The Samba-Bugzilla – Attachment 16794 Details for
Bug 14817
Update Kerberos testing and dependencies to bring in fix for KDC crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
generated patch from master (v4) for 4.13
samba-4-13-kdc-crash.patch (text/plain), 1.40 MB, created by
Andrew Bartlett
on 2021-09-08 05:12:08 UTC
(
hide
)
Description:
generated patch from master (v4) for 4.13
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-09-08 05:12:08 UTC
Size:
1.40 MB
patch
obsolete
>From 465cab8b027e6ad50884e313b2e29e74a6f3a2ba Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 3 Nov 2020 09:25:48 +1300 >Subject: [PATCH 001/177] selftest: add mit kdc specific known fail > >Add a MIT kerberos specific known fail, will be needed by subsequent >commits. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 04248f5e868d38498bdc8f9705c9a60fcfe79c09) >--- > selftest/knownfail_mit_kdc | 0 > selftest/wscript | 2 ++ > 2 files changed, 2 insertions(+) > create mode 100644 selftest/knownfail_mit_kdc > >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >new file mode 100644 >index 00000000000..e69de29bb2d >diff --git a/selftest/wscript b/selftest/wscript >index 57057be176e..fe743cb6b5f 100644 >--- a/selftest/wscript >+++ b/selftest/wscript >@@ -260,6 +260,8 @@ def cmd_testonly(opt): > > if CONFIG_GET(opt, 'USING_SYSTEM_KRB5') and CONFIG_GET(opt, 'MIT_KDC_PATH'): > env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc" >+ env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ >+ "knownfail_mit_kdc" > > if not CONFIG_GET(opt, 'HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X'): > # older MIT krb5 libraries (< 1.14) don't have >-- >2.25.1 > > >From 6585be0ce9b58916f965a40bdb58d6e253a60615 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 27 Oct 2020 09:29:56 +1300 >Subject: [PATCH 002/177] tests python krb5: Make PrincipalName_create a class > method > >Make PrincipalName_create a class method, so it can be used in helper >classes. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b14dca7c1c063e069517ff01b33c63a000d398c3) >--- > python/samba/tests/krb5/raw_testcase.py | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index f43ce9cbc3c..45e46e0b7ba 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -470,6 +470,7 @@ class RawKerberosTest(TestCase): > } > return Checksum_obj > >+ @classmethod > def PrincipalName_create(self, name_type, names): > # PrincipalName ::= SEQUENCE { > # name-type [0] Int32, >-- >2.25.1 > > >From 27f5e2ff327b3ecd662120946c507a72d23fb750 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 27 Oct 2020 09:31:24 +1300 >Subject: [PATCH 003/177] tests python krb5: Add canonicalize flag to ASN1 > >Add the canonicalize flag to KerberosFlags, so that it can be used in >python based canonicalization tests. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 41c8aa4b991aad306d731b08d068c480eb5c7fed) >--- > python/samba/tests/krb5/rfc4120.asn1 | 8 ++++---- > python/samba/tests/krb5/rfc4120_pyasn1.py | 4 ++-- > 2 files changed, 6 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 98ba887729d..58e0c1636a1 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -196,8 +196,8 @@ KDCOptions ::= KerberosFlags > -- opt-hardware-auth(11), > -- unused12(12), > -- unused13(13), >--- 15 is reserved for canonicalize >- -- unused15(15), >+-- Canonicalize is used in RFC 6806 >+ -- canonicalize(15), > -- 26 was unused in 1510 > -- disable-transited-check(26), > -- >@@ -489,8 +489,8 @@ KDCOptionsValues ::= BIT STRING { -- KerberosFlags > opt-hardware-auth(11), > unused12(12), > unused13(13), >--- 15 is reserved for canonicalize >- unused15(15), >+-- Canonicalize is used by RFC 6806 >+ canonicalize(15), > -- 26 was unused in 1510 > disable-transited-check(26), > -- >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index 05304a8a099..b4ea678afd8 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-05-06 17:51:00.323318) >+# (last modified on 2020-11-03 14:07:15.270009) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -610,7 +610,7 @@ KDCOptionsValues.namedValues = namedval.NamedValues( > ('opt-hardware-auth', 11), > ('unused12', 12), > ('unused13', 13), >- ('unused15', 15), >+ ('canonicalize', 15), > ('disable-transited-check', 26), > ('renewable-ok', 27), > ('enc-tkt-in-skey', 28), >-- >2.25.1 > > >From a795a9dfc4e030cb21f60f97138afb2a6c373786 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 27 Oct 2020 09:32:21 +1300 >Subject: [PATCH 004/177] tests python krb5: Add python kerberos > canonicalization tests > >Add python canonicalization tests, loosely based on the code in >source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move >the integration level tests out of kdc-canon-heimdal, leaving it as a >heimdal library unit test. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 005435dc4d7de9d442c7513edec8c782fe20fda3) >--- > .../tests/krb5/as_canonicalization_tests.py | 499 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_mit_kdc | 144 +++++ > source4/selftest/tests.py | 1 + > 4 files changed, 645 insertions(+) > create mode 100755 python/samba/tests/krb5/as_canonicalization_tests.py > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >new file mode 100755 >index 00000000000..7b599ad6e44 >--- /dev/null >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -0,0 +1,499 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# >+# Copyright (C) Catalyst IT Ltd. 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+from enum import Enum, unique >+import pyasn1 >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+import samba >+from samba.auth import system_session >+from samba.credentials import ( >+ Credentials, >+ CLI_CRED_NTLMv2_AUTH, >+ CLI_CRED_NTLM_AUTH, >+ DONT_USE_KERBEROS) >+from samba.dcerpc.misc import SEC_CHAN_WKSTA >+from samba.dsdb import ( >+ UF_WORKSTATION_TRUST_ACCOUNT, >+ UF_PASSWD_NOTREQD, >+ UF_NORMAL_ACCOUNT) >+from samba.samdb import SamDB >+from samba.tests import delete_force, DynamicTestCase >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+@unique >+class TestOptions(Enum): >+ Canonicalize = 1 >+ Enterprise = 2 >+ UpperRealm = 4 >+ UpperUserName = 8 >+ NetbiosRealm = 16 >+ UPN = 32 >+ RemoveDollar = 64 >+ Last = 128 >+ >+ def is_set(self, x): >+ return self.value & x >+ >+ >+@unique >+class CredentialsType(Enum): >+ User = 1 >+ Machine = 2 >+ >+ def is_set(self, x): >+ return self.value & x >+ >+ >+class TestData: >+ >+ def __init__(self, options, creds): >+ self.options = options >+ self.user_creds = creds >+ self.user_name = self.get_username(options, creds) >+ self.realm = self.get_realm(options, creds) >+ self.cname = RawKerberosTest.PrincipalName_create( >+ name_type=1, names=[self.user_name]) >+ self.sname = RawKerberosTest.PrincipalName_create( >+ name_type=2, names=["krbtgt", self.realm]) >+ self.canonicalize = TestOptions.Canonicalize.is_set(options) >+ >+ def get_realm(self, options, creds): >+ realm = creds.get_realm() >+ if TestOptions.NetbiosRealm.is_set(options): >+ realm = creds.get_domain() >+ if TestOptions.UpperRealm.is_set(options): >+ realm = realm.upper() >+ else: >+ realm = realm.lower() >+ return realm >+ >+ def get_username(self, options, creds): >+ name = creds.get_username() >+ if TestOptions.RemoveDollar.is_set(options) and name.endswith("$"): >+ name = name[:-1] >+ if TestOptions.Enterprise.is_set(options): >+ realm = creds.get_realm() >+ name = "{0}@{1}".format(name, realm) >+ if TestOptions.UpperUserName.is_set(options): >+ name = name.upper() >+ return name >+ >+ def __repr__(self): >+ rep = "Test Data: " >+ rep += "options = '" + "{:08b}".format(self.options) + "'" >+ rep += "user name = '" + self.user_name + "'" >+ rep += ", realm = '" + self.realm + "'" >+ rep += ", cname = '" + str(self.cname) + "'" >+ rep += ", sname = '" + str(self.sname) + "'" >+ return rep >+ >+ >+MACHINE_NAME = "tstkrb5cnnusr" >+USER_NAME = "tstkrb5cnnmch" >+ >+# Encryption types >+AES256_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96')) >+AES128_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96')) >+ARCFOUR_HMAC_MD5 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5')) >+ >+# Message types >+KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >+KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+ >+# PAData types >+PADATA_ENC_TIMESTAMP = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ETYPE_INFO2 = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+ >+# Error codes >+KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_PREAUTH_REQUIRED = 25 >+ >+# Name types >+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >+NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+ >+ >+@DynamicTestCase >+class KerberosASCanonicalizationTests(RawKerberosTest): >+ >+ @classmethod >+ def setUpDynamicTestCases(cls): >+ >+ def skip(ct, options): >+ ''' Filter out any mutually exclusive test options ''' >+ if ct != CredentialsType.Machine and\ >+ TestOptions.RemoveDollar.is_set(options): >+ return True >+ return False >+ >+ def build_test_name(ct, options): >+ name = "%sCredentials" % ct.name >+ for opt in TestOptions: >+ if opt.is_set(options): >+ name += ("_%s" % opt.name) >+ return name >+ >+ for ct in CredentialsType: >+ for x in range(TestOptions.Last.value): >+ if skip(ct, x): >+ continue >+ name = build_test_name(ct, x) >+ cls.generate_dynamic_test("test", name, x, ct) >+ >+ @classmethod >+ def setUpClass(cls): >+ cls.lp = cls.get_loadparm(cls) >+ cls.username = os.environ["USERNAME"] >+ cls.password = os.environ["PASSWORD"] >+ cls.domain = os.environ["DOMAIN"] >+ cls.realm = os.environ["REALM"] >+ cls.host = os.environ["SERVER"] >+ >+ c = Credentials() >+ c.set_username(cls.username) >+ c.set_password(cls.password) >+ c.set_domain(cls.domain) >+ c.set_realm(cls.realm) >+ cls.credentials = c >+ >+ cls.session = system_session() >+ cls.ldb = SamDB(url="ldap://%s" % cls.host, >+ session_info=cls.session, >+ credentials=cls.credentials, >+ lp=cls.lp) >+ cls.create_machine_account() >+ cls.create_user_account() >+ >+ @classmethod >+ def tearDownClass(cls): >+ super(KerberosASCanonicalizationTests, cls).tearDownClass() >+ delete_force(cls.ldb, cls.machine_dn) >+ delete_force(cls.ldb, cls.user_dn) >+ >+ def setUp(self): >+ super(KerberosASCanonicalizationTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ # >+ # Create a test user account >+ @classmethod >+ def create_user_account(cls): >+ cls.user_pass = samba.generate_random_password(32, 32) >+ cls.user_name = USER_NAME >+ cls.user_dn = "cn=%s,%s" % (cls.user_name, cls.ldb.domain_dn()) >+ >+ # remove the account if it exists, this will happen if a previous test >+ # run failed >+ delete_force(cls.ldb, cls.user_dn) >+ >+ utf16pw = ('"%s"' % cls.user_pass).encode('utf-16-le') >+ cls.ldb.add({ >+ "dn": cls.user_dn, >+ "objectclass": "user", >+ "sAMAccountName": "%s" % cls.user_name, >+ "userAccountControl": str(UF_NORMAL_ACCOUNT), >+ "unicodePwd": utf16pw}) >+ >+ cls.user_creds = Credentials() >+ cls.user_creds.guess(cls.lp) >+ cls.user_creds.set_password(cls.user_pass) >+ cls.user_creds.set_username(cls.user_name) >+ cls.user_creds.set_workstation(cls.machine_name) >+ >+ # >+ # Create the machine account >+ @classmethod >+ def create_machine_account(cls): >+ cls.machine_pass = samba.generate_random_password(32, 32) >+ cls.machine_name = MACHINE_NAME >+ cls.machine_dn = "cn=%s,%s" % (cls.machine_name, cls.ldb.domain_dn()) >+ >+ # remove the account if it exists, this will happen if a previous test >+ # run failed >+ delete_force(cls.ldb, cls.machine_dn) >+ >+ utf16pw = ('"%s"' % cls.machine_pass).encode('utf-16-le') >+ cls.ldb.add({ >+ "dn": cls.machine_dn, >+ "objectclass": "computer", >+ "sAMAccountName": "%s$" % cls.machine_name, >+ "userAccountControl": >+ str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), >+ "unicodePwd": utf16pw}) >+ >+ cls.machine_creds = Credentials() >+ cls.machine_creds.guess(cls.lp) >+ cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) >+ cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) >+ cls.machine_creds.set_password(cls.machine_pass) >+ cls.machine_creds.set_username(cls.machine_name + "$") >+ cls.machine_creds.set_workstation(cls.machine_name) >+ >+ def _test_with_args(self, x, ct): >+ if ct == CredentialsType.User: >+ creds = self.user_creds >+ elif ct == CredentialsType.Machine: >+ creds = self.machine_creds >+ else: >+ raise Exception("Unexpected credential type") >+ data = TestData(x, creds) >+ >+ try: >+ (rep, as_rep) = self.as_req(data) >+ except pyasn1.error.PyAsn1Error as e: >+ import traceback >+ self.fail("ASN1 Error, Options {0:08b}:{1} {2}".format( >+ traceback.format_exc(), >+ data.options, >+ e)) >+ # If as_req triggered an expected server error response >+ # No need to test the response data. >+ if rep is not None: >+ # The kvno is optional, heimdal includes it >+ # MIT does not. >+ if 'kvno' in rep['enc-part']: >+ kvno = rep['enc-part']['kvno'] >+ self.check_kvno(kvno, data) >+ >+ cname = rep['cname'] >+ self.check_cname(cname, data) >+ >+ crealm = rep['crealm'].decode('ascii') >+ self.check_crealm(crealm, data) >+ >+ sname = as_rep['sname'] >+ self.check_sname(sname, data) >+ >+ srealm = as_rep['srealm'].decode('ascii') >+ self.check_srealm(srealm, data) >+ >+ def as_req(self, data): >+ user_creds = data.user_creds >+ realm = data.realm >+ >+ cname = data.cname >+ sname = data.sname >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = "0" >+ if data.canonicalize: >+ kdc_options = str(krb5_asn1.KDCOptions('canonicalize')) >+ >+ padata = None >+ >+ # Set the allowable encryption types >+ etypes = ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ # >+ # Check the protocol version, should be 5 >+ self.assertEqual( >+ rep['pvno'], 5, "Data {0}".format(str(data))) >+ >+ self.assertEqual( >+ rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) >+ >+ # We should get KDC_ERR_PREAUTH_REQUIRED >+ # unless the RemoveDollar and Enterprise options are set >+ # then we should get a KDC_ERR_C_PRINCIPAL_UNKNOWN >+ if TestOptions.RemoveDollar.is_set(data.options) and\ >+ TestOptions.Enterprise.is_set(data.options): >+ self.assertEqual( >+ rep['error-code'], >+ KDC_ERR_C_PRINCIPAL_UNKNOWN, >+ "Error code {0}, Data {1}".format(rep['error-code'], str(data))) >+ return (None, None) >+ >+ self.assertEqual( >+ rep['error-code'], >+ KDC_ERR_PREAUTH_REQUIRED, >+ "Error code {0}, Data {1}".format(rep['error-code'], str(data))) >+ >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >+ >+ kdc_options = "0" >+ if data.canonicalize: >+ kdc_options = str(krb5_asn1.KDCOptions('canonicalize')) >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ # >+ # Check the protocol version, should be 5 >+ self.assertEqual( >+ rep['pvno'], 5, "Data {0}".format(str(data))) >+ >+ msg_type = rep['msg-type'] >+ # Should not have got an error. >+ # If we did, fail and print the error code to help debugging >+ self.assertNotEqual( >+ msg_type, >+ KRB_ERROR, >+ "Error code {0}, Data {1}".format( >+ rep.get('error-code', ''), >+ str(data))) >+ >+ self.assertEqual(msg_type, KRB_AS_REP, "Data {0}".format(str(data))) >+ >+ # Decrypt and decode the EncKdcRepPart >+ enc = key.decrypt(3, rep['enc-part']['cipher']) >+ if enc[0] == 0x7A: >+ # MIT Kerberos Tags the EncASRepPart as a EncKDCRepPart >+ # i.e. tag number 26 instead of tag number 25 >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ else: >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) >+ >+ return (rep, as_rep) >+ >+ def check_cname(self, cname, data): >+ nt = cname['name-type'] >+ self.assertEqual( >+ NT_PRINCIPAL, >+ nt, >+ "cname name-type, Options {0:08b}".format(data.options)) >+ >+ ns = cname['name-string'] >+ name = ns[0].decode('ascii') >+ >+ expected = data.user_name >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_username() >+ self.assertEqual( >+ expected, >+ name, >+ "cname principal, Options {0:08b}".format(data.options)) >+ >+ def check_crealm(self, crealm, data): >+ realm = data.user_creds.get_realm() >+ self.assertEqual( >+ realm, crealm, "crealm, Options {0:08b}".format(data.options)) >+ >+ def check_sname(self, sname, data): >+ nt = sname['name-type'] >+ self.assertEqual( >+ NT_SRV_INST, >+ nt, >+ "sname name-type, Options {0:08b}".format(data.options)) >+ >+ ns = sname['name-string'] >+ name = ns[0].decode('ascii') >+ self.assertEqual( >+ 'krbtgt', >+ name, >+ "sname principal, Options {0:08b}".format(data.options)) >+ >+ realm = ns[1].decode('ascii') >+ expected = data.realm >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_realm().upper() >+ self.assertEqual( >+ expected, >+ realm, >+ "sname realm, Options {0:08b}".format(data.options)) >+ >+ def check_srealm(self, srealm, data): >+ realm = data.user_creds.get_realm() >+ self.assertEqual( >+ realm, srealm, "srealm, Options {0:08b}".format(data.options)) >+ >+ def check_kvno(self, kvno, data): >+ self.assertEqual( >+ 1, kvno, "kvno, Options {0:08b}".format(data.options)) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 89b5e957407..2f813760814 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -89,6 +89,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/simple_tests.py', > 'python/samba/tests/krb5/s4u_tests.py', > 'python/samba/tests/krb5/xrealm_tests.py', >+ 'python/samba/tests/krb5/as_canonicalization_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index e69de29bb2d..96d3e51da5c 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -0,0 +1,144 @@ >+# >+# Currently MOST but not quite all the Canonicalization tests fail on the >+# MIT KDC >+# >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_UPN\( >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index e16e64fb2f0..bde7c139475 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1339,6 +1339,7 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > '--option=torture:expect_machine_account=true'] + extra_options, > "samba4.krb5.kdc with machine account") > >+planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 23ce834bf73efe4b1eeb7220757adaa1b52375b3 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:09:13 +1300 >Subject: [PATCH 005/177] selftest: Send enterprise principals tagged as such > >This test passed against Samba but failed against Windows when >an enterprise principal (user@domain.com@REALM) was encoded as >NT_PRINCIPAL. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d7f731ed3577b407370d8fe7a62b4c3ee2dd9c75) >--- > .../tests/krb5/as_canonicalization_tests.py | 24 ++++++-- > selftest/knownfail.d/kdc-enterprise | 57 +++++++++++++++++++ > selftest/knownfail_mit_kdc | 8 +++ > 3 files changed, 84 insertions(+), 5 deletions(-) > create mode 100644 selftest/knownfail.d/kdc-enterprise > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 7b599ad6e44..3f8ed5c5a11 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -77,10 +77,16 @@ class TestData: > self.user_creds = creds > self.user_name = self.get_username(options, creds) > self.realm = self.get_realm(options, creds) >+ >+ if TestOptions.Enterprise.is_set(options): >+ client_name_type = NT_ENTERPRISE_PRINCIPAL >+ else: >+ client_name_type = NT_PRINCIPAL >+ > self.cname = RawKerberosTest.PrincipalName_create( >- name_type=1, names=[self.user_name]) >+ name_type=client_name_type, names=[self.user_name]) > self.sname = RawKerberosTest.PrincipalName_create( >- name_type=2, names=["krbtgt", self.realm]) >+ name_type=NT_SRV_INST, names=["krbtgt", self.realm]) > self.canonicalize = TestOptions.Canonicalize.is_set(options) > > def get_realm(self, options, creds): >@@ -143,6 +149,7 @@ KDC_ERR_PREAUTH_REQUIRED = 25 > NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) > NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-ENTERPRISE-PRINCIPAL')) > > > @DynamicTestCase >@@ -436,10 +443,17 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > return (rep, as_rep) > > def check_cname(self, cname, data): >- nt = cname['name-type'] >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected_name_type = NT_PRINCIPAL >+ elif TestOptions.Enterprise.is_set(data.options): >+ expected_name_type = NT_ENTERPRISE_PRINCIPAL >+ else: >+ expected_name_type = NT_PRINCIPAL >+ >+ name_type = cname['name-type'] > self.assertEqual( >- NT_PRINCIPAL, >- nt, >+ expected_name_type, >+ name_type, > "cname name-type, Options {0:08b}".format(data.options)) > > ns = cname['name-string'] >diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise >new file mode 100644 >index 00000000000..4e4f8a93e03 >--- /dev/null >+++ b/selftest/knownfail.d/kdc-enterprise >@@ -0,0 +1,57 @@ >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( >+ >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 96d3e51da5c..9bac4737591 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -142,3 +142,11 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_UPN\( >-- >2.25.1 > > >From 4a1b9fea8639dcd581dc7e526c73d856d4a56107 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:09:59 +1300 >Subject: [PATCH 006/177] selftest: Fix flipped machine and user constants > >This naturally does not change the test, but reduces developer >confusion. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 579a3c641c72b65f6ba39141a55c765b517bd7f8) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 3f8ed5c5a11..7cdf614482e 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -120,8 +120,8 @@ class TestData: > return rep > > >-MACHINE_NAME = "tstkrb5cnnusr" >-USER_NAME = "tstkrb5cnnmch" >+MACHINE_NAME = "tstkrb5cnnmch" >+USER_NAME = "tstkrb5cnnusr" > > # Encryption types > AES256_CTS_HMAC_SHA1_96 = int( >-- >2.25.1 > > >From 9cce070146c9afe665354bc0e8f792543822b05f Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:12:13 +1300 >Subject: [PATCH 007/177] selftest: Make as_canonicalization_tests.py easier to > run outside "make test" > >This takes the realm from the LDAP base DN and so avoids one >easy mistake to make. So far the NT4 domain name is not >auto-detected, so much be read from the smb.conf. > >By using .guess() the smb.conf is read for the unspecified >parts (eg workstation for an NTLM login to the LDAP server if >the target server is an IP address). > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d85e71f449037fa035fa2fae6b64caf695c53cb3) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 7cdf614482e..c0c3208d216 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -185,14 +185,20 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.username = os.environ["USERNAME"] > cls.password = os.environ["PASSWORD"] > cls.domain = os.environ["DOMAIN"] >- cls.realm = os.environ["REALM"] > cls.host = os.environ["SERVER"] > > c = Credentials() > c.set_username(cls.username) > c.set_password(cls.password) > c.set_domain(cls.domain) >- c.set_realm(cls.realm) >+ try: >+ realm = os.environ["REALM"] >+ c.set_realm(realm) >+ except KeyError: >+ pass >+ >+ c.guess() >+ > cls.credentials = c > > cls.session = system_session() >@@ -236,6 +242,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > cls.user_creds = Credentials() > cls.user_creds.guess(cls.lp) >+ cls.user_creds.set_realm(cls.ldb.domain_dns_name().upper()) > cls.user_creds.set_password(cls.user_pass) > cls.user_creds.set_username(cls.user_name) > cls.user_creds.set_workstation(cls.machine_name) >@@ -263,6 +270,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > cls.machine_creds = Credentials() > cls.machine_creds.guess(cls.lp) >+ cls.machine_creds.set_realm(cls.ldb.domain_dns_name().upper()) > cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) > cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) > cls.machine_creds.set_password(cls.machine_pass) >-- >2.25.1 > > >From 6ccfddaf556a1599044fc623afefde77d29bc57e Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 13:46:28 +1300 >Subject: [PATCH 008/177] samdb: Add samdb.domain_netbios_name() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >[abartlet@samba.org: Backported from commit >d79218dbba3d0f26d6a0e22b3c91b0731bf641dd as this backport >to Samba 4.13 does not include 07ce48088824bba2054e029edfa6fbae972c1921 >(samba-tool: Create unix user with modified template homedir)] >--- > python/samba/netcmd/user.py | 10 ++-------- > python/samba/samdb.py | 15 +++++++++++++++ > python/samba/tests/samdb.py | 13 ++++++++++--- > selftest/tests.py | 1 + > 4 files changed, 28 insertions(+), 11 deletions(-) > >diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py >index 7d4464e2aa9..ad5d2fbd485 100644 >--- a/python/samba/netcmd/user.py >+++ b/python/samba/netcmd/user.py >@@ -3001,14 +3001,8 @@ The users gecos field will be set to 'User4 test' > > if unix_home is None: > # obtain nETBIOS Domain Name >- filter = "(&(objectClass=crossRef)(nETBIOSName=*))" >- searchdn = ("CN=Partitions,CN=Configuration," + domaindn) >- try: >- res = samdb.search(searchdn, >- scope=ldb.SCOPE_SUBTREE, >- expression=filter) >- unix_domain = res[0]["nETBIOSName"][0] >- except IndexError: >+ unix_domain = samdb.domain_netbios_name() >+ if unix_domain is None: > raise CommandError('Unable to find Unix domain') > > unix_home = "/home/{0}/{1}".format(unix_domain, username) >diff --git a/python/samba/samdb.py b/python/samba/samdb.py >index d13c5e3b7a2..36d668c4586 100644 >--- a/python/samba/samdb.py >+++ b/python/samba/samdb.py >@@ -928,6 +928,21 @@ accountExpires: %u > domain_dn = self.get_default_basedn() > return domain_dn.canonical_str().split('/')[0] > >+ def domain_netbios_name(self): >+ """return the NetBIOS name of the domain root""" >+ domain_dn = self.get_default_basedn() >+ dns_name = self.domain_dns_name() >+ filter = "(&(objectClass=crossRef)(nETBIOSName=*)(ncName=%s)(dnsroot=%s))" % (domain_dn, dns_name) >+ partitions_dn = self.get_partitions_dn() >+ res = self.search(partitions_dn, >+ scope=ldb.SCOPE_ONELEVEL, >+ expression=filter) >+ try: >+ netbios_domain = res[0]["nETBIOSName"][0].decode() >+ except IndexError: >+ return None >+ return netbios_domain >+ > def forest_dns_name(self): > """return the DNS name of the forest root""" > forest_dn = self.get_root_basedn() >diff --git a/python/samba/tests/samdb.py b/python/samba/tests/samdb.py >index a185a1566e3..834c5a204a6 100644 >--- a/python/samba/tests/samdb.py >+++ b/python/samba/tests/samdb.py >@@ -38,13 +38,13 @@ class SamDBTestCase(TestCaseInTempDir): > super(SamDBTestCase, self).setUp() > self.session = system_session() > logger = logging.getLogger("selftest") >- domain = "dsdb" >- realm = "dsdb.samba.example.com" >+ self.domain = "dsdb" >+ self.realm = "dsdb.samba.example.com" > host_name = "test" > server_role = "active directory domain controller" > self.result = provision(logger, > self.session, targetdir=self.tempdir, >- realm=realm, domain=domain, >+ realm=self.realm, domain=self.domain, > hostname=host_name, > use_ntvfs=True, > serverrole=server_role, >@@ -61,3 +61,10 @@ class SamDBTestCase(TestCaseInTempDir): > shutil.rmtree(os.path.join(self.tempdir, d)) > > super(SamDBTestCase, self).tearDown() >+ >+ >+class SamDBTests(SamDBTestCase): >+ >+ def test_get_domain(self): >+ self.assertEqual(self.samdb.domain_dns_name(), self.realm.lower()) >+ self.assertEqual(self.samdb.domain_netbios_name(), self.domain.upper()) >diff --git a/selftest/tests.py b/selftest/tests.py >index 2b65943b2ed..5b1ebcf4270 100644 >--- a/selftest/tests.py >+++ b/selftest/tests.py >@@ -212,6 +212,7 @@ planpythontestsuite("none", "samba.tests.graph") > plantestsuite("wafsamba.duplicate_symbols", "none", [os.path.join(srcdir(), "buildtools/wafsamba/test_duplicate_symbol.sh")]) > planpythontestsuite("none", "samba.tests.glue") > planpythontestsuite("none", "samba.tests.tdb_util") >+planpythontestsuite("none", "samba.tests.samdb") > planpythontestsuite("none", "samba.tests.samdb_api") > > if with_pam: >-- >2.25.1 > > >From 2327fb441fa3946691fc45b90d8ba9de8b8e0ef9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 13:47:30 +1300 >Subject: [PATCH 009/177] selftest: Make as_canonicalization_tests.py > auto-detect the NT4 domain name > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2693f12fbe321e0f4932b1f74d7006dbac140e8e) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index c0c3208d216..221ff486fd8 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -184,18 +184,21 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.lp = cls.get_loadparm(cls) > cls.username = os.environ["USERNAME"] > cls.password = os.environ["PASSWORD"] >- cls.domain = os.environ["DOMAIN"] > cls.host = os.environ["SERVER"] > > c = Credentials() > c.set_username(cls.username) > c.set_password(cls.password) >- c.set_domain(cls.domain) > try: > realm = os.environ["REALM"] > c.set_realm(realm) > except KeyError: > pass >+ try: >+ domain = os.environ["DOMAIN"] >+ c.set_domain(domain) >+ except KeyError: >+ pass > > c.guess() > >@@ -243,6 +246,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.user_creds = Credentials() > cls.user_creds.guess(cls.lp) > cls.user_creds.set_realm(cls.ldb.domain_dns_name().upper()) >+ cls.user_creds.set_domain(cls.ldb.domain_netbios_name().upper()) > cls.user_creds.set_password(cls.user_pass) > cls.user_creds.set_username(cls.user_name) > cls.user_creds.set_workstation(cls.machine_name) >@@ -271,6 +275,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.machine_creds = Credentials() > cls.machine_creds.guess(cls.lp) > cls.machine_creds.set_realm(cls.ldb.domain_dns_name().upper()) >+ cls.machine_creds.set_domain(cls.ldb.domain_netbios_name().upper()) > cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) > cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) > cls.machine_creds.set_password(cls.machine_pass) >-- >2.25.1 > > >From 9ffb833b7ba2712b481bb02fd84d659678ca5e1d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:21:24 +1300 >Subject: [PATCH 010/177] selftest: Fix formatting of failure (traceback and > options swapped in format string) > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ab8c0a181bebe17a597af49790f6e7b17e13c29b) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 221ff486fd8..f0e9f6307f6 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -296,8 +296,8 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > except pyasn1.error.PyAsn1Error as e: > import traceback > self.fail("ASN1 Error, Options {0:08b}:{1} {2}".format( >- traceback.format_exc(), > data.options, >+ traceback.format_exc(), > e)) > # If as_req triggered an expected server error response > # No need to test the response data. >-- >2.25.1 > > >From 37e5b47e7663e028149df26d2f2b78f38941577d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:27:06 +1300 >Subject: [PATCH 011/177] selftest: Add in encrypted-pa-data from RFC 6806 > >This comes from Windows 2019 which supports FAST. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fc77ece0e2b5fd324809e17a9b208cc7854cee4b) >--- > python/samba/tests/krb5/rfc4120.asn1 | 3 ++- > python/samba/tests/krb5/rfc4120_pyasn1.py | 19 ++++++++++--------- > 2 files changed, 12 insertions(+), 10 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 58e0c1636a1..654f9788ca7 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -239,7 +239,8 @@ EncKDCRepPart ::= SEQUENCE { > renew-till [8] KerberosTime OPTIONAL, > srealm [9] Realm, > sname [10] PrincipalName, >- caddr [11] HostAddresses OPTIONAL >+ caddr [11] HostAddresses OPTIONAL, >+ encrypted-pa-data[12] METHOD-DATA OPTIONAL > } > > LastReq ::= SEQUENCE OF SEQUENCE { >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index b4ea678afd8..1d89f94adf1 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-11-03 14:07:15.270009) >+# (last modified on 2020-11-06 11:30:42.476808) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -438,6 +438,13 @@ LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes( > )) > > >+class METHOD_DATA(univ.SequenceOf): >+ pass >+ >+ >+METHOD_DATA.componentType = PA_DATA() >+ >+ > class TicketFlags(KerberosFlags): > pass > >@@ -458,7 +465,8 @@ EncKDCRepPart.componentType = namedtype.NamedTypes( > namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), > namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), > namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), >- namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))) >+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))), >+ namedtype.OptionalNamedType('encrypted-pa-data', METHOD_DATA().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12))) > ) > > >@@ -702,13 +710,6 @@ KRB_SAFE.componentType = namedtype.NamedTypes( > ) > > >-class METHOD_DATA(univ.SequenceOf): >- pass >- >- >-METHOD_DATA.componentType = PA_DATA() >- >- > class MessageTypeValues(univ.Integer): > pass > >-- >2.25.1 > > >From 3bf8f1ef4cbb5160608bd118961fbf498a6bec17 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 13:50:37 +1300 >Subject: [PATCH 012/177] selftest: Windows 2019 implements the RemoveDollar > behaviour for Enterprise principals > >This is documented in MS-KILE. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Gary Lockyer <gary@samba.org> >Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184 > >(cherry picked from commit f214a3ba5a3e9f129f10062392ae03edd62d8186) >--- > .../tests/krb5/as_canonicalization_tests.py | 11 ---------- > selftest/knownfail.d/kdc-enterprise | 20 ------------------- > selftest/knownfail_mit_kdc | 20 +++++++++++++++++++ > 3 files changed, 20 insertions(+), 31 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index f0e9f6307f6..caa186bed41 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -366,17 +366,6 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > self.assertEqual( > rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) > >- # We should get KDC_ERR_PREAUTH_REQUIRED >- # unless the RemoveDollar and Enterprise options are set >- # then we should get a KDC_ERR_C_PRINCIPAL_UNKNOWN >- if TestOptions.RemoveDollar.is_set(data.options) and\ >- TestOptions.Enterprise.is_set(data.options): >- self.assertEqual( >- rep['error-code'], >- KDC_ERR_C_PRINCIPAL_UNKNOWN, >- "Error code {0}, Data {1}".format(rep['error-code'], str(data))) >- return (None, None) >- > self.assertEqual( > rep['error-code'], > KDC_ERR_PREAUTH_REQUIRED, >diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise >index 4e4f8a93e03..d15d67c8af6 100644 >--- a/selftest/knownfail.d/kdc-enterprise >+++ b/selftest/knownfail.d/kdc-enterprise >@@ -1,19 +1,3 @@ >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\( >@@ -26,14 +10,10 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 9bac4737591..00edbc0c34d 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -150,3 +150,23 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >-- >2.25.1 > > >From 1a04471c861ffd02f6fb35823907ea8886c15c13 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 4 Nov 2020 13:54:46 +1300 >Subject: [PATCH 013/177] selftest: add heimdal kdc specific known fail > >Add a heimdal kerberos specific known fail, will be needed by subsequent >commits. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5cb5134377f099353e0f91c44cc11e45d548d40f) >--- > selftest/knownfail_heimdal_kdc | 0 > selftest/wscript | 3 +++ > 2 files changed, 3 insertions(+) > create mode 100644 selftest/knownfail_heimdal_kdc > >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >new file mode 100644 >index 00000000000..e69de29bb2d >diff --git a/selftest/wscript b/selftest/wscript >index fe743cb6b5f..b057702b756 100644 >--- a/selftest/wscript >+++ b/selftest/wscript >@@ -262,6 +262,9 @@ def cmd_testonly(opt): > env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc" > env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ > "knownfail_mit_kdc" >+ else: >+ env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ >+ "knownfail_heimdal_kdc" > > if not CONFIG_GET(opt, 'HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X'): > # older MIT krb5 libraries (< 1.14) don't have >-- >2.25.1 > > >From d0adbeeeeec98a9cff67209e19e192b8969a16bc Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 4 Nov 2020 13:58:24 +1300 >Subject: [PATCH 014/177] tests python krb5: Add python kerberos compatability > tests > >Add new python test to document the differences between the MIT and >Heimdal Kerberos implementations. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1e1d8b9c83f32c06ecab31214a20b77529ee038e) >--- > .../samba/tests/krb5/compatability_tests.py | 174 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_heimdal_kdc | 4 + > selftest/knownfail_mit_kdc | 4 + > source4/selftest/tests.py | 1 + > 5 files changed, 184 insertions(+) > create mode 100755 python/samba/tests/krb5/compatability_tests.py > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >new file mode 100755 >index 00000000000..63bd5269c2b >--- /dev/null >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -0,0 +1,174 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) Catalyst.Net Ltd 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class SimpleKerberosTests(RawKerberosTest): >+ >+ def setUp(self): >+ super(SimpleKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def test_mit_EncASRepPart_tag(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x7a, enc[0]) >+ >+ def test_heimdal_EncASRepPart_tag(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x79, enc[0]) >+ >+ def test_mit_EncryptedData_kvno(self): >+ creds = self.get_user_creds() >+ (_, enc) = self.as_req(creds) >+ if 'kvno' in enc: >+ self.fail("kvno present in EncryptedData") >+ >+ def test_heimdal_EncryptedData_kvno(self): >+ creds = self.get_user_creds() >+ (_, enc) = self.as_req(creds) >+ if 'kvno' not in enc: >+ self.fail("kvno absent in EncryptedData") >+ >+ def test_mit_EncASRepPart_FAST_support(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x7A, enc[0]) >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ flags = int(as_rep['flags'], base=2) >+ # MIT sets enc-pa-rep, flag bit 15 >+ # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >+ self.assertTrue(0x00010000 & flags) >+ >+ def test_heimdal_EncASRepPart_FAST_support(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x79, enc[0]) >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) >+ flags = as_rep['flags'] >+ flags = int(as_rep['flags'], base=2) >+ # Heimdal does not set enc-pa-rep, flag bit 15 >+ # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >+ self.assertFalse(0x00010000 & flags) >+ >+ def as_req(self, creds): >+ user = creds.get_username() >+ realm = creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=1, names=[user]) >+ sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = None >+ >+ etypes = (18, 17, 23) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ self.assertEqual(rep['msg-type'], 30) >+ self.assertEqual(rep['error-code'], 25) >+ rep_padata = self.der_decode( >+ rep['e-data'], >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ etype_info2, >+ asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(2, pa_ts) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 11) >+ >+ usage = 3 >+ enc_part = rep['enc-part'] >+ enc_as_rep_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ return (enc_as_rep_part, enc_part) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 2f813760814..fbb9a06d99e 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -90,6 +90,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/s4u_tests.py', > 'python/samba/tests/krb5/xrealm_tests.py', > 'python/samba/tests/krb5/as_canonicalization_tests.py', >+ 'python/samba/tests/krb5/compatability_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >index e69de29bb2d..7ab56b6721b 100644 >--- a/selftest/knownfail_heimdal_kdc >+++ b/selftest/knownfail_heimdal_kdc >@@ -0,0 +1,4 @@ >+# >+# We expect all the MIT specific compatability tests to fail on heimdal >+# kerberos >+^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 00edbc0c34d..9953d51f21d 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -1,4 +1,8 @@ > # >+# We expect all the heimdal specific compatability tests to fail on MIT >+# kerberos >+^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_heimdal_ >+# > # Currently MOST but not quite all the Canonicalization tests fail on the > # MIT KDC > # >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index bde7c139475..4b90a3d9772 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1340,6 +1340,7 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > "samba4.krb5.kdc with machine account") > > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") >+planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 16c98a1d184b40d4d92de653e13e956efe55d355 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 11:19:02 +1300 >Subject: [PATCH 015/177] tests python krb5: Add constants module > >Extract the constants used in the tests into a separate module. >To reduce code duplication > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 532c941fbb8fc5fc5da4aa2d0e170229076e9aa7) >--- > python/samba/tests/krb5/rfc4120_constants.py | 49 ++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > 2 files changed, 50 insertions(+) > create mode 100644 python/samba/tests/krb5/rfc4120_constants.py > >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >new file mode 100644 >index 00000000000..e939bb75e82 >--- /dev/null >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -0,0 +1,49 @@ >+# Unix SMB/CIFS implementation. >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+ >+# Encryption types >+AES256_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96')) >+AES128_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96')) >+ARCFOUR_HMAC_MD5 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5')) >+ >+# Message types >+KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >+KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+ >+# PAData types >+PADATA_ENC_TIMESTAMP = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ETYPE_INFO2 = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+ >+# Error codes >+KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_PREAUTH_FAILED = 24 >+KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_SKEW = 37 >+ >+# Name types >+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >+NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( >+ 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index fbb9a06d99e..536721a1f86 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -91,6 +91,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/xrealm_tests.py', > 'python/samba/tests/krb5/as_canonicalization_tests.py', > 'python/samba/tests/krb5/compatability_tests.py', >+ 'python/samba/tests/krb5/rfc4120_constants.py', > } > > EXCLUDE_HELP = { >-- >2.25.1 > > >From 569c1ba370de286abfb35b16c0ab744fcc3bd738 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 11:20:03 +1300 >Subject: [PATCH 016/177] tests python krb5: Refactor canonicalization test > constants > >Modify tests to use the constants defined in rfc4120_constants.py > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 97b830cbcac53fcf49bbcd272812d1ba019bac51) >--- > .../tests/krb5/as_canonicalization_tests.py | 30 +------------------ > 1 file changed, 1 insertion(+), 29 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index caa186bed41..303788b672e 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -41,6 +41,7 @@ from samba.dsdb import ( > UF_NORMAL_ACCOUNT) > from samba.samdb import SamDB > from samba.tests import delete_force, DynamicTestCase >+from samba.tests.krb5.rfc4120_constants import * > > global_asn1_print = False > global_hexdump = False >@@ -123,35 +124,6 @@ class TestData: > MACHINE_NAME = "tstkrb5cnnmch" > USER_NAME = "tstkrb5cnnusr" > >-# Encryption types >-AES256_CTS_HMAC_SHA1_96 = int( >- krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96')) >-AES128_CTS_HMAC_SHA1_96 = int( >- krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96')) >-ARCFOUR_HMAC_MD5 = int( >- krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5')) >- >-# Message types >-KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >-KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >- >-# PAData types >-PADATA_ENC_TIMESTAMP = int( >- krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >-PADATA_ETYPE_INFO2 = int( >- krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >- >-# Error codes >-KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >-KDC_ERR_PREAUTH_REQUIRED = 25 >- >-# Name types >-NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >-NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >-NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >-NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-ENTERPRISE-PRINCIPAL')) >- >- > @DynamicTestCase > class KerberosASCanonicalizationTests(RawKerberosTest): > >-- >2.25.1 > > >From ec124287b35d2419a8f0a25ee1f56185466a52a0 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 11:20:58 +1300 >Subject: [PATCH 017/177] tests python krb5: Refactor compatability test > constants > >Modify tests to use the constants defined in rfc4120_constants.py > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 82a413f48b7ef71feb68fc34f7ca753d45eb8974) >--- > .../samba/tests/krb5/compatability_tests.py | 42 ++++++++++++------- > 1 file changed, 28 insertions(+), 14 deletions(-) > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 63bd5269c2b..bf561346ab3 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -25,10 +25,17 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import * > > global_asn1_print = False > global_hexdump = False > >+HIEMDAL_ENC_AS_REP_PART_TYPE_TAG = 0x79 >+# MIT uses the EncTGSRepPart tag for the EncASRepPart >+MIT_ENC_AS_REP_PART_TYPE_TAG = 0x7A >+ >+ENC_PA_REP_FLAG = 0x00010000 >+ > > class SimpleKerberosTests(RawKerberosTest): > >@@ -40,12 +47,12 @@ class SimpleKerberosTests(RawKerberosTest): > def test_mit_EncASRepPart_tag(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x7a, enc[0]) >+ self.assertEqual(MIT_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > > def test_heimdal_EncASRepPart_tag(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x79, enc[0]) >+ self.assertEqual(HIEMDAL_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > > def test_mit_EncryptedData_kvno(self): > creds = self.get_user_creds() >@@ -62,37 +69,44 @@ class SimpleKerberosTests(RawKerberosTest): > def test_mit_EncASRepPart_FAST_support(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x7A, enc[0]) >+ self.assertEqual(MIT_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) > flags = int(as_rep['flags'], base=2) > # MIT sets enc-pa-rep, flag bit 15 > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >- self.assertTrue(0x00010000 & flags) >+ self.assertTrue(ENC_PA_REP_FLAG & flags) > > def test_heimdal_EncASRepPart_FAST_support(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x79, enc[0]) >+ self.assertEqual(HIEMDAL_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) > flags = as_rep['flags'] > flags = int(as_rep['flags'], base=2) > # Heimdal does not set enc-pa-rep, flag bit 15 > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >- self.assertFalse(0x00010000 & flags) >+ self.assertFalse(ENC_PA_REP_FLAG & flags) > > def as_req(self, creds): > user = creds.get_username() > realm = creds.get_realm() > >- cname = self.PrincipalName_create(name_type=1, names=[user]) >- sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, >+ names=["krbtgt", realm]) > > till = self.get_KerberosTime(offset=36000) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes = (18, 17, 23) >+ etypes = ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -111,14 +125,14 @@ class SimpleKerberosTests(RawKerberosTest): > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) > >- self.assertEqual(rep['msg-type'], 30) >- self.assertEqual(rep['error-code'], 25) >+ self.assertEqual(rep['msg-type'], KRB_ERROR) >+ self.assertEqual(rep['error-code'], KDC_ERR_PREAUTH_REQUIRED) > rep_padata = self.der_decode( > rep['e-data'], > asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: >- if pa['padata-type'] == 19: >+ if pa['padata-type'] == PADATA_ETYPE_INFO2: > etype_info2 = pa['padata-value'] > break > >@@ -136,7 +150,7 @@ class SimpleKerberosTests(RawKerberosTest): > pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > >- pa_ts = self.PA_DATA_create(2, pa_ts) >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = [pa_ts] >@@ -159,7 +173,7 @@ class SimpleKerberosTests(RawKerberosTest): > self.assertIsNotNone(rep) > > msg_type = rep['msg-type'] >- self.assertEqual(msg_type, 11) >+ self.assertEqual(msg_type, KRB_AS_REP) > > usage = 3 > enc_part = rep['enc-part'] >-- >2.25.1 > > >From e4ad528247081a38a775c768b36179f889305392 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 13:51:39 +1300 >Subject: [PATCH 018/177] tests python krb5: raw_testcase permit RC4 salts > >MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes >the check that a salt is not returned. A test for the difference >between MIT and Heimdal will be added in the subsequent commits. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1bab87c50baf0fecb5d4cd09e1a9896730c6377e) >--- > python/samba/tests/krb5/raw_testcase.py | 1 - > 1 file changed, 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 45e46e0b7ba..e67f5464e59 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -425,7 +425,6 @@ class RawKerberosTest(TestCase): > pass > > if e == kcrypto.Enctype.RC4: >- self.assertIsNone(salt) > nthash = creds.get_nt_hash() > return self.SessionKey_create(etype=e, contents=nthash, kvno=kvno) > >-- >2.25.1 > > >From 711e04d51b16eb2b5038397b4be1f07691bb67c2 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Fri, 6 Nov 2020 09:07:04 +1300 >Subject: [PATCH 019/177] tests python krb5: Convert kdc-heimdal to python > >Implement the tests in source4/torture/krb5/kdc-heimdal.c in python. >The following tests were not re-implemented as they are client side >tests for the "Orpheus Lyre" attack: > TORTURE_KRB5_TEST_CHANGE_SERVER_OUT > TORTURE_KRB5_TEST_CHANGE_SERVER_IN > TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit a00a1c9745033dae05eee17cfa4e2c5354a81e68) >--- > python/samba/tests/krb5/kdc_tests.py | 219 +++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 221 insertions(+) > create mode 100755 python/samba/tests/krb5/kdc_tests.py > >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >new file mode 100755 >index 00000000000..57a25448965 >--- /dev/null >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -0,0 +1,219 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import * >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class KdcTests(RawKerberosTest): >+ """ Port of the tests in source4/torture/krb5/kdc-heimdal.c >+ To python. >+ """ >+ >+ def setUp(self): >+ super(KdcTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def as_req(self, creds, etypes, padata=None): >+ user = creds.get_username() >+ realm = creds.get_realm() >+ >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, >+ names=["krbtgt", realm]) >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = 0 >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ return rep >+ >+ def get_pa_data(self, creds, rep, skew=0): >+ rep_padata = self.der_decode( >+ rep['e-data'], >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == PADATA_ETYPE_INFO2: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec(offset=skew) >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >+ >+ padata = [pa_ts] >+ return padata >+ >+ def check_pre_authenication(self, rep): >+ """ Check that the kdc response was pre-authentication required >+ """ >+ self.check_error_rep(rep, KDC_ERR_PREAUTH_REQUIRED) >+ >+ def check_as_reply(self, rep): >+ """ Check that the kdc response is an AS-REP and that the >+ values for: >+ msg-type >+ pvno >+ tkt-pvno >+ kvno >+ match the expected values >+ """ >+ >+ # Should have a reply, and it should an AS-REP message. >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_AS_REP) >+ >+ # Protocol version number should be 5 >+ pvno = int(rep['pvno']) >+ self.assertEqual(5, pvno) >+ >+ # The ticket version number should be 5 >+ tkt_vno = int(rep['ticket']['tkt-vno']) >+ self.assertEqual(5, tkt_vno) >+ >+ # Check that the kvno is not an RODC kvno >+ # MIT kerberos does not provide the kvno, so we treat it as optional. >+ # This is tested in compatability_test.py >+ if 'kvno' in rep['enc-part']: >+ kvno = int(rep['enc-part']['kvno']) >+ # If the high order bits are set this is an RODC kvno. >+ self.assertEqual(0, kvno & 0xFFFF0000) >+ >+ def check_error_rep(self, rep, expected): >+ """ Check that the reply is an error message, with the expected >+ error-code specified. >+ """ >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_ERROR) >+ self.assertEqual(rep['error-code'], expected) >+ >+ def test_aes256_cts_hmac_sha1_96(self): >+ creds = self.get_user_creds() >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ etype = rep['enc-part']['etype'] >+ self.assertEquals(AES256_CTS_HMAC_SHA1_96, etype) >+ >+ def test_arc4_hmac_md5(self): >+ creds = self.get_user_creds() >+ etype = (ARCFOUR_HMAC_MD5,) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ etype = rep['enc-part']['etype'] >+ self.assertEquals(ARCFOUR_HMAC_MD5, etype) >+ >+ def test_aes_rc4(self): >+ creds = self.get_user_creds() >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ etype = rep['enc-part']['etype'] >+ self.assertEquals(AES256_CTS_HMAC_SHA1_96, etype) >+ >+ def test_clock_skew(self): >+ creds = self.get_user_creds() >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep, skew=3600) >+ rep = self.as_req(creds, etype, padata=padata) >+ >+ self.check_error_rep(rep, KDC_ERR_SKEW) >+ >+ def test_invalid_password(self): >+ creds = self.insta_creds(template=self.get_user_creds()) >+ creds.set_password("Not the correct password") >+ >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ >+ self.check_error_rep(rep, KDC_ERR_PREAUTH_FAILED) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 536721a1f86..35abaf2dafa 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -92,6 +92,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/as_canonicalization_tests.py', > 'python/samba/tests/krb5/compatability_tests.py', > 'python/samba/tests/krb5/rfc4120_constants.py', >+ 'python/samba/tests/krb5/kdc_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 4b90a3d9772..11371e2aeaf 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1341,6 +1341,7 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") >+planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 58c38582c95204818f5c07a28a20c941894e0f67 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 16:56:46 +1300 >Subject: [PATCH 020/177] tests python krb5: refactor compatability tests > >Refactor to aid the adding of tests for the inclusion of a salt when >ARCFOUR_HMAC_MD5 encryption selected > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d492355f293e2da400318665035b056dfaba852c) >--- > .../samba/tests/krb5/compatability_tests.py | 24 ++++++++++++++----- > 1 file changed, 18 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index bf561346ab3..5990d2ce8df 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -87,7 +87,7 @@ class SimpleKerberosTests(RawKerberosTest): > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests > self.assertFalse(ENC_PA_REP_FLAG & flags) > >- def as_req(self, creds): >+ def as_pre_auth_req(self, creds, etypes): > user = creds.get_username() > realm = creds.get_realm() > >@@ -103,10 +103,6 @@ class SimpleKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes = ( >- AES256_CTS_HMAC_SHA1_96, >- AES128_CTS_HMAC_SHA1_96, >- ARCFOUR_HMAC_MD5) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -123,10 +119,16 @@ class SimpleKerberosTests(RawKerberosTest): > EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) >- self.assertIsNotNone(rep) > >+ return (rep, cname, sname, realm, till) >+ >+ def check_preauth_rep(self, rep): >+ self.assertIsNotNone(rep) > self.assertEqual(rep['msg-type'], KRB_ERROR) > self.assertEqual(rep['error-code'], KDC_ERR_PREAUTH_REQUIRED) >+ >+ def get_etype_info2(self, rep): >+ > rep_padata = self.der_decode( > rep['e-data'], > asn1Spec=krb5_asn1.METHOD_DATA()) >@@ -139,7 +141,17 @@ class SimpleKerberosTests(RawKerberosTest): > etype_info2 = self.der_decode( > etype_info2, > asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ return etype_info2 >+ >+ def as_req(self, creds): >+ etypes = ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5) >+ (rep, cname, sname, realm, till) = self.as_pre_auth_req(creds, etypes) >+ self.check_preauth_rep(rep) > >+ etype_info2 = self.get_etype_info2(rep) > key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) > > (patime, pausec) = self.get_KerberosTimeWithUsec() >-- >2.25.1 > > >From febfdb491252022c3d3663ca225e133e9074af43 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 16:57:11 +1300 >Subject: [PATCH 021/177] tests python krb5: add arcfour salt tests > >MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected, >Heimdal does not. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184 > >(cherry picked from commit 2ba6d596ff0a3580eca9285fd83569bcb147ce77) >--- > .../samba/tests/krb5/compatability_tests.py | 20 +++++++++++++++++++ > 1 file changed, 20 insertions(+) > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 5990d2ce8df..e4b1453e712 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -87,6 +87,26 @@ class SimpleKerberosTests(RawKerberosTest): > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests > self.assertFalse(ENC_PA_REP_FLAG & flags) > >+ def test_mit_arcfour_salt(self): >+ creds = self.get_user_creds() >+ etypes = (ARCFOUR_HMAC_MD5,) >+ (rep, *_) = self.as_pre_auth_req(creds, etypes) >+ self.check_preauth_rep(rep) >+ etype_info2 = self.get_etype_info2(rep) >+ if 'salt' not in etype_info2[0]: >+ self.fail( >+ "(MIT) Salt not populated for ARCFOUR_HMAC_MD5 encryption") >+ >+ def test_heimdal_arcfour_salt(self): >+ creds = self.get_user_creds() >+ etypes = (ARCFOUR_HMAC_MD5,) >+ (rep, *_) = self.as_pre_auth_req(creds, etypes) >+ self.check_preauth_rep(rep) >+ etype_info2 = self.get_etype_info2(rep) >+ if 'salt' in etype_info2[0]: >+ self.fail( >+ "(Heimdal) Salt populated for ARCFOUR_HMAC_MD5 encryption") >+ > def as_pre_auth_req(self, creds, etypes): > user = creds.get_username() > realm = creds.get_realm() >-- >2.25.1 > > >From 485c5960a7173b23964302a40274a13f968f9d8b Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 18 Nov 2020 14:49:28 +1300 >Subject: [PATCH 022/177] tests python krb5: Extra canonicalization tests > >Add tests that set the server name to the client name for the machine >account in the kerberos AS_REQ. This replicates the TEST_AS_REQ_SELF >test phase in source4/torture/krb5/kdc-canon-heimdal.c. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Nov 30 05:21:42 UTC 2020 on sn-devel-184 > >(cherry picked from commit 7f7e2b0e1e17321d800de787098bb2b2c8259ecd) >--- > .../tests/krb5/as_canonicalization_tests.py | 74 +++++++++----- > selftest/knownfail.d/kdc-enterprise | 26 +++++ > selftest/knownfail_mit_kdc | 96 +++++++++++++++++++ > 3 files changed, 172 insertions(+), 24 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 303788b672e..6ea3ff0491e 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -56,7 +56,8 @@ class TestOptions(Enum): > NetbiosRealm = 16 > UPN = 32 > RemoveDollar = 64 >- Last = 128 >+ AsReqSelf = 128 >+ Last = 256 > > def is_set(self, x): > return self.value & x >@@ -76,8 +77,8 @@ class TestData: > def __init__(self, options, creds): > self.options = options > self.user_creds = creds >- self.user_name = self.get_username(options, creds) >- self.realm = self.get_realm(options, creds) >+ self.user_name = self._get_username(options, creds) >+ self.realm = self._get_realm(options, creds) > > if TestOptions.Enterprise.is_set(options): > client_name_type = NT_ENTERPRISE_PRINCIPAL >@@ -86,11 +87,14 @@ class TestData: > > self.cname = RawKerberosTest.PrincipalName_create( > name_type=client_name_type, names=[self.user_name]) >- self.sname = RawKerberosTest.PrincipalName_create( >- name_type=NT_SRV_INST, names=["krbtgt", self.realm]) >+ if TestOptions.AsReqSelf.is_set(options): >+ self.sname = self.cname >+ else: >+ self.sname = RawKerberosTest.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", self.realm]) > self.canonicalize = TestOptions.Canonicalize.is_set(options) > >- def get_realm(self, options, creds): >+ def _get_realm(self, options, creds): > realm = creds.get_realm() > if TestOptions.NetbiosRealm.is_set(options): > realm = creds.get_domain() >@@ -100,7 +104,7 @@ class TestData: > realm = realm.lower() > return realm > >- def get_username(self, options, creds): >+ def _get_username(self, options, creds): > name = creds.get_username() > if TestOptions.RemoveDollar.is_set(options) and name.endswith("$"): > name = name[:-1] >@@ -135,6 +139,9 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > if ct != CredentialsType.Machine and\ > TestOptions.RemoveDollar.is_set(options): > return True >+ if ct != CredentialsType.Machine and\ >+ TestOptions.AsReqSelf.is_set(options): >+ return True > return False > > def build_test_name(ct, options): >@@ -448,26 +455,45 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > def check_sname(self, sname, data): > nt = sname['name-type'] >- self.assertEqual( >- NT_SRV_INST, >- nt, >- "sname name-type, Options {0:08b}".format(data.options)) >- > ns = sname['name-string'] > name = ns[0].decode('ascii') >- self.assertEqual( >- 'krbtgt', >- name, >- "sname principal, Options {0:08b}".format(data.options)) > >- realm = ns[1].decode('ascii') >- expected = data.realm >- if TestOptions.Canonicalize.is_set(data.options): >- expected = data.user_creds.get_realm().upper() >- self.assertEqual( >- expected, >- realm, >- "sname realm, Options {0:08b}".format(data.options)) >+ if TestOptions.AsReqSelf.is_set(data.options): >+ expected_name_type = NT_PRINCIPAL >+ if not TestOptions.Canonicalize.is_set(data.options)\ >+ and TestOptions.Enterprise.is_set(data.options): >+ >+ expected_name_type = NT_ENTERPRISE_PRINCIPAL >+ >+ self.assertEqual( >+ expected_name_type, >+ nt, >+ "sname name-type, Options {0:08b}".format(data.options)) >+ expected = data.user_name >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_username() >+ self.assertEqual( >+ expected, >+ name, >+ "sname principal, Options {0:08b}".format(data.options)) >+ else: >+ self.assertEqual( >+ NT_SRV_INST, >+ nt, >+ "sname name-type, Options {0:08b}".format(data.options)) >+ self.assertEqual( >+ 'krbtgt', >+ name, >+ "sname principal, Options {0:08b}".format(data.options)) >+ >+ realm = ns[1].decode('ascii') >+ expected = data.realm >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_realm().upper() >+ self.assertEqual( >+ expected, >+ realm, >+ "sname realm, Options {0:08b}".format(data.options)) > > def check_srealm(self, srealm, data): > realm = data.user_creds.get_realm() >diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise >index d15d67c8af6..c9b6c98a2ee 100644 >--- a/selftest/knownfail.d/kdc-enterprise >+++ b/selftest/knownfail.d/kdc-enterprise >@@ -35,3 +35,29 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( > >+ >+ >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 9953d51f21d..f1a4971430e 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -174,3 +174,99 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >-- >2.25.1 > > >From ae67453d72419276b4e6a7f573e12e88189f0c5e Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 10 Dec 2020 10:15:28 +1300 >Subject: [PATCH 023/177] tests python krb5: Add Authorization data ad-type > constants > >Add constants for the Authorization Data Type values. >RFC 4120 7.5.4. Authorization Data Types > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d74c9dcf3aaa613abfac49288f427484468bf6e1) >--- > python/samba/tests/krb5/rfc4120_constants.py | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index e939bb75e82..e1d0c5baa68 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -47,3 +47,17 @@ NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >+ >+# Authorization data ad-type values >+ >+AD_IF_RELEVANT = 1 >+AD_INTENDED_FOR_SERVER = 2 >+AD_INTENDED_FOR_APPLICATION_CLASS = 3 >+AD_KDC_ISSUED = 4 >+AD_AND_OR = 5 >+AD_MANDATORY_TICKET_EXTENSIONS = 6 >+AD_IN_TICKET_EXTENSIONS = 7 >+AD_MANDATORY_FOR_KDC = 8 >+AD_INITIAL_VERIFIED_CAS = 9 >+AD_WIN2K_PAC = 128 >+AD_SIGNTICKET = 512 >-- >2.25.1 > > >From 2900274544b4c41d7c571931664df5bc6fc8fcb0 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Mon, 30 Nov 2020 14:16:28 +1300 >Subject: [PATCH 024/177] tests python krb5: add test base class > >Add a base class for the KDC tests to reduce the amount of code >duplication in the tests. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 0f232ed42fb2671d025643cafb19891373562e4a) >--- > python/samba/tests/krb5/kdc_base_test.py | 419 +++++++++++++++++++++++ > 1 file changed, 419 insertions(+) > create mode 100755 python/samba/tests/krb5/kdc_base_test.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >new file mode 100755 >index 00000000000..4fc7ee85ba9 >--- /dev/null >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -0,0 +1,419 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+from collections import namedtuple >+from ldb import SCOPE_BASE >+from samba import generate_random_password >+from samba.auth import system_session >+from samba.credentials import Credentials >+from samba.dcerpc import krb5pac >+from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >+from samba.ndr import ndr_unpack >+from samba.samdb import SamDB >+ >+from samba.tests import delete_force >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import ( >+ AD_IF_RELEVANT, >+ AD_WIN2K_PAC, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KRB_TGS_REP, >+ KRB_ERROR, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO2, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class KDCBaseTest(RawKerberosTest): >+ """ Base class for KDC tests. >+ """ >+ >+ @classmethod >+ def setUpClass(cls): >+ cls.lp = cls.get_loadparm(cls) >+ cls.username = os.environ["USERNAME"] >+ cls.password = os.environ["PASSWORD"] >+ cls.host = os.environ["SERVER"] >+ >+ c = Credentials() >+ c.set_username(cls.username) >+ c.set_password(cls.password) >+ try: >+ realm = os.environ["REALM"] >+ c.set_realm(realm) >+ except KeyError: >+ pass >+ try: >+ domain = os.environ["DOMAIN"] >+ c.set_domain(domain) >+ except KeyError: >+ pass >+ >+ c.guess() >+ >+ cls.credentials = c >+ >+ cls.session = system_session() >+ cls.ldb = SamDB(url="ldap://%s" % cls.host, >+ session_info=cls.session, >+ credentials=cls.credentials, >+ lp=cls.lp) >+ # fetch the dnsHostName from the RootDse >+ res = cls.ldb.search( >+ base="", expression="", scope=SCOPE_BASE, attrs=["dnsHostName"]) >+ cls.dns_host_name = str(res[0]['dnsHostName']) >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ self.accounts = [] >+ >+ def tearDown(self): >+ # Clean up any accounts created by create_account >+ for dn in self.accounts: >+ delete_force(self.ldb, dn) >+ >+ def create_account(self, name, machine_account=False, spn=None): >+ '''Create an account for testing. >+ The dn of the created account is added to self.accounts, >+ which is used by tearDown to clean up the created accounts. >+ ''' >+ dn = "cn=%s,%s" % (name, self.ldb.domain_dn()) >+ >+ # remove the account if it exists, this will happen if a previous test >+ # run failed >+ delete_force(self.ldb, dn) >+ if machine_account: >+ object_class = "computer" >+ account_name = "%s$" % name >+ account_control = str(UF_WORKSTATION_TRUST_ACCOUNT) >+ else: >+ object_class = "user" >+ account_name = name >+ account_control = str(UF_NORMAL_ACCOUNT) >+ >+ password = generate_random_password(32, 32) >+ utf16pw = ('"%s"' % password).encode('utf-16-le') >+ >+ details = { >+ "dn": dn, >+ "objectclass": object_class, >+ "sAMAccountName": account_name, >+ "userAccountControl": account_control, >+ "unicodePwd": utf16pw} >+ if spn is not None: >+ details["servicePrincipalName"] = spn >+ self.ldb.add(details) >+ >+ creds = Credentials() >+ creds.guess(self.lp) >+ creds.set_realm(self.ldb.domain_dns_name().upper()) >+ creds.set_domain(self.ldb.domain_netbios_name().upper()) >+ creds.set_password(password) >+ creds.set_username(account_name) >+ if machine_account: >+ creds.set_workstation(name) >+ # >+ # Save the account name so it can be deleted in the tearDown >+ self.accounts.append(dn) >+ >+ return (creds, dn) >+ >+ def as_req(self, cname, sname, realm, etypes, padata=None): >+ '''Send a Kerberos AS_REQ, returns the undecoded response >+ ''' >+ >+ till = self.get_KerberosTime(offset=36000) >+ kdc_options = 0 >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ return rep >+ >+ def get_as_rep_key(self, creds, rep): >+ '''Extract the session key from an AS-REP >+ ''' >+ rep_padata = self.der_decode( >+ rep['e-data'], >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == PADATA_ETYPE_INFO2: >+ padata_value = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ padata_value, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ return key >+ >+ def get_pa_data(self, creds, rep, skew=0): >+ '''generate the pa_data data element for an AS-REQ >+ ''' >+ key = self.get_as_rep_key(creds, rep) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec(offset=skew) >+ padata = self.PA_ENC_TS_ENC_create(patime, pausec) >+ padata = self.der_encode(padata, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ usage = 1 >+ padata = self.EncryptedData_create(key, usage, padata) >+ padata = self.der_encode(padata, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ padata = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, padata) >+ >+ return [padata] >+ >+ def get_as_rep_enc_data(self, key, rep): >+ ''' Decrypt and Decode the encrypted data in an AS-REP >+ ''' >+ usage = 3 >+ enc_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 >+ try: >+ enc_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncASRepPart()) >+ except Exception: >+ enc_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ >+ return enc_part >+ >+ def check_pre_authenication(self, rep): >+ """ Check that the kdc response was pre-authentication required >+ """ >+ self.check_error_rep(rep, KDC_ERR_PREAUTH_REQUIRED) >+ >+ def check_as_reply(self, rep): >+ """ Check that the kdc response is an AS-REP and that the >+ values for: >+ msg-type >+ pvno >+ tkt-pvno >+ kvno >+ match the expected values >+ """ >+ >+ # Should have a reply, and it should an AS-REP message. >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_AS_REP, "rep = {%s}" % rep) >+ >+ # Protocol version number should be 5 >+ pvno = int(rep['pvno']) >+ self.assertEqual(5, pvno, "rep = {%s}" % rep) >+ >+ # The ticket version number should be 5 >+ tkt_vno = int(rep['ticket']['tkt-vno']) >+ self.assertEqual(5, tkt_vno, "rep = {%s}" % rep) >+ >+ # Check that the kvno is not an RODC kvno >+ # MIT kerberos does not provide the kvno, so we treat it as optional. >+ # This is tested in compatability_test.py >+ if 'kvno' in rep['enc-part']: >+ kvno = int(rep['enc-part']['kvno']) >+ # If the high order bits are set this is an RODC kvno. >+ self.assertEqual(0, kvno & 0xFFFF0000, "rep = {%s}" % rep) >+ >+ def check_tgs_reply(self, rep): >+ """ Check that the kdc response is an TGS-REP and that the >+ values for: >+ msg-type >+ pvno >+ tkt-pvno >+ kvno >+ match the expected values >+ """ >+ >+ # Should have a reply, and it should an TGS-REP message. >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_TGS_REP, "rep = {%s}" % rep) >+ >+ # Protocol version number should be 5 >+ pvno = int(rep['pvno']) >+ self.assertEqual(5, pvno, "rep = {%s}" % rep) >+ >+ # The ticket version number should be 5 >+ tkt_vno = int(rep['ticket']['tkt-vno']) >+ self.assertEqual(5, tkt_vno, "rep = {%s}" % rep) >+ >+ # Check that the kvno is not an RODC kvno >+ # MIT kerberos does not provide the kvno, so we treat it as optional. >+ # This is tested in compatability_test.py >+ if 'kvno' in rep['enc-part']: >+ kvno = int(rep['enc-part']['kvno']) >+ # If the high order bits are set this is an RODC kvno. >+ self.assertEqual(0, kvno & 0xFFFF0000, "rep = {%s}" % rep) >+ >+ def check_error_rep(self, rep, expected): >+ """ Check that the reply is an error message, with the expected >+ error-code specified. >+ """ >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_ERROR, "rep = {%s}" % rep) >+ self.assertEqual(rep['error-code'], expected, "rep = {%s}" % rep) >+ >+ def tgs_req(self, cname, sname, realm, ticket, key, etypes): >+ '''Send a TGS-REQ, returns the response and the decrypted and >+ decoded enc-part >+ ''' >+ >+ kdc_options = "0" >+ till = self.get_KerberosTime(offset=36000) >+ padata = [] >+ >+ subkey = self.RandomKey(key.etype) >+ subkey_usage = 9 >+ >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ >+ req = self.TGS_REQ_create(padata=padata, >+ cusec=cusec, >+ ctime=ctime, >+ ticket=ticket, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7ffffffe, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None, >+ ticket_session_key=key, >+ authenticator_subkey=subkey) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ enc_part = None >+ if msg_type == KRB_TGS_REP: >+ enc_part = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ return (rep, enc_part) >+ >+ # Named tuple to contain values of interest when the PAC is decoded. >+ PacData = namedtuple( >+ "PacData", >+ "account_name account_sid logon_name upn domain_name") >+ PAC_LOGON_INFO = 1 >+ PAC_CREDENTIAL_INFO = 2 >+ PAC_SRV_CHECKSUM = 6 >+ PAC_KDC_CHECKSUM = 7 >+ PAC_LOGON_NAME = 10 >+ PAC_CONSTRAINED_DELEGATION = 11 >+ PAC_UPN_DNS_INFO = 12 >+ >+ def get_pac_data(self, authorization_data): >+ '''Decode the PAC element contained in the authorization-data element >+ ''' >+ account_name = None >+ user_sid = None >+ logon_name = None >+ upn = None >+ domain_name = None >+ >+ # The PAC data will be wrapped in an AD_IF_RELEVANT element >+ ad_if_relevant_elements = ( >+ x for x in authorization_data if x['ad-type'] == AD_IF_RELEVANT) >+ for dt in ad_if_relevant_elements: >+ buf = self.der_decode( >+ dt['ad-data'], asn1Spec=krb5_asn1.AD_IF_RELEVANT()) >+ # The PAC data is further wrapped in a AD_WIN2K_PAC element >+ for ad in (x for x in buf if x['ad-type'] == AD_WIN2K_PAC): >+ pb = ndr_unpack(krb5pac.PAC_DATA, ad['ad-data']) >+ for pac in pb.buffers: >+ if pac.type == self.PAC_LOGON_INFO: >+ account_name = ( >+ pac.info.info.info3.base.account_name) >+ user_sid = ( >+ str(pac.info.info.info3.base.domain_sid) + >+ "-" + str(pac.info.info.info3.base.rid)) >+ elif pac.type == self.PAC_LOGON_NAME: >+ logon_name = pac.info.account_name >+ elif pac.type == self.PAC_UPN_DNS_INFO: >+ upn = pac.info.upn_name >+ domain_name = pac.info.dns_domain_name >+ >+ return self.PacData( >+ account_name, >+ user_sid, >+ logon_name, >+ upn, >+ domain_name) >+ >+ def decode_service_ticket(self, creds, ticket): >+ '''Decrypt and decode a service ticket >+ ''' >+ >+ name = creds.get_username() >+ if name.endswith('$'): >+ name = name[:-1] >+ realm = creds.get_realm() >+ salt = "%s.%s@%s" % (name, realm.lower(), realm.upper()) >+ >+ key = self.PasswordKey_create( >+ ticket['enc-part']['etype'], >+ creds.get_password(), >+ salt, >+ ticket['enc-part']['kvno']) >+ >+ enc_part = key.decrypt(2, ticket['enc-part']['cipher']) >+ enc_ticket_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncTicketPart()) >+ return enc_ticket_part >+ >+ def get_objectSid(self, dn): >+ ''' Get the objectSID for a DN >+ Note: performs an Ldb query. >+ ''' >+ res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["objectSID"]) >+ self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) >+ sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) >+ return sid.decode('utf8') >-- >2.25.1 > > >From 4dfc6807372f758ee0fd1b57f2e1891e522b29ca Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Mon, 30 Nov 2020 14:19:15 +1300 >Subject: [PATCH 025/177] tests python krb5: initial TGS tests > >Initial tests on the KDC TGS > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1ed461a142f68f5de5e21b873ebddfcf5ae0ca1e) >--- > python/samba/tests/krb5/kdc_base_test.py | 1 - > python/samba/tests/krb5/kdc_tgs_tests.py | 210 +++++++++++++++++++ > python/samba/tests/krb5/rfc4120_constants.py | 2 + > python/samba/tests/usage.py | 2 + > selftest/knownfail_mit_kdc | 5 + > source4/selftest/tests.py | 3 + > 6 files changed, 222 insertions(+), 1 deletion(-) > mode change 100755 => 100644 python/samba/tests/krb5/kdc_base_test.py > create mode 100755 python/samba/tests/krb5/kdc_tgs_tests.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >old mode 100755 >new mode 100644 >index 4fc7ee85ba9..1a823d173e3 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -1,4 +1,3 @@ >-#!/usr/bin/env python3 > # Unix SMB/CIFS implementation. > # Copyright (C) Stefan Metzmacher 2020 > # Copyright (C) 2020 Catalyst.Net Ltd >diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py >new file mode 100755 >index 00000000000..23a1d868a79 >--- /dev/null >+++ b/python/samba/tests/krb5/kdc_tgs_tests.py >@@ -0,0 +1,210 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KRB_ERROR, >+ KDC_ERR_BADMATCH, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class KdcTgsTests(KDCBaseTest): >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def test_tgs_req_cname_does_not_not_match_authenticator_cname(self): >+ ''' Try and obtain a ticket from the TGS, but supply a cname >+ that differs from that provided to the krbtgt >+ ''' >+ # Create the user account >+ user_name = "tsttktusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a service ticket, but use a cname that does not match >+ # that in the original AS-REQ >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ ticket = rep['ticket'] >+ >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=["Administrator"]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=["host", self.dns_host_name]) >+ >+ (rep, enc_part) = self.tgs_req(cname, sname, realm, ticket, key, etype) >+ >+ self.assertIsNone( >+ enc_part, >+ "rep = {%s}, enc_part = {%s}" % (rep, enc_part)) >+ self.assertEqual(KRB_ERROR, rep['msg-type'], "rep = {%s}" % rep) >+ self.assertEqual( >+ KDC_ERR_BADMATCH, >+ rep['error-code'], >+ "rep = {%s}" % rep) >+ >+ def test_ldap_service_ticket(self): >+ '''Get a ticket to the ldap service >+ ''' >+ # Create the user account >+ user_name = "tsttktusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ ticket = rep['ticket'] >+ >+ # Request a ticket to the ldap service >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, >+ names=["ldap", self.dns_host_name]) >+ >+ (rep, _) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ >+ self.check_tgs_reply(rep) >+ >+ def test_get_ticket_for_host_service_of_machine_account(self): >+ >+ # Create a user and machine account for the test. >+ # >+ user_name = "tsttktusr" >+ (uc, dn) = self.create_account(user_name) >+ (mc, _) = self.create_account("tsttktmac", machine_account=True) >+ realm = uc.get_realm().lower() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ >+ pac_data = self.get_pac_data(enc_part['authorization-data']) >+ sid = self.get_objectSid(dn) >+ upn = "%s@%s" % (uc.get_username(), realm) >+ self.assertEqual( >+ uc.get_username(), >+ str(pac_data.account_name), >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ uc.get_username(), >+ pac_data.logon_name, >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ uc.get_realm(), >+ pac_data.domain_name, >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ upn, >+ pac_data.upn, >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ sid, >+ pac_data.account_sid, >+ "rep = {%s},%s" % (rep, pac_data)) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index e1d0c5baa68..19bb6691d43 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -28,6 +28,7 @@ ARCFOUR_HMAC_MD5 = int( > # Message types > KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) > KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep')) > > # PAData types > PADATA_ENC_TIMESTAMP = int( >@@ -39,6 +40,7 @@ PADATA_ETYPE_INFO2 = int( > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 > KDC_ERR_PREAUTH_FAILED = 24 > KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_BADMATCH = 36 > KDC_ERR_SKEW = 37 > > # Name types >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 35abaf2dafa..222d1dbfa41 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -93,6 +93,8 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/compatability_tests.py', > 'python/samba/tests/krb5/rfc4120_constants.py', > 'python/samba/tests/krb5/kdc_tests.py', >+ 'python/samba/tests/krb5/kdc_base_test.py', >+ 'python/samba/tests/krb5/kdc_tgs_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index f1a4971430e..e64303c6b0f 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -270,3 +270,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\( > ^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_AsReqSelf\( > ^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+# >+# MIT currently returns an error code of 12 KRB5KDC_ERR_POLICY: KDC policy rejects request, to the >+# following tests >+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\) >+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 11371e2aeaf..bc2292b4523 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1342,6 +1342,9 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") >+planpythontestsuite( >+ "ad_dc", >+ "samba.tests.krb5.kdc_tgs_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 66a674865284829b3859b14b5693294760a70295 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 10 Dec 2020 16:26:06 +1300 >Subject: [PATCH 026/177] tests python krb5: Add key usage constants > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d8ed73b75ad67da99be392b2db18fe2e1ffed87f) >--- > python/samba/tests/krb5/rfc4120_constants.py | 50 ++++++++++++++++++++ > 1 file changed, 50 insertions(+) > >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 19bb6691d43..9de56578c99 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -63,3 +63,53 @@ AD_MANDATORY_FOR_KDC = 8 > AD_INITIAL_VERIFIED_CAS = 9 > AD_WIN2K_PAC = 128 > AD_SIGNTICKET = 512 >+ >+# Key usage numbers >+# RFC 4120 Section 7.5.1. Key Usage Numbers >+KU_PA_ENC_TIMESTAMP = 1 >+''' AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the >+ client key (section 5.2.7.2) ''' >+KU_TICKET = 2 >+''' AS-REP Ticket and TGS-REP Ticket (includes tgs session key or >+ application session key), encrypted with the service key >+ (section 5.3) ''' >+KU_AS_REP_ENC_PART = 3 >+''' AS-REP encrypted part (includes tgs session key or application >+ session key), encrypted with the client key (section 5.4.2) ''' >+KU_TGS_REQ_AUTH_DAT_SESSION = 4 >+''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs >+ session key (section 5.4.1) ''' >+KU_TGS_REQ_AUTH_DAT_SUBKEY = 5 >+''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs >+ authenticator subkey (section 5.4.1) ''' >+KU_TGS_REQ_AUTH_CKSUM = 6 >+''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed >+ with the tgs session key (section 5.5.1) ''' >+KU_TGS_REQ_AUTH = 7 >+''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs >+ authenticator subkey), encrypted with the tgs session key >+ (section 5.5.1) ''' >+KU_TGS_REP_ENC_PART_SESSION = 8 >+''' TGS-REP encrypted part (includes application session key), >+ encrypted with the tgs session key (section 5.4.2) ''' >+KU_TGS_REP_ENC_PART_SUB_KEY = 9 >+''' TGS-REP encrypted part (includes application session key), >+ encrypted with the tgs authenticator subkey (section 5.4.2) ''' >+KU_AP_REQ_AUTH_CKSUM = 10 >+''' AP-REQ Authenticator cksum, keyed with the application session >+ key (section 5.5.1) ''' >+KU_AP_REQ_AUTH = 11 >+''' AP-REQ Authenticator (includes application authenticator >+ subkey), encrypted with the application session key (section 5.5.1) ''' >+KU_AP_REQ_ENC_PART = 12 >+''' AP-REP encrypted part (includes application session subkey), >+ encrypted with the application session key (section 5.5.2) ''' >+KU_KRB_PRIV = 13 >+''' KRB-PRIV encrypted part, encrypted with a key chosen by the >+ application (section 5.7.1) ''' >+KU_KRB_CRED = 14 >+''' KRB-CRED encrypted part, encrypted with a key chosen by the >+ application (section 5.8.1) ''' >+KU_KRB_SAFE_CKSUM = 15 >+''' KRB-SAFE cksum, keyed with a key chosen by the application >+ (section 5.6.1) ''' >-- >2.25.1 > > >From d384e03f352fccaf1b064297f27845fcb53a31af Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 10 Dec 2020 16:27:17 +1300 >Subject: [PATCH 027/177] tests python krb5: use key usage constants > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 03676a4a5c55ab5f4958a86cbd4d7be0f0a8a294) >--- > .../tests/krb5/as_canonicalization_tests.py | 5 ++--- > python/samba/tests/krb5/compatability_tests.py | 7 +++---- > python/samba/tests/krb5/kdc_base_test.py | 16 +++++++++------- > python/samba/tests/krb5/kdc_tests.py | 3 +-- > python/samba/tests/krb5/s4u_tests.py | 15 +++++++++------ > python/samba/tests/krb5/simple_tests.py | 15 +++++++++------ > python/samba/tests/krb5/xrealm_tests.py | 15 +++++++++------ > 7 files changed, 42 insertions(+), 34 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 6ea3ff0491e..e89b40eab8f 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -367,8 +367,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >@@ -413,7 +412,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > self.assertEqual(msg_type, KRB_AS_REP, "Data {0}".format(str(data))) > > # Decrypt and decode the EncKdcRepPart >- enc = key.decrypt(3, rep['enc-part']['cipher']) >+ enc = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > if enc[0] == 0x7A: > # MIT Kerberos Tags the EncASRepPart as a EncKDCRepPart > # i.e. tag number 26 instead of tag number 25 >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index e4b1453e712..0b3701cd60d 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -178,8 +178,7 @@ class SimpleKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >@@ -207,9 +206,9 @@ class SimpleKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, KRB_AS_REP) > >- usage = 3 > enc_part = rep['enc-part'] >- enc_as_rep_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_as_rep_part = key.decrypt( >+ KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > return (enc_as_rep_part, enc_part) > > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1a823d173e3..e835d389f1c 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -41,6 +41,10 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_AS_REP, > KRB_TGS_REP, > KRB_ERROR, >+ KU_AS_REP_ENC_PART, >+ KU_PA_ENC_TIMESTAMP, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+ KU_TICKET, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO2, > ) >@@ -196,8 +200,7 @@ class KDCBaseTest(RawKerberosTest): > padata = self.PA_ENC_TS_ENC_create(patime, pausec) > padata = self.der_encode(padata, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- usage = 1 >- padata = self.EncryptedData_create(key, usage, padata) >+ padata = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, padata) > padata = self.der_encode(padata, asn1Spec=krb5_asn1.EncryptedData()) > > padata = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, padata) >@@ -207,8 +210,7 @@ class KDCBaseTest(RawKerberosTest): > def get_as_rep_enc_data(self, key, rep): > ''' Decrypt and Decode the encrypted data in an AS-REP > ''' >- usage = 3 >- enc_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > # MIT KDC encodes both EncASRepPart and EncTGSRepPart with > # application tag 26 > try: >@@ -303,7 +305,6 @@ class KDCBaseTest(RawKerberosTest): > padata = [] > > subkey = self.RandomKey(key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -332,7 +333,8 @@ class KDCBaseTest(RawKerberosTest): > msg_type = rep['msg-type'] > enc_part = None > if msg_type == KRB_TGS_REP: >- enc_part = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part = self.der_decode( > enc_part, asn1Spec=krb5_asn1.EncTGSRepPart()) > return (rep, enc_part) >@@ -403,7 +405,7 @@ class KDCBaseTest(RawKerberosTest): > salt, > ticket['enc-part']['kvno']) > >- enc_part = key.decrypt(2, ticket['enc-part']['cipher']) >+ enc_part = key.decrypt(KU_TICKET, ticket['enc-part']['cipher']) > enc_ticket_part = self.der_decode( > enc_part, asn1Spec=krb5_asn1.EncTicketPart()) > return enc_ticket_part >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >index 57a25448965..17b9d154bd9 100755 >--- a/python/samba/tests/krb5/kdc_tests.py >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -91,8 +91,7 @@ class KdcTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py >index ae38635c53b..2e1bd3fbe1f 100755 >--- a/python/samba/tests/krb5/s4u_tests.py >+++ b/python/samba/tests/krb5/s4u_tests.py >@@ -25,6 +25,11 @@ os.environ["PYTHONUNBUFFERED"] = "1" > from samba.tests import env_get_var_value > from samba.tests.krb5.kcrypto import Cksumtype > from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.rfc4120_constants import ( >+ KU_PA_ENC_TIMESTAMP, >+ KU_AS_REP_ENC_PART, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+) > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > > global_asn1_print = False >@@ -86,8 +91,7 @@ class S4UKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(2, pa_ts) >@@ -115,8 +119,7 @@ class S4UKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 11) > >- usage = 3 >- enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > > # S4U2Self Request >@@ -135,7 +138,6 @@ class S4UKerberosTests(RawKerberosTest): > padata = [pa_s4u] > > subkey = self.RandomKey(ticket_session_key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -163,7 +165,8 @@ class S4UKerberosTests(RawKerberosTest): > > msg_type = rep['msg-type'] > if msg_type == 13: >- enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return msg_type >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 236fbda1cd5..6c090af3d46 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -23,6 +23,11 @@ sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.rfc4120_constants import ( >+ KU_AS_REP_ENC_PART, >+ KU_PA_ENC_TIMESTAMP, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+) > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > > global_asn1_print = False >@@ -84,8 +89,7 @@ class SimpleKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(2, pa_ts) >@@ -113,8 +117,7 @@ class SimpleKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 11) > >- usage = 3 >- enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > > # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 > try: >@@ -134,7 +137,6 @@ class SimpleKerberosTests(RawKerberosTest): > padata = [] > > subkey = self.RandomKey(ticket_session_key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -163,7 +165,8 @@ class SimpleKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 13) > >- enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return >diff --git a/python/samba/tests/krb5/xrealm_tests.py b/python/samba/tests/krb5/xrealm_tests.py >index 64064b8a670..b4a02bff33a 100755 >--- a/python/samba/tests/krb5/xrealm_tests.py >+++ b/python/samba/tests/krb5/xrealm_tests.py >@@ -23,6 +23,11 @@ sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.rfc4120_constants import ( >+ KU_PA_ENC_TIMESTAMP, >+ KU_AS_REP_ENC_PART, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+) > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > import samba.tests > >@@ -85,8 +90,7 @@ class XrealmKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(2, pa_ts) >@@ -114,8 +118,7 @@ class XrealmKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 11) > >- usage = 3 >- enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > > # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 > try: >@@ -134,7 +137,6 @@ class XrealmKerberosTests(RawKerberosTest): > padata = [] > > subkey = self.RandomKey(ticket_session_key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -163,7 +165,8 @@ class XrealmKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 13) > >- enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # Check the forwardable flag >-- >2.25.1 > > >From 0c33da0e7c36de19064133b479ff7e1c2ea35bd4 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Fri, 11 Dec 2020 11:55:01 +1300 >Subject: [PATCH 028/177] tests python krb5: PEP8 cleanups > >Fix all the PEP8 warnings in samba/tests/krb5. With the exception of >rfc4120_pyasn1.py, which is generated from rfc4120.asn1. > >As these tests are new, it makes sense to ensure that they conform to >PEP8. And set an aspirational goal for the rest of our python code. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Gary Lockyer <gary@samba.org> >Autobuild-Date(master): Mon Dec 21 21:29:28 UTC 2020 on sn-devel-184 > >(cherry picked from commit c00d537526ca881c540ff66e703ad9c96dd1face) >--- > .../tests/krb5/as_canonicalization_tests.py | 54 ++- > .../samba/tests/krb5/compatability_tests.py | 24 +- > python/samba/tests/krb5/kcrypto.py | 67 +-- > python/samba/tests/krb5/kdc_base_test.py | 4 +- > python/samba/tests/krb5/kdc_tests.py | 17 +- > python/samba/tests/krb5/raw_testcase.py | 409 +++++++++++------- > python/samba/tests/krb5/rfc4120_constants.py | 32 +- > python/samba/tests/krb5/s4u_tests.py | 19 +- > python/samba/tests/krb5/simple_tests.py | 24 +- > python/samba/tests/krb5/xrealm_tests.py | 26 +- > 10 files changed, 413 insertions(+), 263 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index e89b40eab8f..43f532dc483 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -31,8 +31,6 @@ import samba > from samba.auth import system_session > from samba.credentials import ( > Credentials, >- CLI_CRED_NTLMv2_AUTH, >- CLI_CRED_NTLM_AUTH, > DONT_USE_KERBEROS) > from samba.dcerpc.misc import SEC_CHAN_WKSTA > from samba.dsdb import ( >@@ -41,7 +39,20 @@ from samba.dsdb import ( > UF_NORMAL_ACCOUNT) > from samba.samdb import SamDB > from samba.tests import delete_force, DynamicTestCase >-from samba.tests.krb5.rfc4120_constants import * >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KU_AS_REP_ENC_PART, >+ KRB_ERROR, >+ KU_PA_ENC_TIMESTAMP, >+ PADATA_ENC_TIMESTAMP, >+ NT_ENTERPRISE_PRINCIPAL, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) > > global_asn1_print = False > global_hexdump = False >@@ -49,15 +60,15 @@ global_hexdump = False > > @unique > class TestOptions(Enum): >- Canonicalize = 1 >- Enterprise = 2 >- UpperRealm = 4 >- UpperUserName = 8 >- NetbiosRealm = 16 >- UPN = 32 >- RemoveDollar = 64 >- AsReqSelf = 128 >- Last = 256 >+ Canonicalize = 1 >+ Enterprise = 2 >+ UpperRealm = 4 >+ UpperUserName = 8 >+ NetbiosRealm = 16 >+ UPN = 32 >+ RemoveDollar = 64 >+ AsReqSelf = 128 >+ Last = 256 > > def is_set(self, x): > return self.value & x >@@ -65,7 +76,7 @@ class TestOptions(Enum): > > @unique > class CredentialsType(Enum): >- User = 1 >+ User = 1 > Machine = 2 > > def is_set(self, x): >@@ -126,7 +137,8 @@ class TestData: > > > MACHINE_NAME = "tstkrb5cnnmch" >-USER_NAME = "tstkrb5cnnusr" >+USER_NAME = "tstkrb5cnnusr" >+ > > @DynamicTestCase > class KerberosASCanonicalizationTests(RawKerberosTest): >@@ -160,21 +172,21 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > @classmethod > def setUpClass(cls): >- cls.lp = cls.get_loadparm(cls) >+ cls.lp = cls.get_loadparm(cls) > cls.username = os.environ["USERNAME"] > cls.password = os.environ["PASSWORD"] >- cls.host = os.environ["SERVER"] >+ cls.host = os.environ["SERVER"] > > c = Credentials() > c.set_username(cls.username) > c.set_password(cls.password) > try: >- realm = os.environ["REALM"] >+ realm = os.environ["REALM"] > c.set_realm(realm) > except KeyError: > pass > try: >- domain = os.environ["DOMAIN"] >+ domain = os.environ["DOMAIN"] > c.set_domain(domain) > except KeyError: > pass >@@ -200,7 +212,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > def setUp(self): > super(KerberosASCanonicalizationTests, self).setUp() > self.do_asn1_print = global_asn1_print >- self.do_hexdump = global_hexdump >+ self.do_hexdump = global_hexdump > > # > # Create a test user account >@@ -340,7 +352,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > # > # Check the protocol version, should be 5 > self.assertEqual( >- rep['pvno'], 5, "Data {0}".format(str(data))) >+ rep['pvno'], 5, "Data {0}".format(str(data))) > > self.assertEqual( > rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) >@@ -397,7 +409,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > # > # Check the protocol version, should be 5 > self.assertEqual( >- rep['pvno'], 5, "Data {0}".format(str(data))) >+ rep['pvno'], 5, "Data {0}".format(str(data))) > > msg_type = rep['msg-type'] > # Should not have got an error. >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 0b3701cd60d..5a1ef02ef80 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -25,7 +25,20 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >-from samba.tests.krb5.rfc4120_constants import * >+from samba.tests.krb5.rfc4120_constants import ( >+ AES128_CTS_HMAC_SHA1_96, >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KRB_ERROR, >+ KU_AS_REP_ENC_PART, >+ KU_PA_ENC_TIMESTAMP, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO2, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) > > global_asn1_print = False > global_hexdump = False >@@ -112,18 +125,17 @@ class SimpleKerberosTests(RawKerberosTest): > realm = creds.get_realm() > > cname = self.PrincipalName_create( >- name_type=NT_PRINCIPAL, >- names=[user]) >+ name_type=NT_PRINCIPAL, >+ names=[user]) > sname = self.PrincipalName_create( >- name_type=NT_SRV_INST, >- names=["krbtgt", realm]) >+ name_type=NT_SRV_INST, >+ names=["krbtgt", realm]) > > till = self.get_KerberosTime(offset=36000) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), > cname=cname, >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >index 2572fa5bab3..23502d7bb62 100755 >--- a/python/samba/tests/krb5/kcrypto.py >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -64,6 +64,7 @@ from samba.credentials import Credentials > from samba import generate_random_bytes as get_random_bytes > from samba.compat import get_string, get_bytes > >+ > class Enctype(object): > DES_CRC = 1 > DES_MD4 = 2 >@@ -112,26 +113,30 @@ def _mac_equal(mac1, mac2): > res |= x ^ y > return res == 0 > >+ > def SIMPLE_HASH(string, algo_cls): > hash_ctx = hashes.Hash(algo_cls(), default_backend()) > hash_ctx.update(string) > return hash_ctx.finalize() > >+ > def HMAC_HASH(key, string, algo_cls): > hmac_ctx = hmac.HMAC(key, algo_cls(), default_backend()) > hmac_ctx.update(string) > return hmac_ctx.finalize() > >+ > def _nfold(str, nbytes): > # Convert str to a string of length nbytes using the RFC 3961 nfold > # operation. > > # Rotate the bytes in str to the right by nbits bits. > def rotate_right(str, nbits): >- nbytes, remain = (nbits//8) % len(str), nbits % 8 >- return bytes([(str[i-nbytes] >> remain) | >- (str[i-nbytes-1] << (8-remain) & 0xff) >- for i in range(len(str))]) >+ nbytes, remain = (nbits // 8) % len(str), nbits % 8 >+ return bytes([ >+ (str[i - nbytes] >> remain) >+ | (str[i - nbytes - 1] << (8 - remain) & 0xff) >+ for i in range(len(str))]) > > # Add equal-length strings together with end-around carry. > def add_ones_complement(str1, str2): >@@ -139,7 +144,7 @@ def _nfold(str, nbytes): > v = [a + b for a, b in zip(str1, str2)] > # Propagate carry bits to the left until there aren't any left. > while any(x & ~0xff for x in v): >- v = [(v[i-n+1]>>8) + (v[i]&0xff) for i in range(n)] >+ v = [(v[i - n + 1] >> 8) + (v[i] & 0xff) for i in range(n)] > return bytes([x for x in v]) > > # Concatenate copies of str to produce the least common multiple >@@ -150,7 +155,7 @@ def _nfold(str, nbytes): > slen = len(str) > lcm = nbytes * slen // gcd(nbytes, slen) > bigstr = b''.join((rotate_right(str, 13 * i) for i in range(lcm // slen))) >- slices = (bigstr[p:p+nbytes] for p in range(0, lcm, nbytes)) >+ slices = (bigstr[p:p + nbytes] for p in range(0, lcm, nbytes)) > return reduce(add_ones_complement, slices) > > >@@ -275,7 +280,7 @@ class _DES3CBC(_SimplifiedEnctype): > return b if bin(b & ~1).count('1') % 2 else b | 1 > assert len(seed) == 7 > firstbytes = [parity(b & ~1) for b in seed] >- lastbyte = parity(sum((seed[i]&1) << i+1 for i in range(7))) >+ lastbyte = parity(sum((seed[i] & 1) << i + 1 for i in range(7))) > keybytes = bytes([b for b in firstbytes + [lastbyte]]) > if _is_weak_des_key(keybytes): > keybytes[7] = bytes([keybytes[7] ^ 0xF0]) >@@ -369,7 +374,7 @@ class _AESEnctype(_SimplifiedEnctype): > if len(ciphertext) == 16: > return aes_decrypt(ciphertext) > # Split the ciphertext into blocks. The last block may be partial. >- cblocks = [ciphertext[p:p+16] for p in range(0, len(ciphertext), 16)] >+ cblocks = [ciphertext[p:p + 16] for p in range(0, len(ciphertext), 16)] > lastlen = len(cblocks[-1]) > # CBC-decrypt all but the last two blocks. > prev_cblock = bytes(16) >@@ -383,7 +388,7 @@ class _AESEnctype(_SimplifiedEnctype): > # will be the omitted bytes of ciphertext from the final > # block. > b = aes_decrypt(cblocks[-2]) >- lastplaintext =_xorbytes(b[:lastlen], cblocks[-1]) >+ lastplaintext = _xorbytes(b[:lastlen], cblocks[-1]) > omitted = b[lastlen:] > # Decrypt the final cipher block plus the omitted bytes to get > # the second-to-last plaintext block. >@@ -433,7 +438,8 @@ class _RC4(_EnctypeProfile): > cksum = HMAC_HASH(ki, confounder + plaintext, hashes.MD5) > ke = HMAC_HASH(ki, cksum, hashes.MD5) > >- encryptor = Cipher(ciphers.ARC4(ke), None, default_backend()).encryptor() >+ encryptor = Cipher( >+ ciphers.ARC4(ke), None, default_backend()).encryptor() > ctext = encryptor.update(confounder + plaintext) > > return cksum + ctext >@@ -446,7 +452,8 @@ class _RC4(_EnctypeProfile): > ki = HMAC_HASH(key.contents, cls.usage_str(keyusage), hashes.MD5) > ke = HMAC_HASH(ki, cksum, hashes.MD5) > >- decryptor = Cipher(ciphers.ARC4(ke), None, default_backend()).decryptor() >+ decryptor = Cipher( >+ ciphers.ARC4(ke), None, default_backend()).decryptor() > basic_plaintext = decryptor.update(basic_ctext) > > exp_cksum = HMAC_HASH(ki, basic_plaintext, hashes.MD5) >@@ -636,14 +643,14 @@ def verify_checksum(cksumtype, key, keyusage, text, cksum): > c.verify(key, keyusage, text, cksum) > > >-def prfplus(key, pepper, l): >- # Produce l bytes of output using the RFC 6113 PRF+ function. >+def prfplus(key, pepper, ln): >+ # Produce ln bytes of output using the RFC 6113 PRF+ function. > out = b'' > count = 1 >- while len(out) < l: >+ while len(out) < ln: > out += prf(key, bytes([count]) + pepper) > count += 1 >- return out[:l] >+ return out[:ln] > > > def cf2(enctype, key1, key2, pepper1, pepper2): >@@ -653,9 +660,11 @@ def cf2(enctype, key1, key2, pepper1, pepper2): > return e.random_to_key(_xorbytes(prfplus(key1, pepper1, e.seedsize), > prfplus(key2, pepper2, e.seedsize))) > >+ > def h(hexstr): > return bytes.fromhex(hexstr) > >+ > class KcrytoTest(TestCase): > """kcrypto Test case.""" > >@@ -665,20 +674,21 @@ class KcrytoTest(TestCase): > conf = h('94B491F481485B9A0678CD3C4EA386AD') > keyusage = 2 > plain = b'9 bytesss' >- ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7CD2E' >- 'C26C355D2F') >+ ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7' >+ 'CD2EC26C355D2F') > k = Key(Enctype.AES128, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), plain) > > def test_aes256_crypt(self): > # AES256 encrypt and decrypt >- kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B1404231398') >+ kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B14042313' >+ '98') > conf = h('E45CA518B42E266AD98E165E706FFB60') > keyusage = 4 > plain = b'30 bytes bytes bytes bytes byt' >- ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3D79A' >- '295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') >+ ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3' >+ 'D79A295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') > k = Key(Enctype.AES256, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), plain) >@@ -694,7 +704,8 @@ class KcrytoTest(TestCase): > > def test_aes256_checksum(self): > # AES256 checksum >- kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7') >+ kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBC' >+ 'FEA4EC76D7') > keyusage = 4 > plain = b'fourteen' > cksum = h('E08739E3279E2903EC8E3836') >@@ -715,7 +726,8 @@ class KcrytoTest(TestCase): > string = b'X' * 64 > salt = b'pass phrase equals block size' > params = h('000004B0') >- kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56C553BA4B34') >+ kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56' >+ 'C553BA4B34') > k = string_to_key(Enctype.AES256, string, salt, params) > self.assertEqual(k.contents, kb) > >@@ -741,7 +753,8 @@ class KcrytoTest(TestCase): > > def test_aes256_cf2(self): > # AES256 cf2 >- kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5E72B1C7B') >+ kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5' >+ 'E72B1C7B') > k1 = string_to_key(Enctype.AES256, b'key1', b'key1') > k2 = string_to_key(Enctype.AES256, b'key2', b'key2') > k = cf2(Enctype.AES256, k1, k2, b'a', b'b') >@@ -753,8 +766,8 @@ class KcrytoTest(TestCase): > conf = h('94690A17B2DA3C9B') > keyusage = 3 > plain = b'13 bytes byte' >- ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F705E8' >- '49CB7781D76A316B193F8D30') >+ ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F7' >+ '05E849CB7781D76A316B193F8D30') > k = Key(Enctype.DES3, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), _zeropad(plain, 8)) >@@ -790,8 +803,8 @@ class KcrytoTest(TestCase): > conf = h('37245E73A45FBF72') > keyusage = 4 > plain = b'30 bytes bytes bytes bytes byt' >- ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0F260' >- 'A99F0460508DE0CECC632D07C354124E46C5D2234EB8') >+ ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0' >+ 'F260A99F0460508DE0CECC632D07C354124E46C5D2234EB8') > k = Key(Enctype.RC4, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), plain) >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index e835d389f1c..bef5458c881 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -374,8 +374,8 @@ class KDCBaseTest(RawKerberosTest): > account_name = ( > pac.info.info.info3.base.account_name) > user_sid = ( >- str(pac.info.info.info3.base.domain_sid) + >- "-" + str(pac.info.info.info3.base.rid)) >+ str(pac.info.info.info3.base.domain_sid) >+ + "-" + str(pac.info.info.info3.base.rid)) > elif pac.type == self.PAC_LOGON_NAME: > logon_name = pac.info.account_name > elif pac.type == self.PAC_UPN_DNS_INFO: >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >index 17b9d154bd9..c7c53953a86 100755 >--- a/python/samba/tests/krb5/kdc_tests.py >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -25,7 +25,20 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >-from samba.tests.krb5.rfc4120_constants import * >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KDC_ERR_PREAUTH_FAILED, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KDC_ERR_SKEW, >+ KRB_AS_REP, >+ KRB_ERROR, >+ KU_PA_ENC_TIMESTAMP, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO2, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) > > global_asn1_print = False > global_hexdump = False >@@ -83,7 +96,7 @@ class KdcTests(RawKerberosTest): > break > > etype_info2 = self.der_decode( >- etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index e67f5464e59..82e68ee7019 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -35,7 +35,10 @@ from pyasn1.codec.native.decoder import decode as pyasn1_native_decode > from pyasn1.codec.native.encoder import encode as pyasn1_native_encode > > from pyasn1.codec.ber.encoder import BitStringEncoder as BitStringEncoder >-def BitStringEncoder_encodeValue32(self, value, asn1Spec, encodeFun, **options): >+ >+ >+def BitStringEncoder_encodeValue32( >+ self, value, asn1Spec, encodeFun, **options): > # > # BitStrings like KDCOptions or TicketFlags should at least > # be 32-Bit on the wire >@@ -59,14 +62,17 @@ def BitStringEncoder_encodeValue32(self, value, asn1Spec, encodeFun, **options): > padding = 0 > ret = b'\x00' + substrate + (b'\x00' * padding) > return ret, False, True >+ >+ > BitStringEncoder.encodeValue = BitStringEncoder_encodeValue32 > >+ > def BitString_NamedValues_prettyPrint(self, scope=0): > ret = "%s" % self.asBinary() > bits = [] > highest_bit = 32 > for byte in self.asNumbers(): >- for bit in [7,6,5,4,3,2,1,0]: >+ for bit in [7, 6, 5, 4, 3, 2, 1, 0]: > mask = 1 << bit > if byte & mask: > val = 1 >@@ -89,12 +95,21 @@ def BitString_NamedValues_prettyPrint(self, scope=0): > delim = ",\n%s " % indent > ret += "\n%s)" % indent > return ret >-krb5_asn1.TicketFlags.prettyPrintNamedValues = krb5_asn1.TicketFlagsValues.namedValues >-krb5_asn1.TicketFlags.namedValues = krb5_asn1.TicketFlagsValues.namedValues >-krb5_asn1.TicketFlags.prettyPrint = BitString_NamedValues_prettyPrint >-krb5_asn1.KDCOptions.prettyPrintNamedValues = krb5_asn1.KDCOptionsValues.namedValues >-krb5_asn1.KDCOptions.namedValues = krb5_asn1.KDCOptionsValues.namedValues >-krb5_asn1.KDCOptions.prettyPrint = BitString_NamedValues_prettyPrint >+ >+ >+krb5_asn1.TicketFlags.prettyPrintNamedValues =\ >+ krb5_asn1.TicketFlagsValues.namedValues >+krb5_asn1.TicketFlags.namedValues =\ >+ krb5_asn1.TicketFlagsValues.namedValues >+krb5_asn1.TicketFlags.prettyPrint =\ >+ BitString_NamedValues_prettyPrint >+krb5_asn1.KDCOptions.prettyPrintNamedValues =\ >+ krb5_asn1.KDCOptionsValues.namedValues >+krb5_asn1.KDCOptions.namedValues =\ >+ krb5_asn1.KDCOptionsValues.namedValues >+krb5_asn1.KDCOptions.prettyPrint =\ >+ BitString_NamedValues_prettyPrint >+ > > def Integer_NamedValues_prettyPrint(self, scope=0): > intval = int(self) >@@ -104,16 +119,29 @@ def Integer_NamedValues_prettyPrint(self, scope=0): > name = "<__unknown__>" > ret = "%d (0x%x) %s" % (intval, intval, name) > return ret >-krb5_asn1.NameType.prettyPrintNamedValues = krb5_asn1.NameTypeValues.namedValues >-krb5_asn1.NameType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.AuthDataType.prettyPrintNamedValues = krb5_asn1.AuthDataTypeValues.namedValues >-krb5_asn1.AuthDataType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.PADataType.prettyPrintNamedValues = krb5_asn1.PADataTypeValues.namedValues >-krb5_asn1.PADataType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.EncryptionType.prettyPrintNamedValues = krb5_asn1.EncryptionTypeValues.namedValues >-krb5_asn1.EncryptionType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.ChecksumType.prettyPrintNamedValues = krb5_asn1.ChecksumTypeValues.namedValues >-krb5_asn1.ChecksumType.prettyPrint = Integer_NamedValues_prettyPrint >+ >+ >+krb5_asn1.NameType.prettyPrintNamedValues =\ >+ krb5_asn1.NameTypeValues.namedValues >+krb5_asn1.NameType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.AuthDataType.prettyPrintNamedValues =\ >+ krb5_asn1.AuthDataTypeValues.namedValues >+krb5_asn1.AuthDataType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.PADataType.prettyPrintNamedValues =\ >+ krb5_asn1.PADataTypeValues.namedValues >+krb5_asn1.PADataType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.EncryptionType.prettyPrintNamedValues =\ >+ krb5_asn1.EncryptionTypeValues.namedValues >+krb5_asn1.EncryptionType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.ChecksumType.prettyPrintNamedValues =\ >+ krb5_asn1.ChecksumTypeValues.namedValues >+krb5_asn1.ChecksumType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+ > > class Krb5EncryptionKey(object): > def __init__(self, key, kvno): >@@ -146,9 +174,10 @@ class Krb5EncryptionKey(object): > EncryptionKey_obj = { > 'keytype': self.etype, > 'keyvalue': self.key.contents, >- }; >+ } > return EncryptionKey_obj > >+ > class RawKerberosTest(TestCase): > """A raw Kerberos Test case.""" > >@@ -182,13 +211,13 @@ class RawKerberosTest(TestCase): > self.s = socket.socket(self.a[0][0], self.a[0][1], self.a[0][2]) > self.s.settimeout(10) > self.s.connect(self.a[0][4]) >- except socket.error as e: >+ except socket.error: > self.s.close() > raise >- except IOError as e: >+ except IOError: > self.s.close() > raise >- except Exception as e: >+ except Exception: > raise > finally: > pass >@@ -219,8 +248,9 @@ class RawKerberosTest(TestCase): > domain = samba.tests.env_get_var_value('DOMAIN') > realm = samba.tests.env_get_var_value('REALM') > username = samba.tests.env_get_var_value('SERVICE_USERNAME') >- password = samba.tests.env_get_var_value('SERVICE_PASSWORD', >- allow_missing=allow_missing_password) >+ password = samba.tests.env_get_var_value( >+ 'SERVICE_PASSWORD', >+ allow_missing=allow_missing_password) > c.set_domain(domain) > c.set_realm(realm) > c.set_username(username) >@@ -246,21 +276,34 @@ class RawKerberosTest(TestCase): > if hexdump is None: > hexdump = self.do_hexdump > if hexdump: >- sys.stderr.write("%s: %d\n%s" % (name, len(blob), self.hexdump(blob))) >- >- def der_decode(self, blob, asn1Spec=None, native_encode=True, asn1_print=None, hexdump=None): >+ sys.stderr.write( >+ "%s: %d\n%s" % (name, len(blob), self.hexdump(blob))) >+ >+ def der_decode( >+ self, >+ blob, >+ asn1Spec=None, >+ native_encode=True, >+ asn1_print=None, >+ hexdump=None): > if asn1Spec is not None: > class_name = type(asn1Spec).__name__.split(':')[0] > else: > class_name = "<None-asn1Spec>" > self.hex_dump(class_name, blob, hexdump=hexdump) >- obj,_ = pyasn1_der_decode(blob, asn1Spec=asn1Spec) >+ obj, _ = pyasn1_der_decode(blob, asn1Spec=asn1Spec) > self.asn1_dump(None, obj, asn1_print=asn1_print) > if native_encode: > obj = pyasn1_native_encode(obj) > return obj > >- def der_encode(self, obj, asn1Spec=None, native_decode=True, asn1_print=None, hexdump=None): >+ def der_encode( >+ self, >+ obj, >+ asn1Spec=None, >+ native_decode=True, >+ asn1_print=None, >+ hexdump=None): > if native_decode: > obj = pyasn1_native_decode(obj, asn1Spec=asn1Spec) > class_name = type(obj).__name__.split(':')[0] >@@ -273,7 +316,8 @@ class RawKerberosTest(TestCase): > > def send_pdu(self, req, asn1_print=None, hexdump=None): > try: >- k5_pdu = self.der_encode(req, native_decode=False, asn1_print=asn1_print, hexdump=False) >+ k5_pdu = self.der_encode( >+ req, native_decode=False, asn1_print=asn1_print, hexdump=False) > header = struct.pack('>I', len(k5_pdu)) > req_pdu = header > req_pdu += k5_pdu >@@ -304,7 +348,7 @@ class RawKerberosTest(TestCase): > self._disconnect("recv_raw: EOF") > return None > self.hex_dump("recv_raw", rep_pdu, hexdump=hexdump) >- except socket.timeout as e: >+ except socket.timeout: > self.s.settimeout(10) > sys.stderr.write("recv_raw: TIMEOUT\n") > pass >@@ -322,7 +366,8 @@ class RawKerberosTest(TestCase): > rep_pdu = None > rep = None > try: >- raw_pdu = self.recv_raw(num_recv=4, hexdump=hexdump, timeout=timeout) >+ raw_pdu = self.recv_raw( >+ num_recv=4, hexdump=hexdump, timeout=timeout) > if raw_pdu is None: > return (None, None) > header = struct.unpack(">I", raw_pdu[0:4]) >@@ -332,22 +377,27 @@ class RawKerberosTest(TestCase): > missing = k5_len > rep_pdu = b'' > while missing > 0: >- raw_pdu = self.recv_raw(num_recv=missing, hexdump=hexdump, timeout=timeout) >+ raw_pdu = self.recv_raw( >+ num_recv=missing, hexdump=hexdump, timeout=timeout) > self.assertGreaterEqual(len(raw_pdu), 1) > rep_pdu += raw_pdu > missing = k5_len - len(rep_pdu) >- k5_raw = self.der_decode(rep_pdu, asn1Spec=None, native_encode=False, >- asn1_print=False, hexdump=False) >- pvno=k5_raw['field-0'] >+ k5_raw = self.der_decode( >+ rep_pdu, >+ asn1Spec=None, >+ native_encode=False, >+ asn1_print=False, >+ hexdump=False) >+ pvno = k5_raw['field-0'] > self.assertEqual(pvno, 5) >- msg_type=k5_raw['field-1'] >- self.assertIn(msg_type, [11,13,30]) >+ msg_type = k5_raw['field-1'] >+ self.assertIn(msg_type, [11, 13, 30]) > if msg_type == 11: >- asn1Spec=krb5_asn1.AS_REP() >+ asn1Spec = krb5_asn1.AS_REP() > elif msg_type == 13: >- asn1Spec=krb5_asn1.TGS_REP() >+ asn1Spec = krb5_asn1.TGS_REP() > elif msg_type == 30: >- asn1Spec=krb5_asn1.KRB_ERROR() >+ asn1Spec = krb5_asn1.KRB_ERROR() > rep = self.der_decode(rep_pdu, asn1Spec=asn1Spec, > asn1_print=asn1_print, hexdump=False) > finally: >@@ -368,11 +418,17 @@ class RawKerberosTest(TestCase): > self.assertIsNone(self.s, msg="Is connected") > return > >- def send_recv_transaction(self, req, asn1_print=None, hexdump=None, timeout=None): >+ def send_recv_transaction( >+ self, >+ req, >+ asn1_print=None, >+ hexdump=None, >+ timeout=None): > self.connect() > try: > self.send_pdu(req, asn1_print=asn1_print, hexdump=hexdump) >- rep = self.recv_pdu(asn1_print=asn1_print, hexdump=hexdump, timeout=timeout) >+ rep = self.recv_pdu( >+ asn1_print=asn1_print, hexdump=hexdump, timeout=timeout) > except Exception: > self._disconnect("transaction failed") > raise >@@ -389,11 +445,15 @@ class RawKerberosTest(TestCase): > > def assertPrincipalEqual(self, princ1, princ2): > self.assertEqual(princ1['name-type'], princ2['name-type']) >- self.assertEqual(len(princ1['name-string']), len(princ2['name-string']), >- msg="princ1=%s != princ2=%s" % (princ1, princ2)) >+ self.assertEqual( >+ len(princ1['name-string']), >+ len(princ2['name-string']), >+ msg="princ1=%s != princ2=%s" % (princ1, princ2)) > for idx in range(len(princ1['name-string'])): >- self.assertEqual(princ1['name-string'][idx], princ2['name-string'][idx], >- msg="princ1=%s != princ2=%s" % (princ1, princ2)) >+ self.assertEqual( >+ princ1['name-string'][idx], >+ princ2['name-string'][idx], >+ msg="princ1=%s != princ2=%s" % (princ1, princ2)) > return > > def get_KerberosTimeWithUsec(self, epoch=None, offset=None): >@@ -421,7 +481,7 @@ class RawKerberosTest(TestCase): > salt = None > try: > salt = etype_info2['salt'] >- except: >+ except Exception: > pass > > if e == kcrypto.Enctype.RC4: >@@ -429,7 +489,8 @@ class RawKerberosTest(TestCase): > return self.SessionKey_create(etype=e, contents=nthash, kvno=kvno) > > password = creds.get_password() >- return self.PasswordKey_create(etype=e, pwd=password, salt=salt, kvno=kvno) >+ return self.PasswordKey_create( >+ etype=e, pwd=password, salt=salt, kvno=kvno) > > def RandomKey(self, etype): > e = kcrypto._get_enctype_profile(etype) >@@ -452,14 +513,14 @@ class RawKerberosTest(TestCase): > 'cipher': ciphertext > } > if key.kvno is not None: >- EncryptedData_obj['kvno'] = key.kvno >+ EncryptedData_obj['kvno'] = key.kvno > return EncryptedData_obj > > def Checksum_create(self, key, usage, plaintext, ctype=None): >- #Checksum ::= SEQUENCE { >+ # Checksum ::= SEQUENCE { > # cksumtype [0] Int32, > # checksum [1] OCTET STRING >- #} >+ # } > if ctype is None: > ctype = key.ctype > checksum = key.make_checksum(usage, plaintext, ctype=ctype) >@@ -494,10 +555,10 @@ class RawKerberosTest(TestCase): > return PA_DATA_obj > > def PA_ENC_TS_ENC_create(self, ts, usec): >- #PA-ENC-TS-ENC ::= SEQUENCE { >+ # PA-ENC-TS-ENC ::= SEQUENCE { > # patimestamp[0] KerberosTime, -- client's time > # pausec[1] krb5int32 OPTIONAL >- #} >+ # } > PA_ENC_TS_ENC_obj = { > 'patimestamp': ts, > 'pausec': usec, >@@ -520,7 +581,7 @@ class RawKerberosTest(TestCase): > additional_tickets, > asn1_print=None, > hexdump=None): >- #KDC-REQ-BODY ::= SEQUENCE { >+ # KDC-REQ-BODY ::= SEQUENCE { > # kdc-options [0] KDCOptions, > # cname [1] PrincipalName OPTIONAL > # -- Used only in AS-REQ --, >@@ -532,20 +593,23 @@ class RawKerberosTest(TestCase): > # till [5] KerberosTime, > # rtime [6] KerberosTime OPTIONAL, > # nonce [7] UInt32, >- # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # etype [8] SEQUENCE OF Int32 >+ # -- EncryptionType > # -- in preference order --, > # addresses [9] HostAddresses OPTIONAL, > # enc-authorization-data [10] EncryptedData OPTIONAL > # -- AuthorizationData --, > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty >- #} >+ # } > if EncAuthorizationData is not None: >- enc_ad_plain = self.der_encode(EncAuthorizationData, >- asn1Spec=krb5_asn1.AuthorizationData(), >- asn1_print=asn1_print, >- hexdump=hexdump) >- enc_ad = self.EncryptedData_create(EncAuthorizationData_key, enc_ad_plain) >+ enc_ad_plain = self.der_encode( >+ EncAuthorizationData, >+ asn1Spec=krb5_asn1.AuthorizationData(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ enc_ad = self.EncryptedData_create( >+ EncAuthorizationData_key, enc_ad_plain) > else: > enc_ad = None > KDC_REQ_BODY_obj = { >@@ -590,14 +654,14 @@ class RawKerberosTest(TestCase): > asn1Spec=None, > asn1_print=None, > hexdump=None): >- #KDC-REQ ::= SEQUENCE { >+ # KDC-REQ ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] > # pvno [1] INTEGER (5) , > # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), > # padata [3] SEQUENCE OF PA-DATA OPTIONAL > # -- NOTE: not empty --, > # req-body [4] KDC-REQ-BODY >- #} >+ # } > # > KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create(kdc_options, > cname, >@@ -622,39 +686,40 @@ class RawKerberosTest(TestCase): > if padata is not None: > KDC_REQ_obj['padata'] = padata > if asn1Spec is not None: >- KDC_REQ_decoded = pyasn1_native_decode(KDC_REQ_obj, asn1Spec=asn1Spec) >+ KDC_REQ_decoded = pyasn1_native_decode( >+ KDC_REQ_obj, asn1Spec=asn1Spec) > else: > KDC_REQ_decoded = None > return KDC_REQ_obj, KDC_REQ_decoded > > def AS_REQ_create(self, >- padata, # optional >- kdc_options, # required >- cname, # optional >- realm, # required >- sname, # optional >- from_time, # optional >- till_time, # required >- renew_time, # optional >- nonce, # required >- etypes, # required >- addresses, # optional >+ padata, # optional >+ kdc_options, # required >+ cname, # optional >+ realm, # required >+ sname, # optional >+ from_time, # optional >+ till_time, # required >+ renew_time, # optional >+ nonce, # required >+ etypes, # required >+ addresses, # optional > EncAuthorizationData, > EncAuthorizationData_key, > additional_tickets, > native_decoded_only=True, > asn1_print=None, > hexdump=None): >- #KDC-REQ ::= SEQUENCE { >+ # KDC-REQ ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] > # pvno [1] INTEGER (5) , > # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), > # padata [3] SEQUENCE OF PA-DATA OPTIONAL > # -- NOTE: not empty --, > # req-body [4] KDC-REQ-BODY >- #} >+ # } > # >- #KDC-REQ-BODY ::= SEQUENCE { >+ # KDC-REQ-BODY ::= SEQUENCE { > # kdc-options [0] KDCOptions, > # cname [1] PrincipalName OPTIONAL > # -- Used only in AS-REQ --, >@@ -666,32 +731,34 @@ class RawKerberosTest(TestCase): > # till [5] KerberosTime, > # rtime [6] KerberosTime OPTIONAL, > # nonce [7] UInt32, >- # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # etype [8] SEQUENCE OF Int32 >+ # -- EncryptionType > # -- in preference order --, > # addresses [9] HostAddresses OPTIONAL, > # enc-authorization-data [10] EncryptedData OPTIONAL > # -- AuthorizationData --, > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty >- #} >- obj,decoded = self.KDC_REQ_create(msg_type=10, >- padata=padata, >- kdc_options=kdc_options, >- cname=cname, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >- asn1Spec=krb5_asn1.AS_REQ(), >- asn1_print=asn1_print, >- hexdump=hexdump) >+ # } >+ obj, decoded = self.KDC_REQ_create( >+ msg_type=10, >+ padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets, >+ asn1Spec=krb5_asn1.AS_REQ(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) > if native_decoded_only: > return decoded > return decoded, obj >@@ -703,7 +770,7 @@ class RawKerberosTest(TestCase): > # ap-options [2] APOptions, > # ticket [3] Ticket, > # authenticator [4] EncryptedData -- Authenticator >- #} >+ # } > AP_REQ_obj = { > 'pvno': 5, > 'msg-type': 14, >@@ -713,8 +780,9 @@ class RawKerberosTest(TestCase): > } > return AP_REQ_obj > >- def Authenticator_create(self, crealm, cname, cksum, cusec, ctime, subkey, seq_number, >- authorization_data): >+ def Authenticator_create( >+ self, crealm, cname, cksum, cusec, ctime, subkey, seq_number, >+ authorization_data): > # -- Unencrypted authenticator > # Authenticator ::= [APPLICATION 2] SEQUENCE { > # authenticator-vno [0] INTEGER (5), >@@ -726,7 +794,7 @@ class RawKerberosTest(TestCase): > # subkey [6] EncryptionKey OPTIONAL, > # seq-number [7] UInt32 OPTIONAL, > # authorization-data [8] AuthorizationData OPTIONAL >- #} >+ # } > Authenticator_obj = { > 'authenticator-vno': 5, > 'crealm': crealm, >@@ -745,20 +813,20 @@ class RawKerberosTest(TestCase): > return Authenticator_obj > > def TGS_REQ_create(self, >- padata, # optional >+ padata, # optional > cusec, > ctime, > ticket, >- kdc_options, # required >- cname, # optional >- realm, # required >- sname, # optional >- from_time, # optional >- till_time, # required >- renew_time, # optional >- nonce, # required >- etypes, # required >- addresses, # optional >+ kdc_options, # required >+ cname, # optional >+ realm, # required >+ sname, # optional >+ from_time, # optional >+ till_time, # required >+ renew_time, # optional >+ nonce, # required >+ etypes, # required >+ addresses, # optional > EncAuthorizationData, > EncAuthorizationData_key, > additional_tickets, >@@ -768,16 +836,16 @@ class RawKerberosTest(TestCase): > native_decoded_only=True, > asn1_print=None, > hexdump=None): >- #KDC-REQ ::= SEQUENCE { >+ # KDC-REQ ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] > # pvno [1] INTEGER (5) , > # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), > # padata [3] SEQUENCE OF PA-DATA OPTIONAL > # -- NOTE: not empty --, > # req-body [4] KDC-REQ-BODY >- #} >+ # } > # >- #KDC-REQ-BODY ::= SEQUENCE { >+ # KDC-REQ-BODY ::= SEQUENCE { > # kdc-options [0] KDCOptions, > # cname [1] PrincipalName OPTIONAL > # -- Used only in AS-REQ --, >@@ -789,50 +857,57 @@ class RawKerberosTest(TestCase): > # till [5] KerberosTime, > # rtime [6] KerberosTime OPTIONAL, > # nonce [7] UInt32, >- # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # etype [8] SEQUENCE OF Int32 >+ # -- EncryptionType > # -- in preference order --, > # addresses [9] HostAddresses OPTIONAL, > # enc-authorization-data [10] EncryptedData OPTIONAL > # -- AuthorizationData --, > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty >- #} >- >- req_body = self.KDC_REQ_BODY_create(kdc_options=kdc_options, >- cname=None, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets) >+ # } >+ >+ req_body = self.KDC_REQ_BODY_create( >+ kdc_options=kdc_options, >+ cname=None, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets) > req_body = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), > asn1_print=asn1_print, hexdump=hexdump) > >- req_body_checksum = self.Checksum_create(ticket_session_key, 6, req_body, >- ctype=body_checksum_type) >+ req_body_checksum = self.Checksum_create( >+ ticket_session_key, 6, req_body, ctype=body_checksum_type) > > subkey_obj = None > if authenticator_subkey is not None: > subkey_obj = authenticator_subkey.export_obj() > seq_number = random.randint(0, 0xfffffffe) >- authenticator = self.Authenticator_create(crealm=realm, >- cname=cname, >- cksum=req_body_checksum, >- cusec=cusec, >- ctime=ctime, >- subkey=subkey_obj, >- seq_number=seq_number, >- authorization_data=None) >- authenticator = self.der_encode(authenticator, asn1Spec=krb5_asn1.Authenticator(), >- asn1_print=asn1_print, hexdump=hexdump) >- >- authenticator = self.EncryptedData_create(ticket_session_key, 7, authenticator) >+ authenticator = self.Authenticator_create( >+ crealm=realm, >+ cname=cname, >+ cksum=req_body_checksum, >+ cusec=cusec, >+ ctime=ctime, >+ subkey=subkey_obj, >+ seq_number=seq_number, >+ authorization_data=None) >+ authenticator = self.der_encode( >+ authenticator, >+ asn1Spec=krb5_asn1.Authenticator(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ >+ authenticator = self.EncryptedData_create( >+ ticket_session_key, 7, authenticator) > > ap_options = krb5_asn1.APOptions('0') > ap_req = self.AP_REQ_create(ap_options=str(ap_options), >@@ -846,24 +921,25 @@ class RawKerberosTest(TestCase): > else: > padata = [pa_tgs_req] > >- obj,decoded = self.KDC_REQ_create(msg_type=12, >- padata=padata, >- kdc_options=kdc_options, >- cname=None, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >- asn1Spec=krb5_asn1.TGS_REQ(), >- asn1_print=asn1_print, >- hexdump=hexdump) >+ obj, decoded = self.KDC_REQ_create( >+ msg_type=12, >+ padata=padata, >+ kdc_options=kdc_options, >+ cname=None, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets, >+ asn1Spec=krb5_asn1.TGS_REQ(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) > if native_decoded_only: > return decoded > return decoded, obj >@@ -888,5 +964,6 @@ class RawKerberosTest(TestCase): > 'cksum': cksum, > 'auth': "Kerberos", > } >- pa_s4u2self = self.der_encode(PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) >+ pa_s4u2self = self.der_encode( >+ PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) > return self.PA_DATA_create(129, pa_s4u2self) >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 9de56578c99..5bbf1229d09 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -38,31 +38,31 @@ PADATA_ETYPE_INFO2 = int( > > # Error codes > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >-KDC_ERR_PREAUTH_FAILED = 24 >-KDC_ERR_PREAUTH_REQUIRED = 25 >-KDC_ERR_BADMATCH = 36 >-KDC_ERR_SKEW = 37 >+KDC_ERR_PREAUTH_FAILED = 24 >+KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_BADMATCH = 36 >+KDC_ERR_SKEW = 37 > > # Name types >-NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) > NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >-NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) > > # Authorization data ad-type values > >-AD_IF_RELEVANT = 1 >-AD_INTENDED_FOR_SERVER = 2 >+AD_IF_RELEVANT = 1 >+AD_INTENDED_FOR_SERVER = 2 > AD_INTENDED_FOR_APPLICATION_CLASS = 3 >-AD_KDC_ISSUED = 4 >-AD_AND_OR = 5 >-AD_MANDATORY_TICKET_EXTENSIONS = 6 >-AD_IN_TICKET_EXTENSIONS = 7 >-AD_MANDATORY_FOR_KDC = 8 >-AD_INITIAL_VERIFIED_CAS = 9 >-AD_WIN2K_PAC = 128 >-AD_SIGNTICKET = 512 >+AD_KDC_ISSUED = 4 >+AD_AND_OR = 5 >+AD_MANDATORY_TICKET_EXTENSIONS = 6 >+AD_IN_TICKET_EXTENSIONS = 7 >+AD_MANDATORY_FOR_KDC = 8 >+AD_INITIAL_VERIFIED_CAS = 9 >+AD_WIN2K_PAC = 128 >+AD_SIGNTICKET = 512 > > # Key usage numbers > # RFC 4120 Section 7.5.1. Key Usage Numbers >diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py >index 2e1bd3fbe1f..30a58d6345a 100755 >--- a/python/samba/tests/krb5/s4u_tests.py >+++ b/python/samba/tests/krb5/s4u_tests.py >@@ -35,6 +35,7 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > global_asn1_print = False > global_hexdump = False > >+ > class S4UKerberosTests(RawKerberosTest): > > def setUp(self): >@@ -55,7 +56,7 @@ class S4UKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes=(18,17,23) >+ etypes = (18, 17, 23) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -76,14 +77,16 @@ class S4UKerberosTests(RawKerberosTest): > > self.assertEqual(rep['msg-type'], 30) > self.assertEqual(rep['error-code'], 25) >- rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: > if pa['padata-type'] == 19: > etype_info2 = pa['padata-value'] > break > >- etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(service_creds, etype_info2[0]) > >@@ -120,7 +123,8 @@ class S4UKerberosTests(RawKerberosTest): > self.assertEqual(msg_type, 11) > > enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > > # S4U2Self Request > sname = cname >@@ -167,11 +171,13 @@ class S4UKerberosTests(RawKerberosTest): > if msg_type == 13: > enc_part2 = subkey.decrypt( > KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return msg_type > >- # Using the checksum type from the tgt_session_key happens to work everywhere >+ # Using the checksum type from the tgt_session_key happens to work >+ # everywhere > def test_s4u2self(self): > msg_type = self._test_s4u2self() > self.assertEqual(msg_type, 13) >@@ -193,6 +199,7 @@ class S4UKerberosTests(RawKerberosTest): > msg_type = self._test_s4u2self(pa_s4u2self_ctype=Cksumtype.CRC32) > self.assertEqual(msg_type, 30) > >+ > if __name__ == "__main__": > global_asn1_print = True > global_hexdump = True >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 6c090af3d46..889b91a9bf0 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -33,6 +33,7 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > global_asn1_print = False > global_hexdump = False > >+ > class SimpleKerberosTests(RawKerberosTest): > > def setUp(self): >@@ -53,7 +54,7 @@ class SimpleKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes=(18,17,23) >+ etypes = (18, 17, 23) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -74,14 +75,16 @@ class SimpleKerberosTests(RawKerberosTest): > > self.assertEqual(rep['msg-type'], 30) > self.assertEqual(rep['error-code'], 25) >- rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: > if pa['padata-type'] == 19: > etype_info2 = pa['padata-value'] > break > >- etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) > >@@ -119,17 +122,21 @@ class SimpleKerberosTests(RawKerberosTest): > > enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > >- # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 > try: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > except Exception: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # TGS Request > service_creds = self.get_service_creds(allow_missing_password=True) > service_name = service_creds.get_username() > >- sname = self.PrincipalName_create(name_type=2, names=["host", service_name]) >+ sname = self.PrincipalName_create( >+ name_type=2, names=["host", service_name]) > kdc_options = krb5_asn1.KDCOptions('forwardable') > till = self.get_KerberosTime(offset=36000) > ticket = rep['ticket'] >@@ -167,7 +174,8 @@ class SimpleKerberosTests(RawKerberosTest): > > enc_part2 = subkey.decrypt( > KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return > >diff --git a/python/samba/tests/krb5/xrealm_tests.py b/python/samba/tests/krb5/xrealm_tests.py >index b4a02bff33a..efb953bdf7e 100755 >--- a/python/samba/tests/krb5/xrealm_tests.py >+++ b/python/samba/tests/krb5/xrealm_tests.py >@@ -34,6 +34,7 @@ import samba.tests > global_asn1_print = False > global_hexdump = False > >+ > class XrealmKerberosTests(RawKerberosTest): > > def setUp(self): >@@ -54,7 +55,7 @@ class XrealmKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes=(18,17,23) >+ etypes = (18, 17, 23) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -75,14 +76,16 @@ class XrealmKerberosTests(RawKerberosTest): > > self.assertEqual(rep['msg-type'], 30) > self.assertEqual(rep['error-code'], 25) >- rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: > if pa['padata-type'] == 19: > etype_info2 = pa['padata-value'] > break > >- etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) > >@@ -120,15 +123,19 @@ class XrealmKerberosTests(RawKerberosTest): > > enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > >- # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 > try: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > except Exception: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # TGS Request (for cross-realm TGT) > trust_realm = samba.tests.env_get_var_value('TRUST_REALM') >- sname = self.PrincipalName_create(name_type=2, names=["krbtgt", trust_realm]) >+ sname = self.PrincipalName_create( >+ name_type=2, names=["krbtgt", trust_realm]) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > till = self.get_KerberosTime(offset=36000) >@@ -167,10 +174,11 @@ class XrealmKerberosTests(RawKerberosTest): > > enc_part2 = subkey.decrypt( > KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # Check the forwardable flag >- fwd_pos = len(tuple(krb5_asn1.TicketFlags('forwardable'))) -1 >+ fwd_pos = len(tuple(krb5_asn1.TicketFlags('forwardable'))) - 1 > assert(krb5_asn1.TicketFlags(enc_part2['flags'])[fwd_pos]) > > return >-- >2.25.1 > > >From cbb949a3948c867e405d75f236fdd31bd1a113d4 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 16 Apr 2021 17:22:12 +0200 >Subject: [PATCH 029/177] librpc: Add py_descriptor_richcmp() equality function > >Only a python3 version. Do we still need the python2 flavor? > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 439b7ccdc1b1c91c66c1a7c83e340fa044c26377) >--- > source4/librpc/ndr/py_security.c | 37 ++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > >diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c >index 96f499614ce..4e9af544828 100644 >--- a/source4/librpc/ndr/py_security.c >+++ b/source4/librpc/ndr/py_security.c >@@ -309,9 +309,46 @@ static PyMethodDef py_descriptor_extra_methods[] = { > {0} > }; > >+static PyObject *py_descriptor_richcmp( >+ PyObject *py_self, PyObject *py_other, int op) >+{ >+ struct security_descriptor *self = pytalloc_get_ptr(py_self); >+ struct security_descriptor *other = pytalloc_get_ptr(py_other); >+ bool eq; >+ >+ if (other == NULL) { >+ Py_INCREF(Py_NotImplemented); >+ return Py_NotImplemented; >+ } >+ >+ eq = security_descriptor_equal(self, other); >+ >+ switch(op) { >+ case Py_EQ: >+ if (eq) { >+ Py_RETURN_TRUE; >+ } else { >+ Py_RETURN_FALSE; >+ } >+ break; >+ case Py_NE: >+ if (eq) { >+ Py_RETURN_FALSE; >+ } else { >+ Py_RETURN_TRUE; >+ } >+ break; >+ default: >+ break; >+ } >+ >+ return Py_NotImplemented; >+} >+ > static void py_descriptor_patch(PyTypeObject *type) > { > type->tp_new = py_descriptor_new; >+ type->tp_richcompare = py_descriptor_richcmp; > PyType_AddMethods(type, py_descriptor_extra_methods); > } > >-- >2.25.1 > > >From 0546ec55e3b2fbed19e22780fe926f4f01ad562d Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 17 Feb 2021 12:15:50 +1300 >Subject: [PATCH 030/177] tests python krb5: MS-KILE client principal look-up > >Tests of [MS-KILE]: Kerberos Protocol Extensions > section 3.3.5.6.1 Client Principal Lookup > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184 > >(cherry picked from commit 768d48fca9f8c7527c0d12e7acc8942b5fd36ac2) >--- > python/samba/tests/krb5/kdc_base_test.py | 29 +- > .../ms_kile_client_principal_lookup_tests.py | 814 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_heimdal_kdc | 12 + > selftest/knownfail_mit_kdc | 16 + > source4/selftest/tests.py | 3 + > 6 files changed, 874 insertions(+), 1 deletion(-) > create mode 100755 python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index bef5458c881..1c7f05dda6d 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -22,6 +22,7 @@ import os > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > from collections import namedtuple >+import ldb > from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session >@@ -103,7 +104,7 @@ class KDCBaseTest(RawKerberosTest): > for dn in self.accounts: > delete_force(self.ldb, dn) > >- def create_account(self, name, machine_account=False, spn=None): >+ def create_account(self, name, machine_account=False, spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, > which is used by tearDown to clean up the created accounts. >@@ -133,6 +134,8 @@ class KDCBaseTest(RawKerberosTest): > "unicodePwd": utf16pw} > if spn is not None: > details["servicePrincipalName"] = spn >+ if upn is not None: >+ details["userPrincipalName"] = upn > self.ldb.add(details) > > creds = Credentials() >@@ -418,3 +421,27 @@ class KDCBaseTest(RawKerberosTest): > self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) > sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) > return sid.decode('utf8') >+ >+ def add_attribute(self, dn_str, name, value): >+ if isinstance(value, list): >+ values = value >+ else: >+ values = [value] >+ flag = ldb.FLAG_MOD_ADD >+ >+ dn = ldb.Dn(self.ldb, dn_str) >+ msg = ldb.Message(dn) >+ msg[name] = ldb.MessageElement(values, flag, name) >+ self.ldb.modify(msg) >+ >+ def modify_attribute(self, dn_str, name, value): >+ if isinstance(value, list): >+ values = value >+ else: >+ values = [value] >+ flag = ldb.FLAG_MOD_REPLACE >+ >+ dn = ldb.Dn(self.ldb, dn_str) >+ msg = ldb.Message(dn) >+ msg[name] = ldb.MessageElement(values, flag, name) >+ self.ldb.modify(msg) >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >new file mode 100755 >index 00000000000..356a25f8e18 >--- /dev/null >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -0,0 +1,814 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.dsdb import UF_NORMAL_ACCOUNT, UF_DONT_REQUIRE_PREAUTH >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ NT_ENTERPRISE_PRINCIPAL, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+ KDC_ERR_C_PRINCIPAL_UNKNOWN, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): >+ ''' Tests for MS-KILE client principal look-up >+ See [MS-KILE]: Kerberos Protocol Extensions >+ secion 3.3.5.6.1 Client Principal Lookup >+ ''' >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def check_pac(self, auth_data, dn, uc, name, upn=None): >+ >+ pac_data = self.get_pac_data(auth_data) >+ sid = self.get_objectSid(dn) >+ if upn is None: >+ upn = "%s@%s" % (name, uc.get_realm().lower()) >+ if name.endswith('$'): >+ name = name[:-1] >+ >+ self.assertEqual( >+ uc.get_username(), >+ str(pac_data.account_name), >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ name, >+ pac_data.logon_name, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ uc.get_realm(), >+ pac_data.domain_name, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ upn, >+ pac_data.upn, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ sid, >+ pac_data.account_sid, >+ "pac_data = {%s}" % str(pac_data)) >+ >+ def test_nt_principal_step_1(self): >+ ''' Step 1 >+ For an NT_PRINCIPAL cname with no realm or the realm matches the >+ DC's domain >+ search for an account with the >+ sAMAccountName matching the cname. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_2(self): >+ ''' Step 2 >+ If not found >+ search for sAMAccountName equal to the cname + "$" >+ >+ ''' >+ >+ # Create a machine account for the test. >+ # >+ user_name = "mskilemac" >+ (mc, dn) = self.create_account(user_name, machine_account=True) >+ realm = mc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(mc, rep) >+ key = self.get_as_rep_key(mc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, mc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, mc, mach_name + '$') >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_3(self): >+ ''' Step 3 >+ >+ If not found >+ search for a matching UPN name where the UPN is set to >+ cname@realm or cname@DC's domain name >+ >+ ''' >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ upn_name = "mskileupn" >+ upn = upn_name + "@" + self.credentials.get_realm().lower() >+ (uc, dn) = self.create_account(user_name, upn=upn) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[upn_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[upn_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, upn_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(upn_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_a(self): >+ ''' Step 4, no pre-authentication >+ If not found and no pre-authentication >+ search for a matching altSecurityIdentity >+ ''' >+ # Create a user account for the test. >+ # with an altSecurityIdentity, and with UF_DONT_REQUIRE_PREAUTH >+ # set. >+ # >+ # note that in this case IDL_DRSCrackNames is called with >+ # pmsgIn.formatOffered set to >+ # DS_USER_PRINCIPAL_NAME_AND_ALTSECID >+ # >+ # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way >+ # to trigger the no pre-auth step >+ >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.modify_attribute( >+ dn, >+ "userAccountControl", >+ str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH >+ # we should get a valid AS-RESP >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_as_reply(rep) >+ salt = "%s%s" % (realm.upper(), user_name) >+ key = self.PasswordKey_create( >+ rep['enc-part']['etype'], >+ uc.get_password(), >+ salt.encode('UTF8'), >+ rep['enc-part']['kvno']) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ # >+ # We get an empty authorization-data element in the ticket. >+ # i.e. no PAC >+ self.assertEqual([], enc_part['authorization-data']) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(alt_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_b(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ # Note: although we used the alt security id for the pre-auth >+ # we need to use the username for the auth >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_c(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ >+ This test uses the altsecid, so the AS-REQ should fail. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ # Use the alternate security identifier >+ # this should fail >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_sec]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) >+ >+ def test_enterprise_principal_step_1_3(self): >+ ''' Steps 1-3 >+ For an NT_ENTERPRISE_PRINCIPAL cname >+ search for a user principal name matching the cname >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ upn_name = "mskileupn" >+ upn = upn_name + "@" + self.credentials.get_realm().lower() >+ (uc, dn) = self.create_account(user_name, upn=upn) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[upn]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[upn]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, upn, upn=upn) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(upn.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_4(self): >+ ''' Step 4 >+ >+ If that fails >+ search for an account where the sAMAccountName matches >+ the name before the @ >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ ename = user_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, ename, upn=ename) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_5(self): >+ ''' Step 5 >+ >+ If that fails >+ search for an account where the sAMAccountName matches >+ the name before the @ with a $ appended. >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, dn) = self.create_account(mach_name, machine_account=True) >+ ename = mach_name + "@" + realm >+ uname = mach_name + "$@" + realm >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(mc, rep) >+ key = self.get_as_rep_key(mc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, mc, ename, upn=uname) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_6_a(self): >+ ''' Step 6, no pre-authentication >+ If not found and no pre-authentication >+ search for a matching altSecurityIdentity >+ ''' >+ # Create a user account for the test. >+ # with an altSecurityIdentity, and with UF_DONT_REQUIRE_PREAUTH >+ # set. >+ # >+ # note that in this case IDL_DRSCrackNames is called with >+ # pmsgIn.formatOffered set to >+ # DS_USER_PRINCIPAL_NAME_AND_ALTSECID >+ # >+ # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way >+ # to trigger the no pre-auth step >+ >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.modify_attribute( >+ dn, >+ "userAccountControl", >+ str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) >+ ename = alt_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH >+ # we should get a valid AS-RESP >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_as_reply(rep) >+ salt = "%s%s" % (realm.upper(), user_name) >+ key = self.PasswordKey_create( >+ rep['enc-part']['etype'], >+ uc.get_password(), >+ salt.encode('UTF8'), >+ rep['enc-part']['kvno']) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ # >+ # We get an empty authorization-data element in the ticket. >+ # i.e. no PAC >+ self.assertEqual([], enc_part['authorization-data']) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_enterprise_principal_step_6_b(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ ename = alt_name + "@" + realm >+ uname = user_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ # Note: although we used the alt security id for the pre-auth >+ # we need to use the username for the auth >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[uname]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, >+ names=[uname]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, uname, upn=uname) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(uname.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_6_c(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ >+ This test uses the altsecid, so the AS-REQ should fail. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ ename = alt_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ # Use the alternate security identifier >+ # this should fail >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = False >+ global_hexdump = False >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 222d1dbfa41..1b22461c735 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -95,6 +95,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tests.py', > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', >+ 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >index 7ab56b6721b..4e6ee93ce96 100644 >--- a/selftest/knownfail_heimdal_kdc >+++ b/selftest/knownfail_heimdal_kdc >@@ -2,3 +2,15 @@ > # We expect all the MIT specific compatability tests to fail on heimdal > # kerberos > ^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ >+# >+# Heimdal currently fails the following MS-KILE client principal lookup >+# tests >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index e64303c6b0f..2c2a643944c 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -275,3 +275,19 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > # following tests > ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\) > ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\) >+# >+# MIT currently fails the following MS-KILE tests. >+# >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_1 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_2 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >+ >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index bc2292b4523..5507ed2b665 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1345,6 +1345,9 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > planpythontestsuite( > "ad_dc", > "samba.tests.krb5.kdc_tgs_tests") >+planpythontestsuite( >+ "ad_dc", >+ "samba.tests.krb5.ms_kile_client_principal_lookup_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From ed6eed2070b888cc5cbb7954af76ce8f434cfa9b Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:54:05 +1200 >Subject: [PATCH 031/177] auth:creds: Remove unused variable > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1ea2de561839ad948efab5112fbe4c1eae44d9ee) >--- > auth/credentials/pycredentials.c | 3 --- > 1 file changed, 3 deletions(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index a5d0f9e051c..688953f655c 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -603,8 +603,6 @@ static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused) > static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args) > { > char *newval; >- enum credentials_obtained obt = CRED_SPECIFIED; >- int _obt = obt; > struct cli_credentials *creds = PyCredentials_AsCliCredentials(self); > if (creds == NULL) { > PyErr_Format(PyExc_TypeError, "Credentials expected"); >@@ -614,7 +612,6 @@ static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args) > if (!PyArg_ParseTuple(args, "s", &newval)) { > return NULL; > } >- obt = _obt; > > cli_credentials_set_forced_sasl_mech(creds, newval); > Py_RETURN_NONE; >-- >2.25.1 > > >From 942e42596813071db2bf46f6754aa7ab028bb981 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:55:13 +1200 >Subject: [PATCH 032/177] auth:creds: Fix parameter in creds.set_named_ccache() > >Use the passed-in value for 'obtained' rather than always using >CRED_SPECIFIED. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2d05268aa0904221c452fc650fcdfb680efc20bb) >--- > auth/credentials/pycredentials.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index 688953f655c..016f7900b4b 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -763,6 +763,7 @@ static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args) > > if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx)) > return NULL; >+ obt = _obt; > > mem_ctx = talloc_new(NULL); > if (mem_ctx == NULL) { >@@ -778,7 +779,7 @@ static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args) > > ret = cli_credentials_set_ccache(creds, > lp_ctx, >- newval, CRED_SPECIFIED, >+ newval, obt, > &error_string); > > if (ret != 0) { >-- >2.25.1 > > >From ea1b1bf66e4306dcc82eadea3fa9f528dc9d530e Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:07:22 +1200 >Subject: [PATCH 033/177] pygensec: Fix method documentation > >This changes the docstrings to use the correct method names. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 50ade4cadc766a196316fd5c5a57f8c502f0ea22) >--- > source4/auth/gensec/pygensec.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 75ce478d4c9..568fc7c8db7 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -654,13 +654,13 @@ static PyMethodDef py_gensec_security_methods[] = { > METH_VARARGS|METH_KEYWORDS|METH_CLASS, > "S.start_server(auth_ctx, settings) -> gensec" }, > { "set_credentials", (PyCFunction)py_gensec_set_credentials, METH_VARARGS, >- "S.start_client(credentials)" }, >+ "S.set_credentials(credentials)" }, > { "set_target_hostname", (PyCFunction)py_gensec_set_target_hostname, METH_VARARGS, >- "S.start_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, >+ "S.set_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, > { "set_target_service", (PyCFunction)py_gensec_set_target_service, METH_VARARGS, >- "S.start_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, >+ "S.set_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, > { "set_target_service_description", (PyCFunction)py_gensec_set_target_service_description, METH_VARARGS, >- "S.start_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, >+ "S.set_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, > { "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS, > "S.session_info() -> info" }, > { "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS, >-- >2.25.1 > > >From ffddfb4df90d5880aa5056ab1cde52079bcdb3d3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 15 Apr 2021 10:32:41 +1200 >Subject: [PATCH 034/177] Revert "s4-test: fixed ndrdump test for top level > build" > >This essentially reverts commit >b84c0a9ed6d556eb2d3797d606edcd03f9766606, but the datapath is now in the >source4 directory. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6f144d49b5281a08bf7be550b949f4d91e8fe19b) >--- > python/samba/tests/blackbox/ndrdump.py | 8 +------- > 1 file changed, 1 insertion(+), 7 deletions(-) > >diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py >index a33229e4740..69b17274026 100644 >--- a/python/samba/tests/blackbox/ndrdump.py >+++ b/python/samba/tests/blackbox/ndrdump.py >@@ -25,13 +25,7 @@ import os > import re > from samba.tests import BlackboxTestCase, BlackboxProcessError > >-for p in ["../../../../../source4/librpc/tests", >- "../../../../../librpc/tests"]: >- data_path_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), p)) >- print(data_path_dir) >- if os.path.exists(data_path_dir): >- break >- >+data_path_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../../source4/librpc/tests")) > > class NdrDumpTests(BlackboxTestCase): > """Blackbox tests for ndrdump.""" >-- >2.25.1 > > >From fa28e7d43139930217fa9bda965a2acd9c24b8c8 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:57:00 +1200 >Subject: [PATCH 035/177] krb5ccache.idl: Add definition for a Kerberos > credentials cache > >Based on specifications found at >https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html > >This is primarily designed for parsing and storing a single Kerberos >ticket, due to the limitations of PIDL. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 74fb2cc473cea0eebf641fc4d32d706bac8aa6f2) >--- > librpc/idl/krb5ccache.idl | 115 +++++++++++++++++++++++++++++++++++ > librpc/idl/wscript_build | 1 + > librpc/wscript_build | 8 ++- > source4/librpc/wscript_build | 7 +++ > 4 files changed, 130 insertions(+), 1 deletion(-) > create mode 100644 librpc/idl/krb5ccache.idl > >diff --git a/librpc/idl/krb5ccache.idl b/librpc/idl/krb5ccache.idl >new file mode 100644 >index 00000000000..1f0cfa752a9 >--- /dev/null >+++ b/librpc/idl/krb5ccache.idl >@@ -0,0 +1,115 @@ >+/* >+ krb5 credentials cache (version 3 or 4) >+ specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html >+*/ >+ >+#include "idl_types.h" >+ >+[ >+ uuid("1702b695-99ca-4f32-93e4-1e1c4d5ddb53"), >+ version(0.0), >+ pointer_default(unique), >+ helpstring("KRB5 credentials cache") >+] >+interface krb5ccache >+{ >+ typedef struct { >+ uint32 name_type; >+ uint32 component_count; >+ [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string realm; >+ [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string components[component_count]; >+ } PRINCIPAL; >+ >+ typedef struct { >+ uint16 enctype; >+ DATA_BLOB data; >+ } KEYBLOCK; >+ >+ typedef struct { >+ uint16 addrtype; >+ DATA_BLOB data; >+ } ADDRESS; >+ >+ typedef struct { >+ uint32 count; >+ ADDRESS data[count]; >+ } ADDRESSES; >+ >+ typedef struct { >+ uint16 ad_type; >+ DATA_BLOB data; >+ } AUTHDATUM; >+ >+ typedef struct { >+ uint32 count; >+ AUTHDATUM data[count]; >+ } AUTHDATA; >+ >+ typedef struct { >+ PRINCIPAL client; >+ PRINCIPAL server; >+ KEYBLOCK keyblock; >+ uint32 authtime; >+ uint32 starttime; >+ uint32 endtime; >+ uint32 renew_till; >+ uint8 is_skey; >+ uint32 ticket_flags; >+ ADDRESSES addresses; >+ AUTHDATA authdata; >+ DATA_BLOB ticket; >+ DATA_BLOB second_ticket; >+ } CREDENTIAL; >+ >+ typedef struct { >+ [value(0)] int32 kdc_sec_offset; >+ [value(0)] int32 kdc_usec_offset; >+ } DELTATIME_TAG; >+ >+ typedef [nodiscriminant] union { >+ [case(1)] DELTATIME_TAG deltatime_tag; >+ } FIELD; >+ >+ typedef struct { >+ [value(1)] uint16 tag; >+ [subcontext(2),switch_is(tag)] FIELD field; >+ } V4TAG; >+ >+ typedef struct { >+ V4TAG tag; >+ /* >+ * We should allow for more than one tag to be properly parsed, but that >+ * would require manual parsing. >+ */ >+ [flag(NDR_REMAINING)] DATA_BLOB further_tags; >+ } V4TAGS; >+ >+ typedef struct { >+ [subcontext(2)] V4TAGS v4tags; >+ } V4HEADER; >+ >+ typedef [nodiscriminant] union { >+ /* >+ * We don't attempt to support file format versions 1 and 2 as they >+ * assume native CPU byte order, which makes no sense in PIDL. >+ */ >+ [case(3)] ; >+ [case(4)] V4HEADER v4header; >+ } OPTIONAL_HEADER; >+ >+ /* Public structures. */ >+ >+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { >+ [value(5)] uint8 pvno; >+ [value(4)] uint8 version; >+ [switch_is(version)] OPTIONAL_HEADER optional_header; >+ PRINCIPAL principal; >+ CREDENTIAL cred; >+ [flag(NDR_REMAINING)] DATA_BLOB further_creds; >+ } CCACHE; >+ >+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { >+ CREDENTIAL cred; >+ [flag(NDR_REMAINING)] DATA_BLOB further_creds; >+ } MULTIPLE_CREDENTIALS; >+} >diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build >index 928f54abde0..0cbd7f8fdfc 100644 >--- a/librpc/idl/wscript_build >+++ b/librpc/idl/wscript_build >@@ -147,6 +147,7 @@ bld.SAMBA_PIDL_LIST('PIDL', > drsblobs.idl > idmap.idl > krb5pac.idl >+ krb5ccache.idl > messaging.idl > misc.idl > nbt.idl >diff --git a/librpc/wscript_build b/librpc/wscript_build >index 27b180fa63d..8f31d59d3b5 100644 >--- a/librpc/wscript_build >+++ b/librpc/wscript_build >@@ -374,6 +374,11 @@ bld.SAMBA_LIBRARY('ndr-krb5pac', > vnum='0.0.1' > ) > >+bld.SAMBA_SUBSYSTEM('NDR_KRB5CCACHE', >+ source='gen_ndr/ndr_krb5ccache.c', >+ deps='ndr NDR_COMPRESSION NDR_SECURITY ndr-standard asn1util' >+ ) >+ > bld.SAMBA_LIBRARY('ndr-standard', > source='', > vnum='0.0.1', >@@ -616,7 +621,8 @@ bld.SAMBA_LIBRARY('ndr-samba', > source=[], > deps='''NDR_DRSBLOBS NDR_DRSUAPI NDR_IDMAP NDR_NTLMSSP NDR_NEGOEX NDR_SCHANNEL NDR_MGMT > NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM >- NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV''', >+ NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV >+ NDR_KRB5CCACHE''', > private_library=True, > grouping_library=True > ) >diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build >index 009b2e13d2e..ea9c4853d7a 100644 >--- a/source4/librpc/wscript_build >+++ b/source4/librpc/wscript_build >@@ -229,6 +229,13 @@ bld.SAMBA_PYTHON('python_krb5pac', > cflags_end=gen_cflags > ) > >+bld.SAMBA_PYTHON('python_krb5ccache', >+ source='../../librpc/gen_ndr/py_krb5ccache.c', >+ deps='NDR_KRB5CCACHE %s %s' % (pytalloc_util, pyrpc_util), >+ realname='samba/dcerpc/krb5ccache.so', >+ cflags_end=gen_cflags >+ ) >+ > bld.SAMBA_PYTHON('python_netlogon', > source='../../librpc/gen_ndr/py_netlogon.c', > deps='RPC_NDR_NETLOGON %s %s' % (pytalloc_util, pyrpc_util), >-- >2.25.1 > > >From 1b8ba7eea161519ba3b922e67d34ace329d2a03e Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:58:48 +1200 >Subject: [PATCH 036/177] librpc: Test parsing a Kerberos 5 credentials cache > with ndrdump > >This is the format used by the FILE: credentials cache type. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f17b1edca9c1638ef404fadce3ca7a4d176de12) >--- > python/samba/tests/blackbox/ndrdump.py | 37 + > source3/selftest/ktest-krb5_ccache-2.txt | 1574 ++++++++++++++++++++++ > source3/selftest/ktest-krb5_ccache-3.txt | 832 ++++++++++++ > 3 files changed, 2443 insertions(+) > create mode 100644 source3/selftest/ktest-krb5_ccache-2.txt > create mode 100644 source3/selftest/ktest-krb5_ccache-3.txt > >diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py >index 69b17274026..7833ec98119 100644 >--- a/python/samba/tests/blackbox/ndrdump.py >+++ b/python/samba/tests/blackbox/ndrdump.py >@@ -320,6 +320,43 @@ dump OK > # convert expected to bytes for python 3 > self.assertEqual(actual, expected.encode('utf-8')) > >+ def test_ndrdump_Krb5ccache(self): >+ expected = open(self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-2.txt")).read() >+ try: >+ # Specify -d1 to match the generated output file, because ndrdump >+ # only outputs some additional info if this parameter is specified, >+ # and the --configfile parameter gives us an empty smb.conf to avoid >+ # extraneous output. >+ actual = self.check_output( >+ "ndrdump krb5ccache CCACHE struct " >+ "--configfile /dev/null -d1 --validate " + >+ self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-2")) >+ except BlackboxProcessError as e: >+ self.fail(e) >+ # check_output will return bytes >+ # convert expected to bytes for python 3 >+ self.assertEqual(actual, expected.encode('utf-8')) >+ >+ expected = open(self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-3.txt")).read() >+ try: >+ # Specify -d1 to match the generated output file, because ndrdump >+ # only outputs some additional info if this parameter is specified, >+ # and the --configfile parameter gives us an empty smb.conf to avoid >+ # extraneous output. >+ actual = self.check_output( >+ "ndrdump krb5ccache CCACHE struct " >+ "--configfile /dev/null -d1 --validate " + >+ self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-3")) >+ except BlackboxProcessError as e: >+ self.fail(e) >+ # check_output will return bytes >+ # convert expected to bytes for python 3 >+ self.assertEqual(actual, expected.encode('utf-8')) >+ > # This is a good example of a union with an empty default > # and no buffers to parse. > def test_ndrdump_fuzzed_spoolss_EnumForms(self): >diff --git a/source3/selftest/ktest-krb5_ccache-2.txt b/source3/selftest/ktest-krb5_ccache-2.txt >new file mode 100644 >index 00000000000..c86750ae585 >--- /dev/null >+++ b/source3/selftest/ktest-krb5_ccache-2.txt >@@ -0,0 +1,1574 @@ >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] 8B 94 0B 31 51 5B F7 A7 15 E9 EE D7 D7 0C 8C 90 ...1Q[.. ........ >+ authtime : 0x4d994f6a (1301892970) >+ starttime : 0x4d994f6a (1301892970) >+ endtime : 0x7d440b68 (2101611368) >+ renew_till : 0x7d440b68 (2101611368) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 80 66 8F CF AB 24 9D C8 76 E4 28 F5 25 6B 73 B2 .f...$.. v.(.%ks. >+[0080] 4B 94 ED 09 10 29 05 C4 C0 B8 B9 33 FA C4 46 AB K....).. ...3..F. >+[0090] F4 B5 9E 5B 07 54 D6 58 1D B8 CA 04 41 A6 33 A6 ...[.T.X ....A.3. >+[00A0] 67 9D EB 83 70 65 A9 2D 65 A5 19 8C 55 2A 0F FC g...pe.- e...U*.. >+[00B0] 1B BB 7A BD 86 C0 32 06 F2 2F 0A A5 93 E7 D1 1E ..z...2. ./...... >+[00C0] 16 C4 27 DD 1F A7 61 03 FF 05 81 EF 49 B7 25 A3 ..'...a. ....I.%. >+[00D0] 6E EA E6 E8 15 E3 10 AF A3 F1 21 B3 D9 C0 67 2F n....... ..!...g/ >+[00E0] 0C 0C B7 42 D6 9A 34 8E D4 5E 55 C2 FE 62 03 37 ...B..4. .^U..b.7 >+[00F0] A5 58 9B 43 E7 26 E3 71 B2 E5 F1 91 B4 23 8F AC .X.C.&.q .....#.. >+[0100] 7A 31 3C 4E B4 94 E4 81 36 98 71 3B 98 7B B7 AB z1<N.... 6.q;.{.. >+[0110] D5 AA D3 34 2A 3B C8 D7 61 EE 60 F9 68 9C A0 56 ...4*;.. a.`.h..V >+[0120] 51 E7 85 81 DE EF B9 9F 8B 4A 07 E1 05 93 08 5A Q....... .J.....Z >+[0130] AE B3 92 A5 17 40 B1 1C 42 A9 E4 AD 3C B4 4E D3 .....@.. B...<.N. >+[0140] BE 68 C4 0C 81 C0 AB 2D 3E 81 09 BD 16 82 EB C5 .h.....- >....... >+[0150] 1A 69 EE 8C 4E A4 D8 55 A5 0B 23 0F D0 89 48 C4 .i..N..U ..#...H. >+[0160] 51 FE 32 FD CC F6 71 E1 95 2D CC 1D 0A 0C 8A A2 Q.2...q. .-...... >+[0170] 69 58 3B 65 88 53 EC D0 2E E1 C6 CC 6B BC 09 E5 iX;e.S.. ....k... >+[0180] B9 15 27 8B E4 B2 24 18 61 42 BB 8B 09 1B 8A 7B ..'...$. aB.....{ >+[0190] 13 D8 51 E1 0B 79 12 48 DE A9 54 04 00 6D DD E6 ..Q..y.H ..T..m.. >+[01A0] 5E 03 91 FF C7 6D 0B 7C 91 44 E1 0F C0 7E 32 34 ^....m.| .D...~24 >+[01B0] 82 86 94 F7 CD 53 EC 52 38 18 AA ED FF FC 5C 01 .....S.R 8.....\. >+[01C0] D2 EE 99 45 8E 5B E6 B3 46 B0 F6 3B 22 29 EC 11 ...E.[.. F..;").. >+[01D0] 30 6A F6 A1 1F 9E AE 71 E3 A6 E7 3F F3 7D 2B 75 0j.....q ...?.}+u >+[01E0] 70 4D 63 47 5C 18 2C 8B B1 1A 69 B6 C5 46 01 17 pMcG\.,. ..i..F.. >+[01F0] 8E 64 3D 47 88 20 1C AA D7 60 32 28 11 60 EA 28 .d=G. .. .`2(.`.( >+[0200] 66 99 4C B1 2A 28 96 BF 18 2A 3E F4 D6 84 E5 A0 f.L.*(.. .*>..... >+[0210] F4 4E E7 F9 54 95 22 96 2A 87 01 CC 3E A7 FF 42 .N..T.". *...>..B >+[0220] 6A A4 4A 3A B9 24 10 65 99 53 58 2A 4E 72 E7 1F j.J:.$.e .SX*Nr.. >+[0230] 82 BC BD 3C 6C 9D 33 3A CE C6 6E 72 A2 81 B3 84 ...<l.3: ..nr.... >+[0240] 82 DF 3C 1F 76 E5 B8 08 AD 0A 6C 7D 7B D5 0C 46 ..<.v... ..l}{..F >+[0250] 69 A4 F4 E9 9E 3D D7 2D E1 43 D1 7A 52 16 75 56 i....=.- .C.zR.uV >+[0260] 54 83 D5 2A 2F A7 D2 CB 48 FE FF DB AE 46 F2 5B T..*/... H....F.[ >+[0270] F4 52 BE C8 5E B1 04 95 52 35 3E 92 E0 02 F7 85 .R..^... R5>..... >+[0280] AB F0 D0 93 08 42 E5 37 19 24 4E C1 AF FC 92 A9 .....B.7 .$N..... >+[0290] B1 27 B1 9A 2A 62 34 F1 DC C0 6B 83 AE C3 74 E8 .'..*b4. ..k...t. >+[02A0] A3 05 DD 82 DD A3 D7 90 A8 E3 9C EB 64 16 23 06 ........ ....d.#. >+[02B0] 5D FB E4 35 7C 22 29 78 E3 3B 75 92 91 0C 9D A1 ]..5|")x .;u..... >+[02C0] 87 7C 2E 82 AE 49 9D 4A 50 A9 C2 D5 85 B0 16 5D .|...I.J P......] >+[02D0] A2 CD B0 DD 29 3F 6F 66 C9 C1 9F 5C F0 B6 FC D2 ....)?of ...\.... >+[02E0] 52 BE 7B F0 1F 26 AF 8A FC C3 A6 24 8C C0 10 06 R.{..&.. ...$.... >+[02F0] 73 1E 17 9E 6E 6F 32 44 6A DF 82 5D D0 6B 74 CE s...no2D j..].kt. >+[0300] 58 0B 4C 7B EB A1 13 44 B1 3E D8 F8 BA F4 4E 55 X.L{...D .>....NU >+[0310] 71 3D C1 09 D9 E7 97 9A 14 5C 54 7E 57 81 5F 6B q=...... .\T~W._k >+[0320] 30 BE 9A E1 98 29 47 D4 C0 8F 63 0A F8 27 1F CE 0....)G. ..c..'.. >+[0330] ED D9 BB 7B 12 24 D0 34 2A 7C F0 F7 77 F4 F1 1D ...{.$.4 *|..w... >+[0340] 4C 5D 75 2D 6B 0D 80 35 82 CC D8 7A 6B FA A0 55 L]u-k..5 ...zk..U >+[0350] 34 CD 87 15 61 38 78 D4 69 0F AA 72 D6 AC FA 99 4...a8x. i..r.... >+[0360] BC 70 39 27 A7 25 2E 1B 6F 36 01 FD E9 B4 9A 79 .p9'.%.. o6.....y >+[0370] 6C 19 DD A6 8C 78 B0 40 92 60 58 F0 28 AD 08 78 l....x.@ .`X.(..x >+[0380] 4A 29 06 2C 82 2B 1A E3 91 0B 5F EE D6 B8 66 47 J).,.+.. .._...fG >+[0390] 31 9B A3 DF 9F 79 D7 BB 0E 2C FA 0E C9 66 84 8D 1....y.. .,...f.. >+[03A0] FF BA BB 21 27 9E AD 86 84 55 8D 4C 4C 47 D9 5F ...!'... .U.LLG._ >+[03B0] B2 7D 26 CA B7 49 3C 9D 1B 67 71 11 3A 8A EB EA .}&..I<. .gq.:... >+[03C0] 0F 15 EB F0 1E 46 F7 A4 34 04 D7 E3 50 67 47 D3 .....F.. 4...PgG. >+[03D0] 66 21 17 77 51 A7 1F 1D 84 3B 7C B1 5D 4E B8 D4 f!.wQ... .;|.]N.. >+[03E0] F9 C5 75 06 AA 19 45 1C E9 06 9E AD 23 26 6B 10 ..u...E. ....#&k. >+[03F0] 53 A0 36 D3 58 9F 5E 8C CB A5 F6 BC C9 30 3C BC S.6.X.^. .....0<. >+[0400] AD FF 7C 92 F0 C6 9A 02 ..|..... >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=10683 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 PLE.COM. ...cifs. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 72 3A 0C .....n.. 1mH..r:. >+[0080] 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D 44 0B 68 K...M.Oj M.P.}D.h >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 ........ 0...cifs >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 FC 5E 51 ........ .d.1..^Q >+[0110] 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 12 74 2D <..4G;.o o.....t- >+[0120] 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB F1 15 FD D....-F> ........ >+[0130] BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 A2 9D 2D ..... j8 .F.'...- >+[0140] 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B 70 E4 51 ...}...| .G..{p.Q >+[0150] 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 55 75 44 j.Qhb(J. Q....UuD >+[0160] 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 C1 0C 3A ......4. .1..C..: >+[0170] B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 AF E1 61 .i. ...e O. ....a >+[0180] 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B 74 D5 8F ...c&.]. <.).{t.. >+[0190] 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD 22 9A A5 ,.K..$W7 .....".. >+[01A0] 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 28 4B 7B ..Jx.6.. ..'..(K{ >+[01B0] DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 26 91 78 ..B..... ....H&.x >+[01C0] A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 4D 38 C7 ...l$... .....M8. >+[01D0] 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 53 C5 16 }IU..F.. {..bcS.. >+[01E0] 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 7E 40 65 J...|..E ...Xg~@e >+[01F0] 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 56 E8 A1 KH...... 9....V.. >+[0200] 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F 18 CE 2F .zz.`..) ...L.../ >+[0210] 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 08 FC BF ...[l..E .s..U... >+[0220] C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 2D F1 3B ..Q..,.. <....-.; >+[0230] A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB 8A 18 BD ....*g.. ..|l.... >+[0240] D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 7E 7D C4 .].^h0.X ....&~}. >+[0250] E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED 42 79 31 ........ .^^j.By1 >+[0260] BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 36 C9 1E .._:?..c .....6.. >+[0270] 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 DE 26 85 .}A....& ..P^..&. >+[0280] 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 79 8F 77 0q.E;... ..*<.y.w >+[0290] 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB 25 7B B1 L.iz.... ...x.%{. >+[02A0] 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D C8 AB 04 <."'..u. ..@.m... >+[02B0] 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D E6 15 2C .A..%q.S :...M.., >+[02C0] B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 F5 E9 B2 .Gl..}.. ....!... >+[02D0] 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA 08 0D CE B.h(..7" .0.S.... >+[02E0] CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 56 72 C6 ..a...-u .A.L.Vr. >+[02F0] B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 A0 BD 68 ...4...\ .......h >+[0300] EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 83 84 D4 ..2..Q.? g.{.p... >+[0310] CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 05 CF 26 .RU6a.`. [o..b..& >+[0320] 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F B0 B8 07 .e.`K.c. ..D./... >+[0330] FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F 44 09 20 ...P.V.. .%v..D. >+[0340] 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 93 B1 30 ....c.TF ..^....0 >+[0350] 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A 1F C1 08 1{..#C;. }9g..... >+[0360] AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A 7F 1D 4A .4$.t... 4.aWj..J >+[0370] 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 0F DF 44 ...x...T ."..i..D >+[0380] 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C 53 E3 85 |.k.AcP. :..{LS.. >+[0390] 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC 84 84 D9 s....u.P ........ >+[03A0] BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 9B EC 5C ...y.j.. ..~."..\ >+[03B0] C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B 80 E6 67 .k...U2^ #......g >+[03C0] B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 24 8A B1 .Y..]... .}...$.. >+[03D0] 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 21 7C 3D 7.`..5H2 .....!|= >+[03E0] 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC 34 C1 2D !.k.1... L+.^.4.- >+[03F0] DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 07 06 72 ..l.m.`. U......r >+[0400] C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 CB 53 6B ..N..k>. ..uM..Sk >+[0410] 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 B7 D8 F5 4./..9.. n'.mA... >+[0420] 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 84 5E 82 .......V ......^. >+[0430] C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 FA 66 A0 ........ ;.....f. >+[0440] DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B 4D 72 9F .2`..F.< ..o..Mr. >+[0450] 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 B6 1B 9F ...qn|.. ..M..... >+[0460] 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 C2 69 E5 bq.,.... ..y...i. >+[0470] 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C 52 17 03 ~.W...N. ...OLR.. >+[0480] AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 95 61 2E ...4`.|. .607..a. >+[0490] CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D 84 D5 00 .p."p... n=0.M... >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 6....... n..1mH.. >+[0520] 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D r:.K...M .OjM.P.} >+[0530] 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 D.h..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 ........ ....d.1. >+[05B0] FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 .^Q<..4G ;.oo.... >+[05C0] 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB .t-D.... -F>..... >+[05D0] F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 ........ j8.F.'. >+[05E0] A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B ..-...}. ..|.G..{ >+[05F0] 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 p.Qj.Qhb (J.Q.... >+[0600] 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 UuD..... .4..1..C >+[0610] C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 ..:.i. . ..eO. .. >+[0620] AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B ..a...c& .].<.).{ >+[0630] 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD t..,.K.. $W7..... >+[0640] 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 "....Jx. 6....'.. >+[0650] 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 (K{..B.. .......H >+[0660] 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 &.x...l$ ........ >+[0670] 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 M8.}IU.. F..{..bc >+[0680] 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 S..J...| ..E...Xg >+[0690] 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 ~@eKH... ...9.... >+[06A0] 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F V...zz.` ..)...L. >+[06B0] 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 ../...[l ..E.s..U >+[06C0] 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 .....Q.. ,..<.... >+[06D0] 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB -.;....* g....|l. >+[06E0] 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 ....].^h 0.X....& >+[06F0] 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED ~}...... ....^^j. >+[0700] 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 By1.._:? ..c..... >+[0710] 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 6...}A.. ..&..P^. >+[0720] DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 .&.0q.E; .....*<. >+[0730] 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB y.wL.iz. ......x. >+[0740] 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D %{.<."'. .u...@.m >+[0750] C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D ....A..% q.S:...M >+[0760] E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 ..,.Gl.. }......! >+[0770] F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA ...B.h(. .7".0.S. >+[0780] 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 .....a.. .-u.A.L. >+[0790] 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 Vr....4. ..\..... >+[07A0] A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 ..h..2.. Q.?g.{.p >+[07B0] 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 ....RU6a .`.[o..b >+[07C0] 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F ..&.e.`K .c...D./ >+[07D0] B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F ......P. V...%v.. >+[07E0] 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 D. ....c .TF..^.. >+[07F0] 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A ..01{..# C;.}9g.. >+[0800] 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A ....4$.t ...4.aWj >+[0810] 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 ..J...x. ..T."..i >+[0820] 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C ..D|.k.A cP.:..{L >+[0830] 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC S..s.... u.P..... >+[0840] 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 ......y. j....~." >+[0850] 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B ..\.k... U2^#.... >+[0860] 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 ..g.Y..] ....}... >+[0870] 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 $..7.`.. 5H2..... >+[0880] 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC !|=!.k.1 ...L+.^. >+[0890] 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 4.-..l.m .`.U.... >+[08A0] 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 ..r..N.. k>...uM. >+[08B0] CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 .Sk4./.. 9..n'.mA >+[08C0] B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 ........ ..V..... >+[08D0] 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 .^...... ...;.... >+[08E0] FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B .f..2`.. F.<..o.. >+[08F0] 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 Mr....qn |....M.. >+[0900] B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 ...bq.,. .....y.. >+[0910] C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C .i.~.W.. .N....OL >+[0920] 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 R.....4` .|..607. >+[0930] 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D .a..p."p ...n=0.M >+[0940] 84 D5 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 63 69 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 .cifs... .localkt >+[09B0] 65 73 74 36 00 17 00 00 00 10 00 6E A1 B2 31 6D est6.... ...n..1m >+[09C0] 48 C7 90 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 H..r:.K. ..M.OjM. >+[09D0] 50 85 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 P.}D.h.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 63 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 ..cifs.. localkte >+[0A30] 73 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 st6....0 ........ >+[0A40] A1 03 02 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 ........ .......d >+[0A50] A8 31 00 FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD .1..^Q<. .4G;.oo. >+[0A60] 9E A6 91 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB ....t-D. ...-F>.. >+[0A70] FB C4 FB F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 ........ ... j8.F >+[0A80] 06 27 D9 A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 .'...-.. .}...|.G >+[0A90] 17 BC 7B 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 ..{p.Qj. Qhb(J.Q. >+[0AA0] 0D CD 02 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 ...UuD.. ....4..1 >+[0AB0] 85 9E 43 C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 ..C..:.i . ...eO. >+[0AC0] 20 C9 B5 AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD ....a.. .c&.].<. >+[0AD0] 29 BB 7B 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 ).{t..,. K..$W7.. >+[0AE0] F7 91 FD 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A ...".... Jx.6.... >+[0AF0] 27 8A C6 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F '..(K{.. B....... >+[0B00] 9C B8 48 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 ..H&.x.. .l$..... >+[0B10] B3 D3 85 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA ...M8.}I U..F..{. >+[0B20] 11 62 63 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 .bcS..J. ..|..E.. >+[0B30] 98 58 67 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 .Xg~@eKH ......9. >+[0B40] 04 C0 A8 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC ...V...z z.`..).. >+[0B50] 82 4C 8F 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 .L.../.. .[l..E.s >+[0B60] CB A4 55 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD ..U..... Q..,..<. >+[0B70] F6 F0 A3 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 ...-.;.. ..*g.... >+[0B80] 7C 6C FB 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 |l.....] .^h0.X.. >+[0B90] 13 E0 26 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E ..&~}... .......^ >+[0BA0] 5E 6A ED 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB ^j.By1.. _:?..c.. >+[0BB0] 06 AE 12 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 ...6...} A....&.. >+[0BC0] 50 5E D0 DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 P^..&.0q .E;..... >+[0BD0] 2A 3C E0 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC *<.y.wL. iz...... >+[0BE0] FF 78 DB 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 .x.%{.<. "'..u... >+[0BF0] 40 95 6D C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 @.m....A ..%q.S:. >+[0C00] 9C B2 4D E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B ..M..,.G l..}.... >+[0C10] C9 1E 21 F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 ..!...B. h(..7".0 >+[0C20] 8D 53 FA 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 .S...... a...-u.A >+[0C30] 85 4C 88 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA .L.Vr... .4...\.. >+[0C40] 80 90 82 A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB .....h.. 2..Q.?g. >+[0C50] 7B EB 70 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F {.p....R U6a.`.[o >+[0C60] FE 9A 62 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 ..b..&.e .`K.c... >+[0C70] 44 B4 2F B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 D./..... .P.V...% >+[0C80] 76 0B 0F 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB v..D. .. ..c.TF.. >+[0C90] 5E 0B 09 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 ^....01{ ..#C;.}9 >+[0CA0] 67 FE 9A 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F g......4 $.t...4. >+[0CB0] 61 57 6A 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 aWj..J.. .x...T." >+[0CC0] 86 D6 69 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 ..i..D|. k.AcP.:. >+[0CD0] B9 7B 4C 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 .{LS..s. ...u.P.. >+[0CE0] B0 CF CC 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 ........ .y.j.... >+[0CF0] 7E E9 22 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 ~."..\.k ...U2^#. >+[0D00] C0 D4 8B 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D .....g.Y ..]....} >+[0D10] E2 FE B1 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 ...$..7. `..5H2.. >+[0D20] E8 12 E6 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B ...!|=!. k.1...L+ >+[0D30] 1C 5E EC 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E .^.4.-.. l.m.`.U. >+[0D40] E6 D0 B5 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A .....r.. N..k>... >+[0D50] 75 4D E8 CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 uM..Sk4. /..9..n' >+[0D60] 00 6D 41 B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 .mA..... .....V.. >+[0D70] 04 1D 98 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 ....^... ......;. >+[0D80] 98 1C D8 FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 ....f..2 `..F.<.. >+[0D90] 6F F2 8B 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 o..Mr... .qn|.... >+[0DA0] 4D F1 A1 B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B M.....bq .,...... >+[0DB0] 79 90 F1 C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 y...i.~. W...N... >+[0DC0] EA 4F 4C 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 .OLR.... .4`.|..6 >+[0DD0] 30 37 88 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 07..a..p ."p...n= >+[0DE0] 30 F7 4D 84 D5 00 00 00 00 00 00 00 01 00 00 00 0.M..... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 1D C8 5E LKTEST6. .......^ >+[0E60] 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 4D 99 4F FH..)... .rm..M.O >+[0E70] 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 00 40 28 jM...}D. h.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE 07 48 DA f..F..s- ...J..H. >+[0F00] 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 2D F5 9C ..X0C@.. ..;..-.. >+[0F10] 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED 8B 8B 1B >./..... ...p.... >+[0F20] 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 00 32 B1 ^.N..... a...V.2. >+[0F30] DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 D4 19 74 ..7)./.. .C.....t >+[0F40] 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 63 9B D4 3.iR.X.. ...D.c.. >+[0F50] 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D 29 B6 ED Nn.>...M ....m).. >+[0F60] 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A E2 29 AF *b=S"3.. ..tL*.). >+[0F70] 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 5E C1 68 [i.H-... ..T..^.h >+[0F80] 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 3B 10 17 o...y... .vfE.;.. >+[0F90] 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A C0 EA 38 .@F..... ....:..8 >+[0FA0] 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D 65 F0 D2 ;..K...' .b...e.. >+[0FB0] C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 4F A2 4A .^.e.... .1..IO.J >+[0FC0] 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 31 C8 40 pw...[7\ .....1.@ >+[0FD0] 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1C 53 52 ..h..}.T ORa1,.SR >+[0FE0] DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 97 97 3D ....9.}. .."....= >+[0FF0] 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 DF B7 C1 ^f....N. +.c 0... >+[1000] D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B 09 04 31 .e.o-.$. ..nK..1 >+[1010] B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D D9 0C 4C ....72.. s...M..L >+[1020] 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 A7 1F 33 [..jQ..? .F.s...3 >+[1030] 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F AA C7 E8 .|..Z#.@ |....... >+[1040] 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 69 B0 C1 c..:J..b .!...i.. >+[1050] 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 48 AB D7 .Q....B[ .08..H.. >+[1060] FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 FC C1 DC ....q... TB...... >+[1070] F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C 26 67 32 ..0b...} +4.RL&g2 >+[1080] D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 D6 EB 98 .D..'... ..f5.... >+[1090] 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B 20 D6 33 Fo.G..1. G.e.. .3 >+[10A0] 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 3E 4B 32 6;.@/Z.. ....3>K2 >+[10B0] 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 6A 3E D2 ..".._.. ...[Yj>. >+[10C0] FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 44 C0 1F ..O....o +.7.7D.. >+[10D0] 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE 72 5B 3A ..CF.^.. .9pa.r[: >+[10E0] 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 81 A0 0D .7.x.... ...G.... >+[10F0] 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 5A 4D E2 b..46... ...>wZM. >+[1100] 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 59 F7 A3 _ p==[4. ..1..Y.. >+[1110] F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 31 D4 F3 .f...... .3.."1.. >+[1120] 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 9E 91 B8 g.h ..rz od.h.... >+[1130] E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 58 14 60 ..ml8t.. ..%..X.` >+[1140] 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A 86 21 D3 ...L..g> 5gq.*.!. >+[1150] 60 61 98 16 94 67 0B 52 76 63 93 BD A3 3B A9 F0 `a...g.R vc...;.. >+[1160] A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D 94 71 59 .j...5d. j. .=.qY >+[1170] 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B 7A A8 E6 ^....M.. K.d.;z.. >+[1180] D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 C9 2F 77 ..vq&.\. .U..../w >+[1190] DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B 44 11 6B ...H.... 1....D.k >+[11A0] 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D F4 CC EA |.z].n.. ...4.... >+[11B0] 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 C6 16 57 7$K..... )...9..W >+[11C0] D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 56 9C EC ..W.l~.. .....V.. >+[11D0] 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F 16 25 31 .>!..|.< ....o.%1 >+[11E0] C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 DB 85 CC .(...G1P ........ >+[11F0] 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 10 8C 82 kK,...-. m....... >+[1200] 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 0A 4F E3 /.....w@ PB.B..O. >+[1210] 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 5B C3 1A ll...... }.<s"[.. >+[1220] 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 54 C0 E3 .5.:.m.h ..e~.T.. >+[1230] 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 25 4A 92 }j2L.>.x K....%J. >+[1240] 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 75 28 2F .l...Y.. .....u(/ >+[1250] F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 C4 A0 8D .*p(.E.u .Nb..... >+[1260] 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 09 EB 05 U....... $...@... >+[1270] 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 95 01 50 ...1P2/. ...K...P >+[1280] 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 00 00 01 n.#I.r!. ........ >+[1290] 00 00 00 01 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[12A0] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[12B0] 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 ...admin istrator >+[12C0] 00 00 00 01 00 00 00 02 00 00 00 17 4B 54 45 53 ........ ....KTES >+[12D0] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[12E0] 43 4F 4D 00 00 00 04 63 69 66 73 00 00 00 0B 4C COM....c ifs....L >+[12F0] 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 00 00 10 OCALKTES T6...... >+[1300] 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 ..^FH..) ....rm.. >+[1310] 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 M.OjM... }D.h.... >+[1320] 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 03 .@(..... ........ >+[1330] FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 .a...0.. ........ >+[1340] 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1350] 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 AMPLE.CO M..0.... >+[1360] 01 01 A1 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F ....0... cifs..LO >+[1370] 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 CALKTEST 6....0.. >+[1380] AA A0 03 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 ........ ........ >+[1390] 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE ...f..F. .s-...J. >+[13A0] 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 .H...X0C @....;.. >+[13B0] 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED -..>./.. ......p. >+[13C0] 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 ...^.N.. ...a...V >+[13D0] 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 .2...7). /...C... >+[13E0] D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 ..t3.iR. X.....D. >+[13F0] 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D c..Nn.>. ..M....m >+[1400] 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A )..*b=S" 3....tL* >+[1410] E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 .).[i.H- .....T.. >+[1420] 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 ^.ho...y ....vfE. >+[1430] 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A ;...@F.. .......: >+[1440] C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D ..8;..K. ..'.b... >+[1450] 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 e...^.e. ....1..I >+[1460] 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 O.Jpw... [7\..... >+[1470] 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1.@..h.. }.TORa1, >+[1480] 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 .SR....9 .}...".. >+[1490] 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 ..=^f... .N.+.c 0 >+[14A0] DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B ....e.o- .$. ..nK >+[14B0] 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D ..1....7 2..s...M >+[14C0] D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 ..L[..jQ ..?.F.s. >+[14D0] A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F ..3.|..Z #.@|.... >+[14E0] AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 ...c..:J ..b.!... >+[14F0] 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 i...Q... .B[.08.. >+[1500] 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 H......q ...TB... >+[1510] FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C .....0b. ..}+4.RL >+[1520] 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 &g2.D..' .....f5. >+[1530] D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B ...Fo.G. .1.G.e.. >+[1540] 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 .36;.@/ Z......3 >+[1550] 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 >K2..".. _.....[Y >+[1560] 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 j>...O.. ..o+.7.7 >+[1570] 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE D....CF. ^...9pa. >+[1580] 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 r[:.7.x. ......G. >+[1590] 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 ...b..46 ......>w >+[15A0] 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 ZM._ p== [4...1.. >+[15B0] 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 Y...f... ....3.." >+[15C0] 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 1..g.h . .rzod.h. >+[15D0] 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 .....ml8 t....%.. >+[15E0] 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A X.`...L. .g>5gq.* >+[15F0] 86 21 D3 60 61 98 16 94 67 0B 52 76 63 93 BD A3 .!.`a... g.Rvc... >+[1600] 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D ;...j... 5d.j. .= >+[1610] 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B .qY^.... M..K.d.; >+[1620] 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 z....vq& .\..U... >+[1630] C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B ./w...H. ...1.... >+[1640] 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D D.k|.z]. n.....4. >+[1650] F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 ...7$K.. ...)...9 >+[1660] C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 ..W..W.l ~....... >+[1670] 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F V...>!.. |.<....o >+[1680] 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 .%1.(... G1P..... >+[1690] DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 ...kK,.. .-.m.... >+[16A0] 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 .../.... .w@PB.B. >+[16B0] 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 .O.ll... ...}.<s" >+[16C0] 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 [...5.:. m.h..e~. >+[16D0] 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 T..}j2L. >.xK.... >+[16E0] 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 %J..l... Y....... >+[16F0] 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 u(/.*p(. E.u.Nb.. >+[1700] C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 ...U.... ...$...@ >+[1710] 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 ......1P 2/....K. >+[1720] 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 ..Pn.#I. r!...... >+[1730] 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 54 ........ ...KTEST >+[1740] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[1750] 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 OM....ad ministra >+[1760] 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 4B tor..... .......K >+[1770] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[1780] 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 00 LE.COM.. ..cifs.. >+[1790] 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 ..LOCALK TEST6... >+[17A0] 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 .....^FH ..)....r >+[17B0] 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 m..M.OjM ...}D.h. >+[17C0] 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 00 ....@(.. ........ >+[17D0] 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 ....a... 0....... >+[17E0] 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[17F0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C .EXAMPLE .COM..0. >+[1800] A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 1B .......0 ...cifs. >+[1810] 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE .LOCALKT EST6.... >+[1820] 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 82 0....... ........ >+[1830] 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 ......f. .F..s-.. >+[1840] FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F .J..H... X0C@.... >+[1850] 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC ;..-..>. /....... >+[1860] D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 .p....^. N.....a. >+[1870] D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 ..V.2... 7)./...C >+[1880] BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 .....t3. iR.X.... >+[1890] 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 .D.c..Nn .>...M.. >+[18A0] F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF ..m)..*b =S"3.... >+[18B0] 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D tL*.).[i .H-..... >+[18C0] 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 T..^.ho. ..y....v >+[18D0] 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF fE.;...@ F....... >+[18E0] 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 ..:..8;. .K...'.b >+[18F0] 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 ...e...^ .e.....1 >+[1900] 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 ..IO.Jpw ...[7\.. >+[1910] DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 ...1.@.. h..}.TOR >+[1920] 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 a1,.SR.. ..9.}... >+[1930] 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F "....=^f ....N.+. >+[1940] 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D c 0....e .o-.$. . >+[1950] 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 .nK..1.. ..72..s. >+[1960] F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 ..M..L[. .jQ..?.F >+[1970] E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F .s...3.| ..Z#.@|. >+[1980] DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 ......c. .:J..b.! >+[1990] B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 ...i...Q ....B[.0 >+[19A0] 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 8..H.... ..q...TB >+[19B0] DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 ........ 0b...}+4 >+[19C0] 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 .RL&g2.D ..'..... >+[19D0] 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 f5....Fo .G..1.G. >+[19E0] 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE e.. .36; .@/Z.... >+[19F0] 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 ..3>K2.. ".._.... >+[1A00] CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 .[Yj>... O....o+. >+[1A10] 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 7.7D.... CF.^...9 >+[1A20] 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA pa.r[:.7 .x...... >+[1A30] FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 .G....b. .46..... >+[1A40] F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 .>wZM._ p==[4... >+[1A50] 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 1..Y...f .......3 >+[1A60] A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 .."1..g. h ..rzod >+[1A70] FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 .h...... ml8t.... >+[1A80] 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 %..X.`.. .L..g>5g >+[1A90] 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B 52 76 63 q.*.!.`a ...g.Rvc >+[1AA0] 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA ...;...j ...5d.j. >+[1AB0] 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 .=.qY^. ...M..K. >+[1AC0] 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 d.;z.... vq&.\..U >+[1AD0] 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C ..../w.. .H....1. >+[1AE0] 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 ...D.k|. z].n.... >+[1AF0] C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 .4....7$ K.....). >+[1B00] D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB ..9..W.. W.l~.... >+[1B10] A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 ...V...> !..|.<.. >+[1B20] A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ..o.%1.( ...G1P.. >+[1B30] ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D ......kK ,...-.m. >+[1B40] 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 ....../. ....w@PB >+[1B50] 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF .B..O.ll ......}. >+[1B60] 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 <s"[...5 .:.m.h.. >+[1B70] 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF e~.T..}j 2L.>.xK. >+[1B80] 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 ...%J..l ...Y.... >+[1B90] CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E ...u(/.* p(.E.u.N >+[1BA0] 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE b.....U. ......$. >+[1BB0] BC CE 40 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 ..@..... .1P2/... >+[1BC0] 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 .K...Pn. #I.r!... >+[1BD0] 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 ........ ......KT >+[1BE0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[1BF0] 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 E.COM... .adminis >+[1C00] 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 trator.. ........ >+[1C10] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1C20] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 AMPLE.CO M....cif >+[1C30] 73 00 00 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 s....LOC ALKTEST6 >+[1C40] 00 17 00 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 ........ ^FH..).. >+[1C50] A6 F1 72 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 ..rm..M. OjM...}D >+[1C60] 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 00 .h.....@ (....... >+[1C70] 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 .......a ...0.... >+[1C80] 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[1C90] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 MBA.EXAM PLE.COM. >+[1CA0] 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 .0...... ..0...ci >+[1CB0] 66 73 1B 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 fs..LOCA LKTEST6. >+[1CC0] 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 ...0.... ........ >+[1CD0] 02 A2 82 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 ........ .f..F..s >+[1CE0] 2D CF 88 FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 -...J..H ...X0C@. >+[1CF0] 9C 00 0F 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B ...;..-. .>./.... >+[1D00] D7 2E EC D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 ....p... .^.N.... >+[1D10] 8D 61 E5 D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 .a...V.2 ...7)./. >+[1D20] EE A8 43 BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 ..C..... t3.iR.X. >+[1D30] 83 D6 16 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 ....D.c. .Nn.>... >+[1D40] 4D C4 96 F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 M....m). .*b=S"3. >+[1D50] 95 E9 DF 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 ...tL*.) .[i.H-.. >+[1D60] FD A5 1D 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 ...T..^. ho...y.. >+[1D70] 97 0B 76 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 ..vfE.;. ..@F.... >+[1D80] BB CF CF 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 .....:.. 8;..K... >+[1D90] 27 8C 62 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B '.b...e. ..^.e... >+[1DA0] CB 17 31 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 ..1..IO. Jpw...[7 >+[1DB0] 5C EC 06 DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE \.....1. @..h..}. >+[1DC0] 54 4F 52 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D TORa1,.S R....9.} >+[1DD0] C6 CE C8 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E ...".... =^f....N >+[1DE0] 2E 2B 9F 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 .+.c 0.. ..e.o-.$ >+[1DF0] 07 20 8D 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E . ..nK.. 1....72. >+[1E00] 0C 73 C6 F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA .s...M.. L[..jQ.. >+[1E10] 3F FF 46 E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 ?.F.s... 3.|..Z#. >+[1E20] 40 7C 0F DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 @|...... .c..:J.. >+[1E30] 62 01 21 B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 b.!...i. ..Q....B >+[1E40] 5B C5 30 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA [.08..H. .....q.. >+[1E50] 18 54 42 DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 .TB..... ...0b... >+[1E60] 7D 2B 34 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA }+4.RL&g 2.D..'.. >+[1E70] D0 FC 84 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 ...f5... .Fo.G..1 >+[1E80] BE 47 80 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E .G.e.. . 36;.@/Z. >+[1E90] 0E 01 BE 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 .....3>K 2..".._. >+[1EA0] D5 92 94 CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B ....[Yj> ...O.... >+[1EB0] 6F 2B 14 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 o+.7.7D. ...CF.^. >+[1EC0] FE D3 39 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 ..9pa.r[ :.7.x... >+[1ED0] E7 E9 DA FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB ....G... .b..46.. >+[1EE0] E6 98 D8 F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 ....>wZM ._ p==[4 >+[1EF0] D9 FD A8 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD ...1..Y. ..f..... >+[1F00] D5 85 33 A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 ..3.."1. .g.h ..r >+[1F10] 7A 6F 64 FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 zod.h... ...ml8t. >+[1F20] 96 A2 F6 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 ...%..X. `...L..g >+[1F30] 3E 35 67 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B >5gq.*.! .`a...g. >+[1F40] 52 76 63 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 Rvc...;. ..j...5d >+[1F50] DA 6A EA 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE .j. .=.q Y^....M. >+[1F60] 1B 4B D8 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C .K.d.;z. ...vq&.\ >+[1F70] DA 1A 55 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 ..U..../ w...H... >+[1F80] C3 31 9C 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 .1....D. k|.z].n. >+[1F90] DA EF C5 C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 ....4... .7$K.... >+[1FA0] F2 29 A0 D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 .)...9.. W..W.l~. >+[1FB0] 90 E0 EB A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 ......V. ..>!..|. >+[1FC0] 3C F9 D2 A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 <....o.% 1.(...G1 >+[1FD0] 50 DD E1 ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D P....... .kK,...- >+[1FE0] A9 6D 1D 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 .m...... ./.....w >+[1FF0] 40 50 42 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB @PB.B..O .ll..... >+[2000] F0 7D CF 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 .}.<s"[. ..5.:.m. >+[2010] 68 A3 C5 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 h..e~.T. .}j2L.>. >+[2020] 78 4B BF 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 xK....%J ..l...Y. >+[2030] CF 2E A0 CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F ......u( /.*p(.E. >+[2040] 75 C2 4E 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 u.Nb.... .U...... >+[2050] EF 24 EE BC CE 40 09 EB 05 0B D1 14 31 50 32 2F .$...@.. ....1P2/ >+[2060] B6 A8 97 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 ....K... Pn.#I.r! >+[2070] 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >+[2080] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[2090] 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 MPLE.COM ....admi >+[20A0] 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 nistrato r....... >+[20B0] 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[20C0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 .EXAMPLE .COM.... >+[20D0] 68 6F 73 74 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 host.... localkte >+[20E0] 73 74 36 00 17 00 00 00 10 72 47 04 38 B6 E6 F0 st6..... .rG.8... >+[20F0] 44 9E 9F 27 66 E1 69 9C 9A 4D 99 4F 6A 4D 99 90 D..'f.i. .M.OjM.. >+[2100] F5 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 .}D.h... ..@(.... >+[2110] 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 ........ ..a...0. >+[2120] 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 ........ ...KTEST >+[2130] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[2140] 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B OM..0... .....0.. >+[2150] 04 68 6F 73 74 1B 0B 6C 6F 63 61 6C 6B 74 65 73 .host..l ocalktes >+[2160] 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 t6....0. ........ >+[2170] 03 02 01 02 A2 82 03 9C 04 82 03 98 58 95 95 EB ........ ....X... >+[2180] CB 8F 68 D4 77 43 0F 3B 44 B4 15 DA 40 6D FD E9 ..h.wC.; D...@m.. >+[2190] 85 D3 2F CD B5 1E 96 CD F6 E9 67 91 36 08 9E B4 ../..... ..g.6... >+[21A0] B3 47 70 7A B3 4E 82 5A 4F 8E 4B F5 8D 04 E4 5C .Gpz.N.Z O.K....\ >+[21B0] C4 D8 0C AF 08 25 F9 C1 64 B2 3A 35 26 E9 B2 72 .....%.. d.:5&..r >+[21C0] 66 B5 E9 81 FC BE 12 1B CC 8A A5 82 31 F6 7F C3 f....... ....1... >+[21D0] 5A 19 A3 31 F2 99 14 1E 64 E4 41 E8 C7 C3 F3 DF Z..1.... d.A..... >+[21E0] F5 65 7D B0 9F DC 5D 25 1D 1A A8 EA AA 88 6D F4 .e}...]% ......m. >+[21F0] 7C 25 9F 53 F6 A6 8F B1 24 AF 98 FE 53 7B 35 3C |%.S.... $...S{5< >+[2200] DB EC 7F 09 74 E9 C4 8D 20 B4 47 08 0E 32 B8 C9 ....t... .G..2.. >+[2210] 45 27 12 F9 8E F5 D6 C2 DD 1A 96 0E 68 5F 39 65 E'...... ....h_9e >+[2220] 72 C7 BD 8E 04 0E 13 E1 03 27 AC 50 80 76 E6 7A r....... .'.P.v.z >+[2230] 8E F4 C2 72 4F 68 B3 34 00 A9 54 41 DA FD 96 94 ...rOh.4 ..TA.... >+[2240] 29 A1 59 15 2F DB 6C 94 85 49 C5 D0 6D 48 B0 C4 ).Y./.l. .I..mH.. >+[2250] 65 D0 95 1D DB 3D 25 D0 75 50 D4 CF FA 2F 71 57 e....=%. uP.../qW >+[2260] BD 6C 1C 59 E1 C3 5B C7 24 95 FF B0 20 EF 6A DB .l.Y..[. $... .j. >+[2270] 79 87 67 91 94 E9 16 E2 BB 74 7A 08 E1 6A 36 5F y.g..... .tz..j6_ >+[2280] DF 11 AB 35 9B 3E 32 48 83 89 41 4E 06 BF F9 BB ...5.>2H ..AN.... >+[2290] EC E4 D7 6D 77 C4 55 22 DF F7 91 4D CB C5 01 A5 ...mw.U" ...M.... >+[22A0] BA 2D 1E 92 76 04 E8 02 2F 5E AF 1C B3 B7 A6 FB .-..v... /^...... >+[22B0] 3A 9F D9 7C 6D DA B4 8F 31 00 A5 30 F2 76 72 9B :..|m... 1..0.vr. >+[22C0] 62 97 E0 56 E5 E4 C7 6B 8B FC 84 75 57 66 6E D7 b..V...k ...uWfn. >+[22D0] B7 41 6F 61 F4 5B 0F 87 68 F6 54 02 26 1B 1F B7 .Aoa.[.. h.T.&... >+[22E0] 60 D6 E7 FA 4F C7 DB 35 58 EC 13 21 D4 C6 A1 27 `...O..5 X..!...' >+[22F0] BA E7 82 DF 29 FB 9D 5D E8 35 28 C9 9C 4E D7 BE ....)..] .5(..N.. >+[2300] 2F 6D F1 E8 0B 5A 74 C9 93 9F AD 42 24 4B B7 3B /m...Zt. ...B$K.; >+[2310] 38 2A 11 CF F0 BD 85 40 48 D8 9D E7 6B 65 70 42 8*.....@ H...kepB >+[2320] 60 DA 9B 65 CB C8 C5 D7 40 3A 12 DC 64 AF 82 54 `..e.... @:..d..T >+[2330] 34 05 38 4F C6 FB 38 E2 73 A9 89 B7 FC 33 15 85 4.8O..8. s....3.. >+[2340] 9E CA E9 E0 89 18 18 84 02 65 B4 74 5B D4 A1 6F ........ .e.t[..o >+[2350] 5F 79 20 CB D7 36 C8 6D 5B 1E 5E 0C 82 16 9F CC _y ..6.m [.^..... >+[2360] 5A 1E 57 C1 B6 94 51 87 A1 3D 12 D4 8B FE 0F 93 Z.W...Q. .=...... >+[2370] ED 53 A3 F4 88 3C 35 05 89 FE AF 0B 36 62 E3 2F .S...<5. ....6b./ >+[2380] 5C 4A 0E 07 67 39 A3 8E C0 45 07 7F 73 32 BC DE \J..g9.. .E..s2.. >+[2390] 2D 00 8B 47 79 3D 1C A1 90 AE B6 8F 83 B2 1B 31 -..Gy=.. .......1 >+[23A0] EE E4 F2 C5 C1 4A E2 4A 2F 28 F0 AA 19 43 6A 14 .....J.J /(...Cj. >+[23B0] B1 42 61 90 34 2E EE 3D 16 9F 5D 9F 7A A2 01 7A .Ba.4..= ..].z..z >+[23C0] 4B 96 FA 4D C9 85 1A 75 27 B7 6B FD 4D 7D 9C 65 K..M...u '.k.M}.e >+[23D0] 97 DB 05 CC 76 68 EA 05 5D 5D BB BD 51 4B 5B F2 ....vh.. ]]..QK[. >+[23E0] 48 59 BD 1E AD 56 D4 69 A5 75 CD ED EC B1 3E AB HY...V.i .u....>. >+[23F0] FA B7 F8 8D 4F BE 95 63 38 1C 4C 70 26 C4 3A 21 ....O..c 8.Lp&.:! >+[2400] 80 61 05 3A D4 E2 28 2C 85 01 5A DA FC 10 60 F3 .a.:..(, ..Z...`. >+[2410] 74 0C FD DB 2F 5B 25 4B 14 E4 7D 8A DB 85 12 D2 t.../[%K ..}..... >+[2420] D7 69 CD B5 B1 93 CE E5 E6 4D 57 D3 C2 D3 2E A0 .i...... .MW..... >+[2430] 08 37 09 CD 19 99 09 FA 33 68 4A E0 92 46 21 0C .7...... 3hJ..F!. >+[2440] 99 9F DA 05 15 20 8B 3D 7C 7B CA D6 81 AC AA 83 ..... .= |{...... >+[2450] 48 C8 24 4C C8 FC A5 14 2C BC 49 1A 1C 49 61 1D H.$L.... ,.I..Ia. >+[2460] 24 86 42 B1 37 6A C8 3A AC 18 CC C0 50 84 12 48 $.B.7j.: ....P..H >+[2470] 8B 29 0A 49 26 A4 E2 B9 E5 96 E7 37 C3 DE 4C 23 .).I&... ...7..L# >+[2480] D2 D4 62 14 8F 1E 72 39 CF 03 BC A3 00 C7 63 51 ..b...r9 ......cQ >+[2490] A9 6B E4 3E B2 65 A1 A2 BB EC 06 41 85 50 22 02 .k.>.e.. ...A.P". >+[24A0] 46 2F 72 2B 32 1A A4 2D 85 94 02 47 69 8D AD 6D F/r+2..- ...Gi..m >+[24B0] 66 AB D4 E4 29 C8 C7 DA F4 18 31 2A DF 50 6A 05 f...)... ..1*.Pj. >+[24C0] D6 47 26 C4 F9 87 0F 35 24 6E 72 D6 23 7D 3A 94 .G&....5 $nr.#}:. >+[24D0] 14 8D E8 57 AA BA D7 CF A9 2D E7 4C 10 7C D8 0D ...W.... .-.L.|.. >+[24E0] 51 30 1F E1 FB E5 E2 6C EE AA 65 2F D8 22 05 67 Q0.....l ..e/.".g >+[24F0] 87 4D 4D D2 11 3D B4 1E AA 20 3F 76 E3 94 93 6D .MM..=.. . ?v...m >+[2500] AC 10 05 AF 09 BD 67 86 C5 83 93 D6 1C D3 81 D9 ......g. ........ >+[2510] B1 3B E1 76 00 00 00 00 00 00 00 01 00 00 00 01 .;.v.... ........ >+[2520] 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E ....KTES T.SAMBA. >+[2530] 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 EXAMPLE. COM....a >+[2540] 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 dministr ator.... >+[2550] 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[2560] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[2570] 00 00 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C ...host. ...LOCAL >+[2580] 4B 54 45 53 54 36 00 17 00 00 00 10 55 6E 3E FC KTEST6.. ....Un>. >+[2590] E2 F4 40 51 19 E6 6E EB 23 4C 48 8E 4D 99 4F 6A ..@Q..n. #LH.M.Oj >+[25A0] 4D 99 90 FC 7D 44 0B 68 00 00 00 00 00 40 28 00 M...}D.h .....@(. >+[25B0] 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 ........ .....a.. >+[25C0] F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 .0...... ......KT >+[25D0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[25E0] 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 E.COM..0 ........ >+[25F0] 30 13 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 0...host ..LOCALK >+[2600] 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 TEST6... .0...... >+[2610] 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 6E ........ .......n >+[2620] 87 B7 7B 3A 7E EF 4A 1B 29 C9 E3 C4 1F 42 4F 0E ..{:~.J. )....BO. >+[2630] C8 AC AC 4E A2 77 1D DA 93 37 F1 AF DA A3 75 2D ...N.w.. .7....u- >+[2640] 12 8B 40 34 23 0E 8E A9 90 58 46 42 42 39 31 D6 ..@4#... .XFBB91. >+[2650] 03 9E 5D 81 D9 E8 F6 08 2B D9 96 88 8A 2F F1 CC ..]..... +..../.. >+[2660] F2 EA 9E 9A 4B 31 B6 04 2D 3D 4C 7F 92 DE 3B 04 ....K1.. -=L...;. >+[2670] 19 EE 28 D0 83 81 C3 46 CD 74 23 4C 14 34 DE 62 ..(....F .t#L.4.b >+[2680] 0A AC E5 12 16 75 E9 A8 4B 32 78 CC 8D AE A2 E5 .....u.. K2x..... >+[2690] 6D E8 09 70 76 52 F5 E5 18 F7 E7 91 15 6A 69 AB m..pvR.. .....ji. >+[26A0] B8 62 DD 80 F5 28 6D DF ED 10 DA AC FB 92 27 CF .b...(m. ......'. >+[26B0] 98 B5 77 9D A5 96 E6 9A CC B9 C3 91 78 22 35 9C ..w..... ....x"5. >+[26C0] A1 13 A3 20 28 D1 16 E5 3E 4A 85 1E 12 0B CA 4D ... (... >J.....M >+[26D0] C6 C8 03 C8 28 2C D8 29 5D 9A 76 4A 92 13 43 56 ....(,.) ].vJ..CV >+[26E0] AF F7 C1 71 25 72 5C 38 75 1C 07 F1 5E 86 05 72 ...q%r\8 u...^..r >+[26F0] 6F 69 95 42 B6 F2 DA A9 91 06 9F B9 54 20 33 A5 oi.B.... ....T 3. >+[2700] 31 60 3B 54 DC 3A 95 34 96 26 07 52 6B 0E 1D 3B 1`;T.:.4 .&.Rk..; >+[2710] D9 F8 48 20 AC CD 05 3B 99 F8 EE DB 83 28 CD C7 ..H ...; .....(.. >+[2720] 2F 45 00 7E 2F 0A 65 7A D1 9E 95 4B EE C3 34 93 /E.~/.ez ...K..4. >+[2730] A8 C7 DF 03 8B 14 D0 FC CE 56 90 AC EE 93 C5 D3 ........ .V...... >+[2740] F7 12 24 69 0B 20 8D A2 65 87 55 26 2A F9 9A 88 ..$i. .. e.U&*... >+[2750] D7 0D 86 61 D6 92 B6 FE E5 D1 66 F9 1F 9D F4 04 ...a.... ..f..... >+[2760] 48 A6 39 BC 54 20 EA 10 21 E9 6D 30 46 1D C2 1C H.9.T .. !.m0F... >+[2770] A4 E8 B4 63 85 37 27 25 80 52 41 60 C7 A1 32 21 ...c.7'% .RA`..2! >+[2780] 43 90 02 E6 5F 5A E9 4E AF F9 B5 13 BD 42 BD A3 C..._Z.N .....B.. >+[2790] A5 4D 10 45 83 4D 92 18 1F C9 CF FB 84 29 89 23 .M.E.M.. .....).# >+[27A0] AC 71 4B 89 1B 52 E5 06 8C 3E 7C 88 CB D3 B3 CF .qK..R.. .>|..... >+[27B0] B9 7A 67 D6 24 F4 AC 00 A6 AD 91 30 9A 95 53 F1 .zg.$... ...0..S. >+[27C0] 48 06 A6 39 DB CF DC 9D C9 55 76 26 5E C1 DB 5D H..9.... .Uv&^..] >+[27D0] B3 5B 3E AE 1A A0 10 BA 82 21 83 44 02 E0 99 33 .[>..... .!.D...3 >+[27E0] 40 BA 29 9E 28 E5 73 4C 23 94 A2 4F BF 07 ED 4F @.).(.sL #..O...O >+[27F0] 7C 45 9B 30 C8 41 6B 0A 55 13 6E F5 AD 7A 0C B2 |E.0.Ak. U.n..z.. >+[2800] EA FF D0 06 13 4D F3 24 82 7F F6 51 2F 4A 4F 0D .....M.$ ...Q/JO. >+[2810] 37 F8 14 6B E9 E4 82 BB 3A 75 63 63 12 E8 78 6F 7..k.... :ucc..xo >+[2820] 6F FC 6C D3 4B A6 F1 CC 2A F1 7D EB 82 26 2F D0 o.l.K... *.}..&/. >+[2830] A1 8B 3E 9A 71 D7 91 D3 08 E6 FD 62 1B 84 13 2D ..>.q... ...b...- >+[2840] 8E A0 A0 C3 85 78 2F 0D F8 E7 10 FC CB 05 A7 B9 .....x/. ........ >+[2850] 9A 33 90 B5 9B 26 E3 23 98 B0 91 4B EB 32 37 D6 .3...&.# ...K.27. >+[2860] F4 ED 61 08 D8 75 CC 03 83 2C 3C CF 21 63 9C F6 ..a..u.. .,<.!c.. >+[2870] AF 5B 4F 12 07 74 17 CD 98 BB E7 5E C7 17 2D C4 .[O..t.. ...^..-. >+[2880] 87 A4 74 6D 5E CE DB A3 01 B9 AD 20 73 38 78 22 ..tm^... ... s8x" >+[2890] 3D 45 F5 51 77 C6 47 63 45 61 81 D9 FF 31 90 C4 =E.Qw.Gc Ea...1.. >+[28A0] 6F 5A F8 FE 6A 56 5B D4 EE EC 49 C7 A7 51 AE 5C oZ..jV[. ..I..Q.\ >+[28B0] 85 53 70 3D 1A 49 83 59 CF 65 58 B3 48 7E 04 9E .Sp=.I.Y .eX.H~.. >+[28C0] C7 64 8A 05 73 E3 DC 1A 65 5D 4F 41 01 56 73 90 .d..s... e]OA.Vs. >+[28D0] 61 F3 84 1F FF CF 46 B2 06 46 56 97 93 B9 DB 32 a.....F. .FV....2 >+[28E0] 2A 64 8A 48 02 05 84 E9 FA 76 8B 94 96 89 A0 73 *d.H.... .v.....s >+[28F0] 20 75 4D 52 1D 23 13 D1 83 D7 5D 59 23 6A 87 C1 uMR.#.. ..]Y#j.. >+[2900] 09 3E 01 3A 28 65 42 8C 35 F1 91 EA 6A 1F 83 0D .>.:(eB. 5...j... >+[2910] 8F 57 69 81 D4 A2 D2 EA 0C BF AF 95 A3 F4 90 15 .Wi..... ........ >+[2920] 61 34 F2 6C 8B D0 DA B5 1E 43 AC CE C7 8A 1B 2B a4.l.... .C.....+ >+[2930] 29 2B 89 1C C5 53 C8 04 F7 1E 46 72 F3 A8 CE F7 )+...S.. ..Fr.... >+[2940] 59 76 55 E7 53 1C A2 9F D8 23 F7 EA 71 B0 74 83 YvU.S... .#..q.t. >+[2950] 71 95 3E DC A6 FA 2D A4 42 13 93 8B 2B FA A2 70 q.>...-. B...+..p >+[2960] 25 21 2D F6 E1 26 56 DF 58 79 25 16 E8 C9 03 EC %!-..&V. Xy%..... >+[2970] 72 5F 35 CF 59 6B E1 AD 85 85 7B AB 78 F2 0D AC r_5.Yk.. ..{.x... >+[2980] AB 89 F2 DA 85 E7 DE 09 77 99 EC 7C F3 97 1F 71 ........ w..|...q >+[2990] 3C DB 09 44 7A 3C 69 E5 03 B0 6D 4D 3B 6B 4C D5 <..Dz<i. ..mM;kL. >+[29A0] AB 52 2F 6F 81 2B 51 5B D2 66 44 1E B7 66 5D 7F .R/o.+Q[ .fD..f]. >+[29B0] 09 6A 92 27 27 62 08 00 00 00 00 .j.''b.. ... >+push returned Success >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] 8B 94 0B 31 51 5B F7 A7 15 E9 EE D7 D7 0C 8C 90 ...1Q[.. ........ >+ authtime : 0x4d994f6a (1301892970) >+ starttime : 0x4d994f6a (1301892970) >+ endtime : 0x7d440b68 (2101611368) >+ renew_till : 0x7d440b68 (2101611368) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 80 66 8F CF AB 24 9D C8 76 E4 28 F5 25 6B 73 B2 .f...$.. v.(.%ks. >+[0080] 4B 94 ED 09 10 29 05 C4 C0 B8 B9 33 FA C4 46 AB K....).. ...3..F. >+[0090] F4 B5 9E 5B 07 54 D6 58 1D B8 CA 04 41 A6 33 A6 ...[.T.X ....A.3. >+[00A0] 67 9D EB 83 70 65 A9 2D 65 A5 19 8C 55 2A 0F FC g...pe.- e...U*.. >+[00B0] 1B BB 7A BD 86 C0 32 06 F2 2F 0A A5 93 E7 D1 1E ..z...2. ./...... >+[00C0] 16 C4 27 DD 1F A7 61 03 FF 05 81 EF 49 B7 25 A3 ..'...a. ....I.%. >+[00D0] 6E EA E6 E8 15 E3 10 AF A3 F1 21 B3 D9 C0 67 2F n....... ..!...g/ >+[00E0] 0C 0C B7 42 D6 9A 34 8E D4 5E 55 C2 FE 62 03 37 ...B..4. .^U..b.7 >+[00F0] A5 58 9B 43 E7 26 E3 71 B2 E5 F1 91 B4 23 8F AC .X.C.&.q .....#.. >+[0100] 7A 31 3C 4E B4 94 E4 81 36 98 71 3B 98 7B B7 AB z1<N.... 6.q;.{.. >+[0110] D5 AA D3 34 2A 3B C8 D7 61 EE 60 F9 68 9C A0 56 ...4*;.. a.`.h..V >+[0120] 51 E7 85 81 DE EF B9 9F 8B 4A 07 E1 05 93 08 5A Q....... .J.....Z >+[0130] AE B3 92 A5 17 40 B1 1C 42 A9 E4 AD 3C B4 4E D3 .....@.. B...<.N. >+[0140] BE 68 C4 0C 81 C0 AB 2D 3E 81 09 BD 16 82 EB C5 .h.....- >....... >+[0150] 1A 69 EE 8C 4E A4 D8 55 A5 0B 23 0F D0 89 48 C4 .i..N..U ..#...H. >+[0160] 51 FE 32 FD CC F6 71 E1 95 2D CC 1D 0A 0C 8A A2 Q.2...q. .-...... >+[0170] 69 58 3B 65 88 53 EC D0 2E E1 C6 CC 6B BC 09 E5 iX;e.S.. ....k... >+[0180] B9 15 27 8B E4 B2 24 18 61 42 BB 8B 09 1B 8A 7B ..'...$. aB.....{ >+[0190] 13 D8 51 E1 0B 79 12 48 DE A9 54 04 00 6D DD E6 ..Q..y.H ..T..m.. >+[01A0] 5E 03 91 FF C7 6D 0B 7C 91 44 E1 0F C0 7E 32 34 ^....m.| .D...~24 >+[01B0] 82 86 94 F7 CD 53 EC 52 38 18 AA ED FF FC 5C 01 .....S.R 8.....\. >+[01C0] D2 EE 99 45 8E 5B E6 B3 46 B0 F6 3B 22 29 EC 11 ...E.[.. F..;").. >+[01D0] 30 6A F6 A1 1F 9E AE 71 E3 A6 E7 3F F3 7D 2B 75 0j.....q ...?.}+u >+[01E0] 70 4D 63 47 5C 18 2C 8B B1 1A 69 B6 C5 46 01 17 pMcG\.,. ..i..F.. >+[01F0] 8E 64 3D 47 88 20 1C AA D7 60 32 28 11 60 EA 28 .d=G. .. .`2(.`.( >+[0200] 66 99 4C B1 2A 28 96 BF 18 2A 3E F4 D6 84 E5 A0 f.L.*(.. .*>..... >+[0210] F4 4E E7 F9 54 95 22 96 2A 87 01 CC 3E A7 FF 42 .N..T.". *...>..B >+[0220] 6A A4 4A 3A B9 24 10 65 99 53 58 2A 4E 72 E7 1F j.J:.$.e .SX*Nr.. >+[0230] 82 BC BD 3C 6C 9D 33 3A CE C6 6E 72 A2 81 B3 84 ...<l.3: ..nr.... >+[0240] 82 DF 3C 1F 76 E5 B8 08 AD 0A 6C 7D 7B D5 0C 46 ..<.v... ..l}{..F >+[0250] 69 A4 F4 E9 9E 3D D7 2D E1 43 D1 7A 52 16 75 56 i....=.- .C.zR.uV >+[0260] 54 83 D5 2A 2F A7 D2 CB 48 FE FF DB AE 46 F2 5B T..*/... H....F.[ >+[0270] F4 52 BE C8 5E B1 04 95 52 35 3E 92 E0 02 F7 85 .R..^... R5>..... >+[0280] AB F0 D0 93 08 42 E5 37 19 24 4E C1 AF FC 92 A9 .....B.7 .$N..... >+[0290] B1 27 B1 9A 2A 62 34 F1 DC C0 6B 83 AE C3 74 E8 .'..*b4. ..k...t. >+[02A0] A3 05 DD 82 DD A3 D7 90 A8 E3 9C EB 64 16 23 06 ........ ....d.#. >+[02B0] 5D FB E4 35 7C 22 29 78 E3 3B 75 92 91 0C 9D A1 ]..5|")x .;u..... >+[02C0] 87 7C 2E 82 AE 49 9D 4A 50 A9 C2 D5 85 B0 16 5D .|...I.J P......] >+[02D0] A2 CD B0 DD 29 3F 6F 66 C9 C1 9F 5C F0 B6 FC D2 ....)?of ...\.... >+[02E0] 52 BE 7B F0 1F 26 AF 8A FC C3 A6 24 8C C0 10 06 R.{..&.. ...$.... >+[02F0] 73 1E 17 9E 6E 6F 32 44 6A DF 82 5D D0 6B 74 CE s...no2D j..].kt. >+[0300] 58 0B 4C 7B EB A1 13 44 B1 3E D8 F8 BA F4 4E 55 X.L{...D .>....NU >+[0310] 71 3D C1 09 D9 E7 97 9A 14 5C 54 7E 57 81 5F 6B q=...... .\T~W._k >+[0320] 30 BE 9A E1 98 29 47 D4 C0 8F 63 0A F8 27 1F CE 0....)G. ..c..'.. >+[0330] ED D9 BB 7B 12 24 D0 34 2A 7C F0 F7 77 F4 F1 1D ...{.$.4 *|..w... >+[0340] 4C 5D 75 2D 6B 0D 80 35 82 CC D8 7A 6B FA A0 55 L]u-k..5 ...zk..U >+[0350] 34 CD 87 15 61 38 78 D4 69 0F AA 72 D6 AC FA 99 4...a8x. i..r.... >+[0360] BC 70 39 27 A7 25 2E 1B 6F 36 01 FD E9 B4 9A 79 .p9'.%.. o6.....y >+[0370] 6C 19 DD A6 8C 78 B0 40 92 60 58 F0 28 AD 08 78 l....x.@ .`X.(..x >+[0380] 4A 29 06 2C 82 2B 1A E3 91 0B 5F EE D6 B8 66 47 J).,.+.. .._...fG >+[0390] 31 9B A3 DF 9F 79 D7 BB 0E 2C FA 0E C9 66 84 8D 1....y.. .,...f.. >+[03A0] FF BA BB 21 27 9E AD 86 84 55 8D 4C 4C 47 D9 5F ...!'... .U.LLG._ >+[03B0] B2 7D 26 CA B7 49 3C 9D 1B 67 71 11 3A 8A EB EA .}&..I<. .gq.:... >+[03C0] 0F 15 EB F0 1E 46 F7 A4 34 04 D7 E3 50 67 47 D3 .....F.. 4...PgG. >+[03D0] 66 21 17 77 51 A7 1F 1D 84 3B 7C B1 5D 4E B8 D4 f!.wQ... .;|.]N.. >+[03E0] F9 C5 75 06 AA 19 45 1C E9 06 9E AD 23 26 6B 10 ..u...E. ....#&k. >+[03F0] 53 A0 36 D3 58 9F 5E 8C CB A5 F6 BC C9 30 3C BC S.6.X.^. .....0<. >+[0400] AD FF 7C 92 F0 C6 9A 02 ..|..... >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=10683 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 PLE.COM. ...cifs. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 72 3A 0C .....n.. 1mH..r:. >+[0080] 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D 44 0B 68 K...M.Oj M.P.}D.h >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 ........ 0...cifs >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 FC 5E 51 ........ .d.1..^Q >+[0110] 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 12 74 2D <..4G;.o o.....t- >+[0120] 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB F1 15 FD D....-F> ........ >+[0130] BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 A2 9D 2D ..... j8 .F.'...- >+[0140] 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B 70 E4 51 ...}...| .G..{p.Q >+[0150] 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 55 75 44 j.Qhb(J. Q....UuD >+[0160] 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 C1 0C 3A ......4. .1..C..: >+[0170] B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 AF E1 61 .i. ...e O. ....a >+[0180] 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B 74 D5 8F ...c&.]. <.).{t.. >+[0190] 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD 22 9A A5 ,.K..$W7 .....".. >+[01A0] 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 28 4B 7B ..Jx.6.. ..'..(K{ >+[01B0] DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 26 91 78 ..B..... ....H&.x >+[01C0] A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 4D 38 C7 ...l$... .....M8. >+[01D0] 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 53 C5 16 }IU..F.. {..bcS.. >+[01E0] 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 7E 40 65 J...|..E ...Xg~@e >+[01F0] 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 56 E8 A1 KH...... 9....V.. >+[0200] 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F 18 CE 2F .zz.`..) ...L.../ >+[0210] 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 08 FC BF ...[l..E .s..U... >+[0220] C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 2D F1 3B ..Q..,.. <....-.; >+[0230] A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB 8A 18 BD ....*g.. ..|l.... >+[0240] D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 7E 7D C4 .].^h0.X ....&~}. >+[0250] E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED 42 79 31 ........ .^^j.By1 >+[0260] BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 36 C9 1E .._:?..c .....6.. >+[0270] 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 DE 26 85 .}A....& ..P^..&. >+[0280] 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 79 8F 77 0q.E;... ..*<.y.w >+[0290] 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB 25 7B B1 L.iz.... ...x.%{. >+[02A0] 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D C8 AB 04 <."'..u. ..@.m... >+[02B0] 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D E6 15 2C .A..%q.S :...M.., >+[02C0] B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 F5 E9 B2 .Gl..}.. ....!... >+[02D0] 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA 08 0D CE B.h(..7" .0.S.... >+[02E0] CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 56 72 C6 ..a...-u .A.L.Vr. >+[02F0] B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 A0 BD 68 ...4...\ .......h >+[0300] EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 83 84 D4 ..2..Q.? g.{.p... >+[0310] CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 05 CF 26 .RU6a.`. [o..b..& >+[0320] 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F B0 B8 07 .e.`K.c. ..D./... >+[0330] FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F 44 09 20 ...P.V.. .%v..D. >+[0340] 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 93 B1 30 ....c.TF ..^....0 >+[0350] 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A 1F C1 08 1{..#C;. }9g..... >+[0360] AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A 7F 1D 4A .4$.t... 4.aWj..J >+[0370] 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 0F DF 44 ...x...T ."..i..D >+[0380] 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C 53 E3 85 |.k.AcP. :..{LS.. >+[0390] 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC 84 84 D9 s....u.P ........ >+[03A0] BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 9B EC 5C ...y.j.. ..~."..\ >+[03B0] C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B 80 E6 67 .k...U2^ #......g >+[03C0] B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 24 8A B1 .Y..]... .}...$.. >+[03D0] 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 21 7C 3D 7.`..5H2 .....!|= >+[03E0] 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC 34 C1 2D !.k.1... L+.^.4.- >+[03F0] DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 07 06 72 ..l.m.`. U......r >+[0400] C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 CB 53 6B ..N..k>. ..uM..Sk >+[0410] 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 B7 D8 F5 4./..9.. n'.mA... >+[0420] 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 84 5E 82 .......V ......^. >+[0430] C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 FA 66 A0 ........ ;.....f. >+[0440] DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B 4D 72 9F .2`..F.< ..o..Mr. >+[0450] 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 B6 1B 9F ...qn|.. ..M..... >+[0460] 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 C2 69 E5 bq.,.... ..y...i. >+[0470] 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C 52 17 03 ~.W...N. ...OLR.. >+[0480] AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 95 61 2E ...4`.|. .607..a. >+[0490] CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D 84 D5 00 .p."p... n=0.M... >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 6....... n..1mH.. >+[0520] 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D r:.K...M .OjM.P.} >+[0530] 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 D.h..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 ........ ....d.1. >+[05B0] FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 .^Q<..4G ;.oo.... >+[05C0] 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB .t-D.... -F>..... >+[05D0] F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 ........ j8.F.'. >+[05E0] A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B ..-...}. ..|.G..{ >+[05F0] 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 p.Qj.Qhb (J.Q.... >+[0600] 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 UuD..... .4..1..C >+[0610] C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 ..:.i. . ..eO. .. >+[0620] AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B ..a...c& .].<.).{ >+[0630] 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD t..,.K.. $W7..... >+[0640] 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 "....Jx. 6....'.. >+[0650] 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 (K{..B.. .......H >+[0660] 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 &.x...l$ ........ >+[0670] 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 M8.}IU.. F..{..bc >+[0680] 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 S..J...| ..E...Xg >+[0690] 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 ~@eKH... ...9.... >+[06A0] 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F V...zz.` ..)...L. >+[06B0] 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 ../...[l ..E.s..U >+[06C0] 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 .....Q.. ,..<.... >+[06D0] 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB -.;....* g....|l. >+[06E0] 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 ....].^h 0.X....& >+[06F0] 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED ~}...... ....^^j. >+[0700] 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 By1.._:? ..c..... >+[0710] 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 6...}A.. ..&..P^. >+[0720] DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 .&.0q.E; .....*<. >+[0730] 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB y.wL.iz. ......x. >+[0740] 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D %{.<."'. .u...@.m >+[0750] C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D ....A..% q.S:...M >+[0760] E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 ..,.Gl.. }......! >+[0770] F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA ...B.h(. .7".0.S. >+[0780] 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 .....a.. .-u.A.L. >+[0790] 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 Vr....4. ..\..... >+[07A0] A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 ..h..2.. Q.?g.{.p >+[07B0] 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 ....RU6a .`.[o..b >+[07C0] 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F ..&.e.`K .c...D./ >+[07D0] B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F ......P. V...%v.. >+[07E0] 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 D. ....c .TF..^.. >+[07F0] 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A ..01{..# C;.}9g.. >+[0800] 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A ....4$.t ...4.aWj >+[0810] 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 ..J...x. ..T."..i >+[0820] 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C ..D|.k.A cP.:..{L >+[0830] 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC S..s.... u.P..... >+[0840] 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 ......y. j....~." >+[0850] 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B ..\.k... U2^#.... >+[0860] 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 ..g.Y..] ....}... >+[0870] 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 $..7.`.. 5H2..... >+[0880] 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC !|=!.k.1 ...L+.^. >+[0890] 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 4.-..l.m .`.U.... >+[08A0] 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 ..r..N.. k>...uM. >+[08B0] CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 .Sk4./.. 9..n'.mA >+[08C0] B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 ........ ..V..... >+[08D0] 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 .^...... ...;.... >+[08E0] FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B .f..2`.. F.<..o.. >+[08F0] 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 Mr....qn |....M.. >+[0900] B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 ...bq.,. .....y.. >+[0910] C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C .i.~.W.. .N....OL >+[0920] 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 R.....4` .|..607. >+[0930] 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D .a..p."p ...n=0.M >+[0940] 84 D5 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 63 69 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 .cifs... .localkt >+[09B0] 65 73 74 36 00 17 00 00 00 10 00 6E A1 B2 31 6D est6.... ...n..1m >+[09C0] 48 C7 90 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 H..r:.K. ..M.OjM. >+[09D0] 50 85 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 P.}D.h.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 63 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 ..cifs.. localkte >+[0A30] 73 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 st6....0 ........ >+[0A40] A1 03 02 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 ........ .......d >+[0A50] A8 31 00 FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD .1..^Q<. .4G;.oo. >+[0A60] 9E A6 91 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB ....t-D. ...-F>.. >+[0A70] FB C4 FB F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 ........ ... j8.F >+[0A80] 06 27 D9 A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 .'...-.. .}...|.G >+[0A90] 17 BC 7B 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 ..{p.Qj. Qhb(J.Q. >+[0AA0] 0D CD 02 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 ...UuD.. ....4..1 >+[0AB0] 85 9E 43 C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 ..C..:.i . ...eO. >+[0AC0] 20 C9 B5 AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD ....a.. .c&.].<. >+[0AD0] 29 BB 7B 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 ).{t..,. K..$W7.. >+[0AE0] F7 91 FD 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A ...".... Jx.6.... >+[0AF0] 27 8A C6 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F '..(K{.. B....... >+[0B00] 9C B8 48 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 ..H&.x.. .l$..... >+[0B10] B3 D3 85 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA ...M8.}I U..F..{. >+[0B20] 11 62 63 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 .bcS..J. ..|..E.. >+[0B30] 98 58 67 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 .Xg~@eKH ......9. >+[0B40] 04 C0 A8 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC ...V...z z.`..).. >+[0B50] 82 4C 8F 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 .L.../.. .[l..E.s >+[0B60] CB A4 55 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD ..U..... Q..,..<. >+[0B70] F6 F0 A3 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 ...-.;.. ..*g.... >+[0B80] 7C 6C FB 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 |l.....] .^h0.X.. >+[0B90] 13 E0 26 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E ..&~}... .......^ >+[0BA0] 5E 6A ED 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB ^j.By1.. _:?..c.. >+[0BB0] 06 AE 12 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 ...6...} A....&.. >+[0BC0] 50 5E D0 DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 P^..&.0q .E;..... >+[0BD0] 2A 3C E0 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC *<.y.wL. iz...... >+[0BE0] FF 78 DB 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 .x.%{.<. "'..u... >+[0BF0] 40 95 6D C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 @.m....A ..%q.S:. >+[0C00] 9C B2 4D E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B ..M..,.G l..}.... >+[0C10] C9 1E 21 F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 ..!...B. h(..7".0 >+[0C20] 8D 53 FA 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 .S...... a...-u.A >+[0C30] 85 4C 88 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA .L.Vr... .4...\.. >+[0C40] 80 90 82 A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB .....h.. 2..Q.?g. >+[0C50] 7B EB 70 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F {.p....R U6a.`.[o >+[0C60] FE 9A 62 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 ..b..&.e .`K.c... >+[0C70] 44 B4 2F B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 D./..... .P.V...% >+[0C80] 76 0B 0F 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB v..D. .. ..c.TF.. >+[0C90] 5E 0B 09 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 ^....01{ ..#C;.}9 >+[0CA0] 67 FE 9A 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F g......4 $.t...4. >+[0CB0] 61 57 6A 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 aWj..J.. .x...T." >+[0CC0] 86 D6 69 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 ..i..D|. k.AcP.:. >+[0CD0] B9 7B 4C 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 .{LS..s. ...u.P.. >+[0CE0] B0 CF CC 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 ........ .y.j.... >+[0CF0] 7E E9 22 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 ~."..\.k ...U2^#. >+[0D00] C0 D4 8B 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D .....g.Y ..]....} >+[0D10] E2 FE B1 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 ...$..7. `..5H2.. >+[0D20] E8 12 E6 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B ...!|=!. k.1...L+ >+[0D30] 1C 5E EC 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E .^.4.-.. l.m.`.U. >+[0D40] E6 D0 B5 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A .....r.. N..k>... >+[0D50] 75 4D E8 CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 uM..Sk4. /..9..n' >+[0D60] 00 6D 41 B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 .mA..... .....V.. >+[0D70] 04 1D 98 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 ....^... ......;. >+[0D80] 98 1C D8 FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 ....f..2 `..F.<.. >+[0D90] 6F F2 8B 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 o..Mr... .qn|.... >+[0DA0] 4D F1 A1 B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B M.....bq .,...... >+[0DB0] 79 90 F1 C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 y...i.~. W...N... >+[0DC0] EA 4F 4C 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 .OLR.... .4`.|..6 >+[0DD0] 30 37 88 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 07..a..p ."p...n= >+[0DE0] 30 F7 4D 84 D5 00 00 00 00 00 00 00 01 00 00 00 0.M..... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 1D C8 5E LKTEST6. .......^ >+[0E60] 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 4D 99 4F FH..)... .rm..M.O >+[0E70] 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 00 40 28 jM...}D. h.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE 07 48 DA f..F..s- ...J..H. >+[0F00] 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 2D F5 9C ..X0C@.. ..;..-.. >+[0F10] 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED 8B 8B 1B >./..... ...p.... >+[0F20] 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 00 32 B1 ^.N..... a...V.2. >+[0F30] DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 D4 19 74 ..7)./.. .C.....t >+[0F40] 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 63 9B D4 3.iR.X.. ...D.c.. >+[0F50] 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D 29 B6 ED Nn.>...M ....m).. >+[0F60] 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A E2 29 AF *b=S"3.. ..tL*.). >+[0F70] 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 5E C1 68 [i.H-... ..T..^.h >+[0F80] 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 3B 10 17 o...y... .vfE.;.. >+[0F90] 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A C0 EA 38 .@F..... ....:..8 >+[0FA0] 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D 65 F0 D2 ;..K...' .b...e.. >+[0FB0] C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 4F A2 4A .^.e.... .1..IO.J >+[0FC0] 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 31 C8 40 pw...[7\ .....1.@ >+[0FD0] 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1C 53 52 ..h..}.T ORa1,.SR >+[0FE0] DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 97 97 3D ....9.}. .."....= >+[0FF0] 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 DF B7 C1 ^f....N. +.c 0... >+[1000] D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B 09 04 31 .e.o-.$. ..nK..1 >+[1010] B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D D9 0C 4C ....72.. s...M..L >+[1020] 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 A7 1F 33 [..jQ..? .F.s...3 >+[1030] 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F AA C7 E8 .|..Z#.@ |....... >+[1040] 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 69 B0 C1 c..:J..b .!...i.. >+[1050] 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 48 AB D7 .Q....B[ .08..H.. >+[1060] FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 FC C1 DC ....q... TB...... >+[1070] F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C 26 67 32 ..0b...} +4.RL&g2 >+[1080] D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 D6 EB 98 .D..'... ..f5.... >+[1090] 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B 20 D6 33 Fo.G..1. G.e.. .3 >+[10A0] 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 3E 4B 32 6;.@/Z.. ....3>K2 >+[10B0] 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 6A 3E D2 ..".._.. ...[Yj>. >+[10C0] FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 44 C0 1F ..O....o +.7.7D.. >+[10D0] 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE 72 5B 3A ..CF.^.. .9pa.r[: >+[10E0] 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 81 A0 0D .7.x.... ...G.... >+[10F0] 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 5A 4D E2 b..46... ...>wZM. >+[1100] 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 59 F7 A3 _ p==[4. ..1..Y.. >+[1110] F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 31 D4 F3 .f...... .3.."1.. >+[1120] 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 9E 91 B8 g.h ..rz od.h.... >+[1130] E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 58 14 60 ..ml8t.. ..%..X.` >+[1140] 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A 86 21 D3 ...L..g> 5gq.*.!. >+[1150] 60 61 98 16 94 67 0B 52 76 63 93 BD A3 3B A9 F0 `a...g.R vc...;.. >+[1160] A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D 94 71 59 .j...5d. j. .=.qY >+[1170] 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B 7A A8 E6 ^....M.. K.d.;z.. >+[1180] D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 C9 2F 77 ..vq&.\. .U..../w >+[1190] DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B 44 11 6B ...H.... 1....D.k >+[11A0] 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D F4 CC EA |.z].n.. ...4.... >+[11B0] 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 C6 16 57 7$K..... )...9..W >+[11C0] D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 56 9C EC ..W.l~.. .....V.. >+[11D0] 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F 16 25 31 .>!..|.< ....o.%1 >+[11E0] C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 DB 85 CC .(...G1P ........ >+[11F0] 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 10 8C 82 kK,...-. m....... >+[1200] 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 0A 4F E3 /.....w@ PB.B..O. >+[1210] 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 5B C3 1A ll...... }.<s"[.. >+[1220] 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 54 C0 E3 .5.:.m.h ..e~.T.. >+[1230] 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 25 4A 92 }j2L.>.x K....%J. >+[1240] 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 75 28 2F .l...Y.. .....u(/ >+[1250] F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 C4 A0 8D .*p(.E.u .Nb..... >+[1260] 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 09 EB 05 U....... $...@... >+[1270] 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 95 01 50 ...1P2/. ...K...P >+[1280] 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 00 00 01 n.#I.r!. ........ >+[1290] 00 00 00 01 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[12A0] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[12B0] 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 ...admin istrator >+[12C0] 00 00 00 01 00 00 00 02 00 00 00 17 4B 54 45 53 ........ ....KTES >+[12D0] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[12E0] 43 4F 4D 00 00 00 04 63 69 66 73 00 00 00 0B 4C COM....c ifs....L >+[12F0] 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 00 00 10 OCALKTES T6...... >+[1300] 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 ..^FH..) ....rm.. >+[1310] 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 M.OjM... }D.h.... >+[1320] 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 03 .@(..... ........ >+[1330] FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 .a...0.. ........ >+[1340] 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1350] 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 AMPLE.CO M..0.... >+[1360] 01 01 A1 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F ....0... cifs..LO >+[1370] 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 CALKTEST 6....0.. >+[1380] AA A0 03 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 ........ ........ >+[1390] 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE ...f..F. .s-...J. >+[13A0] 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 .H...X0C @....;.. >+[13B0] 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED -..>./.. ......p. >+[13C0] 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 ...^.N.. ...a...V >+[13D0] 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 .2...7). /...C... >+[13E0] D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 ..t3.iR. X.....D. >+[13F0] 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D c..Nn.>. ..M....m >+[1400] 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A )..*b=S" 3....tL* >+[1410] E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 .).[i.H- .....T.. >+[1420] 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 ^.ho...y ....vfE. >+[1430] 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A ;...@F.. .......: >+[1440] C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D ..8;..K. ..'.b... >+[1450] 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 e...^.e. ....1..I >+[1460] 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 O.Jpw... [7\..... >+[1470] 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1.@..h.. }.TORa1, >+[1480] 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 .SR....9 .}...".. >+[1490] 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 ..=^f... .N.+.c 0 >+[14A0] DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B ....e.o- .$. ..nK >+[14B0] 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D ..1....7 2..s...M >+[14C0] D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 ..L[..jQ ..?.F.s. >+[14D0] A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F ..3.|..Z #.@|.... >+[14E0] AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 ...c..:J ..b.!... >+[14F0] 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 i...Q... .B[.08.. >+[1500] 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 H......q ...TB... >+[1510] FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C .....0b. ..}+4.RL >+[1520] 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 &g2.D..' .....f5. >+[1530] D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B ...Fo.G. .1.G.e.. >+[1540] 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 .36;.@/ Z......3 >+[1550] 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 >K2..".. _.....[Y >+[1560] 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 j>...O.. ..o+.7.7 >+[1570] 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE D....CF. ^...9pa. >+[1580] 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 r[:.7.x. ......G. >+[1590] 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 ...b..46 ......>w >+[15A0] 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 ZM._ p== [4...1.. >+[15B0] 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 Y...f... ....3.." >+[15C0] 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 1..g.h . .rzod.h. >+[15D0] 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 .....ml8 t....%.. >+[15E0] 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A X.`...L. .g>5gq.* >+[15F0] 86 21 D3 60 61 98 16 94 67 0B 52 76 63 93 BD A3 .!.`a... g.Rvc... >+[1600] 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D ;...j... 5d.j. .= >+[1610] 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B .qY^.... M..K.d.; >+[1620] 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 z....vq& .\..U... >+[1630] C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B ./w...H. ...1.... >+[1640] 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D D.k|.z]. n.....4. >+[1650] F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 ...7$K.. ...)...9 >+[1660] C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 ..W..W.l ~....... >+[1670] 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F V...>!.. |.<....o >+[1680] 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 .%1.(... G1P..... >+[1690] DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 ...kK,.. .-.m.... >+[16A0] 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 .../.... .w@PB.B. >+[16B0] 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 .O.ll... ...}.<s" >+[16C0] 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 [...5.:. m.h..e~. >+[16D0] 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 T..}j2L. >.xK.... >+[16E0] 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 %J..l... Y....... >+[16F0] 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 u(/.*p(. E.u.Nb.. >+[1700] C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 ...U.... ...$...@ >+[1710] 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 ......1P 2/....K. >+[1720] 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 ..Pn.#I. r!...... >+[1730] 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 54 ........ ...KTEST >+[1740] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[1750] 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 OM....ad ministra >+[1760] 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 4B tor..... .......K >+[1770] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[1780] 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 00 LE.COM.. ..cifs.. >+[1790] 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 ..LOCALK TEST6... >+[17A0] 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 .....^FH ..)....r >+[17B0] 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 m..M.OjM ...}D.h. >+[17C0] 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 00 ....@(.. ........ >+[17D0] 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 ....a... 0....... >+[17E0] 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[17F0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C .EXAMPLE .COM..0. >+[1800] A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 1B .......0 ...cifs. >+[1810] 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE .LOCALKT EST6.... >+[1820] 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 82 0....... ........ >+[1830] 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 ......f. .F..s-.. >+[1840] FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F .J..H... X0C@.... >+[1850] 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC ;..-..>. /....... >+[1860] D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 .p....^. N.....a. >+[1870] D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 ..V.2... 7)./...C >+[1880] BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 .....t3. iR.X.... >+[1890] 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 .D.c..Nn .>...M.. >+[18A0] F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF ..m)..*b =S"3.... >+[18B0] 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D tL*.).[i .H-..... >+[18C0] 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 T..^.ho. ..y....v >+[18D0] 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF fE.;...@ F....... >+[18E0] 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 ..:..8;. .K...'.b >+[18F0] 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 ...e...^ .e.....1 >+[1900] 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 ..IO.Jpw ...[7\.. >+[1910] DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 ...1.@.. h..}.TOR >+[1920] 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 a1,.SR.. ..9.}... >+[1930] 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F "....=^f ....N.+. >+[1940] 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D c 0....e .o-.$. . >+[1950] 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 .nK..1.. ..72..s. >+[1960] F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 ..M..L[. .jQ..?.F >+[1970] E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F .s...3.| ..Z#.@|. >+[1980] DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 ......c. .:J..b.! >+[1990] B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 ...i...Q ....B[.0 >+[19A0] 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 8..H.... ..q...TB >+[19B0] DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 ........ 0b...}+4 >+[19C0] 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 .RL&g2.D ..'..... >+[19D0] 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 f5....Fo .G..1.G. >+[19E0] 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE e.. .36; .@/Z.... >+[19F0] 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 ..3>K2.. ".._.... >+[1A00] CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 .[Yj>... O....o+. >+[1A10] 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 7.7D.... CF.^...9 >+[1A20] 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA pa.r[:.7 .x...... >+[1A30] FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 .G....b. .46..... >+[1A40] F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 .>wZM._ p==[4... >+[1A50] 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 1..Y...f .......3 >+[1A60] A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 .."1..g. h ..rzod >+[1A70] FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 .h...... ml8t.... >+[1A80] 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 %..X.`.. .L..g>5g >+[1A90] 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B 52 76 63 q.*.!.`a ...g.Rvc >+[1AA0] 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA ...;...j ...5d.j. >+[1AB0] 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 .=.qY^. ...M..K. >+[1AC0] 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 d.;z.... vq&.\..U >+[1AD0] 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C ..../w.. .H....1. >+[1AE0] 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 ...D.k|. z].n.... >+[1AF0] C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 .4....7$ K.....). >+[1B00] D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB ..9..W.. W.l~.... >+[1B10] A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 ...V...> !..|.<.. >+[1B20] A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ..o.%1.( ...G1P.. >+[1B30] ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D ......kK ,...-.m. >+[1B40] 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 ....../. ....w@PB >+[1B50] 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF .B..O.ll ......}. >+[1B60] 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 <s"[...5 .:.m.h.. >+[1B70] 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF e~.T..}j 2L.>.xK. >+[1B80] 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 ...%J..l ...Y.... >+[1B90] CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E ...u(/.* p(.E.u.N >+[1BA0] 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE b.....U. ......$. >+[1BB0] BC CE 40 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 ..@..... .1P2/... >+[1BC0] 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 .K...Pn. #I.r!... >+[1BD0] 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 ........ ......KT >+[1BE0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[1BF0] 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 E.COM... .adminis >+[1C00] 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 trator.. ........ >+[1C10] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1C20] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 AMPLE.CO M....cif >+[1C30] 73 00 00 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 s....LOC ALKTEST6 >+[1C40] 00 17 00 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 ........ ^FH..).. >+[1C50] A6 F1 72 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 ..rm..M. OjM...}D >+[1C60] 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 00 .h.....@ (....... >+[1C70] 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 .......a ...0.... >+[1C80] 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[1C90] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 MBA.EXAM PLE.COM. >+[1CA0] 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 .0...... ..0...ci >+[1CB0] 66 73 1B 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 fs..LOCA LKTEST6. >+[1CC0] 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 ...0.... ........ >+[1CD0] 02 A2 82 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 ........ .f..F..s >+[1CE0] 2D CF 88 FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 -...J..H ...X0C@. >+[1CF0] 9C 00 0F 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B ...;..-. .>./.... >+[1D00] D7 2E EC D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 ....p... .^.N.... >+[1D10] 8D 61 E5 D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 .a...V.2 ...7)./. >+[1D20] EE A8 43 BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 ..C..... t3.iR.X. >+[1D30] 83 D6 16 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 ....D.c. .Nn.>... >+[1D40] 4D C4 96 F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 M....m). .*b=S"3. >+[1D50] 95 E9 DF 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 ...tL*.) .[i.H-.. >+[1D60] FD A5 1D 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 ...T..^. ho...y.. >+[1D70] 97 0B 76 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 ..vfE.;. ..@F.... >+[1D80] BB CF CF 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 .....:.. 8;..K... >+[1D90] 27 8C 62 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B '.b...e. ..^.e... >+[1DA0] CB 17 31 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 ..1..IO. Jpw...[7 >+[1DB0] 5C EC 06 DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE \.....1. @..h..}. >+[1DC0] 54 4F 52 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D TORa1,.S R....9.} >+[1DD0] C6 CE C8 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E ...".... =^f....N >+[1DE0] 2E 2B 9F 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 .+.c 0.. ..e.o-.$ >+[1DF0] 07 20 8D 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E . ..nK.. 1....72. >+[1E00] 0C 73 C6 F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA .s...M.. L[..jQ.. >+[1E10] 3F FF 46 E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 ?.F.s... 3.|..Z#. >+[1E20] 40 7C 0F DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 @|...... .c..:J.. >+[1E30] 62 01 21 B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 b.!...i. ..Q....B >+[1E40] 5B C5 30 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA [.08..H. .....q.. >+[1E50] 18 54 42 DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 .TB..... ...0b... >+[1E60] 7D 2B 34 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA }+4.RL&g 2.D..'.. >+[1E70] D0 FC 84 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 ...f5... .Fo.G..1 >+[1E80] BE 47 80 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E .G.e.. . 36;.@/Z. >+[1E90] 0E 01 BE 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 .....3>K 2..".._. >+[1EA0] D5 92 94 CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B ....[Yj> ...O.... >+[1EB0] 6F 2B 14 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 o+.7.7D. ...CF.^. >+[1EC0] FE D3 39 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 ..9pa.r[ :.7.x... >+[1ED0] E7 E9 DA FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB ....G... .b..46.. >+[1EE0] E6 98 D8 F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 ....>wZM ._ p==[4 >+[1EF0] D9 FD A8 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD ...1..Y. ..f..... >+[1F00] D5 85 33 A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 ..3.."1. .g.h ..r >+[1F10] 7A 6F 64 FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 zod.h... ...ml8t. >+[1F20] 96 A2 F6 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 ...%..X. `...L..g >+[1F30] 3E 35 67 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B >5gq.*.! .`a...g. >+[1F40] 52 76 63 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 Rvc...;. ..j...5d >+[1F50] DA 6A EA 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE .j. .=.q Y^....M. >+[1F60] 1B 4B D8 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C .K.d.;z. ...vq&.\ >+[1F70] DA 1A 55 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 ..U..../ w...H... >+[1F80] C3 31 9C 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 .1....D. k|.z].n. >+[1F90] DA EF C5 C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 ....4... .7$K.... >+[1FA0] F2 29 A0 D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 .)...9.. W..W.l~. >+[1FB0] 90 E0 EB A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 ......V. ..>!..|. >+[1FC0] 3C F9 D2 A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 <....o.% 1.(...G1 >+[1FD0] 50 DD E1 ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D P....... .kK,...- >+[1FE0] A9 6D 1D 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 .m...... ./.....w >+[1FF0] 40 50 42 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB @PB.B..O .ll..... >+[2000] F0 7D CF 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 .}.<s"[. ..5.:.m. >+[2010] 68 A3 C5 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 h..e~.T. .}j2L.>. >+[2020] 78 4B BF 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 xK....%J ..l...Y. >+[2030] CF 2E A0 CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F ......u( /.*p(.E. >+[2040] 75 C2 4E 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 u.Nb.... .U...... >+[2050] EF 24 EE BC CE 40 09 EB 05 0B D1 14 31 50 32 2F .$...@.. ....1P2/ >+[2060] B6 A8 97 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 ....K... Pn.#I.r! >+[2070] 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >+[2080] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[2090] 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 MPLE.COM ....admi >+[20A0] 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 nistrato r....... >+[20B0] 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[20C0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 .EXAMPLE .COM.... >+[20D0] 68 6F 73 74 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 host.... localkte >+[20E0] 73 74 36 00 17 00 00 00 10 72 47 04 38 B6 E6 F0 st6..... .rG.8... >+[20F0] 44 9E 9F 27 66 E1 69 9C 9A 4D 99 4F 6A 4D 99 90 D..'f.i. .M.OjM.. >+[2100] F5 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 .}D.h... ..@(.... >+[2110] 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 ........ ..a...0. >+[2120] 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 ........ ...KTEST >+[2130] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[2140] 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B OM..0... .....0.. >+[2150] 04 68 6F 73 74 1B 0B 6C 6F 63 61 6C 6B 74 65 73 .host..l ocalktes >+[2160] 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 t6....0. ........ >+[2170] 03 02 01 02 A2 82 03 9C 04 82 03 98 58 95 95 EB ........ ....X... >+[2180] CB 8F 68 D4 77 43 0F 3B 44 B4 15 DA 40 6D FD E9 ..h.wC.; D...@m.. >+[2190] 85 D3 2F CD B5 1E 96 CD F6 E9 67 91 36 08 9E B4 ../..... ..g.6... >+[21A0] B3 47 70 7A B3 4E 82 5A 4F 8E 4B F5 8D 04 E4 5C .Gpz.N.Z O.K....\ >+[21B0] C4 D8 0C AF 08 25 F9 C1 64 B2 3A 35 26 E9 B2 72 .....%.. d.:5&..r >+[21C0] 66 B5 E9 81 FC BE 12 1B CC 8A A5 82 31 F6 7F C3 f....... ....1... >+[21D0] 5A 19 A3 31 F2 99 14 1E 64 E4 41 E8 C7 C3 F3 DF Z..1.... d.A..... >+[21E0] F5 65 7D B0 9F DC 5D 25 1D 1A A8 EA AA 88 6D F4 .e}...]% ......m. >+[21F0] 7C 25 9F 53 F6 A6 8F B1 24 AF 98 FE 53 7B 35 3C |%.S.... $...S{5< >+[2200] DB EC 7F 09 74 E9 C4 8D 20 B4 47 08 0E 32 B8 C9 ....t... .G..2.. >+[2210] 45 27 12 F9 8E F5 D6 C2 DD 1A 96 0E 68 5F 39 65 E'...... ....h_9e >+[2220] 72 C7 BD 8E 04 0E 13 E1 03 27 AC 50 80 76 E6 7A r....... .'.P.v.z >+[2230] 8E F4 C2 72 4F 68 B3 34 00 A9 54 41 DA FD 96 94 ...rOh.4 ..TA.... >+[2240] 29 A1 59 15 2F DB 6C 94 85 49 C5 D0 6D 48 B0 C4 ).Y./.l. .I..mH.. >+[2250] 65 D0 95 1D DB 3D 25 D0 75 50 D4 CF FA 2F 71 57 e....=%. uP.../qW >+[2260] BD 6C 1C 59 E1 C3 5B C7 24 95 FF B0 20 EF 6A DB .l.Y..[. $... .j. >+[2270] 79 87 67 91 94 E9 16 E2 BB 74 7A 08 E1 6A 36 5F y.g..... .tz..j6_ >+[2280] DF 11 AB 35 9B 3E 32 48 83 89 41 4E 06 BF F9 BB ...5.>2H ..AN.... >+[2290] EC E4 D7 6D 77 C4 55 22 DF F7 91 4D CB C5 01 A5 ...mw.U" ...M.... >+[22A0] BA 2D 1E 92 76 04 E8 02 2F 5E AF 1C B3 B7 A6 FB .-..v... /^...... >+[22B0] 3A 9F D9 7C 6D DA B4 8F 31 00 A5 30 F2 76 72 9B :..|m... 1..0.vr. >+[22C0] 62 97 E0 56 E5 E4 C7 6B 8B FC 84 75 57 66 6E D7 b..V...k ...uWfn. >+[22D0] B7 41 6F 61 F4 5B 0F 87 68 F6 54 02 26 1B 1F B7 .Aoa.[.. h.T.&... >+[22E0] 60 D6 E7 FA 4F C7 DB 35 58 EC 13 21 D4 C6 A1 27 `...O..5 X..!...' >+[22F0] BA E7 82 DF 29 FB 9D 5D E8 35 28 C9 9C 4E D7 BE ....)..] .5(..N.. >+[2300] 2F 6D F1 E8 0B 5A 74 C9 93 9F AD 42 24 4B B7 3B /m...Zt. ...B$K.; >+[2310] 38 2A 11 CF F0 BD 85 40 48 D8 9D E7 6B 65 70 42 8*.....@ H...kepB >+[2320] 60 DA 9B 65 CB C8 C5 D7 40 3A 12 DC 64 AF 82 54 `..e.... @:..d..T >+[2330] 34 05 38 4F C6 FB 38 E2 73 A9 89 B7 FC 33 15 85 4.8O..8. s....3.. >+[2340] 9E CA E9 E0 89 18 18 84 02 65 B4 74 5B D4 A1 6F ........ .e.t[..o >+[2350] 5F 79 20 CB D7 36 C8 6D 5B 1E 5E 0C 82 16 9F CC _y ..6.m [.^..... >+[2360] 5A 1E 57 C1 B6 94 51 87 A1 3D 12 D4 8B FE 0F 93 Z.W...Q. .=...... >+[2370] ED 53 A3 F4 88 3C 35 05 89 FE AF 0B 36 62 E3 2F .S...<5. ....6b./ >+[2380] 5C 4A 0E 07 67 39 A3 8E C0 45 07 7F 73 32 BC DE \J..g9.. .E..s2.. >+[2390] 2D 00 8B 47 79 3D 1C A1 90 AE B6 8F 83 B2 1B 31 -..Gy=.. .......1 >+[23A0] EE E4 F2 C5 C1 4A E2 4A 2F 28 F0 AA 19 43 6A 14 .....J.J /(...Cj. >+[23B0] B1 42 61 90 34 2E EE 3D 16 9F 5D 9F 7A A2 01 7A .Ba.4..= ..].z..z >+[23C0] 4B 96 FA 4D C9 85 1A 75 27 B7 6B FD 4D 7D 9C 65 K..M...u '.k.M}.e >+[23D0] 97 DB 05 CC 76 68 EA 05 5D 5D BB BD 51 4B 5B F2 ....vh.. ]]..QK[. >+[23E0] 48 59 BD 1E AD 56 D4 69 A5 75 CD ED EC B1 3E AB HY...V.i .u....>. >+[23F0] FA B7 F8 8D 4F BE 95 63 38 1C 4C 70 26 C4 3A 21 ....O..c 8.Lp&.:! >+[2400] 80 61 05 3A D4 E2 28 2C 85 01 5A DA FC 10 60 F3 .a.:..(, ..Z...`. >+[2410] 74 0C FD DB 2F 5B 25 4B 14 E4 7D 8A DB 85 12 D2 t.../[%K ..}..... >+[2420] D7 69 CD B5 B1 93 CE E5 E6 4D 57 D3 C2 D3 2E A0 .i...... .MW..... >+[2430] 08 37 09 CD 19 99 09 FA 33 68 4A E0 92 46 21 0C .7...... 3hJ..F!. >+[2440] 99 9F DA 05 15 20 8B 3D 7C 7B CA D6 81 AC AA 83 ..... .= |{...... >+[2450] 48 C8 24 4C C8 FC A5 14 2C BC 49 1A 1C 49 61 1D H.$L.... ,.I..Ia. >+[2460] 24 86 42 B1 37 6A C8 3A AC 18 CC C0 50 84 12 48 $.B.7j.: ....P..H >+[2470] 8B 29 0A 49 26 A4 E2 B9 E5 96 E7 37 C3 DE 4C 23 .).I&... ...7..L# >+[2480] D2 D4 62 14 8F 1E 72 39 CF 03 BC A3 00 C7 63 51 ..b...r9 ......cQ >+[2490] A9 6B E4 3E B2 65 A1 A2 BB EC 06 41 85 50 22 02 .k.>.e.. ...A.P". >+[24A0] 46 2F 72 2B 32 1A A4 2D 85 94 02 47 69 8D AD 6D F/r+2..- ...Gi..m >+[24B0] 66 AB D4 E4 29 C8 C7 DA F4 18 31 2A DF 50 6A 05 f...)... ..1*.Pj. >+[24C0] D6 47 26 C4 F9 87 0F 35 24 6E 72 D6 23 7D 3A 94 .G&....5 $nr.#}:. >+[24D0] 14 8D E8 57 AA BA D7 CF A9 2D E7 4C 10 7C D8 0D ...W.... .-.L.|.. >+[24E0] 51 30 1F E1 FB E5 E2 6C EE AA 65 2F D8 22 05 67 Q0.....l ..e/.".g >+[24F0] 87 4D 4D D2 11 3D B4 1E AA 20 3F 76 E3 94 93 6D .MM..=.. . ?v...m >+[2500] AC 10 05 AF 09 BD 67 86 C5 83 93 D6 1C D3 81 D9 ......g. ........ >+[2510] B1 3B E1 76 00 00 00 00 00 00 00 01 00 00 00 01 .;.v.... ........ >+[2520] 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E ....KTES T.SAMBA. >+[2530] 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 EXAMPLE. COM....a >+[2540] 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 dministr ator.... >+[2550] 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[2560] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[2570] 00 00 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C ...host. ...LOCAL >+[2580] 4B 54 45 53 54 36 00 17 00 00 00 10 55 6E 3E FC KTEST6.. ....Un>. >+[2590] E2 F4 40 51 19 E6 6E EB 23 4C 48 8E 4D 99 4F 6A ..@Q..n. #LH.M.Oj >+[25A0] 4D 99 90 FC 7D 44 0B 68 00 00 00 00 00 40 28 00 M...}D.h .....@(. >+[25B0] 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 ........ .....a.. >+[25C0] F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 .0...... ......KT >+[25D0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[25E0] 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 E.COM..0 ........ >+[25F0] 30 13 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 0...host ..LOCALK >+[2600] 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 TEST6... .0...... >+[2610] 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 6E ........ .......n >+[2620] 87 B7 7B 3A 7E EF 4A 1B 29 C9 E3 C4 1F 42 4F 0E ..{:~.J. )....BO. >+[2630] C8 AC AC 4E A2 77 1D DA 93 37 F1 AF DA A3 75 2D ...N.w.. .7....u- >+[2640] 12 8B 40 34 23 0E 8E A9 90 58 46 42 42 39 31 D6 ..@4#... .XFBB91. >+[2650] 03 9E 5D 81 D9 E8 F6 08 2B D9 96 88 8A 2F F1 CC ..]..... +..../.. >+[2660] F2 EA 9E 9A 4B 31 B6 04 2D 3D 4C 7F 92 DE 3B 04 ....K1.. -=L...;. >+[2670] 19 EE 28 D0 83 81 C3 46 CD 74 23 4C 14 34 DE 62 ..(....F .t#L.4.b >+[2680] 0A AC E5 12 16 75 E9 A8 4B 32 78 CC 8D AE A2 E5 .....u.. K2x..... >+[2690] 6D E8 09 70 76 52 F5 E5 18 F7 E7 91 15 6A 69 AB m..pvR.. .....ji. >+[26A0] B8 62 DD 80 F5 28 6D DF ED 10 DA AC FB 92 27 CF .b...(m. ......'. >+[26B0] 98 B5 77 9D A5 96 E6 9A CC B9 C3 91 78 22 35 9C ..w..... ....x"5. >+[26C0] A1 13 A3 20 28 D1 16 E5 3E 4A 85 1E 12 0B CA 4D ... (... >J.....M >+[26D0] C6 C8 03 C8 28 2C D8 29 5D 9A 76 4A 92 13 43 56 ....(,.) ].vJ..CV >+[26E0] AF F7 C1 71 25 72 5C 38 75 1C 07 F1 5E 86 05 72 ...q%r\8 u...^..r >+[26F0] 6F 69 95 42 B6 F2 DA A9 91 06 9F B9 54 20 33 A5 oi.B.... ....T 3. >+[2700] 31 60 3B 54 DC 3A 95 34 96 26 07 52 6B 0E 1D 3B 1`;T.:.4 .&.Rk..; >+[2710] D9 F8 48 20 AC CD 05 3B 99 F8 EE DB 83 28 CD C7 ..H ...; .....(.. >+[2720] 2F 45 00 7E 2F 0A 65 7A D1 9E 95 4B EE C3 34 93 /E.~/.ez ...K..4. >+[2730] A8 C7 DF 03 8B 14 D0 FC CE 56 90 AC EE 93 C5 D3 ........ .V...... >+[2740] F7 12 24 69 0B 20 8D A2 65 87 55 26 2A F9 9A 88 ..$i. .. e.U&*... >+[2750] D7 0D 86 61 D6 92 B6 FE E5 D1 66 F9 1F 9D F4 04 ...a.... ..f..... >+[2760] 48 A6 39 BC 54 20 EA 10 21 E9 6D 30 46 1D C2 1C H.9.T .. !.m0F... >+[2770] A4 E8 B4 63 85 37 27 25 80 52 41 60 C7 A1 32 21 ...c.7'% .RA`..2! >+[2780] 43 90 02 E6 5F 5A E9 4E AF F9 B5 13 BD 42 BD A3 C..._Z.N .....B.. >+[2790] A5 4D 10 45 83 4D 92 18 1F C9 CF FB 84 29 89 23 .M.E.M.. .....).# >+[27A0] AC 71 4B 89 1B 52 E5 06 8C 3E 7C 88 CB D3 B3 CF .qK..R.. .>|..... >+[27B0] B9 7A 67 D6 24 F4 AC 00 A6 AD 91 30 9A 95 53 F1 .zg.$... ...0..S. >+[27C0] 48 06 A6 39 DB CF DC 9D C9 55 76 26 5E C1 DB 5D H..9.... .Uv&^..] >+[27D0] B3 5B 3E AE 1A A0 10 BA 82 21 83 44 02 E0 99 33 .[>..... .!.D...3 >+[27E0] 40 BA 29 9E 28 E5 73 4C 23 94 A2 4F BF 07 ED 4F @.).(.sL #..O...O >+[27F0] 7C 45 9B 30 C8 41 6B 0A 55 13 6E F5 AD 7A 0C B2 |E.0.Ak. U.n..z.. >+[2800] EA FF D0 06 13 4D F3 24 82 7F F6 51 2F 4A 4F 0D .....M.$ ...Q/JO. >+[2810] 37 F8 14 6B E9 E4 82 BB 3A 75 63 63 12 E8 78 6F 7..k.... :ucc..xo >+[2820] 6F FC 6C D3 4B A6 F1 CC 2A F1 7D EB 82 26 2F D0 o.l.K... *.}..&/. >+[2830] A1 8B 3E 9A 71 D7 91 D3 08 E6 FD 62 1B 84 13 2D ..>.q... ...b...- >+[2840] 8E A0 A0 C3 85 78 2F 0D F8 E7 10 FC CB 05 A7 B9 .....x/. ........ >+[2850] 9A 33 90 B5 9B 26 E3 23 98 B0 91 4B EB 32 37 D6 .3...&.# ...K.27. >+[2860] F4 ED 61 08 D8 75 CC 03 83 2C 3C CF 21 63 9C F6 ..a..u.. .,<.!c.. >+[2870] AF 5B 4F 12 07 74 17 CD 98 BB E7 5E C7 17 2D C4 .[O..t.. ...^..-. >+[2880] 87 A4 74 6D 5E CE DB A3 01 B9 AD 20 73 38 78 22 ..tm^... ... s8x" >+[2890] 3D 45 F5 51 77 C6 47 63 45 61 81 D9 FF 31 90 C4 =E.Qw.Gc Ea...1.. >+[28A0] 6F 5A F8 FE 6A 56 5B D4 EE EC 49 C7 A7 51 AE 5C oZ..jV[. ..I..Q.\ >+[28B0] 85 53 70 3D 1A 49 83 59 CF 65 58 B3 48 7E 04 9E .Sp=.I.Y .eX.H~.. >+[28C0] C7 64 8A 05 73 E3 DC 1A 65 5D 4F 41 01 56 73 90 .d..s... e]OA.Vs. >+[28D0] 61 F3 84 1F FF CF 46 B2 06 46 56 97 93 B9 DB 32 a.....F. .FV....2 >+[28E0] 2A 64 8A 48 02 05 84 E9 FA 76 8B 94 96 89 A0 73 *d.H.... .v.....s >+[28F0] 20 75 4D 52 1D 23 13 D1 83 D7 5D 59 23 6A 87 C1 uMR.#.. ..]Y#j.. >+[2900] 09 3E 01 3A 28 65 42 8C 35 F1 91 EA 6A 1F 83 0D .>.:(eB. 5...j... >+[2910] 8F 57 69 81 D4 A2 D2 EA 0C BF AF 95 A3 F4 90 15 .Wi..... ........ >+[2920] 61 34 F2 6C 8B D0 DA B5 1E 43 AC CE C7 8A 1B 2B a4.l.... .C.....+ >+[2930] 29 2B 89 1C C5 53 C8 04 F7 1E 46 72 F3 A8 CE F7 )+...S.. ..Fr.... >+[2940] 59 76 55 E7 53 1C A2 9F D8 23 F7 EA 71 B0 74 83 YvU.S... .#..q.t. >+[2950] 71 95 3E DC A6 FA 2D A4 42 13 93 8B 2B FA A2 70 q.>...-. B...+..p >+[2960] 25 21 2D F6 E1 26 56 DF 58 79 25 16 E8 C9 03 EC %!-..&V. Xy%..... >+[2970] 72 5F 35 CF 59 6B E1 AD 85 85 7B AB 78 F2 0D AC r_5.Yk.. ..{.x... >+[2980] AB 89 F2 DA 85 E7 DE 09 77 99 EC 7C F3 97 1F 71 ........ w..|...q >+[2990] 3C DB 09 44 7A 3C 69 E5 03 B0 6D 4D 3B 6B 4C D5 <..Dz<i. ..mM;kL. >+[29A0] AB 52 2F 6F 81 2B 51 5B D2 66 44 1E B7 66 5D 7F .R/o.+Q[ .fD..f]. >+[29B0] 09 6A 92 27 27 62 08 00 00 00 00 .j.''b.. ... >+dump OK >diff --git a/source3/selftest/ktest-krb5_ccache-3.txt b/source3/selftest/ktest-krb5_ccache-3.txt >new file mode 100644 >index 00000000000..76c492cd2b1 >--- /dev/null >+++ b/source3/selftest/ktest-krb5_ccache-3.txt >@@ -0,0 +1,832 @@ >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] E5 E4 15 C8 A8 0F 4D 95 F9 1B E3 B9 98 CA A1 7F ......M. ........ >+ authtime : 0x4d9b9045 (1302040645) >+ starttime : 0x4d9b9045 (1302040645) >+ endtime : 0x7d464c43 (2101759043) >+ renew_till : 0x7d464c43 (2101759043) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 01 40 48 A6 B8 F0 DA 43 54 A5 18 CF B0 15 CB 68 .@H....C T......h >+[0080] 9F A0 69 44 87 A9 FF 06 25 B9 29 48 59 64 26 48 ..iD.... %.)HYd&H >+[0090] 96 7C 46 6A 79 E5 F0 77 DB 46 6C 20 A1 59 D9 F8 .|Fjy..w .Fl .Y.. >+[00A0] 6A 8A 2D B5 D9 EF A4 54 DE 19 20 C0 7B 93 D4 3D j.-....T .. .{..= >+[00B0] ED 72 35 AF 9D 87 75 9E 44 01 A4 6C D9 EA 94 A3 .r5...u. D..l.... >+[00C0] 18 C6 42 75 E3 0A 0C 76 9A AE 75 BC A3 02 91 BC ..Bu...v ..u..... >+[00D0] 2D BB 3C 23 73 A6 1A A7 8A 3E 85 42 5D 1F 5D 7D -.<#s... .>.B].]} >+[00E0] 0B 1F C3 88 2A 93 40 F9 E9 18 7D 3F 73 DA AC 1F ....*.@. ..}?s... >+[00F0] E7 7B C3 B8 14 56 C3 63 86 5B AF C9 C3 21 9F 94 .{...V.c .[...!.. >+[0100] B4 67 06 60 7F 56 2D F4 C7 22 CD B4 1C 14 B7 5B .g.`.V-. .".....[ >+[0110] 26 67 9D 18 28 B5 5D C2 FC 13 B6 CA 9F AB CD 32 &g..(.]. .......2 >+[0120] 71 D5 51 5F A2 11 5A 5D 4A B3 3B 1D D1 6B 4F 7D q.Q_..Z] J.;..kO} >+[0130] E9 54 F0 B4 AC 80 DE 27 80 C5 64 3C 0B 22 79 1C .T.....' ..d<."y. >+[0140] 9E D1 58 A1 3E 20 5A 9F E3 34 49 D8 16 C6 6B 2D ..X.> Z. .4I...k- >+[0150] 36 0E E2 C2 3F 44 DE 63 32 DB EB 78 50 A2 6F 37 6...?D.c 2..xP.o7 >+[0160] 05 2B 13 D4 31 07 D4 2A C0 53 B1 30 39 79 C3 D8 .+..1..* .S.09y.. >+[0170] C4 4C 30 97 E8 F9 DA ED 10 B0 D0 21 71 8B 56 F3 .L0..... ...!q.V. >+[0180] 0F 3A 2D 26 A2 3D AD 70 27 82 95 59 0A D7 7D 4E .:-&.=.p '..Y..}N >+[0190] 2D 76 96 4D 94 70 2A BB 26 3B 7E FC E1 59 5A 55 -v.M.p*. &;~..YZU >+[01A0] 04 A2 DA 27 AD 46 70 45 43 C0 FB C1 42 7F F0 CB ...'.FpE C...B... >+[01B0] 21 D2 CD 54 35 7C 60 13 EE BB BB 60 6B 91 2B BE !..T5|`. ...`k.+. >+[01C0] 91 8A CF 49 29 F8 60 D1 AB A5 51 B5 5E 4B B2 3A ...I).`. ..Q.^K.: >+[01D0] F4 56 3A 89 2D 88 D0 73 08 A6 FB D8 6E B3 B1 4E .V:.-..s ....n..N >+[01E0] D8 90 27 58 D2 53 40 B2 A0 3C 40 4D E9 21 C6 83 ..'X.S@. .<@M.!.. >+[01F0] FC 15 14 F0 8C 08 46 C5 29 14 E3 84 CC 2C 56 C9 ......F. )....,V. >+[0200] 20 53 45 34 D0 BE E0 CC F7 F1 15 D4 D4 B1 3C 43 SE4.... ......<C >+[0210] EB 5E 9D 33 07 B4 5B E7 D8 24 B0 EB 7B 27 24 6B .^.3..[. .$..{'$k >+[0220] 2A 90 C9 17 D9 24 CF FD 56 28 D7 73 74 03 2F DA *....$.. V(.st./. >+[0230] C4 E0 B3 78 E4 9A 60 4D 5C C7 F5 CF 9C 14 7C B6 ...x..`M \.....|. >+[0240] 1B 5D 76 D1 E3 73 73 2F 41 BD E3 E7 F0 92 B4 5B .]v..ss/ A......[ >+[0250] 07 B4 16 77 DC 3C 28 A4 92 82 C5 7C CA 00 9C 77 ...w.<(. ...|...w >+[0260] B8 28 7F D0 3F EA 2B C1 79 2B 73 FF E0 E0 A5 17 .(..?.+. y+s..... >+[0270] 02 CA 6C B6 02 D2 51 D3 CE 6F 5B 56 E0 7B 38 22 ..l...Q. .o[V.{8" >+[0280] 76 52 48 2D 0A 2F 15 58 A9 FE 03 65 E1 D5 A8 60 vRH-./.X ...e...` >+[0290] E3 5D E6 53 D8 AA 05 D0 90 61 EF B6 28 4A B9 84 .].S.... .a..(J.. >+[02A0] 56 79 80 D2 53 08 1D 17 C4 05 4E F8 04 10 2B CF Vy..S... ..N...+. >+[02B0] 08 DD 61 68 27 21 A5 8A C0 35 6A 0A 94 6D 9E FD ..ah'!.. .5j..m.. >+[02C0] C9 45 AC E3 4F 60 BB 96 AF D4 4E 71 A9 D9 BE 33 .E..O`.. ..Nq...3 >+[02D0] DC 61 8B 14 77 6C A7 72 70 02 65 62 32 9C 8E 53 .a..wl.r p.eb2..S >+[02E0] C9 A3 5B B9 14 3C 00 A2 1D C7 CD 36 5B 5F BE 40 ..[..<.. ...6[_.@ >+[02F0] 28 E2 58 0D D1 05 53 78 F0 86 0F 80 1A 6A 1D DC (.X...Sx .....j.. >+[0300] D4 CD F2 83 0E 25 E1 60 DB C7 F4 B6 05 4F 0D 11 .....%.` .....O.. >+[0310] A4 AE A5 F8 6D 14 CF DF 03 C5 27 75 75 B5 0C F1 ....m... ..'uu... >+[0320] C3 01 F9 A4 FD 2E 0B BD 51 A8 C1 3B DE 48 CF 3A ........ Q..;.H.: >+[0330] CF B3 41 23 9A 9D 0C 79 11 7C 9B D3 71 43 4E 9D ..A#...y .|..qCN. >+[0340] B5 52 19 28 2C A0 4E 0E 8D 7A 84 9A B9 A0 EB FA .R.(,.N. .z...... >+[0350] 6E A1 DF B9 2F 6B FE 5E AE 85 D1 6B A2 C5 BE 07 n.../k.^ ...k.... >+[0360] E7 D6 33 3A 0F 2B ED FB 30 6F 88 1E F9 09 CC C3 ..3:.+.. 0o...... >+[0370] 8F 59 A0 D4 8D 9F A6 08 B0 D3 ED EB 15 13 1B 8E .Y...... ........ >+[0380] 19 C6 14 9C 25 E7 E9 EF 5A 67 7B CD 86 C4 D1 51 ....%... Zg{....Q >+[0390] 2B DE 27 30 D9 F5 6E F9 E4 3E CF 42 54 AE 42 61 +.'0..n. .>.BT.Ba >+[03A0] C5 22 B7 AE 51 76 8F 12 83 7F E1 9F 97 D8 31 38 ."..Qv.. ......18 >+[03B0] A6 B9 11 B4 E1 BA 19 5B E4 A5 A3 6F 4B B3 03 93 .......[ ...oK... >+[03C0] 4C D6 1E 08 FC 94 D1 C5 7C AA 95 EB 9C 7A C2 57 L....... |....z.W >+[03D0] 60 CA 17 FF 8E 66 80 76 CB 35 46 26 C3 BD CA 83 `....f.v .5F&.... >+[03E0] F0 04 08 0D 4C 5D B2 E4 7C 1C 82 28 D7 2C 42 B1 ....L].. |..(.,B. >+[03F0] 36 72 60 5E 26 4A 79 D0 41 94 3C 2C 65 0E 32 18 6r`^&Jy. A.<,e.2. >+[0400] B8 56 26 9D D3 84 78 BB .V&...x. >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=4748 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 68 6F 73 74 00 PLE.COM. ...host. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 EA 0D 3A 24 41 21 F7 7D 7D A3 C5 BB ......:$ A!.}}... >+[0080] A4 88 F6 17 4D 9B 90 45 4D 9B 90 52 7D 46 4C 43 ....M..E M..R}FLC >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 68 6F 73 74 ........ 0...host >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 03 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 44 8B C4 7D BA 9F FE 59 F6 .......D ..}...Y. >+[0110] C1 DF 62 89 02 A4 55 54 AB D6 D6 2E 8B 5E 35 3D ..b...UT .....^5= >+[0120] D9 46 9D 8B 49 93 A6 66 5F 1A 8B 81 AD 09 19 E9 .F..I..f _....... >+[0130] 59 CE 58 18 50 63 4A A6 7D 6F 71 21 51 4A 41 C2 Y.X.PcJ. }oq!QJA. >+[0140] A1 FE B0 D5 0A 3D 38 9F E5 3B 72 A2 7A 59 22 A4 .....=8. .;r.zY". >+[0150] B7 1C A3 8D DB EA 5D A5 E2 D3 1D AE 42 D0 7F 75 ......]. ....B..u >+[0160] B5 E9 ED B5 04 7B 67 1E 28 90 7D 3D 1A 3E F6 62 .....{g. (.}=.>.b >+[0170] D0 A1 56 89 28 76 5C 19 1A FD 66 E5 F2 86 E7 58 ..V.(v\. ..f....X >+[0180] 93 31 90 C5 CD F8 71 96 56 21 15 13 F0 EA C2 CC .1....q. V!...... >+[0190] 48 4C B4 50 EF F9 81 44 29 8A 75 C4 31 75 D1 BA HL.P...D ).u.1u.. >+[01A0] E2 0B 05 B2 E0 EA 64 3A 11 45 84 3D 69 55 FF E6 ......d: .E.=iU.. >+[01B0] 32 7E C9 CA C4 28 E8 40 B6 5E F9 26 0F 09 12 1F 2~...(.@ .^.&.... >+[01C0] 1F D4 9C 9A 50 E8 B7 6D F8 4F 55 6E 2A D4 AC 6A ....P..m .OUn*..j >+[01D0] 79 D1 C2 2A 88 99 F8 39 75 36 F1 2D C7 89 0A C6 y..*...9 u6.-.... >+[01E0] B4 C7 A1 7B F1 BF 22 87 A4 B2 93 22 54 A1 72 25 ...{..". ..."T.r% >+[01F0] AF 67 FE 20 D5 C8 29 47 28 FF 51 FB F9 4E 2C 17 .g. ..)G (.Q..N,. >+[0200] 10 BE 2E 13 8B 18 BE 3C A3 BE 50 49 A7 65 DD 2E .......< ..PI.e.. >+[0210] CC EB D6 0F 47 4E DB 7E 08 D5 F0 37 79 36 8F 24 ....GN.~ ...7y6.$ >+[0220] 34 28 86 89 EC A3 84 7F 44 4E 37 03 B5 D8 89 1C 4(...... DN7..... >+[0230] C7 AA AC 42 70 5F 96 73 35 8B 83 D1 16 24 27 C1 ...Bp_.s 5....$'. >+[0240] EC 0E AE 83 59 5A C2 EB C1 91 B6 3D BB 8D 21 49 ....YZ.. ...=..!I >+[0250] 63 41 3C 91 1D E9 01 C2 4F A9 E4 42 C1 FD 54 E3 cA<..... O..B..T. >+[0260] 7B 3B DF 24 3D 98 E9 84 F8 1D 8D CE 4D 85 AC 8A {;.$=... ....M... >+[0270] 12 15 48 C4 DA 1B 3C B8 FC A3 0B AF E2 4D 71 E9 ..H...<. .....Mq. >+[0280] 0A 28 53 DC 4E 6C 23 2C 73 26 50 FE 37 03 BF D1 .(S.Nl#, s&P.7... >+[0290] 5F 8A 39 4F 04 2E 4A CE 3C 90 11 0C DA 84 5C C3 _.9O..J. <.....\. >+[02A0] F8 BE C7 74 ED F4 CF 7E B2 AE 9B 47 D6 2A 1D 93 ...t...~ ...G.*.. >+[02B0] 3F A8 8B 51 E9 A3 A0 59 55 DB E3 52 67 E3 DE FF ?..Q...Y U..Rg... >+[02C0] B1 56 74 A0 87 21 99 23 8C 8E D1 92 A6 3D 93 D6 .Vt..!.# .....=.. >+[02D0] 4D 5B 84 2B B1 8D DD E4 F7 01 A6 6C 4A DF 3C 6E M[.+.... ...lJ.<n >+[02E0] A0 FA 74 93 BE 18 7C 30 29 9D B8 DB 5F D1 AA B7 ..t...|0 )..._... >+[02F0] 51 7C 2A 90 1A 8B 06 95 E1 80 0D 27 B2 6C 52 1C Q|*..... ...'.lR. >+[0300] C7 D1 E9 16 14 F1 6C 57 48 28 BD 13 B5 83 BA A7 ......lW H(...... >+[0310] 75 31 69 52 03 38 69 13 62 ED C6 DC C2 01 C8 F1 u1iR.8i. b....... >+[0320] 45 02 4D 8C 64 CF 96 90 3E C2 08 EC 2B 8D 92 93 E.M.d... >...+... >+[0330] 4B 6D 22 B3 41 DE 85 35 2D 19 09 E5 68 8E 1F 98 Km".A..5 -...h... >+[0340] 1B F2 73 F2 D4 91 08 89 42 0C 05 8B 42 77 6B CC ..s..... B...Bwk. >+[0350] 18 78 43 1A 73 C2 7C E7 C2 23 28 56 F7 A0 19 B3 .xC.s.|. .#(V.... >+[0360] 99 A6 25 4F C3 5E 70 EC 78 BB 30 15 36 77 B3 A6 ..%O.^p. x.0.6w.. >+[0370] 89 98 B6 A0 85 CC 8F E7 41 40 B5 E0 89 93 25 04 ........ A@....%. >+[0380] B8 1D 0B 06 31 1D C7 30 52 E1 64 29 8C 64 B9 89 ....1..0 R.d).d.. >+[0390] 1F 86 5A AD 74 15 1C C8 AF 37 7B 27 E0 C0 DB 73 ..Z.t... .7{'...s >+[03A0] 30 72 65 D3 C0 A5 07 61 E9 0C 07 A1 27 18 8F 50 0re....a ....'..P >+[03B0] DB CE FB 4C DD 75 98 F2 28 D2 76 FF F2 41 9F D5 ...L.u.. (.v..A.. >+[03C0] 74 22 8A 03 73 B1 A8 B3 B8 80 93 E5 E2 CD 4B F2 t"..s... ......K. >+[03D0] 6B 99 DF 5B 5B C7 22 69 81 2A 8A CD 2A F9 9D 08 k..[[."i .*..*... >+[03E0] B8 B0 40 77 D3 43 8B AF 40 DD 0C CB 45 E3 88 CB ..@w.C.. @...E... >+[03F0] 06 AA 63 38 EB DD 72 89 03 0E DC 3E 97 3F 16 D4 ..c8..r. ...>.?.. >+[0400] 1A 21 40 D8 30 BD B0 B4 04 C2 7A 22 43 15 A2 D8 .!@.0... ..z"C... >+[0410] 2F 08 28 3B 63 26 AA B3 1C B6 FC E4 0B 2A CD 0E /.(;c&.. .....*.. >+[0420] A8 7C E8 11 33 03 D3 C5 6C 35 6A 5D 3C 5A 80 1A .|..3... l5j]<Z.. >+[0430] BC 1C 54 DE 5C 6A E2 F3 A1 18 8E 47 88 8B 71 11 ..T.\j.. ...G..q. >+[0440] 09 2F 29 88 D9 BB DC 34 09 E1 2F 7E A7 E8 29 DC ./)....4 ../~..). >+[0450] F9 5A 1D 9E C8 A4 CC 52 8A E6 CB 4A 3F F9 77 F7 .Z.....R ...J?.w. >+[0460] 53 64 62 9E 5F E6 D7 F6 43 E6 9C 03 C9 55 B1 CB Sdb._... C....U.. >+[0470] 25 40 74 AA E9 AB 34 58 E1 E8 9B B3 1D 9E 83 FD %@t...4X ........ >+[0480] 7A BF DC 45 2D A8 9A F8 AF 9C 63 EF 1B 2B 9D CC z..E-... ..c..+.. >+[0490] F3 08 74 EC 6E 40 8E 18 62 BD F3 87 66 87 67 00 ..t.n@.. b...f.g. >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 92 C6 A1 91 6D 55 01 4E BE 6....... ...mU.N. >+[0520] E4 3F E3 36 B0 D3 28 4D 9B 90 45 4D 9B 90 5A 7D .?.6..(M ..EM..Z} >+[0530] 46 4C 43 00 00 00 00 00 40 28 00 00 00 00 00 00 FLC..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 03 A2 82 03 9C 04 82 03 98 FE 09 00 80 36 35 ........ ......65 >+[05B0] D4 6E 71 0C 33 22 36 9E 89 88 32 E3 34 4A 4C BF .nq.3"6. ..2.4JL. >+[05C0] 80 19 81 CC A0 CB 96 DB 31 F7 2A 19 75 DE 0E DA ........ 1.*.u... >+[05D0] D0 18 FA 9E 75 E6 E4 13 C9 BE 3F C0 1B AD 5B 98 ....u... ..?...[. >+[05E0] E9 FC A3 9D 16 FF C8 91 03 AC 8B E6 2D 15 B3 F1 ........ ....-... >+[05F0] 23 4E 25 9E 45 3A F8 8A 19 B7 71 52 A6 92 1C FB #N%.E:.. ..qR.... >+[0600] 1F D4 4C 51 AF 9C 0E 73 D9 A8 D8 43 F2 64 71 BC ..LQ...s ...C.dq. >+[0610] AD B1 7B 8F BF 8D FF 72 89 0F 5E B6 C2 E3 C0 01 ..{....r ..^..... >+[0620] 98 41 AD 3F 6E DC 87 F5 9A E6 40 0C 17 0F 75 80 .A.?n... ..@...u. >+[0630] 0C 28 62 06 EB BF F8 69 8C 43 48 38 A8 AE F2 5E .(b....i .CH8...^ >+[0640] 45 11 23 FB 6B 85 83 54 BA 60 39 CE 08 00 D1 05 E.#.k..T .`9..... >+[0650] 5F 6F 79 96 30 28 06 DD C7 75 52 8E 3C C4 3F FC _oy.0(.. .uR.<.?. >+[0660] C1 31 28 2C 64 3B D1 7E 2F C2 DB B0 E8 A8 EF C5 .1(,d;.~ /....... >+[0670] F2 DC 43 D0 14 21 C8 D0 D3 15 45 8E 2A 3E 3B 4A ..C..!.. ..E.*>;J >+[0680] 60 25 3D 11 E4 F9 16 02 3E 55 8F CE D2 E9 95 E7 `%=..... >U...... >+[0690] B1 C4 8F C4 0B 3E 3C 14 15 28 1A 21 49 15 CE 8E .....><. .(.!I... >+[06A0] 91 5E 98 71 00 1F 29 D3 12 C8 D0 11 4F E7 14 E3 .^.q..). ....O... >+[06B0] 72 1B 61 6D 7B 8A 00 A6 5E 01 01 50 C2 CF 1A A9 r.am{... ^..P.... >+[06C0] 34 8C BA 33 9E 62 C5 69 97 6A 24 3D E0 C6 3F C6 4..3.b.i .j$=..?. >+[06D0] F4 36 B1 80 D6 5C 44 19 5B 65 C7 CA 47 DE 4B 65 .6...\D. [e..G.Ke >+[06E0] 41 29 9F F8 EA E8 E0 3B E2 C6 98 9D 58 A4 6C 62 A).....; ....X.lb >+[06F0] EF 25 12 C9 0E 97 CE 9D F0 D8 08 AD 13 73 A6 82 .%...... .....s.. >+[0700] C5 54 23 F4 A4 CB 91 35 91 BD 10 B4 04 DD 55 7E .T#....5 ......U~ >+[0710] C9 DE AE CB B0 8F C0 D8 28 AE BD 78 64 91 6C AB ........ (..xd.l. >+[0720] CA 36 EA 0E 0E 97 DC 40 ED 26 1D 09 17 28 30 D3 .6.....@ .&...(0. >+[0730] 78 DC F7 D2 9C 78 DA 6F 6F 57 00 B3 FD 8E 75 A1 x....x.o oW....u. >+[0740] 56 98 5C 4B D8 61 A6 0A 89 27 CD 11 BF 7F 79 53 V.\K.a.. .'....yS >+[0750] D9 50 9A 8D EC DD DB BB B8 23 27 0D 20 5B 53 51 .P...... .#'. [SQ >+[0760] 07 C4 26 31 3B D4 DF ED 3C 40 B4 1C 8B 46 E2 A6 ..&1;... <@...F.. >+[0770] B7 0F 97 D2 B3 1D 19 FD 13 60 7B 38 E6 37 0C 59 ........ .`{8.7.Y >+[0780] B0 A8 47 5D 32 A5 0C 57 76 EF 2C ED 40 9F BF 4B ..G]2..W v.,.@..K >+[0790] 43 99 3C 68 C4 DE 84 9C A1 36 8C CA CB 2A 08 36 C.<h.... .6...*.6 >+[07A0] 4E CD 43 06 9E F8 E7 1D 52 3B 59 37 4F 6F 65 D9 N.C..... R;Y7Ooe. >+[07B0] 2A F9 AD 5A 50 95 71 3F B1 5F C8 8E 2E E9 E4 FE *..ZP.q? ._...... >+[07C0] C8 A9 42 2C EE 18 E0 81 3C 00 E2 80 8D 8A 8B 71 ..B,.... <......q >+[07D0] C7 F5 AC 5C 36 1D E0 BC F0 11 57 67 CB 2C BE F6 ...\6... ..Wg.,.. >+[07E0] 90 4E F9 90 97 14 1F 0C 9D 5D 4D DF 0D D0 C0 C5 .N...... .]M..... >+[07F0] 08 E7 31 72 8E 35 63 17 8D 8B 3D 49 14 C8 A5 90 ..1r.5c. ..=I.... >+[0800] 88 24 AF 75 CA 0A CB 95 8A 2C 70 A6 CE 2F 3F B6 .$.u.... .,p../?. >+[0810] D7 1A 44 AC 05 93 EF 3D 03 C7 C2 8E 0F 31 9F 53 ..D....= .....1.S >+[0820] 67 CA 73 D3 B8 07 76 36 35 6F B5 32 30 38 86 7E g.s...v6 5o.208.~ >+[0830] 7E 95 3F DC F4 6F A9 67 0E 15 E8 4A CA 3F 18 0E ~.?..o.g ...J.?.. >+[0840] C6 E7 20 22 6B F1 39 6A 9C A6 47 64 81 E4 CB A8 .. "k.9j ..Gd.... >+[0850] 31 FF E2 97 13 41 89 45 79 53 2B A8 90 97 DE 7B 1....A.E yS+....{ >+[0860] 18 56 95 02 2A 94 D2 7E 5C D0 A0 BC A0 38 D2 BC .V..*..~ \....8.. >+[0870] 03 91 F7 35 FE 1A 5E 80 10 13 4E 83 CB F6 D7 8A ...5..^. ..N..... >+[0880] 02 A2 E8 1F D8 9B F1 76 F9 18 66 56 9C 4D 9E BF .......v ..fV.M.. >+[0890] 1D F4 66 86 E0 7B 88 EC 9C F7 50 13 7D 34 8A 54 ..f..{.. ..P.}4.T >+[08A0] 7A E1 EC F6 44 12 47 84 7D 16 B4 42 25 E5 A2 CC z...D.G. }..B%... >+[08B0] D8 CA 7A 38 21 85 A3 F8 41 6D 0D AC 1D FA 36 5D ..z8!... Am....6] >+[08C0] 23 EA 20 CC 43 A5 7E D9 25 97 BC 0E 74 F5 3D 98 #. .C.~. %...t.=. >+[08D0] B9 79 C2 65 50 0E 8D E7 7A F3 F3 88 37 A3 40 01 .y.eP... z...7.@. >+[08E0] 96 C6 FC 1D 6E 9E 06 A1 90 A0 78 3C DA 7F E9 C6 ....n... ..x<.... >+[08F0] 23 47 70 04 03 EE C2 4A C3 95 07 44 00 BD 29 2A #Gp....J ...D..)* >+[0900] B5 FA 17 1E D6 BC 00 A0 93 55 E0 82 0A AB 04 D4 ........ .U...... >+[0910] D5 56 84 2A B2 56 51 05 DB 30 E2 83 5A 75 D3 A8 .V.*.VQ. .0..Zu.. >+[0920] 30 B7 3E C4 25 70 A8 34 E4 A2 EB 3E FB D8 2D 10 0.>.%p.4 ...>..-. >+[0930] 72 8E DA 4D 2D 55 EC 49 66 5E 01 96 E4 C1 0C 23 r..M-U.I f^.....# >+[0940] 57 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 W....... ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C 4B 54 .host... .LOCALKT >+[09B0] 45 53 54 36 00 17 00 00 00 10 9D AE 06 BE 29 E0 EST6.... ......). >+[09C0] F7 9A 46 97 29 E0 69 8E 5A F0 4D 9B 90 45 4D 9B ..F.).i. Z.M..EM. >+[09D0] 90 61 7D 46 4C 43 00 00 00 00 00 40 28 00 00 00 .a}FLC.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 54 45 ..host.. LOCALKTE >+[0A30] 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 ST6....0 ........ >+[0A40] A1 03 02 01 03 A2 82 03 9C 04 82 03 98 B9 C5 6E ........ .......n >+[0A50] 77 F9 59 6D 19 F0 A6 56 2F 14 B3 9A A3 17 06 A6 w.Ym...V /....... >+[0A60] AD F5 92 38 6A 1E EA 3D 53 BF 5E 95 13 FF 5D BB ...8j..= S.^...]. >+[0A70] 43 4F 51 AE FB 12 3B 06 67 36 91 B9 E0 C4 C4 F3 COQ...;. g6...... >+[0A80] 45 A0 48 E6 DC 49 E8 EA 6F 55 D2 3F 79 57 54 FF E.H..I.. oU.?yWT. >+[0A90] 10 8D 89 4A A4 E2 B2 80 FD EE 36 C5 D5 4C D0 97 ...J.... ..6..L.. >+[0AA0] B3 EC 96 8B E8 5A 05 F0 13 39 8B 1B B3 C4 32 2A .....Z.. .9....2* >+[0AB0] 9B BB EF 06 C4 1C 53 2F 0A F6 A8 C6 BE 09 57 26 ......S/ ......W& >+[0AC0] B9 39 7B 7B 50 13 2D 6C 52 FF C4 B5 83 28 A8 47 .9{{P.-l R....(.G >+[0AD0] 5A CD 1C DD A7 65 FD 8A 84 2A 10 E7 44 E6 83 E7 Z....e.. .*..D... >+[0AE0] E7 AA B8 E5 0A 8B 7E E1 87 7B 3D C4 9F 68 BD 19 ......~. .{=..h.. >+[0AF0] 2B 59 5E 5A 45 0D B5 71 CC A6 C7 03 3C B3 17 D3 +Y^ZE..q ....<... >+[0B00] AF 99 F6 A2 52 A0 99 F7 39 56 B4 33 B4 C5 F4 CC ....R... 9V.3.... >+[0B10] 74 34 4C 00 76 26 10 D1 3A 87 6E 6A 52 9B 7A BF t4L.v&.. :.njR.z. >+[0B20] 4E 59 36 32 C5 41 29 CF E1 BF 14 E0 54 BF 4A 25 NY62.A). ....T.J% >+[0B30] 1F 0B 6E 9A 8C 0E 5D 47 A9 64 1B A4 9D 99 A9 09 ..n...]G .d...... >+[0B40] 39 14 E7 41 22 98 8C 62 CC E2 B5 91 8E C1 31 EB 9..A"..b ......1. >+[0B50] B2 70 A6 3B 86 FC DD 19 0B 3F 5D C9 B5 1A 95 73 .p.;.... .?]....s >+[0B60] EB 97 89 BE 14 87 85 17 BE 40 F6 80 14 23 4D 66 ........ .@...#Mf >+[0B70] E4 B0 E5 51 46 34 DA 1C C8 CB FF C6 84 A3 DF D2 ...QF4.. ........ >+[0B80] DC 00 AF 7B 27 C8 78 44 CB 6E 7B CC 5C 94 1E 7A ...{'.xD .n{.\..z >+[0B90] 95 29 19 F4 14 BE 5C 23 C3 B9 A4 2C 5D 4D F3 61 .)....\# ...,]M.a >+[0BA0] 63 1F D4 FE 37 EE 44 14 06 B7 14 50 B6 74 37 75 c...7.D. ...P.t7u >+[0BB0] 2C AB 06 F0 93 F9 93 34 75 63 44 7E 12 48 D1 F1 ,......4 ucD~.H.. >+[0BC0] 06 55 14 11 B9 23 43 CE 01 16 3E 6B A3 BD 23 55 .U...#C. ..>k..#U >+[0BD0] DE 48 5D AF E1 2B 89 E8 E7 C2 E2 34 25 A2 09 4A .H]..+.. ...4%..J >+[0BE0] 1F BE 05 AA DE 4B 08 65 27 4C 9B C7 54 96 C2 FB .....K.e 'L..T... >+[0BF0] E2 CE 53 4A 32 93 8D 0B 44 77 8C D3 65 54 F9 0E ..SJ2... Dw..eT.. >+[0C00] 7F 74 1E FE 3D 74 83 0F 2F E7 9F BC A2 B0 2B 25 .t..=t.. /.....+% >+[0C10] BB D2 6F A8 49 C1 3E 9E B5 93 67 74 39 A4 FE 84 ..o.I.>. ..gt9... >+[0C20] 4C 45 5F 30 74 E0 CA 5F F6 46 EC 89 B5 2D C8 14 LE_0t.._ .F...-.. >+[0C30] 69 76 BC 93 15 F4 60 30 5F AB EB 02 DD 12 4C 62 iv....`0 _.....Lb >+[0C40] F9 73 F7 01 E1 7F 2A 6F 09 05 BF 3A 3A 7E 69 A3 .s....*o ...::~i. >+[0C50] 7B FC 20 2B D6 CE C0 74 4F BB 29 E4 BE CE 04 9D {. +...t O.)..... >+[0C60] 24 D4 98 4A ED 94 A8 81 CD 26 A0 63 EA 09 57 42 $..J.... .&.c..WB >+[0C70] 26 B7 B5 4E B5 CB 45 35 A7 84 D8 74 CA C3 9F FF &..N..E5 ...t.... >+[0C80] C8 1E 2A 75 34 01 C5 A7 B4 9D 6F A3 E1 BB 2B F8 ..*u4... ..o...+. >+[0C90] F0 21 D6 77 57 74 2E 80 DB 76 53 01 86 33 17 32 .!.wWt.. .vS..3.2 >+[0CA0] 2E 16 E1 8D 89 3A B2 67 ED A3 ED 39 82 87 26 A6 .....:.g ...9..&. >+[0CB0] DB CE 59 84 E4 0A A6 CA 7E 07 98 F7 02 91 6E 56 ..Y..... ~.....nV >+[0CC0] 9F 60 03 D3 88 B0 FF EB 20 CA 9E 5B 37 26 67 00 .`...... ..[7&g. >+[0CD0] CC BD 9D 53 15 31 53 14 FD 9C E1 28 08 CB C4 0B ...S.1S. ...(.... >+[0CE0] E3 50 D9 DB 0C E2 E4 F9 44 50 E9 28 6E 01 96 AA .P...... DP.(n... >+[0CF0] C1 D2 4E B2 DE 38 A2 F8 94 32 79 AE 49 64 FB 57 ..N..8.. .2y.Id.W >+[0D00] 50 F6 73 E8 98 43 C6 DD 67 3C 91 AC 97 C9 2E 8C P.s..C.. g<...... >+[0D10] 06 59 A1 FC 49 EC 2F BF 6F 64 21 63 ED C8 6C CE .Y..I./. od!c..l. >+[0D20] 37 28 7B 80 7F 5F 85 F6 98 93 C0 66 A8 D6 F1 2C 7({.._.. ...f..., >+[0D30] D8 01 68 B1 C8 EA 82 0D 5B 9B 35 4F 3D B3 47 19 ..h..... [.5O=.G. >+[0D40] 54 7A C6 9F AD D7 54 CF B0 DB 3E 18 BA 2A 39 08 Tz....T. ..>..*9. >+[0D50] 0C C4 98 4B 43 DE 53 68 25 B1 83 93 1D E1 6C BF ...KC.Sh %.....l. >+[0D60] F5 B4 A9 83 17 34 64 8C 2F 91 80 97 4A 48 EC 90 .....4d. /...JH.. >+[0D70] BB FA 92 2C 01 80 E4 99 91 0E 67 88 D5 75 AB 7C ...,.... ..g..u.| >+[0D80] 98 59 98 45 C9 11 A9 8C 02 98 91 DE AB A0 FF 45 .Y.E.... .......E >+[0D90] 11 66 6F C5 DE 61 6D C6 DB C9 CA A3 A0 2B B1 73 .fo..am. .....+.s >+[0DA0] 05 85 37 BF AB CA 43 7A 6F 38 C8 BE ED CE 12 49 ..7...Cz o8.....I >+[0DB0] 93 C7 7C 1A 33 60 52 7A 67 67 AA 60 57 7E C8 FF ..|.3`Rz gg.`W~.. >+[0DC0] DF 91 91 18 45 74 C0 9E 36 19 BC 42 F9 46 CC 84 ....Et.. 6..B.F.. >+[0DD0] 09 2E 8C 59 1A E3 65 51 F4 87 6F 4C 3E 29 38 E6 ...Y..eQ ..oL>)8. >+[0DE0] 77 E8 A9 B7 FA 00 00 00 00 00 00 00 01 00 00 00 w....... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 01 78 D0 LKTEST6. ......x. >+[0E60] 3B 9B FF F0 88 86 4B 3B FE 41 A9 6B 00 4D 9B 90 ;.....K; .A.k.M.. >+[0E70] 45 4D 9B 90 6B 7D 46 4C 43 00 00 00 00 00 40 28 EM..k}FL C.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 03 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] CA EA 4D 46 2D D1 E9 58 5D 25 8D 9F DF EA C9 01 ..MF-..X ]%...... >+[0F00] B6 08 27 CD 14 85 02 DC 20 C6 51 AA F9 6A B1 CE ..'..... .Q..j.. >+[0F10] F5 77 84 BF 9A AC 6B A7 B2 F2 1F 60 BF CB C6 FC .w....k. ...`.... >+[0F20] C7 14 B7 41 1C A8 C9 70 7B 86 BC 8E 70 2B 65 4B ...A...p {...p+eK >+[0F30] DC F5 B9 23 F8 08 BF 96 C9 A8 77 F4 54 67 25 F8 ...#.... ..w.Tg%. >+[0F40] 0F A8 C5 D6 D1 BB 46 5E A0 7E D2 98 9C CD AF E0 ......F^ .~...... >+[0F50] 82 62 ED 39 D2 FB F2 E8 9B 1B EE E5 B4 1B C9 0A .b.9.... ........ >+[0F60] 86 27 52 6E 11 8B D7 AD B4 54 F9 C6 69 8D E0 F1 .'Rn.... .T..i... >+[0F70] CD 63 1C 89 7C 8F B6 A0 71 53 A6 DA B1 66 D2 9D .c..|... qS...f.. >+[0F80] D3 4C A8 FB C6 9D 81 74 10 8E 84 D2 3D D8 1C BE .L.....t ....=... >+[0F90] BB 3F F7 BF 91 3E 89 66 43 A1 E0 90 1B 1A 97 FF .?...>.f C....... >+[0FA0] EF CC 35 75 14 62 4F 67 3A 29 F4 F9 C5 2E BE C5 ..5u.bOg :)...... >+[0FB0] C2 2B A8 35 22 D9 92 31 1D 49 2A A5 19 AA 08 0F .+.5"..1 .I*..... >+[0FC0] A8 22 0B 68 D2 A2 D7 07 7B 37 1E A3 AC 9B 4F 0A .".h.... {7....O. >+[0FD0] A4 FA 7F 37 6F 3E 35 79 4E 00 4B B6 28 A3 6A E4 ...7o>5y N.K.(.j. >+[0FE0] 0C 95 53 BA E8 41 07 DA BE E9 08 B9 51 24 91 49 ..S..A.. ....Q$.I >+[0FF0] 78 5D 44 12 BC 85 63 81 B8 E0 88 D5 95 0C D3 A8 x]D...c. ........ >+[1000] 1D 32 4B E4 A0 C8 A7 7D 3C 97 EE D8 59 AC 3A 21 .2K....} <...Y.:! >+[1010] 09 F2 7A CC D0 4A F3 50 10 DC FC 26 BB C2 6A 8E ..z..J.P ...&..j. >+[1020] 8B 14 2B 2D 50 2E B3 1E 9B D2 69 56 22 F2 48 BD ..+-P... ..iV".H. >+[1030] E9 2E 2F 28 DE 77 67 5F 68 AA 29 05 4B 36 58 40 ../(.wg_ h.).K6X@ >+[1040] E5 54 11 C5 4D 68 96 49 9D 53 37 87 5F D2 3A 9B .T..Mh.I .S7._.:. >+[1050] E9 8E 79 BE AE 11 B4 6B AB FD DB 8A F5 A0 9B 29 ..y....k .......) >+[1060] D9 F5 ED CA FA 3F FE 35 FC F4 69 7E E4 D0 44 29 .....?.5 ..i~..D) >+[1070] 48 FF 82 61 26 FC D3 E2 10 EE 14 F7 4A E3 CD F2 H..a&... ....J... >+[1080] 8B BC 8B 43 64 2C DE 40 6E BB E1 56 C0 B6 2C D0 ...Cd,.@ n..V..,. >+[1090] E5 1E E9 B3 FB 38 48 66 ED AF D2 25 D1 35 5C C6 .....8Hf ...%.5\. >+[10A0] F0 4D 36 19 0B EC 33 07 34 D0 27 8D 14 DC 01 45 .M6...3. 4.'....E >+[10B0] DE F8 73 A6 A0 F4 C1 91 9D BD 05 E3 70 25 E1 10 ..s..... ....p%.. >+[10C0] 44 F6 4B 46 F7 24 84 BF 20 96 AD 6A 96 94 81 58 D.KF.$.. ..j...X >+[10D0] 80 95 06 92 F5 7F 17 39 3B 32 47 B2 C5 CE 7B 73 .......9 ;2G...{s >+[10E0] CF 53 AE FA D1 9A 60 5A 98 EC 8C FA BD C0 CE 8D .S....`Z ........ >+[10F0] C5 27 E6 17 1A 4D 47 D8 3F 5D A9 7C FB 2C B3 05 .'...MG. ?].|.,.. >+[1100] 0C 69 20 48 99 80 11 DC 48 AB A7 EA 5B 98 C1 15 .i H.... H...[... >+[1110] 27 AE FA 3E 1E 1E E0 E1 F8 32 C0 54 13 D6 30 34 '..>.... .2.T..04 >+[1120] 71 98 26 61 6C 1C C4 C7 4E C4 A6 7E FE A8 B8 89 q.&al... N..~.... >+[1130] 2A 70 3C 19 58 8D 57 45 55 83 0A C2 B5 F7 89 0E *p<.X.WE U....... >+[1140] 7B 7A 17 0C CF 6E 08 A5 F7 21 4A 62 81 4F 49 CA {z...n.. .!Jb.OI. >+[1150] E2 ED C2 B4 C7 33 5C BC A1 A0 DE 4E 09 37 BE 24 .....3\. ...N.7.$ >+[1160] 62 22 94 55 75 AA 53 DE E0 74 5A B0 B8 E9 BF 2B b".Uu.S. .tZ....+ >+[1170] 12 65 2F 90 6B 84 ED 11 AD F7 CE 19 A1 96 E4 1E .e/.k... ........ >+[1180] 8C EA C8 81 1B 47 4F 5F B1 5D A5 8B E3 0D 5A 80 .....GO_ .]....Z. >+[1190] 89 EC 4B D9 CE ED E8 67 7F 96 FC 1B EF 65 C2 68 ..K....g .....e.h >+[11A0] 40 F7 20 36 83 58 62 F4 CA 02 F4 5C 0D 46 B1 CB @. 6.Xb. ...\.F.. >+[11B0] 50 D2 D8 3D B7 9A 96 48 8C CF EB E6 8C F4 B2 B4 P..=...H ........ >+[11C0] 47 C9 34 C9 DC 14 F1 33 1B 6F 9E 65 27 D7 9D 46 G.4....3 .o.e'..F >+[11D0] 1E 91 FF 2E FB 8E 97 5D 17 8F 48 54 7C 3C A0 11 .......] ..HT|<.. >+[11E0] 9C AA 77 E9 79 DE 26 D1 F0 7C EA 24 73 BE EC 60 ..w.y.&. .|.$s..` >+[11F0] B4 EE BD ED 0D 0A AB 74 60 6E 46 C0 35 5B 65 1A .......t `nF.5[e. >+[1200] A4 4A 5C 22 AC B9 CD B7 56 06 88 09 FC 48 68 55 .J\".... V....HhU >+[1210] B7 5E 39 72 DF 8A 4C CD 79 74 B0 84 0B 78 DA B2 .^9r..L. yt...x.. >+[1220] 55 F8 06 0B 5C 27 06 B3 CA 10 65 6B 04 A3 64 11 U...\'.. ..ek..d. >+[1230] 04 09 DC DF 67 00 70 B1 16 DF 24 E9 27 85 11 91 ....g.p. ..$.'... >+[1240] 31 CB 92 95 50 18 91 08 C2 A1 A3 76 C7 1A FC 64 1...P... ...v...d >+[1250] 9E 2C 3A E7 30 F4 16 0D A0 56 C0 BC D2 FE 2D A0 .,:.0... .V....-. >+[1260] 20 A4 E2 82 AD F0 C5 12 71 09 23 E1 66 52 53 D0 ....... q.#.fRS. >+[1270] 89 30 E7 BE B7 C2 89 F2 1C 7A F6 8E D7 28 F0 A4 .0...... .z...(.. >+[1280] 33 46 7C A2 79 66 DE 26 00 00 00 00 3F|.yf.& .... >+push returned Success >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] E5 E4 15 C8 A8 0F 4D 95 F9 1B E3 B9 98 CA A1 7F ......M. ........ >+ authtime : 0x4d9b9045 (1302040645) >+ starttime : 0x4d9b9045 (1302040645) >+ endtime : 0x7d464c43 (2101759043) >+ renew_till : 0x7d464c43 (2101759043) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 01 40 48 A6 B8 F0 DA 43 54 A5 18 CF B0 15 CB 68 .@H....C T......h >+[0080] 9F A0 69 44 87 A9 FF 06 25 B9 29 48 59 64 26 48 ..iD.... %.)HYd&H >+[0090] 96 7C 46 6A 79 E5 F0 77 DB 46 6C 20 A1 59 D9 F8 .|Fjy..w .Fl .Y.. >+[00A0] 6A 8A 2D B5 D9 EF A4 54 DE 19 20 C0 7B 93 D4 3D j.-....T .. .{..= >+[00B0] ED 72 35 AF 9D 87 75 9E 44 01 A4 6C D9 EA 94 A3 .r5...u. D..l.... >+[00C0] 18 C6 42 75 E3 0A 0C 76 9A AE 75 BC A3 02 91 BC ..Bu...v ..u..... >+[00D0] 2D BB 3C 23 73 A6 1A A7 8A 3E 85 42 5D 1F 5D 7D -.<#s... .>.B].]} >+[00E0] 0B 1F C3 88 2A 93 40 F9 E9 18 7D 3F 73 DA AC 1F ....*.@. ..}?s... >+[00F0] E7 7B C3 B8 14 56 C3 63 86 5B AF C9 C3 21 9F 94 .{...V.c .[...!.. >+[0100] B4 67 06 60 7F 56 2D F4 C7 22 CD B4 1C 14 B7 5B .g.`.V-. .".....[ >+[0110] 26 67 9D 18 28 B5 5D C2 FC 13 B6 CA 9F AB CD 32 &g..(.]. .......2 >+[0120] 71 D5 51 5F A2 11 5A 5D 4A B3 3B 1D D1 6B 4F 7D q.Q_..Z] J.;..kO} >+[0130] E9 54 F0 B4 AC 80 DE 27 80 C5 64 3C 0B 22 79 1C .T.....' ..d<."y. >+[0140] 9E D1 58 A1 3E 20 5A 9F E3 34 49 D8 16 C6 6B 2D ..X.> Z. .4I...k- >+[0150] 36 0E E2 C2 3F 44 DE 63 32 DB EB 78 50 A2 6F 37 6...?D.c 2..xP.o7 >+[0160] 05 2B 13 D4 31 07 D4 2A C0 53 B1 30 39 79 C3 D8 .+..1..* .S.09y.. >+[0170] C4 4C 30 97 E8 F9 DA ED 10 B0 D0 21 71 8B 56 F3 .L0..... ...!q.V. >+[0180] 0F 3A 2D 26 A2 3D AD 70 27 82 95 59 0A D7 7D 4E .:-&.=.p '..Y..}N >+[0190] 2D 76 96 4D 94 70 2A BB 26 3B 7E FC E1 59 5A 55 -v.M.p*. &;~..YZU >+[01A0] 04 A2 DA 27 AD 46 70 45 43 C0 FB C1 42 7F F0 CB ...'.FpE C...B... >+[01B0] 21 D2 CD 54 35 7C 60 13 EE BB BB 60 6B 91 2B BE !..T5|`. ...`k.+. >+[01C0] 91 8A CF 49 29 F8 60 D1 AB A5 51 B5 5E 4B B2 3A ...I).`. ..Q.^K.: >+[01D0] F4 56 3A 89 2D 88 D0 73 08 A6 FB D8 6E B3 B1 4E .V:.-..s ....n..N >+[01E0] D8 90 27 58 D2 53 40 B2 A0 3C 40 4D E9 21 C6 83 ..'X.S@. .<@M.!.. >+[01F0] FC 15 14 F0 8C 08 46 C5 29 14 E3 84 CC 2C 56 C9 ......F. )....,V. >+[0200] 20 53 45 34 D0 BE E0 CC F7 F1 15 D4 D4 B1 3C 43 SE4.... ......<C >+[0210] EB 5E 9D 33 07 B4 5B E7 D8 24 B0 EB 7B 27 24 6B .^.3..[. .$..{'$k >+[0220] 2A 90 C9 17 D9 24 CF FD 56 28 D7 73 74 03 2F DA *....$.. V(.st./. >+[0230] C4 E0 B3 78 E4 9A 60 4D 5C C7 F5 CF 9C 14 7C B6 ...x..`M \.....|. >+[0240] 1B 5D 76 D1 E3 73 73 2F 41 BD E3 E7 F0 92 B4 5B .]v..ss/ A......[ >+[0250] 07 B4 16 77 DC 3C 28 A4 92 82 C5 7C CA 00 9C 77 ...w.<(. ...|...w >+[0260] B8 28 7F D0 3F EA 2B C1 79 2B 73 FF E0 E0 A5 17 .(..?.+. y+s..... >+[0270] 02 CA 6C B6 02 D2 51 D3 CE 6F 5B 56 E0 7B 38 22 ..l...Q. .o[V.{8" >+[0280] 76 52 48 2D 0A 2F 15 58 A9 FE 03 65 E1 D5 A8 60 vRH-./.X ...e...` >+[0290] E3 5D E6 53 D8 AA 05 D0 90 61 EF B6 28 4A B9 84 .].S.... .a..(J.. >+[02A0] 56 79 80 D2 53 08 1D 17 C4 05 4E F8 04 10 2B CF Vy..S... ..N...+. >+[02B0] 08 DD 61 68 27 21 A5 8A C0 35 6A 0A 94 6D 9E FD ..ah'!.. .5j..m.. >+[02C0] C9 45 AC E3 4F 60 BB 96 AF D4 4E 71 A9 D9 BE 33 .E..O`.. ..Nq...3 >+[02D0] DC 61 8B 14 77 6C A7 72 70 02 65 62 32 9C 8E 53 .a..wl.r p.eb2..S >+[02E0] C9 A3 5B B9 14 3C 00 A2 1D C7 CD 36 5B 5F BE 40 ..[..<.. ...6[_.@ >+[02F0] 28 E2 58 0D D1 05 53 78 F0 86 0F 80 1A 6A 1D DC (.X...Sx .....j.. >+[0300] D4 CD F2 83 0E 25 E1 60 DB C7 F4 B6 05 4F 0D 11 .....%.` .....O.. >+[0310] A4 AE A5 F8 6D 14 CF DF 03 C5 27 75 75 B5 0C F1 ....m... ..'uu... >+[0320] C3 01 F9 A4 FD 2E 0B BD 51 A8 C1 3B DE 48 CF 3A ........ Q..;.H.: >+[0330] CF B3 41 23 9A 9D 0C 79 11 7C 9B D3 71 43 4E 9D ..A#...y .|..qCN. >+[0340] B5 52 19 28 2C A0 4E 0E 8D 7A 84 9A B9 A0 EB FA .R.(,.N. .z...... >+[0350] 6E A1 DF B9 2F 6B FE 5E AE 85 D1 6B A2 C5 BE 07 n.../k.^ ...k.... >+[0360] E7 D6 33 3A 0F 2B ED FB 30 6F 88 1E F9 09 CC C3 ..3:.+.. 0o...... >+[0370] 8F 59 A0 D4 8D 9F A6 08 B0 D3 ED EB 15 13 1B 8E .Y...... ........ >+[0380] 19 C6 14 9C 25 E7 E9 EF 5A 67 7B CD 86 C4 D1 51 ....%... Zg{....Q >+[0390] 2B DE 27 30 D9 F5 6E F9 E4 3E CF 42 54 AE 42 61 +.'0..n. .>.BT.Ba >+[03A0] C5 22 B7 AE 51 76 8F 12 83 7F E1 9F 97 D8 31 38 ."..Qv.. ......18 >+[03B0] A6 B9 11 B4 E1 BA 19 5B E4 A5 A3 6F 4B B3 03 93 .......[ ...oK... >+[03C0] 4C D6 1E 08 FC 94 D1 C5 7C AA 95 EB 9C 7A C2 57 L....... |....z.W >+[03D0] 60 CA 17 FF 8E 66 80 76 CB 35 46 26 C3 BD CA 83 `....f.v .5F&.... >+[03E0] F0 04 08 0D 4C 5D B2 E4 7C 1C 82 28 D7 2C 42 B1 ....L].. |..(.,B. >+[03F0] 36 72 60 5E 26 4A 79 D0 41 94 3C 2C 65 0E 32 18 6r`^&Jy. A.<,e.2. >+[0400] B8 56 26 9D D3 84 78 BB .V&...x. >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=4748 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 68 6F 73 74 00 PLE.COM. ...host. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 EA 0D 3A 24 41 21 F7 7D 7D A3 C5 BB ......:$ A!.}}... >+[0080] A4 88 F6 17 4D 9B 90 45 4D 9B 90 52 7D 46 4C 43 ....M..E M..R}FLC >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 68 6F 73 74 ........ 0...host >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 03 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 44 8B C4 7D BA 9F FE 59 F6 .......D ..}...Y. >+[0110] C1 DF 62 89 02 A4 55 54 AB D6 D6 2E 8B 5E 35 3D ..b...UT .....^5= >+[0120] D9 46 9D 8B 49 93 A6 66 5F 1A 8B 81 AD 09 19 E9 .F..I..f _....... >+[0130] 59 CE 58 18 50 63 4A A6 7D 6F 71 21 51 4A 41 C2 Y.X.PcJ. }oq!QJA. >+[0140] A1 FE B0 D5 0A 3D 38 9F E5 3B 72 A2 7A 59 22 A4 .....=8. .;r.zY". >+[0150] B7 1C A3 8D DB EA 5D A5 E2 D3 1D AE 42 D0 7F 75 ......]. ....B..u >+[0160] B5 E9 ED B5 04 7B 67 1E 28 90 7D 3D 1A 3E F6 62 .....{g. (.}=.>.b >+[0170] D0 A1 56 89 28 76 5C 19 1A FD 66 E5 F2 86 E7 58 ..V.(v\. ..f....X >+[0180] 93 31 90 C5 CD F8 71 96 56 21 15 13 F0 EA C2 CC .1....q. V!...... >+[0190] 48 4C B4 50 EF F9 81 44 29 8A 75 C4 31 75 D1 BA HL.P...D ).u.1u.. >+[01A0] E2 0B 05 B2 E0 EA 64 3A 11 45 84 3D 69 55 FF E6 ......d: .E.=iU.. >+[01B0] 32 7E C9 CA C4 28 E8 40 B6 5E F9 26 0F 09 12 1F 2~...(.@ .^.&.... >+[01C0] 1F D4 9C 9A 50 E8 B7 6D F8 4F 55 6E 2A D4 AC 6A ....P..m .OUn*..j >+[01D0] 79 D1 C2 2A 88 99 F8 39 75 36 F1 2D C7 89 0A C6 y..*...9 u6.-.... >+[01E0] B4 C7 A1 7B F1 BF 22 87 A4 B2 93 22 54 A1 72 25 ...{..". ..."T.r% >+[01F0] AF 67 FE 20 D5 C8 29 47 28 FF 51 FB F9 4E 2C 17 .g. ..)G (.Q..N,. >+[0200] 10 BE 2E 13 8B 18 BE 3C A3 BE 50 49 A7 65 DD 2E .......< ..PI.e.. >+[0210] CC EB D6 0F 47 4E DB 7E 08 D5 F0 37 79 36 8F 24 ....GN.~ ...7y6.$ >+[0220] 34 28 86 89 EC A3 84 7F 44 4E 37 03 B5 D8 89 1C 4(...... DN7..... >+[0230] C7 AA AC 42 70 5F 96 73 35 8B 83 D1 16 24 27 C1 ...Bp_.s 5....$'. >+[0240] EC 0E AE 83 59 5A C2 EB C1 91 B6 3D BB 8D 21 49 ....YZ.. ...=..!I >+[0250] 63 41 3C 91 1D E9 01 C2 4F A9 E4 42 C1 FD 54 E3 cA<..... O..B..T. >+[0260] 7B 3B DF 24 3D 98 E9 84 F8 1D 8D CE 4D 85 AC 8A {;.$=... ....M... >+[0270] 12 15 48 C4 DA 1B 3C B8 FC A3 0B AF E2 4D 71 E9 ..H...<. .....Mq. >+[0280] 0A 28 53 DC 4E 6C 23 2C 73 26 50 FE 37 03 BF D1 .(S.Nl#, s&P.7... >+[0290] 5F 8A 39 4F 04 2E 4A CE 3C 90 11 0C DA 84 5C C3 _.9O..J. <.....\. >+[02A0] F8 BE C7 74 ED F4 CF 7E B2 AE 9B 47 D6 2A 1D 93 ...t...~ ...G.*.. >+[02B0] 3F A8 8B 51 E9 A3 A0 59 55 DB E3 52 67 E3 DE FF ?..Q...Y U..Rg... >+[02C0] B1 56 74 A0 87 21 99 23 8C 8E D1 92 A6 3D 93 D6 .Vt..!.# .....=.. >+[02D0] 4D 5B 84 2B B1 8D DD E4 F7 01 A6 6C 4A DF 3C 6E M[.+.... ...lJ.<n >+[02E0] A0 FA 74 93 BE 18 7C 30 29 9D B8 DB 5F D1 AA B7 ..t...|0 )..._... >+[02F0] 51 7C 2A 90 1A 8B 06 95 E1 80 0D 27 B2 6C 52 1C Q|*..... ...'.lR. >+[0300] C7 D1 E9 16 14 F1 6C 57 48 28 BD 13 B5 83 BA A7 ......lW H(...... >+[0310] 75 31 69 52 03 38 69 13 62 ED C6 DC C2 01 C8 F1 u1iR.8i. b....... >+[0320] 45 02 4D 8C 64 CF 96 90 3E C2 08 EC 2B 8D 92 93 E.M.d... >...+... >+[0330] 4B 6D 22 B3 41 DE 85 35 2D 19 09 E5 68 8E 1F 98 Km".A..5 -...h... >+[0340] 1B F2 73 F2 D4 91 08 89 42 0C 05 8B 42 77 6B CC ..s..... B...Bwk. >+[0350] 18 78 43 1A 73 C2 7C E7 C2 23 28 56 F7 A0 19 B3 .xC.s.|. .#(V.... >+[0360] 99 A6 25 4F C3 5E 70 EC 78 BB 30 15 36 77 B3 A6 ..%O.^p. x.0.6w.. >+[0370] 89 98 B6 A0 85 CC 8F E7 41 40 B5 E0 89 93 25 04 ........ A@....%. >+[0380] B8 1D 0B 06 31 1D C7 30 52 E1 64 29 8C 64 B9 89 ....1..0 R.d).d.. >+[0390] 1F 86 5A AD 74 15 1C C8 AF 37 7B 27 E0 C0 DB 73 ..Z.t... .7{'...s >+[03A0] 30 72 65 D3 C0 A5 07 61 E9 0C 07 A1 27 18 8F 50 0re....a ....'..P >+[03B0] DB CE FB 4C DD 75 98 F2 28 D2 76 FF F2 41 9F D5 ...L.u.. (.v..A.. >+[03C0] 74 22 8A 03 73 B1 A8 B3 B8 80 93 E5 E2 CD 4B F2 t"..s... ......K. >+[03D0] 6B 99 DF 5B 5B C7 22 69 81 2A 8A CD 2A F9 9D 08 k..[[."i .*..*... >+[03E0] B8 B0 40 77 D3 43 8B AF 40 DD 0C CB 45 E3 88 CB ..@w.C.. @...E... >+[03F0] 06 AA 63 38 EB DD 72 89 03 0E DC 3E 97 3F 16 D4 ..c8..r. ...>.?.. >+[0400] 1A 21 40 D8 30 BD B0 B4 04 C2 7A 22 43 15 A2 D8 .!@.0... ..z"C... >+[0410] 2F 08 28 3B 63 26 AA B3 1C B6 FC E4 0B 2A CD 0E /.(;c&.. .....*.. >+[0420] A8 7C E8 11 33 03 D3 C5 6C 35 6A 5D 3C 5A 80 1A .|..3... l5j]<Z.. >+[0430] BC 1C 54 DE 5C 6A E2 F3 A1 18 8E 47 88 8B 71 11 ..T.\j.. ...G..q. >+[0440] 09 2F 29 88 D9 BB DC 34 09 E1 2F 7E A7 E8 29 DC ./)....4 ../~..). >+[0450] F9 5A 1D 9E C8 A4 CC 52 8A E6 CB 4A 3F F9 77 F7 .Z.....R ...J?.w. >+[0460] 53 64 62 9E 5F E6 D7 F6 43 E6 9C 03 C9 55 B1 CB Sdb._... C....U.. >+[0470] 25 40 74 AA E9 AB 34 58 E1 E8 9B B3 1D 9E 83 FD %@t...4X ........ >+[0480] 7A BF DC 45 2D A8 9A F8 AF 9C 63 EF 1B 2B 9D CC z..E-... ..c..+.. >+[0490] F3 08 74 EC 6E 40 8E 18 62 BD F3 87 66 87 67 00 ..t.n@.. b...f.g. >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 92 C6 A1 91 6D 55 01 4E BE 6....... ...mU.N. >+[0520] E4 3F E3 36 B0 D3 28 4D 9B 90 45 4D 9B 90 5A 7D .?.6..(M ..EM..Z} >+[0530] 46 4C 43 00 00 00 00 00 40 28 00 00 00 00 00 00 FLC..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 03 A2 82 03 9C 04 82 03 98 FE 09 00 80 36 35 ........ ......65 >+[05B0] D4 6E 71 0C 33 22 36 9E 89 88 32 E3 34 4A 4C BF .nq.3"6. ..2.4JL. >+[05C0] 80 19 81 CC A0 CB 96 DB 31 F7 2A 19 75 DE 0E DA ........ 1.*.u... >+[05D0] D0 18 FA 9E 75 E6 E4 13 C9 BE 3F C0 1B AD 5B 98 ....u... ..?...[. >+[05E0] E9 FC A3 9D 16 FF C8 91 03 AC 8B E6 2D 15 B3 F1 ........ ....-... >+[05F0] 23 4E 25 9E 45 3A F8 8A 19 B7 71 52 A6 92 1C FB #N%.E:.. ..qR.... >+[0600] 1F D4 4C 51 AF 9C 0E 73 D9 A8 D8 43 F2 64 71 BC ..LQ...s ...C.dq. >+[0610] AD B1 7B 8F BF 8D FF 72 89 0F 5E B6 C2 E3 C0 01 ..{....r ..^..... >+[0620] 98 41 AD 3F 6E DC 87 F5 9A E6 40 0C 17 0F 75 80 .A.?n... ..@...u. >+[0630] 0C 28 62 06 EB BF F8 69 8C 43 48 38 A8 AE F2 5E .(b....i .CH8...^ >+[0640] 45 11 23 FB 6B 85 83 54 BA 60 39 CE 08 00 D1 05 E.#.k..T .`9..... >+[0650] 5F 6F 79 96 30 28 06 DD C7 75 52 8E 3C C4 3F FC _oy.0(.. .uR.<.?. >+[0660] C1 31 28 2C 64 3B D1 7E 2F C2 DB B0 E8 A8 EF C5 .1(,d;.~ /....... >+[0670] F2 DC 43 D0 14 21 C8 D0 D3 15 45 8E 2A 3E 3B 4A ..C..!.. ..E.*>;J >+[0680] 60 25 3D 11 E4 F9 16 02 3E 55 8F CE D2 E9 95 E7 `%=..... >U...... >+[0690] B1 C4 8F C4 0B 3E 3C 14 15 28 1A 21 49 15 CE 8E .....><. .(.!I... >+[06A0] 91 5E 98 71 00 1F 29 D3 12 C8 D0 11 4F E7 14 E3 .^.q..). ....O... >+[06B0] 72 1B 61 6D 7B 8A 00 A6 5E 01 01 50 C2 CF 1A A9 r.am{... ^..P.... >+[06C0] 34 8C BA 33 9E 62 C5 69 97 6A 24 3D E0 C6 3F C6 4..3.b.i .j$=..?. >+[06D0] F4 36 B1 80 D6 5C 44 19 5B 65 C7 CA 47 DE 4B 65 .6...\D. [e..G.Ke >+[06E0] 41 29 9F F8 EA E8 E0 3B E2 C6 98 9D 58 A4 6C 62 A).....; ....X.lb >+[06F0] EF 25 12 C9 0E 97 CE 9D F0 D8 08 AD 13 73 A6 82 .%...... .....s.. >+[0700] C5 54 23 F4 A4 CB 91 35 91 BD 10 B4 04 DD 55 7E .T#....5 ......U~ >+[0710] C9 DE AE CB B0 8F C0 D8 28 AE BD 78 64 91 6C AB ........ (..xd.l. >+[0720] CA 36 EA 0E 0E 97 DC 40 ED 26 1D 09 17 28 30 D3 .6.....@ .&...(0. >+[0730] 78 DC F7 D2 9C 78 DA 6F 6F 57 00 B3 FD 8E 75 A1 x....x.o oW....u. >+[0740] 56 98 5C 4B D8 61 A6 0A 89 27 CD 11 BF 7F 79 53 V.\K.a.. .'....yS >+[0750] D9 50 9A 8D EC DD DB BB B8 23 27 0D 20 5B 53 51 .P...... .#'. [SQ >+[0760] 07 C4 26 31 3B D4 DF ED 3C 40 B4 1C 8B 46 E2 A6 ..&1;... <@...F.. >+[0770] B7 0F 97 D2 B3 1D 19 FD 13 60 7B 38 E6 37 0C 59 ........ .`{8.7.Y >+[0780] B0 A8 47 5D 32 A5 0C 57 76 EF 2C ED 40 9F BF 4B ..G]2..W v.,.@..K >+[0790] 43 99 3C 68 C4 DE 84 9C A1 36 8C CA CB 2A 08 36 C.<h.... .6...*.6 >+[07A0] 4E CD 43 06 9E F8 E7 1D 52 3B 59 37 4F 6F 65 D9 N.C..... R;Y7Ooe. >+[07B0] 2A F9 AD 5A 50 95 71 3F B1 5F C8 8E 2E E9 E4 FE *..ZP.q? ._...... >+[07C0] C8 A9 42 2C EE 18 E0 81 3C 00 E2 80 8D 8A 8B 71 ..B,.... <......q >+[07D0] C7 F5 AC 5C 36 1D E0 BC F0 11 57 67 CB 2C BE F6 ...\6... ..Wg.,.. >+[07E0] 90 4E F9 90 97 14 1F 0C 9D 5D 4D DF 0D D0 C0 C5 .N...... .]M..... >+[07F0] 08 E7 31 72 8E 35 63 17 8D 8B 3D 49 14 C8 A5 90 ..1r.5c. ..=I.... >+[0800] 88 24 AF 75 CA 0A CB 95 8A 2C 70 A6 CE 2F 3F B6 .$.u.... .,p../?. >+[0810] D7 1A 44 AC 05 93 EF 3D 03 C7 C2 8E 0F 31 9F 53 ..D....= .....1.S >+[0820] 67 CA 73 D3 B8 07 76 36 35 6F B5 32 30 38 86 7E g.s...v6 5o.208.~ >+[0830] 7E 95 3F DC F4 6F A9 67 0E 15 E8 4A CA 3F 18 0E ~.?..o.g ...J.?.. >+[0840] C6 E7 20 22 6B F1 39 6A 9C A6 47 64 81 E4 CB A8 .. "k.9j ..Gd.... >+[0850] 31 FF E2 97 13 41 89 45 79 53 2B A8 90 97 DE 7B 1....A.E yS+....{ >+[0860] 18 56 95 02 2A 94 D2 7E 5C D0 A0 BC A0 38 D2 BC .V..*..~ \....8.. >+[0870] 03 91 F7 35 FE 1A 5E 80 10 13 4E 83 CB F6 D7 8A ...5..^. ..N..... >+[0880] 02 A2 E8 1F D8 9B F1 76 F9 18 66 56 9C 4D 9E BF .......v ..fV.M.. >+[0890] 1D F4 66 86 E0 7B 88 EC 9C F7 50 13 7D 34 8A 54 ..f..{.. ..P.}4.T >+[08A0] 7A E1 EC F6 44 12 47 84 7D 16 B4 42 25 E5 A2 CC z...D.G. }..B%... >+[08B0] D8 CA 7A 38 21 85 A3 F8 41 6D 0D AC 1D FA 36 5D ..z8!... Am....6] >+[08C0] 23 EA 20 CC 43 A5 7E D9 25 97 BC 0E 74 F5 3D 98 #. .C.~. %...t.=. >+[08D0] B9 79 C2 65 50 0E 8D E7 7A F3 F3 88 37 A3 40 01 .y.eP... z...7.@. >+[08E0] 96 C6 FC 1D 6E 9E 06 A1 90 A0 78 3C DA 7F E9 C6 ....n... ..x<.... >+[08F0] 23 47 70 04 03 EE C2 4A C3 95 07 44 00 BD 29 2A #Gp....J ...D..)* >+[0900] B5 FA 17 1E D6 BC 00 A0 93 55 E0 82 0A AB 04 D4 ........ .U...... >+[0910] D5 56 84 2A B2 56 51 05 DB 30 E2 83 5A 75 D3 A8 .V.*.VQ. .0..Zu.. >+[0920] 30 B7 3E C4 25 70 A8 34 E4 A2 EB 3E FB D8 2D 10 0.>.%p.4 ...>..-. >+[0930] 72 8E DA 4D 2D 55 EC 49 66 5E 01 96 E4 C1 0C 23 r..M-U.I f^.....# >+[0940] 57 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 W....... ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C 4B 54 .host... .LOCALKT >+[09B0] 45 53 54 36 00 17 00 00 00 10 9D AE 06 BE 29 E0 EST6.... ......). >+[09C0] F7 9A 46 97 29 E0 69 8E 5A F0 4D 9B 90 45 4D 9B ..F.).i. Z.M..EM. >+[09D0] 90 61 7D 46 4C 43 00 00 00 00 00 40 28 00 00 00 .a}FLC.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 54 45 ..host.. LOCALKTE >+[0A30] 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 ST6....0 ........ >+[0A40] A1 03 02 01 03 A2 82 03 9C 04 82 03 98 B9 C5 6E ........ .......n >+[0A50] 77 F9 59 6D 19 F0 A6 56 2F 14 B3 9A A3 17 06 A6 w.Ym...V /....... >+[0A60] AD F5 92 38 6A 1E EA 3D 53 BF 5E 95 13 FF 5D BB ...8j..= S.^...]. >+[0A70] 43 4F 51 AE FB 12 3B 06 67 36 91 B9 E0 C4 C4 F3 COQ...;. g6...... >+[0A80] 45 A0 48 E6 DC 49 E8 EA 6F 55 D2 3F 79 57 54 FF E.H..I.. oU.?yWT. >+[0A90] 10 8D 89 4A A4 E2 B2 80 FD EE 36 C5 D5 4C D0 97 ...J.... ..6..L.. >+[0AA0] B3 EC 96 8B E8 5A 05 F0 13 39 8B 1B B3 C4 32 2A .....Z.. .9....2* >+[0AB0] 9B BB EF 06 C4 1C 53 2F 0A F6 A8 C6 BE 09 57 26 ......S/ ......W& >+[0AC0] B9 39 7B 7B 50 13 2D 6C 52 FF C4 B5 83 28 A8 47 .9{{P.-l R....(.G >+[0AD0] 5A CD 1C DD A7 65 FD 8A 84 2A 10 E7 44 E6 83 E7 Z....e.. .*..D... >+[0AE0] E7 AA B8 E5 0A 8B 7E E1 87 7B 3D C4 9F 68 BD 19 ......~. .{=..h.. >+[0AF0] 2B 59 5E 5A 45 0D B5 71 CC A6 C7 03 3C B3 17 D3 +Y^ZE..q ....<... >+[0B00] AF 99 F6 A2 52 A0 99 F7 39 56 B4 33 B4 C5 F4 CC ....R... 9V.3.... >+[0B10] 74 34 4C 00 76 26 10 D1 3A 87 6E 6A 52 9B 7A BF t4L.v&.. :.njR.z. >+[0B20] 4E 59 36 32 C5 41 29 CF E1 BF 14 E0 54 BF 4A 25 NY62.A). ....T.J% >+[0B30] 1F 0B 6E 9A 8C 0E 5D 47 A9 64 1B A4 9D 99 A9 09 ..n...]G .d...... >+[0B40] 39 14 E7 41 22 98 8C 62 CC E2 B5 91 8E C1 31 EB 9..A"..b ......1. >+[0B50] B2 70 A6 3B 86 FC DD 19 0B 3F 5D C9 B5 1A 95 73 .p.;.... .?]....s >+[0B60] EB 97 89 BE 14 87 85 17 BE 40 F6 80 14 23 4D 66 ........ .@...#Mf >+[0B70] E4 B0 E5 51 46 34 DA 1C C8 CB FF C6 84 A3 DF D2 ...QF4.. ........ >+[0B80] DC 00 AF 7B 27 C8 78 44 CB 6E 7B CC 5C 94 1E 7A ...{'.xD .n{.\..z >+[0B90] 95 29 19 F4 14 BE 5C 23 C3 B9 A4 2C 5D 4D F3 61 .)....\# ...,]M.a >+[0BA0] 63 1F D4 FE 37 EE 44 14 06 B7 14 50 B6 74 37 75 c...7.D. ...P.t7u >+[0BB0] 2C AB 06 F0 93 F9 93 34 75 63 44 7E 12 48 D1 F1 ,......4 ucD~.H.. >+[0BC0] 06 55 14 11 B9 23 43 CE 01 16 3E 6B A3 BD 23 55 .U...#C. ..>k..#U >+[0BD0] DE 48 5D AF E1 2B 89 E8 E7 C2 E2 34 25 A2 09 4A .H]..+.. ...4%..J >+[0BE0] 1F BE 05 AA DE 4B 08 65 27 4C 9B C7 54 96 C2 FB .....K.e 'L..T... >+[0BF0] E2 CE 53 4A 32 93 8D 0B 44 77 8C D3 65 54 F9 0E ..SJ2... Dw..eT.. >+[0C00] 7F 74 1E FE 3D 74 83 0F 2F E7 9F BC A2 B0 2B 25 .t..=t.. /.....+% >+[0C10] BB D2 6F A8 49 C1 3E 9E B5 93 67 74 39 A4 FE 84 ..o.I.>. ..gt9... >+[0C20] 4C 45 5F 30 74 E0 CA 5F F6 46 EC 89 B5 2D C8 14 LE_0t.._ .F...-.. >+[0C30] 69 76 BC 93 15 F4 60 30 5F AB EB 02 DD 12 4C 62 iv....`0 _.....Lb >+[0C40] F9 73 F7 01 E1 7F 2A 6F 09 05 BF 3A 3A 7E 69 A3 .s....*o ...::~i. >+[0C50] 7B FC 20 2B D6 CE C0 74 4F BB 29 E4 BE CE 04 9D {. +...t O.)..... >+[0C60] 24 D4 98 4A ED 94 A8 81 CD 26 A0 63 EA 09 57 42 $..J.... .&.c..WB >+[0C70] 26 B7 B5 4E B5 CB 45 35 A7 84 D8 74 CA C3 9F FF &..N..E5 ...t.... >+[0C80] C8 1E 2A 75 34 01 C5 A7 B4 9D 6F A3 E1 BB 2B F8 ..*u4... ..o...+. >+[0C90] F0 21 D6 77 57 74 2E 80 DB 76 53 01 86 33 17 32 .!.wWt.. .vS..3.2 >+[0CA0] 2E 16 E1 8D 89 3A B2 67 ED A3 ED 39 82 87 26 A6 .....:.g ...9..&. >+[0CB0] DB CE 59 84 E4 0A A6 CA 7E 07 98 F7 02 91 6E 56 ..Y..... ~.....nV >+[0CC0] 9F 60 03 D3 88 B0 FF EB 20 CA 9E 5B 37 26 67 00 .`...... ..[7&g. >+[0CD0] CC BD 9D 53 15 31 53 14 FD 9C E1 28 08 CB C4 0B ...S.1S. ...(.... >+[0CE0] E3 50 D9 DB 0C E2 E4 F9 44 50 E9 28 6E 01 96 AA .P...... DP.(n... >+[0CF0] C1 D2 4E B2 DE 38 A2 F8 94 32 79 AE 49 64 FB 57 ..N..8.. .2y.Id.W >+[0D00] 50 F6 73 E8 98 43 C6 DD 67 3C 91 AC 97 C9 2E 8C P.s..C.. g<...... >+[0D10] 06 59 A1 FC 49 EC 2F BF 6F 64 21 63 ED C8 6C CE .Y..I./. od!c..l. >+[0D20] 37 28 7B 80 7F 5F 85 F6 98 93 C0 66 A8 D6 F1 2C 7({.._.. ...f..., >+[0D30] D8 01 68 B1 C8 EA 82 0D 5B 9B 35 4F 3D B3 47 19 ..h..... [.5O=.G. >+[0D40] 54 7A C6 9F AD D7 54 CF B0 DB 3E 18 BA 2A 39 08 Tz....T. ..>..*9. >+[0D50] 0C C4 98 4B 43 DE 53 68 25 B1 83 93 1D E1 6C BF ...KC.Sh %.....l. >+[0D60] F5 B4 A9 83 17 34 64 8C 2F 91 80 97 4A 48 EC 90 .....4d. /...JH.. >+[0D70] BB FA 92 2C 01 80 E4 99 91 0E 67 88 D5 75 AB 7C ...,.... ..g..u.| >+[0D80] 98 59 98 45 C9 11 A9 8C 02 98 91 DE AB A0 FF 45 .Y.E.... .......E >+[0D90] 11 66 6F C5 DE 61 6D C6 DB C9 CA A3 A0 2B B1 73 .fo..am. .....+.s >+[0DA0] 05 85 37 BF AB CA 43 7A 6F 38 C8 BE ED CE 12 49 ..7...Cz o8.....I >+[0DB0] 93 C7 7C 1A 33 60 52 7A 67 67 AA 60 57 7E C8 FF ..|.3`Rz gg.`W~.. >+[0DC0] DF 91 91 18 45 74 C0 9E 36 19 BC 42 F9 46 CC 84 ....Et.. 6..B.F.. >+[0DD0] 09 2E 8C 59 1A E3 65 51 F4 87 6F 4C 3E 29 38 E6 ...Y..eQ ..oL>)8. >+[0DE0] 77 E8 A9 B7 FA 00 00 00 00 00 00 00 01 00 00 00 w....... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 01 78 D0 LKTEST6. ......x. >+[0E60] 3B 9B FF F0 88 86 4B 3B FE 41 A9 6B 00 4D 9B 90 ;.....K; .A.k.M.. >+[0E70] 45 4D 9B 90 6B 7D 46 4C 43 00 00 00 00 00 40 28 EM..k}FL C.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 03 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] CA EA 4D 46 2D D1 E9 58 5D 25 8D 9F DF EA C9 01 ..MF-..X ]%...... >+[0F00] B6 08 27 CD 14 85 02 DC 20 C6 51 AA F9 6A B1 CE ..'..... .Q..j.. >+[0F10] F5 77 84 BF 9A AC 6B A7 B2 F2 1F 60 BF CB C6 FC .w....k. ...`.... >+[0F20] C7 14 B7 41 1C A8 C9 70 7B 86 BC 8E 70 2B 65 4B ...A...p {...p+eK >+[0F30] DC F5 B9 23 F8 08 BF 96 C9 A8 77 F4 54 67 25 F8 ...#.... ..w.Tg%. >+[0F40] 0F A8 C5 D6 D1 BB 46 5E A0 7E D2 98 9C CD AF E0 ......F^ .~...... >+[0F50] 82 62 ED 39 D2 FB F2 E8 9B 1B EE E5 B4 1B C9 0A .b.9.... ........ >+[0F60] 86 27 52 6E 11 8B D7 AD B4 54 F9 C6 69 8D E0 F1 .'Rn.... .T..i... >+[0F70] CD 63 1C 89 7C 8F B6 A0 71 53 A6 DA B1 66 D2 9D .c..|... qS...f.. >+[0F80] D3 4C A8 FB C6 9D 81 74 10 8E 84 D2 3D D8 1C BE .L.....t ....=... >+[0F90] BB 3F F7 BF 91 3E 89 66 43 A1 E0 90 1B 1A 97 FF .?...>.f C....... >+[0FA0] EF CC 35 75 14 62 4F 67 3A 29 F4 F9 C5 2E BE C5 ..5u.bOg :)...... >+[0FB0] C2 2B A8 35 22 D9 92 31 1D 49 2A A5 19 AA 08 0F .+.5"..1 .I*..... >+[0FC0] A8 22 0B 68 D2 A2 D7 07 7B 37 1E A3 AC 9B 4F 0A .".h.... {7....O. >+[0FD0] A4 FA 7F 37 6F 3E 35 79 4E 00 4B B6 28 A3 6A E4 ...7o>5y N.K.(.j. >+[0FE0] 0C 95 53 BA E8 41 07 DA BE E9 08 B9 51 24 91 49 ..S..A.. ....Q$.I >+[0FF0] 78 5D 44 12 BC 85 63 81 B8 E0 88 D5 95 0C D3 A8 x]D...c. ........ >+[1000] 1D 32 4B E4 A0 C8 A7 7D 3C 97 EE D8 59 AC 3A 21 .2K....} <...Y.:! >+[1010] 09 F2 7A CC D0 4A F3 50 10 DC FC 26 BB C2 6A 8E ..z..J.P ...&..j. >+[1020] 8B 14 2B 2D 50 2E B3 1E 9B D2 69 56 22 F2 48 BD ..+-P... ..iV".H. >+[1030] E9 2E 2F 28 DE 77 67 5F 68 AA 29 05 4B 36 58 40 ../(.wg_ h.).K6X@ >+[1040] E5 54 11 C5 4D 68 96 49 9D 53 37 87 5F D2 3A 9B .T..Mh.I .S7._.:. >+[1050] E9 8E 79 BE AE 11 B4 6B AB FD DB 8A F5 A0 9B 29 ..y....k .......) >+[1060] D9 F5 ED CA FA 3F FE 35 FC F4 69 7E E4 D0 44 29 .....?.5 ..i~..D) >+[1070] 48 FF 82 61 26 FC D3 E2 10 EE 14 F7 4A E3 CD F2 H..a&... ....J... >+[1080] 8B BC 8B 43 64 2C DE 40 6E BB E1 56 C0 B6 2C D0 ...Cd,.@ n..V..,. >+[1090] E5 1E E9 B3 FB 38 48 66 ED AF D2 25 D1 35 5C C6 .....8Hf ...%.5\. >+[10A0] F0 4D 36 19 0B EC 33 07 34 D0 27 8D 14 DC 01 45 .M6...3. 4.'....E >+[10B0] DE F8 73 A6 A0 F4 C1 91 9D BD 05 E3 70 25 E1 10 ..s..... ....p%.. >+[10C0] 44 F6 4B 46 F7 24 84 BF 20 96 AD 6A 96 94 81 58 D.KF.$.. ..j...X >+[10D0] 80 95 06 92 F5 7F 17 39 3B 32 47 B2 C5 CE 7B 73 .......9 ;2G...{s >+[10E0] CF 53 AE FA D1 9A 60 5A 98 EC 8C FA BD C0 CE 8D .S....`Z ........ >+[10F0] C5 27 E6 17 1A 4D 47 D8 3F 5D A9 7C FB 2C B3 05 .'...MG. ?].|.,.. >+[1100] 0C 69 20 48 99 80 11 DC 48 AB A7 EA 5B 98 C1 15 .i H.... H...[... >+[1110] 27 AE FA 3E 1E 1E E0 E1 F8 32 C0 54 13 D6 30 34 '..>.... .2.T..04 >+[1120] 71 98 26 61 6C 1C C4 C7 4E C4 A6 7E FE A8 B8 89 q.&al... N..~.... >+[1130] 2A 70 3C 19 58 8D 57 45 55 83 0A C2 B5 F7 89 0E *p<.X.WE U....... >+[1140] 7B 7A 17 0C CF 6E 08 A5 F7 21 4A 62 81 4F 49 CA {z...n.. .!Jb.OI. >+[1150] E2 ED C2 B4 C7 33 5C BC A1 A0 DE 4E 09 37 BE 24 .....3\. ...N.7.$ >+[1160] 62 22 94 55 75 AA 53 DE E0 74 5A B0 B8 E9 BF 2B b".Uu.S. .tZ....+ >+[1170] 12 65 2F 90 6B 84 ED 11 AD F7 CE 19 A1 96 E4 1E .e/.k... ........ >+[1180] 8C EA C8 81 1B 47 4F 5F B1 5D A5 8B E3 0D 5A 80 .....GO_ .]....Z. >+[1190] 89 EC 4B D9 CE ED E8 67 7F 96 FC 1B EF 65 C2 68 ..K....g .....e.h >+[11A0] 40 F7 20 36 83 58 62 F4 CA 02 F4 5C 0D 46 B1 CB @. 6.Xb. ...\.F.. >+[11B0] 50 D2 D8 3D B7 9A 96 48 8C CF EB E6 8C F4 B2 B4 P..=...H ........ >+[11C0] 47 C9 34 C9 DC 14 F1 33 1B 6F 9E 65 27 D7 9D 46 G.4....3 .o.e'..F >+[11D0] 1E 91 FF 2E FB 8E 97 5D 17 8F 48 54 7C 3C A0 11 .......] ..HT|<.. >+[11E0] 9C AA 77 E9 79 DE 26 D1 F0 7C EA 24 73 BE EC 60 ..w.y.&. .|.$s..` >+[11F0] B4 EE BD ED 0D 0A AB 74 60 6E 46 C0 35 5B 65 1A .......t `nF.5[e. >+[1200] A4 4A 5C 22 AC B9 CD B7 56 06 88 09 FC 48 68 55 .J\".... V....HhU >+[1210] B7 5E 39 72 DF 8A 4C CD 79 74 B0 84 0B 78 DA B2 .^9r..L. yt...x.. >+[1220] 55 F8 06 0B 5C 27 06 B3 CA 10 65 6B 04 A3 64 11 U...\'.. ..ek..d. >+[1230] 04 09 DC DF 67 00 70 B1 16 DF 24 E9 27 85 11 91 ....g.p. ..$.'... >+[1240] 31 CB 92 95 50 18 91 08 C2 A1 A3 76 C7 1A FC 64 1...P... ...v...d >+[1250] 9E 2C 3A E7 30 F4 16 0D A0 56 C0 BC D2 FE 2D A0 .,:.0... .V....-. >+[1260] 20 A4 E2 82 AD F0 C5 12 71 09 23 E1 66 52 53 D0 ....... q.#.fRS. >+[1270] 89 30 E7 BE B7 C2 89 F2 1C 7A F6 8E D7 28 F0 A4 .0...... .z...(.. >+[1280] 33 46 7C A2 79 66 DE 26 00 00 00 00 3F|.yf.& .... >+dump OK >-- >2.25.1 > > >From 0f100a0995ec523cb23502f732226c0d8bc30388 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:02:47 +1200 >Subject: [PATCH 037/177] krb5: Add Python functions to create a credentials > cache containing a service ticket > >This is a FILE: format credentials cache readable by the MIT/Heimdal >Kerberos libraries. This allows us to glue the Python ASN1 Kerberos >system to the MIT/Heimdal one. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2d88a6ff3dbcf650b09ef9c8c37170ca6663b533) >--- > python/samba/tests/krb5/kdc_base_test.py | 167 ++++++++++++++++++++++- > 1 file changed, 163 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1c7f05dda6d..d8193ae9cdc 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -1,6 +1,6 @@ > # Unix SMB/CIFS implementation. > # Copyright (C) Stefan Metzmacher 2020 >-# Copyright (C) 2020 Catalyst.Net Ltd >+# Copyright (C) 2020-2021 Catalyst.Net Ltd > # > # This program is free software; you can redistribute it and/or modify > # it under the terms of the GNU General Public License as published by >@@ -18,6 +18,8 @@ > > import sys > import os >+from datetime import datetime >+import tempfile > > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" >@@ -26,10 +28,10 @@ import ldb > from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session >-from samba.credentials import Credentials >-from samba.dcerpc import krb5pac >+from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >+from samba.dcerpc import krb5pac, krb5ccache > from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >-from samba.ndr import ndr_unpack >+from samba.ndr import ndr_pack, ndr_unpack > from samba.samdb import SamDB > > from samba.tests import delete_force >@@ -38,6 +40,8 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > AD_IF_RELEVANT, > AD_WIN2K_PAC, >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, > KDC_ERR_PREAUTH_REQUIRED, > KRB_AS_REP, > KRB_TGS_REP, >@@ -46,6 +50,8 @@ from samba.tests.krb5.rfc4120_constants import ( > KU_PA_ENC_TIMESTAMP, > KU_TGS_REP_ENC_PART_SUB_KEY, > KU_TICKET, >+ NT_PRINCIPAL, >+ NT_SRV_HST, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO2, > ) >@@ -445,3 +451,156 @@ class KDCBaseTest(RawKerberosTest): > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) > self.ldb.modify(msg) >+ >+ def create_ccache(self, cname, ticket, enc_part): >+ """ Lay out a version 4 on-disk credentials cache, to be read using the >+ FILE: protocol. >+ """ >+ >+ field = krb5ccache.DELTATIME_TAG() >+ field.kdc_sec_offset = 0 >+ field.kdc_usec_offset = 0 >+ >+ v4tag = krb5ccache.V4TAG() >+ v4tag.tag = 1 >+ v4tag.field = field >+ >+ v4tags = krb5ccache.V4TAGS() >+ v4tags.tag = v4tag >+ v4tags.further_tags = b'' >+ >+ optional_header = krb5ccache.V4HEADER() >+ optional_header.v4tags = v4tags >+ >+ cname_string = cname['name-string'] >+ >+ cprincipal = krb5ccache.PRINCIPAL() >+ cprincipal.name_type = cname['name-type'] >+ cprincipal.component_count = len(cname_string) >+ cprincipal.realm = ticket['realm'] >+ cprincipal.components = cname_string >+ >+ sname = ticket['sname'] >+ sname_string = sname['name-string'] >+ >+ sprincipal = krb5ccache.PRINCIPAL() >+ sprincipal.name_type = sname['name-type'] >+ sprincipal.component_count = len(sname_string) >+ sprincipal.realm = ticket['realm'] >+ sprincipal.components = sname_string >+ >+ key = self.EncryptionKey_import(enc_part['key']) >+ >+ key_data = key.export_obj() >+ keyblock = krb5ccache.KEYBLOCK() >+ keyblock.enctype = key_data['keytype'] >+ keyblock.data = key_data['keyvalue'] >+ >+ addresses = krb5ccache.ADDRESSES() >+ addresses.count = 0 >+ addresses.data = [] >+ >+ authdata = krb5ccache.AUTHDATA() >+ authdata.count = 0 >+ authdata.data = [] >+ >+ # Re-encode the ticket, since it was decoded by another layer. >+ ticket_data = self.der_encode(ticket, asn1Spec=krb5_asn1.Ticket()) >+ >+ authtime = enc_part['authtime'] >+ try: >+ starttime = enc_part['starttime'] >+ except KeyError: >+ starttime = authtime >+ endtime = enc_part['endtime'] >+ >+ cred = krb5ccache.CREDENTIAL() >+ cred.client = cprincipal >+ cred.server = sprincipal >+ cred.keyblock = keyblock >+ cred.authtime = int(datetime.strptime(authtime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.starttime = int(datetime.strptime(starttime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.endtime = int(datetime.strptime(endtime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.renew_till = cred.endtime >+ cred.is_skey = 0 >+ cred.ticket_flags = int(enc_part['flags'], 2) >+ cred.addresses = addresses >+ cred.authdata = authdata >+ cred.ticket = ticket_data >+ cred.second_ticket = b'' >+ >+ ccache = krb5ccache.CCACHE() >+ ccache.pvno = 5 >+ ccache.version = 4 >+ ccache.optional_header = optional_header >+ ccache.principal = cprincipal >+ ccache.cred = cred >+ >+ # Serialise the credentials cache structure. >+ result = ndr_pack(ccache) >+ >+ # Create a temporary file and write the credentials. >+ cachefile = tempfile.NamedTemporaryFile(dir=self.tempdir, delete=False) >+ cachefile.write(result) >+ cachefile.close() >+ >+ return cachefile >+ >+ def create_ccache_with_user(self, user_credentials, mach_name, >+ service="host"): >+ # Obtain a service ticket authorising the user and place it into a >+ # newly created credentials cache file. >+ >+ user_name = user_credentials.get_username() >+ realm = user_credentials.get_realm() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_HST, >+ names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(user_credentials, rep) >+ key = self.get_as_rep_key(user_credentials, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part['key']) >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_HST, >+ names=[service, mach_name]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, realm, ticket, key, etype) >+ self.check_tgs_reply(rep) >+ key = self.EncryptionKey_import(enc_part['key']) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ >+ # Write the ticket into a credentials cache file that can be ingested >+ # by the main credentials code. >+ cachefile = self.create_ccache(cname, ticket, enc_part) >+ >+ # Create a credentials object to reference the credentials cache. >+ creds = Credentials() >+ creds.set_kerberos_state(MUST_USE_KERBEROS) >+ creds.set_username(user_name, SPECIFIED) >+ creds.set_realm(realm) >+ creds.set_named_ccache(cachefile.name, SPECIFIED, self.lp) >+ >+ # Return the credentials along with the cache file. >+ return (creds, cachefile) >-- >2.25.1 > > >From 20c724b20130b4d211adf7a77ea944a35a70e4a1 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:06:33 +1200 >Subject: [PATCH 038/177] python: Add credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service using the normal >credentials system backed on to MIT/Heimdal Kerberos 5 libraries. This >will allow us to validate the output of the MIT/Heimdal libraries in the >future. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit c15f26ec40860782b22e862f9bdf665745387718) >--- > python/samba/tests/krb5/raw_testcase.py | 8 +- > python/samba/tests/krb5/rfc4120_constants.py | 1 + > python/samba/tests/krb5/test_ccache.py | 127 +++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 2 + > 5 files changed, 135 insertions(+), 4 deletions(-) > create mode 100755 python/samba/tests/krb5/test_ccache.py > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 82e68ee7019..27ab89ecf99 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -25,7 +25,7 @@ import random > > import samba.tests > from samba.credentials import Credentials >-from samba.tests import TestCase >+from samba.tests import TestCaseInTempDir > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > import samba.tests.krb5.kcrypto as kcrypto > >@@ -178,11 +178,11 @@ class Krb5EncryptionKey(object): > return EncryptionKey_obj > > >-class RawKerberosTest(TestCase): >+class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > > def setUp(self): >- super(RawKerberosTest, self).setUp() >+ super().setUp() > self.do_asn1_print = False > self.do_hexdump = False > >@@ -192,7 +192,7 @@ class RawKerberosTest(TestCase): > > def tearDown(self): > self._disconnect("tearDown") >- super(TestCase, self).tearDown() >+ super().tearDown() > > def _disconnect(self, reason): > if self.s is None: >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 5bbf1229d09..702f6084217 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -46,6 +46,7 @@ KDC_ERR_SKEW = 37 > # Name types > NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) > NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >+NT_SRV_HST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-HST')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >new file mode 100755 >index 00000000000..e0998a4c43f >--- /dev/null >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -0,0 +1,127 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from ldb import SCOPE_SUBTREE >+from samba import gensec >+from samba.auth import AuthContext >+from samba.dcerpc import security >+from samba.ndr import ndr_unpack >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class CcacheTests(KDCBaseTest): >+ """Test for authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_ccache(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "ccacheusr" >+ mach_name = "ccachemac" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Create the machine account. >+ (mach_credentials, _) = self.create_account(mach_name, >+ machine_account=True) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name) >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ settings = {} >+ settings["lp_ctx"] = self.lp >+ settings["target_hostname"] = mach_name >+ >+ gensec_client = gensec.Security.start_client(settings) >+ gensec_client.set_credentials(creds) >+ gensec_client.want_feature(gensec.FEATURE_SEAL) >+ gensec_client.start_mech_by_sasl_name("GSSAPI") >+ >+ auth_context = AuthContext(lp_ctx=self.lp, ldb=self.ldb, methods=[]) >+ >+ gensec_server = gensec.Security.start_server(settings, auth_context) >+ gensec_server.set_credentials(mach_credentials) >+ >+ gensec_server.start_mech_by_sasl_name("GSSAPI") >+ >+ client_finished = False >+ server_finished = False >+ server_to_client = b'' >+ >+ # Operate as both the client and the server to verify the user's >+ # credentials. >+ while not client_finished or not server_finished: >+ if not client_finished: >+ print("running client gensec_update") >+ (client_finished, client_to_server) = gensec_client.update( >+ server_to_client) >+ if not server_finished: >+ print("running server gensec_update") >+ (server_finished, server_to_client) = gensec_server.update( >+ client_to_server) >+ >+ # Ensure that the first SID contained within the obtained security >+ # token is the SID of the user we created. >+ >+ # Retrieve the user account's SID. >+ ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) >+ self.assertEqual(1, len(ldb_res)) >+ sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) >+ >+ # Retrieve the SIDs from the security token. >+ session = gensec_server.session_info() >+ token = session.security_token >+ token_sids = token.sids >+ self.assertGreater(len(token_sids), 0) >+ >+ # Ensure that they match. >+ self.assertEqual(sid, token_sids[0]) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 1b22461c735..2ca1e0215ce 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -95,6 +95,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tests.py', > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', >+ 'python/samba/tests/krb5/test_ccache.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 5507ed2b665..d4ca63f16a8 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -796,6 +796,8 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > > planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") >+ > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) > planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", >-- >2.25.1 > > >From c31f773f7b96bfedf404269dc6868dff57ae57dd Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Apr 2021 20:58:11 +1200 >Subject: [PATCH 039/177] python: Add LDAP credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service through LDAP. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 7663b5c37fa3413f7c67c018107322494e4a6fd9) >--- > python/samba/tests/krb5/test_ldap.py | 94 ++++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 96 insertions(+) > create mode 100755 python/samba/tests/krb5/test_ldap.py > >diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py >new file mode 100755 >index 00000000000..6a4bf52d77f >--- /dev/null >+++ b/python/samba/tests/krb5/test_ldap.py >@@ -0,0 +1,94 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from ldb import SCOPE_BASE, SCOPE_SUBTREE >+from samba.dcerpc import security >+from samba.ndr import ndr_unpack >+from samba.samdb import SamDB >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class LdapTests(KDCBaseTest): >+ """Test for LDAP authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_ldap(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "ldapusr" >+ mach_name = self.dns_host_name >+ service = "ldap" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name, >+ service) >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ # Retrieve the user account's SID. >+ ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) >+ self.assertEqual(1, len(ldb_res)) >+ sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) >+ >+ # Connect to the machine account and retrieve the user SID. >+ ldb_as_user = SamDB(url="ldap://%s" % mach_name, >+ credentials=creds, >+ lp=self.lp) >+ ldb_res = ldb_as_user.search('', >+ scope=SCOPE_BASE, >+ attrs=["tokenGroups"]) >+ self.assertEqual(1, len(ldb_res)) >+ >+ token_sid = ndr_unpack(security.dom_sid, ldb_res[0]["tokenGroups"][0]) >+ >+ # Ensure that they match. >+ self.assertEqual(sid, token_sid) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 2ca1e0215ce..45636f3d3a3 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -96,6 +96,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', > 'python/samba/tests/krb5/test_ccache.py', >+ 'python/samba/tests/krb5/test_ldap.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index d4ca63f16a8..4de6ead8af5 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -797,6 +797,7 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From 741cfee3530d1bb051c0b15d057b3f6c3e0f5efe Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 29 Apr 2021 21:04:25 +1200 >Subject: [PATCH 040/177] python: Add RPC credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service through RPC. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 072451a033da07c0cdaa005dd1020ef1c7951e99) >--- > python/samba/tests/krb5/test_rpc.py | 77 +++++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 79 insertions(+) > create mode 100755 python/samba/tests/krb5/test_rpc.py > >diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py >new file mode 100755 >index 00000000000..da1c4eb88ac >--- /dev/null >+++ b/python/samba/tests/krb5/test_rpc.py >@@ -0,0 +1,77 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from samba.dcerpc import lsa >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class RpcTests(KDCBaseTest): >+ """Test for RPC authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_rpc(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "rpcusr" >+ mach_name = self.dns_host_name >+ service = "cifs" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name, >+ service) >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ binding_str = "ncacn_np:%s[\\pipe\\lsarpc]" % mach_name >+ conn = lsa.lsarpc(binding_str, self.lp, creds) >+ >+ (account_name, _) = conn.GetUserName(None, None, None) >+ >+ self.assertEqual(user_name, account_name.string) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 45636f3d3a3..eb7c003b48b 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -97,6 +97,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tgs_tests.py', > 'python/samba/tests/krb5/test_ccache.py', > 'python/samba/tests/krb5/test_ldap.py', >+ 'python/samba/tests/krb5/test_rpc.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 4de6ead8af5..5402f0973de 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -798,6 +798,7 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc") > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From 19f0c511f4691313d9d6c1d7e5afcb9ac0a5ad74 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 15:48:43 +1200 >Subject: [PATCH 041/177] Revert "libsmb: Use sid_parse()" > >This reverts commit afd5d34f5e1d13ba88448b3b94d353aa8361d1a9. > >This code originally used ndr_pull_struct_blob() to pull one SID from a >buffer potentially containing multiple SIDs. When this was changed to >use sid_parse(), it was now attempting to parse the whole buffer as a >single SID with ndr_pull_struct_blob_all(), which would cause it to fail >if more than one SID was present. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2b487890d946df88abce67c3d07d74559f70f069) >--- > source3/libsmb/clifsinfo.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index bcfe406e07b..a9b3b03abb6 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -29,7 +29,6 @@ > #include "../libcli/smb/smbXcli_base.h" > #include "auth/credentials/credentials.h" > #include "../librpc/gen_ndr/ndr_security.h" >-#include "libcli/security/dom_sid.h" > > /**************************************************************************** > Get UNIX extensions version info. >@@ -686,9 +685,23 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > num_rdata -= (p - rdata); > > for (i = 0; i < state->num_sids; i++) { >- ssize_t sid_size = sid_parse(p, num_rdata, &state->sids[i]); >+ size_t sid_size; >+ DATA_BLOB in = data_blob_const(p, num_rdata); >+ enum ndr_err_code ndr_err; > >- if ((sid_size == -1) || (sid_size > num_rdata)) { >+ ndr_err = ndr_pull_struct_blob(&in, >+ state, >+ &state->sids[i], >+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid); >+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ >+ sid_size = ndr_size_dom_sid(&state->sids[i], 0); >+ >+ if (sid_size > num_rdata) { > tevent_req_nterror(req, > NT_STATUS_INVALID_NETWORK_RESPONSE); > return; >-- >2.25.1 > > >From efbd9eac9822470e96ffa20ddd21462683f3d061 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 15:55:01 +1200 >Subject: [PATCH 042/177] libsmb: Remove overflow check > >Pointer overflow is undefined, so this check does not accomplish >anything. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit db5b34c7682e36630908356cf674fddd18d8fa1f) >--- > source3/libsmb/clifsinfo.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index a9b3b03abb6..135a77f2312 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -650,7 +650,7 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > * parsing network packets in C. > */ > >- if (num_rdata < 40 || rdata + num_rdata < rdata) { >+ if (num_rdata < 40) { > tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); > return; > } >-- >2.25.1 > > >From c15274f3aa4d5dcf0c4462c632592256301768c0 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 16:16:51 +1200 >Subject: [PATCH 043/177] libsmb: Avoid undefined behaviour when parsing whoami > state > >If num_gids is such that the gids array would overflow the rdata buffer, >'p + 8' could produce a result pointing outside the buffer, and thus >result in undefined behaviour. To avoid this, we check num_gids against >the size of the buffer beforehand. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9d8aeed33d8edf7a5dc96dbe35e4e164e2baeeeb) >--- > source3/libsmb/clifsinfo.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index 135a77f2312..8ec74d191be 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -661,6 +661,13 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > state->num_gids = IVAL(rdata, 24); > state->num_sids = IVAL(rdata, 28); > >+ /* Ensure the gid array doesn't overflow */ >+ if (state->num_gids > (num_rdata - 40) / sizeof(uint64_t)) { >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > state->gids = talloc_array(state, uint64_t, state->num_gids); > if (tevent_req_nomem(state->gids, req)) { > return; >@@ -673,11 +680,6 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > p = rdata + 40; > > for (i = 0; i < state->num_gids; i++) { >- if (p + 8 > rdata + num_rdata) { >- tevent_req_nterror(req, >- NT_STATUS_INVALID_NETWORK_RESPONSE); >- return; >- } > state->gids[i] = BVAL(p, 0); > p += 8; > } >-- >2.25.1 > > >From 01f6a2047620dc7c7e46a79473bfb9c68b0e9bc9 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 16:22:43 +1200 >Subject: [PATCH 044/177] libsmb: Check to see that whoami is not receiving > more data than it requested > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9e414233c84d2f2fa4a9415be9ee975eca8b9bfd) >--- > source3/libsmb/clifsinfo.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index 8ec74d191be..c1f2eca8bcf 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -570,6 +570,8 @@ struct posix_whoami_state { > > static void cli_posix_whoami_done(struct tevent_req *subreq); > >+static const uint32_t posix_whoami_max_rdata = 62*1024; >+ > struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx, > struct tevent_context *ev, > struct cli_state *cli) >@@ -586,7 +588,7 @@ struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx, > SSVAL(state->setup, 0, TRANSACT2_QFSINFO); > SSVAL(state->param, 0, SMB_QUERY_POSIX_WHOAMI); > >- state->max_rdata = 62*1024; >+ state->max_rdata = posix_whoami_max_rdata; > > subreq = cli_trans_send(state, /* mem ctx. */ > ev, /* event ctx. */ >@@ -650,7 +652,7 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > * parsing network packets in C. > */ > >- if (num_rdata < 40) { >+ if (num_rdata < 40 || num_rdata > posix_whoami_max_rdata) { > tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); > return; > } >-- >2.25.1 > > >From 6ca17dcd5ca709cc771516899996e94bd0fb6d54 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 16:24:42 +1200 >Subject: [PATCH 045/177] libsmb: Ensure that whoami parses all the data > provided to it > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 9b96ebea5c6966b096cf1100a0895a9c41f2aa1d) >--- > source3/libsmb/clifsinfo.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index c1f2eca8bcf..c4e2a01bc45 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -714,6 +714,13 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) > p += sid_size; > num_rdata -= sid_size; > } >+ >+ if (num_rdata != 0) { >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > tevent_req_done(req); > } > >-- >2.25.1 > > >From 94a729a4459211b5fef0b68fd47e9db1c41cdb4e Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Fri, 30 Apr 2021 12:49:24 +1200 >Subject: [PATCH 046/177] pylibsmb: Add posix_whoami() > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >[abartlet@samba.org backport from commit >482559436f12a85adb3409433aac3ab06baa82b1 as the 4.13 backport >doesn't have ealier pylibsmb changes including >752a8f870de2bb087802a1287d7fb6c7624ac631 >(s3:pylibsmb: remove unused SECINFO_DEFAULT_FLAGS)] >--- > source3/libsmb/pylibsmb.c | 138 +++++++++++++++++++++++++++++++++++++- > 1 file changed, 137 insertions(+), 1 deletion(-) > >diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c >index 3fcc3424a57..551f552527e 100644 >--- a/source3/libsmb/pylibsmb.c >+++ b/source3/libsmb/pylibsmb.c >@@ -43,6 +43,8 @@ > SECINFO_DACL | SECINFO_PROTECTED_DACL | SECINFO_UNPROTECTED_DACL | \ > SECINFO_SACL | SECINFO_PROTECTED_SACL | SECINFO_UNPROTECTED_SACL) > >+static PyTypeObject *dom_sid_Type = NULL; >+ > static PyTypeObject *get_pytype(const char *module, const char *type) > { > PyObject *mod; >@@ -1331,6 +1333,123 @@ static PyObject *py_smb_mkdir(struct py_cli_state *self, PyObject *args) > Py_RETURN_NONE; > } > >+/* >+ * Does a whoami call >+ */ >+static PyObject *py_smb_posix_whoami(struct py_cli_state *self, >+ PyObject *Py_UNUSED(ignored)) >+{ >+ TALLOC_CTX *frame = talloc_stackframe(); >+ NTSTATUS status; >+ struct tevent_req *req = NULL; >+ uint64_t uid; >+ uint64_t gid; >+ uint32_t num_gids; >+ uint64_t *gids = NULL; >+ uint32_t num_sids; >+ struct dom_sid *sids = NULL; >+ bool guest; >+ PyObject *py_gids = NULL; >+ PyObject *py_sids = NULL; >+ PyObject *py_guest = NULL; >+ PyObject *py_ret = NULL; >+ Py_ssize_t i; >+ >+ req = cli_posix_whoami_send(frame, self->ev, self->cli); >+ if (!py_tevent_req_wait_exc(self, req)) { >+ goto fail; >+ } >+ status = cli_posix_whoami_recv(req, >+ frame, >+ &uid, >+ &gid, >+ &num_gids, >+ &gids, >+ &num_sids, >+ &sids, >+ &guest); >+ if (!NT_STATUS_IS_OK(status)) { >+ PyErr_SetNTSTATUS(status); >+ goto fail; >+ } >+ if (num_gids > PY_SSIZE_T_MAX) { >+ PyErr_SetString(PyExc_OverflowError, "posix_whoami: Too many GIDs"); >+ goto fail; >+ } >+ if (num_sids > PY_SSIZE_T_MAX) { >+ PyErr_SetString(PyExc_OverflowError, "posix_whoami: Too many SIDs"); >+ goto fail; >+ } >+ >+ py_gids = PyList_New(num_gids); >+ if (!py_gids) { >+ goto fail; >+ } >+ for (i = 0; i < num_gids; ++i) { >+ int ret; >+ PyObject *py_item = PyLong_FromUnsignedLongLong(gids[i]); >+ if (!py_item) { >+ goto fail2; >+ } >+ >+ ret = PyList_SetItem(py_gids, i, py_item); >+ if (ret) { >+ goto fail2; >+ } >+ } >+ py_sids = PyList_New(num_sids); >+ if (!py_sids) { >+ goto fail2; >+ } >+ for (i = 0; i < num_sids; ++i) { >+ int ret; >+ struct dom_sid *sid; >+ PyObject *py_item; >+ >+ sid = dom_sid_dup(frame, &sids[i]); >+ if (!sid) { >+ PyErr_NoMemory(); >+ goto fail3; >+ } >+ >+ py_item = pytalloc_steal(dom_sid_Type, sid); >+ if (!py_item) { >+ PyErr_NoMemory(); >+ goto fail3; >+ } >+ >+ ret = PyList_SetItem(py_sids, i, py_item); >+ if (ret) { >+ goto fail3; >+ } >+ } >+ >+ py_guest = guest ? Py_True : Py_False; >+ >+ py_ret = Py_BuildValue("KKNNO", >+ uid, >+ gid, >+ py_gids, >+ py_sids, >+ py_guest); >+ if (!py_ret) { >+ goto fail3; >+ } >+ >+ TALLOC_FREE(frame); >+ return py_ret; >+ >+fail3: >+ Py_CLEAR(py_sids); >+ >+fail2: >+ Py_CLEAR(py_gids); >+ >+fail: >+ TALLOC_FREE(frame); >+ return NULL; >+} >+ > /* > * Checks existence of a directory > */ >@@ -1587,6 +1706,8 @@ static PyMethodDef py_cli_state_methods[] = { > "unlink(path) -> None\n\n \t\tDelete a file." }, > { "mkdir", (PyCFunction)py_smb_mkdir, METH_VARARGS, > "mkdir(path) -> None\n\n \t\tCreate a directory." }, >+ { "posix_whoami", (PyCFunction)py_smb_posix_whoami, METH_NOARGS, >+ "posix_whoami() -> (uid, gid, gids, sids, guest)" }, > { "rmdir", (PyCFunction)py_smb_rmdir, METH_VARARGS, > "rmdir(path) -> None\n\n \t\tDelete a directory." }, > { "chkpath", (PyCFunction)py_smb_chkpath, METH_VARARGS, >@@ -1639,16 +1760,31 @@ static struct PyModuleDef moduledef = { > MODULE_INIT_FUNC(libsmb_samba_internal) > { > PyObject *m = NULL; >+ PyObject *mod = NULL; > > talloc_stackframe(); > >+ if (PyType_Ready(&py_cli_state_type) < 0) { >+ return NULL; >+ } >+ > m = PyModule_Create(&moduledef); > if (m == NULL) { > return m; > } >- if (PyType_Ready(&py_cli_state_type) < 0) { >+ >+ /* Import dom_sid type from dcerpc.security */ >+ mod = PyImport_ImportModule("samba.dcerpc.security"); >+ if (mod == NULL) { > return NULL; > } >+ >+ dom_sid_Type = (PyTypeObject *)PyObject_GetAttrString(mod, "dom_sid"); >+ if (dom_sid_Type == NULL) { >+ Py_DECREF(mod); >+ return NULL; >+ } >+ > Py_INCREF(&py_cli_state_type); > PyModule_AddObject(m, "Conn", (PyObject *)&py_cli_state_type); > >-- >2.25.1 > > >From 14ac0c70049bbd4b2a5620eac19c234ed0ec4507 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Fri, 30 Apr 2021 08:58:11 +1200 >Subject: [PATCH 047/177] python: Add SMB credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service through SMB. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 78a0b57b51642df07deed8aeb6e39e608fafda60) >--- > python/samba/tests/krb5/test_smb.py | 108 ++++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 110 insertions(+) > create mode 100755 python/samba/tests/krb5/test_smb.py > >diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py >new file mode 100755 >index 00000000000..0262a37ebb5 >--- /dev/null >+++ b/python/samba/tests/krb5/test_smb.py >@@ -0,0 +1,108 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2021 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+from ldb import SCOPE_SUBTREE >+from samba.dcerpc import security >+from samba.ndr import ndr_unpack >+from samba.samba3 import libsmb_samba_internal as libsmb >+from samba.samba3 import param as s3param >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class SmbTests(KDCBaseTest): >+ """Test for SMB authentication using Kerberos credentials stored in a >+ credentials cache file. >+ """ >+ >+ def test_smb(self): >+ # Create a user account and a machine account, along with a Kerberos >+ # credentials cache file where the service ticket authenticating the >+ # user are stored. >+ >+ user_name = "smbusr" >+ mach_name = self.dns_host_name >+ service = "cifs" >+ share = "tmp" >+ >+ # Create the user account. >+ (user_credentials, _) = self.create_account(user_name) >+ >+ # Talk to the KDC to obtain the service ticket, which gets placed into >+ # the cache. The machine account name has to match the name in the >+ # ticket, to ensure that the krbtgt ticket doesn't also need to be >+ # stored. >+ (creds, cachefile) = self.create_ccache_with_user(user_credentials, >+ mach_name, >+ service) >+ >+ # Set the Kerberos 5 credentials cache environment variable. This is >+ # required because the codepath that gets run (gse_krb5) looks for it >+ # in here and not in the credentials object. >+ krb5_ccname = os.environ.get("KRB5CCNAME", "") >+ self.addCleanup(os.environ.__setitem__, "KRB5CCNAME", krb5_ccname) >+ os.environ["KRB5CCNAME"] = "FILE:" + cachefile.name >+ >+ # Authenticate in-process to the machine account using the user's >+ # cached credentials. >+ >+ # Retrieve the user account's SID. >+ ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) >+ self.assertEqual(1, len(ldb_res)) >+ sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) >+ >+ # Connect to a share and retrieve the user SID. >+ s3_lp = s3param.get_context() >+ s3_lp.load(self.lp.configfile) >+ >+ min_protocol = s3_lp.get("client min protocol") >+ self.addCleanup(s3_lp.set, "client min protocol", min_protocol) >+ s3_lp.set("client min protocol", "NT1") >+ >+ max_protocol = s3_lp.get("client max protocol") >+ self.addCleanup(s3_lp.set, "client max protocol", max_protocol) >+ s3_lp.set("client max protocol", "NT1") >+ >+ conn = libsmb.Conn(mach_name, share, lp=s3_lp, creds=creds) >+ >+ (uid, gid, gids, sids, guest) = conn.posix_whoami() >+ >+ # Ensure that they match. >+ self.assertEqual(sid, sids[0]) >+ >+ # Remove the cached credentials file. >+ os.remove(cachefile.name) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index eb7c003b48b..e8eda7d6896 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -98,6 +98,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/test_ccache.py', > 'python/samba/tests/krb5/test_ldap.py', > 'python/samba/tests/krb5/test_rpc.py', >+ 'python/samba/tests/krb5/test_smb.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 5402f0973de..6005bc04d87 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -799,6 +799,7 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc") >+planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb") > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From 3a6e5e3ae8a2d156d0fc937d816a83155f7e5ae6 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 14:42:10 +1200 >Subject: [PATCH 048/177] python: Ensure reference counts are properly > incremented > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 290c1dc0975867a71c02e911708323d1f38b6f96) >--- > lib/talloc/pytalloc.c | 4 ++-- > libgpo/pygpo.c | 2 +- > source4/auth/gensec/pygensec.c | 4 ++-- > source4/librpc/ndr/py_security.c | 2 +- > source4/ntvfs/posix/python/pyposix_eadb.c | 2 +- > source4/ntvfs/posix/python/pyxattr_native.c | 4 ++-- > source4/ntvfs/posix/python/pyxattr_tdb.c | 2 +- > 7 files changed, 10 insertions(+), 10 deletions(-) > >diff --git a/lib/talloc/pytalloc.c b/lib/talloc/pytalloc.c >index cc5a6a812ea..4d3826153b9 100644 >--- a/lib/talloc/pytalloc.c >+++ b/lib/talloc/pytalloc.c >@@ -37,7 +37,7 @@ static PyObject *pytalloc_report_full(PyObject *self, PyObject *args) > } else { > talloc_report_full(pytalloc_get_mem_ctx(py_obj), stdout); > } >- return Py_None; >+ Py_RETURN_NONE; > } > > /* enable null tracking */ >@@ -45,7 +45,7 @@ static PyObject *pytalloc_enable_null_tracking(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { > talloc_enable_null_tracking(); >- return Py_None; >+ Py_RETURN_NONE; > } > > /* return the number of talloc blocks */ >diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c >index 29c8b11886e..3452bc77d61 100644 >--- a/libgpo/pygpo.c >+++ b/libgpo/pygpo.c >@@ -41,7 +41,7 @@ static PyObject* GPO_get_##ATTR(PyObject *self, void *closure) \ > if (gpo_ptr->ATTR) \ > return PyUnicode_FromString(gpo_ptr->ATTR); \ > else \ >- return Py_None; \ >+ Py_RETURN_NONE; \ > } > GPO_getter(ds_path) > GPO_getter(file_sys_path) >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 568fc7c8db7..490fcbecd58 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -426,9 +426,9 @@ static PyObject *py_gensec_have_feature(PyObject *self, PyObject *args) > return NULL; > > if (gensec_have_feature(security, feature)) { >- return Py_True; >+ Py_RETURN_TRUE; > } >- return Py_False; >+ Py_RETURN_FALSE; > } > > static PyObject *py_gensec_set_max_update_size(PyObject *self, PyObject *args) >diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c >index 4e9af544828..d4a2cd4f6f7 100644 >--- a/source4/librpc/ndr/py_security.c >+++ b/source4/librpc/ndr/py_security.c >@@ -342,7 +342,7 @@ static PyObject *py_descriptor_richcmp( > break; > } > >- return Py_NotImplemented; >+ Py_RETURN_NOTIMPLEMENTED; > } > > static void py_descriptor_patch(PyTypeObject *type) >diff --git a/source4/ntvfs/posix/python/pyposix_eadb.c b/source4/ntvfs/posix/python/pyposix_eadb.c >index c64a388bfc7..abf397f990c 100644 >--- a/source4/ntvfs/posix/python/pyposix_eadb.c >+++ b/source4/ntvfs/posix/python/pyposix_eadb.c >@@ -32,7 +32,7 @@ > static PyObject *py_is_xattr_supported(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { >- return Py_True; >+ Py_RETURN_TRUE; > } > > static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args) >diff --git a/source4/ntvfs/posix/python/pyxattr_native.c b/source4/ntvfs/posix/python/pyxattr_native.c >index 3be896911f2..d242cd98a5d 100644 >--- a/source4/ntvfs/posix/python/pyxattr_native.c >+++ b/source4/ntvfs/posix/python/pyxattr_native.c >@@ -29,9 +29,9 @@ static PyObject *py_is_xattr_supported(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { > #if !defined(HAVE_XATTR_SUPPORT) >- return Py_False; >+ Py_RETURN_FALSE; > #else >- return Py_True; >+ Py_RETURN_TRUE; > #endif > } > >diff --git a/source4/ntvfs/posix/python/pyxattr_tdb.c b/source4/ntvfs/posix/python/pyxattr_tdb.c >index b457c86e066..425fd868ca0 100644 >--- a/source4/ntvfs/posix/python/pyxattr_tdb.c >+++ b/source4/ntvfs/posix/python/pyxattr_tdb.c >@@ -36,7 +36,7 @@ > static PyObject *py_is_xattr_supported(PyObject *self, > PyObject *Py_UNUSED(ignored)) > { >- return Py_True; >+ Py_RETURN_TRUE; > } > > static PyObject *py_wrap_setxattr(PyObject *self, PyObject *args) >-- >2.25.1 > > >From 90cfd9e94277ce5ae33589f7ea7babb219630403 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 3 May 2021 14:43:04 +1200 >Subject: [PATCH 049/177] python: Fix erroneous increments of reference counts > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 66695f0f94775c4db24fb625fe78ff44d964b5ad) >--- > source3/passdb/py_passdb.c | 4 ---- > 1 file changed, 4 deletions(-) > >diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c >index 70238e43d41..a23c3ec720a 100644 >--- a/source3/passdb/py_passdb.c >+++ b/source3/passdb/py_passdb.c >@@ -2075,8 +2075,6 @@ static PyObject *py_pdb_enum_group_mapping(PyObject *self, PyObject *args) > PyObject *py_gmap_list, *py_group_map; > int i; > >- Py_INCREF(Py_None); >- > if (!PyArg_ParseTuple(args, "|O!ii:enum_group_mapping", dom_sid_Type, &py_domain_sid, > &lsa_sidtype_value, &unix_only)) { > talloc_free(frame); >@@ -2816,8 +2814,6 @@ static PyObject *py_pdb_search_aliases(PyObject *self, PyObject *args) > PyObject *py_domain_sid = Py_None; > struct dom_sid *domain_sid = NULL; > >- Py_INCREF(Py_None); >- > if (!PyArg_ParseTuple(args, "|O!:search_aliases", dom_sid_Type, &py_domain_sid)) { > talloc_free(frame); > return NULL; >-- >2.25.1 > > >From 02048b088398335b463fe5ee2636ae16dcc08fce Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 10 May 2021 16:43:03 +1200 >Subject: [PATCH 050/177] python: Fix ticket timestamp conversion when local > timezone is not UTC > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b9006f33343ba8bb82ef8ffe1fd90c780961b41e) >--- > python/samba/tests/krb5/kdc_base_test.py | 23 +++++++++++++++++++---- > 1 file changed, 19 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index d8193ae9cdc..e345f739e1c 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -18,7 +18,7 @@ > > import sys > import os >-from datetime import datetime >+from datetime import datetime, timezone > import tempfile > > sys.path.insert(0, "bin/python") >@@ -519,11 +519,26 @@ class KDCBaseTest(RawKerberosTest): > cred.server = sprincipal > cred.keyblock = keyblock > cred.authtime = int(datetime.strptime(authtime.decode(), >- "%Y%m%d%H%M%SZ").timestamp()) >+ "%Y%m%d%H%M%SZ") >+ .replace(tzinfo=timezone.utc).timestamp()) > cred.starttime = int(datetime.strptime(starttime.decode(), >- "%Y%m%d%H%M%SZ").timestamp()) >+ "%Y%m%d%H%M%SZ") >+ .replace(tzinfo=timezone.utc).timestamp()) > cred.endtime = int(datetime.strptime(endtime.decode(), >- "%Y%m%d%H%M%SZ").timestamp()) >+ "%Y%m%d%H%M%SZ") >+ .replace(tzinfo=timezone.utc).timestamp()) >+ >+ # Account for clock skew of up to five minutes. >+ self.assertLess(cred.authtime - 5*60, >+ datetime.now(timezone.utc).timestamp(), >+ "Ticket not yet valid - clocks may be out of sync.") >+ self.assertLess(cred.starttime - 5*60, >+ datetime.now(timezone.utc).timestamp(), >+ "Ticket not yet valid - clocks may be out of sync.") >+ self.assertGreater(cred.endtime - 60*60, >+ datetime.now(timezone.utc).timestamp(), >+ "Ticket already expired/about to expire - clocks may be out of sync.") >+ > cred.renew_till = cred.endtime > cred.is_skey = 0 > cred.ticket_flags = int(enc_part['flags'], 2) >-- >2.25.1 > > >From 4ae60e4e755da39397ef5e58cc49f756953b8532 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 10 May 2021 15:06:06 +1200 >Subject: [PATCH 051/177] python: Make credentials cache test run against > Windows > >Windows, unlike Samba, requires the service principal name to be set >when requesting a ticket to that service. > >Additionally, default_realm from the libdefaults section of krb5.conf >should be set so that the correct realm is used. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed May 19 02:22:01 UTC 2021 on sn-devel-184 > >(cherry picked from commit 7791acb074b84ec7b571a81f15b56d33e2214ce9) >--- > python/samba/tests/krb5/test_ccache.py | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >index e0998a4c43f..32c9e3cce6b 100755 >--- a/python/samba/tests/krb5/test_ccache.py >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -47,13 +47,16 @@ class CcacheTests(KDCBaseTest): > > user_name = "ccacheusr" > mach_name = "ccachemac" >+ service = "host" > > # Create the user account. > (user_credentials, _) = self.create_account(user_name) > > # Create the machine account. > (mach_credentials, _) = self.create_account(mach_name, >- machine_account=True) >+ machine_account=True, >+ spn="%s/%s" % (service, >+ mach_name)) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >-- >2.25.1 > > >From 4bcddf4b3fe357fe964c5a8f6ce1b5df3d9b470c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 21:04:44 +0200 >Subject: [PATCH 052/177] auth/credentials: allow credentials.Credentials to > act as base class > >In tests it's useful to add more details. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f413b2b2977687884781ca2399dadf6611ab461) >--- > auth/credentials/pycredentials.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index 016f7900b4b..e583b83d9a4 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -1221,7 +1221,7 @@ static struct PyModuleDef moduledef = { > PyTypeObject PyCredentials = { > .tp_name = "credentials.Credentials", > .tp_new = py_creds_new, >- .tp_flags = Py_TPFLAGS_DEFAULT, >+ .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, > .tp_methods = py_creds_methods, > }; > >-- >2.25.1 > > >From 76808c8edcf68c74498a9bbd1eb2f645e2d4679d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 16:50:55 +0200 >Subject: [PATCH 053/177] Rename > python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} > >This is a clearer name for the script > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fef08add9ec324fb0c3902e96c2a91c07646d499) >--- > .../samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} | 0 > 1 file changed, 0 insertions(+), 0 deletions(-) > rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} (100%) > >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1_regen.sh b/python/samba/tests/krb5/pyasn1_regen.sh >similarity index 100% >rename from python/samba/tests/krb5/rfc4120_pyasn1_regen.sh >rename to python/samba/tests/krb5/pyasn1_regen.sh >-- >2.25.1 > > >From eeec37350d0c2f5be710ecfdeab64c0d1655a2a2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 11:10:11 +0200 >Subject: [PATCH 054/177] tests/krb5/rfc4120.asn1: Improve definitions to allow > expanded testing > >Update and re-generate the ASN.1 to allow an improved testsuite. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d4492a8aaaf70cbe81af7e6703b4ea9fc1f24162) >--- > python/samba/tests/krb5/rfc4120.asn1 | 70 ++++++++++- > python/samba/tests/krb5/rfc4120_pyasn1.py | 134 +++++++++++++++++++++- > 2 files changed, 199 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 654f9788ca7..d81d06ad6f7 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -386,14 +386,14 @@ PA-ENC-TS-ENC ::= SEQUENCE { > } > > ETYPE-INFO-ENTRY ::= SEQUENCE { >- etype [0] Int32, >+ etype [0] EncryptionType, --Int32 EncryptionType -- > salt [1] OCTET STRING OPTIONAL > } > > ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY > > ETYPE-INFO2-ENTRY ::= SEQUENCE { >- etype [0] Int32, >+ etype [0] EncryptionType, --Int32 EncryptionType -- > salt [1] KerberosString OPTIONAL, > s2kparams [2] OCTET STRING OPTIONAL > } >@@ -425,9 +425,48 @@ PA-S4U2Self ::= SEQUENCE { > auth [3] KerberosString > } > >+-- >+-- >+-- MS-KILE Start >+ >+KERB-ERROR-DATA ::= SEQUENCE { >+ data-type [1] KerbErrorDataType, >+ data-value [2] OCTET STRING OPTIONAL >+} >+ >+KerbErrorDataType ::= INTEGER >+ >+KERB-PA-PAC-REQUEST ::= SEQUENCE { >+ include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC. >+ --If FALSE, and PAC present, remove PAC >+} >+ >+KERB-LOCAL ::= OCTET STRING -- Implementation-specific data which MUST be >+ -- ignored if Kerberos client is not local. >+ >+KERB-AD-RESTRICTION-ENTRY ::= SEQUENCE { >+ restriction-type [0] Int32, >+ restriction [1] OCTET STRING -- LSAP_TOKEN_INFO_INTEGRITY structure >+} >+ >+PA-SUPPORTED-ENCTYPES ::= Int32 -- Supported Encryption Types Bit Field -- > >+PACOptionFlags ::= KerberosFlags -- Claims (0) >+ -- Branch Aware (1) >+ -- Forward to Full DC (2) >+ -- Resource Based Constrained Delegation (3) >+PA-PAC-OPTIONS ::= SEQUENCE { >+ options [0] PACOptionFlags >+} >+-- Note: KerberosFlags ::= BIT STRING (SIZE (32..MAX)) >+-- minimum number of bits shall be sent, but no fewer than 32 > >+KERB-KEY-LIST-REQ ::= SEQUENCE OF EncryptionType -- Int32 encryption type -- >+KERB-KEY-LIST-REP ::= SEQUENCE OF EncryptionKey > >+-- MS-KILE End >+-- >+-- > > -- > -- >@@ -504,6 +543,15 @@ KDCOptionsSequence ::= SEQUENCE { > dummy [0] KDCOptionsValues > } > >+APOptionsValues ::= BIT STRING { -- KerberosFlags >+ reserved(0), >+ use-session-key(1), >+ mutual-required(2) >+} >+APOptionsSequence ::= SEQUENCE { >+ dummy [0] APOptionsValues >+} >+ > MessageTypeValues ::= INTEGER { > krb-as-req(10), -- Request for initial authentication > krb-as-rep(11), -- Response to KRB_AS_REQ request >@@ -669,4 +717,22 @@ EncryptionTypeSequence ::= SEQUENCE { > dummy [0] EncryptionTypeValues > } > >+KerbErrorDataTypeValues ::= INTEGER { >+ kERB-AP-ERR-TYPE-SKEW-RECOVERY(2), >+ kERB-ERR-TYPE-EXTENDED(3) >+} >+KerbErrorDataTypeSequence ::= SEQUENCE { >+ dummy [0] KerbErrorDataTypeValues >+} >+ >+PACOptionFlagsValues ::= BIT STRING { -- KerberosFlags >+ claims(0), >+ branch-aware(1), >+ forward-to-full-dc(2), >+ resource-based-constrained-delegation(3) >+} >+PACOptionFlagsSequence ::= SEQUENCE { >+ dummy [0] PACOptionFlagsValues >+} >+ > END >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index 1d89f94adf1..56fe02a68f0 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-11-06 11:30:42.476808) >+# (last modified on 2021-06-16 08:54:13.969508) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -175,6 +175,26 @@ AP_REQ.componentType = namedtype.NamedTypes( > ) > > >+class APOptionsValues(univ.BitString): >+ pass >+ >+ >+APOptionsValues.namedValues = namedval.NamedValues( >+ ('reserved', 0), >+ ('use-session-key', 1), >+ ('mutual-required', 2) >+) >+ >+ >+class APOptionsSequence(univ.Sequence): >+ pass >+ >+ >+APOptionsSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', APOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class PADataType(Int32): > pass > >@@ -384,7 +404,7 @@ class ETYPE_INFO_ENTRY(univ.Sequence): > > > ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes( >- namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), > namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) > ) > >@@ -401,7 +421,7 @@ class ETYPE_INFO2_ENTRY(univ.Sequence): > > > ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes( >- namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), > namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), > namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) > ) >@@ -636,6 +656,57 @@ KDCOptionsSequence.componentType = namedtype.NamedTypes( > ) > > >+class KERB_AD_RESTRICTION_ENTRY(univ.Sequence): >+ pass >+ >+ >+KERB_AD_RESTRICTION_ENTRY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('restriction-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('restriction', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class KerbErrorDataType(univ.Integer): >+ pass >+ >+ >+class KERB_ERROR_DATA(univ.Sequence): >+ pass >+ >+ >+KERB_ERROR_DATA.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('data-type', KerbErrorDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) >+) >+ >+ >+class KERB_KEY_LIST_REP(univ.SequenceOf): >+ pass >+ >+ >+KERB_KEY_LIST_REP.componentType = EncryptionKey() >+ >+ >+class KERB_KEY_LIST_REQ(univ.SequenceOf): >+ pass >+ >+ >+KERB_KEY_LIST_REQ.componentType = EncryptionType() >+ >+ >+class KERB_LOCAL(univ.OctetString): >+ pass >+ >+ >+class KERB_PA_PAC_REQUEST(univ.Sequence): >+ pass >+ >+ >+KERB_PA_PAC_REQUEST.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class KRB_CRED(univ.Sequence): > pass > >@@ -710,6 +781,25 @@ KRB_SAFE.componentType = namedtype.NamedTypes( > ) > > >+class KerbErrorDataTypeValues(univ.Integer): >+ pass >+ >+ >+KerbErrorDataTypeValues.namedValues = namedval.NamedValues( >+ ('kERB-AP-ERR-TYPE-SKEW-RECOVERY', 2), >+ ('kERB-ERR-TYPE-EXTENDED', 3) >+) >+ >+ >+class KerbErrorDataTypeSequence(univ.Sequence): >+ pass >+ >+ >+KerbErrorDataTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', KerbErrorDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class MessageTypeValues(univ.Integer): > pass > >@@ -781,6 +871,19 @@ PA_ENC_TS_ENC.componentType = namedtype.NamedTypes( > ) > > >+class PACOptionFlags(KerberosFlags): >+ pass >+ >+ >+class PA_PAC_OPTIONS(univ.Sequence): >+ pass >+ >+ >+PA_PAC_OPTIONS.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('options', PACOptionFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class PA_S4U2Self(univ.Sequence): > pass > >@@ -793,6 +896,31 @@ PA_S4U2Self.componentType = namedtype.NamedTypes( > ) > > >+class PA_SUPPORTED_ENCTYPES(Int32): >+ pass >+ >+ >+class PACOptionFlagsValues(univ.BitString): >+ pass >+ >+ >+PACOptionFlagsValues.namedValues = namedval.NamedValues( >+ ('claims', 0), >+ ('branch-aware', 1), >+ ('forward-to-full-dc', 2), >+ ('resource-based-constrained-delegation', 3) >+) >+ >+ >+class PACOptionFlagsSequence(univ.Sequence): >+ pass >+ >+ >+PACOptionFlagsSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', PACOptionFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ > class PADataTypeValues(univ.Integer): > pass > >-- >2.25.1 > > >From 8284dbab6f1407a47c922636b80f937fc94f5b28 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 10:55:28 +0200 >Subject: [PATCH 055/177] tests/krb5/raw_testcase.py: Add > get_{client,server,krbtgt}_creds() > >These helpful functions allow us to build the various credentials >that we will use in validating the KDC responses in this test. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit c3222870b92db7f867557c2896b7bf39915d469a) >--- > python/samba/tests/krb5/raw_testcase.py | 199 +++++++++++++++++++++--- > python/samba/tests/krb5/simple_tests.py | 6 +- > 2 files changed, 183 insertions(+), 22 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 27ab89ecf99..b28939f0388 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -22,10 +22,12 @@ import struct > import time > import datetime > import random >+import binascii > > import samba.tests > from samba.credentials import Credentials > from samba.tests import TestCaseInTempDir >+from samba.dcerpc import security > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > import samba.tests.krb5.kcrypto as kcrypto > >@@ -177,6 +179,81 @@ class Krb5EncryptionKey(object): > } > return EncryptionKey_obj > >+class KerberosCredentials(Credentials): >+ def __init__(self): >+ super(KerberosCredentials, self).__init__() >+ all_enc_types = 0 >+ all_enc_types |= security.KERB_ENCTYPE_RC4_HMAC_MD5 >+ all_enc_types |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 >+ all_enc_types |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 >+ >+ self.as_supported_enctypes = all_enc_types >+ self.tgs_supported_enctypes = all_enc_types >+ self.ap_supported_enctypes = all_enc_types >+ >+ self.kvno = None >+ self.forced_keys = {} >+ >+ self.forced_salt = None >+ return >+ >+ def set_as_supported_enctypes(self, value): >+ self.as_supported_enctypes = int(value) >+ return >+ >+ def set_tgs_supported_enctypes(self, value): >+ self.tgs_supported_enctypes = int(value) >+ return >+ >+ def set_ap_supported_enctypes(self, value): >+ self.ap_supported_enctypes = int(value) >+ return >+ >+ def _get_krb5_etypes(self, supported_enctypes): >+ etypes = () >+ >+ if supported_enctypes & security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96: >+ etypes += (kcrypto.Enctype.AES256,) >+ if supported_enctypes & security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96: >+ etypes += (kcrypto.Enctype.AES128,) >+ if supported_enctypes & security.KERB_ENCTYPE_RC4_HMAC_MD5: >+ etypes += (kcrypto.Enctype.RC4,) >+ >+ return etypes >+ >+ def get_as_krb5_etypes(self): >+ return self._get_krb5_etypes(self.as_supported_enctypes) >+ >+ def get_tgs_krb5_etypes(self): >+ return self._get_krb5_etypes(self.tgs_supported_enctypes) >+ >+ def get_ap_krb5_etypes(self): >+ return self._get_krb5_etypes(self.ap_supported_enctypes) >+ >+ def set_kvno(self, kvno): >+ self.kvno = kvno >+ >+ def get_kvno(self): >+ return self.kvno >+ >+ def set_forced_key(self, etype, hexkey): >+ etype = int(etype) >+ contents = binascii.a2b_hex(hexkey) >+ key = kcrypto.Key(etype, contents) >+ self.forced_keys[etype] = Krb5EncryptionKey(key, self.kvno) >+ >+ def get_forced_key(self, etype): >+ etype = int(etype) >+ if etype in self.forced_keys: >+ return self.forced_keys[etype] >+ return None >+ >+ def set_forced_salt(self, salt): >+ self.forced_salt = bytes(salt) >+ return >+ >+ def get_forced_salt(self): >+ return self.forced_salt > > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" >@@ -229,33 +306,113 @@ class RawKerberosTest(TestCaseInTempDir): > sys.stderr.write("connected[%s]\n" % self.host) > return > >- def get_user_creds(self): >- c = Credentials() >+ def _get_krb5_creds(self, prefix, >+ default_username=None, >+ allow_missing_password=False, >+ require_strongest_key=False): >+ c = KerberosCredentials() > c.guess() >- domain = samba.tests.env_get_var_value('DOMAIN') >- realm = samba.tests.env_get_var_value('REALM') >- username = samba.tests.env_get_var_value('USERNAME') >- password = samba.tests.env_get_var_value('PASSWORD') >- c.set_domain(domain) >- c.set_realm(realm) >- c.set_username(username) >- c.set_password(password) >- return c > >- def get_service_creds(self, allow_missing_password=False): >- c = Credentials() >- c.guess() >- domain = samba.tests.env_get_var_value('DOMAIN') >- realm = samba.tests.env_get_var_value('REALM') >- username = samba.tests.env_get_var_value('SERVICE_USERNAME') >- password = samba.tests.env_get_var_value( >- 'SERVICE_PASSWORD', >- allow_missing=allow_missing_password) >+ def env_get_var(varname, prefix, fallback_default=True, allow_missing=False): >+ val = None >+ if prefix is not None: >+ allow_missing_prefix = allow_missing >+ if fallback_default: >+ allow_missing_prefix = True >+ val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >+ allow_missing=allow_missing_prefix) >+ else: >+ fallback_default = True >+ if val is None and fallback_default: >+ val = samba.tests.env_get_var_value(varname, >+ allow_missing=allow_missing) >+ return val >+ >+ domain = env_get_var('DOMAIN', prefix) >+ realm = env_get_var('REALM', prefix) >+ allow_missing_username = False >+ if default_username is not None: >+ allow_missing_username = True >+ username = env_get_var('USERNAME', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_username) >+ if username is None: >+ username = default_username >+ password = env_get_var('PASSWORD', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_password) > c.set_domain(domain) > c.set_realm(realm) > c.set_username(username) > if password is not None: > c.set_password(password) >+ as_supported_enctypes = env_get_var('AS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) >+ if as_supported_enctypes is not None: >+ c.set_as_supported_enctypes(as_supported_enctypes) >+ tgs_supported_enctypes = env_get_var('TGS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) >+ if tgs_supported_enctypes is not None: >+ c.set_tgs_supported_enctypes(tgs_supported_enctypes) >+ ap_supported_enctypes = env_get_var('AP_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) >+ if ap_supported_enctypes is not None: >+ c.set_ap_supported_enctypes(ap_supported_enctypes) >+ >+ if require_strongest_key: >+ kvno_allow_missing = False >+ if password is None: >+ aes256_allow_missing = False >+ else: >+ aes256_allow_missing = True >+ else: >+ kvno_allow_missing = True >+ aes256_allow_missing = True >+ kvno = env_get_var('KVNO', prefix, >+ fallback_default=False, >+ allow_missing=kvno_allow_missing) >+ if kvno is not None: >+ c.set_kvno(kvno) >+ aes256_key = env_get_var('AES256_KEY_HEX', prefix, >+ fallback_default=False, >+ allow_missing=aes256_allow_missing) >+ if aes256_key is not None: >+ c.set_forced_key(kcrypto.Enctype.AES256, aes256_key) >+ aes128_key = env_get_var('AES128_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) >+ if aes128_key is not None: >+ c.set_forced_key(kcrypto.Enctype.AES128, aes128_key) >+ rc4_key = env_get_var('RC4_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) >+ if rc4_key is not None: >+ c.set_forced_key(kcrypto.Enctype.RC4, rc4_key) >+ return c >+ >+ def get_user_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix=None, >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_service_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='SERVICE', >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_client_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='CLIENT', >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_server_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='SERVER', >+ allow_missing_password=allow_missing_password) >+ return c >+ >+ def get_krbtgt_creds(self, require_strongest_key=False): >+ c = self._get_krb5_creds(prefix='KRBTGT', >+ default_username='krbtgt', >+ allow_missing_password=True, >+ require_strongest_key=require_strongest_key) > return c > > def get_anon_creds(self): >@@ -473,6 +630,8 @@ class RawKerberosTest(TestCaseInTempDir): > return Krb5EncryptionKey(key, kvno) > > def PasswordKey_create(self, etype=None, pwd=None, salt=None, kvno=None): >+ self.assertIsNotNone(pwd) >+ self.assertIsNotNone(salt) > key = kcrypto.string_to_key(etype, pwd, salt) > return Krb5EncryptionKey(key, kvno) > >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 889b91a9bf0..2da76a3cf5e 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -44,10 +44,12 @@ class SimpleKerberosTests(RawKerberosTest): > def test_simple(self): > user_creds = self.get_user_creds() > user = user_creds.get_username() >- realm = user_creds.get_realm() >+ krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_account = krbtgt_creds.get_username() >+ realm = krbtgt_creds.get_realm() > > cname = self.PrincipalName_create(name_type=1, names=[user]) >- sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ sname = self.PrincipalName_create(name_type=2, names=[krbtgt_account, realm]) > > till = self.get_KerberosTime(offset=36000) > >-- >2.25.1 > > >From 36bdff48f0f974e73522da08653a66ba5213d613 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 9 Apr 2020 22:28:32 +0200 >Subject: [PATCH 056/177] tests/krb5/raw_testcase.py: introduce > STRICT_CHECKING=0 in order to relax the checks in future > >We should write tests as strict as possible in order to let them run >against Windows servers. > >But at the same time we want to allow tests to be useful for Samba >too... > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit dff611976d6a067614e37add99edae214815a68b) >--- > python/samba/tests/krb5/raw_testcase.py | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index b28939f0388..333aab70c8e 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -263,6 +263,11 @@ class RawKerberosTest(TestCaseInTempDir): > self.do_asn1_print = False > self.do_hexdump = False > >+ strict_checking = samba.tests.env_get_var_value('STRICT_CHECKING', allow_missing=True) >+ if strict_checking is None: >+ strict_checking = '1' >+ self.strict_checking = bool(int(strict_checking)) >+ > self.host = samba.tests.env_get_var_value('SERVER') > > self.s = None >-- >2.25.1 > > >From 5c8de0ef5bcba7924f6cfe7ece85fdf979030b0b Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 13:49:52 +0200 >Subject: [PATCH 057/177] tests/krb5/raw_testcase.py: add assertElement*() > >These helper functions make writing subsequent Kerberos test >clearer. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 61e1b179812e48797146584998afc5bd0168beae) >--- > python/samba/tests/krb5/raw_testcase.py | 54 +++++++++++++++++++++++++ > 1 file changed, 54 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 333aab70c8e..eb294a75a95 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -605,6 +605,36 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(value) > return > >+ def getElementValue(self, obj, elem): >+ v = None >+ try: >+ v = obj[elem] >+ except KeyError: >+ pass >+ return v >+ >+ def assertElementMissing(self, obj, elem): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNone(v) >+ return >+ >+ def assertElementPresent(self, obj, elem): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ return >+ >+ def assertElementEqual(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ self.assertEqual(v, value) >+ return >+ >+ def assertElementEqualUTF8(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ self.assertEqual(v, bytes(value, 'utf8')) >+ return >+ > def assertPrincipalEqual(self, princ1, princ2): > self.assertEqual(princ1['name-type'], princ2['name-type']) > self.assertEqual( >@@ -618,6 +648,30 @@ class RawKerberosTest(TestCaseInTempDir): > msg="princ1=%s != princ2=%s" % (princ1, princ2)) > return > >+ def assertElementEqualPrincipal(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ self.assertIsNotNone(v) >+ v = pyasn1_native_decode(v, asn1Spec=krb5_asn1.PrincipalName()) >+ self.assertPrincipalEqual(v, value) >+ return >+ >+ def assertElementKVNO(self, obj, elem, value): >+ v = self.getElementValue(obj, elem) >+ if value == "autodetect": >+ value = v >+ if value is not None: >+ self.assertIsNotNone(v) >+ # The value on the wire should never be 0 >+ self.assertNotEqual(v, 0) >+ # value == 0 means we don't know the kvno >+ # but enforce at any value != 0 is present >+ value = int(value) >+ if value != 0: >+ self.assertEqual(v, value) >+ else: >+ self.assertIsNone(v) >+ return >+ > def get_KerberosTimeWithUsec(self, epoch=None, offset=None): > if epoch is None: > epoch = time.time() >-- >2.25.1 > > >From 244dccefc929a151851ab66998e522df1f0bf0a1 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 17:50:00 +0200 >Subject: [PATCH 058/177] tests/krb5/raw_testcase.py: Allow prettyPrint of more > RFC-defined values > >By setting krb5_asn1.APOptions.prettyPrint = BitString_NamedValues_prettyPrint >we allow the BitString_NamedValues_prettyPrint() routine to show more named values. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 34e079ce9a232a765fb3a2b25441434df35df54c) >--- > python/samba/tests/krb5/raw_testcase.py | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index eb294a75a95..29745fa4089 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -111,6 +111,12 @@ krb5_asn1.KDCOptions.namedValues =\ > krb5_asn1.KDCOptionsValues.namedValues > krb5_asn1.KDCOptions.prettyPrint =\ > BitString_NamedValues_prettyPrint >+krb5_asn1.APOptions.prettyPrintNamedValues =\ >+ krb5_asn1.APOptionsValues.namedValues >+krb5_asn1.APOptions.namedValues =\ >+ krb5_asn1.APOptionsValues.namedValues >+krb5_asn1.APOptions.prettyPrint =\ >+ BitString_NamedValues_prettyPrint > > > def Integer_NamedValues_prettyPrint(self, scope=0): >-- >2.25.1 > > >From c7a059a86b708f9a2d561b8f98ee0c6859f2267c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Apr 2020 17:57:37 +0200 >Subject: [PATCH 059/177] tests/krb5/raw_testcase.py: Allow prettyPrint of more > MS-KILE-defined values > >By setting krb5_asn1.APOptions.prettyPrint = BitString_NamedValues_prettyPrint >we allow the BitString_NamedValues_prettyPrint() routine to show more named values. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3abb3b41368666535a216a98c3e7d15a5d498f7e) >--- > python/samba/tests/krb5/raw_testcase.py | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 29745fa4089..1ef15db9f8c 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -117,6 +117,12 @@ krb5_asn1.APOptions.namedValues =\ > krb5_asn1.APOptionsValues.namedValues > krb5_asn1.APOptions.prettyPrint =\ > BitString_NamedValues_prettyPrint >+krb5_asn1.PACOptionFlags.prettyPrintNamedValues =\ >+ krb5_asn1.PACOptionFlagsValues.namedValues >+krb5_asn1.PACOptionFlags.namedValues =\ >+ krb5_asn1.PACOptionFlagsValues.namedValues >+krb5_asn1.PACOptionFlags.prettyPrint =\ >+ BitString_NamedValues_prettyPrint > > > def Integer_NamedValues_prettyPrint(self, scope=0): >@@ -149,6 +155,10 @@ krb5_asn1.ChecksumType.prettyPrintNamedValues =\ > krb5_asn1.ChecksumTypeValues.namedValues > krb5_asn1.ChecksumType.prettyPrint =\ > Integer_NamedValues_prettyPrint >+krb5_asn1.KerbErrorDataType.prettyPrintNamedValues =\ >+ krb5_asn1.KerbErrorDataTypeValues.namedValues >+krb5_asn1.KerbErrorDataType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint > > > class Krb5EncryptionKey(object): >-- >2.25.1 > > >From 17f76e58609580582361172c74fd9663bb89cc50 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 14:45:01 +0200 >Subject: [PATCH 060/177] tests/krb5/raw_testcase.py: split > KDC_REQ_BODY_create() from KDC_REQ_create() > >This allows us to reuse body in future and calculate checksums on it. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b03fcfeb6c005936818ce50d511e9f9cc75aa9fb) >--- > python/samba/tests/krb5/raw_testcase.py | 81 +++++++------------------ > 1 file changed, 23 insertions(+), 58 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 1ef15db9f8c..71a4753717f 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -872,19 +872,7 @@ class RawKerberosTest(TestCaseInTempDir): > def KDC_REQ_create(self, > msg_type, > padata, >- kdc_options, >- cname, >- realm, >- sname, >- from_time, >- till_time, >- renew_time, >- nonce, >- etypes, >- addresses, >- EncAuthorizationData, >- EncAuthorizationData_key, >- additional_tickets, >+ req_body, > asn1Spec=None, > asn1_print=None, > hexdump=None): >@@ -897,25 +885,10 @@ class RawKerberosTest(TestCaseInTempDir): > # req-body [4] KDC-REQ-BODY > # } > # >- KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create(kdc_options, >- cname, >- realm, >- sname, >- from_time, >- till_time, >- renew_time, >- nonce, >- etypes, >- addresses, >- EncAuthorizationData, >- EncAuthorizationData_key, >- additional_tickets, >- asn1_print=asn1_print, >- hexdump=hexdump) > KDC_REQ_obj = { > 'pvno': 5, > 'msg-type': msg_type, >- 'req-body': KDC_REQ_BODY_obj, >+ 'req-body': req_body, > } > if padata is not None: > KDC_REQ_obj['padata'] = padata >@@ -974,22 +947,26 @@ class RawKerberosTest(TestCaseInTempDir): > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty > # } >+ KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create( >+ kdc_options, >+ cname, >+ realm, >+ sname, >+ from_time, >+ till_time, >+ renew_time, >+ nonce, >+ etypes, >+ addresses, >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ asn1_print=asn1_print, >+ hexdump=hexdump) > obj, decoded = self.KDC_REQ_create( > msg_type=10, > padata=padata, >- kdc_options=kdc_options, >- cname=cname, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >+ req_body=KDC_REQ_BODY_obj, > asn1Spec=krb5_asn1.AS_REQ(), > asn1_print=asn1_print, > hexdump=hexdump) >@@ -1115,11 +1092,11 @@ class RawKerberosTest(TestCaseInTempDir): > EncAuthorizationData=EncAuthorizationData, > EncAuthorizationData_key=EncAuthorizationData_key, > additional_tickets=additional_tickets) >- req_body = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), >- asn1_print=asn1_print, hexdump=hexdump) >+ req_body_blob = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), >+ asn1_print=asn1_print, hexdump=hexdump) > > req_body_checksum = self.Checksum_create( >- ticket_session_key, 6, req_body, ctype=body_checksum_type) >+ ticket_session_key, 6, req_body_blob, ctype=body_checksum_type) > > subkey_obj = None > if authenticator_subkey is not None: >@@ -1158,19 +1135,7 @@ class RawKerberosTest(TestCaseInTempDir): > obj, decoded = self.KDC_REQ_create( > msg_type=12, > padata=padata, >- kdc_options=kdc_options, >- cname=None, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >+ req_body=req_body, > asn1Spec=krb5_asn1.TGS_REQ(), > asn1_print=asn1_print, > hexdump=hexdump) >-- >2.25.1 > > >From f3b742f9d53d83858862daf0b95ccc2eaa3b0c98 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 16 Apr 2020 10:43:54 +0200 >Subject: [PATCH 061/177] tests/krb5/raw_testcase.py: add > KERB_PA_PAC_REQUEST_create() > >This allows building the pre-authentication data that encodes >the request for the KDC (or more likely a request not to include) >the KRB5 PAC in the resulting ticket. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ee2ac2b8ccafe3e6d560d893a4135a28e393914d) >--- > python/samba/tests/krb5/raw_testcase.py | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 71a4753717f..f341911ef53 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -799,6 +799,21 @@ class RawKerberosTest(TestCaseInTempDir): > } > return PA_ENC_TS_ENC_obj > >+ def KERB_PA_PAC_REQUEST_create(self, include_pac, pa_data_create=True): >+ #KERB-PA-PAC-REQUEST ::= SEQUENCE { >+ # include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC. >+ # --If FALSE, and PAC present, remove PAC >+ #} >+ KERB_PA_PAC_REQUEST_obj = { >+ 'include-pac': include_pac, >+ } >+ if not pa_data_create: >+ return KERB_PA_PAC_REQUEST_obj >+ pa_pac = self.der_encode(KERB_PA_PAC_REQUEST_obj, >+ asn1Spec=krb5_asn1.KERB_PA_PAC_REQUEST()) >+ pa_data = self.PA_DATA_create(128, pa_pac) # PA-PAC-REQUEST >+ return pa_data >+ > def KDC_REQ_BODY_create(self, > kdc_options, > cname, >-- >2.25.1 > > >From cdb6a91485de4dc8bf7e76ca5c78c220f0e184c3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 20 Apr 2020 20:02:52 +0200 >Subject: [PATCH 062/177] tests/krb5/raw_testcase.py: add methods to iterate > over etype permutations > >It's often useful to run tests over a lot of input parameter >permutations. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit e3905035847a5268c1a65366830cc739280ae437) >--- > python/samba/tests/krb5/raw_testcase.py | 58 +++++++++++++++++++++++++ > 1 file changed, 58 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index f341911ef53..a002a442d03 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -23,6 +23,7 @@ import time > import datetime > import random > import binascii >+import itertools > > import samba.tests > from samba.credentials import Credentials >@@ -274,6 +275,63 @@ class KerberosCredentials(Credentials): > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > >+ etypes_to_test = ( >+ { "value": -1111, "name": "dummy", }, >+ { "value": kcrypto.Enctype.AES256, "name": "aes128", }, >+ { "value": kcrypto.Enctype.AES128, "name": "aes256", }, >+ { "value": kcrypto.Enctype.RC4, "name": "rc4", }, >+ ) >+ >+ setup_etype_test_permutations_done = False >+ >+ @classmethod >+ def setup_etype_test_permutations(cls): >+ if cls.setup_etype_test_permutations_done: >+ return >+ >+ res = [] >+ >+ num_idxs = len(cls.etypes_to_test) >+ permutations = [] >+ for num in range(1, num_idxs+1): >+ chunk = list(itertools.permutations(range(num_idxs), num)) >+ for e in chunk: >+ el = list(e) >+ permutations.append(el) >+ >+ for p in permutations: >+ name = None >+ etypes = () >+ for idx in p: >+ n = cls.etypes_to_test[idx]["name"] >+ if name is None: >+ name = n >+ else: >+ name += "_%s" % n >+ etypes += (cls.etypes_to_test[idx]["value"],) >+ >+ r = { "name": name, "etypes": etypes, } >+ res.append(r) >+ >+ cls.etype_test_permutations = res >+ cls.setup_etype_test_permutations_done = True >+ return >+ >+ @classmethod >+ def etype_test_permutation_name_idx(cls): >+ cls.setup_etype_test_permutations() >+ res = [] >+ idx = 0 >+ for e in cls.etype_test_permutations: >+ r = (e['name'], idx) >+ idx += 1 >+ res.append(r) >+ return res >+ >+ def etype_test_permutation_by_idx(self, idx): >+ e = self.etype_test_permutations[idx] >+ return (e['name'], e['etypes']) >+ > def setUp(self): > super().setUp() > self.do_asn1_print = False >-- >2.25.1 > > >From eb70b14e40b9516211ade3eaf12375188780be9f Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 16 Apr 2020 17:13:35 +0200 >Subject: [PATCH 063/177] tests/krb5/raw_testcase.py: Add > TicketDecryptionKey_from_creds() > >This will allow building test_as_req_enc_timestamp() > >It also introduces ways to specify keys in hex formated environment >variables ${PREFIX}_{AES256,AES128,RC4}_KEY_HEX. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 69ce2a6408f78d41eb865b89726021ad7643b065) >--- > python/samba/tests/krb5/raw_testcase.py | 29 +++++++++++++++++++++++++ > 1 file changed, 29 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index a002a442d03..7d0dc9c9609 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -784,6 +784,35 @@ class RawKerberosTest(TestCaseInTempDir): > return self.PasswordKey_create( > etype=e, pwd=password, salt=salt, kvno=kvno) > >+ def TicketDecryptionKey_from_creds(self, creds, etype=None): >+ >+ if etype is None: >+ etypes = creds.get_tgs_krb5_etypes() >+ etype = etypes[0] >+ >+ forced_key = creds.get_forced_key(etype) >+ if forced_key is not None: >+ return forced_key >+ >+ kvno = creds.get_kvno() >+ >+ fail_msg = ("%s has no fixed key for etype[%s] kvno[%s] " >+ "nor a password specified, " % ( >+ creds.get_username(), etype, kvno)) >+ >+ if etype == kcrypto.Enctype.RC4: >+ nthash = creds.get_nt_hash() >+ self.assertIsNotNone(nthash, msg=fail_msg) >+ return self.SessionKey_create(etype=etype, contents=nthash, kvno=kvno) >+ >+ password = creds.get_password() >+ self.assertIsNotNone(password, msg=fail_msg) >+ salt = creds.get_forced_salt() >+ if salt is None: >+ salt = bytes("%s%s" % (creds.get_realm(), creds.get_username()), >+ encoding='utf-8') >+ return self.PasswordKey_create(etype=etype, pwd=password, salt=salt, kvno=kvno) >+ > def RandomKey(self, etype): > e = kcrypto._get_enctype_profile(etype) > contents = samba.generate_random_bytes(e.keysize) >-- >2.25.1 > > >From a5e2713a2a637fd3c0aeb79e38d2a0d2b5b044f2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 064/177] tests/krb5/raw_testcase.py: introduce a > _generic_kdc_exchange() infrastructure > >This will allow us to write tests, which will all cross check almost >every aspect of the KDC response (including encrypted parts). > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6e2f2adc8e825634780077e24a9e437bdc68155a) >--- > python/samba/tests/krb5/raw_testcase.py | 634 +++++++++++++++++++ > python/samba/tests/krb5/rfc4120_constants.py | 11 + > 2 files changed, 645 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7d0dc9c9609..8c8926b0ad2 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -30,6 +30,27 @@ from samba.credentials import Credentials > from samba.tests import TestCaseInTempDir > from samba.dcerpc import security > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import ( >+ KDC_ERR_ETYPE_NOSUPP, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KRB_AS_REQ, >+ KRB_ERROR, >+ KRB_TGS_REP, >+ KRB_TGS_REQ, >+ KU_AS_REP_ENC_PART, >+ KU_TGS_REP_ENC_PART_SESSION, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+ KU_TGS_REQ_AUTH, >+ KU_TGS_REQ_AUTH_CKSUM, >+ KU_TICKET, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO, >+ PADATA_ETYPE_INFO2, >+ PADATA_KDC_REQ, >+ PADATA_PK_AS_REQ, >+ PADATA_PK_AS_REP_19 >+) > import samba.tests.krb5.kcrypto as kcrypto > > from pyasn1.codec.der.decoder import decode as pyasn1_der_decode >@@ -272,6 +293,24 @@ class KerberosCredentials(Credentials): > def get_forced_salt(self): > return self.forced_salt > >+class KerberosTicketCreds(object): >+ def __init__(self, ticket, session_key, >+ crealm=None, cname=None, >+ srealm=None, sname=None, >+ decryption_key=None, >+ ticket_private=None, >+ encpart_private=None): >+ self.ticket = ticket >+ self.session_key = session_key >+ self.crealm = crealm >+ self.cname = cname >+ self.srealm = srealm >+ self.sname = sname >+ self.decryption_key = decryption_key >+ self.ticket_private = ticket_private >+ self.encpart_private = encpart_private >+ return >+ > class RawKerberosTest(TestCaseInTempDir): > """A raw Kerberos Test case.""" > >@@ -758,6 +797,12 @@ class RawKerberosTest(TestCaseInTempDir): > (s, _) = self.get_KerberosTimeWithUsec(epoch=epoch, offset=offset) > return s > >+ def get_Nonce(self): >+ nonce_min=0x7f000000 >+ nonce_max=0x7fffffff >+ v = random.randint(nonce_min, nonce_max) >+ return v >+ > def SessionKey_create(self, etype, contents, kvno=None): > key = kcrypto.Key(etype, contents) > return Krb5EncryptionKey(key, kvno) >@@ -1268,3 +1313,592 @@ class RawKerberosTest(TestCaseInTempDir): > pa_s4u2self = self.der_encode( > PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) > return self.PA_DATA_create(129, pa_s4u2self) >+ >+ def _generic_kdc_exchange(self, >+ kdc_exchange_dict, # required >+ kdc_options=None, # required >+ cname=None, # optional >+ realm=None, # required >+ sname=None, # optional >+ from_time=None, # optional >+ till_time=None, # required >+ renew_time=None, # optional >+ nonce=None, # required >+ etypes=None, # required >+ addresses=None, # optional >+ EncAuthorizationData=None, # optional >+ EncAuthorizationData_key=None, # optional >+ additional_tickets=None): # optional >+ >+ check_error_fn = kdc_exchange_dict['check_error_fn'] >+ check_rep_fn = kdc_exchange_dict['check_rep_fn'] >+ generate_padata_fn = kdc_exchange_dict['generate_padata_fn'] >+ callback_dict = kdc_exchange_dict['callback_dict'] >+ req_msg_type = kdc_exchange_dict['req_msg_type'] >+ req_asn1Spec = kdc_exchange_dict['req_asn1Spec'] >+ rep_msg_type = kdc_exchange_dict['rep_msg_type'] >+ >+ if till_time is None: >+ till_time = self.get_KerberosTime(offset=36000) >+ if nonce is None: >+ nonce = self.get_Nonce() >+ >+ req_body = self.KDC_REQ_BODY_create(kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets) >+ if generate_padata_fn is not None: >+ # This can alter req_body... >+ padata, req_body = generate_padata_fn(kdc_exchange_dict, >+ callback_dict, >+ req_body) >+ else: >+ padata = None >+ >+ kdc_exchange_dict['req_padata'] = padata >+ kdc_exchange_dict['req_body'] = req_body >+ >+ req_obj,req_decoded = self.KDC_REQ_create(msg_type=req_msg_type, >+ padata=padata, >+ req_body=req_body, >+ asn1Spec=req_asn1Spec()) >+ >+ rep = self.send_recv_transaction(req_decoded) >+ self.assertIsNotNone(rep) >+ >+ msg_type = self.getElementValue(rep, 'msg-type') >+ self.assertIsNotNone(msg_type) >+ >+ allowed_msg_types = () >+ if check_error_fn is not None: >+ allowed_msg_types = (KRB_ERROR,) >+ if check_rep_fn is not None: >+ allowed_msg_types += (rep_msg_type,) >+ self.assertIn(msg_type, allowed_msg_types) >+ >+ if msg_type == KRB_ERROR: >+ return check_error_fn(kdc_exchange_dict, >+ callback_dict, >+ rep) >+ >+ return check_rep_fn(kdc_exchange_dict, callback_dict, rep) >+ >+ def as_exchange_dict(self, >+ expected_crealm=None, >+ expected_cname=None, >+ expected_srealm=None, >+ expected_sname=None, >+ ticket_decryption_key=None, >+ generate_padata_fn=None, >+ check_error_fn=None, >+ check_rep_fn=None, >+ check_padata_fn=None, >+ check_kdc_private_fn=None, >+ callback_dict=dict(), >+ expected_error_mode=None, >+ client_as_etypes=None, >+ expected_salt=None): >+ kdc_exchange_dict = { >+ 'req_msg_type': KRB_AS_REQ, >+ 'req_asn1Spec': krb5_asn1.AS_REQ, >+ 'rep_msg_type': KRB_AS_REP, >+ 'rep_asn1Spec': krb5_asn1.AS_REP, >+ 'rep_encpart_asn1Spec': krb5_asn1.EncASRepPart, >+ 'expected_crealm': expected_crealm, >+ 'expected_cname': expected_cname, >+ 'expected_srealm': expected_srealm, >+ 'expected_sname': expected_sname, >+ 'ticket_decryption_key': ticket_decryption_key, >+ 'generate_padata_fn': generate_padata_fn, >+ 'check_error_fn': check_error_fn, >+ 'check_rep_fn': check_rep_fn, >+ 'check_padata_fn': check_padata_fn, >+ 'check_kdc_private_fn': check_kdc_private_fn, >+ 'callback_dict': callback_dict, >+ 'expected_error_mode': expected_error_mode, >+ 'client_as_etypes': client_as_etypes, >+ 'expected_salt': expected_salt, >+ } >+ return kdc_exchange_dict >+ >+ def tgs_exchange_dict(self, >+ expected_crealm=None, >+ expected_cname=None, >+ expected_srealm=None, >+ expected_sname=None, >+ ticket_decryption_key=None, >+ generate_padata_fn=None, >+ check_error_fn=None, >+ check_rep_fn=None, >+ check_padata_fn=None, >+ check_kdc_private_fn=None, >+ callback_dict=dict(), >+ tgt=None, >+ authenticator_subkey=None, >+ body_checksum_type=None): >+ kdc_exchange_dict = { >+ 'req_msg_type': KRB_TGS_REQ, >+ 'req_asn1Spec': krb5_asn1.TGS_REQ, >+ 'rep_msg_type': KRB_TGS_REP, >+ 'rep_asn1Spec': krb5_asn1.TGS_REP, >+ 'rep_encpart_asn1Spec': krb5_asn1.EncTGSRepPart, >+ 'expected_crealm': expected_crealm, >+ 'expected_cname': expected_cname, >+ 'expected_srealm': expected_srealm, >+ 'expected_sname': expected_sname, >+ 'ticket_decryption_key': ticket_decryption_key, >+ 'generate_padata_fn': generate_padata_fn, >+ 'check_error_fn': check_error_fn, >+ 'check_rep_fn': check_rep_fn, >+ 'check_padata_fn': check_padata_fn, >+ 'check_kdc_private_fn': check_kdc_private_fn, >+ 'callback_dict': callback_dict, >+ 'tgt': tgt, >+ 'body_checksum_type': body_checksum_type, >+ 'authenticator_subkey': authenticator_subkey, >+ } >+ return kdc_exchange_dict >+ >+ def generic_check_kdc_rep(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep): >+ >+ expected_crealm = kdc_exchange_dict['expected_crealm'] >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ expected_srealm = kdc_exchange_dict['expected_srealm'] >+ expected_sname = kdc_exchange_dict['expected_sname'] >+ ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key'] >+ check_padata_fn = kdc_exchange_dict['check_padata_fn'] >+ check_kdc_private_fn = kdc_exchange_dict['check_kdc_private_fn'] >+ rep_encpart_asn1Spec = kdc_exchange_dict['rep_encpart_asn1Spec'] >+ msg_type = kdc_exchange_dict['rep_msg_type'] >+ >+ self.assertElementEqual(rep, 'msg-type', msg_type) # AS-REP | TGS-REP >+ padata = self.getElementValue(rep, 'padata') >+ self.assertElementEqualUTF8(rep, 'crealm', expected_crealm) >+ self.assertElementEqualPrincipal(rep, 'cname', expected_cname) >+ self.assertElementPresent(rep, 'ticket') >+ ticket = self.getElementValue(rep, 'ticket') >+ ticket_encpart = None >+ ticket_cipher = None >+ if ticket is not None: # Never None, but gives indentation >+ self.assertElementPresent(ticket, 'tkt-vno') >+ self.assertElementEqualUTF8(ticket, 'realm', expected_srealm) >+ self.assertElementEqualPrincipal(ticket, 'sname', expected_sname) >+ self.assertElementPresent(ticket, 'enc-part') >+ ticket_encpart = self.getElementValue(ticket, 'enc-part') >+ if ticket_encpart is not None: # Never None, but gives indentation >+ self.assertElementPresent(ticket_encpart, 'etype') >+ # 0 means present, with any value != 0 >+ self.assertElementKVNO(ticket_encpart, 'kvno', 0) >+ self.assertElementPresent(ticket_encpart, 'cipher') >+ ticket_cipher = self.getElementValue(ticket_encpart, 'cipher') >+ self.assertElementPresent(rep, 'enc-part') >+ encpart = self.getElementValue(rep, 'enc-part') >+ encpart_cipher = None >+ if encpart is not None: # Never None, but gives indentation >+ self.assertElementPresent(encpart, 'etype') >+ self.assertElementKVNO(ticket_encpart, 'kvno', 'autodetect') >+ self.assertElementPresent(encpart, 'cipher') >+ encpart_cipher = self.getElementValue(encpart, 'cipher') >+ >+ encpart_decryption_key = None >+ if check_padata_fn is not None: >+ # See if get the decryption key from the preauth phase >+ encpart_decryption_key,encpart_decryption_usage = \ >+ check_padata_fn(kdc_exchange_dict, callback_dict, >+ rep, padata) >+ >+ ticket_private = None >+ if ticket_decryption_key is not None: >+ self.assertElementEqual(ticket_encpart, 'etype', ticket_decryption_key.etype) >+ self.assertElementKVNO(ticket_encpart, 'kvno', ticket_decryption_key.kvno) >+ ticket_decpart = ticket_decryption_key.decrypt(KU_TICKET, ticket_cipher) >+ ticket_private = self.der_decode(ticket_decpart, asn1Spec=krb5_asn1.EncTicketPart()) >+ >+ encpart_private = None >+ if encpart_decryption_key is not None: >+ self.assertElementEqual(encpart, 'etype', encpart_decryption_key.etype) >+ self.assertElementKVNO(encpart, 'kvno', encpart_decryption_key.kvno) >+ rep_decpart = encpart_decryption_key.decrypt(encpart_decryption_usage, encpart_cipher) >+ encpart_private = self.der_decode(rep_decpart, asn1Spec=rep_encpart_asn1Spec()) >+ >+ if check_kdc_private_fn is not None: >+ check_kdc_private_fn(kdc_exchange_dict, callback_dict, >+ rep, ticket_private, encpart_private) >+ >+ return rep >+ >+ def generic_check_kdc_private(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep, >+ ticket_private, >+ encpart_private): >+ >+ expected_crealm = kdc_exchange_dict['expected_crealm'] >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ expected_srealm = kdc_exchange_dict['expected_srealm'] >+ expected_sname = kdc_exchange_dict['expected_sname'] >+ ticket_decryption_key = kdc_exchange_dict['ticket_decryption_key'] >+ >+ ticket = self.getElementValue(rep, 'ticket') >+ >+ ticket_session_key = None >+ if ticket_private is not None: >+ self.assertElementPresent(ticket_private, 'flags') >+ self.assertElementPresent(ticket_private, 'key') >+ ticket_key = self.getElementValue(ticket_private, 'key') >+ if ticket_key is not None: # Never None, but gives indentation >+ self.assertElementPresent(ticket_key, 'keytype') >+ self.assertElementPresent(ticket_key, 'keyvalue') >+ ticket_session_key = self.EncryptionKey_import(ticket_key) >+ self.assertElementEqualUTF8(ticket_private, 'crealm', expected_crealm) >+ self.assertElementEqualPrincipal(ticket_private, 'cname', expected_cname) >+ self.assertElementPresent(ticket_private, 'transited') >+ self.assertElementPresent(ticket_private, 'authtime') >+ if self.strict_checking: >+ self.assertElementPresent(ticket_private, 'starttime') >+ self.assertElementPresent(ticket_private, 'endtime') >+ # TODO self.assertElementPresent(ticket_private, 'renew-till') >+ # TODO self.assertElementMissing(ticket_private, 'caddr') >+ self.assertElementPresent(ticket_private, 'authorization-data') >+ >+ encpart_session_key = None >+ if encpart_private is not None: >+ self.assertElementPresent(encpart_private, 'key') >+ encpart_key = self.getElementValue(encpart_private, 'key') >+ if encpart_key is not None: # Never None, but gives indentation >+ self.assertElementPresent(encpart_key, 'keytype') >+ self.assertElementPresent(encpart_key, 'keyvalue') >+ encpart_session_key = self.EncryptionKey_import(encpart_key) >+ self.assertElementPresent(encpart_private, 'last-req') >+ self.assertElementPresent(encpart_private, 'nonce') >+ # TODO self.assertElementPresent(encpart_private, 'key-expiration') >+ self.assertElementPresent(encpart_private, 'flags') >+ self.assertElementPresent(encpart_private, 'authtime') >+ if self.strict_checking: >+ self.assertElementPresent(encpart_private, 'starttime') >+ self.assertElementPresent(encpart_private, 'endtime') >+ # TODO self.assertElementPresent(encpart_private, 'renew-till') >+ self.assertElementEqualUTF8(encpart_private, 'srealm', expected_srealm) >+ self.assertElementEqualPrincipal(encpart_private, 'sname', expected_sname) >+ # TODO self.assertElementMissing(encpart_private, 'caddr') >+ >+ if ticket_session_key is not None and encpart_session_key is not None: >+ self.assertEqual(ticket_session_key.etype, encpart_session_key.etype) >+ self.assertEqual(ticket_session_key.key.contents, encpart_session_key.key.contents) >+ if encpart_session_key is not None: >+ session_key = encpart_session_key >+ else: >+ session_key = ticket_session_key >+ ticket_creds = KerberosTicketCreds(ticket, >+ session_key, >+ crealm=expected_crealm, >+ cname=expected_cname, >+ srealm=expected_srealm, >+ sname=expected_sname, >+ decryption_key=ticket_decryption_key, >+ ticket_private=ticket_private, >+ encpart_private=encpart_private) >+ >+ kdc_exchange_dict['rep_ticket_creds'] = ticket_creds >+ return >+ >+ def generic_check_as_error(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep): >+ >+ expected_crealm = kdc_exchange_dict['expected_crealm'] >+ expected_cname = kdc_exchange_dict['expected_cname'] >+ expected_srealm = kdc_exchange_dict['expected_srealm'] >+ expected_sname = kdc_exchange_dict['expected_sname'] >+ expected_salt = kdc_exchange_dict['expected_salt'] >+ client_as_etypes = kdc_exchange_dict['client_as_etypes'] >+ expected_error_mode = kdc_exchange_dict['expected_error_mode'] >+ req_body = kdc_exchange_dict['req_body'] >+ proposed_etypes = req_body['etype'] >+ >+ kdc_exchange_dict['preauth_etype_info2'] = None >+ >+ expect_etype_info2 = () >+ expect_etype_info = False >+ unexpect_etype_info = True >+ expected_aes_type = 0 >+ expected_rc4_type = 0 >+ if kcrypto.Enctype.RC4 in proposed_etypes: >+ expect_etype_info = True >+ for etype in proposed_etypes: >+ if etype in (kcrypto.Enctype.AES256,kcrypto.Enctype.AES128): >+ expect_etype_info = False >+ if etype not in client_as_etypes: >+ continue >+ if etype in (kcrypto.Enctype.AES256,kcrypto.Enctype.AES128): >+ if etype > expected_aes_type: >+ expected_aes_type = etype >+ if etype in (kcrypto.Enctype.RC4,): >+ unexpect_etype_info = False >+ if etype > expected_rc4_type: >+ expected_rc4_type = etype >+ >+ if expected_aes_type != 0: >+ expect_etype_info2 += (expected_aes_type,) >+ if expected_rc4_type != 0: >+ expect_etype_info2 += (expected_rc4_type,) >+ >+ expected_error = KDC_ERR_ETYPE_NOSUPP >+ expected_patypes = () >+ if expect_etype_info: >+ self.assertGreater(len(expect_etype_info2), 0) >+ expected_patypes += (PADATA_ETYPE_INFO,) >+ if len(expect_etype_info2) != 0: >+ expected_error = KDC_ERR_PREAUTH_REQUIRED >+ expected_patypes += (PADATA_ETYPE_INFO2,) >+ >+ expected_patypes += (PADATA_ENC_TIMESTAMP,) >+ expected_patypes += (PADATA_PK_AS_REQ,) >+ expected_patypes += (PADATA_PK_AS_REP_19,) >+ >+ self.assertElementEqual(rep, 'msg-type', KRB_ERROR) >+ self.assertElementEqual(rep, 'error-code', expected_error) >+ self.assertElementMissing(rep, 'ctime') >+ self.assertElementMissing(rep, 'cusec') >+ self.assertElementPresent(rep, 'stime') >+ self.assertElementPresent(rep, 'susec') >+ # error-code checked above >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'crealm') >+ self.assertElementMissing(rep, 'cname') >+ self.assertElementEqualUTF8(rep, 'realm', expected_srealm) >+ self.assertElementEqualPrincipal(rep, 'sname', expected_sname) >+ if self.strict_checking: >+ self.assertElementMissing(rep, 'e-text') >+ if expected_error_mode != KDC_ERR_PREAUTH_REQUIRED: >+ self.assertElementMissing(rep, 'e-data') >+ return >+ edata = self.getElementValue(rep, 'e-data') >+ if self.strict_checking: >+ self.assertIsNotNone(edata) >+ if edata is not None: >+ rep_padata = self.der_decode(edata, asn1Spec=krb5_asn1.METHOD_DATA()) >+ self.assertGreater(len(rep_padata), 0) >+ else: >+ rep_padata = [] >+ >+ if self.strict_checking: >+ for i in range(0, len(expected_patypes)): >+ self.assertElementEqual(rep_padata[i], 'padata-type', expected_patypes[i]) >+ self.assertEqual(len(rep_padata), len(expected_patypes)) >+ >+ etype_info2 = None >+ etype_info = None >+ enc_timestamp = None >+ pk_as_req = None >+ pk_as_rep19 = None >+ for pa in rep_padata: >+ patype = self.getElementValue(pa, 'padata-type') >+ pavalue = self.getElementValue(pa, 'padata-value') >+ if patype == PADATA_ETYPE_INFO2: >+ self.assertIsNone(etype_info2) >+ etype_info2 = self.der_decode(pavalue, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ continue >+ if patype == PADATA_ETYPE_INFO: >+ self.assertIsNone(etype_info) >+ etype_info = self.der_decode(pavalue, asn1Spec=krb5_asn1.ETYPE_INFO()) >+ continue >+ if patype == PADATA_ENC_TIMESTAMP: >+ self.assertIsNone(enc_timestamp) >+ enc_timestamp = pavalue >+ self.assertEqual(len(enc_timestamp), 0) >+ continue >+ if patype == PADATA_PK_AS_REQ: >+ self.assertIsNone(pk_as_req) >+ pk_as_req = pavalue >+ self.assertEqual(len(pk_as_req), 0) >+ continue >+ if patype == PADATA_PK_AS_REP_19: >+ self.assertIsNone(pk_as_rep19) >+ pk_as_rep19 = pavalue >+ self.assertEqual(len(pk_as_rep19), 0) >+ continue >+ >+ if expected_error == KDC_ERR_ETYPE_NOSUPP: >+ self.assertIsNone(etype_info2) >+ self.assertIsNone(etype_info) >+ if self.strict_checking: >+ self.assertIsNotNone(enc_timestamp) >+ self.assertIsNotNone(pk_as_req) >+ self.assertIsNotNone(pk_as_rep19) >+ return >+ >+ self.assertIsNotNone(etype_info2) >+ if expect_etype_info: >+ self.assertIsNotNone(etype_info) >+ else: >+ if self.strict_checking: >+ self.assertIsNone(etype_info) >+ if unexpect_etype_info: >+ self.assertIsNone(etype_info) >+ >+ self.assertGreaterEqual(len(etype_info2), 1) >+ self.assertLessEqual(len(etype_info2), len(expect_etype_info2)) >+ if self.strict_checking: >+ self.assertEqual(len(etype_info2), len(expect_etype_info2)) >+ for i in range(0, len(etype_info2)): >+ e = self.getElementValue(etype_info2[i], 'etype') >+ self.assertEqual(e, expect_etype_info2[i]) >+ salt = self.getElementValue(etype_info2[i], 'salt') >+ if e == kcrypto.Enctype.RC4: >+ self.assertIsNone(salt) >+ else: >+ self.assertIsNotNone(salt) >+ if expected_salt is not None: >+ self.assertEqual(salt, expected_salt) >+ s2kparams = self.getElementValue(etype_info2[i], 's2kparams') >+ if self.strict_checking: >+ self.assertIsNone(s2kparams) >+ if etype_info is not None: >+ self.assertEqual(len(etype_info), 1) >+ e = self.getElementValue(etype_info[0], 'etype') >+ self.assertEqual(e, kcrypto.Enctype.RC4) >+ self.assertEqual(e, expect_etype_info2[0]) >+ salt = self.getElementValue(etype_info[0], 'salt') >+ if self.strict_checking: >+ self.assertIsNotNone(salt) >+ self.assertEqual(len(salt), 0) >+ >+ self.assertIsNotNone(enc_timestamp) >+ self.assertIsNotNone(pk_as_req) >+ self.assertIsNotNone(pk_as_rep19) >+ >+ kdc_exchange_dict['preauth_etype_info2'] = etype_info2 >+ return >+ >+ def generate_simple_tgs_padata(self, >+ kdc_exchange_dict, >+ callback_dict, >+ req_body): >+ tgt = kdc_exchange_dict['tgt'] >+ authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] >+ body_checksum_type = kdc_exchange_dict['body_checksum_type'] >+ >+ req_body_blob = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY()) >+ >+ req_body_checksum = self.Checksum_create(tgt.session_key, >+ KU_TGS_REQ_AUTH_CKSUM, >+ req_body_blob, >+ ctype=body_checksum_type) >+ >+ subkey_obj = None >+ if authenticator_subkey is not None: >+ subkey_obj = authenticator_subkey.export_obj() >+ seq_number = random.randint(0, 0xfffffffe) >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ authenticator_obj = self.Authenticator_create(crealm=tgt.crealm, >+ cname=tgt.cname, >+ cksum=req_body_checksum, >+ cusec=cusec, >+ ctime=ctime, >+ subkey=subkey_obj, >+ seq_number=seq_number, >+ authorization_data=None) >+ authenticator_blob = self.der_encode(authenticator_obj, asn1Spec=krb5_asn1.Authenticator()) >+ >+ authenticator = self.EncryptedData_create(tgt.session_key, >+ KU_TGS_REQ_AUTH, >+ authenticator_blob) >+ >+ ap_options = krb5_asn1.APOptions('0') >+ ap_req_obj = self.AP_REQ_create(ap_options=str(ap_options), >+ ticket=tgt.ticket, >+ authenticator=authenticator) >+ ap_req = self.der_encode(ap_req_obj, asn1Spec=krb5_asn1.AP_REQ()) >+ pa_tgs_req = self.PA_DATA_create(PADATA_KDC_REQ, ap_req) >+ padata = [pa_tgs_req] >+ >+ return padata, req_body >+ >+ def check_simple_tgs_padata(self, >+ kdc_exchange_dict, >+ callback_dict, >+ rep, >+ padata): >+ tgt = kdc_exchange_dict['tgt'] >+ authenticator_subkey = kdc_exchange_dict['authenticator_subkey'] >+ if authenticator_subkey is not None: >+ subkey = authenticator_subkey >+ subkey_usage = KU_TGS_REP_ENC_PART_SUB_KEY >+ else: >+ subkey = tgt.session_key >+ subkey_usage = KU_TGS_REP_ENC_PART_SESSION >+ >+ return subkey, subkey_usage >+ >+ def _test_as_exchange(self, >+ cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ expected_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ etypes, >+ padata, >+ kdc_options, >+ preauth_key=None, >+ ticket_decryption_key=None): >+ >+ def _generate_padata_copy(_kdc_exchange_dict, >+ _callback_dict, >+ req_body): >+ return padata, req_body >+ >+ def _check_padata_preauth_key(_kdc_exchange_dict, >+ _callback_dict, >+ rep, >+ padata): >+ as_rep_usage = KU_AS_REP_ENC_PART >+ return preauth_key, as_rep_usage >+ >+ kdc_exchange_dict = self.as_exchange_dict( >+ expected_crealm=expected_crealm, >+ expected_cname=expected_cname, >+ expected_srealm=expected_srealm, >+ expected_sname=expected_sname, >+ ticket_decryption_key=ticket_decryption_key, >+ generate_padata_fn=_generate_padata_copy, >+ check_error_fn=self.generic_check_as_error, >+ check_rep_fn=self.generic_check_kdc_rep, >+ check_padata_fn=_check_padata_preauth_key, >+ check_kdc_private_fn=self.generic_check_kdc_private, >+ expected_error_mode=expected_error_mode, >+ client_as_etypes=client_as_etypes, >+ expected_salt=expected_salt) >+ >+ rep = self._generic_kdc_exchange(kdc_exchange_dict, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ till_time=till, >+ etypes=etypes) >+ >+ if expected_error_mode == 0: # AS-REP >+ return rep >+ >+ return kdc_exchange_dict['preauth_etype_info2'] >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 702f6084217..a4c5e079b66 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -28,16 +28,27 @@ ARCFOUR_HMAC_MD5 = int( > # Message types > KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) > KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+KRB_AS_REQ = int(krb5_asn1.MessageTypeValues('krb-as-req')) > KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep')) >+KRB_TGS_REQ = int(krb5_asn1.MessageTypeValues('krb-tgs-req')) > > # PAData types > PADATA_ENC_TIMESTAMP = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ETYPE_INFO = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO')) > PADATA_ETYPE_INFO2 = int( > krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+PADATA_KDC_REQ = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-KDC-REQ')) >+PADATA_PK_AS_REQ = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REQ')) >+PADATA_PK_AS_REP_19 = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REP-19')) > > # Error codes > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_ETYPE_NOSUPP = 14 > KDC_ERR_PREAUTH_FAILED = 24 > KDC_ERR_PREAUTH_REQUIRED = 25 > KDC_ERR_BADMATCH = 36 >-- >2.25.1 > > >From 76a3fe0ea2463f335561b4a5318345fea1c0a705 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 065/177] tests/krb5/as_req_tests.py: add new tests to cover > more of the AS-REQ protocol > >Example commands: > >Windows 2012R2: >SERVER=172.31.9.188 STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.188 STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests > >Windows 2008R2: >SERVER=172.31.9.133 STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.133 STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests > >Samba 4.14: >SERVER=172.31.9.163 STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.163 STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 01d86954d217e38be333aa1ce7db1d3d9059cd4c) >--- > python/samba/tests/krb5/as_req_tests.py | 121 ++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > 2 files changed, 122 insertions(+) > create mode 100755 python/samba/tests/krb5/as_req_tests.py > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >new file mode 100755 >index 00000000000..3ad37c6bdf2 >--- /dev/null >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -0,0 +1,121 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests import DynamicTestCase >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import ( >+ KDC_ERR_PREAUTH_REQUIRED, >+ NT_PRINCIPAL, >+ NT_SRV_INST >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+@DynamicTestCase >+class AsReqKerberosTests(RawKerberosTest): >+ >+ @classmethod >+ def setUpDynamicTestCases(cls): >+ for (name, idx) in cls.etype_test_permutation_name_idx(): >+ for pac in [None, True, False]: >+ tname = "%s_pac_%s" % (name, pac) >+ targs = (idx, pac) >+ cls.generate_dynamic_test("test_as_req_no_preauth", tname, *targs) >+ return >+ >+ def setUp(self): >+ super(AsReqKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def _test_as_req_nopreauth(self, >+ initial_etypes, >+ initial_padata=None, >+ initial_kdc_options=None): >+ client_creds = self.get_client_creds() >+ client_account = client_creds.get_username() >+ client_as_etypes = client_creds.get_as_krb5_etypes() >+ krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_account = krbtgt_creds.get_username() >+ realm = krbtgt_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[client_account]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_INST, >+ names=[krbtgt_account, realm]) >+ >+ expected_error_mode = KDC_ERR_PREAUTH_REQUIRED >+ expected_crealm = realm >+ expected_cname = cname >+ expected_srealm = realm >+ expected_sname = sname >+ expected_salt = client_creds.get_forced_salt() >+ >+ def _generate_padata_copy(_kdc_exchange_dict, >+ _callback_dict, >+ req_body): >+ return initial_padata, req_body >+ >+ kdc_exchange_dict = self.as_exchange_dict( >+ expected_crealm=expected_crealm, >+ expected_cname=expected_cname, >+ expected_srealm=expected_srealm, >+ expected_sname=expected_sname, >+ generate_padata_fn=_generate_padata_copy, >+ check_error_fn=self.generic_check_as_error, >+ check_rep_fn=self.generic_check_kdc_rep, >+ expected_error_mode=expected_error_mode, >+ client_as_etypes=client_as_etypes, >+ expected_salt=expected_salt) >+ >+ rep = self._generic_kdc_exchange(kdc_exchange_dict, >+ kdc_options=str(initial_kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ etypes=initial_etypes) >+ >+ return kdc_exchange_dict['preauth_etype_info2'] >+ >+ def _test_as_req_no_preauth_with_args(self, etype_idx, pac): >+ name, etypes = self.etype_test_permutation_by_idx(etype_idx) >+ if pac is None: >+ padata = None >+ else: >+ pa_pac = self.KERB_PA_PAC_REQUEST_create(pac) >+ padata = [pa_pac] >+ return self._test_as_req_nopreauth( >+ initial_padata=padata, >+ initial_etypes=etypes, >+ initial_kdc_options=krb5_asn1.KDCOptions('forwardable')) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >+ >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index e8eda7d6896..11170a2d241 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -100,6 +100,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/test_rpc.py', > 'python/samba/tests/krb5/test_smb.py', > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', >+ 'python/samba/tests/krb5/as_req_tests.py', > } > > EXCLUDE_HELP = { >-- >2.25.1 > > >From b91fefe5f1d1fad7bb135ca5a30b0c84f4432c72 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 066/177] selftest: run new as_req_tests against fl2008r2dc and > fl2003dc > >There are a lot of things we should improve in our KDC >in order to work like a Windows KDC. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d91665d33130aed11fa82d8d2796ab1627e04dc4) >--- > .../knownfail.d/samba.tests.krb5.as_req_tests | 276 +++++++++++++ > selftest/knownfail_mit_kdc | 389 +++++++++++++++++- > selftest/target/Samba.pm | 1 + > selftest/target/Samba4.pm | 6 +- > source4/selftest/tests.py | 10 + > 5 files changed, 680 insertions(+), 2 deletions(-) > create mode 100644 selftest/knownfail.d/samba.tests.krb5.as_req_tests > >diff --git a/selftest/knownfail.d/samba.tests.krb5.as_req_tests b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >new file mode 100644 >index 00000000000..390d6cd0ab6 >--- /dev/null >+++ b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >@@ -0,0 +1,276 @@ >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2003dc >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 2c2a643944c..b610929a8dd 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -290,4 +290,391 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >- >+# >+# MIT currently fails some as_req_no_preauth tests. >+# >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_pac_True.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_False.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_False.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_None.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_None.fl2008r2dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2008r2dc >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index d47f933376e..7f4ed0306d8 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -815,6 +815,7 @@ my @exported_envvars = ( > "DNSNAME", > "REALM", > "DOMSID", >+ "SUPPORTED_ENCTYPE_BITS", > > # stuff related to a trusted domain > "TRUST_SERVER", >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 77bd741d476..48542ade802 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -561,7 +561,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) > $ctx->{force_fips_mode} = $force_fips_mode; > $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; > if ($functional_level eq "2000") { >- $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc" >+ $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"; >+ $ctx->{supported_enctypes_bits} = "4"; >+ } else { >+ $ctx->{supported_enctypes_bits} = "28"; > } > > # >@@ -876,6 +879,7 @@ nogroup:x:65534:nobody > KRB5_CONFIG => $ctx->{krb5_conf}, > KRB5_CCACHE => $ctx->{krb5_ccache}, > MITKDC_CONFIG => $ctx->{mitkdc_conf}, >+ SUPPORTED_ENCTYPE_BITS => $ctx->{supported_enctypes_bits}, > PIDDIR => $ctx->{piddir}, > SERVER => $ctx->{hostname}, > DC_SERVER => $ctx->{hostname}, >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 6005bc04d87..a69e50a1f1a 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1328,6 +1328,16 @@ plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", ' > '--option=torture:krb5-hostname=testupnspn.$DNSNAME', > '--option=torture:krb5-service=http'], > "samba4.krb5.kdc with account having identical UPN and SPN") >+for env in ["fl2008r2dc", "fl2003dc"]: >+ planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests", >+ environ={ >+ 'CLIENT_USERNAME': '$USERNAME', >+ 'CLIENT_PASSWORD': '$PASSWORD', >+ 'CLIENT_AS_SUPPORTED_ENCTYPES': '$SUPPORTED_ENCTYPE_BITS', >+ 'SERVER_USERNAME': '$SERVER', >+ 'SERVER_PASSWORD': 'machine$PASSWORD', >+ 'STRICT_CHECKING': '0', >+ }) > > > for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: >-- >2.25.1 > > >From 2e36243ea296079a0d3610bd7c3764773b931e82 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:38:28 +1200 >Subject: [PATCH 067/177] tests/krb5/kdc_base_test.py: Defer account deletion > until tearDownClass() is called > >This allows accounts created for permutation tests to be reused, rather >than having to be recreated for every test. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5412bffb9b4fc13023e650bbc9436a79b60b6fa2) >--- > python/samba/tests/krb5/kdc_base_test.py | 24 +++++++++++++++--------- > 1 file changed, 15 insertions(+), 9 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index e345f739e1c..578736574ae 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -99,21 +99,27 @@ class KDCBaseTest(RawKerberosTest): > base="", expression="", scope=SCOPE_BASE, attrs=["dnsHostName"]) > cls.dns_host_name = str(res[0]['dnsHostName']) > >+ # A set containing DNs of accounts created as part of testing. >+ cls.accounts = set() >+ >+ @classmethod >+ def tearDownClass(cls): >+ # Clean up any accounts created by create_account. This is >+ # done in tearDownClass() rather than tearDown(), so that >+ # accounts need only be created once for permutation tests. >+ for dn in cls.accounts: >+ delete_force(cls.ldb, dn) >+ super().tearDownClass() >+ > def setUp(self): > super().setUp() > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump >- self.accounts = [] >- >- def tearDown(self): >- # Clean up any accounts created by create_account >- for dn in self.accounts: >- delete_force(self.ldb, dn) > > def create_account(self, name, machine_account=False, spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, >- which is used by tearDown to clean up the created accounts. >+ which is used by tearDownClass to clean up the created accounts. > ''' > dn = "cn=%s,%s" % (name, self.ldb.domain_dn()) > >@@ -153,8 +159,8 @@ class KDCBaseTest(RawKerberosTest): > if machine_account: > creds.set_workstation(name) > # >- # Save the account name so it can be deleted in the tearDown >- self.accounts.append(dn) >+ # Save the account name so it can be deleted in tearDownClass >+ self.accounts.add(dn) > > return (creds, dn) > >-- >2.25.1 > > >From 24b115c7429c0fa943b95806d5af8ce51df7c7e6 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:14:33 +1200 >Subject: [PATCH 068/177] tests/krb5/raw_testcase.py: Add get_admin_creds() > >This method allows obtaining credentials that can be used for >administrative tasks such as creating accounts. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5afae39da0ab408bb36dde3a7801634bd9cc24f6) >--- > python/samba/tests/krb5/raw_testcase.py | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 8c8926b0ad2..7e41245f706 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -526,6 +526,11 @@ class RawKerberosTest(TestCaseInTempDir): > allow_missing_password=allow_missing_password) > return c > >+ def get_admin_creds(self, allow_missing_password=False): >+ c = self._get_krb5_creds(prefix='ADMIN', >+ allow_missing_password=allow_missing_password) >+ return c >+ > def get_krbtgt_creds(self, require_strongest_key=False): > c = self._get_krb5_creds(prefix='KRBTGT', > default_username='krbtgt', >-- >2.25.1 > > >From 287a99f4466a99a5a0de78fc72b9dcf1a5edb3be Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:04:00 +1200 >Subject: [PATCH 069/177] tests/krb5/kdc_base_test.py: Create database > connection only when needed > >Now the database connection is only created on its first use, which >means database credentials are no longer required for tests that don't >make use of it. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 4f5566be4839838e0e3e501a030bcf6e85ff5159) >--- > python/samba/tests/krb5/kdc_base_test.py | 56 +++++++------ > python/samba/tests/krb5/kdc_tgs_tests.py | 17 ++-- > .../ms_kile_client_principal_lookup_tests.py | 84 +++++++++++-------- > python/samba/tests/krb5/test_ccache.py | 15 ++-- > python/samba/tests/krb5/test_ldap.py | 12 +-- > python/samba/tests/krb5/test_rpc.py | 6 +- > python/samba/tests/krb5/test_smb.py | 12 +-- > 7 files changed, 116 insertions(+), 86 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 578736574ae..b191f905366 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -89,15 +89,7 @@ class KDCBaseTest(RawKerberosTest): > > cls.credentials = c > >- cls.session = system_session() >- cls.ldb = SamDB(url="ldap://%s" % cls.host, >- session_info=cls.session, >- credentials=cls.credentials, >- lp=cls.lp) >- # fetch the dnsHostName from the RootDse >- res = cls.ldb.search( >- base="", expression="", scope=SCOPE_BASE, attrs=["dnsHostName"]) >- cls.dns_host_name = str(res[0]['dnsHostName']) >+ cls._ldb = None > > # A set containing DNs of accounts created as part of testing. > cls.accounts = set() >@@ -107,8 +99,9 @@ class KDCBaseTest(RawKerberosTest): > # Clean up any accounts created by create_account. This is > # done in tearDownClass() rather than tearDown(), so that > # accounts need only be created once for permutation tests. >- for dn in cls.accounts: >- delete_force(cls.ldb, dn) >+ if cls._ldb is not None: >+ for dn in cls.accounts: >+ delete_force(cls._ldb, dn) > super().tearDownClass() > > def setUp(self): >@@ -116,16 +109,27 @@ class KDCBaseTest(RawKerberosTest): > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >- def create_account(self, name, machine_account=False, spn=None, upn=None): >+ def get_samdb(self): >+ if self._ldb is None: >+ session = system_session() >+ type(self)._ldb = SamDB(url="ldap://%s" % self.host, >+ session_info=session, >+ credentials=self.credentials, >+ lp=self.lp) >+ >+ return self._ldb >+ >+ def create_account(self, ldb, name, machine_account=False, >+ spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, > which is used by tearDownClass to clean up the created accounts. > ''' >- dn = "cn=%s,%s" % (name, self.ldb.domain_dn()) >+ dn = "cn=%s,%s" % (name, ldb.domain_dn()) > > # remove the account if it exists, this will happen if a previous test > # run failed >- delete_force(self.ldb, dn) >+ delete_force(ldb, dn) > if machine_account: > object_class = "computer" > account_name = "%s$" % name >@@ -148,12 +152,12 @@ class KDCBaseTest(RawKerberosTest): > details["servicePrincipalName"] = spn > if upn is not None: > details["userPrincipalName"] = upn >- self.ldb.add(details) >+ ldb.add(details) > > creds = Credentials() > creds.guess(self.lp) >- creds.set_realm(self.ldb.domain_dns_name().upper()) >- creds.set_domain(self.ldb.domain_netbios_name().upper()) >+ creds.set_realm(ldb.domain_dns_name().upper()) >+ creds.set_domain(ldb.domain_netbios_name().upper()) > creds.set_password(password) > creds.set_username(account_name) > if machine_account: >@@ -425,38 +429,38 @@ class KDCBaseTest(RawKerberosTest): > enc_part, asn1Spec=krb5_asn1.EncTicketPart()) > return enc_ticket_part > >- def get_objectSid(self, dn): >+ def get_objectSid(self, samdb, dn): > ''' Get the objectSID for a DN > Note: performs an Ldb query. > ''' >- res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["objectSID"]) >+ res = samdb.search(dn, scope=SCOPE_BASE, attrs=["objectSID"]) > self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) >- sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) >+ sid = samdb.schema_format_value("objectSID", res[0]["objectSID"][0]) > return sid.decode('utf8') > >- def add_attribute(self, dn_str, name, value): >+ def add_attribute(self, samdb, dn_str, name, value): > if isinstance(value, list): > values = value > else: > values = [value] > flag = ldb.FLAG_MOD_ADD > >- dn = ldb.Dn(self.ldb, dn_str) >+ dn = ldb.Dn(samdb, dn_str) > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) >- self.ldb.modify(msg) >+ samdb.modify(msg) > >- def modify_attribute(self, dn_str, name, value): >+ def modify_attribute(self, samdb, dn_str, name, value): > if isinstance(value, list): > values = value > else: > values = [value] > flag = ldb.FLAG_MOD_REPLACE > >- dn = ldb.Dn(self.ldb, dn_str) >+ dn = ldb.Dn(samdb, dn_str) > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) >- self.ldb.modify(msg) >+ samdb.modify(msg) > > def create_ccache(self, cname, ticket, enc_part): > """ Lay out a version 4 on-disk credentials cache, to be read using the >diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py >index 23a1d868a79..0c757bd5e5f 100755 >--- a/python/samba/tests/krb5/kdc_tgs_tests.py >+++ b/python/samba/tests/krb5/kdc_tgs_tests.py >@@ -49,8 +49,9 @@ class KdcTgsTests(KDCBaseTest): > that differs from that provided to the krbtgt > ''' > # Create the user account >+ samdb = self.get_samdb() > user_name = "tsttktusr" >- (uc, _) = self.create_account(user_name) >+ (uc, _) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > # Do the initial AS-REQ, should get a pre-authentication required >@@ -81,7 +82,7 @@ class KdcTgsTests(KDCBaseTest): > names=["Administrator"]) > sname = self.PrincipalName_create( > name_type=NT_PRINCIPAL, >- names=["host", self.dns_host_name]) >+ names=["host", samdb.host_dns_name()]) > > (rep, enc_part) = self.tgs_req(cname, sname, realm, ticket, key, etype) > >@@ -98,8 +99,9 @@ class KdcTgsTests(KDCBaseTest): > '''Get a ticket to the ldap service > ''' > # Create the user account >+ samdb = self.get_samdb() > user_name = "tsttktusr" >- (uc, _) = self.create_account(user_name) >+ (uc, _) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > # Do the initial AS-REQ, should get a pre-authentication required >@@ -126,7 +128,7 @@ class KdcTgsTests(KDCBaseTest): > # Request a ticket to the ldap service > sname = self.PrincipalName_create( > name_type=NT_SRV_INST, >- names=["ldap", self.dns_host_name]) >+ names=["ldap", samdb.host_dns_name()]) > > (rep, _) = self.tgs_req( > cname, sname, uc.get_realm(), ticket, key, etype) >@@ -137,9 +139,10 @@ class KdcTgsTests(KDCBaseTest): > > # Create a user and machine account for the test. > # >+ samdb = self.get_samdb() > user_name = "tsttktusr" >- (uc, dn) = self.create_account(user_name) >- (mc, _) = self.create_account("tsttktmac", machine_account=True) >+ (uc, dn) = self.create_account(samdb, user_name) >+ (mc, _) = self.create_account(samdb, "tsttktmac", machine_account=True) > realm = uc.get_realm().lower() > > # Do the initial AS-REQ, should get a pre-authentication required >@@ -179,7 +182,7 @@ class KdcTgsTests(KDCBaseTest): > enc_part = self.decode_service_ticket(mc, ticket) > > pac_data = self.get_pac_data(enc_part['authorization-data']) >- sid = self.get_objectSid(dn) >+ sid = self.get_objectSid(samdb, dn) > upn = "%s@%s" % (uc.get_username(), realm) > self.assertEqual( > uc.get_username(), >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index 356a25f8e18..63f67b09c4c 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -49,10 +49,10 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >- def check_pac(self, auth_data, dn, uc, name, upn=None): >+ def check_pac(self, samdb, auth_data, dn, uc, name, upn=None): > > pac_data = self.get_pac_data(auth_data) >- sid = self.get_objectSid(dn) >+ sid = self.get_objectSid(samdb, dn) > if upn is None: > upn = "%s@%s" % (name, uc.get_realm().lower()) > if name.endswith('$'): >@@ -89,12 +89,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -131,7 +132,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the pac, and the ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ self.check_pac(samdb, enc_part['authorization-data'], dn, uc, user_name) > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -147,12 +148,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a machine account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskilemac" >- (mc, dn) = self.create_account(user_name, machine_account=True) >+ (mc, dn) = self.create_account(samdb, user_name, machine_account=True) > realm = mc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -189,7 +191,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the pac, and the ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, mc, mach_name + '$') >+ self.check_pac(samdb, enc_part['authorization-data'], dn, mc, mach_name + '$') > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -206,14 +208,15 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > ''' > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" > upn = upn_name + "@" + self.credentials.get_realm().lower() >- (uc, dn) = self.create_account(user_name, upn=upn) >+ (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -250,7 +253,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # Check the contents of the service ticket > ticket = rep['ticket'] > enc_part = self.decode_service_ticket(mc, ticket) >- self.check_pac(enc_part['authorization-data'], dn, uc, upn_name) >+ self.check_pac(samdb, enc_part['authorization-data'], dn, uc, upn_name) > # check the crealm and cname > cname = enc_part['cname'] > self.assertEqual(NT_PRINCIPAL, cname['name-type']) >@@ -273,19 +276,21 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way > # to trigger the no pre-auth step > >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > self.modify_attribute( >+ samdb, > dn, > "userAccountControl", > str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH > # we should get a valid AS-RESP >@@ -340,15 +345,16 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -406,15 +412,16 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -445,14 +452,15 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" > upn = upn_name + "@" + self.credentials.get_realm().lower() >- (uc, dn) = self.create_account(user_name, upn=upn) >+ (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -508,13 +516,14 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > ename = user_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -570,12 +579,13 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create a user account for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" >- (uc, _) = self.create_account(user_name) >+ (uc, _) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > > mach_name = "mskilemac" >- (mc, dn) = self.create_account(mach_name, machine_account=True) >+ (mc, dn) = self.create_account(samdb, mach_name, machine_account=True) > ename = mach_name + "@" + realm > uname = mach_name + "$@" + realm > >@@ -638,20 +648,22 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way > # to trigger the no pre-auth step > >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > self.modify_attribute( >+ samdb, > dn, > "userAccountControl", > str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) > ename = alt_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH > # we should get a valid AS-RESP >@@ -706,17 +718,18 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > ename = alt_name + "@" + realm > uname = user_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >@@ -775,16 +788,17 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > > # Create user and machine accounts for the test. > # >+ samdb = self.get_samdb() > user_name = "mskileusr" > alt_name = "mskilealtsec" >- (uc, dn) = self.create_account(user_name) >+ (uc, dn) = self.create_account(samdb, user_name) > realm = uc.get_realm().lower() > alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >- self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec) > ename = alt_name + "@" + realm > > mach_name = "mskilemac" >- (mc, _) = self.create_account(mach_name, machine_account=True) >+ (mc, _) = self.create_account(samdb, mach_name, machine_account=True) > > # Do the initial AS-REQ, should get a pre-authentication required > # response >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >index 32c9e3cce6b..c7857a6cf0e 100755 >--- a/python/samba/tests/krb5/test_ccache.py >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -49,11 +49,14 @@ class CcacheTests(KDCBaseTest): > mach_name = "ccachemac" > service = "host" > >+ samdb = self.get_samdb() >+ > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Create the machine account. >- (mach_credentials, _) = self.create_account(mach_name, >+ (mach_credentials, _) = self.create_account(samdb, >+ mach_name, > machine_account=True, > spn="%s/%s" % (service, > mach_name)) >@@ -77,7 +80,7 @@ class CcacheTests(KDCBaseTest): > gensec_client.want_feature(gensec.FEATURE_SEAL) > gensec_client.start_mech_by_sasl_name("GSSAPI") > >- auth_context = AuthContext(lp_ctx=self.lp, ldb=self.ldb, methods=[]) >+ auth_context = AuthContext(lp_ctx=self.lp, ldb=samdb, methods=[]) > > gensec_server = gensec.Security.start_server(settings, auth_context) > gensec_server.set_credentials(mach_credentials) >@@ -104,9 +107,9 @@ class CcacheTests(KDCBaseTest): > # token is the SID of the user we created. > > # Retrieve the user account's SID. >- ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % user_name, >- attrs=["objectSid"]) >+ ldb_res = samdb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) > self.assertEqual(1, len(ldb_res)) > sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) > >diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py >index 6a4bf52d77f..7e9405a8a92 100755 >--- a/python/samba/tests/krb5/test_ldap.py >+++ b/python/samba/tests/krb5/test_ldap.py >@@ -44,12 +44,14 @@ class LdapTests(KDCBaseTest): > # credentials cache file where the service ticket authenticating the > # user are stored. > >+ samdb = self.get_samdb() >+ > user_name = "ldapusr" >- mach_name = self.dns_host_name >+ mach_name = samdb.host_dns_name() > service = "ldap" > > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >@@ -63,9 +65,9 @@ class LdapTests(KDCBaseTest): > # cached credentials. > > # Retrieve the user account's SID. >- ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % user_name, >- attrs=["objectSid"]) >+ ldb_res = samdb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) > self.assertEqual(1, len(ldb_res)) > sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) > >diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py >index da1c4eb88ac..c474e479d81 100755 >--- a/python/samba/tests/krb5/test_rpc.py >+++ b/python/samba/tests/krb5/test_rpc.py >@@ -41,12 +41,14 @@ class RpcTests(KDCBaseTest): > # credentials cache file where the service ticket authenticating the > # user are stored. > >+ samdb = self.get_samdb() >+ > user_name = "rpcusr" >- mach_name = self.dns_host_name >+ mach_name = samdb.host_dns_name() > service = "cifs" > > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py >index 0262a37ebb5..8f76e78afe3 100755 >--- a/python/samba/tests/krb5/test_smb.py >+++ b/python/samba/tests/krb5/test_smb.py >@@ -45,13 +45,15 @@ class SmbTests(KDCBaseTest): > # credentials cache file where the service ticket authenticating the > # user are stored. > >+ samdb = self.get_samdb() >+ > user_name = "smbusr" >- mach_name = self.dns_host_name >+ mach_name = samdb.host_dns_name() > service = "cifs" > share = "tmp" > > # Create the user account. >- (user_credentials, _) = self.create_account(user_name) >+ (user_credentials, _) = self.create_account(samdb, user_name) > > # Talk to the KDC to obtain the service ticket, which gets placed into > # the cache. The machine account name has to match the name in the >@@ -72,9 +74,9 @@ class SmbTests(KDCBaseTest): > # cached credentials. > > # Retrieve the user account's SID. >- ldb_res = self.ldb.search(scope=SCOPE_SUBTREE, >- expression="(sAMAccountName=%s)" % user_name, >- attrs=["objectSid"]) >+ ldb_res = samdb.search(scope=SCOPE_SUBTREE, >+ expression="(sAMAccountName=%s)" % user_name, >+ attrs=["objectSid"]) > self.assertEqual(1, len(ldb_res)) > sid = ndr_unpack(security.dom_sid, ldb_res[0]["objectSid"][0]) > >-- >2.25.1 > > >From 46ab6466e2b9a9f9ba89e59419e0cacea81c9021 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:31:26 +1200 >Subject: [PATCH 070/177] tests/krb5/kdc_base_test.py: Remove 'credentials' > class attribute > >Credentials for tests are now obtained using the get_user_creds() >method. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 364f1ce8d8221cb8926635fc864db782cee61cf9) >--- > python/samba/tests/krb5/kdc_base_test.py | 24 +++---------------- > .../ms_kile_client_principal_lookup_tests.py | 4 ++-- > 2 files changed, 5 insertions(+), 23 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index b191f905366..f3c6b37d29f 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -67,28 +67,8 @@ class KDCBaseTest(RawKerberosTest): > @classmethod > def setUpClass(cls): > cls.lp = cls.get_loadparm(cls) >- cls.username = os.environ["USERNAME"] >- cls.password = os.environ["PASSWORD"] > cls.host = os.environ["SERVER"] > >- c = Credentials() >- c.set_username(cls.username) >- c.set_password(cls.password) >- try: >- realm = os.environ["REALM"] >- c.set_realm(realm) >- except KeyError: >- pass >- try: >- domain = os.environ["DOMAIN"] >- c.set_domain(domain) >- except KeyError: >- pass >- >- c.guess() >- >- cls.credentials = c >- > cls._ldb = None > > # A set containing DNs of accounts created as part of testing. >@@ -111,10 +91,12 @@ class KDCBaseTest(RawKerberosTest): > > def get_samdb(self): > if self._ldb is None: >+ creds = self.get_user_creds() >+ > session = system_session() > type(self)._ldb = SamDB(url="ldap://%s" % self.host, > session_info=session, >- credentials=self.credentials, >+ credentials=creds, > lp=self.lp) > > return self._ldb >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >index 63f67b09c4c..e9d251e72f6 100755 >--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -211,7 +211,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" >- upn = upn_name + "@" + self.credentials.get_realm().lower() >+ upn = upn_name + "@" + self.get_user_creds().get_realm().lower() > (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > >@@ -455,7 +455,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): > samdb = self.get_samdb() > user_name = "mskileusr" > upn_name = "mskileupn" >- upn = upn_name + "@" + self.credentials.get_realm().lower() >+ upn = upn_name + "@" + self.get_user_creds().get_realm().lower() > (uc, dn) = self.create_account(samdb, user_name, upn=upn) > realm = uc.get_realm().lower() > >-- >2.25.1 > > >From 460a68e67a7f70b573360ee2b9c800b855303df3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:40:41 +1200 >Subject: [PATCH 071/177] tests/krb5/kdc_base_test.py: Create loadparm only > when needed > >Now the .conf file is only loaded on its first use, which means that >SMB_CONF_PATH need not be defined for tests that don't make use of it. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 210e544016a3a4de1cdb76ce28a2148811ff07eb) >--- > python/samba/tests/krb5/kdc_base_test.py | 15 +++++++++++---- > python/samba/tests/krb5/test_ccache.py | 6 ++++-- > python/samba/tests/krb5/test_ldap.py | 2 +- > python/samba/tests/krb5/test_rpc.py | 2 +- > python/samba/tests/krb5/test_smb.py | 2 +- > 5 files changed, 18 insertions(+), 9 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index f3c6b37d29f..59ce546a181 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -66,7 +66,7 @@ class KDCBaseTest(RawKerberosTest): > > @classmethod > def setUpClass(cls): >- cls.lp = cls.get_loadparm(cls) >+ cls._lp = None > cls.host = os.environ["SERVER"] > > cls._ldb = None >@@ -89,15 +89,22 @@ class KDCBaseTest(RawKerberosTest): > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >+ def get_lp(self): >+ if self._lp is None: >+ type(self)._lp = self.get_loadparm() >+ >+ return self._lp >+ > def get_samdb(self): > if self._ldb is None: > creds = self.get_user_creds() >+ lp = self.get_lp() > > session = system_session() > type(self)._ldb = SamDB(url="ldap://%s" % self.host, > session_info=session, > credentials=creds, >- lp=self.lp) >+ lp=lp) > > return self._ldb > >@@ -137,7 +144,7 @@ class KDCBaseTest(RawKerberosTest): > ldb.add(details) > > creds = Credentials() >- creds.guess(self.lp) >+ creds.guess(self.get_lp()) > creds.set_realm(ldb.domain_dns_name().upper()) > creds.set_domain(ldb.domain_netbios_name().upper()) > creds.set_password(password) >@@ -607,7 +614,7 @@ class KDCBaseTest(RawKerberosTest): > creds.set_kerberos_state(MUST_USE_KERBEROS) > creds.set_username(user_name, SPECIFIED) > creds.set_realm(realm) >- creds.set_named_ccache(cachefile.name, SPECIFIED, self.lp) >+ creds.set_named_ccache(cachefile.name, SPECIFIED, self.get_lp()) > > # Return the credentials along with the cache file. > return (creds, cachefile) >diff --git a/python/samba/tests/krb5/test_ccache.py b/python/samba/tests/krb5/test_ccache.py >index c7857a6cf0e..feb7a7bd9be 100755 >--- a/python/samba/tests/krb5/test_ccache.py >+++ b/python/samba/tests/krb5/test_ccache.py >@@ -71,8 +71,10 @@ class CcacheTests(KDCBaseTest): > # Authenticate in-process to the machine account using the user's > # cached credentials. > >+ lp = self.get_lp() >+ > settings = {} >- settings["lp_ctx"] = self.lp >+ settings["lp_ctx"] = lp > settings["target_hostname"] = mach_name > > gensec_client = gensec.Security.start_client(settings) >@@ -80,7 +82,7 @@ class CcacheTests(KDCBaseTest): > gensec_client.want_feature(gensec.FEATURE_SEAL) > gensec_client.start_mech_by_sasl_name("GSSAPI") > >- auth_context = AuthContext(lp_ctx=self.lp, ldb=samdb, methods=[]) >+ auth_context = AuthContext(lp_ctx=lp, ldb=samdb, methods=[]) > > gensec_server = gensec.Security.start_server(settings, auth_context) > gensec_server.set_credentials(mach_credentials) >diff --git a/python/samba/tests/krb5/test_ldap.py b/python/samba/tests/krb5/test_ldap.py >index 7e9405a8a92..d304fb9d71e 100755 >--- a/python/samba/tests/krb5/test_ldap.py >+++ b/python/samba/tests/krb5/test_ldap.py >@@ -74,7 +74,7 @@ class LdapTests(KDCBaseTest): > # Connect to the machine account and retrieve the user SID. > ldb_as_user = SamDB(url="ldap://%s" % mach_name, > credentials=creds, >- lp=self.lp) >+ lp=self.get_lp()) > ldb_res = ldb_as_user.search('', > scope=SCOPE_BASE, > attrs=["tokenGroups"]) >diff --git a/python/samba/tests/krb5/test_rpc.py b/python/samba/tests/krb5/test_rpc.py >index c474e479d81..324b57f2847 100755 >--- a/python/samba/tests/krb5/test_rpc.py >+++ b/python/samba/tests/krb5/test_rpc.py >@@ -62,7 +62,7 @@ class RpcTests(KDCBaseTest): > # cached credentials. > > binding_str = "ncacn_np:%s[\\pipe\\lsarpc]" % mach_name >- conn = lsa.lsarpc(binding_str, self.lp, creds) >+ conn = lsa.lsarpc(binding_str, self.get_lp(), creds) > > (account_name, _) = conn.GetUserName(None, None, None) > >diff --git a/python/samba/tests/krb5/test_smb.py b/python/samba/tests/krb5/test_smb.py >index 8f76e78afe3..45d4fe5e0c1 100755 >--- a/python/samba/tests/krb5/test_smb.py >+++ b/python/samba/tests/krb5/test_smb.py >@@ -82,7 +82,7 @@ class SmbTests(KDCBaseTest): > > # Connect to a share and retrieve the user SID. > s3_lp = s3param.get_context() >- s3_lp.load(self.lp.configfile) >+ s3_lp.load(self.get_lp().configfile) > > min_protocol = s3_lp.get("client min protocol") > self.addCleanup(s3_lp.set, "client min protocol", min_protocol) >-- >2.25.1 > > >From a4042179b4d5eb2342821756b82359148986e0ab Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:12:38 +1200 >Subject: [PATCH 072/177] tests/krb5/kdc_base_test.py: Add methods to determine > supported encryption types > >This is done based on the domain functional level, which corresponds to >the logic Samba uses to decide whether or not to generate a >Primary:Kerberos-Newer-Keys element for the supplementalCredentials >attribute. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 7d4a0ed21be49d13c2b815582f2d04f0c058bf3a) >--- > python/samba/tests/krb5/kdc_base_test.py | 38 ++++++++++++++++++++++-- > 1 file changed, 36 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 59ce546a181..e1b73dd8ff7 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -29,8 +29,13 @@ from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session > from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >-from samba.dcerpc import krb5pac, krb5ccache >-from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >+from samba.dcerpc import krb5pac, krb5ccache, security >+from samba.dsdb import ( >+ DS_DOMAIN_FUNCTION_2000, >+ DS_DOMAIN_FUNCTION_2008, >+ UF_WORKSTATION_TRUST_ACCOUNT, >+ UF_NORMAL_ACCOUNT >+) > from samba.ndr import ndr_pack, ndr_unpack > from samba.samdb import SamDB > >@@ -71,6 +76,8 @@ class KDCBaseTest(RawKerberosTest): > > cls._ldb = None > >+ cls._functional_level = None >+ > # A set containing DNs of accounts created as part of testing. > cls.accounts = set() > >@@ -108,6 +115,33 @@ class KDCBaseTest(RawKerberosTest): > > return self._ldb > >+ def get_domain_functional_level(self, ldb): >+ if self._functional_level is None: >+ res = ldb.search(base='', >+ scope=SCOPE_BASE, >+ attrs=['domainFunctionality']) >+ try: >+ functional_level = int(res[0]['domainFunctionality'][0]) >+ except KeyError: >+ functional_level = DS_DOMAIN_FUNCTION_2000 >+ >+ type(self)._functional_level = functional_level >+ >+ return self._functional_level >+ >+ def get_default_enctypes(self): >+ samdb = self.get_samdb() >+ functional_level = self.get_domain_functional_level(samdb) >+ >+ # RC4 should always be supported >+ default_enctypes = security.KERB_ENCTYPE_RC4_HMAC_MD5 >+ if functional_level >= DS_DOMAIN_FUNCTION_2008: >+ # AES is only supported at functional level 2008 or higher >+ default_enctypes |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 >+ default_enctypes |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 >+ >+ return default_enctypes >+ > def create_account(self, ldb, name, machine_account=False, > spn=None, upn=None): > '''Create an account for testing. >-- >2.25.1 > > >From 0a7dc4c7c910453c07c6dd25b37b125c3a71d3c3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:15:10 +1200 >Subject: [PATCH 073/177] tests/krb5/raw_testcase.py: Add method to obtain > Kerberos keys over DRS > >This requires admin credentials, and removes the need to pass these keys >as environment variables. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f2ddd3c97e3ff243c8bd0c17299f27b761f5e7f) >--- > python/samba/tests/krb5/kdc_base_test.py | 100 ++++++++++++++++++++++- > 1 file changed, 99 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index e1b73dd8ff7..7ae22bc5929 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -20,6 +20,8 @@ import sys > import os > from datetime import datetime, timezone > import tempfile >+import binascii >+import struct > > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" >@@ -29,7 +31,8 @@ from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session > from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >-from samba.dcerpc import krb5pac, krb5ccache, security >+from samba.dcerpc import drsblobs, drsuapi, misc, krb5pac, krb5ccache, security >+from samba.drs_utils import drsuapi_connect > from samba.dsdb import ( > DS_DOMAIN_FUNCTION_2000, > DS_DOMAIN_FUNCTION_2008, >@@ -37,6 +40,7 @@ from samba.dsdb import ( > UF_NORMAL_ACCOUNT > ) > from samba.ndr import ndr_pack, ndr_unpack >+from samba import net > from samba.samdb import SamDB > > from samba.tests import delete_force >@@ -191,6 +195,100 @@ class KDCBaseTest(RawKerberosTest): > > return (creds, dn) > >+ def get_keys(self, samdb, dn): >+ admin_creds = self.get_admin_creds() >+ >+ dns_hostname = samdb.host_dns_name() >+ (bind, handle, _) = drsuapi_connect(dns_hostname, >+ self.get_lp(), >+ admin_creds) >+ >+ destination_dsa_guid = misc.GUID(samdb.get_ntds_GUID()) >+ >+ req = drsuapi.DsGetNCChangesRequest8() >+ >+ req.destination_dsa_guid = destination_dsa_guid >+ req.source_dsa_invocation_id = misc.GUID() >+ >+ naming_context = drsuapi.DsReplicaObjectIdentifier() >+ naming_context.dn = str(dn) >+ >+ req.naming_context = naming_context >+ >+ hwm = drsuapi.DsReplicaHighWaterMark() >+ hwm.tmp_highest_usn = 0 >+ hwm.reserved_usn = 0 >+ hwm.highest_usn = 0 >+ >+ req.highwatermark = hwm >+ req.uptodateness_vector = None >+ >+ req.replica_flags = 0 >+ >+ req.max_object_count = 1 >+ req.max_ndr_size = 402116 >+ req.extended_op = drsuapi.DRSUAPI_EXOP_REPL_SECRET >+ >+ attids = [drsuapi.DRSUAPI_ATTID_supplementalCredentials, >+ drsuapi.DRSUAPI_ATTID_unicodePwd] >+ >+ partial_attribute_set = drsuapi.DsPartialAttributeSet() >+ partial_attribute_set.version = 1 >+ partial_attribute_set.attids = attids >+ partial_attribute_set.num_attids = len(attids) >+ >+ req.partial_attribute_set = partial_attribute_set >+ >+ req.partial_attribute_set_ex = None >+ req.mapping_ctr.num_mappings = 0 >+ req.mapping_ctr.mappings = None >+ >+ _, ctr = bind.DsGetNCChanges(handle, 8, req) >+ identifier = ctr.first_object.object.identifier >+ attributes = ctr.first_object.object.attribute_ctr.attributes >+ >+ rid = identifier.sid.split()[1] >+ >+ forced_keys = dict() >+ >+ net_ctx = net.Net(admin_creds) >+ >+ keys = {} >+ >+ for attr in attributes: >+ if attr.attid == drsuapi.DRSUAPI_ATTID_supplementalCredentials: >+ net_ctx.replicate_decrypt(bind, attr, rid) >+ attr_val = attr.value_ctr.values[0].blob >+ >+ spl = ndr_unpack(drsblobs.supplementalCredentialsBlob, >+ attr_val) >+ for pkg in spl.sub.packages: >+ if pkg.name == 'Primary:Kerberos-Newer-Keys': >+ krb5_new_keys_raw = binascii.a2b_hex(pkg.data) >+ krb5_new_keys = ndr_unpack( >+ drsblobs.package_PrimaryKerberosBlob, >+ krb5_new_keys_raw) >+ for key in krb5_new_keys.ctr.keys: >+ keytype = key.keytype >+ if keytype in (kcrypto.Enctype.AES256, >+ kcrypto.Enctype.AES128): >+ keys[keytype] = key.value.hex() >+ elif attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: >+ net_ctx.replicate_decrypt(bind, attr, rid) >+ pwd = attr.value_ctr.values[0].blob >+ keys[kcrypto.Enctype.RC4] = pwd.hex() >+ >+ default_enctypes = self.get_default_enctypes() >+ >+ if default_enctypes & security.KERB_ENCTYPE_RC4_HMAC_MD5: >+ self.assertIn(kcrypto.Enctype.RC4, keys) >+ if default_enctypes & security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96: >+ self.assertIn(kcrypto.Enctype.AES256, keys) >+ if default_enctypes & security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96: >+ self.assertIn(kcrypto.Enctype.AES128, keys) >+ >+ return keys >+ > def as_req(self, cname, sname, realm, etypes, padata=None): > '''Send a Kerberos AS_REQ, returns the undecoded response > ''' >-- >2.25.1 > > >From 55f780c57793a77bea00285f3e28ab51f5cb06a2 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:59:11 +1200 >Subject: [PATCH 074/177] tests/krb5/raw_testcase.py: Make env_get_var() a > standalone method > >This allows it to be used elsewhere in the tests. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 948bbc9cecbfc1b33a338891d26a4a706864b9c6) >--- > python/samba/tests/krb5/raw_testcase.py | 80 +++++++++++++------------ > 1 file changed, 41 insertions(+), 39 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7e41245f706..7d9f0cd94f9 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -424,6 +424,23 @@ class RawKerberosTest(TestCaseInTempDir): > sys.stderr.write("connected[%s]\n" % self.host) > return > >+ def env_get_var(self, varname, prefix, >+ fallback_default=True, >+ allow_missing=False): >+ val = None >+ if prefix is not None: >+ allow_missing_prefix = allow_missing >+ if fallback_default: >+ allow_missing_prefix = True >+ val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >+ allow_missing=allow_missing_prefix) >+ else: >+ fallback_default = True >+ if val is None and fallback_default: >+ val = samba.tests.env_get_var_value(varname, >+ allow_missing=allow_missing) >+ return val >+ > def _get_krb5_creds(self, prefix, > default_username=None, > allow_missing_password=False, >@@ -431,49 +448,34 @@ class RawKerberosTest(TestCaseInTempDir): > c = KerberosCredentials() > c.guess() > >- def env_get_var(varname, prefix, fallback_default=True, allow_missing=False): >- val = None >- if prefix is not None: >- allow_missing_prefix = allow_missing >- if fallback_default: >- allow_missing_prefix = True >- val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), >- allow_missing=allow_missing_prefix) >- else: >- fallback_default = True >- if val is None and fallback_default: >- val = samba.tests.env_get_var_value(varname, >- allow_missing=allow_missing) >- return val >- >- domain = env_get_var('DOMAIN', prefix) >- realm = env_get_var('REALM', prefix) >+ domain = self.env_get_var('DOMAIN', prefix) >+ realm = self.env_get_var('REALM', prefix) > allow_missing_username = False > if default_username is not None: > allow_missing_username = True >- username = env_get_var('USERNAME', prefix, >- fallback_default=False, >- allow_missing=allow_missing_username) >+ username = self.env_get_var('USERNAME', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_username) > if username is None: > username = default_username >- password = env_get_var('PASSWORD', prefix, >- fallback_default=False, >- allow_missing=allow_missing_password) >+ password = self.env_get_var('PASSWORD', prefix, >+ fallback_default=False, >+ allow_missing=allow_missing_password) > c.set_domain(domain) > c.set_realm(realm) > c.set_username(username) > if password is not None: > c.set_password(password) >- as_supported_enctypes = env_get_var('AS_SUPPORTED_ENCTYPES', >- prefix, allow_missing=True) >+ as_supported_enctypes = self.env_get_var('AS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) > if as_supported_enctypes is not None: > c.set_as_supported_enctypes(as_supported_enctypes) >- tgs_supported_enctypes = env_get_var('TGS_SUPPORTED_ENCTYPES', >- prefix, allow_missing=True) >+ tgs_supported_enctypes = self.env_get_var('TGS_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) > if tgs_supported_enctypes is not None: > c.set_tgs_supported_enctypes(tgs_supported_enctypes) >- ap_supported_enctypes = env_get_var('AP_SUPPORTED_ENCTYPES', >- prefix, allow_missing=True) >+ ap_supported_enctypes = self.env_get_var('AP_SUPPORTED_ENCTYPES', >+ prefix, allow_missing=True) > if ap_supported_enctypes is not None: > c.set_ap_supported_enctypes(ap_supported_enctypes) > >@@ -486,22 +488,22 @@ class RawKerberosTest(TestCaseInTempDir): > else: > kvno_allow_missing = True > aes256_allow_missing = True >- kvno = env_get_var('KVNO', prefix, >- fallback_default=False, >- allow_missing=kvno_allow_missing) >+ kvno = self.env_get_var('KVNO', prefix, >+ fallback_default=False, >+ allow_missing=kvno_allow_missing) > if kvno is not None: > c.set_kvno(kvno) >- aes256_key = env_get_var('AES256_KEY_HEX', prefix, >- fallback_default=False, >- allow_missing=aes256_allow_missing) >+ aes256_key = self.env_get_var('AES256_KEY_HEX', prefix, >+ fallback_default=False, >+ allow_missing=aes256_allow_missing) > if aes256_key is not None: > c.set_forced_key(kcrypto.Enctype.AES256, aes256_key) >- aes128_key = env_get_var('AES128_KEY_HEX', prefix, >- fallback_default=False, allow_missing=True) >+ aes128_key = self.env_get_var('AES128_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) > if aes128_key is not None: > c.set_forced_key(kcrypto.Enctype.AES128, aes128_key) >- rc4_key = env_get_var('RC4_KEY_HEX', prefix, >- fallback_default=False, allow_missing=True) >+ rc4_key = self.env_get_var('RC4_KEY_HEX', prefix, >+ fallback_default=False, allow_missing=True) > if rc4_key is not None: > c.set_forced_key(kcrypto.Enctype.RC4, rc4_key) > return c >-- >2.25.1 > > >From d77b5603a5a413111b10f65dd04954261231c936 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 16:55:02 +1200 >Subject: [PATCH 075/177] tests/krb5/raw_testcase.py: Add allow_missing_keys > parameter for getting creds > >This allows us to require encryption keys in the case that a password >would not be required, such as for the krbtgt account. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6a77c2b93315503008627ce786388f281bd6bb87) >--- > python/samba/tests/krb5/as_req_tests.py | 2 +- > python/samba/tests/krb5/raw_testcase.py | 53 +++++++++++++++++++------ > python/samba/tests/krb5/simple_tests.py | 2 +- > 3 files changed, 42 insertions(+), 15 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 3ad37c6bdf2..3099c224c18 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -58,7 +58,7 @@ class AsReqKerberosTests(RawKerberosTest): > client_creds = self.get_client_creds() > client_account = client_creds.get_username() > client_as_etypes = client_creds.get_as_krb5_etypes() >- krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_creds = self.get_krbtgt_creds(require_keys=False) > krbtgt_account = krbtgt_creds.get_username() > realm = krbtgt_creds.get_realm() > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 7d9f0cd94f9..9c0f5800b42 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -444,6 +444,7 @@ class RawKerberosTest(TestCaseInTempDir): > def _get_krb5_creds(self, prefix, > default_username=None, > allow_missing_password=False, >+ allow_missing_keys=True, > require_strongest_key=False): > c = KerberosCredentials() > c.guess() >@@ -486,8 +487,8 @@ class RawKerberosTest(TestCaseInTempDir): > else: > aes256_allow_missing = True > else: >- kvno_allow_missing = True >- aes256_allow_missing = True >+ kvno_allow_missing = allow_missing_keys >+ aes256_allow_missing = allow_missing_keys > kvno = self.env_get_var('KVNO', prefix, > fallback_default=False, > allow_missing=kvno_allow_missing) >@@ -506,37 +507,63 @@ class RawKerberosTest(TestCaseInTempDir): > fallback_default=False, allow_missing=True) > if rc4_key is not None: > c.set_forced_key(kcrypto.Enctype.RC4, rc4_key) >+ >+ if not allow_missing_keys: >+ self.assertTrue(c.forced_keys, >+ 'Please supply %s encryption keys ' >+ 'in environment' % prefix) >+ > return c > >- def get_user_creds(self, allow_missing_password=False): >+ def get_user_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix=None, >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_service_creds(self, allow_missing_password=False): >+ def get_service_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='SERVICE', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_client_creds(self, allow_missing_password=False): >+ def get_client_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='CLIENT', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_server_creds(self, allow_missing_password=False): >+ def get_server_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='SERVER', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_admin_creds(self, allow_missing_password=False): >+ def get_admin_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): > c = self._get_krb5_creds(prefix='ADMIN', >- allow_missing_password=allow_missing_password) >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys) > return c > >- def get_krbtgt_creds(self, require_strongest_key=False): >+ def get_krbtgt_creds(self, >+ require_keys=True, >+ require_strongest_key=False): >+ if require_strongest_key: >+ self.assertTrue(require_keys) > c = self._get_krb5_creds(prefix='KRBTGT', > default_username='krbtgt', > allow_missing_password=True, >+ allow_missing_keys=not require_keys, > require_strongest_key=require_strongest_key) > return c > >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 2da76a3cf5e..9650702c6c6 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -44,7 +44,7 @@ class SimpleKerberosTests(RawKerberosTest): > def test_simple(self): > user_creds = self.get_user_creds() > user = user_creds.get_username() >- krbtgt_creds = self.get_krbtgt_creds() >+ krbtgt_creds = self.get_krbtgt_creds(require_keys=False) > krbtgt_account = krbtgt_creds.get_username() > realm = krbtgt_creds.get_realm() > >-- >2.25.1 > > >From 9802994511074103d930e63f0b3647361818f194 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 17:10:44 +1200 >Subject: [PATCH 076/177] tests/krb5/raw_testcase.py: Cache obtained > credentials > >If credentials are used more than once, we can now use the credentials >that we already obtained and so avoid fetching them again. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 22a90aea82ba6ef86bde835f2369daa6e23ed2fd) >--- > python/samba/tests/krb5/kdc_base_test.py | 1 + > python/samba/tests/krb5/raw_testcase.py | 38 ++++++++++++++++++++---- > 2 files changed, 34 insertions(+), 5 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 7ae22bc5929..120084616e9 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -75,6 +75,7 @@ class KDCBaseTest(RawKerberosTest): > > @classmethod > def setUpClass(cls): >+ super().setUpClass() > cls._lp = None > cls.host = os.environ["SERVER"] > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 9c0f5800b42..5b59eede806 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -371,6 +371,14 @@ class RawKerberosTest(TestCaseInTempDir): > e = self.etype_test_permutations[idx] > return (e['name'], e['etypes']) > >+ @classmethod >+ def setUpClass(cls): >+ super().setUpClass() >+ >+ # A dictionary containing credentials that have already been >+ # obtained. >+ cls.creds_dict = {} >+ > def setUp(self): > super().setUp() > self.do_asn1_print = False >@@ -441,11 +449,11 @@ class RawKerberosTest(TestCaseInTempDir): > allow_missing=allow_missing) > return val > >- def _get_krb5_creds(self, prefix, >- default_username=None, >- allow_missing_password=False, >- allow_missing_keys=True, >- require_strongest_key=False): >+ def _get_krb5_creds_from_env(self, prefix, >+ default_username=None, >+ allow_missing_password=False, >+ allow_missing_keys=True, >+ require_strongest_key=False): > c = KerberosCredentials() > c.guess() > >@@ -515,6 +523,26 @@ class RawKerberosTest(TestCaseInTempDir): > > return c > >+ def _get_krb5_creds(self, >+ prefix, >+ default_username=None, >+ allow_missing_password=False, >+ allow_missing_keys=True, >+ require_strongest_key=False): >+ if prefix not in self.creds_dict: >+ # We don't have the credentials already >+ creds = self._get_krb5_creds_from_env(prefix, >+ default_username=default_username, >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ require_strongest_key=require_strongest_key) >+ self.assertIsNotNone(creds) >+ >+ # Save the obtained credentials >+ self.creds_dict[prefix] = creds >+ >+ return self.creds_dict[prefix] >+ > def get_user_creds(self, > allow_missing_password=False, > allow_missing_keys=True): >-- >2.25.1 > > >From 925ba473f20cceac797a2899ec9238121b7a1052 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 17:12:39 +1200 >Subject: [PATCH 077/177] tests/krb5/raw_testcase.py: Allow specifying a > fallback credentials function > >This allows us to use other methods of obtaining credentials if getting >them from the environment fails. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit e1601f2b56f09a944c5cfb119502fdcf49a03c99) >--- > python/samba/tests/krb5/raw_testcase.py | 39 +++++++++++++++++++++---- > 1 file changed, 33 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 5b59eede806..ade980cb46d 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -528,20 +528,47 @@ class RawKerberosTest(TestCaseInTempDir): > default_username=None, > allow_missing_password=False, > allow_missing_keys=True, >- require_strongest_key=False): >- if prefix not in self.creds_dict: >- # We don't have the credentials already >+ require_strongest_key=False, >+ fallback_creds_fn=None): >+ if prefix in self.creds_dict: >+ return self.creds_dict[prefix] >+ >+ # We don't have the credentials already >+ creds = None >+ env_err = None >+ try: >+ # Try to obtain them from the environment > creds = self._get_krb5_creds_from_env(prefix, > default_username=default_username, > allow_missing_password=allow_missing_password, > allow_missing_keys=allow_missing_keys, > require_strongest_key=require_strongest_key) >+ except Exception as err: >+ # An error occurred, so save it for later >+ env_err = err >+ else: > self.assertIsNotNone(creds) >- > # Save the obtained credentials > self.creds_dict[prefix] = creds >- >- return self.creds_dict[prefix] >+ return creds >+ >+ if fallback_creds_fn is not None: >+ try: >+ # Try to use the fallback method >+ creds = fallback_creds_fn() >+ except Exception as err: >+ print("ERROR FROM ENV: %r" % (env_err)) >+ print("FALLBACK-FN: %s" % (fallback_creds_fn)) >+ print("FALLBACK-ERROR: %r" % (err)) >+ else: >+ self.assertIsNotNone(creds) >+ # Save the obtained credentials >+ self.creds_dict[prefix] = creds >+ return creds >+ >+ # Both methods failed, so raise the exception from the >+ # environment method >+ raise env_err > > def get_user_creds(self, > allow_missing_password=False, >-- >2.25.1 > > >From b4afac96ee772b800e315f8ffb49975b55c34125 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 15:55:17 +1200 >Subject: [PATCH 078/177] tests/krb5/raw_testcase.py: Simplify conditionals > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ec5c2b040b63d06a17bcd7bd133c2d68d07df587) >--- > python/samba/tests/krb5/raw_testcase.py | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index ade980cb46d..0e08f0ef7d2 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -437,9 +437,7 @@ class RawKerberosTest(TestCaseInTempDir): > allow_missing=False): > val = None > if prefix is not None: >- allow_missing_prefix = allow_missing >- if fallback_default: >- allow_missing_prefix = True >+ allow_missing_prefix = allow_missing or fallback_default > val = samba.tests.env_get_var_value('%s_%s' % (prefix, varname), > allow_missing=allow_missing_prefix) > else: >@@ -459,9 +457,7 @@ class RawKerberosTest(TestCaseInTempDir): > > domain = self.env_get_var('DOMAIN', prefix) > realm = self.env_get_var('REALM', prefix) >- allow_missing_username = False >- if default_username is not None: >- allow_missing_username = True >+ allow_missing_username = default_username is not None > username = self.env_get_var('USERNAME', prefix, > fallback_default=False, > allow_missing=allow_missing_username) >-- >2.25.1 > > >From 0fb03a869f5980f8c947d3031f28da17d02ea669 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 16:07:16 +1200 >Subject: [PATCH 079/177] tests/krb5/kdc_base_test.py: Add fallback methods to > obtain client and krbtgt credentials > >Now if the client credentials are not supplied in the environment, we >can fall back to creating a new user account. Similarly, if the krbtgt >credentials are not supplied, we can fetch the credentials of the >existing krbtgt account. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fd45bea7a88837cbe4f99adf3a6b3f69ce32f34c) >--- > python/samba/tests/krb5/kdc_base_test.py | 86 +++++++++++++++++++++++- > 1 file changed, 84 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 120084616e9..1f042aa78aa 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -44,7 +44,8 @@ from samba import net > from samba.samdb import SamDB > > from samba.tests import delete_force >-from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.kcrypto as kcrypto >+from samba.tests.krb5.raw_testcase import KerberosCredentials, RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > AD_IF_RELEVANT, >@@ -182,7 +183,7 @@ class KDCBaseTest(RawKerberosTest): > details["userPrincipalName"] = upn > ldb.add(details) > >- creds = Credentials() >+ creds = KerberosCredentials() > creds.guess(self.get_lp()) > creds.set_realm(ldb.domain_dns_name().upper()) > creds.set_domain(ldb.domain_netbios_name().upper()) >@@ -290,6 +291,87 @@ class KDCBaseTest(RawKerberosTest): > > return keys > >+ def creds_set_keys(self, creds, keys): >+ if keys is not None: >+ for enctype, key in keys.items(): >+ creds.set_forced_key(enctype, key) >+ >+ supported_enctypes = 0 >+ if kcrypto.Enctype.AES256 in keys: >+ supported_enctypes |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 >+ if kcrypto.Enctype.AES128 in keys: >+ supported_enctypes |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 >+ if kcrypto.Enctype.RC4 in keys: >+ supported_enctypes |= security.KERB_ENCTYPE_RC4_HMAC_MD5 >+ >+ creds.set_as_supported_enctypes(supported_enctypes) >+ creds.set_tgs_supported_enctypes(supported_enctypes) >+ creds.set_ap_supported_enctypes(supported_enctypes) >+ >+ def get_client_creds(self, >+ allow_missing_password=False, >+ allow_missing_keys=True): >+ def create_client_account(): >+ samdb = self.get_samdb() >+ >+ creds, dn = self.create_account(samdb, 'kdctestclient') >+ >+ res = samdb.search(base=dn, >+ scope=ldb.SCOPE_BASE, >+ attrs=['msDS-KeyVersionNumber']) >+ kvno = int(res[0]['msDS-KeyVersionNumber'][0]) >+ creds.set_kvno(kvno) >+ >+ keys = self.get_keys(samdb, dn) >+ self.creds_set_keys(creds, keys) >+ >+ return creds >+ >+ c = self._get_krb5_creds(prefix='CLIENT', >+ allow_missing_password=allow_missing_password, >+ allow_missing_keys=allow_missing_keys, >+ fallback_creds_fn=create_client_account) >+ return c >+ >+ def get_krbtgt_creds(self, >+ require_keys=True, >+ require_strongest_key=False): >+ if require_strongest_key: >+ self.assertTrue(require_keys) >+ def download_krbtgt_creds(): >+ samdb = self.get_samdb() >+ >+ krbtgt_rid = 502 >+ krbtgt_sid = '%s-%d' % (samdb.get_domain_sid(), krbtgt_rid) >+ >+ res = samdb.search(base='<SID=%s>' % krbtgt_sid, >+ scope=ldb.SCOPE_BASE, >+ attrs=['sAMAccountName', >+ 'msDS-KeyVersionNumber']) >+ dn = res[0].dn >+ username = str(res[0]['sAMAccountName']) >+ >+ creds = KerberosCredentials() >+ creds.set_domain(self.env_get_var('DOMAIN', 'KRBTGT')) >+ creds.set_realm(self.env_get_var('REALM', 'KRBTGT')) >+ creds.set_username(username) >+ >+ kvno = int(res[0]['msDS-KeyVersionNumber'][0]) >+ creds.set_kvno(kvno) >+ >+ keys = self.get_keys(samdb, dn) >+ self.creds_set_keys(creds, keys) >+ >+ return creds >+ >+ c = self._get_krb5_creds(prefix='KRBTGT', >+ default_username='krbtgt', >+ allow_missing_password=True, >+ allow_missing_keys=not require_keys, >+ require_strongest_key=require_strongest_key, >+ fallback_creds_fn=download_krbtgt_creds) >+ return c >+ > def as_req(self, cname, sname, realm, etypes, padata=None): > '''Send a Kerberos AS_REQ, returns the undecoded response > ''' >-- >2.25.1 > > >From 30aa4d29aacf6d7d9683abaeed3e77df2cc35f9e Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 14:51:22 +1200 >Subject: [PATCH 080/177] tests/krb5/as_req_tests.py: Automatically obtain > credentials > >The credentials for the client and krbtgt accounts are now fetched >automatically rather than using environment variables, and the client >account is now automatically created. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 0fd71ed3c37c8cf326f9f676b7fddda3d2d24072) >--- > python/samba/tests/krb5/as_req_tests.py | 4 +- > .../knownfail.d/samba.tests.krb5.as_req_tests | 180 ------------------ > selftest/knownfail_mit_kdc | 42 ---- > selftest/target/Samba.pm | 1 - > selftest/target/Samba4.pm | 4 - > source4/selftest/tests.py | 7 +- > 6 files changed, 4 insertions(+), 234 deletions(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index 3099c224c18..e8c2a29221d 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -23,7 +23,7 @@ sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests import DynamicTestCase >-from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.kdc_base_test import KDCBaseTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_PREAUTH_REQUIRED, >@@ -35,7 +35,7 @@ global_asn1_print = False > global_hexdump = False > > @DynamicTestCase >-class AsReqKerberosTests(RawKerberosTest): >+class AsReqKerberosTests(KDCBaseTest): > > @classmethod > def setUpDynamicTestCases(cls): >diff --git a/selftest/knownfail.d/samba.tests.krb5.as_req_tests b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >index 390d6cd0ab6..f395bdc553b 100644 >--- a/selftest/knownfail.d/samba.tests.krb5.as_req_tests >+++ b/selftest/knownfail.d/samba.tests.krb5.as_req_tests >@@ -94,183 +94,3 @@ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_dummy_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_aes256_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_aes128_pac_True.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_False.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_None.fl2003dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_dummy_aes256_pac_True.fl2003dc >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index b610929a8dd..776148314d1 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -294,11 +294,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > # MIT currently fails some as_req_no_preauth tests. > # > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_False.fl2003dc >@@ -306,11 +303,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_dummy_pac_False.fl2008r2dc >@@ -324,11 +318,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_False.fl2008r2dc >@@ -336,11 +327,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_aes256_pac_False.fl2008r2dc >@@ -354,11 +342,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_aes256_dummy_pac_False.fl2003dc >@@ -391,11 +376,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_False.fl2008r2dc >@@ -403,11 +385,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_dummy_pac_False.fl2003dc >@@ -422,11 +401,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_False.fl2008r2dc >@@ -434,11 +410,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_aes128_pac_False.fl2008r2dc >@@ -452,11 +425,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_dummy_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_aes128_dummy_pac_False.fl2008r2dc >@@ -488,11 +458,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_False.fl2008r2dc >@@ -500,11 +467,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_aes256_pac_False.fl2008r2dc >@@ -518,11 +482,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_False.fl2008r2dc >@@ -530,11 +491,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_aes128_rc4_pac_True.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_False.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_None.fl2008r2dc >-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_pac_True.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes256_rc4_aes128_pac_False.fl2008r2dc >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index 7f4ed0306d8..d47f933376e 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -815,7 +815,6 @@ my @exported_envvars = ( > "DNSNAME", > "REALM", > "DOMSID", >- "SUPPORTED_ENCTYPE_BITS", > > # stuff related to a trusted domain > "TRUST_SERVER", >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 48542ade802..99990fea2df 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -562,9 +562,6 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) > $ctx->{krb5_ccname} = "$prefix_abs/krb5cc_%{uid}"; > if ($functional_level eq "2000") { > $ctx->{supported_enctypes} = "arcfour-hmac-md5 des-cbc-md5 des-cbc-crc"; >- $ctx->{supported_enctypes_bits} = "4"; >- } else { >- $ctx->{supported_enctypes_bits} = "28"; > } > > # >@@ -879,7 +876,6 @@ nogroup:x:65534:nobody > KRB5_CONFIG => $ctx->{krb5_conf}, > KRB5_CCACHE => $ctx->{krb5_ccache}, > MITKDC_CONFIG => $ctx->{mitkdc_conf}, >- SUPPORTED_ENCTYPE_BITS => $ctx->{supported_enctypes_bits}, > PIDDIR => $ctx->{piddir}, > SERVER => $ctx->{hostname}, > DC_SERVER => $ctx->{hostname}, >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index a69e50a1f1a..1ffdf881c8a 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1331,11 +1331,8 @@ plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", ' > for env in ["fl2008r2dc", "fl2003dc"]: > planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests", > environ={ >- 'CLIENT_USERNAME': '$USERNAME', >- 'CLIENT_PASSWORD': '$PASSWORD', >- 'CLIENT_AS_SUPPORTED_ENCTYPES': '$SUPPORTED_ENCTYPE_BITS', >- 'SERVER_USERNAME': '$SERVER', >- 'SERVER_PASSWORD': 'machine$PASSWORD', >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', > }) > >-- >2.25.1 > > >From c3f8f1e8bdaf80374838417186be69ebaeb4383a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 21 Apr 2020 11:07:45 +0200 >Subject: [PATCH 081/177] tests/krb5/as_req_tests.py: add simple > test_as_req_enc_timestamp test > >Example commands: > >Windows 2012R2: >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=4 python/samba/tests/krb5/as_req_tests.py > >Windows 2008R2: >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py > >Samba: >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py >SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d5e350a4a490fecf570f1c248c9dde1466796166) >--- > python/samba/tests/krb5/as_req_tests.py | 85 ++++++++++++++++++++++++- > selftest/knownfail_mit_kdc | 5 ++ > 2 files changed, 89 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index e8c2a29221d..be33748dfb6 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -27,8 +27,10 @@ from samba.tests.krb5.kdc_base_test import KDCBaseTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > KDC_ERR_PREAUTH_REQUIRED, >+ KU_PA_ENC_TIMESTAMP, > NT_PRINCIPAL, >- NT_SRV_INST >+ NT_SRV_INST, >+ PADATA_ENC_TIMESTAMP > ) > > global_asn1_print = False >@@ -112,6 +114,87 @@ class AsReqKerberosTests(KDCBaseTest): > initial_etypes=etypes, > initial_kdc_options=krb5_asn1.KDCOptions('forwardable')) > >+ def test_as_req_enc_timestamp(self): >+ client_creds = self.get_client_creds() >+ client_account = client_creds.get_username() >+ client_as_etypes = client_creds.get_as_krb5_etypes() >+ krbtgt_creds = self.get_krbtgt_creds(require_strongest_key=True) >+ krbtgt_account = krbtgt_creds.get_username() >+ realm = krbtgt_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[client_account]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_INST, >+ names=[krbtgt_account, realm]) >+ >+ expected_crealm = realm >+ expected_cname = cname >+ expected_srealm = realm >+ expected_sname = sname >+ expected_salt = client_creds.get_forced_salt() >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ pa_pac = self.KERB_PA_PAC_REQUEST_create(True) >+ initial_padata = [pa_pac] >+ initial_etypes = client_as_etypes >+ initial_kdc_options = krb5_asn1.KDCOptions('forwardable') >+ initial_error_mode = KDC_ERR_PREAUTH_REQUIRED >+ >+ etype_info2 = self._test_as_exchange(cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ initial_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ initial_etypes, >+ initial_padata, >+ initial_kdc_options) >+ self.assertIsNotNone(etype_info2) >+ >+ preauth_key = self.PasswordKey_from_etype_info2(client_creds, etype_info2[0], kvno=0) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = KU_PA_ENC_TIMESTAMP >+ pa_ts = self.EncryptedData_create(preauth_key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >+ >+ preauth_padata = [pa_ts, pa_pac] >+ preauth_etypes = client_as_etypes >+ preauth_kdc_options = krb5_asn1.KDCOptions('forwardable') >+ preauth_error_mode = 0 # AS-REP >+ >+ krbtgt_decryption_key = ( >+ self.TicketDecryptionKey_from_creds(krbtgt_creds)) >+ >+ as_rep = self._test_as_exchange(cname, >+ realm, >+ sname, >+ till, >+ client_as_etypes, >+ preauth_error_mode, >+ expected_crealm, >+ expected_cname, >+ expected_srealm, >+ expected_sname, >+ expected_salt, >+ preauth_etypes, >+ preauth_padata, >+ preauth_kdc_options, >+ preauth_key=preauth_key, >+ ticket_decryption_key=krbtgt_decryption_key) >+ self.assertIsNotNone(as_rep) >+ return > > if __name__ == "__main__": > global_asn1_print = True >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 776148314d1..db40b0614fa 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -291,6 +291,11 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c > ^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c > # >+# MIT currently fails the test_as_req_enc_timestamp test. >+# >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp.fl2003dc >+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp.fl2008r2dc >+# > # MIT currently fails some as_req_no_preauth tests. > # > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_aes128_aes256.fl2008r2dc >-- >2.25.1 > > >From c3b8f61a605e1b7f035e3b4976bc7dd0b52b27a3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:24:22 +1200 >Subject: [PATCH 082/177] tests/krb5/as_req_tests.py: Check the client kvno > >Ensure we have the correct kvno for the client, rather than an 'unknown' >value. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d4c38678e0cc782965edfe40a0423fafb7d5a5ff) >--- > python/samba/tests/krb5/as_req_tests.py | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py >index be33748dfb6..10e7b603609 100755 >--- a/python/samba/tests/krb5/as_req_tests.py >+++ b/python/samba/tests/krb5/as_req_tests.py >@@ -118,6 +118,7 @@ class AsReqKerberosTests(KDCBaseTest): > client_creds = self.get_client_creds() > client_account = client_creds.get_username() > client_as_etypes = client_creds.get_as_krb5_etypes() >+ client_kvno = client_creds.get_kvno() > krbtgt_creds = self.get_krbtgt_creds(require_strongest_key=True) > krbtgt_account = krbtgt_creds.get_username() > realm = krbtgt_creds.get_realm() >@@ -157,7 +158,9 @@ class AsReqKerberosTests(KDCBaseTest): > initial_kdc_options) > self.assertIsNotNone(etype_info2) > >- preauth_key = self.PasswordKey_from_etype_info2(client_creds, etype_info2[0], kvno=0) >+ preauth_key = self.PasswordKey_from_etype_info2(client_creds, >+ etype_info2[0], >+ kvno=client_kvno) > > (patime, pausec) = self.get_KerberosTimeWithUsec() > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >-- >2.25.1 > > >From ba89f2827c4286758e5282bf906934d76142e772 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Tue, 15 Jun 2021 13:25:34 +1200 >Subject: [PATCH 083/177] tests/krb5/raw_testcase.py: Check for an explicit > 'unspecified kvno' value > >This is clearer than using the constant zero, which could be mistaken >for a valid kvno value. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 381223117e0bae4c348d538bffaa8227b18ef3d1) >--- > python/samba/tests/krb5/raw_testcase.py | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 0e08f0ef7d2..b7044546cbd 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -393,6 +393,8 @@ class RawKerberosTest(TestCaseInTempDir): > > self.s = None > >+ self.unspecified_kvno = object() >+ > def tearDown(self): > self._disconnect("tearDown") > super().tearDown() >@@ -861,10 +863,11 @@ class RawKerberosTest(TestCaseInTempDir): > self.assertIsNotNone(v) > # The value on the wire should never be 0 > self.assertNotEqual(v, 0) >- # value == 0 means we don't know the kvno >- # but enforce at any value != 0 is present >- value = int(value) >- if value != 0: >+ # unspecified_kvno means we don't know the kvno, >+ # but want to enforce its presense >+ if value is not self.unspecified_kvno: >+ value = int(value) >+ self.assertNotEqual(value, 0) > self.assertEqual(v, value) > else: > self.assertIsNone(v) >@@ -1584,8 +1587,8 @@ class RawKerberosTest(TestCaseInTempDir): > ticket_encpart = self.getElementValue(ticket, 'enc-part') > if ticket_encpart is not None: # Never None, but gives indentation > self.assertElementPresent(ticket_encpart, 'etype') >- # 0 means present, with any value != 0 >- self.assertElementKVNO(ticket_encpart, 'kvno', 0) >+ # 'unspecified' means present, with any value != 0 >+ self.assertElementKVNO(ticket_encpart, 'kvno', self.unspecified_kvno) > self.assertElementPresent(ticket_encpart, 'cipher') > ticket_cipher = self.getElementValue(ticket_encpart, 'cipher') > self.assertElementPresent(rep, 'enc-part') >-- >2.25.1 > > >From b203cea4a729111d9e6824a682eccc25e694a0c3 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:01:50 +1200 >Subject: [PATCH 084/177] tests/krb5: Deduplicate 'host' attribute > initialisation > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3e621dcb6966f75034bb948a2705358d43454202) >--- > python/samba/tests/krb5/kdc_base_test.py | 1 - > python/samba/tests/krb5/raw_testcase.py | 4 ++-- > 2 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1f042aa78aa..89d374fc5cc 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -78,7 +78,6 @@ class KDCBaseTest(RawKerberosTest): > def setUpClass(cls): > super().setUpClass() > cls._lp = None >- cls.host = os.environ["SERVER"] > > cls._ldb = None > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index b7044546cbd..b9bc08d1fa9 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -375,6 +375,8 @@ class RawKerberosTest(TestCaseInTempDir): > def setUpClass(cls): > super().setUpClass() > >+ cls.host = samba.tests.env_get_var_value('SERVER') >+ > # A dictionary containing credentials that have already been > # obtained. > cls.creds_dict = {} >@@ -389,8 +391,6 @@ class RawKerberosTest(TestCaseInTempDir): > strict_checking = '1' > self.strict_checking = bool(int(strict_checking)) > >- self.host = samba.tests.env_get_var_value('SERVER') >- > self.s = None > > self.unspecified_kvno = object() >-- >2.25.1 > > >From 60cd7eb3e5c569ae7f02779338cfefc4c6b2775e Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 11:49:05 +1200 >Subject: [PATCH 085/177] tests/krb5/as_canonicalization_tests.py: Refactor > account creation > >Making this test a subclass of KDCBaseTest allows us to make use of its >methods for obtaining credentials and creating accounts, which helps to >eliminate some duplicated code. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fc857ea60e2a66d20d4174cb121e0a6949f8a0c1) >--- > .../tests/krb5/as_canonicalization_tests.py | 136 ++++-------------- > 1 file changed, 25 insertions(+), 111 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 43f532dc483..abb3f96a1e6 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -25,20 +25,11 @@ import pyasn1 > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > >-from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.kdc_base_test import KDCBaseTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >-import samba >-from samba.auth import system_session >-from samba.credentials import ( >- Credentials, >- DONT_USE_KERBEROS) >+from samba.credentials import DONT_USE_KERBEROS > from samba.dcerpc.misc import SEC_CHAN_WKSTA >-from samba.dsdb import ( >- UF_WORKSTATION_TRUST_ACCOUNT, >- UF_PASSWD_NOTREQD, >- UF_NORMAL_ACCOUNT) >-from samba.samdb import SamDB >-from samba.tests import delete_force, DynamicTestCase >+from samba.tests import DynamicTestCase > from samba.tests.krb5.rfc4120_constants import ( > AES256_CTS_HMAC_SHA1_96, > AES128_CTS_HMAC_SHA1_96, >@@ -96,12 +87,12 @@ class TestData: > else: > client_name_type = NT_PRINCIPAL > >- self.cname = RawKerberosTest.PrincipalName_create( >+ self.cname = KDCBaseTest.PrincipalName_create( > name_type=client_name_type, names=[self.user_name]) > if TestOptions.AsReqSelf.is_set(options): > self.sname = self.cname > else: >- self.sname = RawKerberosTest.PrincipalName_create( >+ self.sname = KDCBaseTest.PrincipalName_create( > name_type=NT_SRV_INST, names=["krbtgt", self.realm]) > self.canonicalize = TestOptions.Canonicalize.is_set(options) > >@@ -141,7 +132,7 @@ USER_NAME = "tstkrb5cnnusr" > > > @DynamicTestCase >-class KerberosASCanonicalizationTests(RawKerberosTest): >+class KerberosASCanonicalizationTests(KDCBaseTest): > > @classmethod > def setUpDynamicTestCases(cls): >@@ -170,114 +161,37 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > name = build_test_name(ct, x) > cls.generate_dynamic_test("test", name, x, ct) > >- @classmethod >- def setUpClass(cls): >- cls.lp = cls.get_loadparm(cls) >- cls.username = os.environ["USERNAME"] >- cls.password = os.environ["PASSWORD"] >- cls.host = os.environ["SERVER"] >- >- c = Credentials() >- c.set_username(cls.username) >- c.set_password(cls.password) >- try: >- realm = os.environ["REALM"] >- c.set_realm(realm) >- except KeyError: >- pass >- try: >- domain = os.environ["DOMAIN"] >- c.set_domain(domain) >- except KeyError: >- pass >+ def user_account_creds(self): >+ if self.user_creds is None: >+ samdb = self.get_samdb() >+ self.user_creds, _ = self.create_account(samdb, USER_NAME) > >- c.guess() >+ return self.user_creds > >- cls.credentials = c >+ def machine_account_creds(self): >+ if self.machine_creds is None: >+ samdb = self.get_samdb() >+ self.machine_creds, _ = self.create_account(samdb, >+ MACHINE_NAME, >+ machine_account=True) >+ self.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) >+ self.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) > >- cls.session = system_session() >- cls.ldb = SamDB(url="ldap://%s" % cls.host, >- session_info=cls.session, >- credentials=cls.credentials, >- lp=cls.lp) >- cls.create_machine_account() >- cls.create_user_account() >- >- @classmethod >- def tearDownClass(cls): >- super(KerberosASCanonicalizationTests, cls).tearDownClass() >- delete_force(cls.ldb, cls.machine_dn) >- delete_force(cls.ldb, cls.user_dn) >+ return self.machine_creds > > def setUp(self): >- super(KerberosASCanonicalizationTests, self).setUp() >+ super().setUp() > self.do_asn1_print = global_asn1_print > self.do_hexdump = global_hexdump > >- # >- # Create a test user account >- @classmethod >- def create_user_account(cls): >- cls.user_pass = samba.generate_random_password(32, 32) >- cls.user_name = USER_NAME >- cls.user_dn = "cn=%s,%s" % (cls.user_name, cls.ldb.domain_dn()) >- >- # remove the account if it exists, this will happen if a previous test >- # run failed >- delete_force(cls.ldb, cls.user_dn) >- >- utf16pw = ('"%s"' % cls.user_pass).encode('utf-16-le') >- cls.ldb.add({ >- "dn": cls.user_dn, >- "objectclass": "user", >- "sAMAccountName": "%s" % cls.user_name, >- "userAccountControl": str(UF_NORMAL_ACCOUNT), >- "unicodePwd": utf16pw}) >- >- cls.user_creds = Credentials() >- cls.user_creds.guess(cls.lp) >- cls.user_creds.set_realm(cls.ldb.domain_dns_name().upper()) >- cls.user_creds.set_domain(cls.ldb.domain_netbios_name().upper()) >- cls.user_creds.set_password(cls.user_pass) >- cls.user_creds.set_username(cls.user_name) >- cls.user_creds.set_workstation(cls.machine_name) >- >- # >- # Create the machine account >- @classmethod >- def create_machine_account(cls): >- cls.machine_pass = samba.generate_random_password(32, 32) >- cls.machine_name = MACHINE_NAME >- cls.machine_dn = "cn=%s,%s" % (cls.machine_name, cls.ldb.domain_dn()) >- >- # remove the account if it exists, this will happen if a previous test >- # run failed >- delete_force(cls.ldb, cls.machine_dn) >- >- utf16pw = ('"%s"' % cls.machine_pass).encode('utf-16-le') >- cls.ldb.add({ >- "dn": cls.machine_dn, >- "objectclass": "computer", >- "sAMAccountName": "%s$" % cls.machine_name, >- "userAccountControl": >- str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), >- "unicodePwd": utf16pw}) >- >- cls.machine_creds = Credentials() >- cls.machine_creds.guess(cls.lp) >- cls.machine_creds.set_realm(cls.ldb.domain_dns_name().upper()) >- cls.machine_creds.set_domain(cls.ldb.domain_netbios_name().upper()) >- cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) >- cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) >- cls.machine_creds.set_password(cls.machine_pass) >- cls.machine_creds.set_username(cls.machine_name + "$") >- cls.machine_creds.set_workstation(cls.machine_name) >+ self.user_creds = None >+ self.machine_creds = None > > def _test_with_args(self, x, ct): > if ct == CredentialsType.User: >- creds = self.user_creds >+ creds = self.user_account_creds() > elif ct == CredentialsType.Machine: >- creds = self.machine_creds >+ creds = self.machine_account_creds() > else: > raise Exception("Unexpected credential type") > data = TestData(x, creds) >-- >2.25.1 > > >From bbe7ffea8377a87dcee6dd2dddc098e28c6b1377 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 16 Jun 2021 12:52:11 +1200 >Subject: [PATCH 086/177] tests/krb5: Use admin creds for SamDB rather than > user creds > >This makes the purpose of each set of credentials more consistent, and >makes some tests more convenient to run standalone as they no longer >require user credentials. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ab221c1b3e24696aa0eed6aa970f310447657069) >--- > python/samba/tests/krb5/kdc_base_test.py | 2 +- > source4/selftest/tests.py | 42 ++++++++++++++++++++---- > 2 files changed, 36 insertions(+), 8 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 89d374fc5cc..0f5238a3de9 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -109,7 +109,7 @@ class KDCBaseTest(RawKerberosTest): > > def get_samdb(self): > if self._ldb is None: >- creds = self.get_user_creds() >+ creds = self.get_admin_creds() > lp = self.get_lp() > > session = system_session() >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 1ffdf881c8a..8b33659e74b 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -796,10 +796,26 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > > planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > >-planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache") >-planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap") >-planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc") >-planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ldap", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_rpc", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) >+planoldpythontestsuite("ad_dc_smb1", "samba.tests.krb5.test_smb", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >@@ -1351,15 +1367,27 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > '--option=torture:expect_machine_account=true'] + extra_options, > "samba4.krb5.kdc with machine account") > >-planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") >+planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > planpythontestsuite( > "ad_dc", >- "samba.tests.krb5.kdc_tgs_tests") >+ "samba.tests.krb5.kdc_tgs_tests", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > planpythontestsuite( > "ad_dc", >- "samba.tests.krb5.ms_kile_client_principal_lookup_tests") >+ "samba.tests.krb5.ms_kile_client_principal_lookup_tests", >+ environ={ >+ 'ADMIN_USERNAME': '$USERNAME', >+ 'ADMIN_PASSWORD': '$PASSWORD' >+ }) > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From ff548153063d0ebb3311c2340f3e51f06b346cf5 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 21 Jun 2021 14:14:48 +1200 >Subject: [PATCH 087/177] s4:torture/krb5/kdc-heimdal: Automatically determine > AS-REP enctype to check against > >This enables us to more easily switch to a different algorithm to find >the strongest key in _kdc_find_etype(). > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit bf71fa038e9b97f770e06e88226e885d67342d47) >--- > selftest/knownfail | 6 +- > selftest/knownfail_mit_kdc | 6 ++ > source4/torture/krb5/kdc-heimdal.c | 104 +++++++++++++++++++++++++++-- > 3 files changed, 104 insertions(+), 12 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index dab0e64c10b..2370f09f094 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -294,10 +294,6 @@ > ^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) > ^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC > # >-# Differences in our KDC compared to windows >-# >-^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally >-# > # This will fail against the classic DC, because it requires kerberos > # > ^samba4.winbind.pac.*\(nt4_member:local\) # No KDC on a classic DC >@@ -336,7 +332,7 @@ > # > ^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\) > # fl2000dc doesn't support AES >-^samba4.krb5.kdc.*as-req-aes.*fl2000dc >+^samba4.krb5.kdc.*as-req-aes.fl2000dc > # nt4_member and ad_member don't support ntlmv1 (not even over SMB1) > ^samba3.blackbox.smbclient_auth.plain.*option=clientntlmv2auth=no.member.creds.*as.user.*_member > ^samba3.blackbox.smbclient_auth.plain.*option=clientntlmv2auth=no.*mNT1.member.creds.*as.user.*_member >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index db40b0614fa..fffa5c3cd7e 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -641,3 +641,9 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_None.fl2008r2dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2003dc > ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_rc4_pac_True.fl2008r2dc >+# Differences in our KDC compared to windows >+# >+^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally >+# >+# fl2000dc doesn't support AES >+^samba4.krb5.kdc.*as-req-aes.*fl2000dc >diff --git a/source4/torture/krb5/kdc-heimdal.c b/source4/torture/krb5/kdc-heimdal.c >index cc70c9eda67..ccd9919b33a 100644 >--- a/source4/torture/krb5/kdc-heimdal.c >+++ b/source4/torture/krb5/kdc-heimdal.c >@@ -204,11 +204,12 @@ static bool torture_check_krb5_error(struct torture_krb5_context *test_context, > > static bool torture_check_krb5_as_rep_enctype(struct torture_krb5_context *test_context, > const krb5_data *reply, >- krb5_enctype expected_enctype) >+ const krb5_enctype* allowed_enctypes) > { > ENCTYPE reply_enctype = { 0 }; > size_t used = 0; > int rc; >+ int expected_enctype = ETYPE_NULL; > > rc = decode_AS_REP(reply->data, > reply->length, >@@ -230,8 +231,84 @@ static bool torture_check_krb5_as_rep_enctype(struct torture_krb5_context *test_ > test_context->as_rep.ticket.enc_part.kvno, > "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno"); > >- reply_enctype = test_context->as_rep.enc_part.etype; >+ if (test_context->as_req.padata) { >+ /* >+ * If the AS-REQ contains a PA-ENC-TIMESTAMP, then >+ * that encryption type is used to determine the reply >+ * enctype. >+ */ >+ int i = 0; >+ const PA_DATA *pa = krb5_find_padata(test_context->as_req.padata->val, >+ test_context->as_req.padata->len, >+ KRB5_PADATA_ENC_TIMESTAMP, >+ &i); >+ if (pa) { >+ EncryptedData ed; >+ size_t len; >+ krb5_error_code ret = decode_EncryptedData(pa->padata_value.data, >+ pa->padata_value.length, >+ &ed, &len); >+ torture_assert_int_equal(test_context->tctx, >+ ret, >+ 0, >+ "decode_EncryptedData failed"); >+ expected_enctype = ed.etype; >+ free_EncryptedData(&ed); >+ } >+ } >+ if (expected_enctype == ETYPE_NULL) { >+ /* >+ * Otherwise, find the strongest enctype contained in >+ * the AS-REQ supported enctypes list. >+ */ >+ const krb5_enctype *p = NULL; >+ >+ for (p = krb5_kerberos_enctypes(NULL); *p != (krb5_enctype)ETYPE_NULL; ++p) { >+ int j; >+ >+ if ((*p == (krb5_enctype)ETYPE_AES256_CTS_HMAC_SHA1_96 || >+ *p == (krb5_enctype)ETYPE_AES128_CTS_HMAC_SHA1_96) && >+ !test_context->as_req.req_body.kdc_options.canonicalize) >+ { >+ /* >+ * AES encryption types are only used here when >+ * we set the canonicalize flag, as the salt >+ * needs to match. >+ */ >+ continue; >+ } >+ >+ for (j = 0; j < test_context->as_req.req_body.etype.len; ++j) { >+ krb5_enctype etype = test_context->as_req.req_body.etype.val[j]; >+ if (*p == etype) { >+ expected_enctype = etype; >+ break; >+ } >+ } >+ >+ if (expected_enctype != (krb5_enctype)ETYPE_NULL) { >+ break; >+ } >+ } >+ } >+ >+ { >+ /* Ensure the enctype to check against is an expected type. */ >+ const krb5_enctype *p = NULL; >+ bool found = false; >+ for (p = allowed_enctypes; *p != (krb5_enctype)ETYPE_NULL; ++p) { >+ if (*p == expected_enctype) { >+ found = true; >+ break; >+ } >+ } > >+ torture_assert(test_context->tctx, >+ found, >+ "Calculated enctype not in allowed list"); >+ } >+ >+ reply_enctype = test_context->as_rep.enc_part.etype; > torture_assert_int_equal(test_context->tctx, > reply_enctype, expected_enctype, > "Ticket encrypted with invalid algorithm"); >@@ -310,7 +387,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > if (test_context->packet_count == 0) { > ok = torture_check_krb5_error(test_context, > recv_buf, >- KRB5KRB_ERR_RESPONSE_TOO_BIG, >+ KRB5KDC_ERR_PREAUTH_REQUIRED, > false); > torture_assert(test_context->tctx, > ok, >@@ -318,7 +395,7 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > } else if (test_context->packet_count == 1) { > ok = torture_check_krb5_error(test_context, > recv_buf, >- KRB5KDC_ERR_PREAUTH_REQUIRED, >+ KRB5KRB_ERR_RESPONSE_TOO_BIG, > false); > torture_assert(test_context->tctx, > ok, >@@ -411,9 +488,13 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > ok, > "torture_check_krb5_error failed"); > } else { >+ const krb5_enctype allowed_enctypes[] = { >+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, >+ ETYPE_NULL >+ }; > ok = torture_check_krb5_as_rep_enctype(test_context, > recv_buf, >- KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96); >+ allowed_enctypes); > torture_assert(test_context->tctx, > ok, > "torture_check_krb5_as_rep_enctype failed"); >@@ -443,9 +524,13 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > ok, > "torture_check_krb5_error failed"); > } else { >+ const krb5_enctype allowed_enctypes[] = { >+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, >+ ETYPE_NULL >+ }; > ok = torture_check_krb5_as_rep_enctype(test_context, > recv_buf, >- KRB5_ENCTYPE_ARCFOUR_HMAC_MD5); >+ allowed_enctypes); > torture_assert(test_context->tctx, > ok, > "torture_check_krb5_as_rep_enctype failed"); >@@ -475,9 +560,14 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex > ok, > "torture_check_krb5_error failed"); > } else { >+ const krb5_enctype allowed_enctypes[] = { >+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, >+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, >+ ETYPE_NULL >+ }; > ok = torture_check_krb5_as_rep_enctype(test_context, > recv_buf, >- KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96); >+ allowed_enctypes); > torture_assert(test_context->tctx, > ok, > "torture_check_krb5_as_rep_enctype failed"); >-- >2.25.1 > > >From 5a399f4284594f003c87bdea9c4308adaa61f3b1 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 7 Sep 2021 09:08:58 +1200 >Subject: [PATCH 088/177] selftest: add space after --list in output of > selftesthelpers.py > >Selected and backported from: > >commit b113a3bbcd03ab6a62883fbca85ee8749e038887 >Author: Volker Lendecke <vl@samba.org> >Date: Mon Apr 19 16:04:00 2021 +0200 > > torture: Show sddl_decode() failure for "GWFX" access mask > > Signed-off-by: Volker Lendecke <vl@samba.org> > Reviewed-by: Jeremy Allison <jra@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >(This allows subsequent patches to be cherry-picked cleanly) > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > selftest/selftesthelpers.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 1afabf3cdca..c2a74a30614 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -109,7 +109,7 @@ def plantestsuite_loadlist(name, env, cmdline): > raise AssertionError("loadlist test %s does not support not --list" % name) > if "$LOADLIST" not in cmdline: > raise AssertionError("loadlist test %s does not support --load-list" % name) >- print(("%s | %s" % (cmdline.replace("$LOADLIST", ""), add_prefix(name, env, support_list))).replace("$LISTOPT", "--list")) >+ print(("%s | %s" % (cmdline.replace("$LOADLIST", ""), add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) > print(cmdline.replace("$LISTOPT", "") + " 2>&1 " + " | " + add_prefix(name, env, False)) > > >-- >2.25.1 > > >From 2ba24ba4f1321be01c7affdf1ef4cf38652a2143 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 27 Jul 2021 08:50:54 +0200 >Subject: [PATCH 089/177] selftest: Re-format long lines in selftesthelpers.py > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 18976a9568b23759060377d09304e9d7badb143a) >--- > selftest/selftesthelpers.py | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index c2a74a30614..3c544a0057c 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -1,4 +1,5 @@ >-#!/usr/bin/python >+#!/usr/bin/env python3 >+# > # This script generates a list of testsuites that should be run as part of > # the Samba 4 test suite. > >@@ -25,7 +26,8 @@ import sys > > > def srcdir(): >- return os.path.normpath(os.getenv("SRCDIR", os.path.join(os.path.dirname(os.path.abspath(__file__)), ".."))) >+ alternate_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "..") >+ return os.path.normpath(os.getenv("SRCDIR", alternate_path)) > > > def source4dir(): >@@ -91,7 +93,8 @@ def add_prefix(prefix, env, support_list=False): > listopt = "$LISTOPT " > else: > listopt = "" >- return "%s %s/selftest/filter-subunit %s--fail-on-empty --prefix=\"%s.\" --suffix=\"(%s)\"" % (python, srcdir(), listopt, prefix, env) >+ return ("%s %s/selftest/filter-subunit %s--fail-on-empty --prefix=\"%s.\" --suffix=\"(%s)\"" % >+ (python, srcdir(), listopt, prefix, env)) > > > def plantestsuite_loadlist(name, env, cmdline): >@@ -109,7 +112,9 @@ def plantestsuite_loadlist(name, env, cmdline): > raise AssertionError("loadlist test %s does not support not --list" % name) > if "$LOADLIST" not in cmdline: > raise AssertionError("loadlist test %s does not support --load-list" % name) >- print(("%s | %s" % (cmdline.replace("$LOADLIST", ""), add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) >+ print(("%s | %s" % >+ (cmdline.replace("$LOADLIST", ""), >+ add_prefix(name, env, support_list))).replace("$LISTOPT", "--list ")) > print(cmdline.replace("$LISTOPT", "") + " 2>&1 " + " | " + add_prefix(name, env, False)) > > >@@ -162,7 +167,10 @@ bbdir = os.path.join(srcdir(), "testprogs/blackbox") > configuration = "--configfile=$SMB_CONF_PATH" > > smbtorture4 = binpath("smbtorture") >-smbtorture4_testsuite_list = subprocess.Popen([smbtorture4, "--list-suites"], stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate("")[0].decode('utf8').splitlines() >+smbtorture4_testsuite_list = subprocess.Popen( >+ [smbtorture4, "--list-suites"], >+ stdout=subprocess.PIPE, >+ stderr=subprocess.PIPE).communicate("")[0].decode('utf8').splitlines() > > smbtorture4_options = [ > configuration, >-- >2.25.1 > > >From 5a3fc9913ae9c932207f632d13c8fb522484512a Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 27 Jul 2021 13:25:59 +0200 >Subject: [PATCH 090/177] selftest: Add support for setting ENV variables in > plansmbtorture4testsuite() > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3db299e586fd9464b6e1b145f29b10c8ae325d3a) >--- > selftest/selftesthelpers.py | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 3c544a0057c..697a4d08abb 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -181,13 +181,14 @@ smbtorture4_options = [ > ] + get_env_torture_options() > > >-def plansmbtorture4testsuite(name, env, options, target, modname=None): >+def plansmbtorture4testsuite(name, env, options, target, environ={}, modname=None): > if modname is None: > modname = "samba4.%s" % name > if isinstance(options, list): > options = " ".join(options) > options = " ".join(smbtorture4_options + ["--target=%s" % target]) + " " + options >- cmdline = "%s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) >+ cmdline = ["%s=%s" % item for item in environ.items()] >+ cmdline += "%s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) > plantestsuite_loadlist(modname, env, cmdline) > > >-- >2.25.1 > > >From 6b6f71f7fed2faac4b0faabab46ab183d9234e0d Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 27 Jul 2021 13:45:03 +0200 >Subject: [PATCH 091/177] selftest: Add support for setting ENV variables in > plantestsuite() > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 48289b6964d28e153fec885aceca02c6a9b436ef) >--- > selftest/selftesthelpers.py | 25 +++++++++++++++++++------ > 1 file changed, 19 insertions(+), 6 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 697a4d08abb..167777e3d47 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -67,7 +67,7 @@ def valgrindify(cmdline): > return valgrind + " " + cmdline > > >-def plantestsuite(name, env, cmdline): >+def plantestsuite(name, env, cmd, environ={}): > """Plan a test suite. > > :param name: Testsuite name >@@ -81,8 +81,18 @@ def plantestsuite(name, env, cmdline): > fullname = "%s(%s)" % (name, env) > print(fullname) > print(env) >- if isinstance(cmdline, list): >- cmdline = " ".join(cmdline) >+ >+ cmdline = "" >+ if environ: >+ environ = dict(environ) >+ cmdline_env = ["%s=%s" % item for item in environ.items()] >+ cmdline = " ".join(cmdline_env) + " " >+ >+ if isinstance(cmd, list): >+ cmdline += " ".join(cmd) >+ else: >+ cmdline += cmd >+ > if "$LISTOPT" in cmdline: > raise AssertionError("test %s supports --list, but not --load-list" % name) > print(cmdline + " 2>&1 " + " | " + add_prefix(name, env)) >@@ -181,14 +191,17 @@ smbtorture4_options = [ > ] + get_env_torture_options() > > >-def plansmbtorture4testsuite(name, env, options, target, environ={}, modname=None): >+def plansmbtorture4testsuite(name, env, options, target, modname=None, environ={}): > if modname is None: > modname = "samba4.%s" % name > if isinstance(options, list): > options = " ".join(options) > options = " ".join(smbtorture4_options + ["--target=%s" % target]) + " " + options >- cmdline = ["%s=%s" % item for item in environ.items()] >- cmdline += "%s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) >+ cmdline = "" >+ if environ: >+ environ = dict(environ) >+ cmdline = ["%s=%s" % item for item in environ.items()] >+ cmdline += " %s $LISTOPT $LOADLIST %s %s" % (valgrindify(smbtorture4), options, name) > plantestsuite_loadlist(modname, env, cmdline) > > >-- >2.25.1 > > >From 42842e2e4a54331ef135fc14c63884b18710846b Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de> >Date: Fri, 24 Jul 2020 12:18:11 +0200 >Subject: [PATCH 092/177] selftest: add option to pass args to tests to > planpythontestsuite() >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >The logic is basically a copy from planoldpythontestsuite(). > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Björn Baumbach <bb@sernet.de> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 3e9f0e97255de1b4235c4dca6912635386328746) >--- > selftest/selftesthelpers.py | 16 +++++++++------- > 1 file changed, 9 insertions(+), 7 deletions(-) > >diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py >index 167777e3d47..1dd30b01ea7 100644 >--- a/selftest/selftesthelpers.py >+++ b/selftest/selftesthelpers.py >@@ -150,16 +150,18 @@ def planperltestsuite(name, path): > skiptestsuite(name, "Test::More not available") > > >-def planpythontestsuite(env, module, name=None, extra_path=None): >+def planpythontestsuite(env, module, name=None, extra_path=[], environ={}, extra_args=[]): >+ environ = dict(environ) >+ py_path = list(extra_path) >+ if py_path is not None: >+ environ["PYTHONPATH"] = ":".join(["$PYTHONPATH"] + py_path) >+ args = ["%s=%s" % item for item in environ.items()] >+ args += [python, "-m", "samba.subunit.run", "$LISTOPT", "$LOADLIST", module] >+ args += extra_args > if name is None: > name = module >- args = [python, "-m", "samba.subunit.run", "$LISTOPT", "$LOADLIST", module] >- if extra_path: >- pypath = ["PYTHONPATH=$PYTHONPATH:%s" % ":".join(extra_path)] >- else: >- pypath = [] > >- plantestsuite_loadlist(name, env, pypath + args) >+ plantestsuite_loadlist(name, env, args) > > > def get_env_torture_options(): >-- >2.25.1 > > >From c04f37778e1a35ff6efe7f22f28a70a88008f78f Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Mon, 19 Jul 2021 17:29:39 +1200 >Subject: [PATCH 093/177] pygensec: Fix memory leaks > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 814df05f8c10e9d82e6082d42ece1df569db4385) >--- > source4/auth/gensec/pygensec.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 490fcbecd58..f1f845a4663 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -310,9 +310,13 @@ static PyObject *py_gensec_session_info(PyObject *self, > return NULL; > } > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > status = gensec_session_info(security, mem_ctx, &info); > if (NT_STATUS_IS_ERR(status)) { >+ talloc_free(mem_ctx); > PyErr_SetNTSTATUS(status); > return NULL; > } >@@ -337,6 +341,9 @@ static PyObject *py_gensec_session_key(PyObject *self, > return NULL; > } > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > status = gensec_session_key(security, mem_ctx, &session_key); > if (!NT_STATUS_IS_OK(status)) { >@@ -466,7 +473,12 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args) > return NULL; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } >+ > if (!PyBytes_Check(py_in)) { >+ talloc_free(mem_ctx); > PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } >@@ -510,8 +522,12 @@ static PyObject *py_gensec_wrap(PyObject *self, PyObject *args) > return NULL; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > if (!PyBytes_Check(py_in)) { >+ talloc_free(mem_ctx); > PyErr_Format(PyExc_TypeError, "bytes expected"); > return NULL; > } >@@ -545,8 +561,12 @@ static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args) > return NULL; > > mem_ctx = talloc_new(NULL); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } > > if (!PyBytes_Check(py_in)) { >+ talloc_free(mem_ctx); > PyErr_Format(PyExc_TypeError, "by