The Samba-Bugzilla – Attachment 16784 Details for
Bug 14817
Update Kerberos testing and dependencies to bring in fix for KDC crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
generated patch from master (v3) for 4.14
samba-4-14-kdc-crash.patch (text/plain), 1.12 MB, created by
Andrew Bartlett
on 2021-09-07 07:47:57 UTC
(
hide
)
Description:
generated patch from master (v3) for 4.14
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-09-07 07:47:57 UTC
Size:
1.12 MB
patch
obsolete
>From 86a73c8defaa31ee569cbffc53b67fbba2452b6a Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 16 Apr 2021 17:22:12 +0200 >Subject: [PATCH 001/149] librpc: Add py_descriptor_richcmp() equality function > >Only a python3 version. Do we still need the python2 flavor? > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 439b7ccdc1b1c91c66c1a7c83e340fa044c26377) >--- > source4/librpc/ndr/py_security.c | 37 ++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > >diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c >index 96f499614ce..4e9af544828 100644 >--- a/source4/librpc/ndr/py_security.c >+++ b/source4/librpc/ndr/py_security.c >@@ -309,9 +309,46 @@ static PyMethodDef py_descriptor_extra_methods[] = { > {0} > }; > >+static PyObject *py_descriptor_richcmp( >+ PyObject *py_self, PyObject *py_other, int op) >+{ >+ struct security_descriptor *self = pytalloc_get_ptr(py_self); >+ struct security_descriptor *other = pytalloc_get_ptr(py_other); >+ bool eq; >+ >+ if (other == NULL) { >+ Py_INCREF(Py_NotImplemented); >+ return Py_NotImplemented; >+ } >+ >+ eq = security_descriptor_equal(self, other); >+ >+ switch(op) { >+ case Py_EQ: >+ if (eq) { >+ Py_RETURN_TRUE; >+ } else { >+ Py_RETURN_FALSE; >+ } >+ break; >+ case Py_NE: >+ if (eq) { >+ Py_RETURN_FALSE; >+ } else { >+ Py_RETURN_TRUE; >+ } >+ break; >+ default: >+ break; >+ } >+ >+ return Py_NotImplemented; >+} >+ > static void py_descriptor_patch(PyTypeObject *type) > { > type->tp_new = py_descriptor_new; >+ type->tp_richcompare = py_descriptor_richcmp; > PyType_AddMethods(type, py_descriptor_extra_methods); > } > >-- >2.25.1 > > >From 0b8cbac4a2c956c5b4cbbdfd412a068773338b6d Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 17 Feb 2021 12:15:50 +1300 >Subject: [PATCH 002/149] tests python krb5: MS-KILE client principal look-up > >Tests of [MS-KILE]: Kerberos Protocol Extensions > section 3.3.5.6.1 Client Principal Lookup > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184 > >(cherry picked from commit 768d48fca9f8c7527c0d12e7acc8942b5fd36ac2) >--- > python/samba/tests/krb5/kdc_base_test.py | 29 +- > .../ms_kile_client_principal_lookup_tests.py | 814 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_heimdal_kdc | 12 + > selftest/knownfail_mit_kdc | 16 + > source4/selftest/tests.py | 3 + > 6 files changed, 874 insertions(+), 1 deletion(-) > create mode 100755 python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index bef5458c881..1c7f05dda6d 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -22,6 +22,7 @@ import os > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > from collections import namedtuple >+import ldb > from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session >@@ -103,7 +104,7 @@ class KDCBaseTest(RawKerberosTest): > for dn in self.accounts: > delete_force(self.ldb, dn) > >- def create_account(self, name, machine_account=False, spn=None): >+ def create_account(self, name, machine_account=False, spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, > which is used by tearDown to clean up the created accounts. >@@ -133,6 +134,8 @@ class KDCBaseTest(RawKerberosTest): > "unicodePwd": utf16pw} > if spn is not None: > details["servicePrincipalName"] = spn >+ if upn is not None: >+ details["userPrincipalName"] = upn > self.ldb.add(details) > > creds = Credentials() >@@ -418,3 +421,27 @@ class KDCBaseTest(RawKerberosTest): > self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) > sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) > return sid.decode('utf8') >+ >+ def add_attribute(self, dn_str, name, value): >+ if isinstance(value, list): >+ values = value >+ else: >+ values = [value] >+ flag = ldb.FLAG_MOD_ADD >+ >+ dn = ldb.Dn(self.ldb, dn_str) >+ msg = ldb.Message(dn) >+ msg[name] = ldb.MessageElement(values, flag, name) >+ self.ldb.modify(msg) >+ >+ def modify_attribute(self, dn_str, name, value): >+ if isinstance(value, list): >+ values = value >+ else: >+ values = [value] >+ flag = ldb.FLAG_MOD_REPLACE >+ >+ dn = ldb.Dn(self.ldb, dn_str) >+ msg = ldb.Message(dn) >+ msg[name] = ldb.MessageElement(values, flag, name) >+ self.ldb.modify(msg) >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >new file mode 100755 >index 00000000000..356a25f8e18 >--- /dev/null >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -0,0 +1,814 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.dsdb import UF_NORMAL_ACCOUNT, UF_DONT_REQUIRE_PREAUTH >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ NT_ENTERPRISE_PRINCIPAL, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+ KDC_ERR_C_PRINCIPAL_UNKNOWN, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): >+ ''' Tests for MS-KILE client principal look-up >+ See [MS-KILE]: Kerberos Protocol Extensions >+ secion 3.3.5.6.1 Client Principal Lookup >+ ''' >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def check_pac(self, auth_data, dn, uc, name, upn=None): >+ >+ pac_data = self.get_pac_data(auth_data) >+ sid = self.get_objectSid(dn) >+ if upn is None: >+ upn = "%s@%s" % (name, uc.get_realm().lower()) >+ if name.endswith('$'): >+ name = name[:-1] >+ >+ self.assertEqual( >+ uc.get_username(), >+ str(pac_data.account_name), >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ name, >+ pac_data.logon_name, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ uc.get_realm(), >+ pac_data.domain_name, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ upn, >+ pac_data.upn, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ sid, >+ pac_data.account_sid, >+ "pac_data = {%s}" % str(pac_data)) >+ >+ def test_nt_principal_step_1(self): >+ ''' Step 1 >+ For an NT_PRINCIPAL cname with no realm or the realm matches the >+ DC's domain >+ search for an account with the >+ sAMAccountName matching the cname. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_2(self): >+ ''' Step 2 >+ If not found >+ search for sAMAccountName equal to the cname + "$" >+ >+ ''' >+ >+ # Create a machine account for the test. >+ # >+ user_name = "mskilemac" >+ (mc, dn) = self.create_account(user_name, machine_account=True) >+ realm = mc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(mc, rep) >+ key = self.get_as_rep_key(mc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, mc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, mc, mach_name + '$') >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_3(self): >+ ''' Step 3 >+ >+ If not found >+ search for a matching UPN name where the UPN is set to >+ cname@realm or cname@DC's domain name >+ >+ ''' >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ upn_name = "mskileupn" >+ upn = upn_name + "@" + self.credentials.get_realm().lower() >+ (uc, dn) = self.create_account(user_name, upn=upn) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[upn_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[upn_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, upn_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(upn_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_a(self): >+ ''' Step 4, no pre-authentication >+ If not found and no pre-authentication >+ search for a matching altSecurityIdentity >+ ''' >+ # Create a user account for the test. >+ # with an altSecurityIdentity, and with UF_DONT_REQUIRE_PREAUTH >+ # set. >+ # >+ # note that in this case IDL_DRSCrackNames is called with >+ # pmsgIn.formatOffered set to >+ # DS_USER_PRINCIPAL_NAME_AND_ALTSECID >+ # >+ # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way >+ # to trigger the no pre-auth step >+ >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.modify_attribute( >+ dn, >+ "userAccountControl", >+ str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH >+ # we should get a valid AS-RESP >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_as_reply(rep) >+ salt = "%s%s" % (realm.upper(), user_name) >+ key = self.PasswordKey_create( >+ rep['enc-part']['etype'], >+ uc.get_password(), >+ salt.encode('UTF8'), >+ rep['enc-part']['kvno']) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ # >+ # We get an empty authorization-data element in the ticket. >+ # i.e. no PAC >+ self.assertEqual([], enc_part['authorization-data']) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(alt_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_b(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ # Note: although we used the alt security id for the pre-auth >+ # we need to use the username for the auth >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_c(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ >+ This test uses the altsecid, so the AS-REQ should fail. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ # Use the alternate security identifier >+ # this should fail >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_sec]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) >+ >+ def test_enterprise_principal_step_1_3(self): >+ ''' Steps 1-3 >+ For an NT_ENTERPRISE_PRINCIPAL cname >+ search for a user principal name matching the cname >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ upn_name = "mskileupn" >+ upn = upn_name + "@" + self.credentials.get_realm().lower() >+ (uc, dn) = self.create_account(user_name, upn=upn) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[upn]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[upn]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, upn, upn=upn) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(upn.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_4(self): >+ ''' Step 4 >+ >+ If that fails >+ search for an account where the sAMAccountName matches >+ the name before the @ >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ ename = user_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, ename, upn=ename) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_5(self): >+ ''' Step 5 >+ >+ If that fails >+ search for an account where the sAMAccountName matches >+ the name before the @ with a $ appended. >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, dn) = self.create_account(mach_name, machine_account=True) >+ ename = mach_name + "@" + realm >+ uname = mach_name + "$@" + realm >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(mc, rep) >+ key = self.get_as_rep_key(mc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, mc, ename, upn=uname) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_6_a(self): >+ ''' Step 6, no pre-authentication >+ If not found and no pre-authentication >+ search for a matching altSecurityIdentity >+ ''' >+ # Create a user account for the test. >+ # with an altSecurityIdentity, and with UF_DONT_REQUIRE_PREAUTH >+ # set. >+ # >+ # note that in this case IDL_DRSCrackNames is called with >+ # pmsgIn.formatOffered set to >+ # DS_USER_PRINCIPAL_NAME_AND_ALTSECID >+ # >+ # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way >+ # to trigger the no pre-auth step >+ >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.modify_attribute( >+ dn, >+ "userAccountControl", >+ str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) >+ ename = alt_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH >+ # we should get a valid AS-RESP >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_as_reply(rep) >+ salt = "%s%s" % (realm.upper(), user_name) >+ key = self.PasswordKey_create( >+ rep['enc-part']['etype'], >+ uc.get_password(), >+ salt.encode('UTF8'), >+ rep['enc-part']['kvno']) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ # >+ # We get an empty authorization-data element in the ticket. >+ # i.e. no PAC >+ self.assertEqual([], enc_part['authorization-data']) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_enterprise_principal_step_6_b(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ ename = alt_name + "@" + realm >+ uname = user_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ # Note: although we used the alt security id for the pre-auth >+ # we need to use the username for the auth >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[uname]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, >+ names=[uname]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, uname, upn=uname) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(uname.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_6_c(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ >+ This test uses the altsecid, so the AS-REQ should fail. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ ename = alt_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ # Use the alternate security identifier >+ # this should fail >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = False >+ global_hexdump = False >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 33580964bbf..baa7b3b633a 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -96,6 +96,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tests.py', > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', >+ 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >index 7ab56b6721b..4e6ee93ce96 100644 >--- a/selftest/knownfail_heimdal_kdc >+++ b/selftest/knownfail_heimdal_kdc >@@ -2,3 +2,15 @@ > # We expect all the MIT specific compatability tests to fail on heimdal > # kerberos > ^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ >+# >+# Heimdal currently fails the following MS-KILE client principal lookup >+# tests >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index e64303c6b0f..2c2a643944c 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -275,3 +275,19 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > # following tests > ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\) > ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\) >+# >+# MIT currently fails the following MS-KILE tests. >+# >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_1 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_2 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >+ >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 0a83bcd6987..709b5b71da4 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1379,6 +1379,9 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > planpythontestsuite( > "ad_dc", > "samba.tests.krb5.kdc_tgs_tests") >+planpythontestsuite( >+ "ad_dc", >+ "samba.tests.krb5.ms_kile_client_principal_lookup_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 5f4d9fab0c0470fd2d20c20b8e6231d3ff60d294 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:54:05 +1200 >Subject: [PATCH 003/149] auth:creds: Remove unused variable > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1ea2de561839ad948efab5112fbe4c1eae44d9ee) >--- > auth/credentials/pycredentials.c | 3 --- > 1 file changed, 3 deletions(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index 95dde276ef7..76c97dd6877 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -604,8 +604,6 @@ static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused) > static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args) > { > char *newval; >- enum credentials_obtained obt = CRED_SPECIFIED; >- int _obt = obt; > struct cli_credentials *creds = PyCredentials_AsCliCredentials(self); > if (creds == NULL) { > PyErr_Format(PyExc_TypeError, "Credentials expected"); >@@ -615,7 +613,6 @@ static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args) > if (!PyArg_ParseTuple(args, "s", &newval)) { > return NULL; > } >- obt = _obt; > > cli_credentials_set_forced_sasl_mech(creds, newval); > Py_RETURN_NONE; >-- >2.25.1 > > >From 09f26a0d26a6b85a8a4ae9407283ae84c3115cdc Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:55:13 +1200 >Subject: [PATCH 004/149] auth:creds: Fix parameter in creds.set_named_ccache() > >Use the passed-in value for 'obtained' rather than always using >CRED_SPECIFIED. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2d05268aa0904221c452fc650fcdfb680efc20bb) >--- > auth/credentials/pycredentials.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index 76c97dd6877..dfc50e6d79a 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -800,6 +800,7 @@ static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args) > > if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx)) > return NULL; >+ obt = _obt; > > mem_ctx = talloc_new(NULL); > if (mem_ctx == NULL) { >@@ -815,7 +816,7 @@ static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args) > > ret = cli_credentials_set_ccache(creds, > lp_ctx, >- newval, CRED_SPECIFIED, >+ newval, obt, > &error_string); > > if (ret != 0) { >-- >2.25.1 > > >From 97574423b61744dbf9e065612068b9768eb70465 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:07:22 +1200 >Subject: [PATCH 005/149] pygensec: Fix method documentation > >This changes the docstrings to use the correct method names. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 50ade4cadc766a196316fd5c5a57f8c502f0ea22) >--- > source4/auth/gensec/pygensec.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 75ce478d4c9..568fc7c8db7 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -654,13 +654,13 @@ static PyMethodDef py_gensec_security_methods[] = { > METH_VARARGS|METH_KEYWORDS|METH_CLASS, > "S.start_server(auth_ctx, settings) -> gensec" }, > { "set_credentials", (PyCFunction)py_gensec_set_credentials, METH_VARARGS, >- "S.start_client(credentials)" }, >+ "S.set_credentials(credentials)" }, > { "set_target_hostname", (PyCFunction)py_gensec_set_target_hostname, METH_VARARGS, >- "S.start_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, >+ "S.set_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, > { "set_target_service", (PyCFunction)py_gensec_set_target_service, METH_VARARGS, >- "S.start_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, >+ "S.set_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, > { "set_target_service_description", (PyCFunction)py_gensec_set_target_service_description, METH_VARARGS, >- "S.start_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, >+ "S.set_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, > { "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS, > "S.session_info() -> info" }, > { "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS, >-- >2.25.1 > > >From 6287e047f941104b70e2934912784e633bd89fa2 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 15 Apr 2021 10:32:41 +1200 >Subject: [PATCH 006/149] Revert "s4-test: fixed ndrdump test for top level > build" > >This essentially reverts commit >b84c0a9ed6d556eb2d3797d606edcd03f9766606, but the datapath is now in the >source4 directory. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6f144d49b5281a08bf7be550b949f4d91e8fe19b) >--- > python/samba/tests/blackbox/ndrdump.py | 8 +------- > 1 file changed, 1 insertion(+), 7 deletions(-) > >diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py >index a33229e4740..69b17274026 100644 >--- a/python/samba/tests/blackbox/ndrdump.py >+++ b/python/samba/tests/blackbox/ndrdump.py >@@ -25,13 +25,7 @@ import os > import re > from samba.tests import BlackboxTestCase, BlackboxProcessError > >-for p in ["../../../../../source4/librpc/tests", >- "../../../../../librpc/tests"]: >- data_path_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), p)) >- print(data_path_dir) >- if os.path.exists(data_path_dir): >- break >- >+data_path_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../../source4/librpc/tests")) > > class NdrDumpTests(BlackboxTestCase): > """Blackbox tests for ndrdump.""" >-- >2.25.1 > > >From 1a9ccda4a7dad041f57f43187a9c20cbd0bc3982 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:57:00 +1200 >Subject: [PATCH 007/149] krb5ccache.idl: Add definition for a Kerberos > credentials cache > >Based on specifications found at >https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html > >This is primarily designed for parsing and storing a single Kerberos >ticket, due to the limitations of PIDL. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 74fb2cc473cea0eebf641fc4d32d706bac8aa6f2) >--- > librpc/idl/krb5ccache.idl | 115 +++++++++++++++++++++++++++++++++++ > librpc/idl/wscript_build | 1 + > librpc/wscript_build | 8 ++- > source4/librpc/wscript_build | 7 +++ > 4 files changed, 130 insertions(+), 1 deletion(-) > create mode 100644 librpc/idl/krb5ccache.idl > >diff --git a/librpc/idl/krb5ccache.idl b/librpc/idl/krb5ccache.idl >new file mode 100644 >index 00000000000..1f0cfa752a9 >--- /dev/null >+++ b/librpc/idl/krb5ccache.idl >@@ -0,0 +1,115 @@ >+/* >+ krb5 credentials cache (version 3 or 4) >+ specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html >+*/ >+ >+#include "idl_types.h" >+ >+[ >+ uuid("1702b695-99ca-4f32-93e4-1e1c4d5ddb53"), >+ version(0.0), >+ pointer_default(unique), >+ helpstring("KRB5 credentials cache") >+] >+interface krb5ccache >+{ >+ typedef struct { >+ uint32 name_type; >+ uint32 component_count; >+ [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string realm; >+ [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string components[component_count]; >+ } PRINCIPAL; >+ >+ typedef struct { >+ uint16 enctype; >+ DATA_BLOB data; >+ } KEYBLOCK; >+ >+ typedef struct { >+ uint16 addrtype; >+ DATA_BLOB data; >+ } ADDRESS; >+ >+ typedef struct { >+ uint32 count; >+ ADDRESS data[count]; >+ } ADDRESSES; >+ >+ typedef struct { >+ uint16 ad_type; >+ DATA_BLOB data; >+ } AUTHDATUM; >+ >+ typedef struct { >+ uint32 count; >+ AUTHDATUM data[count]; >+ } AUTHDATA; >+ >+ typedef struct { >+ PRINCIPAL client; >+ PRINCIPAL server; >+ KEYBLOCK keyblock; >+ uint32 authtime; >+ uint32 starttime; >+ uint32 endtime; >+ uint32 renew_till; >+ uint8 is_skey; >+ uint32 ticket_flags; >+ ADDRESSES addresses; >+ AUTHDATA authdata; >+ DATA_BLOB ticket; >+ DATA_BLOB second_ticket; >+ } CREDENTIAL; >+ >+ typedef struct { >+ [value(0)] int32 kdc_sec_offset; >+ [value(0)] int32 kdc_usec_offset; >+ } DELTATIME_TAG; >+ >+ typedef [nodiscriminant] union { >+ [case(1)] DELTATIME_TAG deltatime_tag; >+ } FIELD; >+ >+ typedef struct { >+ [value(1)] uint16 tag; >+ [subcontext(2),switch_is(tag)] FIELD field; >+ } V4TAG; >+ >+ typedef struct { >+ V4TAG tag; >+ /* >+ * We should allow for more than one tag to be properly parsed, but that >+ * would require manual parsing. >+ */ >+ [flag(NDR_REMAINING)] DATA_BLOB further_tags; >+ } V4TAGS; >+ >+ typedef struct { >+ [subcontext(2)] V4TAGS v4tags; >+ } V4HEADER; >+ >+ typedef [nodiscriminant] union { >+ /* >+ * We don't attempt to support file format versions 1 and 2 as they >+ * assume native CPU byte order, which makes no sense in PIDL. >+ */ >+ [case(3)] ; >+ [case(4)] V4HEADER v4header; >+ } OPTIONAL_HEADER; >+ >+ /* Public structures. */ >+ >+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { >+ [value(5)] uint8 pvno; >+ [value(4)] uint8 version; >+ [switch_is(version)] OPTIONAL_HEADER optional_header; >+ PRINCIPAL principal; >+ CREDENTIAL cred; >+ [flag(NDR_REMAINING)] DATA_BLOB further_creds; >+ } CCACHE; >+ >+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { >+ CREDENTIAL cred; >+ [flag(NDR_REMAINING)] DATA_BLOB further_creds; >+ } MULTIPLE_CREDENTIALS; >+} >diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build >index 928f54abde0..0cbd7f8fdfc 100644 >--- a/librpc/idl/wscript_build >+++ b/librpc/idl/wscript_build >@@ -147,6 +147,7 @@ bld.SAMBA_PIDL_LIST('PIDL', > drsblobs.idl > idmap.idl > krb5pac.idl >+ krb5ccache.idl > messaging.idl > misc.idl > nbt.idl >diff --git a/librpc/wscript_build b/librpc/wscript_build >index 02b7640046e..e4632d538a4 100644 >--- a/librpc/wscript_build >+++ b/librpc/wscript_build >@@ -374,6 +374,11 @@ bld.SAMBA_LIBRARY('ndr-krb5pac', > vnum='0.0.1' > ) > >+bld.SAMBA_SUBSYSTEM('NDR_KRB5CCACHE', >+ source='gen_ndr/ndr_krb5ccache.c', >+ deps='ndr NDR_COMPRESSION NDR_SECURITY ndr-standard asn1util' >+ ) >+ > bld.SAMBA_LIBRARY('ndr-standard', > source='', > vnum='0.0.1', >@@ -616,7 +621,8 @@ bld.SAMBA_LIBRARY('ndr-samba', > source=[], > deps='''NDR_DRSBLOBS NDR_DRSUAPI NDR_IDMAP NDR_NTLMSSP NDR_NEGOEX NDR_SCHANNEL NDR_MGMT > NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM >- NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV''', >+ NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV >+ NDR_KRB5CCACHE''', > private_library=True, > grouping_library=True > ) >diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build >index 009b2e13d2e..ea9c4853d7a 100644 >--- a/source4/librpc/wscript_build >+++ b/source4/librpc/wscript_build >@@ -229,6 +229,13 @@ bld.SAMBA_PYTHON('python_krb5pac', > cflags_end=gen_cflags > ) > >+bld.SAMBA_PYTHON('python_krb5ccache', >+ source='../../librpc/gen_ndr/py_krb5ccache.c', >+ deps='NDR_KRB5CCACHE %s %s' % (pytalloc_util, pyrpc_util), >+ realname='samba/dcerpc/krb5ccache.so', >+ cflags_end=gen_cflags >+ ) >+ > bld.SAMBA_PYTHON('python_netlogon', > source='../../librpc/gen_ndr/py_netlogon.c', > deps='RPC_NDR_NETLOGON %s %s' % (pytalloc_util, pyrpc_util), >-- >2.25.1 > > >From 3ca348ac2161357559005a96e328dc3acd0a59f0 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:58:48 +1200 >Subject: [PATCH 008/149] librpc: Test parsing a Kerberos 5 credentials cache > with ndrdump > >This is the format used by the FILE: credentials cache type. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f17b1edca9c1638ef404fadce3ca7a4d176de12) >--- > python/samba/tests/blackbox/ndrdump.py | 37 + > source3/selftest/ktest-krb5_ccache-2.txt | 1574 ++++++++++++++++++++++ > source3/selftest/ktest-krb5_ccache-3.txt | 832 ++++++++++++ > 3 files changed, 2443 insertions(+) > create mode 100644 source3/selftest/ktest-krb5_ccache-2.txt > create mode 100644 source3/selftest/ktest-krb5_ccache-3.txt > >diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py >index 69b17274026..7833ec98119 100644 >--- a/python/samba/tests/blackbox/ndrdump.py >+++ b/python/samba/tests/blackbox/ndrdump.py >@@ -320,6 +320,43 @@ dump OK > # convert expected to bytes for python 3 > self.assertEqual(actual, expected.encode('utf-8')) > >+ def test_ndrdump_Krb5ccache(self): >+ expected = open(self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-2.txt")).read() >+ try: >+ # Specify -d1 to match the generated output file, because ndrdump >+ # only outputs some additional info if this parameter is specified, >+ # and the --configfile parameter gives us an empty smb.conf to avoid >+ # extraneous output. >+ actual = self.check_output( >+ "ndrdump krb5ccache CCACHE struct " >+ "--configfile /dev/null -d1 --validate " + >+ self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-2")) >+ except BlackboxProcessError as e: >+ self.fail(e) >+ # check_output will return bytes >+ # convert expected to bytes for python 3 >+ self.assertEqual(actual, expected.encode('utf-8')) >+ >+ expected = open(self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-3.txt")).read() >+ try: >+ # Specify -d1 to match the generated output file, because ndrdump >+ # only outputs some additional info if this parameter is specified, >+ # and the --configfile parameter gives us an empty smb.conf to avoid >+ # extraneous output. >+ actual = self.check_output( >+ "ndrdump krb5ccache CCACHE struct " >+ "--configfile /dev/null -d1 --validate " + >+ self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-3")) >+ except BlackboxProcessError as e: >+ self.fail(e) >+ # check_output will return bytes >+ # convert expected to bytes for python 3 >+ self.assertEqual(actual, expected.encode('utf-8')) >+ > # This is a good example of a union with an empty default > # and no buffers to parse. > def test_ndrdump_fuzzed_spoolss_EnumForms(self): >diff --git a/source3/selftest/ktest-krb5_ccache-2.txt b/source3/selftest/ktest-krb5_ccache-2.txt >new file mode 100644 >index 00000000000..c86750ae585 >--- /dev/null >+++ b/source3/selftest/ktest-krb5_ccache-2.txt >@@ -0,0 +1,1574 @@ >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] 8B 94 0B 31 51 5B F7 A7 15 E9 EE D7 D7 0C 8C 90 ...1Q[.. ........ >+ authtime : 0x4d994f6a (1301892970) >+ starttime : 0x4d994f6a (1301892970) >+ endtime : 0x7d440b68 (2101611368) >+ renew_till : 0x7d440b68 (2101611368) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 80 66 8F CF AB 24 9D C8 76 E4 28 F5 25 6B 73 B2 .f...$.. v.(.%ks. >+[0080] 4B 94 ED 09 10 29 05 C4 C0 B8 B9 33 FA C4 46 AB K....).. ...3..F. >+[0090] F4 B5 9E 5B 07 54 D6 58 1D B8 CA 04 41 A6 33 A6 ...[.T.X ....A.3. >+[00A0] 67 9D EB 83 70 65 A9 2D 65 A5 19 8C 55 2A 0F FC g...pe.- e...U*.. >+[00B0] 1B BB 7A BD 86 C0 32 06 F2 2F 0A A5 93 E7 D1 1E ..z...2. ./...... >+[00C0] 16 C4 27 DD 1F A7 61 03 FF 05 81 EF 49 B7 25 A3 ..'...a. ....I.%. >+[00D0] 6E EA E6 E8 15 E3 10 AF A3 F1 21 B3 D9 C0 67 2F n....... ..!...g/ >+[00E0] 0C 0C B7 42 D6 9A 34 8E D4 5E 55 C2 FE 62 03 37 ...B..4. .^U..b.7 >+[00F0] A5 58 9B 43 E7 26 E3 71 B2 E5 F1 91 B4 23 8F AC .X.C.&.q .....#.. >+[0100] 7A 31 3C 4E B4 94 E4 81 36 98 71 3B 98 7B B7 AB z1<N.... 6.q;.{.. >+[0110] D5 AA D3 34 2A 3B C8 D7 61 EE 60 F9 68 9C A0 56 ...4*;.. a.`.h..V >+[0120] 51 E7 85 81 DE EF B9 9F 8B 4A 07 E1 05 93 08 5A Q....... .J.....Z >+[0130] AE B3 92 A5 17 40 B1 1C 42 A9 E4 AD 3C B4 4E D3 .....@.. B...<.N. >+[0140] BE 68 C4 0C 81 C0 AB 2D 3E 81 09 BD 16 82 EB C5 .h.....- >....... >+[0150] 1A 69 EE 8C 4E A4 D8 55 A5 0B 23 0F D0 89 48 C4 .i..N..U ..#...H. >+[0160] 51 FE 32 FD CC F6 71 E1 95 2D CC 1D 0A 0C 8A A2 Q.2...q. .-...... >+[0170] 69 58 3B 65 88 53 EC D0 2E E1 C6 CC 6B BC 09 E5 iX;e.S.. ....k... >+[0180] B9 15 27 8B E4 B2 24 18 61 42 BB 8B 09 1B 8A 7B ..'...$. aB.....{ >+[0190] 13 D8 51 E1 0B 79 12 48 DE A9 54 04 00 6D DD E6 ..Q..y.H ..T..m.. >+[01A0] 5E 03 91 FF C7 6D 0B 7C 91 44 E1 0F C0 7E 32 34 ^....m.| .D...~24 >+[01B0] 82 86 94 F7 CD 53 EC 52 38 18 AA ED FF FC 5C 01 .....S.R 8.....\. >+[01C0] D2 EE 99 45 8E 5B E6 B3 46 B0 F6 3B 22 29 EC 11 ...E.[.. F..;").. >+[01D0] 30 6A F6 A1 1F 9E AE 71 E3 A6 E7 3F F3 7D 2B 75 0j.....q ...?.}+u >+[01E0] 70 4D 63 47 5C 18 2C 8B B1 1A 69 B6 C5 46 01 17 pMcG\.,. ..i..F.. >+[01F0] 8E 64 3D 47 88 20 1C AA D7 60 32 28 11 60 EA 28 .d=G. .. .`2(.`.( >+[0200] 66 99 4C B1 2A 28 96 BF 18 2A 3E F4 D6 84 E5 A0 f.L.*(.. .*>..... >+[0210] F4 4E E7 F9 54 95 22 96 2A 87 01 CC 3E A7 FF 42 .N..T.". *...>..B >+[0220] 6A A4 4A 3A B9 24 10 65 99 53 58 2A 4E 72 E7 1F j.J:.$.e .SX*Nr.. >+[0230] 82 BC BD 3C 6C 9D 33 3A CE C6 6E 72 A2 81 B3 84 ...<l.3: ..nr.... >+[0240] 82 DF 3C 1F 76 E5 B8 08 AD 0A 6C 7D 7B D5 0C 46 ..<.v... ..l}{..F >+[0250] 69 A4 F4 E9 9E 3D D7 2D E1 43 D1 7A 52 16 75 56 i....=.- .C.zR.uV >+[0260] 54 83 D5 2A 2F A7 D2 CB 48 FE FF DB AE 46 F2 5B T..*/... H....F.[ >+[0270] F4 52 BE C8 5E B1 04 95 52 35 3E 92 E0 02 F7 85 .R..^... R5>..... >+[0280] AB F0 D0 93 08 42 E5 37 19 24 4E C1 AF FC 92 A9 .....B.7 .$N..... >+[0290] B1 27 B1 9A 2A 62 34 F1 DC C0 6B 83 AE C3 74 E8 .'..*b4. ..k...t. >+[02A0] A3 05 DD 82 DD A3 D7 90 A8 E3 9C EB 64 16 23 06 ........ ....d.#. >+[02B0] 5D FB E4 35 7C 22 29 78 E3 3B 75 92 91 0C 9D A1 ]..5|")x .;u..... >+[02C0] 87 7C 2E 82 AE 49 9D 4A 50 A9 C2 D5 85 B0 16 5D .|...I.J P......] >+[02D0] A2 CD B0 DD 29 3F 6F 66 C9 C1 9F 5C F0 B6 FC D2 ....)?of ...\.... >+[02E0] 52 BE 7B F0 1F 26 AF 8A FC C3 A6 24 8C C0 10 06 R.{..&.. ...$.... >+[02F0] 73 1E 17 9E 6E 6F 32 44 6A DF 82 5D D0 6B 74 CE s...no2D j..].kt. >+[0300] 58 0B 4C 7B EB A1 13 44 B1 3E D8 F8 BA F4 4E 55 X.L{...D .>....NU >+[0310] 71 3D C1 09 D9 E7 97 9A 14 5C 54 7E 57 81 5F 6B q=...... .\T~W._k >+[0320] 30 BE 9A E1 98 29 47 D4 C0 8F 63 0A F8 27 1F CE 0....)G. ..c..'.. >+[0330] ED D9 BB 7B 12 24 D0 34 2A 7C F0 F7 77 F4 F1 1D ...{.$.4 *|..w... >+[0340] 4C 5D 75 2D 6B 0D 80 35 82 CC D8 7A 6B FA A0 55 L]u-k..5 ...zk..U >+[0350] 34 CD 87 15 61 38 78 D4 69 0F AA 72 D6 AC FA 99 4...a8x. i..r.... >+[0360] BC 70 39 27 A7 25 2E 1B 6F 36 01 FD E9 B4 9A 79 .p9'.%.. o6.....y >+[0370] 6C 19 DD A6 8C 78 B0 40 92 60 58 F0 28 AD 08 78 l....x.@ .`X.(..x >+[0380] 4A 29 06 2C 82 2B 1A E3 91 0B 5F EE D6 B8 66 47 J).,.+.. .._...fG >+[0390] 31 9B A3 DF 9F 79 D7 BB 0E 2C FA 0E C9 66 84 8D 1....y.. .,...f.. >+[03A0] FF BA BB 21 27 9E AD 86 84 55 8D 4C 4C 47 D9 5F ...!'... .U.LLG._ >+[03B0] B2 7D 26 CA B7 49 3C 9D 1B 67 71 11 3A 8A EB EA .}&..I<. .gq.:... >+[03C0] 0F 15 EB F0 1E 46 F7 A4 34 04 D7 E3 50 67 47 D3 .....F.. 4...PgG. >+[03D0] 66 21 17 77 51 A7 1F 1D 84 3B 7C B1 5D 4E B8 D4 f!.wQ... .;|.]N.. >+[03E0] F9 C5 75 06 AA 19 45 1C E9 06 9E AD 23 26 6B 10 ..u...E. ....#&k. >+[03F0] 53 A0 36 D3 58 9F 5E 8C CB A5 F6 BC C9 30 3C BC S.6.X.^. .....0<. >+[0400] AD FF 7C 92 F0 C6 9A 02 ..|..... >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=10683 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 PLE.COM. ...cifs. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 72 3A 0C .....n.. 1mH..r:. >+[0080] 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D 44 0B 68 K...M.Oj M.P.}D.h >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 ........ 0...cifs >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 FC 5E 51 ........ .d.1..^Q >+[0110] 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 12 74 2D <..4G;.o o.....t- >+[0120] 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB F1 15 FD D....-F> ........ >+[0130] BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 A2 9D 2D ..... j8 .F.'...- >+[0140] 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B 70 E4 51 ...}...| .G..{p.Q >+[0150] 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 55 75 44 j.Qhb(J. Q....UuD >+[0160] 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 C1 0C 3A ......4. .1..C..: >+[0170] B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 AF E1 61 .i. ...e O. ....a >+[0180] 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B 74 D5 8F ...c&.]. <.).{t.. >+[0190] 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD 22 9A A5 ,.K..$W7 .....".. >+[01A0] 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 28 4B 7B ..Jx.6.. ..'..(K{ >+[01B0] DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 26 91 78 ..B..... ....H&.x >+[01C0] A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 4D 38 C7 ...l$... .....M8. >+[01D0] 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 53 C5 16 }IU..F.. {..bcS.. >+[01E0] 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 7E 40 65 J...|..E ...Xg~@e >+[01F0] 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 56 E8 A1 KH...... 9....V.. >+[0200] 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F 18 CE 2F .zz.`..) ...L.../ >+[0210] 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 08 FC BF ...[l..E .s..U... >+[0220] C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 2D F1 3B ..Q..,.. <....-.; >+[0230] A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB 8A 18 BD ....*g.. ..|l.... >+[0240] D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 7E 7D C4 .].^h0.X ....&~}. >+[0250] E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED 42 79 31 ........ .^^j.By1 >+[0260] BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 36 C9 1E .._:?..c .....6.. >+[0270] 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 DE 26 85 .}A....& ..P^..&. >+[0280] 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 79 8F 77 0q.E;... ..*<.y.w >+[0290] 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB 25 7B B1 L.iz.... ...x.%{. >+[02A0] 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D C8 AB 04 <."'..u. ..@.m... >+[02B0] 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D E6 15 2C .A..%q.S :...M.., >+[02C0] B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 F5 E9 B2 .Gl..}.. ....!... >+[02D0] 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA 08 0D CE B.h(..7" .0.S.... >+[02E0] CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 56 72 C6 ..a...-u .A.L.Vr. >+[02F0] B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 A0 BD 68 ...4...\ .......h >+[0300] EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 83 84 D4 ..2..Q.? g.{.p... >+[0310] CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 05 CF 26 .RU6a.`. [o..b..& >+[0320] 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F B0 B8 07 .e.`K.c. ..D./... >+[0330] FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F 44 09 20 ...P.V.. .%v..D. >+[0340] 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 93 B1 30 ....c.TF ..^....0 >+[0350] 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A 1F C1 08 1{..#C;. }9g..... >+[0360] AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A 7F 1D 4A .4$.t... 4.aWj..J >+[0370] 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 0F DF 44 ...x...T ."..i..D >+[0380] 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C 53 E3 85 |.k.AcP. :..{LS.. >+[0390] 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC 84 84 D9 s....u.P ........ >+[03A0] BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 9B EC 5C ...y.j.. ..~."..\ >+[03B0] C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B 80 E6 67 .k...U2^ #......g >+[03C0] B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 24 8A B1 .Y..]... .}...$.. >+[03D0] 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 21 7C 3D 7.`..5H2 .....!|= >+[03E0] 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC 34 C1 2D !.k.1... L+.^.4.- >+[03F0] DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 07 06 72 ..l.m.`. U......r >+[0400] C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 CB 53 6B ..N..k>. ..uM..Sk >+[0410] 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 B7 D8 F5 4./..9.. n'.mA... >+[0420] 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 84 5E 82 .......V ......^. >+[0430] C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 FA 66 A0 ........ ;.....f. >+[0440] DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B 4D 72 9F .2`..F.< ..o..Mr. >+[0450] 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 B6 1B 9F ...qn|.. ..M..... >+[0460] 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 C2 69 E5 bq.,.... ..y...i. >+[0470] 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C 52 17 03 ~.W...N. ...OLR.. >+[0480] AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 95 61 2E ...4`.|. .607..a. >+[0490] CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D 84 D5 00 .p."p... n=0.M... >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 6....... n..1mH.. >+[0520] 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D r:.K...M .OjM.P.} >+[0530] 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 D.h..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 ........ ....d.1. >+[05B0] FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 .^Q<..4G ;.oo.... >+[05C0] 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB .t-D.... -F>..... >+[05D0] F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 ........ j8.F.'. >+[05E0] A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B ..-...}. ..|.G..{ >+[05F0] 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 p.Qj.Qhb (J.Q.... >+[0600] 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 UuD..... .4..1..C >+[0610] C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 ..:.i. . ..eO. .. >+[0620] AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B ..a...c& .].<.).{ >+[0630] 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD t..,.K.. $W7..... >+[0640] 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 "....Jx. 6....'.. >+[0650] 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 (K{..B.. .......H >+[0660] 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 &.x...l$ ........ >+[0670] 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 M8.}IU.. F..{..bc >+[0680] 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 S..J...| ..E...Xg >+[0690] 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 ~@eKH... ...9.... >+[06A0] 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F V...zz.` ..)...L. >+[06B0] 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 ../...[l ..E.s..U >+[06C0] 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 .....Q.. ,..<.... >+[06D0] 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB -.;....* g....|l. >+[06E0] 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 ....].^h 0.X....& >+[06F0] 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED ~}...... ....^^j. >+[0700] 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 By1.._:? ..c..... >+[0710] 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 6...}A.. ..&..P^. >+[0720] DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 .&.0q.E; .....*<. >+[0730] 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB y.wL.iz. ......x. >+[0740] 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D %{.<."'. .u...@.m >+[0750] C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D ....A..% q.S:...M >+[0760] E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 ..,.Gl.. }......! >+[0770] F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA ...B.h(. .7".0.S. >+[0780] 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 .....a.. .-u.A.L. >+[0790] 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 Vr....4. ..\..... >+[07A0] A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 ..h..2.. Q.?g.{.p >+[07B0] 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 ....RU6a .`.[o..b >+[07C0] 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F ..&.e.`K .c...D./ >+[07D0] B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F ......P. V...%v.. >+[07E0] 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 D. ....c .TF..^.. >+[07F0] 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A ..01{..# C;.}9g.. >+[0800] 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A ....4$.t ...4.aWj >+[0810] 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 ..J...x. ..T."..i >+[0820] 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C ..D|.k.A cP.:..{L >+[0830] 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC S..s.... u.P..... >+[0840] 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 ......y. j....~." >+[0850] 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B ..\.k... U2^#.... >+[0860] 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 ..g.Y..] ....}... >+[0870] 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 $..7.`.. 5H2..... >+[0880] 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC !|=!.k.1 ...L+.^. >+[0890] 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 4.-..l.m .`.U.... >+[08A0] 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 ..r..N.. k>...uM. >+[08B0] CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 .Sk4./.. 9..n'.mA >+[08C0] B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 ........ ..V..... >+[08D0] 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 .^...... ...;.... >+[08E0] FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B .f..2`.. F.<..o.. >+[08F0] 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 Mr....qn |....M.. >+[0900] B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 ...bq.,. .....y.. >+[0910] C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C .i.~.W.. .N....OL >+[0920] 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 R.....4` .|..607. >+[0930] 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D .a..p."p ...n=0.M >+[0940] 84 D5 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 63 69 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 .cifs... .localkt >+[09B0] 65 73 74 36 00 17 00 00 00 10 00 6E A1 B2 31 6D est6.... ...n..1m >+[09C0] 48 C7 90 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 H..r:.K. ..M.OjM. >+[09D0] 50 85 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 P.}D.h.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 63 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 ..cifs.. localkte >+[0A30] 73 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 st6....0 ........ >+[0A40] A1 03 02 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 ........ .......d >+[0A50] A8 31 00 FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD .1..^Q<. .4G;.oo. >+[0A60] 9E A6 91 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB ....t-D. ...-F>.. >+[0A70] FB C4 FB F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 ........ ... j8.F >+[0A80] 06 27 D9 A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 .'...-.. .}...|.G >+[0A90] 17 BC 7B 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 ..{p.Qj. Qhb(J.Q. >+[0AA0] 0D CD 02 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 ...UuD.. ....4..1 >+[0AB0] 85 9E 43 C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 ..C..:.i . ...eO. >+[0AC0] 20 C9 B5 AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD ....a.. .c&.].<. >+[0AD0] 29 BB 7B 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 ).{t..,. K..$W7.. >+[0AE0] F7 91 FD 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A ...".... Jx.6.... >+[0AF0] 27 8A C6 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F '..(K{.. B....... >+[0B00] 9C B8 48 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 ..H&.x.. .l$..... >+[0B10] B3 D3 85 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA ...M8.}I U..F..{. >+[0B20] 11 62 63 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 .bcS..J. ..|..E.. >+[0B30] 98 58 67 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 .Xg~@eKH ......9. >+[0B40] 04 C0 A8 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC ...V...z z.`..).. >+[0B50] 82 4C 8F 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 .L.../.. .[l..E.s >+[0B60] CB A4 55 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD ..U..... Q..,..<. >+[0B70] F6 F0 A3 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 ...-.;.. ..*g.... >+[0B80] 7C 6C FB 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 |l.....] .^h0.X.. >+[0B90] 13 E0 26 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E ..&~}... .......^ >+[0BA0] 5E 6A ED 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB ^j.By1.. _:?..c.. >+[0BB0] 06 AE 12 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 ...6...} A....&.. >+[0BC0] 50 5E D0 DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 P^..&.0q .E;..... >+[0BD0] 2A 3C E0 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC *<.y.wL. iz...... >+[0BE0] FF 78 DB 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 .x.%{.<. "'..u... >+[0BF0] 40 95 6D C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 @.m....A ..%q.S:. >+[0C00] 9C B2 4D E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B ..M..,.G l..}.... >+[0C10] C9 1E 21 F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 ..!...B. h(..7".0 >+[0C20] 8D 53 FA 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 .S...... a...-u.A >+[0C30] 85 4C 88 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA .L.Vr... .4...\.. >+[0C40] 80 90 82 A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB .....h.. 2..Q.?g. >+[0C50] 7B EB 70 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F {.p....R U6a.`.[o >+[0C60] FE 9A 62 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 ..b..&.e .`K.c... >+[0C70] 44 B4 2F B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 D./..... .P.V...% >+[0C80] 76 0B 0F 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB v..D. .. ..c.TF.. >+[0C90] 5E 0B 09 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 ^....01{ ..#C;.}9 >+[0CA0] 67 FE 9A 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F g......4 $.t...4. >+[0CB0] 61 57 6A 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 aWj..J.. .x...T." >+[0CC0] 86 D6 69 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 ..i..D|. k.AcP.:. >+[0CD0] B9 7B 4C 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 .{LS..s. ...u.P.. >+[0CE0] B0 CF CC 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 ........ .y.j.... >+[0CF0] 7E E9 22 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 ~."..\.k ...U2^#. >+[0D00] C0 D4 8B 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D .....g.Y ..]....} >+[0D10] E2 FE B1 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 ...$..7. `..5H2.. >+[0D20] E8 12 E6 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B ...!|=!. k.1...L+ >+[0D30] 1C 5E EC 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E .^.4.-.. l.m.`.U. >+[0D40] E6 D0 B5 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A .....r.. N..k>... >+[0D50] 75 4D E8 CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 uM..Sk4. /..9..n' >+[0D60] 00 6D 41 B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 .mA..... .....V.. >+[0D70] 04 1D 98 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 ....^... ......;. >+[0D80] 98 1C D8 FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 ....f..2 `..F.<.. >+[0D90] 6F F2 8B 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 o..Mr... .qn|.... >+[0DA0] 4D F1 A1 B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B M.....bq .,...... >+[0DB0] 79 90 F1 C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 y...i.~. W...N... >+[0DC0] EA 4F 4C 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 .OLR.... .4`.|..6 >+[0DD0] 30 37 88 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 07..a..p ."p...n= >+[0DE0] 30 F7 4D 84 D5 00 00 00 00 00 00 00 01 00 00 00 0.M..... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 1D C8 5E LKTEST6. .......^ >+[0E60] 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 4D 99 4F FH..)... .rm..M.O >+[0E70] 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 00 40 28 jM...}D. h.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE 07 48 DA f..F..s- ...J..H. >+[0F00] 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 2D F5 9C ..X0C@.. ..;..-.. >+[0F10] 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED 8B 8B 1B >./..... ...p.... >+[0F20] 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 00 32 B1 ^.N..... a...V.2. >+[0F30] DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 D4 19 74 ..7)./.. .C.....t >+[0F40] 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 63 9B D4 3.iR.X.. ...D.c.. >+[0F50] 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D 29 B6 ED Nn.>...M ....m).. >+[0F60] 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A E2 29 AF *b=S"3.. ..tL*.). >+[0F70] 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 5E C1 68 [i.H-... ..T..^.h >+[0F80] 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 3B 10 17 o...y... .vfE.;.. >+[0F90] 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A C0 EA 38 .@F..... ....:..8 >+[0FA0] 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D 65 F0 D2 ;..K...' .b...e.. >+[0FB0] C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 4F A2 4A .^.e.... .1..IO.J >+[0FC0] 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 31 C8 40 pw...[7\ .....1.@ >+[0FD0] 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1C 53 52 ..h..}.T ORa1,.SR >+[0FE0] DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 97 97 3D ....9.}. .."....= >+[0FF0] 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 DF B7 C1 ^f....N. +.c 0... >+[1000] D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B 09 04 31 .e.o-.$. ..nK..1 >+[1010] B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D D9 0C 4C ....72.. s...M..L >+[1020] 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 A7 1F 33 [..jQ..? .F.s...3 >+[1030] 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F AA C7 E8 .|..Z#.@ |....... >+[1040] 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 69 B0 C1 c..:J..b .!...i.. >+[1050] 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 48 AB D7 .Q....B[ .08..H.. >+[1060] FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 FC C1 DC ....q... TB...... >+[1070] F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C 26 67 32 ..0b...} +4.RL&g2 >+[1080] D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 D6 EB 98 .D..'... ..f5.... >+[1090] 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B 20 D6 33 Fo.G..1. G.e.. .3 >+[10A0] 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 3E 4B 32 6;.@/Z.. ....3>K2 >+[10B0] 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 6A 3E D2 ..".._.. ...[Yj>. >+[10C0] FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 44 C0 1F ..O....o +.7.7D.. >+[10D0] 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE 72 5B 3A ..CF.^.. .9pa.r[: >+[10E0] 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 81 A0 0D .7.x.... ...G.... >+[10F0] 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 5A 4D E2 b..46... ...>wZM. >+[1100] 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 59 F7 A3 _ p==[4. ..1..Y.. >+[1110] F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 31 D4 F3 .f...... .3.."1.. >+[1120] 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 9E 91 B8 g.h ..rz od.h.... >+[1130] E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 58 14 60 ..ml8t.. ..%..X.` >+[1140] 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A 86 21 D3 ...L..g> 5gq.*.!. >+[1150] 60 61 98 16 94 67 0B 52 76 63 93 BD A3 3B A9 F0 `a...g.R vc...;.. >+[1160] A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D 94 71 59 .j...5d. j. .=.qY >+[1170] 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B 7A A8 E6 ^....M.. K.d.;z.. >+[1180] D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 C9 2F 77 ..vq&.\. .U..../w >+[1190] DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B 44 11 6B ...H.... 1....D.k >+[11A0] 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D F4 CC EA |.z].n.. ...4.... >+[11B0] 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 C6 16 57 7$K..... )...9..W >+[11C0] D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 56 9C EC ..W.l~.. .....V.. >+[11D0] 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F 16 25 31 .>!..|.< ....o.%1 >+[11E0] C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 DB 85 CC .(...G1P ........ >+[11F0] 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 10 8C 82 kK,...-. m....... >+[1200] 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 0A 4F E3 /.....w@ PB.B..O. >+[1210] 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 5B C3 1A ll...... }.<s"[.. >+[1220] 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 54 C0 E3 .5.:.m.h ..e~.T.. >+[1230] 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 25 4A 92 }j2L.>.x K....%J. >+[1240] 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 75 28 2F .l...Y.. .....u(/ >+[1250] F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 C4 A0 8D .*p(.E.u .Nb..... >+[1260] 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 09 EB 05 U....... $...@... >+[1270] 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 95 01 50 ...1P2/. ...K...P >+[1280] 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 00 00 01 n.#I.r!. ........ >+[1290] 00 00 00 01 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[12A0] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[12B0] 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 ...admin istrator >+[12C0] 00 00 00 01 00 00 00 02 00 00 00 17 4B 54 45 53 ........ ....KTES >+[12D0] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[12E0] 43 4F 4D 00 00 00 04 63 69 66 73 00 00 00 0B 4C COM....c ifs....L >+[12F0] 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 00 00 10 OCALKTES T6...... >+[1300] 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 ..^FH..) ....rm.. >+[1310] 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 M.OjM... }D.h.... >+[1320] 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 03 .@(..... ........ >+[1330] FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 .a...0.. ........ >+[1340] 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1350] 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 AMPLE.CO M..0.... >+[1360] 01 01 A1 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F ....0... cifs..LO >+[1370] 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 CALKTEST 6....0.. >+[1380] AA A0 03 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 ........ ........ >+[1390] 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE ...f..F. .s-...J. >+[13A0] 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 .H...X0C @....;.. >+[13B0] 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED -..>./.. ......p. >+[13C0] 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 ...^.N.. ...a...V >+[13D0] 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 .2...7). /...C... >+[13E0] D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 ..t3.iR. X.....D. >+[13F0] 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D c..Nn.>. ..M....m >+[1400] 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A )..*b=S" 3....tL* >+[1410] E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 .).[i.H- .....T.. >+[1420] 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 ^.ho...y ....vfE. >+[1430] 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A ;...@F.. .......: >+[1440] C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D ..8;..K. ..'.b... >+[1450] 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 e...^.e. ....1..I >+[1460] 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 O.Jpw... [7\..... >+[1470] 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1.@..h.. }.TORa1, >+[1480] 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 .SR....9 .}...".. >+[1490] 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 ..=^f... .N.+.c 0 >+[14A0] DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B ....e.o- .$. ..nK >+[14B0] 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D ..1....7 2..s...M >+[14C0] D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 ..L[..jQ ..?.F.s. >+[14D0] A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F ..3.|..Z #.@|.... >+[14E0] AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 ...c..:J ..b.!... >+[14F0] 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 i...Q... .B[.08.. >+[1500] 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 H......q ...TB... >+[1510] FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C .....0b. ..}+4.RL >+[1520] 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 &g2.D..' .....f5. >+[1530] D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B ...Fo.G. .1.G.e.. >+[1540] 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 .36;.@/ Z......3 >+[1550] 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 >K2..".. _.....[Y >+[1560] 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 j>...O.. ..o+.7.7 >+[1570] 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE D....CF. ^...9pa. >+[1580] 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 r[:.7.x. ......G. >+[1590] 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 ...b..46 ......>w >+[15A0] 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 ZM._ p== [4...1.. >+[15B0] 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 Y...f... ....3.." >+[15C0] 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 1..g.h . .rzod.h. >+[15D0] 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 .....ml8 t....%.. >+[15E0] 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A X.`...L. .g>5gq.* >+[15F0] 86 21 D3 60 61 98 16 94 67 0B 52 76 63 93 BD A3 .!.`a... g.Rvc... >+[1600] 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D ;...j... 5d.j. .= >+[1610] 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B .qY^.... M..K.d.; >+[1620] 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 z....vq& .\..U... >+[1630] C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B ./w...H. ...1.... >+[1640] 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D D.k|.z]. n.....4. >+[1650] F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 ...7$K.. ...)...9 >+[1660] C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 ..W..W.l ~....... >+[1670] 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F V...>!.. |.<....o >+[1680] 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 .%1.(... G1P..... >+[1690] DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 ...kK,.. .-.m.... >+[16A0] 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 .../.... .w@PB.B. >+[16B0] 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 .O.ll... ...}.<s" >+[16C0] 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 [...5.:. m.h..e~. >+[16D0] 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 T..}j2L. >.xK.... >+[16E0] 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 %J..l... Y....... >+[16F0] 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 u(/.*p(. E.u.Nb.. >+[1700] C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 ...U.... ...$...@ >+[1710] 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 ......1P 2/....K. >+[1720] 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 ..Pn.#I. r!...... >+[1730] 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 54 ........ ...KTEST >+[1740] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[1750] 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 OM....ad ministra >+[1760] 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 4B tor..... .......K >+[1770] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[1780] 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 00 LE.COM.. ..cifs.. >+[1790] 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 ..LOCALK TEST6... >+[17A0] 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 .....^FH ..)....r >+[17B0] 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 m..M.OjM ...}D.h. >+[17C0] 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 00 ....@(.. ........ >+[17D0] 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 ....a... 0....... >+[17E0] 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[17F0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C .EXAMPLE .COM..0. >+[1800] A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 1B .......0 ...cifs. >+[1810] 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE .LOCALKT EST6.... >+[1820] 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 82 0....... ........ >+[1830] 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 ......f. .F..s-.. >+[1840] FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F .J..H... X0C@.... >+[1850] 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC ;..-..>. /....... >+[1860] D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 .p....^. N.....a. >+[1870] D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 ..V.2... 7)./...C >+[1880] BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 .....t3. iR.X.... >+[1890] 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 .D.c..Nn .>...M.. >+[18A0] F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF ..m)..*b =S"3.... >+[18B0] 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D tL*.).[i .H-..... >+[18C0] 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 T..^.ho. ..y....v >+[18D0] 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF fE.;...@ F....... >+[18E0] 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 ..:..8;. .K...'.b >+[18F0] 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 ...e...^ .e.....1 >+[1900] 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 ..IO.Jpw ...[7\.. >+[1910] DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 ...1.@.. h..}.TOR >+[1920] 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 a1,.SR.. ..9.}... >+[1930] 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F "....=^f ....N.+. >+[1940] 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D c 0....e .o-.$. . >+[1950] 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 .nK..1.. ..72..s. >+[1960] F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 ..M..L[. .jQ..?.F >+[1970] E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F .s...3.| ..Z#.@|. >+[1980] DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 ......c. .:J..b.! >+[1990] B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 ...i...Q ....B[.0 >+[19A0] 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 8..H.... ..q...TB >+[19B0] DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 ........ 0b...}+4 >+[19C0] 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 .RL&g2.D ..'..... >+[19D0] 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 f5....Fo .G..1.G. >+[19E0] 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE e.. .36; .@/Z.... >+[19F0] 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 ..3>K2.. ".._.... >+[1A00] CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 .[Yj>... O....o+. >+[1A10] 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 7.7D.... CF.^...9 >+[1A20] 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA pa.r[:.7 .x...... >+[1A30] FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 .G....b. .46..... >+[1A40] F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 .>wZM._ p==[4... >+[1A50] 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 1..Y...f .......3 >+[1A60] A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 .."1..g. h ..rzod >+[1A70] FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 .h...... ml8t.... >+[1A80] 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 %..X.`.. .L..g>5g >+[1A90] 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B 52 76 63 q.*.!.`a ...g.Rvc >+[1AA0] 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA ...;...j ...5d.j. >+[1AB0] 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 .=.qY^. ...M..K. >+[1AC0] 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 d.;z.... vq&.\..U >+[1AD0] 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C ..../w.. .H....1. >+[1AE0] 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 ...D.k|. z].n.... >+[1AF0] C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 .4....7$ K.....). >+[1B00] D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB ..9..W.. W.l~.... >+[1B10] A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 ...V...> !..|.<.. >+[1B20] A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ..o.%1.( ...G1P.. >+[1B30] ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D ......kK ,...-.m. >+[1B40] 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 ....../. ....w@PB >+[1B50] 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF .B..O.ll ......}. >+[1B60] 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 <s"[...5 .:.m.h.. >+[1B70] 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF e~.T..}j 2L.>.xK. >+[1B80] 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 ...%J..l ...Y.... >+[1B90] CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E ...u(/.* p(.E.u.N >+[1BA0] 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE b.....U. ......$. >+[1BB0] BC CE 40 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 ..@..... .1P2/... >+[1BC0] 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 .K...Pn. #I.r!... >+[1BD0] 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 ........ ......KT >+[1BE0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[1BF0] 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 E.COM... .adminis >+[1C00] 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 trator.. ........ >+[1C10] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1C20] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 AMPLE.CO M....cif >+[1C30] 73 00 00 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 s....LOC ALKTEST6 >+[1C40] 00 17 00 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 ........ ^FH..).. >+[1C50] A6 F1 72 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 ..rm..M. OjM...}D >+[1C60] 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 00 .h.....@ (....... >+[1C70] 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 .......a ...0.... >+[1C80] 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[1C90] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 MBA.EXAM PLE.COM. >+[1CA0] 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 .0...... ..0...ci >+[1CB0] 66 73 1B 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 fs..LOCA LKTEST6. >+[1CC0] 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 ...0.... ........ >+[1CD0] 02 A2 82 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 ........ .f..F..s >+[1CE0] 2D CF 88 FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 -...J..H ...X0C@. >+[1CF0] 9C 00 0F 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B ...;..-. .>./.... >+[1D00] D7 2E EC D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 ....p... .^.N.... >+[1D10] 8D 61 E5 D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 .a...V.2 ...7)./. >+[1D20] EE A8 43 BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 ..C..... t3.iR.X. >+[1D30] 83 D6 16 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 ....D.c. .Nn.>... >+[1D40] 4D C4 96 F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 M....m). .*b=S"3. >+[1D50] 95 E9 DF 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 ...tL*.) .[i.H-.. >+[1D60] FD A5 1D 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 ...T..^. ho...y.. >+[1D70] 97 0B 76 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 ..vfE.;. ..@F.... >+[1D80] BB CF CF 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 .....:.. 8;..K... >+[1D90] 27 8C 62 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B '.b...e. ..^.e... >+[1DA0] CB 17 31 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 ..1..IO. Jpw...[7 >+[1DB0] 5C EC 06 DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE \.....1. @..h..}. >+[1DC0] 54 4F 52 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D TORa1,.S R....9.} >+[1DD0] C6 CE C8 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E ...".... =^f....N >+[1DE0] 2E 2B 9F 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 .+.c 0.. ..e.o-.$ >+[1DF0] 07 20 8D 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E . ..nK.. 1....72. >+[1E00] 0C 73 C6 F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA .s...M.. L[..jQ.. >+[1E10] 3F FF 46 E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 ?.F.s... 3.|..Z#. >+[1E20] 40 7C 0F DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 @|...... .c..:J.. >+[1E30] 62 01 21 B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 b.!...i. ..Q....B >+[1E40] 5B C5 30 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA [.08..H. .....q.. >+[1E50] 18 54 42 DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 .TB..... ...0b... >+[1E60] 7D 2B 34 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA }+4.RL&g 2.D..'.. >+[1E70] D0 FC 84 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 ...f5... .Fo.G..1 >+[1E80] BE 47 80 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E .G.e.. . 36;.@/Z. >+[1E90] 0E 01 BE 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 .....3>K 2..".._. >+[1EA0] D5 92 94 CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B ....[Yj> ...O.... >+[1EB0] 6F 2B 14 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 o+.7.7D. ...CF.^. >+[1EC0] FE D3 39 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 ..9pa.r[ :.7.x... >+[1ED0] E7 E9 DA FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB ....G... .b..46.. >+[1EE0] E6 98 D8 F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 ....>wZM ._ p==[4 >+[1EF0] D9 FD A8 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD ...1..Y. ..f..... >+[1F00] D5 85 33 A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 ..3.."1. .g.h ..r >+[1F10] 7A 6F 64 FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 zod.h... ...ml8t. >+[1F20] 96 A2 F6 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 ...%..X. `...L..g >+[1F30] 3E 35 67 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B >5gq.*.! .`a...g. >+[1F40] 52 76 63 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 Rvc...;. ..j...5d >+[1F50] DA 6A EA 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE .j. .=.q Y^....M. >+[1F60] 1B 4B D8 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C .K.d.;z. ...vq&.\ >+[1F70] DA 1A 55 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 ..U..../ w...H... >+[1F80] C3 31 9C 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 .1....D. k|.z].n. >+[1F90] DA EF C5 C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 ....4... .7$K.... >+[1FA0] F2 29 A0 D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 .)...9.. W..W.l~. >+[1FB0] 90 E0 EB A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 ......V. ..>!..|. >+[1FC0] 3C F9 D2 A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 <....o.% 1.(...G1 >+[1FD0] 50 DD E1 ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D P....... .kK,...- >+[1FE0] A9 6D 1D 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 .m...... ./.....w >+[1FF0] 40 50 42 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB @PB.B..O .ll..... >+[2000] F0 7D CF 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 .}.<s"[. ..5.:.m. >+[2010] 68 A3 C5 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 h..e~.T. .}j2L.>. >+[2020] 78 4B BF 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 xK....%J ..l...Y. >+[2030] CF 2E A0 CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F ......u( /.*p(.E. >+[2040] 75 C2 4E 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 u.Nb.... .U...... >+[2050] EF 24 EE BC CE 40 09 EB 05 0B D1 14 31 50 32 2F .$...@.. ....1P2/ >+[2060] B6 A8 97 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 ....K... Pn.#I.r! >+[2070] 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >+[2080] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[2090] 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 MPLE.COM ....admi >+[20A0] 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 nistrato r....... >+[20B0] 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[20C0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 .EXAMPLE .COM.... >+[20D0] 68 6F 73 74 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 host.... localkte >+[20E0] 73 74 36 00 17 00 00 00 10 72 47 04 38 B6 E6 F0 st6..... .rG.8... >+[20F0] 44 9E 9F 27 66 E1 69 9C 9A 4D 99 4F 6A 4D 99 90 D..'f.i. .M.OjM.. >+[2100] F5 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 .}D.h... ..@(.... >+[2110] 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 ........ ..a...0. >+[2120] 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 ........ ...KTEST >+[2130] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[2140] 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B OM..0... .....0.. >+[2150] 04 68 6F 73 74 1B 0B 6C 6F 63 61 6C 6B 74 65 73 .host..l ocalktes >+[2160] 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 t6....0. ........ >+[2170] 03 02 01 02 A2 82 03 9C 04 82 03 98 58 95 95 EB ........ ....X... >+[2180] CB 8F 68 D4 77 43 0F 3B 44 B4 15 DA 40 6D FD E9 ..h.wC.; D...@m.. >+[2190] 85 D3 2F CD B5 1E 96 CD F6 E9 67 91 36 08 9E B4 ../..... ..g.6... >+[21A0] B3 47 70 7A B3 4E 82 5A 4F 8E 4B F5 8D 04 E4 5C .Gpz.N.Z O.K....\ >+[21B0] C4 D8 0C AF 08 25 F9 C1 64 B2 3A 35 26 E9 B2 72 .....%.. d.:5&..r >+[21C0] 66 B5 E9 81 FC BE 12 1B CC 8A A5 82 31 F6 7F C3 f....... ....1... >+[21D0] 5A 19 A3 31 F2 99 14 1E 64 E4 41 E8 C7 C3 F3 DF Z..1.... d.A..... >+[21E0] F5 65 7D B0 9F DC 5D 25 1D 1A A8 EA AA 88 6D F4 .e}...]% ......m. >+[21F0] 7C 25 9F 53 F6 A6 8F B1 24 AF 98 FE 53 7B 35 3C |%.S.... $...S{5< >+[2200] DB EC 7F 09 74 E9 C4 8D 20 B4 47 08 0E 32 B8 C9 ....t... .G..2.. >+[2210] 45 27 12 F9 8E F5 D6 C2 DD 1A 96 0E 68 5F 39 65 E'...... ....h_9e >+[2220] 72 C7 BD 8E 04 0E 13 E1 03 27 AC 50 80 76 E6 7A r....... .'.P.v.z >+[2230] 8E F4 C2 72 4F 68 B3 34 00 A9 54 41 DA FD 96 94 ...rOh.4 ..TA.... >+[2240] 29 A1 59 15 2F DB 6C 94 85 49 C5 D0 6D 48 B0 C4 ).Y./.l. .I..mH.. >+[2250] 65 D0 95 1D DB 3D 25 D0 75 50 D4 CF FA 2F 71 57 e....=%. uP.../qW >+[2260] BD 6C 1C 59 E1 C3 5B C7 24 95 FF B0 20 EF 6A DB .l.Y..[. $... .j. >+[2270] 79 87 67 91 94 E9 16 E2 BB 74 7A 08 E1 6A 36 5F y.g..... .tz..j6_ >+[2280] DF 11 AB 35 9B 3E 32 48 83 89 41 4E 06 BF F9 BB ...5.>2H ..AN.... >+[2290] EC E4 D7 6D 77 C4 55 22 DF F7 91 4D CB C5 01 A5 ...mw.U" ...M.... >+[22A0] BA 2D 1E 92 76 04 E8 02 2F 5E AF 1C B3 B7 A6 FB .-..v... /^...... >+[22B0] 3A 9F D9 7C 6D DA B4 8F 31 00 A5 30 F2 76 72 9B :..|m... 1..0.vr. >+[22C0] 62 97 E0 56 E5 E4 C7 6B 8B FC 84 75 57 66 6E D7 b..V...k ...uWfn. >+[22D0] B7 41 6F 61 F4 5B 0F 87 68 F6 54 02 26 1B 1F B7 .Aoa.[.. h.T.&... >+[22E0] 60 D6 E7 FA 4F C7 DB 35 58 EC 13 21 D4 C6 A1 27 `...O..5 X..!...' >+[22F0] BA E7 82 DF 29 FB 9D 5D E8 35 28 C9 9C 4E D7 BE ....)..] .5(..N.. >+[2300] 2F 6D F1 E8 0B 5A 74 C9 93 9F AD 42 24 4B B7 3B /m...Zt. ...B$K.; >+[2310] 38 2A 11 CF F0 BD 85 40 48 D8 9D E7 6B 65 70 42 8*.....@ H...kepB >+[2320] 60 DA 9B 65 CB C8 C5 D7 40 3A 12 DC 64 AF 82 54 `..e.... @:..d..T >+[2330] 34 05 38 4F C6 FB 38 E2 73 A9 89 B7 FC 33 15 85 4.8O..8. s....3.. >+[2340] 9E CA E9 E0 89 18 18 84 02 65 B4 74 5B D4 A1 6F ........ .e.t[..o >+[2350] 5F 79 20 CB D7 36 C8 6D 5B 1E 5E 0C 82 16 9F CC _y ..6.m [.^..... >+[2360] 5A 1E 57 C1 B6 94 51 87 A1 3D 12 D4 8B FE 0F 93 Z.W...Q. .=...... >+[2370] ED 53 A3 F4 88 3C 35 05 89 FE AF 0B 36 62 E3 2F .S...<5. ....6b./ >+[2380] 5C 4A 0E 07 67 39 A3 8E C0 45 07 7F 73 32 BC DE \J..g9.. .E..s2.. >+[2390] 2D 00 8B 47 79 3D 1C A1 90 AE B6 8F 83 B2 1B 31 -..Gy=.. .......1 >+[23A0] EE E4 F2 C5 C1 4A E2 4A 2F 28 F0 AA 19 43 6A 14 .....J.J /(...Cj. >+[23B0] B1 42 61 90 34 2E EE 3D 16 9F 5D 9F 7A A2 01 7A .Ba.4..= ..].z..z >+[23C0] 4B 96 FA 4D C9 85 1A 75 27 B7 6B FD 4D 7D 9C 65 K..M...u '.k.M}.e >+[23D0] 97 DB 05 CC 76 68 EA 05 5D 5D BB BD 51 4B 5B F2 ....vh.. ]]..QK[. >+[23E0] 48 59 BD 1E AD 56 D4 69 A5 75 CD ED EC B1 3E AB HY...V.i .u....>. >+[23F0] FA B7 F8 8D 4F BE 95 63 38 1C 4C 70 26 C4 3A 21 ....O..c 8.Lp&.:! >+[2400] 80 61 05 3A D4 E2 28 2C 85 01 5A DA FC 10 60 F3 .a.:..(, ..Z...`. >+[2410] 74 0C FD DB 2F 5B 25 4B 14 E4 7D 8A DB 85 12 D2 t.../[%K ..}..... >+[2420] D7 69 CD B5 B1 93 CE E5 E6 4D 57 D3 C2 D3 2E A0 .i...... .MW..... >+[2430] 08 37 09 CD 19 99 09 FA 33 68 4A E0 92 46 21 0C .7...... 3hJ..F!. >+[2440] 99 9F DA 05 15 20 8B 3D 7C 7B CA D6 81 AC AA 83 ..... .= |{...... >+[2450] 48 C8 24 4C C8 FC A5 14 2C BC 49 1A 1C 49 61 1D H.$L.... ,.I..Ia. >+[2460] 24 86 42 B1 37 6A C8 3A AC 18 CC C0 50 84 12 48 $.B.7j.: ....P..H >+[2470] 8B 29 0A 49 26 A4 E2 B9 E5 96 E7 37 C3 DE 4C 23 .).I&... ...7..L# >+[2480] D2 D4 62 14 8F 1E 72 39 CF 03 BC A3 00 C7 63 51 ..b...r9 ......cQ >+[2490] A9 6B E4 3E B2 65 A1 A2 BB EC 06 41 85 50 22 02 .k.>.e.. ...A.P". >+[24A0] 46 2F 72 2B 32 1A A4 2D 85 94 02 47 69 8D AD 6D F/r+2..- ...Gi..m >+[24B0] 66 AB D4 E4 29 C8 C7 DA F4 18 31 2A DF 50 6A 05 f...)... ..1*.Pj. >+[24C0] D6 47 26 C4 F9 87 0F 35 24 6E 72 D6 23 7D 3A 94 .G&....5 $nr.#}:. >+[24D0] 14 8D E8 57 AA BA D7 CF A9 2D E7 4C 10 7C D8 0D ...W.... .-.L.|.. >+[24E0] 51 30 1F E1 FB E5 E2 6C EE AA 65 2F D8 22 05 67 Q0.....l ..e/.".g >+[24F0] 87 4D 4D D2 11 3D B4 1E AA 20 3F 76 E3 94 93 6D .MM..=.. . ?v...m >+[2500] AC 10 05 AF 09 BD 67 86 C5 83 93 D6 1C D3 81 D9 ......g. ........ >+[2510] B1 3B E1 76 00 00 00 00 00 00 00 01 00 00 00 01 .;.v.... ........ >+[2520] 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E ....KTES T.SAMBA. >+[2530] 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 EXAMPLE. COM....a >+[2540] 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 dministr ator.... >+[2550] 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[2560] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[2570] 00 00 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C ...host. ...LOCAL >+[2580] 4B 54 45 53 54 36 00 17 00 00 00 10 55 6E 3E FC KTEST6.. ....Un>. >+[2590] E2 F4 40 51 19 E6 6E EB 23 4C 48 8E 4D 99 4F 6A ..@Q..n. #LH.M.Oj >+[25A0] 4D 99 90 FC 7D 44 0B 68 00 00 00 00 00 40 28 00 M...}D.h .....@(. >+[25B0] 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 ........ .....a.. >+[25C0] F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 .0...... ......KT >+[25D0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[25E0] 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 E.COM..0 ........ >+[25F0] 30 13 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 0...host ..LOCALK >+[2600] 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 TEST6... .0...... >+[2610] 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 6E ........ .......n >+[2620] 87 B7 7B 3A 7E EF 4A 1B 29 C9 E3 C4 1F 42 4F 0E ..{:~.J. )....BO. >+[2630] C8 AC AC 4E A2 77 1D DA 93 37 F1 AF DA A3 75 2D ...N.w.. .7....u- >+[2640] 12 8B 40 34 23 0E 8E A9 90 58 46 42 42 39 31 D6 ..@4#... .XFBB91. >+[2650] 03 9E 5D 81 D9 E8 F6 08 2B D9 96 88 8A 2F F1 CC ..]..... +..../.. >+[2660] F2 EA 9E 9A 4B 31 B6 04 2D 3D 4C 7F 92 DE 3B 04 ....K1.. -=L...;. >+[2670] 19 EE 28 D0 83 81 C3 46 CD 74 23 4C 14 34 DE 62 ..(....F .t#L.4.b >+[2680] 0A AC E5 12 16 75 E9 A8 4B 32 78 CC 8D AE A2 E5 .....u.. K2x..... >+[2690] 6D E8 09 70 76 52 F5 E5 18 F7 E7 91 15 6A 69 AB m..pvR.. .....ji. >+[26A0] B8 62 DD 80 F5 28 6D DF ED 10 DA AC FB 92 27 CF .b...(m. ......'. >+[26B0] 98 B5 77 9D A5 96 E6 9A CC B9 C3 91 78 22 35 9C ..w..... ....x"5. >+[26C0] A1 13 A3 20 28 D1 16 E5 3E 4A 85 1E 12 0B CA 4D ... (... >J.....M >+[26D0] C6 C8 03 C8 28 2C D8 29 5D 9A 76 4A 92 13 43 56 ....(,.) ].vJ..CV >+[26E0] AF F7 C1 71 25 72 5C 38 75 1C 07 F1 5E 86 05 72 ...q%r\8 u...^..r >+[26F0] 6F 69 95 42 B6 F2 DA A9 91 06 9F B9 54 20 33 A5 oi.B.... ....T 3. >+[2700] 31 60 3B 54 DC 3A 95 34 96 26 07 52 6B 0E 1D 3B 1`;T.:.4 .&.Rk..; >+[2710] D9 F8 48 20 AC CD 05 3B 99 F8 EE DB 83 28 CD C7 ..H ...; .....(.. >+[2720] 2F 45 00 7E 2F 0A 65 7A D1 9E 95 4B EE C3 34 93 /E.~/.ez ...K..4. >+[2730] A8 C7 DF 03 8B 14 D0 FC CE 56 90 AC EE 93 C5 D3 ........ .V...... >+[2740] F7 12 24 69 0B 20 8D A2 65 87 55 26 2A F9 9A 88 ..$i. .. e.U&*... >+[2750] D7 0D 86 61 D6 92 B6 FE E5 D1 66 F9 1F 9D F4 04 ...a.... ..f..... >+[2760] 48 A6 39 BC 54 20 EA 10 21 E9 6D 30 46 1D C2 1C H.9.T .. !.m0F... >+[2770] A4 E8 B4 63 85 37 27 25 80 52 41 60 C7 A1 32 21 ...c.7'% .RA`..2! >+[2780] 43 90 02 E6 5F 5A E9 4E AF F9 B5 13 BD 42 BD A3 C..._Z.N .....B.. >+[2790] A5 4D 10 45 83 4D 92 18 1F C9 CF FB 84 29 89 23 .M.E.M.. .....).# >+[27A0] AC 71 4B 89 1B 52 E5 06 8C 3E 7C 88 CB D3 B3 CF .qK..R.. .>|..... >+[27B0] B9 7A 67 D6 24 F4 AC 00 A6 AD 91 30 9A 95 53 F1 .zg.$... ...0..S. >+[27C0] 48 06 A6 39 DB CF DC 9D C9 55 76 26 5E C1 DB 5D H..9.... .Uv&^..] >+[27D0] B3 5B 3E AE 1A A0 10 BA 82 21 83 44 02 E0 99 33 .[>..... .!.D...3 >+[27E0] 40 BA 29 9E 28 E5 73 4C 23 94 A2 4F BF 07 ED 4F @.).(.sL #..O...O >+[27F0] 7C 45 9B 30 C8 41 6B 0A 55 13 6E F5 AD 7A 0C B2 |E.0.Ak. U.n..z.. >+[2800] EA FF D0 06 13 4D F3 24 82 7F F6 51 2F 4A 4F 0D .....M.$ ...Q/JO. >+[2810] 37 F8 14 6B E9 E4 82 BB 3A 75 63 63 12 E8 78 6F 7..k.... :ucc..xo >+[2820] 6F FC 6C D3 4B A6 F1 CC 2A F1 7D EB 82 26 2F D0 o.l.K... *.}..&/. >+[2830] A1 8B 3E 9A 71 D7 91 D3 08 E6 FD 62 1B 84 13 2D ..>.q... ...b...- >+[2840] 8E A0 A0 C3 85 78 2F 0D F8 E7 10 FC CB 05 A7 B9 .....x/. ........ >+[2850] 9A 33 90 B5 9B 26 E3 23 98 B0 91 4B EB 32 37 D6 .3...&.# ...K.27. >+[2860] F4 ED 61 08 D8 75 CC 03 83 2C 3C CF 21 63 9C F6 ..a..u.. .,<.!c.. >+[2870] AF 5B 4F 12 07 74 17 CD 98 BB E7 5E C7 17 2D C4 .[O..t.. ...^..-. >+[2880] 87 A4 74 6D 5E CE DB A3 01 B9 AD 20 73 38 78 22 ..tm^... ... s8x" >+[2890] 3D 45 F5 51 77 C6 47 63 45 61 81 D9 FF 31 90 C4 =E.Qw.Gc Ea...1.. >+[28A0] 6F 5A F8 FE 6A 56 5B D4 EE EC 49 C7 A7 51 AE 5C oZ..jV[. ..I..Q.\ >+[28B0] 85 53 70 3D 1A 49 83 59 CF 65 58 B3 48 7E 04 9E .Sp=.I.Y .eX.H~.. >+[28C0] C7 64 8A 05 73 E3 DC 1A 65 5D 4F 41 01 56 73 90 .d..s... e]OA.Vs. >+[28D0] 61 F3 84 1F FF CF 46 B2 06 46 56 97 93 B9 DB 32 a.....F. .FV....2 >+[28E0] 2A 64 8A 48 02 05 84 E9 FA 76 8B 94 96 89 A0 73 *d.H.... .v.....s >+[28F0] 20 75 4D 52 1D 23 13 D1 83 D7 5D 59 23 6A 87 C1 uMR.#.. ..]Y#j.. >+[2900] 09 3E 01 3A 28 65 42 8C 35 F1 91 EA 6A 1F 83 0D .>.:(eB. 5...j... >+[2910] 8F 57 69 81 D4 A2 D2 EA 0C BF AF 95 A3 F4 90 15 .Wi..... ........ >+[2920] 61 34 F2 6C 8B D0 DA B5 1E 43 AC CE C7 8A 1B 2B a4.l.... .C.....+ >+[2930] 29 2B 89 1C C5 53 C8 04 F7 1E 46 72 F3 A8 CE F7 )+...S.. ..Fr.... >+[2940] 59 76 55 E7 53 1C A2 9F D8 23 F7 EA 71 B0 74 83 YvU.S... .#..q.t. >+[2950] 71 95 3E DC A6 FA 2D A4 42 13 93 8B 2B FA A2 70 q.>...-. B...+..p >+[2960] 25 21 2D F6 E1 26 56 DF 58 79 25 16 E8 C9 03 EC %!-..&V. Xy%..... >+[2970] 72 5F 35 CF 59 6B E1 AD 85 85 7B AB 78 F2 0D AC r_5.Yk.. ..{.x... >+[2980] AB 89 F2 DA 85 E7 DE 09 77 99 EC 7C F3 97 1F 71 ........ w..|...q >+[2990] 3C DB 09 44 7A 3C 69 E5 03 B0 6D 4D 3B 6B 4C D5 <..Dz<i. ..mM;kL. >+[29A0] AB 52 2F 6F 81 2B 51 5B D2 66 44 1E B7 66 5D 7F .R/o.+Q[ .fD..f]. >+[29B0] 09 6A 92 27 27 62 08 00 00 00 00 .j.''b.. ... >+push returned Success >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] 8B 94 0B 31 51 5B F7 A7 15 E9 EE D7 D7 0C 8C 90 ...1Q[.. ........ >+ authtime : 0x4d994f6a (1301892970) >+ starttime : 0x4d994f6a (1301892970) >+ endtime : 0x7d440b68 (2101611368) >+ renew_till : 0x7d440b68 (2101611368) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 80 66 8F CF AB 24 9D C8 76 E4 28 F5 25 6B 73 B2 .f...$.. v.(.%ks. >+[0080] 4B 94 ED 09 10 29 05 C4 C0 B8 B9 33 FA C4 46 AB K....).. ...3..F. >+[0090] F4 B5 9E 5B 07 54 D6 58 1D B8 CA 04 41 A6 33 A6 ...[.T.X ....A.3. >+[00A0] 67 9D EB 83 70 65 A9 2D 65 A5 19 8C 55 2A 0F FC g...pe.- e...U*.. >+[00B0] 1B BB 7A BD 86 C0 32 06 F2 2F 0A A5 93 E7 D1 1E ..z...2. ./...... >+[00C0] 16 C4 27 DD 1F A7 61 03 FF 05 81 EF 49 B7 25 A3 ..'...a. ....I.%. >+[00D0] 6E EA E6 E8 15 E3 10 AF A3 F1 21 B3 D9 C0 67 2F n....... ..!...g/ >+[00E0] 0C 0C B7 42 D6 9A 34 8E D4 5E 55 C2 FE 62 03 37 ...B..4. .^U..b.7 >+[00F0] A5 58 9B 43 E7 26 E3 71 B2 E5 F1 91 B4 23 8F AC .X.C.&.q .....#.. >+[0100] 7A 31 3C 4E B4 94 E4 81 36 98 71 3B 98 7B B7 AB z1<N.... 6.q;.{.. >+[0110] D5 AA D3 34 2A 3B C8 D7 61 EE 60 F9 68 9C A0 56 ...4*;.. a.`.h..V >+[0120] 51 E7 85 81 DE EF B9 9F 8B 4A 07 E1 05 93 08 5A Q....... .J.....Z >+[0130] AE B3 92 A5 17 40 B1 1C 42 A9 E4 AD 3C B4 4E D3 .....@.. B...<.N. >+[0140] BE 68 C4 0C 81 C0 AB 2D 3E 81 09 BD 16 82 EB C5 .h.....- >....... >+[0150] 1A 69 EE 8C 4E A4 D8 55 A5 0B 23 0F D0 89 48 C4 .i..N..U ..#...H. >+[0160] 51 FE 32 FD CC F6 71 E1 95 2D CC 1D 0A 0C 8A A2 Q.2...q. .-...... >+[0170] 69 58 3B 65 88 53 EC D0 2E E1 C6 CC 6B BC 09 E5 iX;e.S.. ....k... >+[0180] B9 15 27 8B E4 B2 24 18 61 42 BB 8B 09 1B 8A 7B ..'...$. aB.....{ >+[0190] 13 D8 51 E1 0B 79 12 48 DE A9 54 04 00 6D DD E6 ..Q..y.H ..T..m.. >+[01A0] 5E 03 91 FF C7 6D 0B 7C 91 44 E1 0F C0 7E 32 34 ^....m.| .D...~24 >+[01B0] 82 86 94 F7 CD 53 EC 52 38 18 AA ED FF FC 5C 01 .....S.R 8.....\. >+[01C0] D2 EE 99 45 8E 5B E6 B3 46 B0 F6 3B 22 29 EC 11 ...E.[.. F..;").. >+[01D0] 30 6A F6 A1 1F 9E AE 71 E3 A6 E7 3F F3 7D 2B 75 0j.....q ...?.}+u >+[01E0] 70 4D 63 47 5C 18 2C 8B B1 1A 69 B6 C5 46 01 17 pMcG\.,. ..i..F.. >+[01F0] 8E 64 3D 47 88 20 1C AA D7 60 32 28 11 60 EA 28 .d=G. .. .`2(.`.( >+[0200] 66 99 4C B1 2A 28 96 BF 18 2A 3E F4 D6 84 E5 A0 f.L.*(.. .*>..... >+[0210] F4 4E E7 F9 54 95 22 96 2A 87 01 CC 3E A7 FF 42 .N..T.". *...>..B >+[0220] 6A A4 4A 3A B9 24 10 65 99 53 58 2A 4E 72 E7 1F j.J:.$.e .SX*Nr.. >+[0230] 82 BC BD 3C 6C 9D 33 3A CE C6 6E 72 A2 81 B3 84 ...<l.3: ..nr.... >+[0240] 82 DF 3C 1F 76 E5 B8 08 AD 0A 6C 7D 7B D5 0C 46 ..<.v... ..l}{..F >+[0250] 69 A4 F4 E9 9E 3D D7 2D E1 43 D1 7A 52 16 75 56 i....=.- .C.zR.uV >+[0260] 54 83 D5 2A 2F A7 D2 CB 48 FE FF DB AE 46 F2 5B T..*/... H....F.[ >+[0270] F4 52 BE C8 5E B1 04 95 52 35 3E 92 E0 02 F7 85 .R..^... R5>..... >+[0280] AB F0 D0 93 08 42 E5 37 19 24 4E C1 AF FC 92 A9 .....B.7 .$N..... >+[0290] B1 27 B1 9A 2A 62 34 F1 DC C0 6B 83 AE C3 74 E8 .'..*b4. ..k...t. >+[02A0] A3 05 DD 82 DD A3 D7 90 A8 E3 9C EB 64 16 23 06 ........ ....d.#. >+[02B0] 5D FB E4 35 7C 22 29 78 E3 3B 75 92 91 0C 9D A1 ]..5|")x .;u..... >+[02C0] 87 7C 2E 82 AE 49 9D 4A 50 A9 C2 D5 85 B0 16 5D .|...I.J P......] >+[02D0] A2 CD B0 DD 29 3F 6F 66 C9 C1 9F 5C F0 B6 FC D2 ....)?of ...\.... >+[02E0] 52 BE 7B F0 1F 26 AF 8A FC C3 A6 24 8C C0 10 06 R.{..&.. ...$.... >+[02F0] 73 1E 17 9E 6E 6F 32 44 6A DF 82 5D D0 6B 74 CE s...no2D j..].kt. >+[0300] 58 0B 4C 7B EB A1 13 44 B1 3E D8 F8 BA F4 4E 55 X.L{...D .>....NU >+[0310] 71 3D C1 09 D9 E7 97 9A 14 5C 54 7E 57 81 5F 6B q=...... .\T~W._k >+[0320] 30 BE 9A E1 98 29 47 D4 C0 8F 63 0A F8 27 1F CE 0....)G. ..c..'.. >+[0330] ED D9 BB 7B 12 24 D0 34 2A 7C F0 F7 77 F4 F1 1D ...{.$.4 *|..w... >+[0340] 4C 5D 75 2D 6B 0D 80 35 82 CC D8 7A 6B FA A0 55 L]u-k..5 ...zk..U >+[0350] 34 CD 87 15 61 38 78 D4 69 0F AA 72 D6 AC FA 99 4...a8x. i..r.... >+[0360] BC 70 39 27 A7 25 2E 1B 6F 36 01 FD E9 B4 9A 79 .p9'.%.. o6.....y >+[0370] 6C 19 DD A6 8C 78 B0 40 92 60 58 F0 28 AD 08 78 l....x.@ .`X.(..x >+[0380] 4A 29 06 2C 82 2B 1A E3 91 0B 5F EE D6 B8 66 47 J).,.+.. .._...fG >+[0390] 31 9B A3 DF 9F 79 D7 BB 0E 2C FA 0E C9 66 84 8D 1....y.. .,...f.. >+[03A0] FF BA BB 21 27 9E AD 86 84 55 8D 4C 4C 47 D9 5F ...!'... .U.LLG._ >+[03B0] B2 7D 26 CA B7 49 3C 9D 1B 67 71 11 3A 8A EB EA .}&..I<. .gq.:... >+[03C0] 0F 15 EB F0 1E 46 F7 A4 34 04 D7 E3 50 67 47 D3 .....F.. 4...PgG. >+[03D0] 66 21 17 77 51 A7 1F 1D 84 3B 7C B1 5D 4E B8 D4 f!.wQ... .;|.]N.. >+[03E0] F9 C5 75 06 AA 19 45 1C E9 06 9E AD 23 26 6B 10 ..u...E. ....#&k. >+[03F0] 53 A0 36 D3 58 9F 5E 8C CB A5 F6 BC C9 30 3C BC S.6.X.^. .....0<. >+[0400] AD FF 7C 92 F0 C6 9A 02 ..|..... >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=10683 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 PLE.COM. ...cifs. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 72 3A 0C .....n.. 1mH..r:. >+[0080] 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D 44 0B 68 K...M.Oj M.P.}D.h >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 ........ 0...cifs >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 FC 5E 51 ........ .d.1..^Q >+[0110] 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 12 74 2D <..4G;.o o.....t- >+[0120] 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB F1 15 FD D....-F> ........ >+[0130] BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 A2 9D 2D ..... j8 .F.'...- >+[0140] 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B 70 E4 51 ...}...| .G..{p.Q >+[0150] 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 55 75 44 j.Qhb(J. Q....UuD >+[0160] 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 C1 0C 3A ......4. .1..C..: >+[0170] B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 AF E1 61 .i. ...e O. ....a >+[0180] 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B 74 D5 8F ...c&.]. <.).{t.. >+[0190] 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD 22 9A A5 ,.K..$W7 .....".. >+[01A0] 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 28 4B 7B ..Jx.6.. ..'..(K{ >+[01B0] DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 26 91 78 ..B..... ....H&.x >+[01C0] A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 4D 38 C7 ...l$... .....M8. >+[01D0] 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 53 C5 16 }IU..F.. {..bcS.. >+[01E0] 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 7E 40 65 J...|..E ...Xg~@e >+[01F0] 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 56 E8 A1 KH...... 9....V.. >+[0200] 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F 18 CE 2F .zz.`..) ...L.../ >+[0210] 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 08 FC BF ...[l..E .s..U... >+[0220] C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 2D F1 3B ..Q..,.. <....-.; >+[0230] A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB 8A 18 BD ....*g.. ..|l.... >+[0240] D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 7E 7D C4 .].^h0.X ....&~}. >+[0250] E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED 42 79 31 ........ .^^j.By1 >+[0260] BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 36 C9 1E .._:?..c .....6.. >+[0270] 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 DE 26 85 .}A....& ..P^..&. >+[0280] 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 79 8F 77 0q.E;... ..*<.y.w >+[0290] 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB 25 7B B1 L.iz.... ...x.%{. >+[02A0] 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D C8 AB 04 <."'..u. ..@.m... >+[02B0] 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D E6 15 2C .A..%q.S :...M.., >+[02C0] B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 F5 E9 B2 .Gl..}.. ....!... >+[02D0] 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA 08 0D CE B.h(..7" .0.S.... >+[02E0] CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 56 72 C6 ..a...-u .A.L.Vr. >+[02F0] B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 A0 BD 68 ...4...\ .......h >+[0300] EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 83 84 D4 ..2..Q.? g.{.p... >+[0310] CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 05 CF 26 .RU6a.`. [o..b..& >+[0320] 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F B0 B8 07 .e.`K.c. ..D./... >+[0330] FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F 44 09 20 ...P.V.. .%v..D. >+[0340] 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 93 B1 30 ....c.TF ..^....0 >+[0350] 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A 1F C1 08 1{..#C;. }9g..... >+[0360] AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A 7F 1D 4A .4$.t... 4.aWj..J >+[0370] 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 0F DF 44 ...x...T ."..i..D >+[0380] 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C 53 E3 85 |.k.AcP. :..{LS.. >+[0390] 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC 84 84 D9 s....u.P ........ >+[03A0] BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 9B EC 5C ...y.j.. ..~."..\ >+[03B0] C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B 80 E6 67 .k...U2^ #......g >+[03C0] B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 24 8A B1 .Y..]... .}...$.. >+[03D0] 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 21 7C 3D 7.`..5H2 .....!|= >+[03E0] 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC 34 C1 2D !.k.1... L+.^.4.- >+[03F0] DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 07 06 72 ..l.m.`. U......r >+[0400] C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 CB 53 6B ..N..k>. ..uM..Sk >+[0410] 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 B7 D8 F5 4./..9.. n'.mA... >+[0420] 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 84 5E 82 .......V ......^. >+[0430] C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 FA 66 A0 ........ ;.....f. >+[0440] DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B 4D 72 9F .2`..F.< ..o..Mr. >+[0450] 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 B6 1B 9F ...qn|.. ..M..... >+[0460] 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 C2 69 E5 bq.,.... ..y...i. >+[0470] 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C 52 17 03 ~.W...N. ...OLR.. >+[0480] AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 95 61 2E ...4`.|. .607..a. >+[0490] CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D 84 D5 00 .p."p... n=0.M... >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 6....... n..1mH.. >+[0520] 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D r:.K...M .OjM.P.} >+[0530] 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 D.h..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 ........ ....d.1. >+[05B0] FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 .^Q<..4G ;.oo.... >+[05C0] 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB .t-D.... -F>..... >+[05D0] F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 ........ j8.F.'. >+[05E0] A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B ..-...}. ..|.G..{ >+[05F0] 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 p.Qj.Qhb (J.Q.... >+[0600] 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 UuD..... .4..1..C >+[0610] C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 ..:.i. . ..eO. .. >+[0620] AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B ..a...c& .].<.).{ >+[0630] 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD t..,.K.. $W7..... >+[0640] 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 "....Jx. 6....'.. >+[0650] 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 (K{..B.. .......H >+[0660] 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 &.x...l$ ........ >+[0670] 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 M8.}IU.. F..{..bc >+[0680] 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 S..J...| ..E...Xg >+[0690] 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 ~@eKH... ...9.... >+[06A0] 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F V...zz.` ..)...L. >+[06B0] 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 ../...[l ..E.s..U >+[06C0] 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 .....Q.. ,..<.... >+[06D0] 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB -.;....* g....|l. >+[06E0] 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 ....].^h 0.X....& >+[06F0] 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED ~}...... ....^^j. >+[0700] 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 By1.._:? ..c..... >+[0710] 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 6...}A.. ..&..P^. >+[0720] DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 .&.0q.E; .....*<. >+[0730] 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB y.wL.iz. ......x. >+[0740] 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D %{.<."'. .u...@.m >+[0750] C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D ....A..% q.S:...M >+[0760] E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 ..,.Gl.. }......! >+[0770] F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA ...B.h(. .7".0.S. >+[0780] 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 .....a.. .-u.A.L. >+[0790] 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 Vr....4. ..\..... >+[07A0] A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 ..h..2.. Q.?g.{.p >+[07B0] 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 ....RU6a .`.[o..b >+[07C0] 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F ..&.e.`K .c...D./ >+[07D0] B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F ......P. V...%v.. >+[07E0] 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 D. ....c .TF..^.. >+[07F0] 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A ..01{..# C;.}9g.. >+[0800] 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A ....4$.t ...4.aWj >+[0810] 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 ..J...x. ..T."..i >+[0820] 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C ..D|.k.A cP.:..{L >+[0830] 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC S..s.... u.P..... >+[0840] 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 ......y. j....~." >+[0850] 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B ..\.k... U2^#.... >+[0860] 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 ..g.Y..] ....}... >+[0870] 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 $..7.`.. 5H2..... >+[0880] 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC !|=!.k.1 ...L+.^. >+[0890] 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 4.-..l.m .`.U.... >+[08A0] 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 ..r..N.. k>...uM. >+[08B0] CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 .Sk4./.. 9..n'.mA >+[08C0] B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 ........ ..V..... >+[08D0] 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 .^...... ...;.... >+[08E0] FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B .f..2`.. F.<..o.. >+[08F0] 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 Mr....qn |....M.. >+[0900] B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 ...bq.,. .....y.. >+[0910] C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C .i.~.W.. .N....OL >+[0920] 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 R.....4` .|..607. >+[0930] 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D .a..p."p ...n=0.M >+[0940] 84 D5 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 63 69 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 .cifs... .localkt >+[09B0] 65 73 74 36 00 17 00 00 00 10 00 6E A1 B2 31 6D est6.... ...n..1m >+[09C0] 48 C7 90 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 H..r:.K. ..M.OjM. >+[09D0] 50 85 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 P.}D.h.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 63 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 ..cifs.. localkte >+[0A30] 73 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 st6....0 ........ >+[0A40] A1 03 02 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 ........ .......d >+[0A50] A8 31 00 FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD .1..^Q<. .4G;.oo. >+[0A60] 9E A6 91 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB ....t-D. ...-F>.. >+[0A70] FB C4 FB F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 ........ ... j8.F >+[0A80] 06 27 D9 A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 .'...-.. .}...|.G >+[0A90] 17 BC 7B 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 ..{p.Qj. Qhb(J.Q. >+[0AA0] 0D CD 02 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 ...UuD.. ....4..1 >+[0AB0] 85 9E 43 C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 ..C..:.i . ...eO. >+[0AC0] 20 C9 B5 AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD ....a.. .c&.].<. >+[0AD0] 29 BB 7B 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 ).{t..,. K..$W7.. >+[0AE0] F7 91 FD 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A ...".... Jx.6.... >+[0AF0] 27 8A C6 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F '..(K{.. B....... >+[0B00] 9C B8 48 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 ..H&.x.. .l$..... >+[0B10] B3 D3 85 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA ...M8.}I U..F..{. >+[0B20] 11 62 63 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 .bcS..J. ..|..E.. >+[0B30] 98 58 67 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 .Xg~@eKH ......9. >+[0B40] 04 C0 A8 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC ...V...z z.`..).. >+[0B50] 82 4C 8F 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 .L.../.. .[l..E.s >+[0B60] CB A4 55 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD ..U..... Q..,..<. >+[0B70] F6 F0 A3 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 ...-.;.. ..*g.... >+[0B80] 7C 6C FB 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 |l.....] .^h0.X.. >+[0B90] 13 E0 26 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E ..&~}... .......^ >+[0BA0] 5E 6A ED 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB ^j.By1.. _:?..c.. >+[0BB0] 06 AE 12 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 ...6...} A....&.. >+[0BC0] 50 5E D0 DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 P^..&.0q .E;..... >+[0BD0] 2A 3C E0 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC *<.y.wL. iz...... >+[0BE0] FF 78 DB 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 .x.%{.<. "'..u... >+[0BF0] 40 95 6D C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 @.m....A ..%q.S:. >+[0C00] 9C B2 4D E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B ..M..,.G l..}.... >+[0C10] C9 1E 21 F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 ..!...B. h(..7".0 >+[0C20] 8D 53 FA 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 .S...... a...-u.A >+[0C30] 85 4C 88 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA .L.Vr... .4...\.. >+[0C40] 80 90 82 A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB .....h.. 2..Q.?g. >+[0C50] 7B EB 70 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F {.p....R U6a.`.[o >+[0C60] FE 9A 62 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 ..b..&.e .`K.c... >+[0C70] 44 B4 2F B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 D./..... .P.V...% >+[0C80] 76 0B 0F 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB v..D. .. ..c.TF.. >+[0C90] 5E 0B 09 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 ^....01{ ..#C;.}9 >+[0CA0] 67 FE 9A 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F g......4 $.t...4. >+[0CB0] 61 57 6A 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 aWj..J.. .x...T." >+[0CC0] 86 D6 69 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 ..i..D|. k.AcP.:. >+[0CD0] B9 7B 4C 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 .{LS..s. ...u.P.. >+[0CE0] B0 CF CC 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 ........ .y.j.... >+[0CF0] 7E E9 22 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 ~."..\.k ...U2^#. >+[0D00] C0 D4 8B 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D .....g.Y ..]....} >+[0D10] E2 FE B1 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 ...$..7. `..5H2.. >+[0D20] E8 12 E6 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B ...!|=!. k.1...L+ >+[0D30] 1C 5E EC 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E .^.4.-.. l.m.`.U. >+[0D40] E6 D0 B5 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A .....r.. N..k>... >+[0D50] 75 4D E8 CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 uM..Sk4. /..9..n' >+[0D60] 00 6D 41 B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 .mA..... .....V.. >+[0D70] 04 1D 98 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 ....^... ......;. >+[0D80] 98 1C D8 FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 ....f..2 `..F.<.. >+[0D90] 6F F2 8B 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 o..Mr... .qn|.... >+[0DA0] 4D F1 A1 B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B M.....bq .,...... >+[0DB0] 79 90 F1 C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 y...i.~. W...N... >+[0DC0] EA 4F 4C 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 .OLR.... .4`.|..6 >+[0DD0] 30 37 88 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 07..a..p ."p...n= >+[0DE0] 30 F7 4D 84 D5 00 00 00 00 00 00 00 01 00 00 00 0.M..... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 1D C8 5E LKTEST6. .......^ >+[0E60] 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 4D 99 4F FH..)... .rm..M.O >+[0E70] 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 00 40 28 jM...}D. h.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE 07 48 DA f..F..s- ...J..H. >+[0F00] 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 2D F5 9C ..X0C@.. ..;..-.. >+[0F10] 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED 8B 8B 1B >./..... ...p.... >+[0F20] 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 00 32 B1 ^.N..... a...V.2. >+[0F30] DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 D4 19 74 ..7)./.. .C.....t >+[0F40] 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 63 9B D4 3.iR.X.. ...D.c.. >+[0F50] 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D 29 B6 ED Nn.>...M ....m).. >+[0F60] 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A E2 29 AF *b=S"3.. ..tL*.). >+[0F70] 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 5E C1 68 [i.H-... ..T..^.h >+[0F80] 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 3B 10 17 o...y... .vfE.;.. >+[0F90] 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A C0 EA 38 .@F..... ....:..8 >+[0FA0] 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D 65 F0 D2 ;..K...' .b...e.. >+[0FB0] C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 4F A2 4A .^.e.... .1..IO.J >+[0FC0] 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 31 C8 40 pw...[7\ .....1.@ >+[0FD0] 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1C 53 52 ..h..}.T ORa1,.SR >+[0FE0] DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 97 97 3D ....9.}. .."....= >+[0FF0] 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 DF B7 C1 ^f....N. +.c 0... >+[1000] D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B 09 04 31 .e.o-.$. ..nK..1 >+[1010] B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D D9 0C 4C ....72.. s...M..L >+[1020] 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 A7 1F 33 [..jQ..? .F.s...3 >+[1030] 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F AA C7 E8 .|..Z#.@ |....... >+[1040] 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 69 B0 C1 c..:J..b .!...i.. >+[1050] 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 48 AB D7 .Q....B[ .08..H.. >+[1060] FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 FC C1 DC ....q... TB...... >+[1070] F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C 26 67 32 ..0b...} +4.RL&g2 >+[1080] D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 D6 EB 98 .D..'... ..f5.... >+[1090] 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B 20 D6 33 Fo.G..1. G.e.. .3 >+[10A0] 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 3E 4B 32 6;.@/Z.. ....3>K2 >+[10B0] 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 6A 3E D2 ..".._.. ...[Yj>. >+[10C0] FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 44 C0 1F ..O....o +.7.7D.. >+[10D0] 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE 72 5B 3A ..CF.^.. .9pa.r[: >+[10E0] 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 81 A0 0D .7.x.... ...G.... >+[10F0] 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 5A 4D E2 b..46... ...>wZM. >+[1100] 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 59 F7 A3 _ p==[4. ..1..Y.. >+[1110] F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 31 D4 F3 .f...... .3.."1.. >+[1120] 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 9E 91 B8 g.h ..rz od.h.... >+[1130] E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 58 14 60 ..ml8t.. ..%..X.` >+[1140] 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A 86 21 D3 ...L..g> 5gq.*.!. >+[1150] 60 61 98 16 94 67 0B 52 76 63 93 BD A3 3B A9 F0 `a...g.R vc...;.. >+[1160] A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D 94 71 59 .j...5d. j. .=.qY >+[1170] 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B 7A A8 E6 ^....M.. K.d.;z.. >+[1180] D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 C9 2F 77 ..vq&.\. .U..../w >+[1190] DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B 44 11 6B ...H.... 1....D.k >+[11A0] 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D F4 CC EA |.z].n.. ...4.... >+[11B0] 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 C6 16 57 7$K..... )...9..W >+[11C0] D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 56 9C EC ..W.l~.. .....V.. >+[11D0] 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F 16 25 31 .>!..|.< ....o.%1 >+[11E0] C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 DB 85 CC .(...G1P ........ >+[11F0] 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 10 8C 82 kK,...-. m....... >+[1200] 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 0A 4F E3 /.....w@ PB.B..O. >+[1210] 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 5B C3 1A ll...... }.<s"[.. >+[1220] 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 54 C0 E3 .5.:.m.h ..e~.T.. >+[1230] 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 25 4A 92 }j2L.>.x K....%J. >+[1240] 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 75 28 2F .l...Y.. .....u(/ >+[1250] F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 C4 A0 8D .*p(.E.u .Nb..... >+[1260] 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 09 EB 05 U....... $...@... >+[1270] 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 95 01 50 ...1P2/. ...K...P >+[1280] 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 00 00 01 n.#I.r!. ........ >+[1290] 00 00 00 01 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[12A0] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[12B0] 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 ...admin istrator >+[12C0] 00 00 00 01 00 00 00 02 00 00 00 17 4B 54 45 53 ........ ....KTES >+[12D0] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[12E0] 43 4F 4D 00 00 00 04 63 69 66 73 00 00 00 0B 4C COM....c ifs....L >+[12F0] 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 00 00 10 OCALKTES T6...... >+[1300] 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 ..^FH..) ....rm.. >+[1310] 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 M.OjM... }D.h.... >+[1320] 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 03 .@(..... ........ >+[1330] FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 .a...0.. ........ >+[1340] 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1350] 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 AMPLE.CO M..0.... >+[1360] 01 01 A1 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F ....0... cifs..LO >+[1370] 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 CALKTEST 6....0.. >+[1380] AA A0 03 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 ........ ........ >+[1390] 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE ...f..F. .s-...J. >+[13A0] 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 .H...X0C @....;.. >+[13B0] 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED -..>./.. ......p. >+[13C0] 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 ...^.N.. ...a...V >+[13D0] 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 .2...7). /...C... >+[13E0] D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 ..t3.iR. X.....D. >+[13F0] 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D c..Nn.>. ..M....m >+[1400] 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A )..*b=S" 3....tL* >+[1410] E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 .).[i.H- .....T.. >+[1420] 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 ^.ho...y ....vfE. >+[1430] 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A ;...@F.. .......: >+[1440] C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D ..8;..K. ..'.b... >+[1450] 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 e...^.e. ....1..I >+[1460] 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 O.Jpw... [7\..... >+[1470] 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1.@..h.. }.TORa1, >+[1480] 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 .SR....9 .}...".. >+[1490] 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 ..=^f... .N.+.c 0 >+[14A0] DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B ....e.o- .$. ..nK >+[14B0] 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D ..1....7 2..s...M >+[14C0] D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 ..L[..jQ ..?.F.s. >+[14D0] A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F ..3.|..Z #.@|.... >+[14E0] AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 ...c..:J ..b.!... >+[14F0] 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 i...Q... .B[.08.. >+[1500] 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 H......q ...TB... >+[1510] FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C .....0b. ..}+4.RL >+[1520] 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 &g2.D..' .....f5. >+[1530] D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B ...Fo.G. .1.G.e.. >+[1540] 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 .36;.@/ Z......3 >+[1550] 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 >K2..".. _.....[Y >+[1560] 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 j>...O.. ..o+.7.7 >+[1570] 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE D....CF. ^...9pa. >+[1580] 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 r[:.7.x. ......G. >+[1590] 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 ...b..46 ......>w >+[15A0] 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 ZM._ p== [4...1.. >+[15B0] 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 Y...f... ....3.." >+[15C0] 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 1..g.h . .rzod.h. >+[15D0] 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 .....ml8 t....%.. >+[15E0] 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A X.`...L. .g>5gq.* >+[15F0] 86 21 D3 60 61 98 16 94 67 0B 52 76 63 93 BD A3 .!.`a... g.Rvc... >+[1600] 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D ;...j... 5d.j. .= >+[1610] 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B .qY^.... M..K.d.; >+[1620] 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 z....vq& .\..U... >+[1630] C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B ./w...H. ...1.... >+[1640] 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D D.k|.z]. n.....4. >+[1650] F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 ...7$K.. ...)...9 >+[1660] C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 ..W..W.l ~....... >+[1670] 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F V...>!.. |.<....o >+[1680] 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 .%1.(... G1P..... >+[1690] DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 ...kK,.. .-.m.... >+[16A0] 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 .../.... .w@PB.B. >+[16B0] 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 .O.ll... ...}.<s" >+[16C0] 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 [...5.:. m.h..e~. >+[16D0] 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 T..}j2L. >.xK.... >+[16E0] 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 %J..l... Y....... >+[16F0] 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 u(/.*p(. E.u.Nb.. >+[1700] C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 ...U.... ...$...@ >+[1710] 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 ......1P 2/....K. >+[1720] 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 ..Pn.#I. r!...... >+[1730] 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 54 ........ ...KTEST >+[1740] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[1750] 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 OM....ad ministra >+[1760] 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 4B tor..... .......K >+[1770] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[1780] 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 00 LE.COM.. ..cifs.. >+[1790] 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 ..LOCALK TEST6... >+[17A0] 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 .....^FH ..)....r >+[17B0] 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 m..M.OjM ...}D.h. >+[17C0] 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 00 ....@(.. ........ >+[17D0] 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 ....a... 0....... >+[17E0] 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[17F0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C .EXAMPLE .COM..0. >+[1800] A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 1B .......0 ...cifs. >+[1810] 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE .LOCALKT EST6.... >+[1820] 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 82 0....... ........ >+[1830] 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 ......f. .F..s-.. >+[1840] FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F .J..H... X0C@.... >+[1850] 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC ;..-..>. /....... >+[1860] D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 .p....^. N.....a. >+[1870] D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 ..V.2... 7)./...C >+[1880] BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 .....t3. iR.X.... >+[1890] 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 .D.c..Nn .>...M.. >+[18A0] F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF ..m)..*b =S"3.... >+[18B0] 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D tL*.).[i .H-..... >+[18C0] 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 T..^.ho. ..y....v >+[18D0] 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF fE.;...@ F....... >+[18E0] 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 ..:..8;. .K...'.b >+[18F0] 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 ...e...^ .e.....1 >+[1900] 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 ..IO.Jpw ...[7\.. >+[1910] DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 ...1.@.. h..}.TOR >+[1920] 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 a1,.SR.. ..9.}... >+[1930] 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F "....=^f ....N.+. >+[1940] 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D c 0....e .o-.$. . >+[1950] 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 .nK..1.. ..72..s. >+[1960] F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 ..M..L[. .jQ..?.F >+[1970] E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F .s...3.| ..Z#.@|. >+[1980] DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 ......c. .:J..b.! >+[1990] B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 ...i...Q ....B[.0 >+[19A0] 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 8..H.... ..q...TB >+[19B0] DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 ........ 0b...}+4 >+[19C0] 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 .RL&g2.D ..'..... >+[19D0] 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 f5....Fo .G..1.G. >+[19E0] 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE e.. .36; .@/Z.... >+[19F0] 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 ..3>K2.. ".._.... >+[1A00] CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 .[Yj>... O....o+. >+[1A10] 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 7.7D.... CF.^...9 >+[1A20] 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA pa.r[:.7 .x...... >+[1A30] FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 .G....b. .46..... >+[1A40] F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 .>wZM._ p==[4... >+[1A50] 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 1..Y...f .......3 >+[1A60] A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 .."1..g. h ..rzod >+[1A70] FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 .h...... ml8t.... >+[1A80] 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 %..X.`.. .L..g>5g >+[1A90] 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B 52 76 63 q.*.!.`a ...g.Rvc >+[1AA0] 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA ...;...j ...5d.j. >+[1AB0] 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 .=.qY^. ...M..K. >+[1AC0] 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 d.;z.... vq&.\..U >+[1AD0] 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C ..../w.. .H....1. >+[1AE0] 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 ...D.k|. z].n.... >+[1AF0] C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 .4....7$ K.....). >+[1B00] D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB ..9..W.. W.l~.... >+[1B10] A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 ...V...> !..|.<.. >+[1B20] A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ..o.%1.( ...G1P.. >+[1B30] ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D ......kK ,...-.m. >+[1B40] 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 ....../. ....w@PB >+[1B50] 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF .B..O.ll ......}. >+[1B60] 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 <s"[...5 .:.m.h.. >+[1B70] 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF e~.T..}j 2L.>.xK. >+[1B80] 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 ...%J..l ...Y.... >+[1B90] CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E ...u(/.* p(.E.u.N >+[1BA0] 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE b.....U. ......$. >+[1BB0] BC CE 40 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 ..@..... .1P2/... >+[1BC0] 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 .K...Pn. #I.r!... >+[1BD0] 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 ........ ......KT >+[1BE0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[1BF0] 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 E.COM... .adminis >+[1C00] 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 trator.. ........ >+[1C10] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1C20] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 AMPLE.CO M....cif >+[1C30] 73 00 00 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 s....LOC ALKTEST6 >+[1C40] 00 17 00 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 ........ ^FH..).. >+[1C50] A6 F1 72 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 ..rm..M. OjM...}D >+[1C60] 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 00 .h.....@ (....... >+[1C70] 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 .......a ...0.... >+[1C80] 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[1C90] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 MBA.EXAM PLE.COM. >+[1CA0] 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 .0...... ..0...ci >+[1CB0] 66 73 1B 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 fs..LOCA LKTEST6. >+[1CC0] 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 ...0.... ........ >+[1CD0] 02 A2 82 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 ........ .f..F..s >+[1CE0] 2D CF 88 FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 -...J..H ...X0C@. >+[1CF0] 9C 00 0F 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B ...;..-. .>./.... >+[1D00] D7 2E EC D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 ....p... .^.N.... >+[1D10] 8D 61 E5 D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 .a...V.2 ...7)./. >+[1D20] EE A8 43 BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 ..C..... t3.iR.X. >+[1D30] 83 D6 16 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 ....D.c. .Nn.>... >+[1D40] 4D C4 96 F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 M....m). .*b=S"3. >+[1D50] 95 E9 DF 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 ...tL*.) .[i.H-.. >+[1D60] FD A5 1D 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 ...T..^. ho...y.. >+[1D70] 97 0B 76 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 ..vfE.;. ..@F.... >+[1D80] BB CF CF 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 .....:.. 8;..K... >+[1D90] 27 8C 62 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B '.b...e. ..^.e... >+[1DA0] CB 17 31 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 ..1..IO. Jpw...[7 >+[1DB0] 5C EC 06 DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE \.....1. @..h..}. >+[1DC0] 54 4F 52 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D TORa1,.S R....9.} >+[1DD0] C6 CE C8 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E ...".... =^f....N >+[1DE0] 2E 2B 9F 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 .+.c 0.. ..e.o-.$ >+[1DF0] 07 20 8D 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E . ..nK.. 1....72. >+[1E00] 0C 73 C6 F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA .s...M.. L[..jQ.. >+[1E10] 3F FF 46 E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 ?.F.s... 3.|..Z#. >+[1E20] 40 7C 0F DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 @|...... .c..:J.. >+[1E30] 62 01 21 B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 b.!...i. ..Q....B >+[1E40] 5B C5 30 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA [.08..H. .....q.. >+[1E50] 18 54 42 DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 .TB..... ...0b... >+[1E60] 7D 2B 34 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA }+4.RL&g 2.D..'.. >+[1E70] D0 FC 84 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 ...f5... .Fo.G..1 >+[1E80] BE 47 80 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E .G.e.. . 36;.@/Z. >+[1E90] 0E 01 BE 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 .....3>K 2..".._. >+[1EA0] D5 92 94 CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B ....[Yj> ...O.... >+[1EB0] 6F 2B 14 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 o+.7.7D. ...CF.^. >+[1EC0] FE D3 39 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 ..9pa.r[ :.7.x... >+[1ED0] E7 E9 DA FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB ....G... .b..46.. >+[1EE0] E6 98 D8 F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 ....>wZM ._ p==[4 >+[1EF0] D9 FD A8 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD ...1..Y. ..f..... >+[1F00] D5 85 33 A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 ..3.."1. .g.h ..r >+[1F10] 7A 6F 64 FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 zod.h... ...ml8t. >+[1F20] 96 A2 F6 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 ...%..X. `...L..g >+[1F30] 3E 35 67 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B >5gq.*.! .`a...g. >+[1F40] 52 76 63 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 Rvc...;. ..j...5d >+[1F50] DA 6A EA 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE .j. .=.q Y^....M. >+[1F60] 1B 4B D8 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C .K.d.;z. ...vq&.\ >+[1F70] DA 1A 55 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 ..U..../ w...H... >+[1F80] C3 31 9C 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 .1....D. k|.z].n. >+[1F90] DA EF C5 C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 ....4... .7$K.... >+[1FA0] F2 29 A0 D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 .)...9.. W..W.l~. >+[1FB0] 90 E0 EB A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 ......V. ..>!..|. >+[1FC0] 3C F9 D2 A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 <....o.% 1.(...G1 >+[1FD0] 50 DD E1 ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D P....... .kK,...- >+[1FE0] A9 6D 1D 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 .m...... ./.....w >+[1FF0] 40 50 42 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB @PB.B..O .ll..... >+[2000] F0 7D CF 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 .}.<s"[. ..5.:.m. >+[2010] 68 A3 C5 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 h..e~.T. .}j2L.>. >+[2020] 78 4B BF 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 xK....%J ..l...Y. >+[2030] CF 2E A0 CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F ......u( /.*p(.E. >+[2040] 75 C2 4E 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 u.Nb.... .U...... >+[2050] EF 24 EE BC CE 40 09 EB 05 0B D1 14 31 50 32 2F .$...@.. ....1P2/ >+[2060] B6 A8 97 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 ....K... Pn.#I.r! >+[2070] 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >+[2080] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[2090] 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 MPLE.COM ....admi >+[20A0] 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 nistrato r....... >+[20B0] 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[20C0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 .EXAMPLE .COM.... >+[20D0] 68 6F 73 74 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 host.... localkte >+[20E0] 73 74 36 00 17 00 00 00 10 72 47 04 38 B6 E6 F0 st6..... .rG.8... >+[20F0] 44 9E 9F 27 66 E1 69 9C 9A 4D 99 4F 6A 4D 99 90 D..'f.i. .M.OjM.. >+[2100] F5 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 .}D.h... ..@(.... >+[2110] 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 ........ ..a...0. >+[2120] 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 ........ ...KTEST >+[2130] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[2140] 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B OM..0... .....0.. >+[2150] 04 68 6F 73 74 1B 0B 6C 6F 63 61 6C 6B 74 65 73 .host..l ocalktes >+[2160] 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 t6....0. ........ >+[2170] 03 02 01 02 A2 82 03 9C 04 82 03 98 58 95 95 EB ........ ....X... >+[2180] CB 8F 68 D4 77 43 0F 3B 44 B4 15 DA 40 6D FD E9 ..h.wC.; D...@m.. >+[2190] 85 D3 2F CD B5 1E 96 CD F6 E9 67 91 36 08 9E B4 ../..... ..g.6... >+[21A0] B3 47 70 7A B3 4E 82 5A 4F 8E 4B F5 8D 04 E4 5C .Gpz.N.Z O.K....\ >+[21B0] C4 D8 0C AF 08 25 F9 C1 64 B2 3A 35 26 E9 B2 72 .....%.. d.:5&..r >+[21C0] 66 B5 E9 81 FC BE 12 1B CC 8A A5 82 31 F6 7F C3 f....... ....1... >+[21D0] 5A 19 A3 31 F2 99 14 1E 64 E4 41 E8 C7 C3 F3 DF Z..1.... d.A..... >+[21E0] F5 65 7D B0 9F DC 5D 25 1D 1A A8 EA AA 88 6D F4 .e}...]% ......m. >+[21F0] 7C 25 9F 53 F6 A6 8F B1 24 AF 98 FE 53 7B 35 3C |%.S.... $...S{5< >+[2200] DB EC 7F 09 74 E9 C4 8D 20 B4 47 08 0E 32 B8 C9 ....t... .G..2.. >+[2210] 45 27 12 F9 8E F5 D6 C2 DD 1A 96 0E 68 5F 39 65 E'...... ....h_9e >+[2220] 72 C7 BD 8E 04 0E 13 E1 03 27 AC 50 80 76 E6 7A r....... .'.P.v.z >+[2230] 8E F4 C2 72 4F 68 B3 34 00 A9 54 41 DA FD 96 94 ...rOh.4 ..TA.... >+[2240] 29 A1 59 15 2F DB 6C 94 85 49 C5 D0 6D 48 B0 C4 ).Y./.l. .I..mH.. >+[2250] 65 D0 95 1D DB 3D 25 D0 75 50 D4 CF FA 2F 71 57 e....=%. uP.../qW >+[2260] BD 6C 1C 59 E1 C3 5B C7 24 95 FF B0 20 EF 6A DB .l.Y..[. $... .j. >+[2270] 79 87 67 91 94 E9 16 E2 BB 74 7A 08 E1 6A 36 5F y.g..... .tz..j6_ >+[2280] DF 11 AB 35 9B 3E 32 48 83 89 41 4E 06 BF F9 BB ...5.>2H ..AN.... >+[2290] EC E4 D7 6D 77 C4 55 22 DF F7 91 4D CB C5 01 A5 ...mw.U" ...M.... >+[22A0] BA 2D 1E 92 76 04 E8 02 2F 5E AF 1C B3 B7 A6 FB .-..v... /^...... >+[22B0] 3A 9F D9 7C 6D DA B4 8F 31 00 A5 30 F2 76 72 9B :..|m... 1..0.vr. >+[22C0] 62 97 E0 56 E5 E4 C7 6B 8B FC 84 75 57 66 6E D7 b..V...k ...uWfn. >+[22D0] B7 41 6F 61 F4 5B 0F 87 68 F6 54 02 26 1B 1F B7 .Aoa.[.. h.T.&... >+[22E0] 60 D6 E7 FA 4F C7 DB 35 58 EC 13 21 D4 C6 A1 27 `...O..5 X..!...' >+[22F0] BA E7 82 DF 29 FB 9D 5D E8 35 28 C9 9C 4E D7 BE ....)..] .5(..N.. >+[2300] 2F 6D F1 E8 0B 5A 74 C9 93 9F AD 42 24 4B B7 3B /m...Zt. ...B$K.; >+[2310] 38 2A 11 CF F0 BD 85 40 48 D8 9D E7 6B 65 70 42 8*.....@ H...kepB >+[2320] 60 DA 9B 65 CB C8 C5 D7 40 3A 12 DC 64 AF 82 54 `..e.... @:..d..T >+[2330] 34 05 38 4F C6 FB 38 E2 73 A9 89 B7 FC 33 15 85 4.8O..8. s....3.. >+[2340] 9E CA E9 E0 89 18 18 84 02 65 B4 74 5B D4 A1 6F ........ .e.t[..o >+[2350] 5F 79 20 CB D7 36 C8 6D 5B 1E 5E 0C 82 16 9F CC _y ..6.m [.^..... >+[2360] 5A 1E 57 C1 B6 94 51 87 A1 3D 12 D4 8B FE 0F 93 Z.W...Q. .=...... >+[2370] ED 53 A3 F4 88 3C 35 05 89 FE AF 0B 36 62 E3 2F .S...<5. ....6b./ >+[2380] 5C 4A 0E 07 67 39 A3 8E C0 45 07 7F 73 32 BC DE \J..g9.. .E..s2.. >+[2390] 2D 00 8B 47 79 3D 1C A1 90 AE B6 8F 83 B2 1B 31 -..Gy=.. .......1 >+[23A0] EE E4 F2 C5 C1 4A E2 4A 2F 28 F0 AA 19 43 6A 14 .....J.J /(...Cj. >+[23B0] B1 42 61 90 34 2E EE 3D 16 9F 5D 9F 7A A2 01 7A .Ba.4..= ..].z..z >+[23C0] 4B 96 FA 4D C9 85 1A 75 27 B7 6B FD 4D 7D 9C 65 K..M...u '.k.M}.e >+[23D0] 97 DB 05 CC 76 68 EA 05 5D 5D BB BD 51 4B 5B F2 ....vh.. ]]..QK[. >+[23E0] 48 59 BD 1E AD 56 D4 69 A5 75 CD ED EC B1 3E AB HY...V.i .u....>. >+[23F0] FA B7 F8 8D 4F BE 95 63 38 1C 4C 70 26 C4 3A 21 ....O..c 8.Lp&.:! >+[2400] 80 61 05 3A D4 E2 28 2C 85 01 5A DA FC 10 60 F3 .a.:..(, ..Z...`. >+[2410] 74 0C FD DB 2F 5B 25 4B 14 E4 7D 8A DB 85 12 D2 t.../[%K ..}..... >+[2420] D7 69 CD B5 B1 93 CE E5 E6 4D 57 D3 C2 D3 2E A0 .i...... .MW..... >+[2430] 08 37 09 CD 19 99 09 FA 33 68 4A E0 92 46 21 0C .7...... 3hJ..F!. >+[2440] 99 9F DA 05 15 20 8B 3D 7C 7B CA D6 81 AC AA 83 ..... .= |{...... >+[2450] 48 C8 24 4C C8 FC A5 14 2C BC 49 1A 1C 49 61 1D H.$L.... ,.I..Ia. >+[2460] 24 86 42 B1 37 6A C8 3A AC 18 CC C0 50 84 12 48 $.B.7j.: ....P..H >+[2470] 8B 29 0A 49 26 A4 E2 B9 E5 96 E7 37 C3 DE 4C 23 .).I&... ...7..L# >+[2480] D2 D4 62 14 8F 1E 72 39 CF 03 BC A3 00 C7 63 51 ..b...r9 ......cQ >+[2490] A9 6B E4 3E B2 65 A1 A2 BB EC 06 41 85 50 22 02 .k.>.e.. ...A.P". >+[24A0] 46 2F 72 2B 32 1A A4 2D 85 94 02 47 69 8D AD 6D F/r+2..- ...Gi..m >+[24B0] 66 AB D4 E4 29 C8 C7 DA F4 18 31 2A DF 50 6A 05 f...)... ..1*.Pj. >+[24C0] D6 47 26 C4 F9 87 0F 35 24 6E 72 D6 23 7D 3A 94 .G&....5 $nr.#}:. >+[24D0] 14 8D E8 57 AA BA D7 CF A9 2D E7 4C 10 7C D8 0D ...W.... .-.L.|.. >+[24E0] 51 30 1F E1 FB E5 E2 6C EE AA 65 2F D8 22 05 67 Q0.....l ..e/.".g >+[24F0] 87 4D 4D D2 11 3D B4 1E AA 20 3F 76 E3 94 93 6D .MM..=.. . ?v...m >+[2500] AC 10 05 AF 09 BD 67 86 C5 83 93 D6 1C D3 81 D9 ......g. ........ >+[2510] B1 3B E1 76 00 00 00 00 00 00 00 01 00 00 00 01 .;.v.... ........ >+[2520] 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E ....KTES T.SAMBA. >+[2530] 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 EXAMPLE. COM....a >+[2540] 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 dministr ator.... >+[2550] 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[2560] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[2570] 00 00 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C ...host. ...LOCAL >+[2580] 4B 54 45 53 54 36 00 17 00 00 00 10 55 6E 3E FC KTEST6.. ....Un>. >+[2590] E2 F4 40 51 19 E6 6E EB 23 4C 48 8E 4D 99 4F 6A ..@Q..n. #LH.M.Oj >+[25A0] 4D 99 90 FC 7D 44 0B 68 00 00 00 00 00 40 28 00 M...}D.h .....@(. >+[25B0] 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 ........ .....a.. >+[25C0] F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 .0...... ......KT >+[25D0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[25E0] 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 E.COM..0 ........ >+[25F0] 30 13 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 0...host ..LOCALK >+[2600] 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 TEST6... .0...... >+[2610] 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 6E ........ .......n >+[2620] 87 B7 7B 3A 7E EF 4A 1B 29 C9 E3 C4 1F 42 4F 0E ..{:~.J. )....BO. >+[2630] C8 AC AC 4E A2 77 1D DA 93 37 F1 AF DA A3 75 2D ...N.w.. .7....u- >+[2640] 12 8B 40 34 23 0E 8E A9 90 58 46 42 42 39 31 D6 ..@4#... .XFBB91. >+[2650] 03 9E 5D 81 D9 E8 F6 08 2B D9 96 88 8A 2F F1 CC ..]..... +..../.. >+[2660] F2 EA 9E 9A 4B 31 B6 04 2D 3D 4C 7F 92 DE 3B 04 ....K1.. -=L...;. >+[2670] 19 EE 28 D0 83 81 C3 46 CD 74 23 4C 14 34 DE 62 ..(....F .t#L.4.b >+[2680] 0A AC E5 12 16 75 E9 A8 4B 32 78 CC 8D AE A2 E5 .....u.. K2x..... >+[2690] 6D E8 09 70 76 52 F5 E5 18 F7 E7 91 15 6A 69 AB m..pvR.. .....ji. >+[26A0] B8 62 DD 80 F5 28 6D DF ED 10 DA AC FB 92 27 CF .b...(m. ......'. >+[26B0] 98 B5 77 9D A5 96 E6 9A CC B9 C3 91 78 22 35 9C ..w..... ....x"5. >+[26C0] A1 13 A3 20 28 D1 16 E5 3E 4A 85 1E 12 0B CA 4D ... (... >J.....M >+[26D0] C6 C8 03 C8 28 2C D8 29 5D 9A 76 4A 92 13 43 56 ....(,.) ].vJ..CV >+[26E0] AF F7 C1 71 25 72 5C 38 75 1C 07 F1 5E 86 05 72 ...q%r\8 u...^..r >+[26F0] 6F 69 95 42 B6 F2 DA A9 91 06 9F B9 54 20 33 A5 oi.B.... ....T 3. >+[2700] 31 60 3B 54 DC 3A 95 34 96 26 07 52 6B 0E 1D 3B 1`;T.:.4 .&.Rk..; >+[2710] D9 F8 48 20 AC CD 05 3B 99 F8 EE DB 83 28 CD C7 ..H ...; .....(.. >+[2720] 2F 45 00 7E 2F 0A 65 7A D1 9E 95 4B EE C3 34 93 /E.~/.ez ...K..4. >+[2730] A8 C7 DF 03 8B 14 D0 FC CE 56 90 AC EE 93 C5 D3 ........ .V...... >+[2740] F7 12 24 69 0B 20 8D A2 65 87 55 26 2A F9 9A 88 ..$i. .. e.U&*... >+[2750] D7 0D 86 61 D6 92 B6 FE E5 D1 66 F9 1F 9D F4 04 ...a.... ..f..... >+[2760] 48 A6 39 BC 54 20 EA 10 21 E9 6D 30 46 1D C2 1C H.9.T .. !.m0F... >+[2770] A4 E8 B4 63 85 37 27 25 80 52 41 60 C7 A1 32 21 ...c.7'% .RA`..2! >+[2780] 43 90 02 E6 5F 5A E9 4E AF F9 B5 13 BD 42 BD A3 C..._Z.N .....B.. >+[2790] A5 4D 10 45 83 4D 92 18 1F C9 CF FB 84 29 89 23 .M.E.M.. .....).# >+[27A0] AC 71 4B 89 1B 52 E5 06 8C 3E 7C 88 CB D3 B3 CF .qK..R.. .>|..... >+[27B0] B9 7A 67 D6 24 F4 AC 00 A6 AD 91 30 9A 95 53 F1 .zg.$... ...0..S. >+[27C0] 48 06 A6 39 DB CF DC 9D C9 55 76 26 5E C1 DB 5D H..9.... .Uv&^..] >+[27D0] B3 5B 3E AE 1A A0 10 BA 82 21 83 44 02 E0 99 33 .[>..... .!.D...3 >+[27E0] 40 BA 29 9E 28 E5 73 4C 23 94 A2 4F BF 07 ED 4F @.).(.sL #..O...O >+[27F0] 7C 45 9B 30 C8 41 6B 0A 55 13 6E F5 AD 7A 0C B2 |E.0.Ak. U.n..z.. >+[2800] EA FF D0 06 13 4D F3 24 82 7F F6 51 2F 4A 4F 0D .....M.$ ...Q/JO. >+[2810] 37 F8 14 6B E9 E4 82 BB 3A 75 63 63 12 E8 78 6F 7..k.... :ucc..xo >+[2820] 6F FC 6C D3 4B A6 F1 CC 2A F1 7D EB 82 26 2F D0 o.l.K... *.}..&/. >+[2830] A1 8B 3E 9A 71 D7 91 D3 08 E6 FD 62 1B 84 13 2D ..>.q... ...b...- >+[2840] 8E A0 A0 C3 85 78 2F 0D F8 E7 10 FC CB 05 A7 B9 .....x/. ........ >+[2850] 9A 33 90 B5 9B 26 E3 23 98 B0 91 4B EB 32 37 D6 .3...&.# ...K.27. >+[2860] F4 ED 61 08 D8 75 CC 03 83 2C 3C CF 21 63 9C F6 ..a..u.. .,<.!c.. >+[2870] AF 5B 4F 12 07 74 17 CD 98 BB E7 5E C7 17 2D C4 .[O..t.. ...^..-. >+[2880] 87 A4 74 6D 5E CE DB A3 01 B9 AD 20 73 38 78 22 ..tm^... ... s8x" >+[2890] 3D 45 F5 51 77 C6 47 63 45 61 81 D9 FF 31 90 C4 =E.Qw.Gc Ea...1.. >+[28A0] 6F 5A F8 FE 6A 56 5B D4 EE EC 49 C7 A7 51 AE 5C oZ..jV[. ..I..Q.\ >+[28B0] 85 53 70 3D 1A 49 83 59 CF 65 58 B3 48 7E 04 9E .Sp=.I.Y .eX.H~.. >+[28C0] C7 64 8A 05 73 E3 DC 1A 65 5D 4F 41 01 56 73 90 .d..s... e]OA.Vs. >+[28D0] 61 F3 84 1F FF CF 46 B2 06 46 56 97 93 B9 DB 32 a.....F. .FV....2 >+[28E0] 2A 64 8A 48 02 05 84 E9 FA 76 8B 94 96 89 A0 73 *d.H.... .v.....s >+[28F0] 20 75 4D 52 1D 23 13 D1 83 D7 5D 59 23 6A 87 C1 uMR.#.. ..]Y#j.. >+[2900] 09 3E 01 3A 28 65 42 8C 35 F1 91 EA 6A 1F 83 0D .>.:(eB. 5...j... >+[2910] 8F 57 69 81 D4 A2 D2 EA 0C BF AF 95 A3 F4 90 15 .Wi..... ........ >+[2920] 61 34 F2 6C 8B D0 DA B5 1E 43 AC CE C7 8A 1B 2B a4.l.... .C.....+ >+[2930] 29 2B 89 1C C5 53 C8 04 F7 1E 46 72 F3 A8 CE F7 )+...S.. ..Fr.... >+[2940] 59 76 55 E7 53 1C A2 9F D8 23 F7 EA 71 B0 74 83 YvU.S... .#..q.t. >+[2950] 71 95 3E DC A6 FA 2D A4 42 13 93 8B 2B FA A2 70 q.>...-. B...+..p >+[2960] 25 21 2D F6 E1 26 56 DF 58 79 25 16 E8 C9 03 EC %!-..&V. Xy%..... >+[2970] 72 5F 35 CF 59 6B E1 AD 85 85 7B AB 78 F2 0D AC r_5.Yk.. ..{.x... >+[2980] AB 89 F2 DA 85 E7 DE 09 77 99 EC 7C F3 97 1F 71 ........ w..|...q >+[2990] 3C DB 09 44 7A 3C 69 E5 03 B0 6D 4D 3B 6B 4C D5 <..Dz<i. ..mM;kL. >+[29A0] AB 52 2F 6F 81 2B 51 5B D2 66 44 1E B7 66 5D 7F .R/o.+Q[ .fD..f]. >+[29B0] 09 6A 92 27 27 62 08 00 00 00 00 .j.''b.. ... >+dump OK >diff --git a/source3/selftest/ktest-krb5_ccache-3.txt b/source3/selftest/ktest-krb5_ccache-3.txt >new file mode 100644 >index 00000000000..76c492cd2b1 >--- /dev/null >+++ b/source3/selftest/ktest-krb5_ccache-3.txt >@@ -0,0 +1,832 @@ >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] E5 E4 15 C8 A8 0F 4D 95 F9 1B E3 B9 98 CA A1 7F ......M. ........ >+ authtime : 0x4d9b9045 (1302040645) >+ starttime : 0x4d9b9045 (1302040645) >+ endtime : 0x7d464c43 (2101759043) >+ renew_till : 0x7d464c43 (2101759043) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 01 40 48 A6 B8 F0 DA 43 54 A5 18 CF B0 15 CB 68 .@H....C T......h >+[0080] 9F A0 69 44 87 A9 FF 06 25 B9 29 48 59 64 26 48 ..iD.... %.)HYd&H >+[0090] 96 7C 46 6A 79 E5 F0 77 DB 46 6C 20 A1 59 D9 F8 .|Fjy..w .Fl .Y.. >+[00A0] 6A 8A 2D B5 D9 EF A4 54 DE 19 20 C0 7B 93 D4 3D j.-....T .. .{..= >+[00B0] ED 72 35 AF 9D 87 75 9E 44 01 A4 6C D9 EA 94 A3 .r5...u. D..l.... >+[00C0] 18 C6 42 75 E3 0A 0C 76 9A AE 75 BC A3 02 91 BC ..Bu...v ..u..... >+[00D0] 2D BB 3C 23 73 A6 1A A7 8A 3E 85 42 5D 1F 5D 7D -.<#s... .>.B].]} >+[00E0] 0B 1F C3 88 2A 93 40 F9 E9 18 7D 3F 73 DA AC 1F ....*.@. ..}?s... >+[00F0] E7 7B C3 B8 14 56 C3 63 86 5B AF C9 C3 21 9F 94 .{...V.c .[...!.. >+[0100] B4 67 06 60 7F 56 2D F4 C7 22 CD B4 1C 14 B7 5B .g.`.V-. .".....[ >+[0110] 26 67 9D 18 28 B5 5D C2 FC 13 B6 CA 9F AB CD 32 &g..(.]. .......2 >+[0120] 71 D5 51 5F A2 11 5A 5D 4A B3 3B 1D D1 6B 4F 7D q.Q_..Z] J.;..kO} >+[0130] E9 54 F0 B4 AC 80 DE 27 80 C5 64 3C 0B 22 79 1C .T.....' ..d<."y. >+[0140] 9E D1 58 A1 3E 20 5A 9F E3 34 49 D8 16 C6 6B 2D ..X.> Z. .4I...k- >+[0150] 36 0E E2 C2 3F 44 DE 63 32 DB EB 78 50 A2 6F 37 6...?D.c 2..xP.o7 >+[0160] 05 2B 13 D4 31 07 D4 2A C0 53 B1 30 39 79 C3 D8 .+..1..* .S.09y.. >+[0170] C4 4C 30 97 E8 F9 DA ED 10 B0 D0 21 71 8B 56 F3 .L0..... ...!q.V. >+[0180] 0F 3A 2D 26 A2 3D AD 70 27 82 95 59 0A D7 7D 4E .:-&.=.p '..Y..}N >+[0190] 2D 76 96 4D 94 70 2A BB 26 3B 7E FC E1 59 5A 55 -v.M.p*. &;~..YZU >+[01A0] 04 A2 DA 27 AD 46 70 45 43 C0 FB C1 42 7F F0 CB ...'.FpE C...B... >+[01B0] 21 D2 CD 54 35 7C 60 13 EE BB BB 60 6B 91 2B BE !..T5|`. ...`k.+. >+[01C0] 91 8A CF 49 29 F8 60 D1 AB A5 51 B5 5E 4B B2 3A ...I).`. ..Q.^K.: >+[01D0] F4 56 3A 89 2D 88 D0 73 08 A6 FB D8 6E B3 B1 4E .V:.-..s ....n..N >+[01E0] D8 90 27 58 D2 53 40 B2 A0 3C 40 4D E9 21 C6 83 ..'X.S@. .<@M.!.. >+[01F0] FC 15 14 F0 8C 08 46 C5 29 14 E3 84 CC 2C 56 C9 ......F. )....,V. >+[0200] 20 53 45 34 D0 BE E0 CC F7 F1 15 D4 D4 B1 3C 43 SE4.... ......<C >+[0210] EB 5E 9D 33 07 B4 5B E7 D8 24 B0 EB 7B 27 24 6B .^.3..[. .$..{'$k >+[0220] 2A 90 C9 17 D9 24 CF FD 56 28 D7 73 74 03 2F DA *....$.. V(.st./. >+[0230] C4 E0 B3 78 E4 9A 60 4D 5C C7 F5 CF 9C 14 7C B6 ...x..`M \.....|. >+[0240] 1B 5D 76 D1 E3 73 73 2F 41 BD E3 E7 F0 92 B4 5B .]v..ss/ A......[ >+[0250] 07 B4 16 77 DC 3C 28 A4 92 82 C5 7C CA 00 9C 77 ...w.<(. ...|...w >+[0260] B8 28 7F D0 3F EA 2B C1 79 2B 73 FF E0 E0 A5 17 .(..?.+. y+s..... >+[0270] 02 CA 6C B6 02 D2 51 D3 CE 6F 5B 56 E0 7B 38 22 ..l...Q. .o[V.{8" >+[0280] 76 52 48 2D 0A 2F 15 58 A9 FE 03 65 E1 D5 A8 60 vRH-./.X ...e...` >+[0290] E3 5D E6 53 D8 AA 05 D0 90 61 EF B6 28 4A B9 84 .].S.... .a..(J.. >+[02A0] 56 79 80 D2 53 08 1D 17 C4 05 4E F8 04 10 2B CF Vy..S... ..N...+. >+[02B0] 08 DD 61 68 27 21 A5 8A C0 35 6A 0A 94 6D 9E FD ..ah'!.. .5j..m.. >+[02C0] C9 45 AC E3 4F 60 BB 96 AF D4 4E 71 A9 D9 BE 33 .E..O`.. ..Nq...3 >+[02D0] DC 61 8B 14 77 6C A7 72 70 02 65 62 32 9C 8E 53 .a..wl.r p.eb2..S >+[02E0] C9 A3 5B B9 14 3C 00 A2 1D C7 CD 36 5B 5F BE 40 ..[..<.. ...6[_.@ >+[02F0] 28 E2 58 0D D1 05 53 78 F0 86 0F 80 1A 6A 1D DC (.X...Sx .....j.. >+[0300] D4 CD F2 83 0E 25 E1 60 DB C7 F4 B6 05 4F 0D 11 .....%.` .....O.. >+[0310] A4 AE A5 F8 6D 14 CF DF 03 C5 27 75 75 B5 0C F1 ....m... ..'uu... >+[0320] C3 01 F9 A4 FD 2E 0B BD 51 A8 C1 3B DE 48 CF 3A ........ Q..;.H.: >+[0330] CF B3 41 23 9A 9D 0C 79 11 7C 9B D3 71 43 4E 9D ..A#...y .|..qCN. >+[0340] B5 52 19 28 2C A0 4E 0E 8D 7A 84 9A B9 A0 EB FA .R.(,.N. .z...... >+[0350] 6E A1 DF B9 2F 6B FE 5E AE 85 D1 6B A2 C5 BE 07 n.../k.^ ...k.... >+[0360] E7 D6 33 3A 0F 2B ED FB 30 6F 88 1E F9 09 CC C3 ..3:.+.. 0o...... >+[0370] 8F 59 A0 D4 8D 9F A6 08 B0 D3 ED EB 15 13 1B 8E .Y...... ........ >+[0380] 19 C6 14 9C 25 E7 E9 EF 5A 67 7B CD 86 C4 D1 51 ....%... Zg{....Q >+[0390] 2B DE 27 30 D9 F5 6E F9 E4 3E CF 42 54 AE 42 61 +.'0..n. .>.BT.Ba >+[03A0] C5 22 B7 AE 51 76 8F 12 83 7F E1 9F 97 D8 31 38 ."..Qv.. ......18 >+[03B0] A6 B9 11 B4 E1 BA 19 5B E4 A5 A3 6F 4B B3 03 93 .......[ ...oK... >+[03C0] 4C D6 1E 08 FC 94 D1 C5 7C AA 95 EB 9C 7A C2 57 L....... |....z.W >+[03D0] 60 CA 17 FF 8E 66 80 76 CB 35 46 26 C3 BD CA 83 `....f.v .5F&.... >+[03E0] F0 04 08 0D 4C 5D B2 E4 7C 1C 82 28 D7 2C 42 B1 ....L].. |..(.,B. >+[03F0] 36 72 60 5E 26 4A 79 D0 41 94 3C 2C 65 0E 32 18 6r`^&Jy. A.<,e.2. >+[0400] B8 56 26 9D D3 84 78 BB .V&...x. >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=4748 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 68 6F 73 74 00 PLE.COM. ...host. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 EA 0D 3A 24 41 21 F7 7D 7D A3 C5 BB ......:$ A!.}}... >+[0080] A4 88 F6 17 4D 9B 90 45 4D 9B 90 52 7D 46 4C 43 ....M..E M..R}FLC >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 68 6F 73 74 ........ 0...host >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 03 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 44 8B C4 7D BA 9F FE 59 F6 .......D ..}...Y. >+[0110] C1 DF 62 89 02 A4 55 54 AB D6 D6 2E 8B 5E 35 3D ..b...UT .....^5= >+[0120] D9 46 9D 8B 49 93 A6 66 5F 1A 8B 81 AD 09 19 E9 .F..I..f _....... >+[0130] 59 CE 58 18 50 63 4A A6 7D 6F 71 21 51 4A 41 C2 Y.X.PcJ. }oq!QJA. >+[0140] A1 FE B0 D5 0A 3D 38 9F E5 3B 72 A2 7A 59 22 A4 .....=8. .;r.zY". >+[0150] B7 1C A3 8D DB EA 5D A5 E2 D3 1D AE 42 D0 7F 75 ......]. ....B..u >+[0160] B5 E9 ED B5 04 7B 67 1E 28 90 7D 3D 1A 3E F6 62 .....{g. (.}=.>.b >+[0170] D0 A1 56 89 28 76 5C 19 1A FD 66 E5 F2 86 E7 58 ..V.(v\. ..f....X >+[0180] 93 31 90 C5 CD F8 71 96 56 21 15 13 F0 EA C2 CC .1....q. V!...... >+[0190] 48 4C B4 50 EF F9 81 44 29 8A 75 C4 31 75 D1 BA HL.P...D ).u.1u.. >+[01A0] E2 0B 05 B2 E0 EA 64 3A 11 45 84 3D 69 55 FF E6 ......d: .E.=iU.. >+[01B0] 32 7E C9 CA C4 28 E8 40 B6 5E F9 26 0F 09 12 1F 2~...(.@ .^.&.... >+[01C0] 1F D4 9C 9A 50 E8 B7 6D F8 4F 55 6E 2A D4 AC 6A ....P..m .OUn*..j >+[01D0] 79 D1 C2 2A 88 99 F8 39 75 36 F1 2D C7 89 0A C6 y..*...9 u6.-.... >+[01E0] B4 C7 A1 7B F1 BF 22 87 A4 B2 93 22 54 A1 72 25 ...{..". ..."T.r% >+[01F0] AF 67 FE 20 D5 C8 29 47 28 FF 51 FB F9 4E 2C 17 .g. ..)G (.Q..N,. >+[0200] 10 BE 2E 13 8B 18 BE 3C A3 BE 50 49 A7 65 DD 2E .......< ..PI.e.. >+[0210] CC EB D6 0F 47 4E DB 7E 08 D5 F0 37 79 36 8F 24 ....GN.~ ...7y6.$ >+[0220] 34 28 86 89 EC A3 84 7F 44 4E 37 03 B5 D8 89 1C 4(...... DN7..... >+[0230] C7 AA AC 42 70 5F 96 73 35 8B 83 D1 16 24 27 C1 ...Bp_.s 5....$'. >+[0240] EC 0E AE 83 59 5A C2 EB C1 91 B6 3D BB 8D 21 49 ....YZ.. ...=..!I >+[0250] 63 41 3C 91 1D E9 01 C2 4F A9 E4 42 C1 FD 54 E3 cA<..... O..B..T. >+[0260] 7B 3B DF 24 3D 98 E9 84 F8 1D 8D CE 4D 85 AC 8A {;.$=... ....M... >+[0270] 12 15 48 C4 DA 1B 3C B8 FC A3 0B AF E2 4D 71 E9 ..H...<. .....Mq. >+[0280] 0A 28 53 DC 4E 6C 23 2C 73 26 50 FE 37 03 BF D1 .(S.Nl#, s&P.7... >+[0290] 5F 8A 39 4F 04 2E 4A CE 3C 90 11 0C DA 84 5C C3 _.9O..J. <.....\. >+[02A0] F8 BE C7 74 ED F4 CF 7E B2 AE 9B 47 D6 2A 1D 93 ...t...~ ...G.*.. >+[02B0] 3F A8 8B 51 E9 A3 A0 59 55 DB E3 52 67 E3 DE FF ?..Q...Y U..Rg... >+[02C0] B1 56 74 A0 87 21 99 23 8C 8E D1 92 A6 3D 93 D6 .Vt..!.# .....=.. >+[02D0] 4D 5B 84 2B B1 8D DD E4 F7 01 A6 6C 4A DF 3C 6E M[.+.... ...lJ.<n >+[02E0] A0 FA 74 93 BE 18 7C 30 29 9D B8 DB 5F D1 AA B7 ..t...|0 )..._... >+[02F0] 51 7C 2A 90 1A 8B 06 95 E1 80 0D 27 B2 6C 52 1C Q|*..... ...'.lR. >+[0300] C7 D1 E9 16 14 F1 6C 57 48 28 BD 13 B5 83 BA A7 ......lW H(...... >+[0310] 75 31 69 52 03 38 69 13 62 ED C6 DC C2 01 C8 F1 u1iR.8i. b....... >+[0320] 45 02 4D 8C 64 CF 96 90 3E C2 08 EC 2B 8D 92 93 E.M.d... >...+... >+[0330] 4B 6D 22 B3 41 DE 85 35 2D 19 09 E5 68 8E 1F 98 Km".A..5 -...h... >+[0340] 1B F2 73 F2 D4 91 08 89 42 0C 05 8B 42 77 6B CC ..s..... B...Bwk. >+[0350] 18 78 43 1A 73 C2 7C E7 C2 23 28 56 F7 A0 19 B3 .xC.s.|. .#(V.... >+[0360] 99 A6 25 4F C3 5E 70 EC 78 BB 30 15 36 77 B3 A6 ..%O.^p. x.0.6w.. >+[0370] 89 98 B6 A0 85 CC 8F E7 41 40 B5 E0 89 93 25 04 ........ A@....%. >+[0380] B8 1D 0B 06 31 1D C7 30 52 E1 64 29 8C 64 B9 89 ....1..0 R.d).d.. >+[0390] 1F 86 5A AD 74 15 1C C8 AF 37 7B 27 E0 C0 DB 73 ..Z.t... .7{'...s >+[03A0] 30 72 65 D3 C0 A5 07 61 E9 0C 07 A1 27 18 8F 50 0re....a ....'..P >+[03B0] DB CE FB 4C DD 75 98 F2 28 D2 76 FF F2 41 9F D5 ...L.u.. (.v..A.. >+[03C0] 74 22 8A 03 73 B1 A8 B3 B8 80 93 E5 E2 CD 4B F2 t"..s... ......K. >+[03D0] 6B 99 DF 5B 5B C7 22 69 81 2A 8A CD 2A F9 9D 08 k..[[."i .*..*... >+[03E0] B8 B0 40 77 D3 43 8B AF 40 DD 0C CB 45 E3 88 CB ..@w.C.. @...E... >+[03F0] 06 AA 63 38 EB DD 72 89 03 0E DC 3E 97 3F 16 D4 ..c8..r. ...>.?.. >+[0400] 1A 21 40 D8 30 BD B0 B4 04 C2 7A 22 43 15 A2 D8 .!@.0... ..z"C... >+[0410] 2F 08 28 3B 63 26 AA B3 1C B6 FC E4 0B 2A CD 0E /.(;c&.. .....*.. >+[0420] A8 7C E8 11 33 03 D3 C5 6C 35 6A 5D 3C 5A 80 1A .|..3... l5j]<Z.. >+[0430] BC 1C 54 DE 5C 6A E2 F3 A1 18 8E 47 88 8B 71 11 ..T.\j.. ...G..q. >+[0440] 09 2F 29 88 D9 BB DC 34 09 E1 2F 7E A7 E8 29 DC ./)....4 ../~..). >+[0450] F9 5A 1D 9E C8 A4 CC 52 8A E6 CB 4A 3F F9 77 F7 .Z.....R ...J?.w. >+[0460] 53 64 62 9E 5F E6 D7 F6 43 E6 9C 03 C9 55 B1 CB Sdb._... C....U.. >+[0470] 25 40 74 AA E9 AB 34 58 E1 E8 9B B3 1D 9E 83 FD %@t...4X ........ >+[0480] 7A BF DC 45 2D A8 9A F8 AF 9C 63 EF 1B 2B 9D CC z..E-... ..c..+.. >+[0490] F3 08 74 EC 6E 40 8E 18 62 BD F3 87 66 87 67 00 ..t.n@.. b...f.g. >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 92 C6 A1 91 6D 55 01 4E BE 6....... ...mU.N. >+[0520] E4 3F E3 36 B0 D3 28 4D 9B 90 45 4D 9B 90 5A 7D .?.6..(M ..EM..Z} >+[0530] 46 4C 43 00 00 00 00 00 40 28 00 00 00 00 00 00 FLC..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 03 A2 82 03 9C 04 82 03 98 FE 09 00 80 36 35 ........ ......65 >+[05B0] D4 6E 71 0C 33 22 36 9E 89 88 32 E3 34 4A 4C BF .nq.3"6. ..2.4JL. >+[05C0] 80 19 81 CC A0 CB 96 DB 31 F7 2A 19 75 DE 0E DA ........ 1.*.u... >+[05D0] D0 18 FA 9E 75 E6 E4 13 C9 BE 3F C0 1B AD 5B 98 ....u... ..?...[. >+[05E0] E9 FC A3 9D 16 FF C8 91 03 AC 8B E6 2D 15 B3 F1 ........ ....-... >+[05F0] 23 4E 25 9E 45 3A F8 8A 19 B7 71 52 A6 92 1C FB #N%.E:.. ..qR.... >+[0600] 1F D4 4C 51 AF 9C 0E 73 D9 A8 D8 43 F2 64 71 BC ..LQ...s ...C.dq. >+[0610] AD B1 7B 8F BF 8D FF 72 89 0F 5E B6 C2 E3 C0 01 ..{....r ..^..... >+[0620] 98 41 AD 3F 6E DC 87 F5 9A E6 40 0C 17 0F 75 80 .A.?n... ..@...u. >+[0630] 0C 28 62 06 EB BF F8 69 8C 43 48 38 A8 AE F2 5E .(b....i .CH8...^ >+[0640] 45 11 23 FB 6B 85 83 54 BA 60 39 CE 08 00 D1 05 E.#.k..T .`9..... >+[0650] 5F 6F 79 96 30 28 06 DD C7 75 52 8E 3C C4 3F FC _oy.0(.. .uR.<.?. >+[0660] C1 31 28 2C 64 3B D1 7E 2F C2 DB B0 E8 A8 EF C5 .1(,d;.~ /....... >+[0670] F2 DC 43 D0 14 21 C8 D0 D3 15 45 8E 2A 3E 3B 4A ..C..!.. ..E.*>;J >+[0680] 60 25 3D 11 E4 F9 16 02 3E 55 8F CE D2 E9 95 E7 `%=..... >U...... >+[0690] B1 C4 8F C4 0B 3E 3C 14 15 28 1A 21 49 15 CE 8E .....><. .(.!I... >+[06A0] 91 5E 98 71 00 1F 29 D3 12 C8 D0 11 4F E7 14 E3 .^.q..). ....O... >+[06B0] 72 1B 61 6D 7B 8A 00 A6 5E 01 01 50 C2 CF 1A A9 r.am{... ^..P.... >+[06C0] 34 8C BA 33 9E 62 C5 69 97 6A 24 3D E0 C6 3F C6 4..3.b.i .j$=..?. >+[06D0] F4 36 B1 80 D6 5C 44 19 5B 65 C7 CA 47 DE 4B 65 .6...\D. [e..G.Ke >+[06E0] 41 29 9F F8 EA E8 E0 3B E2 C6 98 9D 58 A4 6C 62 A).....; ....X.lb >+[06F0] EF 25 12 C9 0E 97 CE 9D F0 D8 08 AD 13 73 A6 82 .%...... .....s.. >+[0700] C5 54 23 F4 A4 CB 91 35 91 BD 10 B4 04 DD 55 7E .T#....5 ......U~ >+[0710] C9 DE AE CB B0 8F C0 D8 28 AE BD 78 64 91 6C AB ........ (..xd.l. >+[0720] CA 36 EA 0E 0E 97 DC 40 ED 26 1D 09 17 28 30 D3 .6.....@ .&...(0. >+[0730] 78 DC F7 D2 9C 78 DA 6F 6F 57 00 B3 FD 8E 75 A1 x....x.o oW....u. >+[0740] 56 98 5C 4B D8 61 A6 0A 89 27 CD 11 BF 7F 79 53 V.\K.a.. .'....yS >+[0750] D9 50 9A 8D EC DD DB BB B8 23 27 0D 20 5B 53 51 .P...... .#'. [SQ >+[0760] 07 C4 26 31 3B D4 DF ED 3C 40 B4 1C 8B 46 E2 A6 ..&1;... <@...F.. >+[0770] B7 0F 97 D2 B3 1D 19 FD 13 60 7B 38 E6 37 0C 59 ........ .`{8.7.Y >+[0780] B0 A8 47 5D 32 A5 0C 57 76 EF 2C ED 40 9F BF 4B ..G]2..W v.,.@..K >+[0790] 43 99 3C 68 C4 DE 84 9C A1 36 8C CA CB 2A 08 36 C.<h.... .6...*.6 >+[07A0] 4E CD 43 06 9E F8 E7 1D 52 3B 59 37 4F 6F 65 D9 N.C..... R;Y7Ooe. >+[07B0] 2A F9 AD 5A 50 95 71 3F B1 5F C8 8E 2E E9 E4 FE *..ZP.q? ._...... >+[07C0] C8 A9 42 2C EE 18 E0 81 3C 00 E2 80 8D 8A 8B 71 ..B,.... <......q >+[07D0] C7 F5 AC 5C 36 1D E0 BC F0 11 57 67 CB 2C BE F6 ...\6... ..Wg.,.. >+[07E0] 90 4E F9 90 97 14 1F 0C 9D 5D 4D DF 0D D0 C0 C5 .N...... .]M..... >+[07F0] 08 E7 31 72 8E 35 63 17 8D 8B 3D 49 14 C8 A5 90 ..1r.5c. ..=I.... >+[0800] 88 24 AF 75 CA 0A CB 95 8A 2C 70 A6 CE 2F 3F B6 .$.u.... .,p../?. >+[0810] D7 1A 44 AC 05 93 EF 3D 03 C7 C2 8E 0F 31 9F 53 ..D....= .....1.S >+[0820] 67 CA 73 D3 B8 07 76 36 35 6F B5 32 30 38 86 7E g.s...v6 5o.208.~ >+[0830] 7E 95 3F DC F4 6F A9 67 0E 15 E8 4A CA 3F 18 0E ~.?..o.g ...J.?.. >+[0840] C6 E7 20 22 6B F1 39 6A 9C A6 47 64 81 E4 CB A8 .. "k.9j ..Gd.... >+[0850] 31 FF E2 97 13 41 89 45 79 53 2B A8 90 97 DE 7B 1....A.E yS+....{ >+[0860] 18 56 95 02 2A 94 D2 7E 5C D0 A0 BC A0 38 D2 BC .V..*..~ \....8.. >+[0870] 03 91 F7 35 FE 1A 5E 80 10 13 4E 83 CB F6 D7 8A ...5..^. ..N..... >+[0880] 02 A2 E8 1F D8 9B F1 76 F9 18 66 56 9C 4D 9E BF .......v ..fV.M.. >+[0890] 1D F4 66 86 E0 7B 88 EC 9C F7 50 13 7D 34 8A 54 ..f..{.. ..P.}4.T >+[08A0] 7A E1 EC F6 44 12 47 84 7D 16 B4 42 25 E5 A2 CC z...D.G. }..B%... >+[08B0] D8 CA 7A 38 21 85 A3 F8 41 6D 0D AC 1D FA 36 5D ..z8!... Am....6] >+[08C0] 23 EA 20 CC 43 A5 7E D9 25 97 BC 0E 74 F5 3D 98 #. .C.~. %...t.=. >+[08D0] B9 79 C2 65 50 0E 8D E7 7A F3 F3 88 37 A3 40 01 .y.eP... z...7.@. >+[08E0] 96 C6 FC 1D 6E 9E 06 A1 90 A0 78 3C DA 7F E9 C6 ....n... ..x<.... >+[08F0] 23 47 70 04 03 EE C2 4A C3 95 07 44 00 BD 29 2A #Gp....J ...D..)* >+[0900] B5 FA 17 1E D6 BC 00 A0 93 55 E0 82 0A AB 04 D4 ........ .U...... >+[0910] D5 56 84 2A B2 56 51 05 DB 30 E2 83 5A 75 D3 A8 .V.*.VQ. .0..Zu.. >+[0920] 30 B7 3E C4 25 70 A8 34 E4 A2 EB 3E FB D8 2D 10 0.>.%p.4 ...>..-. >+[0930] 72 8E DA 4D 2D 55 EC 49 66 5E 01 96 E4 C1 0C 23 r..M-U.I f^.....# >+[0940] 57 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 W....... ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C 4B 54 .host... .LOCALKT >+[09B0] 45 53 54 36 00 17 00 00 00 10 9D AE 06 BE 29 E0 EST6.... ......). >+[09C0] F7 9A 46 97 29 E0 69 8E 5A F0 4D 9B 90 45 4D 9B ..F.).i. Z.M..EM. >+[09D0] 90 61 7D 46 4C 43 00 00 00 00 00 40 28 00 00 00 .a}FLC.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 54 45 ..host.. LOCALKTE >+[0A30] 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 ST6....0 ........ >+[0A40] A1 03 02 01 03 A2 82 03 9C 04 82 03 98 B9 C5 6E ........ .......n >+[0A50] 77 F9 59 6D 19 F0 A6 56 2F 14 B3 9A A3 17 06 A6 w.Ym...V /....... >+[0A60] AD F5 92 38 6A 1E EA 3D 53 BF 5E 95 13 FF 5D BB ...8j..= S.^...]. >+[0A70] 43 4F 51 AE FB 12 3B 06 67 36 91 B9 E0 C4 C4 F3 COQ...;. g6...... >+[0A80] 45 A0 48 E6 DC 49 E8 EA 6F 55 D2 3F 79 57 54 FF E.H..I.. oU.?yWT. >+[0A90] 10 8D 89 4A A4 E2 B2 80 FD EE 36 C5 D5 4C D0 97 ...J.... ..6..L.. >+[0AA0] B3 EC 96 8B E8 5A 05 F0 13 39 8B 1B B3 C4 32 2A .....Z.. .9....2* >+[0AB0] 9B BB EF 06 C4 1C 53 2F 0A F6 A8 C6 BE 09 57 26 ......S/ ......W& >+[0AC0] B9 39 7B 7B 50 13 2D 6C 52 FF C4 B5 83 28 A8 47 .9{{P.-l R....(.G >+[0AD0] 5A CD 1C DD A7 65 FD 8A 84 2A 10 E7 44 E6 83 E7 Z....e.. .*..D... >+[0AE0] E7 AA B8 E5 0A 8B 7E E1 87 7B 3D C4 9F 68 BD 19 ......~. .{=..h.. >+[0AF0] 2B 59 5E 5A 45 0D B5 71 CC A6 C7 03 3C B3 17 D3 +Y^ZE..q ....<... >+[0B00] AF 99 F6 A2 52 A0 99 F7 39 56 B4 33 B4 C5 F4 CC ....R... 9V.3.... >+[0B10] 74 34 4C 00 76 26 10 D1 3A 87 6E 6A 52 9B 7A BF t4L.v&.. :.njR.z. >+[0B20] 4E 59 36 32 C5 41 29 CF E1 BF 14 E0 54 BF 4A 25 NY62.A). ....T.J% >+[0B30] 1F 0B 6E 9A 8C 0E 5D 47 A9 64 1B A4 9D 99 A9 09 ..n...]G .d...... >+[0B40] 39 14 E7 41 22 98 8C 62 CC E2 B5 91 8E C1 31 EB 9..A"..b ......1. >+[0B50] B2 70 A6 3B 86 FC DD 19 0B 3F 5D C9 B5 1A 95 73 .p.;.... .?]....s >+[0B60] EB 97 89 BE 14 87 85 17 BE 40 F6 80 14 23 4D 66 ........ .@...#Mf >+[0B70] E4 B0 E5 51 46 34 DA 1C C8 CB FF C6 84 A3 DF D2 ...QF4.. ........ >+[0B80] DC 00 AF 7B 27 C8 78 44 CB 6E 7B CC 5C 94 1E 7A ...{'.xD .n{.\..z >+[0B90] 95 29 19 F4 14 BE 5C 23 C3 B9 A4 2C 5D 4D F3 61 .)....\# ...,]M.a >+[0BA0] 63 1F D4 FE 37 EE 44 14 06 B7 14 50 B6 74 37 75 c...7.D. ...P.t7u >+[0BB0] 2C AB 06 F0 93 F9 93 34 75 63 44 7E 12 48 D1 F1 ,......4 ucD~.H.. >+[0BC0] 06 55 14 11 B9 23 43 CE 01 16 3E 6B A3 BD 23 55 .U...#C. ..>k..#U >+[0BD0] DE 48 5D AF E1 2B 89 E8 E7 C2 E2 34 25 A2 09 4A .H]..+.. ...4%..J >+[0BE0] 1F BE 05 AA DE 4B 08 65 27 4C 9B C7 54 96 C2 FB .....K.e 'L..T... >+[0BF0] E2 CE 53 4A 32 93 8D 0B 44 77 8C D3 65 54 F9 0E ..SJ2... Dw..eT.. >+[0C00] 7F 74 1E FE 3D 74 83 0F 2F E7 9F BC A2 B0 2B 25 .t..=t.. /.....+% >+[0C10] BB D2 6F A8 49 C1 3E 9E B5 93 67 74 39 A4 FE 84 ..o.I.>. ..gt9... >+[0C20] 4C 45 5F 30 74 E0 CA 5F F6 46 EC 89 B5 2D C8 14 LE_0t.._ .F...-.. >+[0C30] 69 76 BC 93 15 F4 60 30 5F AB EB 02 DD 12 4C 62 iv....`0 _.....Lb >+[0C40] F9 73 F7 01 E1 7F 2A 6F 09 05 BF 3A 3A 7E 69 A3 .s....*o ...::~i. >+[0C50] 7B FC 20 2B D6 CE C0 74 4F BB 29 E4 BE CE 04 9D {. +...t O.)..... >+[0C60] 24 D4 98 4A ED 94 A8 81 CD 26 A0 63 EA 09 57 42 $..J.... .&.c..WB >+[0C70] 26 B7 B5 4E B5 CB 45 35 A7 84 D8 74 CA C3 9F FF &..N..E5 ...t.... >+[0C80] C8 1E 2A 75 34 01 C5 A7 B4 9D 6F A3 E1 BB 2B F8 ..*u4... ..o...+. >+[0C90] F0 21 D6 77 57 74 2E 80 DB 76 53 01 86 33 17 32 .!.wWt.. .vS..3.2 >+[0CA0] 2E 16 E1 8D 89 3A B2 67 ED A3 ED 39 82 87 26 A6 .....:.g ...9..&. >+[0CB0] DB CE 59 84 E4 0A A6 CA 7E 07 98 F7 02 91 6E 56 ..Y..... ~.....nV >+[0CC0] 9F 60 03 D3 88 B0 FF EB 20 CA 9E 5B 37 26 67 00 .`...... ..[7&g. >+[0CD0] CC BD 9D 53 15 31 53 14 FD 9C E1 28 08 CB C4 0B ...S.1S. ...(.... >+[0CE0] E3 50 D9 DB 0C E2 E4 F9 44 50 E9 28 6E 01 96 AA .P...... DP.(n... >+[0CF0] C1 D2 4E B2 DE 38 A2 F8 94 32 79 AE 49 64 FB 57 ..N..8.. .2y.Id.W >+[0D00] 50 F6 73 E8 98 43 C6 DD 67 3C 91 AC 97 C9 2E 8C P.s..C.. g<...... >+[0D10] 06 59 A1 FC 49 EC 2F BF 6F 64 21 63 ED C8 6C CE .Y..I./. od!c..l. >+[0D20] 37 28 7B 80 7F 5F 85 F6 98 93 C0 66 A8 D6 F1 2C 7({.._.. ...f..., >+[0D30] D8 01 68 B1 C8 EA 82 0D 5B 9B 35 4F 3D B3 47 19 ..h..... [.5O=.G. >+[0D40] 54 7A C6 9F AD D7 54 CF B0 DB 3E 18 BA 2A 39 08 Tz....T. ..>..*9. >+[0D50] 0C C4 98 4B 43 DE 53 68 25 B1 83 93 1D E1 6C BF ...KC.Sh %.....l. >+[0D60] F5 B4 A9 83 17 34 64 8C 2F 91 80 97 4A 48 EC 90 .....4d. /...JH.. >+[0D70] BB FA 92 2C 01 80 E4 99 91 0E 67 88 D5 75 AB 7C ...,.... ..g..u.| >+[0D80] 98 59 98 45 C9 11 A9 8C 02 98 91 DE AB A0 FF 45 .Y.E.... .......E >+[0D90] 11 66 6F C5 DE 61 6D C6 DB C9 CA A3 A0 2B B1 73 .fo..am. .....+.s >+[0DA0] 05 85 37 BF AB CA 43 7A 6F 38 C8 BE ED CE 12 49 ..7...Cz o8.....I >+[0DB0] 93 C7 7C 1A 33 60 52 7A 67 67 AA 60 57 7E C8 FF ..|.3`Rz gg.`W~.. >+[0DC0] DF 91 91 18 45 74 C0 9E 36 19 BC 42 F9 46 CC 84 ....Et.. 6..B.F.. >+[0DD0] 09 2E 8C 59 1A E3 65 51 F4 87 6F 4C 3E 29 38 E6 ...Y..eQ ..oL>)8. >+[0DE0] 77 E8 A9 B7 FA 00 00 00 00 00 00 00 01 00 00 00 w....... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 01 78 D0 LKTEST6. ......x. >+[0E60] 3B 9B FF F0 88 86 4B 3B FE 41 A9 6B 00 4D 9B 90 ;.....K; .A.k.M.. >+[0E70] 45 4D 9B 90 6B 7D 46 4C 43 00 00 00 00 00 40 28 EM..k}FL C.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 03 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] CA EA 4D 46 2D D1 E9 58 5D 25 8D 9F DF EA C9 01 ..MF-..X ]%...... >+[0F00] B6 08 27 CD 14 85 02 DC 20 C6 51 AA F9 6A B1 CE ..'..... .Q..j.. >+[0F10] F5 77 84 BF 9A AC 6B A7 B2 F2 1F 60 BF CB C6 FC .w....k. ...`.... >+[0F20] C7 14 B7 41 1C A8 C9 70 7B 86 BC 8E 70 2B 65 4B ...A...p {...p+eK >+[0F30] DC F5 B9 23 F8 08 BF 96 C9 A8 77 F4 54 67 25 F8 ...#.... ..w.Tg%. >+[0F40] 0F A8 C5 D6 D1 BB 46 5E A0 7E D2 98 9C CD AF E0 ......F^ .~...... >+[0F50] 82 62 ED 39 D2 FB F2 E8 9B 1B EE E5 B4 1B C9 0A .b.9.... ........ >+[0F60] 86 27 52 6E 11 8B D7 AD B4 54 F9 C6 69 8D E0 F1 .'Rn.... .T..i... >+[0F70] CD 63 1C 89 7C 8F B6 A0 71 53 A6 DA B1 66 D2 9D .c..|... qS...f.. >+[0F80] D3 4C A8 FB C6 9D 81 74 10 8E 84 D2 3D D8 1C BE .L.....t ....=... >+[0F90] BB 3F F7 BF 91 3E 89 66 43 A1 E0 90 1B 1A 97 FF .?...>.f C....... >+[0FA0] EF CC 35 75 14 62 4F 67 3A 29 F4 F9 C5 2E BE C5 ..5u.bOg :)...... >+[0FB0] C2 2B A8 35 22 D9 92 31 1D 49 2A A5 19 AA 08 0F .+.5"..1 .I*..... >+[0FC0] A8 22 0B 68 D2 A2 D7 07 7B 37 1E A3 AC 9B 4F 0A .".h.... {7....O. >+[0FD0] A4 FA 7F 37 6F 3E 35 79 4E 00 4B B6 28 A3 6A E4 ...7o>5y N.K.(.j. >+[0FE0] 0C 95 53 BA E8 41 07 DA BE E9 08 B9 51 24 91 49 ..S..A.. ....Q$.I >+[0FF0] 78 5D 44 12 BC 85 63 81 B8 E0 88 D5 95 0C D3 A8 x]D...c. ........ >+[1000] 1D 32 4B E4 A0 C8 A7 7D 3C 97 EE D8 59 AC 3A 21 .2K....} <...Y.:! >+[1010] 09 F2 7A CC D0 4A F3 50 10 DC FC 26 BB C2 6A 8E ..z..J.P ...&..j. >+[1020] 8B 14 2B 2D 50 2E B3 1E 9B D2 69 56 22 F2 48 BD ..+-P... ..iV".H. >+[1030] E9 2E 2F 28 DE 77 67 5F 68 AA 29 05 4B 36 58 40 ../(.wg_ h.).K6X@ >+[1040] E5 54 11 C5 4D 68 96 49 9D 53 37 87 5F D2 3A 9B .T..Mh.I .S7._.:. >+[1050] E9 8E 79 BE AE 11 B4 6B AB FD DB 8A F5 A0 9B 29 ..y....k .......) >+[1060] D9 F5 ED CA FA 3F FE 35 FC F4 69 7E E4 D0 44 29 .....?.5 ..i~..D) >+[1070] 48 FF 82 61 26 FC D3 E2 10 EE 14 F7 4A E3 CD F2 H..a&... ....J... >+[1080] 8B BC 8B 43 64 2C DE 40 6E BB E1 56 C0 B6 2C D0 ...Cd,.@ n..V..,. >+[1090] E5 1E E9 B3 FB 38 48 66 ED AF D2 25 D1 35 5C C6 .....8Hf ...%.5\. >+[10A0] F0 4D 36 19 0B EC 33 07 34 D0 27 8D 14 DC 01 45 .M6...3. 4.'....E >+[10B0] DE F8 73 A6 A0 F4 C1 91 9D BD 05 E3 70 25 E1 10 ..s..... ....p%.. >+[10C0] 44 F6 4B 46 F7 24 84 BF 20 96 AD 6A 96 94 81 58 D.KF.$.. ..j...X >+[10D0] 80 95 06 92 F5 7F 17 39 3B 32 47 B2 C5 CE 7B 73 .......9 ;2G...{s >+[10E0] CF 53 AE FA D1 9A 60 5A 98 EC 8C FA BD C0 CE 8D .S....`Z ........ >+[10F0] C5 27 E6 17 1A 4D 47 D8 3F 5D A9 7C FB 2C B3 05 .'...MG. ?].|.,.. >+[1100] 0C 69 20 48 99 80 11 DC 48 AB A7 EA 5B 98 C1 15 .i H.... H...[... >+[1110] 27 AE FA 3E 1E 1E E0 E1 F8 32 C0 54 13 D6 30 34 '..>.... .2.T..04 >+[1120] 71 98 26 61 6C 1C C4 C7 4E C4 A6 7E FE A8 B8 89 q.&al... N..~.... >+[1130] 2A 70 3C 19 58 8D 57 45 55 83 0A C2 B5 F7 89 0E *p<.X.WE U....... >+[1140] 7B 7A 17 0C CF 6E 08 A5 F7 21 4A 62 81 4F 49 CA {z...n.. .!Jb.OI. >+[1150] E2 ED C2 B4 C7 33 5C BC A1 A0 DE 4E 09 37 BE 24 .....3\. ...N.7.$ >+[1160] 62 22 94 55 75 AA 53 DE E0 74 5A B0 B8 E9 BF 2B b".Uu.S. .tZ....+ >+[1170] 12 65 2F 90 6B 84 ED 11 AD F7 CE 19 A1 96 E4 1E .e/.k... ........ >+[1180] 8C EA C8 81 1B 47 4F 5F B1 5D A5 8B E3 0D 5A 80 .....GO_ .]....Z. >+[1190] 89 EC 4B D9 CE ED E8 67 7F 96 FC 1B EF 65 C2 68 ..K....g .....e.h >+[11A0] 40 F7 20 36 83 58 62 F4 CA 02 F4 5C 0D 46 B1 CB @. 6.Xb. ...\.F.. >+[11B0] 50 D2 D8 3D B7 9A 96 48 8C CF EB E6 8C F4 B2 B4 P..=...H ........ >+[11C0] 47 C9 34 C9 DC 14 F1 33 1B 6F 9E 65 27 D7 9D 46 G.4....3 .o.e'..F >+[11D0] 1E 91 FF 2E FB 8E 97 5D 17 8F 48 54 7C 3C A0 11 .......] ..HT|<.. >+[11E0] 9C AA 77 E9 79 DE 26 D1 F0 7C EA 24 73 BE EC 60 ..w.y.&. .|.$s..` >+[11F0] B4 EE BD ED 0D 0A AB 74 60 6E 46 C0 35 5B 65 1A .......t `nF.5[e. >+[1200] A4 4A 5C 22 AC B9 CD B7 56 06 88 09 FC 48 68 55 .J\".... V....HhU >+[1210] B7 5E 39 72 DF 8A 4C CD 79 74 B0 84 0B 78 DA B2 .^9r..L. yt...x.. >+[1220] 55 F8 06 0B 5C 27 06 B3 CA 10 65 6B 04 A3 64 11 U...\'.. ..ek..d. >+[1230] 04 09 DC DF 67 00 70 B1 16 DF 24 E9 27 85 11 91 ....g.p. ..$.'... >+[1240] 31 CB 92 95 50 18 91 08 C2 A1 A3 76 C7 1A FC 64 1...P... ...v...d >+[1250] 9E 2C 3A E7 30 F4 16 0D A0 56 C0 BC D2 FE 2D A0 .,:.0... .V....-. >+[1260] 20 A4 E2 82 AD F0 C5 12 71 09 23 E1 66 52 53 D0 ....... q.#.fRS. >+[1270] 89 30 E7 BE B7 C2 89 F2 1C 7A F6 8E D7 28 F0 A4 .0...... .z...(.. >+[1280] 33 46 7C A2 79 66 DE 26 00 00 00 00 3F|.yf.& .... >+push returned Success >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] E5 E4 15 C8 A8 0F 4D 95 F9 1B E3 B9 98 CA A1 7F ......M. ........ >+ authtime : 0x4d9b9045 (1302040645) >+ starttime : 0x4d9b9045 (1302040645) >+ endtime : 0x7d464c43 (2101759043) >+ renew_till : 0x7d464c43 (2101759043) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 01 40 48 A6 B8 F0 DA 43 54 A5 18 CF B0 15 CB 68 .@H....C T......h >+[0080] 9F A0 69 44 87 A9 FF 06 25 B9 29 48 59 64 26 48 ..iD.... %.)HYd&H >+[0090] 96 7C 46 6A 79 E5 F0 77 DB 46 6C 20 A1 59 D9 F8 .|Fjy..w .Fl .Y.. >+[00A0] 6A 8A 2D B5 D9 EF A4 54 DE 19 20 C0 7B 93 D4 3D j.-....T .. .{..= >+[00B0] ED 72 35 AF 9D 87 75 9E 44 01 A4 6C D9 EA 94 A3 .r5...u. D..l.... >+[00C0] 18 C6 42 75 E3 0A 0C 76 9A AE 75 BC A3 02 91 BC ..Bu...v ..u..... >+[00D0] 2D BB 3C 23 73 A6 1A A7 8A 3E 85 42 5D 1F 5D 7D -.<#s... .>.B].]} >+[00E0] 0B 1F C3 88 2A 93 40 F9 E9 18 7D 3F 73 DA AC 1F ....*.@. ..}?s... >+[00F0] E7 7B C3 B8 14 56 C3 63 86 5B AF C9 C3 21 9F 94 .{...V.c .[...!.. >+[0100] B4 67 06 60 7F 56 2D F4 C7 22 CD B4 1C 14 B7 5B .g.`.V-. .".....[ >+[0110] 26 67 9D 18 28 B5 5D C2 FC 13 B6 CA 9F AB CD 32 &g..(.]. .......2 >+[0120] 71 D5 51 5F A2 11 5A 5D 4A B3 3B 1D D1 6B 4F 7D q.Q_..Z] J.;..kO} >+[0130] E9 54 F0 B4 AC 80 DE 27 80 C5 64 3C 0B 22 79 1C .T.....' ..d<."y. >+[0140] 9E D1 58 A1 3E 20 5A 9F E3 34 49 D8 16 C6 6B 2D ..X.> Z. .4I...k- >+[0150] 36 0E E2 C2 3F 44 DE 63 32 DB EB 78 50 A2 6F 37 6...?D.c 2..xP.o7 >+[0160] 05 2B 13 D4 31 07 D4 2A C0 53 B1 30 39 79 C3 D8 .+..1..* .S.09y.. >+[0170] C4 4C 30 97 E8 F9 DA ED 10 B0 D0 21 71 8B 56 F3 .L0..... ...!q.V. >+[0180] 0F 3A 2D 26 A2 3D AD 70 27 82 95 59 0A D7 7D 4E .:-&.=.p '..Y..}N >+[0190] 2D 76 96 4D 94 70 2A BB 26 3B 7E FC E1 59 5A 55 -v.M.p*. &;~..YZU >+[01A0] 04 A2 DA 27 AD 46 70 45 43 C0 FB C1 42 7F F0 CB ...'.FpE C...B... >+[01B0] 21 D2 CD 54 35 7C 60 13 EE BB BB 60 6B 91 2B BE !..T5|`. ...`k.+. >+[01C0] 91 8A CF 49 29 F8 60 D1 AB A5 51 B5 5E 4B B2 3A ...I).`. ..Q.^K.: >+[01D0] F4 56 3A 89 2D 88 D0 73 08 A6 FB D8 6E B3 B1 4E .V:.-..s ....n..N >+[01E0] D8 90 27 58 D2 53 40 B2 A0 3C 40 4D E9 21 C6 83 ..'X.S@. .<@M.!.. >+[01F0] FC 15 14 F0 8C 08 46 C5 29 14 E3 84 CC 2C 56 C9 ......F. )....,V. >+[0200] 20 53 45 34 D0 BE E0 CC F7 F1 15 D4 D4 B1 3C 43 SE4.... ......<C >+[0210] EB 5E 9D 33 07 B4 5B E7 D8 24 B0 EB 7B 27 24 6B .^.3..[. .$..{'$k >+[0220] 2A 90 C9 17 D9 24 CF FD 56 28 D7 73 74 03 2F DA *....$.. V(.st./. >+[0230] C4 E0 B3 78 E4 9A 60 4D 5C C7 F5 CF 9C 14 7C B6 ...x..`M \.....|. >+[0240] 1B 5D 76 D1 E3 73 73 2F 41 BD E3 E7 F0 92 B4 5B .]v..ss/ A......[ >+[0250] 07 B4 16 77 DC 3C 28 A4 92 82 C5 7C CA 00 9C 77 ...w.<(. ...|...w >+[0260] B8 28 7F D0 3F EA 2B C1 79 2B 73 FF E0 E0 A5 17 .(..?.+. y+s..... >+[0270] 02 CA 6C B6 02 D2 51 D3 CE 6F 5B 56 E0 7B 38 22 ..l...Q. .o[V.{8" >+[0280] 76 52 48 2D 0A 2F 15 58 A9 FE 03 65 E1 D5 A8 60 vRH-./.X ...e...` >+[0290] E3 5D E6 53 D8 AA 05 D0 90 61 EF B6 28 4A B9 84 .].S.... .a..(J.. >+[02A0] 56 79 80 D2 53 08 1D 17 C4 05 4E F8 04 10 2B CF Vy..S... ..N...+. >+[02B0] 08 DD 61 68 27 21 A5 8A C0 35 6A 0A 94 6D 9E FD ..ah'!.. .5j..m.. >+[02C0] C9 45 AC E3 4F 60 BB 96 AF D4 4E 71 A9 D9 BE 33 .E..O`.. ..Nq...3 >+[02D0] DC 61 8B 14 77 6C A7 72 70 02 65 62 32 9C 8E 53 .a..wl.r p.eb2..S >+[02E0] C9 A3 5B B9 14 3C 00 A2 1D C7 CD 36 5B 5F BE 40 ..[..<.. ...6[_.@ >+[02F0] 28 E2 58 0D D1 05 53 78 F0 86 0F 80 1A 6A 1D DC (.X...Sx .....j.. >+[0300] D4 CD F2 83 0E 25 E1 60 DB C7 F4 B6 05 4F 0D 11 .....%.` .....O.. >+[0310] A4 AE A5 F8 6D 14 CF DF 03 C5 27 75 75 B5 0C F1 ....m... ..'uu... >+[0320] C3 01 F9 A4 FD 2E 0B BD 51 A8 C1 3B DE 48 CF 3A ........ Q..;.H.: >+[0330] CF B3 41 23 9A 9D 0C 79 11 7C 9B D3 71 43 4E 9D ..A#...y .|..qCN. >+[0340] B5 52 19 28 2C A0 4E 0E 8D 7A 84 9A B9 A0 EB FA .R.(,.N. .z...... >+[0350] 6E A1 DF B9 2F 6B FE 5E AE 85 D1 6B A2 C5 BE 07 n.../k.^ ...k.... >+[0360] E7 D6 33 3A 0F 2B ED FB 30 6F 88 1E F9 09 CC C3 ..3:.+.. 0o...... >+[0370] 8F 59 A0 D4 8D 9F A6 08 B0 D3 ED EB 15 13 1B 8E .Y...... ........ >+[0380] 19 C6 14 9C 25 E7 E9 EF 5A 67 7B CD 86 C4 D1 51 ....%... Zg{....Q >+[0390] 2B DE 27 30 D9 F5 6E F9 E4 3E CF 42 54 AE 42 61 +.'0..n. .>.BT.Ba >+[03A0] C5 22 B7 AE 51 76 8F 12 83 7F E1 9F 97 D8 31 38 ."..Qv.. ......18 >+[03B0] A6 B9 11 B4 E1 BA 19 5B E4 A5 A3 6F 4B B3 03 93 .......[ ...oK... >+[03C0] 4C D6 1E 08 FC 94 D1 C5 7C AA 95 EB 9C 7A C2 57 L....... |....z.W >+[03D0] 60 CA 17 FF 8E 66 80 76 CB 35 46 26 C3 BD CA 83 `....f.v .5F&.... >+[03E0] F0 04 08 0D 4C 5D B2 E4 7C 1C 82 28 D7 2C 42 B1 ....L].. |..(.,B. >+[03F0] 36 72 60 5E 26 4A 79 D0 41 94 3C 2C 65 0E 32 18 6r`^&Jy. A.<,e.2. >+[0400] B8 56 26 9D D3 84 78 BB .V&...x. >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=4748 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 68 6F 73 74 00 PLE.COM. ...host. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 EA 0D 3A 24 41 21 F7 7D 7D A3 C5 BB ......:$ A!.}}... >+[0080] A4 88 F6 17 4D 9B 90 45 4D 9B 90 52 7D 46 4C 43 ....M..E M..R}FLC >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 68 6F 73 74 ........ 0...host >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 03 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 44 8B C4 7D BA 9F FE 59 F6 .......D ..}...Y. >+[0110] C1 DF 62 89 02 A4 55 54 AB D6 D6 2E 8B 5E 35 3D ..b...UT .....^5= >+[0120] D9 46 9D 8B 49 93 A6 66 5F 1A 8B 81 AD 09 19 E9 .F..I..f _....... >+[0130] 59 CE 58 18 50 63 4A A6 7D 6F 71 21 51 4A 41 C2 Y.X.PcJ. }oq!QJA. >+[0140] A1 FE B0 D5 0A 3D 38 9F E5 3B 72 A2 7A 59 22 A4 .....=8. .;r.zY". >+[0150] B7 1C A3 8D DB EA 5D A5 E2 D3 1D AE 42 D0 7F 75 ......]. ....B..u >+[0160] B5 E9 ED B5 04 7B 67 1E 28 90 7D 3D 1A 3E F6 62 .....{g. (.}=.>.b >+[0170] D0 A1 56 89 28 76 5C 19 1A FD 66 E5 F2 86 E7 58 ..V.(v\. ..f....X >+[0180] 93 31 90 C5 CD F8 71 96 56 21 15 13 F0 EA C2 CC .1....q. V!...... >+[0190] 48 4C B4 50 EF F9 81 44 29 8A 75 C4 31 75 D1 BA HL.P...D ).u.1u.. >+[01A0] E2 0B 05 B2 E0 EA 64 3A 11 45 84 3D 69 55 FF E6 ......d: .E.=iU.. >+[01B0] 32 7E C9 CA C4 28 E8 40 B6 5E F9 26 0F 09 12 1F 2~...(.@ .^.&.... >+[01C0] 1F D4 9C 9A 50 E8 B7 6D F8 4F 55 6E 2A D4 AC 6A ....P..m .OUn*..j >+[01D0] 79 D1 C2 2A 88 99 F8 39 75 36 F1 2D C7 89 0A C6 y..*...9 u6.-.... >+[01E0] B4 C7 A1 7B F1 BF 22 87 A4 B2 93 22 54 A1 72 25 ...{..". ..."T.r% >+[01F0] AF 67 FE 20 D5 C8 29 47 28 FF 51 FB F9 4E 2C 17 .g. ..)G (.Q..N,. >+[0200] 10 BE 2E 13 8B 18 BE 3C A3 BE 50 49 A7 65 DD 2E .......< ..PI.e.. >+[0210] CC EB D6 0F 47 4E DB 7E 08 D5 F0 37 79 36 8F 24 ....GN.~ ...7y6.$ >+[0220] 34 28 86 89 EC A3 84 7F 44 4E 37 03 B5 D8 89 1C 4(...... DN7..... >+[0230] C7 AA AC 42 70 5F 96 73 35 8B 83 D1 16 24 27 C1 ...Bp_.s 5....$'. >+[0240] EC 0E AE 83 59 5A C2 EB C1 91 B6 3D BB 8D 21 49 ....YZ.. ...=..!I >+[0250] 63 41 3C 91 1D E9 01 C2 4F A9 E4 42 C1 FD 54 E3 cA<..... O..B..T. >+[0260] 7B 3B DF 24 3D 98 E9 84 F8 1D 8D CE 4D 85 AC 8A {;.$=... ....M... >+[0270] 12 15 48 C4 DA 1B 3C B8 FC A3 0B AF E2 4D 71 E9 ..H...<. .....Mq. >+[0280] 0A 28 53 DC 4E 6C 23 2C 73 26 50 FE 37 03 BF D1 .(S.Nl#, s&P.7... >+[0290] 5F 8A 39 4F 04 2E 4A CE 3C 90 11 0C DA 84 5C C3 _.9O..J. <.....\. >+[02A0] F8 BE C7 74 ED F4 CF 7E B2 AE 9B 47 D6 2A 1D 93 ...t...~ ...G.*.. >+[02B0] 3F A8 8B 51 E9 A3 A0 59 55 DB E3 52 67 E3 DE FF ?..Q...Y U..Rg... >+[02C0] B1 56 74 A0 87 21 99 23 8C 8E D1 92 A6 3D 93 D6 .Vt..!.# .....=.. >+[02D0] 4D 5B 84 2B B1 8D DD E4 F7 01 A6 6C 4A DF 3C 6E M[.+.... ...lJ.<n >+[02E0] A0 FA 74 93 BE 18 7C 30 29 9D B8 DB 5F D1 AA B7 ..t...|0 )..._... >+[02F0] 51 7C 2A 90 1A 8B 06 95 E1 80 0D 27 B2 6C 52 1C Q|*..... ...'.lR. >+[0300] C7 D1 E9 16 14 F1 6C 57 48 28 BD 13 B5 83 BA A7 ......lW H(...... >+[0310] 75 31 69 52 03 38 69 13 62 ED C6 DC C2 01 C8 F1 u1iR.8i. b....... >+[0320] 45 02 4D 8C 64 CF 96 90 3E C2 08 EC 2B 8D 92 93 E.M.d... >...+... >+[0330] 4B 6D 22 B3 41 DE 85 35 2D 19 09 E5 68 8E 1F 98 Km".A..5 -...h... >+[0340] 1B F2 73 F2 D4 91 08 89 42 0C 05 8B 42 77 6B CC ..s..... B...Bwk. >+[0350] 18 78 43 1A 73 C2 7C E7 C2 23 28 56 F7 A0 19 B3 .xC.s.|. .#(V.... >+[0360] 99 A6 25 4F C3 5E 70 EC 78 BB 30 15 36 77 B3 A6 ..%O.^p. x.0.6w.. >+[0370] 89 98 B6 A0 85 CC 8F E7 41 40 B5 E0 89 93 25 04 ........ A@....%. >+[0380] B8 1D 0B 06 31 1D C7 30 52 E1 64 29 8C 64 B9 89 ....1..0 R.d).d.. >+[0390] 1F 86 5A AD 74 15 1C C8 AF 37 7B 27 E0 C0 DB 73 ..Z.t... .7{'...s >+[03A0] 30 72 65 D3 C0 A5 07 61 E9 0C 07 A1 27 18 8F 50 0re....a ....'..P >+[03B0] DB CE FB 4C DD 75 98 F2 28 D2 76 FF F2 41 9F D5 ...L.u.. (.v..A.. >+[03C0] 74 22 8A 03 73 B1 A8 B3 B8 80 93 E5 E2 CD 4B F2 t"..s... ......K. >+[03D0] 6B 99 DF 5B 5B C7 22 69 81 2A 8A CD 2A F9 9D 08 k..[[."i .*..*... >+[03E0] B8 B0 40 77 D3 43 8B AF 40 DD 0C CB 45 E3 88 CB ..@w.C.. @...E... >+[03F0] 06 AA 63 38 EB DD 72 89 03 0E DC 3E 97 3F 16 D4 ..c8..r. ...>.?.. >+[0400] 1A 21 40 D8 30 BD B0 B4 04 C2 7A 22 43 15 A2 D8 .!@.0... ..z"C... >+[0410] 2F 08 28 3B 63 26 AA B3 1C B6 FC E4 0B 2A CD 0E /.(;c&.. .....*.. >+[0420] A8 7C E8 11 33 03 D3 C5 6C 35 6A 5D 3C 5A 80 1A .|..3... l5j]<Z.. >+[0430] BC 1C 54 DE 5C 6A E2 F3 A1 18 8E 47 88 8B 71 11 ..T.\j.. ...G..q. >+[0440] 09 2F 29 88 D9 BB DC 34 09 E1 2F 7E A7 E8 29 DC ./)....4 ../~..). >+[0450] F9 5A 1D 9E C8 A4 CC 52 8A E6 CB 4A 3F F9 77 F7 .Z.....R ...J?.w. >+[0460] 53 64 62 9E 5F E6 D7 F6 43 E6 9C 03 C9 55 B1 CB Sdb._... C....U.. >+[0470] 25 40 74 AA E9 AB 34 58 E1 E8 9B B3 1D 9E 83 FD %@t...4X ........ >+[0480] 7A BF DC 45 2D A8 9A F8 AF 9C 63 EF 1B 2B 9D CC z..E-... ..c..+.. >+[0490] F3 08 74 EC 6E 40 8E 18 62 BD F3 87 66 87 67 00 ..t.n@.. b...f.g. >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 92 C6 A1 91 6D 55 01 4E BE 6....... ...mU.N. >+[0520] E4 3F E3 36 B0 D3 28 4D 9B 90 45 4D 9B 90 5A 7D .?.6..(M ..EM..Z} >+[0530] 46 4C 43 00 00 00 00 00 40 28 00 00 00 00 00 00 FLC..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 03 A2 82 03 9C 04 82 03 98 FE 09 00 80 36 35 ........ ......65 >+[05B0] D4 6E 71 0C 33 22 36 9E 89 88 32 E3 34 4A 4C BF .nq.3"6. ..2.4JL. >+[05C0] 80 19 81 CC A0 CB 96 DB 31 F7 2A 19 75 DE 0E DA ........ 1.*.u... >+[05D0] D0 18 FA 9E 75 E6 E4 13 C9 BE 3F C0 1B AD 5B 98 ....u... ..?...[. >+[05E0] E9 FC A3 9D 16 FF C8 91 03 AC 8B E6 2D 15 B3 F1 ........ ....-... >+[05F0] 23 4E 25 9E 45 3A F8 8A 19 B7 71 52 A6 92 1C FB #N%.E:.. ..qR.... >+[0600] 1F D4 4C 51 AF 9C 0E 73 D9 A8 D8 43 F2 64 71 BC ..LQ...s ...C.dq. >+[0610] AD B1 7B 8F BF 8D FF 72 89 0F 5E B6 C2 E3 C0 01 ..{....r ..^..... >+[0620] 98 41 AD 3F 6E DC 87 F5 9A E6 40 0C 17 0F 75 80 .A.?n... ..@...u. >+[0630] 0C 28 62 06 EB BF F8 69 8C 43 48 38 A8 AE F2 5E .(b....i .CH8...^ >+[0640] 45 11 23 FB 6B 85 83 54 BA 60 39 CE 08 00 D1 05 E.#.k..T .`9..... >+[0650] 5F 6F 79 96 30 28 06 DD C7 75 52 8E 3C C4 3F FC _oy.0(.. .uR.<.?. >+[0660] C1 31 28 2C 64 3B D1 7E 2F C2 DB B0 E8 A8 EF C5 .1(,d;.~ /....... >+[0670] F2 DC 43 D0 14 21 C8 D0 D3 15 45 8E 2A 3E 3B 4A ..C..!.. ..E.*>;J >+[0680] 60 25 3D 11 E4 F9 16 02 3E 55 8F CE D2 E9 95 E7 `%=..... >U...... >+[0690] B1 C4 8F C4 0B 3E 3C 14 15 28 1A 21 49 15 CE 8E .....><. .(.!I... >+[06A0] 91 5E 98 71 00 1F 29 D3 12 C8 D0 11 4F E7 14 E3 .^.q..). ....O... >+[06B0] 72 1B 61 6D 7B 8A 00 A6 5E 01 01 50 C2 CF 1A A9 r.am{... ^..P.... >+[06C0] 34 8C BA 33 9E 62 C5 69 97 6A 24 3D E0 C6 3F C6 4..3.b.i .j$=..?. >+[06D0] F4 36 B1 80 D6 5C 44 19 5B 65 C7 CA 47 DE 4B 65 .6...\D. [e..G.Ke >+[06E0] 41 29 9F F8 EA E8 E0 3B E2 C6 98 9D 58 A4 6C 62 A).....; ....X.lb >+[06F0] EF 25 12 C9 0E 97 CE 9D F0 D8 08 AD 13 73 A6 82 .%...... .....s.. >+[0700] C5 54 23 F4 A4 CB 91 35 91 BD 10 B4 04 DD 55 7E .T#....5 ......U~ >+[0710] C9 DE AE CB B0 8F C0 D8 28 AE BD 78 64 91 6C AB ........ (..xd.l. >+[0720] CA 36 EA 0E 0E 97 DC 40 ED 26 1D 09 17 28 30 D3 .6.....@ .&...(0. >+[0730] 78 DC F7 D2 9C 78 DA 6F 6F 57 00 B3 FD 8E 75 A1 x....x.o oW....u. >+[0740] 56 98 5C 4B D8 61 A6 0A 89 27 CD 11 BF 7F 79 53 V.\K.a.. .'....yS >+[0750] D9 50 9A 8D EC DD DB BB B8 23 27 0D 20 5B 53 51 .P...... .#'. [SQ >+[0760] 07 C4 26 31 3B D4 DF ED 3C 40 B4 1C 8B 46 E2 A6 ..&1;... <@...F.. >+[0770] B7 0F 97 D2 B3 1D 19 FD 13 60 7B 38 E6 37 0C 59 ........ .`{8.7.Y >+[0780] B0 A8 47 5D 32 A5 0C 57 76 EF 2C ED 40 9F BF 4B ..G]2..W v.,.@..K >+[0790] 43 99 3C 68 C4 DE 84 9C A1 36 8C CA CB 2A 08 36 C.<h.... .6...*.6 >+[07A0] 4E CD 43 06 9E F8 E7 1D 52 3B 59 37 4F 6F 65 D9 N.C..... R;Y7Ooe. >+[07B0] 2A F9 AD 5A 50 95 71 3F B1 5F C8 8E 2E E9 E4 FE *..ZP.q? ._...... >+[07C0] C8 A9 42 2C EE 18 E0 81 3C 00 E2 80 8D 8A 8B 71 ..B,.... <......q >+[07D0] C7 F5 AC 5C 36 1D E0 BC F0 11 57 67 CB 2C BE F6 ...\6... ..Wg.,.. >+[07E0] 90 4E F9 90 97 14 1F 0C 9D 5D 4D DF 0D D0 C0 C5 .N...... .]M..... >+[07F0] 08 E7 31 72 8E 35 63 17 8D 8B 3D 49 14 C8 A5 90 ..1r.5c. ..=I.... >+[0800] 88 24 AF 75 CA 0A CB 95 8A 2C 70 A6 CE 2F 3F B6 .$.u.... .,p../?. >+[0810] D7 1A 44 AC 05 93 EF 3D 03 C7 C2 8E 0F 31 9F 53 ..D....= .....1.S >+[0820] 67 CA 73 D3 B8 07 76 36 35 6F B5 32 30 38 86 7E g.s...v6 5o.208.~ >+[0830] 7E 95 3F DC F4 6F A9 67 0E 15 E8 4A CA 3F 18 0E ~.?..o.g ...J.?.. >+[0840] C6 E7 20 22 6B F1 39 6A 9C A6 47 64 81 E4 CB A8 .. "k.9j ..Gd.... >+[0850] 31 FF E2 97 13 41 89 45 79 53 2B A8 90 97 DE 7B 1....A.E yS+....{ >+[0860] 18 56 95 02 2A 94 D2 7E 5C D0 A0 BC A0 38 D2 BC .V..*..~ \....8.. >+[0870] 03 91 F7 35 FE 1A 5E 80 10 13 4E 83 CB F6 D7 8A ...5..^. ..N..... >+[0880] 02 A2 E8 1F D8 9B F1 76 F9 18 66 56 9C 4D 9E BF .......v ..fV.M.. >+[0890] 1D F4 66 86 E0 7B 88 EC 9C F7 50 13 7D 34 8A 54 ..f..{.. ..P.}4.T >+[08A0] 7A E1 EC F6 44 12 47 84 7D 16 B4 42 25 E5 A2 CC z...D.G. }..B%... >+[08B0] D8 CA 7A 38 21 85 A3 F8 41 6D 0D AC 1D FA 36 5D ..z8!... Am....6] >+[08C0] 23 EA 20 CC 43 A5 7E D9 25 97 BC 0E 74 F5 3D 98 #. .C.~. %...t.=. >+[08D0] B9 79 C2 65 50 0E 8D E7 7A F3 F3 88 37 A3 40 01 .y.eP... z...7.@. >+[08E0] 96 C6 FC 1D 6E 9E 06 A1 90 A0 78 3C DA 7F E9 C6 ....n... ..x<.... >+[08F0] 23 47 70 04 03 EE C2 4A C3 95 07 44 00 BD 29 2A #Gp....J ...D..)* >+[0900] B5 FA 17 1E D6 BC 00 A0 93 55 E0 82 0A AB 04 D4 ........ .U...... >+[0910] D5 56 84 2A B2 56 51 05 DB 30 E2 83 5A 75 D3 A8 .V.*.VQ. .0..Zu.. >+[0920] 30 B7 3E C4 25 70 A8 34 E4 A2 EB 3E FB D8 2D 10 0.>.%p.4 ...>..-. >+[0930] 72 8E DA 4D 2D 55 EC 49 66 5E 01 96 E4 C1 0C 23 r..M-U.I f^.....# >+[0940] 57 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 W....... ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C 4B 54 .host... .LOCALKT >+[09B0] 45 53 54 36 00 17 00 00 00 10 9D AE 06 BE 29 E0 EST6.... ......). >+[09C0] F7 9A 46 97 29 E0 69 8E 5A F0 4D 9B 90 45 4D 9B ..F.).i. Z.M..EM. >+[09D0] 90 61 7D 46 4C 43 00 00 00 00 00 40 28 00 00 00 .a}FLC.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 54 45 ..host.. LOCALKTE >+[0A30] 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 ST6....0 ........ >+[0A40] A1 03 02 01 03 A2 82 03 9C 04 82 03 98 B9 C5 6E ........ .......n >+[0A50] 77 F9 59 6D 19 F0 A6 56 2F 14 B3 9A A3 17 06 A6 w.Ym...V /....... >+[0A60] AD F5 92 38 6A 1E EA 3D 53 BF 5E 95 13 FF 5D BB ...8j..= S.^...]. >+[0A70] 43 4F 51 AE FB 12 3B 06 67 36 91 B9 E0 C4 C4 F3 COQ...;. g6...... >+[0A80] 45 A0 48 E6 DC 49 E8 EA 6F 55 D2 3F 79 57 54 FF E.H..I.. oU.?yWT. >+[0A90] 10 8D 89 4A A4 E2 B2 80 FD EE 36 C5 D5 4C D0 97 ...J.... ..6..L.. >+[0AA0] B3 EC 96 8B E8 5A 05 F0 13 39 8B 1B B3 C4 32 2A .....Z.. .9....2* >+[0AB0] 9B BB EF 06 C4 1C 53 2F 0A F6 A8 C6 BE 09 57 26 ......S/ ......W& >+[0AC0] B9 39 7B 7B 50 13 2D 6C 52 FF C4 B5 83 28 A8 47 .9{{P.-l R....(.G >+[0AD0] 5A CD 1C DD A7 65 FD 8A 84 2A 10 E7 44 E6 83 E7 Z....e.. .*..D... >+[0AE0] E7 AA B8 E5 0A 8B 7E E1 87 7B 3D C4 9F 68 BD 19 ......~. .{=..h.. >+[0AF0] 2B 59 5E 5A 45 0D B5 71 CC A6 C7 03 3C B3 17 D3 +Y^ZE..q ....<... >+[0B00] AF 99 F6 A2 52 A0 99 F7 39 56 B4 33 B4 C5 F4 CC ....R... 9V.3.... >+[0B10] 74 34 4C 00 76 26 10 D1 3A 87 6E 6A 52 9B 7A BF t4L.v&.. :.njR.z. >+[0B20] 4E 59 36 32 C5 41 29 CF E1 BF 14 E0 54 BF 4A 25 NY62.A). ....T.J% >+[0B30] 1F 0B 6E 9A 8C 0E 5D 47 A9 64 1B A4 9D 99 A9 09 ..n...]G .d...... >+[0B40] 39 14 E7 41 22 98 8C 62 CC E2 B5 91 8E C1 31 EB 9..A"..b ......1. >+[0B50] B2 70 A6 3B 86 FC DD 19 0B 3F 5D C9 B5 1A 95 73 .p.;.... .?]....s >+[0B60] EB 97 89 BE 14 87 85 17 BE 40 F6 80 14 23 4D 66 ........ .@...#Mf >+[0B70] E4 B0 E5 51 46 34 DA 1C C8 CB FF C6 84 A3 DF D2 ...QF4.. ........ >+[0B80] DC 00 AF 7B 27 C8 78 44 CB 6E 7B CC 5C 94 1E 7A ...{'.xD .n{.\..z >+[0B90] 95 29 19 F4 14 BE 5C 23 C3 B9 A4 2C 5D 4D F3 61 .)....\# ...,]M.a >+[0BA0] 63 1F D4 FE 37 EE 44 14 06 B7 14 50 B6 74 37 75 c...7.D. ...P.t7u >+[0BB0] 2C AB 06 F0 93 F9 93 34 75 63 44 7E 12 48 D1 F1 ,......4 ucD~.H.. >+[0BC0] 06 55 14 11 B9 23 43 CE 01 16 3E 6B A3 BD 23 55 .U...#C. ..>k..#U >+[0BD0] DE 48 5D AF E1 2B 89 E8 E7 C2 E2 34 25 A2 09 4A .H]..+.. ...4%..J >+[0BE0] 1F BE 05 AA DE 4B 08 65 27 4C 9B C7 54 96 C2 FB .....K.e 'L..T... >+[0BF0] E2 CE 53 4A 32 93 8D 0B 44 77 8C D3 65 54 F9 0E ..SJ2... Dw..eT.. >+[0C00] 7F 74 1E FE 3D 74 83 0F 2F E7 9F BC A2 B0 2B 25 .t..=t.. /.....+% >+[0C10] BB D2 6F A8 49 C1 3E 9E B5 93 67 74 39 A4 FE 84 ..o.I.>. ..gt9... >+[0C20] 4C 45 5F 30 74 E0 CA 5F F6 46 EC 89 B5 2D C8 14 LE_0t.._ .F...-.. >+[0C30] 69 76 BC 93 15 F4 60 30 5F AB EB 02 DD 12 4C 62 iv....`0 _.....Lb >+[0C40] F9 73 F7 01 E1 7F 2A 6F 09 05 BF 3A 3A 7E 69 A3 .s....*o ...::~i. >+[0C50] 7B FC 20 2B D6 CE C0 74 4F BB 29 E4 BE CE 04 9D {. +...t O.)..... >+[0C60] 24 D4 98 4A ED 94 A8 81 CD 26 A0 63 EA 09 57 42 $..J.... .&.c..WB >+[0C70] 26 B7 B5 4E B5 CB 45 35 A7 84 D8 74 CA C3 9F FF &..N..E5 ...t.... >+[0C80] C8 1E 2A 75 34 01 C5 A7 B4 9D 6F A3 E1 BB 2B F8 ..*u4... ..o...+. >+[0C90] F0 21 D6 77 57 74 2E 80 DB 76 53 01 86 33 17 32 .!.wWt.. .vS..3.2 >+[0CA0] 2E 16 E1 8D 89 3A B2 67 ED A3 ED 39 82 87 26 A6 .....:.g ...9..&. >+[0CB0] DB CE 59 84 E4 0A A6 CA 7E 07 98 F7 02 91 6E 56 ..Y..... ~.....nV >+[0CC0] 9F 60 03 D3 88 B0 FF EB 20 CA 9E 5B 37 26 67 00 .`...... ..[7&g. >+[0CD0] CC BD 9D 53 15 31 53 14 FD 9C E1 28 08 CB C4 0B ...S.1S. ...(.... >+[0CE0] E3 50 D9 DB 0C E2 E4 F9 44 50 E9 28 6E 01 96 AA .P...... DP.(n... >+[0CF0] C1 D2 4E B2 DE 38 A2 F8 94 32 79 AE 49 64 FB 57 ..N..8.. .2y.Id.W >+[0D00] 50 F6 73 E8 98 43 C6 DD 67 3C 91 AC 97 C9 2E 8C P.s..C.. g<...... >+[0D10] 06 59 A1 FC 49 EC 2F BF 6F 64 21 63 ED C8 6C CE .Y..I./. od!c..l. >+[0D20] 37 28 7B 80 7F 5F 85 F6 98 93 C0 66 A8 D6 F1 2C 7({.._.. ...f..., >+[0D30] D8 01 68 B1 C8 EA 82 0D 5B 9B 35 4F 3D B3 47 19 ..h..... [.5O=.G. >+[0D40] 54 7A C6 9F AD D7 54 CF B0 DB 3E 18 BA 2A 39 08 Tz....T. ..>..*9. >+[0D50] 0C C4 98 4B 43 DE 53 68 25 B1 83 93 1D E1 6C BF ...KC.Sh %.....l. >+[0D60] F5 B4 A9 83 17 34 64 8C 2F 91 80 97 4A 48 EC 90 .....4d. /...JH.. >+[0D70] BB FA 92 2C 01 80 E4 99 91 0E 67 88 D5 75 AB 7C ...,.... ..g..u.| >+[0D80] 98 59 98 45 C9 11 A9 8C 02 98 91 DE AB A0 FF 45 .Y.E.... .......E >+[0D90] 11 66 6F C5 DE 61 6D C6 DB C9 CA A3 A0 2B B1 73 .fo..am. .....+.s >+[0DA0] 05 85 37 BF AB CA 43 7A 6F 38 C8 BE ED CE 12 49 ..7...Cz o8.....I >+[0DB0] 93 C7 7C 1A 33 60 52 7A 67 67 AA 60 57 7E C8 FF ..|.3`Rz gg.`W~.. >+[0DC0] DF 91 91 18 45 74 C0 9E 36 19 BC 42 F9 46 CC 84 ....Et.. 6..B.F.. >+[0DD0] 09 2E 8C 59 1A E3 65 51 F4 87 6F 4C 3E 29 38 E6 ...Y..eQ ..oL>)8. >+[0DE0] 77 E8 A9 B7 FA 00 00 00 00 00 00 00 01 00 00 00 w....... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 01 78 D0 LKTEST6. ......x. >+[0E60] 3B 9B FF F0 88 86 4B 3B FE 41 A9 6B 00 4D 9B 90 ;.....K; .A.k.M.. >+[0E70] 45 4D 9B 90 6B 7D 46 4C 43 00 00 00 00 00 40 28 EM..k}FL C.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 03 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] CA EA 4D 46 2D D1 E9 58 5D 25 8D 9F DF EA C9 01 ..MF-..X ]%...... >+[0F00] B6 08 27 CD 14 85 02 DC 20 C6 51 AA F9 6A B1 CE ..'..... .Q..j.. >+[0F10] F5 77 84 BF 9A AC 6B A7 B2 F2 1F 60 BF CB C6 FC .w....k. ...`.... >+[0F20] C7 14 B7 41 1C A8 C9 70 7B 86 BC 8E 70 2B 65 4B ...A...p {...p+eK >+[0F30] DC F5 B9 23 F8 08 BF 96 C9 A8 77 F4 54 67 25 F8 ...#.... ..w.Tg%. >+[0F40] 0F A8 C5 D6 D1 BB 46 5E A0 7E D2 98 9C CD AF E0 ......F^ .~...... >+[0F50] 82 62 ED 39 D2 FB F2 E8 9B 1B EE E5 B4 1B C9 0A .b.9.... ........ >+[0F60] 86 27 52 6E 11 8B D7 AD B4 54 F9 C6 69 8D E0 F1 .'Rn.... .T..i... >+[0F70] CD 63 1C 89 7C 8F B6 A0 71 53 A6 DA B1 66 D2 9D .c..|... qS...f.. >+[0F80] D3 4C A8 FB C6 9D 81 74 10 8E 84 D2 3D D8 1C BE .L.....t ....=... >+[0F90] BB 3F F7 BF 91 3E 89 66 43 A1 E0 90 1B 1A 97 FF .?...>.f C....... >+[0FA0] EF CC 35 75 14 62 4F 67 3A 29 F4 F9 C5 2E BE C5 ..5u.bOg :)...... >+[0FB0] C2 2B A8 35 22 D9 92 31 1D 49 2A A5 19 AA 08 0F .+.5"..1 .I*..... >+[0FC0] A8 22 0B 68 D2 A2 D7 07 7B 37 1E A3 AC 9B 4F 0A .".h.... {7....O. >+[0FD0] A4 FA 7F 37 6F 3E 35 79 4E 00 4B B6 28 A3 6A E4 ...7o>5y N.K.(.j. >+[0FE0] 0C 95 53 BA E8 41 07 DA BE E9 08 B9 51 24 91 49 ..S..A.. ....Q$.I >+[0FF0] 78 5D 44 12 BC 85 63 81 B8 E0 88 D5 95 0C D3 A8 x]D...c. ........ >+[1000] 1D 32 4B E4 A0 C8 A7 7D 3C 97 EE D8 59 AC 3A 21 .2K....} <...Y.:! >+[1010] 09 F2 7A CC D0 4A F3 50 10 DC FC 26 BB C2 6A 8E ..z..J.P ...&..j. >+[1020] 8B 14 2B 2D 50 2E B3 1E 9B D2 69 56 22 F2 48 BD ..+-P... ..iV".H. >+[1030] E9 2E 2F 28 DE 77 67 5F 68 AA 29 05 4B 36 58 40 ../(.wg_ h.).K6X@ >+[1040] E5 54 11 C5 4D 68 96 49 9D 53 37 87 5F D2 3A 9B .T..Mh.I .S7._.:. >+[1050] E9 8E 79 BE AE 11 B4 6B AB FD DB 8A F5 A0 9B 29 ..y....k .......) >+[1060] D9 F5 ED CA FA 3F FE 35 FC F4 69 7E E4 D0 44 29 .....?.5 ..i~..D) >+[1070] 48 FF 82 61 26 FC D3 E2 10 EE 14 F7 4A E3 CD F2 H..a&... ....J... >+[1080] 8B BC 8B 43 64 2C DE 40 6E BB E1 56 C0 B6 2C D0 ...Cd,.@ n..V..,. >+[1090] E5 1E E9 B3 FB 38 48 66 ED AF D2 25 D1 35 5C C6 .....8Hf ...%.5\. >+[10A0] F0 4D 36 19 0B EC 33 07 34 D0 27 8D 14 DC 01 45 .M6...3. 4.'....E >+[10B0] DE F8 73 A6 A0 F4 C1 91 9D BD 05 E3 70 25 E1 10 ..s..... ....p%.. >+[10C0] 44 F6 4B 46 F7 24 84 BF 20 96 AD 6A 96 94 81 58 D.KF.$.. ..j...X >+[10D0] 80 95 06 92 F5 7F 17 39 3B 32 47 B2 C5 CE 7B 73 .......9 ;2G...{s >+[10E0] CF 53 AE FA D1 9A 60 5A 98 EC 8C FA BD C0 CE 8D .S....`Z ........ >+[10F0] C5 27 E6 17 1A 4D 47 D8 3F 5D A9 7C FB 2C B3 05 .'...MG. ?].|.,.. >+[1100] 0C 69 20 48 99 80 11 DC 48 AB A7 EA 5B 98 C1 15 .i H.... H...[... >+[1110] 27 AE FA 3E 1E 1E E0 E1 F8 32 C0 54 13 D6 30 34 '..>.... .2.T..04 >+[1120] 71 98 26 61 6C 1C C4 C7 4E C4 A6 7E FE A8 B8 89 q.&al... N..~.... >+[1130] 2A 70 3C 19 58 8D 57 45 55 83 0A C2 B5 F7 89 0E *p<.X.WE U....... >+[1140] 7B 7A 17 0C CF 6E 08 A5 F7 21 4A 62 81 4F 49 CA {z...n.. .!Jb.OI. >+[1150] E2 ED C2 B4 C7 33 5C BC A1 A0 DE 4E 09 37 BE 24 .....3\. ...N.7.$ >+[1160] 62 22 94 55 75 AA 53 DE E0 74 5A B0 B8 E9 BF 2B b".Uu.S. .tZ....+ >+[1170] 12 65 2F 90 6B 84 ED 11 AD F7 CE 19 A1 96 E4 1E .e/.k... ........ >+[1180] 8C EA C8 81 1B 47 4F 5F B1 5D A5 8B E3 0D 5A 80 .....GO_ .]....Z. >+[1190] 89 EC 4B D9 CE ED E8 67 7F 96 FC 1B EF 65 C2 68 ..K....g .....e.h >+[11A0] 40 F7 20 36 83 58 62 F4 CA 02 F4 5C 0D 46 B1 CB @. 6.Xb. ...\.F.. >+[11B0] 50 D2 D8 3D B7 9A 96 48 8C CF EB E6 8C F4 B2 B4 P..=...H ........ >+[11C0] 47 C9 34 C9 DC 14 F1 33 1B 6F 9E 65 27 D7 9D 46 G.4....3 .o.e'..F >+[11D0] 1E 91 FF 2E FB 8E 97 5D 17 8F 48 54 7C 3C A0 11 .......] ..HT|<.. >+[11E0] 9C AA 77 E9 79 DE 26 D1 F0 7C EA 24 73 BE EC 60 ..w.y.&. .|.$s..` >+[11F0] B4 EE BD ED 0D 0A AB 74 60 6E 46 C0 35 5B 65 1A .......t `nF.5[e. >+[1200] A4 4A 5C 22 AC B9 CD B7 56 06 88 09 FC 48 68 55 .J\".... V....HhU >+[1210] B7 5E 39 72 DF 8A 4C CD 79 74 B0 84 0B 78 DA B2 .^9r..L. yt...x.. >+[1220] 55 F8 06 0B 5C 27 06 B3 CA 10 65 6B 04 A3 64 11 U...\'.. ..ek..d. >+[1230] 04 09 DC DF 67 00 70 B1 16 DF 24 E9 27 85 11 91 ....g.p. ..$.'... >+[1240] 31 CB 92 95 50 18 91 08 C2 A1 A3 76 C7 1A FC 64 1...P... ...v...d >+[1250] 9E 2C 3A E7 30 F4 16 0D A0 56 C0 BC D2 FE 2D A0 .,:.0... .V....-. >+[1260] 20 A4 E2 82 AD F0 C5 12 71 09 23 E1 66 52 53 D0 ....... q.#.fRS. >+[1270] 89 30 E7 BE B7 C2 89 F2 1C 7A F6 8E D7 28 F0 A4 .0...... .z...(.. >+[1280] 33 46 7C A2 79 66 DE 26 00 00 00 00 3F|.yf.& .... >+dump OK >-- >2.25.1 > > >From d3f74b2200b60eb926f05c4cebb2301f0ae820b4 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:02:47 +1200 >Subject: [PATCH 009/149] krb5: Add Python functions to create a credentials > cache containing a service ticket > >This is a FILE: format credentials cache readable by the MIT/Heimdal >Kerberos libraries. This allows us to glue the Python ASN1 Kerberos >system to the MIT/Heimdal one. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2d88a6ff3dbcf650b09ef9c8c37170ca6663b533) >--- > python/samba/tests/krb5/kdc_base_test.py | 167 ++++++++++++++++++++++- > 1 file changed, 163 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1c7f05dda6d..d8193ae9cdc 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -1,6 +1,6 @@ > # Unix SMB/CIFS implementation. > # Copyright (C) Stefan Metzmacher 2020 >-# Copyright (C) 2020 Catalyst.Net Ltd >+# Copyright (C) 2020-2021 Catalyst.Net Ltd > # > # This program is free software; you can redistribute it and/or modify > # it under the terms of the GNU General Public License as published by >@@ -18,6 +18,8 @@ > > import sys > import os >+from datetime import datetime >+import tempfile > > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" >@@ -26,10 +28,10 @@ import ldb > from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session >-from samba.credentials import Credentials >-from samba.dcerpc import krb5pac >+from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >+from samba.dcerpc import krb5pac, krb5ccache > from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >-from samba.ndr import ndr_unpack >+from samba.ndr import ndr_pack, ndr_unpack > from samba.samdb import SamDB > > from samba.tests import delete_force >@@ -38,6 +40,8 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > AD_IF_RELEVANT, > AD_WIN2K_PAC, >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, > KDC_ERR_PREAUTH_REQUIRED, > KRB_AS_REP, > KRB_TGS_REP, >@@ -46,6 +50,8 @@ from samba.tests.krb5.rfc4120_constants import ( > KU_PA_ENC_TIMESTAMP, > KU_TGS_REP_ENC_PART_SUB_KEY, > KU_TICKET, >+ NT_PRINCIPAL, >+ NT_SRV_HST, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO2, > ) >@@ -445,3 +451,156 @@ class KDCBaseTest(RawKerberosTest): > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) > self.ldb.modify(msg) >+ >+ def create_ccache(self, cname, ticket, enc_part): >+ """ Lay out a version 4 on-disk credentials cache, to be read using the >+ FILE: protocol. >+ """ >+ >+ field = krb5ccache.DELTATIME_TAG() >+ field.kdc_sec_offset = 0 >+ field.kdc_usec_offset = 0 >+ >+ v4tag = krb5ccache.V4TAG() >+ v4tag.tag = 1 >+ v4tag.field = field >+ >+ v4tags = krb5ccache.V4TAGS() >+ v4tags.tag = v4tag >+ v4tags.further_tags = b'' >+ >+ optional_header = krb5ccache.V4HEADER() >+ optional_header.v4tags = v4tags >+ >+ cname_string = cname['name-string'] >+ >+ cprincipal = krb5ccache.PRINCIPAL() >+ cprincipal.name_type = cname['name-type'] >+ cprincipal.component_count = len(cname_string) >+ cprincipal.realm = ticket['realm'] >+ cprincipal.components = cname_string >+ >+ sname = ticket['sname'] >+ sname_string = sname['name-string'] >+ >+ sprincipal = krb5ccache.PRINCIPAL() >+ sprincipal.name_type = sname['name-type'] >+ sprincipal.component_count = len(sname_string) >+ sprincipal.realm = ticket['realm'] >+ sprincipal.components = sname_string >+ >+ key = self.EncryptionKey_import(enc_part['key']) >+ >+ key_data = key.export_obj() >+ keyblock = krb5ccache.KEYBLOCK() >+ keyblock.enctype = key_data['keytype'] >+ keyblock.data = key_data['keyvalue'] >+ >+ addresses = krb5ccache.ADDRESSES() >+ addresses.count = 0 >+ addresses.data = [] >+ >+ authdata = krb5ccache.AUTHDATA() >+ authdata.count = 0 >+ authdata.data = [] >+ >+ # Re-encode the ticket, since it was decoded by another layer. >+ ticket_data = self.der_encode(ticket, asn1Spec=krb5_asn1.Ticket()) >+ >+ authtime = enc_part['authtime'] >+ try: >+ starttime = enc_part['starttime'] >+ except KeyError: >+ starttime = authtime >+ endtime = enc_part['endtime'] >+ >+ cred = krb5ccache.CREDENTIAL() >+ cred.client = cprincipal >+ cred.server = sprincipal >+ cred.keyblock = keyblock >+ cred.authtime = int(datetime.strptime(authtime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.starttime = int(datetime.strptime(starttime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.endtime = int(datetime.strptime(endtime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.renew_till = cred.endtime >+ cred.is_skey = 0 >+ cred.ticket_flags = int(enc_part['flags'], 2) >+ cred.addresses = addresses >+ cred.authdata = authdata >+ cred.ticket = ticket_data >+ cred.second_ticket = b'' >+ >+ ccache = krb5ccache.CCACHE() >+ ccache.pvno = 5 >+ ccache.version = 4 >+ ccache.optional_header = optional_header >+ ccache.principal = cprincipal >+ ccache.cred = cred >+ >+ # Serialise the credentials cache structure. >+ result = ndr_pack(ccache) >+ >+ # Create a temporary file and write the credentials. >+ cachefile = tempfile.NamedTemporaryFile(dir=self.tempdir, delete=False) >+ cachefile.write(result) >+ cachefile.close() >+ >+ return cachefile >+ >+ def create_ccache_with_user(self, user_credentials, mach_name, >+ service="host"): >+ # Obtain a service ticket authorising the user and place it into a >+ # newly created credentials cache file. >+ >+ user_name = user_credentials.get_username() >+ realm = user_credentials.get_realm() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_HST, >+ names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(user_credentials, rep) >+ key = self.get_as_rep_key(user_credentials, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part['key']) >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_HST, >+ names=[service, mach_name]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, realm, ticket, key, etype) >+ self.check_tgs_reply(rep) >+ key = self.EncryptionKey_import(enc_part['key']) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ >+ # Write the ticket into a credentials cache file that can be ingested >+ # by the main credentials code. >+ cachefile = self.create_ccache(cname, ticket, enc_part) >+ >+ # Create a credentials object to reference the credentials cache. >+ creds = Credentials() >+ creds.set_kerberos_state(MUST_USE_KERBEROS) >+ creds.set_username(user_name, SPECIFIED) >+ creds.set_realm(realm) >+ creds.set_named_ccache(cachefile.name, SPECIFIED, self.lp) >+ >+ # Return the credentials along with the cache file. >+ return (creds, cachefile) >-- >2.25.1 > > >From 14cedc583086aa4b6a490091f6ab073bbaaa987d Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:06:33 +1200 >Subject: [PATCH 010/149] python: Add credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service using the normal >credentials system backed on to MIT/Heimdal Kerberos 5 libraries. This >will allow us to validate the output of the MIT/Heimdal libraries in the >future. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit c15f26ec40860782b22e862f9bdf665745387718) >--- > python/samba/tests/krb5/raw_testcase.py | 8 +- > python/samba/tests/krb5/rfc4120_constants.py | 1 + > python/samba/tests/krb5/test_ccache.py | 127 +++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 2 + > 5 files changed, 135 insertions(+), 4 deletions(-) > create mode 100755 python/samba/tests/krb5/test_ccache.py > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 82e68ee7019..27ab89ecf99 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -25,7 +25,7 @@ import random > > import samba.tests > from samba.credentials import Credentials >-from samba.tests import TestCase >+from samba.tests import TestCaseInTempDir > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > import samba.tests.krb5.kcrypto as kcrypto > >@@ -178,11 +178,11 @@ class Krb5EncryptionKey(object): > return EncryptionKey_obj > > >-class RawKerberosTest(TestCase): >+class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > > def setUp(self): >- super(RawKerberosTest, self).setUp() >+ super().setUp() > self.do_asn1_print = False > self.do_hexdump = False > >@@ -192,7 +192,7 @@ class RawKerberosTest(TestCase): > > def tearDown(self): > self._disconnect("tearDown") >- super(TestCase, self).tearDown() >+ super().tearDown() > > def _disconnect(self, reason): > if self.s is None: >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 5bbf1229d09..702f6084217 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -46,6 +46,7 @@ KDC_ERR_SKEW = 37 > # Name types > NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) > NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >+NT_SRV_HST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-HST')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >new file mode 100755 >index 00000000000..e0998a4c43f >--- /dev/null >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -0,0 +1,127 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from ldb import SCOPE_SUBTREE >+from samba import gensec >+from samba.auth import AuthContext >+from samba.dcerpc import security >+from samba.ndr import ndr_unpack >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class CcacheTests(KDCBaseTest): >+ """Test for authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_ccache(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "ccacheusr" >+ mach_name = "ccachemac" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Create the machine account. >+ (mach_credentials, _) = self.create_account(mach_name, >+ machine_account=True) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name) >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ settings = {} >+ settings["lp_ctx"] = self.lp >+ settings["target_hostname"] = mach_name >+ >+ gensec_client = gensec.Security.start_client(settings) >+ gensec_client.set_credentials(creds) >+ gensec_client.want_feature(gensec.FEATURE_SEAL) >+ gensec_client.start_mech_by_sasl_name("GSSAPI") >+ >+ auth_context = AuthContext(lp_ctx=self.lp, ldb=self.ldb, methods=[]) >+ >+ gensec_server = gensec.Security.start_server(settings, auth_context) >+ gensec_server.set_credentials(mach_credentials) >+ >+ gensec_server.start_mech_by_sasl_name("GSSAPI") >+ >+ client_finished = False >+ server_finished = False >+ server_to_client = b'' >+ >+ # Operate as both the client and the server to verify the user's >+ # credentials. >+ while not client_finished or not server_finished: >+ if not client_finished: >+ print("running client gensec_update") >+ (client_finished, client_to_server) = gensec_client.update( >+ server_to_client) >+ if not server_finished: >+ print("running server gensec_update") >+ (server_finished, server_to_client) = gensec_server.update( >+ client_to_server) >+ >+ # Ensure that the first SID contained within the obtained security >+ # token is the SID of the user we created. >+ >+ # Retrieve the user account's SID. >+ ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) >+ self.assertEqual(1, len(ldb_res)) >+ sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) >+ >+ # Retrieve the SIDs from the security token. >+ session = gensec_server.session_info() >+ token = session.security_token >+ token_sids = token.sids >+ self.assertGreater(len(token_sids), 0) >+ >+ # Ensure that they match. >+ self.assertEqual(sid, token_sids[0]) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index baa7b3b633a..de38acfb2ae 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -96,6 +96,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tests.py', > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', >+ 'python/samba/tests/krb5/test_ccache.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 709b5b71da4..6f32d68c9a2 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -818,6 +818,8 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > > planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") >+ > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) > planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", >-- >2.25.1 > > >From 36a17187f5fc19f5d97af37977b99f9239d0e6d2 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Apr 2021 20:58:11 +1200 >Subject: [PATCH 011/149] python: Add LDAP credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service through LDAP. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 7663b5c37fa3413f7c67c018107322494e4a6fd9) >--- > python/samba/tests/krb5/test_ldap.py | 94 ++++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 96 insertions(+) > create mode 100755 python/samba/tests/krb5/test_ldap.py > >diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py >new file mode 100755 >index 00000000000..6a4bf52d77f >--- /dev/null >+++ b/python/samba/tests/krb5/test_ldap.py >@@ -0,0 +1,94 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from ldb import SCOPE_BASE, SCOPE_SUBTREE >+from samba.dcerpc import security >+from samba.ndr import ndr_unpack >+from samba.samdb import SamDB >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class LdapTests(KDCBaseTest): >+ """Test for LDAP authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_ldap(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "ldapusr" >+ mach_name = self.dns_host_name >+ service = "ldap" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name, >+ service) >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ # Retrieve the user account's SID. >+ ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) >+ self.assertEqual(1, len(ldb_res)) >+ sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) >+ >+ # Connect to the machine account and retrieve the user SID. >+ ldb_as_user = SamDB(url="ldap://%s" % mach_name, >+ credentials=creds, >+ lp=self.lp) >+ ldb_res = ldb_as_user.search('', >+ scope=SCOPE_BASE, >+ attrs=["tokenGroups"]) >+ self.assertEqual(1, len(ldb_res)) >+ >+ token_sid = ndr_unpack(security.dom_sid, ldb_res[0]["tokenGroups"][0]) >+ >+ # Ensure that they match. >+ self.assertEqual(sid, token_sid) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index de38acfb2ae..d9bddedd823 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -97,6 +97,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', > 'python/samba/tests/krb5/test_ccache.py', >+ 'python/samba/tests/krb5/test_ldap.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 6f32d68c9a2..8d8d911bcb4 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -819,6 +819,7 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From 67259eedd1806e336f1a5592aa20c90eb75e3ecd Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Apr 2021 21:04:25 +1200 >Subject: [PATCH 012/149] python: Add RPC credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service through RPC. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 072451a033da07c0cdaa005dd1020ef1c7951e99) >--- > python/samba/tests/krb5/test_rpc.py | 77 +++++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 79 insertions(+) > create mode 100755 python/samba/tests/krb5/test_rpc.py > >diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py >new file mode 100755 >index 00000000000..da1c4eb88ac >--- /dev/null >+++ b/python/samba/tests/krb5/test_rpc.py >@@ -0,0 +1,77 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from samba.dcerpc import lsa >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class RpcTests(KDCBaseTest): >+ """Test for RPC authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_rpc(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "rpcusr" >+ mach_name = self.dns_host_name >+ service = "cifs" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name, >+ service) >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ binding_str = "ncacn_np:%s[\\pipe\\lsarpc]" % mach_name >+ conn = lsa.lsarpc(binding_str, self.lp, creds) >+ >+ (account_name, _) = conn.GetUserName(None, None, None) >+ >+ self.assertEqual(user_name, account_name.string) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index d9bddedd823..e178b5c0e8a 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -98,6 +98,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tgs_tests.py', > 'python/samba/tests/krb5/test_ccache.py', > 'python/samba/tests/krb5/test_ldap.py', >+ 'python/samba/tests/krb5/test_rpc.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 8d8d911bcb4..20a3d23e5f4 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -820,6 +820,7 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc") > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From 062999cc83cf95cb31077c20b38f59b0f1d45cdb Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 15:48:43 +1200 >Subject: [PATCH 013/149] Revert "libsmb: Use sid_parse()" > >This reverts commit afd5d34f5e1d13ba88448b3b94d353aa8361d1a9. > >This code originally used ndr_pull_struct_blob() to pull one SID from a >buffer potentially containing multiple SIDs. When this was changed to >use sid_parse(), it was now attempting to parse the whole buffer as a >single SID with ndr_pull_struct_blob_all(), which would cause it to fail >if more than one SID was present. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2b487890d946df88abce67c3d07d74559f70f069) >--- > source3/libsmb/clifsinfo.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index bcfe406e07b..a9b3b03abb6 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -29,7 +29,6 @@ > #include "../libcli/smb/smbXcli_base.h" > #include "auth/credentials/credentials.h" > #include "../librpc/gen_ndr/ndr_security.h" >-#include "libcli/security/dom_sid.h" > > /**************************************************************************** > Get UNIX extensions version info. >@@ -686,9 +685,23 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > num_rdata -= (p - rdata); > > for (i = 0; i < state->num_sids; i++) { >- ssize_t sid_size = sid_parse(p, num_rdata, &state->sids[i]); >+ size_t sid_size; >+ DATA_BLOB in = data_blob_const(p, num_rdata); >+ enum ndr_err_code ndr_err; > >- if ((sid_size == -1) || (sid_size > num_rdata)) { >+ ndr_err = ndr_pull_struct_blob(&in, >+ state, >+ &state->sids[i], >+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid); >+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ >+ sid_size = ndr_size_dom_sid(&state->sids[i], 0); >+ >+ if (sid_size > num_rdata) { > tevent_req_nterror(req, > NT_STATUS_INVALID_NETWORK_RESPONSE); > return; >-- >2.25.1 > > >From ca89931d8ea965bbb3e12649ed6e4a42e61269a8 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 15:55:01 +1200 >Subject: [PATCH 014/149] libsmb: Remove overflow check > >Pointer overflow is undefined, so this check does not accomplish >anything. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit db5b34c7682e36630908356cf674fddd18d8fa1f) >--- > source3/libsmb/clifsinfo.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index a9b3b03abb6..135a77f2312 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -650,7 +650,7 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > * parsing network packets in C. > */ > >- if (num_rdata < 40 || rdata + num_rdata < rdata) { >+ if (num_rdata < 40) { > tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); > return; > } >-- >2.25.1 > > >From e912f1f01d2f26397a55f8085675d032c9130bdc Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 16:16:51 +1200 >Subject: [PATCH 015/149] libsmb: Avoid undefined behaviour when parsing whoami > state > >If num_gids is such that the gids array would overflow the rdata buffer, >'p + 8' could produce a result pointing outside the buffer, and thus >result in undefined behaviour. To avoid this, we check num_gids against >the size of the buffer beforehand. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9d8aeed33d8edf7a5dc96dbe35e4e164e2baeeeb) >--- > source3/libsmb/clifsinfo.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index 135a77f2312..8ec74d191be 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -661,6 +661,13 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > state->num_gids = IVAL(rdata, 24); > state->num_sids = IVAL(rdata, 28); > >+ /* Ensure the gid array doesn't overflow */ >+ if (state->num_gids > (num_rdata - 40) / sizeof(uint64_t)) { >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > state->gids = talloc_array(state, uint64_t, state->num_gids); > if (tevent_req_nomem(state->gids, req)) { > return; >@@ -673,11 +680,6 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > p = rdata + 40; > > for (i = 0; i < state->num_gids; i++) { >- if (p + 8 > rdata + num_rdata) { >- tevent_req_nterror(req, >- NT_STATUS_INVALID_NETWORK_RESPONSE); >- return; >- } > state->gids[i] = BVAL(p, 0); > p += 8; > } >-- >2.25.1 > > >From 6ca4868169b3841de07c7f29153c7a1ee4effe33 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 16:22:43 +1200 >Subject: [PATCH 016/149] libsmb: Check to see that whoami is not receiving > more data than it requested > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9e414233c84d2f2fa4a9415be9ee975eca8b9bfd) >--- > source3/libsmb/clifsinfo.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index 8ec74d191be..c1f2eca8bcf 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -570,6 +570,8 @@ struct posix_whoami_state { > > static void cli_posix_whoami_done(struct tevent_req *subreq); > >+static const uint32_t posix_whoami_max_rdata = 62*1024; >+ > struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx, > struct tevent_context *ev, > struct cli_state *cli) >@@ -586,7 +588,7 @@ struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx, > SSVAL(state->setup, 0, TRANSACT2_QFSINFO); > SSVAL(state->param, 0, SMB_QUERY_POSIX_WHOAMI); > >- state->max_rdata = 62*1024; >+ state->max_rdata = posix_whoami_max_rdata; > > subreq = cli_trans_send(state, /* mem ctx. */ > ev, /* event ctx. */ >@@ -650,7 +652,7 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > * parsing network packets in C. > */ > >- if (num_rdata < 40) { >+ if (num_rdata < 40 || num_rdata > posix_whoami_max_rdata) { > tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); > return; > } >-- >2.25.1 > > >From 2efd07a6ead7ed62eee60fc927c96d3f031bac09 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 16:24:42 +1200 >Subject: [PATCH 017/149] libsmb: Ensure that whoami parses all the data > provided to it > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9b96ebea5c6966b096cf1100a0895a9c41f2aa1d) >--- > source3/libsmb/clifsinfo.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index c1f2eca8bcf..c4e2a01bc45 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -714,6 +714,13 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > p += sid_size; > num_rdata -= sid_size; > } >+ >+ if (num_rdata != 0) { >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > tevent_req_done(req); > } > >-- >2.25.1 > > >From 583d48bcc0bd6751526fc38d4b3eda630c72d0f4 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Fri, 30 Apr 2021 12:49:24 +1200 >Subject: [PATCH 018/149] pylibsmb: Add posix_whoami() > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 482559436f12a85adb3409433aac3ab06baa82b1) >--- > source3/libsmb/pylibsmb.c | 139 +++++++++++++++++++++++++++++++++++++- > 1 file changed, 137 insertions(+), 2 deletions(-) > >diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c >index 510dd3185d8..874b850d5a7 100644 >--- a/source3/libsmb/pylibsmb.c >+++ b/source3/libsmb/pylibsmb.c >@@ -38,6 +38,8 @@ > #define LIST_ATTRIBUTE_MASK \ > (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN) > >+static PyTypeObject *dom_sid_Type = NULL; >+ > static PyTypeObject *get_pytype(const char *module, const char *type) > { > PyObject *mod; >@@ -1585,6 +1587,123 @@ static PyObject *py_smb_mkdir(struct py_cli_state *self, PyObject *args) > Py_RETURN_NONE; > } > >+/* >+ * Does a whoami call >+ */ >+static PyObject *py_smb_posix_whoami(struct py_cli_state *self, >+ PyObject *Py_UNUSED(ignored)) >+{ >+ TALLOC_CTX *frame = talloc_stackframe(); >+ NTSTATUS status; >+ struct tevent_req *req = NULL; >+ uint64_t uid; >+ uint64_t gid; >+ uint32_t num_gids; >+ uint64_t *gids = NULL; >+ uint32_t num_sids; >+ struct dom_sid *sids = NULL; >+ bool guest; >+ PyObject *py_gids = NULL; >+ PyObject *py_sids = NULL; >+ PyObject *py_guest = NULL; >+ PyObject *py_ret = NULL; >+ Py_ssize_t i; >+ >+ req = cli_posix_whoami_send(frame, self->ev, self->cli); >+ if (!py_tevent_req_wait_exc(self, req)) { >+ goto fail; >+ } >+ status = cli_posix_whoami_recv(req, >+ frame, >+ &uid, >+ &gid, >+ &num_gids, >+ &gids, >+ &num_sids, >+ &sids, >+ &guest); >+ if (!NT_STATUS_IS_OK(status)) { >+ PyErr_SetNTSTATUS(status); >+ goto fail; >+ } >+ if (num_gids > PY_SSIZE_T_MAX) { >+ PyErr_SetString(PyExc_OverflowError, "posix_whoami: Too many GIDs"); >+ goto fail; >+ } >+ if (num_sids > PY_SSIZE_T_MAX) { >+ PyErr_SetString(PyExc_OverflowError, "posix_whoami: Too many SIDs"); >+ goto fail; >+ } >+ >+ py_gids = PyList_New(num_gids); >+ if (!py_gids) { >+ goto fail; >+ } >+ for (i = 0; i < num_gids; ++i) { >+ int ret; >+ PyObject *py_item = PyLong_FromUnsignedLongLong(gids[i]); >+ if (!py_item) { >+ goto fail2; >+ } >+ >+ ret = PyList_SetItem(py_gids, i, py_item); >+ if (ret) { >+ goto fail2; >+ } >+ } >+ py_sids = PyList_New(num_sids); >+ if (!py_sids) { >+ goto fail2; >+ } >+ for (i = 0; i < num_sids; ++i) { >+ int ret; >+ struct dom_sid *sid; >+ PyObject *py_item; >+ >+ sid = dom_sid_dup(frame, &sids[i]); >+ if (!sid) { >+ PyErr_NoMemory(); >+ goto fail3; >+ } >+ >+ py_item = pytalloc_steal(dom_sid_Type, sid); >+ if (!py_item) { >+ PyErr_NoMemory(); >+ goto fail3; >+ } >+ >+ ret = PyList_SetItem(py_sids, i, py_item); >+ if (ret) { >+ goto fail3; >+ } >+ } >+ >+ py_guest = guest ? Py_True : Py_False; >+ >+ py_ret = Py_BuildValue("KKNNO", >+ uid, >+ gid, >+ py_gids, >+ py_sids, >+ py_guest); >+ if (!py_ret) { >+ goto fail3; >+ } >+ >+ TALLOC_FREE(frame); >+ return py_ret; >+ >+fail3: >+ Py_CLEAR(py_sids); >+ >+fail2: >+ Py_CLEAR(py_gids); >+ >+fail: >+ TALLOC_FREE(frame); >+ return NULL; >+} >+ > /* > * Checks existence of a directory > */ >@@ -1721,6 +1840,8 @@ static PyMethodDef py_cli_state_methods[] = { > "unlink(path) -> None\n\n \t\tDelete a file." }, > { "mkdir", (PyCFunction)py_smb_mkdir, METH_VARARGS, > "mkdir(path) -> None\n\n \t\tCreate a directory." }, >+ { "posix_whoami", (PyCFunction)py_smb_posix_whoami, METH_NOARGS, >+ "posix_whoami() -> (uid, gid, gids, sids, guest)" }, > { "rmdir", (PyCFunction)py_smb_rmdir, METH_VARARGS, > "rmdir(path) -> None\n\n \t\tDelete a directory." }, > { "rename", >@@ -1774,17 +1895,31 @@ static struct PyModuleDef moduledef = { > MODULE_INIT_FUNC(libsmb_samba_cwrapper) > { > PyObject *m = NULL; >+ PyObject *mod = NULL; > > talloc_stackframe(); > >+ if (PyType_Ready(&py_cli_state_type) < 0) { >+ return NULL; >+ } >+ if (PyType_Ready(&py_cli_notify_state_type) < 0) { >+ return NULL; >+ } >+ > m = PyModule_Create(&moduledef); > if (m == NULL) { > return m; > } >- if (PyType_Ready(&py_cli_state_type) < 0) { >+ >+ /* Import dom_sid type from dcerpc.security */ >+ mod = PyImport_ImportModule("samba.dcerpc.security"); >+ if (mod == NULL) { > return NULL; > } >- if (PyType_Ready(&py_cli_notify_state_type) < 0) { >+ >+ dom_sid_Type = (PyTypeObject *)PyObject_GetAttrString(mod, "dom_sid"); >+ if (dom_sid_Type == NULL) { >+ Py_DECREF(mod); > return NULL; > } > >-- >2.25.1 > > >From fa45c929d325e00dfc5546bad121432c2adf60bc Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Fri, 30 Apr 2021 08:58:11 +1200 >Subject: [PATCH 019/149] python: Add SMB credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service through SMB. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 78a0b57b51642df07deed8aeb6e39e608fafda60) >--- > python/samba/tests/krb5/test_smb.py | 108 ++++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 110 insertions(+) > create mode 100755 python/samba/tests/krb5/test_smb.py > >diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py >new file mode 100755 >index 00000000000..0262a37ebb5 >--- /dev/null >+++ b/python/samba/tests/krb5/test_smb.py >@@ -0,0 +1,108 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from ldb import SCOPE_SUBTREE >+from samba.dcerpc import security >+from samba.ndr import ndr_unpack >+from samba.samba3 import libsmb_samba_internal as libsmb >+from samba.samba3 import param as s3param >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class SmbTests(KDCBaseTest): >+ """Test for SMB authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_smb(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "smbusr" >+ mach_name = self.dns_host_name >+ service = "cifs" >+ share = "tmp" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name, >+ service) >+ >+ # Set the Kerberos 5 credentials cache environment variable. This is >+ # required because the codepath that gets run (gse_krb5) looks for it >+ # in here and not in the credentials object. >+ krb5_ccname = os.environ.get("KRB5CCNAME", "") >+ self.addCleanup(os.environ.__setitem__, "KRB5CCNAME", krb5_ccname) >+ os.environ["KRB5CCNAME"] = "FILE:" + cachefile.name >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ # Retrieve the user account's SID. >+ ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) >+ self.assertEqual(1, len(ldb_res)) >+ sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) >+ >+ # Connect to a share and retrieve the user SID. >+ s3_lp = s3param.get_context() >+ s3_lp.load(self.lp.configfile) >+ >+ min_protocol = s3_lp.get("client min protocol") >+ self.addCleanup(s3_lp.set, "client min protocol", min_protocol) >+ s3_lp.set("client min protocol", "NT1") >+ >+ max_protocol = s3_lp.get("client max protocol") >+ self.addCleanup(s3_lp.set, "client max protocol", max_protocol) >+ s3_lp.set("client max protocol", "NT1") >+ >+ conn = libsmb.Conn(mach_name, share, lp=s3_lp, creds=creds) >+ >+ (uid, gid, gids, sids, guest) = conn.posix_whoami() >+ >+ # Ensure that they match. >+ self.assertEqual(sid, sids[0]) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index e178b5c0e8a..14695ae65c5 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -99,6 +99,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/test_ccache.py', > 'python/samba/tests/krb5/test_ldap.py', > 'python/samba/tests/krb5/test_rpc.py', >+ 'python/samba/tests/krb5/test_smb.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 20a3d23e5f4..3089c6f4dda 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -821,6 +821,7 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc") >+planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb") > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From e4e9306cdb3723dd906263d93a2ee200ce8e75e6 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 14:42:10 +1200 >Subject: [PATCH 020/149] python: Ensure reference counts are properly > incremented > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 290c1dc0975867a71c02e911708323d1f38b6f96) >--- > lib/talloc/pytalloc.c | 4 ++-- > libgpo/pygpo.c | 2 +- > source4/auth/gensec/pygensec.c | 4 ++-- > source4/librpc/ndr/py_security.c | 2 +- > source4/ntvfs/posix/python/pyposix_eadb.c | 2 +- > source4/ntvfs/posix/python/pyxattr_native.c | 4 ++-- > source4/ntvfs/posix/python/pyxattr_tdb.c | 2 +- > 7 files changed, 10 insertions(+), 10 deletions(-) > >diff --git a/lib/talloc/pytalloc.c b/lib/talloc/pytalloc.c >index cc5a6a812ea..4d3826153b9 100644 >--- a/lib/talloc/pytalloc.c >+++ b/lib/talloc/pytalloc.c >@@ -37,7 +37,7 @@ static PyObject *pytalloc_report_full(PyObject *self, PyObject *args) > } else { > talloc_report_full(pytalloc_get_mem_ctx(py_obj), stdout); > } >- return Py_None; >+ Py_RETURN_NONE; > } > > /* enable null tracking */ >@@ -45,7 +45,7 @@ static PyObject *pytalloc_enable_null_tracking(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { > talloc_enable_null_tracking(); >- return Py_None; >+ Py_RETURN_NONE; > } > > /* return the number of talloc blocks */ >diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c >index 29c8b11886e..3452bc77d61 100644 >--- a/libgpo/pygpo.c >+++ b/libgpo/pygpo.c >@@ -41,7 +41,7 @@ static PyObject* GPO_get_##ATTR(PyObject *self, void *closure) \ > if (gpo_ptr->ATTR) \ > return PyUnicode_FromString(gpo_ptr->ATTR); \ > else \ >- return Py_None; \ >+ Py_RETURN_NONE; \ > } > GPO_getter(ds_path) > GPO_getter(file_sys_path) >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 568fc7c8db7..490fcbecd58 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -426,9 +426,9 @@ static PyObject *py_gensec_have_feature(PyObject *self, PyObject *args) > return NULL; > > if (gensec_have_feature(security, feature)) { >- return Py_True; >+ Py_RETURN_TRUE; > } >- return Py_False; >+ Py_RETURN_FALSE; > } > > static PyObject *py_gensec_set_max_update_size(PyObject *self, PyObject *args) >diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c >index 4e9af544828..d4a2cd4f6f7 100644 >--- a/source4/librpc/ndr/py_security.c >+++ b/source4/librpc/ndr/py_security.c >@@ -342,7 +342,7 @@ static PyObject *py_descriptor_richcmp( > break; > } > >- return Py_NotImplemented; >+ Py_RETURN_NOTIMPLEMENTED; > } > > static void py_descriptor_patch(PyTypeObject *type) >diff --git a/source4/ntvfs/posix/python/pyposix_eadb.c b/source4/ntvfs/posix/python/pyposix_eadb.c >index c64a388bfc7..abf397f990c 100644 >--- a/source4/ntvfs/posix/python/pyposix_eadb.c >+++ b/source4/ntvfs/posix/python/pyposix_eadb.c >@@ -32,7 +32,7 @@ > static PyObject *py_is_xattr_supported(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { >- return Py_True; >+ Py_RETURN_TRUE; > } > > static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args) >diff --git a/source4/ntvfs/posix/python/pyxattr_native.c b/source4/ntvfs/posix/python/pyxattr_native.c >index 3be896911f2..d242cd98a5d 100644 >--- a/source4/ntvfs/posix/python/pyxattr_native.c >+++ b/source4/ntvfs/posix/python/pyxattr_native.c >@@ -29,9 +29,9 @@ static PyObject *py_is_xattr_supported(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { > #if !defined(HAVE_XATTR_SUPPORT) >- return Py_False; >+ Py_RETURN_FALSE; > #else >- return Py_True; >+ Py_RETURN_TRUE; > #endif > } > >diff --git a/source4/ntvfs/posix/python/pyxattr_tdb.c b/source4/ntvfs/posix/python/pyxattr_tdb.c >index b457c86e066..425fd868ca0 100644 >--- a/source4/ntvfs/posix/python/pyxattr_tdb.c >+++ b/source4/ntvfs/posix/python/pyxattr_tdb.c >@@ -36,7 +36,7 @@ > static PyObject *py_is_xattr_supported(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { >- return Py_True; >+ Py_RETURN_TRUE; > } > > static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args) >-- >2.25.1 > > >From e49ec5d40d85217576d02fc49190a14fc088f7cb Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 14:43:04 +1200 >Subject: [PATCH 021/149] python: Fix erroneous increments of reference counts > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 66695f0f94775c4db24fb625fe78ff44d964b5ad) >--- > source3/passdb/py_passdb.c | 4 ---- > 1 file changed, 4 deletions(-) > >diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c >index eb9239700c1..8988959bfc7 100644 >--- a/source3/passdb/py_passdb.c >+++ b/source3/passdb/py_passdb.c >@@ -2075,8 +2075,6 @@ static PyObject *py_pdb_enum_group_mapping(PyObject *self, PyObject *args) > size_t i, num_entries; > PyObject *py_gmap_list, *py_group_map; > >- Py_INCREF(Py_None); >- > if (!PyArg_ParseTuple(args, "|O!ii:enum_group_mapping", dom_sid_Type, &py_domain_sid, > &lsa_sidtype_value, &unix_only)) { > talloc_free(frame); >@@ -2814,8 +2812,6 @@ static PyObject *py_pdb_search_aliases(PyObject *self, PyObject *args) > PyObject *py_domain_sid = Py_None; > struct dom_sid *domain_sid = NULL; > >- Py_INCREF(Py_None); >- > if (!PyArg_ParseTuple(args, "|O!:search_aliases", dom_sid_Type, &py_domain_sid)) { > talloc_free(frame); > return NULL; >-- >2.25.1 > > >From 6ee8569a10fff8311dd05abf8345ea731795808a Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 10 May 2021 16:43:03 +1200 >Subject: [PATCH 022/149] python: Fix ticket timestamp conversion when local > timezone is not UTC > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b9006f33343ba8bb82ef8ffe1fd90c780961b41e) >--- > python/samba/tests/krb5/kdc_base_test.py | 23 +++++++++++++++++++---- > 1 file changed, 19 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index d8193ae9cdc..e345f739e1c 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -18,7 +18,7 @@ > > import sys > import os >-from datetime import datetime >+from datetime import datetime, timezone > import tempfile > > sys.path.insert(0, "bin/python") >@@ -519,11 +519,26 @@ class KDCBaseTest(RawKerberosTest): > cred.server = sprincipal > cred.keyblock = keyblock > cred.authtime = int(datetime.strptime(authtime.decode(), >- "%Y%m%d%H%M%SZ").timestamp()) >+ "%Y%m%d%H%M%SZ") >+ .replace(tzinfo=timezone.utc).timestamp()) > cred.starttime = int(datetime.strptime(starttime.decode(), >- "%Y%m%d%H%M%SZ").timestamp()) >+ "%Y%m%d%H%M%SZ") >+ .replace(tzinfo=timezone.utc).timestamp()) > cred.endtime = int(datetime.strptime(endtime.decode(), >- "%Y%m%d%H%M%SZ").timestamp()) >+ "%Y%m%d%H%M%SZ") >+ .replace(tzinfo=timezone.utc).timestamp()) >+ >+ # Account for clock skew of up to five minutes. >+ self.assertLess(cred.authtime - 5*60, >+ datetime.now(timezone.utc).timestamp(), >+ "Ticket not yet valid - clocks may be out of sync.") >+ self.assertLess(cred.starttime - 5*60, >+ datetime.now(timezone.utc).timestamp(), >+ "Ticket not yet valid - clocks may be out of sync.") >+ self.assertGreater(cred.endtime - 60*60, >+ datetime.now(timezone.utc).timestamp(), >+ "Ticket already expired/about to expire - clocks may be out of sync.") >+ > cred.renew_till = cred.endtime > cred.is_skey = 0 > cred.ticket_flags = int(enc_part['flags'], 2) >-- >2.25.1 > > >From 1a1a3ab6c59c60df3a8fbd09216fb3fd3308d803 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 10 May 2021 15:06:06 +1200 >Subject: [PATCH 023/149] python: Make credentials cache test run against > Windows > >Windows, unlike Samba, requires the service principal name to be set >when requesting a ticket to that service. > >Additionally, default_realm from the libdefaults section of krb5.conf >should be set so that the correct realm is used. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed May 19 02:22:01 UTC 2021 on sn-devel-184 > >(cherry picked from commit 7791acb074b84ec7b571a81f15b56d33e2214ce9) >--- > python/samba/tests/krb5/test_ccache.py | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >index e0998a4c43f..32c9e3cce6b 100755 >--- a/python/samba/tests/krb5/test_ccache.py >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -47,13 +47,16 @@ class CcacheTests(KDCBaseTest): > > user_name = "ccacheusr" > mach_name = "ccachemac" >+ service = "host" > > # Create the user account. > (user_credentials, _) = self.create_account(user_name) > > # Create the machine account. > (mach_credentials, _) = self.create_account(mach_name, >- machine_account=True) >+ machine_account=True, >+ spn="%s/%s" % (service, >+ mach_name)) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >-- >2.25.1 > > >From 84c8ad5a51ebb1bab451030413c23a1f55f4bcd5 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 21:04:44 +0200 >Subject: [PATCH 024/149] auth/credentials: allow credentials.Credentials to > act as base class > >In tests it's useful to add more details. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f413b2b2977687884781ca2399dadf6611ab461) >--- > auth/credentials/pycredentials.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index dfc50e6d79a..5a168e6dd7f 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -1431,7 +1431,7 @@ static struct PyModuleDef moduledef = { > PyTypeObject PyCredentials = { > .tp_name = "credentials.Credentials", > .tp_new = py_creds_new, >- .tp_flags = Py_TPFLAGS_DEFAULT, >+ .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, > .tp_methods = py_creds_methods, > }; > >-- >2.25.1 > > >From 93bb945df0cb4f08c4974d2014daf2331914b61d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 16:50:55 +0200 >Subject: [PATCH 025/149] Rename > python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} > >This is a clearer name for the script > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fef08add9ec324fb0c3902e96c2a91c07646d499) >--- > .../samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} | 0 > 1 file changed, 0 insertions(+), 0 deletions(-) > rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} (100%) > >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1_regen.sh b/python/samba/tests/krb5/pyasn1_regen.sh >similarity index 100% >rename from python/samba/tests/krb5/rfc4120_pyasn1_regen.sh >rename to python/samba/tests/krb5/pyasn1_regen.sh >-- >2.25.1 > > >From ae3860025d0d7e64c4f950023d2a38a7f161d24a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 11:10:11 +0200 >Subject: [PATCH 026/149] tests/krb5/rfc4120.asn1: Improve definitions to allow > expanded testing > >Update and re-generate the ASN.1 to allow an improved testsuite. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d4492a8aaaf70cbe81af7e6703b4ea9fc1f24162) >--- > python/samba/tests/krb5/rfc4120.asn1 | 70 ++++++++++- > python/samba/tests/krb5/rfc4120_pyasn1.py | 134 +++++++++++++++++++++- > 2 files changed, 199 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 654f9788ca7..d81d06ad6f7 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -386,14 +386,14 @@ PA-ENC-TS-ENC ::= SEQUENCE { > } > > ETYPE-INFO-ENTRY ::= SEQUENCE { >- etype [0] Int32, >+ etype [0] EncryptionType, --Int32 EncryptionType -- > salt [1] OCTET STRING OPTIONAL > } > > ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY > > ETYPE-INFO2-ENTRY ::= SEQUENCE { >- etype [0] Int32, >+ etype [0] EncryptionType, --Int32 EncryptionType -- > salt [1] KerberosString OPTIONAL, > s2kparams [2] OCTET STRING OPTIONAL > } >@@ -425,9 +425,48 @@ PA-S4U2Self ::= SEQUENCE { > auth [3] KerberosString > } > >+-- >+-- >+-- MS-KILE Start >+ >+KERB-ERROR-DATA ::= SEQUENCE { >+ data-type [1] KerbErrorDataType, >+ data-value [2] OCTET STRING OPTIONAL >+} >+ >+KerbErrorDataType ::= INTEGER >+ >+KERB-PA-PAC-REQUEST ::= SEQUENCE { >+ include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC. >+ --If FALSE, and PAC present, remove PAC >+} >+ >+KERB-LOCAL ::= OCTET STRING -- Implementation-specific data which MUST be >+ -- ignored if Kerberos client is not local. >+ >+KERB-AD-RESTRICTION-ENTRY ::= SEQUENCE { >+ restriction-type [0] Int32, >+ restriction [1] OCTET STRING -- LSAP_TOKEN_INFO_INTEGRITY structure >+} >+ >+PA-SUPPORTED-ENCTYPES ::= Int32 -- Supported Encryption Types Bit Field -- > >+PACOptionFlags ::= KerberosFlags -- Claims (0) >+ -- Branch Aware (1) >+ -- Forward to Full DC (2) >+ -- Resource Based Constrained Delegation (3) >+PA-PAC-OPTIONS ::= SEQUENCE { >+ options [0] PACOptionFlags >+} >+-- Note: KerberosFlags ::= BIT STRING (SIZE (32..MAX)) >+-- minimum number of bits shall be sent, but no fewer than 32 > >+KERB-KEY-LIST-REQ ::= SEQUENCE OF EncryptionType -- Int32 encryption type -- >+KERB-KEY-LIST-REP ::= SEQUENCE OF EncryptionKey > >+-- MS-KILE End >+-- >+-- > > -- > -- >@@ -504,6 +543,15 @@ KDCOptionsSequence ::= SEQUENCE { > dummy [0] KDCOptionsValues > } > >+APOptionsValues ::= BIT STRING { -- KerberosFlags >+ reserved(0), >+ use-session-key(1), >+ mutual-required(2) >+} >+APOptionsSequence ::= SEQUENCE { >+ dummy [0] APOptionsValues >+} >+ > MessageTypeValues ::= INTEGER { > krb-as-req(10), -- Request for initial authentication > krb-as-rep(11), -- Response to KRB_AS_REQ request >@@ -669,4 +717,22 @@ EncryptionTypeSequence ::= SEQUENCE { > dummy [0] EncryptionTypeValues > } > >+KerbErrorDataTypeValues ::= INTEGER { >+ kERB-AP-ERR-TYPE-SKEW-RECOVERY(2), >+ kERB-ERR-TYPE-EXTENDED(3) >+} >+KerbErrorDataTypeSequence ::= SEQUENCE { >+ dummy [0] KerbErrorDataTypeValues >+} >+ >+PACOptionFlagsValues ::= BIT STRING { -- KerberosFlags >+ claims(0), >+ branch-aware(1), >+ forward-to-full-dc(2), >+ resource-based-constrained-delegation(3) >+} >+PACOptionFlagsSequence ::= SEQUENCE { >+ dummy [0] PACOptionFlagsValues >+} >+ > END >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index 1d89f94adf1..56fe02a68f0 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-11-06 11:30:42.476808) >+# (last modified on 2021-06-16 08:54:13.969508) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -175,6 +175,26 @@ AP_REQ.componentType = namedtype.NamedTypes( > ) > > >+class APOptionsValues(univ.BitString): >+ pass >+ >+ >+APOptionsValues.namedValues = namedval.NamedValues( >+ ('reserved', 0), >+ ('use-session-key', 1), >+ ('mutual-required', 2) >+) >+ >+ >+class APOptionsSequence(univ.Sequence): >+ pass >+ >+ >+APOptionsSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', APOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class PADataType(Int32): > pass > >@@ -384,7 +404,7 @@ class ETYPE_INFO_ENTRY(univ.Sequence): > > > ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes( >- namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), > namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) > ) > >@@ -401,7 +421,7 @@ class ETYPE_INFO2_ENTRY(univ.Sequence): > > > ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes( >- namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), > namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), > namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) > ) >@@ -636,6 +656,57 @@ KDCOptionsSequence.componentType = namedtype.NamedTypes( > ) > > >+class KERB_AD_RESTRICTION_ENTRY(univ.Sequence): >+ pass >+ >+ >+KERB_AD_RESTRICTION_ENTRY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('restriction-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('restriction', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class KerbErrorDataType(univ.Integer): >+ pass >+ >+ >+class KERB_ERROR_DATA(univ.Sequence): >+ pass >+ >+ >+KERB_ERROR_DATA.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('data-type', KerbErrorDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) >+) >+ >+ >+class KERB_KEY_LIST_REP(univ.SequenceOf): >+ pass >+ >+ >+KERB_KEY_LIST_REP.componentType = EncryptionKey() >+ >+ >+class KERB_KEY_LIST_REQ(univ.SequenceOf): >+ pass >+ >+ >+KERB_KEY_LIST_REQ.componentType = EncryptionType() >+ >+ >+class KERB_LOCAL(univ.OctetString): >+ pass >+ >+ >+class KERB_PA_PAC_REQUEST(univ.Sequence): >+ pass >+ >+ >+KERB_PA_PAC_REQUEST.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class KRB_CRED(univ.Sequence): > pass > >@@ -710,6 +781,25 @@ KRB_SAFE.componentType = namedtype.NamedTypes( > ) > > >+class KerbErrorDataTypeValues(univ.Integer): >+ pass >+ >+ >+KerbErrorDataTypeValues.namedValues = namedval.NamedValues( >+ ('kERB-AP-ERR-TYPE-SKEW-RECOVERY', 2), >+ ('kERB-ERR-TYPE-EXTENDED', 3) >+) >+ >+ >+class KerbErrorDataTypeSequence(univ.Sequence): >+ pass >+ >+ >+KerbErrorDataTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', KerbErrorDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class MessageTypeValues(univ.Integer): > pass > >@@ -781,6 +871,19 @@ PA_ENC_TS_ENC.componentType = namedtype.NamedTypes( > ) > > >+class PACOptionFlags(KerberosFlags): >+ pass >+ >+ >+class PA_PAC_OPTIONS(univ.Sequence): >+ pass >+ >+ >+PA_PAC_OPTIONS.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('options', PACOptionFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class PA_S4U2Self(univ.Sequence): > pass > >@@ -793,6 +896,31 @@ PA_S4U2Self.componentType = namedtype.NamedTypes( > ) > > >+class PA_SUPPORTED_ENCTYPES(Int32): >+ pass >+ >+ >+class PACOptionFlagsValues(univ.BitString): >+ pass >+ >+ >+PACOptionFlagsValues.namedValues = namedval.NamedValues( >+ ('claims', 0), >+ ('branch-aware', 1), >+ ('forward-to-full-dc', 2), >+ ('resource-based-constrained-delegation', 3) >+) >+ >+ >+class PACOptionFlagsSequence(univ.Sequence): >+ pass >+ >+ >+PACOptionFlagsSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', PACOptionFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class PADataTypeValues(univ.Integer): > pass > >-- >2.25.1 > > >From a6d7ab62410858c6af048a330b5d1dd61f2a10de Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 10:55:28 +0200 >Subject: [PATCH 027/149] tests/krb5/raw_testcase.py: Add > get_{client,server,krbtgt}_creds() > >These helpful functions allow us to build the various credentials >that we will use in validating the KDC responses in this test. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit c3222870b92db7f867557c2896b7bf39915d469a) >--- > python/samba/tests/krb5/raw_testcase.py | 199 +++++++++++++++++++++--- > python/samba/tests/krb5/simple_tests.py | 6 +- > 2 files changed, 183 insertions(+), 22 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 27ab89ecf99..b28939f0388 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -22,10 +22,12 @@ import struct > import time > import datetime > import random >+import binascii > > import samba.tests > from samba.credentials import Credentials > from samba.tests import TestCaseInTempDir >+from samba.dcerpc import security > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > import samba.tests.krb5.kcrypto as kcrypto > >@@ -177,6 +179,81 @@ class Krb5EncryptionKey(object): > } > return EncryptionKey_obj > >+class KerberosCredentials(Credentials): >+ def __init__(self): >+ super(KerberosCredentials, self).__init__() >+ all_enc_types = 0 >+ all_enc_types |= security.KERB_ENCTYPE_RC4_HMAC_MD5 >+ all_enc_types |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 >+ all_enc_types |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 >+ >+ self.as_supported_enctypes = all_enc_types >+ self.tgs_supported_enctypes = all_enc_types >+ self.ap_supported_enctypes = all_enc_types >+ >+ self.kvno = None >+ self.forced_keys = {} >+ >+ self.forced_salt = None >+ return >+ >+ def set_as_supported_enctypes(self, value): >+ self.as_supported_enctypes = int(value) >+ return >+ >+ def set_tgs_supported_enctypes(self, value): >+ self.tgs_supported_enctypes = int(value) >+ return >+ >+ def set_ap_supported_enctypes(self, value): >+ self.ap_supported_enctypes = int(value) >+ return >+ >+ def _get_krb5_etypes(self, supported_enctypes): >+ etypes = () >+ >+ if supported_enctypes & security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96: >+ etypes += (kcrypto.Enctype.AES256,) >+ if supported_enctypes & security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96: >+ etypes += (kcrypto.Enctype.AES128,) >+ if supported_enctypes & security.KERB_ENCTYPE_RC4_HMAC_MD5: >+ etypes += (kcrypto.Enctype.RC4,) >+ >+ return etypes >+ >+ def get_as_krb5_etypes(self): >+ return self._get_krb5_etypes(self.as_supported_enctypes) >+ >+ def get_tgs_krb5_etypes(self): >+ return self._get_krb5_etypes(self.tgs_supported_enctypes) >+ >+ def get_ap_krb5_etypes(self): >+ return self._get_krb5_etypes(self.ap_supported_enctypes) >+ >+ def set_kvno(self, kvno): >+ self.kvno = kvno >+ >+ def get_kvno(self): >+ return self.kvno >+ >+ def set_forced_key(self, etype, hexkey): >+ etype = int(etype) >+ contents = binascii.a2b_hex(hexkey) >+ key = kcrypto.Key(etype, contents) >+ self.forced_keys[etype] = Krb5EncryptionKey(key, self.kvno) >+ >+ def get_forced_key(self, etype): >+ etype = int(etype) >+ if etype in self.forced_keys: >+ return self.forced_keys[etype] >+ return None >+ >+ def set_forced_salt(self, salt): >+ self.forced_salt = bytes(salt) >+ return >+ >+ def get_forced_salt(self): >+ return self.forced_salt > > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" >@@ -229,33 +306,113 @@ class RawKerberosTest(TestCaseInTempDir): > sys.stderr.write("connected[%s]\n" % self.host) > return > >- def get_user_creds(self): >- c = Credentials() >+ def _get_krb5_creds(self, prefix, >+ default_username=None, >+ allow_missing_password=False, >+ require_strongest_key=False): >+ c = KerberosCredentials() > c.guess() >- domain = samba.tests.env_get_var_value('DOMAIN') >- realm = samba.tests.env_get_var_value('REALM') >- username = samba.tests.env_get_var_value('USERNAME') >- password = samba.tests.env_get_var_value('PASSWORD') >- c.set_domain(domain) >- c.set_realm(realm) >- c.set_username(username) >- c.set_password(password) >- return c > >- def get_service_creds(self, allow_missing_password=False): >- c = Credentials() >- c.guess() >- domain = samba.tests.env_get_var_value('DOMAIN') >- realm = samba.tests.env_get_var_value('REALM') >- username = samba.tests.env_get_var_value('SERVICE_USERNAME') >- password = samba.tests.env_get_var_value( >- 'SERVICE_PASSWORD', >- allow_missing=allow_missing_password) >+ def env_get_var(varname, prefix, fallback_default=True, allow_missing=False): >+ val = None >+ if prefix is not None: >+ allow_missing_prefix = allow_missing >+ if fallback_default: >+ allow_missing_prefix = True >+ val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >+ allow_missing=allow_missing_prefix) >+ else: >+ fallback_default = True >+ if val is None and fallback_default: >+ val = samba.tests.env_get_var_value(varname, >+ allow_missing=allow_missing) >+ return val >+ >+ domain = env_get_var('DOMAIN', prefix) >+ realm = env_get_var('REALM', prefix) >+ allow_missing_username = False >+ if default_username is not None: >+ allow_missing_username = True >+ username = env_get_var('USERNAME', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_username) >+ if username is None: >+ username = default_username >+ password = env_get_var('PASSWORD', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_password) > c.set_domain(domain) > c.set_realm(realm) > c.set_username(username) > if password is not None: > c.set_password(password) >+ as_supported_enctypes = env_get_var('AS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) >+ if as_supported_enctypes is not None: >+ c.set_as_supported_enctypes(as_supported_enctypes) >+ tgs_supported_enctypes = env_get_var('TGS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) >+ if tgs_supported_enctypes is not None: >+ c.set_tgs_supported_enctypes(tgs_supported_enctypes) >+ ap_supported_enctypes = env_get_var('AP_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) >+ if ap_supported_enctypes is not None: >+ c.set_ap_supported_enctypes(ap_supported_enctypes) >+ >+ if require_strongest_key: >+ kvno_allow_missing = False >+ if password is None: >+ aes256_allow_missing = False >+ else: >+ aes256_allow_missing = True >+ else: >+ kvno_allow_missing = True >+ aes256_allow_missing = True >+ kvno = env_get_var('KVNO', prefix, >+ fallback_default=False, >+ allow_missing=kvno_allow_missing) >+ if kvno is not None: >+ c.set_kvno(kvno) >+ aes256_key = env_get_var('AES256_KEY_HEX', prefix, >+ fallback_default=False, >+ allow_missing=aes256_allow_missing) >+ if aes256_key is not None: >+ c.set_forced_key(kcrypto.Enctype.AES256, aes256_key) >+ aes128_key = env_get_var('AES128_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) >+ if aes128_key is not None: >+ c.set_forced_key(kcrypto.Enctype.AES128, aes128_key) >+ rc4_key = env_get_var('RC4_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) >+ if rc4_key is not None: >+ c.set_forced_key(kcrypto.Enctype.RC4, rc4_key) >+ return c >+ >+ def get_user_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix=None, >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_service_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='SERVICE', >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_client_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='CLIENT', >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_server_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='SERVER', >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_krbtgt_creds(self, require_strongest_key=False): >+ c = self._get_krb5_creds(prefix='KRBTGT', >+ default_username='krbtgt', >+ allow_missing_password=True, >+ require_strongest_key=require_strongest_key) > return c > > def get_anon_creds(self): >@@ -473,6 +630,8 @@ class RawKerberosTest(TestCaseInTempDir): > return Krb5EncryptionKey(key, kvno) > > def PasswordKey_create(self, etype=None, pwd=None, salt=None, kvno=None): >+ self.assertIsNotNone(pwd) >+ self.assertIsNotNone(salt) > key = kcrypto.string_to_key(etype, pwd, salt) > return Krb5EncryptionKey(key, kvno) > >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 889b91a9bf0..2da76a3cf5e 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -44,10 +44,12 @@ class SimpleKerberosTests(RawKerberosTest): > def test_simple(self): > user_creds = self.get_user_creds() > user = user_creds.get_username() >- realm = user_creds.get_realm() >+ krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_account = krbtgt_creds.get_username() >+ realm = krbtgt_creds.get_realm() > > cname = self.PrincipalName_create(name_type=1, names=[user]) >- sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ sname = self.PrincipalName_create(name_type=2, names=[krbtgt_account, realm]) > > till = self.get_KerberosTime(offset=36000) > >-- >2.25.1 > > >From e6ddf9ab0789f79408e6983e7db014fe706a70bd Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 22:28:32 +0200 >Subject: [PATCH 028/149] tests/krb5/raw_testcase.py: introduce > STRICT_CHECKING=0 in order to relax the checks in future > >We should write tests as strict as possible in order to let them run >against Windows servers. > >But at the same time we want to allow tests to be useful for Samba >too... > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit dff611976d6a067614e37add99edae214815a68b) >--- > python/samba/tests/krb5/raw_testcase.py | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index b28939f0388..333aab70c8e 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -263,6 +263,11 @@ class RawKerberosTest(TestCaseInTempDir): > self.do_asn1_print = False > self.do_hexdump = False > >+ strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', allow_missing=True) >+ if strict_checking is None: >+ strict_checking = '1' >+ self.strict_checking = bool(int(strict_checking)) >+ > self.host = samba.tests.env_get_var_value('SERVER') > > self.s = None >-- >2.25.1 > > >From cc0517815d628273f125a3c8911f4f91a80ac585 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 13:49:52 +0200 >Subject: [PATCH 029/149] tests/krb5/raw_testcase.py: add assertElement*() > >These helper functions make writing subsequent Kerberos test >clearer. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 61e1b179812e48797146584998afc5bd0168beae) >--- > python/samba/tests/krb5/raw_testcase.py | 54 +++++++++++++++++++++++++ > 1 file changed, 54 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 333aab70c8e..eb294a75a95 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -605,6 +605,36 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(value) > return > >+ def getElementValue(self, obj, elem): >+ v = None >+ try: >+ v = obj[elem] >+ except KeyError: >+ pass >+ return v >+ >+ def assertElementMissing(self, obj, elem): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNone(v) >+ return >+ >+ def assertElementPresent(self, obj, elem): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ return >+ >+ def assertElementEqual(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ self.assertEqual(v, value) >+ return >+ >+ def assertElementEqualUTF8(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ self.assertEqual(v, bytes(value, 'utf8')) >+ return >+ > def assertPrincipalEqual(self, princ1, princ2): > self.assertEqual(princ1['name-type'], princ2['name-type']) > self.assertEqual( >@@ -618,6 +648,30 @@ class RawKerberosTest(TestCaseInTempDir): > msg="princ1=%s != princ2=%s" % (princ1, princ2)) > return > >+ def assertElementEqualPrincipal(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ v = pyasn1_native_decode(v, asn1Spec=krb5_asn1.PrincipalName()) >+ self.assertPrincipalEqual(v, value) >+ return >+ >+ def assertElementKVNO(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ if value == "autodetect": >+ value = v >+ if value is not None: >+ self.assertIsNotNone(v) >+ # The value on the wire should never be 0 >+ self.assertNotEqual(v, 0) >+ # value == 0 means we don't know the kvno >+ # but enforce at any value != 0 is present >+ value = int(value) >+ if value != 0: >+ self.assertEqual(v, value) >+ else: >+ self.assertIsNone(v) >+ return >+ > def get_KerberosTimeWithUsec(self, epoch=None, offset=None): > if epoch is None: > epoch = time.time() >-- >2.25.1 > > >From 48a1244c4f361c4eecbaec124bb78f9de9c14cc8 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 17:50:00 +0200 >Subject: [PATCH 030/149] tests/krb5/raw_testcase.py: Allow prettyPrint of more > RFC-defined values > >By setting krb5_asn1.APOptions.prettyPrint = BitString_NamedValues_prettyPrint >we allow the BitString_NamedValues_prettyPrint() routine to show more named values. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 34e079ce9a232a765fb3a2b25441434df35df54c) >--- > python/samba/tests/krb5/raw_testcase.py | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index eb294a75a95..29745fa4089 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -111,6 +111,12 @@ krb5_asn1.KDCOptions.namedValues =\ > krb5_asn1.KDCOptionsValues.namedValues > krb5_asn1.KDCOptions.prettyPrint =\ > BitString_NamedValues_prettyPrint >+krb5_asn1.APOptions.prettyPrintNamedValues =\ >+ krb5_asn1.APOptionsValues.namedValues >+krb5_asn1.APOptions.namedValues =\ >+ krb5_asn1.APOptionsValues.namedValues >+krb5_asn1.APOptions.prettyPrint =\ >+ BitString_NamedValues_prettyPrint > > > def Integer_NamedValues_prettyPrint(self, scope=0): >-- >2.25.1 > > >From ba2ea4247653330ed1170f65766670b05fe12370 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 17:57:37 +0200 >Subject: [PATCH 031/149] tests/krb5/raw_testcase.py: Allow prettyPrint of more > MS-KILE-defined values > >By setting krb5_asn1.APOptions.prettyPrint = BitString_NamedValues_prettyPrint >we allow the BitString_NamedValues_prettyPrint() routine to show more named values. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3abb3b41368666535a216a98c3e7d15a5d498f7e) >--- > python/samba/tests/krb5/raw_testcase.py | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 29745fa4089..1ef15db9f8c 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -117,6 +117,12 @@ krb5_asn1.APOptions.namedValues =\ > krb5_asn1.APOptionsValues.namedValues > krb5_asn1.APOptions.prettyPrint =\ > BitString_NamedValues_prettyPrint >+krb5_asn1.PACOptionFlags.prettyPrintNamedValues =\ >+ krb5_asn1.PACOptionFlagsValues.namedValues >+krb5_asn1.PACOptionFlags.namedValues =\ >+ krb5_asn1.PACOptionFlagsValues.namedValues >+krb5_asn1.PACOptionFlags.prettyPrint =\ >+ BitString_NamedValues_prettyPrint > > > def Integer_NamedValues_prettyPrint(self, scope=0): >@@ -149,6 +155,10 @@ krb5_asn1.ChecksumType.prettyPrintNamedValues =\ > krb5_asn1.ChecksumTypeValues.namedValues > krb5_asn1.ChecksumType.prettyPrint =\ > Integer_NamedValues_prettyPrint >+krb5_asn1.KerbErrorDataType.prettyPrintNamedValues =\ >+ krb5_asn1.KerbErrorDataTypeValues.namedValues >+krb5_asn1.KerbErrorDataType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint > > > class Krb5EncryptionKey(object): >-- >2.25.1 > > >From 830709ebb227dc372ed2ff678956a6fcb939ad19 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 14:45:01 +0200 >Subject: [PATCH 032/149] tests/krb5/raw_testcase.py: split > KDC_REQ_BODY_create() from KDC_REQ_create() > >This allows us to reuse body in future and calculate checksums on it. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b03fcfeb6c005936818ce50d511e9f9cc75aa9fb) >--- > python/samba/tests/krb5/raw_testcase.py | 81 +++++++------------------ > 1 file changed, 23 insertions(+), 58 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 1ef15db9f8c..71a4753717f 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -872,19 +872,7 @@ class RawKerberosTest(TestCaseInTempDir): > def KDC_REQ_create(self, > msg_type, > padata, >- kdc_options, >- cname, >- realm, >- sname, >- from_time, >- till_time, >- renew_time, >- nonce, >- etypes, >- addresses, >- EncAuthorizationData, >- EncAuthorizationData_key, >- additional_tickets, >+ req_body, > asn1Spec=None, > asn1_print=None, > hexdump=None): >@@ -897,25 +885,10 @@ class RawKerberosTest(TestCaseInTempDir): > # req-body [4] KDC-REQ-BODY > # } > # >- KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create(kdc_options, >- cname, >- realm, >- sname, >- from_time, >- till_time, >- renew_time, >- nonce, >- etypes, >- addresses, >- EncAuthorizationData, >- EncAuthorizationData_key, >- additional_tickets, >- asn1_print=asn1_print, >- hexdump=hexdump) > KDC_REQ_obj = { > 'pvno': 5, > 'msg-type': msg_type, >- 'req-body': KDC_REQ_BODY_obj, >+ 'req-body': req_body, > } > if padata is not None: > KDC_REQ_obj['padata'] = padata >@@ -974,22 +947,26 @@ class RawKerberosTest(TestCaseInTempDir): > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty > # } >+ KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create( >+ kdc_options, >+ cname, >+ realm, >+ sname, >+ from_time, >+ till_time, >+ renew_time, >+ nonce, >+ etypes, >+ addresses, >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ asn1_print=asn1_print, >+ hexdump=hexdump) > obj, decoded = self.KDC_REQ_create( > msg_type=10, > padata=padata, >- kdc_options=kdc_options, >- cname=cname, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >+ req_body=KDC_REQ_BODY_obj, > asn1Spec=krb5_asn1.AS_REQ(), > asn1_print=asn1_print, > hexdump=hexdump) >@@ -1115,11 +1092,11 @@ class RawKerberosTest(TestCaseInTempDir): > EncAuthorizationData=EncAuthorizationData, > EncAuthorizationData_key=EncAuthorizationData_key, > additional_tickets=additional_tickets) >- req_body = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), >- asn1_print=asn1_print, hexdump=hexdump) >+ req_body_blob = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), >+ asn1_print=asn1_print, hexdump=hexdump) > > req_body_checksum = self.Checksum_create( >- ticket_session_key, 6, req_body, ctype=body_checksum_type) >+ ticket_session_key, 6, req_body_blob, ctype=body_checksum_type) > > subkey_obj = None > if authenticator_subkey is not None: >@@ -1158,19 +1135,7 @@ class RawKerberosTest(TestCaseInTempDir): > obj, decoded = self.KDC_REQ_create( > msg_type=12, > padata=padata, >- kdc_options=kdc_options, >- cname=None, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >+ req_body=req_body, > asn1Spec=krb5_asn1.TGS_REQ(), > asn1_print=asn1_print, > hexdump=hexdump) >-- >2.25.1 > > >From be991c0526e3c449c7fb6a901da4ec2049c660fd Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 16 Apr 2020 10:43:54 +0200 >Subject: [PATCH 033/149] tests/krb5/raw_testcase.py: add > KERB_PA_PAC_REQUEST_create() > >This allows building the pre-authentication data that encodes >the request for the KDC (or more likely a request not to include) >the KRB5 PAC in the resulting ticket. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ee2ac2b8ccafe3e6d560d893a4135a28e393914d) >--- > python/samba/tests/krb5/raw_testcase.py | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 71a4753717f..f341911ef53 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -799,6 +799,21 @@ class RawKerberosTest(TestCaseInTempDir): > } > return PA_ENC_TS_ENC_obj > >+ def KERB_PA_PAC_REQUEST_create(self, include_pac, pa_data_create=True): >+ #KERB-PA-PAC-REQUEST ::= SEQUENCE { >+ # include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC. >+ # --If FALSE, and PAC present, remove PAC >+ #} >+ KERB_PA_PAC_REQUEST_obj = { >+ 'include-pac': include_pac, >+ } >+ if not pa_data_create: >+ return KERB_PA_PAC_REQUEST_obj >+ pa_pac = self.der_encode(KERB_PA_PAC_REQUEST_obj, >+ asn1Spec=krb5_asn1.KERB_PA_PAC_REQUEST()) >+ pa_data = self.PA_DATA_create(128, pa_pac) # PA-PAC-REQUEST >+ return pa_data >+ > def KDC_REQ_BODY_create(self, > kdc_options, > cname, >-- >2.25.1 > > >From 709189c55266146bb497ab9cdc403951a2bf419c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 20 Apr 2020 20:02:52 +0200 >Subject: [PATCH 034/149] tests/krb5/raw_testcase.py: add methods to iterate > over etype permutations > >It's often useful to run tests over a lot of input parameter >permutations. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit e3905035847a5268c1a65366830cc739280ae437) >--- > python/samba/tests/krb5/raw_testcase.py | 58 +++++++++++++++++++++++++ > 1 file changed, 58 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index f341911ef53..a002a442d03 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -23,6 +23,7 @@ import time > import datetime > import random > import binascii >+import itertools > > import samba.tests > from samba.credentials import Credentials >@@ -274,6 +275,63 @@ class KerberosCredentials(Credentials): > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > >+ etypes_to_test = ( >+ { "value": -1111, "name": "dummy", }, >+ { "value": kcrypto.Enctype.AES256, "name": "aes128", }, >+ { "value": kcrypto.Enctype.AES128, "name": "aes256", }, >+ { "value": kcrypto.Enctype.RC4, "name": "rc4", }, >+ ) >+ >+ setup_etype_test_permutations_done = False >+ >+ @classmethod >+ def setup_etype_test_permutations(cls): >+ if cls.setup_etype_test_permutations_done: >+ return >+ >+ res = [] >+ >+ num_idxs = len(cls.etypes_to_test) >+ permutations = [] >+ for num in range(1, num_idxs+1): >+ chunk = list(itertools.permutations(range(num_idxs), num)) >+ for e in chunk: >+ el = list(e) >+ permutations.append(el) >+ >+ for p in permutations: >+ name = None >+ etypes = () >+ for idx in p: >+ n = cls.etypes_to_test[idx]["name"] >+ if name is None: >+ name = n >+ else: >+ name += "_%s" % n >+ etypes += (cls.etypes_to_test[idx]["value"],) >+ >+ r = { "name": name, "etypes": etypes, } >+ res.append(r) >+ >+ cls.etype_test_permutations = res >+ cls.setup_etype_test_permutations_done = True >+ return >+ >+ @classmethod >+ def etype_test_permutation_name_idx(cls): >+ cls.setup_etype_test_permutations() >+ res = [] >+ idx = 0 >+ for e in cls.etype_test_permutations: >+ r = (e['name'], idx) >+ idx += 1 >+ res.append(r) >+ return res >+ >+ def etype_test_permutation_by_idx(self, idx): >+ e = self.etype_test_permutations[idx] >+ return (e['name'], e['etypes']) >+ > def setUp(self): > super().setUp() > self.do_asn1_print = False >-- >2.25.1 > > >From f747970866dac6c843a51cb72ec0be77bca1eadb Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 16 Apr 2020 17:13:35 +0200 >Subject: [PATCH 035/149] tests/krb5/raw_testcase.py: Add > TicketDecryptionKey_from_creds() > >This will allow building test_as_req_enc_timestamp() > >It also introduces ways to specify keys in hex formated environment >variables ${PREFIX}_{AES256,AES128,RC4}_KEY_HEX. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 69ce2a6408f78d41eb865b89726021ad7643b065) >--- > python/samba/tests/krb5/raw_testcase.py | 29 +++++++++++++++++++++++++ > 1 file changed, 29 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index a002a442d03..7d0dc9c9609 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -784,6 +784,35 @@ class RawKerberosTest(TestCaseInTempDir): > return self.PasswordKey_create( > etype=e, pwd=password, salt=salt, kvno=kvno) > >+ def TicketDecryptionKey_from_creds(self, creds, etype=None): >+ >+ if etype is None: >+ etypes = creds.get_tgs_krb5_etypes() >+ etype = etypes[0] >+ >+ forced_key = creds.get_forced_key(etype) >+ if forced_key is not None: >+ return forced_key >+ >+ kvno = creds.get_kvno() >+ >+ fail_msg = ("%s has no fixed key for etype[%s] kvno[%s] " >+ "nor a password specified, " % ( >+ creds.get_username(), etype, kvno)) >+ >+ if etype == kcrypto.Enctype.RC4: >+ nthash = creds.get_nt_hash() >+ self.assertIsNotNone(nthash, msg=fail_msg) >+ return self.SessionKey_create(etype=etype, contents=nthash, kvno=kvno) >+ >+ password = creds.get_password() >+ self.assertIsNotNone(password, msg=fail_msg) >+ salt = creds.get_forced_salt() >+ if salt is None: >+ salt = bytes("%s%s" % (creds.get_realm(), creds.get_username()), >+ encoding='utf-8') >+ return self.PasswordKey_create(etype=etype, pwd=password, salt=salt, kvno=kvno) >+ > def RandomKey(self, etype): > e = kcrypto._get_enctype_profile(etype) > contents = samba.generate_random_bytes(e.keysize) >-- >2.25.1 > > >From 4140bf948075e563f0b16029441fd83efcee85c9 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 036/149] tests/krb5/raw_testcase.py: introduce a > _generic_kdc_exchange() infrastructure > >This will allow us to write tests, which will all cross check almost >every aspect of the KDC response (including encrypted parts). > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6e2f2adc8e825634780077e24a9e437bdc68155a) >--- > python/samba/tests/krb5/raw_testcase.py | 634 +++++++++++++++++++ > python/samba/tests/krb5/rfc4120_constants.py | 11 + > 2 files changed, 645 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7d0dc9c9609..8c8926b0ad2 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -30,6 +30,27 @@ from samba.credentials import Credentials > from samba.tests import TestCaseInTempDir > from samba.dcerpc import security > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import ( >+ KDC_ERR_ETYPE_NOSUPP, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KRB_AS_REQ, >+ KRB_ERROR, >+ KRB_TGS_REP, >+ KRB_TGS_REQ, >+ KU_AS_REP_ENC_PART, >+ KU_TGS_REP_ENC_PART_SESSION, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+ KU_TGS_REQ_AUTH, >+ KU_TGS_REQ_AUTH_CKSUM, >+ KU_TICKET, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO, >+ PADATA_ETYPE_INFO2, >+ PADATA_KDC_REQ, >+ PADATA_PK_AS_REQ, >+ PADATA_PK_AS_REP_19 >+) > import samba.tests.krb5.kcrypto as kcrypto > > from pyasn1.codec.der.decoder import decode as pyasn1_der_decode >@@ -272,6 +293,24 @@ class KerberosCredentials(Credentials): > def get_forced_salt(self): > return self.forced_salt > >+class KerberosTicketCreds(object): >+ def __init__(self, ticket, session_key, >+ crealm=None, cname=None, >+ srealm=None, sname=None, >+ decryption_key=None, >+ ticket_private=None, >+ encpart_private=None): >+ self.ticket = ticket >+ self.session_key = session_key >+ self.crealm = crealm >+ self.cname = cname >+ self.srealm = srealm >+ self.sname = sname >+ self.decryption_key = decryption_key >+ self.ticket_private = ticket_private >+ self.encpart_private = encpart_private >+ return >+ > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > >@@ -758,6 +797,12 @@ class RawKerberosTest(TestCaseInTempDir): > (s, _) = self.get_KerberosTimeWithUsec(epoch=epoch, offset=offset) > return s > >+ def get_Nonce(self): >+ nonce_min=0x7f000000 >+ nonce_max=0x7fffffff >+ v = random.randint(nonce_min, nonce_max) >+ return v >+ > def SessionKey_create(self, etype, contents, kvno=None): > key = kcrypto.Key(etype, contents) > return Krb5EncryptionKey(key, kvno) >@@ -1268,3 +1313,592 @@ class RawKerberosTest(TestCaseInTempDir): > pa_s4u2self = self.der_encode( > PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) > return self.PA_DATA_create(129, pa_s4u2self) >+ >+ def _generic_kdc_exchange(self, >+ kdc_exchange_dict, # required >+ kdc_options=None, # required >+ cname=None, # optional >+ realm=None, # required >+ sname=None, # optional >+ from_time=None, # optional >+ till_time=None, # required >+ renew_time=None, # optional >+ nonce=None, # required >+ etypes=None, # required >+ addresses=None, # optional >+ EncAuthorizationData=None, # optional >+ EncAuthorizationData_key=None, # optional >+ additional_tickets=None): # optional >+ >+ check_error_fn = kdc_exchange_dict['check_error_fn'] >+ check_rep_fn = kdc_exchange_dict['check_rep_fn'] >+ generate_padata_fn = kdc_exchange_dict['generate_padata_fn'] >+ callback_dict = kdc_exchange_dict['callback_dict'] >+ req_msg_type = kdc_exchange_dict['req_msg_type'] >+ req_asn1Spec = kdc_exchange_dict['req_asn1Spec'] >+ rep_msg_type = kdc_exchange_dict['rep_msg_type'] >+ >+ if till_time is None: >+ till_time = self.get_KerberosTime(offset=36000) >+ if nonce is None: >+ nonce = self.get_Nonce() >+ >+ req_body = self.KDC_REQ_BODY_create(kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets) >+ if generate_padata_fn is not None: >+ # This can alter req_body... >+ padata, req_body = generate_padata_fn(kdc_exchange_dict, >+ callback_dict, >+ req_body) >+ else: >+ padata = None >+ >+ kdc_exchange_dict['req_padata'] = padata >+ kdc_exchange_dict['req_body'] = req_body >+ >+ req_obj,req_decoded = self.KDC_REQ_create(msg_type=req_msg_type, >+ padata=padata, >+ req_body=req_body, >+ asn1Spec=req_asn1Spec()) >+ >+ rep = self.send_recv_transaction(req_decoded) >+ self.assertIsNotNone(rep) >+ >+ msg_type = self.getElementValue(rep, 'msg-type') >+ self.assertIsNotNone(msg_type) >+ >+ allowed_msg_types = () >+ if check_error_fn is not None: >+ allowed_msg_types = (KRB_ERROR,) >+ if check_rep_fn is not None: >+ allowed_msg_types += (rep_msg_type,) >+ self.assertIn(msg_type, allowed_msg_types) >+ >+ if msg_type == KRB_ERROR: >+ return check_error_fn(kdc_exchange_dict, >+ callback_dict, >+ rep) >+ >+ return check_rep_fn(kdc_exchange_dict, callback_dict, rep) >+ >+ def as_exchange_dict(self, >+ expected_crealm=None, >+ expected_cname=None, >+ expected_srealm=None, >+ expected_sname=None, >+ ticket_decryption_key=None, >+ generate_padata_fn=None, >+ check_error_fn=None, >+ check_rep_fn=None, >+ check_padata_fn=None, >+ check_kdc_private_fn=None, >+ callback_dict=dict(), >+ expected_error_mode=None, >+ client_as_etypes=None, >+ expected_salt=None): >+ kdc_exchange_dict = { >+ 'req_msg_type': KRB_AS_REQ, >+ 'req_asn1Spec': krb5_asn1.AS_REQ, >+ 'rep_msg_type': KRB_AS_REP, >+ 'rep_asn1Spec': krb5_asn1.AS_REP, >+ 'rep_encpart_asn1Spec': krb5_asn1.EncASRepPart, >+ 'expected_crealm': expected_crealm, >+ 'expected_cname': expected_cname, >+ 'expected_srealm': expected_srealm, >+ 'expected_sname': expected_sname, >+ 'ticket_decryption_key': ticket_decryption_key, >+ 'generate_padata_fn': generate_padata_fn, >+ 'check_error_fn': check_error_fn, >+ 'check_rep_fn': check_rep_fn, >+ 'check_padata_fn': check_padata_fn, >+ 'check_kdc_private_fn': check_kdc_private_fn, >+ 'callback_dict': callback_dict, >+ 'expected_error_mode': expected_error_mode, >+ 'client_as_etypes': client_as_etypes, >+ 'expected_salt': expected_salt, >+ } >+ return kdc_exchange_dict >+ >+ def tgs_exchange_dict(self, >+ expected_crealm=None, >+ expected_cname=None, >+ expected_srealm=None, >+ expected_sname=None, >+ ticket_decryption_key=None, >+ generate_padata_fn=None, >+ check_error_fn=None, >+ check_rep_fn=None, >+ check_padata_fn=None, >+ check_kdc_private_fn=None, >+ callback_dict=dict(), >+ tgt=None, >+ authenticator_subkey=None, >+ body_checksum_type=None): >+ kdc_exchange_dict = { >+ 'req_msg_type': KRB_TGS_REQ, >+ 'req_asn1Spec': krb5_asn1.TGS_REQ, >+ 'rep_msg_type': KRB_TGS_REP, >+ 'rep_asn1Spec': krb5_asn1.TGS_REP, >+ 'rep_encpart_asn1Spec': krb5_asn1.EncTGSRepPart, >+ 'expected_crealm': expected_crealm, >+ 'expected_cname': expected_cname, >+ 'expected_srealm': expected_srealm, >+ 'expected_sname': expected_sname, >+ 'ticket_decryption_key': ticket_decryption_key, >+ 'generate_padata_fn': generate_padata_fn, >+ 'check_error_fn': check_error_fn, >+ 'check_rep_fn': check_rep_fn, >+ 'check_padata_fn': check_padata_fn, >+ 'check_kdc_private_fn': check_kdc_private_fn, >+ 'callback_dict': callback_dict, >+ 'tgt': tgt, >+ 'body_checksum_type': body_checksum_type, >+ 'authenticator_subkey': authenticator_subkey, >+ } >+ return kdc_exchange_dict >+ >+ def generic_check_kdc_rep(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep): >+ >+ expected_crealm = kdc_exchange_dict['expected_crealm'] >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ expected_srealm = kdc_exchange_dict['expected_srealm'] >+ expected_sname = kdc_exchange_dict['expected_sname'] >+ ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key'] >+ check_padata_fn = kdc_exchange_dict['check_padata_fn'] >+ check_kdc_private_fn = kdc_exchange_dict['check_kdc_private_fn'] >+ rep_encpart_asn1Spec = kdc_exchange_dict['rep_encpart_asn1Spec'] >+ msg_type = kdc_exchange_dict['rep_msg_type'] >+ >+ self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP >+ padata = self.getElementValue(rep, 'padata') >+ self.assertElementEqualUTF8(rep, 'crealm', expected_crealm) >+ self.assertElementEqualPrincipal(rep, 'cname', expected_cname) >+ self.assertElementPresent(rep, 'ticket') >+ ticket = self.getElementValue(rep, 'ticket') >+ ticket_encpart = None >+ ticket_cipher = None >+ if ticket is not None: # Never None, but gives indentation >+ self.assertElementPresent(ticket, 'tkt-vno') >+ self.assertElementEqualUTF8(ticket, 'realm', expected_srealm) >+ self.assertElementEqualPrincipal(ticket, 'sname', expected_sname) >+ self.assertElementPresent(ticket, 'enc-part') >+ ticket_encpart = self.getElementValue(ticket, 'enc-part') >+ if ticket_encpart is not None: # Never None, but gives indentation >+ self.assertElementPresent(ticket_encpart, 'etype') >+ # 0 means present, with any value != 0 >+ self.assertElementKVNO(ticket_encpart, 'kvno', 0) >+ self.assertElementPresent(ticket_encpart, 'cipher') >+ ticket_cipher = self.getElementValue(ticket_encpart, 'cipher') >+ self.assertElementPresent(rep, 'enc-part') >+ encpart = self.getElementValue(rep, 'enc-part') >+ encpart_cipher = None >+ if encpart is not None: # Never None, but gives indentation >+ self.assertElementPresent(encpart, 'etype') >+ self.assertElementKVNO(ticket_encpart, 'kvno', 'autodetect') >+ self.assertElementPresent(encpart, 'cipher') >+ encpart_cipher = self.getElementValue(encpart, 'cipher') >+ >+ encpart_decryption_key = None >+ if check_padata_fn is not None: >+ # See if get the decryption key from the preauth phase >+ encpart_decryption_key,encpart_decryption_usage = \ >+ check_padata_fn(kdc_exchange_dict, callback_dict, >+ rep, padata) >+ >+ ticket_private = None >+ if ticket_decryption_key is not None: >+ self.assertElementEqual(ticket_encpart, 'etype', ticket_decryption_key.etype) >+ self.assertElementKVNO(ticket_encpart, 'kvno', ticket_decryption_key.kvno) >+ ticket_decpart = ticket_decryption_key.decrypt(KU_TICKET, ticket_cipher) >+ ticket_private = self.der_decode(ticket_decpart, asn1Spec=krb5_asn1.EncTicketPart()) >+ >+ encpart_private = None >+ if encpart_decryption_key is not None: >+ self.assertElementEqual(encpart, 'etype', encpart_decryption_key.etype) >+ self.assertElementKVNO(encpart, 'kvno', encpart_decryption_key.kvno) >+ rep_decpart = encpart_decryption_key.decrypt(encpart_decryption_usage, encpart_cipher) >+ encpart_private = self.der_decode(rep_decpart, asn1Spec=rep_encpart_asn1Spec()) >+ >+ if check_kdc_private_fn is not None: >+ check_kdc_private_fn(kdc_exchange_dict, callback_dict, >+ rep, ticket_private, encpart_private) >+ >+ return rep >+ >+ def generic_check_kdc_private(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep, >+ ticket_private, >+ encpart_private): >+ >+ expected_crealm = kdc_exchange_dict['expected_crealm'] >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ expected_srealm = kdc_exchange_dict['expected_srealm'] >+ expected_sname = kdc_exchange_dict['expected_sname'] >+ ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key'] >+ >+ ticket = self.getElementValue(rep, 'ticket') >+ >+ ticket_session_key = None >+ if ticket_private is not None: >+ self.assertElementPresent(ticket_private, 'flags') >+ self.assertElementPresent(ticket_private, 'key') >+ ticket_key = self.getElementValue(ticket_private, 'key') >+ if ticket_key is not None: # Never None, but gives indentation >+ self.assertElementPresent(ticket_key, 'keytype') >+ self.assertElementPresent(ticket_key, 'keyvalue') >+ ticket_session_key = self.EncryptionKey_import(ticket_key) >+ self.assertElementEqualUTF8(ticket_private, 'crealm', expected_crealm) >+ self.assertElementEqualPrincipal(ticket_private, 'cname', expected_cname) >+ self.assertElementPresent(ticket_private, 'transited') >+ self.assertElementPresent(ticket_private, 'authtime') >+ if self.strict_checking: >+ self.assertElementPresent(ticket_private, 'starttime') >+ self.assertElementPresent(ticket_private, 'endtime') >+ # TODO self.assertElementPresent(ticket_private, 'renew-till') >+ # TODO self.assertElementMissing(ticket_private, 'caddr') >+ self.assertElementPresent(ticket_private, 'authorization-data') >+ >+ encpart_session_key = None >+ if encpart_private is not None: >+ self.assertElementPresent(encpart_private, 'key') >+ encpart_key = self.getElementValue(encpart_private, 'key') >+ if encpart_key is not None: # Never None, but gives indentation >+ self.assertElementPresent(encpart_key, 'keytype') >+ self.assertElementPresent(encpart_key, 'keyvalue') >+ encpart_session_key = self.EncryptionKey_import(encpart_key) >+ self.assertElementPresent(encpart_private, 'last-req') >+ self.assertElementPresent(encpart_private, 'nonce') >+ # TODO self.assertElementPresent(encpart_private, 'key-expiration') >+ self.assertElementPresent(encpart_private, 'flags') >+ self.assertElementPresent(encpart_private, 'authtime') >+ if self.strict_checking: >+ self.assertElementPresent(encpart_private, 'starttime') >+ self.assertElementPresent(encpart_private, 'endtime') >+ # TODO self.assertElementPresent(encpart_private, 'renew-till') >+ self.assertElementEqualUTF8(encpart_private, 'srealm', expected_srealm) >+ self.assertElementEqualPrincipal(encpart_private, 'sname', expected_sname) >+ # TODO self.assertElementMissing(encpart_private, 'caddr') >+ >+ if ticket_session_key is not None and encpart_session_key is not None: >+ self.assertEqual(ticket_session_key.etype, encpart_session_key.etype) >+ self.assertEqual(ticket_session_key.key.contents, encpart_session_key.key.contents) >+ if encpart_session_key is not None: >+ session_key = encpart_session_key >+ else: >+ session_key = ticket_session_key >+ ticket_creds = KerberosTicketCreds(ticket, >+ session_key, >+ crealm=expected_crealm, >+ cname=expected_cname, >+ srealm=expected_srealm, >+ sname=expected_sname, >+ decryption_key=ticket_decryption_key, >+ ticket_private=ticket_private, >+ encpart_private=encpart_private) >+ >+ kdc_exchange_dict['rep_ticket_creds'] = ticket_creds >+ return >+ >+ def generic_check_as_error(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep): >+ >+ expected_crealm = kdc_exchange_dict['expected_crealm'] >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ expected_srealm = kdc_exchange_dict['expected_srealm'] >+ expected_sname = kdc_exchange_dict['expected_sname'] >+ expected_salt = kdc_exchange_dict['expected_salt'] >+ client_as_etypes = kdc_exchange_dict['client_as_etypes'] >+ expected_error_mode = kdc_exchange_dict['expected_error_mode'] >+ req_body = kdc_exchange_dict['req_body'] >+ proposed_etypes = req_body['etype'] >+ >+ kdc_exchange_dict['preauth_etype_info2'] = None >+ >+ expect_etype_info2 = () >+ expect_etype_info = False >+ unexpect_etype_info = True >+ expected_aes_type = 0 >+ expected_rc4_type = 0 >+ if kcrypto.Enctype.RC4 in proposed_etypes: >+ expect_etype_info = True >+ for etype in proposed_etypes: >+ if etype in (kcrypto.Enctype.AES256,kcrypto.Enctype.AES128): >+ expect_etype_info = False >+ if etype not in client_as_etypes: >+ continue >+ if etype in (kcrypto.Enctype.AES256,kcrypto.Enctype.AES128): >+ if etype > expected_aes_type: >+ expected_aes_type = etype >+ if etype in (kcrypto.Enctype.RC4,): >+ unexpect_etype_info = False >+ if etype > expected_rc4_type: >+ expected_rc4_type = etype >+ >+ if expected_aes_type != 0: >+ expect_etype_info2 += (expected_aes_type,) >+ if expected_rc4_type != 0: >+ expect_etype_info2 += (expected_rc4_type,) >+ >+ expected_error = KDC_ERR_ETYPE_NOSUPP >+ expected_patypes = () >+ if expect_etype_info: >+ self.assertGreater(len(expect_etype_info2), 0) >+ expected_patypes += (PADATA_ETYPE_INFO,) >+ if len(expect_etype_info2) != 0: >+ expected_error = KDC_ERR_PREAUTH_REQUIRED >+ expected_patypes += (PADATA_ETYPE_INFO2,) >+ >+ expected_patypes += (PADATA_ENC_TIMESTAMP,) >+ expected_patypes += (PADATA_PK_AS_REQ,) >+ expected_patypes += (PADATA_PK_AS_REP_19,) >+ >+ self.assertElementEqual(rep, 'msg-type', KRB_ERROR) >+ self.assertElementEqual(rep, 'error-code', expected_error) >+ self.assertElementMissing(rep, 'ctime') >+ self.assertElementMissing(rep, 'cusec') >+ self.assertElementPresent(rep, 'stime') >+ self.assertElementPresent(rep, 'susec') >+ # error-code checked above >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'crealm') >+ self.assertElementMissing(rep, 'cname') >+ self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >+ self.assertElementEqualPrincipal(rep, 'sname', expected_sname) >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'e-text') >+ if expected_error_mode != KDC_ERR_PREAUTH_REQUIRED: >+ self.assertElementMissing(rep, 'e-data') >+ return >+ edata = self.getElementValue(rep, 'e-data') >+ if self.strict_checking: >+ self.assertIsNotNone(edata) >+ if edata is not None: >+ rep_padata = self.der_decode(edata, asn1Spec=krb5_asn1.METHOD_DATA()) >+ self.assertGreater(len(rep_padata), 0) >+ else: >+ rep_padata = [] >+ >+ if self.strict_checking: >+ for i in range(0, len(expected_patypes)): >+ self.assertElementEqual(rep_padata[i], 'padata-type', expected_patypes[i]) >+ self.assertEqual(len(rep_padata), len(expected_patypes)) >+ >+ etype_info2 = None >+ etype_info = None >+ enc_timestamp = None >+ pk_as_req = None >+ pk_as_rep19 = None >+ for pa in rep_padata: >+ patype = self.getElementValue(pa, 'padata-type') >+ pavalue = self.getElementValue(pa, 'padata-value') >+ if patype == PADATA_ETYPE_INFO2: >+ self.assertIsNone(etype_info2) >+ etype_info2 = self.der_decode(pavalue, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ continue >+ if patype == PADATA_ETYPE_INFO: >+ self.assertIsNone(etype_info) >+ etype_info = self.der_decode(pavalue, asn1Spec=krb5_asn1.ETYPE_INFO()) >+ continue >+ if patype == PADATA_ENC_TIMESTAMP: >+ self.assertIsNone(enc_timestamp) >+ enc_timestamp = pavalue >+ self.assertEqual(len(enc_timestamp), 0) >+ continue >+ if patype == PADATA_PK_AS_REQ: >+ self.assertIsNone(pk_as_req) >+ pk_as_req = pavalue >+ self.assertEqual(len(pk_as_req), 0) >+ continue >+ if patype == PADATA_PK_AS_REP_19: >+ self.assertIsNone(pk_as_rep19) >+ pk_as_rep19 = pavalue >+ self.assertEqual(len(pk_as_rep19), 0) >+ continue >+ >+ if expected_error == KDC_ERR_ETYPE_NOSUPP: >+ self.assertIsNone(etype_info2) >+ self.assertIsNone(etype_info) >+ if self.strict_checking: >+ self.assertIsNotNone(enc_timestamp) >+ self.assertIsNotNone(pk_as_req) >+ self.assertIsNotNone(pk_as_rep19) >+ return >+ >+ self.assertIsNotNone(etype_info2) >+ if expect_etype_info: >+ self.assertIsNotNone(etype_info) >+ else: >+ if self.strict_checking: >+ self.assertIsNone(etype_info) >+ if unexpect_etype_info: >+ self.assertIsNone(etype_info) >+ >+ self.assertGreaterEqual(len(etype_info2), 1) >+ self.assertLessEqual(len(etype_info2), len(expect_etype_info2)) >+ if self.strict_checking: >+ self.assertEqual(len(etype_info2), len(expect_etype_info2)) >+ for i in range(0, len(etype_info2)): >+ e = self.getElementValue(etype_info2[i], 'etype') >+ self.assertEqual(e, expect_etype_info2[i]) >+ salt = self.getElementValue(etype_info2[i], 'salt') >+ if e == kcrypto.Enctype.RC4: >+ self.assertIsNone(salt) >+ else: >+ self.assertIsNotNone(salt) >+ if expected_salt is not None: >+ self.assertEqual(salt, expected_salt) >+ s2kparams = self.getElementValue(etype_info2[i], 's2kparams') >+ if self.strict_checking: >+ self.assertIsNone(s2kparams) >+ if etype_info is not None: >+ self.assertEqual(len(etype_info), 1) >+ e = self.getElementValue(etype_info[0], 'etype') >+ self.assertEqual(e, kcrypto.Enctype.RC4) >+ self.assertEqual(e, expect_etype_info2[0]) >+ salt = self.getElementValue(etype_info[0], 'salt') >+ if self.strict_checking: >+ self.assertIsNotNone(salt) >+ self.assertEqual(len(salt), 0) >+ >+ self.assertIsNotNone(enc_timestamp) >+ self.assertIsNotNone(pk_as_req) >+ self.assertIsNotNone(pk_as_rep19) >+ >+ kdc_exchange_dict['preauth_etype_info2'] = etype_info2 >+ return >+ >+ def generate_simple_tgs_padata(self, >+ kdc_exchange_dict, >+ callback_dict, >+ req_body): >+ tgt = kdc_exchange_dict['tgt'] >+ authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] >+ body_checksum_type = kdc_exchange_dict['body_checksum_type'] >+ >+ req_body_blob = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY()) >+ >+ req_body_checksum = self.Checksum_create(tgt.session_key, >+ KU_TGS_REQ_AUTH_CKSUM, >+ req_body_blob, >+ ctype=body_checksum_type) >+ >+ subkey_obj = None >+ if authenticator_subkey is not None: >+ subkey_obj = authenticator_subkey.export_obj() >+ seq_number = random.randint(0, 0xfffffffe) >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ authenticator_obj = self.Authenticator_create(crealm=tgt.crealm, >+ cname=tgt.cname, >+ cksum=req_body_checksum, >+ cusec=cusec, >+ ctime=ctime, >+ subkey=subkey_obj, >+ seq_number=seq_number, >+ authorization_data=None) >+ authenticator_blob = self.der_encode(authenticator_obj, asn1Spec=krb5_asn1.Authenticator()) >+ >+ authenticator = self.EncryptedData_create(tgt.session_key, >+ KU_TGS_REQ_AUTH, >+ authenticator_blob) >+ >+ ap_options = krb5_asn1.APOptions('0') >+ ap_req_obj = self.AP_REQ_create(ap_options=str(ap_options), >+ ticket=tgt.ticket, >+ authenticator=authenticator) >+ ap_req = self.der_encode(ap_req_obj, asn1Spec=krb5_asn1.AP_REQ()) >+ pa_tgs_req = self.PA_DATA_create(PADATA_KDC_REQ, ap_req) >+ padata = [pa_tgs_req] >+ >+ return padata, req_body >+ >+ def check_simple_tgs_padata(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep, >+ padata): >+ tgt = kdc_exchange_dict['tgt'] >+ authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] >+ if authenticator_subkey is not None: >+ subkey = authenticator_subkey >+ subkey_usage = KU_TGS_REP_ENC_PART_SUB_KEY >+ else: >+ subkey = tgt.session_key >+ subkey_usage = KU_TGS_REP_ENC_PART_SESSION >+ >+ return subkey, subkey_usage >+ >+ def _test_as_exchange(self, >+ cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ expected_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ etypes, >+ padata, >+ kdc_options, >+ preauth_key=None, >+ ticket_decryption_key=None): >+ >+ def _generate_padata_copy(_kdc_exchange_dict, >+ _callback_dict, >+ req_body): >+ return padata, req_body >+ >+ def _check_padata_preauth_key(_kdc_exchange_dict, >+ _callback_dict, >+ rep, >+ padata): >+ as_rep_usage = KU_AS_REP_ENC_PART >+ return preauth_key, as_rep_usage >+ >+ kdc_exchange_dict = self.as_exchange_dict( >+ expected_crealm=expected_crealm, >+ expected_cname=expected_cname, >+ expected_srealm=expected_srealm, >+ expected_sname=expected_sname, >+ ticket_decryption_key=ticket_decryption_key, >+ generate_padata_fn=_generate_padata_copy, >+ check_error_fn=self.generic_check_as_error, >+ check_rep_fn=self.generic_check_kdc_rep, >+ check_padata_fn=_check_padata_preauth_key, >+ check_kdc_private_fn=self.generic_check_kdc_private, >+ expected_error_mode=expected_error_mode, >+ client_as_etypes=client_as_etypes, >+ expected_salt=expected_salt) >+ >+ rep = self._generic_kdc_exchange(kdc_exchange_dict, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ till_time=till, >+ etypes=etypes) >+ >+ if expected_error_mode == 0: # AS-REP >+ return rep >+ >+ return kdc_exchange_dict['preauth_etype_info2'] >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 702f6084217..a4c5e079b66 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -28,16 +28,27 @@ ARCFOUR_HMAC_MD5 = int( > # Message types > KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) > KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+KRB_AS_REQ = int(krb5_asn1.MessageTypeValues('krb-as-req')) > KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep')) >+KRB_TGS_REQ = int(krb5_asn1.MessageTypeValues('krb-tgs-req')) > > # PAData types > PADATA_ENC_TIMESTAMP = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ETYPE_INFO = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO')) > PADATA_ETYPE_INFO2 = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+PADATA_KDC_REQ = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-KDC-REQ')) >+PADATA_PK_AS_REQ = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REQ')) >+PADATA_PK_AS_REP_19 = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REP-19')) > > # Error codes > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_ETYPE_NOSUPP = 14 > KDC_ERR_PREAUTH_FAILED = 24 > KDC_ERR_PREAUTH_REQUIRED = 25 > KDC_ERR_BADMATCH = 36 >-- >2.25.1 > > >From 4359fa8529d70c86bb15a5c730dd2047ddd0a068 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 037/149] tests/krb5/as_req_tests.py: add new tests to cover > more of the AS-REQ protocol > >Example commands: > >Windows 2012R2: >SERVER=172.31.9.188 STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.188 STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests > >Windows 2008R2: >SERVER=172.31.9.133 STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.133 STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests > >Samba 4.14: >SERVER=172.31.9.163 STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.163 STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 01d86954d217e38be333aa1ce7db1d3d9059cd4c) >--- > python/samba/tests/krb5/as_req_tests.py | 121 ++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > 2 files changed, 122 insertions(+) > create mode 100755 python/samba/tests/krb5/as_req_tests.py > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >new file mode 100755 >index 00000000000..3ad37c6bdf2 >--- /dev/null >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -0,0 +1,121 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests import DynamicTestCase >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import ( >+ KDC_ERR_PREAUTH_REQUIRED, >+ NT_PRINCIPAL, >+ NT_SRV_INST >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+@DynamicTestCase >+class AsReqKerberosTests(RawKerberosTest): >+ >+ @classmethod >+ def setUpDynamicTestCases(cls): >+ for (name, idx) in cls.etype_test_permutation_name_idx(): >+ for pac in [None, True, False]: >+ tname = "%s_pac_%s" % (name, pac) >+ targs = (idx, pac) >+ cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs) >+ return >+ >+ def setUp(self): >+ super(AsReqKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def _test_as_req_nopreauth(self, >+ initial_etypes, >+ initial_padata=None, >+ initial_kdc_options=None): >+ client_creds = self.get_client_creds() >+ client_account = client_creds.get_username() >+ client_as_etypes = client_creds.get_as_krb5_etypes() >+ krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_account = krbtgt_creds.get_username() >+ realm = krbtgt_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[client_account]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_INST, >+ names=[krbtgt_account, realm]) >+ >+ expected_error_mode = KDC_ERR_PREAUTH_REQUIRED >+ expected_crealm = realm >+ expected_cname = cname >+ expected_srealm = realm >+ expected_sname = sname >+ expected_salt = client_creds.get_forced_salt() >+ >+ def _generate_padata_copy(_kdc_exchange_dict, >+ _callback_dict, >+ req_body): >+ return initial_padata, req_body >+ >+ kdc_exchange_dict = self.as_exchange_dict( >+ expected_crealm=expected_crealm, >+ expected_cname=expected_cname, >+ expected_srealm=expected_srealm, >+ expected_sname=expected_sname, >+ generate_padata_fn=_generate_padata_copy, >+ check_error_fn=self.generic_check_as_error, >+ check_rep_fn=self.generic_check_kdc_rep, >+ expected_error_mode=expected_error_mode, >+ client_as_etypes=client_as_etypes, >+ expected_salt=expected_salt) >+ >+ rep = self._generic_kdc_exchange(kdc_exchange_dict, >+ kdc_options=str(initial_kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ etypes=initial_etypes) >+ >+ return kdc_exchange_dict['preauth_etype_info2'] >+ >+ def _test_as_req_no_preauth_with_args(self, etype_idx, pac): >+ name, etypes = self.etype_test_permutation_by_idx(etype_idx) >+ if pac is None: >+ padata = None >+ else: >+ pa_pac = self.KERB_PA_PAC_REQUEST_create(pac) >+ padata = [pa_pac] >+ return self._test_as_req_nopreauth( >+ initial_padata=padata, >+ initial_etypes=etypes, >+ initial_kdc_options=krb5_asn1.KDCOptions('forwardable')) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >+ >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 14695ae65c5..27497e069d1 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -101,6 +101,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/test_rpc.py', > 'python/samba/tests/krb5/test_smb.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', >+ 'python/samba/tests/krb5/as_req_tests.py', > } > > EXCLUDE_HELP = { >-- >2.25.1 > > >From 426e6376c0066e82d49e89cf89ad51c99de8d520 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 038/149] selftest: run new as_req_tests against fl2008r2dc and > fl2003dc > >There are a lot of things we should improve in our KDC >in order to work like a Windows KDC. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d91665d33130aed11fa82d8d2796ab1627e04dc4) >--- > .../knownfail.d/samba.tests.krb5.as_req_tests | 276 +++++++++++++ > selftest/knownfail_mit_kdc | 389 +++++++++++++++++- > selftest/target/Samba.pm | 1 + > selftest/target/Samba4.pm | 6 +- > source4/selftest/tests.py | 10 + > 5 files changed, 680 insertions(+), 2 deletions(-) > create mode 100644 selftest/knownfail.d/samba.tests.krb5.as_req_tests > >diff --git a/selftest/knownfail.d/samba.tests.krb5.as_req_tests b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >new file mode 100644 >index 00000000000..390d6cd0ab6 >--- /dev/null >+++ b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >@@ -0,0 +1,276 @@ >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2003dc >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 2c2a643944c..b610929a8dd 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -290,4 +290,391 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >- >+# >+# MIT currently fails some as_req_no_preauth tests. >+# >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2008r2dc >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index 5a7efa9c280..095ce3a6fdd 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -825,6 +825,7 @@ my @exported_envvars = ( > "DNSNAME", > "REALM", > "DOMSID", >+ "SUPPORTED_ENCTYPE_BITS", > > # stuff related to a trusted domain > "TRUST_SERVER", >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 1ae9fb9d996..4a90dcd7362 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -561,7 +561,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) > $ctx->{force_fips_mode} = $force_fips_mode; > $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; > if ($functional_level eq "2000") { >- $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc" >+ $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"; >+ $ctx->{supported_enctypes_bits} = "4"; >+ } else { >+ $ctx->{supported_enctypes_bits} = "28"; > } > > # >@@ -876,6 +879,7 @@ nogroup:x:65534:nobody > KRB5_CONFIG => $ctx->{krb5_conf}, > KRB5_CCACHE => $ctx->{krb5_ccache}, > MITKDC_CONFIG => $ctx->{mitkdc_conf}, >+ SUPPORTED_ENCTYPE_BITS => $ctx->{supported_enctypes_bits}, > PIDDIR => $ctx->{piddir}, > SERVER => $ctx->{hostname}, > DC_SERVER => $ctx->{hostname}, >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 3089c6f4dda..cd099408dab 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1362,6 +1362,16 @@ plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", ' > '--option=torture:krb5-hostname=testupnspn.$DNSNAME', > '--option=torture:krb5-service=http'], > "samba4.krb5.kdc with account having identical UPN and SPN") >+for env in ["fl2008r2dc", "fl2003dc"]: >+ planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests", >+ environ={ >+ 'CLIENT_USERNAME': '$USERNAME', >+ 'CLIENT_PASSWORD': '$PASSWORD', >+ 'CLIENT_AS_SUPPORTED_ENCTYPES': '$SUPPORTED_ENCTYPE_BITS', >+ 'SERVER_USERNAME': '$SERVER', >+ 'SERVER_PASSWORD': 'machine$PASSWORD', >+ 'STRICT_CHECKING': '0', >+ }) > > > for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: >-- >2.25.1 > > >From 8e313641e6a613d1ed5dfee3512fb6bed2c16ef7 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:38:28 +1200 >Subject: [PATCH 039/149] tests/krb5/kdc_base_test.py: Defer account deletion > until tearDownClass() is called > >This allows accounts created for permutation tests to be reused, rather >than having to be recreated for every test. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5412bffb9b4fc13023e650bbc9436a79b60b6fa2) >--- > python/samba/tests/krb5/kdc_base_test.py | 24 +++++++++++++++--------- > 1 file changed, 15 insertions(+), 9 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index e345f739e1c..578736574ae 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -99,21 +99,27 @@ class KDCBaseTest(RawKerberosTest): > base="", expression="", scope=SCOPE_BASE, attrs=["dnsHostName"]) > cls.dns_host_name = str(res[0]['dnsHostName']) > >+ # A set containing DNs of accounts created as part of testing. >+ cls.accounts = set() >+ >+ @classmethod >+ def tearDownClass(cls): >+ # Clean up any accounts created by create_account. This is >+ # done in tearDownClass() rather than tearDown(), so that >+ # accounts need only be created once for permutation tests. >+ for dn in cls.accounts: >+ delete_force(cls.ldb, dn) >+ super().tearDownClass() >+ > def setUp(self): > super().setUp() > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump >- self.accounts = [] >- >- def tearDown(self): >- # Clean up any accounts created by create_account >- for dn in self.accounts: >- delete_force(self.ldb, dn) > > def create_account(self, name, machine_account=False, spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, >- which is used by tearDown to clean up the created accounts. >+ which is used by tearDownClass to clean up the created accounts. > ''' > dn = "cn=%s,%s" % (name, self.ldb.domain_dn()) > >@@ -153,8 +159,8 @@ class KDCBaseTest(RawKerberosTest): > if machine_account: > creds.set_workstation(name) > # >- # Save the account name so it can be deleted in the tearDown >- self.accounts.append(dn) >+ # Save the account name so it can be deleted in tearDownClass >+ self.accounts.add(dn) > > return (creds, dn) > >-- >2.25.1 > > >From 097fd46da2aa4f787ee1af7ca8baa54e126ae03a Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:14:33 +1200 >Subject: [PATCH 040/149] tests/krb5/raw_testcase.py: Add get_admin_creds() > >This method allows obtaining credentials that can be used for >administrative tasks such as creating accounts. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5afae39da0ab408bb36dde3a7801634bd9cc24f6) >--- > python/samba/tests/krb5/raw_testcase.py | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 8c8926b0ad2..7e41245f706 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -526,6 +526,11 @@ class RawKerberosTest(TestCaseInTempDir): > allow_missing_password=allow_missing_password) > return c > >+ def get_admin_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='ADMIN', >+ allow_missing_password=allow_missing_password) >+ return c >+ > def get_krbtgt_creds(self, require_strongest_key=False): > c = self._get_krb5_creds(prefix='KRBTGT', > default_username='krbtgt', >-- >2.25.1 > > >From df12823547d76f4cb841aac1d49f2c13731269b3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:04:00 +1200 >Subject: [PATCH 041/149] tests/krb5/kdc_base_test.py: Create database > connection only when needed > >Now the database connection is only created on its first use, which >means database credentials are no longer required for tests that don't >make use of it. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4f5566be4839838e0e3e501a030bcf6e85ff5159) >--- > python/samba/tests/krb5/kdc_base_test.py | 56 +++++++------ > python/samba/tests/krb5/kdc_tgs_tests.py | 17 ++-- > .../ms_kile_client_principal_lookup_tests.py | 84 +++++++++++-------- > python/samba/tests/krb5/test_ccache.py | 15 ++-- > python/samba/tests/krb5/test_ldap.py | 12 +-- > python/samba/tests/krb5/test_rpc.py | 6 +- > python/samba/tests/krb5/test_smb.py | 12 +-- > 7 files changed, 116 insertions(+), 86 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 578736574ae..b191f905366 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -89,15 +89,7 @@ class KDCBaseTest(RawKerberosTest): > > cls.credentials = c > >- cls.session = system_session() >- cls.ldb = SamDB(url="ldap://%s" % cls.host, >- session_info=cls.session, >- credentials=cls.credentials, >- lp=cls.lp) >- # fetch the dnsHostName from the RootDse >- res = cls.ldb.search( >- base="", expression="", scope=SCOPE_BASE, attrs=["dnsHostName"]) >- cls.dns_host_name = str(res[0]['dnsHostName']) >+ cls._ldb = None > > # A set containing DNs of accounts created as part of testing. > cls.accounts = set() >@@ -107,8 +99,9 @@ class KDCBaseTest(RawKerberosTest): > # Clean up any accounts created by create_account. This is > # done in tearDownClass() rather than tearDown(), so that > # accounts need only be created once for permutation tests. >- for dn in cls.accounts: >- delete_force(cls.ldb, dn) >+ if cls._ldb is not None: >+ for dn in cls.accounts: >+ delete_force(cls._ldb, dn) > super().tearDownClass() > > def setUp(self): >@@ -116,16 +109,27 @@ class KDCBaseTest(RawKerberosTest): > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >- def create_account(self, name, machine_account=False, spn=None, upn=None): >+ def get_samdb(self): >+ if self._ldb is None: >+ session = system_session() >+ type(self)._ldb = SamDB(url="ldap://%s" % self.host, >+ session_info=session, >+ credentials=self.credentials, >+ lp=self.lp) >+ >+ return self._ldb >+ >+ def create_account(self, ldb, name, machine_account=False, >+ spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, > which is used by tearDownClass to clean up the created accounts. > ''' >- dn = "cn=%s,%s" % (name, self.ldb.domain_dn()) >+ dn = "cn=%s,%s" % (name, ldb.domain_dn()) > > # remove the account if it exists, this will happen if a previous test > # run failed >- delete_force(self.ldb, dn) >+ delete_force(ldb, dn) > if machine_account: > object_class = "computer" > account_name = "%s$" % name >@@ -148,12 +152,12 @@ class KDCBaseTest(RawKerberosTest): > details["servicePrincipalName"] = spn > if upn is not None: > details["userPrincipalName"] = upn >- self.ldb.add(details) >+ ldb.add(details) > > creds = Credentials() > creds.guess(self.lp) >- creds.set_realm(self.ldb.domain_dns_name().upper()) >- creds.set_domain(self.ldb.domain_netbios_name().upper()) >+ creds.set_realm(ldb.domain_dns_name().upper()) >+ creds.set_domain(ldb.domain_netbios_name().upper()) > creds.set_password(password) > creds.set_username(account_name) > if machine_account: >@@ -425,38 +429,38 @@ class KDCBaseTest(RawKerberosTest): > enc_part, asn1Spec=krb5_asn1.EncTicketPart()) > return enc_ticket_part > >- def get_objectSid(self, dn): >+ def get_objectSid(self, samdb, dn): > ''' Get the objectSID for a DN > Note: performs an Ldb query. > ''' >- res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["objectSID"]) >+ res = samdb.search(dn, scope=SCOPE_BASE, attrs=["objectSID"]) > self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) >- sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) >+ sid = samdb.schema_format_value("objectSID", res[0]["objectSID"][0]) > return sid.decode('utf8') > >- def add_attribute(self, dn_str, name, value): >+ def add_attribute(self, samdb, dn_str, name, value): > if isinstance(value, list): > values = value > else: > values = [value] > flag = ldb.FLAG_MOD_ADD > >- dn = ldb.Dn(self.ldb, dn_str) >+ dn = ldb.Dn(samdb, dn_str) > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) >- self.ldb.modify(msg) >+ samdb.modify(msg) > >- def modify_attribute(self, dn_str, name, value): >+ def modify_attribute(self, samdb, dn_str, name, value): > if isinstance(value, list): > values = value > else: > values = [value] > flag = ldb.FLAG_MOD_REPLACE > >- dn = ldb.Dn(self.ldb, dn_str) >+ dn = ldb.Dn(samdb, dn_str) > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) >- self.ldb.modify(msg) >+ samdb.modify(msg) > > def create_ccache(self, cname, ticket, enc_part): > """ Lay out a version 4 on-disk credentials cache, to be read using the >diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py >index 23a1d868a79..0c757bd5e5f 100755 >--- a/python/samba/tests/krb5/kdc_tgs_tests.py >+++ b/python/samba/tests/krb5/kdc_tgs_tests.py >@@ -49,8 +49,9 @@ class KdcTgsTests(KDCBaseTest): > that differs from that provided to the krbtgt > ''' > # Create the user account >+ samdb = self.get_samdb() > user_name = "tsttktusr" >- (uc, _) = self.create_account(user_name) >+ (uc, _) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > # Do the initial AS-REQ, should get a pre-authentication required >@@ -81,7 +82,7 @@ class KdcTgsTests(KDCBaseTest): > names=["Administrator"]) > sname = self.PrincipalName_create( > name_type=NT_PRINCIPAL, >- names=["host", self.dns_host_name]) >+ names=["host", samdb.host_dns_name()]) > > (rep, enc_part) = self.tgs_req(cname, sname, realm, ticket, key, etype) > >@@ -98,8 +99,9 @@ class KdcTgsTests(KDCBaseTest): > '''Get a ticket to the ldap service > ''' > # Create the user account >+ samdb = self.get_samdb() > user_name = "tsttktusr" >- (uc, _) = self.create_account(user_name) >+ (uc, _) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > # Do the initial AS-REQ, should get a pre-authentication required >@@ -126,7 +128,7 @@ class KdcTgsTests(KDCBaseTest): > # Request a ticket to the ldap service > sname = self.PrincipalName_create( > name_type=NT_SRV_INST, >- names=["ldap", self.dns_host_name]) >+ names=["ldap", samdb.host_dns_name()]) > > (rep, _) = self.tgs_req( > cname, sname, uc.get_realm(), ticket, key, etype) >@@ -137,9 +139,10 @@ class KdcTgsTests(KDCBaseTest): > > # Create a user and machine account for the test. > # >+ samdb = self.get_samdb() > user_name = "tsttktusr" >- (uc, dn) = self.create_account(user_name) >- (mc, _) = self.create_account("tsttktmac", machine_account=True) >+ (uc, dn) = self.create_account(samdb, user_name) >+ (mc, _) = self.create_account(samdb, "tsttktmac", machine_account=True) > realm = uc.get_realm().lower() > > # Do the initial AS-REQ, should get a pre-authentication required >@@ -179,7 +182,7 @@ class KdcTgsTests(KDCBaseTest): > enc_part = self.decode_service_ticket(mc, ticket) > > pac_data = self.get_pac_data(enc_part['authorization-data']) >- sid = self.get_objectSid(dn) >+ sid = self.get_objectSid(samdb, dn) > upn = "%s@%s" % (uc.get_username(), realm) > self.assertEqual( > uc.get_username(), >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index 356a25f8e18..63f67b09c4c 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -49,10 +49,10 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >- def check_pac(self, auth_data, dn, uc, name, upn=None): >+ def check_pac(self, samdb, auth_data, dn, uc, name, upn=None): > > pac_data = self.get_pac_data(auth_data) >- sid = self.get_objectSid(dn) >+ sid = self.get_objectSid(samdb, dn) > if upn is None: > upn = "%s@%s" % (name, uc.get_realm().lower()) > if name.endswith('$'): >@@ -89,12 +89,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -131,7 +132,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the pac, and the ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ self.check_pac(samdb, enc_part['authorization-data'], dn, uc, user_name) > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -147,12 +148,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a machine account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskilemac" >- (mc, dn) = self.create_account(user_name, machine_account=True) >+ (mc, dn) = self.create_account(samdb, user_name, machine_account=True) > realm = mc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -189,7 +191,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the pac, and the ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, mc, mach_name + '$') >+ self.check_pac(samdb, enc_part['authorization-data'], dn, mc, mach_name + '$') > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -206,14 +208,15 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > ''' > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" > upn = upn_name + "@" + self.credentials.get_realm().lower() >- (uc, dn) = self.create_account(user_name, upn=upn) >+ (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -250,7 +253,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the service ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, uc, upn_name) >+ self.check_pac(samdb, enc_part['authorization-data'], dn, uc, upn_name) > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -273,19 +276,21 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way > # to trigger the no pre-auth step > >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > self.modify_attribute( >+ samdb, > dn, > "userAccountControl", > str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH > # we should get a valid AS-RESP >@@ -340,15 +345,16 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -406,15 +412,16 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -445,14 +452,15 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" > upn = upn_name + "@" + self.credentials.get_realm().lower() >- (uc, dn) = self.create_account(user_name, upn=upn) >+ (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -508,13 +516,14 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > ename = user_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -570,12 +579,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" >- (uc, _) = self.create_account(user_name) >+ (uc, _) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, dn) = self.create_account(mach_name, machine_account=True) >+ (mc, dn) = self.create_account(samdb, mach_name, machine_account=True) > ename = mach_name + "@" + realm > uname = mach_name + "$@" + realm > >@@ -638,20 +648,22 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way > # to trigger the no pre-auth step > >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > self.modify_attribute( >+ samdb, > dn, > "userAccountControl", > str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) > ename = alt_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH > # we should get a valid AS-RESP >@@ -706,17 +718,18 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > ename = alt_name + "@" + realm > uname = user_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -775,16 +788,17 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > ename = alt_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >index 32c9e3cce6b..c7857a6cf0e 100755 >--- a/python/samba/tests/krb5/test_ccache.py >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -49,11 +49,14 @@ class CcacheTests(KDCBaseTest): > mach_name = "ccachemac" > service = "host" > >+ samdb = self.get_samdb() >+ > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Create the machine account. >- (mach_credentials, _) = self.create_account(mach_name, >+ (mach_credentials, _) = self.create_account(samdb, >+ mach_name, > machine_account=True, > spn="%s/%s" % (service, > mach_name)) >@@ -77,7 +80,7 @@ class CcacheTests(KDCBaseTest): > gensec_client.want_feature(gensec.FEATURE_SEAL) > gensec_client.start_mech_by_sasl_name("GSSAPI") > >- auth_context = AuthContext(lp_ctx=self.lp, ldb=self.ldb, methods=[]) >+ auth_context = AuthContext(lp_ctx=self.lp, ldb=samdb, methods=[]) > > gensec_server = gensec.Security.start_server(settings, auth_context) > gensec_server.set_credentials(mach_credentials) >@@ -104,9 +107,9 @@ class CcacheTests(KDCBaseTest): > # token is the SID of the user we created. > > # Retrieve the user account's SID. >- ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % user_name, >- attrs=["objectSid"]) >+ ldb_res = samdb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) > self.assertEqual(1, len(ldb_res)) > sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) > >diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py >index 6a4bf52d77f..7e9405a8a92 100755 >--- a/python/samba/tests/krb5/test_ldap.py >+++ b/python/samba/tests/krb5/test_ldap.py >@@ -44,12 +44,14 @@ class LdapTests(KDCBaseTest): > # credentials cache file where the service ticket authenticating the > # user are stored. > >+ samdb = self.get_samdb() >+ > user_name = "ldapusr" >- mach_name = self.dns_host_name >+ mach_name = samdb.host_dns_name() > service = "ldap" > > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >@@ -63,9 +65,9 @@ class LdapTests(KDCBaseTest): > # cached credentials. > > # Retrieve the user account's SID. >- ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % user_name, >- attrs=["objectSid"]) >+ ldb_res = samdb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) > self.assertEqual(1, len(ldb_res)) > sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) > >diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py >index da1c4eb88ac..c474e479d81 100755 >--- a/python/samba/tests/krb5/test_rpc.py >+++ b/python/samba/tests/krb5/test_rpc.py >@@ -41,12 +41,14 @@ class RpcTests(KDCBaseTest): > # credentials cache file where the service ticket authenticating the > # user are stored. > >+ samdb = self.get_samdb() >+ > user_name = "rpcusr" >- mach_name = self.dns_host_name >+ mach_name = samdb.host_dns_name() > service = "cifs" > > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py >index 0262a37ebb5..8f76e78afe3 100755 >--- a/python/samba/tests/krb5/test_smb.py >+++ b/python/samba/tests/krb5/test_smb.py >@@ -45,13 +45,15 @@ class SmbTests(KDCBaseTest): > # credentials cache file where the service ticket authenticating the > # user are stored. > >+ samdb = self.get_samdb() >+ > user_name = "smbusr" >- mach_name = self.dns_host_name >+ mach_name = samdb.host_dns_name() > service = "cifs" > share = "tmp" > > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >@@ -72,9 +74,9 @@ class SmbTests(KDCBaseTest): > # cached credentials. > > # Retrieve the user account's SID. >- ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % user_name, >- attrs=["objectSid"]) >+ ldb_res = samdb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) > self.assertEqual(1, len(ldb_res)) > sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) > >-- >2.25.1 > > >From c6de61966b11a1b94257b0eb5d53426fd039df91 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:31:26 +1200 >Subject: [PATCH 042/149] tests/krb5/kdc_base_test.py: Remove 'credentials' > class attribute > >Credentials for tests are now obtained using the get_user_creds() >method. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 364f1ce8d8221cb8926635fc864db782cee61cf9) >--- > python/samba/tests/krb5/kdc_base_test.py | 24 +++---------------- > .../ms_kile_client_principal_lookup_tests.py | 4 ++-- > 2 files changed, 5 insertions(+), 23 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index b191f905366..f3c6b37d29f 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -67,28 +67,8 @@ class KDCBaseTest(RawKerberosTest): > @classmethod > def setUpClass(cls): > cls.lp = cls.get_loadparm(cls) >- cls.username = os.environ["USERNAME"] >- cls.password = os.environ["PASSWORD"] > cls.host = os.environ["SERVER"] > >- c = Credentials() >- c.set_username(cls.username) >- c.set_password(cls.password) >- try: >- realm = os.environ["REALM"] >- c.set_realm(realm) >- except KeyError: >- pass >- try: >- domain = os.environ["DOMAIN"] >- c.set_domain(domain) >- except KeyError: >- pass >- >- c.guess() >- >- cls.credentials = c >- > cls._ldb = None > > # A set containing DNs of accounts created as part of testing. >@@ -111,10 +91,12 @@ class KDCBaseTest(RawKerberosTest): > > def get_samdb(self): > if self._ldb is None: >+ creds = self.get_user_creds() >+ > session = system_session() > type(self)._ldb = SamDB(url="ldap://%s" % self.host, > session_info=session, >- credentials=self.credentials, >+ credentials=creds, > lp=self.lp) > > return self._ldb >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index 63f67b09c4c..e9d251e72f6 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -211,7 +211,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" >- upn = upn_name + "@" + self.credentials.get_realm().lower() >+ upn = upn_name + "@" + self.get_user_creds().get_realm().lower() > (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > >@@ -455,7 +455,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" >- upn = upn_name + "@" + self.credentials.get_realm().lower() >+ upn = upn_name + "@" + self.get_user_creds().get_realm().lower() > (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > >-- >2.25.1 > > >From 75f6635392785fd0f592f69f202b0746bf0061c1 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:40:41 +1200 >Subject: [PATCH 043/149] tests/krb5/kdc_base_test.py: Create loadparm only > when needed > >Now the .conf file is only loaded on its first use, which means that >SMB_CONF_PATH need not be defined for tests that don't make use of it. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 210e544016a3a4de1cdb76ce28a2148811ff07eb) >--- > python/samba/tests/krb5/kdc_base_test.py | 15 +++++++++++---- > python/samba/tests/krb5/test_ccache.py | 6 ++++-- > python/samba/tests/krb5/test_ldap.py | 2 +- > python/samba/tests/krb5/test_rpc.py | 2 +- > python/samba/tests/krb5/test_smb.py | 2 +- > 5 files changed, 18 insertions(+), 9 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index f3c6b37d29f..59ce546a181 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -66,7 +66,7 @@ class KDCBaseTest(RawKerberosTest): > > @classmethod > def setUpClass(cls): >- cls.lp = cls.get_loadparm(cls) >+ cls._lp = None > cls.host = os.environ["SERVER"] > > cls._ldb = None >@@ -89,15 +89,22 @@ class KDCBaseTest(RawKerberosTest): > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >+ def get_lp(self): >+ if self._lp is None: >+ type(self)._lp = self.get_loadparm() >+ >+ return self._lp >+ > def get_samdb(self): > if self._ldb is None: > creds = self.get_user_creds() >+ lp = self.get_lp() > > session = system_session() > type(self)._ldb = SamDB(url="ldap://%s" % self.host, > session_info=session, > credentials=creds, >- lp=self.lp) >+ lp=lp) > > return self._ldb > >@@ -137,7 +144,7 @@ class KDCBaseTest(RawKerberosTest): > ldb.add(details) > > creds = Credentials() >- creds.guess(self.lp) >+ creds.guess(self.get_lp()) > creds.set_realm(ldb.domain_dns_name().upper()) > creds.set_domain(ldb.domain_netbios_name().upper()) > creds.set_password(password) >@@ -607,7 +614,7 @@ class KDCBaseTest(RawKerberosTest): > creds.set_kerberos_state(MUST_USE_KERBEROS) > creds.set_username(user_name, SPECIFIED) > creds.set_realm(realm) >- creds.set_named_ccache(cachefile.name, SPECIFIED, self.lp) >+ creds.set_named_ccache(cachefile.name, SPECIFIED, self.get_lp()) > > # Return the credentials along with the cache file. > return (creds, cachefile) >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >index c7857a6cf0e..feb7a7bd9be 100755 >--- a/python/samba/tests/krb5/test_ccache.py >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -71,8 +71,10 @@ class CcacheTests(KDCBaseTest): > # Authenticate in-process to the machine account using the user's > # cached credentials. > >+ lp = self.get_lp() >+ > settings = {} >- settings["lp_ctx"] = self.lp >+ settings["lp_ctx"] = lp > settings["target_hostname"] = mach_name > > gensec_client = gensec.Security.start_client(settings) >@@ -80,7 +82,7 @@ class CcacheTests(KDCBaseTest): > gensec_client.want_feature(gensec.FEATURE_SEAL) > gensec_client.start_mech_by_sasl_name("GSSAPI") > >- auth_context = AuthContext(lp_ctx=self.lp, ldb=samdb, methods=[]) >+ auth_context = AuthContext(lp_ctx=lp, ldb=samdb, methods=[]) > > gensec_server = gensec.Security.start_server(settings, auth_context) > gensec_server.set_credentials(mach_credentials) >diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py >index 7e9405a8a92..d304fb9d71e 100755 >--- a/python/samba/tests/krb5/test_ldap.py >+++ b/python/samba/tests/krb5/test_ldap.py >@@ -74,7 +74,7 @@ class LdapTests(KDCBaseTest): > # Connect to the machine account and retrieve the user SID. > ldb_as_user = SamDB(url="ldap://%s" % mach_name, > credentials=creds, >- lp=self.lp) >+ lp=self.get_lp()) > ldb_res = ldb_as_user.search('', > scope=SCOPE_BASE, > attrs=["tokenGroups"]) >diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py >index c474e479d81..324b57f2847 100755 >--- a/python/samba/tests/krb5/test_rpc.py >+++ b/python/samba/tests/krb5/test_rpc.py >@@ -62,7 +62,7 @@ class RpcTests(KDCBaseTest): > # cached credentials. > > binding_str = "ncacn_np:%s[\\pipe\\lsarpc]" % mach_name >- conn = lsa.lsarpc(binding_str, self.lp, creds) >+ conn = lsa.lsarpc(binding_str, self.get_lp(), creds) > > (account_name, _) = conn.GetUserName(None, None, None) > >diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py >index 8f76e78afe3..45d4fe5e0c1 100755 >--- a/python/samba/tests/krb5/test_smb.py >+++ b/python/samba/tests/krb5/test_smb.py >@@ -82,7 +82,7 @@ class SmbTests(KDCBaseTest): > > # Connect to a share and retrieve the user SID. > s3_lp = s3param.get_context() >- s3_lp.load(self.lp.configfile) >+ s3_lp.load(self.get_lp().configfile) > > min_protocol = s3_lp.get("client min protocol") > self.addCleanup(s3_lp.set, "client min protocol", min_protocol) >-- >2.25.1 > > >From 0e0c9cfa7e36bc2fafe947ffa91908e5ec1ca26f Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:12:38 +1200 >Subject: [PATCH 044/149] tests/krb5/kdc_base_test.py: Add methods to determine > supported encryption types > >This is done based on the domain functional level, which corresponds to >the logic Samba uses to decide whether or not to generate a >Primary:Kerberos-Newer-Keys element for the supplementalCredentials >attribute. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 7d4a0ed21be49d13c2b815582f2d04f0c058bf3a) >--- > python/samba/tests/krb5/kdc_base_test.py | 38 ++++++++++++++++++++++-- > 1 file changed, 36 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 59ce546a181..e1b73dd8ff7 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -29,8 +29,13 @@ from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session > from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >-from samba.dcerpc import krb5pac, krb5ccache >-from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >+from samba.dcerpc import krb5pac, krb5ccache, security >+from samba.dsdb import ( >+ DS_DOMAIN_FUNCTION_2000, >+ DS_DOMAIN_FUNCTION_2008, >+ UF_WORKSTATION_TRUST_ACCOUNT, >+ UF_NORMAL_ACCOUNT >+) > from samba.ndr import ndr_pack, ndr_unpack > from samba.samdb import SamDB > >@@ -71,6 +76,8 @@ class KDCBaseTest(RawKerberosTest): > > cls._ldb = None > >+ cls._functional_level = None >+ > # A set containing DNs of accounts created as part of testing. > cls.accounts = set() > >@@ -108,6 +115,33 @@ class KDCBaseTest(RawKerberosTest): > > return self._ldb > >+ def get_domain_functional_level(self, ldb): >+ if self._functional_level is None: >+ res = ldb.search(base='', >+ scope=SCOPE_BASE, >+ attrs=['domainFunctionality']) >+ try: >+ functional_level = int(res[0]['domainFunctionality'][0]) >+ except KeyError: >+ functional_level = DS_DOMAIN_FUNCTION_2000 >+ >+ type(self)._functional_level = functional_level >+ >+ return self._functional_level >+ >+ def get_default_enctypes(self): >+ samdb = self.get_samdb() >+ functional_level = self.get_domain_functional_level(samdb) >+ >+ # RC4 should always be supported >+ default_enctypes = security.KERB_ENCTYPE_RC4_HMAC_MD5 >+ if functional_level >= DS_DOMAIN_FUNCTION_2008: >+ # AES is only supported at functional level 2008 or higher >+ default_enctypes |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 >+ default_enctypes |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 >+ >+ return default_enctypes >+ > def create_account(self, ldb, name, machine_account=False, > spn=None, upn=None): > '''Create an account for testing. >-- >2.25.1 > > >From ddb5e3451c66a5eb5fc5b9327cb2fe5f4a23e9eb Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:15:10 +1200 >Subject: [PATCH 045/149] tests/krb5/raw_testcase.py: Add method to obtain > Kerberos keys over DRS > >This requires admin credentials, and removes the need to pass these keys >as environment variables. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f2ddd3c97e3ff243c8bd0c17299f27b761f5e7f) >--- > python/samba/tests/krb5/kdc_base_test.py | 100 ++++++++++++++++++++++- > 1 file changed, 99 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index e1b73dd8ff7..7ae22bc5929 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -20,6 +20,8 @@ import sys > import os > from datetime import datetime, timezone > import tempfile >+import binascii >+import struct > > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" >@@ -29,7 +31,8 @@ from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session > from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >-from samba.dcerpc import krb5pac, krb5ccache, security >+from samba.dcerpc import drsblobs, drsuapi, misc, krb5pac, krb5ccache, security >+from samba.drs_utils import drsuapi_connect > from samba.dsdb import ( > DS_DOMAIN_FUNCTION_2000, > DS_DOMAIN_FUNCTION_2008, >@@ -37,6 +40,7 @@ from samba.dsdb import ( > UF_NORMAL_ACCOUNT > ) > from samba.ndr import ndr_pack, ndr_unpack >+from samba import net > from samba.samdb import SamDB > > from samba.tests import delete_force >@@ -191,6 +195,100 @@ class KDCBaseTest(RawKerberosTest): > > return (creds, dn) > >+ def get_keys(self, samdb, dn): >+ admin_creds = self.get_admin_creds() >+ >+ dns_hostname = samdb.host_dns_name() >+ (bind, handle, _) = drsuapi_connect(dns_hostname, >+ self.get_lp(), >+ admin_creds) >+ >+ destination_dsa_guid = misc.GUID(samdb.get_ntds_GUID()) >+ >+ req = drsuapi.DsGetNCChangesRequest8() >+ >+ req.destination_dsa_guid = destination_dsa_guid >+ req.source_dsa_invocation_id = misc.GUID() >+ >+ naming_context = drsuapi.DsReplicaObjectIdentifier() >+ naming_context.dn = str(dn) >+ >+ req.naming_context = naming_context >+ >+ hwm = drsuapi.DsReplicaHighWaterMark() >+ hwm.tmp_highest_usn = 0 >+ hwm.reserved_usn = 0 >+ hwm.highest_usn = 0 >+ >+ req.highwatermark = hwm >+ req.uptodateness_vector = None >+ >+ req.replica_flags = 0 >+ >+ req.max_object_count = 1 >+ req.max_ndr_size = 402116 >+ req.extended_op = drsuapi.DRSUAPI_EXOP_REPL_SECRET >+ >+ attids = [drsuapi.DRSUAPI_ATTID_supplementalCredentials, >+ drsuapi.DRSUAPI_ATTID_unicodePwd] >+ >+ partial_attribute_set = drsuapi.DsPartialAttributeSet() >+ partial_attribute_set.version = 1 >+ partial_attribute_set.attids = attids >+ partial_attribute_set.num_attids = len(attids) >+ >+ req.partial_attribute_set = partial_attribute_set >+ >+ req.partial_attribute_set_ex = None >+ req.mapping_ctr.num_mappings = 0 >+ req.mapping_ctr.mappings = None >+ >+ _, ctr = bind.DsGetNCChanges(handle, 8, req) >+ identifier = ctr.first_object.object.identifier >+ attributes = ctr.first_object.object.attribute_ctr.attributes >+ >+ rid = identifier.sid.split()[1] >+ >+ forced_keys = dict() >+ >+ net_ctx = net.Net(admin_creds) >+ >+ keys = {} >+ >+ for attr in attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_supplementalCredentials: >+ net_ctx.replicate_decrypt(bind, attr, rid) >+ attr_val = attr.value_ctr.values[0].blob >+ >+ spl = ndr_unpack(drsblobs.supplementalCredentialsBlob, >+ attr_val) >+ for pkg in spl.sub.packages: >+ if pkg.name == 'Primary:Kerberos-Newer-Keys': >+ krb5_new_keys_raw = binascii.a2b_hex(pkg.data) >+ krb5_new_keys = ndr_unpack( >+ drsblobs.package_PrimaryKerberosBlob, >+ krb5_new_keys_raw) >+ for key in krb5_new_keys.ctr.keys: >+ keytype = key.keytype >+ if keytype in (kcrypto.Enctype.AES256, >+ kcrypto.Enctype.AES128): >+ keys[keytype] = key.value.hex() >+ elif attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: >+ net_ctx.replicate_decrypt(bind, attr, rid) >+ pwd = attr.value_ctr.values[0].blob >+ keys[kcrypto.Enctype.RC4] = pwd.hex() >+ >+ default_enctypes = self.get_default_enctypes() >+ >+ if default_enctypes & security.KERB_ENCTYPE_RC4_HMAC_MD5: >+ self.assertIn(kcrypto.Enctype.RC4, keys) >+ if default_enctypes & security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96: >+ self.assertIn(kcrypto.Enctype.AES256, keys) >+ if default_enctypes & security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96: >+ self.assertIn(kcrypto.Enctype.AES128, keys) >+ >+ return keys >+ > def as_req(self, cname, sname, realm, etypes, padata=None): > '''Send a Kerberos AS_REQ, returns the undecoded response > ''' >-- >2.25.1 > > >From d6f37456a2210102a0c71fe473937613e0c09066 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:59:11 +1200 >Subject: [PATCH 046/149] tests/krb5/raw_testcase.py: Make env_get_var() a > standalone method > >This allows it to be used elsewhere in the tests. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 948bbc9cecbfc1b33a338891d26a4a706864b9c6) >--- > python/samba/tests/krb5/raw_testcase.py | 80 +++++++++++++------------ > 1 file changed, 41 insertions(+), 39 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7e41245f706..7d9f0cd94f9 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -424,6 +424,23 @@ class RawKerberosTest(TestCaseInTempDir): > sys.stderr.write("connected[%s]\n" % self.host) > return > >+ def env_get_var(self, varname, prefix, >+ fallback_default=True, >+ allow_missing=False): >+ val = None >+ if prefix is not None: >+ allow_missing_prefix = allow_missing >+ if fallback_default: >+ allow_missing_prefix = True >+ val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >+ allow_missing=allow_missing_prefix) >+ else: >+ fallback_default = True >+ if val is None and fallback_default: >+ val = samba.tests.env_get_var_value(varname, >+ allow_missing=allow_missing) >+ return val >+ > def _get_krb5_creds(self, prefix, > default_username=None, > allow_missing_password=False, >@@ -431,49 +448,34 @@ class RawKerberosTest(TestCaseInTempDir): > c = KerberosCredentials() > c.guess() > >- def env_get_var(varname, prefix, fallback_default=True, allow_missing=False): >- val = None >- if prefix is not None: >- allow_missing_prefix = allow_missing >- if fallback_default: >- allow_missing_prefix = True >- val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >- allow_missing=allow_missing_prefix) >- else: >- fallback_default = True >- if val is None and fallback_default: >- val = samba.tests.env_get_var_value(varname, >- allow_missing=allow_missing) >- return val >- >- domain = env_get_var('DOMAIN', prefix) >- realm = env_get_var('REALM', prefix) >+ domain = self.env_get_var('DOMAIN', prefix) >+ realm = self.env_get_var('REALM', prefix) > allow_missing_username = False > if default_username is not None: > allow_missing_username = True >- username = env_get_var('USERNAME', prefix, >- fallback_default=False, >- allow_missing=allow_missing_username) >+ username = self.env_get_var('USERNAME', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_username) > if username is None: > username = default_username >- password = env_get_var('PASSWORD', prefix, >- fallback_default=False, >- allow_missing=allow_missing_password) >+ password = self.env_get_var('PASSWORD', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_password) > c.set_domain(domain) > c.set_realm(realm) > c.set_username(username) > if password is not None: > c.set_password(password) >- as_supported_enctypes = env_get_var('AS_SUPPORTED_ENCTYPES', >- prefix, allow_missing=True) >+ as_supported_enctypes = self.env_get_var('AS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) > if as_supported_enctypes is not None: > c.set_as_supported_enctypes(as_supported_enctypes) >- tgs_supported_enctypes = env_get_var('TGS_SUPPORTED_ENCTYPES', >- prefix, allow_missing=True) >+ tgs_supported_enctypes = self.env_get_var('TGS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) > if tgs_supported_enctypes is not None: > c.set_tgs_supported_enctypes(tgs_supported_enctypes) >- ap_supported_enctypes = env_get_var('AP_SUPPORTED_ENCTYPES', >- prefix, allow_missing=True) >+ ap_supported_enctypes = self.env_get_var('AP_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) > if ap_supported_enctypes is not None: > c.set_ap_supported_enctypes(ap_supported_enctypes) > >@@ -486,22 +488,22 @@ class RawKerberosTest(TestCaseInTempDir): > else: > kvno_allow_missing = True > aes256_allow_missing = True >- kvno = env_get_var('KVNO', prefix, >- fallback_default=False, >- allow_missing=kvno_allow_missing) >+ kvno = self.env_get_var('KVNO', prefix, >+ fallback_default=False, >+ allow_missing=kvno_allow_missing) > if kvno is not None: > c.set_kvno(kvno) >- aes256_key = env_get_var('AES256_KEY_HEX', prefix, >- fallback_default=False, >- allow_missing=aes256_allow_missing) >+ aes256_key = self.env_get_var('AES256_KEY_HEX', prefix, >+ fallback_default=False, >+ allow_missing=aes256_allow_missing) > if aes256_key is not None: > c.set_forced_key(kcrypto.Enctype.AES256, aes256_key) >- aes128_key = env_get_var('AES128_KEY_HEX', prefix, >- fallback_default=False, allow_missing=True) >+ aes128_key = self.env_get_var('AES128_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) > if aes128_key is not None: > c.set_forced_key(kcrypto.Enctype.AES128, aes128_key) >- rc4_key = env_get_var('RC4_KEY_HEX', prefix, >- fallback_default=False, allow_missing=True) >+ rc4_key = self.env_get_var('RC4_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) > if rc4_key is not None: > c.set_forced_key(kcrypto.Enctype.RC4, rc4_key) > return c >-- >2.25.1 > > >From 4f06333267e7bd213a7cd0d43308cfcdffee80b0 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 16:55:02 +1200 >Subject: [PATCH 047/149] tests/krb5/raw_testcase.py: Add allow_missing_keys > parameter for getting creds > >This allows us to require encryption keys in the case that a password >would not be required, such as for the krbtgt account. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6a77c2b93315503008627ce786388f281bd6bb87) >--- > python/samba/tests/krb5/as_req_tests.py | 2 +- > python/samba/tests/krb5/raw_testcase.py | 53 +++++++++++++++++++------ > python/samba/tests/krb5/simple_tests.py | 2 +- > 3 files changed, 42 insertions(+), 15 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 3ad37c6bdf2..3099c224c18 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -58,7 +58,7 @@ class AsReqKerberosTests(RawKerberosTest): > client_creds = self.get_client_creds() > client_account = client_creds.get_username() > client_as_etypes = client_creds.get_as_krb5_etypes() >- krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_creds = self.get_krbtgt_creds(require_keys=False) > krbtgt_account = krbtgt_creds.get_username() > realm = krbtgt_creds.get_realm() > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7d9f0cd94f9..9c0f5800b42 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -444,6 +444,7 @@ class RawKerberosTest(TestCaseInTempDir): > def _get_krb5_creds(self, prefix, > default_username=None, > allow_missing_password=False, >+ allow_missing_keys=True, > require_strongest_key=False): > c = KerberosCredentials() > c.guess() >@@ -486,8 +487,8 @@ class RawKerberosTest(TestCaseInTempDir): > else: > aes256_allow_missing = True > else: >- kvno_allow_missing = True >- aes256_allow_missing = True >+ kvno_allow_missing = allow_missing_keys >+ aes256_allow_missing = allow_missing_keys > kvno = self.env_get_var('KVNO', prefix, > fallback_default=False, > allow_missing=kvno_allow_missing) >@@ -506,37 +507,63 @@ class RawKerberosTest(TestCaseInTempDir): > fallback_default=False, allow_missing=True) > if rc4_key is not None: > c.set_forced_key(kcrypto.Enctype.RC4, rc4_key) >+ >+ if not allow_missing_keys: >+ self.assertTrue(c.forced_keys, >+ 'Please supply %s encryption keys ' >+ 'in environment' % prefix) >+ > return c > >- def get_user_creds(self, allow_missing_password=False): >+ def get_user_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix=None, >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_service_creds(self, allow_missing_password=False): >+ def get_service_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='SERVICE', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_client_creds(self, allow_missing_password=False): >+ def get_client_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='CLIENT', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_server_creds(self, allow_missing_password=False): >+ def get_server_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='SERVER', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_admin_creds(self, allow_missing_password=False): >+ def get_admin_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='ADMIN', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_krbtgt_creds(self, require_strongest_key=False): >+ def get_krbtgt_creds(self, >+ require_keys=True, >+ require_strongest_key=False): >+ if require_strongest_key: >+ self.assertTrue(require_keys) > c = self._get_krb5_creds(prefix='KRBTGT', > default_username='krbtgt', > allow_missing_password=True, >+ allow_missing_keys=not require_keys, > require_strongest_key=require_strongest_key) > return c > >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 2da76a3cf5e..9650702c6c6 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -44,7 +44,7 @@ class SimpleKerberosTests(RawKerberosTest): > def test_simple(self): > user_creds = self.get_user_creds() > user = user_creds.get_username() >- krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_creds = self.get_krbtgt_creds(require_keys=False) > krbtgt_account = krbtgt_creds.get_username() > realm = krbtgt_creds.get_realm() > >-- >2.25.1 > > >From 00d47ed020bde3e728dc2c55d4bfbd0500c6a5db Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 17:10:44 +1200 >Subject: [PATCH 048/149] tests/krb5/raw_testcase.py: Cache obtained > credentials > >If credentials are used more than once, we can now use the credentials >that we already obtained and so avoid fetching them again. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 22a90aea82ba6ef86bde835f2369daa6e23ed2fd) >--- > python/samba/tests/krb5/kdc_base_test.py | 1 + > python/samba/tests/krb5/raw_testcase.py | 38 ++++++++++++++++++++---- > 2 files changed, 34 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 7ae22bc5929..120084616e9 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -75,6 +75,7 @@ class KDCBaseTest(RawKerberosTest): > > @classmethod > def setUpClass(cls): >+ super().setUpClass() > cls._lp = None > cls.host = os.environ["SERVER"] > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 9c0f5800b42..5b59eede806 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -371,6 +371,14 @@ class RawKerberosTest(TestCaseInTempDir): > e = self.etype_test_permutations[idx] > return (e['name'], e['etypes']) > >+ @classmethod >+ def setUpClass(cls): >+ super().setUpClass() >+ >+ # A dictionary containing credentials that have already been >+ # obtained. >+ cls.creds_dict = {} >+ > def setUp(self): > super().setUp() > self.do_asn1_print = False >@@ -441,11 +449,11 @@ class RawKerberosTest(TestCaseInTempDir): > allow_missing=allow_missing) > return val > >- def _get_krb5_creds(self, prefix, >- default_username=None, >- allow_missing_password=False, >- allow_missing_keys=True, >- require_strongest_key=False): >+ def _get_krb5_creds_from_env(self, prefix, >+ default_username=None, >+ allow_missing_password=False, >+ allow_missing_keys=True, >+ require_strongest_key=False): > c = KerberosCredentials() > c.guess() > >@@ -515,6 +523,26 @@ class RawKerberosTest(TestCaseInTempDir): > > return c > >+ def _get_krb5_creds(self, >+ prefix, >+ default_username=None, >+ allow_missing_password=False, >+ allow_missing_keys=True, >+ require_strongest_key=False): >+ if prefix not in self.creds_dict: >+ # We don't have the credentials already >+ creds = self._get_krb5_creds_from_env(prefix, >+ default_username=default_username, >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ require_strongest_key=require_strongest_key) >+ self.assertIsNotNone(creds) >+ >+ # Save the obtained credentials >+ self.creds_dict[prefix] = creds >+ >+ return self.creds_dict[prefix] >+ > def get_user_creds(self, > allow_missing_password=False, > allow_missing_keys=True): >-- >2.25.1 > > >From 1412267bcff5123927558832745ebcfed9a34494 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 17:12:39 +1200 >Subject: [PATCH 049/149] tests/krb5/raw_testcase.py: Allow specifying a > fallback credentials function > >This allows us to use other methods of obtaining credentials if getting >them from the environment fails. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit e1601f2b56f09a944c5cfb119502fdcf49a03c99) >--- > python/samba/tests/krb5/raw_testcase.py | 39 +++++++++++++++++++++---- > 1 file changed, 33 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 5b59eede806..ade980cb46d 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -528,20 +528,47 @@ class RawKerberosTest(TestCaseInTempDir): > default_username=None, > allow_missing_password=False, > allow_missing_keys=True, >- require_strongest_key=False): >- if prefix not in self.creds_dict: >- # We don't have the credentials already >+ require_strongest_key=False, >+ fallback_creds_fn=None): >+ if prefix in self.creds_dict: >+ return self.creds_dict[prefix] >+ >+ # We don't have the credentials already >+ creds = None >+ env_err = None >+ try: >+ # Try to obtain them from the environment > creds = self._get_krb5_creds_from_env(prefix, > default_username=default_username, > allow_missing_password=allow_missing_password, > allow_missing_keys=allow_missing_keys, > require_strongest_key=require_strongest_key) >+ except Exception as err: >+ # An error occurred, so save it for later >+ env_err = err >+ else: > self.assertIsNotNone(creds) >- > # Save the obtained credentials > self.creds_dict[prefix] = creds >- >- return self.creds_dict[prefix] >+ return creds >+ >+ if fallback_creds_fn is not None: >+ try: >+ # Try to use the fallback method >+ creds = fallback_creds_fn() >+ except Exception as err: >+ print("ERROR FROM ENV: %r" % (env_err)) >+ print("FALLBACK-FN: %s" % (fallback_creds_fn)) >+ print("FALLBACK-ERROR: %r" % (err)) >+ else: >+ self.assertIsNotNone(creds) >+ # Save the obtained credentials >+ self.creds_dict[prefix] = creds >+ return creds >+ >+ # Both methods failed, so raise the exception from the >+ # environment method >+ raise env_err > > def get_user_creds(self, > allow_missing_password=False, >-- >2.25.1 > > >From 37ecadeb6f3557f7b60e0b50941f6f62f1521806 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:55:17 +1200 >Subject: [PATCH 050/149] tests/krb5/raw_testcase.py: Simplify conditionals > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ec5c2b040b63d06a17bcd7bd133c2d68d07df587) >--- > python/samba/tests/krb5/raw_testcase.py | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index ade980cb46d..0e08f0ef7d2 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -437,9 +437,7 @@ class RawKerberosTest(TestCaseInTempDir): > allow_missing=False): > val = None > if prefix is not None: >- allow_missing_prefix = allow_missing >- if fallback_default: >- allow_missing_prefix = True >+ allow_missing_prefix = allow_missing or fallback_default > val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), > allow_missing=allow_missing_prefix) > else: >@@ -459,9 +457,7 @@ class RawKerberosTest(TestCaseInTempDir): > > domain = self.env_get_var('DOMAIN', prefix) > realm = self.env_get_var('REALM', prefix) >- allow_missing_username = False >- if default_username is not None: >- allow_missing_username = True >+ allow_missing_username = default_username is not None > username = self.env_get_var('USERNAME', prefix, > fallback_default=False, > allow_missing=allow_missing_username) >-- >2.25.1 > > >From 9aa9be39b62b752d4f6475285078fd017de13c0b Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 16:07:16 +1200 >Subject: [PATCH 051/149] tests/krb5/kdc_base_test.py: Add fallback methods to > obtain client and krbtgt credentials > >Now if the client credentials are not supplied in the environment, we >can fall back to creating a new user account. Similarly, if the krbtgt >credentials are not supplied, we can fetch the credentials of the >existing krbtgt account. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fd45bea7a88837cbe4f99adf3a6b3f69ce32f34c) >--- > python/samba/tests/krb5/kdc_base_test.py | 86 +++++++++++++++++++++++- > 1 file changed, 84 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 120084616e9..1f042aa78aa 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -44,7 +44,8 @@ from samba import net > from samba.samdb import SamDB > > from samba.tests import delete_force >-from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.kcrypto as kcrypto >+from samba.tests.krb5.raw_testcase import KerberosCredentials, RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > AD_IF_RELEVANT, >@@ -182,7 +183,7 @@ class KDCBaseTest(RawKerberosTest): > details["userPrincipalName"] = upn > ldb.add(details) > >- creds = Credentials() >+ creds = KerberosCredentials() > creds.guess(self.get_lp()) > creds.set_realm(ldb.domain_dns_name().upper()) > creds.set_domain(ldb.domain_netbios_name().upper()) >@@ -290,6 +291,87 @@ class KDCBaseTest(RawKerberosTest): > > return keys > >+ def creds_set_keys(self, creds, keys): >+ if keys is not None: >+ for enctype, key in keys.items(): >+ creds.set_forced_key(enctype, key) >+ >+ supported_enctypes = 0 >+ if kcrypto.Enctype.AES256 in keys: >+ supported_enctypes |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 >+ if kcrypto.Enctype.AES128 in keys: >+ supported_enctypes |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 >+ if kcrypto.Enctype.RC4 in keys: >+ supported_enctypes |= security.KERB_ENCTYPE_RC4_HMAC_MD5 >+ >+ creds.set_as_supported_enctypes(supported_enctypes) >+ creds.set_tgs_supported_enctypes(supported_enctypes) >+ creds.set_ap_supported_enctypes(supported_enctypes) >+ >+ def get_client_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): >+ def create_client_account(): >+ samdb = self.get_samdb() >+ >+ creds, dn = self.create_account(samdb, 'kdctestclient') >+ >+ res = samdb.search(base=dn, >+ scope=ldb.SCOPE_BASE, >+ attrs=['msDS-KeyVersionNumber']) >+ kvno = int(res[0]['msDS-KeyVersionNumber'][0]) >+ creds.set_kvno(kvno) >+ >+ keys = self.get_keys(samdb, dn) >+ self.creds_set_keys(creds, keys) >+ >+ return creds >+ >+ c = self._get_krb5_creds(prefix='CLIENT', >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ fallback_creds_fn=create_client_account) >+ return c >+ >+ def get_krbtgt_creds(self, >+ require_keys=True, >+ require_strongest_key=False): >+ if require_strongest_key: >+ self.assertTrue(require_keys) >+ def download_krbtgt_creds(): >+ samdb = self.get_samdb() >+ >+ krbtgt_rid = 502 >+ krbtgt_sid = '%s-%d' % (samdb.get_domain_sid(), krbtgt_rid) >+ >+ res = samdb.search(base='<SID=%s>' % krbtgt_sid, >+ scope=ldb.SCOPE_BASE, >+ attrs=['sAMAccountName', >+ 'msDS-KeyVersionNumber']) >+ dn = res[0].dn >+ username = str(res[0]['sAMAccountName']) >+ >+ creds = KerberosCredentials() >+ creds.set_domain(self.env_get_var('DOMAIN', 'KRBTGT')) >+ creds.set_realm(self.env_get_var('REALM', 'KRBTGT')) >+ creds.set_username(username) >+ >+ kvno = int(res[0]['msDS-KeyVersionNumber'][0]) >+ creds.set_kvno(kvno) >+ >+ keys = self.get_keys(samdb, dn) >+ self.creds_set_keys(creds, keys) >+ >+ return creds >+ >+ c = self._get_krb5_creds(prefix='KRBTGT', >+ default_username='krbtgt', >+ allow_missing_password=True, >+ allow_missing_keys=not require_keys, >+ require_strongest_key=require_strongest_key, >+ fallback_creds_fn=download_krbtgt_creds) >+ return c >+ > def as_req(self, cname, sname, realm, etypes, padata=None): > '''Send a Kerberos AS_REQ, returns the undecoded response > ''' >-- >2.25.1 > > >From 521ed9b1cf71f438dcec876cd280a49316d67613 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 14:51:22 +1200 >Subject: [PATCH 052/149] tests/krb5/as_req_tests.py: Automatically obtain > credentials > >The credentials for the client and krbtgt accounts are now fetched >automatically rather than using environment variables, and the client >account is now automatically created. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 0fd71ed3c37c8cf326f9f676b7fddda3d2d24072) >--- > python/samba/tests/krb5/as_req_tests.py | 4 +- > .../knownfail.d/samba.tests.krb5.as_req_tests | 180 ------------------ > selftest/knownfail_mit_kdc | 42 ---- > selftest/target/Samba.pm | 1 - > selftest/target/Samba4.pm | 4 - > source4/selftest/tests.py | 7 +- > 6 files changed, 4 insertions(+), 234 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 3099c224c18..e8c2a29221d 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -23,7 +23,7 @@ sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests import DynamicTestCase >-from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.kdc_base_test import KDCBaseTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_PREAUTH_REQUIRED, >@@ -35,7 +35,7 @@ global_asn1_print = False > global_hexdump = False > > @DynamicTestCase >-class AsReqKerberosTests(RawKerberosTest): >+class AsReqKerberosTests(KDCBaseTest): > > @classmethod > def setUpDynamicTestCases(cls): >diff --git a/selftest/knownfail.d/samba.tests.krb5.as_req_tests b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >index 390d6cd0ab6..f395bdc553b 100644 >--- a/selftest/knownfail.d/samba.tests.krb5.as_req_tests >+++ b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >@@ -94,183 +94,3 @@ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2003dc >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index b610929a8dd..776148314d1 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -294,11 +294,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > # MIT currently fails some as_req_no_preauth tests. > # > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >@@ -306,11 +303,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2008r2dc >@@ -324,11 +318,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2008r2dc >@@ -336,11 +327,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2008r2dc >@@ -354,11 +342,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >@@ -391,11 +376,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >@@ -403,11 +385,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >@@ -422,11 +401,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >@@ -434,11 +410,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >@@ -452,11 +425,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >@@ -488,11 +458,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2008r2dc >@@ -500,11 +467,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2008r2dc >@@ -518,11 +482,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >@@ -530,11 +491,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index 095ce3a6fdd..5a7efa9c280 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -825,7 +825,6 @@ my @exported_envvars = ( > "DNSNAME", > "REALM", > "DOMSID", >- "SUPPORTED_ENCTYPE_BITS", > > # stuff related to a trusted domain > "TRUST_SERVER", >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 4a90dcd7362..f58190706b1 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -562,9 +562,6 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) > $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; > if ($functional_level eq "2000") { > $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"; >- $ctx->{supported_enctypes_bits} = "4"; >- } else { >- $ctx->{supported_enctypes_bits} = "28"; > } > > # >@@ -879,7 +876,6 @@ nogroup:x:65534:nobody > KRB5_CONFIG => $ctx->{krb5_conf}, > KRB5_CCACHE => $ctx->{krb5_ccache}, > MITKDC_CONFIG => $ctx->{mitkdc_conf}, >- SUPPORTED_ENCTYPE_BITS => $ctx->{supported_enctypes_bits}, > PIDDIR => $ctx->{piddir}, > SERVER => $ctx->{hostname}, > DC_SERVER => $ctx->{hostname}, >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index cd099408dab..a7bb971dc32 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1365,11 +1365,8 @@ plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", ' > for env in ["fl2008r2dc", "fl2003dc"]: > planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests", > environ={ >- 'CLIENT_USERNAME': '$USERNAME', >- 'CLIENT_PASSWORD': '$PASSWORD', >- 'CLIENT_AS_SUPPORTED_ENCTYPES': '$SUPPORTED_ENCTYPE_BITS', >- 'SERVER_USERNAME': '$SERVER', >- 'SERVER_PASSWORD': 'machine$PASSWORD', >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', > }) > >-- >2.25.1 > > >From 086ffe2847acbdf3ea8415688968c32bd89c59a4 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 053/149] tests/krb5/as_req_tests.py: add simple > test_as_req_enc_timestamp test > >Example commands: > >Windows 2012R2: >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=4 python/samba/tests/krb5/as_req_tests.py > >Windows 2008R2: >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py > >Samba: >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d5e350a4a490fecf570f1c248c9dde1466796166) >--- > python/samba/tests/krb5/as_req_tests.py | 85 ++++++++++++++++++++++++- > selftest/knownfail_mit_kdc | 5 ++ > 2 files changed, 89 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index e8c2a29221d..be33748dfb6 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -27,8 +27,10 @@ from samba.tests.krb5.kdc_base_test import KDCBaseTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_PREAUTH_REQUIRED, >+ KU_PA_ENC_TIMESTAMP, > NT_PRINCIPAL, >- NT_SRV_INST >+ NT_SRV_INST, >+ PADATA_ENC_TIMESTAMP > ) > > global_asn1_print = False >@@ -112,6 +114,87 @@ class AsReqKerberosTests(KDCBaseTest): > initial_etypes=etypes, > initial_kdc_options=krb5_asn1.KDCOptions('forwardable')) > >+ def test_as_req_enc_timestamp(self): >+ client_creds = self.get_client_creds() >+ client_account = client_creds.get_username() >+ client_as_etypes = client_creds.get_as_krb5_etypes() >+ krbtgt_creds = self.get_krbtgt_creds(require_strongest_key=True) >+ krbtgt_account = krbtgt_creds.get_username() >+ realm = krbtgt_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[client_account]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_INST, >+ names=[krbtgt_account, realm]) >+ >+ expected_crealm = realm >+ expected_cname = cname >+ expected_srealm = realm >+ expected_sname = sname >+ expected_salt = client_creds.get_forced_salt() >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ pa_pac = self.KERB_PA_PAC_REQUEST_create(True) >+ initial_padata = [pa_pac] >+ initial_etypes = client_as_etypes >+ initial_kdc_options = krb5_asn1.KDCOptions('forwardable') >+ initial_error_mode = KDC_ERR_PREAUTH_REQUIRED >+ >+ etype_info2 = self._test_as_exchange(cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ initial_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ initial_etypes, >+ initial_padata, >+ initial_kdc_options) >+ self.assertIsNotNone(etype_info2) >+ >+ preauth_key = self.PasswordKey_from_etype_info2(client_creds, etype_info2[0], kvno=0) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = KU_PA_ENC_TIMESTAMP >+ pa_ts = self.EncryptedData_create(preauth_key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >+ >+ preauth_padata = [pa_ts, pa_pac] >+ preauth_etypes = client_as_etypes >+ preauth_kdc_options = krb5_asn1.KDCOptions('forwardable') >+ preauth_error_mode = 0 # AS-REP >+ >+ krbtgt_decryption_key = ( >+ self.TicketDecryptionKey_from_creds(krbtgt_creds)) >+ >+ as_rep = self._test_as_exchange(cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ preauth_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ preauth_etypes, >+ preauth_padata, >+ preauth_kdc_options, >+ preauth_key=preauth_key, >+ ticket_decryption_key=krbtgt_decryption_key) >+ self.assertIsNotNone(as_rep) >+ return > > if __name__ == "__main__": > global_asn1_print = True >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 776148314d1..db40b0614fa 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -291,6 +291,11 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c > # >+# MIT currently fails the test_as_req_enc_timestamp test. >+# >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp.fl2008r2dc >+# > # MIT currently fails some as_req_no_preauth tests. > # > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256.fl2008r2dc >-- >2.25.1 > > >From 2dda4e25ff9716ff11930210f15595a379946b91 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:24:22 +1200 >Subject: [PATCH 054/149] tests/krb5/as_req_tests.py: Check the client kvno > >Ensure we have the correct kvno for the client, rather than an 'unknown' >value. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d4c38678e0cc782965edfe40a0423fafb7d5a5ff) >--- > python/samba/tests/krb5/as_req_tests.py | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index be33748dfb6..10e7b603609 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -118,6 +118,7 @@ class AsReqKerberosTests(KDCBaseTest): > client_creds = self.get_client_creds() > client_account = client_creds.get_username() > client_as_etypes = client_creds.get_as_krb5_etypes() >+ client_kvno = client_creds.get_kvno() > krbtgt_creds = self.get_krbtgt_creds(require_strongest_key=True) > krbtgt_account = krbtgt_creds.get_username() > realm = krbtgt_creds.get_realm() >@@ -157,7 +158,9 @@ class AsReqKerberosTests(KDCBaseTest): > initial_kdc_options) > self.assertIsNotNone(etype_info2) > >- preauth_key = self.PasswordKey_from_etype_info2(client_creds, etype_info2[0], kvno=0) >+ preauth_key = self.PasswordKey_from_etype_info2(client_creds, >+ etype_info2[0], >+ kvno=client_kvno) > > (patime, pausec) = self.get_KerberosTimeWithUsec() > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >-- >2.25.1 > > >From caabbaf7b0db8fa8ee5d88a1ee50fadcdd878097 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:25:34 +1200 >Subject: [PATCH 055/149] tests/krb5/raw_testcase.py: Check for an explicit > 'unspecified kvno' value > >This is clearer than using the constant zero, which could be mistaken >for a valid kvno value. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 381223117e0bae4c348d538bffaa8227b18ef3d1) >--- > python/samba/tests/krb5/raw_testcase.py | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 0e08f0ef7d2..b7044546cbd 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -393,6 +393,8 @@ class RawKerberosTest(TestCaseInTempDir): > > self.s = None > >+ self.unspecified_kvno = object() >+ > def tearDown(self): > self._disconnect("tearDown") > super().tearDown() >@@ -861,10 +863,11 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(v) > # The value on the wire should never be 0 > self.assertNotEqual(v, 0) >- # value == 0 means we don't know the kvno >- # but enforce at any value != 0 is present >- value = int(value) >- if value != 0: >+ # unspecified_kvno means we don't know the kvno, >+ # but want to enforce its presense >+ if value is not self.unspecified_kvno: >+ value = int(value) >+ self.assertNotEqual(value, 0) > self.assertEqual(v, value) > else: > self.assertIsNone(v) >@@ -1584,8 +1587,8 @@ class RawKerberosTest(TestCaseInTempDir): > ticket_encpart = self.getElementValue(ticket, 'enc-part') > if ticket_encpart is not None: # Never None, but gives indentation > self.assertElementPresent(ticket_encpart, 'etype') >- # 0 means present, with any value != 0 >- self.assertElementKVNO(ticket_encpart, 'kvno', 0) >+ # 'unspecified' means present, with any value != 0 >+ self.assertElementKVNO(ticket_encpart, 'kvno', self.unspecified_kvno) > self.assertElementPresent(ticket_encpart, 'cipher') > ticket_cipher = self.getElementValue(ticket_encpart, 'cipher') > self.assertElementPresent(rep, 'enc-part') >-- >2.25.1 > > >From c82fd55a980d02bd2396474402e22ff650d80dc8 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:01:50 +1200 >Subject: [PATCH 056/149] tests/krb5: Deduplicate 'host' attribute > initialisation > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3e621dcb6966f75034bb948a2705358d43454202) >--- > python/samba/tests/krb5/kdc_base_test.py | 1 - > python/samba/tests/krb5/raw_testcase.py | 4 ++-- > 2 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1f042aa78aa..89d374fc5cc 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -78,7 +78,6 @@ class KDCBaseTest(RawKerberosTest): > def setUpClass(cls): > super().setUpClass() > cls._lp = None >- cls.host = os.environ["SERVER"] > > cls._ldb = None > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index b7044546cbd..b9bc08d1fa9 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -375,6 +375,8 @@ class RawKerberosTest(TestCaseInTempDir): > def setUpClass(cls): > super().setUpClass() > >+ cls.host = samba.tests.env_get_var_value('SERVER') >+ > # A dictionary containing credentials that have already been > # obtained. > cls.creds_dict = {} >@@ -389,8 +391,6 @@ class RawKerberosTest(TestCaseInTempDir): > strict_checking = '1' > self.strict_checking = bool(int(strict_checking)) > >- self.host = samba.tests.env_get_var_value('SERVER') >- > self.s = None > > self.unspecified_kvno = object() >-- >2.25.1 > > >From 15e455fc4d1bf69d6cf8c095d03c01e56fa0086d Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:49:05 +1200 >Subject: [PATCH 057/149] tests/krb5/as_canonicalization_tests.py: Refactor > account creation > >Making this test a subclass of KDCBaseTest allows us to make use of its >methods for obtaining credentials and creating accounts, which helps to >eliminate some duplicated code. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fc857ea60e2a66d20d4174cb121e0a6949f8a0c1) >--- > .../tests/krb5/as_canonicalization_tests.py | 136 ++++-------------- > 1 file changed, 25 insertions(+), 111 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 43f532dc483..abb3f96a1e6 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -25,20 +25,11 @@ import pyasn1 > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > >-from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.kdc_base_test import KDCBaseTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >-import samba >-from samba.auth import system_session >-from samba.credentials import ( >- Credentials, >- DONT_USE_KERBEROS) >+from samba.credentials import DONT_USE_KERBEROS > from samba.dcerpc.misc import SEC_CHAN_WKSTA >-from samba.dsdb import ( >- UF_WORKSTATION_TRUST_ACCOUNT, >- UF_PASSWD_NOTREQD, >- UF_NORMAL_ACCOUNT) >-from samba.samdb import SamDB >-from samba.tests import delete_force, DynamicTestCase >+from samba.tests import DynamicTestCase > from samba.tests.krb5.rfc4120_constants import ( > AES256_CTS_HMAC_SHA1_96, > AES128_CTS_HMAC_SHA1_96, >@@ -96,12 +87,12 @@ class TestData: > else: > client_name_type = NT_PRINCIPAL > >- self.cname = RawKerberosTest.PrincipalName_create( >+ self.cname = KDCBaseTest.PrincipalName_create( > name_type=client_name_type, names=[self.user_name]) > if TestOptions.AsReqSelf.is_set(options): > self.sname = self.cname > else: >- self.sname = RawKerberosTest.PrincipalName_create( >+ self.sname = KDCBaseTest.PrincipalName_create( > name_type=NT_SRV_INST, names=["krbtgt", self.realm]) > self.canonicalize = TestOptions.Canonicalize.is_set(options) > >@@ -141,7 +132,7 @@ USER_NAME = "tstkrb5cnnusr" > > > @DynamicTestCase >-class KerberosASCanonicalizationTests(RawKerberosTest): >+class KerberosASCanonicalizationTests(KDCBaseTest): > > @classmethod > def setUpDynamicTestCases(cls): >@@ -170,114 +161,37 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > name = build_test_name(ct, x) > cls.generate_dynamic_test("test", name, x, ct) > >- @classmethod >- def setUpClass(cls): >- cls.lp = cls.get_loadparm(cls) >- cls.username = os.environ["USERNAME"] >- cls.password = os.environ["PASSWORD"] >- cls.host = os.environ["SERVER"] >- >- c = Credentials() >- c.set_username(cls.username) >- c.set_password(cls.password) >- try: >- realm = os.environ["REALM"] >- c.set_realm(realm) >- except KeyError: >- pass >- try: >- domain = os.environ["DOMAIN"] >- c.set_domain(domain) >- except KeyError: >- pass >+ def user_account_creds(self): >+ if self.user_creds is None: >+ samdb = self.get_samdb() >+ self.user_creds, _ = self.create_account(samdb, USER_NAME) > >- c.guess() >+ return self.user_creds > >- cls.credentials = c >+ def machine_account_creds(self): >+ if self.machine_creds is None: >+ samdb = self.get_samdb() >+ self.machine_creds, _ = self.create_account(samdb, >+ MACHINE_NAME, >+ machine_account=True) >+ self.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) >+ self.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) > >- cls.session = system_session() >- cls.ldb = SamDB(url="ldap://%s" % cls.host, >- session_info=cls.session, >- credentials=cls.credentials, >- lp=cls.lp) >- cls.create_machine_account() >- cls.create_user_account() >- >- @classmethod >- def tearDownClass(cls): >- super(KerberosASCanonicalizationTests, cls).tearDownClass() >- delete_force(cls.ldb, cls.machine_dn) >- delete_force(cls.ldb, cls.user_dn) >+ return self.machine_creds > > def setUp(self): >- super(KerberosASCanonicalizationTests, self).setUp() >+ super().setUp() > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >- # >- # Create a test user account >- @classmethod >- def create_user_account(cls): >- cls.user_pass = samba.generate_random_password(32, 32) >- cls.user_name = USER_NAME >- cls.user_dn = "cn=%s,%s" % (cls.user_name, cls.ldb.domain_dn()) >- >- # remove the account if it exists, this will happen if a previous test >- # run failed >- delete_force(cls.ldb, cls.user_dn) >- >- utf16pw = ('"%s"' % cls.user_pass).encode('utf-16-le') >- cls.ldb.add({ >- "dn": cls.user_dn, >- "objectclass": "user", >- "sAMAccountName": "%s" % cls.user_name, >- "userAccountControl": str(UF_NORMAL_ACCOUNT), >- "unicodePwd": utf16pw}) >- >- cls.user_creds = Credentials() >- cls.user_creds.guess(cls.lp) >- cls.user_creds.set_realm(cls.ldb.domain_dns_name().upper()) >- cls.user_creds.set_domain(cls.ldb.domain_netbios_name().upper()) >- cls.user_creds.set_password(cls.user_pass) >- cls.user_creds.set_username(cls.user_name) >- cls.user_creds.set_workstation(cls.machine_name) >- >- # >- # Create the machine account >- @classmethod >- def create_machine_account(cls): >- cls.machine_pass = samba.generate_random_password(32, 32) >- cls.machine_name = MACHINE_NAME >- cls.machine_dn = "cn=%s,%s" % (cls.machine_name, cls.ldb.domain_dn()) >- >- # remove the account if it exists, this will happen if a previous test >- # run failed >- delete_force(cls.ldb, cls.machine_dn) >- >- utf16pw = ('"%s"' % cls.machine_pass).encode('utf-16-le') >- cls.ldb.add({ >- "dn": cls.machine_dn, >- "objectclass": "computer", >- "sAMAccountName": "%s$" % cls.machine_name, >- "userAccountControl": >- str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), >- "unicodePwd": utf16pw}) >- >- cls.machine_creds = Credentials() >- cls.machine_creds.guess(cls.lp) >- cls.machine_creds.set_realm(cls.ldb.domain_dns_name().upper()) >- cls.machine_creds.set_domain(cls.ldb.domain_netbios_name().upper()) >- cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) >- cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) >- cls.machine_creds.set_password(cls.machine_pass) >- cls.machine_creds.set_username(cls.machine_name + "$") >- cls.machine_creds.set_workstation(cls.machine_name) >+ self.user_creds = None >+ self.machine_creds = None > > def _test_with_args(self, x, ct): > if ct == CredentialsType.User: >- creds = self.user_creds >+ creds = self.user_account_creds() > elif ct == CredentialsType.Machine: >- creds = self.machine_creds >+ creds = self.machine_account_creds() > else: > raise Exception("Unexpected credential type") > data = TestData(x, creds) >-- >2.25.1 > > >From 23ce73e0529f3431455eb0486df478ada7f23b84 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 12:52:11 +1200 >Subject: [PATCH 058/149] tests/krb5: Use admin creds for SamDB rather than > user creds > >This makes the purpose of each set of credentials more consistent, and >makes some tests more convenient to run standalone as they no longer >require user credentials. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ab221c1b3e24696aa0eed6aa970f310447657069) >--- > python/samba/tests/krb5/kdc_base_test.py | 2 +- > source4/selftest/tests.py | 42 ++++++++++++++++++++---- > 2 files changed, 36 insertions(+), 8 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 89d374fc5cc..0f5238a3de9 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -109,7 +109,7 @@ class KDCBaseTest(RawKerberosTest): > > def get_samdb(self): > if self._ldb is None: >- creds = self.get_user_creds() >+ creds = self.get_admin_creds() > lp = self.get_lp() > > session = system_session() >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index a7bb971dc32..aa5879d99fe 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -818,10 +818,26 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > > planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > >-planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") >-planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") >-planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc") >-planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) >+planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >@@ -1385,15 +1401,27 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > '--option=torture:expect_machine_account=true'] + extra_options, > "samba4.krb5.kdc with machine account") > >-planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") >+planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > planpythontestsuite( > "ad_dc", >- "samba.tests.krb5.kdc_tgs_tests") >+ "samba.tests.krb5.kdc_tgs_tests", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > planpythontestsuite( > "ad_dc", >- "samba.tests.krb5.ms_kile_client_principal_lookup_tests") >+ "samba.tests.krb5.ms_kile_client_principal_lookup_tests", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From f74fde46363b46173e3711680c754694bb45a403 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 21 Jun 2021 14:14:48 +1200 >Subject: [PATCH 059/149] s4:torture/krb5/kdc-heimdal: Automatically determine > AS-REP enctype to check against > >This enables us to more easily switch to a different algorithm to find >the strongest key in _kdc_find_etype(). > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit bf71fa038e9b97f770e06e88226e885d67342d47) >--- > selftest/knownfail | 6 +- > selftest/knownfail_mit_kdc | 6 ++ > source4/torture/krb5/kdc-heimdal.c | 104 +++++++++++++++++++++++++++-- > 3 files changed, 104 insertions(+), 12 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index ea72ea27620..2701fe4c5b3 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -295,10 +295,6 @@ > ^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) > ^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC > # >-# Differences in our KDC compared to windows >-# >-^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally >-# > # This will fail against the classic DC, because it requires kerberos > # > ^samba4.winbind.pac.*\(nt4_member:local\) # No KDC on a classic DC >@@ -337,7 +333,7 @@ > # > ^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\) > # fl2000dc doesn't support AES >-^samba4.krb5.kdc.*as-req-aes.*fl2000dc >+^samba4.krb5.kdc.*as-req-aes.fl2000dc > # nt4_member and ad_member don't support ntlmv1 (not even over SMB1) > ^samba3.blackbox.smbclient_auth.plain.*option=clientntlmv2auth=no.member.creds.*as.user.*_member > ^samba3.blackbox.smbclient_auth.plain.*option=clientntlmv2auth=no.*mNT1.member.creds.*as.user.*_member >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index db40b0614fa..fffa5c3cd7e 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -641,3 +641,9 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2008r2dc >+# Differences in our KDC compared to windows >+# >+^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally >+# >+# fl2000dc doesn't support AES >+^samba4.krb5.kdc.*as-req-aes.*fl2000dc >diff --git a/source4/torture/krb5/kdc-heimdal.c b/source4/torture/krb5/kdc-heimdal.c >index cc70c9eda67..ccd9919b33a 100644 >--- a/source4/torture/krb5/kdc-heimdal.c >+++ b/source4/torture/krb5/kdc-heimdal.c >@@ -204,11 +204,12 @@ static bool torture_check_krb5_error(struct torture_krb5_context *test_context, > > static bool torture_check_krb5_as_rep_enctype(struct torture_krb5_context *test_context, > const krb5_data *reply, >- krb5_enctype expected_enctype) >+ const krb5_enctype* allowed_enctypes) > { > ENCTYPE reply_enctype = { 0 }; > size_t used = 0; > int rc; >+ int expected_enctype = ETYPE_NULL; > > rc = decode_AS_REP(reply->data, > reply->length, >@@ -230,8 +231,84 @@ static bool torture_check_krb5_as_rep_enctype(struct torture_krb5_context *test_ > test_context->as_rep.ticket.enc_part.kvno, > "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno"); > >- reply_enctype = test_context->as_rep.enc_part.etype; >+ if (test_context->as_req.padata) { >+ /* >+ * If the AS-REQ contains a PA-ENC-TIMESTAMP, then >+ * that encryption type is used to determine the reply >+ * enctype. >+ */ >+ int i = 0; >+ const PA_DATA *pa = krb5_find_padata(test_context->as_req.padata->val, >+ test_context->as_req.padata->len, >+ KRB5_PADATA_ENC_TIMESTAMP, >+ &i); >+ if (pa) { >+ EncryptedData ed; >+ size_t len; >+ krb5_error_code ret = decode_EncryptedData(pa->padata_value.data, >+ pa->padata_value.length, >+ &ed, &len); >+ torture_assert_int_equal(test_context->tctx, >+ ret, >+ 0, >+ "decode_EncryptedData failed"); >+ expected_enctype = ed.etype; >+ free_EncryptedData(&ed); >+ } >+ } >+ if (expected_enctype == ETYPE_NULL) { >+ /* >+ * Otherwise, find the strongest enctype contained in >+ * the AS-REQ supported enctypes list. >+ */ >+ const krb5_enctype *p = NULL; >+ >+ for (p = krb5_kerberos_enctypes(NULL); *p != (krb5_enctype)ETYPE_NULL; ++p) { >+ int j; >+ >+ if ((*p == (krb5_enctype)ETYPE_AES256_CTS_HMAC_SHA1_96 || >+ *p == (krb5_enctype)ETYPE_AES128_CTS_HMAC_SHA1_96) && >+ !test_context->as_req.req_body.kdc_options.canonicalize) >+ { >+ /* >+ * AES encryption types are only used here when >+ * we set the canonicalize flag, as the salt >+ * needs to match. >+ */ >+ continue; >+ } >+ >+ for (j = 0; j < test_context->as_req.req_body.etype.len; ++j) { >+ krb5_enctype etype = test_context->as_req.req_body.etype.val[j]; >+ if (*p == etype) { >+ expected_enctype = etype; >+ break; >+ } >+ } >+ >+ if (expected_enctype != (krb5_enctype)ETYPE_NULL) { >+ break; >+ } >+ } >+ } >+ >+ { >+ /* Ensure the enctype to check against is an expected type. */ >+ const krb5_enctype *p = NULL; >+ bool found = false; >+ for (p = allowed_enctypes; *p != (krb5_enctype)ETYPE_NULL; ++p) { >+ if (*p == expected_enctype) { >+ found = true; >+ break; >+ } >+ } > >+ torture_assert(test_context->tctx, >+ found, >+ "Calculated enctype not in allowed list"); >+ } >+ >+ reply_enctype = test_context->as_rep.enc_part.etype; > torture_assert_int_equal(test_context->tctx, > reply_enctype, expected_enctype, > "Ticket encrypted with invalid algorithm"); >@@ -310,7 +387,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > if (test_context->packet_count == 0) { > ok = torture_check_krb5_error(test_context, > recv_buf, >- KRB5KRB_ERR_RESPONSE_TOO_BIG, >+ KRB5KDC_ERR_PREAUTH_REQUIRED, > false); > torture_assert(test_context->tctx, > ok, >@@ -318,7 +395,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > } else if (test_context->packet_count == 1) { > ok = torture_check_krb5_error(test_context, > recv_buf, >- KRB5KDC_ERR_PREAUTH_REQUIRED, >+ KRB5KRB_ERR_RESPONSE_TOO_BIG, > false); > torture_assert(test_context->tctx, > ok, >@@ -411,9 +488,13 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > ok, > "torture_check_krb5_error failed"); > } else { >+ const krb5_enctype allowed_enctypes[] = { >+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, >+ ETYPE_NULL >+ }; > ok = torture_check_krb5_as_rep_enctype(test_context, > recv_buf, >- KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96); >+ allowed_enctypes); > torture_assert(test_context->tctx, > ok, > "torture_check_krb5_as_rep_enctype failed"); >@@ -443,9 +524,13 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > ok, > "torture_check_krb5_error failed"); > } else { >+ const krb5_enctype allowed_enctypes[] = { >+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, >+ ETYPE_NULL >+ }; > ok = torture_check_krb5_as_rep_enctype(test_context, > recv_buf, >- KRB5_ENCTYPE_ARCFOUR_HMAC_MD5); >+ allowed_enctypes); > torture_assert(test_context->tctx, > ok, > "torture_check_krb5_as_rep_enctype failed"); >@@ -475,9 +560,14 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > ok, > "torture_check_krb5_error failed"); > } else { >+ const krb5_enctype allowed_enctypes[] = { >+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, >+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, >+ ETYPE_NULL >+ }; > ok = torture_check_krb5_as_rep_enctype(test_context, > recv_buf, >- KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96); >+ allowed_enctypes); > torture_assert(test_context->tctx, > ok, > "torture_check_krb5_as_rep_enctype failed"); >-- >2.25.1 > > >From 8fa20edde4322528493222476806c8ca1dd0a5be Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 7 Sep 2021 09:08:58 +1200 >Subject: [PATCH 060/149] selftest: add space after --list in output of > selftesthelpers.py > >Selected and backported from: > >commit b113a3bbcd03ab6a62883fbca85ee8749e038887 >Author: Volker Lendecke <vl@samba.org> >Date: Mon Apr 19 16:04:00 2021 +0200 > > torture: Show sddl_decode() failure for "GWFX" access mask > > Signed-off-by: Volker Lendecke <vl@samba.org> > Reviewed-by: Jeremy Allison <jra@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >(This allows subsequent patches to be cherry-picked cleanly) > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > selftest/selftesthelpers.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 7b4c084b6de..23f1b9ccd68 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -109,7 +109,7 @@ def plantestsuite_loadlist(name, env, cmdline): > raise AssertionError("loadlist test %s does not support not --list" % name) > if "$LOADLIST" not in cmdline: > raise AssertionError("loadlist test %s does not support --load-list" % name) >- print(("%s | %s" % (cmdline.replace("$LOADLIST", ""), add_prefix(name, env, support_list))).replace("$LISTOPT", "--list")) >+ print(("%s | %s" % (cmdline.replace("$LOADLIST", ""), add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) > print(cmdline.replace("$LISTOPT", "") + " 2>&1 " + " | " + add_prefix(name, env, False)) > > >-- >2.25.1 > > >From 1f9e56c9907de4bfad009e9382ea619fdbc14b0b Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 27 Jul 2021 08:50:54 +0200 >Subject: [PATCH 061/149] selftest: Re-format long lines in selftesthelpers.py > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 18976a9568b23759060377d09304e9d7badb143a) >--- > selftest/selftesthelpers.py | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 23f1b9ccd68..33968c8b594 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -1,4 +1,5 @@ >-#!/usr/bin/python >+#!/usr/bin/env python3 >+# > # This script generates a list of testsuites that should be run as part of > # the Samba 4 test suite. > >@@ -25,7 +26,8 @@ import sys > > > def srcdir(): >- return os.path.normpath(os.getenv("SRCDIR", os.path.join(os.path.dirname(os.path.abspath(__file__)), ".."))) >+ alternate_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "..") >+ return os.path.normpath(os.getenv("SRCDIR", alternate_path)) > > > def source4dir(): >@@ -91,7 +93,8 @@ def add_prefix(prefix, env, support_list=False): > listopt = "$LISTOPT " > else: > listopt = "" >- return "%s %s/selftest/filter-subunit %s--fail-on-empty --prefix=\"%s.\" --suffix=\"(%s)\"" % (python, srcdir(), listopt, prefix, env) >+ return ("%s %s/selftest/filter-subunit %s--fail-on-empty --prefix=\"%s.\" --suffix=\"(%s)\"" % >+ (python, srcdir(), listopt, prefix, env)) > > > def plantestsuite_loadlist(name, env, cmdline): >@@ -109,7 +112,9 @@ def plantestsuite_loadlist(name, env, cmdline): > raise AssertionError("loadlist test %s does not support not --list" % name) > if "$LOADLIST" not in cmdline: > raise AssertionError("loadlist test %s does not support --load-list" % name) >- print(("%s | %s" % (cmdline.replace("$LOADLIST", ""), add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) >+ print(("%s | %s" % >+ (cmdline.replace("$LOADLIST", ""), >+ add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) > print(cmdline.replace("$LISTOPT", "") + " 2>&1 " + " | " + add_prefix(name, env, False)) > > >@@ -164,7 +169,10 @@ bbdir = os.path.join(srcdir(), "testprogs/blackbox") > configuration = "--configfile=$SMB_CONF_PATH" > > smbtorture4 = binpath("smbtorture") >-smbtorture4_testsuite_list = subprocess.Popen([smbtorture4, "--list-suites"], stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate("")[0].decode('utf8').splitlines() >+smbtorture4_testsuite_list = subprocess.Popen( >+ [smbtorture4, "--list-suites"], >+ stdout=subprocess.PIPE, >+ stderr=subprocess.PIPE).communicate("")[0].decode('utf8').splitlines() > > smbtorture4_options = [ > configuration, >-- >2.25.1 > > >From f36a7e098124fb6ade5048e2c31d77ec1f58cafe Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 27 Jul 2021 13:25:59 +0200 >Subject: [PATCH 062/149] selftest: Add support for setting ENV variables in > plansmbtorture4testsuite() > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3db299e586fd9464b6e1b145f29b10c8ae325d3a) >--- > selftest/selftesthelpers.py | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 33968c8b594..15965f39c92 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -183,13 +183,14 @@ smbtorture4_options = [ > ] + get_env_torture_options() > > >-def plansmbtorture4testsuite(name, env, options, target, modname=None): >+def plansmbtorture4testsuite(name, env, options, target, environ={}, modname=None): > if modname is None: > modname = "samba4.%s" % name > if isinstance(options, list): > options = " ".join(options) > options = " ".join(smbtorture4_options + ["--target=%s" % target]) + " " + options >- cmdline = "%s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) >+ cmdline = ["%s=%s" % item for item in environ.items()] >+ cmdline += "%s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) > plantestsuite_loadlist(modname, env, cmdline) > > >-- >2.25.1 > > >From cca7b82f445be88badf162540b55380403311569 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 27 Jul 2021 13:45:03 +0200 >Subject: [PATCH 063/149] selftest: Add support for setting ENV variables in > plantestsuite() > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 48289b6964d28e153fec885aceca02c6a9b436ef) >--- > selftest/selftesthelpers.py | 25 +++++++++++++++++++------ > 1 file changed, 19 insertions(+), 6 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 15965f39c92..1dd30b01ea7 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -67,7 +67,7 @@ def valgrindify(cmdline): > return valgrind + " " + cmdline > > >-def plantestsuite(name, env, cmdline): >+def plantestsuite(name, env, cmd, environ={}): > """Plan a test suite. > > :param name: Testsuite name >@@ -81,8 +81,18 @@ def plantestsuite(name, env, cmdline): > fullname = "%s(%s)" % (name, env) > print(fullname) > print(env) >- if isinstance(cmdline, list): >- cmdline = " ".join(cmdline) >+ >+ cmdline = "" >+ if environ: >+ environ = dict(environ) >+ cmdline_env = ["%s=%s" % item for item in environ.items()] >+ cmdline = " ".join(cmdline_env) + " " >+ >+ if isinstance(cmd, list): >+ cmdline += " ".join(cmd) >+ else: >+ cmdline += cmd >+ > if "$LISTOPT" in cmdline: > raise AssertionError("test %s supports --list, but not --load-list" % name) > print(cmdline + " 2>&1 " + " | " + add_prefix(name, env)) >@@ -183,14 +193,17 @@ smbtorture4_options = [ > ] + get_env_torture_options() > > >-def plansmbtorture4testsuite(name, env, options, target, environ={}, modname=None): >+def plansmbtorture4testsuite(name, env, options, target, modname=None, environ={}): > if modname is None: > modname = "samba4.%s" % name > if isinstance(options, list): > options = " ".join(options) > options = " ".join(smbtorture4_options + ["--target=%s" % target]) + " " + options >- cmdline = ["%s=%s" % item for item in environ.items()] >- cmdline += "%s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) >+ cmdline = "" >+ if environ: >+ environ = dict(environ) >+ cmdline = ["%s=%s" % item for item in environ.items()] >+ cmdline += " %s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) > plantestsuite_loadlist(modname, env, cmdline) > > >-- >2.25.1 > > >From f8fa4aa9e6296372819f7b6e17c2a8ff709d6c35 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 19 Jul 2021 17:29:39 +1200 >Subject: [PATCH 064/149] pygensec: Fix memory leaks > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 814df05f8c10e9d82e6082d42ece1df569db4385) >--- > source4/auth/gensec/pygensec.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 490fcbecd58..f1f845a4663 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -310,9 +310,13 @@ static PyObject *py_gensec_session_info(PyObject *self, > return NULL; > } > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > status = gensec_session_info(security, mem_ctx, &info); > if (NT_STATUS_IS_ERR(status)) { >+ talloc_free(mem_ctx); > PyErr_SetNTSTATUS(status); > return NULL; > } >@@ -337,6 +341,9 @@ static PyObject *py_gensec_session_key(PyObject *self, > return NULL; > } > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > status = gensec_session_key(security, mem_ctx, &session_key); > if (!NT_STATUS_IS_OK(status)) { >@@ -466,7 +473,12 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args) > return NULL; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } >+ > if (!PyBytes_Check(py_in)) { >+ talloc_free(mem_ctx); > PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } >@@ -510,8 +522,12 @@ static PyObject *py_gensec_wrap(PyObject *self, PyObject *args) > return NULL; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > if (!PyBytes_Check(py_in)) { >+ talloc_free(mem_ctx); > PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } >@@ -545,8 +561,12 @@ static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args) > return NULL; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > if (!PyBytes_Check(py_in)) { >+ talloc_free(mem_ctx); > PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } >@@ -599,6 +619,9 @@ static PyObject *py_gensec_sign_packet(PyObject *self, PyObject *args) > pdu.length = pdu_length; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > status = gensec_sign_packet(security, mem_ctx, > data.data, data.length, >-- >2.25.1 > > >From be3000791a4db82dd79b41b1f21fdefe622a4eb2 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 20 Jul 2021 10:48:41 +1200 >Subject: [PATCH 065/149] pygensec: Don't modify Python bytes objects > >gensec_update() and gensec_unwrap() can both modify their input buffers >(for example, during the inplace RRC operation on GSSAPI tokens). >However, buffers obtained from Python bytes objects must not be modified >in any way. Create a copy of the input buffer so the original isn't >modified. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6818d204897d0b7946dcfbedf79cd53fb9b3f159) >--- > source4/auth/gensec/gensec_gssapi.c | 4 ++++ > source4/auth/gensec/pygensec.c | 36 ++++++++++++++++++++++------- > 2 files changed, 32 insertions(+), 8 deletions(-) > >diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c >index 2a261a1664f..e4166ade241 100644 >--- a/source4/auth/gensec/gensec_gssapi.c >+++ b/source4/auth/gensec/gensec_gssapi.c >@@ -1168,6 +1168,10 @@ static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security, > } > } > >+ /* >+ * FIXME: input_message_buffer is marked const, but gss_unwrap() may >+ * modify it (see calls to rrc_rotate() in _gssapi_unwrap_cfx()). >+ */ > maj_stat = gss_unwrap(&min_stat, > gensec_gssapi_state->gssapi_context, > &input_token, >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index f1f845a4663..dd63fa58348 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -468,6 +468,9 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args) > PyObject *py_bytes, *result, *py_in; > struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); > PyObject *finished_processing; >+ char *data = NULL; >+ Py_ssize_t len; >+ int err; > > if (!PyArg_ParseTuple(args, "O", &py_in)) > return NULL; >@@ -477,14 +480,21 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args) > return PyErr_NoMemory(); > } > >- if (!PyBytes_Check(py_in)) { >+ err = PyBytes_AsStringAndSize(py_in, &data, &len); >+ if (err) { > talloc_free(mem_ctx); >- PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } > >- in.data = (uint8_t *)PyBytes_AsString(py_in); >- in.length = PyBytes_Size(py_in); >+ /* >+ * Make a copy of the input buffer, as gensec_update may modify its >+ * input argument. >+ */ >+ in = data_blob_talloc(mem_ctx, data, len); >+ if (!in.data) { >+ talloc_free(mem_ctx); >+ return PyErr_NoMemory(); >+ } > > status = gensec_update(security, mem_ctx, in, &out); > >@@ -556,6 +566,9 @@ static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args) > DATA_BLOB in, out; > PyObject *ret, *py_in; > struct gensec_security *security = pytalloc_get_type(self, struct gensec_security); >+ char *data = NULL; >+ Py_ssize_t len; >+ int err; > > if (!PyArg_ParseTuple(args, "O", &py_in)) > return NULL; >@@ -565,14 +578,21 @@ static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args) > return PyErr_NoMemory(); > } > >- if (!PyBytes_Check(py_in)) { >+ err = PyBytes_AsStringAndSize(py_in, &data, &len); >+ if (err) { > talloc_free(mem_ctx); >- PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } > >- in.data = (uint8_t *)PyBytes_AsString(py_in); >- in.length = PyBytes_Size(py_in); >+ /* >+ * Make a copy of the input buffer, as gensec_unwrap may modify its >+ * input argument. >+ */ >+ in = data_blob_talloc(mem_ctx, data, len); >+ if (!in.data) { >+ talloc_free(mem_ctx); >+ return PyErr_NoMemory(); >+ } > > status = gensec_unwrap(security, mem_ctx, &in, &out); > >-- >2.25.1 > > >From c444db4210aca08f71e69578f463794c77122f66 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 26 Jul 2021 17:15:23 +1200 >Subject: [PATCH 066/149] tests/krb5: Fix ms_kile_client_principal_lookup_test > errors > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4797ced89095155c01e44727cf8b66ee4fb39710) >--- > .../krb5/ms_kile_client_principal_lookup_tests.py | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index e9d251e72f6..1598959a18c 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -395,7 +395,8 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the pac, and the ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ self.check_pac(samdb, >+ enc_part['authorization-data'], dn, uc, user_name) > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -497,7 +498,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) > self.check_pac( >- enc_part['authorization-data'], dn, uc, upn, upn=upn) >+ samdb, enc_part['authorization-data'], dn, uc, upn, upn=upn) > # check the crealm and cname > cname = enc_part['cname'] > crealm = enc_part['crealm'] >@@ -560,7 +561,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) > self.check_pac( >- enc_part['authorization-data'], dn, uc, ename, upn=ename) >+ samdb, enc_part['authorization-data'], dn, uc, ename, upn=ename) > # check the crealm and cname > cname = enc_part['cname'] > crealm = enc_part['crealm'] >@@ -624,7 +625,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) > self.check_pac( >- enc_part['authorization-data'], dn, mc, ename, upn=uname) >+ samdb, enc_part['authorization-data'], dn, mc, ename, upn=uname) > # check the crealm and cname > cname = enc_part['cname'] > crealm = enc_part['crealm'] >@@ -771,7 +772,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) > self.check_pac( >- enc_part['authorization-data'], dn, uc, uname, upn=uname) >+ samdb, enc_part['authorization-data'], dn, uc, uname, upn=uname) > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >-- >2.25.1 > > >From 3fd8e0d2ef30476480b80a395b80210512505c77 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 22 Jul 2021 16:26:17 +1200 >Subject: [PATCH 067/149] tests/krb5: Fix comment typo > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9eb4c4b7b1c2e8d124456e6a57262dc9c02d67d4) >--- > python/samba/tests/krb5/raw_testcase.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index b9bc08d1fa9..9c090e4d005 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -864,7 +864,7 @@ class RawKerberosTest(TestCaseInTempDir): > # The value on the wire should never be 0 > self.assertNotEqual(v, 0) > # unspecified_kvno means we don't know the kvno, >- # but want to enforce its presense >+ # but want to enforce its presence > if value is not self.unspecified_kvno: > value = int(value) > self.assertNotEqual(value, 0) >-- >2.25.1 > > >From aa8f09cb285de72e1e4462b090ca593fb0e1286c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 10:17:52 +1200 >Subject: [PATCH 068/149] tests/krb5: Fix method name typo > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 7013a8edd1f628b8659f0836f3b37ccf13156ae2) >--- > python/samba/tests/krb5/kdc_base_test.py | 4 ++-- > python/samba/tests/krb5/kdc_tgs_tests.py | 6 +++--- > .../ms_kile_client_principal_lookup_tests.py | 20 +++++++++---------- > 3 files changed, 15 insertions(+), 15 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 0f5238a3de9..4bd856b217e 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -444,7 +444,7 @@ class KDCBaseTest(RawKerberosTest): > > return enc_part > >- def check_pre_authenication(self, rep): >+ def check_pre_authentication(self, rep): > """ Check that the kdc response was pre-authentication required > """ > self.check_error_rep(rep, KDC_ERR_PREAUTH_REQUIRED) >@@ -794,7 +794,7 @@ class KDCBaseTest(RawKerberosTest): > names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(user_credentials, rep) >diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py >index 0c757bd5e5f..25a1f5f3ed8 100755 >--- a/python/samba/tests/krb5/kdc_tgs_tests.py >+++ b/python/samba/tests/krb5/kdc_tgs_tests.py >@@ -63,7 +63,7 @@ class KdcTgsTests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -113,7 +113,7 @@ class KdcTgsTests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -154,7 +154,7 @@ class KdcTgsTests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index 1598959a18c..e42b643b357 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -106,7 +106,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -165,7 +165,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(mc, rep) >@@ -227,7 +227,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -365,7 +365,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -433,7 +433,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -472,7 +472,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -535,7 +535,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -599,7 +599,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(mc, rep) >@@ -741,7 +741,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >@@ -810,7 +810,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > name_type=NT_SRV_INST, names=["krbtgt", realm]) > > rep = self.as_req(cname, sname, realm, etype) >- self.check_pre_authenication(rep) >+ self.check_pre_authentication(rep) > > # Do the next AS-REQ > padata = self.get_pa_data(uc, rep) >-- >2.25.1 > > >From e6f47204cf4480cbf8c58cc6a0be8bfd76ed5ab8 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 2 Aug 2021 17:00:09 +1200 >Subject: [PATCH 069/149] tests/krb5: formatting > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit df6623363a7ec1a13af48a09e1d29fa8784e825c) >--- > python/samba/tests/krb5/as_req_tests.py | 20 +- > python/samba/tests/krb5/kdc_base_test.py | 22 +- > python/samba/tests/krb5/raw_testcase.py | 323 +++++++++++++---------- > 3 files changed, 209 insertions(+), 156 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 10e7b603609..09cfc9e1fc8 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -82,16 +82,16 @@ class AsReqKerberosTests(KDCBaseTest): > return initial_padata, req_body > > kdc_exchange_dict = self.as_exchange_dict( >- expected_crealm=expected_crealm, >- expected_cname=expected_cname, >- expected_srealm=expected_srealm, >- expected_sname=expected_sname, >- generate_padata_fn=_generate_padata_copy, >- check_error_fn=self.generic_check_as_error, >- check_rep_fn=self.generic_check_kdc_rep, >- expected_error_mode=expected_error_mode, >- client_as_etypes=client_as_etypes, >- expected_salt=expected_salt) >+ expected_crealm=expected_crealm, >+ expected_cname=expected_cname, >+ expected_srealm=expected_srealm, >+ expected_sname=expected_sname, >+ generate_padata_fn=_generate_padata_copy, >+ check_error_fn=self.generic_check_as_error, >+ check_rep_fn=self.generic_check_kdc_rep, >+ expected_error_mode=expected_error_mode, >+ client_as_etypes=client_as_etypes, >+ expected_salt=expected_salt) > > rep = self._generic_kdc_exchange(kdc_exchange_dict, > kdc_options=str(initial_kdc_options), >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 4bd856b217e..c23c71e1d74 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -21,10 +21,7 @@ import os > from datetime import datetime, timezone > import tempfile > import binascii >-import struct > >-sys.path.insert(0, "bin/python") >-os.environ["PYTHONUNBUFFERED"] = "1" > from collections import namedtuple > import ldb > from ldb import SCOPE_BASE >@@ -66,6 +63,9 @@ from samba.tests.krb5.rfc4120_constants import ( > PADATA_ETYPE_INFO2, > ) > >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ > global_asn1_print = False > global_hexdump = False > >@@ -114,9 +114,9 @@ class KDCBaseTest(RawKerberosTest): > > session = system_session() > type(self)._ldb = SamDB(url="ldap://%s" % self.host, >- session_info=session, >- credentials=creds, >- lp=lp) >+ session_info=session, >+ credentials=creds, >+ lp=lp) > > return self._ldb > >@@ -337,6 +337,7 @@ class KDCBaseTest(RawKerberosTest): > require_strongest_key=False): > if require_strongest_key: > self.assertTrue(require_keys) >+ > def download_krbtgt_creds(): > samdb = self.get_samdb() > >@@ -742,15 +743,16 @@ class KDCBaseTest(RawKerberosTest): > .replace(tzinfo=timezone.utc).timestamp()) > > # Account for clock skew of up to five minutes. >- self.assertLess(cred.authtime - 5*60, >+ self.assertLess(cred.authtime - 5 * 60, > datetime.now(timezone.utc).timestamp(), > "Ticket not yet valid - clocks may be out of sync.") >- self.assertLess(cred.starttime - 5*60, >+ self.assertLess(cred.starttime - 5 * 60, > datetime.now(timezone.utc).timestamp(), > "Ticket not yet valid - clocks may be out of sync.") >- self.assertGreater(cred.endtime - 60*60, >+ self.assertGreater(cred.endtime - 60 * 60, > datetime.now(timezone.utc).timestamp(), >- "Ticket already expired/about to expire - clocks may be out of sync.") >+ "Ticket already expired/about to expire - " >+ "clocks may be out of sync.") > > cred.renew_till = cred.endtime > cred.is_skey = 0 >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 9c090e4d005..de9c25751d2 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -24,11 +24,19 @@ import datetime > import random > import binascii > import itertools >+from pyasn1.codec.der.decoder import decode as pyasn1_der_decode >+from pyasn1.codec.der.encoder import encode as pyasn1_der_encode >+from pyasn1.codec.native.decoder import decode as pyasn1_native_decode >+from pyasn1.codec.native.encoder import encode as pyasn1_native_encode >+ >+from pyasn1.codec.ber.encoder import BitStringEncoder > >-import samba.tests > from samba.credentials import Credentials >-from samba.tests import TestCaseInTempDir > from samba.dcerpc import security >+ >+import samba.tests >+from samba.tests import TestCaseInTempDir >+ > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_ETYPE_NOSUPP, >@@ -53,13 +61,6 @@ from samba.tests.krb5.rfc4120_constants import ( > ) > import samba.tests.krb5.kcrypto as kcrypto > >-from pyasn1.codec.der.decoder import decode as pyasn1_der_decode >-from pyasn1.codec.der.encoder import encode as pyasn1_der_encode >-from pyasn1.codec.native.decoder import decode as pyasn1_native_decode >-from pyasn1.codec.native.encoder import encode as pyasn1_native_encode >- >-from pyasn1.codec.ber.encoder import BitStringEncoder as BitStringEncoder >- > > def BitStringEncoder_encodeValue32( > self, value, asn1Spec, encodeFun, **options): >@@ -217,6 +218,7 @@ class Krb5EncryptionKey(object): > } > return EncryptionKey_obj > >+ > class KerberosCredentials(Credentials): > def __init__(self): > super(KerberosCredentials, self).__init__() >@@ -293,6 +295,7 @@ class KerberosCredentials(Credentials): > def get_forced_salt(self): > return self.forced_salt > >+ > class KerberosTicketCreds(object): > def __init__(self, ticket, session_key, > crealm=None, cname=None, >@@ -311,14 +314,15 @@ class KerberosTicketCreds(object): > self.encpart_private = encpart_private > return > >+ > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > > etypes_to_test = ( >- { "value": -1111, "name": "dummy", }, >- { "value": kcrypto.Enctype.AES256, "name": "aes128", }, >- { "value": kcrypto.Enctype.AES128, "name": "aes256", }, >- { "value": kcrypto.Enctype.RC4, "name": "rc4", }, >+ {"value": -1111, "name": "dummy", }, >+ {"value": kcrypto.Enctype.AES256, "name": "aes128", }, >+ {"value": kcrypto.Enctype.AES128, "name": "aes256", }, >+ {"value": kcrypto.Enctype.RC4, "name": "rc4", }, > ) > > setup_etype_test_permutations_done = False >@@ -332,7 +336,7 @@ class RawKerberosTest(TestCaseInTempDir): > > num_idxs = len(cls.etypes_to_test) > permutations = [] >- for num in range(1, num_idxs+1): >+ for num in range(1, num_idxs + 1): > chunk = list(itertools.permutations(range(num_idxs), num)) > for e in chunk: > el = list(e) >@@ -349,7 +353,7 @@ class RawKerberosTest(TestCaseInTempDir): > name += "_%s" % n > etypes += (cls.etypes_to_test[idx]["value"],) > >- r = { "name": name, "etypes": etypes, } >+ r = {"name": name, "etypes": etypes, } > res.append(r) > > cls.etype_test_permutations = res >@@ -386,7 +390,8 @@ class RawKerberosTest(TestCaseInTempDir): > self.do_asn1_print = False > self.do_hexdump = False > >- strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', allow_missing=True) >+ strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', >+ allow_missing=True) > if strict_checking is None: > strict_checking = '1' > self.strict_checking = bool(int(strict_checking)) >@@ -440,8 +445,9 @@ class RawKerberosTest(TestCaseInTempDir): > val = None > if prefix is not None: > allow_missing_prefix = allow_missing or fallback_default >- val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >- allow_missing=allow_missing_prefix) >+ val = samba.tests.env_get_var_value( >+ '%s_%s' % (prefix, varname), >+ allow_missing=allow_missing_prefix) > else: > fallback_default = True > if val is None and fallback_default: >@@ -506,7 +512,8 @@ class RawKerberosTest(TestCaseInTempDir): > if aes256_key is not None: > c.set_forced_key(kcrypto.Enctype.AES256, aes256_key) > aes128_key = self.env_get_var('AES128_KEY_HEX', prefix, >- fallback_default=False, allow_missing=True) >+ fallback_default=False, >+ allow_missing=True) > if aes128_key is not None: > c.set_forced_key(kcrypto.Enctype.AES128, aes128_key) > rc4_key = self.env_get_var('RC4_KEY_HEX', prefix, >@@ -536,11 +543,12 @@ class RawKerberosTest(TestCaseInTempDir): > env_err = None > try: > # Try to obtain them from the environment >- creds = self._get_krb5_creds_from_env(prefix, >- default_username=default_username, >- allow_missing_password=allow_missing_password, >- allow_missing_keys=allow_missing_keys, >- require_strongest_key=require_strongest_key) >+ creds = self._get_krb5_creds_from_env( >+ prefix, >+ default_username=default_username, >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ require_strongest_key=require_strongest_key) > except Exception as err: > # An error occurred, so save it for later > env_err = err >@@ -886,8 +894,8 @@ class RawKerberosTest(TestCaseInTempDir): > return s > > def get_Nonce(self): >- nonce_min=0x7f000000 >- nonce_max=0x7fffffff >+ nonce_min = 0x7f000000 >+ nonce_max = 0x7fffffff > v = random.randint(nonce_min, nonce_max) > return v > >@@ -936,15 +944,20 @@ class RawKerberosTest(TestCaseInTempDir): > if etype == kcrypto.Enctype.RC4: > nthash = creds.get_nt_hash() > self.assertIsNotNone(nthash, msg=fail_msg) >- return self.SessionKey_create(etype=etype, contents=nthash, kvno=kvno) >+ return self.SessionKey_create(etype=etype, >+ contents=nthash, >+ kvno=kvno) > > password = creds.get_password() > self.assertIsNotNone(password, msg=fail_msg) > salt = creds.get_forced_salt() > if salt is None: > salt = bytes("%s%s" % (creds.get_realm(), creds.get_username()), >- encoding='utf-8') >- return self.PasswordKey_create(etype=etype, pwd=password, salt=salt, kvno=kvno) >+ encoding='utf-8') >+ return self.PasswordKey_create(etype=etype, >+ pwd=password, >+ salt=salt, >+ kvno=kvno) > > def RandomKey(self, etype): > e = kcrypto._get_enctype_profile(etype) >@@ -1020,10 +1033,12 @@ class RawKerberosTest(TestCaseInTempDir): > return PA_ENC_TS_ENC_obj > > def KERB_PA_PAC_REQUEST_create(self, include_pac, pa_data_create=True): >- #KERB-PA-PAC-REQUEST ::= SEQUENCE { >- # include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC. >- # --If FALSE, and PAC present, remove PAC >- #} >+ # KERB-PA-PAC-REQUEST ::= SEQUENCE { >+ # include-pac[0] BOOLEAN --If TRUE, and no pac present, >+ # -- include PAC. >+ # --If FALSE, and PAC present, >+ # -- remove PAC. >+ # } > KERB_PA_PAC_REQUEST_obj = { > 'include-pac': include_pac, > } >@@ -1031,7 +1046,7 @@ class RawKerberosTest(TestCaseInTempDir): > return KERB_PA_PAC_REQUEST_obj > pa_pac = self.der_encode(KERB_PA_PAC_REQUEST_obj, > asn1Spec=krb5_asn1.KERB_PA_PAC_REQUEST()) >- pa_data = self.PA_DATA_create(128, pa_pac) # PA-PAC-REQUEST >+ pa_data = self.PA_DATA_create(128, pa_pac) # PA-PAC-REQUEST > return pa_data > > def KDC_REQ_BODY_create(self, >@@ -1327,11 +1342,14 @@ class RawKerberosTest(TestCaseInTempDir): > EncAuthorizationData=EncAuthorizationData, > EncAuthorizationData_key=EncAuthorizationData_key, > additional_tickets=additional_tickets) >- req_body_blob = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), >+ req_body_blob = self.der_encode(req_body, >+ asn1Spec=krb5_asn1.KDC_REQ_BODY(), > asn1_print=asn1_print, hexdump=hexdump) > >- req_body_checksum = self.Checksum_create( >- ticket_session_key, 6, req_body_blob, ctype=body_checksum_type) >+ req_body_checksum = self.Checksum_create(ticket_session_key, >+ 6, >+ req_body_blob, >+ ctype=body_checksum_type) > > subkey_obj = None > if authenticator_subkey is not None: >@@ -1390,7 +1408,10 @@ class RawKerberosTest(TestCaseInTempDir): > cksum_data += n.encode() > cksum_data += realm.encode() > cksum_data += "Kerberos".encode() >- cksum = self.Checksum_create(tgt_session_key, 17, cksum_data, ctype) >+ cksum = self.Checksum_create(tgt_session_key, >+ 17, >+ cksum_data, >+ ctype) > > PA_S4U2Self_obj = { > 'name': name, >@@ -1403,20 +1424,20 @@ class RawKerberosTest(TestCaseInTempDir): > return self.PA_DATA_create(129, pa_s4u2self) > > def _generic_kdc_exchange(self, >- kdc_exchange_dict, # required >- kdc_options=None, # required >- cname=None, # optional >- realm=None, # required >- sname=None, # optional >- from_time=None, # optional >- till_time=None, # required >- renew_time=None, # optional >- nonce=None, # required >- etypes=None, # required >- addresses=None, # optional >- EncAuthorizationData=None, # optional >- EncAuthorizationData_key=None, # optional >- additional_tickets=None): # optional >+ kdc_exchange_dict, # required >+ kdc_options=None, # required >+ cname=None, # optional >+ realm=None, # required >+ sname=None, # optional >+ from_time=None, # optional >+ till_time=None, # required >+ renew_time=None, # optional >+ nonce=None, # required >+ etypes=None, # required >+ addresses=None, # optional >+ EncAuthorizationData=None, # optional >+ EncAuthorizationData_key=None, # optional >+ additional_tickets=None): # optional > > check_error_fn = kdc_exchange_dict['check_error_fn'] > check_rep_fn = kdc_exchange_dict['check_rep_fn'] >@@ -1431,19 +1452,20 @@ class RawKerberosTest(TestCaseInTempDir): > if nonce is None: > nonce = self.get_Nonce() > >- req_body = self.KDC_REQ_BODY_create(kdc_options=kdc_options, >- cname=cname, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets) >+ req_body = self.KDC_REQ_BODY_create( >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets) > if generate_padata_fn is not None: > # This can alter req_body... > padata, req_body = generate_padata_fn(kdc_exchange_dict, >@@ -1455,10 +1477,10 @@ class RawKerberosTest(TestCaseInTempDir): > kdc_exchange_dict['req_padata'] = padata > kdc_exchange_dict['req_body'] = req_body > >- req_obj,req_decoded = self.KDC_REQ_create(msg_type=req_msg_type, >- padata=padata, >- req_body=req_body, >- asn1Spec=req_asn1Spec()) >+ req_obj, req_decoded = self.KDC_REQ_create(msg_type=req_msg_type, >+ padata=padata, >+ req_body=req_body, >+ asn1Spec=req_asn1Spec()) > > rep = self.send_recv_transaction(req_decoded) > self.assertIsNotNone(rep) >@@ -1571,7 +1593,7 @@ class RawKerberosTest(TestCaseInTempDir): > rep_encpart_asn1Spec = kdc_exchange_dict['rep_encpart_asn1Spec'] > msg_type = kdc_exchange_dict['rep_msg_type'] > >- self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP >+ self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP > padata = self.getElementValue(rep, 'padata') > self.assertElementEqualUTF8(rep, 'crealm', expected_crealm) > self.assertElementEqualPrincipal(rep, 'cname', expected_cname) >@@ -1579,22 +1601,23 @@ class RawKerberosTest(TestCaseInTempDir): > ticket = self.getElementValue(rep, 'ticket') > ticket_encpart = None > ticket_cipher = None >- if ticket is not None: # Never None, but gives indentation >+ if ticket is not None: # Never None, but gives indentation > self.assertElementPresent(ticket, 'tkt-vno') > self.assertElementEqualUTF8(ticket, 'realm', expected_srealm) > self.assertElementEqualPrincipal(ticket, 'sname', expected_sname) > self.assertElementPresent(ticket, 'enc-part') > ticket_encpart = self.getElementValue(ticket, 'enc-part') >- if ticket_encpart is not None: # Never None, but gives indentation >+ if ticket_encpart is not None: # Never None, but gives indentation > self.assertElementPresent(ticket_encpart, 'etype') > # 'unspecified' means present, with any value != 0 >- self.assertElementKVNO(ticket_encpart, 'kvno', self.unspecified_kvno) >+ self.assertElementKVNO(ticket_encpart, 'kvno', >+ self.unspecified_kvno) > self.assertElementPresent(ticket_encpart, 'cipher') > ticket_cipher = self.getElementValue(ticket_encpart, 'cipher') > self.assertElementPresent(rep, 'enc-part') > encpart = self.getElementValue(rep, 'enc-part') > encpart_cipher = None >- if encpart is not None: # Never None, but gives indentation >+ if encpart is not None: # Never None, but gives indentation > self.assertElementPresent(encpart, 'etype') > self.assertElementKVNO(ticket_encpart, 'kvno', 'autodetect') > self.assertElementPresent(encpart, 'cipher') >@@ -1602,24 +1625,35 @@ class RawKerberosTest(TestCaseInTempDir): > > encpart_decryption_key = None > if check_padata_fn is not None: >- # See if get the decryption key from the preauth phase >- encpart_decryption_key,encpart_decryption_usage = \ >- check_padata_fn(kdc_exchange_dict, callback_dict, >- rep, padata) >+ # See if we can get the decryption key from the preauth phase >+ encpart_decryption_key, encpart_decryption_usage = ( >+ check_padata_fn(kdc_exchange_dict, callback_dict, >+ rep, padata)) > > ticket_private = None > if ticket_decryption_key is not None: >- self.assertElementEqual(ticket_encpart, 'etype', ticket_decryption_key.etype) >- self.assertElementKVNO(ticket_encpart, 'kvno', ticket_decryption_key.kvno) >- ticket_decpart = ticket_decryption_key.decrypt(KU_TICKET, ticket_cipher) >- ticket_private = self.der_decode(ticket_decpart, asn1Spec=krb5_asn1.EncTicketPart()) >+ self.assertElementEqual(ticket_encpart, 'etype', >+ ticket_decryption_key.etype) >+ self.assertElementKVNO(ticket_encpart, 'kvno', >+ ticket_decryption_key.kvno) >+ ticket_decpart = ticket_decryption_key.decrypt(KU_TICKET, >+ ticket_cipher) >+ ticket_private = self.der_decode( >+ ticket_decpart, >+ asn1Spec=krb5_asn1.EncTicketPart()) > > encpart_private = None > if encpart_decryption_key is not None: >- self.assertElementEqual(encpart, 'etype', encpart_decryption_key.etype) >- self.assertElementKVNO(encpart, 'kvno', encpart_decryption_key.kvno) >- rep_decpart = encpart_decryption_key.decrypt(encpart_decryption_usage, encpart_cipher) >- encpart_private = self.der_decode(rep_decpart, asn1Spec=rep_encpart_asn1Spec()) >+ self.assertElementEqual(encpart, 'etype', >+ encpart_decryption_key.etype) >+ self.assertElementKVNO(encpart, 'kvno', >+ encpart_decryption_key.kvno) >+ rep_decpart = encpart_decryption_key.decrypt( >+ encpart_decryption_usage, >+ encpart_cipher) >+ encpart_private = self.der_decode( >+ rep_decpart, >+ asn1Spec=rep_encpart_asn1Spec()) > > if check_kdc_private_fn is not None: > check_kdc_private_fn(kdc_exchange_dict, callback_dict, >@@ -1647,12 +1681,14 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementPresent(ticket_private, 'flags') > self.assertElementPresent(ticket_private, 'key') > ticket_key = self.getElementValue(ticket_private, 'key') >- if ticket_key is not None: # Never None, but gives indentation >+ if ticket_key is not None: # Never None, but gives indentation > self.assertElementPresent(ticket_key, 'keytype') > self.assertElementPresent(ticket_key, 'keyvalue') > ticket_session_key = self.EncryptionKey_import(ticket_key) >- self.assertElementEqualUTF8(ticket_private, 'crealm', expected_crealm) >- self.assertElementEqualPrincipal(ticket_private, 'cname', expected_cname) >+ self.assertElementEqualUTF8(ticket_private, 'crealm', >+ expected_crealm) >+ self.assertElementEqualPrincipal(ticket_private, 'cname', >+ expected_cname) > self.assertElementPresent(ticket_private, 'transited') > self.assertElementPresent(ticket_private, 'authtime') > if self.strict_checking: >@@ -1666,39 +1702,45 @@ class RawKerberosTest(TestCaseInTempDir): > if encpart_private is not None: > self.assertElementPresent(encpart_private, 'key') > encpart_key = self.getElementValue(encpart_private, 'key') >- if encpart_key is not None: # Never None, but gives indentation >+ if encpart_key is not None: # Never None, but gives indentation > self.assertElementPresent(encpart_key, 'keytype') > self.assertElementPresent(encpart_key, 'keyvalue') > encpart_session_key = self.EncryptionKey_import(encpart_key) > self.assertElementPresent(encpart_private, 'last-req') > self.assertElementPresent(encpart_private, 'nonce') >- # TODO self.assertElementPresent(encpart_private, 'key-expiration') >+ # TODO self.assertElementPresent(encpart_private, >+ # 'key-expiration') > self.assertElementPresent(encpart_private, 'flags') > self.assertElementPresent(encpart_private, 'authtime') > if self.strict_checking: > self.assertElementPresent(encpart_private, 'starttime') > self.assertElementPresent(encpart_private, 'endtime') > # TODO self.assertElementPresent(encpart_private, 'renew-till') >- self.assertElementEqualUTF8(encpart_private, 'srealm', expected_srealm) >- self.assertElementEqualPrincipal(encpart_private, 'sname', expected_sname) >+ self.assertElementEqualUTF8(encpart_private, 'srealm', >+ expected_srealm) >+ self.assertElementEqualPrincipal(encpart_private, 'sname', >+ expected_sname) > # TODO self.assertElementMissing(encpart_private, 'caddr') > > if ticket_session_key is not None and encpart_session_key is not None: >- self.assertEqual(ticket_session_key.etype, encpart_session_key.etype) >- self.assertEqual(ticket_session_key.key.contents, encpart_session_key.key.contents) >+ self.assertEqual(ticket_session_key.etype, >+ encpart_session_key.etype) >+ self.assertEqual(ticket_session_key.key.contents, >+ encpart_session_key.key.contents) > if encpart_session_key is not None: > session_key = encpart_session_key > else: > session_key = ticket_session_key >- ticket_creds = KerberosTicketCreds(ticket, >- session_key, >- crealm=expected_crealm, >- cname=expected_cname, >- srealm=expected_srealm, >- sname=expected_sname, >- decryption_key=ticket_decryption_key, >- ticket_private=ticket_private, >- encpart_private=encpart_private) >+ ticket_creds = KerberosTicketCreds( >+ ticket, >+ session_key, >+ crealm=expected_crealm, >+ cname=expected_cname, >+ srealm=expected_srealm, >+ sname=expected_sname, >+ decryption_key=ticket_decryption_key, >+ ticket_private=ticket_private, >+ encpart_private=encpart_private) > > kdc_exchange_dict['rep_ticket_creds'] = ticket_creds > return >@@ -1728,11 +1770,11 @@ class RawKerberosTest(TestCaseInTempDir): > if kcrypto.Enctype.RC4 in proposed_etypes: > expect_etype_info = True > for etype in proposed_etypes: >- if etype in (kcrypto.Enctype.AES256,kcrypto.Enctype.AES128): >+ if etype in (kcrypto.Enctype.AES256, kcrypto.Enctype.AES128): > expect_etype_info = False > if etype not in client_as_etypes: > continue >- if etype in (kcrypto.Enctype.AES256,kcrypto.Enctype.AES128): >+ if etype in (kcrypto.Enctype.AES256, kcrypto.Enctype.AES128): > if etype > expected_aes_type: > expected_aes_type = etype > if etype in (kcrypto.Enctype.RC4,): >@@ -1779,14 +1821,17 @@ class RawKerberosTest(TestCaseInTempDir): > if self.strict_checking: > self.assertIsNotNone(edata) > if edata is not None: >- rep_padata = self.der_decode(edata, asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode(edata, >+ asn1Spec=krb5_asn1.METHOD_DATA()) > self.assertGreater(len(rep_padata), 0) > else: > rep_padata = [] > > if self.strict_checking: > for i in range(0, len(expected_patypes)): >- self.assertElementEqual(rep_padata[i], 'padata-type', expected_patypes[i]) >+ self.assertElementEqual(rep_padata[i], >+ 'padata-type', >+ expected_patypes[i]) > self.assertEqual(len(rep_padata), len(expected_patypes)) > > etype_info2 = None >@@ -1799,11 +1844,13 @@ class RawKerberosTest(TestCaseInTempDir): > pavalue = self.getElementValue(pa, 'padata-value') > if patype == PADATA_ETYPE_INFO2: > self.assertIsNone(etype_info2) >- etype_info2 = self.der_decode(pavalue, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode(pavalue, >+ asn1Spec=krb5_asn1.ETYPE_INFO2()) > continue > if patype == PADATA_ETYPE_INFO: > self.assertIsNone(etype_info) >- etype_info = self.der_decode(pavalue, asn1Spec=krb5_asn1.ETYPE_INFO()) >+ etype_info = self.der_decode(pavalue, >+ asn1Spec=krb5_asn1.ETYPE_INFO()) > continue > if patype == PADATA_ENC_TIMESTAMP: > self.assertIsNone(enc_timestamp) >@@ -1881,7 +1928,8 @@ class RawKerberosTest(TestCaseInTempDir): > authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] > body_checksum_type = kdc_exchange_dict['body_checksum_type'] > >- req_body_blob = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY()) >+ req_body_blob = self.der_encode(req_body, >+ asn1Spec=krb5_asn1.KDC_REQ_BODY()) > > req_body_checksum = self.Checksum_create(tgt.session_key, > KU_TGS_REQ_AUTH_CKSUM, >@@ -1893,15 +1941,18 @@ class RawKerberosTest(TestCaseInTempDir): > subkey_obj = authenticator_subkey.export_obj() > seq_number = random.randint(0, 0xfffffffe) > (ctime, cusec) = self.get_KerberosTimeWithUsec() >- authenticator_obj = self.Authenticator_create(crealm=tgt.crealm, >- cname=tgt.cname, >- cksum=req_body_checksum, >- cusec=cusec, >- ctime=ctime, >- subkey=subkey_obj, >- seq_number=seq_number, >- authorization_data=None) >- authenticator_blob = self.der_encode(authenticator_obj, asn1Spec=krb5_asn1.Authenticator()) >+ authenticator_obj = self.Authenticator_create( >+ crealm=tgt.crealm, >+ cname=tgt.cname, >+ cksum=req_body_checksum, >+ cusec=cusec, >+ ctime=ctime, >+ subkey=subkey_obj, >+ seq_number=seq_number, >+ authorization_data=None) >+ authenticator_blob = self.der_encode( >+ authenticator_obj, >+ asn1Spec=krb5_asn1.Authenticator()) > > authenticator = self.EncryptedData_create(tgt.session_key, > KU_TGS_REQ_AUTH, >@@ -1909,8 +1960,8 @@ class RawKerberosTest(TestCaseInTempDir): > > ap_options = krb5_asn1.APOptions('0') > ap_req_obj = self.AP_REQ_create(ap_options=str(ap_options), >- ticket=tgt.ticket, >- authenticator=authenticator) >+ ticket=tgt.ticket, >+ authenticator=authenticator) > ap_req = self.der_encode(ap_req_obj, asn1Spec=krb5_asn1.AP_REQ()) > pa_tgs_req = self.PA_DATA_create(PADATA_KDC_REQ, ap_req) > padata = [pa_tgs_req] >@@ -1964,19 +2015,19 @@ class RawKerberosTest(TestCaseInTempDir): > return preauth_key, as_rep_usage > > kdc_exchange_dict = self.as_exchange_dict( >- expected_crealm=expected_crealm, >- expected_cname=expected_cname, >- expected_srealm=expected_srealm, >- expected_sname=expected_sname, >- ticket_decryption_key=ticket_decryption_key, >- generate_padata_fn=_generate_padata_copy, >- check_error_fn=self.generic_check_as_error, >- check_rep_fn=self.generic_check_kdc_rep, >- check_padata_fn=_check_padata_preauth_key, >- check_kdc_private_fn=self.generic_check_kdc_private, >- expected_error_mode=expected_error_mode, >- client_as_etypes=client_as_etypes, >- expected_salt=expected_salt) >+ expected_crealm=expected_crealm, >+ expected_cname=expected_cname, >+ expected_srealm=expected_srealm, >+ expected_sname=expected_sname, >+ ticket_decryption_key=ticket_decryption_key, >+ generate_padata_fn=_generate_padata_copy, >+ check_error_fn=self.generic_check_as_error, >+ check_rep_fn=self.generic_check_kdc_rep, >+ check_padata_fn=_check_padata_preauth_key, >+ check_kdc_private_fn=self.generic_check_kdc_private, >+ expected_error_mode=expected_error_mode, >+ client_as_etypes=client_as_etypes, >+ expected_salt=expected_salt) > > rep = self._generic_kdc_exchange(kdc_exchange_dict, > kdc_options=str(kdc_options), >@@ -1986,7 +2037,7 @@ class RawKerberosTest(TestCaseInTempDir): > till_time=till, > etypes=etypes) > >- if expected_error_mode == 0: # AS-REP >+ if expected_error_mode == 0: # AS-REP > return rep > > return kdc_exchange_dict['preauth_etype_info2'] >-- >2.25.1 > > >From 7fba80748bd99db54ebd4b1acef1e7a65d81add7 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 2 Aug 2021 17:01:39 +1200 >Subject: [PATCH 070/149] tests/krb5: Remove unneeded statements > >A return statement is redundant as the last statement in a method, as >methods will otherwise return None. Also, code blocks consisting of a >single 'pass' statement can be safely omitted. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1320ac0f91a9b0fc8156840ec498059ee10b5a2d) >--- > python/samba/tests/krb5/as_req_tests.py | 2 - > python/samba/tests/krb5/raw_testcase.py | 99 +++++++++---------------- > 2 files changed, 33 insertions(+), 68 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 09cfc9e1fc8..106c7489e9c 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -46,7 +46,6 @@ class AsReqKerberosTests(KDCBaseTest): > tname = "%s_pac_%s" % (name, pac) > targs = (idx, pac) > cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs) >- return > > def setUp(self): > super(AsReqKerberosTests, self).setUp() >@@ -197,7 +196,6 @@ class AsReqKerberosTests(KDCBaseTest): > preauth_key=preauth_key, > ticket_decryption_key=krbtgt_decryption_key) > self.assertIsNotNone(as_rep) >- return > > if __name__ == "__main__": > global_asn1_print = True >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index de9c25751d2..34eae177882 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -195,7 +195,6 @@ class Krb5EncryptionKey(object): > self.etype = key.enctype > self.ctype = EncTypeChecksum[self.etype] > self.kvno = kvno >- return > > def encrypt(self, usage, plaintext): > ciphertext = kcrypto.encrypt(self.key, usage, plaintext) >@@ -235,19 +234,15 @@ class KerberosCredentials(Credentials): > self.forced_keys = {} > > self.forced_salt = None >- return > > def set_as_supported_enctypes(self, value): > self.as_supported_enctypes = int(value) >- return > > def set_tgs_supported_enctypes(self, value): > self.tgs_supported_enctypes = int(value) >- return > > def set_ap_supported_enctypes(self, value): > self.ap_supported_enctypes = int(value) >- return > > def _get_krb5_etypes(self, supported_enctypes): > etypes = () >@@ -290,7 +285,6 @@ class KerberosCredentials(Credentials): > > def set_forced_salt(self, salt): > self.forced_salt = bytes(salt) >- return > > def get_forced_salt(self): > return self.forced_salt >@@ -312,7 +306,6 @@ class KerberosTicketCreds(object): > self.decryption_key = decryption_key > self.ticket_private = ticket_private > self.encpart_private = encpart_private >- return > > > class RawKerberosTest(TestCaseInTempDir): >@@ -358,7 +351,6 @@ class RawKerberosTest(TestCaseInTempDir): > > cls.etype_test_permutations = res > cls.setup_etype_test_permutations_done = True >- return > > @classmethod > def etype_test_permutation_name_idx(cls): >@@ -427,17 +419,12 @@ class RawKerberosTest(TestCaseInTempDir): > except IOError: > self.s.close() > raise >- except Exception: >- raise >- finally: >- pass > > def connect(self): > self.assertNotConnected() > self._connect_tcp() > if self.do_hexdump: > sys.stderr.write("connected[%s]\n" % self.host) >- return > > def env_get_var(self, varname, prefix, > fallback_default=True, >@@ -704,8 +691,6 @@ class RawKerberosTest(TestCaseInTempDir): > except IOError as e: > self._disconnect("send_pdu: %s" % e) > raise >- finally: >- pass > > def recv_raw(self, num_recv=0xffff, hexdump=None, timeout=None): > rep_pdu = None >@@ -721,57 +706,51 @@ class RawKerberosTest(TestCaseInTempDir): > except socket.timeout: > self.s.settimeout(10) > sys.stderr.write("recv_raw: TIMEOUT\n") >- pass > except socket.error as e: > self._disconnect("recv_raw: %s" % e) > raise > except IOError as e: > self._disconnect("recv_raw: %s" % e) > raise >- finally: >- pass > return rep_pdu > > def recv_pdu_raw(self, asn1_print=None, hexdump=None, timeout=None): > rep_pdu = None > rep = None >- try: >+ raw_pdu = self.recv_raw( >+ num_recv=4, hexdump=hexdump, timeout=timeout) >+ if raw_pdu is None: >+ return (None, None) >+ header = struct.unpack(">I", raw_pdu[0:4]) >+ k5_len = header[0] >+ if k5_len == 0: >+ return (None, "") >+ missing = k5_len >+ rep_pdu = b'' >+ while missing > 0: > raw_pdu = self.recv_raw( >- num_recv=4, hexdump=hexdump, timeout=timeout) >- if raw_pdu is None: >- return (None, None) >- header = struct.unpack(">I", raw_pdu[0:4]) >- k5_len = header[0] >- if k5_len == 0: >- return (None, "") >- missing = k5_len >- rep_pdu = b'' >- while missing > 0: >- raw_pdu = self.recv_raw( >- num_recv=missing, hexdump=hexdump, timeout=timeout) >- self.assertGreaterEqual(len(raw_pdu), 1) >- rep_pdu += raw_pdu >- missing = k5_len - len(rep_pdu) >- k5_raw = self.der_decode( >- rep_pdu, >- asn1Spec=None, >- native_encode=False, >- asn1_print=False, >- hexdump=False) >- pvno = k5_raw['field-0'] >- self.assertEqual(pvno, 5) >- msg_type = k5_raw['field-1'] >- self.assertIn(msg_type, [11, 13, 30]) >- if msg_type == 11: >- asn1Spec = krb5_asn1.AS_REP() >- elif msg_type == 13: >- asn1Spec = krb5_asn1.TGS_REP() >- elif msg_type == 30: >- asn1Spec = krb5_asn1.KRB_ERROR() >- rep = self.der_decode(rep_pdu, asn1Spec=asn1Spec, >- asn1_print=asn1_print, hexdump=False) >- finally: >- pass >+ num_recv=missing, hexdump=hexdump, timeout=timeout) >+ self.assertGreaterEqual(len(raw_pdu), 1) >+ rep_pdu += raw_pdu >+ missing = k5_len - len(rep_pdu) >+ k5_raw = self.der_decode( >+ rep_pdu, >+ asn1Spec=None, >+ native_encode=False, >+ asn1_print=False, >+ hexdump=False) >+ pvno = k5_raw['field-0'] >+ self.assertEqual(pvno, 5) >+ msg_type = k5_raw['field-1'] >+ self.assertIn(msg_type, [11, 13, 30]) >+ if msg_type == 11: >+ asn1Spec = krb5_asn1.AS_REP() >+ elif msg_type == 13: >+ asn1Spec = krb5_asn1.TGS_REP() >+ elif msg_type == 30: >+ asn1Spec = krb5_asn1.KRB_ERROR() >+ rep = self.der_decode(rep_pdu, asn1Spec=asn1Spec, >+ asn1_print=asn1_print, hexdump=False) > return (rep, rep_pdu) > > def recv_pdu(self, asn1_print=None, hexdump=None, timeout=None): >@@ -782,11 +761,9 @@ class RawKerberosTest(TestCaseInTempDir): > > def assertIsConnected(self): > self.assertIsNotNone(self.s, msg="Not connected") >- return > > def assertNotConnected(self): > self.assertIsNone(self.s, msg="Is connected") >- return > > def send_recv_transaction( > self, >@@ -807,11 +784,9 @@ class RawKerberosTest(TestCaseInTempDir): > > def assertNoValue(self, value): > self.assertTrue(value.isNoValue) >- return > > def assertHasValue(self, value): > self.assertIsNotNone(value) >- return > > def getElementValue(self, obj, elem): > v = None >@@ -824,24 +799,20 @@ class RawKerberosTest(TestCaseInTempDir): > def assertElementMissing(self, obj, elem): > v = self.getElementValue(obj, elem) > self.assertIsNone(v) >- return > > def assertElementPresent(self, obj, elem): > v = self.getElementValue(obj, elem) > self.assertIsNotNone(v) >- return > > def assertElementEqual(self, obj, elem, value): > v = self.getElementValue(obj, elem) > self.assertIsNotNone(v) > self.assertEqual(v, value) >- return > > def assertElementEqualUTF8(self, obj, elem, value): > v = self.getElementValue(obj, elem) > self.assertIsNotNone(v) > self.assertEqual(v, bytes(value, 'utf8')) >- return > > def assertPrincipalEqual(self, princ1, princ2): > self.assertEqual(princ1['name-type'], princ2['name-type']) >@@ -854,14 +825,12 @@ class RawKerberosTest(TestCaseInTempDir): > princ1['name-string'][idx], > princ2['name-string'][idx], > msg="princ1=%s != princ2=%s" % (princ1, princ2)) >- return > > def assertElementEqualPrincipal(self, obj, elem, value): > v = self.getElementValue(obj, elem) > self.assertIsNotNone(v) > v = pyasn1_native_decode(v, asn1Spec=krb5_asn1.PrincipalName()) > self.assertPrincipalEqual(v, value) >- return > > def assertElementKVNO(self, obj, elem, value): > v = self.getElementValue(obj, elem) >@@ -879,7 +848,6 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertEqual(v, value) > else: > self.assertIsNone(v) >- return > > def get_KerberosTimeWithUsec(self, epoch=None, offset=None): > if epoch is None: >@@ -1743,7 +1711,6 @@ class RawKerberosTest(TestCaseInTempDir): > encpart_private=encpart_private) > > kdc_exchange_dict['rep_ticket_creds'] = ticket_creds >- return > > def generic_check_as_error(self, > kdc_exchange_dict, >-- >2.25.1 > > >From 58aab6dba313cd5fc04cb43bd58282afd744cd91 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 2 Aug 2021 17:10:32 +1200 >Subject: [PATCH 071/149] tests/krb5: Use more compact dict lookup > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 38b3a361819c716adb773fb3b4507c28d7d26c0d) >--- > python/samba/tests/krb5/kdc_base_test.py | 5 +---- > python/samba/tests/krb5/raw_testcase.py | 18 ++++-------------- > 2 files changed, 5 insertions(+), 18 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index c23c71e1d74..79efc68254e 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -722,10 +722,7 @@ class KDCBaseTest(RawKerberosTest): > ticket_data = self.der_encode(ticket, asn1Spec=krb5_asn1.Ticket()) > > authtime = enc_part['authtime'] >- try: >- starttime = enc_part['starttime'] >- except KeyError: >- starttime = authtime >+ starttime = enc_part.get('starttime', authtime) > endtime = enc_part['endtime'] > > cred = krb5ccache.CREDENTIAL() >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 34eae177882..15bbd9ec999 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -279,9 +279,7 @@ class KerberosCredentials(Credentials): > > def get_forced_key(self, etype): > etype = int(etype) >- if etype in self.forced_keys: >- return self.forced_keys[etype] >- return None >+ return self.forced_keys.get(etype, None) > > def set_forced_salt(self, salt): > self.forced_salt = bytes(salt) >@@ -789,12 +787,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(value) > > def getElementValue(self, obj, elem): >- v = None >- try: >- v = obj[elem] >- except KeyError: >- pass >- return v >+ return obj.get(elem, None) > > def assertElementMissing(self, obj, elem): > v = self.getElementValue(obj, elem) >@@ -879,11 +872,8 @@ class RawKerberosTest(TestCaseInTempDir): > > def PasswordKey_from_etype_info2(self, creds, etype_info2, kvno=None): > e = etype_info2['etype'] >- salt = None >- try: >- salt = etype_info2['salt'] >- except Exception: >- pass >+ >+ salt = etype_info2.get('salt', None) > > if e == kcrypto.Enctype.RC4: > nthash = creds.get_nt_hash() >-- >2.25.1 > > >From 9dcc9974a00dcc5aa5fd3b47b2b451fe74b34e9f Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 3 Aug 2021 15:03:00 +1200 >Subject: [PATCH 072/149] tests/krb5: Simplify Python syntax > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 41c3e410344280d691e5a21fa5240ef52e71bd2d) >--- > python/samba/tests/krb5/raw_testcase.py | 12 +++++------- > 1 file changed, 5 insertions(+), 7 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 15bbd9ec999..31731a6547c 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -184,7 +184,7 @@ krb5_asn1.KerbErrorDataType.prettyPrint =\ > Integer_NamedValues_prettyPrint > > >-class Krb5EncryptionKey(object): >+class Krb5EncryptionKey: > def __init__(self, key, kvno): > EncTypeChecksum = { > kcrypto.Enctype.AES256: kcrypto.Cksumtype.SHA1_AES256, >@@ -288,7 +288,7 @@ class KerberosCredentials(Credentials): > return self.forced_salt > > >-class KerberosTicketCreds(object): >+class KerberosTicketCreds: > def __init__(self, ticket, session_key, > crealm=None, cname=None, > srealm=None, sname=None, >@@ -956,7 +956,7 @@ class RawKerberosTest(TestCaseInTempDir): > return Checksum_obj > > @classmethod >- def PrincipalName_create(self, name_type, names): >+ def PrincipalName_create(cls, name_type, names): > # PrincipalName ::= SEQUENCE { > # name-type [0] Int32, > # name-string [1] SEQUENCE OF KerberosString >@@ -1785,10 +1785,8 @@ class RawKerberosTest(TestCaseInTempDir): > rep_padata = [] > > if self.strict_checking: >- for i in range(0, len(expected_patypes)): >- self.assertElementEqual(rep_padata[i], >- 'padata-type', >- expected_patypes[i]) >+ for i, patype in enumerate(expected_patypes): >+ self.assertElementEqual(rep_padata[i], 'padata-type', patype) > self.assertEqual(len(rep_padata), len(expected_patypes)) > > etype_info2 = None >-- >2.25.1 > > >From afe62d7351d014b923187cc6a76dc2aee7a686a1 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 13:49:27 +1200 >Subject: [PATCH 073/149] tests/krb5: Remove magic constants > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit a2b183c179e74634438c85a4b35518836ba59e47) >--- > python/samba/tests/krb5/raw_testcase.py | 30 +++++++++++--------- > python/samba/tests/krb5/rfc4120_constants.py | 7 +++++ > 2 files changed, 24 insertions(+), 13 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 31731a6547c..dfa6a71467a 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -41,12 +41,14 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_ETYPE_NOSUPP, > KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AP_REQ, > KRB_AS_REP, > KRB_AS_REQ, > KRB_ERROR, > KRB_TGS_REP, > KRB_TGS_REQ, > KU_AS_REP_ENC_PART, >+ KU_NON_KERB_CKSUM_SALT, > KU_TGS_REP_ENC_PART_SESSION, > KU_TGS_REP_ENC_PART_SUB_KEY, > KU_TGS_REQ_AUTH, >@@ -55,7 +57,9 @@ from samba.tests.krb5.rfc4120_constants import ( > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO, > PADATA_ETYPE_INFO2, >+ PADATA_FOR_USER, > PADATA_KDC_REQ, >+ PADATA_PAC_REQUEST, > PADATA_PK_AS_REQ, > PADATA_PK_AS_REP_19 > ) >@@ -740,12 +744,12 @@ class RawKerberosTest(TestCaseInTempDir): > pvno = k5_raw['field-0'] > self.assertEqual(pvno, 5) > msg_type = k5_raw['field-1'] >- self.assertIn(msg_type, [11, 13, 30]) >- if msg_type == 11: >+ self.assertIn(msg_type, [KRB_AS_REP, KRB_TGS_REP, KRB_ERROR]) >+ if msg_type == KRB_AS_REP: > asn1Spec = krb5_asn1.AS_REP() >- elif msg_type == 13: >+ elif msg_type == KRB_TGS_REP: > asn1Spec = krb5_asn1.TGS_REP() >- elif msg_type == 30: >+ elif msg_type == KRB_ERROR: > asn1Spec = krb5_asn1.KRB_ERROR() > rep = self.der_decode(rep_pdu, asn1Spec=asn1Spec, > asn1_print=asn1_print, hexdump=False) >@@ -1004,7 +1008,7 @@ class RawKerberosTest(TestCaseInTempDir): > return KERB_PA_PAC_REQUEST_obj > pa_pac = self.der_encode(KERB_PA_PAC_REQUEST_obj, > asn1Spec=krb5_asn1.KERB_PA_PAC_REQUEST()) >- pa_data = self.PA_DATA_create(128, pa_pac) # PA-PAC-REQUEST >+ pa_data = self.PA_DATA_create(PADATA_PAC_REQUEST, pa_pac) > return pa_data > > def KDC_REQ_BODY_create(self, >@@ -1172,7 +1176,7 @@ class RawKerberosTest(TestCaseInTempDir): > asn1_print=asn1_print, > hexdump=hexdump) > obj, decoded = self.KDC_REQ_create( >- msg_type=10, >+ msg_type=KRB_AS_REQ, > padata=padata, > req_body=KDC_REQ_BODY_obj, > asn1Spec=krb5_asn1.AS_REQ(), >@@ -1192,7 +1196,7 @@ class RawKerberosTest(TestCaseInTempDir): > # } > AP_REQ_obj = { > 'pvno': 5, >- 'msg-type': 14, >+ 'msg-type': KRB_AP_REQ, > 'ap-options': ap_options, > 'ticket': ticket, > 'authenticator': authenticator, >@@ -1305,7 +1309,7 @@ class RawKerberosTest(TestCaseInTempDir): > asn1_print=asn1_print, hexdump=hexdump) > > req_body_checksum = self.Checksum_create(ticket_session_key, >- 6, >+ KU_TGS_REQ_AUTH_CKSUM, > req_body_blob, > ctype=body_checksum_type) > >@@ -1329,7 +1333,7 @@ class RawKerberosTest(TestCaseInTempDir): > hexdump=hexdump) > > authenticator = self.EncryptedData_create( >- ticket_session_key, 7, authenticator) >+ ticket_session_key, KU_TGS_REQ_AUTH, authenticator) > > ap_options = krb5_asn1.APOptions('0') > ap_req = self.AP_REQ_create(ap_options=str(ap_options), >@@ -1337,14 +1341,14 @@ class RawKerberosTest(TestCaseInTempDir): > authenticator=authenticator) > ap_req = self.der_encode(ap_req, asn1Spec=krb5_asn1.AP_REQ(), > asn1_print=asn1_print, hexdump=hexdump) >- pa_tgs_req = self.PA_DATA_create(1, ap_req) >+ pa_tgs_req = self.PA_DATA_create(PADATA_KDC_REQ, ap_req) > if padata is not None: > padata.append(pa_tgs_req) > else: > padata = [pa_tgs_req] > > obj, decoded = self.KDC_REQ_create( >- msg_type=12, >+ msg_type=KRB_TGS_REQ, > padata=padata, > req_body=req_body, > asn1Spec=krb5_asn1.TGS_REQ(), >@@ -1367,7 +1371,7 @@ class RawKerberosTest(TestCaseInTempDir): > cksum_data += realm.encode() > cksum_data += "Kerberos".encode() > cksum = self.Checksum_create(tgt_session_key, >- 17, >+ KU_NON_KERB_CKSUM_SALT, > cksum_data, > ctype) > >@@ -1379,7 +1383,7 @@ class RawKerberosTest(TestCaseInTempDir): > } > pa_s4u2self = self.der_encode( > PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) >- return self.PA_DATA_create(129, pa_s4u2self) >+ return self.PA_DATA_create(PADATA_FOR_USER, pa_s4u2self) > > def _generic_kdc_exchange(self, > kdc_exchange_dict, # required >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index a4c5e079b66..adcc93e1d6b 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -27,6 +27,7 @@ ARCFOUR_HMAC_MD5 = int( > > # Message types > KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >+KRB_AP_REQ = int(krb5_asn1.MessageTypeValues('krb-ap-req')) > KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) > KRB_AS_REQ = int(krb5_asn1.MessageTypeValues('krb-as-req')) > KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep')) >@@ -39,8 +40,12 @@ PADATA_ETYPE_INFO = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO')) > PADATA_ETYPE_INFO2 = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+PADATA_FOR_USER = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-FOR-USER')) > PADATA_KDC_REQ = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-KDC-REQ')) >+PADATA_PAC_REQUEST = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-PA-PAC-REQUEST')) > PADATA_PK_AS_REQ = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REQ')) > PADATA_PK_AS_REP_19 = int( >@@ -125,3 +130,5 @@ KU_KRB_CRED = 14 > KU_KRB_SAFE_CKSUM = 15 > ''' KRB-SAFE cksum, keyed with a key chosen by the application > (section 5.6.1) ''' >+KU_NON_KERB_SALT = 16 >+KU_NON_KERB_CKSUM_SALT = 17 >-- >2.25.1 > > >From 0db2b49467025c871ef82aa1971449c65b631874 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 26 Jul 2021 17:14:08 +1200 >Subject: [PATCH 074/149] tests/krb5: Fix including enc-authorization-data > >Remove the EncAuthorizationData parameters from AS_REQ_create(), since >it should only be present in the TGS-REQ form. Also, fix a call to >EncryptedData_create() to supply the key usage when creating >enc-authorization-data. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 67ff72395cec2e5170c0ebae8db416a1f226df72) >--- > .../tests/krb5/as_canonicalization_tests.py | 4 --- > .../samba/tests/krb5/compatability_tests.py | 4 --- > python/samba/tests/krb5/kdc_base_test.py | 2 -- > python/samba/tests/krb5/kdc_tests.py | 2 -- > python/samba/tests/krb5/raw_testcase.py | 31 +++++++++++++------ > python/samba/tests/krb5/s4u_tests.py | 4 --- > python/samba/tests/krb5/simple_tests.py | 4 --- > python/samba/tests/krb5/xrealm_tests.py | 4 --- > 8 files changed, 21 insertions(+), 34 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index abb3f96a1e6..29d8cf418f5 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -257,8 +257,6 @@ class KerberosASCanonicalizationTests(KDCBaseTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >@@ -314,8 +312,6 @@ class KerberosASCanonicalizationTests(KDCBaseTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 5a1ef02ef80..cd67549212a 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -147,8 +147,6 @@ class SimpleKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > >@@ -209,8 +207,6 @@ class SimpleKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 79efc68254e..7874562d32d 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -390,8 +390,6 @@ class KDCBaseTest(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > return rep >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >index c7c53953a86..930edd0a63e 100755 >--- a/python/samba/tests/krb5/kdc_tests.py >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -79,8 +79,6 @@ class KdcTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > return rep >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index dfa6a71467a..f39656d5e03 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -53,6 +53,8 @@ from samba.tests.krb5.rfc4120_constants import ( > KU_TGS_REP_ENC_PART_SUB_KEY, > KU_TGS_REQ_AUTH, > KU_TGS_REQ_AUTH_CKSUM, >+ KU_TGS_REQ_AUTH_DAT_SESSION, >+ KU_TGS_REQ_AUTH_DAT_SUBKEY, > KU_TICKET, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO, >@@ -1022,9 +1024,10 @@ class RawKerberosTest(TestCaseInTempDir): > nonce, > etypes, > addresses, >+ additional_tickets, > EncAuthorizationData, > EncAuthorizationData_key, >- additional_tickets, >+ EncAuthorizationData_usage, > asn1_print=None, > hexdump=None): > # KDC-REQ-BODY ::= SEQUENCE { >@@ -1054,8 +1057,9 @@ class RawKerberosTest(TestCaseInTempDir): > asn1Spec=krb5_asn1.AuthorizationData(), > asn1_print=asn1_print, > hexdump=hexdump) >- enc_ad = self.EncryptedData_create( >- EncAuthorizationData_key, enc_ad_plain) >+ enc_ad = self.EncryptedData_create(EncAuthorizationData_key, >+ EncAuthorizationData_usage, >+ enc_ad_plain) > else: > enc_ad = None > KDC_REQ_BODY_obj = { >@@ -1123,8 +1127,6 @@ class RawKerberosTest(TestCaseInTempDir): > nonce, # required > etypes, # required > addresses, # optional >- EncAuthorizationData, >- EncAuthorizationData_key, > additional_tickets, > native_decoded_only=True, > asn1_print=None, >@@ -1170,9 +1172,10 @@ class RawKerberosTest(TestCaseInTempDir): > nonce, > etypes, > addresses, >- EncAuthorizationData, >- EncAuthorizationData_key, > additional_tickets, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ EncAuthorizationData_usage=None, > asn1_print=asn1_print, > hexdump=hexdump) > obj, decoded = self.KDC_REQ_create( >@@ -1290,6 +1293,11 @@ class RawKerberosTest(TestCaseInTempDir): > # -- NOTE: not empty > # } > >+ if authenticator_subkey is not None: >+ EncAuthorizationData_usage = KU_TGS_REQ_AUTH_DAT_SUBKEY >+ else: >+ EncAuthorizationData_usage = KU_TGS_REQ_AUTH_DAT_SESSION >+ > req_body = self.KDC_REQ_BODY_create( > kdc_options=kdc_options, > cname=None, >@@ -1301,9 +1309,10 @@ class RawKerberosTest(TestCaseInTempDir): > nonce=nonce, > etypes=etypes, > addresses=addresses, >+ additional_tickets=additional_tickets, > EncAuthorizationData=EncAuthorizationData, > EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets) >+ EncAuthorizationData_usage=EncAuthorizationData_usage) > req_body_blob = self.der_encode(req_body, > asn1Spec=krb5_asn1.KDC_REQ_BODY(), > asn1_print=asn1_print, hexdump=hexdump) >@@ -1397,9 +1406,10 @@ class RawKerberosTest(TestCaseInTempDir): > nonce=None, # required > etypes=None, # required > addresses=None, # optional >+ additional_tickets=None, # optional > EncAuthorizationData=None, # optional > EncAuthorizationData_key=None, # optional >- additional_tickets=None): # optional >+ EncAuthorizationData_usage=None): # optional > > check_error_fn = kdc_exchange_dict['check_error_fn'] > check_rep_fn = kdc_exchange_dict['check_rep_fn'] >@@ -1425,9 +1435,10 @@ class RawKerberosTest(TestCaseInTempDir): > nonce=nonce, > etypes=etypes, > addresses=addresses, >+ additional_tickets=additional_tickets, > EncAuthorizationData=EncAuthorizationData, > EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets) >+ EncAuthorizationData_usage=EncAuthorizationData_usage) > if generate_padata_fn is not None: > # This can alter req_body... > padata, req_body = generate_padata_fn(kdc_exchange_dict, >diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py >index 30a58d6345a..57575f0595d 100755 >--- a/python/samba/tests/krb5/s4u_tests.py >+++ b/python/samba/tests/krb5/s4u_tests.py >@@ -69,8 +69,6 @@ class S4UKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >@@ -113,8 +111,6 @@ class S4UKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 9650702c6c6..795d753b4f7 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -69,8 +69,6 @@ class SimpleKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >@@ -113,8 +111,6 @@ class SimpleKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >diff --git a/python/samba/tests/krb5/xrealm_tests.py b/python/samba/tests/krb5/xrealm_tests.py >index efb953bdf7e..073cb755b46 100755 >--- a/python/samba/tests/krb5/xrealm_tests.py >+++ b/python/samba/tests/krb5/xrealm_tests.py >@@ -68,8 +68,6 @@ class XrealmKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >@@ -112,8 +110,6 @@ class XrealmKerberosTests(RawKerberosTest): > nonce=0x7fffffff, > etypes=etypes, > addresses=None, >- EncAuthorizationData=None, >- EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) >-- >2.25.1 > > >From b8e365c03143dc91f02477b176f71998ac3afcbe Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 11:12:34 +1200 >Subject: [PATCH 075/149] tests/krb5: Fix callback_dict parameter > >Items contained in a default-created callback_dict should not be carried >over between unrelated calls to {as,tgs}_as_exchange_dict(). > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit bad5f4ee5fdf64ca9d775233fec24975e0b510bf) >--- > python/samba/tests/krb5/raw_testcase.py | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index f39656d5e03..fc8e6990834 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1486,7 +1486,7 @@ class RawKerberosTest(TestCaseInTempDir): > check_rep_fn=None, > check_padata_fn=None, > check_kdc_private_fn=None, >- callback_dict=dict(), >+ callback_dict=None, > expected_error_mode=None, > client_as_etypes=None, > expected_salt=None): >@@ -1511,6 +1511,9 @@ class RawKerberosTest(TestCaseInTempDir): > 'client_as_etypes': client_as_etypes, > 'expected_salt': expected_salt, > } >+ if callback_dict is None: >+ callback_dict = {} >+ > return kdc_exchange_dict > > def tgs_exchange_dict(self, >@@ -1524,7 +1527,7 @@ class RawKerberosTest(TestCaseInTempDir): > check_rep_fn=None, > check_padata_fn=None, > check_kdc_private_fn=None, >- callback_dict=dict(), >+ callback_dict=None, > tgt=None, > authenticator_subkey=None, > body_checksum_type=None): >@@ -1549,6 +1552,9 @@ class RawKerberosTest(TestCaseInTempDir): > 'body_checksum_type': body_checksum_type, > 'authenticator_subkey': authenticator_subkey, > } >+ if callback_dict is None: >+ callback_dict = {} >+ > return kdc_exchange_dict > > def generic_check_kdc_rep(self, >-- >2.25.1 > > >From 09a743c8c508c8de71bc9e2c0ed86295b68b07e1 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:06:29 +1200 >Subject: [PATCH 076/149] tests/krb5: Fix encpart_decryption_key with MIT KDC > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit a0c6538a97126671f9c7bcf3b581f3d98cbc7fd1) >--- > python/samba/tests/krb5/raw_testcase.py | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index fc8e6990834..1c08b76061f 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1630,9 +1630,16 @@ class RawKerberosTest(TestCaseInTempDir): > rep_decpart = encpart_decryption_key.decrypt( > encpart_decryption_usage, > encpart_cipher) >- encpart_private = self.der_decode( >- rep_decpart, >- asn1Spec=rep_encpart_asn1Spec()) >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 >+ try: >+ encpart_private = self.der_decode( >+ rep_decpart, >+ asn1Spec=rep_encpart_asn1Spec()) >+ except Exception: >+ encpart_private = self.der_decode( >+ rep_decpart, >+ asn1Spec=krb5_asn1.EncTGSRepPart()) > > if check_kdc_private_fn is not None: > check_kdc_private_fn(kdc_exchange_dict, callback_dict, >-- >2.25.1 > > >From cadb361588aced97cbeef42c9c9e97511f2a5521 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Jul 2021 17:00:09 +1200 >Subject: [PATCH 077/149] tests/krb5: Expect e-data except when the error code > is KDC_ERR_GENERIC > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 8194b2a2611c6b1db2d29ec22c70e14decd1784b) >--- > python/samba/tests/krb5/raw_testcase.py | 3 ++- > python/samba/tests/krb5/rfc4120_constants.py | 1 + > 2 files changed, 3 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 1c08b76061f..c0e997a86a1 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -40,6 +40,7 @@ from samba.tests import TestCaseInTempDir > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_ETYPE_NOSUPP, >+ KDC_ERR_GENERIC, > KDC_ERR_PREAUTH_REQUIRED, > KRB_AP_REQ, > KRB_AS_REP, >@@ -1799,7 +1800,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementEqualPrincipal(rep, 'sname', expected_sname) > if self.strict_checking: > self.assertElementMissing(rep, 'e-text') >- if expected_error_mode != KDC_ERR_PREAUTH_REQUIRED: >+ if expected_error_mode == KDC_ERR_GENERIC: > self.assertElementMissing(rep, 'e-data') > return > edata = self.getElementValue(rep, 'e-data') >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index adcc93e1d6b..b00b8b48ae5 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -58,6 +58,7 @@ KDC_ERR_PREAUTH_FAILED = 24 > KDC_ERR_PREAUTH_REQUIRED = 25 > KDC_ERR_BADMATCH = 36 > KDC_ERR_SKEW = 37 >+KDC_ERR_GENERIC = 60 > > # Name types > NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >-- >2.25.1 > > >From 03160d14d0789a0876ee22b9b8b81857aebab0ad Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 15:07:59 +1200 >Subject: [PATCH 078/149] tests/krb5: Check Kerberos protocol version number > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d6a242e20004217a0ce02dc4ef620a121e5944da) >--- > python/samba/tests/krb5/raw_testcase.py | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index c0e997a86a1..693f196940c 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1786,6 +1786,7 @@ class RawKerberosTest(TestCaseInTempDir): > expected_patypes += (PADATA_PK_AS_REQ,) > expected_patypes += (PADATA_PK_AS_REP_19,) > >+ self.assertElementEqual(rep, 'pvno', 5) > self.assertElementEqual(rep, 'msg-type', KRB_ERROR) > self.assertElementEqual(rep, 'error-code', expected_error) > self.assertElementMissing(rep, 'ctime') >-- >2.25.1 > > >From 31a6039e5f1436ea9702657773b7008f9feee9d9 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 11:28:37 +1200 >Subject: [PATCH 079/149] tests/krb5: Use credentials kvno when creating > password key > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 17d5a267298ccd7272e86fd24c2c608511cf46b7) >--- > python/samba/tests/krb5/kdc_base_test.py | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 7874562d32d..aa172640399 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -409,7 +409,8 @@ class KDCBaseTest(RawKerberosTest): > etype_info2 = self.der_decode( > padata_value, asn1Spec=krb5_asn1.ETYPE_INFO2()) > >- key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0], >+ creds.get_kvno()) > return key > > def get_pa_data(self, creds, rep, skew=0): >-- >2.25.1 > > >From 78cee8ebfea6affddf1dfbf3a0979985ec595842 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 10:24:52 +1200 >Subject: [PATCH 080/149] tests/krb5: Allow cf2 to automatically use the > enctype of the first key > >RFC6113 states: "Unless otherwise specified, the resulting enctype of >KRB-FX-CF2 is the enctype of k1." This change means the enctype no >longer has to be specified manually. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit a5e5f8fdfe8b6952592d7d682af893c79080826f) >--- > python/samba/tests/krb5/kcrypto.py | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >index c8fef4c876d..ce7b00bda4c 100755 >--- a/python/samba/tests/krb5/kcrypto.py >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -653,9 +653,11 @@ def prfplus(key, pepper, ln): > return out[:ln] > > >-def cf2(enctype, key1, key2, pepper1, pepper2): >+def cf2(key1, key2, pepper1, pepper2, enctype=None): > # Combine two keys and two pepper strings to produce a result key > # of type enctype, using the RFC 6113 KRB-FX-CF2 function. >+ if enctype is None: >+ enctype = key1.enctype > e = _get_enctype_profile(enctype) > return e.random_to_key(_xorbytes(prfplus(key1, pepper1, e.seedsize), > prfplus(key2, pepper2, e.seedsize))) >@@ -748,7 +750,7 @@ class KcrytoTest(TestCase): > kb = h('97DF97E4B798B29EB31ED7280287A92A') > k1 = string_to_key(Enctype.AES128, b'key1', b'key1') > k2 = string_to_key(Enctype.AES128, b'key2', b'key2') >- k = cf2(Enctype.AES128, k1, k2, b'a', b'b') >+ k = cf2(k1, k2, b'a', b'b') > self.assertEqual(k.contents, kb) > > def test_aes256_cf2(self): >@@ -757,7 +759,7 @@ class KcrytoTest(TestCase): > 'E72B1C7B') > k1 = string_to_key(Enctype.AES256, b'key1', b'key1') > k2 = string_to_key(Enctype.AES256, b'key2', b'key2') >- k = cf2(Enctype.AES256, k1, k2, b'a', b'b') >+ k = cf2(k1, k2, b'a', b'b') > self.assertEqual(k.contents, kb) > > def test_des3_crypt(self): >@@ -794,7 +796,7 @@ class KcrytoTest(TestCase): > kb = h('E58F9EB643862C13AD38E529313462A7F73E62834FE54A01') > k1 = string_to_key(Enctype.DES3, b'key1', b'key1') > k2 = string_to_key(Enctype.DES3, b'key2', b'key2') >- k = cf2(Enctype.DES3, k1, k2, b'a', b'b') >+ k = cf2(k1, k2, b'a', b'b') > self.assertEqual(k.contents, kb) > > def test_rc4_crypt(self): >@@ -830,7 +832,7 @@ class KcrytoTest(TestCase): > kb = h('24D7F6B6BAE4E5C00D2082C5EBAB3672') > k1 = string_to_key(Enctype.RC4, b'key1', b'key1') > k2 = string_to_key(Enctype.RC4, b'key2', b'key2') >- k = cf2(Enctype.RC4, k1, k2, b'a', b'b') >+ k = cf2(k1, k2, b'a', b'b') > self.assertEqual(k.contents, kb) > > def _test_md5_unkeyed_checksum(self, etype, usage): >-- >2.25.1 > > >From 845ffd1364a878c81d6f60af10325d3abe91eadd Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 10:16:01 +1200 >Subject: [PATCH 081/149] tests/krb5: Refactor get_pa_data() > >The function now returns a single padata object rather than a list, >making it easier to combine multiple padata elements into a request. The >new name 'get_enc_timestamp_pa_data' also makes it clearer as to what >the method generates. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2c80f7f851a7a4ffbcde2c42b2c383b683b67731) >--- > python/samba/tests/krb5/kdc_base_test.py | 8 ++-- > python/samba/tests/krb5/kdc_tests.py | 25 ++++++------ > python/samba/tests/krb5/kdc_tgs_tests.py | 12 +++--- > .../ms_kile_client_principal_lookup_tests.py | 40 +++++++++---------- > 4 files changed, 42 insertions(+), 43 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index aa172640399..7748eae6225 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -413,7 +413,7 @@ class KDCBaseTest(RawKerberosTest): > creds.get_kvno()) > return key > >- def get_pa_data(self, creds, rep, skew=0): >+ def get_enc_timestamp_pa_data(self, creds, rep, skew=0): > '''generate the pa_data data element for an AS-REQ > ''' > key = self.get_as_rep_key(creds, rep) >@@ -427,7 +427,7 @@ class KDCBaseTest(RawKerberosTest): > > padata = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, padata) > >- return [padata] >+ return padata > > def get_as_rep_enc_data(self, key, rep): > ''' Decrypt and Decode the encrypted data in an AS-REP >@@ -795,9 +795,9 @@ class KDCBaseTest(RawKerberosTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(user_credentials, rep) >+ padata = self.get_enc_timestamp_pa_data(user_credentials, rep) > key = self.get_as_rep_key(user_credentials, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >index 930edd0a63e..928f3c25c0f 100755 >--- a/python/samba/tests/krb5/kdc_tests.py >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -83,7 +83,7 @@ class KdcTests(RawKerberosTest): > rep = self.send_recv_transaction(req) > return rep > >- def get_pa_data(self, creds, rep, skew=0): >+ def get_enc_timestamp_pa_data(self, creds, rep, skew=0): > rep_padata = self.der_decode( > rep['e-data'], > asn1Spec=krb5_asn1.METHOD_DATA()) >@@ -107,8 +107,7 @@ class KdcTests(RawKerberosTest): > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) > >- padata = [pa_ts] >- return padata >+ return pa_ts > > def check_pre_authenication(self, rep): > """ Check that the kdc response was pre-authentication required >@@ -160,8 +159,8 @@ class KdcTests(RawKerberosTest): > rep = self.as_req(creds, etype) > self.check_pre_authenication(rep) > >- padata = self.get_pa_data(creds, rep) >- rep = self.as_req(creds, etype, padata=padata) >+ padata = self.get_enc_timestamp_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=[padata]) > self.check_as_reply(rep) > > etype = rep['enc-part']['etype'] >@@ -174,8 +173,8 @@ class KdcTests(RawKerberosTest): > rep = self.as_req(creds, etype) > self.check_pre_authenication(rep) > >- padata = self.get_pa_data(creds, rep) >- rep = self.as_req(creds, etype, padata=padata) >+ padata = self.get_enc_timestamp_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=[padata]) > self.check_as_reply(rep) > > etype = rep['enc-part']['etype'] >@@ -188,8 +187,8 @@ class KdcTests(RawKerberosTest): > rep = self.as_req(creds, etype) > self.check_pre_authenication(rep) > >- padata = self.get_pa_data(creds, rep) >- rep = self.as_req(creds, etype, padata=padata) >+ padata = self.get_enc_timestamp_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=[padata]) > self.check_as_reply(rep) > > etype = rep['enc-part']['etype'] >@@ -202,8 +201,8 @@ class KdcTests(RawKerberosTest): > rep = self.as_req(creds, etype) > self.check_pre_authenication(rep) > >- padata = self.get_pa_data(creds, rep, skew=3600) >- rep = self.as_req(creds, etype, padata=padata) >+ padata = self.get_enc_timestamp_pa_data(creds, rep, skew=3600) >+ rep = self.as_req(creds, etype, padata=[padata]) > > self.check_error_rep(rep, KDC_ERR_SKEW) > >@@ -216,8 +215,8 @@ class KdcTests(RawKerberosTest): > rep = self.as_req(creds, etype) > self.check_pre_authenication(rep) > >- padata = self.get_pa_data(creds, rep) >- rep = self.as_req(creds, etype, padata=padata) >+ padata = self.get_enc_timestamp_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=[padata]) > > self.check_error_rep(rep, KDC_ERR_PREAUTH_FAILED) > >diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py >index 25a1f5f3ed8..97f9dd41339 100755 >--- a/python/samba/tests/krb5/kdc_tgs_tests.py >+++ b/python/samba/tests/krb5/kdc_tgs_tests.py >@@ -66,9 +66,9 @@ class KdcTgsTests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a service ticket, but use a cname that does not match >@@ -116,9 +116,9 @@ class KdcTgsTests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > enc_part2 = self.get_as_rep_enc_data(key, rep) >@@ -157,9 +157,9 @@ class KdcTgsTests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index e42b643b357..99c842701ea 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -109,9 +109,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -168,9 +168,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(mc, rep) >+ padata = self.get_enc_timestamp_pa_data(mc, rep) > key = self.get_as_rep_key(mc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -230,9 +230,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -368,13 +368,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) > # Note: although we used the alt security id for the pre-auth > # we need to use the username for the auth > cname = self.PrincipalName_create( > name_type=NT_PRINCIPAL, names=[user_name]) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -436,12 +436,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > # Use the alternate security identifier > # this should fail > cname = self.PrincipalName_create( > name_type=NT_PRINCIPAL, names=[alt_sec]) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) > > def test_enterprise_principal_step_1_3(self): >@@ -475,9 +475,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -538,9 +538,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -602,9 +602,9 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(mc, rep) >+ padata = self.get_enc_timestamp_pa_data(mc, rep) > key = self.get_as_rep_key(mc, rep) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -744,13 +744,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > key = self.get_as_rep_key(uc, rep) > # Note: although we used the alt security id for the pre-auth > # we need to use the username for the auth > cname = self.PrincipalName_create( > name_type=NT_ENTERPRISE_PRINCIPAL, names=[uname]) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_as_reply(rep) > > # Request a ticket to the host service on the machine account >@@ -813,12 +813,12 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.check_pre_authentication(rep) > > # Do the next AS-REQ >- padata = self.get_pa_data(uc, rep) >+ padata = self.get_enc_timestamp_pa_data(uc, rep) > # Use the alternate security identifier > # this should fail > cname = self.PrincipalName_create( > name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >- rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ rep = self.as_req(cname, sname, realm, etype, padata=[padata]) > self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) > > >-- >2.25.1 > > >From 40957776670442404641624ecc0a8d13eb5a4fe5 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 26 Jul 2021 17:18:38 +1200 >Subject: [PATCH 082/149] tests/krb5: Add get_enc_timestamp_pa_data_from_key() > >This makes it easier to create encrypted timestamp padata when the key >has already been obtained. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit f5a906f74f9665a894db3c13722022f732180620) >--- > python/samba/tests/krb5/kdc_base_test.py | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 7748eae6225..64d9e627672 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -416,8 +416,12 @@ class KDCBaseTest(RawKerberosTest): > def get_enc_timestamp_pa_data(self, creds, rep, skew=0): > '''generate the pa_data data element for an AS-REQ > ''' >+ > key = self.get_as_rep_key(creds, rep) > >+ return self.get_enc_timestamp_pa_data_from_key(key, skew=skew) >+ >+ def get_enc_timestamp_pa_data_from_key(self, key, skew=0): > (patime, pausec) = self.get_KerberosTimeWithUsec(offset=skew) > padata = self.PA_ENC_TS_ENC_create(patime, pausec) > padata = self.der_encode(padata, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >-- >2.25.1 > > >From 0730e67f889cbc740ae2ea18df86635ad9f72e0b Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 12:51:54 +1200 >Subject: [PATCH 083/149] tests/krb5: Add method to return dict containing > padata elements > >This makes checking multiple padata elements easier. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit cb332d83008aa97a60eaca9e008054f641d514d6) >--- > python/samba/tests/krb5/raw_testcase.py | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 693f196940c..9b0b953e565 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -867,6 +867,18 @@ class RawKerberosTest(TestCaseInTempDir): > v = random.randint(nonce_min, nonce_max) > return v > >+ def get_pa_dict(self, pa_data): >+ pa_dict = {} >+ >+ if pa_data is not None: >+ for pa in pa_data: >+ pa_type = pa['padata-type'] >+ if pa_type in pa_dict: >+ raise RuntimeError(f'Duplicate type {pa_type}') >+ pa_dict[pa_type] = pa['padata-value'] >+ >+ return pa_dict >+ > def SessionKey_create(self, etype, contents, kvno=None): > key = kcrypto.Key(etype, contents) > return Krb5EncryptionKey(key, kvno) >-- >2.25.1 > > >From 98b490b3e06b386762d6048cd13284f635f01854 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:27:47 +1200 >Subject: [PATCH 084/149] tests/krb5: Make _test_as_exchange() return value > more consistent > >Always return the reply and the kdc_exchange_dict so that the caller has >more potentially useful information. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fe8912e4a85c5fd614ad3079b041c0e1975958e3) >--- > python/samba/tests/krb5/as_req_tests.py | 62 +++++++++++++------------ > python/samba/tests/krb5/raw_testcase.py | 5 +- > 2 files changed, 33 insertions(+), 34 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 106c7489e9c..3b7841243c5 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -141,20 +141,21 @@ class AsReqKerberosTests(KDCBaseTest): > initial_kdc_options = krb5_asn1.KDCOptions('forwardable') > initial_error_mode = KDC_ERR_PREAUTH_REQUIRED > >- etype_info2 = self._test_as_exchange(cname, >- realm, >- sname, >- till, >- client_as_etypes, >- initial_error_mode, >- expected_crealm, >- expected_cname, >- expected_srealm, >- expected_sname, >- expected_salt, >- initial_etypes, >- initial_padata, >- initial_kdc_options) >+ rep, kdc_exchange_dict = self._test_as_exchange(cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ initial_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ initial_etypes, >+ initial_padata, >+ initial_kdc_options) >+ etype_info2 = kdc_exchange_dict['preauth_etype_info2'] > self.assertIsNotNone(etype_info2) > > preauth_key = self.PasswordKey_from_etype_info2(client_creds, >@@ -179,22 +180,23 @@ class AsReqKerberosTests(KDCBaseTest): > krbtgt_decryption_key = ( > self.TicketDecryptionKey_from_creds(krbtgt_creds)) > >- as_rep = self._test_as_exchange(cname, >- realm, >- sname, >- till, >- client_as_etypes, >- preauth_error_mode, >- expected_crealm, >- expected_cname, >- expected_srealm, >- expected_sname, >- expected_salt, >- preauth_etypes, >- preauth_padata, >- preauth_kdc_options, >- preauth_key=preauth_key, >- ticket_decryption_key=krbtgt_decryption_key) >+ as_rep, kdc_exchange_dict = self._test_as_exchange( >+ cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ preauth_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ preauth_etypes, >+ preauth_padata, >+ preauth_kdc_options, >+ preauth_key=preauth_key, >+ ticket_decryption_key=krbtgt_decryption_key) > self.assertIsNotNone(as_rep) > > if __name__ == "__main__": >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 9b0b953e565..e9b4c6c9efa 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2034,7 +2034,4 @@ class RawKerberosTest(TestCaseInTempDir): > till_time=till, > etypes=etypes) > >- if expected_error_mode == 0: # AS-REP >- return rep >- >- return kdc_exchange_dict['preauth_etype_info2'] >+ return rep, kdc_exchange_dict >-- >2.25.1 > > >From 637948c308f089031a6edbf0ff9607a85bbc7d63 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 22 Jul 2021 16:27:17 +1200 >Subject: [PATCH 085/149] tests/krb5: Add get_EpochFromKerberosTime() > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit bab7503e3043002b1422b00f40cd03a0a29538aa) >--- > python/samba/tests/krb5/kdc_base_test.py | 12 +++--------- > python/samba/tests/krb5/raw_testcase.py | 11 +++++++++++ > 2 files changed, 14 insertions(+), 9 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 64d9e627672..f0a9e7311a5 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -732,15 +732,9 @@ class KDCBaseTest(RawKerberosTest): > cred.client = cprincipal > cred.server = sprincipal > cred.keyblock = keyblock >- cred.authtime = int(datetime.strptime(authtime.decode(), >- "%Y%m%d%H%M%SZ") >- .replace(tzinfo=timezone.utc).timestamp()) >- cred.starttime = int(datetime.strptime(starttime.decode(), >- "%Y%m%d%H%M%SZ") >- .replace(tzinfo=timezone.utc).timestamp()) >- cred.endtime = int(datetime.strptime(endtime.decode(), >- "%Y%m%d%H%M%SZ") >- .replace(tzinfo=timezone.utc).timestamp()) >+ cred.authtime = self.get_EpochFromKerberosTime(authtime) >+ cred.starttime = self.get_EpochFromKerberosTime(starttime) >+ cred.endtime = self.get_EpochFromKerberosTime(endtime) > > # Account for clock skew of up to five minutes. > self.assertLess(cred.authtime - 5 * 60, >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index e9b4c6c9efa..3ab63cd01d0 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -861,6 +861,17 @@ class RawKerberosTest(TestCaseInTempDir): > (s, _) = self.get_KerberosTimeWithUsec(epoch=epoch, offset=offset) > return s > >+ def get_EpochFromKerberosTime(self, kerberos_time): >+ if isinstance(kerberos_time, bytes): >+ kerberos_time = kerberos_time.decode() >+ >+ epoch = datetime.datetime.strptime(kerberos_time, >+ '%Y%m%d%H%M%SZ') >+ epoch = epoch.replace(tzinfo=datetime.timezone.utc) >+ epoch = int(epoch.timestamp()) >+ >+ return epoch >+ > def get_Nonce(self): > nonce_min = 0x7f000000 > nonce_max = 0x7fffffff >-- >2.25.1 > > >From d27b6f7eeb1fc2f54206709c7358257097bcb772 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 3 Aug 2021 15:58:19 +1200 >Subject: [PATCH 086/149] tests/krb5: Use encryption with admin credentials > >This ensures that account creation using admin credentials succeeds. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ce379edf2e135b105b18d35e24d732389de94291) >--- > python/samba/tests/krb5/raw_testcase.py | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 3ab63cd01d0..e48d501ad19 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -33,6 +33,7 @@ from pyasn1.codec.ber.encoder import BitStringEncoder > > from samba.credentials import Credentials > from samba.dcerpc import security >+from samba.gensec import FEATURE_SEAL > > import samba.tests > from samba.tests import TestCaseInTempDir >@@ -606,6 +607,7 @@ class RawKerberosTest(TestCaseInTempDir): > c = self._get_krb5_creds(prefix='ADMIN', > allow_missing_password=allow_missing_password, > allow_missing_keys=allow_missing_keys) >+ c.set_gensec_features(c.get_gensec_features() | FEATURE_SEAL) > return c > > def get_krbtgt_creds(self, >-- >2.25.1 > > >From 03eca30bdd790ed7328514ca845388f02039d7e3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 11:25:55 +1200 >Subject: [PATCH 087/149] tests/krb5: Allow specifying additional details when > creating an account > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4790b6b04ae145a2ebb418dd734487a6ba28a30c) >--- > python/samba/tests/krb5/kdc_base_test.py | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index f0a9e7311a5..279e15c13ce 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -148,7 +148,7 @@ class KDCBaseTest(RawKerberosTest): > return default_enctypes > > def create_account(self, ldb, name, machine_account=False, >- spn=None, upn=None): >+ spn=None, upn=None, additional_details=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, > which is used by tearDownClass to clean up the created accounts. >@@ -180,6 +180,8 @@ class KDCBaseTest(RawKerberosTest): > details["servicePrincipalName"] = spn > if upn is not None: > details["userPrincipalName"] = upn >+ if additional_details is not None: >+ details.update(additional_details) > ldb.add(details) > > creds = KerberosCredentials() >-- >2.25.1 > > >From 0e8271d47a0aa144d20e2d546cdaa89cdba6336c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 10:19:57 +1200 >Subject: [PATCH 088/149] tests/krb5: Add more methods for obtaining machine > and service credentials > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 50d743bafc7aa9f7b4688bae652a501001e9fdbb) >--- > python/samba/tests/krb5/kdc_base_test.py | 74 ++++++++++++++++++++++++ > 1 file changed, 74 insertions(+) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 279e15c13ce..21e2c04cea1 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -334,6 +334,80 @@ class KDCBaseTest(RawKerberosTest): > fallback_creds_fn=create_client_account) > return c > >+ def get_mach_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): >+ def create_mach_account(): >+ samdb = self.get_samdb() >+ >+ mach_name = 'kdctestmac' >+ details = { >+ 'msDS-SupportedEncryptionTypes': str( >+ security.KERB_ENCTYPE_FAST_SUPPORTED | >+ security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED | >+ security.KERB_ENCTYPE_CLAIMS_SUPPORTED >+ ) >+ } >+ >+ creds, dn = self.create_account(samdb, mach_name, >+ machine_account=True, >+ spn='host/' + mach_name, >+ additional_details=details) >+ >+ res = samdb.search(base=dn, >+ scope=ldb.SCOPE_BASE, >+ attrs=['msDS-KeyVersionNumber']) >+ kvno = int(res[0]['msDS-KeyVersionNumber'][0]) >+ creds.set_kvno(kvno) >+ >+ keys = self.get_keys(samdb, dn) >+ self.creds_set_keys(creds, keys) >+ >+ return creds >+ >+ c = self._get_krb5_creds(prefix='MAC', >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ fallback_creds_fn=create_mach_account) >+ return c >+ >+ def get_service_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): >+ def create_service_account(): >+ samdb = self.get_samdb() >+ >+ mach_name = 'kdctestservice' >+ details = { >+ 'msDS-SupportedEncryptionTypes': str( >+ security.KERB_ENCTYPE_FAST_SUPPORTED | >+ security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED | >+ security.KERB_ENCTYPE_CLAIMS_SUPPORTED >+ ) >+ } >+ >+ creds, dn = self.create_account(samdb, mach_name, >+ machine_account=True, >+ spn='host/' + mach_name, >+ additional_details=details) >+ >+ res = samdb.search(base=dn, >+ scope=ldb.SCOPE_BASE, >+ attrs=['msDS-KeyVersionNumber']) >+ kvno = int(res[0]['msDS-KeyVersionNumber'][0]) >+ creds.set_kvno(kvno) >+ >+ keys = self.get_keys(samdb, dn) >+ self.creds_set_keys(creds, keys) >+ >+ return creds >+ >+ c = self._get_krb5_creds(prefix='SERVICE', >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ fallback_creds_fn=create_service_account) >+ return c >+ > def get_krbtgt_creds(self, > require_keys=True, > require_strongest_key=False): >-- >2.25.1 > > >From 8322a6f948165cdd0c233d1b24ec0f8df9b6898c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 22 Jul 2021 16:22:09 +1200 >Subject: [PATCH 089/149] tests/krb5: Add method to calculate account salt > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit f5689bb8fab82d5fcbdbd3c63b86e7618834aac5) >--- > python/samba/tests/krb5/kdc_base_test.py | 2 ++ > python/samba/tests/krb5/raw_testcase.py | 19 +++++++++++++++---- > 2 files changed, 17 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 21e2c04cea1..0dbaeab4a0e 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -192,6 +192,8 @@ class KDCBaseTest(RawKerberosTest): > creds.set_username(account_name) > if machine_account: > creds.set_workstation(name) >+ else: >+ creds.set_workstation('') > # > # Save the account name so it can be deleted in tearDownClass > self.accounts.add(dn) >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index e48d501ad19..2dbcc39114a 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -295,6 +295,20 @@ class KerberosCredentials(Credentials): > def get_forced_salt(self): > return self.forced_salt > >+ def get_salt(self): >+ if self.forced_salt is not None: >+ return self.forced_salt >+ >+ if self.get_workstation(): >+ salt_string = '%shost%s.%s' % ( >+ self.get_realm().upper(), >+ self.get_username().lower().rsplit('$', 1)[0], >+ self.get_realm().lower()) >+ else: >+ salt_string = self.get_realm().upper() + self.get_username() >+ >+ return salt_string.encode('utf-8') >+ > > class KerberosTicketCreds: > def __init__(self, ticket, session_key, >@@ -940,10 +954,7 @@ class RawKerberosTest(TestCaseInTempDir): > > password = creds.get_password() > self.assertIsNotNone(password, msg=fail_msg) >- salt = creds.get_forced_salt() >- if salt is None: >- salt = bytes("%s%s" % (creds.get_realm(), creds.get_username()), >- encoding='utf-8') >+ salt = creds.get_salt() > return self.PasswordKey_create(etype=etype, > pwd=password, > salt=salt, >-- >2.25.1 > > >From fac1d8174b8d294cb64e882ed35983116e75e5ea Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 26 Jul 2021 17:19:04 +1200 >Subject: [PATCH 090/149] tests/krb5: Add check_reply() method to check for AS > or TGS reply > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 28fb50f511f3f693709aa9b41c001d6a5f9c3329) >--- > python/samba/tests/krb5/kdc_base_test.py | 26 +++++------------------- > 1 file changed, 5 insertions(+), 21 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 0dbaeab4a0e..1b550179e0e 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -540,26 +540,7 @@ class KDCBaseTest(RawKerberosTest): > kvno > match the expected values > """ >- >- # Should have a reply, and it should an AS-REP message. >- self.assertIsNotNone(rep) >- self.assertEqual(rep['msg-type'], KRB_AS_REP, "rep = {%s}" % rep) >- >- # Protocol version number should be 5 >- pvno = int(rep['pvno']) >- self.assertEqual(5, pvno, "rep = {%s}" % rep) >- >- # The ticket version number should be 5 >- tkt_vno = int(rep['ticket']['tkt-vno']) >- self.assertEqual(5, tkt_vno, "rep = {%s}" % rep) >- >- # Check that the kvno is not an RODC kvno >- # MIT kerberos does not provide the kvno, so we treat it as optional. >- # This is tested in compatability_test.py >- if 'kvno' in rep['enc-part']: >- kvno = int(rep['enc-part']['kvno']) >- # If the high order bits are set this is an RODC kvno. >- self.assertEqual(0, kvno & 0xFFFF0000, "rep = {%s}" % rep) >+ self.check_reply(rep, msg_type=KRB_AS_REP) > > def check_tgs_reply(self, rep): > """ Check that the kdc response is an TGS-REP and that the >@@ -570,10 +551,13 @@ class KDCBaseTest(RawKerberosTest): > kvno > match the expected values > """ >+ self.check_reply(rep, msg_type=KRB_TGS_REP) >+ >+ def check_reply(self, rep, msg_type): > > # Should have a reply, and it should an TGS-REP message. > self.assertIsNotNone(rep) >- self.assertEqual(rep['msg-type'], KRB_TGS_REP, "rep = {%s}" % rep) >+ self.assertEqual(rep['msg-type'], msg_type, "rep = {%s}" % rep) > > # Protocol version number should be 5 > pvno = int(rep['pvno']) >-- >2.25.1 > > >From 36dbdd3cc91b92263ebeaab2ca18253254de2d8c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 10:32:52 +1200 >Subject: [PATCH 091/149] tests/krb5: Always specify expected error code > >Now the expected error code is always determined by the test code itself >rather than by generic_check_as_error(). > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 21c64fda8f98d451e028ea483dbe351b1280390c) >--- > python/samba/tests/krb5/as_req_tests.py | 11 ++++++++++- > python/samba/tests/krb5/raw_testcase.py | 13 ++++++------- > 2 files changed, 16 insertions(+), 8 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 3b7841243c5..861d2371b75 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -24,8 +24,10 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests import DynamicTestCase > from samba.tests.krb5.kdc_base_test import KDCBaseTest >+import samba.tests.krb5.kcrypto as kcrypto > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( >+ KDC_ERR_ETYPE_NOSUPP, > KDC_ERR_PREAUTH_REQUIRED, > KU_PA_ENC_TIMESTAMP, > NT_PRINCIPAL, >@@ -68,13 +70,20 @@ class AsReqKerberosTests(KDCBaseTest): > sname = self.PrincipalName_create(name_type=NT_SRV_INST, > names=[krbtgt_account, realm]) > >- expected_error_mode = KDC_ERR_PREAUTH_REQUIRED > expected_crealm = realm > expected_cname = cname > expected_srealm = realm > expected_sname = sname > expected_salt = client_creds.get_forced_salt() > >+ if any(etype in client_as_etypes and etype in initial_etypes >+ for etype in (kcrypto.Enctype.AES256, >+ kcrypto.Enctype.AES128, >+ kcrypto.Enctype.RC4)): >+ expected_error_mode = KDC_ERR_PREAUTH_REQUIRED >+ else: >+ expected_error_mode = KDC_ERR_ETYPE_NOSUPP >+ > def _generate_padata_copy(_kdc_exchange_dict, > _callback_dict, > req_body): >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 2dbcc39114a..5579e989d1c 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -40,9 +40,7 @@ from samba.tests import TestCaseInTempDir > > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( >- KDC_ERR_ETYPE_NOSUPP, > KDC_ERR_GENERIC, >- KDC_ERR_PREAUTH_REQUIRED, > KRB_AP_REQ, > KRB_AS_REP, > KRB_AS_REQ, >@@ -1524,7 +1522,7 @@ class RawKerberosTest(TestCaseInTempDir): > check_padata_fn=None, > check_kdc_private_fn=None, > callback_dict=None, >- expected_error_mode=None, >+ expected_error_mode=0, > client_as_etypes=None, > expected_salt=None): > kdc_exchange_dict = { >@@ -1809,13 +1807,11 @@ class RawKerberosTest(TestCaseInTempDir): > if expected_rc4_type != 0: > expect_etype_info2 += (expected_rc4_type,) > >- expected_error = KDC_ERR_ETYPE_NOSUPP > expected_patypes = () > if expect_etype_info: > self.assertGreater(len(expect_etype_info2), 0) > expected_patypes += (PADATA_ETYPE_INFO,) > if len(expect_etype_info2) != 0: >- expected_error = KDC_ERR_PREAUTH_REQUIRED > expected_patypes += (PADATA_ETYPE_INFO2,) > > expected_patypes += (PADATA_ENC_TIMESTAMP,) >@@ -1824,7 +1820,7 @@ class RawKerberosTest(TestCaseInTempDir): > > self.assertElementEqual(rep, 'pvno', 5) > self.assertElementEqual(rep, 'msg-type', KRB_ERROR) >- self.assertElementEqual(rep, 'error-code', expected_error) >+ self.assertElementEqual(rep, 'error-code', expected_error_mode) > self.assertElementMissing(rep, 'ctime') > self.assertElementMissing(rep, 'cusec') > self.assertElementPresent(rep, 'stime') >@@ -1889,7 +1885,10 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertEqual(len(pk_as_rep19), 0) > continue > >- if expected_error == KDC_ERR_ETYPE_NOSUPP: >+ if all(etype not in client_as_etypes or etype not in proposed_etypes >+ for etype in (kcrypto.Enctype.AES256, >+ kcrypto.Enctype.AES128, >+ kcrypto.Enctype.RC4)): > self.assertIsNone(etype_info2) > self.assertIsNone(etype_info) > if self.strict_checking: >-- >2.25.1 > > >From 783642253ffeddbfeed9b800721dcd2d9c8750bd Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 10:35:40 +1200 >Subject: [PATCH 092/149] tests/krb5: Include kdc_options in kdc_exchange_dict > >Make kdc_options an element of kdc_exchange_dict instead of a parameter >to _generic_kdc_exchange(). This allows testing code to adjust the reply >checking based on the options that were specified in the request. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 8fe9589da2d8fe6f5c47770c618ebabe028f6a95) >--- > python/samba/tests/krb5/as_req_tests.py | 4 ++-- > python/samba/tests/krb5/raw_testcase.py | 15 ++++++++++----- > 2 files changed, 12 insertions(+), 7 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 861d2371b75..ed97a10b616 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -99,10 +99,10 @@ class AsReqKerberosTests(KDCBaseTest): > check_rep_fn=self.generic_check_kdc_rep, > expected_error_mode=expected_error_mode, > client_as_etypes=client_as_etypes, >- expected_salt=expected_salt) >+ expected_salt=expected_salt, >+ kdc_options=str(initial_kdc_options)) > > rep = self._generic_kdc_exchange(kdc_exchange_dict, >- kdc_options=str(initial_kdc_options), > cname=cname, > realm=realm, > sname=sname, >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 5579e989d1c..00f90c5dea9 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1431,7 +1431,6 @@ class RawKerberosTest(TestCaseInTempDir): > > def _generic_kdc_exchange(self, > kdc_exchange_dict, # required >- kdc_options=None, # required > cname=None, # optional > realm=None, # required > sname=None, # optional >@@ -1454,6 +1453,8 @@ class RawKerberosTest(TestCaseInTempDir): > req_asn1Spec = kdc_exchange_dict['req_asn1Spec'] > rep_msg_type = kdc_exchange_dict['rep_msg_type'] > >+ kdc_options = kdc_exchange_dict['kdc_options'] >+ > if till_time is None: > till_time = self.get_KerberosTime(offset=36000) > if nonce is None: >@@ -1524,7 +1525,8 @@ class RawKerberosTest(TestCaseInTempDir): > callback_dict=None, > expected_error_mode=0, > client_as_etypes=None, >- expected_salt=None): >+ expected_salt=None, >+ kdc_options=''): > kdc_exchange_dict = { > 'req_msg_type': KRB_AS_REQ, > 'req_asn1Spec': krb5_asn1.AS_REQ, >@@ -1545,6 +1547,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'expected_error_mode': expected_error_mode, > 'client_as_etypes': client_as_etypes, > 'expected_salt': expected_salt, >+ 'kdc_options': kdc_options, > } > if callback_dict is None: > callback_dict = {} >@@ -1565,7 +1568,8 @@ class RawKerberosTest(TestCaseInTempDir): > callback_dict=None, > tgt=None, > authenticator_subkey=None, >- body_checksum_type=None): >+ body_checksum_type=None, >+ kdc_options=''): > kdc_exchange_dict = { > 'req_msg_type': KRB_TGS_REQ, > 'req_asn1Spec': krb5_asn1.TGS_REQ, >@@ -1586,6 +1590,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'tgt': tgt, > 'body_checksum_type': body_checksum_type, > 'authenticator_subkey': authenticator_subkey, >+ 'kdc_options': kdc_options > } > if callback_dict is None: > callback_dict = {} >@@ -2047,10 +2052,10 @@ class RawKerberosTest(TestCaseInTempDir): > check_kdc_private_fn=self.generic_check_kdc_private, > expected_error_mode=expected_error_mode, > client_as_etypes=client_as_etypes, >- expected_salt=expected_salt) >+ expected_salt=expected_salt, >+ kdc_options=str(kdc_options)) > > rep = self._generic_kdc_exchange(kdc_exchange_dict, >- kdc_options=str(kdc_options), > cname=cname, > realm=realm, > sname=sname, >-- >2.25.1 > > >From 6553d40023ccf39a086d2846e955081ec7d7b48f Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 11:06:15 +1200 >Subject: [PATCH 093/149] tests/krb5: Only allow specifying one of check_rep_fn > and check_error_fn > >This means that there can no longer be surprises where a test receives a >reply when it was expecting an error, or vice versa. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 78818655505b3183251940e86270cd40bae73206) >--- > python/samba/tests/krb5/as_req_tests.py | 2 +- > python/samba/tests/krb5/raw_testcase.py | 25 +++++++++++++++++++------ > 2 files changed, 20 insertions(+), 7 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index ed97a10b616..d9a66f99ecf 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -96,7 +96,7 @@ class AsReqKerberosTests(KDCBaseTest): > expected_sname=expected_sname, > generate_padata_fn=_generate_padata_copy, > check_error_fn=self.generic_check_as_error, >- check_rep_fn=self.generic_check_kdc_rep, >+ check_rep_fn=None, > expected_error_mode=expected_error_mode, > client_as_etypes=client_as_etypes, > expected_salt=expected_salt, >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 00f90c5dea9..d7813387941 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1453,6 +1453,7 @@ class RawKerberosTest(TestCaseInTempDir): > req_asn1Spec = kdc_exchange_dict['req_asn1Spec'] > rep_msg_type = kdc_exchange_dict['rep_msg_type'] > >+ expected_error_mode = kdc_exchange_dict['expected_error_mode'] > kdc_options = kdc_exchange_dict['kdc_options'] > > if till_time is None: >@@ -1497,12 +1498,17 @@ class RawKerberosTest(TestCaseInTempDir): > msg_type = self.getElementValue(rep, 'msg-type') > self.assertIsNotNone(msg_type) > >- allowed_msg_types = () >+ expected_msg_type = None > if check_error_fn is not None: >- allowed_msg_types = (KRB_ERROR,) >+ expected_msg_type = KRB_ERROR >+ self.assertIsNone(check_rep_fn) >+ self.assertNotEqual(0, expected_error_mode) > if check_rep_fn is not None: >- allowed_msg_types += (rep_msg_type,) >- self.assertIn(msg_type, allowed_msg_types) >+ expected_msg_type = rep_msg_type >+ self.assertIsNone(check_error_fn) >+ self.assertEqual(0, expected_error_mode) >+ self.assertIsNotNone(expected_msg_type) >+ self.assertEqual(msg_type, expected_msg_type) > > if msg_type == KRB_ERROR: > return check_error_fn(kdc_exchange_dict, >@@ -2039,6 +2045,13 @@ class RawKerberosTest(TestCaseInTempDir): > as_rep_usage = KU_AS_REP_ENC_PART > return preauth_key, as_rep_usage > >+ if expected_error_mode == 0: >+ check_error_fn = None >+ check_rep_fn = self.generic_check_kdc_rep >+ else: >+ check_error_fn = self.generic_check_as_error >+ check_rep_fn = None >+ > kdc_exchange_dict = self.as_exchange_dict( > expected_crealm=expected_crealm, > expected_cname=expected_cname, >@@ -2046,8 +2059,8 @@ class RawKerberosTest(TestCaseInTempDir): > expected_sname=expected_sname, > ticket_decryption_key=ticket_decryption_key, > generate_padata_fn=_generate_padata_copy, >- check_error_fn=self.generic_check_as_error, >- check_rep_fn=self.generic_check_kdc_rep, >+ check_error_fn=check_error_fn, >+ check_rep_fn=check_rep_fn, > check_padata_fn=_check_padata_preauth_key, > check_kdc_private_fn=self.generic_check_kdc_private, > expected_error_mode=expected_error_mode, >-- >2.25.1 > > >From c492a711dd5b0bdd4bdc5fda502744a61dce8f35 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 10:37:48 +1200 >Subject: [PATCH 094/149] tests/krb5: Ensure in assertElementPresent() that > container elements are not empty > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ba3c92f77b20e1e0d298cd92399dc69535739c27) >--- > python/samba/tests/krb5/raw_testcase.py | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index d7813387941..e1baf0ce943 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -24,6 +24,8 @@ import datetime > import random > import binascii > import itertools >+import collections >+ > from pyasn1.codec.der.decoder import decode as pyasn1_der_decode > from pyasn1.codec.der.encoder import encode as pyasn1_der_encode > from pyasn1.codec.native.decoder import decode as pyasn1_native_decode >@@ -817,6 +819,9 @@ class RawKerberosTest(TestCaseInTempDir): > def assertElementPresent(self, obj, elem): > v = self.getElementValue(obj, elem) > self.assertIsNotNone(v) >+ if self.strict_checking: >+ if isinstance(v, collections.abc.Container): >+ self.assertNotEqual(0, len(v)) > > def assertElementEqual(self, obj, elem, value): > v = self.getElementValue(obj, elem) >-- >2.25.1 > > >From c5e9d91ee7fedcd20d4aae435f76263db49722d4 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:39:42 +1200 >Subject: [PATCH 095/149] tests/krb5: Assert that more variables are not None > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3d1066e923815782036bd11524fda110a2528951) >--- > python/samba/tests/krb5/raw_testcase.py | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index e1baf0ce943..3a178f4bce3 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1631,12 +1631,14 @@ class RawKerberosTest(TestCaseInTempDir): > ticket = self.getElementValue(rep, 'ticket') > ticket_encpart = None > ticket_cipher = None >+ self.assertIsNotNone(ticket) > if ticket is not None: # Never None, but gives indentation > self.assertElementPresent(ticket, 'tkt-vno') > self.assertElementEqualUTF8(ticket, 'realm', expected_srealm) > self.assertElementEqualPrincipal(ticket, 'sname', expected_sname) > self.assertElementPresent(ticket, 'enc-part') > ticket_encpart = self.getElementValue(ticket, 'enc-part') >+ self.assertIsNotNone(ticket_encpart) > if ticket_encpart is not None: # Never None, but gives indentation > self.assertElementPresent(ticket_encpart, 'etype') > # 'unspecified' means present, with any value != 0 >@@ -1647,6 +1649,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementPresent(rep, 'enc-part') > encpart = self.getElementValue(rep, 'enc-part') > encpart_cipher = None >+ self.assertIsNotNone(encpart) > if encpart is not None: # Never None, but gives indentation > self.assertElementPresent(encpart, 'etype') > self.assertElementKVNO(ticket_encpart, 'kvno', 'autodetect') >@@ -1654,6 +1657,7 @@ class RawKerberosTest(TestCaseInTempDir): > encpart_cipher = self.getElementValue(encpart, 'cipher') > > encpart_decryption_key = None >+ self.assertIsNotNone(check_padata_fn) > if check_padata_fn is not None: > # See if we can get the decryption key from the preauth phase > encpart_decryption_key, encpart_decryption_usage = ( >@@ -1661,6 +1665,7 @@ class RawKerberosTest(TestCaseInTempDir): > rep, padata)) > > ticket_private = None >+ self.assertIsNotNone(ticket_decryption_key) > if ticket_decryption_key is not None: > self.assertElementEqual(ticket_encpart, 'etype', > ticket_decryption_key.etype) >@@ -1673,6 +1678,7 @@ class RawKerberosTest(TestCaseInTempDir): > asn1Spec=krb5_asn1.EncTicketPart()) > > encpart_private = None >+ self.assertIsNotNone(encpart_decryption_key) > if encpart_decryption_key is not None: > self.assertElementEqual(encpart, 'etype', > encpart_decryption_key.etype) >@@ -1692,6 +1698,7 @@ class RawKerberosTest(TestCaseInTempDir): > rep_decpart, > asn1Spec=krb5_asn1.EncTGSRepPart()) > >+ self.assertIsNotNone(check_kdc_private_fn) > if check_kdc_private_fn is not None: > check_kdc_private_fn(kdc_exchange_dict, callback_dict, > rep, ticket_private, encpart_private) >@@ -1718,6 +1725,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementPresent(ticket_private, 'flags') > self.assertElementPresent(ticket_private, 'key') > ticket_key = self.getElementValue(ticket_private, 'key') >+ self.assertIsNotNone(ticket_key) > if ticket_key is not None: # Never None, but gives indentation > self.assertElementPresent(ticket_key, 'keytype') > self.assertElementPresent(ticket_key, 'keyvalue') >@@ -1739,6 +1747,7 @@ class RawKerberosTest(TestCaseInTempDir): > if encpart_private is not None: > self.assertElementPresent(encpart_private, 'key') > encpart_key = self.getElementValue(encpart_private, 'key') >+ self.assertIsNotNone(encpart_key) > if encpart_key is not None: # Never None, but gives indentation > self.assertElementPresent(encpart_key, 'keytype') > self.assertElementPresent(encpart_key, 'keyvalue') >-- >2.25.1 > > >From 264b5f937686d0cfa5c2b515d94b0b08bced7ef4 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 11:34:19 +1200 >Subject: [PATCH 096/149] tests/krb5: Check version number of obtained ticket > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 98dc19e8c817fc66e253e544874a45b17b8bfa7b) >--- > python/samba/tests/krb5/raw_testcase.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 3a178f4bce3..70062ca338a 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1633,7 +1633,7 @@ class RawKerberosTest(TestCaseInTempDir): > ticket_cipher = None > self.assertIsNotNone(ticket) > if ticket is not None: # Never None, but gives indentation >- self.assertElementPresent(ticket, 'tkt-vno') >+ self.assertElementEqual(ticket, 'tkt-vno', 5) > self.assertElementEqualUTF8(ticket, 'realm', expected_srealm) > self.assertElementEqualPrincipal(ticket, 'sname', expected_sname) > self.assertElementPresent(ticket, 'enc-part') >-- >2.25.1 > > >From b21ab467b18474266b895629fbf5de5af8f66a68 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 11:39:37 +1200 >Subject: [PATCH 097/149] tests/krb5: Make checking less strict > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6df0e406f1f823bf4d65cd478eb6f2424b69adcc) > >[abartlet@samba.org Adapted to add knownfail because in this >Samba 4.14 backport we do not include >b3ee034b4d457607ef25a5b01da64e1eaf5906dd >(s4:kdc: prefer newer enctypes for preauth responses)] >--- > python/samba/tests/krb5/raw_testcase.py | 52 ++++++++++--------- > .../knownfail.d/samba.tests.krb5.as_req_tests | 42 --------------- > 2 files changed, 27 insertions(+), 67 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 70062ca338a..69b7c7adc9b 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1625,8 +1625,9 @@ class RawKerberosTest(TestCaseInTempDir): > > self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP > padata = self.getElementValue(rep, 'padata') >- self.assertElementEqualUTF8(rep, 'crealm', expected_crealm) >- self.assertElementEqualPrincipal(rep, 'cname', expected_cname) >+ if self.strict_checking: >+ self.assertElementEqualUTF8(rep, 'crealm', expected_crealm) >+ self.assertElementEqualPrincipal(rep, 'cname', expected_cname) > self.assertElementPresent(rep, 'ticket') > ticket = self.getElementValue(rep, 'ticket') > ticket_encpart = None >@@ -1682,8 +1683,9 @@ class RawKerberosTest(TestCaseInTempDir): > if encpart_decryption_key is not None: > self.assertElementEqual(encpart, 'etype', > encpart_decryption_key.etype) >- self.assertElementKVNO(encpart, 'kvno', >- encpart_decryption_key.kvno) >+ if self.strict_checking: >+ self.assertElementKVNO(encpart, 'kvno', >+ encpart_decryption_key.kvno) > rep_decpart = encpart_decryption_key.decrypt( > encpart_decryption_usage, > encpart_cipher) >@@ -1846,17 +1848,17 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementEqual(rep, 'pvno', 5) > self.assertElementEqual(rep, 'msg-type', KRB_ERROR) > self.assertElementEqual(rep, 'error-code', expected_error_mode) >- self.assertElementMissing(rep, 'ctime') >- self.assertElementMissing(rep, 'cusec') >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'ctime') >+ self.assertElementMissing(rep, 'cusec') > self.assertElementPresent(rep, 'stime') > self.assertElementPresent(rep, 'susec') > # error-code checked above > if self.strict_checking: > self.assertElementMissing(rep, 'crealm') > self.assertElementMissing(rep, 'cname') >- self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >- self.assertElementEqualPrincipal(rep, 'sname', expected_sname) >- if self.strict_checking: >+ self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >+ self.assertElementEqualPrincipal(rep, 'sname', expected_sname) > self.assertElementMissing(rep, 'e-text') > if expected_error_mode == KDC_ERR_GENERIC: > self.assertElementMissing(rep, 'e-data') >@@ -1922,7 +1924,8 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(pk_as_rep19) > return > >- self.assertIsNotNone(etype_info2) >+ if self.strict_checking: >+ self.assertIsNotNone(etype_info2) > if expect_etype_info: > self.assertIsNotNone(etype_info) > else: >@@ -1931,23 +1934,22 @@ class RawKerberosTest(TestCaseInTempDir): > if unexpect_etype_info: > self.assertIsNone(etype_info) > >- self.assertGreaterEqual(len(etype_info2), 1) >- self.assertLessEqual(len(etype_info2), len(expect_etype_info2)) > if self.strict_checking: >+ self.assertGreaterEqual(len(etype_info2), 1) > self.assertEqual(len(etype_info2), len(expect_etype_info2)) >- for i in range(0, len(etype_info2)): >- e = self.getElementValue(etype_info2[i], 'etype') >- self.assertEqual(e, expect_etype_info2[i]) >- salt = self.getElementValue(etype_info2[i], 'salt') >- if e == kcrypto.Enctype.RC4: >- self.assertIsNone(salt) >- else: >- self.assertIsNotNone(salt) >- if expected_salt is not None: >- self.assertEqual(salt, expected_salt) >- s2kparams = self.getElementValue(etype_info2[i], 's2kparams') >- if self.strict_checking: >- self.assertIsNone(s2kparams) >+ for i in range(0, len(etype_info2)): >+ e = self.getElementValue(etype_info2[i], 'etype') >+ self.assertEqual(e, expect_etype_info2[i]) >+ salt = self.getElementValue(etype_info2[i], 'salt') >+ if e == kcrypto.Enctype.RC4: >+ self.assertIsNone(salt) >+ else: >+ self.assertIsNotNone(salt) >+ if expected_salt is not None: >+ self.assertEqual(salt, expected_salt) >+ s2kparams = self.getElementValue(etype_info2[i], 's2kparams') >+ if self.strict_checking: >+ self.assertIsNone(s2kparams) > if etype_info is not None: > self.assertEqual(len(etype_info), 1) > e = self.getElementValue(etype_info[0], 'etype') >diff --git a/selftest/knownfail.d/samba.tests.krb5.as_req_tests b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >index f395bdc553b..35375dfcc8e 100644 >--- a/selftest/knownfail.d/samba.tests.krb5.as_req_tests >+++ b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >@@ -1,45 +1,3 @@ >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2008r2dc >-- >2.25.1 > > >From 5da31722104fe17a4fabe49122b36001b9004800 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 12:52:42 +1200 >Subject: [PATCH 098/149] tests/krb5: Check nonce in EncKDCRepPart > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4951a105b0448854115a7ecc3d867be6f34b0dcf) >--- > python/samba/tests/krb5/raw_testcase.py | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 69b7c7adc9b..60e589464f3 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1442,7 +1442,6 @@ class RawKerberosTest(TestCaseInTempDir): > from_time=None, # optional > till_time=None, # required > renew_time=None, # optional >- nonce=None, # required > etypes=None, # required > addresses=None, # optional > additional_tickets=None, # optional >@@ -1463,8 +1462,12 @@ class RawKerberosTest(TestCaseInTempDir): > > if till_time is None: > till_time = self.get_KerberosTime(offset=36000) >- if nonce is None: >+ >+ if 'nonce' in kdc_exchange_dict: >+ nonce = kdc_exchange_dict['nonce'] >+ else: > nonce = self.get_Nonce() >+ kdc_exchange_dict['nonce'] = nonce > > req_body = self.KDC_REQ_BODY_create( > kdc_options=kdc_options, >@@ -1755,7 +1758,8 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementPresent(encpart_key, 'keyvalue') > encpart_session_key = self.EncryptionKey_import(encpart_key) > self.assertElementPresent(encpart_private, 'last-req') >- self.assertElementPresent(encpart_private, 'nonce') >+ self.assertElementEqual(encpart_private, 'nonce', >+ kdc_exchange_dict['nonce']) > # TODO self.assertElementPresent(encpart_private, > # 'key-expiration') > self.assertElementPresent(encpart_private, 'flags') >-- >2.25.1 > > >From 9c5bb118a4e9a076f1edae5cfce0fd1b87b00312 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Jul 2021 19:27:02 +1200 >Subject: [PATCH 099/149] tests/krb5: Add generate_ap_req() method > >This method will be useful to generate an AP-REQ for use as FAST armor. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4824dd4e9f40abcbd4134b79e2b2b8fb960f47e7) >--- > python/samba/tests/krb5/raw_testcase.py | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 60e589464f3..67b359f07d8 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1971,10 +1971,10 @@ class RawKerberosTest(TestCaseInTempDir): > kdc_exchange_dict['preauth_etype_info2'] = etype_info2 > return > >- def generate_simple_tgs_padata(self, >- kdc_exchange_dict, >- callback_dict, >- req_body): >+ def generate_ap_req(self, >+ kdc_exchange_dict, >+ _callback_dict, >+ req_body): > tgt = kdc_exchange_dict['tgt'] > authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] > body_checksum_type = kdc_exchange_dict['body_checksum_type'] >@@ -2014,6 +2014,16 @@ class RawKerberosTest(TestCaseInTempDir): > ticket=tgt.ticket, > authenticator=authenticator) > ap_req = self.der_encode(ap_req_obj, asn1Spec=krb5_asn1.AP_REQ()) >+ >+ return ap_req >+ >+ def generate_simple_tgs_padata(self, >+ kdc_exchange_dict, >+ callback_dict, >+ req_body): >+ ap_req = self.generate_ap_req(kdc_exchange_dict, >+ callback_dict, >+ req_body) > pa_tgs_req = self.PA_DATA_create(PADATA_KDC_REQ, ap_req) > padata = [pa_tgs_req] > >-- >2.25.1 > > >From 746382fe8b823d2d0a6867b04683e9626fc4986c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 11:06:35 +1200 >Subject: [PATCH 100/149] tests/krb5: Ensure generated padata is not None > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b6f96dd6395a30e15fa906959cbe665757aaba8d) >--- > python/samba/tests/krb5/as_req_tests.py | 6 +++++- > python/samba/tests/krb5/raw_testcase.py | 8 +++++++- > 2 files changed, 12 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index d9a66f99ecf..b5a6cfd31c7 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -89,12 +89,16 @@ class AsReqKerberosTests(KDCBaseTest): > req_body): > return initial_padata, req_body > >+ generate_padata_fn = (_generate_padata_copy >+ if initial_padata is not None >+ else None) >+ > kdc_exchange_dict = self.as_exchange_dict( > expected_crealm=expected_crealm, > expected_cname=expected_cname, > expected_srealm=expected_srealm, > expected_sname=expected_sname, >- generate_padata_fn=_generate_padata_copy, >+ generate_padata_fn=generate_padata_fn, > check_error_fn=self.generic_check_as_error, > check_rep_fn=None, > expected_error_mode=expected_error_mode, >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 67b359f07d8..e15fc44a962 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1489,6 +1489,7 @@ class RawKerberosTest(TestCaseInTempDir): > padata, req_body = generate_padata_fn(kdc_exchange_dict, > callback_dict, > req_body) >+ self.assertIsNotNone(padata) > else: > padata = None > >@@ -2082,13 +2083,18 @@ class RawKerberosTest(TestCaseInTempDir): > check_error_fn = self.generic_check_as_error > check_rep_fn = None > >+ if padata is not None: >+ generate_padata_fn = _generate_padata_copy >+ else: >+ generate_padata_fn = None >+ > kdc_exchange_dict = self.as_exchange_dict( > expected_crealm=expected_crealm, > expected_cname=expected_cname, > expected_srealm=expected_srealm, > expected_sname=expected_sname, > ticket_decryption_key=ticket_decryption_key, >- generate_padata_fn=_generate_padata_copy, >+ generate_padata_fn=generate_padata_fn, > check_error_fn=check_error_fn, > check_rep_fn=check_rep_fn, > check_padata_fn=_check_padata_preauth_key, >-- >2.25.1 > > >From ce5fc45f0076700eb1f2b0f7379f175e4f0517b8 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 13:59:36 +1200 >Subject: [PATCH 101/149] tests/krb5: Generate AP-REQ for TGS request in > _generic_kdc_exchange() > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 025737deb5325d25b2ae4c57583c24ae1d0eca33) >--- > python/samba/tests/krb5/raw_testcase.py | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index e15fc44a962..4f399467cfe 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1484,13 +1484,34 @@ class RawKerberosTest(TestCaseInTempDir): > EncAuthorizationData=EncAuthorizationData, > EncAuthorizationData_key=EncAuthorizationData_key, > EncAuthorizationData_usage=EncAuthorizationData_usage) >+ >+ if req_msg_type == KRB_AS_REQ: >+ tgs_req = None >+ tgs_req_padata = None >+ else: >+ self.assertEqual(KRB_TGS_REQ, req_msg_type) >+ >+ tgs_req = self.generate_ap_req(kdc_exchange_dict, >+ callback_dict, >+ req_body) >+ tgs_req_padata = self.PA_DATA_create(PADATA_KDC_REQ, tgs_req) >+ > if generate_padata_fn is not None: > # This can alter req_body... > padata, req_body = generate_padata_fn(kdc_exchange_dict, > callback_dict, > req_body) > self.assertIsNotNone(padata) >+ self.assertNotIn(PADATA_KDC_REQ, >+ [pa['padata-type'] for pa in padata], >+ 'Don\'t create TGS-REQ manually') > else: >+ padata = [] >+ >+ if tgs_req_padata is not None: >+ padata.insert(0, tgs_req_padata) >+ >+ if not padata: > padata = None > > kdc_exchange_dict['req_padata'] = padata >-- >2.25.1 > > >From fa753ac1da91061a27f30a836ca91a7610afa836 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 10:21:07 +1200 >Subject: [PATCH 102/149] tests/krb5: Add more ASN1 definitions for FAST > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ec702900295100ae4e48ba57242eee6670bf30d6) >--- > python/samba/tests/krb5/rfc4120.asn1 | 106 ++++++++++++++++++- > python/samba/tests/krb5/rfc4120_constants.py | 33 ++++++ > python/samba/tests/krb5/rfc4120_pyasn1.py | 100 ++++++++++++++++- > 3 files changed, 236 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index d81d06ad6f7..f47c1d00202 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -1,3 +1,43 @@ >+-- Portions of these ASN.1 modules are structures are from RFC6113 >+-- authored by S. Hartman (Painless Security) and L. Zhu (Microsoft) >+-- >+-- Copyright (c) 2011 IETF Trust and the persons identified as authors of the >+-- code. All rights reserved. >+-- >+-- Redistribution and use in source and binary forms, with or without >+-- modification, is permitted pursuant to, and subject to the license terms >+-- contained in, the Simplified BSD License set forth in Section 4.c of the IETF >+-- Trustâs Legal Provisions Relating to IETF Documents >+-- (http://trustee.ietf.org/license-info). >+-- >+-- BSD License: >+-- >+-- Copyright (c) 2011 IETF Trust and the persons identified as authors of the code. All rights reserved. >+-- Redistribution and use in source and binary forms, with or without modification, are permitted provided >+-- that the following conditions are met: >+-- ⢠Redistributions of source code must retain the above copyright notice, this list of conditions and >+-- the following disclaimer. >+-- >+-- ⢠Redistributions in binary form must reproduce the above copyright notice, this list of conditions >+-- and the following disclaimer in the documentation and/or other materials provided with the >+-- distribution. >+-- >+-- ⢠Neither the name of Internet Society, IETF or IETF Trust, nor the names of specific contributors, >+-- may be used to endorse or promote products derived from this software without specific prior written >+-- permission. >+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS âAS ISâ >+-- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+-- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+-- ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE >+-- LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+-- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+-- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+-- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+-- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE >+-- POSSIBILITY OF SUCH DAMAGE. >+-- >+ > KerberosV5Spec2 { > iso(1) identified-organization(3) dod(6) internet(1) > security(5) kerberosV5(2) modules(4) krb5spec2(2) >@@ -464,6 +504,69 @@ PA-PAC-OPTIONS ::= SEQUENCE { > KERB-KEY-LIST-REQ ::= SEQUENCE OF EncryptionType -- Int32 encryption type -- > KERB-KEY-LIST-REP ::= SEQUENCE OF EncryptionKey > >+FastOptions ::= BIT STRING { >+ reserved(0), >+ hide-client-names(1), >+ kdc-follow-referrals(16) >+} >+ >+KrbFastReq ::= SEQUENCE { >+ fast-options [0] FastOptions, >+ padata [1] SEQUENCE OF PA-DATA, >+ req-body [2] KDC-REQ-BODY, >+ ... >+} >+ >+KrbFastArmor ::= SEQUENCE { >+ armor-type [0] Int32, >+ armor-value [1] OCTET STRING, >+ ... >+} >+ >+KrbFastArmoredReq ::= SEQUENCE { >+ armor [0] KrbFastArmor OPTIONAL, >+ req-checksum [1] Checksum, >+ enc-fast-req [2] EncryptedData -- KrbFastReq -- >+} >+ >+PA-FX-FAST-REQUEST ::= CHOICE { >+ armored-data [0] KrbFastArmoredReq, >+ ... >+} >+ >+KrbFastFinished ::= SEQUENCE { >+ timestamp [0] KerberosTime, >+ usec [1] Int32, >+ crealm [2] Realm, >+ cname [3] PrincipalName, >+ ticket-checksum [4] Checksum, >+ ... >+} >+ >+KrbFastResponse ::= SEQUENCE { >+ padata [0] SEQUENCE OF PA-DATA, >+ -- padata typed holes. >+ strengthen-key [1] EncryptionKey OPTIONAL, >+ -- This, if present, strengthens the reply key for AS and >+ -- TGS. MUST be present for TGS. >+ -- MUST be absent in KRB-ERROR. >+ finished [2] KrbFastFinished OPTIONAL, >+ -- Present in AS or TGS reply; absent otherwise. >+ nonce [3] UInt32, >+ -- Nonce from the client request. >+ ... >+} >+ >+KrbFastArmoredRep ::= SEQUENCE { >+ enc-fast-rep [0] EncryptedData, -- KrbFastResponse -- >+ ... >+} >+ >+PA-FX-FAST-REPLY ::= CHOICE { >+ armored-data [0] KrbFastArmoredRep, >+ ... >+} >+ > -- MS-KILE End > -- > -- >@@ -631,7 +734,8 @@ PADataTypeValues ::= INTEGER { > kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon > kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u > kRB5-PADATA-REQ-ENC-PA-REP(149), -- >- kRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE >+ kRB5-PADATA-SUPPORTED-ETYPES(165), -- MS-KILE >+ kRB5-PADATA-PAC-OPTIONS(167) -- MS-KILE > } > PADataTypeSequence ::= SEQUENCE { > dummy [0] PADataTypeValues >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index b00b8b48ae5..e1a688991a7 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -36,29 +36,44 @@ KRB_TGS_REQ = int(krb5_asn1.MessageTypeValues('krb-tgs-req')) > # PAData types > PADATA_ENC_TIMESTAMP = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ENCRYPTED_CHALLENGE = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ENCRYPTED-CHALLENGE')) > PADATA_ETYPE_INFO = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO')) > PADATA_ETYPE_INFO2 = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) > PADATA_FOR_USER = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-FOR-USER')) >+PADATA_FX_COOKIE = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-FX-COOKIE')) >+PADATA_FX_ERROR = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-FX-ERROR')) >+PADATA_FX_FAST = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-FX-FAST')) > PADATA_KDC_REQ = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-KDC-REQ')) >+PADATA_PAC_OPTIONS = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-PAC-OPTIONS')) > PADATA_PAC_REQUEST = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-PA-PAC-REQUEST')) > PADATA_PK_AS_REQ = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REQ')) > PADATA_PK_AS_REP_19 = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REP-19')) >+PADATA_SUPPORTED_ETYPES = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-SUPPORTED-ETYPES')) > > # Error codes > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_POLICY = 12 > KDC_ERR_ETYPE_NOSUPP = 14 > KDC_ERR_PREAUTH_FAILED = 24 > KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_NOT_US = 35 > KDC_ERR_BADMATCH = 36 > KDC_ERR_SKEW = 37 > KDC_ERR_GENERIC = 60 >+KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS = 93 > > # Name types > NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >@@ -67,6 +82,7 @@ NT_SRV_HST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-HST')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >+NT_WELLKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-WELLKNOWN')) > > # Authorization data ad-type values > >@@ -79,6 +95,8 @@ AD_MANDATORY_TICKET_EXTENSIONS = 6 > AD_IN_TICKET_EXTENSIONS = 7 > AD_MANDATORY_FOR_KDC = 8 > AD_INITIAL_VERIFIED_CAS = 9 >+AD_FX_FAST_ARMOR = 71 >+AD_FX_FAST_USED = 72 > AD_WIN2K_PAC = 128 > AD_SIGNTICKET = 512 > >@@ -133,3 +151,18 @@ KU_KRB_SAFE_CKSUM = 15 > (section 5.6.1) ''' > KU_NON_KERB_SALT = 16 > KU_NON_KERB_CKSUM_SALT = 17 >+ >+KU_ACCEPTOR_SEAL = 22 >+KU_ACCEPTOR_SIGN = 23 >+KU_INITIATOR_SEAL = 24 >+KU_INITIATOR_SIGN = 25 >+ >+KU_FAST_REQ_CHKSUM = 50 >+KU_FAST_ENC = 51 >+KU_FAST_REP = 52 >+KU_FAST_FINISHED = 53 >+KU_ENC_CHALLENGE_CLIENT = 54 >+KU_ENC_CHALLENGE_KDC = 55 >+ >+# Armor types >+FX_FAST_ARMOR_AP_REQUEST = 1 >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index 56fe02a68f0..39ec8ed7982 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2021-06-16 08:54:13.969508) >+# (last modified on 2021-06-25 12:10:34.484667) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -619,6 +619,17 @@ EncryptionTypeSequence.componentType = namedtype.NamedTypes( > ) > > >+class FastOptions(univ.BitString): >+ pass >+ >+ >+FastOptions.namedValues = namedval.NamedValues( >+ ('reserved', 0), >+ ('hide-client-names', 1), >+ ('kdc-follow-referrals', 16) >+) >+ >+ > class KDCOptionsValues(univ.BitString): > pass > >@@ -800,6 +811,72 @@ KerbErrorDataTypeSequence.componentType = namedtype.NamedTypes( > ) > > >+class KrbFastArmor(univ.Sequence): >+ pass >+ >+ >+KrbFastArmor.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('armor-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('armor-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class KrbFastArmoredRep(univ.Sequence): >+ pass >+ >+ >+KrbFastArmoredRep.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('enc-fast-rep', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) >+) >+ >+ >+class KrbFastArmoredReq(univ.Sequence): >+ pass >+ >+ >+KrbFastArmoredReq.componentType = namedtype.NamedTypes( >+ namedtype.OptionalNamedType('armor', KrbFastArmor().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), >+ namedtype.NamedType('req-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), >+ namedtype.NamedType('enc-fast-req', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) >+) >+ >+ >+class KrbFastFinished(univ.Sequence): >+ pass >+ >+ >+KrbFastFinished.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('usec', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), >+ namedtype.NamedType('ticket-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))) >+) >+ >+ >+class KrbFastReq(univ.Sequence): >+ pass >+ >+ >+KrbFastReq.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('fast-options', FastOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) >+) >+ >+ >+class KrbFastResponse(univ.Sequence): >+ pass >+ >+ >+KrbFastResponse.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('strengthen-key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), >+ namedtype.OptionalNamedType('finished', KrbFastFinished().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) >+) >+ >+ > class MessageTypeValues(univ.Integer): > pass > >@@ -871,6 +948,24 @@ PA_ENC_TS_ENC.componentType = namedtype.NamedTypes( > ) > > >+class PA_FX_FAST_REPLY(univ.Choice): >+ pass >+ >+ >+PA_FX_FAST_REPLY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('armored-data', KrbFastArmoredRep().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) >+) >+ >+ >+class PA_FX_FAST_REQUEST(univ.Choice): >+ pass >+ >+ >+PA_FX_FAST_REQUEST.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('armored-data', KrbFastArmoredReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) >+) >+ >+ > class PACOptionFlags(KerberosFlags): > pass > >@@ -980,7 +1075,8 @@ PADataTypeValues.namedValues = namedval.NamedValues( > ('kRB5-PADATA-PKINIT-KX', 147), > ('kRB5-PADATA-PKU2U-NAME', 148), > ('kRB5-PADATA-REQ-ENC-PA-REP', 149), >- ('kRB5-PADATA-SUPPORTED-ETYPES', 165) >+ ('kRB5-PADATA-SUPPORTED-ETYPES', 165), >+ ('kRB5-PADATA-PAC-OPTIONS', 167) > ) > > >-- >2.25.1 > > >From 6da717db87aacd20583144072f111cf0d329e763 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 10:23:26 +1200 >Subject: [PATCH 103/149] tests/krb5: Add more methods to create ASN1 objects > for FAST > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 69a66c0d2a7ed415c8d8acdb8da0f2f3d1abf60d) >--- > python/samba/tests/krb5/raw_testcase.py | 70 +++++++++++++++++++++++++ > 1 file changed, 70 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 4f399467cfe..46ce7605edf 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1013,6 +1013,17 @@ class RawKerberosTest(TestCaseInTempDir): > } > return PrincipalName_obj > >+ def AuthorizationData_create(self, ad_type, ad_data): >+ # AuthorizationData ::= SEQUENCE { >+ # ad-type [0] Int32, >+ # ad-data [1] OCTET STRING >+ # } >+ AUTH_DATA_obj = { >+ 'ad-type': ad_type, >+ 'ad-data': ad_data >+ } >+ return AUTH_DATA_obj >+ > def PA_DATA_create(self, padata_type, padata_value): > # PA-DATA ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] >@@ -1036,6 +1047,65 @@ class RawKerberosTest(TestCaseInTempDir): > } > return PA_ENC_TS_ENC_obj > >+ def PA_PAC_OPTIONS_create(self, options): >+ # PA-PAC-OPTIONS ::= SEQUENCE { >+ # options [0] PACOptionFlags >+ # } >+ PA_PAC_OPTIONS_obj = { >+ 'options': options >+ } >+ return PA_PAC_OPTIONS_obj >+ >+ def KRB_FAST_ARMOR_create(self, armor_type, armor_value): >+ # KrbFastArmor ::= SEQUENCE { >+ # armor-type [0] Int32, >+ # armor-value [1] OCTET STRING, >+ # ... >+ # } >+ KRB_FAST_ARMOR_obj = { >+ 'armor-type': armor_type, >+ 'armor-value': armor_value >+ } >+ return KRB_FAST_ARMOR_obj >+ >+ def KRB_FAST_REQ_create(self, fast_options, padata, req_body): >+ # KrbFastReq ::= SEQUENCE { >+ # fast-options [0] FastOptions, >+ # padata [1] SEQUENCE OF PA-DATA, >+ # req-body [2] KDC-REQ-BODY, >+ # ... >+ # } >+ KRB_FAST_REQ_obj = { >+ 'fast-options': fast_options, >+ 'padata': padata, >+ 'req-body': req_body >+ } >+ return KRB_FAST_REQ_obj >+ >+ def KRB_FAST_ARMORED_REQ_create(self, armor, req_checksum, enc_fast_req): >+ # KrbFastArmoredReq ::= SEQUENCE { >+ # armor [0] KrbFastArmor OPTIONAL, >+ # req-checksum [1] Checksum, >+ # enc-fast-req [2] EncryptedData -- KrbFastReq -- >+ # } >+ KRB_FAST_ARMORED_REQ_obj = { >+ 'req-checksum': req_checksum, >+ 'enc-fast-req': enc_fast_req >+ } >+ if armor is not None: >+ KRB_FAST_ARMORED_REQ_obj['armor'] = armor >+ return KRB_FAST_ARMORED_REQ_obj >+ >+ def PA_FX_FAST_REQUEST_create(self, armored_data): >+ # PA-FX-FAST-REQUEST ::= CHOICE { >+ # armored-data [0] KrbFastArmoredReq, >+ # ... >+ # } >+ PA_FX_FAST_REQUEST_obj = { >+ 'armored-data': armored_data >+ } >+ return PA_FX_FAST_REQUEST_obj >+ > def KERB_PA_PAC_REQUEST_create(self, include_pac, pa_data_create=True): > # KERB-PA-PAC-REQUEST ::= SEQUENCE { > # include-pac[0] BOOLEAN --If TRUE, and no pac present, >-- >2.25.1 > > >From db0b85df41deff9ea15d9013b9c05e94621f8c80 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 12:47:18 +1200 >Subject: [PATCH 104/149] tests/krb5: Add method to generate FAST encrypted > challenge padata > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit aafc86896969d02ff1daecdf2668bfa642860082) >--- > python/samba/tests/krb5/kdc_base_test.py | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1b550179e0e..24a1e7cfbc8 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -54,11 +54,13 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_TGS_REP, > KRB_ERROR, > KU_AS_REP_ENC_PART, >+ KU_ENC_CHALLENGE_CLIENT, > KU_PA_ENC_TIMESTAMP, > KU_TGS_REP_ENC_PART_SUB_KEY, > KU_TICKET, > NT_PRINCIPAL, > NT_SRV_HST, >+ PADATA_ENCRYPTED_CHALLENGE, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO2, > ) >@@ -511,6 +513,23 @@ class KDCBaseTest(RawKerberosTest): > > return padata > >+ def get_challenge_pa_data(self, client_challenge_key, skew=0): >+ patime, pausec = self.get_KerberosTimeWithUsec(offset=skew) >+ padata = self.PA_ENC_TS_ENC_create(patime, pausec) >+ padata = self.der_encode(padata, >+ asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ padata = self.EncryptedData_create(client_challenge_key, >+ KU_ENC_CHALLENGE_CLIENT, >+ padata) >+ padata = self.der_encode(padata, >+ asn1Spec=krb5_asn1.EncryptedData()) >+ >+ padata = self.PA_DATA_create(PADATA_ENCRYPTED_CHALLENGE, >+ padata) >+ >+ return padata >+ > def get_as_rep_enc_data(self, key, rep): > ''' Decrypt and Decode the encrypted data in an AS-REP > ''' >-- >2.25.1 > > >From 06d448e0fbafe6deb90772bee2b72e409d2321d1 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 6 Jul 2021 12:49:05 +1200 >Subject: [PATCH 105/149] tests/krb5: Add methods to calculate keys for FAST > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 080894067469d60e2c71961c2d1c1990ba15b917) >--- > python/samba/tests/krb5/raw_testcase.py | 37 +++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 46ce7605edf..113f08628b6 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2137,6 +2137,43 @@ class RawKerberosTest(TestCaseInTempDir): > > return subkey, subkey_usage > >+ def generate_armor_key(self, subkey, session_key): >+ armor_key = kcrypto.cf2(subkey.key, >+ session_key.key, >+ b'subkeyarmor', >+ b'ticketarmor') >+ armor_key = Krb5EncryptionKey(armor_key, None) >+ >+ return armor_key >+ >+ def generate_strengthen_reply_key(self, strengthen_key, reply_key): >+ strengthen_reply_key = kcrypto.cf2(strengthen_key.key, >+ reply_key.key, >+ b'strengthenkey', >+ b'replykey') >+ strengthen_reply_key = Krb5EncryptionKey(strengthen_reply_key, >+ reply_key.kvno) >+ >+ return strengthen_reply_key >+ >+ def generate_client_challenge_key(self, armor_key, longterm_key): >+ client_challenge_key = kcrypto.cf2(armor_key.key, >+ longterm_key.key, >+ b'clientchallengearmor', >+ b'challengelongterm') >+ client_challenge_key = Krb5EncryptionKey(client_challenge_key, None) >+ >+ return client_challenge_key >+ >+ def generate_kdc_challenge_key(self, armor_key, longterm_key): >+ kdc_challenge_key = kcrypto.cf2(armor_key.key, >+ longterm_key.key, >+ b'kdcchallengearmor', >+ b'challengelongterm') >+ kdc_challenge_key = Krb5EncryptionKey(kdc_challenge_key, None) >+ >+ return kdc_challenge_key >+ > def _test_as_exchange(self, > cname, > realm, >-- >2.25.1 > > >From afe73b4011b8cd49e94f73d77b56ed9073a9e7ec Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Jul 2021 20:49:12 +1200 >Subject: [PATCH 106/149] tests/krb5: Rename generic_check_as_error() to > generic_check_kdc_error() > >This method will also be useful in checking TGS-REP error replies. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 74f332c6f9e31b933837cefee69b219054970713) >--- > python/samba/tests/krb5/as_req_tests.py | 2 +- > python/samba/tests/krb5/raw_testcase.py | 10 +++++----- > 2 files changed, 6 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index b5a6cfd31c7..fd258e8164a 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -99,7 +99,7 @@ class AsReqKerberosTests(KDCBaseTest): > expected_srealm=expected_srealm, > expected_sname=expected_sname, > generate_padata_fn=generate_padata_fn, >- check_error_fn=self.generic_check_as_error, >+ check_error_fn=self.generic_check_kdc_error, > check_rep_fn=None, > expected_error_mode=expected_error_mode, > client_as_etypes=client_as_etypes, >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 113f08628b6..047bf413b34 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1888,10 +1888,10 @@ class RawKerberosTest(TestCaseInTempDir): > > kdc_exchange_dict['rep_ticket_creds'] = ticket_creds > >- def generic_check_as_error(self, >- kdc_exchange_dict, >- callback_dict, >- rep): >+ def generic_check_kdc_error(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep): > > expected_crealm = kdc_exchange_dict['expected_crealm'] > expected_cname = kdc_exchange_dict['expected_cname'] >@@ -2208,7 +2208,7 @@ class RawKerberosTest(TestCaseInTempDir): > check_error_fn = None > check_rep_fn = self.generic_check_kdc_rep > else: >- check_error_fn = self.generic_check_as_error >+ check_error_fn = self.generic_check_kdc_error > check_rep_fn = None > > if padata is not None: >-- >2.25.1 > > >From e605c721d2b97d9a3f087a5ced24dcf16e5e8aff Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Jul 2021 10:19:46 +1200 >Subject: [PATCH 107/149] tests/krb5: Include authenticator_subkey in AS-REQ > exchange dict > >This is needed for FAST. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d554b6dc0f4e14d154e487dc2a842321aa746155) >--- > python/samba/tests/krb5/raw_testcase.py | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 047bf413b34..9375f39937e 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1632,6 +1632,7 @@ class RawKerberosTest(TestCaseInTempDir): > expected_error_mode=0, > client_as_etypes=None, > expected_salt=None, >+ authenticator_subkey=None, > kdc_options=''): > kdc_exchange_dict = { > 'req_msg_type': KRB_AS_REQ, >@@ -1653,6 +1654,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'expected_error_mode': expected_error_mode, > 'client_as_etypes': client_as_etypes, > 'expected_salt': expected_salt, >+ 'authenticator_subkey': authenticator_subkey, > 'kdc_options': kdc_options, > } > if callback_dict is None: >-- >2.25.1 > > >From 1ad178df312db44f8a2ffdd05353860a5b676cb8 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Jul 2021 10:33:10 +1200 >Subject: [PATCH 108/149] tests/krb5: Modify generate_ap_req() to also generate > FAST armor AP-REQ > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5c2cd71ae704b853a886c8af5e3cf50b53af7f9e) >--- > python/samba/tests/krb5/raw_testcase.py | 45 ++++++++++++++++++------- > 1 file changed, 32 insertions(+), 13 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 9375f39937e..29ea41ec92b 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -49,6 +49,7 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_ERROR, > KRB_TGS_REP, > KRB_TGS_REQ, >+ KU_AP_REQ_AUTH, > KU_AS_REP_ENC_PART, > KU_NON_KERB_CKSUM_SALT, > KU_TGS_REP_ENC_PART_SESSION, >@@ -1563,7 +1564,8 @@ class RawKerberosTest(TestCaseInTempDir): > > tgs_req = self.generate_ap_req(kdc_exchange_dict, > callback_dict, >- req_body) >+ req_body, >+ armor=False) > tgs_req_padata = self.PA_DATA_create(PADATA_KDC_REQ, tgs_req) > > if generate_padata_fn is not None: >@@ -1633,6 +1635,8 @@ class RawKerberosTest(TestCaseInTempDir): > client_as_etypes=None, > expected_salt=None, > authenticator_subkey=None, >+ armor_tgt=None, >+ armor_subkey=None, > kdc_options=''): > kdc_exchange_dict = { > 'req_msg_type': KRB_AS_REQ, >@@ -1655,6 +1659,8 @@ class RawKerberosTest(TestCaseInTempDir): > 'client_as_etypes': client_as_etypes, > 'expected_salt': expected_salt, > 'authenticator_subkey': authenticator_subkey, >+ 'armor_tgt': armor_tgt, >+ 'armor_subkey': armor_subkey, > 'kdc_options': kdc_options, > } > if callback_dict is None: >@@ -1675,6 +1681,8 @@ class RawKerberosTest(TestCaseInTempDir): > check_kdc_private_fn=None, > callback_dict=None, > tgt=None, >+ armor_tgt=None, >+ armor_subkey=None, > authenticator_subkey=None, > body_checksum_type=None, > kdc_options=''): >@@ -1697,6 +1705,8 @@ class RawKerberosTest(TestCaseInTempDir): > 'callback_dict': callback_dict, > 'tgt': tgt, > 'body_checksum_type': body_checksum_type, >+ 'armor_tgt': armor_tgt, >+ 'armor_subkey': armor_subkey, > 'authenticator_subkey': authenticator_subkey, > 'kdc_options': kdc_options > } >@@ -2068,18 +2078,25 @@ class RawKerberosTest(TestCaseInTempDir): > def generate_ap_req(self, > kdc_exchange_dict, > _callback_dict, >- req_body): >- tgt = kdc_exchange_dict['tgt'] >- authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] >- body_checksum_type = kdc_exchange_dict['body_checksum_type'] >+ req_body, >+ armor): >+ if armor: >+ tgt = kdc_exchange_dict['armor_tgt'] >+ authenticator_subkey = kdc_exchange_dict['armor_subkey'] > >- req_body_blob = self.der_encode(req_body, >- asn1Spec=krb5_asn1.KDC_REQ_BODY()) >+ req_body_checksum = None >+ else: >+ tgt = kdc_exchange_dict['tgt'] >+ authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] >+ body_checksum_type = kdc_exchange_dict['body_checksum_type'] > >- req_body_checksum = self.Checksum_create(tgt.session_key, >- KU_TGS_REQ_AUTH_CKSUM, >- req_body_blob, >- ctype=body_checksum_type) >+ req_body_blob = self.der_encode(req_body, >+ asn1Spec=krb5_asn1.KDC_REQ_BODY()) >+ >+ req_body_checksum = self.Checksum_create(tgt.session_key, >+ KU_TGS_REQ_AUTH_CKSUM, >+ req_body_blob, >+ ctype=body_checksum_type) > > subkey_obj = None > if authenticator_subkey is not None: >@@ -2099,8 +2116,9 @@ class RawKerberosTest(TestCaseInTempDir): > authenticator_obj, > asn1Spec=krb5_asn1.Authenticator()) > >+ usage = KU_AP_REQ_AUTH if armor else KU_TGS_REQ_AUTH > authenticator = self.EncryptedData_create(tgt.session_key, >- KU_TGS_REQ_AUTH, >+ usage, > authenticator_blob) > > ap_options = krb5_asn1.APOptions('0') >@@ -2117,7 +2135,8 @@ class RawKerberosTest(TestCaseInTempDir): > req_body): > ap_req = self.generate_ap_req(kdc_exchange_dict, > callback_dict, >- req_body) >+ req_body, >+ armor=False) > pa_tgs_req = self.PA_DATA_create(PADATA_KDC_REQ, ap_req) > padata = [pa_tgs_req] > >-- >2.25.1 > > >From bd2391c6ba13079f6ee83530084a6b1755c0fa48 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Jul 2021 10:33:24 +1200 >Subject: [PATCH 109/149] tests/krb5: Add FAST armor generation to > _generic_kdc_exchange() > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 0df385fc49cc2693c195209936a29e31216df16d) >--- > python/samba/tests/krb5/raw_testcase.py | 95 +++++++++++++++++++++++-- > 1 file changed, 88 insertions(+), 7 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 29ea41ec92b..151dc0355a3 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -42,6 +42,7 @@ from samba.tests import TestCaseInTempDir > > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( >+ FX_FAST_ARMOR_AP_REQUEST, > KDC_ERR_GENERIC, > KRB_AP_REQ, > KRB_AS_REP, >@@ -51,6 +52,7 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_TGS_REQ, > KU_AP_REQ_AUTH, > KU_AS_REP_ENC_PART, >+ KU_FAST_REQ_CHKSUM, > KU_NON_KERB_CKSUM_SALT, > KU_TGS_REP_ENC_PART_SESSION, > KU_TGS_REP_ENC_PART_SUB_KEY, >@@ -1522,6 +1524,9 @@ class RawKerberosTest(TestCaseInTempDir): > > check_error_fn = kdc_exchange_dict['check_error_fn'] > check_rep_fn = kdc_exchange_dict['check_rep_fn'] >+ generate_fast_fn = kdc_exchange_dict['generate_fast_fn'] >+ generate_fast_armor_fn = kdc_exchange_dict['generate_fast_armor_fn'] >+ generate_fast_padata_fn = kdc_exchange_dict['generate_fast_padata_fn'] > generate_padata_fn = kdc_exchange_dict['generate_padata_fn'] > callback_dict = kdc_exchange_dict['callback_dict'] > req_msg_type = kdc_exchange_dict['req_msg_type'] >@@ -1568,25 +1573,81 @@ class RawKerberosTest(TestCaseInTempDir): > armor=False) > tgs_req_padata = self.PA_DATA_create(PADATA_KDC_REQ, tgs_req) > >+ if generate_fast_padata_fn is not None: >+ self.assertIsNotNone(generate_fast_fn) >+ # This can alter req_body... >+ fast_padata, req_body = generate_fast_padata_fn(kdc_exchange_dict, >+ callback_dict, >+ req_body) >+ else: >+ fast_padata = [] >+ >+ if generate_fast_armor_fn is not None: >+ self.assertIsNotNone(generate_fast_fn) >+ fast_ap_req = generate_fast_armor_fn(kdc_exchange_dict, >+ callback_dict, >+ req_body, >+ armor=True) >+ >+ fast_armor_type = kdc_exchange_dict['fast_armor_type'] >+ fast_armor = self.KRB_FAST_ARMOR_create(fast_armor_type, >+ fast_ap_req) >+ else: >+ fast_armor = None >+ > if generate_padata_fn is not None: > # This can alter req_body... >- padata, req_body = generate_padata_fn(kdc_exchange_dict, >- callback_dict, >- req_body) >- self.assertIsNotNone(padata) >+ outer_padata, req_body = generate_padata_fn(kdc_exchange_dict, >+ callback_dict, >+ req_body) >+ self.assertIsNotNone(outer_padata) > self.assertNotIn(PADATA_KDC_REQ, >- [pa['padata-type'] for pa in padata], >+ [pa['padata-type'] for pa in outer_padata], > 'Don\'t create TGS-REQ manually') > else: >- padata = [] >+ outer_padata = None >+ >+ if generate_fast_fn is not None: >+ armor_key = kdc_exchange_dict['armor_key'] >+ self.assertIsNotNone(armor_key) >+ >+ if req_msg_type == KRB_AS_REQ: >+ checksum_blob = self.der_encode( >+ req_body, >+ asn1Spec=krb5_asn1.KDC_REQ_BODY()) >+ else: >+ self.assertEqual(KRB_TGS_REQ, req_msg_type) >+ checksum_blob = tgs_req >+ >+ checksum = self.Checksum_create(armor_key, >+ KU_FAST_REQ_CHKSUM, >+ checksum_blob) >+ >+ fast = generate_fast_fn(kdc_exchange_dict, >+ callback_dict, >+ req_body, >+ fast_padata, >+ fast_armor, >+ checksum) >+ else: >+ fast = None >+ >+ padata = [] > > if tgs_req_padata is not None: >- padata.insert(0, tgs_req_padata) >+ padata.append(tgs_req_padata) >+ >+ if fast is not None: >+ padata.append(fast) >+ >+ if outer_padata is not None: >+ padata += outer_padata > > if not padata: > padata = None > > kdc_exchange_dict['req_padata'] = padata >+ kdc_exchange_dict['fast_padata'] = fast_padata > kdc_exchange_dict['req_body'] = req_body > > req_obj, req_decoded = self.KDC_REQ_create(msg_type=req_msg_type, >@@ -1625,6 +1686,10 @@ class RawKerberosTest(TestCaseInTempDir): > expected_srealm=None, > expected_sname=None, > ticket_decryption_key=None, >+ generate_fast_fn=None, >+ generate_fast_armor_fn=None, >+ generate_fast_padata_fn=None, >+ fast_armor_type=FX_FAST_ARMOR_AP_REQUEST, > generate_padata_fn=None, > check_error_fn=None, > check_rep_fn=None, >@@ -1635,6 +1700,7 @@ class RawKerberosTest(TestCaseInTempDir): > client_as_etypes=None, > expected_salt=None, > authenticator_subkey=None, >+ armor_key=None, > armor_tgt=None, > armor_subkey=None, > kdc_options=''): >@@ -1649,6 +1715,10 @@ class RawKerberosTest(TestCaseInTempDir): > 'expected_srealm': expected_srealm, > 'expected_sname': expected_sname, > 'ticket_decryption_key': ticket_decryption_key, >+ 'generate_fast_fn': generate_fast_fn, >+ 'generate_fast_armor_fn': generate_fast_armor_fn, >+ 'generate_fast_padata_fn': generate_fast_padata_fn, >+ 'fast_armor_type': fast_armor_type, > 'generate_padata_fn': generate_padata_fn, > 'check_error_fn': check_error_fn, > 'check_rep_fn': check_rep_fn, >@@ -1659,6 +1729,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'client_as_etypes': client_as_etypes, > 'expected_salt': expected_salt, > 'authenticator_subkey': authenticator_subkey, >+ 'armor_key': armor_key, > 'armor_tgt': armor_tgt, > 'armor_subkey': armor_subkey, > 'kdc_options': kdc_options, >@@ -1674,6 +1745,10 @@ class RawKerberosTest(TestCaseInTempDir): > expected_srealm=None, > expected_sname=None, > ticket_decryption_key=None, >+ generate_fast_fn=None, >+ generate_fast_armor_fn=None, >+ generate_fast_padata_fn=None, >+ fast_armor_type=FX_FAST_ARMOR_AP_REQUEST, > generate_padata_fn=None, > check_error_fn=None, > check_rep_fn=None, >@@ -1681,6 +1756,7 @@ class RawKerberosTest(TestCaseInTempDir): > check_kdc_private_fn=None, > callback_dict=None, > tgt=None, >+ armor_key=None, > armor_tgt=None, > armor_subkey=None, > authenticator_subkey=None, >@@ -1697,6 +1773,10 @@ class RawKerberosTest(TestCaseInTempDir): > 'expected_srealm': expected_srealm, > 'expected_sname': expected_sname, > 'ticket_decryption_key': ticket_decryption_key, >+ 'generate_fast_fn': generate_fast_fn, >+ 'generate_fast_armor_fn': generate_fast_armor_fn, >+ 'generate_fast_padata_fn': generate_fast_padata_fn, >+ 'fast_armor_type': fast_armor_type, > 'generate_padata_fn': generate_padata_fn, > 'check_error_fn': check_error_fn, > 'check_rep_fn': check_rep_fn, >@@ -1705,6 +1785,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'callback_dict': callback_dict, > 'tgt': tgt, > 'body_checksum_type': body_checksum_type, >+ 'armor_key': armor_key, > 'armor_tgt': armor_tgt, > 'armor_subkey': armor_subkey, > 'authenticator_subkey': authenticator_subkey, >-- >2.25.1 > > >From 4fb678ba0ea36ddcb25e78a38a41045a131aa443 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:01:36 +1200 >Subject: [PATCH 110/149] tests/krb5: Allow specifying parameters specific to > the outer request body > >This is useful for testing FAST. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 16ce1a1d304b87ed5b390fb87a4542c7c9a484fb) >--- > python/samba/tests/krb5/raw_testcase.py | 25 ++++++++++++++++++++----- > 1 file changed, 20 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 151dc0355a3..a173caf98d1 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1536,6 +1536,9 @@ class RawKerberosTest(TestCaseInTempDir): > expected_error_mode = kdc_exchange_dict['expected_error_mode'] > kdc_options = kdc_exchange_dict['kdc_options'] > >+ # Parameters specific to the outer request body >+ outer_req = kdc_exchange_dict['outer_req'] >+ > if till_time is None: > till_time = self.get_KerberosTime(offset=36000) > >@@ -1561,6 +1564,14 @@ class RawKerberosTest(TestCaseInTempDir): > EncAuthorizationData_key=EncAuthorizationData_key, > EncAuthorizationData_usage=EncAuthorizationData_usage) > >+ inner_req_body = dict(req_body) >+ if outer_req is not None: >+ for key, value in outer_req.items(): >+ if value is not None: >+ req_body[key] = value >+ else: >+ del req_body[key] >+ > if req_msg_type == KRB_AS_REQ: > tgs_req = None > tgs_req_padata = None >@@ -1625,7 +1636,7 @@ class RawKerberosTest(TestCaseInTempDir): > > fast = generate_fast_fn(kdc_exchange_dict, > callback_dict, >- req_body, >+ inner_req_body, > fast_padata, > fast_armor, > checksum) >@@ -1648,7 +1659,7 @@ class RawKerberosTest(TestCaseInTempDir): > > kdc_exchange_dict['req_padata'] = padata > kdc_exchange_dict['fast_padata'] = fast_padata >- kdc_exchange_dict['req_body'] = req_body >+ kdc_exchange_dict['req_body'] = inner_req_body > > req_obj, req_decoded = self.KDC_REQ_create(msg_type=req_msg_type, > padata=padata, >@@ -1703,7 +1714,8 @@ class RawKerberosTest(TestCaseInTempDir): > armor_key=None, > armor_tgt=None, > armor_subkey=None, >- kdc_options=''): >+ kdc_options='', >+ outer_req=None): > kdc_exchange_dict = { > 'req_msg_type': KRB_AS_REQ, > 'req_asn1Spec': krb5_asn1.AS_REQ, >@@ -1733,6 +1745,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'armor_tgt': armor_tgt, > 'armor_subkey': armor_subkey, > 'kdc_options': kdc_options, >+ 'outer_req': outer_req > } > if callback_dict is None: > callback_dict = {} >@@ -1761,7 +1774,8 @@ class RawKerberosTest(TestCaseInTempDir): > armor_subkey=None, > authenticator_subkey=None, > body_checksum_type=None, >- kdc_options=''): >+ kdc_options='', >+ outer_req=None): > kdc_exchange_dict = { > 'req_msg_type': KRB_TGS_REQ, > 'req_asn1Spec': krb5_asn1.TGS_REQ, >@@ -1789,7 +1803,8 @@ class RawKerberosTest(TestCaseInTempDir): > 'armor_tgt': armor_tgt, > 'armor_subkey': armor_subkey, > 'authenticator_subkey': authenticator_subkey, >- 'kdc_options': kdc_options >+ 'kdc_options': kdc_options, >+ 'outer_req': outer_req > } > if callback_dict is None: > callback_dict = {} >-- >2.25.1 > > >From f1227483627c5267317159ef6ac773922c3e4dde Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:04:37 +1200 >Subject: [PATCH 111/149] tests/krb5: Add method to check PA-FX-FAST-REPLY > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b62488113f6053755f9be9faa9b757e7193074fa) >--- > python/samba/tests/krb5/raw_testcase.py | 31 +++++++++++++++++++++++++ > 1 file changed, 31 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index a173caf98d1..dd733aea09b 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -52,6 +52,7 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_TGS_REQ, > KU_AP_REQ_AUTH, > KU_AS_REP_ENC_PART, >+ KU_FAST_REP, > KU_FAST_REQ_CHKSUM, > KU_NON_KERB_CKSUM_SALT, > KU_TGS_REP_ENC_PART_SESSION, >@@ -1910,6 +1911,36 @@ class RawKerberosTest(TestCaseInTempDir): > > return rep > >+ def check_fx_fast_data(self, >+ kdc_exchange_dict, >+ fx_fast_data, >+ armor_key, >+ finished=False, >+ expect_strengthen_key=True): >+ fx_fast_data = self.der_decode(fx_fast_data, >+ asn1Spec=krb5_asn1.PA_FX_FAST_REPLY()) >+ >+ enc_fast_rep = fx_fast_data['armored-data']['enc-fast-rep'] >+ self.assertEqual(enc_fast_rep['etype'], armor_key.etype) >+ >+ fast_rep = armor_key.decrypt(KU_FAST_REP, enc_fast_rep['cipher']) >+ >+ fast_response = self.der_decode(fast_rep, >+ asn1Spec=krb5_asn1.KrbFastResponse()) >+ >+ if expect_strengthen_key and self.strict_checking: >+ self.assertIn('strengthen-key', fast_response) >+ >+ if finished: >+ self.assertIn('finished', fast_response) >+ >+ # Ensure that the nonce matches the nonce in the body of the request >+ # (RFC6113 5.4.3). >+ nonce = kdc_exchange_dict['nonce'] >+ self.assertEqual(nonce, fast_response['nonce']) >+ >+ return fast_response >+ > def generic_check_kdc_private(self, > kdc_exchange_dict, > callback_dict, >-- >2.25.1 > > >From 8b6b9cf02cb79a6e87f100e9ce64c6d094dae672 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:10:13 +1200 >Subject: [PATCH 112/149] tests/krb5: Add method to verify ticket checksum for > FAST > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4ca05402b36ba13a987b07b2402906764d3cd49b) >--- > python/samba/tests/krb5/raw_testcase.py | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index dd733aea09b..da38a9dfa62 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -52,6 +52,7 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_TGS_REQ, > KU_AP_REQ_AUTH, > KU_AS_REP_ENC_PART, >+ KU_FAST_FINISHED, > KU_FAST_REP, > KU_FAST_REQ_CHKSUM, > KU_NON_KERB_CKSUM_SALT, >@@ -2322,6 +2323,17 @@ class RawKerberosTest(TestCaseInTempDir): > > return kdc_challenge_key > >+ def verify_ticket_checksum(self, ticket, expected_checksum, armor_key): >+ expected_type = expected_checksum['cksumtype'] >+ self.assertEqual(armor_key.ctype, expected_type) >+ >+ ticket_blob = self.der_encode(ticket, >+ asn1Spec=krb5_asn1.Ticket()) >+ checksum = self.Checksum_create(armor_key, >+ KU_FAST_FINISHED, >+ ticket_blob) >+ self.assertEqual(expected_checksum, checksum) >+ > def _test_as_exchange(self, > cname, > realm, >-- >2.25.1 > > >From 0fa0e9933fcbf861eb2d108b48e52e901c4df6ba Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:42:57 +1200 >Subject: [PATCH 113/149] tests/krb5: Check FAST response > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d878bd6404d26c8be45bb2016ec206ed79d4ef6e) >--- > python/samba/tests/krb5/raw_testcase.py | 41 +++++++++++++++++++++++-- > 1 file changed, 39 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index da38a9dfa62..ab1f711cde1 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -67,6 +67,7 @@ from samba.tests.krb5.rfc4120_constants import ( > PADATA_ETYPE_INFO, > PADATA_ETYPE_INFO2, > PADATA_FOR_USER, >+ PADATA_FX_FAST, > PADATA_KDC_REQ, > PADATA_PAC_REQUEST, > PADATA_PK_AS_REQ, >@@ -1827,6 +1828,7 @@ class RawKerberosTest(TestCaseInTempDir): > check_kdc_private_fn = kdc_exchange_dict['check_kdc_private_fn'] > rep_encpart_asn1Spec = kdc_exchange_dict['rep_encpart_asn1Spec'] > msg_type = kdc_exchange_dict['rep_msg_type'] >+ armor_key = kdc_exchange_dict['armor_key'] > > self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP > padata = self.getElementValue(rep, 'padata') >@@ -1862,6 +1864,8 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementPresent(encpart, 'cipher') > encpart_cipher = self.getElementValue(encpart, 'cipher') > >+ ticket_checksum = None >+ > encpart_decryption_key = None > self.assertIsNotNone(check_padata_fn) > if check_padata_fn is not None: >@@ -1870,6 +1874,33 @@ class RawKerberosTest(TestCaseInTempDir): > check_padata_fn(kdc_exchange_dict, callback_dict, > rep, padata)) > >+ if armor_key is not None: >+ pa_dict = self.get_pa_dict(padata) >+ >+ if PADATA_FX_FAST in pa_dict: >+ fx_fast_data = pa_dict[PADATA_FX_FAST] >+ fast_response = self.check_fx_fast_data(kdc_exchange_dict, >+ fx_fast_data, >+ armor_key, >+ finished=True) >+ >+ if 'strengthen-key' in fast_response: >+ strengthen_key = self.EncryptionKey_import( >+ fast_response['strengthen-key']) >+ encpart_decryption_key = ( >+ self.generate_strengthen_reply_key( >+ strengthen_key, >+ encpart_decryption_key)) >+ >+ fast_finished = fast_response.get('finished', None) >+ if fast_finished is not None: >+ ticket_checksum = fast_finished['ticket-checksum'] >+ >+ self.check_rep_padata(kdc_exchange_dict, >+ callback_dict, >+ rep, >+ fast_response['padata']) >+ > ticket_private = None > self.assertIsNotNone(ticket_decryption_key) > if ticket_decryption_key is not None: >@@ -1908,7 +1939,8 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(check_kdc_private_fn) > if check_kdc_private_fn is not None: > check_kdc_private_fn(kdc_exchange_dict, callback_dict, >- rep, ticket_private, encpart_private) >+ rep, ticket_private, encpart_private, >+ ticket_checksum) > > return rep > >@@ -1947,7 +1979,8 @@ class RawKerberosTest(TestCaseInTempDir): > callback_dict, > rep, > ticket_private, >- encpart_private): >+ encpart_private, >+ ticket_checksum): > > expected_crealm = kdc_exchange_dict['expected_crealm'] > expected_cname = kdc_exchange_dict['expected_cname'] >@@ -1957,6 +1990,10 @@ class RawKerberosTest(TestCaseInTempDir): > > ticket = self.getElementValue(rep, 'ticket') > >+ if ticket_checksum is not None: >+ armor_key = kdc_exchange_dict['armor_key'] >+ self.verify_ticket_checksum(ticket, ticket_checksum, armor_key) >+ > ticket_session_key = None > if ticket_private is not None: > self.assertElementPresent(ticket_private, 'flags') >-- >2.25.1 > > >From 18acf920922bc4f3a2f041c0e7d0566e2cd4ca1a Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 15:20:44 +1200 >Subject: [PATCH 114/149] tests/krb5: Add functions to get dicts of request > padata > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit dc7dac95ec509d90d8372005cd7b13fabd8e64c6) >--- > python/samba/tests/krb5/raw_testcase.py | 11 +++++++++++ > 1 file changed, 11 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index ab1f711cde1..2963df70003 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2371,6 +2371,17 @@ class RawKerberosTest(TestCaseInTempDir): > ticket_blob) > self.assertEqual(expected_checksum, checksum) > >+ def get_outer_pa_dict(self, kdc_exchange_dict): >+ return self.get_pa_dict(kdc_exchange_dict['req_padata']) >+ >+ def get_fast_pa_dict(self, kdc_exchange_dict): >+ req_pa_dict = self.get_pa_dict(kdc_exchange_dict['fast_padata']) >+ >+ if req_pa_dict: >+ return req_pa_dict >+ >+ return self.get_outer_pa_dict(kdc_exchange_dict) >+ > def _test_as_exchange(self, > cname, > realm, >-- >2.25.1 > > >From 31f8bf1e6dab4736b6baf1aef65fd5ac8bed8dfa Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 15:21:01 +1200 >Subject: [PATCH 115/149] tests/krb5: Add methods to determine whether elements > were included in the request > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 99e3b909edf27c751b959a3d0b672ddd2b7140e2) >--- > python/samba/tests/krb5/raw_testcase.py | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 2963df70003..d96cd1cfc15 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -69,6 +69,7 @@ from samba.tests.krb5.rfc4120_constants import ( > PADATA_FOR_USER, > PADATA_FX_FAST, > PADATA_KDC_REQ, >+ PADATA_PAC_OPTIONS, > PADATA_PAC_REQUEST, > PADATA_PK_AS_REQ, > PADATA_PK_AS_REP_19 >@@ -2382,6 +2383,30 @@ class RawKerberosTest(TestCaseInTempDir): > > return self.get_outer_pa_dict(kdc_exchange_dict) > >+ def sent_fast(self, kdc_exchange_dict): >+ outer_pa_dict = self.get_outer_pa_dict(kdc_exchange_dict) >+ >+ return PADATA_FX_FAST in outer_pa_dict >+ >+ def sent_enc_challenge(self, kdc_exchange_dict): >+ fast_pa_dict = self.get_fast_pa_dict(kdc_exchange_dict) >+ >+ return PADATA_ENCRYPTED_CHALLENGE in fast_pa_dict >+ >+ def sent_claims(self, kdc_exchange_dict): >+ fast_pa_dict = self.get_fast_pa_dict(kdc_exchange_dict) >+ >+ if PADATA_PAC_OPTIONS not in fast_pa_dict: >+ return False >+ >+ pac_options = self.der_decode(fast_pa_dict[PADATA_PAC_OPTIONS], >+ asn1Spec=krb5_asn1.PA_PAC_OPTIONS()) >+ pac_options = pac_options['options'] >+ claims_pos = len(tuple(krb5_asn1.PACOptionFlags('claims'))) - 1 >+ >+ return (claims_pos < len(pac_options) >+ and pac_options[claims_pos] == '1') >+ > def _test_as_exchange(self, > cname, > realm, >-- >2.25.1 > > >From 9337639fe1da2cafb127b205318c38c79ab24b43 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:34:49 +1200 >Subject: [PATCH 116/149] tests/krb5: Check encrypted-pa-data > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 0c029e780cf16a49c674593e8329eaf3b87aec69) >--- > python/samba/tests/krb5/raw_testcase.py | 52 ++++++++++++++++++++++++- > 1 file changed, 51 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index d96cd1cfc15..2512ee1b99f 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -72,7 +72,8 @@ from samba.tests.krb5.rfc4120_constants import ( > PADATA_PAC_OPTIONS, > PADATA_PAC_REQUEST, > PADATA_PK_AS_REQ, >- PADATA_PK_AS_REP_19 >+ PADATA_PK_AS_REP_19, >+ PADATA_SUPPORTED_ETYPES > ) > import samba.tests.krb5.kcrypto as kcrypto > >@@ -1982,6 +1983,10 @@ class RawKerberosTest(TestCaseInTempDir): > ticket_private, > encpart_private, > ticket_checksum): >+ kdc_options = kdc_exchange_dict['kdc_options'] >+ canon_pos = len(tuple(krb5_asn1.KDCOptions('canonicalize'))) - 1 >+ canonicalize = (canon_pos < len(kdc_options) >+ and kdc_options[canon_pos] == '1') > > expected_crealm = kdc_exchange_dict['expected_crealm'] > expected_cname = kdc_exchange_dict['expected_cname'] >@@ -2044,6 +2049,46 @@ class RawKerberosTest(TestCaseInTempDir): > expected_sname) > # TODO self.assertElementMissing(encpart_private, 'caddr') > >+ sent_claims = self.sent_claims(kdc_exchange_dict) >+ >+ if self.strict_checking: >+ if sent_claims or canonicalize: >+ self.assertElementPresent(encpart_private, >+ 'encrypted-pa-data') >+ enc_pa_dict = self.get_pa_dict( >+ encpart_private['encrypted-pa-data']) >+ if canonicalize: >+ self.assertIn(PADATA_SUPPORTED_ETYPES, enc_pa_dict) >+ >+ (supported_etypes,) = struct.unpack( >+ '<L', >+ enc_pa_dict[PADATA_SUPPORTED_ETYPES]) >+ >+ self.assertTrue( >+ security.KERB_ENCTYPE_FAST_SUPPORTED >+ & supported_etypes) >+ self.assertTrue( >+ security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED >+ & supported_etypes) >+ self.assertTrue( >+ security.KERB_ENCTYPE_CLAIMS_SUPPORTED >+ & supported_etypes) >+ else: >+ self.assertNotIn(PADATA_SUPPORTED_ETYPES, enc_pa_dict) >+ >+ # ClaimsCompIdFASTSupported registry key >+ if sent_claims: >+ self.assertIn(PADATA_PAC_OPTIONS, enc_pa_dict) >+ >+ self.check_pac_options_claims_support( >+ enc_pa_dict[PADATA_PAC_OPTIONS]) >+ else: >+ self.assertNotIn(PADATA_PAC_OPTIONS, enc_pa_dict) >+ else: >+ self.assertElementEqual(encpart_private, >+ 'encrypted-pa-data', >+ []) >+ > if ticket_session_key is not None and encpart_session_key is not None: > self.assertEqual(ticket_session_key.etype, > encpart_session_key.etype) >@@ -2066,6 +2111,11 @@ class RawKerberosTest(TestCaseInTempDir): > > kdc_exchange_dict['rep_ticket_creds'] = ticket_creds > >+ def check_pac_options_claims_support(self, pac_options): >+ pac_options = self.der_decode(pac_options, >+ asn1Spec=krb5_asn1.PA_PAC_OPTIONS()) >+ self.assertEqual('1', pac_options['options'][0]) # claims bit >+ > def generic_check_kdc_error(self, > kdc_exchange_dict, > callback_dict, >-- >2.25.1 > > >From 436da22676040536c552f8bccd0d90e945907c4a Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:05:59 +1200 >Subject: [PATCH 117/149] tests/krb5: Add expected_cname_private parameter to > kdc_exchange_dict > >This is useful for testing the 'hide client names' FAST option. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2ee87dbf08e66e1dc812430026bfe214f9f5503d) >--- > python/samba/tests/krb5/raw_testcase.py | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 2512ee1b99f..b79b84686a6 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1699,6 +1699,7 @@ class RawKerberosTest(TestCaseInTempDir): > def as_exchange_dict(self, > expected_crealm=None, > expected_cname=None, >+ expected_cname_private=None, > expected_srealm=None, > expected_sname=None, > ticket_decryption_key=None, >@@ -1752,6 +1753,10 @@ class RawKerberosTest(TestCaseInTempDir): > 'kdc_options': kdc_options, > 'outer_req': outer_req > } >+ if expected_cname_private is not None: >+ kdc_exchange_dict['expected_cname_private'] = ( >+ expected_cname_private) >+ > if callback_dict is None: > callback_dict = {} > >@@ -1760,6 +1765,7 @@ class RawKerberosTest(TestCaseInTempDir): > def tgs_exchange_dict(self, > expected_crealm=None, > expected_cname=None, >+ expected_cname_private=None, > expected_srealm=None, > expected_sname=None, > ticket_decryption_key=None, >@@ -1811,6 +1817,10 @@ class RawKerberosTest(TestCaseInTempDir): > 'kdc_options': kdc_options, > 'outer_req': outer_req > } >+ if expected_cname_private is not None: >+ kdc_exchange_dict['expected_cname_private'] = ( >+ expected_cname_private) >+ > if callback_dict is None: > callback_dict = {} > >@@ -1989,11 +1999,15 @@ class RawKerberosTest(TestCaseInTempDir): > and kdc_options[canon_pos] == '1') > > expected_crealm = kdc_exchange_dict['expected_crealm'] >- expected_cname = kdc_exchange_dict['expected_cname'] > expected_srealm = kdc_exchange_dict['expected_srealm'] > expected_sname = kdc_exchange_dict['expected_sname'] > ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key'] > >+ try: >+ expected_cname = kdc_exchange_dict['expected_cname_private'] >+ except KeyError: >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ > ticket = self.getElementValue(rep, 'ticket') > > if ticket_checksum is not None: >-- >2.25.1 > > >From 73ebd0676fa04687124d0f444ed96327be8a4460 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 14:18:29 +1200 >Subject: [PATCH 118/149] tests/krb5: Include authdata in kdc_exchange_dict > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ea1ed63e8819926db1cf15974009601c7d37e944) >--- > python/samba/tests/krb5/raw_testcase.py | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index b79b84686a6..c1dfe44dfd1 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -1720,6 +1720,7 @@ class RawKerberosTest(TestCaseInTempDir): > armor_key=None, > armor_tgt=None, > armor_subkey=None, >+ auth_data=None, > kdc_options='', > outer_req=None): > kdc_exchange_dict = { >@@ -1750,6 +1751,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'armor_key': armor_key, > 'armor_tgt': armor_tgt, > 'armor_subkey': armor_subkey, >+ 'auth_data': auth_data, > 'kdc_options': kdc_options, > 'outer_req': outer_req > } >@@ -1784,6 +1786,7 @@ class RawKerberosTest(TestCaseInTempDir): > armor_tgt=None, > armor_subkey=None, > authenticator_subkey=None, >+ auth_data=None, > body_checksum_type=None, > kdc_options='', > outer_req=None): >@@ -1813,6 +1816,7 @@ class RawKerberosTest(TestCaseInTempDir): > 'armor_key': armor_key, > 'armor_tgt': armor_tgt, > 'armor_subkey': armor_subkey, >+ 'auth_data': auth_data, > 'authenticator_subkey': authenticator_subkey, > 'kdc_options': kdc_options, > 'outer_req': outer_req >@@ -2328,6 +2332,8 @@ class RawKerberosTest(TestCaseInTempDir): > req_body_blob, > ctype=body_checksum_type) > >+ auth_data = kdc_exchange_dict['auth_data'] >+ > subkey_obj = None > if authenticator_subkey is not None: > subkey_obj = authenticator_subkey.export_obj() >@@ -2341,7 +2347,7 @@ class RawKerberosTest(TestCaseInTempDir): > ctime=ctime, > subkey=subkey_obj, > seq_number=seq_number, >- authorization_data=None) >+ authorization_data=auth_data) > authenticator_blob = self.der_encode( > authenticator_obj, > asn1Spec=krb5_asn1.Authenticator()) >-- >2.25.1 > > >From fa9f66b91850a4a2678e9763d04e186c0ac4fe6a Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 15:20:09 +1200 >Subject: [PATCH 119/149] tests/krb5: Add generate_simple_fast() method to > generate FX-FAST padata > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1389ba346df81c9ea1e1143c4e819212939f6aeb) >--- > python/samba/tests/krb5/raw_testcase.py | 34 +++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index c1dfe44dfd1..a557c424527 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -52,6 +52,7 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_TGS_REQ, > KU_AP_REQ_AUTH, > KU_AS_REP_ENC_PART, >+ KU_FAST_ENC, > KU_FAST_FINISHED, > KU_FAST_REP, > KU_FAST_REQ_CHKSUM, >@@ -2309,6 +2310,39 @@ class RawKerberosTest(TestCaseInTempDir): > kdc_exchange_dict['preauth_etype_info2'] = etype_info2 > return > >+ def generate_simple_fast(self, >+ kdc_exchange_dict, >+ _callback_dict, >+ req_body, >+ fast_padata, >+ fast_armor, >+ checksum, >+ fast_options=''): >+ armor_key = kdc_exchange_dict['armor_key'] >+ >+ fast_req = self.KRB_FAST_REQ_create(fast_options, >+ fast_padata, >+ req_body) >+ fast_req = self.der_encode(fast_req, >+ asn1Spec=krb5_asn1.KrbFastReq()) >+ fast_req = self.EncryptedData_create(armor_key, >+ KU_FAST_ENC, >+ fast_req) >+ >+ fast_armored_req = self.KRB_FAST_ARMORED_REQ_create(fast_armor, >+ checksum, >+ fast_req) >+ >+ fx_fast_request = self.PA_FX_FAST_REQUEST_create(fast_armored_req) >+ fx_fast_request = self.der_encode( >+ fx_fast_request, >+ asn1Spec=krb5_asn1.PA_FX_FAST_REQUEST()) >+ >+ fast_padata = self.PA_DATA_create(PADATA_FX_FAST, >+ fx_fast_request) >+ >+ return fast_padata >+ > def generate_ap_req(self, > kdc_exchange_dict, > _callback_dict, >-- >2.25.1 > > >From 6d4b82c7e18e81b9060f2e3ec8bedf54d6ec0e24 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 16:21:14 +1200 >Subject: [PATCH 120/149] tests/krb5: Add check_rep_padata() method to check > padata in reply > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 79b9aac65b7dbdc58275368eae9feb7d87bf6dab) >--- > python/samba/tests/krb5/raw_testcase.py | 83 ++++++++++++++----------- > 1 file changed, 48 insertions(+), 35 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index a557c424527..80c60682bd1 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2144,13 +2144,54 @@ class RawKerberosTest(TestCaseInTempDir): > expected_cname = kdc_exchange_dict['expected_cname'] > expected_srealm = kdc_exchange_dict['expected_srealm'] > expected_sname = kdc_exchange_dict['expected_sname'] >- expected_salt = kdc_exchange_dict['expected_salt'] >- client_as_etypes = kdc_exchange_dict['client_as_etypes'] >+ expected_error_mode = kdc_exchange_dict['expected_error_mode'] >+ >+ self.assertElementEqual(rep, 'pvno', 5) >+ self.assertElementEqual(rep, 'msg-type', KRB_ERROR) >+ self.assertElementEqual(rep, 'error-code', expected_error_mode) >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'ctime') >+ self.assertElementMissing(rep, 'cusec') >+ self.assertElementPresent(rep, 'stime') >+ self.assertElementPresent(rep, 'susec') >+ # error-code checked above >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'crealm') >+ self.assertElementMissing(rep, 'cname') >+ self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >+ self.assertElementEqualPrincipal(rep, 'sname', expected_sname) >+ self.assertElementMissing(rep, 'e-text') >+ if expected_error_mode == KDC_ERR_GENERIC: >+ self.assertElementMissing(rep, 'e-data') >+ return rep >+ edata = self.getElementValue(rep, 'e-data') >+ if self.strict_checking: >+ self.assertIsNotNone(edata) >+ if edata is not None: >+ rep_padata = self.der_decode(edata, >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ self.assertGreater(len(rep_padata), 0) >+ else: >+ rep_padata = [] >+ >+ etype_info2 = self.check_rep_padata(kdc_exchange_dict, >+ callback_dict, >+ rep, >+ rep_padata) >+ >+ kdc_exchange_dict['preauth_etype_info2'] = etype_info2 >+ >+ return rep >+ >+ def check_rep_padata(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep, >+ rep_padata): > expected_error_mode = kdc_exchange_dict['expected_error_mode'] > req_body = kdc_exchange_dict['req_body'] > proposed_etypes = req_body['etype'] >- >- kdc_exchange_dict['preauth_etype_info2'] = None >+ client_as_etypes = kdc_exchange_dict.get('client_as_etypes', []) > > expect_etype_info2 = () > expect_etype_info = False >@@ -2188,34 +2229,6 @@ class RawKerberosTest(TestCaseInTempDir): > expected_patypes += (PADATA_PK_AS_REQ,) > expected_patypes += (PADATA_PK_AS_REP_19,) > >- self.assertElementEqual(rep, 'pvno', 5) >- self.assertElementEqual(rep, 'msg-type', KRB_ERROR) >- self.assertElementEqual(rep, 'error-code', expected_error_mode) >- if self.strict_checking: >- self.assertElementMissing(rep, 'ctime') >- self.assertElementMissing(rep, 'cusec') >- self.assertElementPresent(rep, 'stime') >- self.assertElementPresent(rep, 'susec') >- # error-code checked above >- if self.strict_checking: >- self.assertElementMissing(rep, 'crealm') >- self.assertElementMissing(rep, 'cname') >- self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >- self.assertElementEqualPrincipal(rep, 'sname', expected_sname) >- self.assertElementMissing(rep, 'e-text') >- if expected_error_mode == KDC_ERR_GENERIC: >- self.assertElementMissing(rep, 'e-data') >- return >- edata = self.getElementValue(rep, 'e-data') >- if self.strict_checking: >- self.assertIsNotNone(edata) >- if edata is not None: >- rep_padata = self.der_decode(edata, >- asn1Spec=krb5_asn1.METHOD_DATA()) >- self.assertGreater(len(rep_padata), 0) >- else: >- rep_padata = [] >- > if self.strict_checking: > for i, patype in enumerate(expected_patypes): > self.assertElementEqual(rep_padata[i], 'padata-type', patype) >@@ -2265,7 +2278,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(enc_timestamp) > self.assertIsNotNone(pk_as_req) > self.assertIsNotNone(pk_as_rep19) >- return >+ return None > > if self.strict_checking: > self.assertIsNotNone(etype_info2) >@@ -2288,6 +2301,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNone(salt) > else: > self.assertIsNotNone(salt) >+ expected_salt = kdc_exchange_dict['expected_salt'] > if expected_salt is not None: > self.assertEqual(salt, expected_salt) > s2kparams = self.getElementValue(etype_info2[i], 's2kparams') >@@ -2307,8 +2321,7 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(pk_as_req) > self.assertIsNotNone(pk_as_rep19) > >- kdc_exchange_dict['preauth_etype_info2'] = etype_info2 >- return >+ return etype_info2 > > def generate_simple_fast(self, > kdc_exchange_dict, >-- >2.25.1 > > >From 0ce16b4680f81a4d1961eeef807c47ed1661794b Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 16:35:32 +1200 >Subject: [PATCH 121/149] tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a > non-error reply > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 705e45e37f4752e283a80626be10c38b29232359) >--- > python/samba/tests/krb5/raw_testcase.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 80c60682bd1..7a66b74adfe 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2208,7 +2208,7 @@ class RawKerberosTest(TestCaseInTempDir): > if etype in (kcrypto.Enctype.AES256, kcrypto.Enctype.AES128): > if etype > expected_aes_type: > expected_aes_type = etype >- if etype in (kcrypto.Enctype.RC4,): >+ if etype in (kcrypto.Enctype.RC4,) and expected_error_mode != 0: > unexpect_etype_info = False > if etype > expected_rc4_type: > expected_rc4_type = etype >-- >2.25.1 > > >From 6515e90fe3130ac931e076652209ebd5ae5a669d Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 16:26:06 +1200 >Subject: [PATCH 122/149] tests/krb5: Remove unused variables > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5edbabeb26e110648d4588c90843e4715ec1ac5c) >--- > python/samba/tests/krb5/kdc_base_test.py | 2 -- > python/samba/tests/krb5/raw_testcase.py | 1 - > 2 files changed, 3 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 24a1e7cfbc8..b148fa01f65 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -256,8 +256,6 @@ class KDCBaseTest(RawKerberosTest): > > rid = identifier.sid.split()[1] > >- forced_keys = dict() >- > net_ctx = net.Net(admin_creds) > > keys = {} >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7a66b74adfe..60d35923b35 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2140,7 +2140,6 @@ class RawKerberosTest(TestCaseInTempDir): > callback_dict, > rep): > >- expected_crealm = kdc_exchange_dict['expected_crealm'] > expected_cname = kdc_exchange_dict['expected_cname'] > expected_srealm = kdc_exchange_dict['expected_srealm'] > expected_sname = kdc_exchange_dict['expected_sname'] >-- >2.25.1 > > >From d677b82c174c7938d1a06bbdd34e09fb835b44aa Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 11:15:00 +1200 >Subject: [PATCH 123/149] tests/krb5: Add get_krbtgt_sname() method > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit dbe98005d5873440063b91e56679937149535be7) >--- > python/samba/tests/krb5/raw_testcase.py | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 60d35923b35..8351de1e6e3 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -64,6 +64,7 @@ from samba.tests.krb5.rfc4120_constants import ( > KU_TGS_REQ_AUTH_DAT_SESSION, > KU_TGS_REQ_AUTH_DAT_SUBKEY, > KU_TICKET, >+ NT_SRV_INST, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO, > PADATA_ETYPE_INFO2, >@@ -2523,6 +2524,15 @@ class RawKerberosTest(TestCaseInTempDir): > return (claims_pos < len(pac_options) > and pac_options[claims_pos] == '1') > >+ def get_krbtgt_sname(self): >+ krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_username = krbtgt_creds.get_username() >+ krbtgt_realm = krbtgt_creds.get_realm() >+ krbtgt_sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=[krbtgt_username, krbtgt_realm]) >+ >+ return krbtgt_sname >+ > def _test_as_exchange(self, > cname, > realm, >-- >2.25.1 > > >From 45f96f6f73b162b59d5503d9bb7b8b5490a387e1 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 16:25:39 +1200 >Subject: [PATCH 124/149] tests/krb5: Check sname is krbtgt for FAST generic > error > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 7a27b75621908a4a6449efaecb54eb20fa45aca0) >--- > python/samba/tests/krb5/raw_testcase.py | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 8351de1e6e3..77b682e57ea 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2146,6 +2146,8 @@ class RawKerberosTest(TestCaseInTempDir): > expected_sname = kdc_exchange_dict['expected_sname'] > expected_error_mode = kdc_exchange_dict['expected_error_mode'] > >+ sent_fast = self.sent_fast(kdc_exchange_dict) >+ > self.assertElementEqual(rep, 'pvno', 5) > self.assertElementEqual(rep, 'msg-type', KRB_ERROR) > self.assertElementEqual(rep, 'error-code', expected_error_mode) >@@ -2159,7 +2161,11 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertElementMissing(rep, 'crealm') > self.assertElementMissing(rep, 'cname') > self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >- self.assertElementEqualPrincipal(rep, 'sname', expected_sname) >+ if sent_fast and expected_error_mode == KDC_ERR_GENERIC: >+ self.assertElementEqualPrincipal(rep, 'sname', >+ self.get_krbtgt_sname()) >+ else: >+ self.assertElementEqualPrincipal(rep, 'sname', expected_sname) > self.assertElementMissing(rep, 'e-text') > if expected_error_mode == KDC_ERR_GENERIC: > self.assertElementMissing(rep, 'e-data') >-- >2.25.1 > > >From 53f5e3988a84915e7b9b4b4afadbb754caec413c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 16:31:39 +1200 >Subject: [PATCH 125/149] tests/krb5: Check reply FAST padata if request > included FAST > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 056fb71832e7aa16132c58ff393ab8b752ef6a93) >--- > python/samba/tests/krb5/raw_testcase.py | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 77b682e57ea..965a8f9fb00 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -2177,6 +2177,21 @@ class RawKerberosTest(TestCaseInTempDir): > rep_padata = self.der_decode(edata, > asn1Spec=krb5_asn1.METHOD_DATA()) > self.assertGreater(len(rep_padata), 0) >+ >+ if sent_fast: >+ self.assertEqual(1, len(rep_padata)) >+ rep_pa_dict = self.get_pa_dict(rep_padata) >+ self.assertIn(PADATA_FX_FAST, rep_pa_dict) >+ >+ armor_key = kdc_exchange_dict['armor_key'] >+ self.assertIsNotNone(armor_key) >+ fast_response = self.check_fx_fast_data( >+ kdc_exchange_dict, >+ rep_pa_dict[PADATA_FX_FAST], >+ armor_key, >+ expect_strengthen_key=False) >+ >+ rep_padata = fast_response['padata'] > else: > rep_padata = [] > >-- >2.25.1 > > >From be78c40c63c9ee4c2dc0fff2180a2b95d10b5667 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 27 Jul 2021 16:42:26 +1200 >Subject: [PATCH 126/149] tests/krb5: Adjust reply padata checking depending on > whether FAST was sent > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Re