a )&iԃ@snddlZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z ddlmZddlm ZddlmZddlmZddlmZddlmZddlmZmZdd lmZdd l m!Z!m"Z"ddl#Z$dd l#m%Z%ddl&m'm(m)Z*dd l+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJmKZKmLZLmMZMmNZNmOZOmPZPmQZQmRZRmSZSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\ddl]m'm(m^Z^d dZ_e_e_`d!ddZae*jbjce*jd_ee*jbjce*jd_ceae*jd_fe*jgjce*jh_ee*jgjce*jh_ceae*jh_fe*jijce*jj_ee*jijce*jj_ceae*jj_fe*jkjce*jl_ee*jkjce*jl_ceae*jl_fd"ddZme*jnjce*jo_eeme*jo_fe*jpjce*jq_eeme*jq_fe*jrjce*js_eeme*js_fe*jtjce*ju_eeme*ju_fe*jvjce*jw_eeme*jw_fe*jxjce*jy_eeme*jy_fGdddZzGdddezZ{Gddde{Z|Gddde{Z}GdddeZ~GdddZGdd d e%ZdS)#N)Enum)decode)encode)BitStringEncoder) PyAsn1Error) Credentials)krb5pacsecurity) FEATURE_SEAL)ndr_pack ndr_unpack)TestCaseInTempDir)1AD_IF_RELEVANT AD_WIN2K_PACFX_FAST_ARMOR_AP_REQUESTKDC_ERR_GENERICKDC_ERR_PREAUTH_FAILED%KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONSKERB_ERR_TYPE_EXTENDED KRB_AP_REP KRB_AP_REQ KRB_AS_REP KRB_AS_REQ KRB_ERRORKRB_PRIV KRB_TGS_REP KRB_TGS_REQKU_AP_REQ_AUTHKU_AS_REP_ENC_PARTKU_AP_REQ_ENC_PARTKU_ENC_CHALLENGE_KDC KU_FAST_ENCKU_FAST_FINISHED KU_FAST_REPKU_FAST_REQ_CHKSUM KU_KRB_PRIVKU_NON_KERB_CKSUM_SALTKU_TGS_REP_ENC_PART_SESSIONKU_TGS_REP_ENC_PART_SUB_KEYKU_TGS_REQ_AUTHKU_TGS_REQ_AUTH_CKSUMKU_TGS_REQ_AUTH_DAT_SESSIONKU_TGS_REQ_AUTH_DAT_SUBKEY KU_TICKET NT_PRINCIPAL NT_SRV_INST NT_WELLKNOWNPADATA_ENCRYPTED_CHALLENGEPADATA_ENC_TIMESTAMPPADATA_ETYPE_INFOPADATA_ETYPE_INFO2PADATA_FOR_USERPADATA_FX_COOKIEPADATA_FX_ERRORPADATA_FX_FASTPADATA_KDC_REQPADATA_PAC_OPTIONSPADATA_PAC_REQUESTPADATA_PK_AS_REQPADATA_PK_AS_REP_19PADATA_SUPPORTED_ETYPESc Ksx|dur||}t|}|dr4|d|d>}n|}|}t|}|dkrZd|} nd} d|d| } | ddfS)NrFT)ZclonelenZasOctets) selfvalueasn1SpecZ encodeFunoptionsZ valueLengthZ alignedValueZ substratelengthZpaddingretrI?/usr/lib/python3/dist-packages/samba/tests/krb5/raw_testcase.pyBitStringEncoder_encodeValue32gs  rKc Csd|}g}d}|D]2}dD](}d|>}||@r>d}nd}||q$qt||krztt||D]} |dqjd|} d| } t|D]P} | |jvr|j| } n|| dkrd| } nq|d | | || f7}d | } q|d | 7}|S) N%s )r@rrSr z: ( %s zunknown-bit-%uz%s%s:%uz, %s z %s))ZasBinaryZ asNumbersappendrBrangeprettyPrintNamedValues) rCscoperHbitsZ highest_bitZbytebitmaskvalZ bitPositionindentZdelimnamerIrIrJ!BitString_NamedValues_prettyPrints2           r_cCs4t|}||jvr|j|}nd}d|||f}|S)Nz <__unknown__>z %d (0x%x) %s)intrW)rCrXZintvalr^rHrIrIrJInteger_NamedValues_prettyPrints   rac@sHeZdZddZddZddZddd Zdd d Zd d ZddZ dS)Krb5EncryptionKeycCsLtjjtjjtjjtjjtjjtjji}||_ |j |_ ||j |_ ||_ dSN)kcryptoEnctypeAES256Z CksumtypeZ SHA1_AES256AES128Z SHA1_AES128RC4ZHMAC_MD5keyZenctypeetypectypekvno)rCrirlZEncTypeChecksumrIrIrJ__init__s    zKrb5EncryptionKey.__init__cCst|j||}|Src)rdencryptri)rCusage plaintext ciphertextrIrIrJrnszKrb5EncryptionKey.encryptcCst|j||}|Src)rddecryptri)rCrorqrprIrIrJrrszKrb5EncryptionKey.decryptNcCs |dur|j}t|}t|Src)rkrd checksum_lenbytes)rCrkrsrIrIrJmake_zeroed_checksums z&Krb5EncryptionKey.make_zeroed_checksumcCs$|dur|j}t||j||}|Src)rkrd make_checksumrirCrorprkcksumrIrIrJrvszKrb5EncryptionKey.make_checksumcCs:|j|kr"td|jd|dt||j|||dS)Nzkey checksum type (z) != checksum type ())rkAssertionErrorrdverify_checksumrirwrIrIrJr{s   z!Krb5EncryptionKey.verify_checksumcCs|j|jjd}|S)N)keytypekeyvalue)rjricontentsrCZEncryptionKey_objrIrIrJ export_obj szKrb5EncryptionKey.export_obj)N)N) __name__ __module__ __qualname__rmrnrrrurvr{rrIrIrIrJrbs    rbcsFeZdZd fdd Zd fdd Zd fdd Zfdd ZZS) RodcPacEncryptionKeyNcs`t|||dur<|j}|dur4|dL}|dM}|p:d}|durV|jddd|_nd|_dS)NrRlittle byteorder)superrmrlto_bytesrodc_id)rCrirlr __class__rIrJrmszRodcPacEncryptionKey.__init__cst|}|tt|jSrc)rrurtrBr)rCrkchecksumrrIrJmake_rodc_zeroed_checksum&s z.RodcPacEncryptionKey.make_rodc_zeroed_checksumcst|||}||jSrc)rrvrrCrorprkrrrIrJmake_rodc_checksum*sz'RodcPacEncryptionKey.make_rodc_checksumcs\|jrF|dd|dd}}|j|krFt|jd|t||||dS)Nz != )rrzhexrr{)rCrorprkrxZ cksum_rodc_idrrIrJverify_rodc_checksum.s z)RodcPacEncryptionKey.verify_rodc_checksum)N)N)N)rrrrmrrr __classcell__rIrIrrJrsrc@s eZdZdddZdddZdS)ZeroedChecksumKeyNcCs ||Src)rurCrorprkrIrIrJrv=szZeroedChecksumKey.make_checksumcCs ||Src)rrrIrIrJr@sz$ZeroedChecksumKey.make_rodc_checksum)N)N)rrrrvrrIrIrIrJr<s rcsXeZdZfddZeddZdddZdfdd Zdd d Zdfd d Z Z S)WrongLengthChecksumKeycst||||_dSrc)rrm_length)rCrirlrGrrIrJrmEszWrongLengthChecksumKey.__init__cCs:|t|}|dkr"|t|7}n|dkr6|d|}|SNr)rBrt)clsrrGZdiffrIrIrJ_adjust_to_lengthJs   z(WrongLengthChecksumKey._adjust_to_lengthNcCs t|jSrcrtrrCrkrIrIrJruTsz+WrongLengthChecksumKey.make_zeroed_checksumcst|||}|||jSrc)rrvrrrrrIrJrvWsz$WrongLengthChecksumKey.make_checksumcCs t|jSrcrrrIrIrJr[sz0WrongLengthChecksumKey.make_rodc_zeroed_checksumcst|||}|||jSrc)rrrrrrrIrJr^sz)WrongLengthChecksumKey.make_rodc_checksum)N)N)N)N) rrrrm classmethodrrurvrrrrIrIrrJrDs   rcs,eZdZejejBejBZfddZddZ ddZ ddZ e ejjejfejjejfejjejfejjejfejjejfgZed d Zed d Zd dZddZddZ ddZ!ddZ"ddZ#ddZ$ddZ%ddZ&dd Z'd!d"Z(d#d$Z)d%d&Z*d'd(Z+d)d*Z,d+d,Z-d-d.Z.Z/S)/KerberosCredentialscsjtt|d}|tjO}|tjO}|tjO}||_||_||_ d|_ i|_ d|_ d|_ d|_d|_dSr)rrrmr KERB_ENCTYPE_RC4_HMAC_MD5$KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96$KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96as_supported_enctypestgs_supported_enctypesap_supported_enctypesrl forced_keys forced_saltdnupnspn)rCZ all_enc_typesrrIrJrmis   zKerberosCredentials.__init__cCst||_dSrc)r`rrCrDrIrIrJset_as_supported_enctypes}sz-KerberosCredentials.set_as_supported_enctypescCst||_dSrc)r`rrrIrIrJset_tgs_supported_enctypessz.KerberosCredentials.set_tgs_supported_enctypescCst||_dSrc)r`rrrIrIrJset_ap_supported_enctypessz-KerberosCredentials.set_ap_supported_enctypescCs:d}|D],}|j|}||@r,td|||O}q|S)NrzGot duplicate etype: ) etype_map ValueError)retypesrYrjrZrIrIrJetypes_to_bitss  z"KerberosCredentials.etypes_to_bitscCsZd}|jD]$\}}||@r||M}||f7}q||jM}|dkrVtd||S)NrIrzUnsupported etype bits: )ritemsfast_supported_bitsr)rrYrrjrZrIrIrJbits_to_etypess   z"KerberosCredentials.bits_to_etypescCs ||jSrc)rrrCrIrIrJget_as_krb5_etypessz&KerberosCredentials.get_as_krb5_etypescCs ||jSrc)rrrrIrIrJget_tgs_krb5_etypessz'KerberosCredentials.get_tgs_krb5_etypescCs ||jSrc)rrrrIrIrJget_ap_krb5_etypessz&KerberosCredentials.get_ap_krb5_etypescCs|d@r|dO}||_dS)Nrl)rCrlrIrIrJset_kvnoszKerberosCredentials.set_kvnocCs|jSrcrrrIrIrJget_kvnoszKerberosCredentials.get_kvnocCs4t|}t|}t||}t||j|j|<dSrc)r`binasciiZa2b_hexrdKeyrrlr)rCrjZhexkeyr~rirIrIrJset_forced_keys  z"KerberosCredentials.set_forced_keycCst|}|j|Src)r`rget)rCrjrIrIrJget_forced_keysz"KerberosCredentials.get_forced_keycCst||_dSrc)rtr)rCsaltrIrIrJset_forced_saltsz#KerberosCredentials.set_forced_saltcCs|jSrc)rrrIrIrJget_forced_saltsz#KerberosCredentials.get_forced_saltcCs|jdur|jS|}|dur:|ddddd}n|}|r|}|ddkrn|dd}d|||f}n||}| d S) N@rSr/$z %shost%s.%sutf-8) rget_upnrsplitreplace get_usernameZget_workstationlower get_realmupperr)rCrZ salt_nameZ salt_stringrIrIrJget_salts"      zKerberosCredentials.get_saltcCs ||_dSrcr)rCrrIrIrJset_dnszKerberosCredentials.set_dncCs|jSrcrrrIrIrJget_dnszKerberosCredentials.get_dncCs ||_dSrcr)rCrrIrIrJset_spnszKerberosCredentials.set_spncCs|jSrcrrrIrIrJget_spnszKerberosCredentials.get_spncCs ||_dSrcr)rCrrIrIrJset_upnszKerberosCredentials.set_upncCs|jSrcrrrIrIrJrszKerberosCredentials.get_upncCs ||||ddSNrS) set_passwordrr)rCpasswordrIrIrJupdate_passwords z#KerberosCredentials.update_password)0rrrr ZKERB_ENCTYPE_FAST_SUPPORTEDZ(KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTEDZKERB_ENCTYPE_CLAIMS_SUPPORTEDrrmrrr collections OrderedDictrdrerfrrgrrhrZDES_MD5KERB_ENCTYPE_DES_CBC_MD5ZDES_CRCKERB_ENCTYPE_DES_CBC_CRCrrrrrrrrrrrrrrrrrrrrrrrIrIrrJrcs^    rc@seZdZdddZddZdS)KerberosTicketCredsNc Cs:||_||_||_||_||_||_||_||_| |_dSrc) ticket session_keycrealmcnamesrealmsnamedecryption_keyticket_privateencpart_private) rCrrrrrrrrrrIrIrJrmszKerberosTicketCreds.__init__cCs||jd<||_dSNr)rr)rCrrIrIrJ set_sname s zKerberosTicketCreds.set_sname)NNNNNNN)rrrrmrrIrIrIrJrs rc.seZdZdZGdddeZejejej hZ ddde j j dde j jdde j jd dfZd Zed d Zed dZddZefddZfddZfddZddZdddZdddZddd Zdd!d"Zdd#d$Zdd%d&Zdd'd(Z dd)d*Z!dd+d,Z"dd-d.Z#dd/d0Z$dd1d2Z%d3d4Z&dd5d6Z'dd7d8Z(dd9d:Z)d d;d<Z*d d=d>Z+d d?d@Z,d dBdCZ-d dDdEZ.ddFdGZ/ddHdIZ0dJdKZ1dLdMZ2ddNdOZ3dPdQZ4dRdSZ5dTdUZ6dVdWZ7ddXdYZ8dZd[Z9d\d]Z:d^d_Z;d`daZdddfdgdhZ?ddidjZ@ddkdlZAdmdnZBdodpZCdqdrZDddsdtZEddudvZFddwdxZGddydzZHd{d|ZId}d~ZJddZKdddZLeddZMddZNddZOddZPddZQddZRddZSddZTddZUdddZVddZWdddZXdddZYdddZZddZ[ddZ\dddZ]dddZ^dddZ_d ddZ`ddZaddZbd!ddZcd"ddZdddd dddddddddddddeedddddddddddddddddddddddddddd f-ddZfddd dddddddddddddeeddddddddddddddddddddddddddddd f.ddZgddZhd#ddZiddZjddZkd$dd„ZlddĄZmd%ddƄZnd&ddȄZoddʄZpdd̄Zqdd΄ZrddЄZsdd҄ZtddԄZuddքZvd'dd؄Zwdddd d ddddٜddۄZxd(dd݄Zyd)dd߄Zzd*ddZ{d+ddZ|ddZ}ddZ~ddZddZddZddZddZddZddZddZd,ddZZS(-RawKerberosTestzA raw Kerberos Test case.c@seZdZeZeZdS)zRawKerberosTest.KpasswdModeN)rrrobjectSETCHANGErIrIrIrJ KpasswdModesriZdummy)rDr^Zaes128Zaes256Zrc4FcCs|jr dSg}t|j}g}td|dD]4}ttt||}|D]}t|}||qFq*|D]f}d} d} |D]@} |j| d} | dur| } n | d| 7} | |j| df7} qt| | d} || qd||_d|_dS)NrSrIr^z_%srD)r^rT) "setup_etype_test_permutations_donerBetypes_to_testrVlist itertools permutationsrUetype_test_permutations)rresZnum_idxsrZnumchunkeZelpr^ridxnrrIrIrJsetup_etype_test_permutations&s.    z-RawKerberosTest.setup_etype_test_permutationscCs>|g}d}|jD]"}|d|f}|d7}||q|S)Nrr^rS)rrrU)rrrrrrIrIrJetype_test_permutation_name_idxFs   z/RawKerberosTest.etype_test_permutation_name_idxcCs|j|}|d|dfS)Nr^r)r)rCrrrIrIrJetype_test_permutation_by_idxQs z-RawKerberosTest.etype_test_permutation_by_idxcsttjd|_tjd|_i|_tjjddd}|durHd}tt ||_ tjjddd}|durrd}tt ||_ tjjddd}|durd }tt ||_ tjjd dd}|durd }tt ||_ dS) NSERVERZ DC_SERVERZ FAST_SUPPORTT allow_missing0ZTKT_SIG_SUPPORTZ EXPECT_PAC1ZEXPECT_EXTRA_PAC_BUFFERS)r setUpClasssambatestsenv_get_var_valuehostdc_host creds_dictboolr`kdc_fast_supporttkt_sig_support expect_pacexpect_extra_pac_buffers)rrrrrrrIrJrUs: zRawKerberosTest.setUpClasscsRtd|_d|_tjjddd}|dur2d}tt||_ d|_ t |_ dS)NFZSTRICT_CHECKINGTr r ) rsetUp do_asn1_print do_hexdumprrrrr`strict_checkingsrunspecified_kvno)rCrrrIrJrys zRawKerberosTest.setUpcs|dtdS)NtearDown) _disconnectrr rrrIrJr s zRawKerberosTest.tearDowncCs8|jdurdS|jd|_|jr4tjd|dS)Nzdisconnect[%s] )rclosersysstderrwrite)rCreasonrIrIrJr!s   zRawKerberosTest._disconnectNcCs|dur d}zpt||tjtjtjd|_t|jdd|jdd|jdd|_|jd|j|jddWn<tj y|j Ynt y|j Yn0dS)NXrrSrR r@) socketZ getaddrinfoZ AF_UNSPECZ SOCK_STREAMZSOL_TCPar settimeoutconnecterrorr"IOErrorrCrportrIrIrJ _connect_tcps  .    zRawKerberosTest._connect_tcpcCs.|||||jr*tjd|dS)Nzconnected[%s] )assertNotConnectedr1rr#r$r%r/rIrIrJr,s zRawKerberosTest.connectTcCsRd}|dur.|p|}tjjd||f|d}nd}|durN|rNtjj||d}|S)Nz%s_%sr T)rrr)rCZvarnameprefixfallback_defaultr r\Zallow_missing_prefixrIrIrJ env_get_vars  zRawKerberosTest.env_get_varcCst}||d|}|d|}|du} |jd|d| d} | durL|} |jd|d|d} |||||| | dur|| |jd|dd } | dur|| |jd |dd } | dur|| |jd |dd }|dur| ||rd}| durd}nd}n|}|}|jd |d|d}|durF| t ||jd |d|d}|durr| t jj||jd|ddd}|dur| t jj||jd|ddd}|dur| t jj||s||jd||S)NZDOMAINZREALMZUSERNAMEF)r4r ZPASSWORDZAS_SUPPORTED_ENCTYPESTr ZTGS_SUPPORTED_ENCTYPESZAP_SUPPORTED_ENCTYPESZKVNOZAES256_KEY_HEXZAES128_KEY_HEXZ RC4_KEY_HEXz/Please supply %s encryption keys in environment)rZguessr5Z set_domainZ set_realmZ set_usernamerrrrrr`rrdrerfrgrh assertTruer)rCr3default_usernameallow_missing_passwordallow_missing_keysrequire_strongest_keycZdomainrealmZallow_missing_usernameZusernamerrrrZkvno_allow_missingZaes256_allow_missingrlZ aes256_keyZ aes128_keyZrc4_keyrIrIrJ_get_krb5_creds_from_envs              z(RawKerberosTest._get_krb5_creds_from_envc Cs||jvr|j|Sd}d}z|j|||||d}Wn(ty\} z| }WYd} ~ n"d} ~ 00||||j|<|S|durz |}WnHty} z0td|td|td| WYd} ~ n"d} ~ 00||||j|<|S|dS)N)r7r8r9r:zERROR FROM ENV: %rzFALLBACK-FN: %szFALLBACK-ERROR: %r)rr= ExceptionassertIsNotNoneprint) rCr3r7r8r9r:Zfallback_creds_fncredsZenv_errerrrIrIrJ_get_krb5_credss8        "  zRawKerberosTest._get_krb5_credscCs|jd||d}|S)Nr3r8r9rCrCr8r9r;rIrIrJget_user_creds4s zRawKerberosTest.get_user_credscCs|jd||d}|S)NZSERVICErDrErFrIrIrJget_service_creds<s z!RawKerberosTest.get_service_credscCs|jd||d}|S)NZCLIENTrDrErFrIrIrJget_client_credsDs z RawKerberosTest.get_client_credscCs|jd||d}|S)Nr rDrErFrIrIrJget_server_credsLs z RawKerberosTest.get_server_credscCs0|jd||d}||tB|d|S)NZADMINrDr)rCZset_gensec_featuresZget_gensec_featuresr Zset_workstationrFrIrIrJget_admin_credsTs zRawKerberosTest.get_admin_credscCs&|r|||jdd| |d}|S)NZ RODC_KRBTGTT)r3r8r9r:r6rCrCZ require_keysr:r;rIrIrJget_rodc_krbtgt_creds^s z%RawKerberosTest.get_rodc_krbtgt_credscCs(|r|||jddd| |d}|S)NZKRBTGTkrbtgtT)r3r7r8r9r:rLrMrIrIrJget_krbtgt_credsis z RawKerberosTest.get_krbtgt_credscCst}||Src)rZ set_anonymous)rCr;rIrIrJget_anon_credsuszRawKerberosTest.get_anon_credscCsD|dur|j}|r@|dur0tjd||fntjd|dS)Nz%s: %srL)rr#r$r%)rCr^obj asn1_printrIrIrJ asn1_dumpzs zRawKerberosTest.asn1_dumpcCs6|dur|j}|r2tjd|t|||fdS)Nz %s: %d %s)rr#r$r%rBhexdump)rCr^blobrUrIrIrJhex_dumps zRawKerberosTest.hex_dumpc Csb|durt|jdd}nd}|j|||dt||d\}}|jd||d|r^t|}|S)N:rzrUrErS)typersplitrWpyasn1_der_decoderTpyasn1_native_encode) rCrVrE native_encoderSrU class_namerR_rIrIrJ der_decodeszRawKerberosTest.der_decodecCs`|rt||d}t|jdd}|dur<|jd||dt|}|dur\|j|||d|S)NrZrXrr[rY)pyasn1_native_decoder\rr]rTpyasn1_der_encoderW)rCrRrE native_decoderSrUrarVrIrIrJ der_encodes zRawKerberosTest.der_encodecCs$|j|d|dd}|j||ddS)NF)rfrSrUrY)rgsend_msg)rCreqrSrUZk5_pdurIrIrJsend_pduszRawKerberosTest.send_pduc Cstdt|}|}||7}|jd||d|jd||dz2|j|d}|t|kr^WdS||d}q>Wnhtjy}z|d|WYd}~nIrhrYrz send_msg: %s) structZpackrBrWrsendr)r-r!r.)rCmsgrUheaderZreq_pduZsentrrIrIrJrhs  zRawKerberosTest.send_msgrc Csd}z^|dur|j||j|d}|jdt|dkrP|dWdS|jd||dWntjy|jdtj dYnhtj y}z|d|WYd}~nr!)rCrirSrUrqto_rodcrrrIrIrJsend_recv_transactions     z%RawKerberosTest.send_recv_transactioncCs||jdSrc)r6Z isNoValuerrIrIrJ assertNoValue(szRawKerberosTest.assertNoValuecCs||dSrc)r?rrIrIrJassertHasValue+szRawKerberosTest.assertHasValuecCs ||Src)r)rCrRelemrIrIrJgetElementValue.szRawKerberosTest.getElementValuecCs|||}||dSrc)rr)rCrRrvrIrIrJassertElementMissing1s z$RawKerberosTest.assertElementMissingcCsT|||}|||jrPt|tjjrP|r@|dt|n| dt|dSr) rr?r isinstancerabc ContainerryrBassertNotEqual)rCrRr expect_emptyrrIrIrJassertElementPresent5s  z$RawKerberosTest.assertElementPresentcCs&|||}|||||dSrc)rr?ryrCrRrrDrrIrIrJassertElementEqual?s  z"RawKerberosTest.assertElementEqualcCs,|||}||||t|ddS)Nutf8)rr?ryrtrrIrIrJassertElementEqualUTF8Ds  z&RawKerberosTest.assertElementEqualUTF8cCs~||d|d|jt|dt|dd||fdtt|dD],}|j|d||d|d||fdqLdS)N name-type name-stringzprinc1=%s != princ2=%sr)ryrBrV)rCZprinc1Zprinc2rrIrIrJassertPrincipalEqualIs      z$RawKerberosTest.assertPrincipalEqualcCs6|||}||t|td}|||dSNrZ)rr?rdr{Z PrincipalNamerrrIrIrJassertElementEqualPrincipalUs  z+RawKerberosTest.assertElementEqualPrincipalcCsp|||}|dkr|}|durb||||d||jurlt|}||d|||n ||dS)N autodetectr)rr?rrr`ryrrrIrIrJassertElementKVNO[s     z!RawKerberosTest.assertElementKVNOc Cs|||}|||durj||tjt|D]4\}}|dkr4|d||d|j|d|q4|dur||tjt|D]4\}}|dkr|d||d|j|d|qdS)NrSr 'z' expected in r z' unexpected in )rr?ZassertIsInstancer{ TicketFlags enumeratery namedValues)rCrRrexpectedZ unexpectedriflagrIrIrJassertElementFlagsls(    z"RawKerberosTest.assertElementFlags)require_strictrequire_orderedcs||jr|r|||n`d|d|}|jsjdurj|dd7}fdd|D}fdd|D}||||dS)Nz expected: z got: z (ignoring: ryc3s|]}|vr|VqdSrcrI.0xrrIrJ rz>RawKerberosTest.assertSequenceElementsEqual..c3s|]}|vr|VqdSrcrIrrrIrJrr)rryZassertCountEqual)rCrZgotrrfail_msgrIrrJassertSequenceElementsEqual~s z+RawKerberosTest.assertSequenceElementsEqualcCsH|durt}|dur$|t|}tjj|tjjd}|d|jfS)N)Ztz %Y%m%d%H%M%SZ)timer`datetimeZ fromtimestamptimezoneutcstrftimeZ microsecond)rCepochoffsetZdtrIrIrJget_KerberosTimeWithUsecs  z(RawKerberosTest.get_KerberosTimeWithUseccCs|j||d\}}|S)N)rr)r)rCrrrrbrIrIrJget_KerberosTimesz RawKerberosTest.get_KerberosTimecCs@t|tr|}tj|d}|jtjjd}t| }|S)Nr)Ztzinfo) rrtrrstrptimerrrr` timestamp)rCZ kerberos_timerrIrIrJget_EpochFromKerberosTimes  z)RawKerberosTest.get_EpochFromKerberosTimecCsd}d}t||}|S)Nii)randomrandint)rCZ nonce_minZ nonce_maxrrIrIrJ get_Nonces zRawKerberosTest.get_NoncecCsDi}|dur@|D].}|d}||vr2td||d||<q|S)N padata-typezDuplicate type padata-value) RuntimeError)rCpa_datapa_dictpaZpa_typerIrIrJ get_pa_dictszRawKerberosTest.get_pa_dictcCst||}t||Src)rdrr)rCrjr~rlrirIrIrJSessionKey_creates z!RawKerberosTest.SessionKey_createcCs0||||tj||||d}t||S)N)params)r?rdZ string_to_keyr)rCrjpwdrrlrrirIrIrJPasswordKey_creates  z"RawKerberosTest.PasswordKey_createc Cs\|d}|d}|tjjkr6|}|j|||dS|d}|}|j|||||dS)Nrjrrjr~rl s2kparams)rjrrrlr)rrdrerh get_nt_hashr get_passwordr) rCrA etype_info2rlrrnthashrrrIrIrJPasswordKey_from_etype_info2s    z,RawKerberosTest.PasswordKey_from_etype_info2c Cs|dur&|}|r|d}ntjj}||}|dur<|S|}d|||f}|tjjkr|}|j||d|j |||dS| }|j||d| } |j ||| |dS)NrzE%s has no fixed key for etype[%s] kvno[%s] nor a password specified, rr)rjrrrl) rrdrerhrrrrr?rrrr) rCrArjrZ forced_keyrlrrrrrIrIrJTicketDecryptionKey_from_credss8    z.RawKerberosTest.TicketDecryptionKey_from_credscCs$t|}t|j}|j||dS)N)rjr~)rdZ_get_enctype_profilerZgenerate_random_bytesZkeysizer)rCrjrr~rIrIrJ RandomKeys  zRawKerberosTest.RandomKeycCs||d|dS)Nr|r})rrrIrIrJEncryptionKey_imports z$RawKerberosTest.EncryptionKey_importcCs0|||}|j|d}|jdur,|j|d<|S)N)rjcipherrl)rnrjrl)rCrirorprqZEncryptedData_objrIrIrJEncryptedData_creates   z$RawKerberosTest.EncryptedData_createcCs,|dur|j}|j|||d}||d}|S)Nrk) cksumtyper)rkrv)rCrirorprkrZ Checksum_objrIrIrJChecksum_create szRawKerberosTest.Checksum_createcCs||d}|S)N)rrrI)r name_typenamesZPrincipalName_objrIrIrJPrincipalName_createsz$RawKerberosTest.PrincipalName_createcCs||d}|S)N)ad-typead-datarI)rCZad_typeZad_dataZ AUTH_DATA_objrIrIrJAuthorizationData_create$sz(RawKerberosTest.AuthorizationData_createcCs||d}|S)N)rrrI)rCZ padata_typeZ padata_valueZ PA_DATA_objrIrIrJPA_DATA_create/szRawKerberosTest.PA_DATA_createcCs||d}|S)N) patimestamppausecrI)rCZtsusecZPA_ENC_TS_ENC_objrIrIrJPA_ENC_TS_ENC_create;sz$RawKerberosTest.PA_ENC_TS_ENC_createcCs d|i}|S)NrFrI)rCrFZPA_PAC_OPTIONS_objrIrIrJPA_PAC_OPTIONS_createFsz%RawKerberosTest.PA_PAC_OPTIONS_createcCs||d}|S)N)z armor-typez armor-valuerI)rCZ armor_typeZ armor_valueZKRB_FAST_ARMOR_objrIrIrJKRB_FAST_ARMOR_createOsz%RawKerberosTest.KRB_FAST_ARMOR_createcCs|||d}|S)N)z fast-optionspadatareq-bodyrI)rC fast_optionsrreq_bodyZKRB_FAST_REQ_objrIrIrJKRB_FAST_REQ_create[s z#RawKerberosTest.KRB_FAST_REQ_createcCs||d}|dur||d<|S)N)z req-checksumz enc-fast-reqarmorrI)rCrZ req_checksumZ enc_fast_reqZKRB_FAST_ARMORED_REQ_objrIrIrJKRB_FAST_ARMORED_REQ_createis z+RawKerberosTest.KRB_FAST_ARMORED_REQ_createcCs d|i}|S)N armored-datarI)rCZ armored_dataZPA_FX_FAST_REQUEST_objrIrIrJPA_FX_FAST_REQUEST_createwsz)RawKerberosTest.PA_FX_FAST_REQUEST_createcCs2d|i}|s|S|j|td}|t|}|S)Nz include-pacrZ)rgr{ZKERB_PA_PAC_REQUESTrr;)rCZ include_pacZpa_data_createZKERB_PA_PAC_REQUEST_objZpa_pacrrIrIrJKERB_PA_PAC_REQUEST_creates z*RawKerberosTest.KERB_PA_PAC_REQUEST_createcCs,||}|j|td}|t|}|Sr)rrgr{PA_PAC_OPTIONSrr:)rCrF pac_optionsrIrIrJget_pa_pac_optionss   z"RawKerberosTest.get_pa_pac_optionscCs| dur.|j| t||d}|| ||}nd}||||| d}|durR||d<|durb||d<|durr||d<|dur||d<| dur| |d<|dur||d<| dur| |d <|S) Nrx)z kdc-optionsr<tillnoncerjrrfromZrtime addresseszenc-authorization-datazadditional-tickets)rgr{ZAuthorizationDatar)rC kdc_optionsrr<r from_time till_time renew_timerrradditional_ticketsEncAuthorizationDataEncAuthorizationData_keyEncAuthorizationData_usagerSrUZ enc_ad_plainZenc_adKDC_REQ_BODY_objrIrIrJKDC_REQ_BODY_createsB&z#RawKerberosTest.KDC_REQ_BODY_createc Cs>d||d}|dur||d<|dur2t||d}nd}||fS)NrP)r~msg-typerrrZ)rd) rCrrrrErSrUZ KDC_REQ_objZKDC_REQ_decodedrIrIrJKDC_REQ_createszRawKerberosTest.KDC_REQ_createcCsX|j|||||||| | | | ddd||d}|jt||t||d\}}| rP|S||fS)N)rrrrSrUrrrrErSrU)rrrr{AS_REQ)rCrrrr<rrrrrrrrnative_decoded_onlyrSrUrrRdecodedrIrIrJ AS_REQ_creates:. zRawKerberosTest.AS_REQ_createcCsdt|||d}|S)NrP)r~rz ap-optionsr authenticator)r)rC ap_optionsrr Z AP_REQ_objrIrIrJ AP_REQ_createJs zRawKerberosTest.AP_REQ_createc CsTd||||d} |dur || d<|dur0|| d<|dur@|| d<|durP|| d<| S)NrP)zauthenticator-vnorrcusecctimerxsubkey seq-numberauthorization-datarI) rCrrrxr rr seq_numberauthorization_dataZAuthenticator_objrIrIrJAuthenticator_create[sz$RawKerberosTest.Authenticator_createc$CsJ|durt}nt}|j|d||| | | | | |||||d}|j|t||d}|j|t||d}d}|durt|}t dd}|j |||||||dd}|j|t ||d}| |t|}td}|jt|||d} |j| t||d} |t| }!|dur||!n|!g}|jt||t||d \}"}#|rB|#S|#|"fS) Nrrr<rrrrrrrrrrrrxrrrrrxr rrrrr r rr r)r,r+rrgr{ KDC_REQ_BODYrr*rrrr Authenticatorrr) APOptionsr strAP_REQrr9rUrrTGS_REQ)$rCrr rrrrr<rrrrrrrrrrticket_session_keyauthenticator_subkeybody_checksum_typerrSrUrr req_body_blobreq_body_checksum subkey_objrr r ap_req pa_tgs_reqrRrrIrIrJTGS_REQ_create{s7         zRawKerberosTest.TGS_REQ_createc Cs|djddd}|dD]}||7}q||7}|d7}||t||}|||dd}|j|td} |t| S) Nrr@rrrZKerberos)r^r<rxZauthrZ) rrrr&rgr{Z PA_S4U2Selfrr5) rCr^r<Ztgt_session_keyrkZ cksum_datarrxZPA_S4U2Self_objZ pa_s4u2selfrIrIrJPA_S4U2Self_creates&   z"RawKerberosTest.PA_S4U2Self_createcCs>d|i}|dur||d<|dur(||d<|j|td}|S)NZ newpasswdZtargnameZ targrealmrZ)rgr{ZChangePasswdDataMS)rC new_password target_princ target_realmZChangePasswdDataMS_objZchange_password_datarIrIrJChangePasswdDataMS_createsz)RawKerberosTest.ChangePasswdDataMS_createc Cs||d}|dur||d<|dur*||d<|dur:||d<|durJ||d<|j|td} ||t| } dt| d} |j| td} | S) N) user-dataz s-addressrrrz r-addressrZrP)r~renc-part)rgr{EncKrbPrivPartrr%r) rCr user_data s_addressrrr r_addressZEncKrbPrivPart_objZenc_krb_priv_partZenc_dataZ KRB_PRIV_objkrb_privrIrIrJKRB_PRIV_create(s4 zRawKerberosTest.KRB_PRIV_createc Cs||jd|\}} |j||||| ||d} dt|t| } || dt} | | d?| | d@| |d?| |d@| t|d?| t|d@| || | | S)Nzcall self.connect() first)r1rrrr2rOir?) r?rrr4rB assertLess bytearrayrUextend) rCrr0versionrr% local_addressremote_addressrrr3sizernrIrIrJkpasswd_createOs,    zRawKerberosTest.kpasswd_createcCsJ||dd|d}||d|j||d|j|||d}|S)Nr~rPr.rjrlr)rrjrrlrr)rCrRriroenc_partrIrIrJ get_enc_partts zRawKerberosTest.get_enc_partc . s||jjur d} ||||} nD||jjurT||d||dd} |d} n|d||tj j } |dur~d}t t |}|| d|d} | rtd d }nd}|j| ddd t|d }|j|jd d||j|jjtjkrdn"tjkr dn|dfdd}|jd }||}d}|| | | ||||}|||}|d|||dd}|dd}|d d>|dB}|dd>|dB}|dd>|dB}||t ||d||!|||"d|d|"d|d|r|d|}||d}|j#}|j$|t %d}|&|dt'|(||t)}|j$|t *d}|+|d|+|dz|j$|t ,d}Wnt-y|Yn0|&|dt,|(|| t.}|j$|t /d}|0|d |0|d!|d"} n|j$|t 1d}!|j2t3d#d$gd%}"|456}#|&|!d&d|&|!dt1|0|!d|0|!d!|+|!d'|+|!d(|!d)}$t7|t8r||$|n |9|$||0|!d*|0|!d+|&|!d,|#d|:|!d-|"|0|!d.|!d/} | dd}%| dd}&|%d d>|%dB}'t7|t8r^||'|n |9|'||&s|d |'d0dS|&d rt7|t;r||&|n |9|&|n(|d1t |&t<=d2|&\}(})}*}+},}-dS)3Niz"target_princ only valid for pw setz"target_realm only valid for pw setrSrz invalid mode r )tgtr  auth_datar rrF)rrrori)r0rRzunknown family cst|dS)N)z addr-typeZaddress)r)Z inet_pton)ZipZ addr_typefamilyrIrJcreate_addresss z8RawKerberosTest.kpasswd_exchange..create_addressrrOr?rQr@rP~^rZrrr rrr-ZkadminZchangepwrrr~stimesusec error-coderrr<re-texte-dataz#got an error result, but no messagez>HIIIQQ)>rrr,rrrZfailrrdrerfrr{rrrgenerate_ap_reqrr,rr?rrDr)ZAF_INETZAF_INET6Z getsocknamer=rhrvr!ryrBr6rrrcZAP_REPrrr?rZ EncAPRepPartrrrr%r/rrrr.rPrrrr`rzrrtrlrt).rCrr)Z expected_codeZ expected_msgmoder*r+r Zsend_seq_numberr9r0rkdc_exchange_dictrr%rEZlocal_ipr:r;rnrsroZreplyZ reply_lenZ reply_versionZ ap_rep_lenZap_repr3rir>Z priv_enc_partZ result_dataZ krb_errorrr< error_codestatusmessageZ status_codeZ empty_bytesZ min_lengthZhistory_lengthZ propertiesZ expire_timeZmin_agerIrCrJkpasswd_exchanges                                     z RawKerberosTest.kpasswd_exchangec:Csx|d}|d}|d}|d}|d}|d}|d}|d}|d }|d }|d }|d }|d }|d}|d}|d}|dur|jdd}d|vr|d}n|}||d<|j|||||||||| | | | | d}t|} |dur|D]"\}!}"|"dur|"| |!<q| |!=q|durR|D]$\}!}"|"durH|"||!<n||!=q,g}#|durt||}$|#|$|dur||}%|#|%|tkrd}&d}'n*| t ||j |||dd}&| t |&}'|dur||||||\}(}ng}(|dur4|||||ddd})|d}*||*|)}+nd}+|durv||||\},}||,|t dd|,Ddnd},|dur|d}-||-|tkr|j|td}.n| t ||&}.||-t|.}/|(|#7}(|||| |(|+|/}0nd}0g}1|'dur |1|'|0dur|1|0|,dur0|1|,7}1|0durB|1|#7}1|1sLd}1|1|d<|(|d<| |d <|j||1||d!\}2}3|d"}4|j|3|4d#}5||5||5d$}6||6d}7|durt}7|||d%t||d%||dur|}7||| d%t|||7|6tkr>||5d&}8d'|8}9n d(|}9| |6|7|9|6tkrl||||5S||||5S))Ncheck_error_fn check_rep_fngenerate_fast_fngenerate_fast_armor_fngenerate_fast_padata_fngenerate_padata_fn callback_dict req_msg_type req_asn1Spec rep_msg_typeexpected_error_moder pac_requestr inner_req outer_reqi)rrrFrTfast_armor_typecSsg|] }|dqS)rrIrrrIrIrJ rz9RawKerberosTest._generic_kdc_exchange..zDon't create TGS-REQ manually armor_keyrZ req_padata fast_padatar)rrrrEr)rrrrKzGot unexpected error: zExpected to fail with error: )rrrdictrrrUrrryrrOrr9r?r assertNotInrgr{rrr$rrrrrrrB):rCrQrr<rrrrrrrrrrrVrWrXrYrZr[r\r]r^r_r`rrarrbrcrrZinner_req_bodyrirDZadditional_padataZpa_pac_requestZpa_pac_optionsZtgs_reqZtgs_req_padatarjZ fast_ap_reqre fast_armorZ outer_padatarhZ checksum_blobrZfastrZreq_objZ req_decodedrrrZexpected_msg_typerRrrIrIrJ_generic_kdc_exchangeNsJ                                                   z%RawKerberosTest._generic_kdc_exchangerrc./3Cs|dkrd}nt|tjjs"|f}ttjttjtj ||||||||| | | | | ||||||||||||||||||| |!|"|#|$|%|&|'|(|)|*|+|,|-d2}.|duri}|.S)NrrI)2r]r^r_ rep_asn1Specrep_encpart_asn1Specexpected_crealmexpected_cname expected_anonexpected_srealmexpected_snameexpected_account_nameexpected_upn_name expected_sidexpected_supported_etypesexpected_flagsunexpected_flagsticket_decryption_keyexpect_ticket_checksumrXrYrZrer[rVrWcheck_kdc_private_fnr\r`expected_statusclient_as_etypes expected_saltr  preauth_keyrh armor_tgt armor_subkeyrArrbrcrar expect_edatar expect_claimsexpect_upn_dns_info_exexpect_pac_attrsexpect_pac_attrs_pac_requestexpect_requester_sidr) rrrrrr{rrr|Z EncASRepPart)/rCrqrrrsrtrurvrwrxryrzr{r|r}rXrYrZrer[rVrWr~r\r`rrrr rrhrrrArrbrcrarrrrrrrrrrQrIrIrJas_exchange_dict& st.4z RawKerberosTest.as_exchange_dictc/04Cs|dkrd}nt|tjjs"|f}ttjttjtj ||||||||| | | | | ||||||||||||||||||| |!|"|#|$|%|&|'|(|)|*|+|,|-|.d3}/|duri}|/S)NrrI)3r]r^r_rorprqrrrsrtrurvrwrxryrzr{r|r}rXrYrZrer[rVrWr~r\r`rr@r!rhrrrAr rrbrcrarrrrrrrrexpected_proxy_targetexpected_transited_servicesr) rrrrrr{rrr} EncTGSRepPart)0rCrqrrrsrtrurvrwrxryrzr{r|r}rXrYrZrer[rVrWr~r`rr\r@rhrrr rAr!rrbrcrarrrrrrrrrrrrQrIrIrJtgs_exchange_dict sv/5z!RawKerberosTest.tgs_exchange_dictc#Cs|d}|d}|d}|d}|d}|d} |d} |d} |d } ||d | ||d } |jr||d ||r|jtd dgd}n|d}||d|||d||d}d}d}|||dur||dd||d|||d|||d||d}|||dur||d|d}t t t dd}|t |kpp||dk}|r| |d|jn ||d||d||d}||d||d}d}|||dur||d| |dd||d||d}d}||\}}| dur|| }t|vr|t}|j||| d d!}d"|vr~||d"}|||}|d#}|dur|d$}|j|||d d%d&d}|dur||d|j| |d|j|t|} |j| t d'}d}!|||dur||d|j|jr<| |d|j|||}"z|j|"| d'}!Wn&ty|j|"t d'}!Yn0|| | dur| |||||!||S)(Nrqrsrtrur|r~rpr_rhrrr WELLKNOWN ANONYMOUSrHrrrrztkt-vnorPr<rr.rjrzenc-tkt-in-skeyrSr rlrrT)finishedstrengthen-keyrzticket-checksumr)rRrZ) rrrrrr0rrr?rBtupler{ KDCOptionsrrrget_preauth_keyrr8check_fx_fast_datargenerate_strengthen_reply_keyrcheck_rep_padatarjrlrrr-rc EncTicketPartr>r)#rCrQr\rrqrsrtrur|r~rprrhrrrrZticket_encpartZ ticket_cipherrposZ expect_kvnoZencpartZencpart_cipherticket_checksumZencpart_decryption_keyZencpart_decryption_usager fx_fast_data fast_responsestrengthen_keyZ fast_finishedrZticket_decpartrZ rep_decpartrIrIrJgeneric_check_kdc_rep s                                  z%RawKerberosTest.generic_check_kdc_repc Cs|j|td}|dd}||d|j|t|d}|j|td}|rh|jrh| d||rx| d||d} || |d|S) NrZrz enc-fast-reprjrrrr) rcr{ZPA_FX_FAST_REPLYryrjrrr#ZKrbFastResponserrz) rCrQrrhrexpect_strengthen_keyZ enc_fast_repZfast_reprrrIrIrJr s     z"RawKerberosTest.check_fx_fast_datac- Cs|d}tttdd}|t|ko4||dk} tttdd} | t|kob|| dk} tttdd} | t|ko|| dk} | p| }|d}|d}|d }|d }|d }|d }|d }|d}||d}|dur |d}|||||d}|r"|}n|}| |}|g}|j s^|j |t j j d}|||jrx||rxd}n|d}d}|dur||d||||d||d} || | dur|| d|| d|| }||d||j r||d|||d||d|j r<||d||d|rd|j rp||dn ||d|j r||d g|dur|j|d!| d"d}!|dur||d||d}"||"|"dur||"d||"d||"}!||d#||d$|d$|tkr<|j rH||d%n ||d%||d||||d|j rx||d||d|r|j r||dn ||d||d&|||d'||j r||d g||}#|j r| sd|#vr||d(||d(}$| rj|t|$|d)}%|%tjtj Btj!BO}%t"#d*|$t\}&|$|&|%n |%t|$d|#vr|t&|$|j'|$t&t(d+}'||'d,|#n |%t&|$n||d(g|dur|!dur|$|j)|!j)|$|j*j+|!j*j+|!dur|!}(n|}(t,||(|||||||d- })|dur|j-|)|d.}*|durb||*n|d/urv|.|*|*dur|/|*||d0}+|+r|||dur|| o|t0k},|j1|)||,||+p|j2d1|)|d2<dS)3Nr canonicalizerSr  renewablerenewrqrrrtrur|r_rzr{rrhr)rjTrflagsrir|r}rrZ transitedZauthtimeZ starttimeZendtimez renew-tillZcaddrr)rzlast-reqrzkey-expirationrrzencrypted-pa-dataryzr rrrrlrtryrlr:rcrrjrir~rget_ticket_pacrcheck_pac_buffersr verify_ticketr)-rCrQr\rrrrrZ canon_posrZ renewable_posrZ renew_posrZexpect_renew_tillrqrrrtrur|r_rzr{rrhr krbtgt_creds krbtgt_key krbtgt_keysZkrbtgt_key_rc4rrZ ticket_keyZencpart_session_keyZ encpart_keysent_pac_optionsZ enc_pa_dictryZsupported_etypesrrZ ticket_credspac_datar}rrIrIrJgeneric_check_kdc_private s                                                         z)RawKerberosTest.generic_check_kdc_privatec'CsBttj|}|d}|d}|d}|d}tjtjtjtjtjg}|d} tt t dd} | t| kox| | dk} | r| tj |jr|r| tj|tkr|dur| tj| tj||s|tkr| tjtjh} |js| tj||} |d }|r$|d }n|d }|durP|jrD| }n | tj|rb| tj|d }|dur|jr| }n | tj|r| tjd d|jD}|j||d| d|d}|d}|d}|dur|dus|durd}|jD]8}|jtj kr`|d}|d}|jj}||t|j t!t"t|j#}|||q|jtjkr|d}|dd}|||jj$q|jtjkr|jjj%j&}|dur||t|j$|dur:t'|(ddd}|||j)q|jtjkr|j}|j*}|d} || |j+|d}!|!durL||!|j,|r\|-||dur:|dur~|||j.|dur:||t|j/n|jtjkr|r|j}"|d|"j0|"j1}#t2|#d@}$t2|#d@}%||du|$||du|%n6|jtjkr|r|jj3}&|dur||t|&qdS)Nr_rrurrzcname-in-addl-tktrSr rrrarcSsg|] }|jqSrI)r\)r pac_bufferrIrIrJrg sz5RawKerberosTest.check_pac_buffers..F)rrrvrxrTrrrrrr-rqrwrR)4r rPAC_DATAZPAC_TYPE_LOGON_INFOPAC_TYPE_SRV_CHECKSUMPAC_TYPE_KDC_CHECKSUMZPAC_TYPE_LOGON_NAMEZPAC_TYPE_UPN_DNS_INFOrBrr{rrUZPAC_TYPE_CONSTRAINED_DELEGATIONrZPAC_TYPE_CLIENT_CLAIMS_INFOrZPAC_TYPE_DEVICE_INFOZPAC_TYPE_DEVICE_CLAIMS_INFOrPAC_TYPE_TICKET_CHECKSUMraddrZPAC_TYPE_ATTRIBUTES_INFOZPAC_TYPE_REQUESTER_SIDbuffersrr\inforyrZ proxy_targetrmaptransited_services account_nameZinfo3baser`rZridexZdns_domain_nameZupn_namer?ZsamaccountnameZ objectsidZ flags_lengthrrZsid)'rCrrQpacr_rrurZexpected_typesrrZconstrained_delegationrrrrrZ buffer_typesrvrxrrrrZdelegation_inforrrrZ logon_infoZ expected_ridZ upn_dns_infoZupn_dns_info_exZexpected_realmrwZ attr_inforZ requested_pacZ given_pacZ requester_sidrIrIrJr s                                 z!RawKerberosTest.check_pac_bufferscCs|d}|d}|d}|d}|d} ||} |d} ||dd||d t||d } || | |jr||d ||d ||d ||d|jr||d|r|s|jt ddgd} | |d| n ||d| |d|| |d|||d|d}|d}|dur\| t koZ| sV| dusV| t koZ| }|s|||||d|S||d}|jr|||dur|tkr0| s0|j|td}|t|d|d}|dt|t|ddd}t|d dd}||||d!|n|||j|td}|t|d"| r|d#t|||}|t||d$}|||j||t|d%d&}|d'}||||| }||d(<|S))Nr_rsrtrur`rer~rPrrKrr rIrJrrrrHrr<rrLrrrMrZz data-typez data-value r@rr?rQrrSrhF)rrZpreauth_etype_info2) sent_fastrrrrzrrrrr0rrrrrr?rrcr{ZKERB_ERROR_DATAryrrBr` from_bytesZ METHOD_DATA assertGreaterrr8rr)rCrQr\rinnerr_rsrtrur`rrerRrrrrZedataZ error_dataZextended_errorrSr rep_padataZ rep_pa_dictrhrrrIrIrJgeneric_check_kdc_error% s                      z'RawKerberosTest.generic_check_kdc_errorc,Cs|d}|d}|d}|dg}||} ||} |tkrJ|| d} d} d} d}tjj|vrjd} |D]T}||vr|qn|tjjtjj fvrd} || kr|} |tjjfvrn|dkrn||krn|}qn| dkr| | f7} |dkr| |f7} d}| r|dkr|t f7}|t f7}|tkrH| |}d |vr|dt fvr|tf7}n|t kr| rr|t| d|tf7}t| dkr|tf7}|tkr| r|tf7}n |tf7}| s|tf7}|tf7}|jr| s| s|tf7}|t f7}td d |D}|j||t tttthd |s(dS||}|t}|durV|t|d|t}|durz|t|d|t}|dur|t|d|t}|dur|t|d|t }|dur||d <|t }|dur|j|t d}|j!|||dd|t}|durJ|j|t"d}|#|d||t}|durT| sv|t|dn|d}|$||%|\}}|&||}|j'r|(t|dt|dkrT|j|t)d} || d|j*|+t,| d}!|j|!t-d}!|!d}"|.d|!|/|"}#t00}$|1|$d|#|1|#|$d|t}%|%dur`|j|%t2d}%|3t|%d|j'r|t|%t| t4dt|%D]}&|5|%|&d}'|j'r||'| |&|5|%|&d}(|'tjjkr|j'r:|6|(n(|$|(|d})|)dur:||(|)|5|%|&d}*|j'r|6|*q|t}+|+dur|j|+t7d}+|t|+d|5|+dd}'||'tjj||'| d|5|+dd}(|j'r|$|(|t|(d|%S)Nr_rrjrrIFrTr css|]}|dVqdS)rNrIrfrIrIrJr rz3RawKerberosTest.check_rep_padata..r fast_cookierZ)rrFrhrrri,rSrrr)8rrsent_enc_challengerr6rdrerhrfrgr7r6rrr:rrBr3r4rr1r2r<r=rr8rrrryrcr{rrrrr?rgenerate_kdc_challenge_keyrrZ EncryptedDatarjrrr Z PA_ENC_TS_ENCrzrrr6Z ETYPE_INFO2rurVrrZ ETYPE_INFO),rCrQr\rrRr_rZproposed_etypesrrrZexpect_etype_info2Zexpect_etype_infoZexpected_aes_typeZexpected_rc4_typerjZexpected_patypesrZ got_patypesrZ enc_timestampZ pk_as_reqZ pk_as_rep19Zfx_fastrZ fast_errorrZ enc_challengerhrrbkdc_challenge_keyZencrypted_challengeZ challengeZ rep_patimeZrep_timeZ current_timerrrrrrZ etype_inforIrIrJr sZ                                                      z RawKerberosTest.check_rep_padatac Csp|d}||||} |j| td} ||t| } |||| } || } |j| td} | t | }|S)NrhrZ) rrgr{Z KrbFastReqrr!rrZPA_FX_FAST_REQUESTrr8) rCrQ_callback_dictrrjrmrrrhZfast_reqZfast_armored_reqZfx_fast_requestrIrIrJgenerate_simple_fastV s2 z$RawKerberosTest.generate_simple_fastc Cs0d}|r$|||d}|d} nF|d}|d} |durj|d} |j|td} |j|jt| | d}|d} d} | dur| } |durt d d }| \}}|j |j |j |||| || d }|j|td}|dur|rtnt}||j||}td }|jt||j|d }|j|td}|S)Nrrr@r r!rZrrArrrr r)rrgr{rrrr*rrrrrrrrrr)rrr rrr)rCrQrrrrorr#r@r r!r"rAr$rr Zauthenticator_objZauthenticator_blobr r Z ap_req_objr%rIrIrJrOw sh        zRawKerberosTest.generate_ap_reqcCs,|j|||dd}|t|}|g}||fS)NFrd)rOrr9)rCrQr\rr%r&rrIrIrJgenerate_simple_tgs_padata s z*RawKerberosTest.generate_simple_tgs_padatacCs\|d}|tkr|d}t}n,|d}|dur8|}t}n|d}|j}t}||||fS)Nr_rr r@)rrr(rr'r?)rCrQrriror r@rIrIrJr s zRawKerberosTest.get_preauth_keycCs"t|j|jdd}t|d}|S)Ns subkeyarmors ticketarmorrdcf2rirb)rCrrrhrIrIrJgenerate_armor_key s z"RawKerberosTest.generate_armor_keycCs$t|j|jdd}t||j}|S)Ns strengthenkeysreplykey)rdrrirbrl)rCrZ reply_keyZstrengthen_reply_keyrIrIrJr sz-RawKerberosTest.generate_strengthen_reply_keycCs"t|j|jdd}t|d}|S)Nsclientchallengearmorchallengelongtermr)rCrh longterm_keyZclient_challenge_keyrIrIrJgenerate_client_challenge_key s z-RawKerberosTest.generate_client_challenge_keycCs"t|j|jdd}t|d}|S)Nskdcchallengearmorrr)rCrhrrrIrIrJr s z*RawKerberosTest.generate_kdc_challenge_keycCsF|d}||j||j|td}||t|}|||dS)NrrZ)ryrkrgr{ZTicketrr")rCrZexpected_checksumrhZ expected_typeZ ticket_blobrrIrIrJr sz&RawKerberosTest.verify_ticket_checksumcs^|j}|jd}||d|j||d|j|t|d}|j|t d}| d}|rl| |n |durxdS| } |j|| |d\}} |sdSttj| } ttj| } i} t| j| jD]\}}|j}||jvr||| d||jj}|jj}|d @r|d O}||f| |<|tjkrttj|jj}tt||_t||j_qt| } | tj \}}|!t"| ||| tj#\}t$|t%j&j'r|j(r|d }nt)fd d |D}n|}|*t"|||s|tj| nl| tjd\}}|r| |n|dur&|+||durZ||d<|j,|t d}|*t"|||dS)Nr.rjrlrrZrrDuplicate checksum type rrrc3s|]}|jkr|VqdSrcr)rriZ kdc_ctyperIrJrds z0RawKerberosTest.verify_ticket..)NNF)-rrrrjrrlrrr-rcr{rrr? get_empty_pac replace_pacr rrZ PAC_DATA_RAWziprr\pac_checksum_typesrlr signaturerPAC_SIGNATURE_DATA remainingrtrBr rr{r&rrrrrrnextrrrg)rCrrrrr}rir>rA empty_pacrrZraw_pacZ checksumsrZraw_pac_buffer buffer_typerrkrserver_checksumZ server_ctype kdc_checksumrrZ ticket_ctyperIrrJr s               zRawKerberosTest.verify_ticket)new_ticket_key modify_fn modify_pac_fn exclude_pacallow_empty_authdataupdate_pac_checksums checksum_keysinclude_checksumsc CsR|dur i}| duri} |||j|| |j|rN||d}|sf|||| |du} |j} |dur| }tj|vr||tj<tj|vr| tj } | dur| |tj<|j d} | | d| j || d| j| t| d} |j| td} |dur|| } | d}| r4|||durd}|s|}|j||| d\}}|durttj|}|dur||}|r| }||d<|j|td}|||| |t|}|t|}|j||| |d \}}|| d<|j| td}| |t|}|j }||d<t!||j"|j#|j$|j%|j&|| |j'd }|S) NFr.rjrlrrZrr)rr)rrrrrrrr)(ZassertLessEqualkeysrrZ assertFalserrrrrrrrrjrrlrrr-rcr{rr?rrr rcopyrgrr rrrrrrrrrr)rCrrrrrrrrrrrikdc_checksum_keyr>rAnew_pacrZempty_pac_auth_datarrZenc_part_to_signrbZ enc_part_newZ new_ticketZnew_ticket_credsrIrIrJmodified_tickets                    zRawKerberosTest.modified_ticketcCs|j}i}|D]0}|j}||jvr|||d||||<q|jD]}||vr||dur||} |jd8_|| qF||durFt } t } || _| | _ | | |jd7_| ||<qF| D]l\}} ||} | jd@} |tjkr||| t|} n|tjkr,| } n| } | | j _| | j _q||_|tj}|dur|tj}t|}|t|}||j _|tj}|dur|durt}|tj}|t|}||j _dS)NrFrSTl)rr\rrlrpopZ num_buffersremoverrZ PAC_BUFFERrrUrrkrr?rr&rrurrr rvrrt)rCrrrr>Z pac_buffersZchecksum_buffersrrZchecksum_bufferrZ checksum_keyrkrZserver_checksum_bufferZserver_checksum_keyrrZkdc_checksum_bufferrrrIrIrJrsz                  z$RawKerberosTest.update_pac_checksumsc Cs|dur"||dt||dg}d}d}|D]}|dtkr|j|dtd}g} |D]B} | dtkr||d| d}|dur| |q`| | q`|r||d| s|r|j | td}| t|}nd}|dus|r2||q2|r ||d||fS)NrrrZzMultiple PACs detectedz Expected PACzExpected AD-RELEVANT) rrrrrcr{rrUr?rgr) rCrArrrZ new_auth_dataZ ad_relevantZold_pacZ authdata_elemZrelevant_elemsZ relevant_elemrIrIrJrqsJ          zRawKerberosTest.replace_paccCs||d|\}}|Src)r)rCrArrbrrIrIrJget_pacszRawKerberosTest.get_paccCs6|jd}|r||n |dur(dS|j||dS)Nrr)rrr?r)rCrrrArIrIrJrs   zRawKerberosTest.get_ticket_paccCs|}||}tj|iSrc)rPrrr)rCrrrIrIrJget_krbtgt_checksum_keys z'RawKerberosTest.get_krbtgt_checksum_keycCs|dd}|dvS)Nrr)rOskrbtgtrI)rCZ principalr^rIrIrJrs zRawKerberosTest.is_tgscCs|jd}||Sr)rr)rCrrrIrIrJis_tgts zRawKerberosTest.is_tgtcCs|ttdSr)rrrtrrIrIrJrszRawKerberosTest.get_empty_paccCs||dS)Nri)r)rCrQrIrIrJget_outer_pa_dictsz!RawKerberosTest.get_outer_pa_dictcCs ||d}|r|S||S)Nrj)rr)rCrQZ req_pa_dictrIrIrJget_fast_pa_dictsz RawKerberosTest.get_fast_pa_dictcCs||}t|vSrc)rr8)rCrQZ outer_pa_dictrIrIrJrs zRawKerberosTest.sent_fastcCs||}t|vSrc)rr1)rCrQ fast_pa_dictrIrIrJrs z"RawKerberosTest.sent_enc_challengecCsb||}t|vrdS|j|ttd}|d}|dd|dd}}|dt|7}|S)NrrZrFr@r )rr:rcr{rrB)rCrQrrrrIrIrJrs  z$RawKerberosTest.get_sent_pac_optionscCs.|}|}|}|jt||gd}|S)NrH)rPrrrr/)rCrZkrbtgt_usernameZ krbtgt_realmZ krbtgt_snamerIrIrJget_krbtgt_snamesz RawKerberosTest.get_krbtgt_snamec$sfdd}|sd}|j} n |j}d} dur4|}!nd}!|j||| | ||||||!|| |j||| |||t||||||||d}"|j|"||||| d}#|#|"fS)Ncs|fSrcrI)Z_kdc_exchange_dictrrrrIrJ_generate_padata_copysz@RawKerberosTest._test_as_exchange.._generate_padata_copy)rqrrrtrurvrwrxryr|r[rVrWr~r`rrrzr{rrrarrrrrr)rr<rrr)rrrrrrn)$rCrr<rrrr`rqrrrtrurrrrrvrwrxrzr{ryrr|rarrrrrrrrVrWr[rQrrIrrJ_test_as_exchanges\ z!RawKerberosTest._test_as_exchange)N)N)TF)NFTF)NFTFN)FT)FT)FT)FT)FT)TF)TF)N)N)NTNN)NTNN)NN)N)rNN)NNN)NNN)NNN)NNNF)F)NN)NN)N)NNNNN)N)N)N)T)NN)NNN)TNN)NNTNN)N)NN)NNNN)NNNT) NNNNNNNNNNNN)FT)F)r)NN)TT)N)TF)T)T)NNNNNNNNNNTNNNF)rrr__doc__rrrrrrrrdrerfrgrhrrrrrrrrr r!r1r,r5r=rCrGrHrIrJrKrNrPrQrTrWrcrgrjrhrprvrrrr2rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr r rr'r(r,r4r=r?rUrnrrrrrrrrrrrOrrrrrrrrrrrrrrrrrrrrrrrrrrIrIrrJrs     #      K 1                           "         L + J3    '% R Z m n W* fS & A       {  ^ 1  r)r)r)r#r)rlrrrrrrenumrZpyasn1.codec.der.decoderrr^Zpyasn1.codec.der.encoderrreZpyasn1.codec.native.decoderrdZpyasn1.codec.native.encoderr_Zpyasn1.codec.ber.encoderrZ pyasn1.errorrZsamba.credentialsrZ samba.dcerpcrr Z samba.gensecr Z samba.ndrr r Z samba.testsrr Zsamba.tests.krb5.rfc4120_pyasn1rZkrb5Zrfc4120_pyasn1r{Z"samba.tests.krb5.rfc4120_constantsrrrrrrrrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r9r:r;r<r=r>Zsamba.tests.krb5.kcryptordrKZ encodeValuer_ZTicketFlagsValuesrrrWZ prettyPrintZKDCOptionsValuesrZAPOptionsValuesrZPACOptionFlagsValuesZPACOptionFlagsraZNameTypeValuesZNameTypeZAuthDataTypeValuesZ AuthDataTypeZPADataTypeValuesZ PADataTypeZEncryptionTypeValuesZEncryptionTypeZChecksumTypeValuesZ ChecksumTypeZKerbErrorDataTypeValuesZKerbErrorDataTyperbrrrrrrrIrIrIrJs          3  4'