The Samba-Bugzilla – Attachment 16882 Details for
Bug 14881
Backport bronze bit fixes, tests, and selftest improvements
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch backported to 4.12 (only)
bronze-bit-for-samba-4.12.patch (text/plain), 2.54 MB, created by
Andrew Bartlett
on 2021-10-27 23:52:06 UTC
(
hide
)
Description:
patch backported to 4.12 (only)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-10-27 23:52:06 UTC
Size:
2.54 MB
patch
obsolete
>From f462037f85c3f4cd2aaad538c635259c017ed7f9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 27 Oct 2021 14:24:50 +1300 >Subject: [PATCH 001/380] Revert "bootstrap: Cope with case changes in CentOS 8 > repo names" > >This reverts commit 9b5dd480590fb4693547e9a1e27452058c0f5da8. > >[abartlet@samba.org Reverted to allow subsequent patches to apply > cleanly] >--- > .gitlab-ci.yml | 2 +- > bootstrap/config.py | 3 +-- > bootstrap/generated-dists/centos8/bootstrap.sh | 3 +-- > bootstrap/sha1sum.txt | 2 +- > 4 files changed, 4 insertions(+), 6 deletions(-) > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index c706dac66bd..56adf10c7be 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 8bec130a6b741608616302662edee02fd39f3baf >+ SAMBA_CI_CONTAINER_TAG: 41319f2580c026f66b2750604a0eb15d6b6f7b50 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 5ead9f74501..bcada1dc628 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -226,8 +226,7 @@ set -xueo pipefail > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release >-yum config-manager --set-enabled PowerTools -y || \ >- yum config-manager --set-enabled powertools -y >+yum config-manager --set-enabled PowerTools -y > yum update -y > > yum install -y \ >diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh >index e6fab86e446..22484b3f6ad 100755 >--- a/bootstrap/generated-dists/centos8/bootstrap.sh >+++ b/bootstrap/generated-dists/centos8/bootstrap.sh >@@ -10,8 +10,7 @@ set -xueo pipefail > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release >-yum config-manager --set-enabled PowerTools -y || \ >- yum config-manager --set-enabled powertools -y >+yum config-manager --set-enabled PowerTools -y > yum update -y > > yum install -y \ >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 5328cff1cd3..62c2245564e 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-8bec130a6b741608616302662edee02fd39f3baf >+41319f2580c026f66b2750604a0eb15d6b6f7b50 >-- >2.25.1 > > >From 7f39b48fb55b62e920b87acaf77e5948c55f0c61 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 4 Mar 2020 13:58:48 +1300 >Subject: [PATCH 002/380] bootstrap: Remove long-unsupported OS versions > >Samba has not built on these versions for quite some time due to >the need for Python 3.5 and GnuTLS 3.4.7 > >These were always marked as broken, but given the requirements >these are never likely to come back. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit d048d7e17d756099e208fa4d6b931a147b0b1489) >--- > .gitlab-ci.yml | 2 +- > bootstrap/.gitlab-ci.yml | 12 -- > bootstrap/config.py | 64 ---------- > bootstrap/generated-dists/Vagrantfile | 28 ----- > bootstrap/generated-dists/centos6/Dockerfile | 27 ----- > .../generated-dists/centos6/bootstrap.sh | 109 ------------------ > bootstrap/generated-dists/centos6/locale.sh | 55 --------- > .../generated-dists/centos6/packages.yml | 89 -------------- > bootstrap/generated-dists/debian7/Dockerfile | 27 ----- > .../generated-dists/debian7/bootstrap.sh | 101 ---------------- > bootstrap/generated-dists/debian7/locale.sh | 55 --------- > .../generated-dists/debian7/packages.yml | 86 -------------- > bootstrap/generated-dists/debian8/Dockerfile | 27 ----- > .../generated-dists/debian8/bootstrap.sh | 105 ----------------- > bootstrap/generated-dists/debian8/locale.sh | 55 --------- > .../generated-dists/debian8/packages.yml | 90 --------------- > .../generated-dists/ubuntu1404/Dockerfile | 27 ----- > .../generated-dists/ubuntu1404/bootstrap.sh | 103 ----------------- > .../generated-dists/ubuntu1404/locale.sh | 55 --------- > .../generated-dists/ubuntu1404/packages.yml | 88 -------------- > bootstrap/sha1sum.txt | 2 +- > 21 files changed, 2 insertions(+), 1205 deletions(-) > delete mode 100644 bootstrap/generated-dists/centos6/Dockerfile > delete mode 100755 bootstrap/generated-dists/centos6/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/centos6/locale.sh > delete mode 100644 bootstrap/generated-dists/centos6/packages.yml > delete mode 100644 bootstrap/generated-dists/debian7/Dockerfile > delete mode 100755 bootstrap/generated-dists/debian7/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/debian7/locale.sh > delete mode 100644 bootstrap/generated-dists/debian7/packages.yml > delete mode 100644 bootstrap/generated-dists/debian8/Dockerfile > delete mode 100755 bootstrap/generated-dists/debian8/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/debian8/locale.sh > delete mode 100644 bootstrap/generated-dists/debian8/packages.yml > delete mode 100644 bootstrap/generated-dists/ubuntu1404/Dockerfile > delete mode 100755 bootstrap/generated-dists/ubuntu1404/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/ubuntu1404/locale.sh > delete mode 100644 bootstrap/generated-dists/ubuntu1404/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index 56adf10c7be..00ffff202d9 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 41319f2580c026f66b2750604a0eb15d6b6f7b50 >+ SAMBA_CI_CONTAINER_TAG: cd4cebb9c611fb98f3a21171dd4832df930add28 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index aa0b6448d74..cbf1cb9b58a 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -89,21 +89,12 @@ ubuntu1804: > ubuntu1604: > extends: .build_image_template > >-ubuntu1404: >- extends: .build_image_template_force_broken >- > debian10: > extends: .build_image_template > > debian9: > extends: .build_image_template > >-debian8: >- extends: .build_image_template_force_broken >- >-debian7: >- extends: .build_image_template_force_broken >- > fedora31: > extends: .build_image_template > >@@ -124,9 +115,6 @@ centos7: > # We install a compat-gnutls34 package for GnuTLS >= 3.4.7 > PKG_CONFIG_PATH: /usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig > >-centos6: >- extends: .build_image_template_force_broken >- > opensuse150: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index bcada1dc628..552524ae759 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -374,30 +374,6 @@ end > > > DEB_DISTS = { >- 'debian7': { >- 'docker_image': 'debian:7', >- 'vagrant_box': 'debian/wheezy64', >- 'replace': { >- 'libgnutls28-dev': 'libgnutls-dev', >- 'libsystemd-dev': '', # not available, remove >- 'lmdb-utils': '', # not available, remove >- 'liblmdb-dev': '', # not available, remove >- 'python-gpg': 'python-gpgme', >- 'python3-gpg': '', # no python3 gpg pkg available, remove >- 'language-pack-en': '', # included in locales >- 'liburing-dev': '', # not available >- } >- }, >- 'debian8': { >- 'docker_image': 'debian:8', >- 'vagrant_box': 'debian/jessie64', >- 'replace': { >- 'python-gpg': 'python-gpgme', >- 'python3-gpg': 'python3-gpgme', >- 'language-pack-en': '', # included in locales >- 'liburing-dev': '', # not available >- } >- }, > 'debian9': { > 'docker_image': 'debian:9', > 'vagrant_box': 'debian/stretch64', >@@ -414,22 +390,6 @@ DEB_DISTS = { > 'liburing-dev': '', # not available > } > }, >- 'ubuntu1404': { >- 'docker_image': 'ubuntu:14.04', >- 'vagrant_box': 'ubuntu/trusty64', >- 'replace': { >- 'libsystemd-dev': '', # remove >- 'libgnutls28-dev': 'libgnutls-dev', >- 'python-gpg': 'python-gpgme', >- 'python3-gpg': 'python3-gpgme', >- 'lmdb-utils': 'lmdb-utils/trusty-backports', >- 'liblmdb-dev': 'liblmdb-dev/trusty-backports', >- 'libunwind-dev': 'libunwind8-dev', >- 'glusterfs-common': '', >- 'libcephfs-dev': '', >- 'liburing-dev': '', # not available >- } >- }, > 'ubuntu1604': { > 'docker_image': 'ubuntu:16.04', > 'vagrant_box': 'ubuntu/xenial64', >@@ -452,30 +412,6 @@ DEB_DISTS = { > > > RPM_DISTS = { >- 'centos6': { >- 'docker_image': 'centos:6', >- 'vagrant_box': 'centos/6', >- 'bootstrap': YUM_BOOTSTRAP, >- 'replace': { >- 'lsb-release': 'redhat-lsb', >- 'python3': 'python36', >- 'python3-devel': 'python36-devel', >- 'python2-gpg': 'pygpgme', >- 'python3-gpg': '', # no python3-gpg yet >- '@development-tools': '"@Development Tools"', # add quotes >- 'glibc-langpack-en': '', # included in glibc-common >- 'glibc-locale-source': '', # included in glibc-common >- 'procps-ng': 'procps', # centos6 still use old name >- # update perl core modules on centos >- # fix: Can't locate Archive/Tar.pm in @INC >- 'perl': 'perl-core', >- 'rpcsvc-proto-devel': '', >- 'glusterfs-api-devel': '', >- 'glusterfs-devel': '', >- 'libcephfs-devel': '', >- 'liburing-devel': '', # not available >- } >- }, > 'centos7': { > 'docker_image': 'centos:7', > 'vagrant_box': 'centos/7', >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index b3cb6bea485..983e66aa57f 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -10,13 +10,6 @@ Vagrant.configure("2") do |config| > config.ssh.insert_key = false > > >- config.vm.define "centos6" do |v| >- v.vm.box = "centos/6" >- v.vm.hostname = "centos6" >- v.vm.provision :shell, path: "centos6/bootstrap.sh" >- v.vm.provision :shell, path: "centos6/locale.sh" >- end >- > config.vm.define "centos7" do |v| > v.vm.box = "centos/7" > v.vm.hostname = "centos7" >@@ -38,20 +31,6 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "debian10/locale.sh" > end > >- config.vm.define "debian7" do |v| >- v.vm.box = "debian/wheezy64" >- v.vm.hostname = "debian7" >- v.vm.provision :shell, path: "debian7/bootstrap.sh" >- v.vm.provision :shell, path: "debian7/locale.sh" >- end >- >- config.vm.define "debian8" do |v| >- v.vm.box = "debian/jessie64" >- v.vm.hostname = "debian8" >- v.vm.provision :shell, path: "debian8/bootstrap.sh" >- v.vm.provision :shell, path: "debian8/locale.sh" >- end >- > config.vm.define "debian9" do |v| > v.vm.box = "debian/stretch64" > v.vm.hostname = "debian9" >@@ -94,13 +73,6 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "opensuse151/locale.sh" > end > >- config.vm.define "ubuntu1404" do |v| >- v.vm.box = "ubuntu/trusty64" >- v.vm.hostname = "ubuntu1404" >- v.vm.provision :shell, path: "ubuntu1404/bootstrap.sh" >- v.vm.provision :shell, path: "ubuntu1404/locale.sh" >- end >- > config.vm.define "ubuntu1604" do |v| > v.vm.box = "ubuntu/xenial64" > v.vm.hostname = "ubuntu1604" >diff --git a/bootstrap/generated-dists/centos6/Dockerfile b/bootstrap/generated-dists/centos6/Dockerfile >deleted file mode 100644 >index 2716eebdd35..00000000000 >--- a/bootstrap/generated-dists/centos6/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM centos:6 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/centos6/bootstrap.sh b/bootstrap/generated-dists/centos6/bootstrap.sh >deleted file mode 100755 >index ee6fcc33799..00000000000 >--- a/bootstrap/generated-dists/centos6/bootstrap.sh >+++ /dev/null >@@ -1,109 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-yum update -y >-yum install -y epel-release >-yum install -y yum-plugin-copr >-yum copr enable -y sergiomb/SambaAD >-yum update -y >- >-yum install -y \ >- "@Development Tools" \ >- acl \ >- attr \ >- autoconf \ >- avahi-devel \ >- bind-utils \ >- binutils \ >- bison \ >- chrpath \ >- cups-devel \ >- curl \ >- dbus-devel \ >- docbook-dtds \ >- docbook-style-xsl \ >- flex \ >- gawk \ >- gcc \ >- gdb \ >- git \ >- glib2-devel \ >- glibc-common \ >- gnutls-devel \ >- gpgme-devel \ >- gzip \ >- hostname \ >- htop \ >- jansson-devel \ >- keyutils-libs-devel \ >- krb5-devel \ >- krb5-server \ >- lcov \ >- libacl-devel \ >- libarchive-devel \ >- libattr-devel \ >- libblkid-devel \ >- libbsd-devel \ >- libcap-devel \ >- libicu-devel \ >- libnsl2-devel \ >- libpcap-devel \ >- libsemanage-python \ >- libtasn1-devel \ >- libtasn1-tools \ >- libtirpc-devel \ >- libunwind-devel \ >- libuuid-devel \ >- libxslt \ >- lmdb \ >- lmdb-devel \ >- make \ >- mingw64-gcc \ >- ncurses-devel \ >- openldap-devel \ >- pam-devel \ >- patch \ >- perl-Archive-Tar \ >- perl-ExtUtils-MakeMaker \ >- perl-JSON-Parse \ >- perl-Parse-Yapp \ >- perl-Test-Base \ >- perl-core \ >- perl-generators \ >- perl-interpreter \ >- pkgconfig \ >- policycoreutils-python \ >- popt-devel \ >- procps \ >- psmisc \ >- python3-dns \ >- python3-markdown \ >- python36 \ >- python36-devel \ >- quota-devel \ >- readline-devel \ >- redhat-lsb \ >- rng-tools \ >- rpcgen \ >- rsync \ >- sed \ >- sudo \ >- systemd-devel \ >- tar \ >- tree \ >- which \ >- xfsprogs-devel \ >- yum-utils \ >- zlib-devel >- >-yum clean all >- >-if [ ! -f /usr/bin/python3 ]; then >- ln -sf /usr/bin/python3.6 /usr/bin/python3 >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/centos6/locale.sh b/bootstrap/generated-dists/centos6/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/centos6/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/centos6/packages.yml b/bootstrap/generated-dists/centos6/packages.yml >deleted file mode 100644 >index 1e2b5a98fa6..00000000000 >--- a/bootstrap/generated-dists/centos6/packages.yml >+++ /dev/null >@@ -1,89 +0,0 @@ >---- >-packages: >- - "@Development Tools" >- - acl >- - attr >- - autoconf >- - avahi-devel >- - bind-utils >- - binutils >- - bison >- - chrpath >- - cups-devel >- - curl >- - dbus-devel >- - docbook-dtds >- - docbook-style-xsl >- - flex >- - gawk >- - gcc >- - gdb >- - git >- - glib2-devel >- - glibc-common >- - gnutls-devel >- - gpgme-devel >- - gzip >- - hostname >- - htop >- - jansson-devel >- - keyutils-libs-devel >- - krb5-devel >- - krb5-server >- - lcov >- - libacl-devel >- - libarchive-devel >- - libattr-devel >- - libblkid-devel >- - libbsd-devel >- - libcap-devel >- - libicu-devel >- - libnsl2-devel >- - libpcap-devel >- - libsemanage-python >- - libtasn1-devel >- - libtasn1-tools >- - libtirpc-devel >- - libunwind-devel >- - libuuid-devel >- - libxslt >- - lmdb >- - lmdb-devel >- - make >- - mingw64-gcc >- - ncurses-devel >- - openldap-devel >- - pam-devel >- - patch >- - perl-Archive-Tar >- - perl-ExtUtils-MakeMaker >- - perl-JSON-Parse >- - perl-Parse-Yapp >- - perl-Test-Base >- - perl-core >- - perl-generators >- - perl-interpreter >- - pkgconfig >- - policycoreutils-python >- - popt-devel >- - procps >- - psmisc >- - python3-dns >- - python3-markdown >- - python36 >- - python36-devel >- - quota-devel >- - readline-devel >- - redhat-lsb >- - rng-tools >- - rpcgen >- - rsync >- - sed >- - sudo >- - systemd-devel >- - tar >- - tree >- - which >- - xfsprogs-devel >- - yum-utils >- - zlib-devel >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian7/Dockerfile b/bootstrap/generated-dists/debian7/Dockerfile >deleted file mode 100644 >index dfe0e389653..00000000000 >--- a/bootstrap/generated-dists/debian7/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM debian:7 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian7/bootstrap.sh b/bootstrap/generated-dists/debian7/bootstrap.sh >deleted file mode 100755 >index daedce84fd9..00000000000 >--- a/bootstrap/generated-dists/debian7/bootstrap.sh >+++ /dev/null >@@ -1,101 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-export DEBIAN_FRONTEND=noninteractive >-apt-get -y update >- >-apt-get -y install \ >- acl \ >- apt-utils \ >- attr \ >- autoconf \ >- bind9utils \ >- binutils \ >- bison \ >- build-essential \ >- chrpath \ >- curl \ >- debhelper \ >- dnsutils \ >- docbook-xml \ >- docbook-xsl \ >- flex \ >- gcc \ >- gdb \ >- git \ >- glusterfs-common \ >- gzip \ >- heimdal-multidev \ >- hostname \ >- htop \ >- krb5-config \ >- krb5-kdc \ >- krb5-user \ >- lcov \ >- libacl1-dev \ >- libarchive-dev \ >- libattr1-dev \ >- libavahi-common-dev \ >- libblkid-dev \ >- libbsd-dev \ >- libcap-dev \ >- libcephfs-dev \ >- libcups2-dev \ >- libdbus-1-dev \ >- libglib2.0-dev \ >- libgnutls-dev \ >- libgpgme11-dev \ >- libicu-dev \ >- libjansson-dev \ >- libjs-jquery \ >- libjson-perl \ >- libkrb5-dev \ >- libldap2-dev \ >- libncurses5-dev \ >- libpam0g-dev \ >- libparse-yapp-perl \ >- libpcap-dev \ >- libpopt-dev \ >- libreadline-dev \ >- libtasn1-bin \ >- libtasn1-dev \ >- libunwind-dev \ >- locales \ >- lsb-release \ >- make \ >- mawk \ >- mingw-w64 \ >- patch \ >- perl \ >- perl-modules \ >- pkg-config \ >- procps \ >- psmisc \ >- python3 \ >- python3-dbg \ >- python3-dev \ >- python3-dnspython \ >- python3-iso8601 \ >- python3-markdown \ >- python3-matplotlib \ >- python3-pexpect \ >- rng-tools \ >- rsync \ >- sed \ >- sudo \ >- tar \ >- tree \ >- uuid-dev \ >- xfslibs-dev \ >- xsltproc \ >- zlib1g-dev >- >-apt-get -y autoremove >-apt-get -y autoclean >-apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian7/locale.sh b/bootstrap/generated-dists/debian7/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/debian7/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian7/packages.yml b/bootstrap/generated-dists/debian7/packages.yml >deleted file mode 100644 >index 3cac6870b3e..00000000000 >--- a/bootstrap/generated-dists/debian7/packages.yml >+++ /dev/null >@@ -1,86 +0,0 @@ >---- >-packages: >- - acl >- - apt-utils >- - attr >- - autoconf >- - bind9utils >- - binutils >- - bison >- - build-essential >- - chrpath >- - curl >- - debhelper >- - dnsutils >- - docbook-xml >- - docbook-xsl >- - flex >- - gcc >- - gdb >- - git >- - glusterfs-common >- - gzip >- - heimdal-multidev >- - hostname >- - htop >- - krb5-config >- - krb5-kdc >- - krb5-user >- - lcov >- - libacl1-dev >- - libarchive-dev >- - libattr1-dev >- - libavahi-common-dev >- - libblkid-dev >- - libbsd-dev >- - libcap-dev >- - libcephfs-dev >- - libcups2-dev >- - libdbus-1-dev >- - libglib2.0-dev >- - libgnutls-dev >- - libgpgme11-dev >- - libicu-dev >- - libjansson-dev >- - libjs-jquery >- - libjson-perl >- - libkrb5-dev >- - libldap2-dev >- - libncurses5-dev >- - libpam0g-dev >- - libparse-yapp-perl >- - libpcap-dev >- - libpopt-dev >- - libreadline-dev >- - libtasn1-bin >- - libtasn1-dev >- - libunwind-dev >- - locales >- - lsb-release >- - make >- - mawk >- - mingw-w64 >- - patch >- - perl >- - perl-modules >- - pkg-config >- - procps >- - psmisc >- - python3 >- - python3-dbg >- - python3-dev >- - python3-dnspython >- - python3-iso8601 >- - python3-markdown >- - python3-matplotlib >- - python3-pexpect >- - rng-tools >- - rsync >- - sed >- - sudo >- - tar >- - tree >- - uuid-dev >- - xfslibs-dev >- - xsltproc >- - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian8/Dockerfile b/bootstrap/generated-dists/debian8/Dockerfile >deleted file mode 100644 >index a5a35654c22..00000000000 >--- a/bootstrap/generated-dists/debian8/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM debian:8 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian8/bootstrap.sh b/bootstrap/generated-dists/debian8/bootstrap.sh >deleted file mode 100755 >index 010508360ed..00000000000 >--- a/bootstrap/generated-dists/debian8/bootstrap.sh >+++ /dev/null >@@ -1,105 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-export DEBIAN_FRONTEND=noninteractive >-apt-get -y update >- >-apt-get -y install \ >- acl \ >- apt-utils \ >- attr \ >- autoconf \ >- bind9utils \ >- binutils \ >- bison \ >- build-essential \ >- chrpath \ >- curl \ >- debhelper \ >- dnsutils \ >- docbook-xml \ >- docbook-xsl \ >- flex \ >- gcc \ >- gdb \ >- git \ >- glusterfs-common \ >- gzip \ >- heimdal-multidev \ >- hostname \ >- htop \ >- krb5-config \ >- krb5-kdc \ >- krb5-user \ >- lcov \ >- libacl1-dev \ >- libarchive-dev \ >- libattr1-dev \ >- libavahi-common-dev \ >- libblkid-dev \ >- libbsd-dev \ >- libcap-dev \ >- libcephfs-dev \ >- libcups2-dev \ >- libdbus-1-dev \ >- libglib2.0-dev \ >- libgnutls28-dev \ >- libgpgme11-dev \ >- libicu-dev \ >- libjansson-dev \ >- libjs-jquery \ >- libjson-perl \ >- libkrb5-dev \ >- libldap2-dev \ >- liblmdb-dev \ >- libncurses5-dev \ >- libpam0g-dev \ >- libparse-yapp-perl \ >- libpcap-dev \ >- libpopt-dev \ >- libreadline-dev \ >- libsystemd-dev \ >- libtasn1-bin \ >- libtasn1-dev \ >- libunwind-dev \ >- lmdb-utils \ >- locales \ >- lsb-release \ >- make \ >- mawk \ >- mingw-w64 \ >- patch \ >- perl \ >- perl-modules \ >- pkg-config \ >- procps \ >- psmisc \ >- python3 \ >- python3-dbg \ >- python3-dev \ >- python3-dnspython \ >- python3-gpgme \ >- python3-iso8601 \ >- python3-markdown \ >- python3-matplotlib \ >- python3-pexpect \ >- rng-tools \ >- rsync \ >- sed \ >- sudo \ >- tar \ >- tree \ >- uuid-dev \ >- xfslibs-dev \ >- xsltproc \ >- zlib1g-dev >- >-apt-get -y autoremove >-apt-get -y autoclean >-apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian8/locale.sh b/bootstrap/generated-dists/debian8/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/debian8/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian8/packages.yml b/bootstrap/generated-dists/debian8/packages.yml >deleted file mode 100644 >index 1c9552b85f3..00000000000 >--- a/bootstrap/generated-dists/debian8/packages.yml >+++ /dev/null >@@ -1,90 +0,0 @@ >---- >-packages: >- - acl >- - apt-utils >- - attr >- - autoconf >- - bind9utils >- - binutils >- - bison >- - build-essential >- - chrpath >- - curl >- - debhelper >- - dnsutils >- - docbook-xml >- - docbook-xsl >- - flex >- - gcc >- - gdb >- - git >- - glusterfs-common >- - gzip >- - heimdal-multidev >- - hostname >- - htop >- - krb5-config >- - krb5-kdc >- - krb5-user >- - lcov >- - libacl1-dev >- - libarchive-dev >- - libattr1-dev >- - libavahi-common-dev >- - libblkid-dev >- - libbsd-dev >- - libcap-dev >- - libcephfs-dev >- - libcups2-dev >- - libdbus-1-dev >- - libglib2.0-dev >- - libgnutls28-dev >- - libgpgme11-dev >- - libicu-dev >- - libjansson-dev >- - libjs-jquery >- - libjson-perl >- - libkrb5-dev >- - libldap2-dev >- - liblmdb-dev >- - libncurses5-dev >- - libpam0g-dev >- - libparse-yapp-perl >- - libpcap-dev >- - libpopt-dev >- - libreadline-dev >- - libsystemd-dev >- - libtasn1-bin >- - libtasn1-dev >- - libunwind-dev >- - lmdb-utils >- - locales >- - lsb-release >- - make >- - mawk >- - mingw-w64 >- - patch >- - perl >- - perl-modules >- - pkg-config >- - procps >- - psmisc >- - python3 >- - python3-dbg >- - python3-dev >- - python3-dnspython >- - python3-gpgme >- - python3-iso8601 >- - python3-markdown >- - python3-matplotlib >- - python3-pexpect >- - rng-tools >- - rsync >- - sed >- - sudo >- - tar >- - tree >- - uuid-dev >- - xfslibs-dev >- - xsltproc >- - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1404/Dockerfile b/bootstrap/generated-dists/ubuntu1404/Dockerfile >deleted file mode 100644 >index 4cbb2d3902c..00000000000 >--- a/bootstrap/generated-dists/ubuntu1404/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM ubuntu:14.04 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1404/bootstrap.sh b/bootstrap/generated-dists/ubuntu1404/bootstrap.sh >deleted file mode 100755 >index 78c8969ac69..00000000000 >--- a/bootstrap/generated-dists/ubuntu1404/bootstrap.sh >+++ /dev/null >@@ -1,103 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-export DEBIAN_FRONTEND=noninteractive >-apt-get -y update >- >-apt-get -y install \ >- acl \ >- apt-utils \ >- attr \ >- autoconf \ >- bind9utils \ >- binutils \ >- bison \ >- build-essential \ >- chrpath \ >- curl \ >- debhelper \ >- dnsutils \ >- docbook-xml \ >- docbook-xsl \ >- flex \ >- gcc \ >- gdb \ >- git \ >- gzip \ >- heimdal-multidev \ >- hostname \ >- htop \ >- krb5-config \ >- krb5-kdc \ >- krb5-user \ >- language-pack-en \ >- lcov \ >- libacl1-dev \ >- libarchive-dev \ >- libattr1-dev \ >- libavahi-common-dev \ >- libblkid-dev \ >- libbsd-dev \ >- libcap-dev \ >- libcups2-dev \ >- libdbus-1-dev \ >- libglib2.0-dev \ >- libgnutls-dev \ >- libgpgme11-dev \ >- libicu-dev \ >- libjansson-dev \ >- libjs-jquery \ >- libjson-perl \ >- libkrb5-dev \ >- libldap2-dev \ >- liblmdb-dev/trusty-backports \ >- libncurses5-dev \ >- libpam0g-dev \ >- libparse-yapp-perl \ >- libpcap-dev \ >- libpopt-dev \ >- libreadline-dev \ >- libtasn1-bin \ >- libtasn1-dev \ >- libunwind8-dev \ >- lmdb-utils/trusty-backports \ >- locales \ >- lsb-release \ >- make \ >- mawk \ >- mingw-w64 \ >- patch \ >- perl \ >- perl-modules \ >- pkg-config \ >- procps \ >- psmisc \ >- python3 \ >- python3-dbg \ >- python3-dev \ >- python3-dnspython \ >- python3-gpgme \ >- python3-iso8601 \ >- python3-markdown \ >- python3-matplotlib \ >- python3-pexpect \ >- rng-tools \ >- rsync \ >- sed \ >- sudo \ >- tar \ >- tree \ >- uuid-dev \ >- xfslibs-dev \ >- xsltproc \ >- zlib1g-dev >- >-apt-get -y autoremove >-apt-get -y autoclean >-apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1404/locale.sh b/bootstrap/generated-dists/ubuntu1404/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/ubuntu1404/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1404/packages.yml b/bootstrap/generated-dists/ubuntu1404/packages.yml >deleted file mode 100644 >index f6c8a0aaa00..00000000000 >--- a/bootstrap/generated-dists/ubuntu1404/packages.yml >+++ /dev/null >@@ -1,88 +0,0 @@ >---- >-packages: >- - acl >- - apt-utils >- - attr >- - autoconf >- - bind9utils >- - binutils >- - bison >- - build-essential >- - chrpath >- - curl >- - debhelper >- - dnsutils >- - docbook-xml >- - docbook-xsl >- - flex >- - gcc >- - gdb >- - git >- - gzip >- - heimdal-multidev >- - hostname >- - htop >- - krb5-config >- - krb5-kdc >- - krb5-user >- - language-pack-en >- - lcov >- - libacl1-dev >- - libarchive-dev >- - libattr1-dev >- - libavahi-common-dev >- - libblkid-dev >- - libbsd-dev >- - libcap-dev >- - libcups2-dev >- - libdbus-1-dev >- - libglib2.0-dev >- - libgnutls-dev >- - libgpgme11-dev >- - libicu-dev >- - libjansson-dev >- - libjs-jquery >- - libjson-perl >- - libkrb5-dev >- - libldap2-dev >- - liblmdb-dev/trusty-backports >- - libncurses5-dev >- - libpam0g-dev >- - libparse-yapp-perl >- - libpcap-dev >- - libpopt-dev >- - libreadline-dev >- - libtasn1-bin >- - libtasn1-dev >- - libunwind8-dev >- - lmdb-utils/trusty-backports >- - locales >- - lsb-release >- - make >- - mawk >- - mingw-w64 >- - patch >- - perl >- - perl-modules >- - pkg-config >- - procps >- - psmisc >- - python3 >- - python3-dbg >- - python3-dev >- - python3-dnspython >- - python3-gpgme >- - python3-iso8601 >- - python3-markdown >- - python3-matplotlib >- - python3-pexpect >- - rng-tools >- - rsync >- - sed >- - sudo >- - tar >- - tree >- - uuid-dev >- - xfslibs-dev >- - xsltproc >- - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 62c2245564e..2378dd2d94f 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-41319f2580c026f66b2750604a0eb15d6b6f7b50 >+cd4cebb9c611fb98f3a21171dd4832df930add28 >-- >2.25.1 > > >From bf46319a4cbb0f8fb4231b77d7ca68b475ef0970 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 4 Mar 2020 13:55:27 +1300 >Subject: [PATCH 003/380] .gitlab-ci.yml: Do not build Samba for Ubuntu 16.04 > or Debian 9 any longer > >These only have Python 3.5 and we want to increase the minimum to Python 3.6. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit e9ce0f13e695f1d7e719923628255ea786a90c20) >--- > .gitlab-ci.yml | 10 +- > bootstrap/.gitlab-ci.yml | 6 - > bootstrap/config.py | 19 ---- > bootstrap/generated-dists/Vagrantfile | 14 --- > bootstrap/generated-dists/debian9/Dockerfile | 27 ----- > .../generated-dists/debian9/bootstrap.sh | 105 ------------------ > bootstrap/generated-dists/debian9/locale.sh | 55 --------- > .../generated-dists/debian9/packages.yml | 90 --------------- > .../generated-dists/ubuntu1604/Dockerfile | 27 ----- > .../generated-dists/ubuntu1604/bootstrap.sh | 104 ----------------- > .../generated-dists/ubuntu1604/locale.sh | 55 --------- > .../generated-dists/ubuntu1604/packages.yml | 89 --------------- > bootstrap/sha1sum.txt | 2 +- > 13 files changed, 2 insertions(+), 601 deletions(-) > delete mode 100644 bootstrap/generated-dists/debian9/Dockerfile > delete mode 100755 bootstrap/generated-dists/debian9/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/debian9/locale.sh > delete mode 100644 bootstrap/generated-dists/debian9/packages.yml > delete mode 100644 bootstrap/generated-dists/ubuntu1604/Dockerfile > delete mode 100755 bootstrap/generated-dists/ubuntu1604/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/ubuntu1604/locale.sh > delete mode 100644 bootstrap/generated-dists/ubuntu1604/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index 00ffff202d9..9bd5dd04b4f 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: cd4cebb9c611fb98f3a21171dd4832df930add28 >+ SAMBA_CI_CONTAINER_TAG: 2b0275df23424240774afcd61fae8abed8663996 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -277,14 +277,6 @@ ubuntu1804-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu1804 > >-ubuntu1604-samba-o3: >- extends: .samba-o3-template >- image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu1604 >- >-debian9-samba-o3: >- extends: .samba-o3-template >- image: $SAMBA_CI_CONTAINER_IMAGE_debian9 >- > debian10-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_debian10 >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index cbf1cb9b58a..4e52da09dcc 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -86,15 +86,9 @@ services: > ubuntu1804: > extends: .build_image_template > >-ubuntu1604: >- extends: .build_image_template >- > debian10: > extends: .build_image_template > >-debian9: >- extends: .build_image_template >- > fedora31: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 552524ae759..19a2cf08b9d 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -374,14 +374,6 @@ end > > > DEB_DISTS = { >- 'debian9': { >- 'docker_image': 'debian:9', >- 'vagrant_box': 'debian/stretch64', >- 'replace': { >- 'language-pack-en': '', # included in locales >- 'liburing-dev': '', # not available >- } >- }, > 'debian10': { > 'docker_image': 'debian:10', > 'vagrant_box': 'debian/buster64', >@@ -390,17 +382,6 @@ DEB_DISTS = { > 'liburing-dev': '', # not available > } > }, >- 'ubuntu1604': { >- 'docker_image': 'ubuntu:16.04', >- 'vagrant_box': 'ubuntu/xenial64', >- 'replace': { >- 'python-gpg': 'python-gpgme', >- 'python3-gpg': 'python3-gpgme', >- 'glusterfs-common': '', >- 'libcephfs-dev': '', >- 'liburing-dev': '', # not available >- } >- }, > 'ubuntu1804': { > 'docker_image': 'ubuntu:18.04', > 'vagrant_box': 'ubuntu/bionic64', >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 983e66aa57f..091c65488cb 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -31,13 +31,6 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "debian10/locale.sh" > end > >- config.vm.define "debian9" do |v| >- v.vm.box = "debian/stretch64" >- v.vm.hostname = "debian9" >- v.vm.provision :shell, path: "debian9/bootstrap.sh" >- v.vm.provision :shell, path: "debian9/locale.sh" >- end >- > config.vm.define "fedora29" do |v| > v.vm.box = "fedora/29-cloud-base" > v.vm.hostname = "fedora29" >@@ -73,13 +66,6 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "opensuse151/locale.sh" > end > >- config.vm.define "ubuntu1604" do |v| >- v.vm.box = "ubuntu/xenial64" >- v.vm.hostname = "ubuntu1604" >- v.vm.provision :shell, path: "ubuntu1604/bootstrap.sh" >- v.vm.provision :shell, path: "ubuntu1604/locale.sh" >- end >- > config.vm.define "ubuntu1804" do |v| > v.vm.box = "ubuntu/bionic64" > v.vm.hostname = "ubuntu1804" >diff --git a/bootstrap/generated-dists/debian9/Dockerfile b/bootstrap/generated-dists/debian9/Dockerfile >deleted file mode 100644 >index 50195295447..00000000000 >--- a/bootstrap/generated-dists/debian9/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM debian:9 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian9/bootstrap.sh b/bootstrap/generated-dists/debian9/bootstrap.sh >deleted file mode 100755 >index f0847eb3c20..00000000000 >--- a/bootstrap/generated-dists/debian9/bootstrap.sh >+++ /dev/null >@@ -1,105 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-export DEBIAN_FRONTEND=noninteractive >-apt-get -y update >- >-apt-get -y install \ >- acl \ >- apt-utils \ >- attr \ >- autoconf \ >- bind9utils \ >- binutils \ >- bison \ >- build-essential \ >- chrpath \ >- curl \ >- debhelper \ >- dnsutils \ >- docbook-xml \ >- docbook-xsl \ >- flex \ >- gcc \ >- gdb \ >- git \ >- glusterfs-common \ >- gzip \ >- heimdal-multidev \ >- hostname \ >- htop \ >- krb5-config \ >- krb5-kdc \ >- krb5-user \ >- lcov \ >- libacl1-dev \ >- libarchive-dev \ >- libattr1-dev \ >- libavahi-common-dev \ >- libblkid-dev \ >- libbsd-dev \ >- libcap-dev \ >- libcephfs-dev \ >- libcups2-dev \ >- libdbus-1-dev \ >- libglib2.0-dev \ >- libgnutls28-dev \ >- libgpgme11-dev \ >- libicu-dev \ >- libjansson-dev \ >- libjs-jquery \ >- libjson-perl \ >- libkrb5-dev \ >- libldap2-dev \ >- liblmdb-dev \ >- libncurses5-dev \ >- libpam0g-dev \ >- libparse-yapp-perl \ >- libpcap-dev \ >- libpopt-dev \ >- libreadline-dev \ >- libsystemd-dev \ >- libtasn1-bin \ >- libtasn1-dev \ >- libunwind-dev \ >- lmdb-utils \ >- locales \ >- lsb-release \ >- make \ >- mawk \ >- mingw-w64 \ >- patch \ >- perl \ >- perl-modules \ >- pkg-config \ >- procps \ >- psmisc \ >- python3 \ >- python3-dbg \ >- python3-dev \ >- python3-dnspython \ >- python3-gpg \ >- python3-iso8601 \ >- python3-markdown \ >- python3-matplotlib \ >- python3-pexpect \ >- rng-tools \ >- rsync \ >- sed \ >- sudo \ >- tar \ >- tree \ >- uuid-dev \ >- xfslibs-dev \ >- xsltproc \ >- zlib1g-dev >- >-apt-get -y autoremove >-apt-get -y autoclean >-apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian9/locale.sh b/bootstrap/generated-dists/debian9/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/debian9/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/debian9/packages.yml b/bootstrap/generated-dists/debian9/packages.yml >deleted file mode 100644 >index a242cd8b362..00000000000 >--- a/bootstrap/generated-dists/debian9/packages.yml >+++ /dev/null >@@ -1,90 +0,0 @@ >---- >-packages: >- - acl >- - apt-utils >- - attr >- - autoconf >- - bind9utils >- - binutils >- - bison >- - build-essential >- - chrpath >- - curl >- - debhelper >- - dnsutils >- - docbook-xml >- - docbook-xsl >- - flex >- - gcc >- - gdb >- - git >- - glusterfs-common >- - gzip >- - heimdal-multidev >- - hostname >- - htop >- - krb5-config >- - krb5-kdc >- - krb5-user >- - lcov >- - libacl1-dev >- - libarchive-dev >- - libattr1-dev >- - libavahi-common-dev >- - libblkid-dev >- - libbsd-dev >- - libcap-dev >- - libcephfs-dev >- - libcups2-dev >- - libdbus-1-dev >- - libglib2.0-dev >- - libgnutls28-dev >- - libgpgme11-dev >- - libicu-dev >- - libjansson-dev >- - libjs-jquery >- - libjson-perl >- - libkrb5-dev >- - libldap2-dev >- - liblmdb-dev >- - libncurses5-dev >- - libpam0g-dev >- - libparse-yapp-perl >- - libpcap-dev >- - libpopt-dev >- - libreadline-dev >- - libsystemd-dev >- - libtasn1-bin >- - libtasn1-dev >- - libunwind-dev >- - lmdb-utils >- - locales >- - lsb-release >- - make >- - mawk >- - mingw-w64 >- - patch >- - perl >- - perl-modules >- - pkg-config >- - procps >- - psmisc >- - python3 >- - python3-dbg >- - python3-dev >- - python3-dnspython >- - python3-gpg >- - python3-iso8601 >- - python3-markdown >- - python3-matplotlib >- - python3-pexpect >- - rng-tools >- - rsync >- - sed >- - sudo >- - tar >- - tree >- - uuid-dev >- - xfslibs-dev >- - xsltproc >- - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/Dockerfile b/bootstrap/generated-dists/ubuntu1604/Dockerfile >deleted file mode 100644 >index 93001fcdcca..00000000000 >--- a/bootstrap/generated-dists/ubuntu1604/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM ubuntu:16.04 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >deleted file mode 100755 >index a8f47762ded..00000000000 >--- a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >+++ /dev/null >@@ -1,104 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-export DEBIAN_FRONTEND=noninteractive >-apt-get -y update >- >-apt-get -y install \ >- acl \ >- apt-utils \ >- attr \ >- autoconf \ >- bind9utils \ >- binutils \ >- bison \ >- build-essential \ >- chrpath \ >- curl \ >- debhelper \ >- dnsutils \ >- docbook-xml \ >- docbook-xsl \ >- flex \ >- gcc \ >- gdb \ >- git \ >- gzip \ >- heimdal-multidev \ >- hostname \ >- htop \ >- krb5-config \ >- krb5-kdc \ >- krb5-user \ >- language-pack-en \ >- lcov \ >- libacl1-dev \ >- libarchive-dev \ >- libattr1-dev \ >- libavahi-common-dev \ >- libblkid-dev \ >- libbsd-dev \ >- libcap-dev \ >- libcups2-dev \ >- libdbus-1-dev \ >- libglib2.0-dev \ >- libgnutls28-dev \ >- libgpgme11-dev \ >- libicu-dev \ >- libjansson-dev \ >- libjs-jquery \ >- libjson-perl \ >- libkrb5-dev \ >- libldap2-dev \ >- liblmdb-dev \ >- libncurses5-dev \ >- libpam0g-dev \ >- libparse-yapp-perl \ >- libpcap-dev \ >- libpopt-dev \ >- libreadline-dev \ >- libsystemd-dev \ >- libtasn1-bin \ >- libtasn1-dev \ >- libunwind-dev \ >- lmdb-utils \ >- locales \ >- lsb-release \ >- make \ >- mawk \ >- mingw-w64 \ >- patch \ >- perl \ >- perl-modules \ >- pkg-config \ >- procps \ >- psmisc \ >- python3 \ >- python3-dbg \ >- python3-dev \ >- python3-dnspython \ >- python3-gpgme \ >- python3-iso8601 \ >- python3-markdown \ >- python3-matplotlib \ >- python3-pexpect \ >- rng-tools \ >- rsync \ >- sed \ >- sudo \ >- tar \ >- tree \ >- uuid-dev \ >- xfslibs-dev \ >- xsltproc \ >- zlib1g-dev >- >-apt-get -y autoremove >-apt-get -y autoclean >-apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/locale.sh b/bootstrap/generated-dists/ubuntu1604/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/ubuntu1604/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/packages.yml b/bootstrap/generated-dists/ubuntu1604/packages.yml >deleted file mode 100644 >index c3cd9af9c3e..00000000000 >--- a/bootstrap/generated-dists/ubuntu1604/packages.yml >+++ /dev/null >@@ -1,89 +0,0 @@ >---- >-packages: >- - acl >- - apt-utils >- - attr >- - autoconf >- - bind9utils >- - binutils >- - bison >- - build-essential >- - chrpath >- - curl >- - debhelper >- - dnsutils >- - docbook-xml >- - docbook-xsl >- - flex >- - gcc >- - gdb >- - git >- - gzip >- - heimdal-multidev >- - hostname >- - htop >- - krb5-config >- - krb5-kdc >- - krb5-user >- - language-pack-en >- - lcov >- - libacl1-dev >- - libarchive-dev >- - libattr1-dev >- - libavahi-common-dev >- - libblkid-dev >- - libbsd-dev >- - libcap-dev >- - libcups2-dev >- - libdbus-1-dev >- - libglib2.0-dev >- - libgnutls28-dev >- - libgpgme11-dev >- - libicu-dev >- - libjansson-dev >- - libjs-jquery >- - libjson-perl >- - libkrb5-dev >- - libldap2-dev >- - liblmdb-dev >- - libncurses5-dev >- - libpam0g-dev >- - libparse-yapp-perl >- - libpcap-dev >- - libpopt-dev >- - libreadline-dev >- - libsystemd-dev >- - libtasn1-bin >- - libtasn1-dev >- - libunwind-dev >- - lmdb-utils >- - locales >- - lsb-release >- - make >- - mawk >- - mingw-w64 >- - patch >- - perl >- - perl-modules >- - pkg-config >- - procps >- - psmisc >- - python3 >- - python3-dbg >- - python3-dev >- - python3-dnspython >- - python3-gpgme >- - python3-iso8601 >- - python3-markdown >- - python3-matplotlib >- - python3-pexpect >- - rng-tools >- - rsync >- - sed >- - sudo >- - tar >- - tree >- - uuid-dev >- - xfslibs-dev >- - xsltproc >- - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 2378dd2d94f..7344075d11d 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-cd4cebb9c611fb98f3a21171dd4832df930add28 >+2b0275df23424240774afcd61fae8abed8663996 >-- >2.25.1 > > >From 8a9e1d2f57aaac8e8ae2a4ff56f098e5896eedaa Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 17 Mar 2020 16:49:02 +1300 >Subject: [PATCH 004/380] bootstrap: Bring back a Ubuntu 16.04 build but just > for the samba-fuzz task > >This is needed to restore oss-fuzz support, as this uses the Ubuntu 16.04 package list >because all the docker images provided start with a Ubuntu 16.04 base. > >REF: https://github.com/google/oss-fuzz/issues/3505 >REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21189 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >(cherry picked from commit e10910f8de542b0be9b89942791bd37288b7a32a) >--- > .gitlab-ci.yml | 3 +- > bootstrap/.gitlab-ci.yml | 11 +- > bootstrap/config.py | 11 ++ > bootstrap/generated-dists/Vagrantfile | 7 ++ > .../generated-dists/ubuntu1604/Dockerfile | 27 +++++ > .../generated-dists/ubuntu1604/bootstrap.sh | 104 ++++++++++++++++++ > .../generated-dists/ubuntu1604/locale.sh | 55 +++++++++ > .../generated-dists/ubuntu1604/packages.yml | 89 +++++++++++++++ > bootstrap/sha1sum.txt | 2 +- > 9 files changed, 305 insertions(+), 4 deletions(-) > create mode 100644 bootstrap/generated-dists/ubuntu1604/Dockerfile > create mode 100755 bootstrap/generated-dists/ubuntu1604/bootstrap.sh > create mode 100755 bootstrap/generated-dists/ubuntu1604/locale.sh > create mode 100644 bootstrap/generated-dists/ubuntu1604/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index 9bd5dd04b4f..8becacb8d4e 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 2b0275df23424240774afcd61fae8abed8663996 >+ SAMBA_CI_CONTAINER_TAG: 6bb2eeaf8203467d9a93a722071b0f081027410e > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -157,6 +157,7 @@ samba-static: > > samba-fuzz: > extends: .shared_template >+ image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG} > > ctdb: > extends: .shared_template >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index 4e52da09dcc..ecd9f4d4223 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -9,6 +9,7 @@ services: > - gce > variables: > SAMBA_CI_IS_BROKEN_IMAGE: "no" >+ SAMBA_CI_TEST_JOB: "samba-o3" > before_script: > # Ensure we are generating correct the container > - uname -a >@@ -40,9 +41,9 @@ services: > docker run --volume $(pwd):${samba_repo_root} --workdir ${samba_repo_root} ${ci_image_name} \ > bootstrap/template.py --sha1sum > /tmp/sha1sum-template.txt > diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt >- # run smoke test with samba-o3 >+ # run smoke test with samba-o3 or samba-fuzz > docker run --volume $(pwd):${samba_repo_root} --workdir ${samba_repo_root} ${ci_image_name} \ >- /bin/bash -c "sudo chown -R samba:samba ./** && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py samba-o3 --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase" >+ /bin/bash -c "sudo chown -R samba:samba ./** && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase" > docker tag ${ci_image_name} ${ci_image_path}:${SAMBA_CI_CONTAINER_TAG} > docker tag ${ci_image_name} ${ci_image_path}:${timestamp_tag} > # We build all images, but only upload is it's not marked as broken >@@ -83,6 +84,12 @@ services: > # > - $SAMBA_CI_REBUILD_BROKEN_IMAGES == "yes" > >+# This is ONLY for oss-fuzz, so we test a fuzz build not a real one >+ubuntu1604: >+ extends: .build_image_template >+ variables: >+ SAMBA_CI_TEST_JOB: "samba-fuzz" >+ > ubuntu1804: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 19a2cf08b9d..ff9bb150672 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -382,6 +382,17 @@ DEB_DISTS = { > 'liburing-dev': '', # not available > } > }, >+ 'ubuntu1604': { >+ 'docker_image': 'ubuntu:16.04', >+ 'vagrant_box': 'ubuntu/xenial64', >+ 'replace': { >+ 'python-gpg': 'python-gpgme', >+ 'python3-gpg': 'python3-gpgme', >+ 'glusterfs-common': '', >+ 'libcephfs-dev': '', >+ 'liburing-dev': '', # not available >+ } >+ }, > 'ubuntu1804': { > 'docker_image': 'ubuntu:18.04', > 'vagrant_box': 'ubuntu/bionic64', >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 091c65488cb..47c58d5a87b 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -66,6 +66,13 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "opensuse151/locale.sh" > end > >+ config.vm.define "ubuntu1604" do |v| >+ v.vm.box = "ubuntu/xenial64" >+ v.vm.hostname = "ubuntu1604" >+ v.vm.provision :shell, path: "ubuntu1604/bootstrap.sh" >+ v.vm.provision :shell, path: "ubuntu1604/locale.sh" >+ end >+ > config.vm.define "ubuntu1804" do |v| > v.vm.box = "ubuntu/bionic64" > v.vm.hostname = "ubuntu1804" >diff --git a/bootstrap/generated-dists/ubuntu1604/Dockerfile b/bootstrap/generated-dists/ubuntu1604/Dockerfile >new file mode 100644 >index 00000000000..93001fcdcca >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu1604/Dockerfile >@@ -0,0 +1,27 @@ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+FROM ubuntu:16.04 >+ >+# pass in with --build-arg while build >+ARG SHA1SUM >+RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >+ >+ADD *.sh /tmp/ >+# need root permission, do it before USER samba >+RUN /tmp/bootstrap.sh && /tmp/locale.sh >+ >+# if ld.gold exists, force link it to ld >+RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >+ >+# make test can not work with root, so we have to create a new user >+RUN useradd -m -U -s /bin/bash samba && \ >+ mkdir -p /etc/sudoers.d && \ >+ echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >+ >+USER samba >+WORKDIR /home/samba >+# samba tests rely on this >+ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >new file mode 100755 >index 00000000000..a8f47762ded >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >@@ -0,0 +1,104 @@ >+#!/bin/bash >+ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+set -xueo pipefail >+ >+export DEBIAN_FRONTEND=noninteractive >+apt-get -y update >+ >+apt-get -y install \ >+ acl \ >+ apt-utils \ >+ attr \ >+ autoconf \ >+ bind9utils \ >+ binutils \ >+ bison \ >+ build-essential \ >+ chrpath \ >+ curl \ >+ debhelper \ >+ dnsutils \ >+ docbook-xml \ >+ docbook-xsl \ >+ flex \ >+ gcc \ >+ gdb \ >+ git \ >+ gzip \ >+ heimdal-multidev \ >+ hostname \ >+ htop \ >+ krb5-config \ >+ krb5-kdc \ >+ krb5-user \ >+ language-pack-en \ >+ lcov \ >+ libacl1-dev \ >+ libarchive-dev \ >+ libattr1-dev \ >+ libavahi-common-dev \ >+ libblkid-dev \ >+ libbsd-dev \ >+ libcap-dev \ >+ libcups2-dev \ >+ libdbus-1-dev \ >+ libglib2.0-dev \ >+ libgnutls28-dev \ >+ libgpgme11-dev \ >+ libicu-dev \ >+ libjansson-dev \ >+ libjs-jquery \ >+ libjson-perl \ >+ libkrb5-dev \ >+ libldap2-dev \ >+ liblmdb-dev \ >+ libncurses5-dev \ >+ libpam0g-dev \ >+ libparse-yapp-perl \ >+ libpcap-dev \ >+ libpopt-dev \ >+ libreadline-dev \ >+ libsystemd-dev \ >+ libtasn1-bin \ >+ libtasn1-dev \ >+ libunwind-dev \ >+ lmdb-utils \ >+ locales \ >+ lsb-release \ >+ make \ >+ mawk \ >+ mingw-w64 \ >+ patch \ >+ perl \ >+ perl-modules \ >+ pkg-config \ >+ procps \ >+ psmisc \ >+ python3 \ >+ python3-dbg \ >+ python3-dev \ >+ python3-dnspython \ >+ python3-gpgme \ >+ python3-iso8601 \ >+ python3-markdown \ >+ python3-matplotlib \ >+ python3-pexpect \ >+ rng-tools \ >+ rsync \ >+ sed \ >+ sudo \ >+ tar \ >+ tree \ >+ uuid-dev \ >+ xfslibs-dev \ >+ xsltproc \ >+ zlib1g-dev >+ >+apt-get -y autoremove >+apt-get -y autoclean >+apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/locale.sh b/bootstrap/generated-dists/ubuntu1604/locale.sh >new file mode 100755 >index 00000000000..cc64e180483 >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu1604/locale.sh >@@ -0,0 +1,55 @@ >+#!/bin/bash >+ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+set -xueo pipefail >+ >+# refer to /usr/share/i18n/locales >+INPUTFILE=en_US >+# refer to /usr/share/i18n/charmaps >+CHARMAP=UTF-8 >+# locale to generate in /usr/lib/locale >+# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >+LOCALE=$INPUTFILE.utf8 >+ >+# if locale is already correct, exit >+( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >+ >+# if locale not available, generate locale into /usr/lib/locale >+if ! ( locale --all-locales | grep -i $LOCALE ) >+then >+ # no-archive means create its own dir >+ localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >+fi >+ >+# update locale conf and global env file >+# set both LC_ALL and LANG for safe >+ >+# update conf for Debian family >+FILE=/etc/default/locale >+if [ -f $FILE ] >+then >+ echo LC_ALL="$LOCALE" > $FILE >+ echo LANG="$LOCALE" >> $FILE >+fi >+ >+# update conf for RedHat family >+FILE=/etc/locale.conf >+if [ -f $FILE ] >+then >+ # LC_ALL is not valid in this file, set LANG only >+ echo LANG="$LOCALE" > $FILE >+fi >+ >+# update global env file >+FILE=/etc/environment >+if [ -f $FILE ] >+then >+ # append LC_ALL if not exist >+ grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >+ # append LANG if not exist >+ grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >+fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu1604/packages.yml b/bootstrap/generated-dists/ubuntu1604/packages.yml >new file mode 100644 >index 00000000000..c3cd9af9c3e >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu1604/packages.yml >@@ -0,0 +1,89 @@ >+--- >+packages: >+ - acl >+ - apt-utils >+ - attr >+ - autoconf >+ - bind9utils >+ - binutils >+ - bison >+ - build-essential >+ - chrpath >+ - curl >+ - debhelper >+ - dnsutils >+ - docbook-xml >+ - docbook-xsl >+ - flex >+ - gcc >+ - gdb >+ - git >+ - gzip >+ - heimdal-multidev >+ - hostname >+ - htop >+ - krb5-config >+ - krb5-kdc >+ - krb5-user >+ - language-pack-en >+ - lcov >+ - libacl1-dev >+ - libarchive-dev >+ - libattr1-dev >+ - libavahi-common-dev >+ - libblkid-dev >+ - libbsd-dev >+ - libcap-dev >+ - libcups2-dev >+ - libdbus-1-dev >+ - libglib2.0-dev >+ - libgnutls28-dev >+ - libgpgme11-dev >+ - libicu-dev >+ - libjansson-dev >+ - libjs-jquery >+ - libjson-perl >+ - libkrb5-dev >+ - libldap2-dev >+ - liblmdb-dev >+ - libncurses5-dev >+ - libpam0g-dev >+ - libparse-yapp-perl >+ - libpcap-dev >+ - libpopt-dev >+ - libreadline-dev >+ - libsystemd-dev >+ - libtasn1-bin >+ - libtasn1-dev >+ - libunwind-dev >+ - lmdb-utils >+ - locales >+ - lsb-release >+ - make >+ - mawk >+ - mingw-w64 >+ - patch >+ - perl >+ - perl-modules >+ - pkg-config >+ - procps >+ - psmisc >+ - python3 >+ - python3-dbg >+ - python3-dev >+ - python3-dnspython >+ - python3-gpgme >+ - python3-iso8601 >+ - python3-markdown >+ - python3-matplotlib >+ - python3-pexpect >+ - rng-tools >+ - rsync >+ - sed >+ - sudo >+ - tar >+ - tree >+ - uuid-dev >+ - xfslibs-dev >+ - xsltproc >+ - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 7344075d11d..1c9d01d5e7d 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-2b0275df23424240774afcd61fae8abed8663996 >+6bb2eeaf8203467d9a93a722071b0f081027410e >-- >2.25.1 > > >From 726fb38c1ce2126886eaf8a8ed050c54e98c5daf Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 17 Mar 2020 17:39:48 +0100 >Subject: [PATCH 005/380] bootstrap: Add podman command to readme > >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 272b43d331c7cd0452069128166404af7f088b36) >--- > bootstrap/READMD.md | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/bootstrap/READMD.md b/bootstrap/READMD.md >index b8a30098b67..023686e20c4 100644 >--- a/bootstrap/READMD.md >+++ b/bootstrap/READMD.md >@@ -83,6 +83,10 @@ With Docker: > docker pull registry.gitlab.com/samba-team/devel/samba/samba-ci-ubuntu1804:${sha1sum} > docker run -it -v $(pwd):/home/samba/samba samba-ci-ubuntu1804:${sha1sum} bash > >+With podman: >+ >+ podman run -ti --cap-add=SYS_PTRACE --security-opt seccomp=unconfined registry.gitlab.com/samba-team/devel/samba/samba-ci-ubuntu1804:${sha1sum} bash >+ > With Vagrant: > > cd bootstrap/generated-dists/ >-- >2.25.1 > > >From 12fe6ac5e72ff4ca10d883ce3ef2098d8e6fd2a0 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 16 Mar 2020 17:00:16 +0100 >Subject: [PATCH 006/380] third_party: Update nss_wrapper to version 1.1.10 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Fri Mar 20 12:41:36 UTC 2020 on sn-devel-184 > >(cherry picked from commit 639e64d30d54d600e96ea06c9a2afaa91cb1c9a4) >--- > buildtools/wafsamba/samba_third_party.py | 2 +- > third_party/nss_wrapper/nss_wrapper.c | 550 ++++++++++++++++++++--- > third_party/nss_wrapper/wscript | 3 +- > 3 files changed, 493 insertions(+), 62 deletions(-) > >diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py >index 38df19369d7..a7026034984 100644 >--- a/buildtools/wafsamba/samba_third_party.py >+++ b/buildtools/wafsamba/samba_third_party.py >@@ -29,7 +29,7 @@ Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER > > @conf > def CHECK_NSS_WRAPPER(conf): >- return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.7') >+ return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.10') > Build.BuildContext.CHECK_NSS_WRAPPER = CHECK_NSS_WRAPPER > > @conf >diff --git a/third_party/nss_wrapper/nss_wrapper.c b/third_party/nss_wrapper/nss_wrapper.c >index 1bcd3b1b72d..d90264c6d24 100644 >--- a/third_party/nss_wrapper/nss_wrapper.c >+++ b/third_party/nss_wrapper/nss_wrapper.c >@@ -351,6 +351,15 @@ struct nwrap_libc_fns { > struct hostent *(*_libc_gethostbyname)(const char *name); > #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */ > struct hostent *(*_libc_gethostbyname2)(const char *name, int af); >+#endif >+#ifdef HAVE_GETHOSTBYNAME2_R /* GNU extension */ >+ int (*_libc_gethostbyname2_r)(const char *name, >+ int af, >+ struct hostent *ret, >+ char *buf, >+ size_t buflen, >+ struct hostent **result, >+ int *h_errnop); > #endif > struct hostent *(*_libc_gethostbyaddr)(const void *addr, socklen_t len, int type); > >@@ -395,6 +404,14 @@ struct nwrap_module_nss_fns { > NSS_STATUS (*_nss_getgrent_r)(struct group *result, char *buffer, > size_t buflen, int *errnop); > NSS_STATUS (*_nss_endgrent)(void); >+ NSS_STATUS (*_nss_gethostbyaddr_r)(const void *addr, socklen_t addrlen, >+ int af, struct hostent *result, >+ char *buffer, size_t buflen, >+ int *errnop, int *h_errnop); >+ NSS_STATUS (*_nss_gethostbyname2_r)(const char *name, int af, >+ struct hostent *result, >+ char *buffer, size_t buflen, >+ int *errnop, int *h_errnop); > }; > > struct nwrap_backend { >@@ -405,6 +422,8 @@ struct nwrap_backend { > struct nwrap_module_nss_fns *fns; > }; > >+struct nwrap_vector; >+ > struct nwrap_ops { > struct passwd * (*nw_getpwnam)(struct nwrap_backend *b, > const char *name); >@@ -440,6 +459,18 @@ struct nwrap_ops { > struct group *grdst, char *buf, > size_t buflen, struct group **grdstp); > void (*nw_endgrent)(struct nwrap_backend *b); >+ struct hostent *(*nw_gethostbyaddr)(struct nwrap_backend *b, >+ const void *addr, >+ socklen_t len, int type); >+ struct hostent *(*nw_gethostbyname)(struct nwrap_backend *b, >+ const char *name); >+ struct hostent *(*nw_gethostbyname2)(struct nwrap_backend *b, >+ const char *name, int af); >+ int (*nw_gethostbyname2_r)(struct nwrap_backend *b, >+ const char *name, int af, >+ struct hostent *hedst, >+ char *buf, size_t buflen, >+ struct hostent **hedstp); > }; > > /* Public prototypes */ >@@ -485,6 +516,20 @@ static int nwrap_files_getgrent_r(struct nwrap_backend *b, > struct group *grdst, char *buf, > size_t buflen, struct group **grdstp); > static void nwrap_files_endgrent(struct nwrap_backend *b); >+static struct hostent *nwrap_files_gethostbyaddr(struct nwrap_backend *b, >+ const void *addr, >+ socklen_t len, int type); >+static struct hostent *nwrap_files_gethostbyname(struct nwrap_backend *b, >+ const char *name); >+#ifdef HAVE_GETHOSTBYNAME2 >+static struct hostent *nwrap_files_gethostbyname2(struct nwrap_backend *b, >+ const char *name, int af); >+#endif /* HAVE_GETHOSTBYNAME2 */ >+static int nwrap_files_gethostbyname2_r(struct nwrap_backend *b, >+ const char *name, int af, >+ struct hostent *hedst, >+ char *buf, size_t buflen, >+ struct hostent **hedstp); > > /* prototypes for module backend */ > >@@ -522,6 +567,18 @@ static void nwrap_module_setgrent(struct nwrap_backend *b); > static void nwrap_module_endgrent(struct nwrap_backend *b); > static int nwrap_module_initgroups(struct nwrap_backend *b, > const char *user, gid_t group); >+static struct hostent *nwrap_module_gethostbyaddr(struct nwrap_backend *b, >+ const void *addr, >+ socklen_t len, int type); >+static struct hostent *nwrap_module_gethostbyname(struct nwrap_backend *b, >+ const char *name); >+static struct hostent *nwrap_module_gethostbyname2(struct nwrap_backend *b, >+ const char *name, int af); >+static int nwrap_module_gethostbyname2_r(struct nwrap_backend *b, >+ const char *name, int af, >+ struct hostent *hedst, >+ char *buf, size_t buflen, >+ struct hostent **hedstp); > > struct nwrap_ops nwrap_files_ops = { > .nw_getpwnam = nwrap_files_getpwnam, >@@ -541,6 +598,12 @@ struct nwrap_ops nwrap_files_ops = { > .nw_getgrent = nwrap_files_getgrent, > .nw_getgrent_r = nwrap_files_getgrent_r, > .nw_endgrent = nwrap_files_endgrent, >+ .nw_gethostbyaddr = nwrap_files_gethostbyaddr, >+ .nw_gethostbyname = nwrap_files_gethostbyname, >+#ifdef HAVE_GETHOSTBYNAME2 >+ .nw_gethostbyname2 = nwrap_files_gethostbyname2, >+#endif /* HAVE_GETHOSTBYNAME2 */ >+ .nw_gethostbyname2_r = nwrap_files_gethostbyname2_r, > }; > > struct nwrap_ops nwrap_module_ops = { >@@ -561,6 +624,10 @@ struct nwrap_ops nwrap_module_ops = { > .nw_getgrent = nwrap_module_getgrent, > .nw_getgrent_r = nwrap_module_getgrent_r, > .nw_endgrent = nwrap_module_endgrent, >+ .nw_gethostbyaddr = nwrap_module_gethostbyaddr, >+ .nw_gethostbyname = nwrap_module_gethostbyname, >+ .nw_gethostbyname2 = nwrap_module_gethostbyname2, >+ .nw_gethostbyname2_r = nwrap_module_gethostbyname2_r, > }; > > struct nwrap_libc { >@@ -571,7 +638,7 @@ struct nwrap_libc { > }; > > struct nwrap_main { >- int num_backends; >+ size_t num_backends; > struct nwrap_backend *backends; > struct nwrap_libc *libc; > }; >@@ -1318,6 +1385,27 @@ static struct hostent *libc_gethostbyname2(const char *name, int af) > } > #endif > >+#ifdef HAVE_GETHOSTBYNAME2_R /* GNU extension */ >+static int libc_gethostbyname2_r(const char *name, >+ int af, >+ struct hostent *ret, >+ char *buf, >+ size_t buflen, >+ struct hostent **result, >+ int *h_errnop) >+{ >+ nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname2_r); >+ >+ return nwrap_main_global->libc->fns->_libc_gethostbyname2_r(name, >+ af, >+ ret, >+ buf, >+ buflen, >+ result, >+ h_errnop); >+} >+#endif >+ > static struct hostent *libc_gethostbyaddr(const void *addr, > socklen_t len, > int type) >@@ -1417,22 +1505,24 @@ static int libc_getnameinfo(const struct sockaddr *sa, > static void *nwrap_load_module_fn(struct nwrap_backend *b, > const char *fn_name) > { >- void *res; >- char *s; >+ void *res = NULL; >+ char *s = NULL; >+ int rc; > >- if (!b->so_handle) { >+ if (b->so_handle == NULL) { > NWRAP_LOG(NWRAP_LOG_ERROR, "No handle"); > return NULL; > } > >- if (asprintf(&s, "_nss_%s_%s", b->name, fn_name) == -1) { >+ rc = asprintf(&s, "_nss_%s_%s", b->name, fn_name); >+ if (rc == -1) { > NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory"); > return NULL; > } > > res = dlsym(b->so_handle, s); >- if (!res) { >- NWRAP_LOG(NWRAP_LOG_ERROR, >+ if (res == NULL) { >+ NWRAP_LOG(NWRAP_LOG_WARN, > "Cannot find function %s in %s", > s, b->so_path); > } >@@ -1475,6 +1565,10 @@ static struct nwrap_module_nss_fns *nwrap_load_module_fns(struct nwrap_backend * > nwrap_load_module_fn(b, "getgrent_r"); > *(void **)(&fns->_nss_endgrent) = > nwrap_load_module_fn(b, "endgrent"); >+ *(void **)(&fns->_nss_gethostbyaddr_r) = >+ nwrap_load_module_fn(b, "gethostbyaddr_r"); >+ *(void **)(&fns->_nss_gethostbyname2_r) = >+ nwrap_load_module_fn(b, "gethostbyname2_r"); > > return fns; > } >@@ -1501,7 +1595,7 @@ static void *nwrap_load_module(const char *so_path) > static bool nwrap_module_init(const char *name, > struct nwrap_ops *ops, > const char *so_path, >- int *num_backends, >+ size_t *num_backends, > struct nwrap_backend **backends) > { > struct nwrap_backend *b; >@@ -3513,9 +3607,9 @@ static void nwrap_files_endgrent(struct nwrap_backend *b) > } > > /* hosts functions */ >-static int nwrap_files_gethostbyname(const char *name, int af, >- struct hostent *result, >- struct nwrap_vector *addr_list) >+static int nwrap_files_internal_gethostbyname(const char *name, int af, >+ struct hostent *result, >+ struct nwrap_vector *addr_list) > { > struct nwrap_entlist *el; > struct hostent *he; >@@ -3527,6 +3621,12 @@ static int nwrap_files_gethostbyname(const char *name, int af, > bool he_found = false; > bool ok; > >+ /* >+ * We need to make sure we have zeroed return pointer for consumers >+ * which don't check return values, e.g. OpenLDAP. >+ */ >+ ZERO_STRUCTP(result); >+ > ok = nwrap_files_cache_reload(nwrap_he_global.cache); > if (!ok) { > NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file"); >@@ -3611,19 +3711,30 @@ no_ent: > return -1; > } > >-#ifdef HAVE_GETHOSTBYNAME_R >-static int nwrap_gethostbyname_r(const char *name, >- struct hostent *ret, >- char *buf, size_t buflen, >- struct hostent **result, int *h_errnop) >+static int nwrap_files_gethostbyname2_r(struct nwrap_backend *b, >+ const char *name, int af, >+ struct hostent *hedst, >+ char *buf, size_t buflen, >+ struct hostent **hedstp) > { >- struct nwrap_vector *addr_list = malloc(sizeof(struct nwrap_vector)); >+ struct nwrap_vector *addr_list = NULL; > union { > char *ptr; > char **list; > } g; > int rc; > >+ (void) b; /* unused */ >+ (void) af; /* unused */ >+ >+ if (name == NULL || hedst == NULL || buf == NULL || buflen == 0) { >+ errno = EINVAL; >+ return -1; >+ } >+ *hedstp = NULL; >+ buf[0] = '\0'; >+ >+ addr_list = calloc(1, sizeof(struct nwrap_vector)); > if (addr_list == NULL) { > NWRAP_LOG(NWRAP_LOG_ERROR, > "Unable to allocate memory for address list"); >@@ -3631,20 +3742,17 @@ static int nwrap_gethostbyname_r(const char *name, > return -1; > } > >- ZERO_STRUCTP(addr_list); >- >- rc = nwrap_files_gethostbyname(name, AF_UNSPEC, ret, addr_list); >+ rc = nwrap_files_internal_gethostbyname(name, af, hedst, >+ addr_list); > if (rc == -1) { >- *h_errnop = h_errno; >- if (addr_list->items != NULL) { >- free(addr_list->items); >- } >+ SAFE_FREE(addr_list->items); > SAFE_FREE(addr_list); > errno = ENOENT; > return -1; > } > >- if (buflen < (addr_list->count * sizeof(void *))) { >+ /* +1 i for ending NULL pointer */ >+ if (buflen < ((addr_list->count + 1) * sizeof(void *))) { > SAFE_FREE(addr_list->items); > SAFE_FREE(addr_list); > return ERANGE; >@@ -3655,15 +3763,38 @@ static int nwrap_gethostbyname_r(const char *name, > * +1 is for ending NULL pointer. */ > memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *)); > >- free(addr_list->items); >- free(addr_list); >+ SAFE_FREE(addr_list->items); >+ SAFE_FREE(addr_list); > > g.ptr = buf; >- ret->h_addr_list = g.list; >- *result = ret; >+ hedst->h_addr_list = g.list; >+ *hedstp = hedst; > return 0; > } > >+#ifdef HAVE_GETHOSTBYNAME_R >+static int nwrap_gethostbyname_r(const char *name, >+ struct hostent *ret, >+ char *buf, size_t buflen, >+ struct hostent **result, int *h_errnop) >+{ >+ int rc; >+ size_t i; >+ >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ rc = b->ops->nw_gethostbyname2_r(b, name, AF_UNSPEC, ret, >+ buf, buflen, result); >+ if (rc == 0) { >+ return 0; >+ } else if (rc == ERANGE) { >+ return ERANGE; >+ } >+ } >+ *h_errnop = h_errno; >+ return ENOENT; >+} >+ > int gethostbyname_r(const char *name, > struct hostent *ret, > char *buf, size_t buflen, >@@ -3682,6 +3813,44 @@ int gethostbyname_r(const char *name, > } > #endif > >+#ifdef HAVE_GETHOSTBYNAME2_R >+static int nwrap_gethostbyname2_r(const char *name, int af, >+ struct hostent *ret, >+ char *buf, size_t buflen, >+ struct hostent **result, int *h_errnop) >+{ >+ int rc; >+ size_t i; >+ >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ rc = b->ops->nw_gethostbyname2_r(b, name, af, ret, >+ buf, buflen, result); >+ if (rc == 0) { >+ return 0; >+ } else if (rc == ERANGE) { >+ return ERANGE; >+ } >+ } >+ *h_errnop = h_errno; >+ return ENOENT; >+} >+ >+int gethostbyname2_r(const char *name, int af, >+ struct hostent *ret, >+ char *buf, size_t buflen, >+ struct hostent **result, int *h_errnop) >+{ >+ if (!nss_wrapper_hosts_enabled()) { >+ return libc_gethostbyname2_r(name, af, ret, buf, buflen, >+ result, h_errnop); >+ } >+ >+ return nwrap_gethostbyname2_r(name, af, ret, buf, buflen, result, >+ h_errnop); >+} >+#endif >+ > static int nwrap_files_getaddrinfo(const char *name, > unsigned short port, > const struct addrinfo *hints, >@@ -3785,7 +3954,8 @@ static int nwrap_files_getaddrinfo(const char *name, > return rc; > } > >-static struct hostent *nwrap_files_gethostbyaddr(const void *addr, >+static struct hostent *nwrap_files_gethostbyaddr(struct nwrap_backend *b, >+ const void *addr, > socklen_t len, int type) > { > struct hostent *he; >@@ -3795,6 +3965,7 @@ static struct hostent *nwrap_files_gethostbyaddr(const void *addr, > size_t i; > bool ok; > >+ (void) b; /* unused */ > (void) len; /* unused */ > > ok = nwrap_files_cache_reload(nwrap_he_global.cache); >@@ -3831,15 +4002,23 @@ static int nwrap_gethostbyaddr_r(const void *addr, socklen_t len, int type, > char *buf, size_t buflen, > struct hostent **result, int *h_errnop) > { >- *result = nwrap_files_gethostbyaddr(addr, len, type); >+ size_t i; >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ *result = b->ops->nw_gethostbyaddr(b, addr, len, type); >+ if (*result != NULL) { >+ break; >+ } >+ } >+ > if (*result != NULL) { > memset(buf, '\0', buflen); > *ret = **result; > return 0; >- } else { >- *h_errnop = h_errno; >- return -1; > } >+ >+ *h_errnop = h_errno; >+ return -1; > } > > int gethostbyaddr_r(const void *addr, socklen_t len, int type, >@@ -4336,13 +4515,189 @@ static void nwrap_module_endgrent(struct nwrap_backend *b) > b->fns->_nss_endgrent(); > } > >+static struct hostent *nwrap_module_gethostbyaddr(struct nwrap_backend *b, >+ const void *addr, >+ socklen_t len, int type) >+{ >+ static struct hostent he; >+ static char *buf = NULL; >+ static size_t buflen = 1000; >+ NSS_STATUS status; >+ >+ if (b->fns->_nss_gethostbyaddr_r == NULL) { >+ return NULL; >+ } >+ >+ if (buf == NULL) { >+ buf = (char *)malloc(buflen); >+ if (buf == NULL) { >+ return NULL; >+ } >+ } >+again: >+ status = b->fns->_nss_gethostbyaddr_r(addr, len, type, &he, >+ buf, buflen, &errno, &h_errno); >+ if (status == NSS_STATUS_TRYAGAIN) { >+ char *p = NULL; >+ >+ buflen *= 2; >+ p = (char *)realloc(buf, buflen); >+ if (p == NULL) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ buf = p; >+ goto again; >+ } >+ if (status == NSS_STATUS_NOTFOUND) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ if (status != NSS_STATUS_SUCCESS) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ >+ return &he; >+} >+ >+static int nwrap_module_gethostbyname2_r(struct nwrap_backend *b, >+ const char *name, int af, >+ struct hostent *hedst, >+ char *buf, size_t buflen, >+ struct hostent **hedstp) >+{ >+ NSS_STATUS status; >+ >+ *hedstp = NULL; >+ >+ if (b->fns->_nss_gethostbyname2_r == NULL) { >+ return ENOENT; >+ } >+ >+ status = b->fns->_nss_gethostbyname2_r(name, af, hedst, >+ buf, buflen, &errno, &h_errno); >+ switch (status) { >+ case NSS_STATUS_SUCCESS: >+ *hedstp = hedst; >+ return 0; >+ case NSS_STATUS_NOTFOUND: >+ if (errno != 0) { >+ return errno; >+ } >+ return ENOENT; >+ case NSS_STATUS_TRYAGAIN: >+ if (errno != 0) { >+ return errno; >+ } >+ return ERANGE; >+ default: >+ if (errno != 0) { >+ return errno; >+ } >+ return status; >+ } >+} >+ >+static struct hostent *nwrap_module_gethostbyname(struct nwrap_backend *b, >+ const char *name) >+{ >+ static struct hostent he; >+ static char *buf = NULL; >+ static size_t buflen = 1000; >+ NSS_STATUS status; >+ >+ if (b->fns->_nss_gethostbyname2_r == NULL) { >+ return NULL; >+ } >+ >+ if (buf == NULL) { >+ buf = (char *)malloc(buflen); >+ if (buf == NULL) { >+ return NULL; >+ } >+ } >+ >+again: >+ status = b->fns->_nss_gethostbyname2_r(name, AF_UNSPEC, &he, >+ buf, buflen, &errno, &h_errno); >+ if (status == NSS_STATUS_TRYAGAIN) { >+ char *p = NULL; >+ >+ buflen *= 2; >+ p = (char *)realloc(buf, buflen); >+ if (p == NULL) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ buf = p; >+ goto again; >+ } >+ if (status == NSS_STATUS_NOTFOUND) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ if (status != NSS_STATUS_SUCCESS) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ >+ return &he; >+} >+ >+static struct hostent *nwrap_module_gethostbyname2(struct nwrap_backend *b, >+ const char *name, int af) >+{ >+ static struct hostent he; >+ static char *buf = NULL; >+ static size_t buflen = 1000; >+ NSS_STATUS status; >+ >+ if (b->fns->_nss_gethostbyname2_r == NULL) { >+ return NULL; >+ } >+ >+ if (buf == NULL) { >+ buf = (char *)malloc(buflen); >+ if (buf == NULL) { >+ return NULL; >+ } >+ } >+ >+again: >+ status = b->fns->_nss_gethostbyname2_r(name, af, &he, >+ buf, buflen, &errno, &h_errno); >+ if (status == NSS_STATUS_TRYAGAIN) { >+ char *p = NULL; >+ >+ buflen *= 2; >+ p = (char *)realloc(buf, buflen); >+ if (p == NULL) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ buf = p; >+ goto again; >+ } >+ if (status == NSS_STATUS_NOTFOUND) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ if (status != NSS_STATUS_SUCCESS) { >+ SAFE_FREE(buf); >+ return NULL; >+ } >+ >+ return &he; >+} >+ > /**************************************************************************** > * GETPWNAM > ***************************************************************************/ > > static struct passwd *nwrap_getpwnam(const char *name) > { >- int i; >+ size_t i; > struct passwd *pwd; > > for (i=0; i < nwrap_main_global->num_backends; i++) { >@@ -4372,7 +4727,8 @@ struct passwd *getpwnam(const char *name) > static int nwrap_getpwnam_r(const char *name, struct passwd *pwdst, > char *buf, size_t buflen, struct passwd **pwdstp) > { >- int i,ret; >+ size_t i; >+ int ret; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4409,7 +4765,7 @@ int getpwnam_r(const char *name, struct passwd *pwdst, > > static struct passwd *nwrap_getpwuid(uid_t uid) > { >- int i; >+ size_t i; > struct passwd *pwd; > > for (i=0; i < nwrap_main_global->num_backends; i++) { >@@ -4439,7 +4795,8 @@ struct passwd *getpwuid(uid_t uid) > static int nwrap_getpwuid_r(uid_t uid, struct passwd *pwdst, > char *buf, size_t buflen, struct passwd **pwdstp) > { >- int i,ret; >+ size_t i; >+ int ret; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4474,7 +4831,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwdst, > > static void nwrap_setpwent(void) > { >- int i; >+ size_t i; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4498,7 +4855,7 @@ void setpwent(void) > > static struct passwd *nwrap_getpwent(void) > { >- int i; >+ size_t i; > struct passwd *pwd; > > for (i=0; i < nwrap_main_global->num_backends; i++) { >@@ -4529,7 +4886,8 @@ struct passwd *getpwent(void) > static int nwrap_getpwent_r(struct passwd *pwdst, char *buf, > size_t buflen, struct passwd **pwdstp) > { >- int i,ret; >+ size_t i; >+ int ret; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4578,7 +4936,7 @@ int getpwent_r(struct passwd *pwdst, char *buf, > > static void nwrap_endpwent(void) > { >- int i; >+ size_t i; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4602,7 +4960,7 @@ void endpwent(void) > > static int nwrap_initgroups(const char *user, gid_t group) > { >- int i; >+ size_t i; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4633,7 +4991,7 @@ int initgroups(const char *user, gid_t group) > > static struct group *nwrap_getgrnam(const char *name) > { >- int i; >+ size_t i; > struct group *grp; > > for (i=0; i < nwrap_main_global->num_backends; i++) { >@@ -4663,7 +5021,8 @@ struct group *getgrnam(const char *name) > static int nwrap_getgrnam_r(const char *name, struct group *grdst, > char *buf, size_t buflen, struct group **grdstp) > { >- int i, ret; >+ size_t i; >+ int ret; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4704,7 +5063,7 @@ int getgrnam_r(const char *name, struct group *grp, > > static struct group *nwrap_getgrgid(gid_t gid) > { >- int i; >+ size_t i; > struct group *grp; > > for (i=0; i < nwrap_main_global->num_backends; i++) { >@@ -4734,7 +5093,8 @@ struct group *getgrgid(gid_t gid) > static int nwrap_getgrgid_r(gid_t gid, struct group *grdst, > char *buf, size_t buflen, struct group **grdstp) > { >- int i,ret; >+ size_t i; >+ int ret; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4771,7 +5131,7 @@ int getgrgid_r(gid_t gid, struct group *grdst, > > static void nwrap_setgrent(void) > { >- int i; >+ size_t i; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4806,7 +5166,7 @@ out: > > static struct group *nwrap_getgrent(void) > { >- int i; >+ size_t i; > struct group *grp; > > for (i=0; i < nwrap_main_global->num_backends; i++) { >@@ -4837,7 +5197,8 @@ struct group *getgrent(void) > static int nwrap_getgrent_r(struct group *grdst, char *buf, > size_t buflen, struct group **grdstp) > { >- int i,ret; >+ size_t i; >+ int ret; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -4887,7 +5248,7 @@ int getgrent_r(struct group *src, char *buf, > > static void nwrap_endgrent(void) > { >- int i; >+ size_t i; > > for (i=0; i < nwrap_main_global->num_backends; i++) { > struct nwrap_backend *b = &nwrap_main_global->backends[i]; >@@ -5129,6 +5490,7 @@ void endhostent(void) > } > #endif /* HAVE_SOLARIS_ENDHOSTENT */ > >+ > #ifdef BSD > /* BSD implementation stores data in thread local storage but GLIBC does not */ > static __thread struct hostent user_he; >@@ -5137,12 +5499,37 @@ static __thread struct nwrap_vector user_addrlist; > static struct hostent user_he; > static struct nwrap_vector user_addrlist; > #endif /* BSD */ >+ >+static struct hostent *nwrap_files_gethostbyname(struct nwrap_backend *b, >+ const char *name) >+{ >+ int ret; >+ >+ (void) b; /* unused */ >+ >+ ret = nwrap_files_internal_gethostbyname(name, AF_UNSPEC, &user_he, >+ &user_addrlist); >+ if (ret == 0) { >+ return &user_he; >+ } >+ >+ return NULL; >+} >+ > static struct hostent *nwrap_gethostbyname(const char *name) > { >- if (nwrap_files_gethostbyname(name, AF_UNSPEC, &user_he, &user_addrlist) == -1) { >- return NULL; >+ size_t i; >+ struct hostent *he = NULL; >+ >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ he = b->ops->nw_gethostbyname(b, name); >+ if (he != NULL) { >+ return he; >+ } > } >- return &user_he; >+ >+ return NULL; > } > > struct hostent *gethostbyname(const char *name) >@@ -5164,12 +5551,37 @@ static __thread struct nwrap_vector user_addrlist2; > static struct hostent user_he2; > static struct nwrap_vector user_addrlist2; > #endif /* BSD */ >+ >+static struct hostent *nwrap_files_gethostbyname2(struct nwrap_backend *b, >+ const char *name, int af) >+{ >+ int ret; >+ >+ (void) b; /* unused */ >+ >+ ret = nwrap_files_internal_gethostbyname(name, af, &user_he2, >+ &user_addrlist2); >+ if (ret == 0) { >+ return &user_he2; >+ } >+ >+ return NULL; >+} >+ > static struct hostent *nwrap_gethostbyname2(const char *name, int af) > { >- if (nwrap_files_gethostbyname(name, af, &user_he2, &user_addrlist2) == -1) { >- return NULL; >+ size_t i; >+ struct hostent *he = NULL; >+ >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ he = b->ops->nw_gethostbyname2(b, name, af); >+ if (he != NULL) { >+ return he; >+ } > } >- return &user_he2; >+ >+ return NULL; > } > > struct hostent *gethostbyname2(const char *name, int af) >@@ -5185,7 +5597,18 @@ struct hostent *gethostbyname2(const char *name, int af) > static struct hostent *nwrap_gethostbyaddr(const void *addr, > socklen_t len, int type) > { >- return nwrap_files_gethostbyaddr(addr, len, type); >+ size_t i; >+ struct hostent *he = NULL; >+ >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ he = b->ops->nw_gethostbyaddr(b, addr, len, type); >+ if (he != NULL) { >+ return he; >+ } >+ } >+ >+ return NULL; > } > > struct hostent *gethostbyaddr(const void *addr, >@@ -5531,6 +5954,7 @@ static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen, > socklen_t addrlen; > uint16_t port; > sa_family_t type; >+ size_t i; > > if (sa == NULL || salen < sizeof(sa_family_t)) { > return EAI_FAMILY; >@@ -5585,7 +6009,13 @@ static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen, > if (host != NULL) { > he = NULL; > if ((flags & NI_NUMERICHOST) == 0) { >- he = nwrap_files_gethostbyaddr(addr, addrlen, type); >+ for (i=0; i < nwrap_main_global->num_backends; i++) { >+ struct nwrap_backend *b = &nwrap_main_global->backends[i]; >+ he = b->ops->nw_gethostbyaddr(b, addr, addrlen, type); >+ if (he != NULL) { >+ break; >+ } >+ } > if ((flags & NI_NAMEREQD) && (he == NULL || he->h_name == NULL)) > return EAI_NONAME; > } >@@ -5698,7 +6128,7 @@ void nwrap_constructor(void) > */ > void nwrap_destructor(void) > { >- int i; >+ size_t i; > > NWRAP_LOCK_ALL; > if (nwrap_main_global != NULL) { >diff --git a/third_party/nss_wrapper/wscript b/third_party/nss_wrapper/wscript >index dd83083b2e7..1f6e705ee07 100644 >--- a/third_party/nss_wrapper/wscript >+++ b/third_party/nss_wrapper/wscript >@@ -2,7 +2,7 @@ > > import os > >-VERSION="1.1.7" >+VERSION="1.1.10" > > def configure(conf): > if conf.CHECK_NSS_WRAPPER(): >@@ -28,6 +28,7 @@ def configure(conf): > msg='Checking for printf format validation support') > > conf.CHECK_FUNCS('gethostbyaddr_r gethostbyname_r') >+ conf.CHECK_FUNCS('gethostbyname2 gethostbyname2_r') > # Solaris > conf.CHECK_FUNCS('__posix_getpwnam_r __posix_getpwuid_r') > conf.CHECK_FUNCS('__posix_getgrgid_r __posix_getgrnam_r') >-- >2.25.1 > > >From e8fd17d4285019b8fd7ed48c82e52dd49101ce4c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 19 Mar 2020 10:23:02 +0100 >Subject: [PATCH 007/380] gitlab-ci: Remove Fedora 29 which is already EOL > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 087566641e32821ea3cae0d23bd70a5602581b53) >--- > .gitlab-ci.yml | 7 +- > bootstrap/.gitlab-ci.yml | 3 - > bootstrap/config.py | 9 -- > bootstrap/generated-dists/Vagrantfile | 7 -- > bootstrap/generated-dists/fedora29/Dockerfile | 27 ----- > .../generated-dists/fedora29/bootstrap.sh | 108 ------------------ > bootstrap/generated-dists/fedora29/locale.sh | 55 --------- > .../generated-dists/fedora29/packages.yml | 95 --------------- > bootstrap/sha1sum.txt | 2 +- > 9 files changed, 2 insertions(+), 311 deletions(-) > delete mode 100644 bootstrap/generated-dists/fedora29/Dockerfile > delete mode 100755 bootstrap/generated-dists/fedora29/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/fedora29/locale.sh > delete mode 100644 bootstrap/generated-dists/fedora29/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index 8becacb8d4e..1d89dda5045 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 6bb2eeaf8203467d9a93a722071b0f081027410e >+ SAMBA_CI_CONTAINER_TAG: 2366db8ea66e6a07f36b77c0f3152a06e7056adc > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -39,7 +39,6 @@ variables: > SAMBA_CI_CONTAINER_IMAGE_debian10: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_opensuse151: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG} >- SAMBA_CI_CONTAINER_IMAGE_fedora29: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora29:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_fedora30: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora30:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_fedora31: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora31:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_centos7: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG} >@@ -303,10 +302,6 @@ centos8-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_centos8 > >-fedora29-samba-o3: >- extends: .samba-o3-template >- image: $SAMBA_CI_CONTAINER_IMAGE_fedora29 >- > fedora30-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_fedora30 >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index ecd9f4d4223..c4c8599ef3d 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -102,9 +102,6 @@ fedora31: > fedora30: > extends: .build_image_template > >-fedora29: >- extends: .build_image_template >- > centos8: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index ff9bb150672..36a19a1e6cf 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -453,15 +453,6 @@ RPM_DISTS = { > 'liburing-devel': '', # not available yet, Add me back, once available! > } > }, >- 'fedora29': { >- 'docker_image': 'fedora:29', >- 'vagrant_box': 'fedora/29-cloud-base', >- 'bootstrap': DNF_BOOTSTRAP, >- 'replace': { >- 'lsb-release': 'redhat-lsb', >- 'liburing-devel': '', # not available >- } >- }, > 'fedora30': { > 'docker_image': 'fedora:30', > 'vagrant_box': 'fedora/30-cloud-base', >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 47c58d5a87b..2daf1dde552 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -31,13 +31,6 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "debian10/locale.sh" > end > >- config.vm.define "fedora29" do |v| >- v.vm.box = "fedora/29-cloud-base" >- v.vm.hostname = "fedora29" >- v.vm.provision :shell, path: "fedora29/bootstrap.sh" >- v.vm.provision :shell, path: "fedora29/locale.sh" >- end >- > config.vm.define "fedora30" do |v| > v.vm.box = "fedora/30-cloud-base" > v.vm.hostname = "fedora30" >diff --git a/bootstrap/generated-dists/fedora29/Dockerfile b/bootstrap/generated-dists/fedora29/Dockerfile >deleted file mode 100644 >index 268c79da161..00000000000 >--- a/bootstrap/generated-dists/fedora29/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM fedora:29 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora29/bootstrap.sh b/bootstrap/generated-dists/fedora29/bootstrap.sh >deleted file mode 100755 >index effe2a9d214..00000000000 >--- a/bootstrap/generated-dists/fedora29/bootstrap.sh >+++ /dev/null >@@ -1,108 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-dnf update -y >- >-dnf install -y \ >- --setopt=install_weak_deps=False \ >- @development-tools \ >- acl \ >- attr \ >- autoconf \ >- avahi-devel \ >- bind-utils \ >- binutils \ >- bison \ >- chrpath \ >- cups-devel \ >- curl \ >- dbus-devel \ >- docbook-dtds \ >- docbook-style-xsl \ >- flex \ >- gawk \ >- gcc \ >- gdb \ >- git \ >- glib2-devel \ >- glibc-common \ >- glibc-langpack-en \ >- glusterfs-api-devel \ >- glusterfs-devel \ >- gnutls-devel \ >- gpgme-devel \ >- gzip \ >- hostname \ >- htop \ >- jansson-devel \ >- keyutils-libs-devel \ >- krb5-devel \ >- krb5-server \ >- lcov \ >- libacl-devel \ >- libarchive-devel \ >- libattr-devel \ >- libblkid-devel \ >- libbsd-devel \ >- libcap-devel \ >- libcephfs-devel \ >- libicu-devel \ >- libnsl2-devel \ >- libpcap-devel \ >- libsemanage-python \ >- libtasn1-devel \ >- libtasn1-tools \ >- libtirpc-devel \ >- libunwind-devel \ >- libuuid-devel \ >- libxslt \ >- lmdb \ >- lmdb-devel \ >- make \ >- mingw64-gcc \ >- ncurses-devel \ >- openldap-devel \ >- pam-devel \ >- patch \ >- perl \ >- perl-Archive-Tar \ >- perl-ExtUtils-MakeMaker \ >- perl-JSON-Parse \ >- perl-Parse-Yapp \ >- perl-Test-Base \ >- perl-generators \ >- perl-interpreter \ >- pkgconfig \ >- policycoreutils-python \ >- popt-devel \ >- procps-ng \ >- psmisc \ >- python3 \ >- python3-devel \ >- python3-dns \ >- python3-gpg \ >- python3-markdown \ >- quota-devel \ >- readline-devel \ >- redhat-lsb \ >- rng-tools \ >- rpcgen \ >- rpcsvc-proto-devel \ >- rsync \ >- sed \ >- sudo \ >- systemd-devel \ >- tar \ >- tree \ >- which \ >- xfsprogs-devel \ >- yum-utils \ >- zlib-devel >- >-dnf clean all >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora29/locale.sh b/bootstrap/generated-dists/fedora29/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/fedora29/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora29/packages.yml b/bootstrap/generated-dists/fedora29/packages.yml >deleted file mode 100644 >index 3b767f8ba08..00000000000 >--- a/bootstrap/generated-dists/fedora29/packages.yml >+++ /dev/null >@@ -1,95 +0,0 @@ >---- >-packages: >- - @development-tools >- - acl >- - attr >- - autoconf >- - avahi-devel >- - bind-utils >- - binutils >- - bison >- - chrpath >- - cups-devel >- - curl >- - dbus-devel >- - docbook-dtds >- - docbook-style-xsl >- - flex >- - gawk >- - gcc >- - gdb >- - git >- - glib2-devel >- - glibc-common >- - glibc-langpack-en >- - glusterfs-api-devel >- - glusterfs-devel >- - gnutls-devel >- - gpgme-devel >- - gzip >- - hostname >- - htop >- - jansson-devel >- - keyutils-libs-devel >- - krb5-devel >- - krb5-server >- - lcov >- - libacl-devel >- - libarchive-devel >- - libattr-devel >- - libblkid-devel >- - libbsd-devel >- - libcap-devel >- - libcephfs-devel >- - libicu-devel >- - libnsl2-devel >- - libpcap-devel >- - libsemanage-python >- - libtasn1-devel >- - libtasn1-tools >- - libtirpc-devel >- - libunwind-devel >- - libuuid-devel >- - libxslt >- - lmdb >- - lmdb-devel >- - make >- - mingw64-gcc >- - ncurses-devel >- - openldap-devel >- - pam-devel >- - patch >- - perl >- - perl-Archive-Tar >- - perl-ExtUtils-MakeMaker >- - perl-JSON-Parse >- - perl-Parse-Yapp >- - perl-Test-Base >- - perl-generators >- - perl-interpreter >- - pkgconfig >- - policycoreutils-python >- - popt-devel >- - procps-ng >- - psmisc >- - python3 >- - python3-devel >- - python3-dns >- - python3-gpg >- - python3-markdown >- - quota-devel >- - readline-devel >- - redhat-lsb >- - rng-tools >- - rpcgen >- - rpcsvc-proto-devel >- - rsync >- - sed >- - sudo >- - systemd-devel >- - tar >- - tree >- - which >- - xfsprogs-devel >- - yum-utils >- - zlib-devel >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 1c9d01d5e7d..39f2633892e 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-6bb2eeaf8203467d9a93a722071b0f081027410e >+2366db8ea66e6a07f36b77c0f3152a06e7056adc >-- >2.25.1 > > >From 5ea7f8cc213d10116331189c47e8ade83753d43d Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 19 Mar 2020 10:28:23 +0100 >Subject: [PATCH 008/380] gitlab-ci: Remove Fedora 30 > >It is pretty similar to Fedora 31, so remove it safe some CI resources. >We will add Fedora 32 next. > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ef08b30380093726297529d20b087e64caa58572) >--- > .gitlab-ci.yml | 7 +- > bootstrap/.gitlab-ci.yml | 3 - > bootstrap/config.py | 9 -- > bootstrap/generated-dists/Vagrantfile | 7 -- > bootstrap/generated-dists/fedora30/Dockerfile | 27 ----- > .../generated-dists/fedora30/bootstrap.sh | 108 ------------------ > bootstrap/generated-dists/fedora30/locale.sh | 55 --------- > .../generated-dists/fedora30/packages.yml | 95 --------------- > bootstrap/sha1sum.txt | 2 +- > 9 files changed, 2 insertions(+), 311 deletions(-) > delete mode 100644 bootstrap/generated-dists/fedora30/Dockerfile > delete mode 100755 bootstrap/generated-dists/fedora30/bootstrap.sh > delete mode 100755 bootstrap/generated-dists/fedora30/locale.sh > delete mode 100644 bootstrap/generated-dists/fedora30/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index 1d89dda5045..a8e1099be11 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 2366db8ea66e6a07f36b77c0f3152a06e7056adc >+ SAMBA_CI_CONTAINER_TAG: 9f95136e88779ec8eed6c18614b1e0779ef2bfec > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -39,7 +39,6 @@ variables: > SAMBA_CI_CONTAINER_IMAGE_debian10: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_opensuse151: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG} >- SAMBA_CI_CONTAINER_IMAGE_fedora30: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora30:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_fedora31: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora31:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_centos7: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_centos8: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos8:${SAMBA_CI_CONTAINER_TAG} >@@ -302,10 +301,6 @@ centos8-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_centos8 > >-fedora30-samba-o3: >- extends: .samba-o3-template >- image: $SAMBA_CI_CONTAINER_IMAGE_fedora30 >- > fedora31-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_fedora31 >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index c4c8599ef3d..89c1453a34c 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -99,9 +99,6 @@ debian10: > fedora31: > extends: .build_image_template > >-fedora30: >- extends: .build_image_template >- > centos8: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 36a19a1e6cf..6d4d662d563 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -453,15 +453,6 @@ RPM_DISTS = { > 'liburing-devel': '', # not available yet, Add me back, once available! > } > }, >- 'fedora30': { >- 'docker_image': 'fedora:30', >- 'vagrant_box': 'fedora/30-cloud-base', >- 'bootstrap': DNF_BOOTSTRAP, >- 'replace': { >- 'lsb-release': 'redhat-lsb', >- 'liburing-devel': '', # not available >- } >- }, > 'fedora31': { > 'docker_image': 'fedora:31', > 'vagrant_box': 'fedora/31-cloud-base', >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 2daf1dde552..770e364c70b 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -31,13 +31,6 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "debian10/locale.sh" > end > >- config.vm.define "fedora30" do |v| >- v.vm.box = "fedora/30-cloud-base" >- v.vm.hostname = "fedora30" >- v.vm.provision :shell, path: "fedora30/bootstrap.sh" >- v.vm.provision :shell, path: "fedora30/locale.sh" >- end >- > config.vm.define "fedora31" do |v| > v.vm.box = "fedora/31-cloud-base" > v.vm.hostname = "fedora31" >diff --git a/bootstrap/generated-dists/fedora30/Dockerfile b/bootstrap/generated-dists/fedora30/Dockerfile >deleted file mode 100644 >index f2a2c3546f0..00000000000 >--- a/bootstrap/generated-dists/fedora30/Dockerfile >+++ /dev/null >@@ -1,27 +0,0 @@ >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-FROM fedora:30 >- >-# pass in with --build-arg while build >-ARG SHA1SUM >-RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >- >-ADD *.sh /tmp/ >-# need root permission, do it before USER samba >-RUN /tmp/bootstrap.sh && /tmp/locale.sh >- >-# if ld.gold exists, force link it to ld >-RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >- >-# make test can not work with root, so we have to create a new user >-RUN useradd -m -U -s /bin/bash samba && \ >- mkdir -p /etc/sudoers.d && \ >- echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >- >-USER samba >-WORKDIR /home/samba >-# samba tests rely on this >-ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora30/bootstrap.sh b/bootstrap/generated-dists/fedora30/bootstrap.sh >deleted file mode 100755 >index effe2a9d214..00000000000 >--- a/bootstrap/generated-dists/fedora30/bootstrap.sh >+++ /dev/null >@@ -1,108 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-dnf update -y >- >-dnf install -y \ >- --setopt=install_weak_deps=False \ >- @development-tools \ >- acl \ >- attr \ >- autoconf \ >- avahi-devel \ >- bind-utils \ >- binutils \ >- bison \ >- chrpath \ >- cups-devel \ >- curl \ >- dbus-devel \ >- docbook-dtds \ >- docbook-style-xsl \ >- flex \ >- gawk \ >- gcc \ >- gdb \ >- git \ >- glib2-devel \ >- glibc-common \ >- glibc-langpack-en \ >- glusterfs-api-devel \ >- glusterfs-devel \ >- gnutls-devel \ >- gpgme-devel \ >- gzip \ >- hostname \ >- htop \ >- jansson-devel \ >- keyutils-libs-devel \ >- krb5-devel \ >- krb5-server \ >- lcov \ >- libacl-devel \ >- libarchive-devel \ >- libattr-devel \ >- libblkid-devel \ >- libbsd-devel \ >- libcap-devel \ >- libcephfs-devel \ >- libicu-devel \ >- libnsl2-devel \ >- libpcap-devel \ >- libsemanage-python \ >- libtasn1-devel \ >- libtasn1-tools \ >- libtirpc-devel \ >- libunwind-devel \ >- libuuid-devel \ >- libxslt \ >- lmdb \ >- lmdb-devel \ >- make \ >- mingw64-gcc \ >- ncurses-devel \ >- openldap-devel \ >- pam-devel \ >- patch \ >- perl \ >- perl-Archive-Tar \ >- perl-ExtUtils-MakeMaker \ >- perl-JSON-Parse \ >- perl-Parse-Yapp \ >- perl-Test-Base \ >- perl-generators \ >- perl-interpreter \ >- pkgconfig \ >- policycoreutils-python \ >- popt-devel \ >- procps-ng \ >- psmisc \ >- python3 \ >- python3-devel \ >- python3-dns \ >- python3-gpg \ >- python3-markdown \ >- quota-devel \ >- readline-devel \ >- redhat-lsb \ >- rng-tools \ >- rpcgen \ >- rpcsvc-proto-devel \ >- rsync \ >- sed \ >- sudo \ >- systemd-devel \ >- tar \ >- tree \ >- which \ >- xfsprogs-devel \ >- yum-utils \ >- zlib-devel >- >-dnf clean all >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora30/locale.sh b/bootstrap/generated-dists/fedora30/locale.sh >deleted file mode 100755 >index cc64e180483..00000000000 >--- a/bootstrap/generated-dists/fedora30/locale.sh >+++ /dev/null >@@ -1,55 +0,0 @@ >-#!/bin/bash >- >-# >-# This file is generated by 'bootstrap/template.py --render' >-# See also bootstrap/config.py >-# >- >-set -xueo pipefail >- >-# refer to /usr/share/i18n/locales >-INPUTFILE=en_US >-# refer to /usr/share/i18n/charmaps >-CHARMAP=UTF-8 >-# locale to generate in /usr/lib/locale >-# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >-LOCALE=$INPUTFILE.utf8 >- >-# if locale is already correct, exit >-( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >- >-# if locale not available, generate locale into /usr/lib/locale >-if ! ( locale --all-locales | grep -i $LOCALE ) >-then >- # no-archive means create its own dir >- localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >-fi >- >-# update locale conf and global env file >-# set both LC_ALL and LANG for safe >- >-# update conf for Debian family >-FILE=/etc/default/locale >-if [ -f $FILE ] >-then >- echo LC_ALL="$LOCALE" > $FILE >- echo LANG="$LOCALE" >> $FILE >-fi >- >-# update conf for RedHat family >-FILE=/etc/locale.conf >-if [ -f $FILE ] >-then >- # LC_ALL is not valid in this file, set LANG only >- echo LANG="$LOCALE" > $FILE >-fi >- >-# update global env file >-FILE=/etc/environment >-if [ -f $FILE ] >-then >- # append LC_ALL if not exist >- grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >- # append LANG if not exist >- grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >-fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora30/packages.yml b/bootstrap/generated-dists/fedora30/packages.yml >deleted file mode 100644 >index 3b767f8ba08..00000000000 >--- a/bootstrap/generated-dists/fedora30/packages.yml >+++ /dev/null >@@ -1,95 +0,0 @@ >---- >-packages: >- - @development-tools >- - acl >- - attr >- - autoconf >- - avahi-devel >- - bind-utils >- - binutils >- - bison >- - chrpath >- - cups-devel >- - curl >- - dbus-devel >- - docbook-dtds >- - docbook-style-xsl >- - flex >- - gawk >- - gcc >- - gdb >- - git >- - glib2-devel >- - glibc-common >- - glibc-langpack-en >- - glusterfs-api-devel >- - glusterfs-devel >- - gnutls-devel >- - gpgme-devel >- - gzip >- - hostname >- - htop >- - jansson-devel >- - keyutils-libs-devel >- - krb5-devel >- - krb5-server >- - lcov >- - libacl-devel >- - libarchive-devel >- - libattr-devel >- - libblkid-devel >- - libbsd-devel >- - libcap-devel >- - libcephfs-devel >- - libicu-devel >- - libnsl2-devel >- - libpcap-devel >- - libsemanage-python >- - libtasn1-devel >- - libtasn1-tools >- - libtirpc-devel >- - libunwind-devel >- - libuuid-devel >- - libxslt >- - lmdb >- - lmdb-devel >- - make >- - mingw64-gcc >- - ncurses-devel >- - openldap-devel >- - pam-devel >- - patch >- - perl >- - perl-Archive-Tar >- - perl-ExtUtils-MakeMaker >- - perl-JSON-Parse >- - perl-Parse-Yapp >- - perl-Test-Base >- - perl-generators >- - perl-interpreter >- - pkgconfig >- - policycoreutils-python >- - popt-devel >- - procps-ng >- - psmisc >- - python3 >- - python3-devel >- - python3-dns >- - python3-gpg >- - python3-markdown >- - quota-devel >- - readline-devel >- - redhat-lsb >- - rng-tools >- - rpcgen >- - rpcsvc-proto-devel >- - rsync >- - sed >- - sudo >- - systemd-devel >- - tar >- - tree >- - which >- - xfsprogs-devel >- - yum-utils >- - zlib-devel >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 39f2633892e..ef012315ce1 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-2366db8ea66e6a07f36b77c0f3152a06e7056adc >+9f95136e88779ec8eed6c18614b1e0779ef2bfec >-- >2.25.1 > > >From 4920e3348df9d2f953289e7e0ddf26d5617fed3b Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 19 Mar 2020 10:32:17 +0100 >Subject: [PATCH 009/380] gitlab-ci: Add Fedora 32 (Beta) > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Fri Mar 20 15:19:50 UTC 2020 on sn-devel-184 > >(cherry picked from commit bce99f59332ffd4d817be457ff4b39743e724319) >--- > .gitlab-ci.yml | 7 +- > bootstrap/.gitlab-ci.yml | 3 + > bootstrap/config.py | 10 ++ > bootstrap/generated-dists/Vagrantfile | 7 ++ > bootstrap/generated-dists/fedora32/Dockerfile | 27 +++++ > .../generated-dists/fedora32/bootstrap.sh | 109 ++++++++++++++++++ > bootstrap/generated-dists/fedora32/locale.sh | 55 +++++++++ > .../generated-dists/fedora32/packages.yml | 96 +++++++++++++++ > bootstrap/sha1sum.txt | 2 +- > 9 files changed, 314 insertions(+), 2 deletions(-) > create mode 100644 bootstrap/generated-dists/fedora32/Dockerfile > create mode 100755 bootstrap/generated-dists/fedora32/bootstrap.sh > create mode 100755 bootstrap/generated-dists/fedora32/locale.sh > create mode 100644 bootstrap/generated-dists/fedora32/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index a8e1099be11..bf05c3cd792 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 9f95136e88779ec8eed6c18614b1e0779ef2bfec >+ SAMBA_CI_CONTAINER_TAG: 9061307e79ad13733c69352a965eeb4f44bef4b7 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -40,6 +40,7 @@ variables: > SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_opensuse151: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_fedora31: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora31:${SAMBA_CI_CONTAINER_TAG} >+ SAMBA_CI_CONTAINER_IMAGE_fedora32: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora32:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_centos7: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_centos8: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos8:${SAMBA_CI_CONTAINER_TAG} > >@@ -305,6 +306,10 @@ fedora31-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_fedora31 > >+fedora32-samba-o3: >+ extends: .samba-o3-template >+ image: $SAMBA_CI_CONTAINER_IMAGE_fedora32 >+ > # > # Keep the samba-o3 sections at the end ... > # >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index 89c1453a34c..8427dbdc314 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -99,6 +99,9 @@ debian10: > fedora31: > extends: .build_image_template > >+fedora32: >+ extends: .build_image_template >+ > centos8: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 6d4d662d563..093b84676f0 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -463,6 +463,16 @@ RPM_DISTS = { > 'policycoreutils-python': 'python3-policycoreutils', > } > }, >+ 'fedora32': { >+ 'docker_image': 'fedora:32', >+ 'vagrant_box': 'fedora/32-cloud-base', >+ 'bootstrap': DNF_BOOTSTRAP, >+ 'replace': { >+ 'lsb-release': 'redhat-lsb', >+ 'libsemanage-python': 'python3-libsemanage', >+ 'policycoreutils-python': 'python3-policycoreutils', >+ } >+ }, > 'opensuse150': { > 'docker_image': 'opensuse/leap:15.0', > 'vagrant_box': 'opensuse/openSUSE-15.0-x86_64', >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 770e364c70b..15fc686f584 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -38,6 +38,13 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "fedora31/locale.sh" > end > >+ config.vm.define "fedora32" do |v| >+ v.vm.box = "fedora/32-cloud-base" >+ v.vm.hostname = "fedora32" >+ v.vm.provision :shell, path: "fedora32/bootstrap.sh" >+ v.vm.provision :shell, path: "fedora32/locale.sh" >+ end >+ > config.vm.define "opensuse150" do |v| > v.vm.box = "opensuse/openSUSE-15.0-x86_64" > v.vm.hostname = "opensuse150" >diff --git a/bootstrap/generated-dists/fedora32/Dockerfile b/bootstrap/generated-dists/fedora32/Dockerfile >new file mode 100644 >index 00000000000..d8a75cf8445 >--- /dev/null >+++ b/bootstrap/generated-dists/fedora32/Dockerfile >@@ -0,0 +1,27 @@ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+FROM fedora:32 >+ >+# pass in with --build-arg while build >+ARG SHA1SUM >+RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >+ >+ADD *.sh /tmp/ >+# need root permission, do it before USER samba >+RUN /tmp/bootstrap.sh && /tmp/locale.sh >+ >+# if ld.gold exists, force link it to ld >+RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >+ >+# make test can not work with root, so we have to create a new user >+RUN useradd -m -U -s /bin/bash samba && \ >+ mkdir -p /etc/sudoers.d && \ >+ echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >+ >+USER samba >+WORKDIR /home/samba >+# samba tests rely on this >+ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora32/bootstrap.sh b/bootstrap/generated-dists/fedora32/bootstrap.sh >new file mode 100755 >index 00000000000..18c58092eff >--- /dev/null >+++ b/bootstrap/generated-dists/fedora32/bootstrap.sh >@@ -0,0 +1,109 @@ >+#!/bin/bash >+ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+set -xueo pipefail >+ >+dnf update -y >+ >+dnf install -y \ >+ --setopt=install_weak_deps=False \ >+ @development-tools \ >+ acl \ >+ attr \ >+ autoconf \ >+ avahi-devel \ >+ bind-utils \ >+ binutils \ >+ bison \ >+ chrpath \ >+ cups-devel \ >+ curl \ >+ dbus-devel \ >+ docbook-dtds \ >+ docbook-style-xsl \ >+ flex \ >+ gawk \ >+ gcc \ >+ gdb \ >+ git \ >+ glib2-devel \ >+ glibc-common \ >+ glibc-langpack-en \ >+ glusterfs-api-devel \ >+ glusterfs-devel \ >+ gnutls-devel \ >+ gpgme-devel \ >+ gzip \ >+ hostname \ >+ htop \ >+ jansson-devel \ >+ keyutils-libs-devel \ >+ krb5-devel \ >+ krb5-server \ >+ lcov \ >+ libacl-devel \ >+ libarchive-devel \ >+ libattr-devel \ >+ libblkid-devel \ >+ libbsd-devel \ >+ libcap-devel \ >+ libcephfs-devel \ >+ libicu-devel \ >+ libnsl2-devel \ >+ libpcap-devel \ >+ libtasn1-devel \ >+ libtasn1-tools \ >+ libtirpc-devel \ >+ libunwind-devel \ >+ liburing-devel \ >+ libuuid-devel \ >+ libxslt \ >+ lmdb \ >+ lmdb-devel \ >+ make \ >+ mingw64-gcc \ >+ ncurses-devel \ >+ openldap-devel \ >+ pam-devel \ >+ patch \ >+ perl \ >+ perl-Archive-Tar \ >+ perl-ExtUtils-MakeMaker \ >+ perl-JSON-Parse \ >+ perl-Parse-Yapp \ >+ perl-Test-Base \ >+ perl-generators \ >+ perl-interpreter \ >+ pkgconfig \ >+ popt-devel \ >+ procps-ng \ >+ psmisc \ >+ python3 \ >+ python3-devel \ >+ python3-dns \ >+ python3-gpg \ >+ python3-libsemanage \ >+ python3-markdown \ >+ python3-policycoreutils \ >+ quota-devel \ >+ readline-devel \ >+ redhat-lsb \ >+ rng-tools \ >+ rpcgen \ >+ rpcsvc-proto-devel \ >+ rsync \ >+ sed \ >+ sudo \ >+ systemd-devel \ >+ tar \ >+ tree \ >+ which \ >+ xfsprogs-devel \ >+ yum-utils \ >+ zlib-devel >+ >+dnf clean all >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora32/locale.sh b/bootstrap/generated-dists/fedora32/locale.sh >new file mode 100755 >index 00000000000..cc64e180483 >--- /dev/null >+++ b/bootstrap/generated-dists/fedora32/locale.sh >@@ -0,0 +1,55 @@ >+#!/bin/bash >+ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+set -xueo pipefail >+ >+# refer to /usr/share/i18n/locales >+INPUTFILE=en_US >+# refer to /usr/share/i18n/charmaps >+CHARMAP=UTF-8 >+# locale to generate in /usr/lib/locale >+# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >+LOCALE=$INPUTFILE.utf8 >+ >+# if locale is already correct, exit >+( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >+ >+# if locale not available, generate locale into /usr/lib/locale >+if ! ( locale --all-locales | grep -i $LOCALE ) >+then >+ # no-archive means create its own dir >+ localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >+fi >+ >+# update locale conf and global env file >+# set both LC_ALL and LANG for safe >+ >+# update conf for Debian family >+FILE=/etc/default/locale >+if [ -f $FILE ] >+then >+ echo LC_ALL="$LOCALE" > $FILE >+ echo LANG="$LOCALE" >> $FILE >+fi >+ >+# update conf for RedHat family >+FILE=/etc/locale.conf >+if [ -f $FILE ] >+then >+ # LC_ALL is not valid in this file, set LANG only >+ echo LANG="$LOCALE" > $FILE >+fi >+ >+# update global env file >+FILE=/etc/environment >+if [ -f $FILE ] >+then >+ # append LC_ALL if not exist >+ grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >+ # append LANG if not exist >+ grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >+fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/fedora32/packages.yml b/bootstrap/generated-dists/fedora32/packages.yml >new file mode 100644 >index 00000000000..3165af8dd82 >--- /dev/null >+++ b/bootstrap/generated-dists/fedora32/packages.yml >@@ -0,0 +1,96 @@ >+--- >+packages: >+ - @development-tools >+ - acl >+ - attr >+ - autoconf >+ - avahi-devel >+ - bind-utils >+ - binutils >+ - bison >+ - chrpath >+ - cups-devel >+ - curl >+ - dbus-devel >+ - docbook-dtds >+ - docbook-style-xsl >+ - flex >+ - gawk >+ - gcc >+ - gdb >+ - git >+ - glib2-devel >+ - glibc-common >+ - glibc-langpack-en >+ - glusterfs-api-devel >+ - glusterfs-devel >+ - gnutls-devel >+ - gpgme-devel >+ - gzip >+ - hostname >+ - htop >+ - jansson-devel >+ - keyutils-libs-devel >+ - krb5-devel >+ - krb5-server >+ - lcov >+ - libacl-devel >+ - libarchive-devel >+ - libattr-devel >+ - libblkid-devel >+ - libbsd-devel >+ - libcap-devel >+ - libcephfs-devel >+ - libicu-devel >+ - libnsl2-devel >+ - libpcap-devel >+ - libtasn1-devel >+ - libtasn1-tools >+ - libtirpc-devel >+ - libunwind-devel >+ - liburing-devel >+ - libuuid-devel >+ - libxslt >+ - lmdb >+ - lmdb-devel >+ - make >+ - mingw64-gcc >+ - ncurses-devel >+ - openldap-devel >+ - pam-devel >+ - patch >+ - perl >+ - perl-Archive-Tar >+ - perl-ExtUtils-MakeMaker >+ - perl-JSON-Parse >+ - perl-Parse-Yapp >+ - perl-Test-Base >+ - perl-generators >+ - perl-interpreter >+ - pkgconfig >+ - popt-devel >+ - procps-ng >+ - psmisc >+ - python3 >+ - python3-devel >+ - python3-dns >+ - python3-gpg >+ - python3-libsemanage >+ - python3-markdown >+ - python3-policycoreutils >+ - quota-devel >+ - readline-devel >+ - redhat-lsb >+ - rng-tools >+ - rpcgen >+ - rpcsvc-proto-devel >+ - rsync >+ - sed >+ - sudo >+ - systemd-devel >+ - tar >+ - tree >+ - which >+ - xfsprogs-devel >+ - yum-utils >+ - zlib-devel >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index ef012315ce1..df1b85b9f21 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-9f95136e88779ec8eed6c18614b1e0779ef2bfec >+9061307e79ad13733c69352a965eeb4f44bef4b7 >-- >2.25.1 > > >From a7e297dbc631afdfcfe0082d9bb7318dbc0ba212 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 25 Mar 2020 22:17:46 +0100 >Subject: [PATCH 010/380] bootstrap: add ubuntu2004 Ubuntu Focal Fossa > (development branch) > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 53402b353007893f3851afbf574c2a67f9f6a44b) >--- > .gitlab-ci.yml | 9 +- > bootstrap/.gitlab-ci.yml | 3 + > bootstrap/config.py | 7 ++ > bootstrap/generated-dists/Vagrantfile | 7 ++ > .../generated-dists/ubuntu2004/Dockerfile | 27 +++++ > .../generated-dists/ubuntu2004/bootstrap.sh | 106 ++++++++++++++++++ > .../generated-dists/ubuntu2004/locale.sh | 55 +++++++++ > .../generated-dists/ubuntu2004/packages.yml | 91 +++++++++++++++ > bootstrap/sha1sum.txt | 2 +- > 9 files changed, 304 insertions(+), 3 deletions(-) > create mode 100644 bootstrap/generated-dists/ubuntu2004/Dockerfile > create mode 100755 bootstrap/generated-dists/ubuntu2004/bootstrap.sh > create mode 100755 bootstrap/generated-dists/ubuntu2004/locale.sh > create mode 100644 bootstrap/generated-dists/ubuntu2004/packages.yml > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index bf05c3cd792..efb9fe87d17 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 9061307e79ad13733c69352a965eeb4f44bef4b7 >+ SAMBA_CI_CONTAINER_TAG: f5212e7abcae3208b796c939432ab9bec319264a > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -33,8 +33,9 @@ variables: > # Please see the samba-o3 sections at the end of this file! > # We should run that for each available image > # >- SAMBA_CI_CONTAINER_IMAGE_ubuntu1804: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1804:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_ubuntu1604: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG} >+ SAMBA_CI_CONTAINER_IMAGE_ubuntu1804: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1804:${SAMBA_CI_CONTAINER_TAG} >+ SAMBA_CI_CONTAINER_IMAGE_ubuntu2004: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu2004:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_debian9: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian9:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_debian10: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG} > SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG} >@@ -277,6 +278,10 @@ ubuntu1804-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu1804 > >+.ubuntu2004-samba-o3: >+ extends: .samba-o3-template >+ image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu2004 >+ > debian10-samba-o3: > extends: .samba-o3-template > image: $SAMBA_CI_CONTAINER_IMAGE_debian10 >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index 8427dbdc314..d6cf02109fd 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -93,6 +93,9 @@ ubuntu1604: > ubuntu1804: > extends: .build_image_template > >+ubuntu2004: >+ extends: .build_image_template >+ > debian10: > extends: .build_image_template > >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 093b84676f0..b862053b915 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -400,6 +400,13 @@ DEB_DISTS = { > 'liburing-dev': '', # not available > } > }, >+ 'ubuntu2004': { >+ 'docker_image': 'ubuntu:20.04', >+ 'vagrant_box': 'ubuntu/focal64', >+ 'replace': { >+ 'liburing-dev': '', # not available >+ } >+ }, > } > > >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 15fc686f584..e01c20bc161 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -73,5 +73,12 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "ubuntu1804/locale.sh" > end > >+ config.vm.define "ubuntu2004" do |v| >+ v.vm.box = "ubuntu/focal64" >+ v.vm.hostname = "ubuntu2004" >+ v.vm.provision :shell, path: "ubuntu2004/bootstrap.sh" >+ v.vm.provision :shell, path: "ubuntu2004/locale.sh" >+ end >+ > > end >diff --git a/bootstrap/generated-dists/ubuntu2004/Dockerfile b/bootstrap/generated-dists/ubuntu2004/Dockerfile >new file mode 100644 >index 00000000000..f94e8801aad >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu2004/Dockerfile >@@ -0,0 +1,27 @@ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+FROM ubuntu:20.04 >+ >+# pass in with --build-arg while build >+ARG SHA1SUM >+RUN [ -n $SHA1SUM ] && echo $SHA1SUM > /sha1sum.txt >+ >+ADD *.sh /tmp/ >+# need root permission, do it before USER samba >+RUN /tmp/bootstrap.sh && /tmp/locale.sh >+ >+# if ld.gold exists, force link it to ld >+RUN set -x; LD=$(which ld); LD_GOLD=$(which ld.gold); test -x $LD_GOLD && ln -sf $LD_GOLD $LD && test -x $LD && echo "$LD is now $LD_GOLD" >+ >+# make test can not work with root, so we have to create a new user >+RUN useradd -m -U -s /bin/bash samba && \ >+ mkdir -p /etc/sudoers.d && \ >+ echo "samba ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/samba >+ >+USER samba >+WORKDIR /home/samba >+# samba tests rely on this >+ENV USER=samba LC_ALL=en_US.utf8 LANG=en_US.utf8 >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh >new file mode 100755 >index 00000000000..97d32815d72 >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh >@@ -0,0 +1,106 @@ >+#!/bin/bash >+ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+set -xueo pipefail >+ >+export DEBIAN_FRONTEND=noninteractive >+apt-get -y update >+ >+apt-get -y install \ >+ acl \ >+ apt-utils \ >+ attr \ >+ autoconf \ >+ bind9utils \ >+ binutils \ >+ bison \ >+ build-essential \ >+ chrpath \ >+ curl \ >+ debhelper \ >+ dnsutils \ >+ docbook-xml \ >+ docbook-xsl \ >+ flex \ >+ gcc \ >+ gdb \ >+ git \ >+ glusterfs-common \ >+ gzip \ >+ heimdal-multidev \ >+ hostname \ >+ htop \ >+ krb5-config \ >+ krb5-kdc \ >+ krb5-user \ >+ language-pack-en \ >+ lcov \ >+ libacl1-dev \ >+ libarchive-dev \ >+ libattr1-dev \ >+ libavahi-common-dev \ >+ libblkid-dev \ >+ libbsd-dev \ >+ libcap-dev \ >+ libcephfs-dev \ >+ libcups2-dev \ >+ libdbus-1-dev \ >+ libglib2.0-dev \ >+ libgnutls28-dev \ >+ libgpgme11-dev \ >+ libicu-dev \ >+ libjansson-dev \ >+ libjs-jquery \ >+ libjson-perl \ >+ libkrb5-dev \ >+ libldap2-dev \ >+ liblmdb-dev \ >+ libncurses5-dev \ >+ libpam0g-dev \ >+ libparse-yapp-perl \ >+ libpcap-dev \ >+ libpopt-dev \ >+ libreadline-dev \ >+ libsystemd-dev \ >+ libtasn1-bin \ >+ libtasn1-dev \ >+ libunwind-dev \ >+ lmdb-utils \ >+ locales \ >+ lsb-release \ >+ make \ >+ mawk \ >+ mingw-w64 \ >+ patch \ >+ perl \ >+ perl-modules \ >+ pkg-config \ >+ procps \ >+ psmisc \ >+ python3 \ >+ python3-dbg \ >+ python3-dev \ >+ python3-dnspython \ >+ python3-gpg \ >+ python3-iso8601 \ >+ python3-markdown \ >+ python3-matplotlib \ >+ python3-pexpect \ >+ rng-tools \ >+ rsync \ >+ sed \ >+ sudo \ >+ tar \ >+ tree \ >+ uuid-dev \ >+ xfslibs-dev \ >+ xsltproc \ >+ zlib1g-dev >+ >+apt-get -y autoremove >+apt-get -y autoclean >+apt-get -y clean >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu2004/locale.sh b/bootstrap/generated-dists/ubuntu2004/locale.sh >new file mode 100755 >index 00000000000..cc64e180483 >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu2004/locale.sh >@@ -0,0 +1,55 @@ >+#!/bin/bash >+ >+# >+# This file is generated by 'bootstrap/template.py --render' >+# See also bootstrap/config.py >+# >+ >+set -xueo pipefail >+ >+# refer to /usr/share/i18n/locales >+INPUTFILE=en_US >+# refer to /usr/share/i18n/charmaps >+CHARMAP=UTF-8 >+# locale to generate in /usr/lib/locale >+# glibc/localedef will normalize UTF-8 to utf8, follow the naming style >+LOCALE=$INPUTFILE.utf8 >+ >+# if locale is already correct, exit >+( locale | grep LC_ALL | grep -i $LOCALE ) && exit 0 >+ >+# if locale not available, generate locale into /usr/lib/locale >+if ! ( locale --all-locales | grep -i $LOCALE ) >+then >+ # no-archive means create its own dir >+ localedef --inputfile $INPUTFILE --charmap $CHARMAP --no-archive $LOCALE >+fi >+ >+# update locale conf and global env file >+# set both LC_ALL and LANG for safe >+ >+# update conf for Debian family >+FILE=/etc/default/locale >+if [ -f $FILE ] >+then >+ echo LC_ALL="$LOCALE" > $FILE >+ echo LANG="$LOCALE" >> $FILE >+fi >+ >+# update conf for RedHat family >+FILE=/etc/locale.conf >+if [ -f $FILE ] >+then >+ # LC_ALL is not valid in this file, set LANG only >+ echo LANG="$LOCALE" > $FILE >+fi >+ >+# update global env file >+FILE=/etc/environment >+if [ -f $FILE ] >+then >+ # append LC_ALL if not exist >+ grep LC_ALL $FILE || echo LC_ALL="$LOCALE" >> $FILE >+ # append LANG if not exist >+ grep LANG $FILE || echo LANG="$LOCALE" >> $FILE >+fi >\ No newline at end of file >diff --git a/bootstrap/generated-dists/ubuntu2004/packages.yml b/bootstrap/generated-dists/ubuntu2004/packages.yml >new file mode 100644 >index 00000000000..f45deb2c808 >--- /dev/null >+++ b/bootstrap/generated-dists/ubuntu2004/packages.yml >@@ -0,0 +1,91 @@ >+--- >+packages: >+ - acl >+ - apt-utils >+ - attr >+ - autoconf >+ - bind9utils >+ - binutils >+ - bison >+ - build-essential >+ - chrpath >+ - curl >+ - debhelper >+ - dnsutils >+ - docbook-xml >+ - docbook-xsl >+ - flex >+ - gcc >+ - gdb >+ - git >+ - glusterfs-common >+ - gzip >+ - heimdal-multidev >+ - hostname >+ - htop >+ - krb5-config >+ - krb5-kdc >+ - krb5-user >+ - language-pack-en >+ - lcov >+ - libacl1-dev >+ - libarchive-dev >+ - libattr1-dev >+ - libavahi-common-dev >+ - libblkid-dev >+ - libbsd-dev >+ - libcap-dev >+ - libcephfs-dev >+ - libcups2-dev >+ - libdbus-1-dev >+ - libglib2.0-dev >+ - libgnutls28-dev >+ - libgpgme11-dev >+ - libicu-dev >+ - libjansson-dev >+ - libjs-jquery >+ - libjson-perl >+ - libkrb5-dev >+ - libldap2-dev >+ - liblmdb-dev >+ - libncurses5-dev >+ - libpam0g-dev >+ - libparse-yapp-perl >+ - libpcap-dev >+ - libpopt-dev >+ - libreadline-dev >+ - libsystemd-dev >+ - libtasn1-bin >+ - libtasn1-dev >+ - libunwind-dev >+ - lmdb-utils >+ - locales >+ - lsb-release >+ - make >+ - mawk >+ - mingw-w64 >+ - patch >+ - perl >+ - perl-modules >+ - pkg-config >+ - procps >+ - psmisc >+ - python3 >+ - python3-dbg >+ - python3-dev >+ - python3-dnspython >+ - python3-gpg >+ - python3-iso8601 >+ - python3-markdown >+ - python3-matplotlib >+ - python3-pexpect >+ - rng-tools >+ - rsync >+ - sed >+ - sudo >+ - tar >+ - tree >+ - uuid-dev >+ - xfslibs-dev >+ - xsltproc >+ - zlib1g-dev >\ No newline at end of file >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index df1b85b9f21..c3a72eec5c6 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-9061307e79ad13733c69352a965eeb4f44bef4b7 >+f5212e7abcae3208b796c939432ab9bec319264a >-- >2.25.1 > > >From 3f40e387bc72c72d5e4a982bb9a114b46dc8cdb1 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 24 Mar 2020 15:36:48 +0100 >Subject: [PATCH 011/380] bootstrap: add python3-pyasn1/python3-cryptography > for kerberos testing > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 99b644248746a8a038d6f4b15aa621a907adc987) >--- > .gitlab-ci.yml | 2 +- > bootstrap/config.py | 8 ++++---- > bootstrap/generated-dists/centos7/bootstrap.sh | 2 ++ > bootstrap/generated-dists/centos7/packages.yml | 2 ++ > bootstrap/generated-dists/centos8/bootstrap.sh | 2 ++ > bootstrap/generated-dists/centos8/packages.yml | 2 ++ > bootstrap/generated-dists/debian10/bootstrap.sh | 2 ++ > bootstrap/generated-dists/debian10/packages.yml | 2 ++ > bootstrap/generated-dists/fedora31/bootstrap.sh | 2 ++ > bootstrap/generated-dists/fedora31/packages.yml | 2 ++ > bootstrap/generated-dists/fedora32/bootstrap.sh | 2 ++ > bootstrap/generated-dists/fedora32/packages.yml | 2 ++ > bootstrap/generated-dists/opensuse150/bootstrap.sh | 2 ++ > bootstrap/generated-dists/opensuse150/packages.yml | 2 ++ > bootstrap/generated-dists/opensuse151/bootstrap.sh | 2 ++ > bootstrap/generated-dists/opensuse151/packages.yml | 2 ++ > bootstrap/generated-dists/ubuntu1604/bootstrap.sh | 2 ++ > bootstrap/generated-dists/ubuntu1604/packages.yml | 2 ++ > bootstrap/generated-dists/ubuntu1804/bootstrap.sh | 2 ++ > bootstrap/generated-dists/ubuntu1804/packages.yml | 2 ++ > bootstrap/generated-dists/ubuntu2004/bootstrap.sh | 2 ++ > bootstrap/generated-dists/ubuntu2004/packages.yml | 2 ++ > bootstrap/sha1sum.txt | 2 +- > 23 files changed, 46 insertions(+), 6 deletions(-) > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index efb9fe87d17..6a5e8693e80 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: f5212e7abcae3208b796c939432ab9bec319264a >+ SAMBA_CI_CONTAINER_TAG: 7414ad7ef9108d406b1f6b17ebce19e32aee9f70 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >diff --git a/bootstrap/config.py b/bootstrap/config.py >index b862053b915..196f9bdf8eb 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -129,6 +129,7 @@ PKGS = [ > ('mawk', 'gawk'), > > ('python3', 'python3'), >+ ('python3-cryptography', 'python3-cryptography'), # for krb5 tests > ('python3-dev', 'python3-devel'), > ('python3-dbg', ''), > ('python3-iso8601', ''), >@@ -137,6 +138,7 @@ PKGS = [ > ('python3-matplotlib', ''), > ('python3-dnspython', 'python3-dns'), > ('python3-pexpect', ''), # for wintest only >+ ('python3-pyasn1', 'python3-pyasn1'), # for krb5 tests > > ('', 'libsemanage-python'), > ('', 'policycoreutils-python'), >@@ -418,9 +420,10 @@ RPM_DISTS = { > 'replace': { > 'lsb-release': 'redhat-lsb', > 'python3': 'python36', >- 'python3-crypto': 'python36-crypto', >+ 'python3-cryptography': 'python36-cryptography', > 'python3-devel': 'python36-devel', > 'python3-dns': 'python36-dns', >+ 'python3-pyasn1': 'python36-pyasn1', > 'python3-gpg': 'python36-gpg', > 'python3-iso8601' : 'python36-iso8601', > 'python3-markdown': 'python36-markdown', >@@ -455,7 +458,6 @@ RPM_DISTS = { > 'perl-JSON-Parse': '', # does not exist? > 'perl-Test-Base': 'perl-Test-Simple', > 'policycoreutils-python': 'python3-policycoreutils', >- 'python3-crypto': '', > 'quota-devel': '', # FIXME: Add me back, once available! > 'liburing-devel': '', # not available yet, Add me back, once available! > } >@@ -503,7 +505,6 @@ RPM_DISTS = { > 'perl-interpreter': '', > 'procps-ng': 'procps', > 'python-dns': 'python2-dnspython', >- 'python3-crypto': 'python3-pycrypto', > 'python3-dns': 'python3-dnspython', > 'python3-markdown': 'python3-Markdown', > 'quota-devel': '', >@@ -536,7 +537,6 @@ RPM_DISTS = { > 'perl-interpreter': '', > 'procps-ng': 'procps', > 'python-dns': 'python2-dnspython', >- 'python3-crypto': 'python3-pycrypto', > 'python3-dns': 'python3-dnspython', > 'python3-markdown': 'python3-Markdown', > 'quota-devel': '', >diff --git a/bootstrap/generated-dists/centos7/bootstrap.sh b/bootstrap/generated-dists/centos7/bootstrap.sh >index 2f0bb1bcc28..37f5d684663 100755 >--- a/bootstrap/generated-dists/centos7/bootstrap.sh >+++ b/bootstrap/generated-dists/centos7/bootstrap.sh >@@ -83,9 +83,11 @@ yum install -y \ > procps-ng \ > psmisc \ > python36 \ >+ python36-cryptography \ > python36-devel \ > python36-dns \ > python36-markdown \ >+ python36-pyasn1 \ > quota-devel \ > readline-devel \ > redhat-lsb \ >diff --git a/bootstrap/generated-dists/centos7/packages.yml b/bootstrap/generated-dists/centos7/packages.yml >index 475326b6db7..1b80882bd8c 100644 >--- a/bootstrap/generated-dists/centos7/packages.yml >+++ b/bootstrap/generated-dists/centos7/packages.yml >@@ -69,9 +69,11 @@ packages: > - procps-ng > - psmisc > - python36 >+ - python36-cryptography > - python36-devel > - python36-dns > - python36-markdown >+ - python36-pyasn1 > - quota-devel > - readline-devel > - redhat-lsb >diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh >index 22484b3f6ad..61debd5e2ee 100755 >--- a/bootstrap/generated-dists/centos8/bootstrap.sh >+++ b/bootstrap/generated-dists/centos8/bootstrap.sh >@@ -84,12 +84,14 @@ yum install -y \ > procps-ng \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-devel \ > python3-dns \ > python3-gpg \ > python3-libsemanage \ > python3-markdown \ > python3-policycoreutils \ >+ python3-pyasn1 \ > readline-devel \ > redhat-lsb \ > rng-tools \ >diff --git a/bootstrap/generated-dists/centos8/packages.yml b/bootstrap/generated-dists/centos8/packages.yml >index 07be0deeceb..2467b35dafb 100644 >--- a/bootstrap/generated-dists/centos8/packages.yml >+++ b/bootstrap/generated-dists/centos8/packages.yml >@@ -69,12 +69,14 @@ packages: > - procps-ng > - psmisc > - python3 >+ - python3-cryptography > - python3-devel > - python3-dns > - python3-gpg > - python3-libsemanage > - python3-markdown > - python3-policycoreutils >+ - python3-pyasn1 > - readline-devel > - redhat-lsb > - rng-tools >diff --git a/bootstrap/generated-dists/debian10/bootstrap.sh b/bootstrap/generated-dists/debian10/bootstrap.sh >index f0847eb3c20..9391c1ca815 100755 >--- a/bootstrap/generated-dists/debian10/bootstrap.sh >+++ b/bootstrap/generated-dists/debian10/bootstrap.sh >@@ -81,6 +81,7 @@ apt-get -y install \ > procps \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-dbg \ > python3-dev \ > python3-dnspython \ >@@ -89,6 +90,7 @@ apt-get -y install \ > python3-markdown \ > python3-matplotlib \ > python3-pexpect \ >+ python3-pyasn1 \ > rng-tools \ > rsync \ > sed \ >diff --git a/bootstrap/generated-dists/debian10/packages.yml b/bootstrap/generated-dists/debian10/packages.yml >index a242cd8b362..dee4d5cef20 100644 >--- a/bootstrap/generated-dists/debian10/packages.yml >+++ b/bootstrap/generated-dists/debian10/packages.yml >@@ -70,6 +70,7 @@ packages: > - procps > - psmisc > - python3 >+ - python3-cryptography > - python3-dbg > - python3-dev > - python3-dnspython >@@ -78,6 +79,7 @@ packages: > - python3-markdown > - python3-matplotlib > - python3-pexpect >+ - python3-pyasn1 > - rng-tools > - rsync > - sed >diff --git a/bootstrap/generated-dists/fedora31/bootstrap.sh b/bootstrap/generated-dists/fedora31/bootstrap.sh >index 18c58092eff..09d36e88058 100755 >--- a/bootstrap/generated-dists/fedora31/bootstrap.sh >+++ b/bootstrap/generated-dists/fedora31/bootstrap.sh >@@ -83,12 +83,14 @@ dnf install -y \ > procps-ng \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-devel \ > python3-dns \ > python3-gpg \ > python3-libsemanage \ > python3-markdown \ > python3-policycoreutils \ >+ python3-pyasn1 \ > quota-devel \ > readline-devel \ > redhat-lsb \ >diff --git a/bootstrap/generated-dists/fedora31/packages.yml b/bootstrap/generated-dists/fedora31/packages.yml >index 3165af8dd82..a2fbd0eb83b 100644 >--- a/bootstrap/generated-dists/fedora31/packages.yml >+++ b/bootstrap/generated-dists/fedora31/packages.yml >@@ -72,12 +72,14 @@ packages: > - procps-ng > - psmisc > - python3 >+ - python3-cryptography > - python3-devel > - python3-dns > - python3-gpg > - python3-libsemanage > - python3-markdown > - python3-policycoreutils >+ - python3-pyasn1 > - quota-devel > - readline-devel > - redhat-lsb >diff --git a/bootstrap/generated-dists/fedora32/bootstrap.sh b/bootstrap/generated-dists/fedora32/bootstrap.sh >index 18c58092eff..09d36e88058 100755 >--- a/bootstrap/generated-dists/fedora32/bootstrap.sh >+++ b/bootstrap/generated-dists/fedora32/bootstrap.sh >@@ -83,12 +83,14 @@ dnf install -y \ > procps-ng \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-devel \ > python3-dns \ > python3-gpg \ > python3-libsemanage \ > python3-markdown \ > python3-policycoreutils \ >+ python3-pyasn1 \ > quota-devel \ > readline-devel \ > redhat-lsb \ >diff --git a/bootstrap/generated-dists/fedora32/packages.yml b/bootstrap/generated-dists/fedora32/packages.yml >index 3165af8dd82..a2fbd0eb83b 100644 >--- a/bootstrap/generated-dists/fedora32/packages.yml >+++ b/bootstrap/generated-dists/fedora32/packages.yml >@@ -72,12 +72,14 @@ packages: > - procps-ng > - psmisc > - python3 >+ - python3-cryptography > - python3-devel > - python3-dns > - python3-gpg > - python3-libsemanage > - python3-markdown > - python3-policycoreutils >+ - python3-pyasn1 > - quota-devel > - readline-devel > - redhat-lsb >diff --git a/bootstrap/generated-dists/opensuse150/bootstrap.sh b/bootstrap/generated-dists/opensuse150/bootstrap.sh >index 3fbcaacb24f..341b0ef9d35 100755 >--- a/bootstrap/generated-dists/opensuse150/bootstrap.sh >+++ b/bootstrap/generated-dists/opensuse150/bootstrap.sh >@@ -80,9 +80,11 @@ zypper --non-interactive install \ > python2-semanage \ > python3 \ > python3-Markdown \ >+ python3-cryptography \ > python3-devel \ > python3-dnspython \ > python3-gpg \ >+ python3-pyasn1 \ > readline-devel \ > rng-tools \ > rpcgen \ >diff --git a/bootstrap/generated-dists/opensuse150/packages.yml b/bootstrap/generated-dists/opensuse150/packages.yml >index 0eb19244677..b8c469cadca 100644 >--- a/bootstrap/generated-dists/opensuse150/packages.yml >+++ b/bootstrap/generated-dists/opensuse150/packages.yml >@@ -68,9 +68,11 @@ packages: > - python2-semanage > - python3 > - python3-Markdown >+ - python3-cryptography > - python3-devel > - python3-dnspython > - python3-gpg >+ - python3-pyasn1 > - readline-devel > - rng-tools > - rpcgen >diff --git a/bootstrap/generated-dists/opensuse151/bootstrap.sh b/bootstrap/generated-dists/opensuse151/bootstrap.sh >index 3fbcaacb24f..341b0ef9d35 100755 >--- a/bootstrap/generated-dists/opensuse151/bootstrap.sh >+++ b/bootstrap/generated-dists/opensuse151/bootstrap.sh >@@ -80,9 +80,11 @@ zypper --non-interactive install \ > python2-semanage \ > python3 \ > python3-Markdown \ >+ python3-cryptography \ > python3-devel \ > python3-dnspython \ > python3-gpg \ >+ python3-pyasn1 \ > readline-devel \ > rng-tools \ > rpcgen \ >diff --git a/bootstrap/generated-dists/opensuse151/packages.yml b/bootstrap/generated-dists/opensuse151/packages.yml >index 0eb19244677..b8c469cadca 100644 >--- a/bootstrap/generated-dists/opensuse151/packages.yml >+++ b/bootstrap/generated-dists/opensuse151/packages.yml >@@ -68,9 +68,11 @@ packages: > - python2-semanage > - python3 > - python3-Markdown >+ - python3-cryptography > - python3-devel > - python3-dnspython > - python3-gpg >+ - python3-pyasn1 > - readline-devel > - rng-tools > - rpcgen >diff --git a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >index a8f47762ded..f5791357d45 100755 >--- a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >+++ b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh >@@ -80,6 +80,7 @@ apt-get -y install \ > procps \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-dbg \ > python3-dev \ > python3-dnspython \ >@@ -88,6 +89,7 @@ apt-get -y install \ > python3-markdown \ > python3-matplotlib \ > python3-pexpect \ >+ python3-pyasn1 \ > rng-tools \ > rsync \ > sed \ >diff --git a/bootstrap/generated-dists/ubuntu1604/packages.yml b/bootstrap/generated-dists/ubuntu1604/packages.yml >index c3cd9af9c3e..932cc162041 100644 >--- a/bootstrap/generated-dists/ubuntu1604/packages.yml >+++ b/bootstrap/generated-dists/ubuntu1604/packages.yml >@@ -69,6 +69,7 @@ packages: > - procps > - psmisc > - python3 >+ - python3-cryptography > - python3-dbg > - python3-dev > - python3-dnspython >@@ -77,6 +78,7 @@ packages: > - python3-markdown > - python3-matplotlib > - python3-pexpect >+ - python3-pyasn1 > - rng-tools > - rsync > - sed >diff --git a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh >index 97d32815d72..e668057ea82 100755 >--- a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh >+++ b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh >@@ -82,6 +82,7 @@ apt-get -y install \ > procps \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-dbg \ > python3-dev \ > python3-dnspython \ >@@ -90,6 +91,7 @@ apt-get -y install \ > python3-markdown \ > python3-matplotlib \ > python3-pexpect \ >+ python3-pyasn1 \ > rng-tools \ > rsync \ > sed \ >diff --git a/bootstrap/generated-dists/ubuntu1804/packages.yml b/bootstrap/generated-dists/ubuntu1804/packages.yml >index f45deb2c808..edf5720f84c 100644 >--- a/bootstrap/generated-dists/ubuntu1804/packages.yml >+++ b/bootstrap/generated-dists/ubuntu1804/packages.yml >@@ -71,6 +71,7 @@ packages: > - procps > - psmisc > - python3 >+ - python3-cryptography > - python3-dbg > - python3-dev > - python3-dnspython >@@ -79,6 +80,7 @@ packages: > - python3-markdown > - python3-matplotlib > - python3-pexpect >+ - python3-pyasn1 > - rng-tools > - rsync > - sed >diff --git a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh >index 97d32815d72..e668057ea82 100755 >--- a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh >+++ b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh >@@ -82,6 +82,7 @@ apt-get -y install \ > procps \ > psmisc \ > python3 \ >+ python3-cryptography \ > python3-dbg \ > python3-dev \ > python3-dnspython \ >@@ -90,6 +91,7 @@ apt-get -y install \ > python3-markdown \ > python3-matplotlib \ > python3-pexpect \ >+ python3-pyasn1 \ > rng-tools \ > rsync \ > sed \ >diff --git a/bootstrap/generated-dists/ubuntu2004/packages.yml b/bootstrap/generated-dists/ubuntu2004/packages.yml >index f45deb2c808..edf5720f84c 100644 >--- a/bootstrap/generated-dists/ubuntu2004/packages.yml >+++ b/bootstrap/generated-dists/ubuntu2004/packages.yml >@@ -71,6 +71,7 @@ packages: > - procps > - psmisc > - python3 >+ - python3-cryptography > - python3-dbg > - python3-dev > - python3-dnspython >@@ -79,6 +80,7 @@ packages: > - python3-markdown > - python3-matplotlib > - python3-pexpect >+ - python3-pyasn1 > - rng-tools > - rsync > - sed >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index c3a72eec5c6..085ef7c5297 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-f5212e7abcae3208b796c939432ab9bec319264a >+7414ad7ef9108d406b1f6b17ebce19e32aee9f70 >-- >2.25.1 > > >From 223077cce9193ffc82d9acf0469fcc1acaa871d1 Mon Sep 17 00:00:00 2001 >From: Martin Schwenke <martin@meltin.net> >Date: Wed, 9 Dec 2020 00:03:47 +1100 >Subject: [PATCH 012/380] bootstrap: Cope with case changes in CentOS 8 repo > names > >RN: Be more flexible with repository names in CentOS 8 test environments > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14594 >Signed-off-by: Martin Schwenke <martin@meltin.net> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >[abartlet@samba.org backported from commit 1c59f49aaede8ec1662d4e49aef84fcd902a8a76 > due to conflicts in sha1sum because changes in-between > this and the last backported changes were not included] >--- > .gitlab-ci.yml | 2 +- > bootstrap/config.py | 3 ++- > bootstrap/generated-dists/centos8/bootstrap.sh | 3 ++- > bootstrap/sha1sum.txt | 2 +- > 4 files changed, 6 insertions(+), 4 deletions(-) > >diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >index 6a5e8693e80..7c7597e31b6 100644 >--- a/.gitlab-ci.yml >+++ b/.gitlab-ci.yml >@@ -22,7 +22,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: 7414ad7ef9108d406b1f6b17ebce19e32aee9f70 >+ SAMBA_CI_CONTAINER_TAG: 5a03ad6f346def64a757bcd2e71dc9a5c10ceae0 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 196f9bdf8eb..93e321a7e81 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -228,7 +228,8 @@ set -xueo pipefail > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release >-yum config-manager --set-enabled PowerTools -y >+yum config-manager --set-enabled PowerTools -y || \ >+ yum config-manager --set-enabled powertools -y > yum update -y > > yum install -y \ >diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh >index 61debd5e2ee..2ee15dba86c 100755 >--- a/bootstrap/generated-dists/centos8/bootstrap.sh >+++ b/bootstrap/generated-dists/centos8/bootstrap.sh >@@ -10,7 +10,8 @@ set -xueo pipefail > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release >-yum config-manager --set-enabled PowerTools -y >+yum config-manager --set-enabled PowerTools -y || \ >+ yum config-manager --set-enabled powertools -y > yum update -y > > yum install -y \ >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 085ef7c5297..b1e6736def0 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-7414ad7ef9108d406b1f6b17ebce19e32aee9f70 >+5a03ad6f346def64a757bcd2e71dc9a5c10ceae0 >-- >2.25.1 > > >From 64b62b7c9fea1b288d4eec350dcadaa7e8785e65 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 24 Mar 2020 14:02:58 +0100 >Subject: [PATCH 013/380] python/tests: let usage.py be more verbose on errors > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 0f805db40a4948f9902733aa03ed6ae2789dabb3) >--- > python/samba/tests/usage.py | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 4b7bccde758..259ec91f66e 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -331,8 +331,9 @@ class HelpTestSuper(TestCase): > > if self.check_return_code: > self.assertEqual(p.returncode, 0, >- "%s %s\nreturncode should not be %d" % >- (filename, h, p.returncode)) >+ "%s %s\nreturncode should not be %d\n" >+ "err:\n%s\nout:\n%s" % >+ (filename, h, p.returncode, err, out)) > if self.check_contains_usage: > self.assertIn('usage', outl, 'lacks "Usage:"\n') > if self.check_multiline: >-- >2.25.1 > > >From c55219d57f55e0bd300a23b505c2d0d1e657fd43 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Sat, 15 Feb 2020 18:33:33 +0100 >Subject: [PATCH 014/380] python/tests/krb5: add crypto.py from greghudson/pyk5 > as kcrypto.py > >This is crypto.py of commit f0612aa908062fb239d1c3873595e7204ae1691d >from https://github.com/greghudson/pyk5.git > >This will be used in order to do raw protocol testing against >[MS-KILE] KDCs. > >Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 679bb52c957dafcec96ff37f87d8c3496996b909) >--- > python/samba/tests/krb5/kcrypto.py | 713 +++++++++++++++++++++++++++++ > python/samba/tests/source.py | 6 + > python/samba/tests/usage.py | 4 +- > 3 files changed, 722 insertions(+), 1 deletion(-) > create mode 100644 python/samba/tests/krb5/kcrypto.py > >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >new file mode 100644 >index 00000000000..18c0f71c24c >--- /dev/null >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -0,0 +1,713 @@ >+# Copyright (C) 2013 by the Massachusetts Institute of Technology. >+# All rights reserved. >+# >+# Redistribution and use in source and binary forms, with or without >+# modification, are permitted provided that the following conditions >+# are met: >+# >+# * Redistributions of source code must retain the above copyright >+# notice, this list of conditions and the following disclaimer. >+# >+# * Redistributions in binary form must reproduce the above copyright >+# notice, this list of conditions and the following disclaimer in >+# the documentation and/or other materials provided with the >+# distribution. >+# >+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, >+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR >+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, >+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED >+# OF THE POSSIBILITY OF SUCH DAMAGE. >+ >+# XXX current status: >+# * Done and tested >+# - AES encryption, checksum, string2key, prf >+# - cf2 (needed for FAST) >+# * Still to do: >+# - DES enctypes and cksumtypes >+# - RC4 exported enctype (if we need it for anything) >+# - Unkeyed checksums >+# - Special RC4, raw DES/DES3 operations for GSSAPI >+# * Difficult or low priority: >+# - Camellia not supported by PyCrypto >+# - Cipher state only needed for kcmd suite >+# - Nonstandard enctypes and cksumtypes like des-hmac-sha1 >+ >+from math import gcd >+from functools import reduce >+from struct import pack, unpack >+from Crypto.Cipher import AES, DES3, ARC4 >+from Crypto.Hash import HMAC, MD4, MD5, SHA >+from Crypto.Protocol.KDF import PBKDF2 >+from Crypto.Random import get_random_bytes >+ >+ >+class Enctype(object): >+ DES_CRC = 1 >+ DES_MD4 = 2 >+ DES_MD5 = 3 >+ DES3 = 16 >+ AES128 = 17 >+ AES256 = 18 >+ RC4 = 23 >+ >+ >+class Cksumtype(object): >+ CRC32 = 1 >+ MD4 = 2 >+ MD4_DES = 3 >+ MD5 = 7 >+ MD5_DES = 8 >+ SHA1 = 9 >+ SHA1_DES3 = 12 >+ SHA1_AES128 = 15 >+ SHA1_AES256 = 16 >+ HMAC_MD5 = -138 >+ >+ >+class InvalidChecksum(ValueError): >+ pass >+ >+ >+def _zeropad(s, padsize): >+ # Return s padded with 0 bytes to a multiple of padsize. >+ padlen = (padsize - (len(s) % padsize)) % padsize >+ return s + bytes(padlen) >+ >+ >+def _xorbytes(b1, b2): >+ # xor two strings together and return the resulting string. >+ assert len(b1) == len(b2) >+ return bytes([x ^ y for x, y in zip(b1, b2)]) >+ >+ >+def _mac_equal(mac1, mac2): >+ # Constant-time comparison function. (We can't use HMAC.verify >+ # since we use truncated macs.) >+ assert len(mac1) == len(mac2) >+ res = 0 >+ for x, y in zip(mac1, mac2): >+ res |= x ^ y >+ return res == 0 >+ >+ >+def _nfold(str, nbytes): >+ # Convert str to a string of length nbytes using the RFC 3961 nfold >+ # operation. >+ >+ # Rotate the bytes in str to the right by nbits bits. >+ def rotate_right(str, nbits): >+ nbytes, remain = (nbits//8) % len(str), nbits % 8 >+ return bytes([(str[i-nbytes] >> remain) | >+ (str[i-nbytes-1] << (8-remain) & 0xff) >+ for i in range(len(str))]) >+ >+ # Add equal-length strings together with end-around carry. >+ def add_ones_complement(str1, str2): >+ n = len(str1) >+ v = [a + b for a, b in zip(str1, str2)] >+ # Propagate carry bits to the left until there aren't any left. >+ while any(x & ~0xff for x in v): >+ v = [(v[i-n+1]>>8) + (v[i]&0xff) for i in range(n)] >+ return bytes([x for x in v]) >+ >+ # Concatenate copies of str to produce the least common multiple >+ # of len(str) and nbytes, rotating each copy of str to the right >+ # by 13 bits times its list position. Decompose the concatenation >+ # into slices of length nbytes, and add them together as >+ # big-endian ones' complement integers. >+ slen = len(str) >+ lcm = nbytes * slen // gcd(nbytes, slen) >+ bigstr = b''.join((rotate_right(str, 13 * i) for i in range(lcm // slen))) >+ slices = (bigstr[p:p+nbytes] for p in range(0, lcm, nbytes)) >+ return reduce(add_ones_complement, slices) >+ >+ >+def _is_weak_des_key(keybytes): >+ return keybytes in (b'\x01\x01\x01\x01\x01\x01\x01\x01', >+ b'\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE', >+ b'\x1F\x1F\x1F\x1F\x0E\x0E\x0E\x0E', >+ b'\xE0\xE0\xE0\xE0\xF1\xF1\xF1\xF1', >+ b'\x01\xFE\x01\xFE\x01\xFE\x01\xFE', >+ b'\xFE\x01\xFE\x01\xFE\x01\xFE\x01', >+ b'\x1F\xE0\x1F\xE0\x0E\xF1\x0E\xF1', >+ b'\xE0\x1F\xE0\x1F\xF1\x0E\xF1\x0E', >+ b'\x01\xE0\x01\xE0\x01\xF1\x01\xF1', >+ b'\xE0\x01\xE0\x01\xF1\x01\xF1\x01', >+ b'\x1F\xFE\x1F\xFE\x0E\xFE\x0E\xFE', >+ b'\xFE\x1F\xFE\x1F\xFE\x0E\xFE\x0E', >+ b'\x01\x1F\x01\x1F\x01\x0E\x01\x0E', >+ b'\x1F\x01\x1F\x01\x0E\x01\x0E\x01', >+ b'\xE0\xFE\xE0\xFE\xF1\xFE\xF1\xFE', >+ b'\xFE\xE0\xFE\xE0\xFE\xF1\xFE\xF1') >+ >+ >+class _EnctypeProfile(object): >+ # Base class for enctype profiles. Usable enctype classes must define: >+ # * enctype: enctype number >+ # * keysize: protocol size of key in bytes >+ # * seedsize: random_to_key input size in bytes >+ # * random_to_key (if the keyspace is not dense) >+ # * string_to_key >+ # * encrypt >+ # * decrypt >+ # * prf >+ >+ @classmethod >+ def random_to_key(cls, seed): >+ if len(seed) != cls.seedsize: >+ raise ValueError('Wrong seed length') >+ return Key(cls.enctype, seed) >+ >+ >+class _SimplifiedEnctype(_EnctypeProfile): >+ # Base class for enctypes using the RFC 3961 simplified profile. >+ # Defines the encrypt, decrypt, and prf methods. Subclasses must >+ # define: >+ # * blocksize: Underlying cipher block size in bytes >+ # * padsize: Underlying cipher padding multiple (1 or blocksize) >+ # * macsize: Size of integrity MAC in bytes >+ # * hashmod: PyCrypto hash module for underlying hash function >+ # * basic_encrypt, basic_decrypt: Underlying CBC/CTS cipher >+ >+ @classmethod >+ def derive(cls, key, constant): >+ # RFC 3961 only says to n-fold the constant only if it is >+ # shorter than the cipher block size. But all Unix >+ # implementations n-fold constants if their length is larger >+ # than the block size as well, and n-folding when the length >+ # is equal to the block size is a no-op. >+ plaintext = _nfold(constant, cls.blocksize) >+ rndseed = b'' >+ while len(rndseed) < cls.seedsize: >+ ciphertext = cls.basic_encrypt(key, plaintext) >+ rndseed += ciphertext >+ plaintext = ciphertext >+ return cls.random_to_key(rndseed[0:cls.seedsize]) >+ >+ @classmethod >+ def encrypt(cls, key, keyusage, plaintext, confounder): >+ ki = cls.derive(key, pack('>iB', keyusage, 0x55)) >+ ke = cls.derive(key, pack('>iB', keyusage, 0xAA)) >+ if confounder is None: >+ confounder = get_random_bytes(cls.blocksize) >+ basic_plaintext = confounder + _zeropad(plaintext, cls.padsize) >+ hmac = HMAC.new(ki.contents, basic_plaintext, cls.hashmod).digest() >+ return cls.basic_encrypt(ke, basic_plaintext) + hmac[:cls.macsize] >+ >+ @classmethod >+ def decrypt(cls, key, keyusage, ciphertext): >+ ki = cls.derive(key, pack('>iB', keyusage, 0x55)) >+ ke = cls.derive(key, pack('>iB', keyusage, 0xAA)) >+ if len(ciphertext) < cls.blocksize + cls.macsize: >+ raise ValueError('ciphertext too short') >+ basic_ctext, mac = ciphertext[:-cls.macsize], ciphertext[-cls.macsize:] >+ if len(basic_ctext) % cls.padsize != 0: >+ raise ValueError('ciphertext does not meet padding requirement') >+ basic_plaintext = cls.basic_decrypt(ke, basic_ctext) >+ hmac = HMAC.new(ki.contents, basic_plaintext, cls.hashmod).digest() >+ expmac = hmac[:cls.macsize] >+ if not _mac_equal(mac, expmac): >+ raise InvalidChecksum('ciphertext integrity failure') >+ # Discard the confounder. >+ return basic_plaintext[cls.blocksize:] >+ >+ @classmethod >+ def prf(cls, key, string): >+ # Hash the input. RFC 3961 says to truncate to the padding >+ # size, but implementations truncate to the block size. >+ hashval = cls.hashmod.new(string).digest() >+ truncated = hashval[:-(len(hashval) % cls.blocksize)] >+ # Encrypt the hash with a derived key. >+ kp = cls.derive(key, b'prf') >+ return cls.basic_encrypt(kp, truncated) >+ >+ >+class _DES3CBC(_SimplifiedEnctype): >+ enctype = Enctype.DES3 >+ keysize = 24 >+ seedsize = 21 >+ blocksize = 8 >+ padsize = 8 >+ macsize = 20 >+ hashmod = SHA >+ >+ @classmethod >+ def random_to_key(cls, seed): >+ # XXX Maybe reframe as _DESEnctype.random_to_key and use that >+ # way from DES3 random-to-key when DES is implemented, since >+ # MIT does this instead of the RFC 3961 random-to-key. >+ def expand(seed): >+ def parity(b): >+ # Return b with the low-order bit set to yield odd parity. >+ b &= ~1 >+ return b if bin(b & ~1).count('1') % 2 else b | 1 >+ assert len(seed) == 7 >+ firstbytes = [parity(b & ~1) for b in seed] >+ lastbyte = parity(sum((seed[i]&1) << i+1 for i in range(7))) >+ keybytes = bytes([b for b in firstbytes + [lastbyte]]) >+ if _is_weak_des_key(keybytes): >+ keybytes[7] = bytes([keybytes[7] ^ 0xF0]) >+ return keybytes >+ >+ if len(seed) != 21: >+ raise ValueError('Wrong seed length') >+ k1, k2, k3 = expand(seed[:7]), expand(seed[7:14]), expand(seed[14:]) >+ return Key(cls.enctype, k1 + k2 + k3) >+ >+ @classmethod >+ def string_to_key(cls, string, salt, params): >+ if params is not None and params != b'': >+ raise ValueError('Invalid DES3 string-to-key parameters') >+ k = cls.random_to_key(_nfold(string + salt, 21)) >+ return cls.derive(k, b'kerberos') >+ >+ @classmethod >+ def basic_encrypt(cls, key, plaintext): >+ assert len(plaintext) % 8 == 0 >+ des3 = DES3.new(key.contents, AES.MODE_CBC, bytes(8)) >+ return des3.encrypt(plaintext) >+ >+ @classmethod >+ def basic_decrypt(cls, key, ciphertext): >+ assert len(ciphertext) % 8 == 0 >+ des3 = DES3.new(key.contents, AES.MODE_CBC, bytes(8)) >+ return des3.decrypt(ciphertext) >+ >+ >+class _AESEnctype(_SimplifiedEnctype): >+ # Base class for aes128-cts and aes256-cts. >+ blocksize = 16 >+ padsize = 1 >+ macsize = 12 >+ hashmod = SHA >+ >+ @classmethod >+ def string_to_key(cls, string, salt, params): >+ (iterations,) = unpack('>L', params or b'\x00\x00\x10\x00') >+ prf = lambda p, s: HMAC.new(p, s, SHA).digest() >+ seed = PBKDF2(string, salt, cls.seedsize, iterations, prf) >+ tkey = cls.random_to_key(seed) >+ return cls.derive(tkey, b'kerberos') >+ >+ @classmethod >+ def basic_encrypt(cls, key, plaintext): >+ assert len(plaintext) >= 16 >+ aes = AES.new(key.contents, AES.MODE_CBC, bytes(16)) >+ ctext = aes.encrypt(_zeropad(plaintext, 16)) >+ if len(plaintext) > 16: >+ # Swap the last two ciphertext blocks and truncate the >+ # final block to match the plaintext length. >+ lastlen = len(plaintext) % 16 or 16 >+ ctext = ctext[:-32] + ctext[-16:] + ctext[-32:-16][:lastlen] >+ return ctext >+ >+ @classmethod >+ def basic_decrypt(cls, key, ciphertext): >+ assert len(ciphertext) >= 16 >+ aes = AES.new(key.contents, AES.MODE_ECB) >+ if len(ciphertext) == 16: >+ return aes.decrypt(ciphertext) >+ # Split the ciphertext into blocks. The last block may be partial. >+ cblocks = [ciphertext[p:p+16] for p in range(0, len(ciphertext), 16)] >+ lastlen = len(cblocks[-1]) >+ # CBC-decrypt all but the last two blocks. >+ prev_cblock = bytes(16) >+ plaintext = b'' >+ for b in cblocks[:-2]: >+ plaintext += _xorbytes(aes.decrypt(b), prev_cblock) >+ prev_cblock = b >+ # Decrypt the second-to-last cipher block. The left side of >+ # the decrypted block will be the final block of plaintext >+ # xor'd with the final partial cipher block; the right side >+ # will be the omitted bytes of ciphertext from the final >+ # block. >+ b = aes.decrypt(cblocks[-2]) >+ lastplaintext =_xorbytes(b[:lastlen], cblocks[-1]) >+ omitted = b[lastlen:] >+ # Decrypt the final cipher block plus the omitted bytes to get >+ # the second-to-last plaintext block. >+ plaintext += _xorbytes(aes.decrypt(cblocks[-1] + omitted), prev_cblock) >+ return plaintext + lastplaintext >+ >+ >+class _AES128CTS(_AESEnctype): >+ enctype = Enctype.AES128 >+ keysize = 16 >+ seedsize = 16 >+ >+ >+class _AES256CTS(_AESEnctype): >+ enctype = Enctype.AES256 >+ keysize = 32 >+ seedsize = 32 >+ >+ >+class _RC4(_EnctypeProfile): >+ enctype = Enctype.RC4 >+ keysize = 16 >+ seedsize = 16 >+ >+ @staticmethod >+ def usage_str(keyusage): >+ # Return a four-byte string for an RFC 3961 keyusage, using >+ # the RFC 4757 rules. Per the errata, do not map 9 to 8. >+ table = {3: 8, 23: 13} >+ msusage = table[keyusage] if keyusage in table else keyusage >+ return pack('<i', msusage) >+ >+ @classmethod >+ def string_to_key(cls, string, salt, params): >+ utf16string = string.decode('UTF-8').encode('UTF-16LE') >+ return Key(cls.enctype, MD4.new(utf16string).digest()) >+ >+ @classmethod >+ def encrypt(cls, key, keyusage, plaintext, confounder): >+ if confounder is None: >+ confounder = get_random_bytes(8) >+ ki = HMAC.new(key.contents, cls.usage_str(keyusage), MD5).digest() >+ cksum = HMAC.new(ki, confounder + plaintext, MD5).digest() >+ ke = HMAC.new(ki, cksum, MD5).digest() >+ return cksum + ARC4.new(ke).encrypt(confounder + plaintext) >+ >+ @classmethod >+ def decrypt(cls, key, keyusage, ciphertext): >+ if len(ciphertext) < 24: >+ raise ValueError('ciphertext too short') >+ cksum, basic_ctext = ciphertext[:16], ciphertext[16:] >+ ki = HMAC.new(key.contents, cls.usage_str(keyusage), MD5).digest() >+ ke = HMAC.new(ki, cksum, MD5).digest() >+ basic_plaintext = ARC4.new(ke).decrypt(basic_ctext) >+ exp_cksum = HMAC.new(ki, basic_plaintext, MD5).digest() >+ ok = _mac_equal(cksum, exp_cksum) >+ if not ok and keyusage == 9: >+ # Try again with usage 8, due to RFC 4757 errata. >+ ki = HMAC.new(key.contents, pack('<i', 8), MD5).digest() >+ exp_cksum = HMAC.new(ki, basic_plaintext, MD5).digest() >+ ok = _mac_equal(cksum, exp_cksum) >+ if not ok: >+ raise InvalidChecksum('ciphertext integrity failure') >+ # Discard the confounder. >+ return basic_plaintext[8:] >+ >+ @classmethod >+ def prf(cls, key, string): >+ return HMAC.new(key.contents, string, SHA).digest() >+ >+ >+class _ChecksumProfile(object): >+ # Base class for checksum profiles. Usable checksum classes must >+ # define: >+ # * checksum >+ # * verify (if verification is not just checksum-and-compare) >+ @classmethod >+ def verify(cls, key, keyusage, text, cksum): >+ expected = cls.checksum(key, keyusage, text) >+ if not _mac_equal(cksum, expected): >+ raise InvalidChecksum('checksum verification failure') >+ >+ >+class _SimplifiedChecksum(_ChecksumProfile): >+ # Base class for checksums using the RFC 3961 simplified profile. >+ # Defines the checksum and verify methods. Subclasses must >+ # define: >+ # * macsize: Size of checksum in bytes >+ # * enc: Profile of associated enctype >+ >+ @classmethod >+ def checksum(cls, key, keyusage, text): >+ kc = cls.enc.derive(key, pack('>iB', keyusage, 0x99)) >+ hmac = HMAC.new(kc.contents, text, cls.enc.hashmod).digest() >+ return hmac[:cls.macsize] >+ >+ @classmethod >+ def verify(cls, key, keyusage, text, cksum): >+ if key.enctype != cls.enc.enctype: >+ raise ValueError('Wrong key type for checksum') >+ super(_SimplifiedChecksum, cls).verify(key, keyusage, text, cksum) >+ >+ >+class _SHA1AES128(_SimplifiedChecksum): >+ macsize = 12 >+ enc = _AES128CTS >+ >+ >+class _SHA1AES256(_SimplifiedChecksum): >+ macsize = 12 >+ enc = _AES256CTS >+ >+ >+class _SHA1DES3(_SimplifiedChecksum): >+ macsize = 20 >+ enc = _DES3CBC >+ >+ >+class _HMACMD5(_ChecksumProfile): >+ @classmethod >+ def checksum(cls, key, keyusage, text): >+ ksign = HMAC.new(key.contents, b'signaturekey\0', MD5).digest() >+ md5hash = MD5.new(_RC4.usage_str(keyusage) + text).digest() >+ return HMAC.new(ksign, md5hash, MD5).digest() >+ >+ @classmethod >+ def verify(cls, key, keyusage, text, cksum): >+ if key.enctype != Enctype.RC4: >+ raise ValueError('Wrong key type for checksum') >+ super(_HMACMD5, cls).verify(key, keyusage, text, cksum) >+ >+ >+_enctype_table = { >+ Enctype.DES3: _DES3CBC, >+ Enctype.AES128: _AES128CTS, >+ Enctype.AES256: _AES256CTS, >+ Enctype.RC4: _RC4 >+} >+ >+ >+_checksum_table = { >+ Cksumtype.SHA1_DES3: _SHA1DES3, >+ Cksumtype.SHA1_AES128: _SHA1AES128, >+ Cksumtype.SHA1_AES256: _SHA1AES256, >+ Cksumtype.HMAC_MD5: _HMACMD5 >+} >+ >+ >+def _get_enctype_profile(enctype): >+ if enctype not in _enctype_table: >+ raise ValueError('Invalid enctype %d' % enctype) >+ return _enctype_table[enctype] >+ >+ >+def _get_checksum_profile(cksumtype): >+ if cksumtype not in _checksum_table: >+ raise ValueError('Invalid cksumtype %d' % cksumtype) >+ return _checksum_table[cksumtype] >+ >+ >+class Key(object): >+ def __init__(self, enctype, contents): >+ e = _get_enctype_profile(enctype) >+ if len(contents) != e.keysize: >+ raise ValueError('Wrong key length') >+ self.enctype = enctype >+ self.contents = contents >+ >+ >+def seedsize(enctype): >+ e = _get_enctype_profile(enctype) >+ return e.seedsize >+ >+ >+def random_to_key(enctype, seed): >+ e = _get_enctype_profile(enctype) >+ if len(seed) != e.seedsize: >+ raise ValueError('Wrong crypto seed length') >+ return e.random_to_key(seed) >+ >+ >+def string_to_key(enctype, string, salt, params=None): >+ e = _get_enctype_profile(enctype) >+ return e.string_to_key(string, salt, params) >+ >+ >+def encrypt(key, keyusage, plaintext, confounder=None): >+ e = _get_enctype_profile(key.enctype) >+ return e.encrypt(key, keyusage, plaintext, confounder) >+ >+ >+def decrypt(key, keyusage, ciphertext): >+ # Throw InvalidChecksum on checksum failure. Throw ValueError on >+ # invalid key enctype or malformed ciphertext. >+ e = _get_enctype_profile(key.enctype) >+ return e.decrypt(key, keyusage, ciphertext) >+ >+ >+def prf(key, string): >+ e = _get_enctype_profile(key.enctype) >+ return e.prf(key, string) >+ >+ >+def make_checksum(cksumtype, key, keyusage, text): >+ c = _get_checksum_profile(cksumtype) >+ return c.checksum(key, keyusage, text) >+ >+ >+def verify_checksum(cksumtype, key, keyusage, text, cksum): >+ # Throw InvalidChecksum exception on checksum failure. Throw >+ # ValueError on invalid cksumtype, invalid key enctype, or >+ # malformed checksum. >+ c = _get_checksum_profile(cksumtype) >+ c.verify(key, keyusage, text, cksum) >+ >+ >+def prfplus(key, pepper, l): >+ # Produce l bytes of output using the RFC 6113 PRF+ function. >+ out = b'' >+ count = 1 >+ while len(out) < l: >+ out += prf(key, bytes([count]) + pepper) >+ count += 1 >+ return out[:l] >+ >+ >+def cf2(enctype, key1, key2, pepper1, pepper2): >+ # Combine two keys and two pepper strings to produce a result key >+ # of type enctype, using the RFC 6113 KRB-FX-CF2 function. >+ e = _get_enctype_profile(enctype) >+ return e.random_to_key(_xorbytes(prfplus(key1, pepper1, e.seedsize), >+ prfplus(key2, pepper2, e.seedsize))) >+ >+ >+if __name__ == '__main__': >+ def h(hexstr): >+ return bytes.fromhex(hexstr) >+ >+ # AES128 encrypt and decrypt >+ kb = h('9062430C8CDA3388922E6D6A509F5B7A') >+ conf = h('94B491F481485B9A0678CD3C4EA386AD') >+ keyusage = 2 >+ plain = b'9 bytesss' >+ ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7CD2E' >+ 'C26C355D2F') >+ k = Key(Enctype.AES128, kb) >+ assert(encrypt(k, keyusage, plain, conf) == ctxt) >+ assert(decrypt(k, keyusage, ctxt) == plain) >+ >+ # AES256 encrypt and decrypt >+ kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B1404231398') >+ conf = h('E45CA518B42E266AD98E165E706FFB60') >+ keyusage = 4 >+ plain = b'30 bytes bytes bytes bytes byt' >+ ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3D79A' >+ '295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') >+ k = Key(Enctype.AES256, kb) >+ assert(encrypt(k, keyusage, plain, conf) == ctxt) >+ assert(decrypt(k, keyusage, ctxt) == plain) >+ >+ # AES128 checksum >+ kb = h('9062430C8CDA3388922E6D6A509F5B7A') >+ keyusage = 3 >+ plain = b'eight nine ten eleven twelve thirteen' >+ cksum = h('01A4B088D45628F6946614E3') >+ k = Key(Enctype.AES128, kb) >+ verify_checksum(Cksumtype.SHA1_AES128, k, keyusage, plain, cksum) >+ >+ # AES256 checksum >+ kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7') >+ keyusage = 4 >+ plain = b'fourteen' >+ cksum = h('E08739E3279E2903EC8E3836') >+ k = Key(Enctype.AES256, kb) >+ verify_checksum(Cksumtype.SHA1_AES256, k, keyusage, plain, cksum) >+ >+ # AES128 string-to-key >+ string = b'password' >+ salt = b'ATHENA.MIT.EDUraeburn' >+ params = h('00000002') >+ kb = h('C651BF29E2300AC27FA469D693BDDA13') >+ k = string_to_key(Enctype.AES128, string, salt, params) >+ assert(k.contents == kb) >+ >+ # AES256 string-to-key >+ string = b'X' * 64 >+ salt = b'pass phrase equals block size' >+ params = h('000004B0') >+ kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56C553BA4B34') >+ k = string_to_key(Enctype.AES256, string, salt, params) >+ assert(k.contents == kb) >+ >+ # AES128 prf >+ kb = h('77B39A37A868920F2A51F9DD150C5717') >+ k = string_to_key(Enctype.AES128, b'key1', b'key1') >+ assert(prf(k, b'\x01\x61') == kb) >+ >+ # AES256 prf >+ kb = h('0D674DD0F9A6806525A4D92E828BD15A') >+ k = string_to_key(Enctype.AES256, b'key2', b'key2') >+ assert(prf(k, b'\x02\x62') == kb) >+ >+ # AES128 cf2 >+ kb = h('97DF97E4B798B29EB31ED7280287A92A') >+ k1 = string_to_key(Enctype.AES128, b'key1', b'key1') >+ k2 = string_to_key(Enctype.AES128, b'key2', b'key2') >+ k = cf2(Enctype.AES128, k1, k2, b'a', b'b') >+ assert(k.contents == kb) >+ >+ # AES256 cf2 >+ kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5E72B1C7B') >+ k1 = string_to_key(Enctype.AES256, b'key1', b'key1') >+ k2 = string_to_key(Enctype.AES256, b'key2', b'key2') >+ k = cf2(Enctype.AES256, k1, k2, b'a', b'b') >+ assert(k.contents == kb) >+ >+ # DES3 encrypt and decrypt >+ kb = h('0DD52094E0F41CECCB5BE510A764B35176E3981332F1E598') >+ conf = h('94690A17B2DA3C9B') >+ keyusage = 3 >+ plain = b'13 bytes byte' >+ ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F705E8' >+ '49CB7781D76A316B193F8D30') >+ k = Key(Enctype.DES3, kb) >+ assert(encrypt(k, keyusage, plain, conf) == ctxt) >+ assert(decrypt(k, keyusage, ctxt) == _zeropad(plain, 8)) >+ >+ # DES3 string-to-key >+ string = b'password' >+ salt = b'ATHENA.MIT.EDUraeburn' >+ kb = h('850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E') >+ k = string_to_key(Enctype.DES3, string, salt) >+ assert(k.contents == kb) >+ >+ # DES3 checksum >+ kb = h('7A25DF8992296DCEDA0E135BC4046E2375B3C14C98FBC162') >+ keyusage = 2 >+ plain = b'six seven' >+ cksum = h('0EEFC9C3E049AABC1BA5C401677D9AB699082BB4') >+ k = Key(Enctype.DES3, kb) >+ verify_checksum(Cksumtype.SHA1_DES3, k, keyusage, plain, cksum) >+ >+ # DES3 cf2 >+ kb = h('E58F9EB643862C13AD38E529313462A7F73E62834FE54A01') >+ k1 = string_to_key(Enctype.DES3, b'key1', b'key1') >+ k2 = string_to_key(Enctype.DES3, b'key2', b'key2') >+ k = cf2(Enctype.DES3, k1, k2, b'a', b'b') >+ assert(k.contents == kb) >+ >+ # RC4 encrypt and decrypt >+ kb = h('68F263DB3FCE15D031C9EAB02D67107A') >+ conf = h('37245E73A45FBF72') >+ keyusage = 4 >+ plain = b'30 bytes bytes bytes bytes byt' >+ ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0F260' >+ 'A99F0460508DE0CECC632D07C354124E46C5D2234EB8') >+ k = Key(Enctype.RC4, kb) >+ assert(encrypt(k, keyusage, plain, conf) == ctxt) >+ assert(decrypt(k, keyusage, ctxt) == plain) >+ >+ # RC4 string-to-key >+ string = b'foo' >+ kb = h('AC8E657F83DF82BEEA5D43BDAF7800CC') >+ k = string_to_key(Enctype.RC4, string, None) >+ assert(k.contents == kb) >+ >+ # RC4 checksum >+ kb = h('F7D3A155AF5E238A0B7A871A96BA2AB2') >+ keyusage = 6 >+ plain = b'seventeen eighteen nineteen twenty' >+ cksum = h('EB38CC97E2230F59DA4117DC5859D7EC') >+ k = Key(Enctype.RC4, kb) >+ verify_checksum(Cksumtype.HMAC_MD5, k, keyusage, plain, cksum) >+ >+ # RC4 cf2 >+ kb = h('24D7F6B6BAE4E5C00D2082C5EBAB3672') >+ k1 = string_to_key(Enctype.RC4, b'key1', b'key1') >+ k2 = string_to_key(Enctype.RC4, b'key2', b'key2') >+ k = cf2(Enctype.RC4, k1, k2, b'a', b'b') >+ assert(k.contents == kb) >diff --git a/python/samba/tests/source.py b/python/samba/tests/source.py >index 4bb652c4204..b7608b1bab3 100644 >--- a/python/samba/tests/source.py >+++ b/python/samba/tests/source.py >@@ -90,6 +90,9 @@ class TestSource(TestCase): > if "wafsamba" in fname: > # FIXME: No copyright headers in wafsamba > continue >+ if fname.endswith("python/samba/tests/krb5/kcrypto.py"): >+ # Imported from MIT testing repo >+ continue > match = copyright_re.search(text) > if not match: > incorrect.append((fname, 'no copyright line found\n')) >@@ -132,6 +135,9 @@ class TestSource(TestCase): > # Imported from subunit/testtools, which are dual > # Apache2/BSD-3. > continue >+ if fname.endswith("python/samba/tests/krb5/kcrypto.py"): >+ # Imported from MIT testing repo >+ continue > if not gpl_re.search(text): > incorrect.append(fname) > >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 259ec91f66e..06fdc9afacb 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -84,7 +84,8 @@ EXCLUDE_USAGE = { > 'selftest/tests.py', > 'python/samba/subunit/run.py', > 'bin/python/samba/subunit/run.py', >- 'python/samba/tests/dcerpc/raw_protocol.py' >+ 'python/samba/tests/dcerpc/raw_protocol.py', >+ 'python/samba/tests/krb5/kcrypto.py', > } > > EXCLUDE_HELP = { >@@ -101,6 +102,7 @@ EXCLUDE_DIRS = { > 'bin/ab', > 'bin/python/samba/tests', > 'bin/python/samba/tests/dcerpc', >+ 'bin/python/samba/tests/krb5', > } > > >-- >2.25.1 > > >From c0bc4d8fafb7773ce10462f2234b52de5aaff702 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 20 Mar 2020 12:47:39 +0100 >Subject: [PATCH 015/380] python/tests/krb5: convert kcrypto.py to > python3-cryptography and a few Samba helpers > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 8bdd37997686d4ca60584bdfda78440be8432405) >--- > python/samba/tests/krb5/kcrypto.py | 460 +++++++++++++++++------------ > 1 file changed, 273 insertions(+), 187 deletions(-) > mode change 100644 => 100755 python/samba/tests/krb5/kcrypto.py > >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >old mode 100644 >new mode 100755 >index 18c0f71c24c..0907d881b68 >--- a/python/samba/tests/krb5/kcrypto.py >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -1,3 +1,5 @@ >+#!/usr/bin/env python3 >+# > # Copyright (C) 2013 by the Massachusetts Institute of Technology. > # All rights reserved. > # >@@ -40,14 +42,26 @@ > # - Cipher state only needed for kcmd suite > # - Nonstandard enctypes and cksumtypes like des-hmac-sha1 > >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ > from math import gcd > from functools import reduce > from struct import pack, unpack >-from Crypto.Cipher import AES, DES3, ARC4 >-from Crypto.Hash import HMAC, MD4, MD5, SHA >-from Crypto.Protocol.KDF import PBKDF2 >-from Crypto.Random import get_random_bytes >- >+from cryptography.hazmat.primitives import hashes >+from cryptography.hazmat.primitives import hmac >+from cryptography.hazmat.primitives.ciphers import algorithms as ciphers >+from cryptography.hazmat.primitives.ciphers import modes >+from cryptography.hazmat.primitives.ciphers.base import Cipher >+from cryptography.hazmat.backends import default_backend >+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC >+from samba.tests import TestCase >+from samba.credentials import Credentials >+from samba import generate_random_bytes as get_random_bytes >+from samba.compat import get_string, get_bytes > > class Enctype(object): > DES_CRC = 1 >@@ -97,6 +111,15 @@ def _mac_equal(mac1, mac2): > res |= x ^ y > return res == 0 > >+def SIMPLE_HASH(string, algo_cls): >+ hash_ctx = hashes.Hash(algo_cls(), default_backend()) >+ hash_ctx.update(string) >+ return hash_ctx.finalize() >+ >+def HMAC_HASH(key, string, algo_cls): >+ hmac_ctx = hmac.HMAC(key, algo_cls(), default_backend()) >+ hmac_ctx.update(string) >+ return hmac_ctx.finalize() > > def _nfold(str, nbytes): > # Convert str to a string of length nbytes using the RFC 3961 nfold >@@ -199,7 +222,7 @@ class _SimplifiedEnctype(_EnctypeProfile): > if confounder is None: > confounder = get_random_bytes(cls.blocksize) > basic_plaintext = confounder + _zeropad(plaintext, cls.padsize) >- hmac = HMAC.new(ki.contents, basic_plaintext, cls.hashmod).digest() >+ hmac = HMAC_HASH(ki.contents, basic_plaintext, cls.hashalgo) > return cls.basic_encrypt(ke, basic_plaintext) + hmac[:cls.macsize] > > @classmethod >@@ -212,7 +235,7 @@ class _SimplifiedEnctype(_EnctypeProfile): > if len(basic_ctext) % cls.padsize != 0: > raise ValueError('ciphertext does not meet padding requirement') > basic_plaintext = cls.basic_decrypt(ke, basic_ctext) >- hmac = HMAC.new(ki.contents, basic_plaintext, cls.hashmod).digest() >+ hmac = HMAC_HASH(ki.contents, basic_plaintext, cls.hashalgo) > expmac = hmac[:cls.macsize] > if not _mac_equal(mac, expmac): > raise InvalidChecksum('ciphertext integrity failure') >@@ -223,7 +246,7 @@ class _SimplifiedEnctype(_EnctypeProfile): > def prf(cls, key, string): > # Hash the input. RFC 3961 says to truncate to the padding > # size, but implementations truncate to the block size. >- hashval = cls.hashmod.new(string).digest() >+ hashval = SIMPLE_HASH(string, cls.hashalgo) > truncated = hashval[:-(len(hashval) % cls.blocksize)] > # Encrypt the hash with a derived key. > kp = cls.derive(key, b'prf') >@@ -237,7 +260,7 @@ class _DES3CBC(_SimplifiedEnctype): > blocksize = 8 > padsize = 8 > macsize = 20 >- hashmod = SHA >+ hashalgo = hashes.SHA1 > > @classmethod > def random_to_key(cls, seed): >@@ -272,14 +295,20 @@ class _DES3CBC(_SimplifiedEnctype): > @classmethod > def basic_encrypt(cls, key, plaintext): > assert len(plaintext) % 8 == 0 >- des3 = DES3.new(key.contents, AES.MODE_CBC, bytes(8)) >- return des3.encrypt(plaintext) >+ algo = ciphers.TripleDES(key.contents) >+ cbc = modes.CBC(bytes(8)) >+ encryptor = Cipher(algo, cbc, default_backend()).encryptor() >+ ciphertext = encryptor.update(plaintext) >+ return ciphertext > > @classmethod > def basic_decrypt(cls, key, ciphertext): > assert len(ciphertext) % 8 == 0 >- des3 = DES3.new(key.contents, AES.MODE_CBC, bytes(8)) >- return des3.decrypt(ciphertext) >+ algo = ciphers.TripleDES(key.contents) >+ cbc = modes.CBC(bytes(8)) >+ decryptor = Cipher(algo, cbc, default_backend()).decryptor() >+ plaintext = decryptor.update(ciphertext) >+ return plaintext > > > class _AESEnctype(_SimplifiedEnctype): >@@ -287,21 +316,35 @@ class _AESEnctype(_SimplifiedEnctype): > blocksize = 16 > padsize = 1 > macsize = 12 >- hashmod = SHA >+ hashalgo = hashes.SHA1 > > @classmethod > def string_to_key(cls, string, salt, params): > (iterations,) = unpack('>L', params or b'\x00\x00\x10\x00') >- prf = lambda p, s: HMAC.new(p, s, SHA).digest() >- seed = PBKDF2(string, salt, cls.seedsize, iterations, prf) >+ pwbytes = get_bytes(string) >+ kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), >+ length=cls.seedsize, >+ salt=salt, >+ iterations=iterations, >+ backend=default_backend()) >+ seed = kdf.derive(pwbytes) > tkey = cls.random_to_key(seed) > return cls.derive(tkey, b'kerberos') > > @classmethod > def basic_encrypt(cls, key, plaintext): > assert len(plaintext) >= 16 >- aes = AES.new(key.contents, AES.MODE_CBC, bytes(16)) >- ctext = aes.encrypt(_zeropad(plaintext, 16)) >+ >+ algo = ciphers.AES(key.contents) >+ cbc = modes.CBC(bytes(16)) >+ aes_ctx = Cipher(algo, cbc, default_backend()) >+ >+ def aes_encrypt(plaintext): >+ encryptor = aes_ctx.encryptor() >+ ciphertext = encryptor.update(plaintext) >+ return ciphertext >+ >+ ctext = aes_encrypt(_zeropad(plaintext, 16)) > if len(plaintext) > 16: > # Swap the last two ciphertext blocks and truncate the > # final block to match the plaintext length. >@@ -312,9 +355,18 @@ class _AESEnctype(_SimplifiedEnctype): > @classmethod > def basic_decrypt(cls, key, ciphertext): > assert len(ciphertext) >= 16 >- aes = AES.new(key.contents, AES.MODE_ECB) >+ >+ algo = ciphers.AES(key.contents) >+ cbc = modes.CBC(bytes(16)) >+ aes_ctx = Cipher(algo, cbc, default_backend()) >+ >+ def aes_decrypt(ciphertext): >+ decryptor = aes_ctx.decryptor() >+ plaintext = decryptor.update(ciphertext) >+ return plaintext >+ > if len(ciphertext) == 16: >- return aes.decrypt(ciphertext) >+ return aes_decrypt(ciphertext) > # Split the ciphertext into blocks. The last block may be partial. > cblocks = [ciphertext[p:p+16] for p in range(0, len(ciphertext), 16)] > lastlen = len(cblocks[-1]) >@@ -322,19 +374,19 @@ class _AESEnctype(_SimplifiedEnctype): > prev_cblock = bytes(16) > plaintext = b'' > for b in cblocks[:-2]: >- plaintext += _xorbytes(aes.decrypt(b), prev_cblock) >+ plaintext += _xorbytes(aes_decrypt(b), prev_cblock) > prev_cblock = b > # Decrypt the second-to-last cipher block. The left side of > # the decrypted block will be the final block of plaintext > # xor'd with the final partial cipher block; the right side > # will be the omitted bytes of ciphertext from the final > # block. >- b = aes.decrypt(cblocks[-2]) >+ b = aes_decrypt(cblocks[-2]) > lastplaintext =_xorbytes(b[:lastlen], cblocks[-1]) > omitted = b[lastlen:] > # Decrypt the final cipher block plus the omitted bytes to get > # the second-to-last plaintext block. >- plaintext += _xorbytes(aes.decrypt(cblocks[-1] + omitted), prev_cblock) >+ plaintext += _xorbytes(aes_decrypt(cblocks[-1] + omitted), prev_cblock) > return plaintext + lastplaintext > > >@@ -365,32 +417,43 @@ class _RC4(_EnctypeProfile): > > @classmethod > def string_to_key(cls, string, salt, params): >- utf16string = string.decode('UTF-8').encode('UTF-16LE') >- return Key(cls.enctype, MD4.new(utf16string).digest()) >+ utf8string = get_string(string) >+ tmp = Credentials() >+ tmp.set_anonymous() >+ tmp.set_password(utf8string) >+ nthash = tmp.get_nt_hash() >+ return Key(cls.enctype, nthash) > > @classmethod > def encrypt(cls, key, keyusage, plaintext, confounder): > if confounder is None: > confounder = get_random_bytes(8) >- ki = HMAC.new(key.contents, cls.usage_str(keyusage), MD5).digest() >- cksum = HMAC.new(ki, confounder + plaintext, MD5).digest() >- ke = HMAC.new(ki, cksum, MD5).digest() >- return cksum + ARC4.new(ke).encrypt(confounder + plaintext) >+ ki = HMAC_HASH(key.contents, cls.usage_str(keyusage), hashes.MD5) >+ cksum = HMAC_HASH(ki, confounder + plaintext, hashes.MD5) >+ ke = HMAC_HASH(ki, cksum, hashes.MD5) >+ >+ encryptor = Cipher(ciphers.ARC4(ke), None, default_backend()).encryptor() >+ ctext = encryptor.update(confounder + plaintext) >+ >+ return cksum + ctext > > @classmethod > def decrypt(cls, key, keyusage, ciphertext): > if len(ciphertext) < 24: > raise ValueError('ciphertext too short') > cksum, basic_ctext = ciphertext[:16], ciphertext[16:] >- ki = HMAC.new(key.contents, cls.usage_str(keyusage), MD5).digest() >- ke = HMAC.new(ki, cksum, MD5).digest() >- basic_plaintext = ARC4.new(ke).decrypt(basic_ctext) >- exp_cksum = HMAC.new(ki, basic_plaintext, MD5).digest() >+ ki = HMAC_HASH(key.contents, cls.usage_str(keyusage), hashes.MD5) >+ ke = HMAC_HASH(ki, cksum, hashes.MD5) >+ >+ decryptor = Cipher(ciphers.ARC4(ke), None, default_backend()).decryptor() >+ basic_plaintext = decryptor.update(basic_ctext) >+ >+ exp_cksum = HMAC_HASH(ki, basic_plaintext, hashes.MD5) > ok = _mac_equal(cksum, exp_cksum) > if not ok and keyusage == 9: > # Try again with usage 8, due to RFC 4757 errata. >- ki = HMAC.new(key.contents, pack('<i', 8), MD5).digest() >- exp_cksum = HMAC.new(ki, basic_plaintext, MD5).digest() >+ ki = HMAC_HASH(key.contents, pack('<i', 8), hashes.MD5) >+ exp_cksum = HMAC_HASH(ki, basic_plaintext, hashes.MD5) > ok = _mac_equal(cksum, exp_cksum) > if not ok: > raise InvalidChecksum('ciphertext integrity failure') >@@ -399,7 +462,7 @@ class _RC4(_EnctypeProfile): > > @classmethod > def prf(cls, key, string): >- return HMAC.new(key.contents, string, SHA).digest() >+ return HMAC_HASH(key.contents, string, hashes.SHA1) > > > class _ChecksumProfile(object): >@@ -424,7 +487,7 @@ class _SimplifiedChecksum(_ChecksumProfile): > @classmethod > def checksum(cls, key, keyusage, text): > kc = cls.enc.derive(key, pack('>iB', keyusage, 0x99)) >- hmac = HMAC.new(kc.contents, text, cls.enc.hashmod).digest() >+ hmac = HMAC_HASH(kc.contents, text, cls.enc.hashalgo) > return hmac[:cls.macsize] > > @classmethod >@@ -452,9 +515,9 @@ class _SHA1DES3(_SimplifiedChecksum): > class _HMACMD5(_ChecksumProfile): > @classmethod > def checksum(cls, key, keyusage, text): >- ksign = HMAC.new(key.contents, b'signaturekey\0', MD5).digest() >- md5hash = MD5.new(_RC4.usage_str(keyusage) + text).digest() >- return HMAC.new(ksign, md5hash, MD5).digest() >+ ksign = HMAC_HASH(key.contents, b'signaturekey\0', hashes.MD5) >+ md5hash = SIMPLE_HASH(_RC4.usage_str(keyusage) + text, hashes.MD5) >+ return HMAC_HASH(ksign, md5hash, hashes.MD5) > > @classmethod > def verify(cls, key, keyusage, text, cksum): >@@ -564,150 +627,173 @@ def cf2(enctype, key1, key2, pepper1, pepper2): > return e.random_to_key(_xorbytes(prfplus(key1, pepper1, e.seedsize), > prfplus(key2, pepper2, e.seedsize))) > >- >-if __name__ == '__main__': >- def h(hexstr): >- return bytes.fromhex(hexstr) >- >- # AES128 encrypt and decrypt >- kb = h('9062430C8CDA3388922E6D6A509F5B7A') >- conf = h('94B491F481485B9A0678CD3C4EA386AD') >- keyusage = 2 >- plain = b'9 bytesss' >- ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7CD2E' >- 'C26C355D2F') >- k = Key(Enctype.AES128, kb) >- assert(encrypt(k, keyusage, plain, conf) == ctxt) >- assert(decrypt(k, keyusage, ctxt) == plain) >- >- # AES256 encrypt and decrypt >- kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B1404231398') >- conf = h('E45CA518B42E266AD98E165E706FFB60') >- keyusage = 4 >- plain = b'30 bytes bytes bytes bytes byt' >- ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3D79A' >- '295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') >- k = Key(Enctype.AES256, kb) >- assert(encrypt(k, keyusage, plain, conf) == ctxt) >- assert(decrypt(k, keyusage, ctxt) == plain) >- >- # AES128 checksum >- kb = h('9062430C8CDA3388922E6D6A509F5B7A') >- keyusage = 3 >- plain = b'eight nine ten eleven twelve thirteen' >- cksum = h('01A4B088D45628F6946614E3') >- k = Key(Enctype.AES128, kb) >- verify_checksum(Cksumtype.SHA1_AES128, k, keyusage, plain, cksum) >- >- # AES256 checksum >- kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7') >- keyusage = 4 >- plain = b'fourteen' >- cksum = h('E08739E3279E2903EC8E3836') >- k = Key(Enctype.AES256, kb) >- verify_checksum(Cksumtype.SHA1_AES256, k, keyusage, plain, cksum) >- >- # AES128 string-to-key >- string = b'password' >- salt = b'ATHENA.MIT.EDUraeburn' >- params = h('00000002') >- kb = h('C651BF29E2300AC27FA469D693BDDA13') >- k = string_to_key(Enctype.AES128, string, salt, params) >- assert(k.contents == kb) >- >- # AES256 string-to-key >- string = b'X' * 64 >- salt = b'pass phrase equals block size' >- params = h('000004B0') >- kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56C553BA4B34') >- k = string_to_key(Enctype.AES256, string, salt, params) >- assert(k.contents == kb) >- >- # AES128 prf >- kb = h('77B39A37A868920F2A51F9DD150C5717') >- k = string_to_key(Enctype.AES128, b'key1', b'key1') >- assert(prf(k, b'\x01\x61') == kb) >- >- # AES256 prf >- kb = h('0D674DD0F9A6806525A4D92E828BD15A') >- k = string_to_key(Enctype.AES256, b'key2', b'key2') >- assert(prf(k, b'\x02\x62') == kb) >- >- # AES128 cf2 >- kb = h('97DF97E4B798B29EB31ED7280287A92A') >- k1 = string_to_key(Enctype.AES128, b'key1', b'key1') >- k2 = string_to_key(Enctype.AES128, b'key2', b'key2') >- k = cf2(Enctype.AES128, k1, k2, b'a', b'b') >- assert(k.contents == kb) >- >- # AES256 cf2 >- kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5E72B1C7B') >- k1 = string_to_key(Enctype.AES256, b'key1', b'key1') >- k2 = string_to_key(Enctype.AES256, b'key2', b'key2') >- k = cf2(Enctype.AES256, k1, k2, b'a', b'b') >- assert(k.contents == kb) >- >- # DES3 encrypt and decrypt >- kb = h('0DD52094E0F41CECCB5BE510A764B35176E3981332F1E598') >- conf = h('94690A17B2DA3C9B') >- keyusage = 3 >- plain = b'13 bytes byte' >- ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F705E8' >- '49CB7781D76A316B193F8D30') >- k = Key(Enctype.DES3, kb) >- assert(encrypt(k, keyusage, plain, conf) == ctxt) >- assert(decrypt(k, keyusage, ctxt) == _zeropad(plain, 8)) >- >- # DES3 string-to-key >- string = b'password' >- salt = b'ATHENA.MIT.EDUraeburn' >- kb = h('850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E') >- k = string_to_key(Enctype.DES3, string, salt) >- assert(k.contents == kb) >- >- # DES3 checksum >- kb = h('7A25DF8992296DCEDA0E135BC4046E2375B3C14C98FBC162') >- keyusage = 2 >- plain = b'six seven' >- cksum = h('0EEFC9C3E049AABC1BA5C401677D9AB699082BB4') >- k = Key(Enctype.DES3, kb) >- verify_checksum(Cksumtype.SHA1_DES3, k, keyusage, plain, cksum) >- >- # DES3 cf2 >- kb = h('E58F9EB643862C13AD38E529313462A7F73E62834FE54A01') >- k1 = string_to_key(Enctype.DES3, b'key1', b'key1') >- k2 = string_to_key(Enctype.DES3, b'key2', b'key2') >- k = cf2(Enctype.DES3, k1, k2, b'a', b'b') >- assert(k.contents == kb) >- >- # RC4 encrypt and decrypt >- kb = h('68F263DB3FCE15D031C9EAB02D67107A') >- conf = h('37245E73A45FBF72') >- keyusage = 4 >- plain = b'30 bytes bytes bytes bytes byt' >- ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0F260' >- 'A99F0460508DE0CECC632D07C354124E46C5D2234EB8') >- k = Key(Enctype.RC4, kb) >- assert(encrypt(k, keyusage, plain, conf) == ctxt) >- assert(decrypt(k, keyusage, ctxt) == plain) >- >- # RC4 string-to-key >- string = b'foo' >- kb = h('AC8E657F83DF82BEEA5D43BDAF7800CC') >- k = string_to_key(Enctype.RC4, string, None) >- assert(k.contents == kb) >- >- # RC4 checksum >- kb = h('F7D3A155AF5E238A0B7A871A96BA2AB2') >- keyusage = 6 >- plain = b'seventeen eighteen nineteen twenty' >- cksum = h('EB38CC97E2230F59DA4117DC5859D7EC') >- k = Key(Enctype.RC4, kb) >- verify_checksum(Cksumtype.HMAC_MD5, k, keyusage, plain, cksum) >- >- # RC4 cf2 >- kb = h('24D7F6B6BAE4E5C00D2082C5EBAB3672') >- k1 = string_to_key(Enctype.RC4, b'key1', b'key1') >- k2 = string_to_key(Enctype.RC4, b'key2', b'key2') >- k = cf2(Enctype.RC4, k1, k2, b'a', b'b') >- assert(k.contents == kb) >+def h(hexstr): >+ return bytes.fromhex(hexstr) >+ >+class KcrytoTest(TestCase): >+ """kcrypto Test case.""" >+ >+ def test_aes128_crypr(self): >+ # AES128 encrypt and decrypt >+ kb = h('9062430C8CDA3388922E6D6A509F5B7A') >+ conf = h('94B491F481485B9A0678CD3C4EA386AD') >+ keyusage = 2 >+ plain = b'9 bytesss' >+ ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7CD2E' >+ 'C26C355D2F') >+ k = Key(Enctype.AES128, kb) >+ self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) >+ self.assertEqual(decrypt(k, keyusage, ctxt), plain) >+ >+ def test_aes256_crypt(self): >+ # AES256 encrypt and decrypt >+ kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B1404231398') >+ conf = h('E45CA518B42E266AD98E165E706FFB60') >+ keyusage = 4 >+ plain = b'30 bytes bytes bytes bytes byt' >+ ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3D79A' >+ '295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') >+ k = Key(Enctype.AES256, kb) >+ self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) >+ self.assertEqual(decrypt(k, keyusage, ctxt), plain) >+ >+ def test_aes128_checksum(self): >+ # AES128 checksum >+ kb = h('9062430C8CDA3388922E6D6A509F5B7A') >+ keyusage = 3 >+ plain = b'eight nine ten eleven twelve thirteen' >+ cksum = h('01A4B088D45628F6946614E3') >+ k = Key(Enctype.AES128, kb) >+ verify_checksum(Cksumtype.SHA1_AES128, k, keyusage, plain, cksum) >+ >+ def test_aes256_checksum(self): >+ # AES256 checksum >+ kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7') >+ keyusage = 4 >+ plain = b'fourteen' >+ cksum = h('E08739E3279E2903EC8E3836') >+ k = Key(Enctype.AES256, kb) >+ verify_checksum(Cksumtype.SHA1_AES256, k, keyusage, plain, cksum) >+ >+ def test_aes128_string_to_key(self): >+ # AES128 string-to-key >+ string = b'password' >+ salt = b'ATHENA.MIT.EDUraeburn' >+ params = h('00000002') >+ kb = h('C651BF29E2300AC27FA469D693BDDA13') >+ k = string_to_key(Enctype.AES128, string, salt, params) >+ self.assertEqual(k.contents, kb) >+ >+ def test_aes256_string_to_key(self): >+ # AES256 string-to-key >+ string = b'X' * 64 >+ salt = b'pass phrase equals block size' >+ params = h('000004B0') >+ kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56C553BA4B34') >+ k = string_to_key(Enctype.AES256, string, salt, params) >+ self.assertEqual(k.contents, kb) >+ >+ def test_aes128_prf(self): >+ # AES128 prf >+ kb = h('77B39A37A868920F2A51F9DD150C5717') >+ k = string_to_key(Enctype.AES128, b'key1', b'key1') >+ self.assertEqual(prf(k, b'\x01\x61'), kb) >+ >+ def test_aes256_prf(self): >+ # AES256 prf >+ kb = h('0D674DD0F9A6806525A4D92E828BD15A') >+ k = string_to_key(Enctype.AES256, b'key2', b'key2') >+ self.assertEqual(prf(k, b'\x02\x62'), kb) >+ >+ def test_aes128_cf2(self): >+ # AES128 cf2 >+ kb = h('97DF97E4B798B29EB31ED7280287A92A') >+ k1 = string_to_key(Enctype.AES128, b'key1', b'key1') >+ k2 = string_to_key(Enctype.AES128, b'key2', b'key2') >+ k = cf2(Enctype.AES128, k1, k2, b'a', b'b') >+ self.assertEqual(k.contents, kb) >+ >+ def test_aes256_cf2(self): >+ # AES256 cf2 >+ kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5E72B1C7B') >+ k1 = string_to_key(Enctype.AES256, b'key1', b'key1') >+ k2 = string_to_key(Enctype.AES256, b'key2', b'key2') >+ k = cf2(Enctype.AES256, k1, k2, b'a', b'b') >+ self.assertEqual(k.contents, kb) >+ >+ def test_des3_crypt(self): >+ # DES3 encrypt and decrypt >+ kb = h('0DD52094E0F41CECCB5BE510A764B35176E3981332F1E598') >+ conf = h('94690A17B2DA3C9B') >+ keyusage = 3 >+ plain = b'13 bytes byte' >+ ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F705E8' >+ '49CB7781D76A316B193F8D30') >+ k = Key(Enctype.DES3, kb) >+ self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) >+ self.assertEqual(decrypt(k, keyusage, ctxt), _zeropad(plain, 8)) >+ >+ def test_des3_string_to_key(self): >+ # DES3 string-to-key >+ string = b'password' >+ salt = b'ATHENA.MIT.EDUraeburn' >+ kb = h('850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E') >+ k = string_to_key(Enctype.DES3, string, salt) >+ self.assertEqual(k.contents, kb) >+ >+ def test_des3_checksum(self): >+ # DES3 checksum >+ kb = h('7A25DF8992296DCEDA0E135BC4046E2375B3C14C98FBC162') >+ keyusage = 2 >+ plain = b'six seven' >+ cksum = h('0EEFC9C3E049AABC1BA5C401677D9AB699082BB4') >+ k = Key(Enctype.DES3, kb) >+ verify_checksum(Cksumtype.SHA1_DES3, k, keyusage, plain, cksum) >+ >+ def test_des3_cf2(self): >+ # DES3 cf2 >+ kb = h('E58F9EB643862C13AD38E529313462A7F73E62834FE54A01') >+ k1 = string_to_key(Enctype.DES3, b'key1', b'key1') >+ k2 = string_to_key(Enctype.DES3, b'key2', b'key2') >+ k = cf2(Enctype.DES3, k1, k2, b'a', b'b') >+ self.assertEqual(k.contents, kb) >+ >+ def test_rc4_crypt(self): >+ # RC4 encrypt and decrypt >+ kb = h('68F263DB3FCE15D031C9EAB02D67107A') >+ conf = h('37245E73A45FBF72') >+ keyusage = 4 >+ plain = b'30 bytes bytes bytes bytes byt' >+ ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0F260' >+ 'A99F0460508DE0CECC632D07C354124E46C5D2234EB8') >+ k = Key(Enctype.RC4, kb) >+ self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) >+ self.assertEqual(decrypt(k, keyusage, ctxt), plain) >+ >+ def test_rc4_string_to_key(self): >+ # RC4 string-to-key >+ string = b'foo' >+ kb = h('AC8E657F83DF82BEEA5D43BDAF7800CC') >+ k = string_to_key(Enctype.RC4, string, None) >+ self.assertEqual(k.contents, kb) >+ >+ def test_rc4_checksum(self): >+ # RC4 checksum >+ kb = h('F7D3A155AF5E238A0B7A871A96BA2AB2') >+ keyusage = 6 >+ plain = b'seventeen eighteen nineteen twenty' >+ cksum = h('EB38CC97E2230F59DA4117DC5859D7EC') >+ k = Key(Enctype.RC4, kb) >+ verify_checksum(Cksumtype.HMAC_MD5, k, keyusage, plain, cksum) >+ >+ def test_rc4_cf2(self): >+ # RC4 cf2 >+ kb = h('24D7F6B6BAE4E5C00D2082C5EBAB3672') >+ k1 = string_to_key(Enctype.RC4, b'key1', b'key1') >+ k2 = string_to_key(Enctype.RC4, b'key2', b'key2') >+ k = cf2(Enctype.RC4, k1, k2, b'a', b'b') >+ self.assertEqual(k.contents, kb) >+ >+if __name__ == "__main__": >+ import unittest >+ unittest.main() >-- >2.25.1 > > >From 8c6f3165cef55fc648bc46a9da06660016d50622 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 25 Mar 2020 22:07:39 +0100 >Subject: [PATCH 016/380] s4:selftest: run samba.tests.krb5.kcrypto test > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 7010a1311d193c78e9f26adeafe98458217edbca) >--- > source4/selftest/tests.py | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 7d55aed89b4..9194c9b04f7 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -742,6 +742,8 @@ planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAM > planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"']) > planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"']) > >+planoldpythontestsuite("none", "samba.tests.krb5.kcrypto") >+ > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) > planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", >-- >2.25.1 > > >From b01f92a03087aed4bed0686682dea73d99961fea Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 23 Mar 2020 08:53:54 +0100 >Subject: [PATCH 017/380] python/tests/krb5: add support for Cksumtype.MD5 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 47385248c8e462162e01afc3d3d68b97dff3542c) >--- > python/samba/tests/krb5/kcrypto.py | 43 +++++++++++++++++++++++++++++- > 1 file changed, 42 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >index 0907d881b68..ed3c84fa186 100755 >--- a/python/samba/tests/krb5/kcrypto.py >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -526,6 +526,13 @@ class _HMACMD5(_ChecksumProfile): > super(_HMACMD5, cls).verify(key, keyusage, text, cksum) > > >+class _MD5(_ChecksumProfile): >+ @classmethod >+ def checksum(cls, key, keyusage, text): >+ # This is unkeyed! >+ return SIMPLE_HASH(text, hashes.MD5) >+ >+ > _enctype_table = { > Enctype.DES3: _DES3CBC, > Enctype.AES128: _AES128CTS, >@@ -538,7 +545,8 @@ _checksum_table = { > Cksumtype.SHA1_DES3: _SHA1DES3, > Cksumtype.SHA1_AES128: _SHA1AES128, > Cksumtype.SHA1_AES256: _SHA1AES256, >- Cksumtype.HMAC_MD5: _HMACMD5 >+ Cksumtype.HMAC_MD5: _HMACMD5, >+ Cksumtype.MD5: _MD5, > } > > >@@ -794,6 +802,39 @@ class KcrytoTest(TestCase): > k = cf2(Enctype.RC4, k1, k2, b'a', b'b') > self.assertEqual(k.contents, kb) > >+ def _test_md5_unkeyed_checksum(self, etype, usage): >+ # MD5 unkeyed checksum >+ pw = b'pwd' >+ salt = b'bytes' >+ key = string_to_key(etype, pw, salt) >+ plain = b'seventeen eighteen nineteen twenty' >+ cksum = h('9d9588cdef3a8cefc9d2c208d978f60c') >+ verify_checksum(Cksumtype.MD5, key, usage, plain, cksum) >+ >+ def test_md5_unkeyed_checksum_des3_usage_40(self): >+ return self._test_md5_unkeyed_checksum(Enctype.DES3, 40) >+ >+ def test_md5_unkeyed_checksum_des3_usage_50(self): >+ return self._test_md5_unkeyed_checksum(Enctype.DES3, 50) >+ >+ def test_md5_unkeyed_checksum_rc4_usage_40(self): >+ return self._test_md5_unkeyed_checksum(Enctype.RC4, 40) >+ >+ def test_md5_unkeyed_checksum_rc4_usage_50(self): >+ return self._test_md5_unkeyed_checksum(Enctype.RC4, 50) >+ >+ def test_md5_unkeyed_checksum_aes128_usage_40(self): >+ return self._test_md5_unkeyed_checksum(Enctype.AES128, 40) >+ >+ def test_md5_unkeyed_checksum_aes128_usage_50(self): >+ return self._test_md5_unkeyed_checksum(Enctype.AES128, 50) >+ >+ def test_md5_unkeyed_checksum_aes256_usage_40(self): >+ return self._test_md5_unkeyed_checksum(Enctype.AES256, 40) >+ >+ def test_md5_unkeyed_checksum_aes256_usage_50(self): >+ return self._test_md5_unkeyed_checksum(Enctype.AES256, 50) >+ > if __name__ == "__main__": > import unittest > unittest.main() >-- >2.25.1 > > >From 86b6a91bd50749cdadc55505c3072cfd02c8aec3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 13 Feb 2020 16:29:38 +0100 >Subject: [PATCH 018/380] python/tests/krb5: add rfc4120.asn1 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit a2f75c314e9946f74e9dacceac690295999925b5) >--- > python/samba/tests/krb5/rfc4120.asn1 | 392 +++++++++++++++++++++++++++ > 1 file changed, 392 insertions(+) > create mode 100644 python/samba/tests/krb5/rfc4120.asn1 > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >new file mode 100644 >index 00000000000..ec44557f45a >--- /dev/null >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -0,0 +1,392 @@ >+KerberosV5Spec2 { >+ iso(1) identified-organization(3) dod(6) internet(1) >+ security(5) kerberosV5(2) modules(4) krb5spec2(2) >+} DEFINITIONS EXPLICIT TAGS ::= BEGIN >+ >+-- OID arc for KerberosV5 >+-- >+-- This OID may be used to identify Kerberos protocol messages >+-- encapsulated in other protocols. >+-- >+-- This OID also designates the OID arc for KerberosV5-related OIDs. >+-- >+-- NOTE: RFC 1510 had an incorrect value (5) for "dod" in its OID. >+id-krb5 OBJECT IDENTIFIER ::= { >+ iso(1) identified-organization(3) dod(6) internet(1) >+ security(5) kerberosV5(2) >+} >+ >+Int32 ::= INTEGER (-2147483648..2147483647) >+ -- signed values representable in 32 bits >+ >+UInt32 ::= INTEGER (0..4294967295) >+ -- unsigned 32 bit values >+ >+Microseconds ::= INTEGER (0..999999) >+ -- microseconds >+ >+KerberosString ::= GeneralString (IA5String) >+ >+Realm ::= KerberosString >+ >+PrincipalName ::= SEQUENCE { >+ name-type [0] Int32, >+ name-string [1] SEQUENCE OF KerberosString >+} >+ >+KerberosTime ::= GeneralizedTime -- with no fractional seconds >+ >+HostAddress ::= SEQUENCE { >+ addr-type [0] Int32, >+ address [1] OCTET STRING >+} >+ >+-- NOTE: HostAddresses is always used as an OPTIONAL field and >+-- should not be empty. >+HostAddresses -- NOTE: subtly different from rfc1510, >+ -- but has a value mapping and encodes the same >+ ::= SEQUENCE OF HostAddress >+ >+-- NOTE: AuthorizationData is always used as an OPTIONAL field and >+-- should not be empty. >+AuthorizationData ::= SEQUENCE OF SEQUENCE { >+ ad-type [0] Int32, >+ ad-data [1] OCTET STRING >+} >+ >+PA-DATA ::= SEQUENCE { >+ -- NOTE: first tag is [1], not [0] >+ padata-type [1] Int32, >+ padata-value [2] OCTET STRING -- might be encoded AP-REQ >+} >+ >+KerberosFlags ::= BIT STRING (SIZE (32..MAX)) >+ -- minimum number of bits shall be sent, >+ -- but no fewer than 32 >+ >+EncryptedData ::= SEQUENCE { >+ etype [0] Int32 -- EncryptionType --, >+ kvno [1] UInt32 OPTIONAL, >+ cipher [2] OCTET STRING -- ciphertext >+} >+ >+EncryptionKey ::= SEQUENCE { >+ keytype [0] Int32 -- actually encryption type --, >+ keyvalue [1] OCTET STRING >+} >+ >+Checksum ::= SEQUENCE { >+ cksumtype [0] Int32, >+ checksum [1] OCTET STRING >+} >+ >+Ticket ::= [APPLICATION 1] SEQUENCE { >+ tkt-vno [0] INTEGER (5), >+ realm [1] Realm, >+ sname [2] PrincipalName, >+ enc-part [3] EncryptedData -- EncTicketPart >+} >+ >+-- Encrypted part of ticket >+EncTicketPart ::= [APPLICATION 3] SEQUENCE { >+ flags [0] TicketFlags, >+ key [1] EncryptionKey, >+ crealm [2] Realm, >+ cname [3] PrincipalName, >+ transited [4] TransitedEncoding, >+ authtime [5] KerberosTime, >+ starttime [6] KerberosTime OPTIONAL, >+ endtime [7] KerberosTime, >+ renew-till [8] KerberosTime OPTIONAL, >+ caddr [9] HostAddresses OPTIONAL, >+ authorization-data [10] AuthorizationData OPTIONAL >+} >+ >+-- encoded Transited field >+TransitedEncoding ::= SEQUENCE { >+ tr-type [0] Int32 -- must be registered --, >+ contents [1] OCTET STRING >+} >+ >+TicketFlags ::= KerberosFlags >+ -- reserved(0), >+ -- forwardable(1), >+ -- forwarded(2), >+ -- proxiable(3), >+ -- proxy(4), >+ -- may-postdate(5), >+ -- postdated(6), >+ -- invalid(7), >+ -- renewable(8), >+ -- initial(9), >+ -- pre-authent(10), >+ -- hw-authent(11), >+-- the following are new since 1510 >+ -- transited-policy-checked(12), >+ -- ok-as-delegate(13) >+ >+AS-REQ ::= [APPLICATION 10] KDC-REQ >+ >+TGS-REQ ::= [APPLICATION 12] KDC-REQ >+ >+KDC-REQ ::= SEQUENCE { >+ -- NOTE: first tag is [1], not [0] >+ pvno [1] INTEGER (5) , >+ msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), >+ padata [3] SEQUENCE OF PA-DATA OPTIONAL >+ -- NOTE: not empty --, >+ req-body [4] KDC-REQ-BODY >+} >+ >+KDC-REQ-BODY ::= SEQUENCE { >+ kdc-options [0] KDCOptions, >+ cname [1] PrincipalName OPTIONAL >+ -- Used only in AS-REQ --, >+ realm [2] Realm >+ -- Server's realm >+ -- Also client's in AS-REQ --, >+ sname [3] PrincipalName OPTIONAL, >+ from [4] KerberosTime OPTIONAL, >+ till [5] KerberosTime, >+ rtime [6] KerberosTime OPTIONAL, >+ nonce [7] UInt32, >+ etype [8] SEQUENCE OF Int32 -- EncryptionType >+ -- in preference order --, >+ addresses [9] HostAddresses OPTIONAL, >+ enc-authorization-data [10] EncryptedData OPTIONAL >+ -- AuthorizationData --, >+ additional-tickets [11] SEQUENCE OF Ticket OPTIONAL >+ -- NOTE: not empty >+} >+ >+KDCOptions ::= KerberosFlags >+ -- reserved(0), >+ -- forwardable(1), >+ -- forwarded(2), >+ -- proxiable(3), >+ -- proxy(4), >+ -- allow-postdate(5), >+ -- postdated(6), >+ -- unused7(7), >+ -- renewable(8), >+ -- unused9(9), >+ -- unused10(10), >+ -- opt-hardware-auth(11), >+ -- unused12(12), >+ -- unused13(13), >+-- 15 is reserved for canonicalize >+ -- unused15(15), >+-- 26 was unused in 1510 >+ -- disable-transited-check(26), >+-- >+ -- renewable-ok(27), >+ -- enc-tkt-in-skey(28), >+ -- renew(30), >+ -- validate(31) >+ >+AS-REP ::= [APPLICATION 11] KDC-REP >+ >+TGS-REP ::= [APPLICATION 13] KDC-REP >+ >+KDC-REP ::= SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --), >+ padata [2] SEQUENCE OF PA-DATA OPTIONAL >+ -- NOTE: not empty --, >+ crealm [3] Realm, >+ cname [4] PrincipalName, >+ ticket [5] Ticket, >+ enc-part [6] EncryptedData >+ -- EncASRepPart or EncTGSRepPart, >+ -- as appropriate >+} >+ >+EncASRepPart ::= [APPLICATION 25] EncKDCRepPart >+ >+EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart >+ >+EncKDCRepPart ::= SEQUENCE { >+ key [0] EncryptionKey, >+ last-req [1] LastReq, >+ nonce [2] UInt32, >+ key-expiration [3] KerberosTime OPTIONAL, >+ flags [4] TicketFlags, >+ authtime [5] KerberosTime, >+ starttime [6] KerberosTime OPTIONAL, >+ endtime [7] KerberosTime, >+ renew-till [8] KerberosTime OPTIONAL, >+ srealm [9] Realm, >+ sname [10] PrincipalName, >+ caddr [11] HostAddresses OPTIONAL >+} >+ >+LastReq ::= SEQUENCE OF SEQUENCE { >+ lr-type [0] Int32, >+ lr-value [1] KerberosTime >+} >+ >+AP-REQ ::= [APPLICATION 14] SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (14), >+ ap-options [2] APOptions, >+ ticket [3] Ticket, >+ authenticator [4] EncryptedData -- Authenticator >+} >+ >+APOptions ::= KerberosFlags >+ -- reserved(0), >+ -- use-session-key(1), >+ -- mutual-required(2) >+ >+-- Unencrypted authenticator >+Authenticator ::= [APPLICATION 2] SEQUENCE { >+ authenticator-vno [0] INTEGER (5), >+ crealm [1] Realm, >+ cname [2] PrincipalName, >+ cksum [3] Checksum OPTIONAL, >+ cusec [4] Microseconds, >+ ctime [5] KerberosTime, >+ subkey [6] EncryptionKey OPTIONAL, >+ seq-number [7] UInt32 OPTIONAL, >+ authorization-data [8] AuthorizationData OPTIONAL >+} >+ >+AP-REP ::= [APPLICATION 15] SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (15), >+ enc-part [2] EncryptedData -- EncAPRepPart >+} >+ >+EncAPRepPart ::= [APPLICATION 27] SEQUENCE { >+ ctime [0] KerberosTime, >+ cusec [1] Microseconds, >+ subkey [2] EncryptionKey OPTIONAL, >+ seq-number [3] UInt32 OPTIONAL >+} >+ >+KRB-SAFE ::= [APPLICATION 20] SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (20), >+ safe-body [2] KRB-SAFE-BODY, >+ cksum [3] Checksum >+} >+ >+KRB-SAFE-BODY ::= SEQUENCE { >+ user-data [0] OCTET STRING, >+ timestamp [1] KerberosTime OPTIONAL, >+ usec [2] Microseconds OPTIONAL, >+ seq-number [3] UInt32 OPTIONAL, >+ s-address [4] HostAddress, >+ r-address [5] HostAddress OPTIONAL >+} >+ >+KRB-PRIV ::= [APPLICATION 21] SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (21), >+ -- NOTE: there is no [2] tag >+ enc-part [3] EncryptedData -- EncKrbPrivPart >+} >+ >+EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { >+ user-data [0] OCTET STRING, >+ timestamp [1] KerberosTime OPTIONAL, >+ usec [2] Microseconds OPTIONAL, >+ seq-number [3] UInt32 OPTIONAL, >+ s-address [4] HostAddress -- sender's addr --, >+ r-address [5] HostAddress OPTIONAL -- recip's addr >+} >+ >+KRB-CRED ::= [APPLICATION 22] SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (22), >+ tickets [2] SEQUENCE OF Ticket, >+ enc-part [3] EncryptedData -- EncKrbCredPart >+} >+ >+EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { >+ ticket-info [0] SEQUENCE OF KrbCredInfo, >+ nonce [1] UInt32 OPTIONAL, >+ timestamp [2] KerberosTime OPTIONAL, >+ usec [3] Microseconds OPTIONAL, >+ s-address [4] HostAddress OPTIONAL, >+ r-address [5] HostAddress OPTIONAL >+} >+ >+KrbCredInfo ::= SEQUENCE { >+ key [0] EncryptionKey, >+ prealm [1] Realm OPTIONAL, >+ pname [2] PrincipalName OPTIONAL, >+ flags [3] TicketFlags OPTIONAL, >+ authtime [4] KerberosTime OPTIONAL, >+ starttime [5] KerberosTime OPTIONAL, >+ endtime [6] KerberosTime OPTIONAL, >+ renew-till [7] KerberosTime OPTIONAL, >+ srealm [8] Realm OPTIONAL, >+ sname [9] PrincipalName OPTIONAL, >+ caddr [10] HostAddresses OPTIONAL >+} >+ >+KRB-ERROR ::= [APPLICATION 30] SEQUENCE { >+ pvno [0] INTEGER (5), >+ msg-type [1] INTEGER (30), >+ ctime [2] KerberosTime OPTIONAL, >+ cusec [3] Microseconds OPTIONAL, >+ stime [4] KerberosTime, >+ susec [5] Microseconds, >+ error-code [6] Int32, >+ crealm [7] Realm OPTIONAL, >+ cname [8] PrincipalName OPTIONAL, >+ realm [9] Realm -- service realm --, >+ sname [10] PrincipalName -- service name --, >+ e-text [11] KerberosString OPTIONAL, >+ e-data [12] OCTET STRING OPTIONAL >+} >+ >+METHOD-DATA ::= SEQUENCE OF PA-DATA >+ >+TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { >+ data-type [0] Int32, >+ data-value [1] OCTET STRING OPTIONAL >+} >+ >+-- preauth stuff follows >+ >+PA-ENC-TIMESTAMP ::= EncryptedData -- PA-ENC-TS-ENC >+ >+PA-ENC-TS-ENC ::= SEQUENCE { >+ patimestamp [0] KerberosTime -- client's time --, >+ pausec [1] Microseconds OPTIONAL >+} >+ >+ETYPE-INFO-ENTRY ::= SEQUENCE { >+ etype [0] Int32, >+ salt [1] OCTET STRING OPTIONAL >+} >+ >+ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY >+ >+ETYPE-INFO2-ENTRY ::= SEQUENCE { >+ etype [0] Int32, >+ salt [1] KerberosString OPTIONAL, >+ s2kparams [2] OCTET STRING OPTIONAL >+} >+ >+ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY >+ >+AD-IF-RELEVANT ::= AuthorizationData >+ >+AD-KDCIssued ::= SEQUENCE { >+ ad-checksum [0] Checksum, >+ i-realm [1] Realm OPTIONAL, >+ i-sname [2] PrincipalName OPTIONAL, >+ elements [3] AuthorizationData >+} >+ >+AD-AND-OR ::= SEQUENCE { >+ condition-count [0] Int32, >+ elements [1] AuthorizationData >+} >+ >+AD-MANDATORY-FOR-KDC ::= AuthorizationData >+ >+END >-- >2.25.1 > > >From 2e180b414ec501e9b3f48d7a947f86e11f211a7e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 13 Feb 2020 16:29:38 +0100 >Subject: [PATCH 019/380] python/tests/krb5: modify rfc4120.asn1 in order to > generate pyasn1 code > >The pyasn1 bindings are generated by pyasn1gen.py from >https://github.com/kimgr/asn1ate.git > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 94d068427f6cf23ab68c135ed9833db4b9155b65) >--- > python/samba/tests/krb5/rfc4120.asn1 | 293 +++++- > python/samba/tests/krb5/rfc4120_pyasn1.py | 914 ++++++++++++++++++ > .../samba/tests/krb5/rfc4120_pyasn1_regen.sh | 41 + > python/samba/tests/source.py | 6 + > 4 files changed, 1243 insertions(+), 11 deletions(-) > create mode 100644 python/samba/tests/krb5/rfc4120_pyasn1.py > create mode 100755 python/samba/tests/krb5/rfc4120_pyasn1_regen.sh > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index ec44557f45a..05b43106034 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -25,15 +25,23 @@ UInt32 ::= INTEGER (0..4294967295) > Microseconds ::= INTEGER (0..999999) > -- microseconds > >-KerberosString ::= GeneralString (IA5String) >+-- >+-- asn1ate doesn't support 'GeneralString (IA5String)' >+-- only 'GeneralString' or 'IA5String', on the wire >+-- GeneralString is used. >+-- >+-- KerberosString ::= GeneralString (IA5String) >+KerberosString ::= GeneralString > > Realm ::= KerberosString > > PrincipalName ::= SEQUENCE { >- name-type [0] Int32, >+ name-type [0] NameType, -- Int32, > name-string [1] SEQUENCE OF KerberosString > } > >+NameType ::= Int32 >+ > KerberosTime ::= GeneralizedTime -- with no fractional seconds > > HostAddress ::= SEQUENCE { >@@ -50,36 +58,48 @@ HostAddresses -- NOTE: subtly different from rfc1510, > -- NOTE: AuthorizationData is always used as an OPTIONAL field and > -- should not be empty. > AuthorizationData ::= SEQUENCE OF SEQUENCE { >- ad-type [0] Int32, >+ ad-type [0] AuthDataType, -- Int32, > ad-data [1] OCTET STRING > } > >+AuthDataType ::= Int32 >+ > PA-DATA ::= SEQUENCE { > -- NOTE: first tag is [1], not [0] >- padata-type [1] Int32, >+ padata-type [1] PADataType, -- Int32 > padata-value [2] OCTET STRING -- might be encoded AP-REQ > } > >-KerberosFlags ::= BIT STRING (SIZE (32..MAX)) >+PADataType ::= Int32 >+ >+-- >+-- asn1ate doesn't support 'MAX' nor a lower range != 1. >+-- We'll use a custom enodeValue() hooks for BitString >+-- in order to encode them with at least 32-Bit. >+-- >+-- KerberosFlags ::= BIT STRING (SIZE (32..MAX)) >+KerberosFlags ::= BIT STRING (SIZE (1..32)) > -- minimum number of bits shall be sent, > -- but no fewer than 32 > > EncryptedData ::= SEQUENCE { >- etype [0] Int32 -- EncryptionType --, >+ etype [0] EncryptionType, --Int32 EncryptionType -- > kvno [1] UInt32 OPTIONAL, > cipher [2] OCTET STRING -- ciphertext > } > > EncryptionKey ::= SEQUENCE { >- keytype [0] Int32 -- actually encryption type --, >+ keytype [0] EncryptionType, -- Int32 actually encryption type -- > keyvalue [1] OCTET STRING > } > > Checksum ::= SEQUENCE { >- cksumtype [0] Int32, >+ cksumtype [0] ChecksumType, -- Int32, > checksum [1] OCTET STRING > } > >+ChecksumType ::= Int32 >+ > Ticket ::= [APPLICATION 1] SEQUENCE { > tkt-vno [0] INTEGER (5), > realm [1] Realm, >@@ -150,7 +170,7 @@ KDC-REQ-BODY ::= SEQUENCE { > till [5] KerberosTime, > rtime [6] KerberosTime OPTIONAL, > nonce [7] UInt32, >- etype [8] SEQUENCE OF Int32 -- EncryptionType >+ etype [8] SEQUENCE OF EncryptionType -- Int32 - EncryptionType > -- in preference order --, > addresses [9] HostAddresses OPTIONAL, > enc-authorization-data [10] EncryptedData OPTIONAL >@@ -159,6 +179,8 @@ KDC-REQ-BODY ::= SEQUENCE { > -- NOTE: not empty > } > >+EncryptionType ::= Int32 >+ > KDCOptions ::= KerberosFlags > -- reserved(0), > -- forwardable(1), >@@ -344,7 +366,11 @@ KRB-ERROR ::= [APPLICATION 30] SEQUENCE { > > METHOD-DATA ::= SEQUENCE OF PA-DATA > >-TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { >+-- >+-- asn1ate doesn't support 'MAX' >+-- >+-- TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { >+TYPED-DATA ::= SEQUENCE SIZE (1..256) OF SEQUENCE { > data-type [0] Int32, > data-value [1] OCTET STRING OPTIONAL > } >@@ -371,7 +397,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE { > s2kparams [2] OCTET STRING OPTIONAL > } > >-ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY >+ETYPE-INFO2 ::= SEQUENCE SIZE (1..256) OF ETYPE-INFO2-ENTRY > > AD-IF-RELEVANT ::= AuthorizationData > >@@ -389,4 +415,249 @@ AD-AND-OR ::= SEQUENCE { > > AD-MANDATORY-FOR-KDC ::= AuthorizationData > >+ >+ >+ >+ >+ >+-- >+-- >+-- prettyPrint values >+-- >+-- >+ >+NameTypeValues ::= INTEGER { -- Int32 >+ kRB5-NT-UNKNOWN(0), -- Name type not known >+ kRB5-NT-PRINCIPAL(1), -- Just the name of the principal as in >+ kRB5-NT-SRV-INST(2), -- Service and other unique instance (krbtgt) >+ kRB5-NT-SRV-HST(3), -- Service with host name as instance >+ kRB5-NT-SRV-XHST(4), -- Service with host as remaining components >+ kRB5-NT-UID(5), -- Unique ID >+ kRB5-NT-X500-PRINCIPAL(6), -- PKINIT >+ kRB5-NT-SMTP-NAME(7), -- Name in form of SMTP email name >+ kRB5-NT-ENTERPRISE-PRINCIPAL(10), -- Windows 2000 UPN >+ kRB5-NT-WELLKNOWN(11), -- Wellknown >+ kRB5-NT-ENT-PRINCIPAL-AND-ID(-130), -- Windows 2000 UPN and SID >+ kRB5-NT-MS-PRINCIPAL(-128), -- NT 4 style name >+ kRB5-NT-MS-PRINCIPAL-AND-ID(-129) -- NT style name and SID >+} >+NameTypeSequence ::= SEQUENCE { >+ dummy [0] NameTypeValues >+} >+ >+TicketFlagsValues ::= BIT STRING { -- KerberosFlags >+ reserved(0), >+ forwardable(1), >+ forwarded(2), >+ proxiable(3), >+ proxy(4), >+ may-postdate(5), >+ postdated(6), >+ invalid(7), >+ renewable(8), >+ initial(9), >+ pre-authent(10), >+ hw-authent(11), >+-- the following are new since 1510 >+ transited-policy-checked(12), >+ ok-as-delegate(13) >+} >+TicketFlagsSequence ::= SEQUENCE { >+ dummy [0] TicketFlagsValues >+} >+ >+KDCOptionsValues ::= BIT STRING { -- KerberosFlags >+ reserved(0), >+ forwardable(1), >+ forwarded(2), >+ proxiable(3), >+ proxy(4), >+ allow-postdate(5), >+ postdated(6), >+ unused7(7), >+ renewable(8), >+ unused9(9), >+ unused10(10), >+ opt-hardware-auth(11), >+ unused12(12), >+ unused13(13), >+-- 15 is reserved for canonicalize >+ unused15(15), >+-- 26 was unused in 1510 >+ disable-transited-check(26), >+-- >+ renewable-ok(27), >+ enc-tkt-in-skey(28), >+ renew(30), >+ validate(31) >+} >+KDCOptionsSequence ::= SEQUENCE { >+ dummy [0] KDCOptionsValues >+} >+ >+MessageTypeValues ::= INTEGER { >+ krb-as-req(10), -- Request for initial authentication >+ krb-as-rep(11), -- Response to KRB_AS_REQ request >+ krb-tgs-req(12), -- Request for authentication based on TGT >+ krb-tgs-rep(13), -- Response to KRB_TGS_REQ request >+ krb-ap-req(14), -- application request to server >+ krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL >+ krb-safe(20), -- Safe (checksummed) application message >+ krb-priv(21), -- Private (encrypted) application message >+ krb-cred(22), -- Private (encrypted) message to forward credentials >+ krb-error(30) -- Error response >+} >+MessageTypeSequence ::= SEQUENCE { >+ dummy [0] MessageTypeValues >+} >+ >+PADataTypeValues ::= INTEGER { >+ kRB5-PADATA-NONE(0), >+ -- kRB5-PADATA-TGS-REQ(1), >+ -- kRB5-PADATA-AP-REQ(1), >+ kRB5-PADATA-KDC-REQ(1), >+ kRB5-PADATA-ENC-TIMESTAMP(2), >+ kRB5-PADATA-PW-SALT(3), >+ kRB5-PADATA-ENC-UNIX-TIME(5), >+ kRB5-PADATA-SANDIA-SECUREID(6), >+ kRB5-PADATA-SESAME(7), >+ kRB5-PADATA-OSF-DCE(8), >+ kRB5-PADATA-CYBERSAFE-SECUREID(9), >+ kRB5-PADATA-AFS3-SALT(10), >+ kRB5-PADATA-ETYPE-INFO(11), >+ kRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp) >+ kRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp) >+ kRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19) >+ kRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19) >+ -- kRB5-PADATA-PK-AS-REQ-WIN(15), - (PKINIT - old number) >+ kRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) >+ kRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) >+ kRB5-PADATA-PA-PK-OCSP-RESPONSE(18), >+ kRB5-PADATA-ETYPE-INFO2(19), >+ -- kRB5-PADATA-USE-SPECIFIED-KVNO(20), >+ kRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number >+ kRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp) >+ kRB5-PADATA-GET-FROM-TYPED-DATA(22), >+ kRB5-PADATA-SAM-ETYPE-INFO(23), >+ kRB5-PADATA-SERVER-REFERRAL(25), >+ kRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov) >+ kRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com) >+ kRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com) >+ kRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT >+ kRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName >+ kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT >+ kRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT >+ kRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific >+ kRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER >+ kRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER >+ kRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com >+ kRB5-PADATA-FOR-USER(129), -- MS-KILE >+ kRB5-PADATA-FOR-X509-USER(130), -- MS-KILE >+ kRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE >+ kRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE >+ -- kRB5-PADATA-PK-AS-09-BINDING(132), - client send this to >+ -- tell KDC that is supports >+ -- the asCheckSum in the >+ -- PK-AS-REP >+ kRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework >+ kRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework >+ kRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework >+ kRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework >+ kRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework >+ kRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework >+ kRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com) >+ kRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com) >+ kBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com) >+ kRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com) >+ kRB5-PADATA-EPAK-AS-REQ(145), >+ kRB5-PADATA-EPAK-AS-REP(146), >+ kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon >+ kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u >+ kRB5-PADATA-REQ-ENC-PA-REP(149), -- >+ kRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE >+} >+PADataTypeSequence ::= SEQUENCE { >+ dummy [0] PADataTypeValues >+} >+ >+AuthDataTypeValues ::= INTEGER { >+ kRB5-AUTHDATA-IF-RELEVANT(1), >+ kRB5-AUTHDATA-INTENDED-FOR-SERVER(2), >+ kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3), >+ kRB5-AUTHDATA-KDC-ISSUED(4), >+ kRB5-AUTHDATA-AND-OR(5), >+ kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6), >+ kRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7), >+ kRB5-AUTHDATA-MANDATORY-FOR-KDC(8), >+ kRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9), >+ kRB5-AUTHDATA-OSF-DCE(64), >+ kRB5-AUTHDATA-SESAME(65), >+ kRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), >+ kRB5-AUTHDATA-WIN2K-PAC(128), >+ kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only >+ kRB5-AUTHDATA-SIGNTICKET-OLDER(-17), >+ kRB5-AUTHDATA-SIGNTICKET-OLD(142), >+ kRB5-AUTHDATA-SIGNTICKET(512) >+} >+AuthDataTypeSequence ::= SEQUENCE { >+ dummy [0] AuthDataTypeValues >+} >+ >+ChecksumTypeValues ::= INTEGER { >+ kRB5-CKSUMTYPE-NONE(0), >+ kRB5-CKSUMTYPE-CRC32(1), >+ kRB5-CKSUMTYPE-RSA-MD4(2), >+ kRB5-CKSUMTYPE-RSA-MD4-DES(3), >+ kRB5-CKSUMTYPE-DES-MAC(4), >+ kRB5-CKSUMTYPE-DES-MAC-K(5), >+ kRB5-CKSUMTYPE-RSA-MD4-DES-K(6), >+ kRB5-CKSUMTYPE-RSA-MD5(7), >+ kRB5-CKSUMTYPE-RSA-MD5-DES(8), >+ kRB5-CKSUMTYPE-RSA-MD5-DES3(9), >+ kRB5-CKSUMTYPE-SHA1-OTHER(10), >+ kRB5-CKSUMTYPE-HMAC-SHA1-DES3(12), >+ kRB5-CKSUMTYPE-SHA1(14), >+ kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128(15), >+ kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256(16), >+ kRB5-CKSUMTYPE-GSSAPI(32771), -- 0x8003 >+ kRB5-CKSUMTYPE-HMAC-MD5(-138), -- unofficial microsoft number >+ kRB5-CKSUMTYPE-HMAC-MD5-ENC(-1138) -- even more unofficial >+} >+ChecksumTypeSequence ::= SEQUENCE { >+ dummy [0] ChecksumTypeValues >+} >+ >+EncryptionTypeValues ::= INTEGER { >+ kRB5-ENCTYPE-NULL(0), >+ kRB5-ENCTYPE-DES-CBC-CRC(1), >+ kRB5-ENCTYPE-DES-CBC-MD4(2), >+ kRB5-ENCTYPE-DES-CBC-MD5(3), >+ kRB5-ENCTYPE-DES3-CBC-MD5(5), >+ kRB5-ENCTYPE-OLD-DES3-CBC-SHA1(7), >+ kRB5-ENCTYPE-SIGN-DSA-GENERATE(8), >+ kRB5-ENCTYPE-ENCRYPT-RSA-PRIV(9), >+ kRB5-ENCTYPE-ENCRYPT-RSA-PUB(10), >+ kRB5-ENCTYPE-DES3-CBC-SHA1(16), -- with key derivation >+ kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96(17), >+ kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96(18), >+ kRB5-ENCTYPE-ARCFOUR-HMAC-MD5(23), >+ kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56(24), >+ kRB5-ENCTYPE-ENCTYPE-PK-CROSS(48), >+-- some "old" windows types >+ kRB5-ENCTYPE-ARCFOUR-MD4(-128), >+ kRB5-ENCTYPE-ARCFOUR-HMAC-OLD(-133), >+ kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP(-135), >+-- these are for Heimdal internal use >+-- kRB5-ENCTYPE-DES-CBC-NONE(-0x1000), >+-- kRB5-ENCTYPE-DES3-CBC-NONE(-0x1001), >+-- kRB5-ENCTYPE-DES-CFB64-NONE(-0x1002), >+-- kRB5-ENCTYPE-DES-PCBC-NONE(-0x1003), >+-- kRB5-ENCTYPE-DIGEST-MD5-NONE(-0x1004), - private use, lukeh@padl.com >+-- kRB5-ENCTYPE-CRAM-MD5-NONE(-0x1005) - private use, lukeh@padl.com >+ kRB5-ENCTYPE-DUMMY(-1111) >+} >+EncryptionTypeSequence ::= SEQUENCE { >+ dummy [0] EncryptionTypeValues >+} >+ > END >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >new file mode 100644 >index 00000000000..b2627aa3dcb >--- /dev/null >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -0,0 +1,914 @@ >+# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >+# (last modified on 2020-03-26 10:28:24.346775) >+ >+# KerberosV5Spec2 >+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >+ >+ >+def _OID(*components): >+ output = [] >+ for x in tuple(components): >+ if isinstance(x, univ.ObjectIdentifier): >+ output.extend(list(x)) >+ else: >+ output.append(int(x)) >+ >+ return univ.ObjectIdentifier(output) >+ >+ >+class Int32(univ.Integer): >+ pass >+ >+ >+Int32.subtypeSpec = constraint.ValueRangeConstraint(-2147483648, 2147483647) >+ >+ >+class AuthDataType(Int32): >+ pass >+ >+ >+class AuthorizationData(univ.SequenceOf): >+ pass >+ >+ >+AuthorizationData.componentType = univ.Sequence(componentType=namedtype.NamedTypes( >+ namedtype.NamedType('ad-type', AuthDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('ad-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+)) >+ >+ >+class AD_AND_OR(univ.Sequence): >+ pass >+ >+ >+AD_AND_OR.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('condition-count', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class AD_IF_RELEVANT(AuthorizationData): >+ pass >+ >+ >+class ChecksumType(Int32): >+ pass >+ >+ >+class Checksum(univ.Sequence): >+ pass >+ >+ >+Checksum.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('cksumtype', ChecksumType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('checksum', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class KerberosString(char.GeneralString): >+ pass >+ >+ >+class NameType(Int32): >+ pass >+ >+ >+class PrincipalName(univ.Sequence): >+ pass >+ >+ >+PrincipalName.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('name-type', NameType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('name-string', univ.SequenceOf(componentType=KerberosString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class Realm(KerberosString): >+ pass >+ >+ >+class AD_KDCIssued(univ.Sequence): >+ pass >+ >+ >+AD_KDCIssued.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('ad-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), >+ namedtype.OptionalNamedType('i-realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('i-sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) >+) >+ >+ >+class AD_MANDATORY_FOR_KDC(AuthorizationData): >+ pass >+ >+ >+class EncryptionType(Int32): >+ pass >+ >+ >+class UInt32(univ.Integer): >+ pass >+ >+ >+UInt32.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295) >+ >+ >+class EncryptedData(univ.Sequence): >+ pass >+ >+ >+EncryptedData.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('kvno', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('cipher', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) >+) >+ >+ >+class AP_REP(univ.Sequence): >+ pass >+ >+ >+AP_REP.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15)) >+AP_REP.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(15)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) >+) >+ >+ >+class KerberosFlags(univ.BitString): >+ pass >+ >+ >+KerberosFlags.subtypeSpec=constraint.ValueSizeConstraint(1, 32) >+ >+ >+class APOptions(KerberosFlags): >+ pass >+ >+ >+class Ticket(univ.Sequence): >+ pass >+ >+ >+Ticket.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)) >+Ticket.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('tkt-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) >+) >+ >+ >+class AP_REQ(univ.Sequence): >+ pass >+ >+ >+AP_REQ.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14)) >+AP_REQ.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(14)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('ap-options', APOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('authenticator', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))) >+) >+ >+ >+class PADataType(Int32): >+ pass >+ >+ >+class PA_DATA(univ.Sequence): >+ pass >+ >+ >+PA_DATA.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('padata-type', PADataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('padata-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) >+) >+ >+ >+class KDC_REP(univ.Sequence): >+ pass >+ >+ >+KDC_REP.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(11, 13)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), >+ namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))) >+) >+ >+ >+class AS_REP(KDC_REP): >+ pass >+ >+ >+AS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11)) >+ >+ >+class HostAddress(univ.Sequence): >+ pass >+ >+ >+HostAddress.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('addr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('address', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class HostAddresses(univ.SequenceOf): >+ pass >+ >+ >+HostAddresses.componentType = HostAddress() >+ >+ >+class KDCOptions(KerberosFlags): >+ pass >+ >+ >+class KerberosTime(useful.GeneralizedTime): >+ pass >+ >+ >+class KDC_REQ_BODY(univ.Sequence): >+ pass >+ >+ >+KDC_REQ_BODY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('kdc-options', KDCOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), >+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), >+ namedtype.OptionalNamedType('from', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), >+ namedtype.NamedType('till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.OptionalNamedType('rtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), >+ namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), >+ namedtype.NamedType('etype', univ.SequenceOf(componentType=EncryptionType()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), >+ namedtype.OptionalNamedType('addresses', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), >+ namedtype.OptionalNamedType('enc-authorization-data', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), >+ namedtype.OptionalNamedType('additional-tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))) >+) >+ >+ >+class KDC_REQ(univ.Sequence): >+ pass >+ >+ >+KDC_REQ.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(10, 12)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))) >+) >+ >+ >+class AS_REQ(KDC_REQ): >+ pass >+ >+ >+AS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)) >+ >+ >+class AuthDataTypeValues(univ.Integer): >+ pass >+ >+ >+AuthDataTypeValues.namedValues = namedval.NamedValues( >+ ('kRB5-AUTHDATA-IF-RELEVANT', 1), >+ ('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2), >+ ('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3), >+ ('kRB5-AUTHDATA-KDC-ISSUED', 4), >+ ('kRB5-AUTHDATA-AND-OR', 5), >+ ('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6), >+ ('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7), >+ ('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8), >+ ('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9), >+ ('kRB5-AUTHDATA-OSF-DCE', 64), >+ ('kRB5-AUTHDATA-SESAME', 65), >+ ('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66), >+ ('kRB5-AUTHDATA-WIN2K-PAC', 128), >+ ('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129), >+ ('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17), >+ ('kRB5-AUTHDATA-SIGNTICKET-OLD', 142), >+ ('kRB5-AUTHDATA-SIGNTICKET', 512) >+) >+ >+ >+class AuthDataTypeSequence(univ.Sequence): >+ pass >+ >+ >+AuthDataTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class EncryptionKey(univ.Sequence): >+ pass >+ >+ >+EncryptionKey.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class Microseconds(univ.Integer): >+ pass >+ >+ >+Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999) >+ >+ >+class Authenticator(univ.Sequence): >+ pass >+ >+ >+Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)) >+Authenticator.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), >+ namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), >+ namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), >+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), >+ namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) >+) >+ >+ >+class ChecksumTypeValues(univ.Integer): >+ pass >+ >+ >+ChecksumTypeValues.namedValues = namedval.NamedValues( >+ ('kRB5-CKSUMTYPE-NONE', 0), >+ ('kRB5-CKSUMTYPE-CRC32', 1), >+ ('kRB5-CKSUMTYPE-RSA-MD4', 2), >+ ('kRB5-CKSUMTYPE-RSA-MD4-DES', 3), >+ ('kRB5-CKSUMTYPE-DES-MAC', 4), >+ ('kRB5-CKSUMTYPE-DES-MAC-K', 5), >+ ('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6), >+ ('kRB5-CKSUMTYPE-RSA-MD5', 7), >+ ('kRB5-CKSUMTYPE-RSA-MD5-DES', 8), >+ ('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9), >+ ('kRB5-CKSUMTYPE-SHA1-OTHER', 10), >+ ('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12), >+ ('kRB5-CKSUMTYPE-SHA1', 14), >+ ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15), >+ ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16), >+ ('kRB5-CKSUMTYPE-GSSAPI', 32771), >+ ('kRB5-CKSUMTYPE-HMAC-MD5', -138), >+ ('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138) >+) >+ >+ >+class ChecksumTypeSequence(univ.Sequence): >+ pass >+ >+ >+ChecksumTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class ETYPE_INFO_ENTRY(univ.Sequence): >+ pass >+ >+ >+ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class ETYPE_INFO(univ.SequenceOf): >+ pass >+ >+ >+ETYPE_INFO.componentType = ETYPE_INFO_ENTRY() >+ >+ >+class ETYPE_INFO2_ENTRY(univ.Sequence): >+ pass >+ >+ >+ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) >+) >+ >+ >+class ETYPE_INFO2(univ.SequenceOf): >+ pass >+ >+ >+ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY() >+ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256) >+ >+ >+class EncAPRepPart(univ.Sequence): >+ pass >+ >+ >+EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27)) >+EncAPRepPart.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) >+) >+ >+ >+class LastReq(univ.SequenceOf): >+ pass >+ >+ >+LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes( >+ namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+)) >+ >+ >+class TicketFlags(KerberosFlags): >+ pass >+ >+ >+class EncKDCRepPart(univ.Sequence): >+ pass >+ >+ >+EncKDCRepPart.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), >+ namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), >+ namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), >+ namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), >+ namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), >+ namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), >+ namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), >+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))) >+) >+ >+ >+class EncASRepPart(EncKDCRepPart): >+ pass >+ >+ >+EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25)) >+ >+ >+class KrbCredInfo(univ.Sequence): >+ pass >+ >+ >+KrbCredInfo.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), >+ namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), >+ namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), >+ namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), >+ namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), >+ namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))), >+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))) >+) >+ >+ >+class EncKrbCredPart(univ.Sequence): >+ pass >+ >+ >+EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29)) >+EncKrbCredPart.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), >+ namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) >+) >+ >+ >+class EncKrbPrivPart(univ.Sequence): >+ pass >+ >+ >+EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28)) >+EncKrbPrivPart.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), >+ namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) >+) >+ >+ >+class EncTGSRepPart(EncKDCRepPart): >+ pass >+ >+ >+EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26)) >+ >+ >+class TransitedEncoding(univ.Sequence): >+ pass >+ >+ >+TransitedEncoding.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class EncTicketPart(univ.Sequence): >+ pass >+ >+ >+EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)) >+EncTicketPart.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), >+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), >+ namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), >+ namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), >+ namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), >+ namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), >+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), >+ namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))) >+) >+ >+ >+class EncryptionTypeValues(univ.Integer): >+ pass >+ >+ >+EncryptionTypeValues.namedValues = namedval.NamedValues( >+ ('kRB5-ENCTYPE-NULL', 0), >+ ('kRB5-ENCTYPE-DES-CBC-CRC', 1), >+ ('kRB5-ENCTYPE-DES-CBC-MD4', 2), >+ ('kRB5-ENCTYPE-DES-CBC-MD5', 3), >+ ('kRB5-ENCTYPE-DES3-CBC-MD5', 5), >+ ('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7), >+ ('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8), >+ ('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9), >+ ('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10), >+ ('kRB5-ENCTYPE-DES3-CBC-SHA1', 16), >+ ('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17), >+ ('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18), >+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23), >+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24), >+ ('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48), >+ ('kRB5-ENCTYPE-ARCFOUR-MD4', -128), >+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133), >+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135), >+ ('kRB5-ENCTYPE-DUMMY', -1111) >+) >+ >+ >+class EncryptionTypeSequence(univ.Sequence): >+ pass >+ >+ >+EncryptionTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class KDCOptionsValues(univ.BitString): >+ pass >+ >+ >+KDCOptionsValues.namedValues = namedval.NamedValues( >+ ('reserved', 0), >+ ('forwardable', 1), >+ ('forwarded', 2), >+ ('proxiable', 3), >+ ('proxy', 4), >+ ('allow-postdate', 5), >+ ('postdated', 6), >+ ('unused7', 7), >+ ('renewable', 8), >+ ('unused9', 9), >+ ('unused10', 10), >+ ('opt-hardware-auth', 11), >+ ('unused12', 12), >+ ('unused13', 13), >+ ('unused15', 15), >+ ('disable-transited-check', 26), >+ ('renewable-ok', 27), >+ ('enc-tkt-in-skey', 28), >+ ('renew', 30), >+ ('validate', 31) >+) >+ >+ >+class KDCOptionsSequence(univ.Sequence): >+ pass >+ >+ >+KDCOptionsSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', KDCOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class KRB_CRED(univ.Sequence): >+ pass >+ >+ >+KRB_CRED.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 22)) >+KRB_CRED.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(22)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) >+) >+ >+ >+class KRB_ERROR(univ.Sequence): >+ pass >+ >+ >+KRB_ERROR.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 30)) >+KRB_ERROR.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(30)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('stime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), >+ namedtype.NamedType('susec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), >+ namedtype.NamedType('error-code', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), >+ namedtype.OptionalNamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), >+ namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))), >+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), >+ namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), >+ namedtype.OptionalNamedType('e-text', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))), >+ namedtype.OptionalNamedType('e-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12))) >+) >+ >+ >+class KRB_PRIV(univ.Sequence): >+ pass >+ >+ >+KRB_PRIV.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 21)) >+KRB_PRIV.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(21)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) >+) >+ >+ >+class KRB_SAFE_BODY(univ.Sequence): >+ pass >+ >+ >+KRB_SAFE_BODY.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), >+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), >+ namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), >+ namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) >+) >+ >+ >+class KRB_SAFE(univ.Sequence): >+ pass >+ >+ >+KRB_SAFE.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 20)) >+KRB_SAFE.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(20)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('safe-body', KRB_SAFE_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) >+) >+ >+ >+class METHOD_DATA(univ.SequenceOf): >+ pass >+ >+ >+METHOD_DATA.componentType = PA_DATA() >+ >+ >+class MessageTypeValues(univ.Integer): >+ pass >+ >+ >+MessageTypeValues.namedValues = namedval.NamedValues( >+ ('krb-as-req', 10), >+ ('krb-as-rep', 11), >+ ('krb-tgs-req', 12), >+ ('krb-tgs-rep', 13), >+ ('krb-ap-req', 14), >+ ('krb-ap-rep', 15), >+ ('krb-safe', 20), >+ ('krb-priv', 21), >+ ('krb-cred', 22), >+ ('krb-error', 30) >+) >+ >+ >+class MessageTypeSequence(univ.Sequence): >+ pass >+ >+ >+MessageTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', MessageTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class NameTypeValues(univ.Integer): >+ pass >+ >+ >+NameTypeValues.namedValues = namedval.NamedValues( >+ ('kRB5-NT-UNKNOWN', 0), >+ ('kRB5-NT-PRINCIPAL', 1), >+ ('kRB5-NT-SRV-INST', 2), >+ ('kRB5-NT-SRV-HST', 3), >+ ('kRB5-NT-SRV-XHST', 4), >+ ('kRB5-NT-UID', 5), >+ ('kRB5-NT-X500-PRINCIPAL', 6), >+ ('kRB5-NT-SMTP-NAME', 7), >+ ('kRB5-NT-ENTERPRISE-PRINCIPAL', 10), >+ ('kRB5-NT-WELLKNOWN', 11), >+ ('kRB5-NT-ENT-PRINCIPAL-AND-ID', -130), >+ ('kRB5-NT-MS-PRINCIPAL', -128), >+ ('kRB5-NT-MS-PRINCIPAL-AND-ID', -129) >+) >+ >+ >+class NameTypeSequence(univ.Sequence): >+ pass >+ >+ >+NameTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', NameTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class PA_ENC_TIMESTAMP(EncryptedData): >+ pass >+ >+ >+class PA_ENC_TS_ENC(univ.Sequence): >+ pass >+ >+ >+PA_ENC_TS_ENC.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('patimestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('pausec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+) >+ >+ >+class PADataTypeValues(univ.Integer): >+ pass >+ >+ >+PADataTypeValues.namedValues = namedval.NamedValues( >+ ('kRB5-PADATA-NONE', 0), >+ ('kRB5-PADATA-KDC-REQ', 1), >+ ('kRB5-PADATA-ENC-TIMESTAMP', 2), >+ ('kRB5-PADATA-PW-SALT', 3), >+ ('kRB5-PADATA-ENC-UNIX-TIME', 5), >+ ('kRB5-PADATA-SANDIA-SECUREID', 6), >+ ('kRB5-PADATA-SESAME', 7), >+ ('kRB5-PADATA-OSF-DCE', 8), >+ ('kRB5-PADATA-CYBERSAFE-SECUREID', 9), >+ ('kRB5-PADATA-AFS3-SALT', 10), >+ ('kRB5-PADATA-ETYPE-INFO', 11), >+ ('kRB5-PADATA-SAM-CHALLENGE', 12), >+ ('kRB5-PADATA-SAM-RESPONSE', 13), >+ ('kRB5-PADATA-PK-AS-REQ-19', 14), >+ ('kRB5-PADATA-PK-AS-REP-19', 15), >+ ('kRB5-PADATA-PK-AS-REQ', 16), >+ ('kRB5-PADATA-PK-AS-REP', 17), >+ ('kRB5-PADATA-PA-PK-OCSP-RESPONSE', 18), >+ ('kRB5-PADATA-ETYPE-INFO2', 19), >+ ('kRB5-PADATA-SVR-REFERRAL-INFO', 20), >+ ('kRB5-PADATA-SAM-REDIRECT', 21), >+ ('kRB5-PADATA-GET-FROM-TYPED-DATA', 22), >+ ('kRB5-PADATA-SAM-ETYPE-INFO', 23), >+ ('kRB5-PADATA-SERVER-REFERRAL', 25), >+ ('kRB5-PADATA-ALT-PRINC', 24), >+ ('kRB5-PADATA-SAM-CHALLENGE2', 30), >+ ('kRB5-PADATA-SAM-RESPONSE2', 31), >+ ('kRB5-PA-EXTRA-TGT', 41), >+ ('kRB5-PADATA-TD-KRB-PRINCIPAL', 102), >+ ('kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS', 104), >+ ('kRB5-PADATA-PK-TD-CERTIFICATE-INDEX', 105), >+ ('kRB5-PADATA-TD-APP-DEFINED-ERROR', 106), >+ ('kRB5-PADATA-TD-REQ-NONCE', 107), >+ ('kRB5-PADATA-TD-REQ-SEQ', 108), >+ ('kRB5-PADATA-PA-PAC-REQUEST', 128), >+ ('kRB5-PADATA-FOR-USER', 129), >+ ('kRB5-PADATA-FOR-X509-USER', 130), >+ ('kRB5-PADATA-FOR-CHECK-DUPS', 131), >+ ('kRB5-PADATA-AS-CHECKSUM', 132), >+ ('kRB5-PADATA-FX-COOKIE', 133), >+ ('kRB5-PADATA-AUTHENTICATION-SET', 134), >+ ('kRB5-PADATA-AUTH-SET-SELECTED', 135), >+ ('kRB5-PADATA-FX-FAST', 136), >+ ('kRB5-PADATA-FX-ERROR', 137), >+ ('kRB5-PADATA-ENCRYPTED-CHALLENGE', 138), >+ ('kRB5-PADATA-OTP-CHALLENGE', 141), >+ ('kRB5-PADATA-OTP-REQUEST', 142), >+ ('kBB5-PADATA-OTP-CONFIRM', 143), >+ ('kRB5-PADATA-OTP-PIN-CHANGE', 144), >+ ('kRB5-PADATA-EPAK-AS-REQ', 145), >+ ('kRB5-PADATA-EPAK-AS-REP', 146), >+ ('kRB5-PADATA-PKINIT-KX', 147), >+ ('kRB5-PADATA-PKU2U-NAME', 148), >+ ('kRB5-PADATA-REQ-ENC-PA-REP', 149), >+ ('kRB5-PADATA-SUPPORTED-ETYPES', 165) >+) >+ >+ >+class PADataTypeSequence(univ.Sequence): >+ pass >+ >+ >+PADataTypeSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', PADataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+class TGS_REP(KDC_REP): >+ pass >+ >+ >+TGS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13)) >+ >+ >+class TGS_REQ(KDC_REQ): >+ pass >+ >+ >+TGS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12)) >+ >+ >+class TYPED_DATA(univ.SequenceOf): >+ pass >+ >+ >+TYPED_DATA.componentType = univ.Sequence(componentType=namedtype.NamedTypes( >+ namedtype.NamedType('data-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), >+ namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) >+)) >+ >+TYPED_DATA.subtypeSpec=constraint.ValueSizeConstraint(1, 256) >+ >+ >+class TicketFlagsValues(univ.BitString): >+ pass >+ >+ >+TicketFlagsValues.namedValues = namedval.NamedValues( >+ ('reserved', 0), >+ ('forwardable', 1), >+ ('forwarded', 2), >+ ('proxiable', 3), >+ ('proxy', 4), >+ ('may-postdate', 5), >+ ('postdated', 6), >+ ('invalid', 7), >+ ('renewable', 8), >+ ('initial', 9), >+ ('pre-authent', 10), >+ ('hw-authent', 11), >+ ('transited-policy-checked', 12), >+ ('ok-as-delegate', 13) >+) >+ >+ >+class TicketFlagsSequence(univ.Sequence): >+ pass >+ >+ >+TicketFlagsSequence.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('dummy', TicketFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) >+) >+ >+ >+id_krb5 = _OID(1, 3, 6, 1, 5, 2) >+ >+ >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1_regen.sh b/python/samba/tests/krb5/rfc4120_pyasn1_regen.sh >new file mode 100755 >index 00000000000..2e3995688f2 >--- /dev/null >+++ b/python/samba/tests/krb5/rfc4120_pyasn1_regen.sh >@@ -0,0 +1,41 @@ >+#!/bin/bash >+# >+ >+# >+# I used https://github.com/kimgr/asn1ate.git >+# to generate pyasn1 bindings for rfc4120.asn1 >+# >+ >+PATH_TO_ASN1ATE_CHECKOUT=$1 >+PATH_TO_ASN1_INPUT_FILE=$2 >+ >+set -u >+set -e >+ >+usage() { >+ echo "usage: $0 PATH_TO_ASN1ATE_CHECKOUT PATH_TO_ASN1_INPUT_FILE > PATH_TO_PYASN1_OUTPUT_FILE" >+} >+ >+test -n "${PATH_TO_ASN1ATE_CHECKOUT}" || { >+ usage >+ exit 1 >+} >+test -n "${PATH_TO_ASN1_INPUT_FILE}" || { >+ usage >+ exit 1 >+} >+test -d "${PATH_TO_ASN1ATE_CHECKOUT}" || { >+ usage >+ exit 1 >+} >+test -f "${PATH_TO_ASN1_INPUT_FILE}" || { >+ usage >+ exit 1 >+} >+ >+PATH_TO_PYASN1GEN_PY="${PATH_TO_ASN1ATE_CHECKOUT}/asn1ate/pyasn1gen.py" >+ >+PYTHONPATH="${PATH_TO_ASN1ATE_CHECKOUT}:${PYTHONPATH-}" >+export PYTHONPATH >+ >+python3 "${PATH_TO_PYASN1GEN_PY}" "${PATH_TO_ASN1_INPUT_FILE}" >diff --git a/python/samba/tests/source.py b/python/samba/tests/source.py >index b7608b1bab3..cebfb9ae8fb 100644 >--- a/python/samba/tests/source.py >+++ b/python/samba/tests/source.py >@@ -93,6 +93,9 @@ class TestSource(TestCase): > if fname.endswith("python/samba/tests/krb5/kcrypto.py"): > # Imported from MIT testing repo > continue >+ if fname.endswith("python/samba/tests/krb5/rfc4120_pyasn1.py"): >+ # Autogenerated >+ continue > match = copyright_re.search(text) > if not match: > incorrect.append((fname, 'no copyright line found\n')) >@@ -138,6 +141,9 @@ class TestSource(TestCase): > if fname.endswith("python/samba/tests/krb5/kcrypto.py"): > # Imported from MIT testing repo > continue >+ if fname.endswith("python/samba/tests/krb5/rfc4120_pyasn1.py"): >+ # Autogenerated >+ continue > if not gpl_re.search(text): > incorrect.append(fname) > >-- >2.25.1 > > >From ae39d8c5397cb4a05c6727349f4da26110a27091 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 13 Feb 2020 16:29:38 +0100 >Subject: [PATCH 020/380] python/tests/krb5: add raw_testcase.py as the base > for our Kerberos protocol testing > >Pair-Programmed-With: Isaac Boukris <iboukris@samba.org> > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit fb7cba50ae3472b29aa806208badc1ded8979073) >--- > python/samba/tests/krb5/raw_testcase.py | 869 ++++++++++++++++++++++++ > 1 file changed, 869 insertions(+) > create mode 100644 python/samba/tests/krb5/raw_testcase.py > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >new file mode 100644 >index 00000000000..6c7bcd418a0 >--- /dev/null >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -0,0 +1,869 @@ >+# Unix SMB/CIFS implementation. >+# Copyright (C) Isaac Boukris 2020 >+# Copyright (C) Stefan Metzmacher 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import socket >+import struct >+import time >+import datetime >+import random >+ >+import samba.tests >+from samba.credentials import Credentials >+from samba.tests import TestCase >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+import samba.tests.krb5.kcrypto as kcrypto >+ >+from pyasn1.codec.der.decoder import decode as pyasn1_der_decode >+from pyasn1.codec.der.encoder import encode as pyasn1_der_encode >+from pyasn1.codec.native.decoder import decode as pyasn1_native_decode >+from pyasn1.codec.native.encoder import encode as pyasn1_native_encode >+ >+from pyasn1.codec.ber.encoder import BitStringEncoder as BitStringEncoder >+def BitStringEncoder_encodeValue32(self, value, asn1Spec, encodeFun, **options): >+ # >+ # BitStrings like KDCOptions or TicketFlags should at least >+ # be 32-Bit on the wire >+ # >+ if asn1Spec is not None: >+ # TODO: try to avoid ASN.1 schema instantiation >+ value = asn1Spec.clone(value) >+ >+ valueLength = len(value) >+ if valueLength % 8: >+ alignedValue = value << (8 - valueLength % 8) >+ else: >+ alignedValue = value >+ >+ substrate = alignedValue.asOctets() >+ length = len(substrate) >+ # We need at least 32-Bit / 4-Bytes >+ if length < 4: >+ padding = 4 - length >+ else: >+ padding = 0 >+ ret = b'\x00' + substrate + (b'\x00' * padding) >+ return ret, False, True >+BitStringEncoder.encodeValue = BitStringEncoder_encodeValue32 >+ >+def BitString_NamedValues_prettyPrint(self, scope=0): >+ ret = "%s" % self.asBinary() >+ bits = [] >+ highest_bit = 32 >+ for byte in self.asNumbers(): >+ for bit in [7,6,5,4,3,2,1,0]: >+ mask = 1 << bit >+ if byte & mask: >+ val = 1 >+ else: >+ val = 0 >+ bits.append(val) >+ if len(bits) < highest_bit: >+ for bitPosition in range(len(bits), highest_bit): >+ bits.append(0) >+ indent = " " * scope >+ delim = ": (\n%s " % indent >+ for bitPosition in range(highest_bit): >+ if bitPosition in self.prettyPrintNamedValues: >+ name = self.prettyPrintNamedValues[bitPosition] >+ elif bits[bitPosition] != 0: >+ name = "unknown-bit-%u" % bitPosition >+ else: >+ continue >+ ret += "%s%s:%u" % (delim, name, bits[bitPosition]) >+ delim = ",\n%s " % indent >+ ret += "\n%s)" % indent >+ return ret >+krb5_asn1.TicketFlags.prettyPrintNamedValues = krb5_asn1.TicketFlagsValues.namedValues >+krb5_asn1.TicketFlags.namedValues = krb5_asn1.TicketFlagsValues.namedValues >+krb5_asn1.TicketFlags.prettyPrint = BitString_NamedValues_prettyPrint >+krb5_asn1.KDCOptions.prettyPrintNamedValues = krb5_asn1.KDCOptionsValues.namedValues >+krb5_asn1.KDCOptions.namedValues = krb5_asn1.KDCOptionsValues.namedValues >+krb5_asn1.KDCOptions.prettyPrint = BitString_NamedValues_prettyPrint >+ >+def Integer_NamedValues_prettyPrint(self, scope=0): >+ intval = int(self) >+ if intval in self.prettyPrintNamedValues: >+ name = self.prettyPrintNamedValues[intval] >+ else: >+ name = "<__unknown__>" >+ ret = "%d (0x%x) %s" % (intval, intval, name) >+ return ret >+krb5_asn1.NameType.prettyPrintNamedValues = krb5_asn1.NameTypeValues.namedValues >+krb5_asn1.NameType.prettyPrint = Integer_NamedValues_prettyPrint >+krb5_asn1.AuthDataType.prettyPrintNamedValues = krb5_asn1.AuthDataTypeValues.namedValues >+krb5_asn1.AuthDataType.prettyPrint = Integer_NamedValues_prettyPrint >+krb5_asn1.PADataType.prettyPrintNamedValues = krb5_asn1.PADataTypeValues.namedValues >+krb5_asn1.PADataType.prettyPrint = Integer_NamedValues_prettyPrint >+krb5_asn1.EncryptionType.prettyPrintNamedValues = krb5_asn1.EncryptionTypeValues.namedValues >+krb5_asn1.EncryptionType.prettyPrint = Integer_NamedValues_prettyPrint >+krb5_asn1.ChecksumType.prettyPrintNamedValues = krb5_asn1.ChecksumTypeValues.namedValues >+krb5_asn1.ChecksumType.prettyPrint = Integer_NamedValues_prettyPrint >+ >+class Krb5EncryptionKey(object): >+ def __init__(self, key, kvno): >+ EncTypeChecksum = { >+ kcrypto.Enctype.AES256: kcrypto.Cksumtype.SHA1_AES256, >+ kcrypto.Enctype.AES128: kcrypto.Cksumtype.SHA1_AES128, >+ kcrypto.Enctype.RC4: kcrypto.Cksumtype.HMAC_MD5, >+ } >+ self.key = key >+ self.etype = key.enctype >+ self.ctype = EncTypeChecksum[self.etype] >+ self.kvno = kvno >+ return >+ >+ def encrypt(self, usage, plaintext): >+ ciphertext = kcrypto.encrypt(self.key, usage, plaintext) >+ return ciphertext >+ >+ def decrypt(self, usage, ciphertext): >+ plaintext = kcrypto.decrypt(self.key, usage, ciphertext) >+ return plaintext >+ >+ def make_checksum(self, usage, plaintext, ctype=None): >+ if ctype is None: >+ ctype = self.ctype >+ cksum = kcrypto.make_checksum(ctype, self.key, usage, plaintext) >+ return cksum >+ >+ def export_obj(self): >+ EncryptionKey_obj = { >+ 'keytype': self.etype, >+ 'keyvalue': self.key.contents, >+ }; >+ return EncryptionKey_obj >+ >+class RawKerberosTest(TestCase): >+ """A raw Kerberos Test case.""" >+ >+ def setUp(self): >+ super(RawKerberosTest, self).setUp() >+ self.do_asn1_print = False >+ self.do_hexdump = False >+ >+ self.host = samba.tests.env_get_var_value('SERVER') >+ >+ self.s = None >+ >+ def tearDown(self): >+ self._disconnect("tearDown") >+ super(TestCase, self).tearDown() >+ >+ def _disconnect(self, reason): >+ if self.s is None: >+ return >+ self.s.close() >+ self.s = None >+ if self.do_hexdump: >+ sys.stderr.write("disconnect[%s]\n" % reason) >+ >+ def _connect_tcp(self): >+ tcp_port = 88 >+ try: >+ self.a = socket.getaddrinfo(self.host, tcp_port, socket.AF_UNSPEC, >+ socket.SOCK_STREAM, socket.SOL_TCP, >+ 0) >+ self.s = socket.socket(self.a[0][0], self.a[0][1], self.a[0][2]) >+ self.s.settimeout(10) >+ self.s.connect(self.a[0][4]) >+ except socket.error as e: >+ self.s.close() >+ raise >+ except IOError as e: >+ self.s.close() >+ raise >+ except Exception as e: >+ raise >+ finally: >+ pass >+ >+ def connect(self): >+ self.assertNotConnected() >+ self._connect_tcp() >+ if self.do_hexdump: >+ sys.stderr.write("connected[%s]\n" % self.host) >+ return >+ >+ def get_user_creds(self): >+ c = Credentials() >+ c.guess() >+ domain = samba.tests.env_get_var_value('DOMAIN') >+ realm = samba.tests.env_get_var_value('REALM') >+ username = samba.tests.env_get_var_value('USERNAME') >+ password = samba.tests.env_get_var_value('PASSWORD') >+ c.set_domain(domain) >+ c.set_realm(realm) >+ c.set_username(username) >+ c.set_password(password) >+ return c >+ >+ def get_service_creds(self, allow_missing_password=False): >+ c = Credentials() >+ c.guess() >+ domain = samba.tests.env_get_var_value('DOMAIN') >+ realm = samba.tests.env_get_var_value('REALM') >+ username = samba.tests.env_get_var_value('SERVICE_USERNAME') >+ password = samba.tests.env_get_var_value('SERVICE_PASSWORD', >+ allow_missing=allow_missing_password) >+ c.set_domain(domain) >+ c.set_realm(realm) >+ c.set_username(username) >+ if password is not None: >+ c.set_password(password) >+ return c >+ >+ def get_anon_creds(self): >+ c = Credentials() >+ c.set_anonymous() >+ return c >+ >+ def asn1_dump(self, name, obj, asn1_print=None): >+ if asn1_print is None: >+ asn1_print = self.do_asn1_print >+ if asn1_print: >+ if name is not None: >+ sys.stderr.write("%s:\n%s" % (name, obj)) >+ else: >+ sys.stderr.write("%s" % (obj)) >+ >+ def hex_dump(self, name, blob, hexdump=None): >+ if hexdump is None: >+ hexdump = self.do_hexdump >+ if hexdump: >+ sys.stderr.write("%s: %d\n%s" % (name, len(blob), self.hexdump(blob))) >+ >+ def der_decode(self, blob, asn1Spec=None, native_encode=True, asn1_print=None, hexdump=None): >+ if asn1Spec is not None: >+ class_name = type(asn1Spec).__name__.split(':')[0] >+ else: >+ class_name = "<None-asn1Spec>" >+ self.hex_dump(class_name, blob, hexdump=hexdump) >+ obj,_ = pyasn1_der_decode(blob, asn1Spec=asn1Spec) >+ self.asn1_dump(None, obj, asn1_print=asn1_print) >+ if native_encode: >+ obj = pyasn1_native_encode(obj) >+ return obj >+ >+ def der_encode(self, obj, asn1Spec=None, native_decode=True, asn1_print=None, hexdump=None): >+ if native_decode: >+ obj = pyasn1_native_decode(obj, asn1Spec=asn1Spec) >+ class_name = type(obj).__name__.split(':')[0] >+ if class_name is not None: >+ self.asn1_dump(None, obj, asn1_print=asn1_print) >+ blob = pyasn1_der_encode(obj) >+ if class_name is not None: >+ self.hex_dump(class_name, blob, hexdump=hexdump) >+ return blob >+ >+ def send_pdu(self, req, asn1_print=None, hexdump=None): >+ try: >+ k5_pdu = self.der_encode(req, native_decode=False, asn1_print=asn1_print, hexdump=False) >+ header = struct.pack('>I', len(k5_pdu)) >+ req_pdu = header >+ req_pdu += k5_pdu >+ self.hex_dump("send_pdu", header, hexdump=hexdump) >+ self.hex_dump("send_pdu", k5_pdu, hexdump=hexdump) >+ while True: >+ sent = self.s.send(req_pdu, 0) >+ if sent == len(req_pdu): >+ break >+ req_pdu = req_pdu[sent:] >+ except socket.error as e: >+ self._disconnect("send_pdu: %s" % e) >+ raise >+ except IOError as e: >+ self._disconnect("send_pdu: %s" % e) >+ raise >+ finally: >+ pass >+ >+ def recv_raw(self, num_recv=0xffff, hexdump=None, timeout=None): >+ rep_pdu = None >+ try: >+ if timeout is not None: >+ self.s.settimeout(timeout) >+ rep_pdu = self.s.recv(num_recv, 0) >+ self.s.settimeout(10) >+ if len(rep_pdu) == 0: >+ self._disconnect("recv_raw: EOF") >+ return None >+ self.hex_dump("recv_raw", rep_pdu, hexdump=hexdump) >+ except socket.timeout as e: >+ self.s.settimeout(10) >+ sys.stderr.write("recv_raw: TIMEOUT\n") >+ pass >+ except socket.error as e: >+ self._disconnect("recv_raw: %s" % e) >+ raise >+ except IOError as e: >+ self._disconnect("recv_raw: %s" % e) >+ raise >+ finally: >+ pass >+ return rep_pdu >+ >+ def recv_pdu_raw(self, asn1_print=None, hexdump=None, timeout=None): >+ rep_pdu = None >+ rep = None >+ try: >+ raw_pdu = self.recv_raw(num_recv=4, hexdump=hexdump, timeout=timeout) >+ if raw_pdu is None: >+ return (None, None) >+ header = struct.unpack(">I", raw_pdu[0:4]) >+ k5_len = header[0] >+ if k5_len == 0: >+ return (None, "") >+ missing = k5_len >+ rep_pdu = b'' >+ while missing > 0: >+ raw_pdu = self.recv_raw(num_recv=missing, hexdump=hexdump, timeout=timeout) >+ self.assertGreaterEqual(len(raw_pdu), 1) >+ rep_pdu += raw_pdu >+ missing = k5_len - len(rep_pdu) >+ k5_raw = self.der_decode(rep_pdu, asn1Spec=None, native_encode=False, >+ asn1_print=False, hexdump=False) >+ pvno=k5_raw['field-0'] >+ self.assertEqual(pvno, 5) >+ msg_type=k5_raw['field-1'] >+ self.assertIn(msg_type, [11,13,30]) >+ if msg_type == 11: >+ asn1Spec=krb5_asn1.AS_REP() >+ elif msg_type == 13: >+ asn1Spec=krb5_asn1.TGS_REP() >+ elif msg_type == 30: >+ asn1Spec=krb5_asn1.KRB_ERROR() >+ rep = self.der_decode(rep_pdu, asn1Spec=asn1Spec, >+ asn1_print=asn1_print, hexdump=False) >+ finally: >+ pass >+ return (rep, rep_pdu) >+ >+ def recv_pdu(self, asn1_print=None, hexdump=None, timeout=None): >+ (rep, rep_pdu) = self.recv_pdu_raw(asn1_print=asn1_print, >+ hexdump=hexdump, >+ timeout=timeout) >+ return rep >+ >+ def assertIsConnected(self): >+ self.assertIsNotNone(self.s, msg="Not connected") >+ return >+ >+ def assertNotConnected(self): >+ self.assertIsNone(self.s, msg="Is connected") >+ return >+ >+ def send_recv_transaction(self, req, asn1_print=None, hexdump=None, timeout=None): >+ self.connect() >+ try: >+ self.send_pdu(req, asn1_print=asn1_print, hexdump=hexdump) >+ rep = self.recv_pdu(asn1_print=asn1_print, hexdump=hexdump, timeout=timeout) >+ except Exception: >+ self._disconnect("transaction failed") >+ raise >+ self._disconnect("transaction done") >+ return rep >+ >+ def assertNoValue(self, value): >+ self.assertTrue(value.isNoValue) >+ return >+ >+ def assertHasValue(self, value): >+ self.assertIsNotNone(value) >+ return >+ >+ def assertPrincipalEqual(self, princ1, princ2): >+ self.assertEqual(princ1['name-type'], princ2['name-type']) >+ self.assertEqual(len(princ1['name-string']), len(princ2['name-string']), >+ msg="princ1=%s != princ2=%s" % (princ1, princ2)) >+ for idx in range(len(princ1['name-string'])): >+ self.assertEqual(princ1['name-string'][idx], princ2['name-string'][idx], >+ msg="princ1=%s != princ2=%s" % (princ1, princ2)) >+ return >+ >+ def get_KerberosTimeWithUsec(self, epoch=None, offset=None): >+ if epoch is None: >+ epoch = time.time() >+ if offset is not None: >+ epoch = epoch + int(offset) >+ dt = datetime.datetime.fromtimestamp(epoch, tz=datetime.timezone.utc) >+ return (dt.strftime("%Y%m%d%H%M%SZ"), dt.microsecond) >+ >+ def get_KerberosTime(self, epoch=None, offset=None): >+ (s, _) = self.get_KerberosTimeWithUsec(epoch=epoch, offset=offset) >+ return s >+ >+ def SessionKey_create(self, etype, contents, kvno=None): >+ key = kcrypto.Key(etype, contents) >+ return Krb5EncryptionKey(key, kvno) >+ >+ def PasswordKey_create(self, etype=None, pwd=None, salt=None, kvno=None): >+ key = kcrypto.string_to_key(etype, pwd, salt) >+ return Krb5EncryptionKey(key, kvno) >+ >+ def PasswordKey_from_etype_info2(self, creds, etype_info2, kvno=None): >+ e = etype_info2['etype'] >+ salt = None >+ try: >+ salt = etype_info2['salt'] >+ except: >+ pass >+ >+ if e == kcrypto.Enctype.RC4: >+ self.assertIsNone(salt) >+ nthash = creds.get_nt_hash() >+ return self.SessionKey_create(etype=e, contents=nthash, kvno=kvno) >+ >+ password = creds.get_password() >+ return self.PasswordKey_create(etype=e, pwd=password, salt=salt, kvno=kvno) >+ >+ def RandomKey(self, etype): >+ e = kcrypto._get_enctype_profile(etype) >+ contents = samba.generate_random_bytes(e.keysize) >+ return self.SessionKey_create(etype=etype, contents=contents) >+ >+ def EncryptionKey_import(self, EncryptionKey_obj): >+ return self.SessionKey_create(EncryptionKey_obj['keytype'], >+ EncryptionKey_obj['keyvalue']) >+ >+ def EncryptedData_create(self, key, usage, plaintext): >+ # EncryptedData ::= SEQUENCE { >+ # etype [0] Int32 -- EncryptionType --, >+ # kvno [1] UInt32 OPTIONAL, >+ # cipher [2] OCTET STRING -- ciphertext >+ # } >+ ciphertext = key.encrypt(usage, plaintext) >+ EncryptedData_obj = { >+ 'etype': key.etype, >+ 'cipher': ciphertext >+ } >+ if key.kvno is not None: >+ EncryptedData_obj['kvno'] = key.kvno >+ return EncryptedData_obj >+ >+ def Checksum_create(self, key, usage, plaintext, ctype=None): >+ #Checksum ::= SEQUENCE { >+ # cksumtype [0] Int32, >+ # checksum [1] OCTET STRING >+ #} >+ if ctype is None: >+ ctype = key.ctype >+ checksum = key.make_checksum(usage, plaintext, ctype=ctype) >+ Checksum_obj = { >+ 'cksumtype': ctype, >+ 'checksum': checksum, >+ } >+ return Checksum_obj >+ >+ def PrincipalName_create(self, name_type, names): >+ # PrincipalName ::= SEQUENCE { >+ # name-type [0] Int32, >+ # name-string [1] SEQUENCE OF KerberosString >+ # } >+ PrincipalName_obj = { >+ 'name-type': name_type, >+ 'name-string': names, >+ } >+ return PrincipalName_obj >+ >+ def PA_DATA_create(self, padata_type, padata_value): >+ # PA-DATA ::= SEQUENCE { >+ # -- NOTE: first tag is [1], not [0] >+ # padata-type [1] Int32, >+ # padata-value [2] OCTET STRING -- might be encoded AP-REQ >+ # } >+ PA_DATA_obj = { >+ 'padata-type': padata_type, >+ 'padata-value': padata_value, >+ } >+ return PA_DATA_obj >+ >+ def PA_ENC_TS_ENC_create(self, ts, usec): >+ #PA-ENC-TS-ENC ::= SEQUENCE { >+ # patimestamp[0] KerberosTime, -- client's time >+ # pausec[1] krb5int32 OPTIONAL >+ #} >+ PA_ENC_TS_ENC_obj = { >+ 'patimestamp': ts, >+ 'pausec': usec, >+ } >+ return PA_ENC_TS_ENC_obj >+ >+ def KDC_REQ_BODY_create(self, >+ kdc_options, >+ cname, >+ realm, >+ sname, >+ from_time, >+ till_time, >+ renew_time, >+ nonce, >+ etypes, >+ addresses, >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ asn1_print=None, >+ hexdump=None): >+ #KDC-REQ-BODY ::= SEQUENCE { >+ # kdc-options [0] KDCOptions, >+ # cname [1] PrincipalName OPTIONAL >+ # -- Used only in AS-REQ --, >+ # realm [2] Realm >+ # -- Server's realm >+ # -- Also client's in AS-REQ --, >+ # sname [3] PrincipalName OPTIONAL, >+ # from [4] KerberosTime OPTIONAL, >+ # till [5] KerberosTime, >+ # rtime [6] KerberosTime OPTIONAL, >+ # nonce [7] UInt32, >+ # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # -- in preference order --, >+ # addresses [9] HostAddresses OPTIONAL, >+ # enc-authorization-data [10] EncryptedData OPTIONAL >+ # -- AuthorizationData --, >+ # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL >+ # -- NOTE: not empty >+ #} >+ if EncAuthorizationData is not None: >+ enc_ad_plain = self.der_encode(EncAuthorizationData, >+ asn1Spec=krb5_asn1.AuthorizationData(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ enc_ad = self.EncryptedData_create(EncAuthorizationData_key, enc_ad_plain) >+ else: >+ enc_ad = None >+ KDC_REQ_BODY_obj = { >+ 'kdc-options': kdc_options, >+ 'realm': realm, >+ 'till': till_time, >+ 'nonce': nonce, >+ 'etype': etypes, >+ } >+ if cname is not None: >+ KDC_REQ_BODY_obj['cname'] = cname >+ if sname is not None: >+ KDC_REQ_BODY_obj['sname'] = sname >+ if from_time is not None: >+ KDC_REQ_BODY_obj['from'] = from_time >+ if renew_time is not None: >+ KDC_REQ_BODY_obj['rtime'] = renew_time >+ if addresses is not None: >+ KDC_REQ_BODY_obj['addresses'] = addresses >+ if enc_ad is not None: >+ KDC_REQ_BODY_obj['enc-authorization-data'] = enc_ad >+ if additional_tickets is not None: >+ KDC_REQ_BODY_obj['additional-tickets'] = additional_tickets >+ return KDC_REQ_BODY_obj >+ >+ def KDC_REQ_create(self, >+ msg_type, >+ padata, >+ kdc_options, >+ cname, >+ realm, >+ sname, >+ from_time, >+ till_time, >+ renew_time, >+ nonce, >+ etypes, >+ addresses, >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ asn1Spec=None, >+ asn1_print=None, >+ hexdump=None): >+ #KDC-REQ ::= SEQUENCE { >+ # -- NOTE: first tag is [1], not [0] >+ # pvno [1] INTEGER (5) , >+ # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), >+ # padata [3] SEQUENCE OF PA-DATA OPTIONAL >+ # -- NOTE: not empty --, >+ # req-body [4] KDC-REQ-BODY >+ #} >+ # >+ KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create(kdc_options, >+ cname, >+ realm, >+ sname, >+ from_time, >+ till_time, >+ renew_time, >+ nonce, >+ etypes, >+ addresses, >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ KDC_REQ_obj = { >+ 'pvno': 5, >+ 'msg-type': msg_type, >+ 'req-body': KDC_REQ_BODY_obj, >+ } >+ if padata is not None: >+ KDC_REQ_obj['padata'] = padata >+ if asn1Spec is not None: >+ KDC_REQ_decoded = pyasn1_native_decode(KDC_REQ_obj, asn1Spec=asn1Spec) >+ else: >+ KDC_REQ_decoded = None >+ return KDC_REQ_obj, KDC_REQ_decoded >+ >+ def AS_REQ_create(self, >+ padata, # optional >+ kdc_options, # required >+ cname, # optional >+ realm, # required >+ sname, # optional >+ from_time, # optional >+ till_time, # required >+ renew_time, # optional >+ nonce, # required >+ etypes, # required >+ addresses, # optional >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ native_decoded_only=True, >+ asn1_print=None, >+ hexdump=None): >+ #KDC-REQ ::= SEQUENCE { >+ # -- NOTE: first tag is [1], not [0] >+ # pvno [1] INTEGER (5) , >+ # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), >+ # padata [3] SEQUENCE OF PA-DATA OPTIONAL >+ # -- NOTE: not empty --, >+ # req-body [4] KDC-REQ-BODY >+ #} >+ # >+ #KDC-REQ-BODY ::= SEQUENCE { >+ # kdc-options [0] KDCOptions, >+ # cname [1] PrincipalName OPTIONAL >+ # -- Used only in AS-REQ --, >+ # realm [2] Realm >+ # -- Server's realm >+ # -- Also client's in AS-REQ --, >+ # sname [3] PrincipalName OPTIONAL, >+ # from [4] KerberosTime OPTIONAL, >+ # till [5] KerberosTime, >+ # rtime [6] KerberosTime OPTIONAL, >+ # nonce [7] UInt32, >+ # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # -- in preference order --, >+ # addresses [9] HostAddresses OPTIONAL, >+ # enc-authorization-data [10] EncryptedData OPTIONAL >+ # -- AuthorizationData --, >+ # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL >+ # -- NOTE: not empty >+ #} >+ obj,decoded = self.KDC_REQ_create(msg_type=10, >+ padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets, >+ asn1Spec=krb5_asn1.AS_REQ(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ if native_decoded_only: >+ return decoded >+ return decoded, obj >+ >+ def AP_REQ_create(self, ap_options, ticket, authenticator): >+ # AP-REQ ::= [APPLICATION 14] SEQUENCE { >+ # pvno [0] INTEGER (5), >+ # msg-type [1] INTEGER (14), >+ # ap-options [2] APOptions, >+ # ticket [3] Ticket, >+ # authenticator [4] EncryptedData -- Authenticator >+ #} >+ AP_REQ_obj = { >+ 'pvno': 5, >+ 'msg-type': 14, >+ 'ap-options': ap_options, >+ 'ticket': ticket, >+ 'authenticator': authenticator, >+ } >+ return AP_REQ_obj >+ >+ def Authenticator_create(self, crealm, cname, cksum, cusec, ctime, subkey, seq_number, >+ authorization_data): >+ # -- Unencrypted authenticator >+ # Authenticator ::= [APPLICATION 2] SEQUENCE { >+ # authenticator-vno [0] INTEGER (5), >+ # crealm [1] Realm, >+ # cname [2] PrincipalName, >+ # cksum [3] Checksum OPTIONAL, >+ # cusec [4] Microseconds, >+ # ctime [5] KerberosTime, >+ # subkey [6] EncryptionKey OPTIONAL, >+ # seq-number [7] UInt32 OPTIONAL, >+ # authorization-data [8] AuthorizationData OPTIONAL >+ #} >+ Authenticator_obj = { >+ 'authenticator-vno': 5, >+ 'crealm': crealm, >+ 'cname': cname, >+ 'cusec': cusec, >+ 'ctime': ctime, >+ } >+ if cksum is not None: >+ Authenticator_obj['cksum'] = cksum >+ if subkey is not None: >+ Authenticator_obj['subkey'] = subkey >+ if seq_number is not None: >+ Authenticator_obj['seq-number'] = seq_number >+ if authorization_data is not None: >+ Authenticator_obj['authorization-data'] = authorization_data >+ return Authenticator_obj >+ >+ def TGS_REQ_create(self, >+ padata, # optional >+ cusec, >+ ctime, >+ ticket, >+ kdc_options, # required >+ cname, # optional >+ realm, # required >+ sname, # optional >+ from_time, # optional >+ till_time, # required >+ renew_time, # optional >+ nonce, # required >+ etypes, # required >+ addresses, # optional >+ EncAuthorizationData, >+ EncAuthorizationData_key, >+ additional_tickets, >+ ticket_session_key, >+ authenticator_subkey=None, >+ body_checksum_type=None, >+ native_decoded_only=True, >+ asn1_print=None, >+ hexdump=None): >+ #KDC-REQ ::= SEQUENCE { >+ # -- NOTE: first tag is [1], not [0] >+ # pvno [1] INTEGER (5) , >+ # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), >+ # padata [3] SEQUENCE OF PA-DATA OPTIONAL >+ # -- NOTE: not empty --, >+ # req-body [4] KDC-REQ-BODY >+ #} >+ # >+ #KDC-REQ-BODY ::= SEQUENCE { >+ # kdc-options [0] KDCOptions, >+ # cname [1] PrincipalName OPTIONAL >+ # -- Used only in AS-REQ --, >+ # realm [2] Realm >+ # -- Server's realm >+ # -- Also client's in AS-REQ --, >+ # sname [3] PrincipalName OPTIONAL, >+ # from [4] KerberosTime OPTIONAL, >+ # till [5] KerberosTime, >+ # rtime [6] KerberosTime OPTIONAL, >+ # nonce [7] UInt32, >+ # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # -- in preference order --, >+ # addresses [9] HostAddresses OPTIONAL, >+ # enc-authorization-data [10] EncryptedData OPTIONAL >+ # -- AuthorizationData --, >+ # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL >+ # -- NOTE: not empty >+ #} >+ >+ req_body = self.KDC_REQ_BODY_create(kdc_options=kdc_options, >+ cname=None, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets) >+ req_body = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), >+ asn1_print=asn1_print, hexdump=hexdump) >+ >+ req_body_checksum = self.Checksum_create(ticket_session_key, 6, req_body, >+ ctype=body_checksum_type) >+ >+ subkey_obj = None >+ if authenticator_subkey is not None: >+ subkey_obj = authenticator_subkey.export_obj() >+ seq_number = random.randint(0, 0xfffffffe) >+ authenticator = self.Authenticator_create(crealm=realm, >+ cname=cname, >+ cksum=req_body_checksum, >+ cusec=cusec, >+ ctime=ctime, >+ subkey=subkey_obj, >+ seq_number=seq_number, >+ authorization_data=None) >+ authenticator = self.der_encode(authenticator, asn1Spec=krb5_asn1.Authenticator(), >+ asn1_print=asn1_print, hexdump=hexdump) >+ >+ authenticator = self.EncryptedData_create(ticket_session_key, 7, authenticator) >+ >+ ap_options = krb5_asn1.APOptions('0') >+ ap_req = self.AP_REQ_create(ap_options=str(ap_options), >+ ticket=ticket, >+ authenticator=authenticator) >+ ap_req = self.der_encode(ap_req, asn1Spec=krb5_asn1.AP_REQ(), >+ asn1_print=asn1_print, hexdump=hexdump) >+ pa_tgs_req = self.PA_DATA_create(1, ap_req) >+ if padata is not None: >+ padata.append(pa_tgs_req) >+ else: >+ padata = [pa_tgs_req] >+ >+ obj,decoded = self.KDC_REQ_create(msg_type=12, >+ padata=padata, >+ kdc_options=kdc_options, >+ cname=None, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets, >+ asn1Spec=krb5_asn1.TGS_REQ(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ if native_decoded_only: >+ return decoded >+ return decoded, obj >-- >2.25.1 > > >From 5278f81a1563fbe44b9da4657717afc51b9f1bcc Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 13 Feb 2020 16:29:38 +0100 >Subject: [PATCH 021/380] python/tests/krb5: add simple_tests.py with the first > simple test > >This just demonstrates that the infrastructure works:-) > >I'm running this as: > > SERVER=172.31.9.188 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE \ > USERNAME=administrator PASSWORD=A1b2C3d4 SERVICE_USERNAME="w2012r2-188" \ > python/samba/tests/krb5/simple_tests.py > >Pair-Programmed-With: Isaac Boukris <iboukris@samba.org> > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >(cherry picked from commit 4f6d26609a66a42df671a540677af15e67efc0df) >--- > python/samba/tests/krb5/simple_tests.py | 171 ++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > 2 files changed, 172 insertions(+) > create mode 100755 python/samba/tests/krb5/simple_tests.py > >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >new file mode 100755 >index 00000000000..c9998c4d2db >--- /dev/null >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -0,0 +1,171 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+ >+global_asn1_print = False >+global_hexdump = False >+ >+class SimpleKerberosTests(RawKerberosTest): >+ >+ def setUp(self): >+ super(SimpleKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def test_simple(self): >+ user_creds = self.get_user_creds() >+ user = user_creds.get_username() >+ realm = user_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=1, names=[user]) >+ sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = None >+ >+ etypes=(18,17,23) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ self.assertEqual(rep['msg-type'], 30) >+ self.assertEqual(rep['error-code'], 25) >+ rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(2, pa_ts) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 11) >+ >+ usage = 3 >+ enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ >+ # TGS Request >+ service_creds = self.get_service_creds(allow_missing_password=True) >+ service_name = service_creds.get_username() >+ >+ sname = self.PrincipalName_create(name_type=2, names=["host", service_name]) >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ till = self.get_KerberosTime(offset=36000) >+ ticket = rep['ticket'] >+ ticket_session_key = self.EncryptionKey_import(enc_part2['key']) >+ padata = [] >+ >+ subkey = self.RandomKey(ticket_session_key.etype) >+ subkey_usage = 9 >+ >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ >+ req = self.TGS_REQ_create(padata=padata, >+ cusec=cusec, >+ ctime=ctime, >+ ticket=ticket, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7ffffffe, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None, >+ ticket_session_key=ticket_session_key, >+ authenticator_subkey=subkey) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 13) >+ >+ enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ >+ return >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 06fdc9afacb..18e9fad232f 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -86,6 +86,7 @@ EXCLUDE_USAGE = { > 'bin/python/samba/subunit/run.py', > 'python/samba/tests/dcerpc/raw_protocol.py', > 'python/samba/tests/krb5/kcrypto.py', >+ 'python/samba/tests/krb5/simple_tests.py', > } > > EXCLUDE_HELP = { >-- >2.25.1 > > >From 410f981c611ffdd3a0f661208736120a9d86723c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 13 Feb 2020 16:29:38 +0100 >Subject: [PATCH 022/380] s4:selftest: run samba.tests.krb5.simple_tests > against ad_dc_default > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Fri Mar 27 19:54:25 UTC 2020 on sn-devel-184 > >(cherry picked from commit c4ccdf4b30de1b1e63d3fd99d33b924b816a5d37) >--- > source4/selftest/tests.py | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 9194c9b04f7..693209f2d1e 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -743,6 +743,8 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNA > planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"']) > > planoldpythontestsuite("none", "samba.tests.krb5.kcrypto") >+planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", >+ environ={'SERVICE_USERNAME':'$SERVER'}) > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From 6fe467d921213dbc3cd51dd0712197472beb06ea Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Thu, 7 May 2020 17:16:53 +0200 >Subject: [PATCH 023/380] Revert "selftest: allow any kdc error in > mitm-s4u2self test" > >This reverts commit a53fa8ffe3e36f7921baf5d31a1052747f90aa7d. > >This allows a clean revert (and so removal) of the test. > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ce65e8979dda9774b170db7a9fa7ba458af4cee9) >--- > source4/torture/krb5/kdc-canon-heimdal.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) > >diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c >index 700e1c2b37e..8dc3e24a8d5 100644 >--- a/source4/torture/krb5/kdc-canon-heimdal.c >+++ b/source4/torture/krb5/kdc-canon-heimdal.c >@@ -737,12 +737,13 @@ static bool torture_krb5_post_recv_tgs_req_canon_test(struct torture_krb5_contex > error.pvno, 5, > "Got wrong error.pvno"); > expected_error = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN - KRB5KDC_ERR_NONE; >- if (!test_context->test_data->mitm_s4u2self) { >- torture_assert_int_equal(test_context->tctx, >- error.error_code, >- expected_error, >- "Got wrong error.error_code"); >+ if (error.error_code != expected_error && test_context->test_data->mitm_s4u2self) { >+ expected_error = KRB5KRB_AP_ERR_INAPP_CKSUM - KRB5KDC_ERR_NONE; > } >+ torture_assert_int_equal(test_context->tctx, >+ error.error_code, >+ expected_error, >+ "Got wrong error.error_code"); > } else { > torture_assert_int_equal(test_context->tctx, > decode_TGS_REP(recv_buf->data, recv_buf->length, >@@ -2089,7 +2090,8 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void * > || test_data->upn == false)) { > > if (test_data->mitm_s4u2self) { >- torture_assert_int_not_equal(tctx, k5ret, 0, assertion_message); >+ torture_assert_int_equal(tctx, k5ret, KRB5KRB_AP_ERR_INAPP_CKSUM, >+ assertion_message); > /* Done testing mitm-s4u2self */ > return true; > } >-- >2.25.1 > > >From 7620840700f6c4810821e821c645542da9279ace Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Thu, 7 May 2020 17:17:00 +0200 >Subject: [PATCH 024/380] Revert "selftest: mitm-s4u2self: use zlib for > CRC32_checksum calc" > >This reverts commit 151f8c0f31d3d17b9418db3793ec14ba7dbf2143. > >This allows a clean revert (and so removal) of the test. > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit b5adc112771f22c2d7c4319063c3e89074c4f4ab) >--- > source4/torture/krb5/kdc-canon-heimdal.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > >diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c >index 8dc3e24a8d5..dffebd74038 100644 >--- a/source4/torture/krb5/kdc-canon-heimdal.c >+++ b/source4/torture/krb5/kdc-canon-heimdal.c >@@ -33,7 +33,6 @@ > #include "auth/auth_sam_reply.h" > #include "auth/gensec/gensec.h" > #include "param/param.h" >-#include "zlib.h" > > #define TEST_CANONICALIZE 0x0000001 > #define TEST_ENTERPRISE 0x0000002 >@@ -215,17 +214,6 @@ static bool test_accept_ticket(struct torture_context *tctx, > return true; > } > >-static void >-zCRC32_checksum(const void *data, >- size_t len, >- Checksum *C) >-{ >- uint32_t *crc = C->checksum.data; >- *crc = ~(crc32(0xffffffff, data, len)); >- C->checksum.length = 4; >- C->cksumtype = 1; >-} >- > krb5_error_code > _krb5_s4u2self_to_checksumdata(krb5_context context, > const PA_S4U2Self *self, >@@ -264,7 +252,11 @@ static bool change_for_user_principal(struct torture_krb5_context *test_context, > torture_assert_int_equal(test_context->tctx, > _krb5_s4u2self_to_checksumdata(k5_ctx, &mod_self, &cksum_data), > 0, "_krb5_s4u2self_to_checksumdata() failed"); >- zCRC32_checksum(cksum_data.data, cksum_data.length, &mod_self.cksum); >+ torture_assert_int_equal(test_context->tctx, >+ krb5_create_checksum(k5_ctx, NULL, KRB5_KU_OTHER_CKSUM, >+ CKSUMTYPE_CRC32, cksum_data.data, >+ cksum_data.length, &mod_self.cksum), >+ 0, "krb5_create_checksum() failed"); > > ASN1_MALLOC_ENCODE(PA_S4U2Self, for_user->padata_value.data, for_user->padata_value.length, > &mod_self, &used, ret); >@@ -278,6 +270,7 @@ static bool change_for_user_principal(struct torture_krb5_context *test_context, > > free_PA_S4U2Self(&self); > krb5_data_free(&cksum_data); >+ free_Checksum(&mod_self.cksum); > > return true; > } >-- >2.25.1 > > >From 22b18f728ca3e03b27c6324f0d4004a4afafddeb Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Thu, 7 May 2020 17:17:12 +0200 >Subject: [PATCH 025/380] Revert "CVE-2018-16860 selftest: Add test for > S4U2Self with unkeyed checksum" > >This reverts commit 5639e973c1f6f1b28b122741763f1d05b47bc2d8. > >This is no longer needed as the next commit includes a Python >test for this, without the complexity of being inside krb5.kdc.canon. > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 19875a37318a7cd5585572616cf12a775591193f) >--- > source4/torture/krb5/kdc-canon-heimdal.c | 105 +---------------------- > 1 file changed, 4 insertions(+), 101 deletions(-) > >diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c >index dffebd74038..9e0808b134c 100644 >--- a/source4/torture/krb5/kdc-canon-heimdal.c >+++ b/source4/torture/krb5/kdc-canon-heimdal.c >@@ -44,8 +44,7 @@ > #define TEST_S4U2SELF 0x0000080 > #define TEST_REMOVEDOLLAR 0x0000100 > #define TEST_AS_REQ_SPN 0x0000200 >-#define TEST_MITM_S4U2SELF 0x0000400 >-#define TEST_ALL 0x00007FF >+#define TEST_ALL 0x00003FF > > struct test_data { > const char *test_name; >@@ -63,7 +62,6 @@ struct test_data { > bool upn; > bool other_upn_suffix; > bool s4u2self; >- bool mitm_s4u2self; > bool removedollar; > bool as_req_spn; > bool spn_is_upn; >@@ -214,67 +212,6 @@ static bool test_accept_ticket(struct torture_context *tctx, > return true; > } > >-krb5_error_code >-_krb5_s4u2self_to_checksumdata(krb5_context context, >- const PA_S4U2Self *self, >- krb5_data *data); >- >-/* Helper function to modify the principal in PA_FOR_USER padata */ >-static bool change_for_user_principal(struct torture_krb5_context *test_context, >- krb5_data *modified_send_buf) >-{ >- PA_DATA *for_user; >- int i = 0; >- size_t used; >- krb5_error_code ret; >- PA_S4U2Self self, mod_self; >- krb5_data cksum_data; >- krb5_principal admin; >- heim_octet_string orig_padata_value; >- krb5_context k5_ctx = test_context->smb_krb5_context->krb5_context; >- >- for_user = krb5_find_padata(test_context->tgs_req.padata->val, >- test_context->tgs_req.padata->len, KRB5_PADATA_FOR_USER, &i); >- torture_assert(test_context->tctx, for_user != NULL, "No PA_FOR_USER in s4u2self request"); >- orig_padata_value = for_user->padata_value; >- >- torture_assert_int_equal(test_context->tctx, >- krb5_make_principal(k5_ctx, &admin, test_context->test_data->realm, >- "Administrator", NULL), >- 0, "krb5_make_principal() failed"); >- torture_assert_int_equal(test_context->tctx, >- decode_PA_S4U2Self(for_user->padata_value.data, >- for_user->padata_value.length, &self, NULL), >- 0, "decode_PA_S4U2Self() failed"); >- mod_self = self; >- mod_self.name = admin->name; >- >- torture_assert_int_equal(test_context->tctx, >- _krb5_s4u2self_to_checksumdata(k5_ctx, &mod_self, &cksum_data), >- 0, "_krb5_s4u2self_to_checksumdata() failed"); >- torture_assert_int_equal(test_context->tctx, >- krb5_create_checksum(k5_ctx, NULL, KRB5_KU_OTHER_CKSUM, >- CKSUMTYPE_CRC32, cksum_data.data, >- cksum_data.length, &mod_self.cksum), >- 0, "krb5_create_checksum() failed"); >- >- ASN1_MALLOC_ENCODE(PA_S4U2Self, for_user->padata_value.data, for_user->padata_value.length, >- &mod_self, &used, ret); >- torture_assert(test_context->tctx, ret == 0, "Failed to encode PA_S4U2Self ASN1 struct"); >- ASN1_MALLOC_ENCODE(TGS_REQ, modified_send_buf->data, modified_send_buf->length, >- &test_context->tgs_req, &used, ret); >- torture_assert(test_context->tctx, ret == 0, "Failed to encode TGS_REQ ASN1 struct"); >- >- free(for_user->padata_value.data); >- for_user->padata_value = orig_padata_value; >- >- free_PA_S4U2Self(&self); >- krb5_data_free(&cksum_data); >- free_Checksum(&mod_self.cksum); >- >- return true; >-} >- > /* > * TEST_AS_REQ and TEST_AS_REQ_SELF - SEND > * >@@ -694,12 +631,7 @@ static bool torture_krb5_pre_send_tgs_req_canon_test(struct torture_krb5_context > > } > >- if (test_context->test_data->mitm_s4u2self) { >- torture_assert(test_context->tctx, change_for_user_principal(test_context, modified_send_buf), >- "Failed to modify PA_FOR_USER principal name"); >- } else { >- *modified_send_buf = *send_buf; >- } >+ *modified_send_buf = *send_buf; > > return true; > } >@@ -718,7 +650,6 @@ static bool torture_krb5_post_recv_tgs_req_canon_test(struct torture_krb5_contex > { > KRB_ERROR error; > size_t used; >- krb5_error_code expected_error; > > /* > * If this account did not have a servicePrincipalName, then >@@ -729,13 +660,9 @@ static bool torture_krb5_post_recv_tgs_req_canon_test(struct torture_krb5_contex > torture_assert_int_equal(test_context->tctx, > error.pvno, 5, > "Got wrong error.pvno"); >- expected_error = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN - KRB5KDC_ERR_NONE; >- if (error.error_code != expected_error && test_context->test_data->mitm_s4u2self) { >- expected_error = KRB5KRB_AP_ERR_INAPP_CKSUM - KRB5KDC_ERR_NONE; >- } > torture_assert_int_equal(test_context->tctx, > error.error_code, >- expected_error, >+ KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN - KRB5KDC_ERR_NONE, > "Got wrong error.error_code"); > } else { > torture_assert_int_equal(test_context->tctx, >@@ -778,8 +705,6 @@ static bool torture_krb5_post_recv_tgs_req_canon_test(struct torture_krb5_contex > torture_assert_int_equal(test_context->tctx, > *test_context->tgs_rep.ticket.enc_part.kvno & 0xFFFF0000, > 0, "Unexpecedly got a RODC number in the KVNO, should just be principal KVNO"); >- torture_assert(test_context->tctx, test_context->test_data->mitm_s4u2self == false, >- "KDC accepted PA_S4U2Self with unkeyed checksum!"); > free_TGS_REP(&test_context->tgs_rep); > } > torture_assert(test_context->tctx, test_context->packet_count == 0, "too many packets"); >@@ -2081,23 +2006,7 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void * > && (test_data->enterprise > || test_data->spn_is_upn > || test_data->upn == false)) { >- >- if (test_data->mitm_s4u2self) { >- torture_assert_int_equal(tctx, k5ret, KRB5KRB_AP_ERR_INAPP_CKSUM, >- assertion_message); >- /* Done testing mitm-s4u2self */ >- return true; >- } >- > torture_assert_int_equal(tctx, k5ret, 0, assertion_message); >- >- /* Check that the impersonate principal is not being canonicalized by the KDC. */ >- if (test_data->s4u2self) { >- torture_assert(tctx, krb5_principal_compare(k5_context, server_creds->client, >- principal), >- "TGS-REP cname does not match requested client principal"); >- } >- > torture_assert_int_equal(tctx, krb5_cc_store_cred(k5_context, > ccache, server_creds), > 0, "krb5_cc_store_cred failed"); >@@ -2571,7 +2480,7 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) > (i & TEST_UPN) ? "upn" : > ((i & TEST_AS_REQ_SPN) ? "spn" : > ((i & TEST_REMOVEDOLLAR) ? "removedollar" : "samaccountname")), >- (i & TEST_S4U2SELF) ? (i & TEST_MITM_S4U2SELF) ? "mitm-s4u2self" : "s4u2self" : "normal"); >+ (i & TEST_S4U2SELF) ? "s4u2self" : "normal"); > struct torture_suite *sub_suite = torture_suite_create(mem_ctx, name); > > struct test_data *test_data = talloc_zero(suite, struct test_data); >@@ -2585,11 +2494,6 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) > continue; > } > } >- if (i & TEST_MITM_S4U2SELF) { >- if (!(i & TEST_S4U2SELF)) { >- continue; >- } >- } > > test_data->test_name = name; > test_data->real_realm >@@ -2610,7 +2514,6 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx) > test_data->win2k = (i & TEST_WIN2K) != 0; > test_data->upn = (i & TEST_UPN) != 0; > test_data->s4u2self = (i & TEST_S4U2SELF) != 0; >- test_data->mitm_s4u2self = (i & TEST_MITM_S4U2SELF) != 0; > test_data->removedollar = (i & TEST_REMOVEDOLLAR) != 0; > test_data->as_req_spn = (i & TEST_AS_REQ_SPN) != 0; > torture_suite_add_simple_tcase_const(sub_suite, name, torture_krb5_as_req_canon, >-- >2.25.1 > > >From 2e6b6ccb8e2b47e883c924738d05559622d4476f Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Mon, 4 May 2020 18:09:53 +0200 >Subject: [PATCH 026/380] selftest: add python S4U2Self tests including unkeyed > checksums > >To test the CRC32 I reverted the unkeyed-checksum fix (43958af1) >and the weak-crypto fix (389d1b97). Note that the unkeyed-md5 >still worked even with weak-crypto disabled, and that the >unkeyed-sha1 never worked but I left it anyway. > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184 > >(cherry picked from commit 8b5e7644130146bcc4e5a0dd05da6458a6025dd8) >--- > python/samba/tests/krb5/kcrypto.py | 85 ++++++++++ > python/samba/tests/krb5/raw_testcase.py | 23 +++ > python/samba/tests/krb5/rfc4120.asn1 | 8 + > python/samba/tests/krb5/rfc4120_pyasn1.py | 14 +- > python/samba/tests/krb5/s4u_tests.py | 197 ++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail | 2 + > selftest/skip_mit_kdc | 1 + > selftest/target/Samba4.pm | 23 +++ > source4/selftest/tests.py | 4 + > 10 files changed, 357 insertions(+), 1 deletion(-) > create mode 100755 python/samba/tests/krb5/s4u_tests.py > >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >index ed3c84fa186..2572fa5bab3 100755 >--- a/python/samba/tests/krb5/kcrypto.py >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -51,6 +51,7 @@ os.environ["PYTHONUNBUFFERED"] = "1" > from math import gcd > from functools import reduce > from struct import pack, unpack >+from binascii import crc32 > from cryptography.hazmat.primitives import hashes > from cryptography.hazmat.primitives import hmac > from cryptography.hazmat.primitives.ciphers import algorithms as ciphers >@@ -533,6 +534,21 @@ class _MD5(_ChecksumProfile): > return SIMPLE_HASH(text, hashes.MD5) > > >+class _SHA1(_ChecksumProfile): >+ @classmethod >+ def checksum(cls, key, keyusage, text): >+ # This is unkeyed! >+ return SIMPLE_HASH(text, hashes.SHA1) >+ >+ >+class _CRC32(_ChecksumProfile): >+ @classmethod >+ def checksum(cls, key, keyusage, text): >+ # This is unkeyed! >+ cksum = (~crc32(text, 0xffffffff)) & 0xffffffff >+ return pack('<I', cksum) >+ >+ > _enctype_table = { > Enctype.DES3: _DES3CBC, > Enctype.AES128: _AES128CTS, >@@ -547,6 +563,8 @@ _checksum_table = { > Cksumtype.SHA1_AES256: _SHA1AES256, > Cksumtype.HMAC_MD5: _HMACMD5, > Cksumtype.MD5: _MD5, >+ Cksumtype.SHA1: _SHA1, >+ Cksumtype.CRC32: _CRC32, > } > > >@@ -835,6 +853,73 @@ class KcrytoTest(TestCase): > def test_md5_unkeyed_checksum_aes256_usage_50(self): > return self._test_md5_unkeyed_checksum(Enctype.AES256, 50) > >+ def _test_sha1_unkeyed_checksum(self, etype, usage): >+ # SHA1 unkeyed checksum >+ pw = b'password' >+ salt = b'salt' >+ key = string_to_key(etype, pw, salt) >+ plain = b'twenty nineteen eighteen seventeen' >+ cksum = h('381c870d8875d1913555de19af5c885fd27b7da9') >+ verify_checksum(Cksumtype.SHA1, key, usage, plain, cksum) >+ >+ def test_sha1_unkeyed_checksum_des3_usage_40(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.DES3, 40) >+ >+ def test_sha1_unkeyed_checksum_des3_usage_50(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.DES3, 50) >+ >+ def test_sha1_unkeyed_checksum_rc4_usage_40(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.RC4, 40) >+ >+ def test_sha1_unkeyed_checksum_rc4_usage_50(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.RC4, 50) >+ >+ def test_sha1_unkeyed_checksum_aes128_usage_40(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.AES128, 40) >+ >+ def test_sha1_unkeyed_checksum_aes128_usage_50(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.AES128, 50) >+ >+ def test_sha1_unkeyed_checksum_aes256_usage_40(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.AES256, 40) >+ >+ def test_sha1_unkeyed_checksum_aes256_usage_50(self): >+ return self._test_sha1_unkeyed_checksum(Enctype.AES256, 50) >+ >+ def _test_crc32_unkeyed_checksum(self, etype, usage): >+ # CRC32 unkeyed checksum >+ pw = b'password' >+ salt = b'salt' >+ key = string_to_key(etype, pw, salt) >+ plain = b'africa america asia australia europe' >+ cksum = h('ce595a53') >+ verify_checksum(Cksumtype.CRC32, key, usage, plain, cksum) >+ >+ def test_crc32_unkeyed_checksum_des3_usage_40(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.DES3, 40) >+ >+ def test_crc32_unkeyed_checksum_des3_usage_50(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.DES3, 50) >+ >+ def test_crc32_unkeyed_checksum_rc4_usage_40(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.RC4, 40) >+ >+ def test_crc32_unkeyed_checksum_rc4_usage_50(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.RC4, 50) >+ >+ def test_crc32_unkeyed_checksum_aes128_usage_40(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.AES128, 40) >+ >+ def test_crc32_unkeyed_checksum_aes128_usage_50(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.AES128, 50) >+ >+ def test_crc32_unkeyed_checksum_aes256_usage_40(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.AES256, 40) >+ >+ def test_crc32_unkeyed_checksum_aes256_usage_50(self): >+ return self._test_crc32_unkeyed_checksum(Enctype.AES256, 50) >+ >+ > if __name__ == "__main__": > import unittest > unittest.main() >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 6c7bcd418a0..f43ce9cbc3c 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -867,3 +867,26 @@ class RawKerberosTest(TestCase): > if native_decoded_only: > return decoded > return decoded, obj >+ >+ def PA_S4U2Self_create(self, name, realm, tgt_session_key, ctype=None): >+ # PA-S4U2Self ::= SEQUENCE { >+ # name [0] PrincipalName, >+ # realm [1] Realm, >+ # cksum [2] Checksum, >+ # auth [3] GeneralString >+ # } >+ cksum_data = name['name-type'].to_bytes(4, byteorder='little') >+ for n in name['name-string']: >+ cksum_data += n.encode() >+ cksum_data += realm.encode() >+ cksum_data += "Kerberos".encode() >+ cksum = self.Checksum_create(tgt_session_key, 17, cksum_data, ctype) >+ >+ PA_S4U2Self_obj = { >+ 'name': name, >+ 'realm': realm, >+ 'cksum': cksum, >+ 'auth': "Kerberos", >+ } >+ pa_s4u2self = self.der_encode(PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) >+ return self.PA_DATA_create(129, pa_s4u2self) >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 05b43106034..98ba887729d 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -415,6 +415,14 @@ AD-AND-OR ::= SEQUENCE { > > AD-MANDATORY-FOR-KDC ::= AuthorizationData > >+-- S4U >+ >+PA-S4U2Self ::= SEQUENCE { >+ name [0] PrincipalName, >+ realm [1] Realm, >+ cksum [2] Checksum, >+ auth [3] KerberosString >+} > > > >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index b2627aa3dcb..05304a8a099 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-03-26 10:28:24.346775) >+# (last modified on 2020-05-06 17:51:00.323318) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -780,6 +780,18 @@ PA_ENC_TS_ENC.componentType = namedtype.NamedTypes( > ) > > >+class PA_S4U2Self(univ.Sequence): >+ pass >+ >+ >+PA_S4U2Self.componentType = namedtype.NamedTypes( >+ namedtype.NamedType('name', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), >+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), >+ namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), >+ namedtype.NamedType('auth', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) >+) >+ >+ > class PADataTypeValues(univ.Integer): > pass > >diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py >new file mode 100755 >index 00000000000..ae38635c53b >--- /dev/null >+++ b/python/samba/tests/krb5/s4u_tests.py >@@ -0,0 +1,197 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests import env_get_var_value >+from samba.tests.krb5.kcrypto import Cksumtype >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+ >+global_asn1_print = False >+global_hexdump = False >+ >+class S4UKerberosTests(RawKerberosTest): >+ >+ def setUp(self): >+ super(S4UKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def _test_s4u2self(self, pa_s4u2self_ctype=None): >+ service_creds = self.get_service_creds() >+ service = service_creds.get_username() >+ realm = service_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=1, names=[service]) >+ sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = None >+ >+ etypes=(18,17,23) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ self.assertEqual(rep['msg-type'], 30) >+ self.assertEqual(rep['error-code'], 25) >+ rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(service_creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(2, pa_ts) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 11) >+ >+ usage = 3 >+ enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ >+ # S4U2Self Request >+ sname = cname >+ >+ for_user_name = env_get_var_value('FOR_USER') >+ uname = self.PrincipalName_create(name_type=1, names=[for_user_name]) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ till = self.get_KerberosTime(offset=36000) >+ ticket = rep['ticket'] >+ ticket_session_key = self.EncryptionKey_import(enc_part2['key']) >+ pa_s4u = self.PA_S4U2Self_create(name=uname, realm=realm, >+ tgt_session_key=ticket_session_key, >+ ctype=pa_s4u2self_ctype) >+ padata = [pa_s4u] >+ >+ subkey = self.RandomKey(ticket_session_key.etype) >+ subkey_usage = 9 >+ >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ >+ req = self.TGS_REQ_create(padata=padata, >+ cusec=cusec, >+ ctime=ctime, >+ ticket=ticket, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7ffffffe, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None, >+ ticket_session_key=ticket_session_key, >+ authenticator_subkey=subkey) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ if msg_type == 13: >+ enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ >+ return msg_type >+ >+ # Using the checksum type from the tgt_session_key happens to work everywhere >+ def test_s4u2self(self): >+ msg_type = self._test_s4u2self() >+ self.assertEqual(msg_type, 13) >+ >+ # Per spec, the checksum of PA-FOR-USER is HMAC_MD5, see [MS-SFU] 2.2.1 >+ def test_s4u2self_hmac_md5_checksum(self): >+ msg_type = self._test_s4u2self(pa_s4u2self_ctype=Cksumtype.HMAC_MD5) >+ self.assertEqual(msg_type, 13) >+ >+ def test_s4u2self_md5_unkeyed_checksum(self): >+ msg_type = self._test_s4u2self(pa_s4u2self_ctype=Cksumtype.MD5) >+ self.assertEqual(msg_type, 30) >+ >+ def test_s4u2self_sha1_unkeyed_checksum(self): >+ msg_type = self._test_s4u2self(pa_s4u2self_ctype=Cksumtype.SHA1) >+ self.assertEqual(msg_type, 30) >+ >+ def test_s4u2self_crc32_unkeyed_checksum(self): >+ msg_type = self._test_s4u2self(pa_s4u2self_ctype=Cksumtype.CRC32) >+ self.assertEqual(msg_type, 30) >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 18e9fad232f..58053474e03 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -87,6 +87,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/dcerpc/raw_protocol.py', > 'python/samba/tests/krb5/kcrypto.py', > 'python/samba/tests/krb5/simple_tests.py', >+ 'python/samba/tests/krb5/s4u_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail b/selftest/knownfail >index f5466fccd8c..44ab3e59069 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -380,3 +380,5 @@ > ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) > ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) >+# Fixed upstream heimdal in PR #439 >+^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_hmac_md5_checksum >diff --git a/selftest/skip_mit_kdc b/selftest/skip_mit_kdc >index 4a51c98ea0b..ea644638c9f 100644 >--- a/selftest/skip_mit_kdc >+++ b/selftest/skip_mit_kdc >@@ -3,3 +3,4 @@ > .*RODC > ^samba4.ntvfs.cifs.ntlm.base.unlink > ^samba4.ntvfs.cifs.krb5.base.unlink >+^samba.tests.krb5.s4u_tests >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 860cc06d99b..927638cb7c4 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -895,6 +895,29 @@ sub provision_raw_step2($$$) > return undef; > } > >+ my $srv_account = "srv_account"; >+ $samba_tool_cmd = ""; >+ $samba_tool_cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; >+ $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; >+ $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" "; >+ $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") >+ . " user create --configfile=$ctx->{smb_conf} $srv_account $ctx->{password}"; >+ unless (system($samba_tool_cmd) == 0) { >+ warn("Unable to add $srv_account user: \n$samba_tool_cmd\n"); >+ return undef; >+ } >+ >+ $samba_tool_cmd = ""; >+ $samba_tool_cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; >+ $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; >+ $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" "; >+ $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool") >+ . " spn add HOST/$srv_account --configfile=$ctx->{smb_conf} $srv_account"; >+ unless (system($samba_tool_cmd) == 0) { >+ warn("Unable to add spn for $srv_account: \n$samba_tool_cmd\n"); >+ return undef; >+ } >+ > my $ldbmodify = ""; > $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; > $ldbmodify .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" "; >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 693209f2d1e..59b447de40a 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -745,6 +745,10 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U > planoldpythontestsuite("none", "samba.tests.krb5.kcrypto") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", > environ={'SERVICE_USERNAME':'$SERVER'}) >+planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", >+ environ={'SERVICE_USERNAME':'srv_account', >+ 'SERVICE_PASSWORD':'$PASSWORD', >+ 'FOR_USER':'$USERNAME'}) > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) >-- >2.25.1 > > >From efdad55260a4a5c68ca646a2f101d36013cc3f60 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Sun, 19 Jan 2020 16:24:24 +0100 >Subject: [PATCH 027/380] selftest: add test for disallowed-forwardable server > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 197f97bc13c513ae6ae2b4129b23489081f63c64) >--- > selftest/knownfail.d/disallowed_forwardable_server | 1 + > testprogs/blackbox/test_s4u_heimdal.sh | 13 +++++++++++-- > 2 files changed, 12 insertions(+), 2 deletions(-) > create mode 100644 selftest/knownfail.d/disallowed_forwardable_server > >diff --git a/selftest/knownfail.d/disallowed_forwardable_server b/selftest/knownfail.d/disallowed_forwardable_server >new file mode 100644 >index 00000000000..2e05909ab89 >--- /dev/null >+++ b/selftest/knownfail.d/disallowed_forwardable_server >@@ -0,0 +1 @@ >+^samba4.blackbox.krb5.s4u.test S4U2Proxy using received ticket >diff --git a/testprogs/blackbox/test_s4u_heimdal.sh b/testprogs/blackbox/test_s4u_heimdal.sh >index 0e12c7ec096..c6ada54e85b 100755 >--- a/testprogs/blackbox/test_s4u_heimdal.sh >+++ b/testprogs/blackbox/test_s4u_heimdal.sh >@@ -54,7 +54,7 @@ testit "set not-delegated flag" $samba_tool user sensitive $princ on || failed=` > > > echo $PASSWORD > $PREFIX/tmppassfile >-testit "kinit with password" $samba4kinit -f --password-file=$PREFIX/tmppassfile $impersonator || failed=`expr $failed + 1` >+testit "kinit impersonator" $samba4kinit -f --password-file=$PREFIX/tmppassfile $impersonator || failed=`expr $failed + 1` > > testit "test S4U2Self with normal user" $samba4kgetcred --out-cache=$ocache --forwardable --impersonate=${USERNAME} $impersonator || failed=`expr $failed + 1` > testit "test S4U2Proxy with normal user" $samba4kgetcred --out-cache=$ocache --delegation-credential-cache=${ocache} $target || failed=`expr $failed + 1` >@@ -68,6 +68,15 @@ testit "unset not-delegated flag" $samba_tool user sensitive $princ off || faile > testit "test S4U2Self after unsetting ND flag" $samba4kgetcred --out-cache=$ocache --forwardable --impersonate=$princ $impersonator || failed=`expr $failed + 1` > testit "test S4U2Proxy after unsetting ND flag" $samba4kgetcred --out-cache=$ocache --delegation-credential-cache=${ocache} $target || failed=`expr $failed + 1` > >+testit "kinit user cache" $samba4kinit -c $ocache -f --password-file=$PREFIX/tmppassfile $USERNAME || failed=`expr $failed + 1` >+testit "get a ticket to impersonator" $samba4kgetcred -c $ocache --forwardable $impersonator || failed=`expr $failed + 1` >+testit "test S4U2Proxy evidence ticket obtained by TGS" $samba4kgetcred --out-cache=$ocache --delegation-credential-cache=${ocache} $target || failed=`expr $failed + 1` > >-rm -f $ocache $PREFIX/tmpccache tmppassfile >+testit "set not-delegated on impersonator" $samba_tool user sensitive $impersonator on || failed=`expr $failed + 1` >+testit "kinit user cache again" $samba4kinit -c $ocache -f --password-file=$PREFIX/tmppassfile $USERNAME || failed=`expr $failed + 1` >+testit "get a ticket to sensitive impersonator" $samba4kgetcred -c $ocache --forwardable $impersonator || failed=`expr $failed + 1` >+testit_expect_failure "test S4U2Proxy using received ticket" $samba4kgetcred --out-cache=$ocache --delegation-credential-cache=${ocache} $target || failed=`expr $failed + 1` >+ >+ >+rm -f $ocache $PREFIX/tmpccache $PREFIX/tmppassfile > exit $failed >-- >2.25.1 > > >From 30cacb3e63225077f94578d52f1228a7d690ed7d Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Mon, 13 Jan 2020 23:42:54 +0100 >Subject: [PATCH 028/380] heimdal: apply disallow-forwardable on server in TGS > request > >upstream commit: 839b073facd2aecda6740224d73e560bc79965dc > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 8fdff19c5461315556014d25d237a958edeed1a2) >--- > selftest/knownfail.d/disallowed_forwardable_server | 1 - > source4/heimdal/kdc/krb5tgs.c | 6 ++++++ > 2 files changed, 6 insertions(+), 1 deletion(-) > delete mode 100644 selftest/knownfail.d/disallowed_forwardable_server > >diff --git a/selftest/knownfail.d/disallowed_forwardable_server b/selftest/knownfail.d/disallowed_forwardable_server >deleted file mode 100644 >index 2e05909ab89..00000000000 >--- a/selftest/knownfail.d/disallowed_forwardable_server >+++ /dev/null >@@ -1 +0,0 @@ >-^samba4.blackbox.krb5.s4u.test S4U2Proxy using received ticket >diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c >index ee3ac3d8f53..efbdd6ed77f 100644 >--- a/source4/heimdal/kdc/krb5tgs.c >+++ b/source4/heimdal/kdc/krb5tgs.c >@@ -866,6 +866,12 @@ tgs_make_reply(krb5_context context, > et.flags.anonymous = tgt->flags.anonymous; > et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; > >+ /* See MS-KILE 3.3.5.1 */ >+ if (!server->entry.flags.forwardable) >+ et.flags.forwardable = 0; >+ if (!server->entry.flags.proxiable) >+ et.flags.proxiable = 0; >+ > if(rspac->length) { > /* > * No not need to filter out the any PAC from the >-- >2.25.1 > > >From 29ea1a6f61f89680a881f2ab324231872c171477 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Thu, 7 May 2020 01:25:36 +0200 >Subject: [PATCH 029/380] selftest: allow EncASRepPart to be encoded as > EncTGSRepPart > >that's how MIT kdc encodes it, clients accept both. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit a823cc1e8bc9a68a7e662022705039397a5df7e1) >--- > python/samba/tests/krb5/simple_tests.py | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index c9998c4d2db..236fbda1cd5 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -115,7 +115,12 @@ class SimpleKerberosTests(RawKerberosTest): > > usage = 3 > enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 >+ try: >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ except Exception: >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # TGS Request > service_creds = self.get_service_creds(allow_missing_password=True) >-- >2.25.1 > > >From f879fcbe345da12b1aa610fbd34f9036f53873fb Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Wed, 6 May 2020 15:54:55 +0200 >Subject: [PATCH 030/380] selftest: test forwardable flag in cross-realm tgt > tickets > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 9b302a57ff0d4c3a373f762f2ad4daf736b0853b) >--- > python/samba/tests/krb5/xrealm_tests.py | 180 ++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail.d/xrealm | 1 + > source4/selftest/tests.py | 2 + > 4 files changed, 184 insertions(+) > create mode 100755 python/samba/tests/krb5/xrealm_tests.py > create mode 100644 selftest/knownfail.d/xrealm > >diff --git a/python/samba/tests/krb5/xrealm_tests.py b/python/samba/tests/krb5/xrealm_tests.py >new file mode 100755 >index 00000000000..64064b8a670 >--- /dev/null >+++ b/python/samba/tests/krb5/xrealm_tests.py >@@ -0,0 +1,180 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+import samba.tests >+ >+global_asn1_print = False >+global_hexdump = False >+ >+class XrealmKerberosTests(RawKerberosTest): >+ >+ def setUp(self): >+ super(XrealmKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def test_xrealm(self): >+ user_creds = self.get_user_creds() >+ user = user_creds.get_username() >+ realm = user_creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=1, names=[user]) >+ sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = None >+ >+ etypes=(18,17,23) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ self.assertEqual(rep['msg-type'], 30) >+ self.assertEqual(rep['error-code'], 25) >+ rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(2, pa_ts) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 11) >+ >+ usage = 3 >+ enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 >+ try: >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ except Exception: >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ >+ # TGS Request (for cross-realm TGT) >+ trust_realm = samba.tests.env_get_var_value('TRUST_REALM') >+ sname = self.PrincipalName_create(name_type=2, names=["krbtgt", trust_realm]) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ till = self.get_KerberosTime(offset=36000) >+ ticket = rep['ticket'] >+ ticket_session_key = self.EncryptionKey_import(enc_part2['key']) >+ padata = [] >+ >+ subkey = self.RandomKey(ticket_session_key.etype) >+ subkey_usage = 9 >+ >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ >+ req = self.TGS_REQ_create(padata=padata, >+ cusec=cusec, >+ ctime=ctime, >+ ticket=ticket, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7ffffffe, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None, >+ ticket_session_key=ticket_session_key, >+ authenticator_subkey=subkey) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 13) >+ >+ enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ >+ # Check the forwardable flag >+ fwd_pos = len(tuple(krb5_asn1.TicketFlags('forwardable'))) -1 >+ assert(krb5_asn1.TicketFlags(enc_part2['flags'])[fwd_pos]) >+ >+ return >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 58053474e03..89b5e957407 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -88,6 +88,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kcrypto.py', > 'python/samba/tests/krb5/simple_tests.py', > 'python/samba/tests/krb5/s4u_tests.py', >+ 'python/samba/tests/krb5/xrealm_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail.d/xrealm b/selftest/knownfail.d/xrealm >new file mode 100644 >index 00000000000..2e09644b1d8 >--- /dev/null >+++ b/selftest/knownfail.d/xrealm >@@ -0,0 +1 @@ >+^samba.tests.krb5.xrealm_tests.samba.tests.krb5.xrealm_tests.XrealmKerberosTests.test_xrealm >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 59b447de40a..52a61a2cced 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -750,6 +750,8 @@ planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", > 'SERVICE_PASSWORD':'$PASSWORD', > 'FOR_USER':'$USERNAME'}) > >+planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") >+ > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"']) > planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", >-- >2.25.1 > > >From a4ffa145736a9a4ba6ad020d27dbbb7fbf32ceac Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Sat, 9 May 2020 16:26:45 +0200 >Subject: [PATCH 031/380] selftest: test forwardable flag in cross-realm with > s4u2proxy > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit fb7dfdbe8f94f7f053d67832e7f28a751136d733) >--- > selftest/knownfail.d/s4u2p_fwd | 2 ++ > source4/selftest/tests.py | 2 +- > testprogs/blackbox/test_s4u_heimdal.sh | 17 ++++++++++++++--- > 3 files changed, 17 insertions(+), 4 deletions(-) > create mode 100644 selftest/knownfail.d/s4u2p_fwd > >diff --git a/selftest/knownfail.d/s4u2p_fwd b/selftest/knownfail.d/s4u2p_fwd >new file mode 100644 >index 00000000000..63ade3eece0 >--- /dev/null >+++ b/selftest/knownfail.d/s4u2p_fwd >@@ -0,0 +1,2 @@ >+^samba4.blackbox.krb5.s4u.get a ticket to impersonator for trust user >+^samba4.blackbox.krb5.s4u.test S4U2Proxy evidence ticket obtained by TGS of trust user >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 52a61a2cced..b10ac26e964 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -482,7 +482,7 @@ if have_heimdal_support: > plantestsuite("samba4.blackbox.kinit_trust", "fl2003dc:local", [os.path.join(bbdir, "test_kinit_trusts_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external", "arcfour-hmac-md5"]) > plantestsuite("samba4.blackbox.export.keytab", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_export_keytab_heimdal.sh"), '$SERVER', '$USERNAME', '$REALM', '$DOMAIN', "$PREFIX", smbclient4]) > plantestsuite("samba4.blackbox.kpasswd", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kpasswd_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc_ntvfs"]) >- plantestsuite("samba4.blackbox.krb5.s4u", "fl2008r2dc:local", [os.path.join(bbdir, "test_s4u_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', configuration]) >+ plantestsuite("samba4.blackbox.krb5.s4u", "fl2008r2dc:local", [os.path.join(bbdir, "test_s4u_heimdal.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', configuration]) > else: > plantestsuite("samba4.blackbox.kinit", "ad_dc_ntvfs:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration]) > plantestsuite("samba4.blackbox.kinit", "fl2000dc:local", [os.path.join(bbdir, "test_kinit_mit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', smbclient4, configuration]) >diff --git a/testprogs/blackbox/test_s4u_heimdal.sh b/testprogs/blackbox/test_s4u_heimdal.sh >index c6ada54e85b..c63eeaa2e30 100755 >--- a/testprogs/blackbox/test_s4u_heimdal.sh >+++ b/testprogs/blackbox/test_s4u_heimdal.sh >@@ -12,8 +12,13 @@ USERNAME=$2 > PASSWORD=$3 > REALM=$4 > DOMAIN=$5 >-PREFIX=$6 >-shift 6 >+TRUST_SERVER=$6 >+TRUST_USERNAME=$7 >+TRUST_PASSWORD=$8 >+TRUST_REALM=$9 >+TRUST_DOMAIN=${10} >+PREFIX=${11} >+shift 11 > failed=0 > > >@@ -39,7 +44,7 @@ export KRB5CCNAME > rm -rf $KRB5CCNAME_PATH > > princ=test_impersonate_princ >-impersonator=test_impersonator >+impersonator=test_impersonator.$REALM > target="CIFS/$SERVER.$REALM" > > >@@ -72,6 +77,12 @@ testit "kinit user cache" $samba4kinit -c $ocache -f --password-file=$PREFIX/tmp > testit "get a ticket to impersonator" $samba4kgetcred -c $ocache --forwardable $impersonator || failed=`expr $failed + 1` > testit "test S4U2Proxy evidence ticket obtained by TGS" $samba4kgetcred --out-cache=$ocache --delegation-credential-cache=${ocache} $target || failed=`expr $failed + 1` > >+echo $TRUST_PASSWORD > $PREFIX/tmppassfile >+testit "kinit trust user cache" $samba4kinit -c $ocache -f --password-file=$PREFIX/tmppassfile $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1` >+testit "get a ticket to impersonator for trust user" $samba4kgetcred -c $ocache --forwardable $impersonator || failed=`expr $failed + 1` >+testit "test S4U2Proxy evidence ticket obtained by TGS of trust user" $samba4kgetcred --out-cache=$ocache --delegation-credential-cache=${ocache} $target || failed=`expr $failed + 1` >+ >+echo $PASSWORD > $PREFIX/tmppassfile > testit "set not-delegated on impersonator" $samba_tool user sensitive $impersonator on || failed=`expr $failed + 1` > testit "kinit user cache again" $samba4kinit -c $ocache -f --password-file=$PREFIX/tmppassfile $USERNAME || failed=`expr $failed + 1` > testit "get a ticket to sensitive impersonator" $samba4kgetcred -c $ocache --forwardable $impersonator || failed=`expr $failed + 1` >-- >2.25.1 > > >From cf78e03fc45ea1e8396751875e26b87926e9b9e9 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Tue, 14 Jan 2020 13:16:02 +0100 >Subject: [PATCH 032/380] db-glue.c: set forwardable flag on cross-realm tgt > tickets > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 > >Match Windows behavior and allow the forwardable flag to be >set in cross-realm tickets. We used to allow forwardable to >any server, but now that we apply disallow-forwardable policy >in heimdal we need to explicitly allow in the corss-realm case >(and remove the workaround we have for it the MIT plugin). > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184 > >(cherry picked from commit 7655a0298e5f55582bf48ec776d8cd8b79fb5dd9) >--- > selftest/knownfail.d/s4u2p_fwd | 2 -- > selftest/knownfail.d/xrealm | 1 - > source4/kdc/db-glue.c | 3 +++ > source4/kdc/mit_samba.c | 5 ----- > 4 files changed, 3 insertions(+), 8 deletions(-) > delete mode 100644 selftest/knownfail.d/s4u2p_fwd > delete mode 100644 selftest/knownfail.d/xrealm > >diff --git a/selftest/knownfail.d/s4u2p_fwd b/selftest/knownfail.d/s4u2p_fwd >deleted file mode 100644 >index 63ade3eece0..00000000000 >--- a/selftest/knownfail.d/s4u2p_fwd >+++ /dev/null >@@ -1,2 +0,0 @@ >-^samba4.blackbox.krb5.s4u.get a ticket to impersonator for trust user >-^samba4.blackbox.krb5.s4u.test S4U2Proxy evidence ticket obtained by TGS of trust user >diff --git a/selftest/knownfail.d/xrealm b/selftest/knownfail.d/xrealm >deleted file mode 100644 >index 2e09644b1d8..00000000000 >--- a/selftest/knownfail.d/xrealm >+++ /dev/null >@@ -1 +0,0 @@ >-^samba.tests.krb5.xrealm_tests.samba.tests.krb5.xrealm_tests.XrealmKerberosTests.test_xrealm >diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c >index d2a79920ab5..5fd0f431cdf 100644 >--- a/source4/kdc/db-glue.c >+++ b/source4/kdc/db-glue.c >@@ -1562,6 +1562,9 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, > > entry_ex->entry.max_renew = NULL; > >+ /* Match Windows behavior and allow forwardable flag in cross-realm. */ >+ entry_ex->entry.flags.forwardable = 1; >+ > ret = samba_kdc_sort_encryption_keys(entry_ex); > if (ret != 0) { > krb5_clear_error_message(context); >diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c >index 5a4f6e73e97..54dcd545ea1 100644 >--- a/source4/kdc/mit_samba.c >+++ b/source4/kdc/mit_samba.c >@@ -304,11 +304,6 @@ fetch_referral_principal: > > sdb_free_entry(&sentry); > >- if ((kflags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) == 0) { >- kentry->attributes &= ~KRB5_KDB_DISALLOW_FORWARDABLE; >- kentry->attributes &= ~KRB5_KDB_DISALLOW_PROXIABLE; >- } >- > done: > krb5_free_principal(ctx->context, referral_principal); > referral_principal = NULL; >-- >2.25.1 > > >From fe2411ad9a1bc5bb734f4c2500d85ff4f326e202 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 3 Nov 2020 09:25:48 +1300 >Subject: [PATCH 033/380] selftest: add mit kdc specific known fail > >Add a MIT kerberos specific known fail, will be needed by subsequent >commits. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 04248f5e868d38498bdc8f9705c9a60fcfe79c09) >--- > selftest/knownfail_mit_kdc | 0 > selftest/wscript | 2 ++ > 2 files changed, 2 insertions(+) > create mode 100644 selftest/knownfail_mit_kdc > >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >new file mode 100644 >index 00000000000..e69de29bb2d >diff --git a/selftest/wscript b/selftest/wscript >index 501a5df5824..95086b4f0ed 100644 >--- a/selftest/wscript >+++ b/selftest/wscript >@@ -263,6 +263,8 @@ def cmd_testonly(opt): > > if CONFIG_GET(opt, 'USING_SYSTEM_KRB5') and CONFIG_GET(opt, 'MIT_KDC_PATH'): > env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc" >+ env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ >+ "knownfail_mit_kdc" > > if not CONFIG_GET(opt, 'HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X'): > # older MIT krb5 libraries (< 1.14) don't have >-- >2.25.1 > > >From 415e1ee1929aaef1ebe62ee4d55e2a62cece5795 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 27 Oct 2020 09:29:56 +1300 >Subject: [PATCH 034/380] tests python krb5: Make PrincipalName_create a class > method > >Make PrincipalName_create a class method, so it can be used in helper >classes. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit b14dca7c1c063e069517ff01b33c63a000d398c3) >--- > python/samba/tests/krb5/raw_testcase.py | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index f43ce9cbc3c..45e46e0b7ba 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -470,6 +470,7 @@ class RawKerberosTest(TestCase): > } > return Checksum_obj > >+ @classmethod > def PrincipalName_create(self, name_type, names): > # PrincipalName ::= SEQUENCE { > # name-type [0] Int32, >-- >2.25.1 > > >From 7d4dd909317f1c8377771eed129ed95f58f661a5 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 27 Oct 2020 09:31:24 +1300 >Subject: [PATCH 035/380] tests python krb5: Add canonicalize flag to ASN1 > >Add the canonicalize flag to KerberosFlags, so that it can be used in >python based canonicalization tests. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 41c8aa4b991aad306d731b08d068c480eb5c7fed) >--- > python/samba/tests/krb5/rfc4120.asn1 | 8 ++++---- > python/samba/tests/krb5/rfc4120_pyasn1.py | 4 ++-- > 2 files changed, 6 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 98ba887729d..58e0c1636a1 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -196,8 +196,8 @@ KDCOptions ::= KerberosFlags > -- opt-hardware-auth(11), > -- unused12(12), > -- unused13(13), >--- 15 is reserved for canonicalize >- -- unused15(15), >+-- Canonicalize is used in RFC 6806 >+ -- canonicalize(15), > -- 26 was unused in 1510 > -- disable-transited-check(26), > -- >@@ -489,8 +489,8 @@ KDCOptionsValues ::= BIT STRING { -- KerberosFlags > opt-hardware-auth(11), > unused12(12), > unused13(13), >--- 15 is reserved for canonicalize >- unused15(15), >+-- Canonicalize is used by RFC 6806 >+ canonicalize(15), > -- 26 was unused in 1510 > disable-transited-check(26), > -- >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index 05304a8a099..b4ea678afd8 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-05-06 17:51:00.323318) >+# (last modified on 2020-11-03 14:07:15.270009) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -610,7 +610,7 @@ KDCOptionsValues.namedValues = namedval.NamedValues( > ('opt-hardware-auth', 11), > ('unused12', 12), > ('unused13', 13), >- ('unused15', 15), >+ ('canonicalize', 15), > ('disable-transited-check', 26), > ('renewable-ok', 27), > ('enc-tkt-in-skey', 28), >-- >2.25.1 > > >From 0e4a44f7e46d4f19d5362411c1c433a56106a77b Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 27 Oct 2020 09:32:21 +1300 >Subject: [PATCH 036/380] tests python krb5: Add python kerberos > canonicalization tests > >Add python canonicalization tests, loosely based on the code in >source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move >the integration level tests out of kdc-canon-heimdal, leaving it as a >heimdal library unit test. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 005435dc4d7de9d442c7513edec8c782fe20fda3) >--- > .../tests/krb5/as_canonicalization_tests.py | 499 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_mit_kdc | 144 +++++ > source4/selftest/tests.py | 1 + > 4 files changed, 645 insertions(+) > create mode 100755 python/samba/tests/krb5/as_canonicalization_tests.py > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >new file mode 100755 >index 00000000000..7b599ad6e44 >--- /dev/null >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -0,0 +1,499 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# >+# Copyright (C) Catalyst IT Ltd. 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+from enum import Enum, unique >+import pyasn1 >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+import samba >+from samba.auth import system_session >+from samba.credentials import ( >+ Credentials, >+ CLI_CRED_NTLMv2_AUTH, >+ CLI_CRED_NTLM_AUTH, >+ DONT_USE_KERBEROS) >+from samba.dcerpc.misc import SEC_CHAN_WKSTA >+from samba.dsdb import ( >+ UF_WORKSTATION_TRUST_ACCOUNT, >+ UF_PASSWD_NOTREQD, >+ UF_NORMAL_ACCOUNT) >+from samba.samdb import SamDB >+from samba.tests import delete_force, DynamicTestCase >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+@unique >+class TestOptions(Enum): >+ Canonicalize = 1 >+ Enterprise = 2 >+ UpperRealm = 4 >+ UpperUserName = 8 >+ NetbiosRealm = 16 >+ UPN = 32 >+ RemoveDollar = 64 >+ Last = 128 >+ >+ def is_set(self, x): >+ return self.value & x >+ >+ >+@unique >+class CredentialsType(Enum): >+ User = 1 >+ Machine = 2 >+ >+ def is_set(self, x): >+ return self.value & x >+ >+ >+class TestData: >+ >+ def __init__(self, options, creds): >+ self.options = options >+ self.user_creds = creds >+ self.user_name = self.get_username(options, creds) >+ self.realm = self.get_realm(options, creds) >+ self.cname = RawKerberosTest.PrincipalName_create( >+ name_type=1, names=[self.user_name]) >+ self.sname = RawKerberosTest.PrincipalName_create( >+ name_type=2, names=["krbtgt", self.realm]) >+ self.canonicalize = TestOptions.Canonicalize.is_set(options) >+ >+ def get_realm(self, options, creds): >+ realm = creds.get_realm() >+ if TestOptions.NetbiosRealm.is_set(options): >+ realm = creds.get_domain() >+ if TestOptions.UpperRealm.is_set(options): >+ realm = realm.upper() >+ else: >+ realm = realm.lower() >+ return realm >+ >+ def get_username(self, options, creds): >+ name = creds.get_username() >+ if TestOptions.RemoveDollar.is_set(options) and name.endswith("$"): >+ name = name[:-1] >+ if TestOptions.Enterprise.is_set(options): >+ realm = creds.get_realm() >+ name = "{0}@{1}".format(name, realm) >+ if TestOptions.UpperUserName.is_set(options): >+ name = name.upper() >+ return name >+ >+ def __repr__(self): >+ rep = "Test Data: " >+ rep += "options = '" + "{:08b}".format(self.options) + "'" >+ rep += "user name = '" + self.user_name + "'" >+ rep += ", realm = '" + self.realm + "'" >+ rep += ", cname = '" + str(self.cname) + "'" >+ rep += ", sname = '" + str(self.sname) + "'" >+ return rep >+ >+ >+MACHINE_NAME = "tstkrb5cnnusr" >+USER_NAME = "tstkrb5cnnmch" >+ >+# Encryption types >+AES256_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96')) >+AES128_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96')) >+ARCFOUR_HMAC_MD5 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5')) >+ >+# Message types >+KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >+KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+ >+# PAData types >+PADATA_ENC_TIMESTAMP = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ETYPE_INFO2 = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+ >+# Error codes >+KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_PREAUTH_REQUIRED = 25 >+ >+# Name types >+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >+NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+ >+ >+@DynamicTestCase >+class KerberosASCanonicalizationTests(RawKerberosTest): >+ >+ @classmethod >+ def setUpDynamicTestCases(cls): >+ >+ def skip(ct, options): >+ ''' Filter out any mutually exclusive test options ''' >+ if ct != CredentialsType.Machine and\ >+ TestOptions.RemoveDollar.is_set(options): >+ return True >+ return False >+ >+ def build_test_name(ct, options): >+ name = "%sCredentials" % ct.name >+ for opt in TestOptions: >+ if opt.is_set(options): >+ name += ("_%s" % opt.name) >+ return name >+ >+ for ct in CredentialsType: >+ for x in range(TestOptions.Last.value): >+ if skip(ct, x): >+ continue >+ name = build_test_name(ct, x) >+ cls.generate_dynamic_test("test", name, x, ct) >+ >+ @classmethod >+ def setUpClass(cls): >+ cls.lp = cls.get_loadparm(cls) >+ cls.username = os.environ["USERNAME"] >+ cls.password = os.environ["PASSWORD"] >+ cls.domain = os.environ["DOMAIN"] >+ cls.realm = os.environ["REALM"] >+ cls.host = os.environ["SERVER"] >+ >+ c = Credentials() >+ c.set_username(cls.username) >+ c.set_password(cls.password) >+ c.set_domain(cls.domain) >+ c.set_realm(cls.realm) >+ cls.credentials = c >+ >+ cls.session = system_session() >+ cls.ldb = SamDB(url="ldap://%s" % cls.host, >+ session_info=cls.session, >+ credentials=cls.credentials, >+ lp=cls.lp) >+ cls.create_machine_account() >+ cls.create_user_account() >+ >+ @classmethod >+ def tearDownClass(cls): >+ super(KerberosASCanonicalizationTests, cls).tearDownClass() >+ delete_force(cls.ldb, cls.machine_dn) >+ delete_force(cls.ldb, cls.user_dn) >+ >+ def setUp(self): >+ super(KerberosASCanonicalizationTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ # >+ # Create a test user account >+ @classmethod >+ def create_user_account(cls): >+ cls.user_pass = samba.generate_random_password(32, 32) >+ cls.user_name = USER_NAME >+ cls.user_dn = "cn=%s,%s" % (cls.user_name, cls.ldb.domain_dn()) >+ >+ # remove the account if it exists, this will happen if a previous test >+ # run failed >+ delete_force(cls.ldb, cls.user_dn) >+ >+ utf16pw = ('"%s"' % cls.user_pass).encode('utf-16-le') >+ cls.ldb.add({ >+ "dn": cls.user_dn, >+ "objectclass": "user", >+ "sAMAccountName": "%s" % cls.user_name, >+ "userAccountControl": str(UF_NORMAL_ACCOUNT), >+ "unicodePwd": utf16pw}) >+ >+ cls.user_creds = Credentials() >+ cls.user_creds.guess(cls.lp) >+ cls.user_creds.set_password(cls.user_pass) >+ cls.user_creds.set_username(cls.user_name) >+ cls.user_creds.set_workstation(cls.machine_name) >+ >+ # >+ # Create the machine account >+ @classmethod >+ def create_machine_account(cls): >+ cls.machine_pass = samba.generate_random_password(32, 32) >+ cls.machine_name = MACHINE_NAME >+ cls.machine_dn = "cn=%s,%s" % (cls.machine_name, cls.ldb.domain_dn()) >+ >+ # remove the account if it exists, this will happen if a previous test >+ # run failed >+ delete_force(cls.ldb, cls.machine_dn) >+ >+ utf16pw = ('"%s"' % cls.machine_pass).encode('utf-16-le') >+ cls.ldb.add({ >+ "dn": cls.machine_dn, >+ "objectclass": "computer", >+ "sAMAccountName": "%s$" % cls.machine_name, >+ "userAccountControl": >+ str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), >+ "unicodePwd": utf16pw}) >+ >+ cls.machine_creds = Credentials() >+ cls.machine_creds.guess(cls.lp) >+ cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) >+ cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) >+ cls.machine_creds.set_password(cls.machine_pass) >+ cls.machine_creds.set_username(cls.machine_name + "$") >+ cls.machine_creds.set_workstation(cls.machine_name) >+ >+ def _test_with_args(self, x, ct): >+ if ct == CredentialsType.User: >+ creds = self.user_creds >+ elif ct == CredentialsType.Machine: >+ creds = self.machine_creds >+ else: >+ raise Exception("Unexpected credential type") >+ data = TestData(x, creds) >+ >+ try: >+ (rep, as_rep) = self.as_req(data) >+ except pyasn1.error.PyAsn1Error as e: >+ import traceback >+ self.fail("ASN1 Error, Options {0:08b}:{1} {2}".format( >+ traceback.format_exc(), >+ data.options, >+ e)) >+ # If as_req triggered an expected server error response >+ # No need to test the response data. >+ if rep is not None: >+ # The kvno is optional, heimdal includes it >+ # MIT does not. >+ if 'kvno' in rep['enc-part']: >+ kvno = rep['enc-part']['kvno'] >+ self.check_kvno(kvno, data) >+ >+ cname = rep['cname'] >+ self.check_cname(cname, data) >+ >+ crealm = rep['crealm'].decode('ascii') >+ self.check_crealm(crealm, data) >+ >+ sname = as_rep['sname'] >+ self.check_sname(sname, data) >+ >+ srealm = as_rep['srealm'].decode('ascii') >+ self.check_srealm(srealm, data) >+ >+ def as_req(self, data): >+ user_creds = data.user_creds >+ realm = data.realm >+ >+ cname = data.cname >+ sname = data.sname >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = "0" >+ if data.canonicalize: >+ kdc_options = str(krb5_asn1.KDCOptions('canonicalize')) >+ >+ padata = None >+ >+ # Set the allowable encryption types >+ etypes = ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ # >+ # Check the protocol version, should be 5 >+ self.assertEqual( >+ rep['pvno'], 5, "Data {0}".format(str(data))) >+ >+ self.assertEqual( >+ rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) >+ >+ # We should get KDC_ERR_PREAUTH_REQUIRED >+ # unless the RemoveDollar and Enterprise options are set >+ # then we should get a KDC_ERR_C_PRINCIPAL_UNKNOWN >+ if TestOptions.RemoveDollar.is_set(data.options) and\ >+ TestOptions.Enterprise.is_set(data.options): >+ self.assertEqual( >+ rep['error-code'], >+ KDC_ERR_C_PRINCIPAL_UNKNOWN, >+ "Error code {0}, Data {1}".format(rep['error-code'], str(data))) >+ return (None, None) >+ >+ self.assertEqual( >+ rep['error-code'], >+ KDC_ERR_PREAUTH_REQUIRED, >+ "Error code {0}, Data {1}".format(rep['error-code'], str(data))) >+ >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >+ >+ kdc_options = "0" >+ if data.canonicalize: >+ kdc_options = str(krb5_asn1.KDCOptions('canonicalize')) >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ # >+ # Check the protocol version, should be 5 >+ self.assertEqual( >+ rep['pvno'], 5, "Data {0}".format(str(data))) >+ >+ msg_type = rep['msg-type'] >+ # Should not have got an error. >+ # If we did, fail and print the error code to help debugging >+ self.assertNotEqual( >+ msg_type, >+ KRB_ERROR, >+ "Error code {0}, Data {1}".format( >+ rep.get('error-code', ''), >+ str(data))) >+ >+ self.assertEqual(msg_type, KRB_AS_REP, "Data {0}".format(str(data))) >+ >+ # Decrypt and decode the EncKdcRepPart >+ enc = key.decrypt(3, rep['enc-part']['cipher']) >+ if enc[0] == 0x7A: >+ # MIT Kerberos Tags the EncASRepPart as a EncKDCRepPart >+ # i.e. tag number 26 instead of tag number 25 >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ else: >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) >+ >+ return (rep, as_rep) >+ >+ def check_cname(self, cname, data): >+ nt = cname['name-type'] >+ self.assertEqual( >+ NT_PRINCIPAL, >+ nt, >+ "cname name-type, Options {0:08b}".format(data.options)) >+ >+ ns = cname['name-string'] >+ name = ns[0].decode('ascii') >+ >+ expected = data.user_name >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_username() >+ self.assertEqual( >+ expected, >+ name, >+ "cname principal, Options {0:08b}".format(data.options)) >+ >+ def check_crealm(self, crealm, data): >+ realm = data.user_creds.get_realm() >+ self.assertEqual( >+ realm, crealm, "crealm, Options {0:08b}".format(data.options)) >+ >+ def check_sname(self, sname, data): >+ nt = sname['name-type'] >+ self.assertEqual( >+ NT_SRV_INST, >+ nt, >+ "sname name-type, Options {0:08b}".format(data.options)) >+ >+ ns = sname['name-string'] >+ name = ns[0].decode('ascii') >+ self.assertEqual( >+ 'krbtgt', >+ name, >+ "sname principal, Options {0:08b}".format(data.options)) >+ >+ realm = ns[1].decode('ascii') >+ expected = data.realm >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_realm().upper() >+ self.assertEqual( >+ expected, >+ realm, >+ "sname realm, Options {0:08b}".format(data.options)) >+ >+ def check_srealm(self, srealm, data): >+ realm = data.user_creds.get_realm() >+ self.assertEqual( >+ realm, srealm, "srealm, Options {0:08b}".format(data.options)) >+ >+ def check_kvno(self, kvno, data): >+ self.assertEqual( >+ 1, kvno, "kvno, Options {0:08b}".format(data.options)) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 89b5e957407..2f813760814 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -89,6 +89,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/simple_tests.py', > 'python/samba/tests/krb5/s4u_tests.py', > 'python/samba/tests/krb5/xrealm_tests.py', >+ 'python/samba/tests/krb5/as_canonicalization_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index e69de29bb2d..96d3e51da5c 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -0,0 +1,144 @@ >+# >+# Currently MOST but not quite all the Canonicalization tests fail on the >+# MIT KDC >+# >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Canonicalize_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_UPN\( >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index b10ac26e964..78b1a8494f3 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1284,6 +1284,7 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > '--option=torture:expect_machine_account=true'] + extra_options, > "samba4.krb5.kdc with machine account") > >+planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 7189760a7c4bd64e8d360b2e569bd69ad2f92327 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:09:13 +1300 >Subject: [PATCH 037/380] selftest: Send enterprise principals tagged as such > >This test passed against Samba but failed against Windows when >an enterprise principal (user@domain.com@REALM) was encoded as >NT_PRINCIPAL. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d7f731ed3577b407370d8fe7a62b4c3ee2dd9c75) >--- > .../tests/krb5/as_canonicalization_tests.py | 24 ++++++-- > selftest/knownfail.d/kdc-enterprise | 57 +++++++++++++++++++ > selftest/knownfail_mit_kdc | 8 +++ > 3 files changed, 84 insertions(+), 5 deletions(-) > create mode 100644 selftest/knownfail.d/kdc-enterprise > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 7b599ad6e44..3f8ed5c5a11 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -77,10 +77,16 @@ class TestData: > self.user_creds = creds > self.user_name = self.get_username(options, creds) > self.realm = self.get_realm(options, creds) >+ >+ if TestOptions.Enterprise.is_set(options): >+ client_name_type = NT_ENTERPRISE_PRINCIPAL >+ else: >+ client_name_type = NT_PRINCIPAL >+ > self.cname = RawKerberosTest.PrincipalName_create( >- name_type=1, names=[self.user_name]) >+ name_type=client_name_type, names=[self.user_name]) > self.sname = RawKerberosTest.PrincipalName_create( >- name_type=2, names=["krbtgt", self.realm]) >+ name_type=NT_SRV_INST, names=["krbtgt", self.realm]) > self.canonicalize = TestOptions.Canonicalize.is_set(options) > > def get_realm(self, options, creds): >@@ -143,6 +149,7 @@ KDC_ERR_PREAUTH_REQUIRED = 25 > NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) > NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-ENTERPRISE-PRINCIPAL')) > > > @DynamicTestCase >@@ -436,10 +443,17 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > return (rep, as_rep) > > def check_cname(self, cname, data): >- nt = cname['name-type'] >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected_name_type = NT_PRINCIPAL >+ elif TestOptions.Enterprise.is_set(data.options): >+ expected_name_type = NT_ENTERPRISE_PRINCIPAL >+ else: >+ expected_name_type = NT_PRINCIPAL >+ >+ name_type = cname['name-type'] > self.assertEqual( >- NT_PRINCIPAL, >- nt, >+ expected_name_type, >+ name_type, > "cname name-type, Options {0:08b}".format(data.options)) > > ns = cname['name-string'] >diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise >new file mode 100644 >index 00000000000..4e4f8a93e03 >--- /dev/null >+++ b/selftest/knownfail.d/kdc-enterprise >@@ -0,0 +1,57 @@ >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( >+ >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 96d3e51da5c..9bac4737591 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -142,3 +142,11 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_UPN\( >-- >2.25.1 > > >From 31bffef894818d8012876d6b7b8d6d4f54905f2f Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:09:59 +1300 >Subject: [PATCH 038/380] selftest: Fix flipped machine and user constants > >This naturally does not change the test, but reduces developer >confusion. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 579a3c641c72b65f6ba39141a55c765b517bd7f8) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 3f8ed5c5a11..7cdf614482e 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -120,8 +120,8 @@ class TestData: > return rep > > >-MACHINE_NAME = "tstkrb5cnnusr" >-USER_NAME = "tstkrb5cnnmch" >+MACHINE_NAME = "tstkrb5cnnmch" >+USER_NAME = "tstkrb5cnnusr" > > # Encryption types > AES256_CTS_HMAC_SHA1_96 = int( >-- >2.25.1 > > >From 5f06624f40f9068f6ea94d585bb381c63c39f91a Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:12:13 +1300 >Subject: [PATCH 039/380] selftest: Make as_canonicalization_tests.py easier to > run outside "make test" > >This takes the realm from the LDAP base DN and so avoids one >easy mistake to make. So far the NT4 domain name is not >auto-detected, so much be read from the smb.conf. > >By using .guess() the smb.conf is read for the unspecified >parts (eg workstation for an NTLM login to the LDAP server if >the target server is an IP address). > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d85e71f449037fa035fa2fae6b64caf695c53cb3) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 7cdf614482e..c0c3208d216 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -185,14 +185,20 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.username = os.environ["USERNAME"] > cls.password = os.environ["PASSWORD"] > cls.domain = os.environ["DOMAIN"] >- cls.realm = os.environ["REALM"] > cls.host = os.environ["SERVER"] > > c = Credentials() > c.set_username(cls.username) > c.set_password(cls.password) > c.set_domain(cls.domain) >- c.set_realm(cls.realm) >+ try: >+ realm = os.environ["REALM"] >+ c.set_realm(realm) >+ except KeyError: >+ pass >+ >+ c.guess() >+ > cls.credentials = c > > cls.session = system_session() >@@ -236,6 +242,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > cls.user_creds = Credentials() > cls.user_creds.guess(cls.lp) >+ cls.user_creds.set_realm(cls.ldb.domain_dns_name().upper()) > cls.user_creds.set_password(cls.user_pass) > cls.user_creds.set_username(cls.user_name) > cls.user_creds.set_workstation(cls.machine_name) >@@ -263,6 +270,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > cls.machine_creds = Credentials() > cls.machine_creds.guess(cls.lp) >+ cls.machine_creds.set_realm(cls.ldb.domain_dns_name().upper()) > cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) > cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) > cls.machine_creds.set_password(cls.machine_pass) >-- >2.25.1 > > >From d3dd1fdcdf374101f3c9e30a5426fe99b382ecc3 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 13:46:28 +1300 >Subject: [PATCH 040/380] samdb: Add samdb.domain_netbios_name() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >[abartlet@samba.org: Backported from commit >d79218dbba3d0f26d6a0e22b3c91b0731bf641dd as this backport >to Samba 4.13 does not include 07ce48088824bba2054e029edfa6fbae972c1921 >(samba-tool: Create unix user with modified template homedir)] >--- > python/samba/netcmd/user.py | 10 ++-------- > python/samba/samdb.py | 15 +++++++++++++++ > python/samba/tests/samdb.py | 13 ++++++++++--- > selftest/tests.py | 1 + > 4 files changed, 28 insertions(+), 11 deletions(-) > >diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py >index 26db3105da0..aa8e96a2581 100644 >--- a/python/samba/netcmd/user.py >+++ b/python/samba/netcmd/user.py >@@ -3001,14 +3001,8 @@ The users gecos field will be set to 'User4 test' > > if unix_home is None: > # obtain nETBIOS Domain Name >- filter = "(&(objectClass=crossRef)(nETBIOSName=*))" >- searchdn = ("CN=Partitions,CN=Configuration," + domaindn) >- try: >- res = samdb.search(searchdn, >- scope=ldb.SCOPE_SUBTREE, >- expression=filter) >- unix_domain = res[0]["nETBIOSName"][0] >- except IndexError: >+ unix_domain = samdb.domain_netbios_name() >+ if unix_domain is None: > raise CommandError('Unable to find Unix domain') > > unix_home = "/home/{0}/{1}".format(unix_domain, username) >diff --git a/python/samba/samdb.py b/python/samba/samdb.py >index d903babb406..e4030099b5c 100644 >--- a/python/samba/samdb.py >+++ b/python/samba/samdb.py >@@ -928,6 +928,21 @@ accountExpires: %u > domain_dn = self.get_default_basedn() > return domain_dn.canonical_str().split('/')[0] > >+ def domain_netbios_name(self): >+ """return the NetBIOS name of the domain root""" >+ domain_dn = self.get_default_basedn() >+ dns_name = self.domain_dns_name() >+ filter = "(&(objectClass=crossRef)(nETBIOSName=*)(ncName=%s)(dnsroot=%s))" % (domain_dn, dns_name) >+ partitions_dn = self.get_partitions_dn() >+ res = self.search(partitions_dn, >+ scope=ldb.SCOPE_ONELEVEL, >+ expression=filter) >+ try: >+ netbios_domain = res[0]["nETBIOSName"][0].decode() >+ except IndexError: >+ return None >+ return netbios_domain >+ > def forest_dns_name(self): > """return the DNS name of the forest root""" > forest_dn = self.get_root_basedn() >diff --git a/python/samba/tests/samdb.py b/python/samba/tests/samdb.py >index a185a1566e3..834c5a204a6 100644 >--- a/python/samba/tests/samdb.py >+++ b/python/samba/tests/samdb.py >@@ -38,13 +38,13 @@ class SamDBTestCase(TestCaseInTempDir): > super(SamDBTestCase, self).setUp() > self.session = system_session() > logger = logging.getLogger("selftest") >- domain = "dsdb" >- realm = "dsdb.samba.example.com" >+ self.domain = "dsdb" >+ self.realm = "dsdb.samba.example.com" > host_name = "test" > server_role = "active directory domain controller" > self.result = provision(logger, > self.session, targetdir=self.tempdir, >- realm=realm, domain=domain, >+ realm=self.realm, domain=self.domain, > hostname=host_name, > use_ntvfs=True, > serverrole=server_role, >@@ -61,3 +61,10 @@ class SamDBTestCase(TestCaseInTempDir): > shutil.rmtree(os.path.join(self.tempdir, d)) > > super(SamDBTestCase, self).tearDown() >+ >+ >+class SamDBTests(SamDBTestCase): >+ >+ def test_get_domain(self): >+ self.assertEqual(self.samdb.domain_dns_name(), self.realm.lower()) >+ self.assertEqual(self.samdb.domain_netbios_name(), self.domain.upper()) >diff --git a/selftest/tests.py b/selftest/tests.py >index 91c75b0ebed..b9b95d800cc 100644 >--- a/selftest/tests.py >+++ b/selftest/tests.py >@@ -211,6 +211,7 @@ planpythontestsuite("none", "samba.tests.graph") > plantestsuite("wafsamba.duplicate_symbols", "none", [os.path.join(srcdir(), "buildtools/wafsamba/test_duplicate_symbol.sh")]) > planpythontestsuite("none", "samba.tests.glue") > planpythontestsuite("none", "samba.tests.tdb_util") >+planpythontestsuite("none", "samba.tests.samdb") > planpythontestsuite("none", "samba.tests.samdb_api") > > if with_pam: >-- >2.25.1 > > >From 8bbaf0e3a3d44ffc727b4288b37bb01583c1adb2 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 13:47:30 +1300 >Subject: [PATCH 041/380] selftest: Make as_canonicalization_tests.py > auto-detect the NT4 domain name > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2693f12fbe321e0f4932b1f74d7006dbac140e8e) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index c0c3208d216..221ff486fd8 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -184,18 +184,21 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.lp = cls.get_loadparm(cls) > cls.username = os.environ["USERNAME"] > cls.password = os.environ["PASSWORD"] >- cls.domain = os.environ["DOMAIN"] > cls.host = os.environ["SERVER"] > > c = Credentials() > c.set_username(cls.username) > c.set_password(cls.password) >- c.set_domain(cls.domain) > try: > realm = os.environ["REALM"] > c.set_realm(realm) > except KeyError: > pass >+ try: >+ domain = os.environ["DOMAIN"] >+ c.set_domain(domain) >+ except KeyError: >+ pass > > c.guess() > >@@ -243,6 +246,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.user_creds = Credentials() > cls.user_creds.guess(cls.lp) > cls.user_creds.set_realm(cls.ldb.domain_dns_name().upper()) >+ cls.user_creds.set_domain(cls.ldb.domain_netbios_name().upper()) > cls.user_creds.set_password(cls.user_pass) > cls.user_creds.set_username(cls.user_name) > cls.user_creds.set_workstation(cls.machine_name) >@@ -271,6 +275,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > cls.machine_creds = Credentials() > cls.machine_creds.guess(cls.lp) > cls.machine_creds.set_realm(cls.ldb.domain_dns_name().upper()) >+ cls.machine_creds.set_domain(cls.ldb.domain_netbios_name().upper()) > cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) > cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS) > cls.machine_creds.set_password(cls.machine_pass) >-- >2.25.1 > > >From 648c162e4a15a179ca15b294290e0511288bff28 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:21:24 +1300 >Subject: [PATCH 042/380] selftest: Fix formatting of failure (traceback and > options swapped in format string) > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit ab8c0a181bebe17a597af49790f6e7b17e13c29b) >--- > python/samba/tests/krb5/as_canonicalization_tests.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 221ff486fd8..f0e9f6307f6 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -296,8 +296,8 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > except pyasn1.error.PyAsn1Error as e: > import traceback > self.fail("ASN1 Error, Options {0:08b}:{1} {2}".format( >- traceback.format_exc(), > data.options, >+ traceback.format_exc(), > e)) > # If as_req triggered an expected server error response > # No need to test the response data. >-- >2.25.1 > > >From 2b43617bc7e44ef231a79dc1e5b51eda9f88d78c Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 11:27:06 +1300 >Subject: [PATCH 043/380] selftest: Add in encrypted-pa-data from RFC 6806 > >This comes from Windows 2019 which supports FAST. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit fc77ece0e2b5fd324809e17a9b208cc7854cee4b) >--- > python/samba/tests/krb5/rfc4120.asn1 | 3 ++- > python/samba/tests/krb5/rfc4120_pyasn1.py | 19 ++++++++++--------- > 2 files changed, 12 insertions(+), 10 deletions(-) > >diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 >index 58e0c1636a1..654f9788ca7 100644 >--- a/python/samba/tests/krb5/rfc4120.asn1 >+++ b/python/samba/tests/krb5/rfc4120.asn1 >@@ -239,7 +239,8 @@ EncKDCRepPart ::= SEQUENCE { > renew-till [8] KerberosTime OPTIONAL, > srealm [9] Realm, > sname [10] PrincipalName, >- caddr [11] HostAddresses OPTIONAL >+ caddr [11] HostAddresses OPTIONAL, >+ encrypted-pa-data[12] METHOD-DATA OPTIONAL > } > > LastReq ::= SEQUENCE OF SEQUENCE { >diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py >index b4ea678afd8..1d89f94adf1 100644 >--- a/python/samba/tests/krb5/rfc4120_pyasn1.py >+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py >@@ -1,5 +1,5 @@ > # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 >-# (last modified on 2020-11-03 14:07:15.270009) >+# (last modified on 2020-11-06 11:30:42.476808) > > # KerberosV5Spec2 > from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful >@@ -438,6 +438,13 @@ LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes( > )) > > >+class METHOD_DATA(univ.SequenceOf): >+ pass >+ >+ >+METHOD_DATA.componentType = PA_DATA() >+ >+ > class TicketFlags(KerberosFlags): > pass > >@@ -458,7 +465,8 @@ EncKDCRepPart.componentType = namedtype.NamedTypes( > namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), > namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), > namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), >- namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))) >+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))), >+ namedtype.OptionalNamedType('encrypted-pa-data', METHOD_DATA().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12))) > ) > > >@@ -702,13 +710,6 @@ KRB_SAFE.componentType = namedtype.NamedTypes( > ) > > >-class METHOD_DATA(univ.SequenceOf): >- pass >- >- >-METHOD_DATA.componentType = PA_DATA() >- >- > class MessageTypeValues(univ.Integer): > pass > >-- >2.25.1 > > >From d8fd226773b933a662943d5200efc67528324354 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 10 Nov 2020 13:50:37 +1300 >Subject: [PATCH 044/380] selftest: Windows 2019 implements the RemoveDollar > behaviour for Enterprise principals > >This is documented in MS-KILE. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Gary Lockyer <gary@samba.org> >Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184 > >(cherry picked from commit f214a3ba5a3e9f129f10062392ae03edd62d8186) >--- > .../tests/krb5/as_canonicalization_tests.py | 11 ---------- > selftest/knownfail.d/kdc-enterprise | 20 ------------------- > selftest/knownfail_mit_kdc | 20 +++++++++++++++++++ > 3 files changed, 20 insertions(+), 31 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index f0e9f6307f6..caa186bed41 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -366,17 +366,6 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > self.assertEqual( > rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) > >- # We should get KDC_ERR_PREAUTH_REQUIRED >- # unless the RemoveDollar and Enterprise options are set >- # then we should get a KDC_ERR_C_PRINCIPAL_UNKNOWN >- if TestOptions.RemoveDollar.is_set(data.options) and\ >- TestOptions.Enterprise.is_set(data.options): >- self.assertEqual( >- rep['error-code'], >- KDC_ERR_C_PRINCIPAL_UNKNOWN, >- "Error code {0}, Data {1}".format(rep['error-code'], str(data))) >- return (None, None) >- > self.assertEqual( > rep['error-code'], > KDC_ERR_PREAUTH_REQUIRED, >diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise >index 4e4f8a93e03..d15d67c8af6 100644 >--- a/selftest/knownfail.d/kdc-enterprise >+++ b/selftest/knownfail.d/kdc-enterprise >@@ -1,19 +1,3 @@ >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\( >@@ -26,14 +10,10 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 9bac4737591..00edbc0c34d 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -150,3 +150,23 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_UPN\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( >+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >-- >2.25.1 > > >From a87cfead30a4f630aaa5e22ccb8b3646bb94e989 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 4 Nov 2020 13:54:46 +1300 >Subject: [PATCH 045/380] selftest: add heimdal kdc specific known fail > >Add a heimdal kerberos specific known fail, will be needed by subsequent >commits. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 5cb5134377f099353e0f91c44cc11e45d548d40f) >--- > selftest/knownfail_heimdal_kdc | 0 > selftest/wscript | 3 +++ > 2 files changed, 3 insertions(+) > create mode 100644 selftest/knownfail_heimdal_kdc > >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >new file mode 100644 >index 00000000000..e69de29bb2d >diff --git a/selftest/wscript b/selftest/wscript >index 95086b4f0ed..82354071d5b 100644 >--- a/selftest/wscript >+++ b/selftest/wscript >@@ -265,6 +265,9 @@ def cmd_testonly(opt): > env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc" > env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ > "knownfail_mit_kdc" >+ else: >+ env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\ >+ "knownfail_heimdal_kdc" > > if not CONFIG_GET(opt, 'HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X'): > # older MIT krb5 libraries (< 1.14) don't have >-- >2.25.1 > > >From 2fe18d5ebb4af139bed09d9ea8718aac901b9e9b Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 4 Nov 2020 13:58:24 +1300 >Subject: [PATCH 046/380] tests python krb5: Add python kerberos compatability > tests > >Add new python test to document the differences between the MIT and >Heimdal Kerberos implementations. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1e1d8b9c83f32c06ecab31214a20b77529ee038e) >--- > .../samba/tests/krb5/compatability_tests.py | 174 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_heimdal_kdc | 4 + > selftest/knownfail_mit_kdc | 4 + > source4/selftest/tests.py | 1 + > 5 files changed, 184 insertions(+) > create mode 100755 python/samba/tests/krb5/compatability_tests.py > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >new file mode 100755 >index 00000000000..63bd5269c2b >--- /dev/null >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -0,0 +1,174 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) Catalyst.Net Ltd 2020 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class SimpleKerberosTests(RawKerberosTest): >+ >+ def setUp(self): >+ super(SimpleKerberosTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def test_mit_EncASRepPart_tag(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x7a, enc[0]) >+ >+ def test_heimdal_EncASRepPart_tag(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x79, enc[0]) >+ >+ def test_mit_EncryptedData_kvno(self): >+ creds = self.get_user_creds() >+ (_, enc) = self.as_req(creds) >+ if 'kvno' in enc: >+ self.fail("kvno present in EncryptedData") >+ >+ def test_heimdal_EncryptedData_kvno(self): >+ creds = self.get_user_creds() >+ (_, enc) = self.as_req(creds) >+ if 'kvno' not in enc: >+ self.fail("kvno absent in EncryptedData") >+ >+ def test_mit_EncASRepPart_FAST_support(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x7A, enc[0]) >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ flags = int(as_rep['flags'], base=2) >+ # MIT sets enc-pa-rep, flag bit 15 >+ # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >+ self.assertTrue(0x00010000 & flags) >+ >+ def test_heimdal_EncASRepPart_FAST_support(self): >+ creds = self.get_user_creds() >+ (enc, _) = self.as_req(creds) >+ self.assertEqual(0x79, enc[0]) >+ as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) >+ flags = as_rep['flags'] >+ flags = int(as_rep['flags'], base=2) >+ # Heimdal does not set enc-pa-rep, flag bit 15 >+ # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >+ self.assertFalse(0x00010000 & flags) >+ >+ def as_req(self, creds): >+ user = creds.get_username() >+ realm = creds.get_realm() >+ >+ cname = self.PrincipalName_create(name_type=1, names=[user]) >+ sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = None >+ >+ etypes = (18, 17, 23) >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ self.assertEqual(rep['msg-type'], 30) >+ self.assertEqual(rep['error-code'], 25) >+ rep_padata = self.der_decode( >+ rep['e-data'], >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == 19: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ etype_info2, >+ asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec() >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(2, pa_ts) >+ >+ kdc_options = krb5_asn1.KDCOptions('forwardable') >+ padata = [pa_ts] >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ self.assertEqual(msg_type, 11) >+ >+ usage = 3 >+ enc_part = rep['enc-part'] >+ enc_as_rep_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ return (enc_as_rep_part, enc_part) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 2f813760814..fbb9a06d99e 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -90,6 +90,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/s4u_tests.py', > 'python/samba/tests/krb5/xrealm_tests.py', > 'python/samba/tests/krb5/as_canonicalization_tests.py', >+ 'python/samba/tests/krb5/compatability_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >index e69de29bb2d..7ab56b6721b 100644 >--- a/selftest/knownfail_heimdal_kdc >+++ b/selftest/knownfail_heimdal_kdc >@@ -0,0 +1,4 @@ >+# >+# We expect all the MIT specific compatability tests to fail on heimdal >+# kerberos >+^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 00edbc0c34d..9953d51f21d 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -1,4 +1,8 @@ > # >+# We expect all the heimdal specific compatability tests to fail on MIT >+# kerberos >+^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_heimdal_ >+# > # Currently MOST but not quite all the Canonicalization tests fail on the > # MIT KDC > # >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 78b1a8494f3..76828e27d66 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1285,6 +1285,7 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > "samba4.krb5.kdc with machine account") > > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") >+planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 03911f9334e64ca0a7412613f5332270a73dd3ee Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 11:19:02 +1300 >Subject: [PATCH 047/380] tests python krb5: Add constants module > >Extract the constants used in the tests into a separate module. >To reduce code duplication > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 532c941fbb8fc5fc5da4aa2d0e170229076e9aa7) >--- > python/samba/tests/krb5/rfc4120_constants.py | 49 ++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > 2 files changed, 50 insertions(+) > create mode 100644 python/samba/tests/krb5/rfc4120_constants.py > >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >new file mode 100644 >index 00000000000..e939bb75e82 >--- /dev/null >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -0,0 +1,49 @@ >+# Unix SMB/CIFS implementation. >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+ >+# Encryption types >+AES256_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96')) >+AES128_CTS_HMAC_SHA1_96 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96')) >+ARCFOUR_HMAC_MD5 = int( >+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5')) >+ >+# Message types >+KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >+KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+ >+# PAData types >+PADATA_ENC_TIMESTAMP = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >+PADATA_ETYPE_INFO2 = int( >+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >+ >+# Error codes >+KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >+KDC_ERR_PREAUTH_FAILED = 24 >+KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_SKEW = 37 >+ >+# Name types >+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >+NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( >+ 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index fbb9a06d99e..536721a1f86 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -91,6 +91,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/xrealm_tests.py', > 'python/samba/tests/krb5/as_canonicalization_tests.py', > 'python/samba/tests/krb5/compatability_tests.py', >+ 'python/samba/tests/krb5/rfc4120_constants.py', > } > > EXCLUDE_HELP = { >-- >2.25.1 > > >From a4f77bd26a05784e93090b3721ebd1529aea2cb4 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 11:20:03 +1300 >Subject: [PATCH 048/380] tests python krb5: Refactor canonicalization test > constants > >Modify tests to use the constants defined in rfc4120_constants.py > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 97b830cbcac53fcf49bbcd272812d1ba019bac51) >--- > .../tests/krb5/as_canonicalization_tests.py | 30 +------------------ > 1 file changed, 1 insertion(+), 29 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index caa186bed41..303788b672e 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -41,6 +41,7 @@ from samba.dsdb import ( > UF_NORMAL_ACCOUNT) > from samba.samdb import SamDB > from samba.tests import delete_force, DynamicTestCase >+from samba.tests.krb5.rfc4120_constants import * > > global_asn1_print = False > global_hexdump = False >@@ -123,35 +124,6 @@ class TestData: > MACHINE_NAME = "tstkrb5cnnmch" > USER_NAME = "tstkrb5cnnusr" > >-# Encryption types >-AES256_CTS_HMAC_SHA1_96 = int( >- krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96')) >-AES128_CTS_HMAC_SHA1_96 = int( >- krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96')) >-ARCFOUR_HMAC_MD5 = int( >- krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5')) >- >-# Message types >-KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) >-KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >- >-# PAData types >-PADATA_ENC_TIMESTAMP = int( >- krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP')) >-PADATA_ETYPE_INFO2 = int( >- krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2')) >- >-# Error codes >-KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >-KDC_ERR_PREAUTH_REQUIRED = 25 >- >-# Name types >-NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >-NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >-NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >-NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-ENTERPRISE-PRINCIPAL')) >- >- > @DynamicTestCase > class KerberosASCanonicalizationTests(RawKerberosTest): > >-- >2.25.1 > > >From 93f1e420cf2d6d01aeb96b47fca5c6bea799a6f5 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 11:20:58 +1300 >Subject: [PATCH 049/380] tests python krb5: Refactor compatability test > constants > >Modify tests to use the constants defined in rfc4120_constants.py > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 82a413f48b7ef71feb68fc34f7ca753d45eb8974) >--- > .../samba/tests/krb5/compatability_tests.py | 42 ++++++++++++------- > 1 file changed, 28 insertions(+), 14 deletions(-) > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 63bd5269c2b..bf561346ab3 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -25,10 +25,17 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import * > > global_asn1_print = False > global_hexdump = False > >+HIEMDAL_ENC_AS_REP_PART_TYPE_TAG = 0x79 >+# MIT uses the EncTGSRepPart tag for the EncASRepPart >+MIT_ENC_AS_REP_PART_TYPE_TAG = 0x7A >+ >+ENC_PA_REP_FLAG = 0x00010000 >+ > > class SimpleKerberosTests(RawKerberosTest): > >@@ -40,12 +47,12 @@ class SimpleKerberosTests(RawKerberosTest): > def test_mit_EncASRepPart_tag(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x7a, enc[0]) >+ self.assertEqual(MIT_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > > def test_heimdal_EncASRepPart_tag(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x79, enc[0]) >+ self.assertEqual(HIEMDAL_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > > def test_mit_EncryptedData_kvno(self): > creds = self.get_user_creds() >@@ -62,37 +69,44 @@ class SimpleKerberosTests(RawKerberosTest): > def test_mit_EncASRepPart_FAST_support(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x7A, enc[0]) >+ self.assertEqual(MIT_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) > flags = int(as_rep['flags'], base=2) > # MIT sets enc-pa-rep, flag bit 15 > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >- self.assertTrue(0x00010000 & flags) >+ self.assertTrue(ENC_PA_REP_FLAG & flags) > > def test_heimdal_EncASRepPart_FAST_support(self): > creds = self.get_user_creds() > (enc, _) = self.as_req(creds) >- self.assertEqual(0x79, enc[0]) >+ self.assertEqual(HIEMDAL_ENC_AS_REP_PART_TYPE_TAG, enc[0]) > as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) > flags = as_rep['flags'] > flags = int(as_rep['flags'], base=2) > # Heimdal does not set enc-pa-rep, flag bit 15 > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests >- self.assertFalse(0x00010000 & flags) >+ self.assertFalse(ENC_PA_REP_FLAG & flags) > > def as_req(self, creds): > user = creds.get_username() > realm = creds.get_realm() > >- cname = self.PrincipalName_create(name_type=1, names=[user]) >- sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, >+ names=["krbtgt", realm]) > > till = self.get_KerberosTime(offset=36000) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes = (18, 17, 23) >+ etypes = ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -111,14 +125,14 @@ class SimpleKerberosTests(RawKerberosTest): > rep = self.send_recv_transaction(req) > self.assertIsNotNone(rep) > >- self.assertEqual(rep['msg-type'], 30) >- self.assertEqual(rep['error-code'], 25) >+ self.assertEqual(rep['msg-type'], KRB_ERROR) >+ self.assertEqual(rep['error-code'], KDC_ERR_PREAUTH_REQUIRED) > rep_padata = self.der_decode( > rep['e-data'], > asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: >- if pa['padata-type'] == 19: >+ if pa['padata-type'] == PADATA_ETYPE_INFO2: > etype_info2 = pa['padata-value'] > break > >@@ -136,7 +150,7 @@ class SimpleKerberosTests(RawKerberosTest): > pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > >- pa_ts = self.PA_DATA_create(2, pa_ts) >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = [pa_ts] >@@ -159,7 +173,7 @@ class SimpleKerberosTests(RawKerberosTest): > self.assertIsNotNone(rep) > > msg_type = rep['msg-type'] >- self.assertEqual(msg_type, 11) >+ self.assertEqual(msg_type, KRB_AS_REP) > > usage = 3 > enc_part = rep['enc-part'] >-- >2.25.1 > > >From 0186a9dda5e3b7a4e312efe1742d2f231ebff9b4 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 13:51:39 +1300 >Subject: [PATCH 050/380] tests python krb5: raw_testcase permit RC4 salts > >MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes >the check that a salt is not returned. A test for the difference >between MIT and Heimdal will be added in the subsequent commits. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1bab87c50baf0fecb5d4cd09e1a9896730c6377e) >--- > python/samba/tests/krb5/raw_testcase.py | 1 - > 1 file changed, 1 deletion(-) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index 45e46e0b7ba..e67f5464e59 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -425,7 +425,6 @@ class RawKerberosTest(TestCase): > pass > > if e == kcrypto.Enctype.RC4: >- self.assertIsNone(salt) > nthash = creds.get_nt_hash() > return self.SessionKey_create(etype=e, contents=nthash, kvno=kvno) > >-- >2.25.1 > > >From 74f23242a07b722a0fe472d23a5b8d609dc532cc Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Fri, 6 Nov 2020 09:07:04 +1300 >Subject: [PATCH 051/380] tests python krb5: Convert kdc-heimdal to python > >Implement the tests in source4/torture/krb5/kdc-heimdal.c in python. >The following tests were not re-implemented as they are client side >tests for the "Orpheus Lyre" attack: > TORTURE_KRB5_TEST_CHANGE_SERVER_OUT > TORTURE_KRB5_TEST_CHANGE_SERVER_IN > TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit a00a1c9745033dae05eee17cfa4e2c5354a81e68) >--- > python/samba/tests/krb5/kdc_tests.py | 219 +++++++++++++++++++++++++++ > python/samba/tests/usage.py | 1 + > source4/selftest/tests.py | 1 + > 3 files changed, 221 insertions(+) > create mode 100755 python/samba/tests/krb5/kdc_tests.py > >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >new file mode 100755 >index 00000000000..57a25448965 >--- /dev/null >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -0,0 +1,219 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import * >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class KdcTests(RawKerberosTest): >+ """ Port of the tests in source4/torture/krb5/kdc-heimdal.c >+ To python. >+ """ >+ >+ def setUp(self): >+ super(KdcTests, self).setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def as_req(self, creds, etypes, padata=None): >+ user = creds.get_username() >+ realm = creds.get_realm() >+ >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, >+ names=["krbtgt", realm]) >+ till = self.get_KerberosTime(offset=36000) >+ >+ kdc_options = 0 >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ return rep >+ >+ def get_pa_data(self, creds, rep, skew=0): >+ rep_padata = self.der_decode( >+ rep['e-data'], >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == PADATA_ETYPE_INFO2: >+ etype_info2 = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec(offset=skew) >+ pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ enc_pa_ts_usage = 1 >+ pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >+ >+ padata = [pa_ts] >+ return padata >+ >+ def check_pre_authenication(self, rep): >+ """ Check that the kdc response was pre-authentication required >+ """ >+ self.check_error_rep(rep, KDC_ERR_PREAUTH_REQUIRED) >+ >+ def check_as_reply(self, rep): >+ """ Check that the kdc response is an AS-REP and that the >+ values for: >+ msg-type >+ pvno >+ tkt-pvno >+ kvno >+ match the expected values >+ """ >+ >+ # Should have a reply, and it should an AS-REP message. >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_AS_REP) >+ >+ # Protocol version number should be 5 >+ pvno = int(rep['pvno']) >+ self.assertEqual(5, pvno) >+ >+ # The ticket version number should be 5 >+ tkt_vno = int(rep['ticket']['tkt-vno']) >+ self.assertEqual(5, tkt_vno) >+ >+ # Check that the kvno is not an RODC kvno >+ # MIT kerberos does not provide the kvno, so we treat it as optional. >+ # This is tested in compatability_test.py >+ if 'kvno' in rep['enc-part']: >+ kvno = int(rep['enc-part']['kvno']) >+ # If the high order bits are set this is an RODC kvno. >+ self.assertEqual(0, kvno & 0xFFFF0000) >+ >+ def check_error_rep(self, rep, expected): >+ """ Check that the reply is an error message, with the expected >+ error-code specified. >+ """ >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_ERROR) >+ self.assertEqual(rep['error-code'], expected) >+ >+ def test_aes256_cts_hmac_sha1_96(self): >+ creds = self.get_user_creds() >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ etype = rep['enc-part']['etype'] >+ self.assertEquals(AES256_CTS_HMAC_SHA1_96, etype) >+ >+ def test_arc4_hmac_md5(self): >+ creds = self.get_user_creds() >+ etype = (ARCFOUR_HMAC_MD5,) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ etype = rep['enc-part']['etype'] >+ self.assertEquals(ARCFOUR_HMAC_MD5, etype) >+ >+ def test_aes_rc4(self): >+ creds = self.get_user_creds() >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ etype = rep['enc-part']['etype'] >+ self.assertEquals(AES256_CTS_HMAC_SHA1_96, etype) >+ >+ def test_clock_skew(self): >+ creds = self.get_user_creds() >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep, skew=3600) >+ rep = self.as_req(creds, etype, padata=padata) >+ >+ self.check_error_rep(rep, KDC_ERR_SKEW) >+ >+ def test_invalid_password(self): >+ creds = self.insta_creds(template=self.get_user_creds()) >+ creds.set_password("Not the correct password") >+ >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ >+ rep = self.as_req(creds, etype) >+ self.check_pre_authenication(rep) >+ >+ padata = self.get_pa_data(creds, rep) >+ rep = self.as_req(creds, etype, padata=padata) >+ >+ self.check_error_rep(rep, KDC_ERR_PREAUTH_FAILED) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 536721a1f86..35abaf2dafa 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -92,6 +92,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/as_canonicalization_tests.py', > 'python/samba/tests/krb5/compatability_tests.py', > 'python/samba/tests/krb5/rfc4120_constants.py', >+ 'python/samba/tests/krb5/kdc_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 76828e27d66..f72060e9870 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1286,6 +1286,7 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") >+planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 66c868177ea79fc608f02776f9074fc19f6f3c19 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 16:56:46 +1300 >Subject: [PATCH 052/380] tests python krb5: refactor compatability tests > >Refactor to aid the adding of tests for the inclusion of a salt when >ARCFOUR_HMAC_MD5 encryption selected > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d492355f293e2da400318665035b056dfaba852c) >--- > .../samba/tests/krb5/compatability_tests.py | 24 ++++++++++++++----- > 1 file changed, 18 insertions(+), 6 deletions(-) > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index bf561346ab3..5990d2ce8df 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -87,7 +87,7 @@ class SimpleKerberosTests(RawKerberosTest): > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests > self.assertFalse(ENC_PA_REP_FLAG & flags) > >- def as_req(self, creds): >+ def as_pre_auth_req(self, creds, etypes): > user = creds.get_username() > realm = creds.get_realm() > >@@ -103,10 +103,6 @@ class SimpleKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes = ( >- AES256_CTS_HMAC_SHA1_96, >- AES128_CTS_HMAC_SHA1_96, >- ARCFOUR_HMAC_MD5) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -123,10 +119,16 @@ class SimpleKerberosTests(RawKerberosTest): > EncAuthorizationData_key=None, > additional_tickets=None) > rep = self.send_recv_transaction(req) >- self.assertIsNotNone(rep) > >+ return (rep, cname, sname, realm, till) >+ >+ def check_preauth_rep(self, rep): >+ self.assertIsNotNone(rep) > self.assertEqual(rep['msg-type'], KRB_ERROR) > self.assertEqual(rep['error-code'], KDC_ERR_PREAUTH_REQUIRED) >+ >+ def get_etype_info2(self, rep): >+ > rep_padata = self.der_decode( > rep['e-data'], > asn1Spec=krb5_asn1.METHOD_DATA()) >@@ -139,7 +141,17 @@ class SimpleKerberosTests(RawKerberosTest): > etype_info2 = self.der_decode( > etype_info2, > asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ return etype_info2 >+ >+ def as_req(self, creds): >+ etypes = ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5) >+ (rep, cname, sname, realm, till) = self.as_pre_auth_req(creds, etypes) >+ self.check_preauth_rep(rep) > >+ etype_info2 = self.get_etype_info2(rep) > key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) > > (patime, pausec) = self.get_KerberosTimeWithUsec() >-- >2.25.1 > > >From cb18851317987279cca0249feeddce85e489710c Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 10 Nov 2020 16:57:11 +1300 >Subject: [PATCH 053/380] tests python krb5: add arcfour salt tests > >MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected, >Heimdal does not. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184 > >(cherry picked from commit 2ba6d596ff0a3580eca9285fd83569bcb147ce77) >--- > .../samba/tests/krb5/compatability_tests.py | 20 +++++++++++++++++++ > 1 file changed, 20 insertions(+) > >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 5990d2ce8df..e4b1453e712 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -87,6 +87,26 @@ class SimpleKerberosTests(RawKerberosTest): > # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests > self.assertFalse(ENC_PA_REP_FLAG & flags) > >+ def test_mit_arcfour_salt(self): >+ creds = self.get_user_creds() >+ etypes = (ARCFOUR_HMAC_MD5,) >+ (rep, *_) = self.as_pre_auth_req(creds, etypes) >+ self.check_preauth_rep(rep) >+ etype_info2 = self.get_etype_info2(rep) >+ if 'salt' not in etype_info2[0]: >+ self.fail( >+ "(MIT) Salt not populated for ARCFOUR_HMAC_MD5 encryption") >+ >+ def test_heimdal_arcfour_salt(self): >+ creds = self.get_user_creds() >+ etypes = (ARCFOUR_HMAC_MD5,) >+ (rep, *_) = self.as_pre_auth_req(creds, etypes) >+ self.check_preauth_rep(rep) >+ etype_info2 = self.get_etype_info2(rep) >+ if 'salt' in etype_info2[0]: >+ self.fail( >+ "(Heimdal) Salt populated for ARCFOUR_HMAC_MD5 encryption") >+ > def as_pre_auth_req(self, creds, etypes): > user = creds.get_username() > realm = creds.get_realm() >-- >2.25.1 > > >From 573e9ad57b84033bf101c5cd3cb2acad4d89ff78 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 18 Nov 2020 14:49:28 +1300 >Subject: [PATCH 054/380] tests python krb5: Extra canonicalization tests > >Add tests that set the server name to the client name for the machine >account in the kerberos AS_REQ. This replicates the TEST_AS_REQ_SELF >test phase in source4/torture/krb5/kdc-canon-heimdal.c. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Nov 30 05:21:42 UTC 2020 on sn-devel-184 > >(cherry picked from commit 7f7e2b0e1e17321d800de787098bb2b2c8259ecd) >--- > .../tests/krb5/as_canonicalization_tests.py | 74 +++++++++----- > selftest/knownfail.d/kdc-enterprise | 26 +++++ > selftest/knownfail_mit_kdc | 96 +++++++++++++++++++ > 3 files changed, 172 insertions(+), 24 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 303788b672e..6ea3ff0491e 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -56,7 +56,8 @@ class TestOptions(Enum): > NetbiosRealm = 16 > UPN = 32 > RemoveDollar = 64 >- Last = 128 >+ AsReqSelf = 128 >+ Last = 256 > > def is_set(self, x): > return self.value & x >@@ -76,8 +77,8 @@ class TestData: > def __init__(self, options, creds): > self.options = options > self.user_creds = creds >- self.user_name = self.get_username(options, creds) >- self.realm = self.get_realm(options, creds) >+ self.user_name = self._get_username(options, creds) >+ self.realm = self._get_realm(options, creds) > > if TestOptions.Enterprise.is_set(options): > client_name_type = NT_ENTERPRISE_PRINCIPAL >@@ -86,11 +87,14 @@ class TestData: > > self.cname = RawKerberosTest.PrincipalName_create( > name_type=client_name_type, names=[self.user_name]) >- self.sname = RawKerberosTest.PrincipalName_create( >- name_type=NT_SRV_INST, names=["krbtgt", self.realm]) >+ if TestOptions.AsReqSelf.is_set(options): >+ self.sname = self.cname >+ else: >+ self.sname = RawKerberosTest.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", self.realm]) > self.canonicalize = TestOptions.Canonicalize.is_set(options) > >- def get_realm(self, options, creds): >+ def _get_realm(self, options, creds): > realm = creds.get_realm() > if TestOptions.NetbiosRealm.is_set(options): > realm = creds.get_domain() >@@ -100,7 +104,7 @@ class TestData: > realm = realm.lower() > return realm > >- def get_username(self, options, creds): >+ def _get_username(self, options, creds): > name = creds.get_username() > if TestOptions.RemoveDollar.is_set(options) and name.endswith("$"): > name = name[:-1] >@@ -135,6 +139,9 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > if ct != CredentialsType.Machine and\ > TestOptions.RemoveDollar.is_set(options): > return True >+ if ct != CredentialsType.Machine and\ >+ TestOptions.AsReqSelf.is_set(options): >+ return True > return False > > def build_test_name(ct, options): >@@ -448,26 +455,45 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > def check_sname(self, sname, data): > nt = sname['name-type'] >- self.assertEqual( >- NT_SRV_INST, >- nt, >- "sname name-type, Options {0:08b}".format(data.options)) >- > ns = sname['name-string'] > name = ns[0].decode('ascii') >- self.assertEqual( >- 'krbtgt', >- name, >- "sname principal, Options {0:08b}".format(data.options)) > >- realm = ns[1].decode('ascii') >- expected = data.realm >- if TestOptions.Canonicalize.is_set(data.options): >- expected = data.user_creds.get_realm().upper() >- self.assertEqual( >- expected, >- realm, >- "sname realm, Options {0:08b}".format(data.options)) >+ if TestOptions.AsReqSelf.is_set(data.options): >+ expected_name_type = NT_PRINCIPAL >+ if not TestOptions.Canonicalize.is_set(data.options)\ >+ and TestOptions.Enterprise.is_set(data.options): >+ >+ expected_name_type = NT_ENTERPRISE_PRINCIPAL >+ >+ self.assertEqual( >+ expected_name_type, >+ nt, >+ "sname name-type, Options {0:08b}".format(data.options)) >+ expected = data.user_name >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_username() >+ self.assertEqual( >+ expected, >+ name, >+ "sname principal, Options {0:08b}".format(data.options)) >+ else: >+ self.assertEqual( >+ NT_SRV_INST, >+ nt, >+ "sname name-type, Options {0:08b}".format(data.options)) >+ self.assertEqual( >+ 'krbtgt', >+ name, >+ "sname principal, Options {0:08b}".format(data.options)) >+ >+ realm = ns[1].decode('ascii') >+ expected = data.realm >+ if TestOptions.Canonicalize.is_set(data.options): >+ expected = data.user_creds.get_realm().upper() >+ self.assertEqual( >+ expected, >+ realm, >+ "sname realm, Options {0:08b}".format(data.options)) > > def check_srealm(self, srealm, data): > realm = data.user_creds.get_realm() >diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise >index d15d67c8af6..c9b6c98a2ee 100644 >--- a/selftest/knownfail.d/kdc-enterprise >+++ b/selftest/knownfail.d/kdc-enterprise >@@ -35,3 +35,29 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\( > >+ >+ >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index 9953d51f21d..f1a4971430e 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -174,3 +174,99 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar\( > samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(ad_dc >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_AsReqSelf\( >+^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >-- >2.25.1 > > >From 06a7429bd97934a68a916c1a97ce2b9169b624d0 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 10 Dec 2020 10:15:28 +1300 >Subject: [PATCH 055/380] tests python krb5: Add Authorization data ad-type > constants > >Add constants for the Authorization Data Type values. >RFC 4120 7.5.4. Authorization Data Types > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d74c9dcf3aaa613abfac49288f427484468bf6e1) >--- > python/samba/tests/krb5/rfc4120_constants.py | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index e939bb75e82..e1d0c5baa68 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -47,3 +47,17 @@ NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) > NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) >+ >+# Authorization data ad-type values >+ >+AD_IF_RELEVANT = 1 >+AD_INTENDED_FOR_SERVER = 2 >+AD_INTENDED_FOR_APPLICATION_CLASS = 3 >+AD_KDC_ISSUED = 4 >+AD_AND_OR = 5 >+AD_MANDATORY_TICKET_EXTENSIONS = 6 >+AD_IN_TICKET_EXTENSIONS = 7 >+AD_MANDATORY_FOR_KDC = 8 >+AD_INITIAL_VERIFIED_CAS = 9 >+AD_WIN2K_PAC = 128 >+AD_SIGNTICKET = 512 >-- >2.25.1 > > >From 6b873cf67d374902b8482f41a42bf9bd8f714d20 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Mon, 30 Nov 2020 14:16:28 +1300 >Subject: [PATCH 056/380] tests python krb5: add test base class > >Add a base class for the KDC tests to reduce the amount of code >duplication in the tests. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 0f232ed42fb2671d025643cafb19891373562e4a) >--- > python/samba/tests/krb5/kdc_base_test.py | 419 +++++++++++++++++++++++ > 1 file changed, 419 insertions(+) > create mode 100755 python/samba/tests/krb5/kdc_base_test.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >new file mode 100755 >index 00000000000..4fc7ee85ba9 >--- /dev/null >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -0,0 +1,419 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+from collections import namedtuple >+from ldb import SCOPE_BASE >+from samba import generate_random_password >+from samba.auth import system_session >+from samba.credentials import Credentials >+from samba.dcerpc import krb5pac >+from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >+from samba.ndr import ndr_unpack >+from samba.samdb import SamDB >+ >+from samba.tests import delete_force >+from samba.tests.krb5.raw_testcase import RawKerberosTest >+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >+from samba.tests.krb5.rfc4120_constants import ( >+ AD_IF_RELEVANT, >+ AD_WIN2K_PAC, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KRB_TGS_REP, >+ KRB_ERROR, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO2, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class KDCBaseTest(RawKerberosTest): >+ """ Base class for KDC tests. >+ """ >+ >+ @classmethod >+ def setUpClass(cls): >+ cls.lp = cls.get_loadparm(cls) >+ cls.username = os.environ["USERNAME"] >+ cls.password = os.environ["PASSWORD"] >+ cls.host = os.environ["SERVER"] >+ >+ c = Credentials() >+ c.set_username(cls.username) >+ c.set_password(cls.password) >+ try: >+ realm = os.environ["REALM"] >+ c.set_realm(realm) >+ except KeyError: >+ pass >+ try: >+ domain = os.environ["DOMAIN"] >+ c.set_domain(domain) >+ except KeyError: >+ pass >+ >+ c.guess() >+ >+ cls.credentials = c >+ >+ cls.session = system_session() >+ cls.ldb = SamDB(url="ldap://%s" % cls.host, >+ session_info=cls.session, >+ credentials=cls.credentials, >+ lp=cls.lp) >+ # fetch the dnsHostName from the RootDse >+ res = cls.ldb.search( >+ base="", expression="", scope=SCOPE_BASE, attrs=["dnsHostName"]) >+ cls.dns_host_name = str(res[0]['dnsHostName']) >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ self.accounts = [] >+ >+ def tearDown(self): >+ # Clean up any accounts created by create_account >+ for dn in self.accounts: >+ delete_force(self.ldb, dn) >+ >+ def create_account(self, name, machine_account=False, spn=None): >+ '''Create an account for testing. >+ The dn of the created account is added to self.accounts, >+ which is used by tearDown to clean up the created accounts. >+ ''' >+ dn = "cn=%s,%s" % (name, self.ldb.domain_dn()) >+ >+ # remove the account if it exists, this will happen if a previous test >+ # run failed >+ delete_force(self.ldb, dn) >+ if machine_account: >+ object_class = "computer" >+ account_name = "%s$" % name >+ account_control = str(UF_WORKSTATION_TRUST_ACCOUNT) >+ else: >+ object_class = "user" >+ account_name = name >+ account_control = str(UF_NORMAL_ACCOUNT) >+ >+ password = generate_random_password(32, 32) >+ utf16pw = ('"%s"' % password).encode('utf-16-le') >+ >+ details = { >+ "dn": dn, >+ "objectclass": object_class, >+ "sAMAccountName": account_name, >+ "userAccountControl": account_control, >+ "unicodePwd": utf16pw} >+ if spn is not None: >+ details["servicePrincipalName"] = spn >+ self.ldb.add(details) >+ >+ creds = Credentials() >+ creds.guess(self.lp) >+ creds.set_realm(self.ldb.domain_dns_name().upper()) >+ creds.set_domain(self.ldb.domain_netbios_name().upper()) >+ creds.set_password(password) >+ creds.set_username(account_name) >+ if machine_account: >+ creds.set_workstation(name) >+ # >+ # Save the account name so it can be deleted in the tearDown >+ self.accounts.append(dn) >+ >+ return (creds, dn) >+ >+ def as_req(self, cname, sname, realm, etypes, padata=None): >+ '''Send a Kerberos AS_REQ, returns the undecoded response >+ ''' >+ >+ till = self.get_KerberosTime(offset=36000) >+ kdc_options = 0 >+ >+ req = self.AS_REQ_create(padata=padata, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7fffffff, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None) >+ rep = self.send_recv_transaction(req) >+ return rep >+ >+ def get_as_rep_key(self, creds, rep): >+ '''Extract the session key from an AS-REP >+ ''' >+ rep_padata = self.der_decode( >+ rep['e-data'], >+ asn1Spec=krb5_asn1.METHOD_DATA()) >+ >+ for pa in rep_padata: >+ if pa['padata-type'] == PADATA_ETYPE_INFO2: >+ padata_value = pa['padata-value'] >+ break >+ >+ etype_info2 = self.der_decode( >+ padata_value, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ >+ key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) >+ return key >+ >+ def get_pa_data(self, creds, rep, skew=0): >+ '''generate the pa_data data element for an AS-REQ >+ ''' >+ key = self.get_as_rep_key(creds, rep) >+ >+ (patime, pausec) = self.get_KerberosTimeWithUsec(offset=skew) >+ padata = self.PA_ENC_TS_ENC_create(patime, pausec) >+ padata = self.der_encode(padata, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) >+ >+ usage = 1 >+ padata = self.EncryptedData_create(key, usage, padata) >+ padata = self.der_encode(padata, asn1Spec=krb5_asn1.EncryptedData()) >+ >+ padata = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, padata) >+ >+ return [padata] >+ >+ def get_as_rep_enc_data(self, key, rep): >+ ''' Decrypt and Decode the encrypted data in an AS-REP >+ ''' >+ usage = 3 >+ enc_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 >+ try: >+ enc_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncASRepPart()) >+ except Exception: >+ enc_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ >+ return enc_part >+ >+ def check_pre_authenication(self, rep): >+ """ Check that the kdc response was pre-authentication required >+ """ >+ self.check_error_rep(rep, KDC_ERR_PREAUTH_REQUIRED) >+ >+ def check_as_reply(self, rep): >+ """ Check that the kdc response is an AS-REP and that the >+ values for: >+ msg-type >+ pvno >+ tkt-pvno >+ kvno >+ match the expected values >+ """ >+ >+ # Should have a reply, and it should an AS-REP message. >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_AS_REP, "rep = {%s}" % rep) >+ >+ # Protocol version number should be 5 >+ pvno = int(rep['pvno']) >+ self.assertEqual(5, pvno, "rep = {%s}" % rep) >+ >+ # The ticket version number should be 5 >+ tkt_vno = int(rep['ticket']['tkt-vno']) >+ self.assertEqual(5, tkt_vno, "rep = {%s}" % rep) >+ >+ # Check that the kvno is not an RODC kvno >+ # MIT kerberos does not provide the kvno, so we treat it as optional. >+ # This is tested in compatability_test.py >+ if 'kvno' in rep['enc-part']: >+ kvno = int(rep['enc-part']['kvno']) >+ # If the high order bits are set this is an RODC kvno. >+ self.assertEqual(0, kvno & 0xFFFF0000, "rep = {%s}" % rep) >+ >+ def check_tgs_reply(self, rep): >+ """ Check that the kdc response is an TGS-REP and that the >+ values for: >+ msg-type >+ pvno >+ tkt-pvno >+ kvno >+ match the expected values >+ """ >+ >+ # Should have a reply, and it should an TGS-REP message. >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_TGS_REP, "rep = {%s}" % rep) >+ >+ # Protocol version number should be 5 >+ pvno = int(rep['pvno']) >+ self.assertEqual(5, pvno, "rep = {%s}" % rep) >+ >+ # The ticket version number should be 5 >+ tkt_vno = int(rep['ticket']['tkt-vno']) >+ self.assertEqual(5, tkt_vno, "rep = {%s}" % rep) >+ >+ # Check that the kvno is not an RODC kvno >+ # MIT kerberos does not provide the kvno, so we treat it as optional. >+ # This is tested in compatability_test.py >+ if 'kvno' in rep['enc-part']: >+ kvno = int(rep['enc-part']['kvno']) >+ # If the high order bits are set this is an RODC kvno. >+ self.assertEqual(0, kvno & 0xFFFF0000, "rep = {%s}" % rep) >+ >+ def check_error_rep(self, rep, expected): >+ """ Check that the reply is an error message, with the expected >+ error-code specified. >+ """ >+ self.assertIsNotNone(rep) >+ self.assertEqual(rep['msg-type'], KRB_ERROR, "rep = {%s}" % rep) >+ self.assertEqual(rep['error-code'], expected, "rep = {%s}" % rep) >+ >+ def tgs_req(self, cname, sname, realm, ticket, key, etypes): >+ '''Send a TGS-REQ, returns the response and the decrypted and >+ decoded enc-part >+ ''' >+ >+ kdc_options = "0" >+ till = self.get_KerberosTime(offset=36000) >+ padata = [] >+ >+ subkey = self.RandomKey(key.etype) >+ subkey_usage = 9 >+ >+ (ctime, cusec) = self.get_KerberosTimeWithUsec() >+ >+ req = self.TGS_REQ_create(padata=padata, >+ cusec=cusec, >+ ctime=ctime, >+ ticket=ticket, >+ kdc_options=str(kdc_options), >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=None, >+ till_time=till, >+ renew_time=None, >+ nonce=0x7ffffffe, >+ etypes=etypes, >+ addresses=None, >+ EncAuthorizationData=None, >+ EncAuthorizationData_key=None, >+ additional_tickets=None, >+ ticket_session_key=key, >+ authenticator_subkey=subkey) >+ rep = self.send_recv_transaction(req) >+ self.assertIsNotNone(rep) >+ >+ msg_type = rep['msg-type'] >+ enc_part = None >+ if msg_type == KRB_TGS_REP: >+ enc_part = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ return (rep, enc_part) >+ >+ # Named tuple to contain values of interest when the PAC is decoded. >+ PacData = namedtuple( >+ "PacData", >+ "account_name account_sid logon_name upn domain_name") >+ PAC_LOGON_INFO = 1 >+ PAC_CREDENTIAL_INFO = 2 >+ PAC_SRV_CHECKSUM = 6 >+ PAC_KDC_CHECKSUM = 7 >+ PAC_LOGON_NAME = 10 >+ PAC_CONSTRAINED_DELEGATION = 11 >+ PAC_UPN_DNS_INFO = 12 >+ >+ def get_pac_data(self, authorization_data): >+ '''Decode the PAC element contained in the authorization-data element >+ ''' >+ account_name = None >+ user_sid = None >+ logon_name = None >+ upn = None >+ domain_name = None >+ >+ # The PAC data will be wrapped in an AD_IF_RELEVANT element >+ ad_if_relevant_elements = ( >+ x for x in authorization_data if x['ad-type'] == AD_IF_RELEVANT) >+ for dt in ad_if_relevant_elements: >+ buf = self.der_decode( >+ dt['ad-data'], asn1Spec=krb5_asn1.AD_IF_RELEVANT()) >+ # The PAC data is further wrapped in a AD_WIN2K_PAC element >+ for ad in (x for x in buf if x['ad-type'] == AD_WIN2K_PAC): >+ pb = ndr_unpack(krb5pac.PAC_DATA, ad['ad-data']) >+ for pac in pb.buffers: >+ if pac.type == self.PAC_LOGON_INFO: >+ account_name = ( >+ pac.info.info.info3.base.account_name) >+ user_sid = ( >+ str(pac.info.info.info3.base.domain_sid) + >+ "-" + str(pac.info.info.info3.base.rid)) >+ elif pac.type == self.PAC_LOGON_NAME: >+ logon_name = pac.info.account_name >+ elif pac.type == self.PAC_UPN_DNS_INFO: >+ upn = pac.info.upn_name >+ domain_name = pac.info.dns_domain_name >+ >+ return self.PacData( >+ account_name, >+ user_sid, >+ logon_name, >+ upn, >+ domain_name) >+ >+ def decode_service_ticket(self, creds, ticket): >+ '''Decrypt and decode a service ticket >+ ''' >+ >+ name = creds.get_username() >+ if name.endswith('$'): >+ name = name[:-1] >+ realm = creds.get_realm() >+ salt = "%s.%s@%s" % (name, realm.lower(), realm.upper()) >+ >+ key = self.PasswordKey_create( >+ ticket['enc-part']['etype'], >+ creds.get_password(), >+ salt, >+ ticket['enc-part']['kvno']) >+ >+ enc_part = key.decrypt(2, ticket['enc-part']['cipher']) >+ enc_ticket_part = self.der_decode( >+ enc_part, asn1Spec=krb5_asn1.EncTicketPart()) >+ return enc_ticket_part >+ >+ def get_objectSid(self, dn): >+ ''' Get the objectSID for a DN >+ Note: performs an Ldb query. >+ ''' >+ res = self.ldb.search(dn, scope=SCOPE_BASE, attrs=["objectSID"]) >+ self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) >+ sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) >+ return sid.decode('utf8') >-- >2.25.1 > > >From c23166453f549e089d3270ec6d9184a0695a4c40 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Mon, 30 Nov 2020 14:19:15 +1300 >Subject: [PATCH 057/380] tests python krb5: initial TGS tests > >Initial tests on the KDC TGS > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1ed461a142f68f5de5e21b873ebddfcf5ae0ca1e) >--- > python/samba/tests/krb5/kdc_base_test.py | 1 - > python/samba/tests/krb5/kdc_tgs_tests.py | 210 +++++++++++++++++++ > python/samba/tests/krb5/rfc4120_constants.py | 2 + > python/samba/tests/usage.py | 2 + > selftest/knownfail_mit_kdc | 5 + > source4/selftest/tests.py | 3 + > 6 files changed, 222 insertions(+), 1 deletion(-) > mode change 100755 => 100644 python/samba/tests/krb5/kdc_base_test.py > create mode 100755 python/samba/tests/krb5/kdc_tgs_tests.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >old mode 100755 >new mode 100644 >index 4fc7ee85ba9..1a823d173e3 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -1,4 +1,3 @@ >-#!/usr/bin/env python3 > # Unix SMB/CIFS implementation. > # Copyright (C) Stefan Metzmacher 2020 > # Copyright (C) 2020 Catalyst.Net Ltd >diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py >new file mode 100755 >index 00000000000..23a1d868a79 >--- /dev/null >+++ b/python/samba/tests/krb5/kdc_tgs_tests.py >@@ -0,0 +1,210 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KRB_ERROR, >+ KDC_ERR_BADMATCH, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class KdcTgsTests(KDCBaseTest): >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def test_tgs_req_cname_does_not_not_match_authenticator_cname(self): >+ ''' Try and obtain a ticket from the TGS, but supply a cname >+ that differs from that provided to the krbtgt >+ ''' >+ # Create the user account >+ user_name = "tsttktusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a service ticket, but use a cname that does not match >+ # that in the original AS-REQ >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ ticket = rep['ticket'] >+ >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=["Administrator"]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=["host", self.dns_host_name]) >+ >+ (rep, enc_part) = self.tgs_req(cname, sname, realm, ticket, key, etype) >+ >+ self.assertIsNone( >+ enc_part, >+ "rep = {%s}, enc_part = {%s}" % (rep, enc_part)) >+ self.assertEqual(KRB_ERROR, rep['msg-type'], "rep = {%s}" % rep) >+ self.assertEqual( >+ KDC_ERR_BADMATCH, >+ rep['error-code'], >+ "rep = {%s}" % rep) >+ >+ def test_ldap_service_ticket(self): >+ '''Get a ticket to the ldap service >+ ''' >+ # Create the user account >+ user_name = "tsttktusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96,) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ ticket = rep['ticket'] >+ >+ # Request a ticket to the ldap service >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, >+ names=["ldap", self.dns_host_name]) >+ >+ (rep, _) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ >+ self.check_tgs_reply(rep) >+ >+ def test_get_ticket_for_host_service_of_machine_account(self): >+ >+ # Create a user and machine account for the test. >+ # >+ user_name = "tsttktusr" >+ (uc, dn) = self.create_account(user_name) >+ (mc, _) = self.create_account("tsttktmac", machine_account=True) >+ realm = uc.get_realm().lower() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ >+ pac_data = self.get_pac_data(enc_part['authorization-data']) >+ sid = self.get_objectSid(dn) >+ upn = "%s@%s" % (uc.get_username(), realm) >+ self.assertEqual( >+ uc.get_username(), >+ str(pac_data.account_name), >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ uc.get_username(), >+ pac_data.logon_name, >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ uc.get_realm(), >+ pac_data.domain_name, >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ upn, >+ pac_data.upn, >+ "rep = {%s},%s" % (rep, pac_data)) >+ self.assertEqual( >+ sid, >+ pac_data.account_sid, >+ "rep = {%s},%s" % (rep, pac_data)) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = True >+ global_hexdump = True >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index e1d0c5baa68..19bb6691d43 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -28,6 +28,7 @@ ARCFOUR_HMAC_MD5 = int( > # Message types > KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error')) > KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep')) >+KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep')) > > # PAData types > PADATA_ENC_TIMESTAMP = int( >@@ -39,6 +40,7 @@ PADATA_ETYPE_INFO2 = int( > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 > KDC_ERR_PREAUTH_FAILED = 24 > KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_BADMATCH = 36 > KDC_ERR_SKEW = 37 > > # Name types >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 35abaf2dafa..222d1dbfa41 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -93,6 +93,8 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/compatability_tests.py', > 'python/samba/tests/krb5/rfc4120_constants.py', > 'python/samba/tests/krb5/kdc_tests.py', >+ 'python/samba/tests/krb5/kdc_base_test.py', >+ 'python/samba/tests/krb5/kdc_tgs_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index f1a4971430e..e64303c6b0f 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -270,3 +270,8 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > ^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_RemoveDollar_AsReqSelf\( > ^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_AsReqSelf\( > ^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_UpperUserName_UPN_RemoveDollar_AsReqSelf\( >+# >+# MIT currently returns an error code of 12 KRB5KDC_ERR_POLICY: KDC policy rejects request, to the >+# following tests >+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\) >+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index f72060e9870..b2a09b3ecb2 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1287,6 +1287,9 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests") > planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") >+planpythontestsuite( >+ "ad_dc", >+ "samba.tests.krb5.kdc_tgs_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 92d6db2c1ac72eead9a6b5b385152c451b02f140 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 10 Dec 2020 16:26:06 +1300 >Subject: [PATCH 058/380] tests python krb5: Add key usage constants > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit d8ed73b75ad67da99be392b2db18fe2e1ffed87f) >--- > python/samba/tests/krb5/rfc4120_constants.py | 50 ++++++++++++++++++++ > 1 file changed, 50 insertions(+) > >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 19bb6691d43..9de56578c99 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -63,3 +63,53 @@ AD_MANDATORY_FOR_KDC = 8 > AD_INITIAL_VERIFIED_CAS = 9 > AD_WIN2K_PAC = 128 > AD_SIGNTICKET = 512 >+ >+# Key usage numbers >+# RFC 4120 Section 7.5.1. Key Usage Numbers >+KU_PA_ENC_TIMESTAMP = 1 >+''' AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the >+ client key (section 5.2.7.2) ''' >+KU_TICKET = 2 >+''' AS-REP Ticket and TGS-REP Ticket (includes tgs session key or >+ application session key), encrypted with the service key >+ (section 5.3) ''' >+KU_AS_REP_ENC_PART = 3 >+''' AS-REP encrypted part (includes tgs session key or application >+ session key), encrypted with the client key (section 5.4.2) ''' >+KU_TGS_REQ_AUTH_DAT_SESSION = 4 >+''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs >+ session key (section 5.4.1) ''' >+KU_TGS_REQ_AUTH_DAT_SUBKEY = 5 >+''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs >+ authenticator subkey (section 5.4.1) ''' >+KU_TGS_REQ_AUTH_CKSUM = 6 >+''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed >+ with the tgs session key (section 5.5.1) ''' >+KU_TGS_REQ_AUTH = 7 >+''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs >+ authenticator subkey), encrypted with the tgs session key >+ (section 5.5.1) ''' >+KU_TGS_REP_ENC_PART_SESSION = 8 >+''' TGS-REP encrypted part (includes application session key), >+ encrypted with the tgs session key (section 5.4.2) ''' >+KU_TGS_REP_ENC_PART_SUB_KEY = 9 >+''' TGS-REP encrypted part (includes application session key), >+ encrypted with the tgs authenticator subkey (section 5.4.2) ''' >+KU_AP_REQ_AUTH_CKSUM = 10 >+''' AP-REQ Authenticator cksum, keyed with the application session >+ key (section 5.5.1) ''' >+KU_AP_REQ_AUTH = 11 >+''' AP-REQ Authenticator (includes application authenticator >+ subkey), encrypted with the application session key (section 5.5.1) ''' >+KU_AP_REQ_ENC_PART = 12 >+''' AP-REP encrypted part (includes application session subkey), >+ encrypted with the application session key (section 5.5.2) ''' >+KU_KRB_PRIV = 13 >+''' KRB-PRIV encrypted part, encrypted with a key chosen by the >+ application (section 5.7.1) ''' >+KU_KRB_CRED = 14 >+''' KRB-CRED encrypted part, encrypted with a key chosen by the >+ application (section 5.8.1) ''' >+KU_KRB_SAFE_CKSUM = 15 >+''' KRB-SAFE cksum, keyed with a key chosen by the application >+ (section 5.6.1) ''' >-- >2.25.1 > > >From 827e21e2653310af463dd1df186065d6b16a74c1 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 10 Dec 2020 16:27:17 +1300 >Subject: [PATCH 059/380] tests python krb5: use key usage constants > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 03676a4a5c55ab5f4958a86cbd4d7be0f0a8a294) >--- > .../tests/krb5/as_canonicalization_tests.py | 5 ++--- > python/samba/tests/krb5/compatability_tests.py | 7 +++---- > python/samba/tests/krb5/kdc_base_test.py | 16 +++++++++------- > python/samba/tests/krb5/kdc_tests.py | 3 +-- > python/samba/tests/krb5/s4u_tests.py | 15 +++++++++------ > python/samba/tests/krb5/simple_tests.py | 15 +++++++++------ > python/samba/tests/krb5/xrealm_tests.py | 15 +++++++++------ > 7 files changed, 42 insertions(+), 34 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index 6ea3ff0491e..e89b40eab8f 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -367,8 +367,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >@@ -413,7 +412,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > self.assertEqual(msg_type, KRB_AS_REP, "Data {0}".format(str(data))) > > # Decrypt and decode the EncKdcRepPart >- enc = key.decrypt(3, rep['enc-part']['cipher']) >+ enc = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > if enc[0] == 0x7A: > # MIT Kerberos Tags the EncASRepPart as a EncKDCRepPart > # i.e. tag number 26 instead of tag number 25 >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index e4b1453e712..0b3701cd60d 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -178,8 +178,7 @@ class SimpleKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >@@ -207,9 +206,9 @@ class SimpleKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, KRB_AS_REP) > >- usage = 3 > enc_part = rep['enc-part'] >- enc_as_rep_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_as_rep_part = key.decrypt( >+ KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > return (enc_as_rep_part, enc_part) > > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1a823d173e3..e835d389f1c 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -41,6 +41,10 @@ from samba.tests.krb5.rfc4120_constants import ( > KRB_AS_REP, > KRB_TGS_REP, > KRB_ERROR, >+ KU_AS_REP_ENC_PART, >+ KU_PA_ENC_TIMESTAMP, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+ KU_TICKET, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO2, > ) >@@ -196,8 +200,7 @@ class KDCBaseTest(RawKerberosTest): > padata = self.PA_ENC_TS_ENC_create(patime, pausec) > padata = self.der_encode(padata, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- usage = 1 >- padata = self.EncryptedData_create(key, usage, padata) >+ padata = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, padata) > padata = self.der_encode(padata, asn1Spec=krb5_asn1.EncryptedData()) > > padata = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, padata) >@@ -207,8 +210,7 @@ class KDCBaseTest(RawKerberosTest): > def get_as_rep_enc_data(self, key, rep): > ''' Decrypt and Decode the encrypted data in an AS-REP > ''' >- usage = 3 >- enc_part = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > # MIT KDC encodes both EncASRepPart and EncTGSRepPart with > # application tag 26 > try: >@@ -303,7 +305,6 @@ class KDCBaseTest(RawKerberosTest): > padata = [] > > subkey = self.RandomKey(key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -332,7 +333,8 @@ class KDCBaseTest(RawKerberosTest): > msg_type = rep['msg-type'] > enc_part = None > if msg_type == KRB_TGS_REP: >- enc_part = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part = self.der_decode( > enc_part, asn1Spec=krb5_asn1.EncTGSRepPart()) > return (rep, enc_part) >@@ -403,7 +405,7 @@ class KDCBaseTest(RawKerberosTest): > salt, > ticket['enc-part']['kvno']) > >- enc_part = key.decrypt(2, ticket['enc-part']['cipher']) >+ enc_part = key.decrypt(KU_TICKET, ticket['enc-part']['cipher']) > enc_ticket_part = self.der_decode( > enc_part, asn1Spec=krb5_asn1.EncTicketPart()) > return enc_ticket_part >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >index 57a25448965..17b9d154bd9 100755 >--- a/python/samba/tests/krb5/kdc_tests.py >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -91,8 +91,7 @@ class KdcTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(PADATA_ENC_TIMESTAMP, pa_ts) >diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py >index ae38635c53b..2e1bd3fbe1f 100755 >--- a/python/samba/tests/krb5/s4u_tests.py >+++ b/python/samba/tests/krb5/s4u_tests.py >@@ -25,6 +25,11 @@ os.environ["PYTHONUNBUFFERED"] = "1" > from samba.tests import env_get_var_value > from samba.tests.krb5.kcrypto import Cksumtype > from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.rfc4120_constants import ( >+ KU_PA_ENC_TIMESTAMP, >+ KU_AS_REP_ENC_PART, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+) > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > > global_asn1_print = False >@@ -86,8 +91,7 @@ class S4UKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(2, pa_ts) >@@ -115,8 +119,7 @@ class S4UKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 11) > >- usage = 3 >- enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > > # S4U2Self Request >@@ -135,7 +138,6 @@ class S4UKerberosTests(RawKerberosTest): > padata = [pa_s4u] > > subkey = self.RandomKey(ticket_session_key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -163,7 +165,8 @@ class S4UKerberosTests(RawKerberosTest): > > msg_type = rep['msg-type'] > if msg_type == 13: >- enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return msg_type >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 236fbda1cd5..6c090af3d46 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -23,6 +23,11 @@ sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.rfc4120_constants import ( >+ KU_AS_REP_ENC_PART, >+ KU_PA_ENC_TIMESTAMP, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+) > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > > global_asn1_print = False >@@ -84,8 +89,7 @@ class SimpleKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(2, pa_ts) >@@ -113,8 +117,7 @@ class SimpleKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 11) > >- usage = 3 >- enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > > # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 > try: >@@ -134,7 +137,6 @@ class SimpleKerberosTests(RawKerberosTest): > padata = [] > > subkey = self.RandomKey(ticket_session_key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -163,7 +165,8 @@ class SimpleKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 13) > >- enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return >diff --git a/python/samba/tests/krb5/xrealm_tests.py b/python/samba/tests/krb5/xrealm_tests.py >index 64064b8a670..b4a02bff33a 100755 >--- a/python/samba/tests/krb5/xrealm_tests.py >+++ b/python/samba/tests/krb5/xrealm_tests.py >@@ -23,6 +23,11 @@ sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest >+from samba.tests.krb5.rfc4120_constants import ( >+ KU_PA_ENC_TIMESTAMP, >+ KU_AS_REP_ENC_PART, >+ KU_TGS_REP_ENC_PART_SUB_KEY, >+) > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > import samba.tests > >@@ -85,8 +90,7 @@ class XrealmKerberosTests(RawKerberosTest): > pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.PA_ENC_TS_ENC()) > >- enc_pa_ts_usage = 1 >- pa_ts = self.EncryptedData_create(key, enc_pa_ts_usage, pa_ts) >+ pa_ts = self.EncryptedData_create(key, KU_PA_ENC_TIMESTAMP, pa_ts) > pa_ts = self.der_encode(pa_ts, asn1Spec=krb5_asn1.EncryptedData()) > > pa_ts = self.PA_DATA_create(2, pa_ts) >@@ -114,8 +118,7 @@ class XrealmKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 11) > >- usage = 3 >- enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) >+ enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > > # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 > try: >@@ -134,7 +137,6 @@ class XrealmKerberosTests(RawKerberosTest): > padata = [] > > subkey = self.RandomKey(ticket_session_key.etype) >- subkey_usage = 9 > > (ctime, cusec) = self.get_KerberosTimeWithUsec() > >@@ -163,7 +165,8 @@ class XrealmKerberosTests(RawKerberosTest): > msg_type = rep['msg-type'] > self.assertEqual(msg_type, 13) > >- enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) >+ enc_part2 = subkey.decrypt( >+ KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) > enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # Check the forwardable flag >-- >2.25.1 > > >From c139411bf2beeb3e95025c8ec29788dea7ba006c Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Fri, 11 Dec 2020 11:55:01 +1300 >Subject: [PATCH 060/380] tests python krb5: PEP8 cleanups > >Fix all the PEP8 warnings in samba/tests/krb5. With the exception of >rfc4120_pyasn1.py, which is generated from rfc4120.asn1. > >As these tests are new, it makes sense to ensure that they conform to >PEP8. And set an aspirational goal for the rest of our python code. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Gary Lockyer <gary@samba.org> >Autobuild-Date(master): Mon Dec 21 21:29:28 UTC 2020 on sn-devel-184 > >(cherry picked from commit c00d537526ca881c540ff66e703ad9c96dd1face) >--- > .../tests/krb5/as_canonicalization_tests.py | 54 ++- > .../samba/tests/krb5/compatability_tests.py | 24 +- > python/samba/tests/krb5/kcrypto.py | 67 +-- > python/samba/tests/krb5/kdc_base_test.py | 4 +- > python/samba/tests/krb5/kdc_tests.py | 17 +- > python/samba/tests/krb5/raw_testcase.py | 409 +++++++++++------- > python/samba/tests/krb5/rfc4120_constants.py | 32 +- > python/samba/tests/krb5/s4u_tests.py | 19 +- > python/samba/tests/krb5/simple_tests.py | 24 +- > python/samba/tests/krb5/xrealm_tests.py | 26 +- > 10 files changed, 413 insertions(+), 263 deletions(-) > >diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py >index e89b40eab8f..43f532dc483 100755 >--- a/python/samba/tests/krb5/as_canonicalization_tests.py >+++ b/python/samba/tests/krb5/as_canonicalization_tests.py >@@ -31,8 +31,6 @@ import samba > from samba.auth import system_session > from samba.credentials import ( > Credentials, >- CLI_CRED_NTLMv2_AUTH, >- CLI_CRED_NTLM_AUTH, > DONT_USE_KERBEROS) > from samba.dcerpc.misc import SEC_CHAN_WKSTA > from samba.dsdb import ( >@@ -41,7 +39,20 @@ from samba.dsdb import ( > UF_NORMAL_ACCOUNT) > from samba.samdb import SamDB > from samba.tests import delete_force, DynamicTestCase >-from samba.tests.krb5.rfc4120_constants import * >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ AES128_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KU_AS_REP_ENC_PART, >+ KRB_ERROR, >+ KU_PA_ENC_TIMESTAMP, >+ PADATA_ENC_TIMESTAMP, >+ NT_ENTERPRISE_PRINCIPAL, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) > > global_asn1_print = False > global_hexdump = False >@@ -49,15 +60,15 @@ global_hexdump = False > > @unique > class TestOptions(Enum): >- Canonicalize = 1 >- Enterprise = 2 >- UpperRealm = 4 >- UpperUserName = 8 >- NetbiosRealm = 16 >- UPN = 32 >- RemoveDollar = 64 >- AsReqSelf = 128 >- Last = 256 >+ Canonicalize = 1 >+ Enterprise = 2 >+ UpperRealm = 4 >+ UpperUserName = 8 >+ NetbiosRealm = 16 >+ UPN = 32 >+ RemoveDollar = 64 >+ AsReqSelf = 128 >+ Last = 256 > > def is_set(self, x): > return self.value & x >@@ -65,7 +76,7 @@ class TestOptions(Enum): > > @unique > class CredentialsType(Enum): >- User = 1 >+ User = 1 > Machine = 2 > > def is_set(self, x): >@@ -126,7 +137,8 @@ class TestData: > > > MACHINE_NAME = "tstkrb5cnnmch" >-USER_NAME = "tstkrb5cnnusr" >+USER_NAME = "tstkrb5cnnusr" >+ > > @DynamicTestCase > class KerberosASCanonicalizationTests(RawKerberosTest): >@@ -160,21 +172,21 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > > @classmethod > def setUpClass(cls): >- cls.lp = cls.get_loadparm(cls) >+ cls.lp = cls.get_loadparm(cls) > cls.username = os.environ["USERNAME"] > cls.password = os.environ["PASSWORD"] >- cls.host = os.environ["SERVER"] >+ cls.host = os.environ["SERVER"] > > c = Credentials() > c.set_username(cls.username) > c.set_password(cls.password) > try: >- realm = os.environ["REALM"] >+ realm = os.environ["REALM"] > c.set_realm(realm) > except KeyError: > pass > try: >- domain = os.environ["DOMAIN"] >+ domain = os.environ["DOMAIN"] > c.set_domain(domain) > except KeyError: > pass >@@ -200,7 +212,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > def setUp(self): > super(KerberosASCanonicalizationTests, self).setUp() > self.do_asn1_print = global_asn1_print >- self.do_hexdump = global_hexdump >+ self.do_hexdump = global_hexdump > > # > # Create a test user account >@@ -340,7 +352,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > # > # Check the protocol version, should be 5 > self.assertEqual( >- rep['pvno'], 5, "Data {0}".format(str(data))) >+ rep['pvno'], 5, "Data {0}".format(str(data))) > > self.assertEqual( > rep['msg-type'], KRB_ERROR, "Data {0}".format(str(data))) >@@ -397,7 +409,7 @@ class KerberosASCanonicalizationTests(RawKerberosTest): > # > # Check the protocol version, should be 5 > self.assertEqual( >- rep['pvno'], 5, "Data {0}".format(str(data))) >+ rep['pvno'], 5, "Data {0}".format(str(data))) > > msg_type = rep['msg-type'] > # Should not have got an error. >diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py >index 0b3701cd60d..5a1ef02ef80 100755 >--- a/python/samba/tests/krb5/compatability_tests.py >+++ b/python/samba/tests/krb5/compatability_tests.py >@@ -25,7 +25,20 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >-from samba.tests.krb5.rfc4120_constants import * >+from samba.tests.krb5.rfc4120_constants import ( >+ AES128_CTS_HMAC_SHA1_96, >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KRB_AS_REP, >+ KRB_ERROR, >+ KU_AS_REP_ENC_PART, >+ KU_PA_ENC_TIMESTAMP, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO2, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) > > global_asn1_print = False > global_hexdump = False >@@ -112,18 +125,17 @@ class SimpleKerberosTests(RawKerberosTest): > realm = creds.get_realm() > > cname = self.PrincipalName_create( >- name_type=NT_PRINCIPAL, >- names=[user]) >+ name_type=NT_PRINCIPAL, >+ names=[user]) > sname = self.PrincipalName_create( >- name_type=NT_SRV_INST, >- names=["krbtgt", realm]) >+ name_type=NT_SRV_INST, >+ names=["krbtgt", realm]) > > till = self.get_KerberosTime(offset=36000) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), > cname=cname, >diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >index 2572fa5bab3..23502d7bb62 100755 >--- a/python/samba/tests/krb5/kcrypto.py >+++ b/python/samba/tests/krb5/kcrypto.py >@@ -64,6 +64,7 @@ from samba.credentials import Credentials > from samba import generate_random_bytes as get_random_bytes > from samba.compat import get_string, get_bytes > >+ > class Enctype(object): > DES_CRC = 1 > DES_MD4 = 2 >@@ -112,26 +113,30 @@ def _mac_equal(mac1, mac2): > res |= x ^ y > return res == 0 > >+ > def SIMPLE_HASH(string, algo_cls): > hash_ctx = hashes.Hash(algo_cls(), default_backend()) > hash_ctx.update(string) > return hash_ctx.finalize() > >+ > def HMAC_HASH(key, string, algo_cls): > hmac_ctx = hmac.HMAC(key, algo_cls(), default_backend()) > hmac_ctx.update(string) > return hmac_ctx.finalize() > >+ > def _nfold(str, nbytes): > # Convert str to a string of length nbytes using the RFC 3961 nfold > # operation. > > # Rotate the bytes in str to the right by nbits bits. > def rotate_right(str, nbits): >- nbytes, remain = (nbits//8) % len(str), nbits % 8 >- return bytes([(str[i-nbytes] >> remain) | >- (str[i-nbytes-1] << (8-remain) & 0xff) >- for i in range(len(str))]) >+ nbytes, remain = (nbits // 8) % len(str), nbits % 8 >+ return bytes([ >+ (str[i - nbytes] >> remain) >+ | (str[i - nbytes - 1] << (8 - remain) & 0xff) >+ for i in range(len(str))]) > > # Add equal-length strings together with end-around carry. > def add_ones_complement(str1, str2): >@@ -139,7 +144,7 @@ def _nfold(str, nbytes): > v = [a + b for a, b in zip(str1, str2)] > # Propagate carry bits to the left until there aren't any left. > while any(x & ~0xff for x in v): >- v = [(v[i-n+1]>>8) + (v[i]&0xff) for i in range(n)] >+ v = [(v[i - n + 1] >> 8) + (v[i] & 0xff) for i in range(n)] > return bytes([x for x in v]) > > # Concatenate copies of str to produce the least common multiple >@@ -150,7 +155,7 @@ def _nfold(str, nbytes): > slen = len(str) > lcm = nbytes * slen // gcd(nbytes, slen) > bigstr = b''.join((rotate_right(str, 13 * i) for i in range(lcm // slen))) >- slices = (bigstr[p:p+nbytes] for p in range(0, lcm, nbytes)) >+ slices = (bigstr[p:p + nbytes] for p in range(0, lcm, nbytes)) > return reduce(add_ones_complement, slices) > > >@@ -275,7 +280,7 @@ class _DES3CBC(_SimplifiedEnctype): > return b if bin(b & ~1).count('1') % 2 else b | 1 > assert len(seed) == 7 > firstbytes = [parity(b & ~1) for b in seed] >- lastbyte = parity(sum((seed[i]&1) << i+1 for i in range(7))) >+ lastbyte = parity(sum((seed[i] & 1) << i + 1 for i in range(7))) > keybytes = bytes([b for b in firstbytes + [lastbyte]]) > if _is_weak_des_key(keybytes): > keybytes[7] = bytes([keybytes[7] ^ 0xF0]) >@@ -369,7 +374,7 @@ class _AESEnctype(_SimplifiedEnctype): > if len(ciphertext) == 16: > return aes_decrypt(ciphertext) > # Split the ciphertext into blocks. The last block may be partial. >- cblocks = [ciphertext[p:p+16] for p in range(0, len(ciphertext), 16)] >+ cblocks = [ciphertext[p:p + 16] for p in range(0, len(ciphertext), 16)] > lastlen = len(cblocks[-1]) > # CBC-decrypt all but the last two blocks. > prev_cblock = bytes(16) >@@ -383,7 +388,7 @@ class _AESEnctype(_SimplifiedEnctype): > # will be the omitted bytes of ciphertext from the final > # block. > b = aes_decrypt(cblocks[-2]) >- lastplaintext =_xorbytes(b[:lastlen], cblocks[-1]) >+ lastplaintext = _xorbytes(b[:lastlen], cblocks[-1]) > omitted = b[lastlen:] > # Decrypt the final cipher block plus the omitted bytes to get > # the second-to-last plaintext block. >@@ -433,7 +438,8 @@ class _RC4(_EnctypeProfile): > cksum = HMAC_HASH(ki, confounder + plaintext, hashes.MD5) > ke = HMAC_HASH(ki, cksum, hashes.MD5) > >- encryptor = Cipher(ciphers.ARC4(ke), None, default_backend()).encryptor() >+ encryptor = Cipher( >+ ciphers.ARC4(ke), None, default_backend()).encryptor() > ctext = encryptor.update(confounder + plaintext) > > return cksum + ctext >@@ -446,7 +452,8 @@ class _RC4(_EnctypeProfile): > ki = HMAC_HASH(key.contents, cls.usage_str(keyusage), hashes.MD5) > ke = HMAC_HASH(ki, cksum, hashes.MD5) > >- decryptor = Cipher(ciphers.ARC4(ke), None, default_backend()).decryptor() >+ decryptor = Cipher( >+ ciphers.ARC4(ke), None, default_backend()).decryptor() > basic_plaintext = decryptor.update(basic_ctext) > > exp_cksum = HMAC_HASH(ki, basic_plaintext, hashes.MD5) >@@ -636,14 +643,14 @@ def verify_checksum(cksumtype, key, keyusage, text, cksum): > c.verify(key, keyusage, text, cksum) > > >-def prfplus(key, pepper, l): >- # Produce l bytes of output using the RFC 6113 PRF+ function. >+def prfplus(key, pepper, ln): >+ # Produce ln bytes of output using the RFC 6113 PRF+ function. > out = b'' > count = 1 >- while len(out) < l: >+ while len(out) < ln: > out += prf(key, bytes([count]) + pepper) > count += 1 >- return out[:l] >+ return out[:ln] > > > def cf2(enctype, key1, key2, pepper1, pepper2): >@@ -653,9 +660,11 @@ def cf2(enctype, key1, key2, pepper1, pepper2): > return e.random_to_key(_xorbytes(prfplus(key1, pepper1, e.seedsize), > prfplus(key2, pepper2, e.seedsize))) > >+ > def h(hexstr): > return bytes.fromhex(hexstr) > >+ > class KcrytoTest(TestCase): > """kcrypto Test case.""" > >@@ -665,20 +674,21 @@ class KcrytoTest(TestCase): > conf = h('94B491F481485B9A0678CD3C4EA386AD') > keyusage = 2 > plain = b'9 bytesss' >- ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7CD2E' >- 'C26C355D2F') >+ ctxt = h('68FB9679601F45C78857B2BF820FD6E53ECA8D42FD4B1D7024A09205ABB7' >+ 'CD2EC26C355D2F') > k = Key(Enctype.AES128, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), plain) > > def test_aes256_crypt(self): > # AES256 encrypt and decrypt >- kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B1404231398') >+ kb = h('F1C795E9248A09338D82C3F8D5B567040B0110736845041347235B14042313' >+ '98') > conf = h('E45CA518B42E266AD98E165E706FFB60') > keyusage = 4 > plain = b'30 bytes bytes bytes bytes byt' >- ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3D79A' >- '295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') >+ ctxt = h('D1137A4D634CFECE924DBC3BF6790648BD5CFF7DE0E7B99460211D0DAEF3' >+ 'D79A295C688858F3B34B9CBD6EEBAE81DAF6B734D4D498B6714F1C1D') > k = Key(Enctype.AES256, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), plain) >@@ -694,7 +704,8 @@ class KcrytoTest(TestCase): > > def test_aes256_checksum(self): > # AES256 checksum >- kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7') >+ kb = h('B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBC' >+ 'FEA4EC76D7') > keyusage = 4 > plain = b'fourteen' > cksum = h('E08739E3279E2903EC8E3836') >@@ -715,7 +726,8 @@ class KcrytoTest(TestCase): > string = b'X' * 64 > salt = b'pass phrase equals block size' > params = h('000004B0') >- kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56C553BA4B34') >+ kb = h('89ADEE3608DB8BC71F1BFBFE459486B05618B70CBAE22092534E56' >+ 'C553BA4B34') > k = string_to_key(Enctype.AES256, string, salt, params) > self.assertEqual(k.contents, kb) > >@@ -741,7 +753,8 @@ class KcrytoTest(TestCase): > > def test_aes256_cf2(self): > # AES256 cf2 >- kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5E72B1C7B') >+ kb = h('4D6CA4E629785C1F01BAF55E2E548566B9617AE3A96868C337CB93B5' >+ 'E72B1C7B') > k1 = string_to_key(Enctype.AES256, b'key1', b'key1') > k2 = string_to_key(Enctype.AES256, b'key2', b'key2') > k = cf2(Enctype.AES256, k1, k2, b'a', b'b') >@@ -753,8 +766,8 @@ class KcrytoTest(TestCase): > conf = h('94690A17B2DA3C9B') > keyusage = 3 > plain = b'13 bytes byte' >- ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F705E8' >- '49CB7781D76A316B193F8D30') >+ ctxt = h('839A17081ECBAFBCDC91B88C6955DD3C4514023CF177B77BF0D0177A16F7' >+ '05E849CB7781D76A316B193F8D30') > k = Key(Enctype.DES3, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), _zeropad(plain, 8)) >@@ -790,8 +803,8 @@ class KcrytoTest(TestCase): > conf = h('37245E73A45FBF72') > keyusage = 4 > plain = b'30 bytes bytes bytes bytes byt' >- ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0F260' >- 'A99F0460508DE0CECC632D07C354124E46C5D2234EB8') >+ ctxt = h('95F9047C3AD75891C2E9B04B16566DC8B6EB9CE4231AFB2542EF87A7B5A0' >+ 'F260A99F0460508DE0CECC632D07C354124E46C5D2234EB8') > k = Key(Enctype.RC4, kb) > self.assertEqual(encrypt(k, keyusage, plain, conf), ctxt) > self.assertEqual(decrypt(k, keyusage, ctxt), plain) >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index e835d389f1c..bef5458c881 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -374,8 +374,8 @@ class KDCBaseTest(RawKerberosTest): > account_name = ( > pac.info.info.info3.base.account_name) > user_sid = ( >- str(pac.info.info.info3.base.domain_sid) + >- "-" + str(pac.info.info.info3.base.rid)) >+ str(pac.info.info.info3.base.domain_sid) >+ + "-" + str(pac.info.info.info3.base.rid)) > elif pac.type == self.PAC_LOGON_NAME: > logon_name = pac.info.account_name > elif pac.type == self.PAC_UPN_DNS_INFO: >diff --git a/python/samba/tests/krb5/kdc_tests.py b/python/samba/tests/krb5/kdc_tests.py >index 17b9d154bd9..c7c53953a86 100755 >--- a/python/samba/tests/krb5/kdc_tests.py >+++ b/python/samba/tests/krb5/kdc_tests.py >@@ -25,7 +25,20 @@ os.environ["PYTHONUNBUFFERED"] = "1" > > from samba.tests.krb5.raw_testcase import RawKerberosTest > import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 >-from samba.tests.krb5.rfc4120_constants import * >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ KDC_ERR_PREAUTH_FAILED, >+ KDC_ERR_PREAUTH_REQUIRED, >+ KDC_ERR_SKEW, >+ KRB_AS_REP, >+ KRB_ERROR, >+ KU_PA_ENC_TIMESTAMP, >+ PADATA_ENC_TIMESTAMP, >+ PADATA_ETYPE_INFO2, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+) > > global_asn1_print = False > global_hexdump = False >@@ -83,7 +96,7 @@ class KdcTests(RawKerberosTest): > break > > etype_info2 = self.der_decode( >- etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) > >diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py >index e67f5464e59..82e68ee7019 100644 >--- a/python/samba/tests/krb5/raw_testcase.py >+++ b/python/samba/tests/krb5/raw_testcase.py >@@ -35,7 +35,10 @@ from pyasn1.codec.native.decoder import decode as pyasn1_native_decode > from pyasn1.codec.native.encoder import encode as pyasn1_native_encode > > from pyasn1.codec.ber.encoder import BitStringEncoder as BitStringEncoder >-def BitStringEncoder_encodeValue32(self, value, asn1Spec, encodeFun, **options): >+ >+ >+def BitStringEncoder_encodeValue32( >+ self, value, asn1Spec, encodeFun, **options): > # > # BitStrings like KDCOptions or TicketFlags should at least > # be 32-Bit on the wire >@@ -59,14 +62,17 @@ def BitStringEncoder_encodeValue32(self, value, asn1Spec, encodeFun, **options): > padding = 0 > ret = b'\x00' + substrate + (b'\x00' * padding) > return ret, False, True >+ >+ > BitStringEncoder.encodeValue = BitStringEncoder_encodeValue32 > >+ > def BitString_NamedValues_prettyPrint(self, scope=0): > ret = "%s" % self.asBinary() > bits = [] > highest_bit = 32 > for byte in self.asNumbers(): >- for bit in [7,6,5,4,3,2,1,0]: >+ for bit in [7, 6, 5, 4, 3, 2, 1, 0]: > mask = 1 << bit > if byte & mask: > val = 1 >@@ -89,12 +95,21 @@ def BitString_NamedValues_prettyPrint(self, scope=0): > delim = ",\n%s " % indent > ret += "\n%s)" % indent > return ret >-krb5_asn1.TicketFlags.prettyPrintNamedValues = krb5_asn1.TicketFlagsValues.namedValues >-krb5_asn1.TicketFlags.namedValues = krb5_asn1.TicketFlagsValues.namedValues >-krb5_asn1.TicketFlags.prettyPrint = BitString_NamedValues_prettyPrint >-krb5_asn1.KDCOptions.prettyPrintNamedValues = krb5_asn1.KDCOptionsValues.namedValues >-krb5_asn1.KDCOptions.namedValues = krb5_asn1.KDCOptionsValues.namedValues >-krb5_asn1.KDCOptions.prettyPrint = BitString_NamedValues_prettyPrint >+ >+ >+krb5_asn1.TicketFlags.prettyPrintNamedValues =\ >+ krb5_asn1.TicketFlagsValues.namedValues >+krb5_asn1.TicketFlags.namedValues =\ >+ krb5_asn1.TicketFlagsValues.namedValues >+krb5_asn1.TicketFlags.prettyPrint =\ >+ BitString_NamedValues_prettyPrint >+krb5_asn1.KDCOptions.prettyPrintNamedValues =\ >+ krb5_asn1.KDCOptionsValues.namedValues >+krb5_asn1.KDCOptions.namedValues =\ >+ krb5_asn1.KDCOptionsValues.namedValues >+krb5_asn1.KDCOptions.prettyPrint =\ >+ BitString_NamedValues_prettyPrint >+ > > def Integer_NamedValues_prettyPrint(self, scope=0): > intval = int(self) >@@ -104,16 +119,29 @@ def Integer_NamedValues_prettyPrint(self, scope=0): > name = "<__unknown__>" > ret = "%d (0x%x) %s" % (intval, intval, name) > return ret >-krb5_asn1.NameType.prettyPrintNamedValues = krb5_asn1.NameTypeValues.namedValues >-krb5_asn1.NameType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.AuthDataType.prettyPrintNamedValues = krb5_asn1.AuthDataTypeValues.namedValues >-krb5_asn1.AuthDataType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.PADataType.prettyPrintNamedValues = krb5_asn1.PADataTypeValues.namedValues >-krb5_asn1.PADataType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.EncryptionType.prettyPrintNamedValues = krb5_asn1.EncryptionTypeValues.namedValues >-krb5_asn1.EncryptionType.prettyPrint = Integer_NamedValues_prettyPrint >-krb5_asn1.ChecksumType.prettyPrintNamedValues = krb5_asn1.ChecksumTypeValues.namedValues >-krb5_asn1.ChecksumType.prettyPrint = Integer_NamedValues_prettyPrint >+ >+ >+krb5_asn1.NameType.prettyPrintNamedValues =\ >+ krb5_asn1.NameTypeValues.namedValues >+krb5_asn1.NameType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.AuthDataType.prettyPrintNamedValues =\ >+ krb5_asn1.AuthDataTypeValues.namedValues >+krb5_asn1.AuthDataType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.PADataType.prettyPrintNamedValues =\ >+ krb5_asn1.PADataTypeValues.namedValues >+krb5_asn1.PADataType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.EncryptionType.prettyPrintNamedValues =\ >+ krb5_asn1.EncryptionTypeValues.namedValues >+krb5_asn1.EncryptionType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+krb5_asn1.ChecksumType.prettyPrintNamedValues =\ >+ krb5_asn1.ChecksumTypeValues.namedValues >+krb5_asn1.ChecksumType.prettyPrint =\ >+ Integer_NamedValues_prettyPrint >+ > > class Krb5EncryptionKey(object): > def __init__(self, key, kvno): >@@ -146,9 +174,10 @@ class Krb5EncryptionKey(object): > EncryptionKey_obj = { > 'keytype': self.etype, > 'keyvalue': self.key.contents, >- }; >+ } > return EncryptionKey_obj > >+ > class RawKerberosTest(TestCase): > """A raw Kerberos Test case.""" > >@@ -182,13 +211,13 @@ class RawKerberosTest(TestCase): > self.s = socket.socket(self.a[0][0], self.a[0][1], self.a[0][2]) > self.s.settimeout(10) > self.s.connect(self.a[0][4]) >- except socket.error as e: >+ except socket.error: > self.s.close() > raise >- except IOError as e: >+ except IOError: > self.s.close() > raise >- except Exception as e: >+ except Exception: > raise > finally: > pass >@@ -219,8 +248,9 @@ class RawKerberosTest(TestCase): > domain = samba.tests.env_get_var_value('DOMAIN') > realm = samba.tests.env_get_var_value('REALM') > username = samba.tests.env_get_var_value('SERVICE_USERNAME') >- password = samba.tests.env_get_var_value('SERVICE_PASSWORD', >- allow_missing=allow_missing_password) >+ password = samba.tests.env_get_var_value( >+ 'SERVICE_PASSWORD', >+ allow_missing=allow_missing_password) > c.set_domain(domain) > c.set_realm(realm) > c.set_username(username) >@@ -246,21 +276,34 @@ class RawKerberosTest(TestCase): > if hexdump is None: > hexdump = self.do_hexdump > if hexdump: >- sys.stderr.write("%s: %d\n%s" % (name, len(blob), self.hexdump(blob))) >- >- def der_decode(self, blob, asn1Spec=None, native_encode=True, asn1_print=None, hexdump=None): >+ sys.stderr.write( >+ "%s: %d\n%s" % (name, len(blob), self.hexdump(blob))) >+ >+ def der_decode( >+ self, >+ blob, >+ asn1Spec=None, >+ native_encode=True, >+ asn1_print=None, >+ hexdump=None): > if asn1Spec is not None: > class_name = type(asn1Spec).__name__.split(':')[0] > else: > class_name = "<None-asn1Spec>" > self.hex_dump(class_name, blob, hexdump=hexdump) >- obj,_ = pyasn1_der_decode(blob, asn1Spec=asn1Spec) >+ obj, _ = pyasn1_der_decode(blob, asn1Spec=asn1Spec) > self.asn1_dump(None, obj, asn1_print=asn1_print) > if native_encode: > obj = pyasn1_native_encode(obj) > return obj > >- def der_encode(self, obj, asn1Spec=None, native_decode=True, asn1_print=None, hexdump=None): >+ def der_encode( >+ self, >+ obj, >+ asn1Spec=None, >+ native_decode=True, >+ asn1_print=None, >+ hexdump=None): > if native_decode: > obj = pyasn1_native_decode(obj, asn1Spec=asn1Spec) > class_name = type(obj).__name__.split(':')[0] >@@ -273,7 +316,8 @@ class RawKerberosTest(TestCase): > > def send_pdu(self, req, asn1_print=None, hexdump=None): > try: >- k5_pdu = self.der_encode(req, native_decode=False, asn1_print=asn1_print, hexdump=False) >+ k5_pdu = self.der_encode( >+ req, native_decode=False, asn1_print=asn1_print, hexdump=False) > header = struct.pack('>I', len(k5_pdu)) > req_pdu = header > req_pdu += k5_pdu >@@ -304,7 +348,7 @@ class RawKerberosTest(TestCase): > self._disconnect("recv_raw: EOF") > return None > self.hex_dump("recv_raw", rep_pdu, hexdump=hexdump) >- except socket.timeout as e: >+ except socket.timeout: > self.s.settimeout(10) > sys.stderr.write("recv_raw: TIMEOUT\n") > pass >@@ -322,7 +366,8 @@ class RawKerberosTest(TestCase): > rep_pdu = None > rep = None > try: >- raw_pdu = self.recv_raw(num_recv=4, hexdump=hexdump, timeout=timeout) >+ raw_pdu = self.recv_raw( >+ num_recv=4, hexdump=hexdump, timeout=timeout) > if raw_pdu is None: > return (None, None) > header = struct.unpack(">I", raw_pdu[0:4]) >@@ -332,22 +377,27 @@ class RawKerberosTest(TestCase): > missing = k5_len > rep_pdu = b'' > while missing > 0: >- raw_pdu = self.recv_raw(num_recv=missing, hexdump=hexdump, timeout=timeout) >+ raw_pdu = self.recv_raw( >+ num_recv=missing, hexdump=hexdump, timeout=timeout) > self.assertGreaterEqual(len(raw_pdu), 1) > rep_pdu += raw_pdu > missing = k5_len - len(rep_pdu) >- k5_raw = self.der_decode(rep_pdu, asn1Spec=None, native_encode=False, >- asn1_print=False, hexdump=False) >- pvno=k5_raw['field-0'] >+ k5_raw = self.der_decode( >+ rep_pdu, >+ asn1Spec=None, >+ native_encode=False, >+ asn1_print=False, >+ hexdump=False) >+ pvno = k5_raw['field-0'] > self.assertEqual(pvno, 5) >- msg_type=k5_raw['field-1'] >- self.assertIn(msg_type, [11,13,30]) >+ msg_type = k5_raw['field-1'] >+ self.assertIn(msg_type, [11, 13, 30]) > if msg_type == 11: >- asn1Spec=krb5_asn1.AS_REP() >+ asn1Spec = krb5_asn1.AS_REP() > elif msg_type == 13: >- asn1Spec=krb5_asn1.TGS_REP() >+ asn1Spec = krb5_asn1.TGS_REP() > elif msg_type == 30: >- asn1Spec=krb5_asn1.KRB_ERROR() >+ asn1Spec = krb5_asn1.KRB_ERROR() > rep = self.der_decode(rep_pdu, asn1Spec=asn1Spec, > asn1_print=asn1_print, hexdump=False) > finally: >@@ -368,11 +418,17 @@ class RawKerberosTest(TestCase): > self.assertIsNone(self.s, msg="Is connected") > return > >- def send_recv_transaction(self, req, asn1_print=None, hexdump=None, timeout=None): >+ def send_recv_transaction( >+ self, >+ req, >+ asn1_print=None, >+ hexdump=None, >+ timeout=None): > self.connect() > try: > self.send_pdu(req, asn1_print=asn1_print, hexdump=hexdump) >- rep = self.recv_pdu(asn1_print=asn1_print, hexdump=hexdump, timeout=timeout) >+ rep = self.recv_pdu( >+ asn1_print=asn1_print, hexdump=hexdump, timeout=timeout) > except Exception: > self._disconnect("transaction failed") > raise >@@ -389,11 +445,15 @@ class RawKerberosTest(TestCase): > > def assertPrincipalEqual(self, princ1, princ2): > self.assertEqual(princ1['name-type'], princ2['name-type']) >- self.assertEqual(len(princ1['name-string']), len(princ2['name-string']), >- msg="princ1=%s != princ2=%s" % (princ1, princ2)) >+ self.assertEqual( >+ len(princ1['name-string']), >+ len(princ2['name-string']), >+ msg="princ1=%s != princ2=%s" % (princ1, princ2)) > for idx in range(len(princ1['name-string'])): >- self.assertEqual(princ1['name-string'][idx], princ2['name-string'][idx], >- msg="princ1=%s != princ2=%s" % (princ1, princ2)) >+ self.assertEqual( >+ princ1['name-string'][idx], >+ princ2['name-string'][idx], >+ msg="princ1=%s != princ2=%s" % (princ1, princ2)) > return > > def get_KerberosTimeWithUsec(self, epoch=None, offset=None): >@@ -421,7 +481,7 @@ class RawKerberosTest(TestCase): > salt = None > try: > salt = etype_info2['salt'] >- except: >+ except Exception: > pass > > if e == kcrypto.Enctype.RC4: >@@ -429,7 +489,8 @@ class RawKerberosTest(TestCase): > return self.SessionKey_create(etype=e, contents=nthash, kvno=kvno) > > password = creds.get_password() >- return self.PasswordKey_create(etype=e, pwd=password, salt=salt, kvno=kvno) >+ return self.PasswordKey_create( >+ etype=e, pwd=password, salt=salt, kvno=kvno) > > def RandomKey(self, etype): > e = kcrypto._get_enctype_profile(etype) >@@ -452,14 +513,14 @@ class RawKerberosTest(TestCase): > 'cipher': ciphertext > } > if key.kvno is not None: >- EncryptedData_obj['kvno'] = key.kvno >+ EncryptedData_obj['kvno'] = key.kvno > return EncryptedData_obj > > def Checksum_create(self, key, usage, plaintext, ctype=None): >- #Checksum ::= SEQUENCE { >+ # Checksum ::= SEQUENCE { > # cksumtype [0] Int32, > # checksum [1] OCTET STRING >- #} >+ # } > if ctype is None: > ctype = key.ctype > checksum = key.make_checksum(usage, plaintext, ctype=ctype) >@@ -494,10 +555,10 @@ class RawKerberosTest(TestCase): > return PA_DATA_obj > > def PA_ENC_TS_ENC_create(self, ts, usec): >- #PA-ENC-TS-ENC ::= SEQUENCE { >+ # PA-ENC-TS-ENC ::= SEQUENCE { > # patimestamp[0] KerberosTime, -- client's time > # pausec[1] krb5int32 OPTIONAL >- #} >+ # } > PA_ENC_TS_ENC_obj = { > 'patimestamp': ts, > 'pausec': usec, >@@ -520,7 +581,7 @@ class RawKerberosTest(TestCase): > additional_tickets, > asn1_print=None, > hexdump=None): >- #KDC-REQ-BODY ::= SEQUENCE { >+ # KDC-REQ-BODY ::= SEQUENCE { > # kdc-options [0] KDCOptions, > # cname [1] PrincipalName OPTIONAL > # -- Used only in AS-REQ --, >@@ -532,20 +593,23 @@ class RawKerberosTest(TestCase): > # till [5] KerberosTime, > # rtime [6] KerberosTime OPTIONAL, > # nonce [7] UInt32, >- # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # etype [8] SEQUENCE OF Int32 >+ # -- EncryptionType > # -- in preference order --, > # addresses [9] HostAddresses OPTIONAL, > # enc-authorization-data [10] EncryptedData OPTIONAL > # -- AuthorizationData --, > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty >- #} >+ # } > if EncAuthorizationData is not None: >- enc_ad_plain = self.der_encode(EncAuthorizationData, >- asn1Spec=krb5_asn1.AuthorizationData(), >- asn1_print=asn1_print, >- hexdump=hexdump) >- enc_ad = self.EncryptedData_create(EncAuthorizationData_key, enc_ad_plain) >+ enc_ad_plain = self.der_encode( >+ EncAuthorizationData, >+ asn1Spec=krb5_asn1.AuthorizationData(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ enc_ad = self.EncryptedData_create( >+ EncAuthorizationData_key, enc_ad_plain) > else: > enc_ad = None > KDC_REQ_BODY_obj = { >@@ -590,14 +654,14 @@ class RawKerberosTest(TestCase): > asn1Spec=None, > asn1_print=None, > hexdump=None): >- #KDC-REQ ::= SEQUENCE { >+ # KDC-REQ ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] > # pvno [1] INTEGER (5) , > # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), > # padata [3] SEQUENCE OF PA-DATA OPTIONAL > # -- NOTE: not empty --, > # req-body [4] KDC-REQ-BODY >- #} >+ # } > # > KDC_REQ_BODY_obj = self.KDC_REQ_BODY_create(kdc_options, > cname, >@@ -622,39 +686,40 @@ class RawKerberosTest(TestCase): > if padata is not None: > KDC_REQ_obj['padata'] = padata > if asn1Spec is not None: >- KDC_REQ_decoded = pyasn1_native_decode(KDC_REQ_obj, asn1Spec=asn1Spec) >+ KDC_REQ_decoded = pyasn1_native_decode( >+ KDC_REQ_obj, asn1Spec=asn1Spec) > else: > KDC_REQ_decoded = None > return KDC_REQ_obj, KDC_REQ_decoded > > def AS_REQ_create(self, >- padata, # optional >- kdc_options, # required >- cname, # optional >- realm, # required >- sname, # optional >- from_time, # optional >- till_time, # required >- renew_time, # optional >- nonce, # required >- etypes, # required >- addresses, # optional >+ padata, # optional >+ kdc_options, # required >+ cname, # optional >+ realm, # required >+ sname, # optional >+ from_time, # optional >+ till_time, # required >+ renew_time, # optional >+ nonce, # required >+ etypes, # required >+ addresses, # optional > EncAuthorizationData, > EncAuthorizationData_key, > additional_tickets, > native_decoded_only=True, > asn1_print=None, > hexdump=None): >- #KDC-REQ ::= SEQUENCE { >+ # KDC-REQ ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] > # pvno [1] INTEGER (5) , > # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), > # padata [3] SEQUENCE OF PA-DATA OPTIONAL > # -- NOTE: not empty --, > # req-body [4] KDC-REQ-BODY >- #} >+ # } > # >- #KDC-REQ-BODY ::= SEQUENCE { >+ # KDC-REQ-BODY ::= SEQUENCE { > # kdc-options [0] KDCOptions, > # cname [1] PrincipalName OPTIONAL > # -- Used only in AS-REQ --, >@@ -666,32 +731,34 @@ class RawKerberosTest(TestCase): > # till [5] KerberosTime, > # rtime [6] KerberosTime OPTIONAL, > # nonce [7] UInt32, >- # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # etype [8] SEQUENCE OF Int32 >+ # -- EncryptionType > # -- in preference order --, > # addresses [9] HostAddresses OPTIONAL, > # enc-authorization-data [10] EncryptedData OPTIONAL > # -- AuthorizationData --, > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty >- #} >- obj,decoded = self.KDC_REQ_create(msg_type=10, >- padata=padata, >- kdc_options=kdc_options, >- cname=cname, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >- asn1Spec=krb5_asn1.AS_REQ(), >- asn1_print=asn1_print, >- hexdump=hexdump) >+ # } >+ obj, decoded = self.KDC_REQ_create( >+ msg_type=10, >+ padata=padata, >+ kdc_options=kdc_options, >+ cname=cname, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets, >+ asn1Spec=krb5_asn1.AS_REQ(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) > if native_decoded_only: > return decoded > return decoded, obj >@@ -703,7 +770,7 @@ class RawKerberosTest(TestCase): > # ap-options [2] APOptions, > # ticket [3] Ticket, > # authenticator [4] EncryptedData -- Authenticator >- #} >+ # } > AP_REQ_obj = { > 'pvno': 5, > 'msg-type': 14, >@@ -713,8 +780,9 @@ class RawKerberosTest(TestCase): > } > return AP_REQ_obj > >- def Authenticator_create(self, crealm, cname, cksum, cusec, ctime, subkey, seq_number, >- authorization_data): >+ def Authenticator_create( >+ self, crealm, cname, cksum, cusec, ctime, subkey, seq_number, >+ authorization_data): > # -- Unencrypted authenticator > # Authenticator ::= [APPLICATION 2] SEQUENCE { > # authenticator-vno [0] INTEGER (5), >@@ -726,7 +794,7 @@ class RawKerberosTest(TestCase): > # subkey [6] EncryptionKey OPTIONAL, > # seq-number [7] UInt32 OPTIONAL, > # authorization-data [8] AuthorizationData OPTIONAL >- #} >+ # } > Authenticator_obj = { > 'authenticator-vno': 5, > 'crealm': crealm, >@@ -745,20 +813,20 @@ class RawKerberosTest(TestCase): > return Authenticator_obj > > def TGS_REQ_create(self, >- padata, # optional >+ padata, # optional > cusec, > ctime, > ticket, >- kdc_options, # required >- cname, # optional >- realm, # required >- sname, # optional >- from_time, # optional >- till_time, # required >- renew_time, # optional >- nonce, # required >- etypes, # required >- addresses, # optional >+ kdc_options, # required >+ cname, # optional >+ realm, # required >+ sname, # optional >+ from_time, # optional >+ till_time, # required >+ renew_time, # optional >+ nonce, # required >+ etypes, # required >+ addresses, # optional > EncAuthorizationData, > EncAuthorizationData_key, > additional_tickets, >@@ -768,16 +836,16 @@ class RawKerberosTest(TestCase): > native_decoded_only=True, > asn1_print=None, > hexdump=None): >- #KDC-REQ ::= SEQUENCE { >+ # KDC-REQ ::= SEQUENCE { > # -- NOTE: first tag is [1], not [0] > # pvno [1] INTEGER (5) , > # msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), > # padata [3] SEQUENCE OF PA-DATA OPTIONAL > # -- NOTE: not empty --, > # req-body [4] KDC-REQ-BODY >- #} >+ # } > # >- #KDC-REQ-BODY ::= SEQUENCE { >+ # KDC-REQ-BODY ::= SEQUENCE { > # kdc-options [0] KDCOptions, > # cname [1] PrincipalName OPTIONAL > # -- Used only in AS-REQ --, >@@ -789,50 +857,57 @@ class RawKerberosTest(TestCase): > # till [5] KerberosTime, > # rtime [6] KerberosTime OPTIONAL, > # nonce [7] UInt32, >- # etype [8] SEQUENCE OF Int32 -- EncryptionType >+ # etype [8] SEQUENCE OF Int32 >+ # -- EncryptionType > # -- in preference order --, > # addresses [9] HostAddresses OPTIONAL, > # enc-authorization-data [10] EncryptedData OPTIONAL > # -- AuthorizationData --, > # additional-tickets [11] SEQUENCE OF Ticket OPTIONAL > # -- NOTE: not empty >- #} >- >- req_body = self.KDC_REQ_BODY_create(kdc_options=kdc_options, >- cname=None, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets) >+ # } >+ >+ req_body = self.KDC_REQ_BODY_create( >+ kdc_options=kdc_options, >+ cname=None, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets) > req_body = self.der_encode(req_body, asn1Spec=krb5_asn1.KDC_REQ_BODY(), > asn1_print=asn1_print, hexdump=hexdump) > >- req_body_checksum = self.Checksum_create(ticket_session_key, 6, req_body, >- ctype=body_checksum_type) >+ req_body_checksum = self.Checksum_create( >+ ticket_session_key, 6, req_body, ctype=body_checksum_type) > > subkey_obj = None > if authenticator_subkey is not None: > subkey_obj = authenticator_subkey.export_obj() > seq_number = random.randint(0, 0xfffffffe) >- authenticator = self.Authenticator_create(crealm=realm, >- cname=cname, >- cksum=req_body_checksum, >- cusec=cusec, >- ctime=ctime, >- subkey=subkey_obj, >- seq_number=seq_number, >- authorization_data=None) >- authenticator = self.der_encode(authenticator, asn1Spec=krb5_asn1.Authenticator(), >- asn1_print=asn1_print, hexdump=hexdump) >- >- authenticator = self.EncryptedData_create(ticket_session_key, 7, authenticator) >+ authenticator = self.Authenticator_create( >+ crealm=realm, >+ cname=cname, >+ cksum=req_body_checksum, >+ cusec=cusec, >+ ctime=ctime, >+ subkey=subkey_obj, >+ seq_number=seq_number, >+ authorization_data=None) >+ authenticator = self.der_encode( >+ authenticator, >+ asn1Spec=krb5_asn1.Authenticator(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) >+ >+ authenticator = self.EncryptedData_create( >+ ticket_session_key, 7, authenticator) > > ap_options = krb5_asn1.APOptions('0') > ap_req = self.AP_REQ_create(ap_options=str(ap_options), >@@ -846,24 +921,25 @@ class RawKerberosTest(TestCase): > else: > padata = [pa_tgs_req] > >- obj,decoded = self.KDC_REQ_create(msg_type=12, >- padata=padata, >- kdc_options=kdc_options, >- cname=None, >- realm=realm, >- sname=sname, >- from_time=from_time, >- till_time=till_time, >- renew_time=renew_time, >- nonce=nonce, >- etypes=etypes, >- addresses=addresses, >- EncAuthorizationData=EncAuthorizationData, >- EncAuthorizationData_key=EncAuthorizationData_key, >- additional_tickets=additional_tickets, >- asn1Spec=krb5_asn1.TGS_REQ(), >- asn1_print=asn1_print, >- hexdump=hexdump) >+ obj, decoded = self.KDC_REQ_create( >+ msg_type=12, >+ padata=padata, >+ kdc_options=kdc_options, >+ cname=None, >+ realm=realm, >+ sname=sname, >+ from_time=from_time, >+ till_time=till_time, >+ renew_time=renew_time, >+ nonce=nonce, >+ etypes=etypes, >+ addresses=addresses, >+ EncAuthorizationData=EncAuthorizationData, >+ EncAuthorizationData_key=EncAuthorizationData_key, >+ additional_tickets=additional_tickets, >+ asn1Spec=krb5_asn1.TGS_REQ(), >+ asn1_print=asn1_print, >+ hexdump=hexdump) > if native_decoded_only: > return decoded > return decoded, obj >@@ -888,5 +964,6 @@ class RawKerberosTest(TestCase): > 'cksum': cksum, > 'auth': "Kerberos", > } >- pa_s4u2self = self.der_encode(PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) >+ pa_s4u2self = self.der_encode( >+ PA_S4U2Self_obj, asn1Spec=krb5_asn1.PA_S4U2Self()) > return self.PA_DATA_create(129, pa_s4u2self) >diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py >index 9de56578c99..5bbf1229d09 100644 >--- a/python/samba/tests/krb5/rfc4120_constants.py >+++ b/python/samba/tests/krb5/rfc4120_constants.py >@@ -38,31 +38,31 @@ PADATA_ETYPE_INFO2 = int( > > # Error codes > KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 >-KDC_ERR_PREAUTH_FAILED = 24 >-KDC_ERR_PREAUTH_REQUIRED = 25 >-KDC_ERR_BADMATCH = 36 >-KDC_ERR_SKEW = 37 >+KDC_ERR_PREAUTH_FAILED = 24 >+KDC_ERR_PREAUTH_REQUIRED = 25 >+KDC_ERR_BADMATCH = 36 >+KDC_ERR_SKEW = 37 > > # Name types >-NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) >+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN')) > NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL')) >-NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) >+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST')) > NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues( > 'kRB5-NT-ENTERPRISE-PRINCIPAL')) > > # Authorization data ad-type values > >-AD_IF_RELEVANT = 1 >-AD_INTENDED_FOR_SERVER = 2 >+AD_IF_RELEVANT = 1 >+AD_INTENDED_FOR_SERVER = 2 > AD_INTENDED_FOR_APPLICATION_CLASS = 3 >-AD_KDC_ISSUED = 4 >-AD_AND_OR = 5 >-AD_MANDATORY_TICKET_EXTENSIONS = 6 >-AD_IN_TICKET_EXTENSIONS = 7 >-AD_MANDATORY_FOR_KDC = 8 >-AD_INITIAL_VERIFIED_CAS = 9 >-AD_WIN2K_PAC = 128 >-AD_SIGNTICKET = 512 >+AD_KDC_ISSUED = 4 >+AD_AND_OR = 5 >+AD_MANDATORY_TICKET_EXTENSIONS = 6 >+AD_IN_TICKET_EXTENSIONS = 7 >+AD_MANDATORY_FOR_KDC = 8 >+AD_INITIAL_VERIFIED_CAS = 9 >+AD_WIN2K_PAC = 128 >+AD_SIGNTICKET = 512 > > # Key usage numbers > # RFC 4120 Section 7.5.1. Key Usage Numbers >diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py >index 2e1bd3fbe1f..30a58d6345a 100755 >--- a/python/samba/tests/krb5/s4u_tests.py >+++ b/python/samba/tests/krb5/s4u_tests.py >@@ -35,6 +35,7 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > global_asn1_print = False > global_hexdump = False > >+ > class S4UKerberosTests(RawKerberosTest): > > def setUp(self): >@@ -55,7 +56,7 @@ class S4UKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes=(18,17,23) >+ etypes = (18, 17, 23) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -76,14 +77,16 @@ class S4UKerberosTests(RawKerberosTest): > > self.assertEqual(rep['msg-type'], 30) > self.assertEqual(rep['error-code'], 25) >- rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: > if pa['padata-type'] == 19: > etype_info2 = pa['padata-value'] > break > >- etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(service_creds, etype_info2[0]) > >@@ -120,7 +123,8 @@ class S4UKerberosTests(RawKerberosTest): > self.assertEqual(msg_type, 11) > > enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > > # S4U2Self Request > sname = cname >@@ -167,11 +171,13 @@ class S4UKerberosTests(RawKerberosTest): > if msg_type == 13: > enc_part2 = subkey.decrypt( > KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return msg_type > >- # Using the checksum type from the tgt_session_key happens to work everywhere >+ # Using the checksum type from the tgt_session_key happens to work >+ # everywhere > def test_s4u2self(self): > msg_type = self._test_s4u2self() > self.assertEqual(msg_type, 13) >@@ -193,6 +199,7 @@ class S4UKerberosTests(RawKerberosTest): > msg_type = self._test_s4u2self(pa_s4u2self_ctype=Cksumtype.CRC32) > self.assertEqual(msg_type, 30) > >+ > if __name__ == "__main__": > global_asn1_print = True > global_hexdump = True >diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/simple_tests.py >index 6c090af3d46..889b91a9bf0 100755 >--- a/python/samba/tests/krb5/simple_tests.py >+++ b/python/samba/tests/krb5/simple_tests.py >@@ -33,6 +33,7 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > global_asn1_print = False > global_hexdump = False > >+ > class SimpleKerberosTests(RawKerberosTest): > > def setUp(self): >@@ -53,7 +54,7 @@ class SimpleKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes=(18,17,23) >+ etypes = (18, 17, 23) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -74,14 +75,16 @@ class SimpleKerberosTests(RawKerberosTest): > > self.assertEqual(rep['msg-type'], 30) > self.assertEqual(rep['error-code'], 25) >- rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: > if pa['padata-type'] == 19: > etype_info2 = pa['padata-value'] > break > >- etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) > >@@ -119,17 +122,21 @@ class SimpleKerberosTests(RawKerberosTest): > > enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > >- # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 > try: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > except Exception: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # TGS Request > service_creds = self.get_service_creds(allow_missing_password=True) > service_name = service_creds.get_username() > >- sname = self.PrincipalName_create(name_type=2, names=["host", service_name]) >+ sname = self.PrincipalName_create( >+ name_type=2, names=["host", service_name]) > kdc_options = krb5_asn1.KDCOptions('forwardable') > till = self.get_KerberosTime(offset=36000) > ticket = rep['ticket'] >@@ -167,7 +174,8 @@ class SimpleKerberosTests(RawKerberosTest): > > enc_part2 = subkey.decrypt( > KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > return > >diff --git a/python/samba/tests/krb5/xrealm_tests.py b/python/samba/tests/krb5/xrealm_tests.py >index b4a02bff33a..efb953bdf7e 100755 >--- a/python/samba/tests/krb5/xrealm_tests.py >+++ b/python/samba/tests/krb5/xrealm_tests.py >@@ -34,6 +34,7 @@ import samba.tests > global_asn1_print = False > global_hexdump = False > >+ > class XrealmKerberosTests(RawKerberosTest): > > def setUp(self): >@@ -54,7 +55,7 @@ class XrealmKerberosTests(RawKerberosTest): > kdc_options = krb5_asn1.KDCOptions('forwardable') > padata = None > >- etypes=(18,17,23) >+ etypes = (18, 17, 23) > > req = self.AS_REQ_create(padata=padata, > kdc_options=str(kdc_options), >@@ -75,14 +76,16 @@ class XrealmKerberosTests(RawKerberosTest): > > self.assertEqual(rep['msg-type'], 30) > self.assertEqual(rep['error-code'], 25) >- rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) >+ rep_padata = self.der_decode( >+ rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) > > for pa in rep_padata: > if pa['padata-type'] == 19: > etype_info2 = pa['padata-value'] > break > >- etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) >+ etype_info2 = self.der_decode( >+ etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) > > key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) > >@@ -120,15 +123,19 @@ class XrealmKerberosTests(RawKerberosTest): > > enc_part2 = key.decrypt(KU_AS_REP_ENC_PART, rep['enc-part']['cipher']) > >- # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 >+ # MIT KDC encodes both EncASRepPart and EncTGSRepPart with >+ # application tag 26 > try: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) > except Exception: >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # TGS Request (for cross-realm TGT) > trust_realm = samba.tests.env_get_var_value('TRUST_REALM') >- sname = self.PrincipalName_create(name_type=2, names=["krbtgt", trust_realm]) >+ sname = self.PrincipalName_create( >+ name_type=2, names=["krbtgt", trust_realm]) > > kdc_options = krb5_asn1.KDCOptions('forwardable') > till = self.get_KerberosTime(offset=36000) >@@ -167,10 +174,11 @@ class XrealmKerberosTests(RawKerberosTest): > > enc_part2 = subkey.decrypt( > KU_TGS_REP_ENC_PART_SUB_KEY, rep['enc-part']['cipher']) >- enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) >+ enc_part2 = self.der_decode( >+ enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) > > # Check the forwardable flag >- fwd_pos = len(tuple(krb5_asn1.TicketFlags('forwardable'))) -1 >+ fwd_pos = len(tuple(krb5_asn1.TicketFlags('forwardable'))) - 1 > assert(krb5_asn1.TicketFlags(enc_part2['flags'])[fwd_pos]) > > return >-- >2.25.1 > > >From 02edeb45860dc5676003dcca9629d7eea96c75ec Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 16 Apr 2021 17:22:12 +0200 >Subject: [PATCH 061/380] librpc: Add py_descriptor_richcmp() equality function > >Only a python3 version. Do we still need the python2 flavor? > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 439b7ccdc1b1c91c66c1a7c83e340fa044c26377) >--- > source4/librpc/ndr/py_security.c | 37 ++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > >diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c >index 26989c1a433..0b8a1c66b7a 100644 >--- a/source4/librpc/ndr/py_security.c >+++ b/source4/librpc/ndr/py_security.c >@@ -309,9 +309,46 @@ static PyMethodDef py_descriptor_extra_methods[] = { > { NULL } > }; > >+static PyObject *py_descriptor_richcmp( >+ PyObject *py_self, PyObject *py_other, int op) >+{ >+ struct security_descriptor *self = pytalloc_get_ptr(py_self); >+ struct security_descriptor *other = pytalloc_get_ptr(py_other); >+ bool eq; >+ >+ if (other == NULL) { >+ Py_INCREF(Py_NotImplemented); >+ return Py_NotImplemented; >+ } >+ >+ eq = security_descriptor_equal(self, other); >+ >+ switch(op) { >+ case Py_EQ: >+ if (eq) { >+ Py_RETURN_TRUE; >+ } else { >+ Py_RETURN_FALSE; >+ } >+ break; >+ case Py_NE: >+ if (eq) { >+ Py_RETURN_FALSE; >+ } else { >+ Py_RETURN_TRUE; >+ } >+ break; >+ default: >+ break; >+ } >+ >+ return Py_NotImplemented; >+} >+ > static void py_descriptor_patch(PyTypeObject *type) > { > type->tp_new = py_descriptor_new; >+ type->tp_richcompare = py_descriptor_richcmp; > PyType_AddMethods(type, py_descriptor_extra_methods); > } > >-- >2.25.1 > > >From 1590663c4b1971ba1ae7d6636ada646dd6619345 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 17 Feb 2021 12:15:50 +1300 >Subject: [PATCH 062/380] tests python krb5: MS-KILE client principal look-up > >Tests of [MS-KILE]: Kerberos Protocol Extensions > section 3.3.5.6.1 Client Principal Lookup > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Isaac Boukris <iboukris@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184 > >(cherry picked from commit 768d48fca9f8c7527c0d12e7acc8942b5fd36ac2) >--- > python/samba/tests/krb5/kdc_base_test.py | 29 +- > .../ms_kile_client_principal_lookup_tests.py | 814 ++++++++++++++++++ > python/samba/tests/usage.py | 1 + > selftest/knownfail_heimdal_kdc | 12 + > selftest/knownfail_mit_kdc | 16 + > source4/selftest/tests.py | 3 + > 6 files changed, 874 insertions(+), 1 deletion(-) > create mode 100755 python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index bef5458c881..1c7f05dda6d 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -22,6 +22,7 @@ import os > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" > from collections import namedtuple >+import ldb > from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session >@@ -103,7 +104,7 @@ class KDCBaseTest(RawKerberosTest): > for dn in self.accounts: > delete_force(self.ldb, dn) > >- def create_account(self, name, machine_account=False, spn=None): >+ def create_account(self, name, machine_account=False, spn=None, upn=None): > '''Create an account for testing. > The dn of the created account is added to self.accounts, > which is used by tearDown to clean up the created accounts. >@@ -133,6 +134,8 @@ class KDCBaseTest(RawKerberosTest): > "unicodePwd": utf16pw} > if spn is not None: > details["servicePrincipalName"] = spn >+ if upn is not None: >+ details["userPrincipalName"] = upn > self.ldb.add(details) > > creds = Credentials() >@@ -418,3 +421,27 @@ class KDCBaseTest(RawKerberosTest): > self.assertTrue(len(res) == 1, "did not get objectSid for %s" % dn) > sid = self.ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) > return sid.decode('utf8') >+ >+ def add_attribute(self, dn_str, name, value): >+ if isinstance(value, list): >+ values = value >+ else: >+ values = [value] >+ flag = ldb.FLAG_MOD_ADD >+ >+ dn = ldb.Dn(self.ldb, dn_str) >+ msg = ldb.Message(dn) >+ msg[name] = ldb.MessageElement(values, flag, name) >+ self.ldb.modify(msg) >+ >+ def modify_attribute(self, dn_str, name, value): >+ if isinstance(value, list): >+ values = value >+ else: >+ values = [value] >+ flag = ldb.FLAG_MOD_REPLACE >+ >+ dn = ldb.Dn(self.ldb, dn_str) >+ msg = ldb.Message(dn) >+ msg[name] = ldb.MessageElement(values, flag, name) >+ self.ldb.modify(msg) >diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >new file mode 100755 >index 00000000000..356a25f8e18 >--- /dev/null >+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py >@@ -0,0 +1,814 @@ >+#!/usr/bin/env python3 >+# Unix SMB/CIFS implementation. >+# Copyright (C) Stefan Metzmacher 2020 >+# Copyright (C) 2020 Catalyst.Net Ltd >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import sys >+import os >+ >+sys.path.insert(0, "bin/python") >+os.environ["PYTHONUNBUFFERED"] = "1" >+ >+from samba.dsdb import UF_NORMAL_ACCOUNT, UF_DONT_REQUIRE_PREAUTH >+from samba.tests.krb5.kdc_base_test import KDCBaseTest >+from samba.tests.krb5.rfc4120_constants import ( >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, >+ NT_ENTERPRISE_PRINCIPAL, >+ NT_PRINCIPAL, >+ NT_SRV_INST, >+ KDC_ERR_C_PRINCIPAL_UNKNOWN, >+) >+ >+global_asn1_print = False >+global_hexdump = False >+ >+ >+class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest): >+ ''' Tests for MS-KILE client principal look-up >+ See [MS-KILE]: Kerberos Protocol Extensions >+ secion 3.3.5.6.1 Client Principal Lookup >+ ''' >+ >+ def setUp(self): >+ super().setUp() >+ self.do_asn1_print = global_asn1_print >+ self.do_hexdump = global_hexdump >+ >+ def check_pac(self, auth_data, dn, uc, name, upn=None): >+ >+ pac_data = self.get_pac_data(auth_data) >+ sid = self.get_objectSid(dn) >+ if upn is None: >+ upn = "%s@%s" % (name, uc.get_realm().lower()) >+ if name.endswith('$'): >+ name = name[:-1] >+ >+ self.assertEqual( >+ uc.get_username(), >+ str(pac_data.account_name), >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ name, >+ pac_data.logon_name, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ uc.get_realm(), >+ pac_data.domain_name, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ upn, >+ pac_data.upn, >+ "pac_data = {%s}" % str(pac_data)) >+ self.assertEqual( >+ sid, >+ pac_data.account_sid, >+ "pac_data = {%s}" % str(pac_data)) >+ >+ def test_nt_principal_step_1(self): >+ ''' Step 1 >+ For an NT_PRINCIPAL cname with no realm or the realm matches the >+ DC's domain >+ search for an account with the >+ sAMAccountName matching the cname. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_2(self): >+ ''' Step 2 >+ If not found >+ search for sAMAccountName equal to the cname + "$" >+ >+ ''' >+ >+ # Create a machine account for the test. >+ # >+ user_name = "mskilemac" >+ (mc, dn) = self.create_account(user_name, machine_account=True) >+ realm = mc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(mc, rep) >+ key = self.get_as_rep_key(mc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, mc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, mc, mach_name + '$') >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_3(self): >+ ''' Step 3 >+ >+ If not found >+ search for a matching UPN name where the UPN is set to >+ cname@realm or cname@DC's domain name >+ >+ ''' >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ upn_name = "mskileupn" >+ upn = upn_name + "@" + self.credentials.get_realm().lower() >+ (uc, dn) = self.create_account(user_name, upn=upn) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[upn_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[upn_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, upn_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(upn_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_a(self): >+ ''' Step 4, no pre-authentication >+ If not found and no pre-authentication >+ search for a matching altSecurityIdentity >+ ''' >+ # Create a user account for the test. >+ # with an altSecurityIdentity, and with UF_DONT_REQUIRE_PREAUTH >+ # set. >+ # >+ # note that in this case IDL_DRSCrackNames is called with >+ # pmsgIn.formatOffered set to >+ # DS_USER_PRINCIPAL_NAME_AND_ALTSECID >+ # >+ # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way >+ # to trigger the no pre-auth step >+ >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.modify_attribute( >+ dn, >+ "userAccountControl", >+ str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH >+ # we should get a valid AS-RESP >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_as_reply(rep) >+ salt = "%s%s" % (realm.upper(), user_name) >+ key = self.PasswordKey_create( >+ rep['enc-part']['etype'], >+ uc.get_password(), >+ salt.encode('UTF8'), >+ rep['enc-part']['kvno']) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ # >+ # We get an empty authorization-data element in the ticket. >+ # i.e. no PAC >+ self.assertEqual([], enc_part['authorization-data']) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(alt_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_b(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ # Note: although we used the alt security id for the pre-auth >+ # we need to use the username for the auth >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[user_name]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac(enc_part['authorization-data'], dn, uc, user_name) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_PRINCIPAL, cname['name-type']) >+ self.assertEqual(user_name.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_4_c(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ >+ This test uses the altsecid, so the AS-REQ should fail. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_name]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ # Use the alternate security identifier >+ # this should fail >+ cname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, names=[alt_sec]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) >+ >+ def test_enterprise_principal_step_1_3(self): >+ ''' Steps 1-3 >+ For an NT_ENTERPRISE_PRINCIPAL cname >+ search for a user principal name matching the cname >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ upn_name = "mskileupn" >+ upn = upn_name + "@" + self.credentials.get_realm().lower() >+ (uc, dn) = self.create_account(user_name, upn=upn) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[upn]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[upn]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, upn, upn=upn) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(upn.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_4(self): >+ ''' Step 4 >+ >+ If that fails >+ search for an account where the sAMAccountName matches >+ the name before the @ >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ ename = user_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, ename, upn=ename) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_5(self): >+ ''' Step 5 >+ >+ If that fails >+ search for an account where the sAMAccountName matches >+ the name before the @ with a $ appended. >+ >+ ''' >+ >+ # Create a user account for the test. >+ # >+ user_name = "mskileusr" >+ (uc, _) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ >+ mach_name = "mskilemac" >+ (mc, dn) = self.create_account(mach_name, machine_account=True) >+ ename = mach_name + "@" + realm >+ uname = mach_name + "$@" + realm >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(mc, rep) >+ key = self.get_as_rep_key(mc, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, mc, ename, upn=uname) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ crealm = enc_part['crealm'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), crealm) >+ >+ def test_enterprise_principal_step_6_a(self): >+ ''' Step 6, no pre-authentication >+ If not found and no pre-authentication >+ search for a matching altSecurityIdentity >+ ''' >+ # Create a user account for the test. >+ # with an altSecurityIdentity, and with UF_DONT_REQUIRE_PREAUTH >+ # set. >+ # >+ # note that in this case IDL_DRSCrackNames is called with >+ # pmsgIn.formatOffered set to >+ # DS_USER_PRINCIPAL_NAME_AND_ALTSECID >+ # >+ # setting UF_DONT_REQUIRE_PREAUTH seems to be the only way >+ # to trigger the no pre-auth step >+ >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ self.modify_attribute( >+ dn, >+ "userAccountControl", >+ str(UF_NORMAL_ACCOUNT | UF_DONT_REQUIRE_PREAUTH)) >+ ename = alt_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, as we've set UF_DONT_REQUIRE_PREAUTH >+ # we should get a valid AS-RESP >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_as_reply(rep) >+ salt = "%s%s" % (realm.upper(), user_name) >+ key = self.PasswordKey_create( >+ rep['enc-part']['etype'], >+ uc.get_password(), >+ salt.encode('UTF8'), >+ rep['enc-part']['kvno']) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the service ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ # >+ # We get an empty authorization-data element in the ticket. >+ # i.e. no PAC >+ self.assertEqual([], enc_part['authorization-data']) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(ename.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_enterprise_principal_step_6_b(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ ename = alt_name + "@" + realm >+ uname = user_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ key = self.get_as_rep_key(uc, rep) >+ # Note: although we used the alt security id for the pre-auth >+ # we need to use the username for the auth >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[uname]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part2 = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part2['key']) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, >+ names=[uname]) >+ sname = self.PrincipalName_create( >+ name_type=NT_PRINCIPAL, >+ names=[mc.get_username()]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, uc.get_realm(), ticket, key, etype) >+ self.check_tgs_reply(rep) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ enc_part = self.decode_service_ticket(mc, ticket) >+ self.check_pac( >+ enc_part['authorization-data'], dn, uc, uname, upn=uname) >+ # check the crealm and cname >+ cname = enc_part['cname'] >+ self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type']) >+ self.assertEqual(uname.encode('UTF8'), cname['name-string'][0]) >+ self.assertEqual(realm.upper().encode('UTF8'), enc_part['crealm']) >+ >+ def test_nt_principal_step_6_c(self): >+ ''' Step 4, pre-authentication >+ If not found and pre-authentication >+ search for a matching user principal name >+ >+ This test uses the altsecid, so the AS-REQ should fail. >+ ''' >+ >+ # Create user and machine accounts for the test. >+ # >+ user_name = "mskileusr" >+ alt_name = "mskilealtsec" >+ (uc, dn) = self.create_account(user_name) >+ realm = uc.get_realm().lower() >+ alt_sec = "Kerberos:%s@%s" % (alt_name, realm) >+ self.add_attribute(dn, "altSecurityIdentities", alt_sec) >+ ename = alt_name + "@" + realm >+ >+ mach_name = "mskilemac" >+ (mc, _) = self.create_account(mach_name, machine_account=True) >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ sname = self.PrincipalName_create( >+ name_type=NT_SRV_INST, names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(uc, rep) >+ # Use the alternate security identifier >+ # this should fail >+ cname = self.PrincipalName_create( >+ name_type=NT_ENTERPRISE_PRINCIPAL, names=[ename]) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_error_rep(rep, KDC_ERR_C_PRINCIPAL_UNKNOWN) >+ >+ >+if __name__ == "__main__": >+ global_asn1_print = False >+ global_hexdump = False >+ import unittest >+ unittest.main() >diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >index 222d1dbfa41..1b22461c735 100644 >--- a/python/samba/tests/usage.py >+++ b/python/samba/tests/usage.py >@@ -95,6 +95,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/kdc_tests.py', > 'python/samba/tests/krb5/kdc_base_test.py', > 'python/samba/tests/krb5/kdc_tgs_tests.py', >+ 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > } > > EXCLUDE_HELP = { >diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc >index 7ab56b6721b..4e6ee93ce96 100644 >--- a/selftest/knownfail_heimdal_kdc >+++ b/selftest/knownfail_heimdal_kdc >@@ -2,3 +2,15 @@ > # We expect all the MIT specific compatability tests to fail on heimdal > # kerberos > ^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ >+# >+# Heimdal currently fails the following MS-KILE client principal lookup >+# tests >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc >index e64303c6b0f..2c2a643944c 100644 >--- a/selftest/knownfail_mit_kdc >+++ b/selftest/knownfail_mit_kdc >@@ -275,3 +275,19 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_ > # following tests > ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\) > ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\) >+# >+# MIT currently fails the following MS-KILE tests. >+# >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_1 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_2 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_3 >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_b >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_c >+^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_6_c >+ >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index b2a09b3ecb2..9bb2ff2e1ed 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -1290,6 +1290,9 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.kdc_tests") > planpythontestsuite( > "ad_dc", > "samba.tests.krb5.kdc_tgs_tests") >+planpythontestsuite( >+ "ad_dc", >+ "samba.tests.krb5.ms_kile_client_principal_lookup_tests") > > for env in [ > 'vampire_dc', >-- >2.25.1 > > >From 7e880971d6fee4ab24b3b23419fa9576397eafbf Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:54:05 +1200 >Subject: [PATCH 063/380] auth:creds: Remove unused variable > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1ea2de561839ad948efab5112fbe4c1eae44d9ee) >--- > auth/credentials/pycredentials.c | 3 --- > 1 file changed, 3 deletions(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index 7427e286dca..1edb22bd867 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -603,8 +603,6 @@ static PyObject *py_creds_get_forced_sasl_mech(PyObject *self, PyObject *unused) > static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args) > { > char *newval; >- enum credentials_obtained obt = CRED_SPECIFIED; >- int _obt = obt; > struct cli_credentials *creds = PyCredentials_AsCliCredentials(self); > if (creds == NULL) { > PyErr_Format(PyExc_TypeError, "Credentials expected"); >@@ -614,7 +612,6 @@ static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args) > if (!PyArg_ParseTuple(args, "s", &newval)) { > return NULL; > } >- obt = _obt; > > cli_credentials_set_forced_sasl_mech(creds, newval); > Py_RETURN_NONE; >-- >2.25.1 > > >From f7227612a89022789ba48e7cb87ca5dd7629acde Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:55:13 +1200 >Subject: [PATCH 064/380] auth:creds: Fix parameter in creds.set_named_ccache() > >Use the passed-in value for 'obtained' rather than always using >CRED_SPECIFIED. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2d05268aa0904221c452fc650fcdfb680efc20bb) >--- > auth/credentials/pycredentials.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c >index 1edb22bd867..314f0eba894 100644 >--- a/auth/credentials/pycredentials.c >+++ b/auth/credentials/pycredentials.c >@@ -763,6 +763,7 @@ static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args) > > if (!PyArg_ParseTuple(args, "s|iO", &newval, &_obt, &py_lp_ctx)) > return NULL; >+ obt = _obt; > > mem_ctx = talloc_new(NULL); > if (mem_ctx == NULL) { >@@ -778,7 +779,7 @@ static PyObject *py_creds_set_named_ccache(PyObject *self, PyObject *args) > > ret = cli_credentials_set_ccache(creds, > lp_ctx, >- newval, CRED_SPECIFIED, >+ newval, obt, > &error_string); > > if (ret != 0) { >-- >2.25.1 > > >From bbe01ec142411b2b970fb5fe0fa4ffb2d2491773 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:07:22 +1200 >Subject: [PATCH 065/380] pygensec: Fix method documentation > >This changes the docstrings to use the correct method names. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 50ade4cadc766a196316fd5c5a57f8c502f0ea22) >--- > source4/auth/gensec/pygensec.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c >index 986f32904e7..35b3307ab8f 100644 >--- a/source4/auth/gensec/pygensec.c >+++ b/source4/auth/gensec/pygensec.c >@@ -654,13 +654,13 @@ static PyMethodDef py_gensec_security_methods[] = { > METH_VARARGS|METH_KEYWORDS|METH_CLASS, > "S.start_server(auth_ctx, settings) -> gensec" }, > { "set_credentials", (PyCFunction)py_gensec_set_credentials, METH_VARARGS, >- "S.start_client(credentials)" }, >+ "S.set_credentials(credentials)" }, > { "set_target_hostname", (PyCFunction)py_gensec_set_target_hostname, METH_VARARGS, >- "S.start_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, >+ "S.set_target_hostname(target_hostname) \n This sets the Kerberos target hostname to obtain a ticket for." }, > { "set_target_service", (PyCFunction)py_gensec_set_target_service, METH_VARARGS, >- "S.start_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, >+ "S.set_target_service(target_service) \n This sets the Kerberos target service to obtain a ticket for. The default value is 'host'" }, > { "set_target_service_description", (PyCFunction)py_gensec_set_target_service_description, METH_VARARGS, >- "S.start_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, >+ "S.set_target_service_description(target_service_description) \n This description is set server-side and used in authentication and authorization logs. The default value is that provided to set_target_service() or None."}, > { "session_info", (PyCFunction)py_gensec_session_info, METH_NOARGS, > "S.session_info() -> info" }, > { "session_key", (PyCFunction)py_gensec_session_key, METH_NOARGS, >-- >2.25.1 > > >From 19b36346d7498f512295df0e45974ffaec637c40 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Thu, 15 Apr 2021 10:32:41 +1200 >Subject: [PATCH 066/380] Revert "s4-test: fixed ndrdump test for top level > build" > >This essentially reverts commit >b84c0a9ed6d556eb2d3797d606edcd03f9766606, but the datapath is now in the >source4 directory. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 6f144d49b5281a08bf7be550b949f4d91e8fe19b) >--- > python/samba/tests/blackbox/ndrdump.py | 8 +------- > 1 file changed, 1 insertion(+), 7 deletions(-) > >diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py >index 6795aed41b7..f9a3bd98862 100644 >--- a/python/samba/tests/blackbox/ndrdump.py >+++ b/python/samba/tests/blackbox/ndrdump.py >@@ -24,13 +24,7 @@ from __future__ import print_function > import os > from samba.tests import BlackboxTestCase, BlackboxProcessError > >-for p in ["../../../../../source4/librpc/tests", >- "../../../../../librpc/tests"]: >- data_path_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), p)) >- print(data_path_dir) >- if os.path.exists(data_path_dir): >- break >- >+data_path_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../../../source4/librpc/tests")) > > class NdrDumpTests(BlackboxTestCase): > """Blackbox tests for ndrdump.""" >-- >2.25.1 > > >From 4bc1f4d789dae7f6bdb7b50c01ec950ffa2e7c3c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:57:00 +1200 >Subject: [PATCH 067/380] krb5ccache.idl: Add definition for a Kerberos > credentials cache > >Based on specifications found at >https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html > >This is primarily designed for parsing and storing a single Kerberos >ticket, due to the limitations of PIDL. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 74fb2cc473cea0eebf641fc4d32d706bac8aa6f2) >--- > librpc/idl/krb5ccache.idl | 115 +++++++++++++++++++++++++++++++++++ > librpc/idl/wscript_build | 1 + > librpc/wscript_build | 8 ++- > source4/librpc/wscript_build | 7 +++ > 4 files changed, 130 insertions(+), 1 deletion(-) > create mode 100644 librpc/idl/krb5ccache.idl > >diff --git a/librpc/idl/krb5ccache.idl b/librpc/idl/krb5ccache.idl >new file mode 100644 >index 00000000000..1f0cfa752a9 >--- /dev/null >+++ b/librpc/idl/krb5ccache.idl >@@ -0,0 +1,115 @@ >+/* >+ krb5 credentials cache (version 3 or 4) >+ specification: https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html >+*/ >+ >+#include "idl_types.h" >+ >+[ >+ uuid("1702b695-99ca-4f32-93e4-1e1c4d5ddb53"), >+ version(0.0), >+ pointer_default(unique), >+ helpstring("KRB5 credentials cache") >+] >+interface krb5ccache >+{ >+ typedef struct { >+ uint32 name_type; >+ uint32 component_count; >+ [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string realm; >+ [flag(STR_SIZE4|STR_NOTERM|STR_UTF8)] string components[component_count]; >+ } PRINCIPAL; >+ >+ typedef struct { >+ uint16 enctype; >+ DATA_BLOB data; >+ } KEYBLOCK; >+ >+ typedef struct { >+ uint16 addrtype; >+ DATA_BLOB data; >+ } ADDRESS; >+ >+ typedef struct { >+ uint32 count; >+ ADDRESS data[count]; >+ } ADDRESSES; >+ >+ typedef struct { >+ uint16 ad_type; >+ DATA_BLOB data; >+ } AUTHDATUM; >+ >+ typedef struct { >+ uint32 count; >+ AUTHDATUM data[count]; >+ } AUTHDATA; >+ >+ typedef struct { >+ PRINCIPAL client; >+ PRINCIPAL server; >+ KEYBLOCK keyblock; >+ uint32 authtime; >+ uint32 starttime; >+ uint32 endtime; >+ uint32 renew_till; >+ uint8 is_skey; >+ uint32 ticket_flags; >+ ADDRESSES addresses; >+ AUTHDATA authdata; >+ DATA_BLOB ticket; >+ DATA_BLOB second_ticket; >+ } CREDENTIAL; >+ >+ typedef struct { >+ [value(0)] int32 kdc_sec_offset; >+ [value(0)] int32 kdc_usec_offset; >+ } DELTATIME_TAG; >+ >+ typedef [nodiscriminant] union { >+ [case(1)] DELTATIME_TAG deltatime_tag; >+ } FIELD; >+ >+ typedef struct { >+ [value(1)] uint16 tag; >+ [subcontext(2),switch_is(tag)] FIELD field; >+ } V4TAG; >+ >+ typedef struct { >+ V4TAG tag; >+ /* >+ * We should allow for more than one tag to be properly parsed, but that >+ * would require manual parsing. >+ */ >+ [flag(NDR_REMAINING)] DATA_BLOB further_tags; >+ } V4TAGS; >+ >+ typedef struct { >+ [subcontext(2)] V4TAGS v4tags; >+ } V4HEADER; >+ >+ typedef [nodiscriminant] union { >+ /* >+ * We don't attempt to support file format versions 1 and 2 as they >+ * assume native CPU byte order, which makes no sense in PIDL. >+ */ >+ [case(3)] ; >+ [case(4)] V4HEADER v4header; >+ } OPTIONAL_HEADER; >+ >+ /* Public structures. */ >+ >+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { >+ [value(5)] uint8 pvno; >+ [value(4)] uint8 version; >+ [switch_is(version)] OPTIONAL_HEADER optional_header; >+ PRINCIPAL principal; >+ CREDENTIAL cred; >+ [flag(NDR_REMAINING)] DATA_BLOB further_creds; >+ } CCACHE; >+ >+ typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { >+ CREDENTIAL cred; >+ [flag(NDR_REMAINING)] DATA_BLOB further_creds; >+ } MULTIPLE_CREDENTIALS; >+} >diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build >index b66f27be901..2eb575e6a4c 100644 >--- a/librpc/idl/wscript_build >+++ b/librpc/idl/wscript_build >@@ -147,6 +147,7 @@ bld.SAMBA_PIDL_LIST('PIDL', > drsblobs.idl > idmap.idl > krb5pac.idl >+ krb5ccache.idl > messaging.idl > misc.idl > nbt.idl >diff --git a/librpc/wscript_build b/librpc/wscript_build >index 30763907aaa..08cfc439282 100644 >--- a/librpc/wscript_build >+++ b/librpc/wscript_build >@@ -374,6 +374,11 @@ bld.SAMBA_LIBRARY('ndr-krb5pac', > vnum='0.0.1' > ) > >+bld.SAMBA_SUBSYSTEM('NDR_KRB5CCACHE', >+ source='gen_ndr/ndr_krb5ccache.c', >+ deps='ndr NDR_COMPRESSION NDR_SECURITY ndr-standard asn1util' >+ ) >+ > bld.SAMBA_LIBRARY('ndr-standard', > source='', > vnum='0.0.1', >@@ -616,7 +621,8 @@ bld.SAMBA_LIBRARY('ndr-samba', > source=[], > deps='''NDR_DRSBLOBS NDR_DRSUAPI NDR_IDMAP NDR_NTLMSSP NDR_NEGOEX NDR_SCHANNEL NDR_MGMT > NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM >- NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV''', >+ NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV >+ NDR_KRB5CCACHE''', > private_library=True, > grouping_library=True > ) >diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build >index 009b2e13d2e..ea9c4853d7a 100644 >--- a/source4/librpc/wscript_build >+++ b/source4/librpc/wscript_build >@@ -229,6 +229,13 @@ bld.SAMBA_PYTHON('python_krb5pac', > cflags_end=gen_cflags > ) > >+bld.SAMBA_PYTHON('python_krb5ccache', >+ source='../../librpc/gen_ndr/py_krb5ccache.c', >+ deps='NDR_KRB5CCACHE %s %s' % (pytalloc_util, pyrpc_util), >+ realname='samba/dcerpc/krb5ccache.so', >+ cflags_end=gen_cflags >+ ) >+ > bld.SAMBA_PYTHON('python_netlogon', > source='../../librpc/gen_ndr/py_netlogon.c', > deps='RPC_NDR_NETLOGON %s %s' % (pytalloc_util, pyrpc_util), >-- >2.25.1 > > >From ec6c8920a0882711d5debe1313dce2a505a8c011 Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 10:58:48 +1200 >Subject: [PATCH 068/380] librpc: Test parsing a Kerberos 5 credentials cache > with ndrdump > >This is the format used by the FILE: credentials cache type. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 1f17b1edca9c1638ef404fadce3ca7a4d176de12) >--- > python/samba/tests/blackbox/ndrdump.py | 37 + > source3/selftest/ktest-krb5_ccache-2.txt | 1574 ++++++++++++++++++++++ > source3/selftest/ktest-krb5_ccache-3.txt | 832 ++++++++++++ > 3 files changed, 2443 insertions(+) > create mode 100644 source3/selftest/ktest-krb5_ccache-2.txt > create mode 100644 source3/selftest/ktest-krb5_ccache-3.txt > >diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py >index f9a3bd98862..b8a025b8dce 100644 >--- a/python/samba/tests/blackbox/ndrdump.py >+++ b/python/samba/tests/blackbox/ndrdump.py >@@ -307,6 +307,43 @@ dump OK > # convert expected to bytes for python 3 > self.assertEqual(actual, expected.encode('utf-8')) > >+ def test_ndrdump_Krb5ccache(self): >+ expected = open(self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-2.txt")).read() >+ try: >+ # Specify -d1 to match the generated output file, because ndrdump >+ # only outputs some additional info if this parameter is specified, >+ # and the --configfile parameter gives us an empty smb.conf to avoid >+ # extraneous output. >+ actual = self.check_output( >+ "ndrdump krb5ccache CCACHE struct " >+ "--configfile /dev/null -d1 --validate " + >+ self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-2")) >+ except BlackboxProcessError as e: >+ self.fail(e) >+ # check_output will return bytes >+ # convert expected to bytes for python 3 >+ self.assertEqual(actual, expected.encode('utf-8')) >+ >+ expected = open(self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-3.txt")).read() >+ try: >+ # Specify -d1 to match the generated output file, because ndrdump >+ # only outputs some additional info if this parameter is specified, >+ # and the --configfile parameter gives us an empty smb.conf to avoid >+ # extraneous output. >+ actual = self.check_output( >+ "ndrdump krb5ccache CCACHE struct " >+ "--configfile /dev/null -d1 --validate " + >+ self.data_path("../../../source3/selftest/" >+ "ktest-krb5_ccache-3")) >+ except BlackboxProcessError as e: >+ self.fail(e) >+ # check_output will return bytes >+ # convert expected to bytes for python 3 >+ self.assertEqual(actual, expected.encode('utf-8')) >+ > # This is a good example of a union with an empty default > # and no buffers to parse. > def test_ndrdump_fuzzed_spoolss_EnumForms(self): >diff --git a/source3/selftest/ktest-krb5_ccache-2.txt b/source3/selftest/ktest-krb5_ccache-2.txt >new file mode 100644 >index 00000000000..c86750ae585 >--- /dev/null >+++ b/source3/selftest/ktest-krb5_ccache-2.txt >@@ -0,0 +1,1574 @@ >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] 8B 94 0B 31 51 5B F7 A7 15 E9 EE D7 D7 0C 8C 90 ...1Q[.. ........ >+ authtime : 0x4d994f6a (1301892970) >+ starttime : 0x4d994f6a (1301892970) >+ endtime : 0x7d440b68 (2101611368) >+ renew_till : 0x7d440b68 (2101611368) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 80 66 8F CF AB 24 9D C8 76 E4 28 F5 25 6B 73 B2 .f...$.. v.(.%ks. >+[0080] 4B 94 ED 09 10 29 05 C4 C0 B8 B9 33 FA C4 46 AB K....).. ...3..F. >+[0090] F4 B5 9E 5B 07 54 D6 58 1D B8 CA 04 41 A6 33 A6 ...[.T.X ....A.3. >+[00A0] 67 9D EB 83 70 65 A9 2D 65 A5 19 8C 55 2A 0F FC g...pe.- e...U*.. >+[00B0] 1B BB 7A BD 86 C0 32 06 F2 2F 0A A5 93 E7 D1 1E ..z...2. ./...... >+[00C0] 16 C4 27 DD 1F A7 61 03 FF 05 81 EF 49 B7 25 A3 ..'...a. ....I.%. >+[00D0] 6E EA E6 E8 15 E3 10 AF A3 F1 21 B3 D9 C0 67 2F n....... ..!...g/ >+[00E0] 0C 0C B7 42 D6 9A 34 8E D4 5E 55 C2 FE 62 03 37 ...B..4. .^U..b.7 >+[00F0] A5 58 9B 43 E7 26 E3 71 B2 E5 F1 91 B4 23 8F AC .X.C.&.q .....#.. >+[0100] 7A 31 3C 4E B4 94 E4 81 36 98 71 3B 98 7B B7 AB z1<N.... 6.q;.{.. >+[0110] D5 AA D3 34 2A 3B C8 D7 61 EE 60 F9 68 9C A0 56 ...4*;.. a.`.h..V >+[0120] 51 E7 85 81 DE EF B9 9F 8B 4A 07 E1 05 93 08 5A Q....... .J.....Z >+[0130] AE B3 92 A5 17 40 B1 1C 42 A9 E4 AD 3C B4 4E D3 .....@.. B...<.N. >+[0140] BE 68 C4 0C 81 C0 AB 2D 3E 81 09 BD 16 82 EB C5 .h.....- >....... >+[0150] 1A 69 EE 8C 4E A4 D8 55 A5 0B 23 0F D0 89 48 C4 .i..N..U ..#...H. >+[0160] 51 FE 32 FD CC F6 71 E1 95 2D CC 1D 0A 0C 8A A2 Q.2...q. .-...... >+[0170] 69 58 3B 65 88 53 EC D0 2E E1 C6 CC 6B BC 09 E5 iX;e.S.. ....k... >+[0180] B9 15 27 8B E4 B2 24 18 61 42 BB 8B 09 1B 8A 7B ..'...$. aB.....{ >+[0190] 13 D8 51 E1 0B 79 12 48 DE A9 54 04 00 6D DD E6 ..Q..y.H ..T..m.. >+[01A0] 5E 03 91 FF C7 6D 0B 7C 91 44 E1 0F C0 7E 32 34 ^....m.| .D...~24 >+[01B0] 82 86 94 F7 CD 53 EC 52 38 18 AA ED FF FC 5C 01 .....S.R 8.....\. >+[01C0] D2 EE 99 45 8E 5B E6 B3 46 B0 F6 3B 22 29 EC 11 ...E.[.. F..;").. >+[01D0] 30 6A F6 A1 1F 9E AE 71 E3 A6 E7 3F F3 7D 2B 75 0j.....q ...?.}+u >+[01E0] 70 4D 63 47 5C 18 2C 8B B1 1A 69 B6 C5 46 01 17 pMcG\.,. ..i..F.. >+[01F0] 8E 64 3D 47 88 20 1C AA D7 60 32 28 11 60 EA 28 .d=G. .. .`2(.`.( >+[0200] 66 99 4C B1 2A 28 96 BF 18 2A 3E F4 D6 84 E5 A0 f.L.*(.. .*>..... >+[0210] F4 4E E7 F9 54 95 22 96 2A 87 01 CC 3E A7 FF 42 .N..T.". *...>..B >+[0220] 6A A4 4A 3A B9 24 10 65 99 53 58 2A 4E 72 E7 1F j.J:.$.e .SX*Nr.. >+[0230] 82 BC BD 3C 6C 9D 33 3A CE C6 6E 72 A2 81 B3 84 ...<l.3: ..nr.... >+[0240] 82 DF 3C 1F 76 E5 B8 08 AD 0A 6C 7D 7B D5 0C 46 ..<.v... ..l}{..F >+[0250] 69 A4 F4 E9 9E 3D D7 2D E1 43 D1 7A 52 16 75 56 i....=.- .C.zR.uV >+[0260] 54 83 D5 2A 2F A7 D2 CB 48 FE FF DB AE 46 F2 5B T..*/... H....F.[ >+[0270] F4 52 BE C8 5E B1 04 95 52 35 3E 92 E0 02 F7 85 .R..^... R5>..... >+[0280] AB F0 D0 93 08 42 E5 37 19 24 4E C1 AF FC 92 A9 .....B.7 .$N..... >+[0290] B1 27 B1 9A 2A 62 34 F1 DC C0 6B 83 AE C3 74 E8 .'..*b4. ..k...t. >+[02A0] A3 05 DD 82 DD A3 D7 90 A8 E3 9C EB 64 16 23 06 ........ ....d.#. >+[02B0] 5D FB E4 35 7C 22 29 78 E3 3B 75 92 91 0C 9D A1 ]..5|")x .;u..... >+[02C0] 87 7C 2E 82 AE 49 9D 4A 50 A9 C2 D5 85 B0 16 5D .|...I.J P......] >+[02D0] A2 CD B0 DD 29 3F 6F 66 C9 C1 9F 5C F0 B6 FC D2 ....)?of ...\.... >+[02E0] 52 BE 7B F0 1F 26 AF 8A FC C3 A6 24 8C C0 10 06 R.{..&.. ...$.... >+[02F0] 73 1E 17 9E 6E 6F 32 44 6A DF 82 5D D0 6B 74 CE s...no2D j..].kt. >+[0300] 58 0B 4C 7B EB A1 13 44 B1 3E D8 F8 BA F4 4E 55 X.L{...D .>....NU >+[0310] 71 3D C1 09 D9 E7 97 9A 14 5C 54 7E 57 81 5F 6B q=...... .\T~W._k >+[0320] 30 BE 9A E1 98 29 47 D4 C0 8F 63 0A F8 27 1F CE 0....)G. ..c..'.. >+[0330] ED D9 BB 7B 12 24 D0 34 2A 7C F0 F7 77 F4 F1 1D ...{.$.4 *|..w... >+[0340] 4C 5D 75 2D 6B 0D 80 35 82 CC D8 7A 6B FA A0 55 L]u-k..5 ...zk..U >+[0350] 34 CD 87 15 61 38 78 D4 69 0F AA 72 D6 AC FA 99 4...a8x. i..r.... >+[0360] BC 70 39 27 A7 25 2E 1B 6F 36 01 FD E9 B4 9A 79 .p9'.%.. o6.....y >+[0370] 6C 19 DD A6 8C 78 B0 40 92 60 58 F0 28 AD 08 78 l....x.@ .`X.(..x >+[0380] 4A 29 06 2C 82 2B 1A E3 91 0B 5F EE D6 B8 66 47 J).,.+.. .._...fG >+[0390] 31 9B A3 DF 9F 79 D7 BB 0E 2C FA 0E C9 66 84 8D 1....y.. .,...f.. >+[03A0] FF BA BB 21 27 9E AD 86 84 55 8D 4C 4C 47 D9 5F ...!'... .U.LLG._ >+[03B0] B2 7D 26 CA B7 49 3C 9D 1B 67 71 11 3A 8A EB EA .}&..I<. .gq.:... >+[03C0] 0F 15 EB F0 1E 46 F7 A4 34 04 D7 E3 50 67 47 D3 .....F.. 4...PgG. >+[03D0] 66 21 17 77 51 A7 1F 1D 84 3B 7C B1 5D 4E B8 D4 f!.wQ... .;|.]N.. >+[03E0] F9 C5 75 06 AA 19 45 1C E9 06 9E AD 23 26 6B 10 ..u...E. ....#&k. >+[03F0] 53 A0 36 D3 58 9F 5E 8C CB A5 F6 BC C9 30 3C BC S.6.X.^. .....0<. >+[0400] AD FF 7C 92 F0 C6 9A 02 ..|..... >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=10683 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 PLE.COM. ...cifs. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 72 3A 0C .....n.. 1mH..r:. >+[0080] 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D 44 0B 68 K...M.Oj M.P.}D.h >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 ........ 0...cifs >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 FC 5E 51 ........ .d.1..^Q >+[0110] 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 12 74 2D <..4G;.o o.....t- >+[0120] 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB F1 15 FD D....-F> ........ >+[0130] BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 A2 9D 2D ..... j8 .F.'...- >+[0140] 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B 70 E4 51 ...}...| .G..{p.Q >+[0150] 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 55 75 44 j.Qhb(J. Q....UuD >+[0160] 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 C1 0C 3A ......4. .1..C..: >+[0170] B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 AF E1 61 .i. ...e O. ....a >+[0180] 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B 74 D5 8F ...c&.]. <.).{t.. >+[0190] 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD 22 9A A5 ,.K..$W7 .....".. >+[01A0] 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 28 4B 7B ..Jx.6.. ..'..(K{ >+[01B0] DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 26 91 78 ..B..... ....H&.x >+[01C0] A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 4D 38 C7 ...l$... .....M8. >+[01D0] 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 53 C5 16 }IU..F.. {..bcS.. >+[01E0] 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 7E 40 65 J...|..E ...Xg~@e >+[01F0] 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 56 E8 A1 KH...... 9....V.. >+[0200] 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F 18 CE 2F .zz.`..) ...L.../ >+[0210] 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 08 FC BF ...[l..E .s..U... >+[0220] C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 2D F1 3B ..Q..,.. <....-.; >+[0230] A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB 8A 18 BD ....*g.. ..|l.... >+[0240] D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 7E 7D C4 .].^h0.X ....&~}. >+[0250] E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED 42 79 31 ........ .^^j.By1 >+[0260] BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 36 C9 1E .._:?..c .....6.. >+[0270] 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 DE 26 85 .}A....& ..P^..&. >+[0280] 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 79 8F 77 0q.E;... ..*<.y.w >+[0290] 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB 25 7B B1 L.iz.... ...x.%{. >+[02A0] 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D C8 AB 04 <."'..u. ..@.m... >+[02B0] 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D E6 15 2C .A..%q.S :...M.., >+[02C0] B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 F5 E9 B2 .Gl..}.. ....!... >+[02D0] 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA 08 0D CE B.h(..7" .0.S.... >+[02E0] CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 56 72 C6 ..a...-u .A.L.Vr. >+[02F0] B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 A0 BD 68 ...4...\ .......h >+[0300] EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 83 84 D4 ..2..Q.? g.{.p... >+[0310] CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 05 CF 26 .RU6a.`. [o..b..& >+[0320] 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F B0 B8 07 .e.`K.c. ..D./... >+[0330] FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F 44 09 20 ...P.V.. .%v..D. >+[0340] 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 93 B1 30 ....c.TF ..^....0 >+[0350] 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A 1F C1 08 1{..#C;. }9g..... >+[0360] AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A 7F 1D 4A .4$.t... 4.aWj..J >+[0370] 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 0F DF 44 ...x...T ."..i..D >+[0380] 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C 53 E3 85 |.k.AcP. :..{LS.. >+[0390] 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC 84 84 D9 s....u.P ........ >+[03A0] BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 9B EC 5C ...y.j.. ..~."..\ >+[03B0] C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B 80 E6 67 .k...U2^ #......g >+[03C0] B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 24 8A B1 .Y..]... .}...$.. >+[03D0] 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 21 7C 3D 7.`..5H2 .....!|= >+[03E0] 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC 34 C1 2D !.k.1... L+.^.4.- >+[03F0] DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 07 06 72 ..l.m.`. U......r >+[0400] C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 CB 53 6B ..N..k>. ..uM..Sk >+[0410] 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 B7 D8 F5 4./..9.. n'.mA... >+[0420] 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 84 5E 82 .......V ......^. >+[0430] C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 FA 66 A0 ........ ;.....f. >+[0440] DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B 4D 72 9F .2`..F.< ..o..Mr. >+[0450] 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 B6 1B 9F ...qn|.. ..M..... >+[0460] 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 C2 69 E5 bq.,.... ..y...i. >+[0470] 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C 52 17 03 ~.W...N. ...OLR.. >+[0480] AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 95 61 2E ...4`.|. .607..a. >+[0490] CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D 84 D5 00 .p."p... n=0.M... >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 6....... n..1mH.. >+[0520] 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D r:.K...M .OjM.P.} >+[0530] 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 D.h..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 ........ ....d.1. >+[05B0] FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 .^Q<..4G ;.oo.... >+[05C0] 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB .t-D.... -F>..... >+[05D0] F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 ........ j8.F.'. >+[05E0] A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B ..-...}. ..|.G..{ >+[05F0] 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 p.Qj.Qhb (J.Q.... >+[0600] 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 UuD..... .4..1..C >+[0610] C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 ..:.i. . ..eO. .. >+[0620] AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B ..a...c& .].<.).{ >+[0630] 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD t..,.K.. $W7..... >+[0640] 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 "....Jx. 6....'.. >+[0650] 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 (K{..B.. .......H >+[0660] 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 &.x...l$ ........ >+[0670] 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 M8.}IU.. F..{..bc >+[0680] 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 S..J...| ..E...Xg >+[0690] 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 ~@eKH... ...9.... >+[06A0] 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F V...zz.` ..)...L. >+[06B0] 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 ../...[l ..E.s..U >+[06C0] 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 .....Q.. ,..<.... >+[06D0] 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB -.;....* g....|l. >+[06E0] 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 ....].^h 0.X....& >+[06F0] 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED ~}...... ....^^j. >+[0700] 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 By1.._:? ..c..... >+[0710] 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 6...}A.. ..&..P^. >+[0720] DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 .&.0q.E; .....*<. >+[0730] 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB y.wL.iz. ......x. >+[0740] 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D %{.<."'. .u...@.m >+[0750] C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D ....A..% q.S:...M >+[0760] E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 ..,.Gl.. }......! >+[0770] F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA ...B.h(. .7".0.S. >+[0780] 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 .....a.. .-u.A.L. >+[0790] 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 Vr....4. ..\..... >+[07A0] A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 ..h..2.. Q.?g.{.p >+[07B0] 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 ....RU6a .`.[o..b >+[07C0] 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F ..&.e.`K .c...D./ >+[07D0] B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F ......P. V...%v.. >+[07E0] 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 D. ....c .TF..^.. >+[07F0] 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A ..01{..# C;.}9g.. >+[0800] 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A ....4$.t ...4.aWj >+[0810] 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 ..J...x. ..T."..i >+[0820] 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C ..D|.k.A cP.:..{L >+[0830] 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC S..s.... u.P..... >+[0840] 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 ......y. j....~." >+[0850] 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B ..\.k... U2^#.... >+[0860] 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 ..g.Y..] ....}... >+[0870] 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 $..7.`.. 5H2..... >+[0880] 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC !|=!.k.1 ...L+.^. >+[0890] 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 4.-..l.m .`.U.... >+[08A0] 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 ..r..N.. k>...uM. >+[08B0] CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 .Sk4./.. 9..n'.mA >+[08C0] B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 ........ ..V..... >+[08D0] 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 .^...... ...;.... >+[08E0] FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B .f..2`.. F.<..o.. >+[08F0] 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 Mr....qn |....M.. >+[0900] B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 ...bq.,. .....y.. >+[0910] C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C .i.~.W.. .N....OL >+[0920] 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 R.....4` .|..607. >+[0930] 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D .a..p."p ...n=0.M >+[0940] 84 D5 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 63 69 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 .cifs... .localkt >+[09B0] 65 73 74 36 00 17 00 00 00 10 00 6E A1 B2 31 6D est6.... ...n..1m >+[09C0] 48 C7 90 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 H..r:.K. ..M.OjM. >+[09D0] 50 85 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 P.}D.h.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 63 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 ..cifs.. localkte >+[0A30] 73 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 st6....0 ........ >+[0A40] A1 03 02 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 ........ .......d >+[0A50] A8 31 00 FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD .1..^Q<. .4G;.oo. >+[0A60] 9E A6 91 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB ....t-D. ...-F>.. >+[0A70] FB C4 FB F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 ........ ... j8.F >+[0A80] 06 27 D9 A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 .'...-.. .}...|.G >+[0A90] 17 BC 7B 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 ..{p.Qj. Qhb(J.Q. >+[0AA0] 0D CD 02 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 ...UuD.. ....4..1 >+[0AB0] 85 9E 43 C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 ..C..:.i . ...eO. >+[0AC0] 20 C9 B5 AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD ....a.. .c&.].<. >+[0AD0] 29 BB 7B 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 ).{t..,. K..$W7.. >+[0AE0] F7 91 FD 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A ...".... Jx.6.... >+[0AF0] 27 8A C6 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F '..(K{.. B....... >+[0B00] 9C B8 48 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 ..H&.x.. .l$..... >+[0B10] B3 D3 85 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA ...M8.}I U..F..{. >+[0B20] 11 62 63 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 .bcS..J. ..|..E.. >+[0B30] 98 58 67 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 .Xg~@eKH ......9. >+[0B40] 04 C0 A8 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC ...V...z z.`..).. >+[0B50] 82 4C 8F 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 .L.../.. .[l..E.s >+[0B60] CB A4 55 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD ..U..... Q..,..<. >+[0B70] F6 F0 A3 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 ...-.;.. ..*g.... >+[0B80] 7C 6C FB 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 |l.....] .^h0.X.. >+[0B90] 13 E0 26 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E ..&~}... .......^ >+[0BA0] 5E 6A ED 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB ^j.By1.. _:?..c.. >+[0BB0] 06 AE 12 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 ...6...} A....&.. >+[0BC0] 50 5E D0 DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 P^..&.0q .E;..... >+[0BD0] 2A 3C E0 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC *<.y.wL. iz...... >+[0BE0] FF 78 DB 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 .x.%{.<. "'..u... >+[0BF0] 40 95 6D C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 @.m....A ..%q.S:. >+[0C00] 9C B2 4D E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B ..M..,.G l..}.... >+[0C10] C9 1E 21 F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 ..!...B. h(..7".0 >+[0C20] 8D 53 FA 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 .S...... a...-u.A >+[0C30] 85 4C 88 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA .L.Vr... .4...\.. >+[0C40] 80 90 82 A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB .....h.. 2..Q.?g. >+[0C50] 7B EB 70 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F {.p....R U6a.`.[o >+[0C60] FE 9A 62 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 ..b..&.e .`K.c... >+[0C70] 44 B4 2F B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 D./..... .P.V...% >+[0C80] 76 0B 0F 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB v..D. .. ..c.TF.. >+[0C90] 5E 0B 09 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 ^....01{ ..#C;.}9 >+[0CA0] 67 FE 9A 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F g......4 $.t...4. >+[0CB0] 61 57 6A 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 aWj..J.. .x...T." >+[0CC0] 86 D6 69 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 ..i..D|. k.AcP.:. >+[0CD0] B9 7B 4C 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 .{LS..s. ...u.P.. >+[0CE0] B0 CF CC 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 ........ .y.j.... >+[0CF0] 7E E9 22 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 ~."..\.k ...U2^#. >+[0D00] C0 D4 8B 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D .....g.Y ..]....} >+[0D10] E2 FE B1 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 ...$..7. `..5H2.. >+[0D20] E8 12 E6 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B ...!|=!. k.1...L+ >+[0D30] 1C 5E EC 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E .^.4.-.. l.m.`.U. >+[0D40] E6 D0 B5 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A .....r.. N..k>... >+[0D50] 75 4D E8 CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 uM..Sk4. /..9..n' >+[0D60] 00 6D 41 B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 .mA..... .....V.. >+[0D70] 04 1D 98 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 ....^... ......;. >+[0D80] 98 1C D8 FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 ....f..2 `..F.<.. >+[0D90] 6F F2 8B 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 o..Mr... .qn|.... >+[0DA0] 4D F1 A1 B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B M.....bq .,...... >+[0DB0] 79 90 F1 C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 y...i.~. W...N... >+[0DC0] EA 4F 4C 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 .OLR.... .4`.|..6 >+[0DD0] 30 37 88 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 07..a..p ."p...n= >+[0DE0] 30 F7 4D 84 D5 00 00 00 00 00 00 00 01 00 00 00 0.M..... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 1D C8 5E LKTEST6. .......^ >+[0E60] 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 4D 99 4F FH..)... .rm..M.O >+[0E70] 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 00 40 28 jM...}D. h.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE 07 48 DA f..F..s- ...J..H. >+[0F00] 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 2D F5 9C ..X0C@.. ..;..-.. >+[0F10] 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED 8B 8B 1B >./..... ...p.... >+[0F20] 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 00 32 B1 ^.N..... a...V.2. >+[0F30] DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 D4 19 74 ..7)./.. .C.....t >+[0F40] 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 63 9B D4 3.iR.X.. ...D.c.. >+[0F50] 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D 29 B6 ED Nn.>...M ....m).. >+[0F60] 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A E2 29 AF *b=S"3.. ..tL*.). >+[0F70] 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 5E C1 68 [i.H-... ..T..^.h >+[0F80] 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 3B 10 17 o...y... .vfE.;.. >+[0F90] 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A C0 EA 38 .@F..... ....:..8 >+[0FA0] 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D 65 F0 D2 ;..K...' .b...e.. >+[0FB0] C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 4F A2 4A .^.e.... .1..IO.J >+[0FC0] 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 31 C8 40 pw...[7\ .....1.@ >+[0FD0] 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1C 53 52 ..h..}.T ORa1,.SR >+[0FE0] DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 97 97 3D ....9.}. .."....= >+[0FF0] 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 DF B7 C1 ^f....N. +.c 0... >+[1000] D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B 09 04 31 .e.o-.$. ..nK..1 >+[1010] B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D D9 0C 4C ....72.. s...M..L >+[1020] 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 A7 1F 33 [..jQ..? .F.s...3 >+[1030] 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F AA C7 E8 .|..Z#.@ |....... >+[1040] 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 69 B0 C1 c..:J..b .!...i.. >+[1050] 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 48 AB D7 .Q....B[ .08..H.. >+[1060] FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 FC C1 DC ....q... TB...... >+[1070] F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C 26 67 32 ..0b...} +4.RL&g2 >+[1080] D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 D6 EB 98 .D..'... ..f5.... >+[1090] 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B 20 D6 33 Fo.G..1. G.e.. .3 >+[10A0] 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 3E 4B 32 6;.@/Z.. ....3>K2 >+[10B0] 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 6A 3E D2 ..".._.. ...[Yj>. >+[10C0] FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 44 C0 1F ..O....o +.7.7D.. >+[10D0] 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE 72 5B 3A ..CF.^.. .9pa.r[: >+[10E0] 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 81 A0 0D .7.x.... ...G.... >+[10F0] 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 5A 4D E2 b..46... ...>wZM. >+[1100] 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 59 F7 A3 _ p==[4. ..1..Y.. >+[1110] F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 31 D4 F3 .f...... .3.."1.. >+[1120] 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 9E 91 B8 g.h ..rz od.h.... >+[1130] E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 58 14 60 ..ml8t.. ..%..X.` >+[1140] 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A 86 21 D3 ...L..g> 5gq.*.!. >+[1150] 60 61 98 16 94 67 0B 52 76 63 93 BD A3 3B A9 F0 `a...g.R vc...;.. >+[1160] A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D 94 71 59 .j...5d. j. .=.qY >+[1170] 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B 7A A8 E6 ^....M.. K.d.;z.. >+[1180] D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 C9 2F 77 ..vq&.\. .U..../w >+[1190] DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B 44 11 6B ...H.... 1....D.k >+[11A0] 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D F4 CC EA |.z].n.. ...4.... >+[11B0] 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 C6 16 57 7$K..... )...9..W >+[11C0] D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 56 9C EC ..W.l~.. .....V.. >+[11D0] 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F 16 25 31 .>!..|.< ....o.%1 >+[11E0] C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 DB 85 CC .(...G1P ........ >+[11F0] 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 10 8C 82 kK,...-. m....... >+[1200] 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 0A 4F E3 /.....w@ PB.B..O. >+[1210] 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 5B C3 1A ll...... }.<s"[.. >+[1220] 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 54 C0 E3 .5.:.m.h ..e~.T.. >+[1230] 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 25 4A 92 }j2L.>.x K....%J. >+[1240] 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 75 28 2F .l...Y.. .....u(/ >+[1250] F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 C4 A0 8D .*p(.E.u .Nb..... >+[1260] 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 09 EB 05 U....... $...@... >+[1270] 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 95 01 50 ...1P2/. ...K...P >+[1280] 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 00 00 01 n.#I.r!. ........ >+[1290] 00 00 00 01 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[12A0] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[12B0] 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 ...admin istrator >+[12C0] 00 00 00 01 00 00 00 02 00 00 00 17 4B 54 45 53 ........ ....KTES >+[12D0] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[12E0] 43 4F 4D 00 00 00 04 63 69 66 73 00 00 00 0B 4C COM....c ifs....L >+[12F0] 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 00 00 10 OCALKTES T6...... >+[1300] 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 ..^FH..) ....rm.. >+[1310] 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 M.OjM... }D.h.... >+[1320] 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 03 .@(..... ........ >+[1330] FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 .a...0.. ........ >+[1340] 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1350] 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 AMPLE.CO M..0.... >+[1360] 01 01 A1 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F ....0... cifs..LO >+[1370] 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 CALKTEST 6....0.. >+[1380] AA A0 03 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 ........ ........ >+[1390] 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE ...f..F. .s-...J. >+[13A0] 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 .H...X0C @....;.. >+[13B0] 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED -..>./.. ......p. >+[13C0] 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 ...^.N.. ...a...V >+[13D0] 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 .2...7). /...C... >+[13E0] D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 ..t3.iR. X.....D. >+[13F0] 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D c..Nn.>. ..M....m >+[1400] 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A )..*b=S" 3....tL* >+[1410] E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 .).[i.H- .....T.. >+[1420] 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 ^.ho...y ....vfE. >+[1430] 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A ;...@F.. .......: >+[1440] C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D ..8;..K. ..'.b... >+[1450] 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 e...^.e. ....1..I >+[1460] 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 O.Jpw... [7\..... >+[1470] 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1.@..h.. }.TORa1, >+[1480] 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 .SR....9 .}...".. >+[1490] 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 ..=^f... .N.+.c 0 >+[14A0] DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B ....e.o- .$. ..nK >+[14B0] 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D ..1....7 2..s...M >+[14C0] D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 ..L[..jQ ..?.F.s. >+[14D0] A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F ..3.|..Z #.@|.... >+[14E0] AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 ...c..:J ..b.!... >+[14F0] 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 i...Q... .B[.08.. >+[1500] 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 H......q ...TB... >+[1510] FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C .....0b. ..}+4.RL >+[1520] 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 &g2.D..' .....f5. >+[1530] D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B ...Fo.G. .1.G.e.. >+[1540] 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 .36;.@/ Z......3 >+[1550] 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 >K2..".. _.....[Y >+[1560] 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 j>...O.. ..o+.7.7 >+[1570] 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE D....CF. ^...9pa. >+[1580] 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 r[:.7.x. ......G. >+[1590] 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 ...b..46 ......>w >+[15A0] 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 ZM._ p== [4...1.. >+[15B0] 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 Y...f... ....3.." >+[15C0] 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 1..g.h . .rzod.h. >+[15D0] 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 .....ml8 t....%.. >+[15E0] 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A X.`...L. .g>5gq.* >+[15F0] 86 21 D3 60 61 98 16 94 67 0B 52 76 63 93 BD A3 .!.`a... g.Rvc... >+[1600] 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D ;...j... 5d.j. .= >+[1610] 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B .qY^.... M..K.d.; >+[1620] 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 z....vq& .\..U... >+[1630] C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B ./w...H. ...1.... >+[1640] 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D D.k|.z]. n.....4. >+[1650] F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 ...7$K.. ...)...9 >+[1660] C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 ..W..W.l ~....... >+[1670] 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F V...>!.. |.<....o >+[1680] 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 .%1.(... G1P..... >+[1690] DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 ...kK,.. .-.m.... >+[16A0] 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 .../.... .w@PB.B. >+[16B0] 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 .O.ll... ...}.<s" >+[16C0] 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 [...5.:. m.h..e~. >+[16D0] 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 T..}j2L. >.xK.... >+[16E0] 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 %J..l... Y....... >+[16F0] 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 u(/.*p(. E.u.Nb.. >+[1700] C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 ...U.... ...$...@ >+[1710] 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 ......1P 2/....K. >+[1720] 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 ..Pn.#I. r!...... >+[1730] 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 54 ........ ...KTEST >+[1740] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[1750] 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 OM....ad ministra >+[1760] 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 4B tor..... .......K >+[1770] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[1780] 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 00 LE.COM.. ..cifs.. >+[1790] 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 ..LOCALK TEST6... >+[17A0] 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 .....^FH ..)....r >+[17B0] 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 m..M.OjM ...}D.h. >+[17C0] 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 00 ....@(.. ........ >+[17D0] 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 ....a... 0....... >+[17E0] 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[17F0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C .EXAMPLE .COM..0. >+[1800] A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 1B .......0 ...cifs. >+[1810] 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE .LOCALKT EST6.... >+[1820] 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 82 0....... ........ >+[1830] 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 ......f. .F..s-.. >+[1840] FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F .J..H... X0C@.... >+[1850] 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC ;..-..>. /....... >+[1860] D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 .p....^. N.....a. >+[1870] D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 ..V.2... 7)./...C >+[1880] BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 .....t3. iR.X.... >+[1890] 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 .D.c..Nn .>...M.. >+[18A0] F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF ..m)..*b =S"3.... >+[18B0] 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D tL*.).[i .H-..... >+[18C0] 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 T..^.ho. ..y....v >+[18D0] 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF fE.;...@ F....... >+[18E0] 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 ..:..8;. .K...'.b >+[18F0] 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 ...e...^ .e.....1 >+[1900] 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 ..IO.Jpw ...[7\.. >+[1910] DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 ...1.@.. h..}.TOR >+[1920] 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 a1,.SR.. ..9.}... >+[1930] 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F "....=^f ....N.+. >+[1940] 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D c 0....e .o-.$. . >+[1950] 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 .nK..1.. ..72..s. >+[1960] F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 ..M..L[. .jQ..?.F >+[1970] E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F .s...3.| ..Z#.@|. >+[1980] DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 ......c. .:J..b.! >+[1990] B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 ...i...Q ....B[.0 >+[19A0] 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 8..H.... ..q...TB >+[19B0] DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 ........ 0b...}+4 >+[19C0] 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 .RL&g2.D ..'..... >+[19D0] 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 f5....Fo .G..1.G. >+[19E0] 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE e.. .36; .@/Z.... >+[19F0] 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 ..3>K2.. ".._.... >+[1A00] CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 .[Yj>... O....o+. >+[1A10] 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 7.7D.... CF.^...9 >+[1A20] 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA pa.r[:.7 .x...... >+[1A30] FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 .G....b. .46..... >+[1A40] F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 .>wZM._ p==[4... >+[1A50] 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 1..Y...f .......3 >+[1A60] A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 .."1..g. h ..rzod >+[1A70] FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 .h...... ml8t.... >+[1A80] 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 %..X.`.. .L..g>5g >+[1A90] 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B 52 76 63 q.*.!.`a ...g.Rvc >+[1AA0] 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA ...;...j ...5d.j. >+[1AB0] 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 .=.qY^. ...M..K. >+[1AC0] 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 d.;z.... vq&.\..U >+[1AD0] 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C ..../w.. .H....1. >+[1AE0] 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 ...D.k|. z].n.... >+[1AF0] C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 .4....7$ K.....). >+[1B00] D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB ..9..W.. W.l~.... >+[1B10] A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 ...V...> !..|.<.. >+[1B20] A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ..o.%1.( ...G1P.. >+[1B30] ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D ......kK ,...-.m. >+[1B40] 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 ....../. ....w@PB >+[1B50] 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF .B..O.ll ......}. >+[1B60] 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 <s"[...5 .:.m.h.. >+[1B70] 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF e~.T..}j 2L.>.xK. >+[1B80] 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 ...%J..l ...Y.... >+[1B90] CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E ...u(/.* p(.E.u.N >+[1BA0] 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE b.....U. ......$. >+[1BB0] BC CE 40 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 ..@..... .1P2/... >+[1BC0] 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 .K...Pn. #I.r!... >+[1BD0] 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 ........ ......KT >+[1BE0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[1BF0] 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 E.COM... .adminis >+[1C00] 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 trator.. ........ >+[1C10] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1C20] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 AMPLE.CO M....cif >+[1C30] 73 00 00 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 s....LOC ALKTEST6 >+[1C40] 00 17 00 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 ........ ^FH..).. >+[1C50] A6 F1 72 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 ..rm..M. OjM...}D >+[1C60] 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 00 .h.....@ (....... >+[1C70] 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 .......a ...0.... >+[1C80] 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[1C90] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 MBA.EXAM PLE.COM. >+[1CA0] 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 .0...... ..0...ci >+[1CB0] 66 73 1B 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 fs..LOCA LKTEST6. >+[1CC0] 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 ...0.... ........ >+[1CD0] 02 A2 82 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 ........ .f..F..s >+[1CE0] 2D CF 88 FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 -...J..H ...X0C@. >+[1CF0] 9C 00 0F 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B ...;..-. .>./.... >+[1D00] D7 2E EC D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 ....p... .^.N.... >+[1D10] 8D 61 E5 D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 .a...V.2 ...7)./. >+[1D20] EE A8 43 BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 ..C..... t3.iR.X. >+[1D30] 83 D6 16 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 ....D.c. .Nn.>... >+[1D40] 4D C4 96 F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 M....m). .*b=S"3. >+[1D50] 95 E9 DF 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 ...tL*.) .[i.H-.. >+[1D60] FD A5 1D 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 ...T..^. ho...y.. >+[1D70] 97 0B 76 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 ..vfE.;. ..@F.... >+[1D80] BB CF CF 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 .....:.. 8;..K... >+[1D90] 27 8C 62 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B '.b...e. ..^.e... >+[1DA0] CB 17 31 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 ..1..IO. Jpw...[7 >+[1DB0] 5C EC 06 DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE \.....1. @..h..}. >+[1DC0] 54 4F 52 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D TORa1,.S R....9.} >+[1DD0] C6 CE C8 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E ...".... =^f....N >+[1DE0] 2E 2B 9F 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 .+.c 0.. ..e.o-.$ >+[1DF0] 07 20 8D 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E . ..nK.. 1....72. >+[1E00] 0C 73 C6 F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA .s...M.. L[..jQ.. >+[1E10] 3F FF 46 E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 ?.F.s... 3.|..Z#. >+[1E20] 40 7C 0F DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 @|...... .c..:J.. >+[1E30] 62 01 21 B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 b.!...i. ..Q....B >+[1E40] 5B C5 30 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA [.08..H. .....q.. >+[1E50] 18 54 42 DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 .TB..... ...0b... >+[1E60] 7D 2B 34 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA }+4.RL&g 2.D..'.. >+[1E70] D0 FC 84 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 ...f5... .Fo.G..1 >+[1E80] BE 47 80 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E .G.e.. . 36;.@/Z. >+[1E90] 0E 01 BE 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 .....3>K 2..".._. >+[1EA0] D5 92 94 CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B ....[Yj> ...O.... >+[1EB0] 6F 2B 14 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 o+.7.7D. ...CF.^. >+[1EC0] FE D3 39 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 ..9pa.r[ :.7.x... >+[1ED0] E7 E9 DA FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB ....G... .b..46.. >+[1EE0] E6 98 D8 F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 ....>wZM ._ p==[4 >+[1EF0] D9 FD A8 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD ...1..Y. ..f..... >+[1F00] D5 85 33 A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 ..3.."1. .g.h ..r >+[1F10] 7A 6F 64 FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 zod.h... ...ml8t. >+[1F20] 96 A2 F6 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 ...%..X. `...L..g >+[1F30] 3E 35 67 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B >5gq.*.! .`a...g. >+[1F40] 52 76 63 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 Rvc...;. ..j...5d >+[1F50] DA 6A EA 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE .j. .=.q Y^....M. >+[1F60] 1B 4B D8 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C .K.d.;z. ...vq&.\ >+[1F70] DA 1A 55 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 ..U..../ w...H... >+[1F80] C3 31 9C 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 .1....D. k|.z].n. >+[1F90] DA EF C5 C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 ....4... .7$K.... >+[1FA0] F2 29 A0 D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 .)...9.. W..W.l~. >+[1FB0] 90 E0 EB A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 ......V. ..>!..|. >+[1FC0] 3C F9 D2 A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 <....o.% 1.(...G1 >+[1FD0] 50 DD E1 ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D P....... .kK,...- >+[1FE0] A9 6D 1D 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 .m...... ./.....w >+[1FF0] 40 50 42 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB @PB.B..O .ll..... >+[2000] F0 7D CF 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 .}.<s"[. ..5.:.m. >+[2010] 68 A3 C5 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 h..e~.T. .}j2L.>. >+[2020] 78 4B BF 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 xK....%J ..l...Y. >+[2030] CF 2E A0 CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F ......u( /.*p(.E. >+[2040] 75 C2 4E 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 u.Nb.... .U...... >+[2050] EF 24 EE BC CE 40 09 EB 05 0B D1 14 31 50 32 2F .$...@.. ....1P2/ >+[2060] B6 A8 97 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 ....K... Pn.#I.r! >+[2070] 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >+[2080] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[2090] 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 MPLE.COM ....admi >+[20A0] 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 nistrato r....... >+[20B0] 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[20C0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 .EXAMPLE .COM.... >+[20D0] 68 6F 73 74 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 host.... localkte >+[20E0] 73 74 36 00 17 00 00 00 10 72 47 04 38 B6 E6 F0 st6..... .rG.8... >+[20F0] 44 9E 9F 27 66 E1 69 9C 9A 4D 99 4F 6A 4D 99 90 D..'f.i. .M.OjM.. >+[2100] F5 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 .}D.h... ..@(.... >+[2110] 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 ........ ..a...0. >+[2120] 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 ........ ...KTEST >+[2130] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[2140] 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B OM..0... .....0.. >+[2150] 04 68 6F 73 74 1B 0B 6C 6F 63 61 6C 6B 74 65 73 .host..l ocalktes >+[2160] 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 t6....0. ........ >+[2170] 03 02 01 02 A2 82 03 9C 04 82 03 98 58 95 95 EB ........ ....X... >+[2180] CB 8F 68 D4 77 43 0F 3B 44 B4 15 DA 40 6D FD E9 ..h.wC.; D...@m.. >+[2190] 85 D3 2F CD B5 1E 96 CD F6 E9 67 91 36 08 9E B4 ../..... ..g.6... >+[21A0] B3 47 70 7A B3 4E 82 5A 4F 8E 4B F5 8D 04 E4 5C .Gpz.N.Z O.K....\ >+[21B0] C4 D8 0C AF 08 25 F9 C1 64 B2 3A 35 26 E9 B2 72 .....%.. d.:5&..r >+[21C0] 66 B5 E9 81 FC BE 12 1B CC 8A A5 82 31 F6 7F C3 f....... ....1... >+[21D0] 5A 19 A3 31 F2 99 14 1E 64 E4 41 E8 C7 C3 F3 DF Z..1.... d.A..... >+[21E0] F5 65 7D B0 9F DC 5D 25 1D 1A A8 EA AA 88 6D F4 .e}...]% ......m. >+[21F0] 7C 25 9F 53 F6 A6 8F B1 24 AF 98 FE 53 7B 35 3C |%.S.... $...S{5< >+[2200] DB EC 7F 09 74 E9 C4 8D 20 B4 47 08 0E 32 B8 C9 ....t... .G..2.. >+[2210] 45 27 12 F9 8E F5 D6 C2 DD 1A 96 0E 68 5F 39 65 E'...... ....h_9e >+[2220] 72 C7 BD 8E 04 0E 13 E1 03 27 AC 50 80 76 E6 7A r....... .'.P.v.z >+[2230] 8E F4 C2 72 4F 68 B3 34 00 A9 54 41 DA FD 96 94 ...rOh.4 ..TA.... >+[2240] 29 A1 59 15 2F DB 6C 94 85 49 C5 D0 6D 48 B0 C4 ).Y./.l. .I..mH.. >+[2250] 65 D0 95 1D DB 3D 25 D0 75 50 D4 CF FA 2F 71 57 e....=%. uP.../qW >+[2260] BD 6C 1C 59 E1 C3 5B C7 24 95 FF B0 20 EF 6A DB .l.Y..[. $... .j. >+[2270] 79 87 67 91 94 E9 16 E2 BB 74 7A 08 E1 6A 36 5F y.g..... .tz..j6_ >+[2280] DF 11 AB 35 9B 3E 32 48 83 89 41 4E 06 BF F9 BB ...5.>2H ..AN.... >+[2290] EC E4 D7 6D 77 C4 55 22 DF F7 91 4D CB C5 01 A5 ...mw.U" ...M.... >+[22A0] BA 2D 1E 92 76 04 E8 02 2F 5E AF 1C B3 B7 A6 FB .-..v... /^...... >+[22B0] 3A 9F D9 7C 6D DA B4 8F 31 00 A5 30 F2 76 72 9B :..|m... 1..0.vr. >+[22C0] 62 97 E0 56 E5 E4 C7 6B 8B FC 84 75 57 66 6E D7 b..V...k ...uWfn. >+[22D0] B7 41 6F 61 F4 5B 0F 87 68 F6 54 02 26 1B 1F B7 .Aoa.[.. h.T.&... >+[22E0] 60 D6 E7 FA 4F C7 DB 35 58 EC 13 21 D4 C6 A1 27 `...O..5 X..!...' >+[22F0] BA E7 82 DF 29 FB 9D 5D E8 35 28 C9 9C 4E D7 BE ....)..] .5(..N.. >+[2300] 2F 6D F1 E8 0B 5A 74 C9 93 9F AD 42 24 4B B7 3B /m...Zt. ...B$K.; >+[2310] 38 2A 11 CF F0 BD 85 40 48 D8 9D E7 6B 65 70 42 8*.....@ H...kepB >+[2320] 60 DA 9B 65 CB C8 C5 D7 40 3A 12 DC 64 AF 82 54 `..e.... @:..d..T >+[2330] 34 05 38 4F C6 FB 38 E2 73 A9 89 B7 FC 33 15 85 4.8O..8. s....3.. >+[2340] 9E CA E9 E0 89 18 18 84 02 65 B4 74 5B D4 A1 6F ........ .e.t[..o >+[2350] 5F 79 20 CB D7 36 C8 6D 5B 1E 5E 0C 82 16 9F CC _y ..6.m [.^..... >+[2360] 5A 1E 57 C1 B6 94 51 87 A1 3D 12 D4 8B FE 0F 93 Z.W...Q. .=...... >+[2370] ED 53 A3 F4 88 3C 35 05 89 FE AF 0B 36 62 E3 2F .S...<5. ....6b./ >+[2380] 5C 4A 0E 07 67 39 A3 8E C0 45 07 7F 73 32 BC DE \J..g9.. .E..s2.. >+[2390] 2D 00 8B 47 79 3D 1C A1 90 AE B6 8F 83 B2 1B 31 -..Gy=.. .......1 >+[23A0] EE E4 F2 C5 C1 4A E2 4A 2F 28 F0 AA 19 43 6A 14 .....J.J /(...Cj. >+[23B0] B1 42 61 90 34 2E EE 3D 16 9F 5D 9F 7A A2 01 7A .Ba.4..= ..].z..z >+[23C0] 4B 96 FA 4D C9 85 1A 75 27 B7 6B FD 4D 7D 9C 65 K..M...u '.k.M}.e >+[23D0] 97 DB 05 CC 76 68 EA 05 5D 5D BB BD 51 4B 5B F2 ....vh.. ]]..QK[. >+[23E0] 48 59 BD 1E AD 56 D4 69 A5 75 CD ED EC B1 3E AB HY...V.i .u....>. >+[23F0] FA B7 F8 8D 4F BE 95 63 38 1C 4C 70 26 C4 3A 21 ....O..c 8.Lp&.:! >+[2400] 80 61 05 3A D4 E2 28 2C 85 01 5A DA FC 10 60 F3 .a.:..(, ..Z...`. >+[2410] 74 0C FD DB 2F 5B 25 4B 14 E4 7D 8A DB 85 12 D2 t.../[%K ..}..... >+[2420] D7 69 CD B5 B1 93 CE E5 E6 4D 57 D3 C2 D3 2E A0 .i...... .MW..... >+[2430] 08 37 09 CD 19 99 09 FA 33 68 4A E0 92 46 21 0C .7...... 3hJ..F!. >+[2440] 99 9F DA 05 15 20 8B 3D 7C 7B CA D6 81 AC AA 83 ..... .= |{...... >+[2450] 48 C8 24 4C C8 FC A5 14 2C BC 49 1A 1C 49 61 1D H.$L.... ,.I..Ia. >+[2460] 24 86 42 B1 37 6A C8 3A AC 18 CC C0 50 84 12 48 $.B.7j.: ....P..H >+[2470] 8B 29 0A 49 26 A4 E2 B9 E5 96 E7 37 C3 DE 4C 23 .).I&... ...7..L# >+[2480] D2 D4 62 14 8F 1E 72 39 CF 03 BC A3 00 C7 63 51 ..b...r9 ......cQ >+[2490] A9 6B E4 3E B2 65 A1 A2 BB EC 06 41 85 50 22 02 .k.>.e.. ...A.P". >+[24A0] 46 2F 72 2B 32 1A A4 2D 85 94 02 47 69 8D AD 6D F/r+2..- ...Gi..m >+[24B0] 66 AB D4 E4 29 C8 C7 DA F4 18 31 2A DF 50 6A 05 f...)... ..1*.Pj. >+[24C0] D6 47 26 C4 F9 87 0F 35 24 6E 72 D6 23 7D 3A 94 .G&....5 $nr.#}:. >+[24D0] 14 8D E8 57 AA BA D7 CF A9 2D E7 4C 10 7C D8 0D ...W.... .-.L.|.. >+[24E0] 51 30 1F E1 FB E5 E2 6C EE AA 65 2F D8 22 05 67 Q0.....l ..e/.".g >+[24F0] 87 4D 4D D2 11 3D B4 1E AA 20 3F 76 E3 94 93 6D .MM..=.. . ?v...m >+[2500] AC 10 05 AF 09 BD 67 86 C5 83 93 D6 1C D3 81 D9 ......g. ........ >+[2510] B1 3B E1 76 00 00 00 00 00 00 00 01 00 00 00 01 .;.v.... ........ >+[2520] 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E ....KTES T.SAMBA. >+[2530] 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 EXAMPLE. COM....a >+[2540] 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 dministr ator.... >+[2550] 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[2560] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[2570] 00 00 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C ...host. ...LOCAL >+[2580] 4B 54 45 53 54 36 00 17 00 00 00 10 55 6E 3E FC KTEST6.. ....Un>. >+[2590] E2 F4 40 51 19 E6 6E EB 23 4C 48 8E 4D 99 4F 6A ..@Q..n. #LH.M.Oj >+[25A0] 4D 99 90 FC 7D 44 0B 68 00 00 00 00 00 40 28 00 M...}D.h .....@(. >+[25B0] 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 ........ .....a.. >+[25C0] F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 .0...... ......KT >+[25D0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[25E0] 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 E.COM..0 ........ >+[25F0] 30 13 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 0...host ..LOCALK >+[2600] 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 TEST6... .0...... >+[2610] 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 6E ........ .......n >+[2620] 87 B7 7B 3A 7E EF 4A 1B 29 C9 E3 C4 1F 42 4F 0E ..{:~.J. )....BO. >+[2630] C8 AC AC 4E A2 77 1D DA 93 37 F1 AF DA A3 75 2D ...N.w.. .7....u- >+[2640] 12 8B 40 34 23 0E 8E A9 90 58 46 42 42 39 31 D6 ..@4#... .XFBB91. >+[2650] 03 9E 5D 81 D9 E8 F6 08 2B D9 96 88 8A 2F F1 CC ..]..... +..../.. >+[2660] F2 EA 9E 9A 4B 31 B6 04 2D 3D 4C 7F 92 DE 3B 04 ....K1.. -=L...;. >+[2670] 19 EE 28 D0 83 81 C3 46 CD 74 23 4C 14 34 DE 62 ..(....F .t#L.4.b >+[2680] 0A AC E5 12 16 75 E9 A8 4B 32 78 CC 8D AE A2 E5 .....u.. K2x..... >+[2690] 6D E8 09 70 76 52 F5 E5 18 F7 E7 91 15 6A 69 AB m..pvR.. .....ji. >+[26A0] B8 62 DD 80 F5 28 6D DF ED 10 DA AC FB 92 27 CF .b...(m. ......'. >+[26B0] 98 B5 77 9D A5 96 E6 9A CC B9 C3 91 78 22 35 9C ..w..... ....x"5. >+[26C0] A1 13 A3 20 28 D1 16 E5 3E 4A 85 1E 12 0B CA 4D ... (... >J.....M >+[26D0] C6 C8 03 C8 28 2C D8 29 5D 9A 76 4A 92 13 43 56 ....(,.) ].vJ..CV >+[26E0] AF F7 C1 71 25 72 5C 38 75 1C 07 F1 5E 86 05 72 ...q%r\8 u...^..r >+[26F0] 6F 69 95 42 B6 F2 DA A9 91 06 9F B9 54 20 33 A5 oi.B.... ....T 3. >+[2700] 31 60 3B 54 DC 3A 95 34 96 26 07 52 6B 0E 1D 3B 1`;T.:.4 .&.Rk..; >+[2710] D9 F8 48 20 AC CD 05 3B 99 F8 EE DB 83 28 CD C7 ..H ...; .....(.. >+[2720] 2F 45 00 7E 2F 0A 65 7A D1 9E 95 4B EE C3 34 93 /E.~/.ez ...K..4. >+[2730] A8 C7 DF 03 8B 14 D0 FC CE 56 90 AC EE 93 C5 D3 ........ .V...... >+[2740] F7 12 24 69 0B 20 8D A2 65 87 55 26 2A F9 9A 88 ..$i. .. e.U&*... >+[2750] D7 0D 86 61 D6 92 B6 FE E5 D1 66 F9 1F 9D F4 04 ...a.... ..f..... >+[2760] 48 A6 39 BC 54 20 EA 10 21 E9 6D 30 46 1D C2 1C H.9.T .. !.m0F... >+[2770] A4 E8 B4 63 85 37 27 25 80 52 41 60 C7 A1 32 21 ...c.7'% .RA`..2! >+[2780] 43 90 02 E6 5F 5A E9 4E AF F9 B5 13 BD 42 BD A3 C..._Z.N .....B.. >+[2790] A5 4D 10 45 83 4D 92 18 1F C9 CF FB 84 29 89 23 .M.E.M.. .....).# >+[27A0] AC 71 4B 89 1B 52 E5 06 8C 3E 7C 88 CB D3 B3 CF .qK..R.. .>|..... >+[27B0] B9 7A 67 D6 24 F4 AC 00 A6 AD 91 30 9A 95 53 F1 .zg.$... ...0..S. >+[27C0] 48 06 A6 39 DB CF DC 9D C9 55 76 26 5E C1 DB 5D H..9.... .Uv&^..] >+[27D0] B3 5B 3E AE 1A A0 10 BA 82 21 83 44 02 E0 99 33 .[>..... .!.D...3 >+[27E0] 40 BA 29 9E 28 E5 73 4C 23 94 A2 4F BF 07 ED 4F @.).(.sL #..O...O >+[27F0] 7C 45 9B 30 C8 41 6B 0A 55 13 6E F5 AD 7A 0C B2 |E.0.Ak. U.n..z.. >+[2800] EA FF D0 06 13 4D F3 24 82 7F F6 51 2F 4A 4F 0D .....M.$ ...Q/JO. >+[2810] 37 F8 14 6B E9 E4 82 BB 3A 75 63 63 12 E8 78 6F 7..k.... :ucc..xo >+[2820] 6F FC 6C D3 4B A6 F1 CC 2A F1 7D EB 82 26 2F D0 o.l.K... *.}..&/. >+[2830] A1 8B 3E 9A 71 D7 91 D3 08 E6 FD 62 1B 84 13 2D ..>.q... ...b...- >+[2840] 8E A0 A0 C3 85 78 2F 0D F8 E7 10 FC CB 05 A7 B9 .....x/. ........ >+[2850] 9A 33 90 B5 9B 26 E3 23 98 B0 91 4B EB 32 37 D6 .3...&.# ...K.27. >+[2860] F4 ED 61 08 D8 75 CC 03 83 2C 3C CF 21 63 9C F6 ..a..u.. .,<.!c.. >+[2870] AF 5B 4F 12 07 74 17 CD 98 BB E7 5E C7 17 2D C4 .[O..t.. ...^..-. >+[2880] 87 A4 74 6D 5E CE DB A3 01 B9 AD 20 73 38 78 22 ..tm^... ... s8x" >+[2890] 3D 45 F5 51 77 C6 47 63 45 61 81 D9 FF 31 90 C4 =E.Qw.Gc Ea...1.. >+[28A0] 6F 5A F8 FE 6A 56 5B D4 EE EC 49 C7 A7 51 AE 5C oZ..jV[. ..I..Q.\ >+[28B0] 85 53 70 3D 1A 49 83 59 CF 65 58 B3 48 7E 04 9E .Sp=.I.Y .eX.H~.. >+[28C0] C7 64 8A 05 73 E3 DC 1A 65 5D 4F 41 01 56 73 90 .d..s... e]OA.Vs. >+[28D0] 61 F3 84 1F FF CF 46 B2 06 46 56 97 93 B9 DB 32 a.....F. .FV....2 >+[28E0] 2A 64 8A 48 02 05 84 E9 FA 76 8B 94 96 89 A0 73 *d.H.... .v.....s >+[28F0] 20 75 4D 52 1D 23 13 D1 83 D7 5D 59 23 6A 87 C1 uMR.#.. ..]Y#j.. >+[2900] 09 3E 01 3A 28 65 42 8C 35 F1 91 EA 6A 1F 83 0D .>.:(eB. 5...j... >+[2910] 8F 57 69 81 D4 A2 D2 EA 0C BF AF 95 A3 F4 90 15 .Wi..... ........ >+[2920] 61 34 F2 6C 8B D0 DA B5 1E 43 AC CE C7 8A 1B 2B a4.l.... .C.....+ >+[2930] 29 2B 89 1C C5 53 C8 04 F7 1E 46 72 F3 A8 CE F7 )+...S.. ..Fr.... >+[2940] 59 76 55 E7 53 1C A2 9F D8 23 F7 EA 71 B0 74 83 YvU.S... .#..q.t. >+[2950] 71 95 3E DC A6 FA 2D A4 42 13 93 8B 2B FA A2 70 q.>...-. B...+..p >+[2960] 25 21 2D F6 E1 26 56 DF 58 79 25 16 E8 C9 03 EC %!-..&V. Xy%..... >+[2970] 72 5F 35 CF 59 6B E1 AD 85 85 7B AB 78 F2 0D AC r_5.Yk.. ..{.x... >+[2980] AB 89 F2 DA 85 E7 DE 09 77 99 EC 7C F3 97 1F 71 ........ w..|...q >+[2990] 3C DB 09 44 7A 3C 69 E5 03 B0 6D 4D 3B 6B 4C D5 <..Dz<i. ..mM;kL. >+[29A0] AB 52 2F 6F 81 2B 51 5B D2 66 44 1E B7 66 5D 7F .R/o.+Q[ .fD..f]. >+[29B0] 09 6A 92 27 27 62 08 00 00 00 00 .j.''b.. ... >+push returned Success >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] 8B 94 0B 31 51 5B F7 A7 15 E9 EE D7 D7 0C 8C 90 ...1Q[.. ........ >+ authtime : 0x4d994f6a (1301892970) >+ starttime : 0x4d994f6a (1301892970) >+ endtime : 0x7d440b68 (2101611368) >+ renew_till : 0x7d440b68 (2101611368) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 80 66 8F CF AB 24 9D C8 76 E4 28 F5 25 6B 73 B2 .f...$.. v.(.%ks. >+[0080] 4B 94 ED 09 10 29 05 C4 C0 B8 B9 33 FA C4 46 AB K....).. ...3..F. >+[0090] F4 B5 9E 5B 07 54 D6 58 1D B8 CA 04 41 A6 33 A6 ...[.T.X ....A.3. >+[00A0] 67 9D EB 83 70 65 A9 2D 65 A5 19 8C 55 2A 0F FC g...pe.- e...U*.. >+[00B0] 1B BB 7A BD 86 C0 32 06 F2 2F 0A A5 93 E7 D1 1E ..z...2. ./...... >+[00C0] 16 C4 27 DD 1F A7 61 03 FF 05 81 EF 49 B7 25 A3 ..'...a. ....I.%. >+[00D0] 6E EA E6 E8 15 E3 10 AF A3 F1 21 B3 D9 C0 67 2F n....... ..!...g/ >+[00E0] 0C 0C B7 42 D6 9A 34 8E D4 5E 55 C2 FE 62 03 37 ...B..4. .^U..b.7 >+[00F0] A5 58 9B 43 E7 26 E3 71 B2 E5 F1 91 B4 23 8F AC .X.C.&.q .....#.. >+[0100] 7A 31 3C 4E B4 94 E4 81 36 98 71 3B 98 7B B7 AB z1<N.... 6.q;.{.. >+[0110] D5 AA D3 34 2A 3B C8 D7 61 EE 60 F9 68 9C A0 56 ...4*;.. a.`.h..V >+[0120] 51 E7 85 81 DE EF B9 9F 8B 4A 07 E1 05 93 08 5A Q....... .J.....Z >+[0130] AE B3 92 A5 17 40 B1 1C 42 A9 E4 AD 3C B4 4E D3 .....@.. B...<.N. >+[0140] BE 68 C4 0C 81 C0 AB 2D 3E 81 09 BD 16 82 EB C5 .h.....- >....... >+[0150] 1A 69 EE 8C 4E A4 D8 55 A5 0B 23 0F D0 89 48 C4 .i..N..U ..#...H. >+[0160] 51 FE 32 FD CC F6 71 E1 95 2D CC 1D 0A 0C 8A A2 Q.2...q. .-...... >+[0170] 69 58 3B 65 88 53 EC D0 2E E1 C6 CC 6B BC 09 E5 iX;e.S.. ....k... >+[0180] B9 15 27 8B E4 B2 24 18 61 42 BB 8B 09 1B 8A 7B ..'...$. aB.....{ >+[0190] 13 D8 51 E1 0B 79 12 48 DE A9 54 04 00 6D DD E6 ..Q..y.H ..T..m.. >+[01A0] 5E 03 91 FF C7 6D 0B 7C 91 44 E1 0F C0 7E 32 34 ^....m.| .D...~24 >+[01B0] 82 86 94 F7 CD 53 EC 52 38 18 AA ED FF FC 5C 01 .....S.R 8.....\. >+[01C0] D2 EE 99 45 8E 5B E6 B3 46 B0 F6 3B 22 29 EC 11 ...E.[.. F..;").. >+[01D0] 30 6A F6 A1 1F 9E AE 71 E3 A6 E7 3F F3 7D 2B 75 0j.....q ...?.}+u >+[01E0] 70 4D 63 47 5C 18 2C 8B B1 1A 69 B6 C5 46 01 17 pMcG\.,. ..i..F.. >+[01F0] 8E 64 3D 47 88 20 1C AA D7 60 32 28 11 60 EA 28 .d=G. .. .`2(.`.( >+[0200] 66 99 4C B1 2A 28 96 BF 18 2A 3E F4 D6 84 E5 A0 f.L.*(.. .*>..... >+[0210] F4 4E E7 F9 54 95 22 96 2A 87 01 CC 3E A7 FF 42 .N..T.". *...>..B >+[0220] 6A A4 4A 3A B9 24 10 65 99 53 58 2A 4E 72 E7 1F j.J:.$.e .SX*Nr.. >+[0230] 82 BC BD 3C 6C 9D 33 3A CE C6 6E 72 A2 81 B3 84 ...<l.3: ..nr.... >+[0240] 82 DF 3C 1F 76 E5 B8 08 AD 0A 6C 7D 7B D5 0C 46 ..<.v... ..l}{..F >+[0250] 69 A4 F4 E9 9E 3D D7 2D E1 43 D1 7A 52 16 75 56 i....=.- .C.zR.uV >+[0260] 54 83 D5 2A 2F A7 D2 CB 48 FE FF DB AE 46 F2 5B T..*/... H....F.[ >+[0270] F4 52 BE C8 5E B1 04 95 52 35 3E 92 E0 02 F7 85 .R..^... R5>..... >+[0280] AB F0 D0 93 08 42 E5 37 19 24 4E C1 AF FC 92 A9 .....B.7 .$N..... >+[0290] B1 27 B1 9A 2A 62 34 F1 DC C0 6B 83 AE C3 74 E8 .'..*b4. ..k...t. >+[02A0] A3 05 DD 82 DD A3 D7 90 A8 E3 9C EB 64 16 23 06 ........ ....d.#. >+[02B0] 5D FB E4 35 7C 22 29 78 E3 3B 75 92 91 0C 9D A1 ]..5|")x .;u..... >+[02C0] 87 7C 2E 82 AE 49 9D 4A 50 A9 C2 D5 85 B0 16 5D .|...I.J P......] >+[02D0] A2 CD B0 DD 29 3F 6F 66 C9 C1 9F 5C F0 B6 FC D2 ....)?of ...\.... >+[02E0] 52 BE 7B F0 1F 26 AF 8A FC C3 A6 24 8C C0 10 06 R.{..&.. ...$.... >+[02F0] 73 1E 17 9E 6E 6F 32 44 6A DF 82 5D D0 6B 74 CE s...no2D j..].kt. >+[0300] 58 0B 4C 7B EB A1 13 44 B1 3E D8 F8 BA F4 4E 55 X.L{...D .>....NU >+[0310] 71 3D C1 09 D9 E7 97 9A 14 5C 54 7E 57 81 5F 6B q=...... .\T~W._k >+[0320] 30 BE 9A E1 98 29 47 D4 C0 8F 63 0A F8 27 1F CE 0....)G. ..c..'.. >+[0330] ED D9 BB 7B 12 24 D0 34 2A 7C F0 F7 77 F4 F1 1D ...{.$.4 *|..w... >+[0340] 4C 5D 75 2D 6B 0D 80 35 82 CC D8 7A 6B FA A0 55 L]u-k..5 ...zk..U >+[0350] 34 CD 87 15 61 38 78 D4 69 0F AA 72 D6 AC FA 99 4...a8x. i..r.... >+[0360] BC 70 39 27 A7 25 2E 1B 6F 36 01 FD E9 B4 9A 79 .p9'.%.. o6.....y >+[0370] 6C 19 DD A6 8C 78 B0 40 92 60 58 F0 28 AD 08 78 l....x.@ .`X.(..x >+[0380] 4A 29 06 2C 82 2B 1A E3 91 0B 5F EE D6 B8 66 47 J).,.+.. .._...fG >+[0390] 31 9B A3 DF 9F 79 D7 BB 0E 2C FA 0E C9 66 84 8D 1....y.. .,...f.. >+[03A0] FF BA BB 21 27 9E AD 86 84 55 8D 4C 4C 47 D9 5F ...!'... .U.LLG._ >+[03B0] B2 7D 26 CA B7 49 3C 9D 1B 67 71 11 3A 8A EB EA .}&..I<. .gq.:... >+[03C0] 0F 15 EB F0 1E 46 F7 A4 34 04 D7 E3 50 67 47 D3 .....F.. 4...PgG. >+[03D0] 66 21 17 77 51 A7 1F 1D 84 3B 7C B1 5D 4E B8 D4 f!.wQ... .;|.]N.. >+[03E0] F9 C5 75 06 AA 19 45 1C E9 06 9E AD 23 26 6B 10 ..u...E. ....#&k. >+[03F0] 53 A0 36 D3 58 9F 5E 8C CB A5 F6 BC C9 30 3C BC S.6.X.^. .....0<. >+[0400] AD FF 7C 92 F0 C6 9A 02 ..|..... >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=10683 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 PLE.COM. ...cifs. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 72 3A 0C .....n.. 1mH..r:. >+[0080] 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D 44 0B 68 K...M.Oj M.P.}D.h >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 ........ 0...cifs >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 FC 5E 51 ........ .d.1..^Q >+[0110] 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 12 74 2D <..4G;.o o.....t- >+[0120] 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB F1 15 FD D....-F> ........ >+[0130] BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 A2 9D 2D ..... j8 .F.'...- >+[0140] 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B 70 E4 51 ...}...| .G..{p.Q >+[0150] 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 55 75 44 j.Qhb(J. Q....UuD >+[0160] 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 C1 0C 3A ......4. .1..C..: >+[0170] B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 AF E1 61 .i. ...e O. ....a >+[0180] 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B 74 D5 8F ...c&.]. <.).{t.. >+[0190] 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD 22 9A A5 ,.K..$W7 .....".. >+[01A0] 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 28 4B 7B ..Jx.6.. ..'..(K{ >+[01B0] DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 26 91 78 ..B..... ....H&.x >+[01C0] A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 4D 38 C7 ...l$... .....M8. >+[01D0] 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 53 C5 16 }IU..F.. {..bcS.. >+[01E0] 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 7E 40 65 J...|..E ...Xg~@e >+[01F0] 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 56 E8 A1 KH...... 9....V.. >+[0200] 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F 18 CE 2F .zz.`..) ...L.../ >+[0210] 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 08 FC BF ...[l..E .s..U... >+[0220] C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 2D F1 3B ..Q..,.. <....-.; >+[0230] A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB 8A 18 BD ....*g.. ..|l.... >+[0240] D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 7E 7D C4 .].^h0.X ....&~}. >+[0250] E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED 42 79 31 ........ .^^j.By1 >+[0260] BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 36 C9 1E .._:?..c .....6.. >+[0270] 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 DE 26 85 .}A....& ..P^..&. >+[0280] 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 79 8F 77 0q.E;... ..*<.y.w >+[0290] 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB 25 7B B1 L.iz.... ...x.%{. >+[02A0] 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D C8 AB 04 <."'..u. ..@.m... >+[02B0] 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D E6 15 2C .A..%q.S :...M.., >+[02C0] B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 F5 E9 B2 .Gl..}.. ....!... >+[02D0] 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA 08 0D CE B.h(..7" .0.S.... >+[02E0] CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 56 72 C6 ..a...-u .A.L.Vr. >+[02F0] B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 A0 BD 68 ...4...\ .......h >+[0300] EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 83 84 D4 ..2..Q.? g.{.p... >+[0310] CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 05 CF 26 .RU6a.`. [o..b..& >+[0320] 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F B0 B8 07 .e.`K.c. ..D./... >+[0330] FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F 44 09 20 ...P.V.. .%v..D. >+[0340] 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 93 B1 30 ....c.TF ..^....0 >+[0350] 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A 1F C1 08 1{..#C;. }9g..... >+[0360] AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A 7F 1D 4A .4$.t... 4.aWj..J >+[0370] 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 0F DF 44 ...x...T ."..i..D >+[0380] 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C 53 E3 85 |.k.AcP. :..{LS.. >+[0390] 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC 84 84 D9 s....u.P ........ >+[03A0] BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 9B EC 5C ...y.j.. ..~."..\ >+[03B0] C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B 80 E6 67 .k...U2^ #......g >+[03C0] B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 24 8A B1 .Y..]... .}...$.. >+[03D0] 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 21 7C 3D 7.`..5H2 .....!|= >+[03E0] 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC 34 C1 2D !.k.1... L+.^.4.- >+[03F0] DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 07 06 72 ..l.m.`. U......r >+[0400] C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 CB 53 6B ..N..k>. ..uM..Sk >+[0410] 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 B7 D8 F5 4./..9.. n'.mA... >+[0420] 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 84 5E 82 .......V ......^. >+[0430] C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 FA 66 A0 ........ ;.....f. >+[0440] DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B 4D 72 9F .2`..F.< ..o..Mr. >+[0450] 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 B6 1B 9F ...qn|.. ..M..... >+[0460] 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 C2 69 E5 bq.,.... ..y...i. >+[0470] 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C 52 17 03 ~.W...N. ...OLR.. >+[0480] AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 95 61 2E ...4`.|. .607..a. >+[0490] CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D 84 D5 00 .p."p... n=0.M... >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 00 6E A1 B2 31 6D 48 C7 90 6....... n..1mH.. >+[0520] 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 50 85 7D r:.K...M .OjM.P.} >+[0530] 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 D.h..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 A8 31 00 ........ ....d.1. >+[05B0] FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD 9E A6 91 .^Q<..4G ;.oo.... >+[05C0] 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB FB C4 FB .t-D.... -F>..... >+[05D0] F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 06 27 D9 ........ j8.F.'. >+[05E0] A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 17 BC 7B ..-...}. ..|.G..{ >+[05F0] 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 0D CD 02 p.Qj.Qhb (J.Q.... >+[0600] 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 85 9E 43 UuD..... .4..1..C >+[0610] C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 20 C9 B5 ..:.i. . ..eO. .. >+[0620] AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD 29 BB 7B ..a...c& .].<.).{ >+[0630] 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 F7 91 FD t..,.K.. $W7..... >+[0640] 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A 27 8A C6 "....Jx. 6....'.. >+[0650] 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F 9C B8 48 (K{..B.. .......H >+[0660] 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 B3 D3 85 &.x...l$ ........ >+[0670] 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA 11 62 63 M8.}IU.. F..{..bc >+[0680] 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 98 58 67 S..J...| ..E...Xg >+[0690] 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 04 C0 A8 ~@eKH... ...9.... >+[06A0] 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC 82 4C 8F V...zz.` ..)...L. >+[06B0] 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 CB A4 55 ../...[l ..E.s..U >+[06C0] 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD F6 F0 A3 .....Q.. ,..<.... >+[06D0] 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 7C 6C FB -.;....* g....|l. >+[06E0] 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 13 E0 26 ....].^h 0.X....& >+[06F0] 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E 5E 6A ED ~}...... ....^^j. >+[0700] 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB 06 AE 12 By1.._:? ..c..... >+[0710] 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 50 5E D0 6...}A.. ..&..P^. >+[0720] DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 2A 3C E0 .&.0q.E; .....*<. >+[0730] 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC FF 78 DB y.wL.iz. ......x. >+[0740] 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 40 95 6D %{.<."'. .u...@.m >+[0750] C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 9C B2 4D ....A..% q.S:...M >+[0760] E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B C9 1E 21 ..,.Gl.. }......! >+[0770] F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 8D 53 FA ...B.h(. .7".0.S. >+[0780] 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 85 4C 88 .....a.. .-u.A.L. >+[0790] 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA 80 90 82 Vr....4. ..\..... >+[07A0] A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB 7B EB 70 ..h..2.. Q.?g.{.p >+[07B0] 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F FE 9A 62 ....RU6a .`.[o..b >+[07C0] 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 44 B4 2F ..&.e.`K .c...D./ >+[07D0] B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 76 0B 0F ......P. V...%v.. >+[07E0] 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB 5E 0B 09 D. ....c .TF..^.. >+[07F0] 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 67 FE 9A ..01{..# C;.}9g.. >+[0800] 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F 61 57 6A ....4$.t ...4.aWj >+[0810] 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 86 D6 69 ..J...x. ..T."..i >+[0820] 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 B9 7B 4C ..D|.k.A cP.:..{L >+[0830] 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 B0 CF CC S..s.... u.P..... >+[0840] 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 7E E9 22 ......y. j....~." >+[0850] 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 C0 D4 8B ..\.k... U2^#.... >+[0860] 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D E2 FE B1 ..g.Y..] ....}... >+[0870] 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 E8 12 E6 $..7.`.. 5H2..... >+[0880] 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B 1C 5E EC !|=!.k.1 ...L+.^. >+[0890] 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E E6 D0 B5 4.-..l.m .`.U.... >+[08A0] 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A 75 4D E8 ..r..N.. k>...uM. >+[08B0] CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 00 6D 41 .Sk4./.. 9..n'.mA >+[08C0] B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 04 1D 98 ........ ..V..... >+[08D0] 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 98 1C D8 .^...... ...;.... >+[08E0] FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 6F F2 8B .f..2`.. F.<..o.. >+[08F0] 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 4D F1 A1 Mr....qn |....M.. >+[0900] B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B 79 90 F1 ...bq.,. .....y.. >+[0910] C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 EA 4F 4C .i.~.W.. .N....OL >+[0920] 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 30 37 88 R.....4` .|..607. >+[0930] 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 30 F7 4D .a..p."p ...n=0.M >+[0940] 84 D5 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 63 69 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 .cifs... .localkt >+[09B0] 65 73 74 36 00 17 00 00 00 10 00 6E A1 B2 31 6D est6.... ...n..1m >+[09C0] 48 C7 90 72 3A 0C 4B 8B 83 8C 4D 99 4F 6A 4D 99 H..r:.K. ..M.OjM. >+[09D0] 50 85 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 P.}D.h.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 63 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 ..cifs.. localkte >+[0A30] 73 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 st6....0 ........ >+[0A40] A1 03 02 01 02 A2 82 03 9C 04 82 03 98 C6 BB 64 ........ .......d >+[0A50] A8 31 00 FC 5E 51 3C 87 F8 34 47 3B D0 6F 6F FD .1..^Q<. .4G;.oo. >+[0A60] 9E A6 91 12 74 2D 44 BB AA 91 A0 2D 46 3E 9E FB ....t-D. ...-F>.. >+[0A70] FB C4 FB F1 15 FD BB DA EE 06 A9 20 6A 38 DC 46 ........ ... j8.F >+[0A80] 06 27 D9 A2 9D 2D 1F FD 0D 7D 8A BB 0A 7C E8 47 .'...-.. .}...|.G >+[0A90] 17 BC 7B 70 E4 51 6A BA 51 68 62 28 4A 1E 51 D1 ..{p.Qj. Qhb(J.Q. >+[0AA0] 0D CD 02 55 75 44 8A B9 C2 84 F4 17 34 92 9B 31 ...UuD.. ....4..1 >+[0AB0] 85 9E 43 C1 0C 3A B2 69 7F 20 1A 18 1F 65 4F C0 ..C..:.i . ...eO. >+[0AC0] 20 C9 B5 AF E1 61 8C 90 10 63 26 A6 5D 05 3C CD ....a.. .c&.].<. >+[0AD0] 29 BB 7B 74 D5 8F 2C 7F 4B E8 84 24 57 37 8A C6 ).{t..,. K..$W7.. >+[0AE0] F7 91 FD 22 9A A5 0D E9 4A 78 93 36 FC A8 8C 8A ...".... Jx.6.... >+[0AF0] 27 8A C6 28 4B 7B DA 11 42 BC 09 10 81 82 14 0F '..(K{.. B....... >+[0B00] 9C B8 48 26 91 78 A8 DD 97 6C 24 A1 D2 E8 85 19 ..H&.x.. .l$..... >+[0B10] B3 D3 85 4D 38 C7 7D 49 55 8E 85 46 E1 EE 7B BA ...M8.}I U..F..{. >+[0B20] 11 62 63 53 C5 16 4A 0C 1C 99 7C 0E FB 45 1D B4 .bcS..J. ..|..E.. >+[0B30] 98 58 67 7E 40 65 4B 48 E2 89 9C 8B C2 B8 39 D1 .Xg~@eKH ......9. >+[0B40] 04 C0 A8 56 E8 A1 04 7A 7A C9 60 18 A0 29 E2 DC ...V...z z.`..).. >+[0B50] 82 4C 8F 18 CE 2F 14 F0 18 5B 6C FF 85 45 88 73 .L.../.. .[l..E.s >+[0B60] CB A4 55 08 FC BF C7 9F 51 0A DB 2C C1 E3 3C DD ..U..... Q..,..<. >+[0B70] F6 F0 A3 2D F1 3B A0 12 1D FC 2A 67 F5 1A 7F E5 ...-.;.. ..*g.... >+[0B80] 7C 6C FB 8A 18 BD D1 5D E5 5E 68 30 AA 58 9E 10 |l.....] .^h0.X.. >+[0B90] 13 E0 26 7E 7D C4 E1 A5 B6 86 0F 1C 0F 13 A4 5E ..&~}... .......^ >+[0BA0] 5E 6A ED 42 79 31 BB B3 5F 3A 3F DD CB 63 82 FB ^j.By1.. _:?..c.. >+[0BB0] 06 AE 12 36 C9 1E 06 7D 41 82 2E D2 FA 26 EC 17 ...6...} A....&.. >+[0BC0] 50 5E D0 DE 26 85 30 71 BC 45 3B DA 2E 08 8D B2 P^..&.0q .E;..... >+[0BD0] 2A 3C E0 79 8F 77 4C 01 69 7A 09 C7 88 E1 D1 DC *<.y.wL. iz...... >+[0BE0] FF 78 DB 25 7B B1 3C BB 22 27 80 0D 75 96 18 B6 .x.%{.<. "'..u... >+[0BF0] 40 95 6D C8 AB 04 05 41 A1 C4 25 71 C4 53 3A A6 @.m....A ..%q.S:. >+[0C00] 9C B2 4D E6 15 2C B2 47 6C DA A8 7D CC A3 89 8B ..M..,.G l..}.... >+[0C10] C9 1E 21 F5 E9 B2 42 95 68 28 AF C6 37 22 BA 30 ..!...B. h(..7".0 >+[0C20] 8D 53 FA 08 0D CE CA 81 61 0D 84 A5 2D 75 BD 41 .S...... a...-u.A >+[0C30] 85 4C 88 56 72 C6 B6 10 F8 34 CD B2 F4 5C 94 FA .L.Vr... .4...\.. >+[0C40] 80 90 82 A0 BD 68 EC 08 32 C3 B6 51 1E 3F 67 CB .....h.. 2..Q.?g. >+[0C50] 7B EB 70 83 84 D4 CB 52 55 36 61 1E 60 90 5B 6F {.p....R U6a.`.[o >+[0C60] FE 9A 62 05 CF 26 8E 65 E2 60 4B ED 63 B4 C4 E6 ..b..&.e .`K.c... >+[0C70] 44 B4 2F B0 B8 07 FE BE 0D 50 E4 56 A4 2E 0D 25 D./..... .P.V...% >+[0C80] 76 0B 0F 44 09 20 80 E5 C4 94 63 E0 54 46 1D AB v..D. .. ..c.TF.. >+[0C90] 5E 0B 09 93 B1 30 31 7B 04 DC 23 43 3B DB 7D 39 ^....01{ ..#C;.}9 >+[0CA0] 67 FE 9A 1F C1 08 AF 34 24 F6 74 E4 14 DA 34 8F g......4 $.t...4. >+[0CB0] 61 57 6A 7F 1D 4A 88 0A 90 78 93 F1 86 54 DB 22 aWj..J.. .x...T." >+[0CC0] 86 D6 69 0F DF 44 7C D3 6B 9D 41 63 50 98 3A 97 ..i..D|. k.AcP.:. >+[0CD0] B9 7B 4C 53 E3 85 73 9A C9 08 A0 75 12 50 02 87 .{LS..s. ...u.P.. >+[0CE0] B0 CF CC 84 84 D9 BC FC 94 79 AF 6A A6 08 FF 19 ........ .y.j.... >+[0CF0] 7E E9 22 9B EC 5C C1 6B 1D A4 B4 55 32 5E 23 C3 ~."..\.k ...U2^#. >+[0D00] C0 D4 8B 80 E6 67 B1 59 EB 9D 5D 9B AD C6 0E 7D .....g.Y ..]....} >+[0D10] E2 FE B1 24 8A B1 37 1E 60 7F 83 35 48 32 F7 03 ...$..7. `..5H2.. >+[0D20] E8 12 E6 21 7C 3D 21 7F 6B 14 31 9C 1A A3 4C 2B ...!|=!. k.1...L+ >+[0D30] 1C 5E EC 34 C1 2D DA 19 6C E6 6D 8D 60 D7 55 9E .^.4.-.. l.m.`.U. >+[0D40] E6 D0 B5 07 06 72 C0 E9 4E 91 94 6B 3E 0B F1 0A .....r.. N..k>... >+[0D50] 75 4D E8 CB 53 6B 34 A4 2F 96 A5 39 1A 18 6E 27 uM..Sk4. /..9..n' >+[0D60] 00 6D 41 B7 D8 F5 9A E5 01 FC 0B A8 97 56 EE 98 .mA..... .....V.. >+[0D70] 04 1D 98 84 5E 82 C8 E8 EC 17 D5 FA 96 00 3B E1 ....^... ......;. >+[0D80] 98 1C D8 FA 66 A0 DC 32 60 F6 03 46 08 3C E5 16 ....f..2 `..F.<.. >+[0D90] 6F F2 8B 4D 72 9F 0F E0 A9 71 6E 7C AE AA FB A3 o..Mr... .qn|.... >+[0DA0] 4D F1 A1 B6 1B 9F 62 71 E1 2C 82 9B AE E3 07 9B M.....bq .,...... >+[0DB0] 79 90 F1 C2 69 E5 7E CB 57 E6 C9 1C 4E A8 C7 12 y...i.~. W...N... >+[0DC0] EA 4F 4C 52 17 03 AB D4 FD 34 60 F4 7C BE 9E 36 .OLR.... .4`.|..6 >+[0DD0] 30 37 88 95 61 2E CF 70 AF 22 70 DB E8 AA 6E 3D 07..a..p ."p...n= >+[0DE0] 30 F7 4D 84 D5 00 00 00 00 00 00 00 01 00 00 00 0.M..... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 1D C8 5E LKTEST6. .......^ >+[0E60] 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 4D 99 4F FH..)... .rm..M.O >+[0E70] 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 00 40 28 jM...}D. h.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE 07 48 DA f..F..s- ...J..H. >+[0F00] 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 2D F5 9C ..X0C@.. ..;..-.. >+[0F10] 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED 8B 8B 1B >./..... ...p.... >+[0F20] 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 00 32 B1 ^.N..... a...V.2. >+[0F30] DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 D4 19 74 ..7)./.. .C.....t >+[0F40] 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 63 9B D4 3.iR.X.. ...D.c.. >+[0F50] 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D 29 B6 ED Nn.>...M ....m).. >+[0F60] 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A E2 29 AF *b=S"3.. ..tL*.). >+[0F70] 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 5E C1 68 [i.H-... ..T..^.h >+[0F80] 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 3B 10 17 o...y... .vfE.;.. >+[0F90] 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A C0 EA 38 .@F..... ....:..8 >+[0FA0] 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D 65 F0 D2 ;..K...' .b...e.. >+[0FB0] C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 4F A2 4A .^.e.... .1..IO.J >+[0FC0] 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 31 C8 40 pw...[7\ .....1.@ >+[0FD0] 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1C 53 52 ..h..}.T ORa1,.SR >+[0FE0] DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 97 97 3D ....9.}. .."....= >+[0FF0] 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 DF B7 C1 ^f....N. +.c 0... >+[1000] D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B 09 04 31 .e.o-.$. ..nK..1 >+[1010] B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D D9 0C 4C ....72.. s...M..L >+[1020] 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 A7 1F 33 [..jQ..? .F.s...3 >+[1030] 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F AA C7 E8 .|..Z#.@ |....... >+[1040] 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 69 B0 C1 c..:J..b .!...i.. >+[1050] 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 48 AB D7 .Q....B[ .08..H.. >+[1060] FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 FC C1 DC ....q... TB...... >+[1070] F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C 26 67 32 ..0b...} +4.RL&g2 >+[1080] D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 D6 EB 98 .D..'... ..f5.... >+[1090] 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B 20 D6 33 Fo.G..1. G.e.. .3 >+[10A0] 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 3E 4B 32 6;.@/Z.. ....3>K2 >+[10B0] 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 6A 3E D2 ..".._.. ...[Yj>. >+[10C0] FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 44 C0 1F ..O....o +.7.7D.. >+[10D0] 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE 72 5B 3A ..CF.^.. .9pa.r[: >+[10E0] 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 81 A0 0D .7.x.... ...G.... >+[10F0] 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 5A 4D E2 b..46... ...>wZM. >+[1100] 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 59 F7 A3 _ p==[4. ..1..Y.. >+[1110] F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 31 D4 F3 .f...... .3.."1.. >+[1120] 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 9E 91 B8 g.h ..rz od.h.... >+[1130] E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 58 14 60 ..ml8t.. ..%..X.` >+[1140] 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A 86 21 D3 ...L..g> 5gq.*.!. >+[1150] 60 61 98 16 94 67 0B 52 76 63 93 BD A3 3B A9 F0 `a...g.R vc...;.. >+[1160] A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D 94 71 59 .j...5d. j. .=.qY >+[1170] 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B 7A A8 E6 ^....M.. K.d.;z.. >+[1180] D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 C9 2F 77 ..vq&.\. .U..../w >+[1190] DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B 44 11 6B ...H.... 1....D.k >+[11A0] 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D F4 CC EA |.z].n.. ...4.... >+[11B0] 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 C6 16 57 7$K..... )...9..W >+[11C0] D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 56 9C EC ..W.l~.. .....V.. >+[11D0] 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F 16 25 31 .>!..|.< ....o.%1 >+[11E0] C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 DB 85 CC .(...G1P ........ >+[11F0] 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 10 8C 82 kK,...-. m....... >+[1200] 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 0A 4F E3 /.....w@ PB.B..O. >+[1210] 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 5B C3 1A ll...... }.<s"[.. >+[1220] 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 54 C0 E3 .5.:.m.h ..e~.T.. >+[1230] 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 25 4A 92 }j2L.>.x K....%J. >+[1240] 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 75 28 2F .l...Y.. .....u(/ >+[1250] F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 C4 A0 8D .*p(.E.u .Nb..... >+[1260] 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 09 EB 05 U....... $...@... >+[1270] 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 95 01 50 ...1P2/. ...K...P >+[1280] 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 00 00 01 n.#I.r!. ........ >+[1290] 00 00 00 01 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[12A0] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[12B0] 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 ...admin istrator >+[12C0] 00 00 00 01 00 00 00 02 00 00 00 17 4B 54 45 53 ........ ....KTES >+[12D0] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[12E0] 43 4F 4D 00 00 00 04 63 69 66 73 00 00 00 0B 4C COM....c ifs....L >+[12F0] 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 00 00 10 OCALKTES T6...... >+[1300] 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 6D 8D E9 ..^FH..) ....rm.. >+[1310] 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 00 00 00 M.OjM... }D.h.... >+[1320] 00 40 28 00 00 00 00 00 00 00 00 00 00 00 00 03 .@(..... ........ >+[1330] FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 .a...0.. ........ >+[1340] 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1350] 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 AMPLE.CO M..0.... >+[1360] 01 01 A1 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F ....0... cifs..LO >+[1370] 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 CALKTEST 6....0.. >+[1380] AA A0 03 02 01 17 A1 03 02 01 02 A2 82 03 9C 04 ........ ........ >+[1390] 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 FD 4A EE ...f..F. .s-...J. >+[13A0] 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F 3B 17 C1 .H...X0C @....;.. >+[13B0] 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC D7 70 ED -..>./.. ......p. >+[13C0] 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 D7 0A 56 ...^.N.. ...a...V >+[13D0] 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 BA A5 B8 .2...7). /...C... >+[13E0] D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 0B 44 A9 ..t3.iR. X.....D. >+[13F0] 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 F5 07 6D c..Nn.>. ..M....m >+[1400] 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF 74 4C 2A )..*b=S" 3....tL* >+[1410] E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D 54 D8 E2 .).[i.H- .....T.. >+[1420] 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 66 45 E2 ^.ho...y ....vfE. >+[1430] 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF 19 8C 3A ;...@F.. .......: >+[1440] C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 95 BC 0D ..8;..K. ..'.b... >+[1450] 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 0F 06 49 e...^.e. ....1..I >+[1460] 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 DF C5 E2 O.Jpw... [7\..... >+[1470] 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 61 31 2C 1.@..h.. }.TORa1, >+[1480] 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 22 95 92 .SR....9 .}...".. >+[1490] 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F 63 20 30 ..=^f... .N.+.c 0 >+[14A0] DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D 88 6E 4B ....e.o- .$. ..nK >+[14B0] 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 F6 B8 4D ..1....7 2..s...M >+[14C0] D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 E7 73 16 ..L[..jQ ..?.F.s. >+[14D0] A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F DF EE 0F ..3.|..Z #.@|.... >+[14E0] AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 B2 AE A5 ...c..:J ..b.!... >+[14F0] 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 38 18 A9 i...Q... .B[.08.. >+[1500] 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 DA D6 A4 H......q ...TB... >+[1510] FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 1E 52 4C .....0b. ..}+4.RL >+[1520] 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 66 35 81 &g2.D..' .....f5. >+[1530] D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 65 AA 0B ...Fo.G. .1.G.e.. >+[1540] 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE 00 EB 33 .36;.@/ Z......3 >+[1550] 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 CC 5B 59 >K2..".. _.....[Y >+[1560] 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 37 CD 37 j>...O.. ..o+.7.7 >+[1570] 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 70 61 BE D....CF. ^...9pa. >+[1580] 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA FC 47 09 r[:.7.x. ......G. >+[1590] 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 F4 3E 77 ...b..46 ......>w >+[15A0] 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 31 F7 D9 ZM._ p== [4...1.. >+[15B0] 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 A0 87 22 Y...f... ....3.." >+[15C0] 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 FD 68 82 1..g.h . .rzod.h. >+[15D0] 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 25 D7 92 .....ml8 t....%.. >+[15E0] 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 71 1E 2A X.`...L. .g>5gq.* >+[15F0] 86 21 D3 60 61 98 16 94 67 0B 52 76 63 93 BD A3 .!.`a... g.Rvc... >+[1600] 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA 20 A6 3D ;...j... 5d.j. .= >+[1610] 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 64 C8 3B .qY^.... M..K.d.; >+[1620] 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 17 F2 16 z....vq& .\..U... >+[1630] C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C 0A CC 1B ./w...H. ...1.... >+[1640] 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 C7 34 1D D.k|.z]. n.....4. >+[1650] F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 D8 93 39 ...7$K.. ...)...9 >+[1660] C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB A3 8B 07 ..W..W.l ~....... >+[1670] 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 A7 1C 6F V...>!.. |.<....o >+[1680] 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ED 0A 93 .%1.(... G1P..... >+[1690] DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D 0A 87 F2 ...kK,.. .-.m.... >+[16A0] 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 1E 42 C4 .../.... .w@PB.B. >+[16B0] 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF 3C 73 22 .O.ll... ...}.<s" >+[16C0] 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 65 7E E9 [...5.:. m.h..e~. >+[16D0] 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF 18 9F A5 T..}j2L. >.xK.... >+[16E0] 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 CC 98 F6 %J..l... Y....... >+[16F0] 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E 62 ED D8 u(/.*p(. E.u.Nb.. >+[1700] C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE BC CE 40 ...U.... ...$...@ >+[1710] 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 17 4B A7 ......1P 2/....K. >+[1720] 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 00 00 00 ..Pn.#I. r!...... >+[1730] 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 54 ........ ...KTEST >+[1740] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[1750] 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 61 OM....ad ministra >+[1760] 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 4B tor..... .......K >+[1770] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[1780] 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 73 00 00 LE.COM.. ..cifs.. >+[1790] 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 00 17 00 ..LOCALK TEST6... >+[17A0] 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 A6 F1 72 .....^FH ..)....r >+[17B0] 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 0B 68 00 m..M.OjM ...}D.h. >+[17C0] 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 00 ....@(.. ........ >+[17D0] 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 01 ....a... 0....... >+[17E0] 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[17F0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 1C .EXAMPLE .COM..0. >+[1800] A0 03 02 01 01 A1 15 30 13 1B 04 63 69 66 73 1B .......0 ...cifs. >+[1810] 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 82 03 AE .LOCALKT EST6.... >+[1820] 30 82 03 AA A0 03 02 01 17 A1 03 02 01 02 A2 82 0....... ........ >+[1830] 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 2D CF 88 ......f. .F..s-.. >+[1840] FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 9C 00 0F .J..H... X0C@.... >+[1850] 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B D7 2E EC ;..-..>. /....... >+[1860] D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 8D 61 E5 .p....^. N.....a. >+[1870] D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 EE A8 43 ..V.2... 7)./...C >+[1880] BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 83 D6 16 .....t3. iR.X.... >+[1890] 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 4D C4 96 .D.c..Nn .>...M.. >+[18A0] F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 95 E9 DF ..m)..*b =S"3.... >+[18B0] 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 FD A5 1D tL*.).[i .H-..... >+[18C0] 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 97 0B 76 T..^.ho. ..y....v >+[18D0] 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 BB CF CF fE.;...@ F....... >+[18E0] 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 27 8C 62 ..:..8;. .K...'.b >+[18F0] 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B CB 17 31 ...e...^ .e.....1 >+[1900] 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 5C EC 06 ..IO.Jpw ...[7\.. >+[1910] DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE 54 4F 52 ...1.@.. h..}.TOR >+[1920] 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D C6 CE C8 a1,.SR.. ..9.}... >+[1930] 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E 2E 2B 9F "....=^f ....N.+. >+[1940] 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 07 20 8D c 0....e .o-.$. . >+[1950] 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E 0C 73 C6 .nK..1.. ..72..s. >+[1960] F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA 3F FF 46 ..M..L[. .jQ..?.F >+[1970] E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 40 7C 0F .s...3.| ..Z#.@|. >+[1980] DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 62 01 21 ......c. .:J..b.! >+[1990] B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 5B C5 30 ...i...Q ....B[.0 >+[19A0] 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA 18 54 42 8..H.... ..q...TB >+[19B0] DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 7D 2B 34 ........ 0b...}+4 >+[19C0] 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA D0 FC 84 .RL&g2.D ..'..... >+[19D0] 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 BE 47 80 f5....Fo .G..1.G. >+[19E0] 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E 0E 01 BE e.. .36; .@/Z.... >+[19F0] 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 D5 92 94 ..3>K2.. ".._.... >+[1A00] CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B 6F 2B 14 .[Yj>... O....o+. >+[1A10] 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 FE D3 39 7.7D.... CF.^...9 >+[1A20] 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 E7 E9 DA pa.r[:.7 .x...... >+[1A30] FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB E6 98 D8 .G....b. .46..... >+[1A40] F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 D9 FD A8 .>wZM._ p==[4... >+[1A50] 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD D5 85 33 1..Y...f .......3 >+[1A60] A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 7A 6F 64 .."1..g. h ..rzod >+[1A70] FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 96 A2 F6 .h...... ml8t.... >+[1A80] 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 3E 35 67 %..X.`.. .L..g>5g >+[1A90] 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B 52 76 63 q.*.!.`a ...g.Rvc >+[1AA0] 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 DA 6A EA ...;...j ...5d.j. >+[1AB0] 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE 1B 4B D8 .=.qY^. ...M..K. >+[1AC0] 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C DA 1A 55 d.;z.... vq&.\..U >+[1AD0] 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 C3 31 9C ..../w.. .H....1. >+[1AE0] 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 DA EF C5 ...D.k|. z].n.... >+[1AF0] C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 F2 29 A0 .4....7$ K.....). >+[1B00] D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 90 E0 EB ..9..W.. W.l~.... >+[1B10] A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 3C F9 D2 ...V...> !..|.<.. >+[1B20] A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 50 DD E1 ..o.%1.( ...G1P.. >+[1B30] ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D A9 6D 1D ......kK ,...-.m. >+[1B40] 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 40 50 42 ....../. ....w@PB >+[1B50] 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB F0 7D CF .B..O.ll ......}. >+[1B60] 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 68 A3 C5 <s"[...5 .:.m.h.. >+[1B70] 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 78 4B BF e~.T..}j 2L.>.xK. >+[1B80] 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 CF 2E A0 ...%J..l ...Y.... >+[1B90] CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F 75 C2 4E ...u(/.* p(.E.u.N >+[1BA0] 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 EF 24 EE b.....U. ......$. >+[1BB0] BC CE 40 09 EB 05 0B D1 14 31 50 32 2F B6 A8 97 ..@..... .1P2/... >+[1BC0] 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 91 00 00 .K...Pn. #I.r!... >+[1BD0] 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 ........ ......KT >+[1BE0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[1BF0] 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 E.COM... .adminis >+[1C00] 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 trator.. ........ >+[1C10] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[1C20] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 66 AMPLE.CO M....cif >+[1C30] 73 00 00 00 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 s....LOC ALKTEST6 >+[1C40] 00 17 00 00 00 10 1D C8 5E 46 48 82 F9 29 DB C6 ........ ^FH..).. >+[1C50] A6 F1 72 6D 8D E9 4D 99 4F 6A 4D 99 85 09 7D 44 ..rm..M. OjM...}D >+[1C60] 0B 68 00 00 00 00 00 40 28 00 00 00 00 00 00 00 .h.....@ (....... >+[1C70] 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 .......a ...0.... >+[1C80] 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[1C90] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 MBA.EXAM PLE.COM. >+[1CA0] 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 69 .0...... ..0...ci >+[1CB0] 66 73 1B 0B 4C 4F 43 41 4C 4B 54 45 53 54 36 A3 fs..LOCA LKTEST6. >+[1CC0] 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 ...0.... ........ >+[1CD0] 02 A2 82 03 9C 04 82 03 98 66 D8 19 46 FA CB 73 ........ .f..F..s >+[1CE0] 2D CF 88 FD 4A EE 07 48 DA 0E BC 58 30 43 40 A4 -...J..H ...X0C@. >+[1CF0] 9C 00 0F 3B 17 C1 2D F5 9C 3E D9 2F 1D CA 01 9B ...;..-. .>./.... >+[1D00] D7 2E EC D7 70 ED 8B 8B 1B 5E F2 4E EE DD 0F C0 ....p... .^.N.... >+[1D10] 8D 61 E5 D7 0A 56 00 32 B1 DB 91 37 29 0F 2F 85 .a...V.2 ...7)./. >+[1D20] EE A8 43 BA A5 B8 D4 19 74 33 F0 69 52 E1 58 98 ..C..... t3.iR.X. >+[1D30] 83 D6 16 0B 44 A9 63 9B D4 4E 6E A7 3E CD 9A 96 ....D.c. .Nn.>... >+[1D40] 4D C4 96 F5 07 6D 29 B6 ED 2A 62 3D 53 22 33 D1 M....m). .*b=S"3. >+[1D50] 95 E9 DF 74 4C 2A E2 29 AF 5B 69 B0 48 2D AD 94 ...tL*.) .[i.H-.. >+[1D60] FD A5 1D 54 D8 E2 5E C1 68 6F BA 02 01 79 C3 C9 ...T..^. ho...y.. >+[1D70] 97 0B 76 66 45 E2 3B 10 17 95 40 46 E4 85 B9 87 ..vfE.;. ..@F.... >+[1D80] BB CF CF 19 8C 3A C0 EA 38 3B B9 E9 4B 05 89 E5 .....:.. 8;..K... >+[1D90] 27 8C 62 95 BC 0D 65 F0 D2 C0 5E BC 65 01 D5 0B '.b...e. ..^.e... >+[1DA0] CB 17 31 0F 06 49 4F A2 4A 70 77 DB BD 92 5B 37 ..1..IO. Jpw...[7 >+[1DB0] 5C EC 06 DF C5 E2 31 C8 40 09 11 68 14 E7 7D CE \.....1. @..h..}. >+[1DC0] 54 4F 52 61 31 2C 1C 53 52 DB BE D8 95 39 EE 7D TORa1,.S R....9.} >+[1DD0] C6 CE C8 22 95 92 97 97 3D 5E 66 0F AD DC C2 4E ...".... =^f....N >+[1DE0] 2E 2B 9F 63 20 30 DF B7 C1 D4 65 AA 6F 2D 10 24 .+.c 0.. ..e.o-.$ >+[1DF0] 07 20 8D 88 6E 4B 09 04 31 B6 A3 EB F7 37 32 0E . ..nK.. 1....72. >+[1E00] 0C 73 C6 F6 B8 4D D9 0C 4C 5B EC 10 6A 51 19 EA .s...M.. L[..jQ.. >+[1E10] 3F FF 46 E7 73 16 A7 1F 33 98 7C 9B AD 5A 23 A9 ?.F.s... 3.|..Z#. >+[1E20] 40 7C 0F DF EE 0F AA C7 E8 63 07 98 3A 4A 0D 18 @|...... .c..:J.. >+[1E30] 62 01 21 B2 AE A5 69 B0 C1 15 51 BA 97 D2 C5 42 b.!...i. ..Q....B >+[1E40] 5B C5 30 38 18 A9 48 AB D7 FC A1 BC 9F 71 E7 EA [.08..H. .....q.. >+[1E50] 18 54 42 DA D6 A4 FC C1 DC F3 12 30 62 AC 98 E1 .TB..... ...0b... >+[1E60] 7D 2B 34 1E 52 4C 26 67 32 D9 44 1A 08 27 0E DA }+4.RL&g 2.D..'.. >+[1E70] D0 FC 84 66 35 81 D6 EB 98 46 6F 1E 47 E0 14 31 ...f5... .Fo.G..1 >+[1E80] BE 47 80 65 AA 0B 20 D6 33 36 3B 0D 40 2F 5A 2E .G.e.. . 36;.@/Z. >+[1E90] 0E 01 BE 00 EB 33 3E 4B 32 91 F4 22 96 E5 5F D4 .....3>K 2..".._. >+[1EA0] D5 92 94 CC 5B 59 6A 3E D2 FB A0 4F 99 C4 07 8B ....[Yj> ...O.... >+[1EB0] 6F 2B 14 37 CD 37 44 C0 1F 80 9C 43 46 F2 5E F4 o+.7.7D. ...CF.^. >+[1EC0] FE D3 39 70 61 BE 72 5B 3A 8F 37 95 78 1E AB D9 ..9pa.r[ :.7.x... >+[1ED0] E7 E9 DA FC 47 09 81 A0 0D 62 E1 F9 34 36 D1 DB ....G... .b..46.. >+[1EE0] E6 98 D8 F4 3E 77 5A 4D E2 5F 20 70 3D 3D 5B 34 ....>wZM ._ p==[4 >+[1EF0] D9 FD A8 31 F7 D9 59 F7 A3 F0 66 F7 D9 AD 1C CD ...1..Y. ..f..... >+[1F00] D5 85 33 A0 87 22 31 D4 F3 67 80 68 20 A2 90 72 ..3.."1. .g.h ..r >+[1F10] 7A 6F 64 FD 68 82 9E 91 B8 E3 F7 6D 6C 38 74 F0 zod.h... ...ml8t. >+[1F20] 96 A2 F6 25 D7 92 58 14 60 9F AE 01 4C 0C 09 67 ...%..X. `...L..g >+[1F30] 3E 35 67 71 1E 2A 86 21 D3 60 61 98 16 94 67 0B >5gq.*.! .`a...g. >+[1F40] 52 76 63 93 BD A3 3B A9 F0 A2 6A B7 E6 0F 35 64 Rvc...;. ..j...5d >+[1F50] DA 6A EA 20 A6 3D 94 71 59 5E CB B2 D3 F9 4D FE .j. .=.q Y^....M. >+[1F60] 1B 4B D8 64 C8 3B 7A A8 E6 D2 D5 76 71 26 D4 5C .K.d.;z. ...vq&.\ >+[1F70] DA 1A 55 17 F2 16 C9 2F 77 DB 95 19 48 A5 AC D0 ..U..../ w...H... >+[1F80] C3 31 9C 0A CC 1B 44 11 6B 7C 88 7A 5D CF 6E 12 .1....D. k|.z].n. >+[1F90] DA EF C5 C7 34 1D F4 CC EA 37 24 4B B3 0F C1 A3 ....4... .7$K.... >+[1FA0] F2 29 A0 D8 93 39 C6 16 57 D5 BF 57 BF 6C 7E F7 .)...9.. W..W.l~. >+[1FB0] 90 E0 EB A3 8B 07 56 9C EC 15 3E 21 DA A5 7C 00 ......V. ..>!..|. >+[1FC0] 3C F9 D2 A7 1C 6F 16 25 31 C5 28 A7 EA F3 47 31 <....o.% 1.(...G1 >+[1FD0] 50 DD E1 ED 0A 93 DB 85 CC 6B 4B 2C 7F E8 F8 2D P....... .kK,...- >+[1FE0] A9 6D 1D 0A 87 F2 10 8C 82 2F 9B D4 9B 92 8C 77 .m...... ./.....w >+[1FF0] 40 50 42 1E 42 C4 0A 4F E3 6C 6C DC 81 C4 1E BB @PB.B..O .ll..... >+[2000] F0 7D CF 3C 73 22 5B C3 1A 97 35 EE 3A CD 6D F3 .}.<s"[. ..5.:.m. >+[2010] 68 A3 C5 65 7E E9 54 C0 E3 7D 6A 32 4C D1 3E D0 h..e~.T. .}j2L.>. >+[2020] 78 4B BF 18 9F A5 25 4A 92 1E 6C 8F 01 D6 59 D7 xK....%J ..l...Y. >+[2030] CF 2E A0 CC 98 F6 75 28 2F F7 2A 70 28 A9 45 1F ......u( /.*p(.E. >+[2040] 75 C2 4E 62 ED D8 C4 A0 8D 55 B2 84 1C A4 CE 87 u.Nb.... .U...... >+[2050] EF 24 EE BC CE 40 09 EB 05 0B D1 14 31 50 32 2F .$...@.. ....1P2/ >+[2060] B6 A8 97 17 4B A7 95 01 50 6E 0E 23 49 9C 72 21 ....K... Pn.#I.r! >+[2070] 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >+[2080] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[2090] 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 MPLE.COM ....admi >+[20A0] 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 nistrato r....... >+[20B0] 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[20C0] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 .EXAMPLE .COM.... >+[20D0] 68 6F 73 74 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 host.... localkte >+[20E0] 73 74 36 00 17 00 00 00 10 72 47 04 38 B6 E6 F0 st6..... .rG.8... >+[20F0] 44 9E 9F 27 66 E1 69 9C 9A 4D 99 4F 6A 4D 99 90 D..'f.i. .M.OjM.. >+[2100] F5 7D 44 0B 68 00 00 00 00 00 40 28 00 00 00 00 .}D.h... ..@(.... >+[2110] 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 ........ ..a...0. >+[2120] 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 ........ ...KTEST >+[2130] 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 .SAMBA.E XAMPLE.C >+[2140] 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B OM..0... .....0.. >+[2150] 04 68 6F 73 74 1B 0B 6C 6F 63 61 6C 6B 74 65 73 .host..l ocalktes >+[2160] 74 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 t6....0. ........ >+[2170] 03 02 01 02 A2 82 03 9C 04 82 03 98 58 95 95 EB ........ ....X... >+[2180] CB 8F 68 D4 77 43 0F 3B 44 B4 15 DA 40 6D FD E9 ..h.wC.; D...@m.. >+[2190] 85 D3 2F CD B5 1E 96 CD F6 E9 67 91 36 08 9E B4 ../..... ..g.6... >+[21A0] B3 47 70 7A B3 4E 82 5A 4F 8E 4B F5 8D 04 E4 5C .Gpz.N.Z O.K....\ >+[21B0] C4 D8 0C AF 08 25 F9 C1 64 B2 3A 35 26 E9 B2 72 .....%.. d.:5&..r >+[21C0] 66 B5 E9 81 FC BE 12 1B CC 8A A5 82 31 F6 7F C3 f....... ....1... >+[21D0] 5A 19 A3 31 F2 99 14 1E 64 E4 41 E8 C7 C3 F3 DF Z..1.... d.A..... >+[21E0] F5 65 7D B0 9F DC 5D 25 1D 1A A8 EA AA 88 6D F4 .e}...]% ......m. >+[21F0] 7C 25 9F 53 F6 A6 8F B1 24 AF 98 FE 53 7B 35 3C |%.S.... $...S{5< >+[2200] DB EC 7F 09 74 E9 C4 8D 20 B4 47 08 0E 32 B8 C9 ....t... .G..2.. >+[2210] 45 27 12 F9 8E F5 D6 C2 DD 1A 96 0E 68 5F 39 65 E'...... ....h_9e >+[2220] 72 C7 BD 8E 04 0E 13 E1 03 27 AC 50 80 76 E6 7A r....... .'.P.v.z >+[2230] 8E F4 C2 72 4F 68 B3 34 00 A9 54 41 DA FD 96 94 ...rOh.4 ..TA.... >+[2240] 29 A1 59 15 2F DB 6C 94 85 49 C5 D0 6D 48 B0 C4 ).Y./.l. .I..mH.. >+[2250] 65 D0 95 1D DB 3D 25 D0 75 50 D4 CF FA 2F 71 57 e....=%. uP.../qW >+[2260] BD 6C 1C 59 E1 C3 5B C7 24 95 FF B0 20 EF 6A DB .l.Y..[. $... .j. >+[2270] 79 87 67 91 94 E9 16 E2 BB 74 7A 08 E1 6A 36 5F y.g..... .tz..j6_ >+[2280] DF 11 AB 35 9B 3E 32 48 83 89 41 4E 06 BF F9 BB ...5.>2H ..AN.... >+[2290] EC E4 D7 6D 77 C4 55 22 DF F7 91 4D CB C5 01 A5 ...mw.U" ...M.... >+[22A0] BA 2D 1E 92 76 04 E8 02 2F 5E AF 1C B3 B7 A6 FB .-..v... /^...... >+[22B0] 3A 9F D9 7C 6D DA B4 8F 31 00 A5 30 F2 76 72 9B :..|m... 1..0.vr. >+[22C0] 62 97 E0 56 E5 E4 C7 6B 8B FC 84 75 57 66 6E D7 b..V...k ...uWfn. >+[22D0] B7 41 6F 61 F4 5B 0F 87 68 F6 54 02 26 1B 1F B7 .Aoa.[.. h.T.&... >+[22E0] 60 D6 E7 FA 4F C7 DB 35 58 EC 13 21 D4 C6 A1 27 `...O..5 X..!...' >+[22F0] BA E7 82 DF 29 FB 9D 5D E8 35 28 C9 9C 4E D7 BE ....)..] .5(..N.. >+[2300] 2F 6D F1 E8 0B 5A 74 C9 93 9F AD 42 24 4B B7 3B /m...Zt. ...B$K.; >+[2310] 38 2A 11 CF F0 BD 85 40 48 D8 9D E7 6B 65 70 42 8*.....@ H...kepB >+[2320] 60 DA 9B 65 CB C8 C5 D7 40 3A 12 DC 64 AF 82 54 `..e.... @:..d..T >+[2330] 34 05 38 4F C6 FB 38 E2 73 A9 89 B7 FC 33 15 85 4.8O..8. s....3.. >+[2340] 9E CA E9 E0 89 18 18 84 02 65 B4 74 5B D4 A1 6F ........ .e.t[..o >+[2350] 5F 79 20 CB D7 36 C8 6D 5B 1E 5E 0C 82 16 9F CC _y ..6.m [.^..... >+[2360] 5A 1E 57 C1 B6 94 51 87 A1 3D 12 D4 8B FE 0F 93 Z.W...Q. .=...... >+[2370] ED 53 A3 F4 88 3C 35 05 89 FE AF 0B 36 62 E3 2F .S...<5. ....6b./ >+[2380] 5C 4A 0E 07 67 39 A3 8E C0 45 07 7F 73 32 BC DE \J..g9.. .E..s2.. >+[2390] 2D 00 8B 47 79 3D 1C A1 90 AE B6 8F 83 B2 1B 31 -..Gy=.. .......1 >+[23A0] EE E4 F2 C5 C1 4A E2 4A 2F 28 F0 AA 19 43 6A 14 .....J.J /(...Cj. >+[23B0] B1 42 61 90 34 2E EE 3D 16 9F 5D 9F 7A A2 01 7A .Ba.4..= ..].z..z >+[23C0] 4B 96 FA 4D C9 85 1A 75 27 B7 6B FD 4D 7D 9C 65 K..M...u '.k.M}.e >+[23D0] 97 DB 05 CC 76 68 EA 05 5D 5D BB BD 51 4B 5B F2 ....vh.. ]]..QK[. >+[23E0] 48 59 BD 1E AD 56 D4 69 A5 75 CD ED EC B1 3E AB HY...V.i .u....>. >+[23F0] FA B7 F8 8D 4F BE 95 63 38 1C 4C 70 26 C4 3A 21 ....O..c 8.Lp&.:! >+[2400] 80 61 05 3A D4 E2 28 2C 85 01 5A DA FC 10 60 F3 .a.:..(, ..Z...`. >+[2410] 74 0C FD DB 2F 5B 25 4B 14 E4 7D 8A DB 85 12 D2 t.../[%K ..}..... >+[2420] D7 69 CD B5 B1 93 CE E5 E6 4D 57 D3 C2 D3 2E A0 .i...... .MW..... >+[2430] 08 37 09 CD 19 99 09 FA 33 68 4A E0 92 46 21 0C .7...... 3hJ..F!. >+[2440] 99 9F DA 05 15 20 8B 3D 7C 7B CA D6 81 AC AA 83 ..... .= |{...... >+[2450] 48 C8 24 4C C8 FC A5 14 2C BC 49 1A 1C 49 61 1D H.$L.... ,.I..Ia. >+[2460] 24 86 42 B1 37 6A C8 3A AC 18 CC C0 50 84 12 48 $.B.7j.: ....P..H >+[2470] 8B 29 0A 49 26 A4 E2 B9 E5 96 E7 37 C3 DE 4C 23 .).I&... ...7..L# >+[2480] D2 D4 62 14 8F 1E 72 39 CF 03 BC A3 00 C7 63 51 ..b...r9 ......cQ >+[2490] A9 6B E4 3E B2 65 A1 A2 BB EC 06 41 85 50 22 02 .k.>.e.. ...A.P". >+[24A0] 46 2F 72 2B 32 1A A4 2D 85 94 02 47 69 8D AD 6D F/r+2..- ...Gi..m >+[24B0] 66 AB D4 E4 29 C8 C7 DA F4 18 31 2A DF 50 6A 05 f...)... ..1*.Pj. >+[24C0] D6 47 26 C4 F9 87 0F 35 24 6E 72 D6 23 7D 3A 94 .G&....5 $nr.#}:. >+[24D0] 14 8D E8 57 AA BA D7 CF A9 2D E7 4C 10 7C D8 0D ...W.... .-.L.|.. >+[24E0] 51 30 1F E1 FB E5 E2 6C EE AA 65 2F D8 22 05 67 Q0.....l ..e/.".g >+[24F0] 87 4D 4D D2 11 3D B4 1E AA 20 3F 76 E3 94 93 6D .MM..=.. . ?v...m >+[2500] AC 10 05 AF 09 BD 67 86 C5 83 93 D6 1C D3 81 D9 ......g. ........ >+[2510] B1 3B E1 76 00 00 00 00 00 00 00 01 00 00 00 01 .;.v.... ........ >+[2520] 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E ....KTES T.SAMBA. >+[2530] 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 EXAMPLE. COM....a >+[2540] 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 dministr ator.... >+[2550] 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 ........ KTEST.SA >+[2560] 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 MBA.EXAM PLE.COM. >+[2570] 00 00 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C ...host. ...LOCAL >+[2580] 4B 54 45 53 54 36 00 17 00 00 00 10 55 6E 3E FC KTEST6.. ....Un>. >+[2590] E2 F4 40 51 19 E6 6E EB 23 4C 48 8E 4D 99 4F 6A ..@Q..n. #LH.M.Oj >+[25A0] 4D 99 90 FC 7D 44 0B 68 00 00 00 00 00 40 28 00 M...}D.h .....@(. >+[25B0] 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 ........ .....a.. >+[25C0] F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 .0...... ......KT >+[25D0] 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C EST.SAMB A.EXAMPL >+[25E0] 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 E.COM..0 ........ >+[25F0] 30 13 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 0...host ..LOCALK >+[2600] 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 TEST6... .0...... >+[2610] 01 17 A1 03 02 01 02 A2 82 03 9C 04 82 03 98 6E ........ .......n >+[2620] 87 B7 7B 3A 7E EF 4A 1B 29 C9 E3 C4 1F 42 4F 0E ..{:~.J. )....BO. >+[2630] C8 AC AC 4E A2 77 1D DA 93 37 F1 AF DA A3 75 2D ...N.w.. .7....u- >+[2640] 12 8B 40 34 23 0E 8E A9 90 58 46 42 42 39 31 D6 ..@4#... .XFBB91. >+[2650] 03 9E 5D 81 D9 E8 F6 08 2B D9 96 88 8A 2F F1 CC ..]..... +..../.. >+[2660] F2 EA 9E 9A 4B 31 B6 04 2D 3D 4C 7F 92 DE 3B 04 ....K1.. -=L...;. >+[2670] 19 EE 28 D0 83 81 C3 46 CD 74 23 4C 14 34 DE 62 ..(....F .t#L.4.b >+[2680] 0A AC E5 12 16 75 E9 A8 4B 32 78 CC 8D AE A2 E5 .....u.. K2x..... >+[2690] 6D E8 09 70 76 52 F5 E5 18 F7 E7 91 15 6A 69 AB m..pvR.. .....ji. >+[26A0] B8 62 DD 80 F5 28 6D DF ED 10 DA AC FB 92 27 CF .b...(m. ......'. >+[26B0] 98 B5 77 9D A5 96 E6 9A CC B9 C3 91 78 22 35 9C ..w..... ....x"5. >+[26C0] A1 13 A3 20 28 D1 16 E5 3E 4A 85 1E 12 0B CA 4D ... (... >J.....M >+[26D0] C6 C8 03 C8 28 2C D8 29 5D 9A 76 4A 92 13 43 56 ....(,.) ].vJ..CV >+[26E0] AF F7 C1 71 25 72 5C 38 75 1C 07 F1 5E 86 05 72 ...q%r\8 u...^..r >+[26F0] 6F 69 95 42 B6 F2 DA A9 91 06 9F B9 54 20 33 A5 oi.B.... ....T 3. >+[2700] 31 60 3B 54 DC 3A 95 34 96 26 07 52 6B 0E 1D 3B 1`;T.:.4 .&.Rk..; >+[2710] D9 F8 48 20 AC CD 05 3B 99 F8 EE DB 83 28 CD C7 ..H ...; .....(.. >+[2720] 2F 45 00 7E 2F 0A 65 7A D1 9E 95 4B EE C3 34 93 /E.~/.ez ...K..4. >+[2730] A8 C7 DF 03 8B 14 D0 FC CE 56 90 AC EE 93 C5 D3 ........ .V...... >+[2740] F7 12 24 69 0B 20 8D A2 65 87 55 26 2A F9 9A 88 ..$i. .. e.U&*... >+[2750] D7 0D 86 61 D6 92 B6 FE E5 D1 66 F9 1F 9D F4 04 ...a.... ..f..... >+[2760] 48 A6 39 BC 54 20 EA 10 21 E9 6D 30 46 1D C2 1C H.9.T .. !.m0F... >+[2770] A4 E8 B4 63 85 37 27 25 80 52 41 60 C7 A1 32 21 ...c.7'% .RA`..2! >+[2780] 43 90 02 E6 5F 5A E9 4E AF F9 B5 13 BD 42 BD A3 C..._Z.N .....B.. >+[2790] A5 4D 10 45 83 4D 92 18 1F C9 CF FB 84 29 89 23 .M.E.M.. .....).# >+[27A0] AC 71 4B 89 1B 52 E5 06 8C 3E 7C 88 CB D3 B3 CF .qK..R.. .>|..... >+[27B0] B9 7A 67 D6 24 F4 AC 00 A6 AD 91 30 9A 95 53 F1 .zg.$... ...0..S. >+[27C0] 48 06 A6 39 DB CF DC 9D C9 55 76 26 5E C1 DB 5D H..9.... .Uv&^..] >+[27D0] B3 5B 3E AE 1A A0 10 BA 82 21 83 44 02 E0 99 33 .[>..... .!.D...3 >+[27E0] 40 BA 29 9E 28 E5 73 4C 23 94 A2 4F BF 07 ED 4F @.).(.sL #..O...O >+[27F0] 7C 45 9B 30 C8 41 6B 0A 55 13 6E F5 AD 7A 0C B2 |E.0.Ak. U.n..z.. >+[2800] EA FF D0 06 13 4D F3 24 82 7F F6 51 2F 4A 4F 0D .....M.$ ...Q/JO. >+[2810] 37 F8 14 6B E9 E4 82 BB 3A 75 63 63 12 E8 78 6F 7..k.... :ucc..xo >+[2820] 6F FC 6C D3 4B A6 F1 CC 2A F1 7D EB 82 26 2F D0 o.l.K... *.}..&/. >+[2830] A1 8B 3E 9A 71 D7 91 D3 08 E6 FD 62 1B 84 13 2D ..>.q... ...b...- >+[2840] 8E A0 A0 C3 85 78 2F 0D F8 E7 10 FC CB 05 A7 B9 .....x/. ........ >+[2850] 9A 33 90 B5 9B 26 E3 23 98 B0 91 4B EB 32 37 D6 .3...&.# ...K.27. >+[2860] F4 ED 61 08 D8 75 CC 03 83 2C 3C CF 21 63 9C F6 ..a..u.. .,<.!c.. >+[2870] AF 5B 4F 12 07 74 17 CD 98 BB E7 5E C7 17 2D C4 .[O..t.. ...^..-. >+[2880] 87 A4 74 6D 5E CE DB A3 01 B9 AD 20 73 38 78 22 ..tm^... ... s8x" >+[2890] 3D 45 F5 51 77 C6 47 63 45 61 81 D9 FF 31 90 C4 =E.Qw.Gc Ea...1.. >+[28A0] 6F 5A F8 FE 6A 56 5B D4 EE EC 49 C7 A7 51 AE 5C oZ..jV[. ..I..Q.\ >+[28B0] 85 53 70 3D 1A 49 83 59 CF 65 58 B3 48 7E 04 9E .Sp=.I.Y .eX.H~.. >+[28C0] C7 64 8A 05 73 E3 DC 1A 65 5D 4F 41 01 56 73 90 .d..s... e]OA.Vs. >+[28D0] 61 F3 84 1F FF CF 46 B2 06 46 56 97 93 B9 DB 32 a.....F. .FV....2 >+[28E0] 2A 64 8A 48 02 05 84 E9 FA 76 8B 94 96 89 A0 73 *d.H.... .v.....s >+[28F0] 20 75 4D 52 1D 23 13 D1 83 D7 5D 59 23 6A 87 C1 uMR.#.. ..]Y#j.. >+[2900] 09 3E 01 3A 28 65 42 8C 35 F1 91 EA 6A 1F 83 0D .>.:(eB. 5...j... >+[2910] 8F 57 69 81 D4 A2 D2 EA 0C BF AF 95 A3 F4 90 15 .Wi..... ........ >+[2920] 61 34 F2 6C 8B D0 DA B5 1E 43 AC CE C7 8A 1B 2B a4.l.... .C.....+ >+[2930] 29 2B 89 1C C5 53 C8 04 F7 1E 46 72 F3 A8 CE F7 )+...S.. ..Fr.... >+[2940] 59 76 55 E7 53 1C A2 9F D8 23 F7 EA 71 B0 74 83 YvU.S... .#..q.t. >+[2950] 71 95 3E DC A6 FA 2D A4 42 13 93 8B 2B FA A2 70 q.>...-. B...+..p >+[2960] 25 21 2D F6 E1 26 56 DF 58 79 25 16 E8 C9 03 EC %!-..&V. Xy%..... >+[2970] 72 5F 35 CF 59 6B E1 AD 85 85 7B AB 78 F2 0D AC r_5.Yk.. ..{.x... >+[2980] AB 89 F2 DA 85 E7 DE 09 77 99 EC 7C F3 97 1F 71 ........ w..|...q >+[2990] 3C DB 09 44 7A 3C 69 E5 03 B0 6D 4D 3B 6B 4C D5 <..Dz<i. ..mM;kL. >+[29A0] AB 52 2F 6F 81 2B 51 5B D2 66 44 1E B7 66 5D 7F .R/o.+Q[ .fD..f]. >+[29B0] 09 6A 92 27 27 62 08 00 00 00 00 .j.''b.. ... >+dump OK >diff --git a/source3/selftest/ktest-krb5_ccache-3.txt b/source3/selftest/ktest-krb5_ccache-3.txt >new file mode 100644 >index 00000000000..76c492cd2b1 >--- /dev/null >+++ b/source3/selftest/ktest-krb5_ccache-3.txt >@@ -0,0 +1,832 @@ >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] E5 E4 15 C8 A8 0F 4D 95 F9 1B E3 B9 98 CA A1 7F ......M. ........ >+ authtime : 0x4d9b9045 (1302040645) >+ starttime : 0x4d9b9045 (1302040645) >+ endtime : 0x7d464c43 (2101759043) >+ renew_till : 0x7d464c43 (2101759043) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 01 40 48 A6 B8 F0 DA 43 54 A5 18 CF B0 15 CB 68 .@H....C T......h >+[0080] 9F A0 69 44 87 A9 FF 06 25 B9 29 48 59 64 26 48 ..iD.... %.)HYd&H >+[0090] 96 7C 46 6A 79 E5 F0 77 DB 46 6C 20 A1 59 D9 F8 .|Fjy..w .Fl .Y.. >+[00A0] 6A 8A 2D B5 D9 EF A4 54 DE 19 20 C0 7B 93 D4 3D j.-....T .. .{..= >+[00B0] ED 72 35 AF 9D 87 75 9E 44 01 A4 6C D9 EA 94 A3 .r5...u. D..l.... >+[00C0] 18 C6 42 75 E3 0A 0C 76 9A AE 75 BC A3 02 91 BC ..Bu...v ..u..... >+[00D0] 2D BB 3C 23 73 A6 1A A7 8A 3E 85 42 5D 1F 5D 7D -.<#s... .>.B].]} >+[00E0] 0B 1F C3 88 2A 93 40 F9 E9 18 7D 3F 73 DA AC 1F ....*.@. ..}?s... >+[00F0] E7 7B C3 B8 14 56 C3 63 86 5B AF C9 C3 21 9F 94 .{...V.c .[...!.. >+[0100] B4 67 06 60 7F 56 2D F4 C7 22 CD B4 1C 14 B7 5B .g.`.V-. .".....[ >+[0110] 26 67 9D 18 28 B5 5D C2 FC 13 B6 CA 9F AB CD 32 &g..(.]. .......2 >+[0120] 71 D5 51 5F A2 11 5A 5D 4A B3 3B 1D D1 6B 4F 7D q.Q_..Z] J.;..kO} >+[0130] E9 54 F0 B4 AC 80 DE 27 80 C5 64 3C 0B 22 79 1C .T.....' ..d<."y. >+[0140] 9E D1 58 A1 3E 20 5A 9F E3 34 49 D8 16 C6 6B 2D ..X.> Z. .4I...k- >+[0150] 36 0E E2 C2 3F 44 DE 63 32 DB EB 78 50 A2 6F 37 6...?D.c 2..xP.o7 >+[0160] 05 2B 13 D4 31 07 D4 2A C0 53 B1 30 39 79 C3 D8 .+..1..* .S.09y.. >+[0170] C4 4C 30 97 E8 F9 DA ED 10 B0 D0 21 71 8B 56 F3 .L0..... ...!q.V. >+[0180] 0F 3A 2D 26 A2 3D AD 70 27 82 95 59 0A D7 7D 4E .:-&.=.p '..Y..}N >+[0190] 2D 76 96 4D 94 70 2A BB 26 3B 7E FC E1 59 5A 55 -v.M.p*. &;~..YZU >+[01A0] 04 A2 DA 27 AD 46 70 45 43 C0 FB C1 42 7F F0 CB ...'.FpE C...B... >+[01B0] 21 D2 CD 54 35 7C 60 13 EE BB BB 60 6B 91 2B BE !..T5|`. ...`k.+. >+[01C0] 91 8A CF 49 29 F8 60 D1 AB A5 51 B5 5E 4B B2 3A ...I).`. ..Q.^K.: >+[01D0] F4 56 3A 89 2D 88 D0 73 08 A6 FB D8 6E B3 B1 4E .V:.-..s ....n..N >+[01E0] D8 90 27 58 D2 53 40 B2 A0 3C 40 4D E9 21 C6 83 ..'X.S@. .<@M.!.. >+[01F0] FC 15 14 F0 8C 08 46 C5 29 14 E3 84 CC 2C 56 C9 ......F. )....,V. >+[0200] 20 53 45 34 D0 BE E0 CC F7 F1 15 D4 D4 B1 3C 43 SE4.... ......<C >+[0210] EB 5E 9D 33 07 B4 5B E7 D8 24 B0 EB 7B 27 24 6B .^.3..[. .$..{'$k >+[0220] 2A 90 C9 17 D9 24 CF FD 56 28 D7 73 74 03 2F DA *....$.. V(.st./. >+[0230] C4 E0 B3 78 E4 9A 60 4D 5C C7 F5 CF 9C 14 7C B6 ...x..`M \.....|. >+[0240] 1B 5D 76 D1 E3 73 73 2F 41 BD E3 E7 F0 92 B4 5B .]v..ss/ A......[ >+[0250] 07 B4 16 77 DC 3C 28 A4 92 82 C5 7C CA 00 9C 77 ...w.<(. ...|...w >+[0260] B8 28 7F D0 3F EA 2B C1 79 2B 73 FF E0 E0 A5 17 .(..?.+. y+s..... >+[0270] 02 CA 6C B6 02 D2 51 D3 CE 6F 5B 56 E0 7B 38 22 ..l...Q. .o[V.{8" >+[0280] 76 52 48 2D 0A 2F 15 58 A9 FE 03 65 E1 D5 A8 60 vRH-./.X ...e...` >+[0290] E3 5D E6 53 D8 AA 05 D0 90 61 EF B6 28 4A B9 84 .].S.... .a..(J.. >+[02A0] 56 79 80 D2 53 08 1D 17 C4 05 4E F8 04 10 2B CF Vy..S... ..N...+. >+[02B0] 08 DD 61 68 27 21 A5 8A C0 35 6A 0A 94 6D 9E FD ..ah'!.. .5j..m.. >+[02C0] C9 45 AC E3 4F 60 BB 96 AF D4 4E 71 A9 D9 BE 33 .E..O`.. ..Nq...3 >+[02D0] DC 61 8B 14 77 6C A7 72 70 02 65 62 32 9C 8E 53 .a..wl.r p.eb2..S >+[02E0] C9 A3 5B B9 14 3C 00 A2 1D C7 CD 36 5B 5F BE 40 ..[..<.. ...6[_.@ >+[02F0] 28 E2 58 0D D1 05 53 78 F0 86 0F 80 1A 6A 1D DC (.X...Sx .....j.. >+[0300] D4 CD F2 83 0E 25 E1 60 DB C7 F4 B6 05 4F 0D 11 .....%.` .....O.. >+[0310] A4 AE A5 F8 6D 14 CF DF 03 C5 27 75 75 B5 0C F1 ....m... ..'uu... >+[0320] C3 01 F9 A4 FD 2E 0B BD 51 A8 C1 3B DE 48 CF 3A ........ Q..;.H.: >+[0330] CF B3 41 23 9A 9D 0C 79 11 7C 9B D3 71 43 4E 9D ..A#...y .|..qCN. >+[0340] B5 52 19 28 2C A0 4E 0E 8D 7A 84 9A B9 A0 EB FA .R.(,.N. .z...... >+[0350] 6E A1 DF B9 2F 6B FE 5E AE 85 D1 6B A2 C5 BE 07 n.../k.^ ...k.... >+[0360] E7 D6 33 3A 0F 2B ED FB 30 6F 88 1E F9 09 CC C3 ..3:.+.. 0o...... >+[0370] 8F 59 A0 D4 8D 9F A6 08 B0 D3 ED EB 15 13 1B 8E .Y...... ........ >+[0380] 19 C6 14 9C 25 E7 E9 EF 5A 67 7B CD 86 C4 D1 51 ....%... Zg{....Q >+[0390] 2B DE 27 30 D9 F5 6E F9 E4 3E CF 42 54 AE 42 61 +.'0..n. .>.BT.Ba >+[03A0] C5 22 B7 AE 51 76 8F 12 83 7F E1 9F 97 D8 31 38 ."..Qv.. ......18 >+[03B0] A6 B9 11 B4 E1 BA 19 5B E4 A5 A3 6F 4B B3 03 93 .......[ ...oK... >+[03C0] 4C D6 1E 08 FC 94 D1 C5 7C AA 95 EB 9C 7A C2 57 L....... |....z.W >+[03D0] 60 CA 17 FF 8E 66 80 76 CB 35 46 26 C3 BD CA 83 `....f.v .5F&.... >+[03E0] F0 04 08 0D 4C 5D B2 E4 7C 1C 82 28 D7 2C 42 B1 ....L].. |..(.,B. >+[03F0] 36 72 60 5E 26 4A 79 D0 41 94 3C 2C 65 0E 32 18 6r`^&Jy. A.<,e.2. >+[0400] B8 56 26 9D D3 84 78 BB .V&...x. >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=4748 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 68 6F 73 74 00 PLE.COM. ...host. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 EA 0D 3A 24 41 21 F7 7D 7D A3 C5 BB ......:$ A!.}}... >+[0080] A4 88 F6 17 4D 9B 90 45 4D 9B 90 52 7D 46 4C 43 ....M..E M..R}FLC >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 68 6F 73 74 ........ 0...host >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 03 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 44 8B C4 7D BA 9F FE 59 F6 .......D ..}...Y. >+[0110] C1 DF 62 89 02 A4 55 54 AB D6 D6 2E 8B 5E 35 3D ..b...UT .....^5= >+[0120] D9 46 9D 8B 49 93 A6 66 5F 1A 8B 81 AD 09 19 E9 .F..I..f _....... >+[0130] 59 CE 58 18 50 63 4A A6 7D 6F 71 21 51 4A 41 C2 Y.X.PcJ. }oq!QJA. >+[0140] A1 FE B0 D5 0A 3D 38 9F E5 3B 72 A2 7A 59 22 A4 .....=8. .;r.zY". >+[0150] B7 1C A3 8D DB EA 5D A5 E2 D3 1D AE 42 D0 7F 75 ......]. ....B..u >+[0160] B5 E9 ED B5 04 7B 67 1E 28 90 7D 3D 1A 3E F6 62 .....{g. (.}=.>.b >+[0170] D0 A1 56 89 28 76 5C 19 1A FD 66 E5 F2 86 E7 58 ..V.(v\. ..f....X >+[0180] 93 31 90 C5 CD F8 71 96 56 21 15 13 F0 EA C2 CC .1....q. V!...... >+[0190] 48 4C B4 50 EF F9 81 44 29 8A 75 C4 31 75 D1 BA HL.P...D ).u.1u.. >+[01A0] E2 0B 05 B2 E0 EA 64 3A 11 45 84 3D 69 55 FF E6 ......d: .E.=iU.. >+[01B0] 32 7E C9 CA C4 28 E8 40 B6 5E F9 26 0F 09 12 1F 2~...(.@ .^.&.... >+[01C0] 1F D4 9C 9A 50 E8 B7 6D F8 4F 55 6E 2A D4 AC 6A ....P..m .OUn*..j >+[01D0] 79 D1 C2 2A 88 99 F8 39 75 36 F1 2D C7 89 0A C6 y..*...9 u6.-.... >+[01E0] B4 C7 A1 7B F1 BF 22 87 A4 B2 93 22 54 A1 72 25 ...{..". ..."T.r% >+[01F0] AF 67 FE 20 D5 C8 29 47 28 FF 51 FB F9 4E 2C 17 .g. ..)G (.Q..N,. >+[0200] 10 BE 2E 13 8B 18 BE 3C A3 BE 50 49 A7 65 DD 2E .......< ..PI.e.. >+[0210] CC EB D6 0F 47 4E DB 7E 08 D5 F0 37 79 36 8F 24 ....GN.~ ...7y6.$ >+[0220] 34 28 86 89 EC A3 84 7F 44 4E 37 03 B5 D8 89 1C 4(...... DN7..... >+[0230] C7 AA AC 42 70 5F 96 73 35 8B 83 D1 16 24 27 C1 ...Bp_.s 5....$'. >+[0240] EC 0E AE 83 59 5A C2 EB C1 91 B6 3D BB 8D 21 49 ....YZ.. ...=..!I >+[0250] 63 41 3C 91 1D E9 01 C2 4F A9 E4 42 C1 FD 54 E3 cA<..... O..B..T. >+[0260] 7B 3B DF 24 3D 98 E9 84 F8 1D 8D CE 4D 85 AC 8A {;.$=... ....M... >+[0270] 12 15 48 C4 DA 1B 3C B8 FC A3 0B AF E2 4D 71 E9 ..H...<. .....Mq. >+[0280] 0A 28 53 DC 4E 6C 23 2C 73 26 50 FE 37 03 BF D1 .(S.Nl#, s&P.7... >+[0290] 5F 8A 39 4F 04 2E 4A CE 3C 90 11 0C DA 84 5C C3 _.9O..J. <.....\. >+[02A0] F8 BE C7 74 ED F4 CF 7E B2 AE 9B 47 D6 2A 1D 93 ...t...~ ...G.*.. >+[02B0] 3F A8 8B 51 E9 A3 A0 59 55 DB E3 52 67 E3 DE FF ?..Q...Y U..Rg... >+[02C0] B1 56 74 A0 87 21 99 23 8C 8E D1 92 A6 3D 93 D6 .Vt..!.# .....=.. >+[02D0] 4D 5B 84 2B B1 8D DD E4 F7 01 A6 6C 4A DF 3C 6E M[.+.... ...lJ.<n >+[02E0] A0 FA 74 93 BE 18 7C 30 29 9D B8 DB 5F D1 AA B7 ..t...|0 )..._... >+[02F0] 51 7C 2A 90 1A 8B 06 95 E1 80 0D 27 B2 6C 52 1C Q|*..... ...'.lR. >+[0300] C7 D1 E9 16 14 F1 6C 57 48 28 BD 13 B5 83 BA A7 ......lW H(...... >+[0310] 75 31 69 52 03 38 69 13 62 ED C6 DC C2 01 C8 F1 u1iR.8i. b....... >+[0320] 45 02 4D 8C 64 CF 96 90 3E C2 08 EC 2B 8D 92 93 E.M.d... >...+... >+[0330] 4B 6D 22 B3 41 DE 85 35 2D 19 09 E5 68 8E 1F 98 Km".A..5 -...h... >+[0340] 1B F2 73 F2 D4 91 08 89 42 0C 05 8B 42 77 6B CC ..s..... B...Bwk. >+[0350] 18 78 43 1A 73 C2 7C E7 C2 23 28 56 F7 A0 19 B3 .xC.s.|. .#(V.... >+[0360] 99 A6 25 4F C3 5E 70 EC 78 BB 30 15 36 77 B3 A6 ..%O.^p. x.0.6w.. >+[0370] 89 98 B6 A0 85 CC 8F E7 41 40 B5 E0 89 93 25 04 ........ A@....%. >+[0380] B8 1D 0B 06 31 1D C7 30 52 E1 64 29 8C 64 B9 89 ....1..0 R.d).d.. >+[0390] 1F 86 5A AD 74 15 1C C8 AF 37 7B 27 E0 C0 DB 73 ..Z.t... .7{'...s >+[03A0] 30 72 65 D3 C0 A5 07 61 E9 0C 07 A1 27 18 8F 50 0re....a ....'..P >+[03B0] DB CE FB 4C DD 75 98 F2 28 D2 76 FF F2 41 9F D5 ...L.u.. (.v..A.. >+[03C0] 74 22 8A 03 73 B1 A8 B3 B8 80 93 E5 E2 CD 4B F2 t"..s... ......K. >+[03D0] 6B 99 DF 5B 5B C7 22 69 81 2A 8A CD 2A F9 9D 08 k..[[."i .*..*... >+[03E0] B8 B0 40 77 D3 43 8B AF 40 DD 0C CB 45 E3 88 CB ..@w.C.. @...E... >+[03F0] 06 AA 63 38 EB DD 72 89 03 0E DC 3E 97 3F 16 D4 ..c8..r. ...>.?.. >+[0400] 1A 21 40 D8 30 BD B0 B4 04 C2 7A 22 43 15 A2 D8 .!@.0... ..z"C... >+[0410] 2F 08 28 3B 63 26 AA B3 1C B6 FC E4 0B 2A CD 0E /.(;c&.. .....*.. >+[0420] A8 7C E8 11 33 03 D3 C5 6C 35 6A 5D 3C 5A 80 1A .|..3... l5j]<Z.. >+[0430] BC 1C 54 DE 5C 6A E2 F3 A1 18 8E 47 88 8B 71 11 ..T.\j.. ...G..q. >+[0440] 09 2F 29 88 D9 BB DC 34 09 E1 2F 7E A7 E8 29 DC ./)....4 ../~..). >+[0450] F9 5A 1D 9E C8 A4 CC 52 8A E6 CB 4A 3F F9 77 F7 .Z.....R ...J?.w. >+[0460] 53 64 62 9E 5F E6 D7 F6 43 E6 9C 03 C9 55 B1 CB Sdb._... C....U.. >+[0470] 25 40 74 AA E9 AB 34 58 E1 E8 9B B3 1D 9E 83 FD %@t...4X ........ >+[0480] 7A BF DC 45 2D A8 9A F8 AF 9C 63 EF 1B 2B 9D CC z..E-... ..c..+.. >+[0490] F3 08 74 EC 6E 40 8E 18 62 BD F3 87 66 87 67 00 ..t.n@.. b...f.g. >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 92 C6 A1 91 6D 55 01 4E BE 6....... ...mU.N. >+[0520] E4 3F E3 36 B0 D3 28 4D 9B 90 45 4D 9B 90 5A 7D .?.6..(M ..EM..Z} >+[0530] 46 4C 43 00 00 00 00 00 40 28 00 00 00 00 00 00 FLC..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 03 A2 82 03 9C 04 82 03 98 FE 09 00 80 36 35 ........ ......65 >+[05B0] D4 6E 71 0C 33 22 36 9E 89 88 32 E3 34 4A 4C BF .nq.3"6. ..2.4JL. >+[05C0] 80 19 81 CC A0 CB 96 DB 31 F7 2A 19 75 DE 0E DA ........ 1.*.u... >+[05D0] D0 18 FA 9E 75 E6 E4 13 C9 BE 3F C0 1B AD 5B 98 ....u... ..?...[. >+[05E0] E9 FC A3 9D 16 FF C8 91 03 AC 8B E6 2D 15 B3 F1 ........ ....-... >+[05F0] 23 4E 25 9E 45 3A F8 8A 19 B7 71 52 A6 92 1C FB #N%.E:.. ..qR.... >+[0600] 1F D4 4C 51 AF 9C 0E 73 D9 A8 D8 43 F2 64 71 BC ..LQ...s ...C.dq. >+[0610] AD B1 7B 8F BF 8D FF 72 89 0F 5E B6 C2 E3 C0 01 ..{....r ..^..... >+[0620] 98 41 AD 3F 6E DC 87 F5 9A E6 40 0C 17 0F 75 80 .A.?n... ..@...u. >+[0630] 0C 28 62 06 EB BF F8 69 8C 43 48 38 A8 AE F2 5E .(b....i .CH8...^ >+[0640] 45 11 23 FB 6B 85 83 54 BA 60 39 CE 08 00 D1 05 E.#.k..T .`9..... >+[0650] 5F 6F 79 96 30 28 06 DD C7 75 52 8E 3C C4 3F FC _oy.0(.. .uR.<.?. >+[0660] C1 31 28 2C 64 3B D1 7E 2F C2 DB B0 E8 A8 EF C5 .1(,d;.~ /....... >+[0670] F2 DC 43 D0 14 21 C8 D0 D3 15 45 8E 2A 3E 3B 4A ..C..!.. ..E.*>;J >+[0680] 60 25 3D 11 E4 F9 16 02 3E 55 8F CE D2 E9 95 E7 `%=..... >U...... >+[0690] B1 C4 8F C4 0B 3E 3C 14 15 28 1A 21 49 15 CE 8E .....><. .(.!I... >+[06A0] 91 5E 98 71 00 1F 29 D3 12 C8 D0 11 4F E7 14 E3 .^.q..). ....O... >+[06B0] 72 1B 61 6D 7B 8A 00 A6 5E 01 01 50 C2 CF 1A A9 r.am{... ^..P.... >+[06C0] 34 8C BA 33 9E 62 C5 69 97 6A 24 3D E0 C6 3F C6 4..3.b.i .j$=..?. >+[06D0] F4 36 B1 80 D6 5C 44 19 5B 65 C7 CA 47 DE 4B 65 .6...\D. [e..G.Ke >+[06E0] 41 29 9F F8 EA E8 E0 3B E2 C6 98 9D 58 A4 6C 62 A).....; ....X.lb >+[06F0] EF 25 12 C9 0E 97 CE 9D F0 D8 08 AD 13 73 A6 82 .%...... .....s.. >+[0700] C5 54 23 F4 A4 CB 91 35 91 BD 10 B4 04 DD 55 7E .T#....5 ......U~ >+[0710] C9 DE AE CB B0 8F C0 D8 28 AE BD 78 64 91 6C AB ........ (..xd.l. >+[0720] CA 36 EA 0E 0E 97 DC 40 ED 26 1D 09 17 28 30 D3 .6.....@ .&...(0. >+[0730] 78 DC F7 D2 9C 78 DA 6F 6F 57 00 B3 FD 8E 75 A1 x....x.o oW....u. >+[0740] 56 98 5C 4B D8 61 A6 0A 89 27 CD 11 BF 7F 79 53 V.\K.a.. .'....yS >+[0750] D9 50 9A 8D EC DD DB BB B8 23 27 0D 20 5B 53 51 .P...... .#'. [SQ >+[0760] 07 C4 26 31 3B D4 DF ED 3C 40 B4 1C 8B 46 E2 A6 ..&1;... <@...F.. >+[0770] B7 0F 97 D2 B3 1D 19 FD 13 60 7B 38 E6 37 0C 59 ........ .`{8.7.Y >+[0780] B0 A8 47 5D 32 A5 0C 57 76 EF 2C ED 40 9F BF 4B ..G]2..W v.,.@..K >+[0790] 43 99 3C 68 C4 DE 84 9C A1 36 8C CA CB 2A 08 36 C.<h.... .6...*.6 >+[07A0] 4E CD 43 06 9E F8 E7 1D 52 3B 59 37 4F 6F 65 D9 N.C..... R;Y7Ooe. >+[07B0] 2A F9 AD 5A 50 95 71 3F B1 5F C8 8E 2E E9 E4 FE *..ZP.q? ._...... >+[07C0] C8 A9 42 2C EE 18 E0 81 3C 00 E2 80 8D 8A 8B 71 ..B,.... <......q >+[07D0] C7 F5 AC 5C 36 1D E0 BC F0 11 57 67 CB 2C BE F6 ...\6... ..Wg.,.. >+[07E0] 90 4E F9 90 97 14 1F 0C 9D 5D 4D DF 0D D0 C0 C5 .N...... .]M..... >+[07F0] 08 E7 31 72 8E 35 63 17 8D 8B 3D 49 14 C8 A5 90 ..1r.5c. ..=I.... >+[0800] 88 24 AF 75 CA 0A CB 95 8A 2C 70 A6 CE 2F 3F B6 .$.u.... .,p../?. >+[0810] D7 1A 44 AC 05 93 EF 3D 03 C7 C2 8E 0F 31 9F 53 ..D....= .....1.S >+[0820] 67 CA 73 D3 B8 07 76 36 35 6F B5 32 30 38 86 7E g.s...v6 5o.208.~ >+[0830] 7E 95 3F DC F4 6F A9 67 0E 15 E8 4A CA 3F 18 0E ~.?..o.g ...J.?.. >+[0840] C6 E7 20 22 6B F1 39 6A 9C A6 47 64 81 E4 CB A8 .. "k.9j ..Gd.... >+[0850] 31 FF E2 97 13 41 89 45 79 53 2B A8 90 97 DE 7B 1....A.E yS+....{ >+[0860] 18 56 95 02 2A 94 D2 7E 5C D0 A0 BC A0 38 D2 BC .V..*..~ \....8.. >+[0870] 03 91 F7 35 FE 1A 5E 80 10 13 4E 83 CB F6 D7 8A ...5..^. ..N..... >+[0880] 02 A2 E8 1F D8 9B F1 76 F9 18 66 56 9C 4D 9E BF .......v ..fV.M.. >+[0890] 1D F4 66 86 E0 7B 88 EC 9C F7 50 13 7D 34 8A 54 ..f..{.. ..P.}4.T >+[08A0] 7A E1 EC F6 44 12 47 84 7D 16 B4 42 25 E5 A2 CC z...D.G. }..B%... >+[08B0] D8 CA 7A 38 21 85 A3 F8 41 6D 0D AC 1D FA 36 5D ..z8!... Am....6] >+[08C0] 23 EA 20 CC 43 A5 7E D9 25 97 BC 0E 74 F5 3D 98 #. .C.~. %...t.=. >+[08D0] B9 79 C2 65 50 0E 8D E7 7A F3 F3 88 37 A3 40 01 .y.eP... z...7.@. >+[08E0] 96 C6 FC 1D 6E 9E 06 A1 90 A0 78 3C DA 7F E9 C6 ....n... ..x<.... >+[08F0] 23 47 70 04 03 EE C2 4A C3 95 07 44 00 BD 29 2A #Gp....J ...D..)* >+[0900] B5 FA 17 1E D6 BC 00 A0 93 55 E0 82 0A AB 04 D4 ........ .U...... >+[0910] D5 56 84 2A B2 56 51 05 DB 30 E2 83 5A 75 D3 A8 .V.*.VQ. .0..Zu.. >+[0920] 30 B7 3E C4 25 70 A8 34 E4 A2 EB 3E FB D8 2D 10 0.>.%p.4 ...>..-. >+[0930] 72 8E DA 4D 2D 55 EC 49 66 5E 01 96 E4 C1 0C 23 r..M-U.I f^.....# >+[0940] 57 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 W....... ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C 4B 54 .host... .LOCALKT >+[09B0] 45 53 54 36 00 17 00 00 00 10 9D AE 06 BE 29 E0 EST6.... ......). >+[09C0] F7 9A 46 97 29 E0 69 8E 5A F0 4D 9B 90 45 4D 9B ..F.).i. Z.M..EM. >+[09D0] 90 61 7D 46 4C 43 00 00 00 00 00 40 28 00 00 00 .a}FLC.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 54 45 ..host.. LOCALKTE >+[0A30] 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 ST6....0 ........ >+[0A40] A1 03 02 01 03 A2 82 03 9C 04 82 03 98 B9 C5 6E ........ .......n >+[0A50] 77 F9 59 6D 19 F0 A6 56 2F 14 B3 9A A3 17 06 A6 w.Ym...V /....... >+[0A60] AD F5 92 38 6A 1E EA 3D 53 BF 5E 95 13 FF 5D BB ...8j..= S.^...]. >+[0A70] 43 4F 51 AE FB 12 3B 06 67 36 91 B9 E0 C4 C4 F3 COQ...;. g6...... >+[0A80] 45 A0 48 E6 DC 49 E8 EA 6F 55 D2 3F 79 57 54 FF E.H..I.. oU.?yWT. >+[0A90] 10 8D 89 4A A4 E2 B2 80 FD EE 36 C5 D5 4C D0 97 ...J.... ..6..L.. >+[0AA0] B3 EC 96 8B E8 5A 05 F0 13 39 8B 1B B3 C4 32 2A .....Z.. .9....2* >+[0AB0] 9B BB EF 06 C4 1C 53 2F 0A F6 A8 C6 BE 09 57 26 ......S/ ......W& >+[0AC0] B9 39 7B 7B 50 13 2D 6C 52 FF C4 B5 83 28 A8 47 .9{{P.-l R....(.G >+[0AD0] 5A CD 1C DD A7 65 FD 8A 84 2A 10 E7 44 E6 83 E7 Z....e.. .*..D... >+[0AE0] E7 AA B8 E5 0A 8B 7E E1 87 7B 3D C4 9F 68 BD 19 ......~. .{=..h.. >+[0AF0] 2B 59 5E 5A 45 0D B5 71 CC A6 C7 03 3C B3 17 D3 +Y^ZE..q ....<... >+[0B00] AF 99 F6 A2 52 A0 99 F7 39 56 B4 33 B4 C5 F4 CC ....R... 9V.3.... >+[0B10] 74 34 4C 00 76 26 10 D1 3A 87 6E 6A 52 9B 7A BF t4L.v&.. :.njR.z. >+[0B20] 4E 59 36 32 C5 41 29 CF E1 BF 14 E0 54 BF 4A 25 NY62.A). ....T.J% >+[0B30] 1F 0B 6E 9A 8C 0E 5D 47 A9 64 1B A4 9D 99 A9 09 ..n...]G .d...... >+[0B40] 39 14 E7 41 22 98 8C 62 CC E2 B5 91 8E C1 31 EB 9..A"..b ......1. >+[0B50] B2 70 A6 3B 86 FC DD 19 0B 3F 5D C9 B5 1A 95 73 .p.;.... .?]....s >+[0B60] EB 97 89 BE 14 87 85 17 BE 40 F6 80 14 23 4D 66 ........ .@...#Mf >+[0B70] E4 B0 E5 51 46 34 DA 1C C8 CB FF C6 84 A3 DF D2 ...QF4.. ........ >+[0B80] DC 00 AF 7B 27 C8 78 44 CB 6E 7B CC 5C 94 1E 7A ...{'.xD .n{.\..z >+[0B90] 95 29 19 F4 14 BE 5C 23 C3 B9 A4 2C 5D 4D F3 61 .)....\# ...,]M.a >+[0BA0] 63 1F D4 FE 37 EE 44 14 06 B7 14 50 B6 74 37 75 c...7.D. ...P.t7u >+[0BB0] 2C AB 06 F0 93 F9 93 34 75 63 44 7E 12 48 D1 F1 ,......4 ucD~.H.. >+[0BC0] 06 55 14 11 B9 23 43 CE 01 16 3E 6B A3 BD 23 55 .U...#C. ..>k..#U >+[0BD0] DE 48 5D AF E1 2B 89 E8 E7 C2 E2 34 25 A2 09 4A .H]..+.. ...4%..J >+[0BE0] 1F BE 05 AA DE 4B 08 65 27 4C 9B C7 54 96 C2 FB .....K.e 'L..T... >+[0BF0] E2 CE 53 4A 32 93 8D 0B 44 77 8C D3 65 54 F9 0E ..SJ2... Dw..eT.. >+[0C00] 7F 74 1E FE 3D 74 83 0F 2F E7 9F BC A2 B0 2B 25 .t..=t.. /.....+% >+[0C10] BB D2 6F A8 49 C1 3E 9E B5 93 67 74 39 A4 FE 84 ..o.I.>. ..gt9... >+[0C20] 4C 45 5F 30 74 E0 CA 5F F6 46 EC 89 B5 2D C8 14 LE_0t.._ .F...-.. >+[0C30] 69 76 BC 93 15 F4 60 30 5F AB EB 02 DD 12 4C 62 iv....`0 _.....Lb >+[0C40] F9 73 F7 01 E1 7F 2A 6F 09 05 BF 3A 3A 7E 69 A3 .s....*o ...::~i. >+[0C50] 7B FC 20 2B D6 CE C0 74 4F BB 29 E4 BE CE 04 9D {. +...t O.)..... >+[0C60] 24 D4 98 4A ED 94 A8 81 CD 26 A0 63 EA 09 57 42 $..J.... .&.c..WB >+[0C70] 26 B7 B5 4E B5 CB 45 35 A7 84 D8 74 CA C3 9F FF &..N..E5 ...t.... >+[0C80] C8 1E 2A 75 34 01 C5 A7 B4 9D 6F A3 E1 BB 2B F8 ..*u4... ..o...+. >+[0C90] F0 21 D6 77 57 74 2E 80 DB 76 53 01 86 33 17 32 .!.wWt.. .vS..3.2 >+[0CA0] 2E 16 E1 8D 89 3A B2 67 ED A3 ED 39 82 87 26 A6 .....:.g ...9..&. >+[0CB0] DB CE 59 84 E4 0A A6 CA 7E 07 98 F7 02 91 6E 56 ..Y..... ~.....nV >+[0CC0] 9F 60 03 D3 88 B0 FF EB 20 CA 9E 5B 37 26 67 00 .`...... ..[7&g. >+[0CD0] CC BD 9D 53 15 31 53 14 FD 9C E1 28 08 CB C4 0B ...S.1S. ...(.... >+[0CE0] E3 50 D9 DB 0C E2 E4 F9 44 50 E9 28 6E 01 96 AA .P...... DP.(n... >+[0CF0] C1 D2 4E B2 DE 38 A2 F8 94 32 79 AE 49 64 FB 57 ..N..8.. .2y.Id.W >+[0D00] 50 F6 73 E8 98 43 C6 DD 67 3C 91 AC 97 C9 2E 8C P.s..C.. g<...... >+[0D10] 06 59 A1 FC 49 EC 2F BF 6F 64 21 63 ED C8 6C CE .Y..I./. od!c..l. >+[0D20] 37 28 7B 80 7F 5F 85 F6 98 93 C0 66 A8 D6 F1 2C 7({.._.. ...f..., >+[0D30] D8 01 68 B1 C8 EA 82 0D 5B 9B 35 4F 3D B3 47 19 ..h..... [.5O=.G. >+[0D40] 54 7A C6 9F AD D7 54 CF B0 DB 3E 18 BA 2A 39 08 Tz....T. ..>..*9. >+[0D50] 0C C4 98 4B 43 DE 53 68 25 B1 83 93 1D E1 6C BF ...KC.Sh %.....l. >+[0D60] F5 B4 A9 83 17 34 64 8C 2F 91 80 97 4A 48 EC 90 .....4d. /...JH.. >+[0D70] BB FA 92 2C 01 80 E4 99 91 0E 67 88 D5 75 AB 7C ...,.... ..g..u.| >+[0D80] 98 59 98 45 C9 11 A9 8C 02 98 91 DE AB A0 FF 45 .Y.E.... .......E >+[0D90] 11 66 6F C5 DE 61 6D C6 DB C9 CA A3 A0 2B B1 73 .fo..am. .....+.s >+[0DA0] 05 85 37 BF AB CA 43 7A 6F 38 C8 BE ED CE 12 49 ..7...Cz o8.....I >+[0DB0] 93 C7 7C 1A 33 60 52 7A 67 67 AA 60 57 7E C8 FF ..|.3`Rz gg.`W~.. >+[0DC0] DF 91 91 18 45 74 C0 9E 36 19 BC 42 F9 46 CC 84 ....Et.. 6..B.F.. >+[0DD0] 09 2E 8C 59 1A E3 65 51 F4 87 6F 4C 3E 29 38 E6 ...Y..eQ ..oL>)8. >+[0DE0] 77 E8 A9 B7 FA 00 00 00 00 00 00 00 01 00 00 00 w....... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 01 78 D0 LKTEST6. ......x. >+[0E60] 3B 9B FF F0 88 86 4B 3B FE 41 A9 6B 00 4D 9B 90 ;.....K; .A.k.M.. >+[0E70] 45 4D 9B 90 6B 7D 46 4C 43 00 00 00 00 00 40 28 EM..k}FL C.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 03 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] CA EA 4D 46 2D D1 E9 58 5D 25 8D 9F DF EA C9 01 ..MF-..X ]%...... >+[0F00] B6 08 27 CD 14 85 02 DC 20 C6 51 AA F9 6A B1 CE ..'..... .Q..j.. >+[0F10] F5 77 84 BF 9A AC 6B A7 B2 F2 1F 60 BF CB C6 FC .w....k. ...`.... >+[0F20] C7 14 B7 41 1C A8 C9 70 7B 86 BC 8E 70 2B 65 4B ...A...p {...p+eK >+[0F30] DC F5 B9 23 F8 08 BF 96 C9 A8 77 F4 54 67 25 F8 ...#.... ..w.Tg%. >+[0F40] 0F A8 C5 D6 D1 BB 46 5E A0 7E D2 98 9C CD AF E0 ......F^ .~...... >+[0F50] 82 62 ED 39 D2 FB F2 E8 9B 1B EE E5 B4 1B C9 0A .b.9.... ........ >+[0F60] 86 27 52 6E 11 8B D7 AD B4 54 F9 C6 69 8D E0 F1 .'Rn.... .T..i... >+[0F70] CD 63 1C 89 7C 8F B6 A0 71 53 A6 DA B1 66 D2 9D .c..|... qS...f.. >+[0F80] D3 4C A8 FB C6 9D 81 74 10 8E 84 D2 3D D8 1C BE .L.....t ....=... >+[0F90] BB 3F F7 BF 91 3E 89 66 43 A1 E0 90 1B 1A 97 FF .?...>.f C....... >+[0FA0] EF CC 35 75 14 62 4F 67 3A 29 F4 F9 C5 2E BE C5 ..5u.bOg :)...... >+[0FB0] C2 2B A8 35 22 D9 92 31 1D 49 2A A5 19 AA 08 0F .+.5"..1 .I*..... >+[0FC0] A8 22 0B 68 D2 A2 D7 07 7B 37 1E A3 AC 9B 4F 0A .".h.... {7....O. >+[0FD0] A4 FA 7F 37 6F 3E 35 79 4E 00 4B B6 28 A3 6A E4 ...7o>5y N.K.(.j. >+[0FE0] 0C 95 53 BA E8 41 07 DA BE E9 08 B9 51 24 91 49 ..S..A.. ....Q$.I >+[0FF0] 78 5D 44 12 BC 85 63 81 B8 E0 88 D5 95 0C D3 A8 x]D...c. ........ >+[1000] 1D 32 4B E4 A0 C8 A7 7D 3C 97 EE D8 59 AC 3A 21 .2K....} <...Y.:! >+[1010] 09 F2 7A CC D0 4A F3 50 10 DC FC 26 BB C2 6A 8E ..z..J.P ...&..j. >+[1020] 8B 14 2B 2D 50 2E B3 1E 9B D2 69 56 22 F2 48 BD ..+-P... ..iV".H. >+[1030] E9 2E 2F 28 DE 77 67 5F 68 AA 29 05 4B 36 58 40 ../(.wg_ h.).K6X@ >+[1040] E5 54 11 C5 4D 68 96 49 9D 53 37 87 5F D2 3A 9B .T..Mh.I .S7._.:. >+[1050] E9 8E 79 BE AE 11 B4 6B AB FD DB 8A F5 A0 9B 29 ..y....k .......) >+[1060] D9 F5 ED CA FA 3F FE 35 FC F4 69 7E E4 D0 44 29 .....?.5 ..i~..D) >+[1070] 48 FF 82 61 26 FC D3 E2 10 EE 14 F7 4A E3 CD F2 H..a&... ....J... >+[1080] 8B BC 8B 43 64 2C DE 40 6E BB E1 56 C0 B6 2C D0 ...Cd,.@ n..V..,. >+[1090] E5 1E E9 B3 FB 38 48 66 ED AF D2 25 D1 35 5C C6 .....8Hf ...%.5\. >+[10A0] F0 4D 36 19 0B EC 33 07 34 D0 27 8D 14 DC 01 45 .M6...3. 4.'....E >+[10B0] DE F8 73 A6 A0 F4 C1 91 9D BD 05 E3 70 25 E1 10 ..s..... ....p%.. >+[10C0] 44 F6 4B 46 F7 24 84 BF 20 96 AD 6A 96 94 81 58 D.KF.$.. ..j...X >+[10D0] 80 95 06 92 F5 7F 17 39 3B 32 47 B2 C5 CE 7B 73 .......9 ;2G...{s >+[10E0] CF 53 AE FA D1 9A 60 5A 98 EC 8C FA BD C0 CE 8D .S....`Z ........ >+[10F0] C5 27 E6 17 1A 4D 47 D8 3F 5D A9 7C FB 2C B3 05 .'...MG. ?].|.,.. >+[1100] 0C 69 20 48 99 80 11 DC 48 AB A7 EA 5B 98 C1 15 .i H.... H...[... >+[1110] 27 AE FA 3E 1E 1E E0 E1 F8 32 C0 54 13 D6 30 34 '..>.... .2.T..04 >+[1120] 71 98 26 61 6C 1C C4 C7 4E C4 A6 7E FE A8 B8 89 q.&al... N..~.... >+[1130] 2A 70 3C 19 58 8D 57 45 55 83 0A C2 B5 F7 89 0E *p<.X.WE U....... >+[1140] 7B 7A 17 0C CF 6E 08 A5 F7 21 4A 62 81 4F 49 CA {z...n.. .!Jb.OI. >+[1150] E2 ED C2 B4 C7 33 5C BC A1 A0 DE 4E 09 37 BE 24 .....3\. ...N.7.$ >+[1160] 62 22 94 55 75 AA 53 DE E0 74 5A B0 B8 E9 BF 2B b".Uu.S. .tZ....+ >+[1170] 12 65 2F 90 6B 84 ED 11 AD F7 CE 19 A1 96 E4 1E .e/.k... ........ >+[1180] 8C EA C8 81 1B 47 4F 5F B1 5D A5 8B E3 0D 5A 80 .....GO_ .]....Z. >+[1190] 89 EC 4B D9 CE ED E8 67 7F 96 FC 1B EF 65 C2 68 ..K....g .....e.h >+[11A0] 40 F7 20 36 83 58 62 F4 CA 02 F4 5C 0D 46 B1 CB @. 6.Xb. ...\.F.. >+[11B0] 50 D2 D8 3D B7 9A 96 48 8C CF EB E6 8C F4 B2 B4 P..=...H ........ >+[11C0] 47 C9 34 C9 DC 14 F1 33 1B 6F 9E 65 27 D7 9D 46 G.4....3 .o.e'..F >+[11D0] 1E 91 FF 2E FB 8E 97 5D 17 8F 48 54 7C 3C A0 11 .......] ..HT|<.. >+[11E0] 9C AA 77 E9 79 DE 26 D1 F0 7C EA 24 73 BE EC 60 ..w.y.&. .|.$s..` >+[11F0] B4 EE BD ED 0D 0A AB 74 60 6E 46 C0 35 5B 65 1A .......t `nF.5[e. >+[1200] A4 4A 5C 22 AC B9 CD B7 56 06 88 09 FC 48 68 55 .J\".... V....HhU >+[1210] B7 5E 39 72 DF 8A 4C CD 79 74 B0 84 0B 78 DA B2 .^9r..L. yt...x.. >+[1220] 55 F8 06 0B 5C 27 06 B3 CA 10 65 6B 04 A3 64 11 U...\'.. ..ek..d. >+[1230] 04 09 DC DF 67 00 70 B1 16 DF 24 E9 27 85 11 91 ....g.p. ..$.'... >+[1240] 31 CB 92 95 50 18 91 08 C2 A1 A3 76 C7 1A FC 64 1...P... ...v...d >+[1250] 9E 2C 3A E7 30 F4 16 0D A0 56 C0 BC D2 FE 2D A0 .,:.0... .V....-. >+[1260] 20 A4 E2 82 AD F0 C5 12 71 09 23 E1 66 52 53 D0 ....... q.#.fRS. >+[1270] 89 30 E7 BE B7 C2 89 F2 1C 7A F6 8E D7 28 F0 A4 .0...... .z...(.. >+[1280] 33 46 7C A2 79 66 DE 26 00 00 00 00 3F|.yf.& .... >+push returned Success >+pull returned Success >+ CCACHE: struct CCACHE >+ pvno : 0x05 (5) >+ version : 0x04 (4) >+ optional_header : union OPTIONAL_HEADER(case 0x4) >+ v4header: struct V4HEADER >+ v4tags: struct V4TAGS >+ tag: struct V4TAG >+ tag : 0x0001 (1) >+ field : union FIELD(case 0x1) >+ deltatime_tag: struct DELTATIME_TAG >+ kdc_sec_offset : 0 >+ kdc_usec_offset : 0 >+ further_tags : DATA_BLOB length=0 >+ principal: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ cred: struct CREDENTIAL >+ client: struct PRINCIPAL >+ name_type : 0x00000001 (1) >+ component_count : 0x00000001 (1) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(1) >+ components : 'administrator' >+ server: struct PRINCIPAL >+ name_type : 0x00000000 (0) >+ component_count : 0x00000002 (2) >+ realm : 'KTEST.SAMBA.EXAMPLE.COM' >+ components: ARRAY(2) >+ components : 'krbtgt' >+ components : 'KTEST.SAMBA.EXAMPLE.COM' >+ keyblock: struct KEYBLOCK >+ enctype : 0x0017 (23) >+ data : DATA_BLOB length=16 >+[0000] E5 E4 15 C8 A8 0F 4D 95 F9 1B E3 B9 98 CA A1 7F ......M. ........ >+ authtime : 0x4d9b9045 (1302040645) >+ starttime : 0x4d9b9045 (1302040645) >+ endtime : 0x7d464c43 (2101759043) >+ renew_till : 0x7d464c43 (2101759043) >+ is_skey : 0x00 (0) >+ ticket_flags : 0x40e00000 (1088421888) >+ addresses: struct ADDRESSES >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ authdata: struct AUTHDATA >+ count : 0x00000000 (0) >+ data: ARRAY(0) >+ ticket : DATA_BLOB length=1032 >+[0000] 61 82 04 04 30 82 04 00 A0 03 02 01 05 A1 19 1B a...0... ........ >+[0010] 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 .KTEST.S AMBA.EXA >+[0020] 4D 50 4C 45 2E 43 4F 4D A2 2C 30 2A A0 03 02 01 MPLE.COM .,0*.... >+[0030] 00 A1 23 30 21 1B 06 6B 72 62 74 67 74 1B 17 4B ..#0!..k rbtgt..K >+[0040] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0050] 4C 45 2E 43 4F 4D A3 82 03 AE 30 82 03 AA A0 03 LE.COM.. ..0..... >+[0060] 02 01 17 A1 03 02 01 01 A2 82 03 9C 04 82 03 98 ........ ........ >+[0070] 01 40 48 A6 B8 F0 DA 43 54 A5 18 CF B0 15 CB 68 .@H....C T......h >+[0080] 9F A0 69 44 87 A9 FF 06 25 B9 29 48 59 64 26 48 ..iD.... %.)HYd&H >+[0090] 96 7C 46 6A 79 E5 F0 77 DB 46 6C 20 A1 59 D9 F8 .|Fjy..w .Fl .Y.. >+[00A0] 6A 8A 2D B5 D9 EF A4 54 DE 19 20 C0 7B 93 D4 3D j.-....T .. .{..= >+[00B0] ED 72 35 AF 9D 87 75 9E 44 01 A4 6C D9 EA 94 A3 .r5...u. D..l.... >+[00C0] 18 C6 42 75 E3 0A 0C 76 9A AE 75 BC A3 02 91 BC ..Bu...v ..u..... >+[00D0] 2D BB 3C 23 73 A6 1A A7 8A 3E 85 42 5D 1F 5D 7D -.<#s... .>.B].]} >+[00E0] 0B 1F C3 88 2A 93 40 F9 E9 18 7D 3F 73 DA AC 1F ....*.@. ..}?s... >+[00F0] E7 7B C3 B8 14 56 C3 63 86 5B AF C9 C3 21 9F 94 .{...V.c .[...!.. >+[0100] B4 67 06 60 7F 56 2D F4 C7 22 CD B4 1C 14 B7 5B .g.`.V-. .".....[ >+[0110] 26 67 9D 18 28 B5 5D C2 FC 13 B6 CA 9F AB CD 32 &g..(.]. .......2 >+[0120] 71 D5 51 5F A2 11 5A 5D 4A B3 3B 1D D1 6B 4F 7D q.Q_..Z] J.;..kO} >+[0130] E9 54 F0 B4 AC 80 DE 27 80 C5 64 3C 0B 22 79 1C .T.....' ..d<."y. >+[0140] 9E D1 58 A1 3E 20 5A 9F E3 34 49 D8 16 C6 6B 2D ..X.> Z. .4I...k- >+[0150] 36 0E E2 C2 3F 44 DE 63 32 DB EB 78 50 A2 6F 37 6...?D.c 2..xP.o7 >+[0160] 05 2B 13 D4 31 07 D4 2A C0 53 B1 30 39 79 C3 D8 .+..1..* .S.09y.. >+[0170] C4 4C 30 97 E8 F9 DA ED 10 B0 D0 21 71 8B 56 F3 .L0..... ...!q.V. >+[0180] 0F 3A 2D 26 A2 3D AD 70 27 82 95 59 0A D7 7D 4E .:-&.=.p '..Y..}N >+[0190] 2D 76 96 4D 94 70 2A BB 26 3B 7E FC E1 59 5A 55 -v.M.p*. &;~..YZU >+[01A0] 04 A2 DA 27 AD 46 70 45 43 C0 FB C1 42 7F F0 CB ...'.FpE C...B... >+[01B0] 21 D2 CD 54 35 7C 60 13 EE BB BB 60 6B 91 2B BE !..T5|`. ...`k.+. >+[01C0] 91 8A CF 49 29 F8 60 D1 AB A5 51 B5 5E 4B B2 3A ...I).`. ..Q.^K.: >+[01D0] F4 56 3A 89 2D 88 D0 73 08 A6 FB D8 6E B3 B1 4E .V:.-..s ....n..N >+[01E0] D8 90 27 58 D2 53 40 B2 A0 3C 40 4D E9 21 C6 83 ..'X.S@. .<@M.!.. >+[01F0] FC 15 14 F0 8C 08 46 C5 29 14 E3 84 CC 2C 56 C9 ......F. )....,V. >+[0200] 20 53 45 34 D0 BE E0 CC F7 F1 15 D4 D4 B1 3C 43 SE4.... ......<C >+[0210] EB 5E 9D 33 07 B4 5B E7 D8 24 B0 EB 7B 27 24 6B .^.3..[. .$..{'$k >+[0220] 2A 90 C9 17 D9 24 CF FD 56 28 D7 73 74 03 2F DA *....$.. V(.st./. >+[0230] C4 E0 B3 78 E4 9A 60 4D 5C C7 F5 CF 9C 14 7C B6 ...x..`M \.....|. >+[0240] 1B 5D 76 D1 E3 73 73 2F 41 BD E3 E7 F0 92 B4 5B .]v..ss/ A......[ >+[0250] 07 B4 16 77 DC 3C 28 A4 92 82 C5 7C CA 00 9C 77 ...w.<(. ...|...w >+[0260] B8 28 7F D0 3F EA 2B C1 79 2B 73 FF E0 E0 A5 17 .(..?.+. y+s..... >+[0270] 02 CA 6C B6 02 D2 51 D3 CE 6F 5B 56 E0 7B 38 22 ..l...Q. .o[V.{8" >+[0280] 76 52 48 2D 0A 2F 15 58 A9 FE 03 65 E1 D5 A8 60 vRH-./.X ...e...` >+[0290] E3 5D E6 53 D8 AA 05 D0 90 61 EF B6 28 4A B9 84 .].S.... .a..(J.. >+[02A0] 56 79 80 D2 53 08 1D 17 C4 05 4E F8 04 10 2B CF Vy..S... ..N...+. >+[02B0] 08 DD 61 68 27 21 A5 8A C0 35 6A 0A 94 6D 9E FD ..ah'!.. .5j..m.. >+[02C0] C9 45 AC E3 4F 60 BB 96 AF D4 4E 71 A9 D9 BE 33 .E..O`.. ..Nq...3 >+[02D0] DC 61 8B 14 77 6C A7 72 70 02 65 62 32 9C 8E 53 .a..wl.r p.eb2..S >+[02E0] C9 A3 5B B9 14 3C 00 A2 1D C7 CD 36 5B 5F BE 40 ..[..<.. ...6[_.@ >+[02F0] 28 E2 58 0D D1 05 53 78 F0 86 0F 80 1A 6A 1D DC (.X...Sx .....j.. >+[0300] D4 CD F2 83 0E 25 E1 60 DB C7 F4 B6 05 4F 0D 11 .....%.` .....O.. >+[0310] A4 AE A5 F8 6D 14 CF DF 03 C5 27 75 75 B5 0C F1 ....m... ..'uu... >+[0320] C3 01 F9 A4 FD 2E 0B BD 51 A8 C1 3B DE 48 CF 3A ........ Q..;.H.: >+[0330] CF B3 41 23 9A 9D 0C 79 11 7C 9B D3 71 43 4E 9D ..A#...y .|..qCN. >+[0340] B5 52 19 28 2C A0 4E 0E 8D 7A 84 9A B9 A0 EB FA .R.(,.N. .z...... >+[0350] 6E A1 DF B9 2F 6B FE 5E AE 85 D1 6B A2 C5 BE 07 n.../k.^ ...k.... >+[0360] E7 D6 33 3A 0F 2B ED FB 30 6F 88 1E F9 09 CC C3 ..3:.+.. 0o...... >+[0370] 8F 59 A0 D4 8D 9F A6 08 B0 D3 ED EB 15 13 1B 8E .Y...... ........ >+[0380] 19 C6 14 9C 25 E7 E9 EF 5A 67 7B CD 86 C4 D1 51 ....%... Zg{....Q >+[0390] 2B DE 27 30 D9 F5 6E F9 E4 3E CF 42 54 AE 42 61 +.'0..n. .>.BT.Ba >+[03A0] C5 22 B7 AE 51 76 8F 12 83 7F E1 9F 97 D8 31 38 ."..Qv.. ......18 >+[03B0] A6 B9 11 B4 E1 BA 19 5B E4 A5 A3 6F 4B B3 03 93 .......[ ...oK... >+[03C0] 4C D6 1E 08 FC 94 D1 C5 7C AA 95 EB 9C 7A C2 57 L....... |....z.W >+[03D0] 60 CA 17 FF 8E 66 80 76 CB 35 46 26 C3 BD CA 83 `....f.v .5F&.... >+[03E0] F0 04 08 0D 4C 5D B2 E4 7C 1C 82 28 D7 2C 42 B1 ....L].. |..(.,B. >+[03F0] 36 72 60 5E 26 4A 79 D0 41 94 3C 2C 65 0E 32 18 6r`^&Jy. A.<,e.2. >+[0400] B8 56 26 9D D3 84 78 BB .V&...x. >+ second_ticket : DATA_BLOB length=0 >+ further_creds : DATA_BLOB length=4748 >+[0000] 00 00 00 01 00 00 00 01 00 00 00 17 4B 54 45 53 ........ ....KTES >+[0010] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0020] 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 73 74 72 COM....a dministr >+[0030] 61 74 6F 72 00 00 00 01 00 00 00 02 00 00 00 17 ator.... ........ >+[0040] 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D KTEST.SA MBA.EXAM >+[0050] 50 4C 45 2E 43 4F 4D 00 00 00 04 68 6F 73 74 00 PLE.COM. ...host. >+[0060] 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 00 17 ...local ktest6.. >+[0070] 00 00 00 10 EA 0D 3A 24 41 21 F7 7D 7D A3 C5 BB ......:$ A!.}}... >+[0080] A4 88 F6 17 4D 9B 90 45 4D 9B 90 52 7D 46 4C 43 ....M..E M..R}FLC >+[0090] 00 00 00 00 00 40 28 00 00 00 00 00 00 00 00 00 .....@(. ........ >+[00A0] 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 A0 03 02 .....a.. .0...... >+[00B0] 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[00C0] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D A2 1E 30 A.EXAMPL E.COM..0 >+[00D0] 1C A0 03 02 01 01 A1 15 30 13 1B 04 68 6F 73 74 ........ 0...host >+[00E0] 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 A3 82 03 ..localk test6... >+[00F0] AE 30 82 03 AA A0 03 02 01 17 A1 03 02 01 03 A2 .0...... ........ >+[0100] 82 03 9C 04 82 03 98 44 8B C4 7D BA 9F FE 59 F6 .......D ..}...Y. >+[0110] C1 DF 62 89 02 A4 55 54 AB D6 D6 2E 8B 5E 35 3D ..b...UT .....^5= >+[0120] D9 46 9D 8B 49 93 A6 66 5F 1A 8B 81 AD 09 19 E9 .F..I..f _....... >+[0130] 59 CE 58 18 50 63 4A A6 7D 6F 71 21 51 4A 41 C2 Y.X.PcJ. }oq!QJA. >+[0140] A1 FE B0 D5 0A 3D 38 9F E5 3B 72 A2 7A 59 22 A4 .....=8. .;r.zY". >+[0150] B7 1C A3 8D DB EA 5D A5 E2 D3 1D AE 42 D0 7F 75 ......]. ....B..u >+[0160] B5 E9 ED B5 04 7B 67 1E 28 90 7D 3D 1A 3E F6 62 .....{g. (.}=.>.b >+[0170] D0 A1 56 89 28 76 5C 19 1A FD 66 E5 F2 86 E7 58 ..V.(v\. ..f....X >+[0180] 93 31 90 C5 CD F8 71 96 56 21 15 13 F0 EA C2 CC .1....q. V!...... >+[0190] 48 4C B4 50 EF F9 81 44 29 8A 75 C4 31 75 D1 BA HL.P...D ).u.1u.. >+[01A0] E2 0B 05 B2 E0 EA 64 3A 11 45 84 3D 69 55 FF E6 ......d: .E.=iU.. >+[01B0] 32 7E C9 CA C4 28 E8 40 B6 5E F9 26 0F 09 12 1F 2~...(.@ .^.&.... >+[01C0] 1F D4 9C 9A 50 E8 B7 6D F8 4F 55 6E 2A D4 AC 6A ....P..m .OUn*..j >+[01D0] 79 D1 C2 2A 88 99 F8 39 75 36 F1 2D C7 89 0A C6 y..*...9 u6.-.... >+[01E0] B4 C7 A1 7B F1 BF 22 87 A4 B2 93 22 54 A1 72 25 ...{..". ..."T.r% >+[01F0] AF 67 FE 20 D5 C8 29 47 28 FF 51 FB F9 4E 2C 17 .g. ..)G (.Q..N,. >+[0200] 10 BE 2E 13 8B 18 BE 3C A3 BE 50 49 A7 65 DD 2E .......< ..PI.e.. >+[0210] CC EB D6 0F 47 4E DB 7E 08 D5 F0 37 79 36 8F 24 ....GN.~ ...7y6.$ >+[0220] 34 28 86 89 EC A3 84 7F 44 4E 37 03 B5 D8 89 1C 4(...... DN7..... >+[0230] C7 AA AC 42 70 5F 96 73 35 8B 83 D1 16 24 27 C1 ...Bp_.s 5....$'. >+[0240] EC 0E AE 83 59 5A C2 EB C1 91 B6 3D BB 8D 21 49 ....YZ.. ...=..!I >+[0250] 63 41 3C 91 1D E9 01 C2 4F A9 E4 42 C1 FD 54 E3 cA<..... O..B..T. >+[0260] 7B 3B DF 24 3D 98 E9 84 F8 1D 8D CE 4D 85 AC 8A {;.$=... ....M... >+[0270] 12 15 48 C4 DA 1B 3C B8 FC A3 0B AF E2 4D 71 E9 ..H...<. .....Mq. >+[0280] 0A 28 53 DC 4E 6C 23 2C 73 26 50 FE 37 03 BF D1 .(S.Nl#, s&P.7... >+[0290] 5F 8A 39 4F 04 2E 4A CE 3C 90 11 0C DA 84 5C C3 _.9O..J. <.....\. >+[02A0] F8 BE C7 74 ED F4 CF 7E B2 AE 9B 47 D6 2A 1D 93 ...t...~ ...G.*.. >+[02B0] 3F A8 8B 51 E9 A3 A0 59 55 DB E3 52 67 E3 DE FF ?..Q...Y U..Rg... >+[02C0] B1 56 74 A0 87 21 99 23 8C 8E D1 92 A6 3D 93 D6 .Vt..!.# .....=.. >+[02D0] 4D 5B 84 2B B1 8D DD E4 F7 01 A6 6C 4A DF 3C 6E M[.+.... ...lJ.<n >+[02E0] A0 FA 74 93 BE 18 7C 30 29 9D B8 DB 5F D1 AA B7 ..t...|0 )..._... >+[02F0] 51 7C 2A 90 1A 8B 06 95 E1 80 0D 27 B2 6C 52 1C Q|*..... ...'.lR. >+[0300] C7 D1 E9 16 14 F1 6C 57 48 28 BD 13 B5 83 BA A7 ......lW H(...... >+[0310] 75 31 69 52 03 38 69 13 62 ED C6 DC C2 01 C8 F1 u1iR.8i. b....... >+[0320] 45 02 4D 8C 64 CF 96 90 3E C2 08 EC 2B 8D 92 93 E.M.d... >...+... >+[0330] 4B 6D 22 B3 41 DE 85 35 2D 19 09 E5 68 8E 1F 98 Km".A..5 -...h... >+[0340] 1B F2 73 F2 D4 91 08 89 42 0C 05 8B 42 77 6B CC ..s..... B...Bwk. >+[0350] 18 78 43 1A 73 C2 7C E7 C2 23 28 56 F7 A0 19 B3 .xC.s.|. .#(V.... >+[0360] 99 A6 25 4F C3 5E 70 EC 78 BB 30 15 36 77 B3 A6 ..%O.^p. x.0.6w.. >+[0370] 89 98 B6 A0 85 CC 8F E7 41 40 B5 E0 89 93 25 04 ........ A@....%. >+[0380] B8 1D 0B 06 31 1D C7 30 52 E1 64 29 8C 64 B9 89 ....1..0 R.d).d.. >+[0390] 1F 86 5A AD 74 15 1C C8 AF 37 7B 27 E0 C0 DB 73 ..Z.t... .7{'...s >+[03A0] 30 72 65 D3 C0 A5 07 61 E9 0C 07 A1 27 18 8F 50 0re....a ....'..P >+[03B0] DB CE FB 4C DD 75 98 F2 28 D2 76 FF F2 41 9F D5 ...L.u.. (.v..A.. >+[03C0] 74 22 8A 03 73 B1 A8 B3 B8 80 93 E5 E2 CD 4B F2 t"..s... ......K. >+[03D0] 6B 99 DF 5B 5B C7 22 69 81 2A 8A CD 2A F9 9D 08 k..[[."i .*..*... >+[03E0] B8 B0 40 77 D3 43 8B AF 40 DD 0C CB 45 E3 88 CB ..@w.C.. @...E... >+[03F0] 06 AA 63 38 EB DD 72 89 03 0E DC 3E 97 3F 16 D4 ..c8..r. ...>.?.. >+[0400] 1A 21 40 D8 30 BD B0 B4 04 C2 7A 22 43 15 A2 D8 .!@.0... ..z"C... >+[0410] 2F 08 28 3B 63 26 AA B3 1C B6 FC E4 0B 2A CD 0E /.(;c&.. .....*.. >+[0420] A8 7C E8 11 33 03 D3 C5 6C 35 6A 5D 3C 5A 80 1A .|..3... l5j]<Z.. >+[0430] BC 1C 54 DE 5C 6A E2 F3 A1 18 8E 47 88 8B 71 11 ..T.\j.. ...G..q. >+[0440] 09 2F 29 88 D9 BB DC 34 09 E1 2F 7E A7 E8 29 DC ./)....4 ../~..). >+[0450] F9 5A 1D 9E C8 A4 CC 52 8A E6 CB 4A 3F F9 77 F7 .Z.....R ...J?.w. >+[0460] 53 64 62 9E 5F E6 D7 F6 43 E6 9C 03 C9 55 B1 CB Sdb._... C....U.. >+[0470] 25 40 74 AA E9 AB 34 58 E1 E8 9B B3 1D 9E 83 FD %@t...4X ........ >+[0480] 7A BF DC 45 2D A8 9A F8 AF 9C 63 EF 1B 2B 9D CC z..E-... ..c..+.. >+[0490] F3 08 74 EC 6E 40 8E 18 62 BD F3 87 66 87 67 00 ..t.n@.. b...f.g. >+[04A0] 00 00 00 00 00 00 01 00 00 00 01 00 00 00 17 4B ........ .......K >+[04B0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[04C0] 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D 69 6E 69 LE.COM.. ..admini >+[04D0] 73 74 72 61 74 6F 72 00 00 00 01 00 00 00 02 00 strator. ........ >+[04E0] 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 ...KTEST .SAMBA.E >+[04F0] 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 04 63 69 XAMPLE.C OM....ci >+[0500] 66 73 00 00 00 0B 6C 6F 63 61 6C 6B 74 65 73 74 fs....lo calktest >+[0510] 36 00 17 00 00 00 10 92 C6 A1 91 6D 55 01 4E BE 6....... ...mU.N. >+[0520] E4 3F E3 36 B0 D3 28 4D 9B 90 45 4D 9B 90 5A 7D .?.6..(M ..EM..Z} >+[0530] 46 4C 43 00 00 00 00 00 40 28 00 00 00 00 00 00 FLC..... @(...... >+[0540] 00 00 00 00 00 00 03 FA 61 82 03 F6 30 82 03 F2 ........ a...0... >+[0550] A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0560] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0570] A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 1B 04 63 ..0..... ...0...c >+[0580] 69 66 73 1B 0B 6C 6F 63 61 6C 6B 74 65 73 74 36 ifs..loc alktest6 >+[0590] A3 82 03 AE 30 82 03 AA A0 03 02 01 17 A1 03 02 ....0... ........ >+[05A0] 01 03 A2 82 03 9C 04 82 03 98 FE 09 00 80 36 35 ........ ......65 >+[05B0] D4 6E 71 0C 33 22 36 9E 89 88 32 E3 34 4A 4C BF .nq.3"6. ..2.4JL. >+[05C0] 80 19 81 CC A0 CB 96 DB 31 F7 2A 19 75 DE 0E DA ........ 1.*.u... >+[05D0] D0 18 FA 9E 75 E6 E4 13 C9 BE 3F C0 1B AD 5B 98 ....u... ..?...[. >+[05E0] E9 FC A3 9D 16 FF C8 91 03 AC 8B E6 2D 15 B3 F1 ........ ....-... >+[05F0] 23 4E 25 9E 45 3A F8 8A 19 B7 71 52 A6 92 1C FB #N%.E:.. ..qR.... >+[0600] 1F D4 4C 51 AF 9C 0E 73 D9 A8 D8 43 F2 64 71 BC ..LQ...s ...C.dq. >+[0610] AD B1 7B 8F BF 8D FF 72 89 0F 5E B6 C2 E3 C0 01 ..{....r ..^..... >+[0620] 98 41 AD 3F 6E DC 87 F5 9A E6 40 0C 17 0F 75 80 .A.?n... ..@...u. >+[0630] 0C 28 62 06 EB BF F8 69 8C 43 48 38 A8 AE F2 5E .(b....i .CH8...^ >+[0640] 45 11 23 FB 6B 85 83 54 BA 60 39 CE 08 00 D1 05 E.#.k..T .`9..... >+[0650] 5F 6F 79 96 30 28 06 DD C7 75 52 8E 3C C4 3F FC _oy.0(.. .uR.<.?. >+[0660] C1 31 28 2C 64 3B D1 7E 2F C2 DB B0 E8 A8 EF C5 .1(,d;.~ /....... >+[0670] F2 DC 43 D0 14 21 C8 D0 D3 15 45 8E 2A 3E 3B 4A ..C..!.. ..E.*>;J >+[0680] 60 25 3D 11 E4 F9 16 02 3E 55 8F CE D2 E9 95 E7 `%=..... >U...... >+[0690] B1 C4 8F C4 0B 3E 3C 14 15 28 1A 21 49 15 CE 8E .....><. .(.!I... >+[06A0] 91 5E 98 71 00 1F 29 D3 12 C8 D0 11 4F E7 14 E3 .^.q..). ....O... >+[06B0] 72 1B 61 6D 7B 8A 00 A6 5E 01 01 50 C2 CF 1A A9 r.am{... ^..P.... >+[06C0] 34 8C BA 33 9E 62 C5 69 97 6A 24 3D E0 C6 3F C6 4..3.b.i .j$=..?. >+[06D0] F4 36 B1 80 D6 5C 44 19 5B 65 C7 CA 47 DE 4B 65 .6...\D. [e..G.Ke >+[06E0] 41 29 9F F8 EA E8 E0 3B E2 C6 98 9D 58 A4 6C 62 A).....; ....X.lb >+[06F0] EF 25 12 C9 0E 97 CE 9D F0 D8 08 AD 13 73 A6 82 .%...... .....s.. >+[0700] C5 54 23 F4 A4 CB 91 35 91 BD 10 B4 04 DD 55 7E .T#....5 ......U~ >+[0710] C9 DE AE CB B0 8F C0 D8 28 AE BD 78 64 91 6C AB ........ (..xd.l. >+[0720] CA 36 EA 0E 0E 97 DC 40 ED 26 1D 09 17 28 30 D3 .6.....@ .&...(0. >+[0730] 78 DC F7 D2 9C 78 DA 6F 6F 57 00 B3 FD 8E 75 A1 x....x.o oW....u. >+[0740] 56 98 5C 4B D8 61 A6 0A 89 27 CD 11 BF 7F 79 53 V.\K.a.. .'....yS >+[0750] D9 50 9A 8D EC DD DB BB B8 23 27 0D 20 5B 53 51 .P...... .#'. [SQ >+[0760] 07 C4 26 31 3B D4 DF ED 3C 40 B4 1C 8B 46 E2 A6 ..&1;... <@...F.. >+[0770] B7 0F 97 D2 B3 1D 19 FD 13 60 7B 38 E6 37 0C 59 ........ .`{8.7.Y >+[0780] B0 A8 47 5D 32 A5 0C 57 76 EF 2C ED 40 9F BF 4B ..G]2..W v.,.@..K >+[0790] 43 99 3C 68 C4 DE 84 9C A1 36 8C CA CB 2A 08 36 C.<h.... .6...*.6 >+[07A0] 4E CD 43 06 9E F8 E7 1D 52 3B 59 37 4F 6F 65 D9 N.C..... R;Y7Ooe. >+[07B0] 2A F9 AD 5A 50 95 71 3F B1 5F C8 8E 2E E9 E4 FE *..ZP.q? ._...... >+[07C0] C8 A9 42 2C EE 18 E0 81 3C 00 E2 80 8D 8A 8B 71 ..B,.... <......q >+[07D0] C7 F5 AC 5C 36 1D E0 BC F0 11 57 67 CB 2C BE F6 ...\6... ..Wg.,.. >+[07E0] 90 4E F9 90 97 14 1F 0C 9D 5D 4D DF 0D D0 C0 C5 .N...... .]M..... >+[07F0] 08 E7 31 72 8E 35 63 17 8D 8B 3D 49 14 C8 A5 90 ..1r.5c. ..=I.... >+[0800] 88 24 AF 75 CA 0A CB 95 8A 2C 70 A6 CE 2F 3F B6 .$.u.... .,p../?. >+[0810] D7 1A 44 AC 05 93 EF 3D 03 C7 C2 8E 0F 31 9F 53 ..D....= .....1.S >+[0820] 67 CA 73 D3 B8 07 76 36 35 6F B5 32 30 38 86 7E g.s...v6 5o.208.~ >+[0830] 7E 95 3F DC F4 6F A9 67 0E 15 E8 4A CA 3F 18 0E ~.?..o.g ...J.?.. >+[0840] C6 E7 20 22 6B F1 39 6A 9C A6 47 64 81 E4 CB A8 .. "k.9j ..Gd.... >+[0850] 31 FF E2 97 13 41 89 45 79 53 2B A8 90 97 DE 7B 1....A.E yS+....{ >+[0860] 18 56 95 02 2A 94 D2 7E 5C D0 A0 BC A0 38 D2 BC .V..*..~ \....8.. >+[0870] 03 91 F7 35 FE 1A 5E 80 10 13 4E 83 CB F6 D7 8A ...5..^. ..N..... >+[0880] 02 A2 E8 1F D8 9B F1 76 F9 18 66 56 9C 4D 9E BF .......v ..fV.M.. >+[0890] 1D F4 66 86 E0 7B 88 EC 9C F7 50 13 7D 34 8A 54 ..f..{.. ..P.}4.T >+[08A0] 7A E1 EC F6 44 12 47 84 7D 16 B4 42 25 E5 A2 CC z...D.G. }..B%... >+[08B0] D8 CA 7A 38 21 85 A3 F8 41 6D 0D AC 1D FA 36 5D ..z8!... Am....6] >+[08C0] 23 EA 20 CC 43 A5 7E D9 25 97 BC 0E 74 F5 3D 98 #. .C.~. %...t.=. >+[08D0] B9 79 C2 65 50 0E 8D E7 7A F3 F3 88 37 A3 40 01 .y.eP... z...7.@. >+[08E0] 96 C6 FC 1D 6E 9E 06 A1 90 A0 78 3C DA 7F E9 C6 ....n... ..x<.... >+[08F0] 23 47 70 04 03 EE C2 4A C3 95 07 44 00 BD 29 2A #Gp....J ...D..)* >+[0900] B5 FA 17 1E D6 BC 00 A0 93 55 E0 82 0A AB 04 D4 ........ .U...... >+[0910] D5 56 84 2A B2 56 51 05 DB 30 E2 83 5A 75 D3 A8 .V.*.VQ. .0..Zu.. >+[0920] 30 B7 3E C4 25 70 A8 34 E4 A2 EB 3E FB D8 2D 10 0.>.%p.4 ...>..-. >+[0930] 72 8E DA 4D 2D 55 EC 49 66 5E 01 96 E4 C1 0C 23 r..M-U.I f^.....# >+[0940] 57 91 00 00 00 00 00 00 00 01 00 00 00 01 00 00 W....... ........ >+[0950] 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 ..KTEST. SAMBA.EX >+[0960] 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D 61 64 6D AMPLE.CO M....adm >+[0970] 69 6E 69 73 74 72 61 74 6F 72 00 00 00 01 00 00 inistrat or...... >+[0980] 00 02 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 ......KT EST.SAMB >+[0990] 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 A.EXAMPL E.COM... >+[09A0] 04 68 6F 73 74 00 00 00 0B 4C 4F 43 41 4C 4B 54 .host... .LOCALKT >+[09B0] 45 53 54 36 00 17 00 00 00 10 9D AE 06 BE 29 E0 EST6.... ......). >+[09C0] F7 9A 46 97 29 E0 69 8E 5A F0 4D 9B 90 45 4D 9B ..F.).i. Z.M..EM. >+[09D0] 90 61 7D 46 4C 43 00 00 00 00 00 40 28 00 00 00 .a}FLC.. ...@(... >+[09E0] 00 00 00 00 00 00 00 00 00 03 FA 61 82 03 F6 30 ........ ...a...0 >+[09F0] 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B 54 45 53 ........ ....KTES >+[0A00] 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E T.SAMBA. EXAMPLE. >+[0A10] 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 15 30 13 COM..0.. ......0. >+[0A20] 1B 04 68 6F 73 74 1B 0B 4C 4F 43 41 4C 4B 54 45 ..host.. LOCALKTE >+[0A30] 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 02 01 17 ST6....0 ........ >+[0A40] A1 03 02 01 03 A2 82 03 9C 04 82 03 98 B9 C5 6E ........ .......n >+[0A50] 77 F9 59 6D 19 F0 A6 56 2F 14 B3 9A A3 17 06 A6 w.Ym...V /....... >+[0A60] AD F5 92 38 6A 1E EA 3D 53 BF 5E 95 13 FF 5D BB ...8j..= S.^...]. >+[0A70] 43 4F 51 AE FB 12 3B 06 67 36 91 B9 E0 C4 C4 F3 COQ...;. g6...... >+[0A80] 45 A0 48 E6 DC 49 E8 EA 6F 55 D2 3F 79 57 54 FF E.H..I.. oU.?yWT. >+[0A90] 10 8D 89 4A A4 E2 B2 80 FD EE 36 C5 D5 4C D0 97 ...J.... ..6..L.. >+[0AA0] B3 EC 96 8B E8 5A 05 F0 13 39 8B 1B B3 C4 32 2A .....Z.. .9....2* >+[0AB0] 9B BB EF 06 C4 1C 53 2F 0A F6 A8 C6 BE 09 57 26 ......S/ ......W& >+[0AC0] B9 39 7B 7B 50 13 2D 6C 52 FF C4 B5 83 28 A8 47 .9{{P.-l R....(.G >+[0AD0] 5A CD 1C DD A7 65 FD 8A 84 2A 10 E7 44 E6 83 E7 Z....e.. .*..D... >+[0AE0] E7 AA B8 E5 0A 8B 7E E1 87 7B 3D C4 9F 68 BD 19 ......~. .{=..h.. >+[0AF0] 2B 59 5E 5A 45 0D B5 71 CC A6 C7 03 3C B3 17 D3 +Y^ZE..q ....<... >+[0B00] AF 99 F6 A2 52 A0 99 F7 39 56 B4 33 B4 C5 F4 CC ....R... 9V.3.... >+[0B10] 74 34 4C 00 76 26 10 D1 3A 87 6E 6A 52 9B 7A BF t4L.v&.. :.njR.z. >+[0B20] 4E 59 36 32 C5 41 29 CF E1 BF 14 E0 54 BF 4A 25 NY62.A). ....T.J% >+[0B30] 1F 0B 6E 9A 8C 0E 5D 47 A9 64 1B A4 9D 99 A9 09 ..n...]G .d...... >+[0B40] 39 14 E7 41 22 98 8C 62 CC E2 B5 91 8E C1 31 EB 9..A"..b ......1. >+[0B50] B2 70 A6 3B 86 FC DD 19 0B 3F 5D C9 B5 1A 95 73 .p.;.... .?]....s >+[0B60] EB 97 89 BE 14 87 85 17 BE 40 F6 80 14 23 4D 66 ........ .@...#Mf >+[0B70] E4 B0 E5 51 46 34 DA 1C C8 CB FF C6 84 A3 DF D2 ...QF4.. ........ >+[0B80] DC 00 AF 7B 27 C8 78 44 CB 6E 7B CC 5C 94 1E 7A ...{'.xD .n{.\..z >+[0B90] 95 29 19 F4 14 BE 5C 23 C3 B9 A4 2C 5D 4D F3 61 .)....\# ...,]M.a >+[0BA0] 63 1F D4 FE 37 EE 44 14 06 B7 14 50 B6 74 37 75 c...7.D. ...P.t7u >+[0BB0] 2C AB 06 F0 93 F9 93 34 75 63 44 7E 12 48 D1 F1 ,......4 ucD~.H.. >+[0BC0] 06 55 14 11 B9 23 43 CE 01 16 3E 6B A3 BD 23 55 .U...#C. ..>k..#U >+[0BD0] DE 48 5D AF E1 2B 89 E8 E7 C2 E2 34 25 A2 09 4A .H]..+.. ...4%..J >+[0BE0] 1F BE 05 AA DE 4B 08 65 27 4C 9B C7 54 96 C2 FB .....K.e 'L..T... >+[0BF0] E2 CE 53 4A 32 93 8D 0B 44 77 8C D3 65 54 F9 0E ..SJ2... Dw..eT.. >+[0C00] 7F 74 1E FE 3D 74 83 0F 2F E7 9F BC A2 B0 2B 25 .t..=t.. /.....+% >+[0C10] BB D2 6F A8 49 C1 3E 9E B5 93 67 74 39 A4 FE 84 ..o.I.>. ..gt9... >+[0C20] 4C 45 5F 30 74 E0 CA 5F F6 46 EC 89 B5 2D C8 14 LE_0t.._ .F...-.. >+[0C30] 69 76 BC 93 15 F4 60 30 5F AB EB 02 DD 12 4C 62 iv....`0 _.....Lb >+[0C40] F9 73 F7 01 E1 7F 2A 6F 09 05 BF 3A 3A 7E 69 A3 .s....*o ...::~i. >+[0C50] 7B FC 20 2B D6 CE C0 74 4F BB 29 E4 BE CE 04 9D {. +...t O.)..... >+[0C60] 24 D4 98 4A ED 94 A8 81 CD 26 A0 63 EA 09 57 42 $..J.... .&.c..WB >+[0C70] 26 B7 B5 4E B5 CB 45 35 A7 84 D8 74 CA C3 9F FF &..N..E5 ...t.... >+[0C80] C8 1E 2A 75 34 01 C5 A7 B4 9D 6F A3 E1 BB 2B F8 ..*u4... ..o...+. >+[0C90] F0 21 D6 77 57 74 2E 80 DB 76 53 01 86 33 17 32 .!.wWt.. .vS..3.2 >+[0CA0] 2E 16 E1 8D 89 3A B2 67 ED A3 ED 39 82 87 26 A6 .....:.g ...9..&. >+[0CB0] DB CE 59 84 E4 0A A6 CA 7E 07 98 F7 02 91 6E 56 ..Y..... ~.....nV >+[0CC0] 9F 60 03 D3 88 B0 FF EB 20 CA 9E 5B 37 26 67 00 .`...... ..[7&g. >+[0CD0] CC BD 9D 53 15 31 53 14 FD 9C E1 28 08 CB C4 0B ...S.1S. ...(.... >+[0CE0] E3 50 D9 DB 0C E2 E4 F9 44 50 E9 28 6E 01 96 AA .P...... DP.(n... >+[0CF0] C1 D2 4E B2 DE 38 A2 F8 94 32 79 AE 49 64 FB 57 ..N..8.. .2y.Id.W >+[0D00] 50 F6 73 E8 98 43 C6 DD 67 3C 91 AC 97 C9 2E 8C P.s..C.. g<...... >+[0D10] 06 59 A1 FC 49 EC 2F BF 6F 64 21 63 ED C8 6C CE .Y..I./. od!c..l. >+[0D20] 37 28 7B 80 7F 5F 85 F6 98 93 C0 66 A8 D6 F1 2C 7({.._.. ...f..., >+[0D30] D8 01 68 B1 C8 EA 82 0D 5B 9B 35 4F 3D B3 47 19 ..h..... [.5O=.G. >+[0D40] 54 7A C6 9F AD D7 54 CF B0 DB 3E 18 BA 2A 39 08 Tz....T. ..>..*9. >+[0D50] 0C C4 98 4B 43 DE 53 68 25 B1 83 93 1D E1 6C BF ...KC.Sh %.....l. >+[0D60] F5 B4 A9 83 17 34 64 8C 2F 91 80 97 4A 48 EC 90 .....4d. /...JH.. >+[0D70] BB FA 92 2C 01 80 E4 99 91 0E 67 88 D5 75 AB 7C ...,.... ..g..u.| >+[0D80] 98 59 98 45 C9 11 A9 8C 02 98 91 DE AB A0 FF 45 .Y.E.... .......E >+[0D90] 11 66 6F C5 DE 61 6D C6 DB C9 CA A3 A0 2B B1 73 .fo..am. .....+.s >+[0DA0] 05 85 37 BF AB CA 43 7A 6F 38 C8 BE ED CE 12 49 ..7...Cz o8.....I >+[0DB0] 93 C7 7C 1A 33 60 52 7A 67 67 AA 60 57 7E C8 FF ..|.3`Rz gg.`W~.. >+[0DC0] DF 91 91 18 45 74 C0 9E 36 19 BC 42 F9 46 CC 84 ....Et.. 6..B.F.. >+[0DD0] 09 2E 8C 59 1A E3 65 51 F4 87 6F 4C 3E 29 38 E6 ...Y..eQ ..oL>)8. >+[0DE0] 77 E8 A9 B7 FA 00 00 00 00 00 00 00 01 00 00 00 w....... ........ >+[0DF0] 01 00 00 00 17 4B 54 45 53 54 2E 53 41 4D 42 41 .....KTE ST.SAMBA >+[0E00] 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D 00 00 00 0D .EXAMPLE .COM.... >+[0E10] 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 administ rator... >+[0E20] 01 00 00 00 02 00 00 00 17 4B 54 45 53 54 2E 53 ........ .KTEST.S >+[0E30] 41 4D 42 41 2E 45 58 41 4D 50 4C 45 2E 43 4F 4D AMBA.EXA MPLE.COM >+[0E40] 00 00 00 04 63 69 66 73 00 00 00 0B 4C 4F 43 41 ....cifs ....LOCA >+[0E50] 4C 4B 54 45 53 54 36 00 17 00 00 00 10 01 78 D0 LKTEST6. ......x. >+[0E60] 3B 9B FF F0 88 86 4B 3B FE 41 A9 6B 00 4D 9B 90 ;.....K; .A.k.M.. >+[0E70] 45 4D 9B 90 6B 7D 46 4C 43 00 00 00 00 00 40 28 EM..k}FL C.....@( >+[0E80] 00 00 00 00 00 00 00 00 00 00 00 00 03 FA 61 82 ........ ......a. >+[0E90] 03 F6 30 82 03 F2 A0 03 02 01 05 A1 19 1B 17 4B ..0..... .......K >+[0EA0] 54 45 53 54 2E 53 41 4D 42 41 2E 45 58 41 4D 50 TEST.SAM BA.EXAMP >+[0EB0] 4C 45 2E 43 4F 4D A2 1E 30 1C A0 03 02 01 01 A1 LE.COM.. 0....... >+[0EC0] 15 30 13 1B 04 63 69 66 73 1B 0B 4C 4F 43 41 4C .0...cif s..LOCAL >+[0ED0] 4B 54 45 53 54 36 A3 82 03 AE 30 82 03 AA A0 03 KTEST6.. ..0..... >+[0EE0] 02 01 17 A1 03 02 01 03 A2 82 03 9C 04 82 03 98 ........ ........ >+[0EF0] CA EA 4D 46 2D D1 E9 58 5D 25 8D 9F DF EA C9 01 ..MF-..X ]%...... >+[0F00] B6 08 27 CD 14 85 02 DC 20 C6 51 AA F9 6A B1 CE ..'..... .Q..j.. >+[0F10] F5 77 84 BF 9A AC 6B A7 B2 F2 1F 60 BF CB C6 FC .w....k. ...`.... >+[0F20] C7 14 B7 41 1C A8 C9 70 7B 86 BC 8E 70 2B 65 4B ...A...p {...p+eK >+[0F30] DC F5 B9 23 F8 08 BF 96 C9 A8 77 F4 54 67 25 F8 ...#.... ..w.Tg%. >+[0F40] 0F A8 C5 D6 D1 BB 46 5E A0 7E D2 98 9C CD AF E0 ......F^ .~...... >+[0F50] 82 62 ED 39 D2 FB F2 E8 9B 1B EE E5 B4 1B C9 0A .b.9.... ........ >+[0F60] 86 27 52 6E 11 8B D7 AD B4 54 F9 C6 69 8D E0 F1 .'Rn.... .T..i... >+[0F70] CD 63 1C 89 7C 8F B6 A0 71 53 A6 DA B1 66 D2 9D .c..|... qS...f.. >+[0F80] D3 4C A8 FB C6 9D 81 74 10 8E 84 D2 3D D8 1C BE .L.....t ....=... >+[0F90] BB 3F F7 BF 91 3E 89 66 43 A1 E0 90 1B 1A 97 FF .?...>.f C....... >+[0FA0] EF CC 35 75 14 62 4F 67 3A 29 F4 F9 C5 2E BE C5 ..5u.bOg :)...... >+[0FB0] C2 2B A8 35 22 D9 92 31 1D 49 2A A5 19 AA 08 0F .+.5"..1 .I*..... >+[0FC0] A8 22 0B 68 D2 A2 D7 07 7B 37 1E A3 AC 9B 4F 0A .".h.... {7....O. >+[0FD0] A4 FA 7F 37 6F 3E 35 79 4E 00 4B B6 28 A3 6A E4 ...7o>5y N.K.(.j. >+[0FE0] 0C 95 53 BA E8 41 07 DA BE E9 08 B9 51 24 91 49 ..S..A.. ....Q$.I >+[0FF0] 78 5D 44 12 BC 85 63 81 B8 E0 88 D5 95 0C D3 A8 x]D...c. ........ >+[1000] 1D 32 4B E4 A0 C8 A7 7D 3C 97 EE D8 59 AC 3A 21 .2K....} <...Y.:! >+[1010] 09 F2 7A CC D0 4A F3 50 10 DC FC 26 BB C2 6A 8E ..z..J.P ...&..j. >+[1020] 8B 14 2B 2D 50 2E B3 1E 9B D2 69 56 22 F2 48 BD ..+-P... ..iV".H. >+[1030] E9 2E 2F 28 DE 77 67 5F 68 AA 29 05 4B 36 58 40 ../(.wg_ h.).K6X@ >+[1040] E5 54 11 C5 4D 68 96 49 9D 53 37 87 5F D2 3A 9B .T..Mh.I .S7._.:. >+[1050] E9 8E 79 BE AE 11 B4 6B AB FD DB 8A F5 A0 9B 29 ..y....k .......) >+[1060] D9 F5 ED CA FA 3F FE 35 FC F4 69 7E E4 D0 44 29 .....?.5 ..i~..D) >+[1070] 48 FF 82 61 26 FC D3 E2 10 EE 14 F7 4A E3 CD F2 H..a&... ....J... >+[1080] 8B BC 8B 43 64 2C DE 40 6E BB E1 56 C0 B6 2C D0 ...Cd,.@ n..V..,. >+[1090] E5 1E E9 B3 FB 38 48 66 ED AF D2 25 D1 35 5C C6 .....8Hf ...%.5\. >+[10A0] F0 4D 36 19 0B EC 33 07 34 D0 27 8D 14 DC 01 45 .M6...3. 4.'....E >+[10B0] DE F8 73 A6 A0 F4 C1 91 9D BD 05 E3 70 25 E1 10 ..s..... ....p%.. >+[10C0] 44 F6 4B 46 F7 24 84 BF 20 96 AD 6A 96 94 81 58 D.KF.$.. ..j...X >+[10D0] 80 95 06 92 F5 7F 17 39 3B 32 47 B2 C5 CE 7B 73 .......9 ;2G...{s >+[10E0] CF 53 AE FA D1 9A 60 5A 98 EC 8C FA BD C0 CE 8D .S....`Z ........ >+[10F0] C5 27 E6 17 1A 4D 47 D8 3F 5D A9 7C FB 2C B3 05 .'...MG. ?].|.,.. >+[1100] 0C 69 20 48 99 80 11 DC 48 AB A7 EA 5B 98 C1 15 .i H.... H...[... >+[1110] 27 AE FA 3E 1E 1E E0 E1 F8 32 C0 54 13 D6 30 34 '..>.... .2.T..04 >+[1120] 71 98 26 61 6C 1C C4 C7 4E C4 A6 7E FE A8 B8 89 q.&al... N..~.... >+[1130] 2A 70 3C 19 58 8D 57 45 55 83 0A C2 B5 F7 89 0E *p<.X.WE U....... >+[1140] 7B 7A 17 0C CF 6E 08 A5 F7 21 4A 62 81 4F 49 CA {z...n.. .!Jb.OI. >+[1150] E2 ED C2 B4 C7 33 5C BC A1 A0 DE 4E 09 37 BE 24 .....3\. ...N.7.$ >+[1160] 62 22 94 55 75 AA 53 DE E0 74 5A B0 B8 E9 BF 2B b".Uu.S. .tZ....+ >+[1170] 12 65 2F 90 6B 84 ED 11 AD F7 CE 19 A1 96 E4 1E .e/.k... ........ >+[1180] 8C EA C8 81 1B 47 4F 5F B1 5D A5 8B E3 0D 5A 80 .....GO_ .]....Z. >+[1190] 89 EC 4B D9 CE ED E8 67 7F 96 FC 1B EF 65 C2 68 ..K....g .....e.h >+[11A0] 40 F7 20 36 83 58 62 F4 CA 02 F4 5C 0D 46 B1 CB @. 6.Xb. ...\.F.. >+[11B0] 50 D2 D8 3D B7 9A 96 48 8C CF EB E6 8C F4 B2 B4 P..=...H ........ >+[11C0] 47 C9 34 C9 DC 14 F1 33 1B 6F 9E 65 27 D7 9D 46 G.4....3 .o.e'..F >+[11D0] 1E 91 FF 2E FB 8E 97 5D 17 8F 48 54 7C 3C A0 11 .......] ..HT|<.. >+[11E0] 9C AA 77 E9 79 DE 26 D1 F0 7C EA 24 73 BE EC 60 ..w.y.&. .|.$s..` >+[11F0] B4 EE BD ED 0D 0A AB 74 60 6E 46 C0 35 5B 65 1A .......t `nF.5[e. >+[1200] A4 4A 5C 22 AC B9 CD B7 56 06 88 09 FC 48 68 55 .J\".... V....HhU >+[1210] B7 5E 39 72 DF 8A 4C CD 79 74 B0 84 0B 78 DA B2 .^9r..L. yt...x.. >+[1220] 55 F8 06 0B 5C 27 06 B3 CA 10 65 6B 04 A3 64 11 U...\'.. ..ek..d. >+[1230] 04 09 DC DF 67 00 70 B1 16 DF 24 E9 27 85 11 91 ....g.p. ..$.'... >+[1240] 31 CB 92 95 50 18 91 08 C2 A1 A3 76 C7 1A FC 64 1...P... ...v...d >+[1250] 9E 2C 3A E7 30 F4 16 0D A0 56 C0 BC D2 FE 2D A0 .,:.0... .V....-. >+[1260] 20 A4 E2 82 AD F0 C5 12 71 09 23 E1 66 52 53 D0 ....... q.#.fRS. >+[1270] 89 30 E7 BE B7 C2 89 F2 1C 7A F6 8E D7 28 F0 A4 .0...... .z...(.. >+[1280] 33 46 7C A2 79 66 DE 26 00 00 00 00 3F|.yf.& .... >+dump OK >-- >2.25.1 > > >From 722c46e13c61c5a08f49ee7975a3ebafaf356a1c Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:02:47 +1200 >Subject: [PATCH 069/380] krb5: Add Python functions to create a credentials > cache containing a service ticket > >This is a FILE: format credentials cache readable by the MIT/Heimdal >Kerberos libraries. This allows us to glue the Python ASN1 Kerberos >system to the MIT/Heimdal one. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit 2d88a6ff3dbcf650b09ef9c8c37170ca6663b533) >--- > python/samba/tests/krb5/kdc_base_test.py | 167 ++++++++++++++++++++++- > 1 file changed, 163 insertions(+), 4 deletions(-) > >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 1c7f05dda6d..d8193ae9cdc 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -1,6 +1,6 @@ > # Unix SMB/CIFS implementation. > # Copyright (C) Stefan Metzmacher 2020 >-# Copyright (C) 2020 Catalyst.Net Ltd >+# Copyright (C) 2020-2021 Catalyst.Net Ltd > # > # This program is free software; you can redistribute it and/or modify > # it under the terms of the GNU General Public License as published by >@@ -18,6 +18,8 @@ > > import sys > import os >+from datetime import datetime >+import tempfile > > sys.path.insert(0, "bin/python") > os.environ["PYTHONUNBUFFERED"] = "1" >@@ -26,10 +28,10 @@ import ldb > from ldb import SCOPE_BASE > from samba import generate_random_password > from samba.auth import system_session >-from samba.credentials import Credentials >-from samba.dcerpc import krb5pac >+from samba.credentials import Credentials, SPECIFIED, MUST_USE_KERBEROS >+from samba.dcerpc import krb5pac, krb5ccache > from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_NORMAL_ACCOUNT >-from samba.ndr import ndr_unpack >+from samba.ndr import ndr_pack, ndr_unpack > from samba.samdb import SamDB > > from samba.tests import delete_force >@@ -38,6 +40,8 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 > from samba.tests.krb5.rfc4120_constants import ( > AD_IF_RELEVANT, > AD_WIN2K_PAC, >+ AES256_CTS_HMAC_SHA1_96, >+ ARCFOUR_HMAC_MD5, > KDC_ERR_PREAUTH_REQUIRED, > KRB_AS_REP, > KRB_TGS_REP, >@@ -46,6 +50,8 @@ from samba.tests.krb5.rfc4120_constants import ( > KU_PA_ENC_TIMESTAMP, > KU_TGS_REP_ENC_PART_SUB_KEY, > KU_TICKET, >+ NT_PRINCIPAL, >+ NT_SRV_HST, > PADATA_ENC_TIMESTAMP, > PADATA_ETYPE_INFO2, > ) >@@ -445,3 +451,156 @@ class KDCBaseTest(RawKerberosTest): > msg = ldb.Message(dn) > msg[name] = ldb.MessageElement(values, flag, name) > self.ldb.modify(msg) >+ >+ def create_ccache(self, cname, ticket, enc_part): >+ """ Lay out a version 4 on-disk credentials cache, to be read using the >+ FILE: protocol. >+ """ >+ >+ field = krb5ccache.DELTATIME_TAG() >+ field.kdc_sec_offset = 0 >+ field.kdc_usec_offset = 0 >+ >+ v4tag = krb5ccache.V4TAG() >+ v4tag.tag = 1 >+ v4tag.field = field >+ >+ v4tags = krb5ccache.V4TAGS() >+ v4tags.tag = v4tag >+ v4tags.further_tags = b'' >+ >+ optional_header = krb5ccache.V4HEADER() >+ optional_header.v4tags = v4tags >+ >+ cname_string = cname['name-string'] >+ >+ cprincipal = krb5ccache.PRINCIPAL() >+ cprincipal.name_type = cname['name-type'] >+ cprincipal.component_count = len(cname_string) >+ cprincipal.realm = ticket['realm'] >+ cprincipal.components = cname_string >+ >+ sname = ticket['sname'] >+ sname_string = sname['name-string'] >+ >+ sprincipal = krb5ccache.PRINCIPAL() >+ sprincipal.name_type = sname['name-type'] >+ sprincipal.component_count = len(sname_string) >+ sprincipal.realm = ticket['realm'] >+ sprincipal.components = sname_string >+ >+ key = self.EncryptionKey_import(enc_part['key']) >+ >+ key_data = key.export_obj() >+ keyblock = krb5ccache.KEYBLOCK() >+ keyblock.enctype = key_data['keytype'] >+ keyblock.data = key_data['keyvalue'] >+ >+ addresses = krb5ccache.ADDRESSES() >+ addresses.count = 0 >+ addresses.data = [] >+ >+ authdata = krb5ccache.AUTHDATA() >+ authdata.count = 0 >+ authdata.data = [] >+ >+ # Re-encode the ticket, since it was decoded by another layer. >+ ticket_data = self.der_encode(ticket, asn1Spec=krb5_asn1.Ticket()) >+ >+ authtime = enc_part['authtime'] >+ try: >+ starttime = enc_part['starttime'] >+ except KeyError: >+ starttime = authtime >+ endtime = enc_part['endtime'] >+ >+ cred = krb5ccache.CREDENTIAL() >+ cred.client = cprincipal >+ cred.server = sprincipal >+ cred.keyblock = keyblock >+ cred.authtime = int(datetime.strptime(authtime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.starttime = int(datetime.strptime(starttime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.endtime = int(datetime.strptime(endtime.decode(), >+ "%Y%m%d%H%M%SZ").timestamp()) >+ cred.renew_till = cred.endtime >+ cred.is_skey = 0 >+ cred.ticket_flags = int(enc_part['flags'], 2) >+ cred.addresses = addresses >+ cred.authdata = authdata >+ cred.ticket = ticket_data >+ cred.second_ticket = b'' >+ >+ ccache = krb5ccache.CCACHE() >+ ccache.pvno = 5 >+ ccache.version = 4 >+ ccache.optional_header = optional_header >+ ccache.principal = cprincipal >+ ccache.cred = cred >+ >+ # Serialise the credentials cache structure. >+ result = ndr_pack(ccache) >+ >+ # Create a temporary file and write the credentials. >+ cachefile = tempfile.NamedTemporaryFile(dir=self.tempdir, delete=False) >+ cachefile.write(result) >+ cachefile.close() >+ >+ return cachefile >+ >+ def create_ccache_with_user(self, user_credentials, mach_name, >+ service="host"): >+ # Obtain a service ticket authorising the user and place it into a >+ # newly created credentials cache file. >+ >+ user_name = user_credentials.get_username() >+ realm = user_credentials.get_realm() >+ >+ # Do the initial AS-REQ, should get a pre-authentication required >+ # response >+ etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5) >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_HST, >+ names=["krbtgt", realm]) >+ >+ rep = self.as_req(cname, sname, realm, etype) >+ self.check_pre_authenication(rep) >+ >+ # Do the next AS-REQ >+ padata = self.get_pa_data(user_credentials, rep) >+ key = self.get_as_rep_key(user_credentials, rep) >+ rep = self.as_req(cname, sname, realm, etype, padata=padata) >+ self.check_as_reply(rep) >+ >+ # Request a ticket to the host service on the machine account >+ ticket = rep['ticket'] >+ enc_part = self.get_as_rep_enc_data(key, rep) >+ key = self.EncryptionKey_import(enc_part['key']) >+ cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, >+ names=[user_name]) >+ sname = self.PrincipalName_create(name_type=NT_SRV_HST, >+ names=[service, mach_name]) >+ >+ (rep, enc_part) = self.tgs_req( >+ cname, sname, realm, ticket, key, etype) >+ self.check_tgs_reply(rep) >+ key = self.EncryptionKey_import(enc_part['key']) >+ >+ # Check the contents of the pac, and the ticket >+ ticket = rep['ticket'] >+ >+ # Write the ticket into a credentials cache file that can be ingested >+ # by the main credentials code. >+ cachefile = self.create_ccache(cname, ticket, enc_part) >+ >+ # Create a credentials object to reference the credentials cache. >+ creds = Credentials() >+ creds.set_kerberos_state(MUST_USE_KERBEROS) >+ creds.set_username(user_name, SPECIFIED) >+ creds.set_realm(realm) >+ creds.set_named_ccache(cachefile.name, SPECIFIED, self.lp) >+ >+ # Return the credentials along with the cache file. >+ return (creds, cachefile) >-- >2.25.1 > > >From ffbd4d841e90df64a9ed50503a347a0708d80fce Mon Sep 17 00:00:00 2001 >From: Joseph Sutton <josephsutton@catalyst.net.nz> >Date: Wed, 28 Apr 2021 11:06:33 +1200 >Subject: [PATCH 070/380] python: Add credentials cache test > >Test that we can use a credentials cache with a user's service ticket >obtained with our Python code to connect to a service using the normal >credentials system backed on to MIT/Heimdal Kerberos 5 libraries. This >will allow us to validate the output of the MIT/Heimdal libraries in the >future. > >Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 >(cherry picked from commit c15f26ec40860782b22e862f9bdf665745387718) >--- > python/samba/tests/krb5/raw_testcase.py | 8 +- > python/samba/tests/krb5/rfc4120_constants.py | 1 + >