 'revealed_to_mock_rodc': revealed_to_rodc,1610 'id': 01611 })1612 def _get_existing_rid(self,1613 replication_allowed=False,1614 replication_denied=False,...
salt_tests.py
Source:salt_tests.py
...28 def setUp(self):29 super().setUp()30 self.do_asn1_print = global_asn1_print31 self.do_hexdump = global_hexdump32 def _get_creds(self, *,33 account_type,34 opts=None):35 try:36 return self.get_cached_creds(37 account_type=account_type,38 opts=opts)39 except ldb.LdbError:40 self.fail()41 def _run_salt_test(self, client_creds):42 expected_salt = self.get_salt(client_creds)43 self.assertIsNotNone(expected_salt)44 etype_info2 = self._run_as_req_enc_timestamp(client_creds)45 self.assertEqual(etype_info2[0]['etype'], kcrypto.Enctype.AES256)46 self.assertEqual(etype_info2[0]['salt'], expected_salt)47 def test_salt_at_user(self):48 client_creds = self._get_creds(49 account_type=self.AccountType.USER,50 opts={'name_suffix': 'foo@bar'})51 self._run_as_req_enc_timestamp(client_creds)52 def test_salt_at_mac(self):53 client_creds = self._get_creds(54 account_type=self.AccountType.COMPUTER,55 opts={'name_suffix': 'foo@bar'})56 self._run_as_req_enc_timestamp(client_creds)57 def test_salt_at_case_user(self):58 client_creds = self._get_creds(59 account_type=self.AccountType.USER,60 opts={'name_suffix': 'Foo@bar'})61 self._run_as_req_enc_timestamp(client_creds)62 def test_salt_at_case_mac(self):63 client_creds = self._get_creds(64 account_type=self.AccountType.COMPUTER,65 opts={'name_suffix': 'Foo@bar'})66 self._run_as_req_enc_timestamp(client_creds)67 def test_salt_double_at_user(self):68 client_creds = self._get_creds(69 account_type=self.AccountType.USER,70 opts={'name_suffix': 'foo@@bar'})71 self._run_as_req_enc_timestamp(client_creds)72 def test_salt_double_at_mac(self):73 client_creds = self._get_creds(74 account_type=self.AccountType.COMPUTER,75 opts={'name_suffix': 'foo@@bar'})76 self._run_as_req_enc_timestamp(client_creds)77 def test_salt_at_start_user(self):78 client_creds = self._get_creds(79 account_type=self.AccountType.USER,80 opts={'name_prefix': '@foo'})81 self._run_as_req_enc_timestamp(client_creds)82 def test_salt_at_start_mac(self):83 client_creds = self._get_creds(84 account_type=self.AccountType.COMPUTER,85 opts={'name_prefix': '@foo'})86 self._run_as_req_enc_timestamp(client_creds)87 def test_salt_at_end_user(self):88 client_creds = self._get_creds(89 account_type=self.AccountType.USER,90 opts={'name_suffix': 'foo@'})91 self._run_as_req_enc_timestamp(client_creds)92 def test_salt_at_end_mac(self):93 client_creds = self._get_creds(94 account_type=self.AccountType.COMPUTER,95 opts={'name_suffix': 'foo@'})96 self._run_as_req_enc_timestamp(client_creds)97 def test_salt_at_end_no_dollar_mac(self):98 client_creds = self._get_creds(99 account_type=self.AccountType.COMPUTER,100 opts={'name_suffix': 'foo@',101 'add_dollar': False})102 self._run_as_req_enc_timestamp(client_creds)103 def test_salt_no_dollar_mac(self):104 client_creds = self._get_creds(105 account_type=self.AccountType.COMPUTER,106 opts={'add_dollar': False})107 self._run_as_req_enc_timestamp(client_creds)108 def test_salt_dollar_mid_mac(self):109 client_creds = self._get_creds(110 account_type=self.AccountType.COMPUTER,111 opts={'name_suffix': 'foo$bar',112 'add_dollar': False})113 self._run_as_req_enc_timestamp(client_creds)114 def test_salt_dollar_user(self):115 client_creds = self._get_creds(116 account_type=self.AccountType.USER,117 opts={'name_suffix': 'foo$bar'})118 self._run_as_req_enc_timestamp(client_creds)119 def test_salt_dollar_mac(self):120 client_creds = self._get_creds(121 account_type=self.AccountType.COMPUTER,122 opts={'name_suffix': 'foo$bar'})123 self._run_as_req_enc_timestamp(client_creds)124 def test_salt_dollar_end_user(self):125 client_creds = self._get_creds(126 account_type=self.AccountType.USER,127 opts={'name_suffix': 'foo$'})128 self._run_as_req_enc_timestamp(client_creds)129 def test_salt_dollar_end_mac(self):130 client_creds = self._get_creds(131 account_type=self.AccountType.COMPUTER,132 opts={'name_suffix': 'foo$'})133 self._run_as_req_enc_timestamp(client_creds)134 def test_salt_upn_user(self):135 client_creds = self._get_creds(136 account_type=self.AccountType.USER,137 opts={'upn': 'foo0'})138 self._run_as_req_enc_timestamp(client_creds)139 def test_salt_upn_mac(self):140 client_creds = self._get_creds(141 account_type=self.AccountType.COMPUTER,142 opts={'upn': 'foo1'})143 self._run_as_req_enc_timestamp(client_creds)144 def test_salt_upn_host_user(self):145 client_creds = self._get_creds(146 account_type=self.AccountType.USER,147 opts={'upn': 'host/foo2'})148 self._run_as_req_enc_timestamp(client_creds)149 def test_salt_upn_host_mac(self):150 client_creds = self._get_creds(151 account_type=self.AccountType.COMPUTER,152 opts={'upn': 'host/foo3'})153 self._run_as_req_enc_timestamp(client_creds)154 def test_salt_upn_realm_user(self):155 realm = self.get_samdb().domain_dns_name()156 client_creds = self._get_creds(157 account_type=self.AccountType.USER,158 opts={'upn': 'foo4@' + realm})159 self._run_as_req_enc_timestamp(client_creds)160 def test_salt_upn_realm_mac(self):161 realm = self.get_samdb().domain_dns_name()162 client_creds = self._get_creds(163 account_type=self.AccountType.COMPUTER,164 opts={'upn': 'foo5@' + realm})165 self._run_as_req_enc_timestamp(client_creds)166 def test_salt_upn_host_realm_user(self):167 realm = self.get_samdb().domain_dns_name()168 client_creds = self._get_creds(169 account_type=self.AccountType.USER,170 opts={'upn': 'host/foo6@' + realm})171 self._run_as_req_enc_timestamp(client_creds)172 def test_salt_upn_host_realm_mac(self):173 realm = self.get_samdb().domain_dns_name()174 client_creds = self._get_creds(175 account_type=self.AccountType.COMPUTER,176 opts={'upn': 'host/foo7@' + realm})177 self._run_as_req_enc_timestamp(client_creds)178 def test_salt_upn_dollar_realm_user(self):179 realm = self.get_samdb().domain_dns_name()180 client_creds = self._get_creds(181 account_type=self.AccountType.USER,182 opts={'upn': 'foo8$@' + realm})183 self._run_as_req_enc_timestamp(client_creds)184 def test_salt_upn_dollar_realm_mac(self):185 realm = self.get_samdb().domain_dns_name()186 client_creds = self._get_creds(187 account_type=self.AccountType.COMPUTER,188 opts={'upn': 'foo9$@' + realm})189 self._run_as_req_enc_timestamp(client_creds)190 def test_salt_upn_host_dollar_realm_user(self):191 realm = self.get_samdb().domain_dns_name()192 client_creds = self._get_creds(193 account_type=self.AccountType.USER,194 opts={'upn': 'host/foo10$@' + realm})195 self._run_as_req_enc_timestamp(client_creds)196 def test_salt_upn_host_dollar_realm_mac(self):197 realm = self.get_samdb().domain_dns_name()198 client_creds = self._get_creds(199 account_type=self.AccountType.COMPUTER,200 opts={'upn': 'host/foo11$@' + realm})201 self._run_as_req_enc_timestamp(client_creds)202 def test_salt_upn_other_realm_user(self):203 client_creds = self._get_creds(204 account_type=self.AccountType.USER,205 opts={'upn': 'foo12@other.realm'})206 self._run_as_req_enc_timestamp(client_creds)207 def test_salt_upn_other_realm_mac(self):208 client_creds = self._get_creds(209 account_type=self.AccountType.COMPUTER,210 opts={'upn': 'foo13@other.realm'})211 self._run_as_req_enc_timestamp(client_creds)212 def test_salt_upn_host_other_realm_user(self):213 client_creds = self._get_creds(214 account_type=self.AccountType.USER,215 opts={'upn': 'host/foo14@other.realm'})216 self._run_as_req_enc_timestamp(client_creds)217 def test_salt_upn_host_other_realm_mac(self):218 client_creds = self._get_creds(219 account_type=self.AccountType.COMPUTER,220 opts={'upn': 'host/foo15@other.realm'})221 self._run_as_req_enc_timestamp(client_creds)222 def test_salt_upn_case_user(self):223 client_creds = self._get_creds(224 account_type=self.AccountType.USER,225 opts={'upn': 'Foo16'})226 self._run_as_req_enc_timestamp(client_creds)227 def test_salt_upn_case_mac(self):228 client_creds = self._get_creds(229 account_type=self.AccountType.COMPUTER,230 opts={'upn': 'Foo17'})231 self._run_as_req_enc_timestamp(client_creds)232 def test_salt_upn_dollar_mid_realm_user(self):233 realm = self.get_samdb().domain_dns_name()234 client_creds = self._get_creds(235 account_type=self.AccountType.USER,236 opts={'upn': 'foo$18@' + realm})237 self._run_as_req_enc_timestamp(client_creds)238 def test_salt_upn_dollar_mid_realm_mac(self):239 realm = self.get_samdb().domain_dns_name()240 client_creds = self._get_creds(241 account_type=self.AccountType.COMPUTER,242 opts={'upn': 'foo$19@' + realm})243 self._run_as_req_enc_timestamp(client_creds)244 def test_salt_upn_host_dollar_mid_realm_user(self):245 realm = self.get_samdb().domain_dns_name()246 client_creds = self._get_creds(247 account_type=self.AccountType.USER,248 opts={'upn': 'host/foo$20@' + realm})249 self._run_as_req_enc_timestamp(client_creds)250 def test_salt_upn_host_dollar_mid_realm_mac(self):251 realm = self.get_samdb().domain_dns_name()252 client_creds = self._get_creds(253 account_type=self.AccountType.COMPUTER,254 opts={'upn': 'host/foo$21@' + realm})255 self._run_as_req_enc_timestamp(client_creds)256 def test_salt_upn_at_realm_user(self):257 realm = self.get_samdb().domain_dns_name()258 client_creds = self._get_creds(259 account_type=self.AccountType.USER,260 opts={'upn': 'foo22@bar@' + realm})261 self._run_as_req_enc_timestamp(client_creds)262 def test_salt_upn_at_realm_mac(self):263 realm = self.get_samdb().domain_dns_name()264 client_creds = self._get_creds(265 account_type=self.AccountType.COMPUTER,266 opts={'upn': 'foo23@bar@' + realm})267 self._run_as_req_enc_timestamp(client_creds)268if __name__ == "__main__":269 global_asn1_print = False270 global_hexdump = False271 import unittest...
Automation Testing Tutorials
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
LambdaTest Learning Hubs:
- JUnit Tutorial
- TestNG Tutorial
- Webdriver Tutorial
- WebDriverIO Tutorial
- Protractor Tutorial
- Selenium 4 Tutorial
- Jenkins Tutorial
- NUnit Tutorial
- Jest Tutorial
- Playwright Tutorial
- Cypress Tutorial
- PyTest Tutorial
YouTube
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Run tempest automation tests on LambdaTest cloud grid
Perform automation testing on 3000+ real desktop and mobile devices online.
Try LambdaTest Now !!
Get 100 minutes of automation test minutes FREE!!
Was this article helpful?
