Fc~ddlZddlZejdddejd<ddlZddlmZmZddl m Z m Z m Z ddl mZddlmZmZdd lmZdd lmZmZdd lmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%ddl&m'cm(cm)Z*d Z+d Z,Gd deZ-e.dkrd Z+d Z,ddl/Z/e/j0dSdS)Nz bin/python1PYTHONUNBUFFERED)dsdbntstatus)krb5paclsasecurity)env_get_var_value) CksumtypeEnctype) KDCBaseTest)RodcPacEncryptionKeyZeroedChecksumKey)AES256_CTS_HMAC_SHA1_96ARCFOUR_HMAC_MD5KDC_ERR_BADMATCHKDC_ERR_BADOPTIONKDC_ERR_BAD_INTEGRITYKDC_ERR_GENERICKDC_ERR_INAPP_CKSUMKDC_ERR_MODIFIEDKDC_ERR_SUMTYPE_NOSUPPKDC_ERR_TGT_REVOKEDKU_PA_ENC_TIMESTAMPKU_AS_REP_ENC_PARTKU_TGS_REP_ENC_PART_SUB_KEY NT_PRINCIPALFceZdZfdZdHdZdZdZdZdZdZ d Z d Z d Z d Z d ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ d Z!d!Z"d"Z#d#Z$d$Z%d%Z&d&Z'd'Z(d(Z)d)Z*d*Z+d+Z,d,Z-d-Z.d.Z/d/Z0d0Z1d1Z2d2Z3d3Z4d4Z5d5Z6d6Z7d7Z8d8Z9d9Z:e;j<e;j=e;j>hZ?d:Z@d;ZAd<ZBd=ZCd>ZDd?ZEd@ZFdAZGdBZHdCZIdHdDZJdIdFZKdGZLxZMS)JS4UKerberosTestsctt|t|_t |_dSN)superrsetUpglobal_asn1_print do_asn1_printglobal_hexdump do_hexdump)self __class__s r?r@rArBEncAuthorizationDataEncAuthorizationData_keyrCticket_session_keyauthenticator_subkey )$get_service_creds get_username get_realmPrincipalName_createget_KerberosTime krb5_asn1 KDCOptions AS_REQ_createstrsend_recv_transactionassertIsNotNone assertEqual der_decode METHOD_DATA ETYPE_INFO2PasswordKey_from_etype_info2get_KerberosTimeWithUsecPA_ENC_TS_ENC_create der_encode PA_ENC_TS_ENCEncryptedData_creater EncryptedDataPA_DATA_createdecryptr EncASRepPart Exception EncTGSRepPartr EncryptionKey_importPA_S4U2Self_create RandomKeyetypeTGS_REQ_creater)r(pa_s4u2self_ctype service_credsservicer;r:r<tillr9r8rAreqrep rep_padatapa etype_info2rLpatimepausecpa_tsmsg_type enc_part2 for_user_nameunamerKrUpa_s4usubkeyrRrQs r*_test_s4u2selfzS4UKerberosTests._test_s4u2selfBs\..00 ,,..''))))AgY)GG))Ah=N)OO$$E$22*=99   -0-=-=',',',+/+/,0'1(.+/48! : :((-- S!!! Z"--- \*B///__ MI$9$;$;%==   B- B&& 0 'oo )"7"9"9&;; // {1~NN88::))&&99 0G0I0IJJ))#/BEJJ 0G0I0IJJ##Au--*=99   -0-=-=',',',+/+/,0'1(.+/48! : :((-- S!!!z? 2&&&KK 2C OH4MNN  ?I$:$<$<(>>II ? ? ?I$;$=$=(??III ? )*55 ))Am_)MM*=99 $$E$22X!66y7GHH((e59K/@)BB 2 8996688!!(-(-)/.1+.>.>(-(-(-,0,0-1(2)/,07;;?595G7=%"??&((-- S!!!z? r>>+S_X-FHHII$;$=$=(??Is(M2M;:M;cZ|}||ddS)NrW)rrcr(rs r* test_s4u2selfzS4UKerberosTests.test_s4u2selfs/&&(( 2&&&&&r+cr|tj}||ddS)NrxrW)rr HMAC_MD5rcrs r*test_s4u2self_hmac_md5_checksumz0S4UKerberosTests.test_s4u2self_hmac_md5_checksums7&&9K&LL 2&&&&&r+cr|tj}||ddSNrrD)rr MD5rcrs r*"test_s4u2self_md5_unkeyed_checksumz3S4UKerberosTests.test_s4u2self_md5_unkeyed_checksums6&&&GG 2&&&&&r+cr|tj}||ddSr)rr SHA1rcrs r*#test_s4u2self_sha1_unkeyed_checksumz4S4UKerberosTests.test_s4u2self_sha1_unkeyed_checksums6&&&HH 2&&&&&r+cr|tj}||ddSr)rr CRC32rcrs r*$test_s4u2self_crc32_unkeyed_checksumz5S4UKerberosTests.test_s4u2self_crc32_unkeyed_checksums6&&&II 2&&&&&r+c6 |dd}jj|}|dd}jj|}| |dd}| |  |}t|g }| } || } |dd} | |dd} td| g} | |d d} | tj| } |d d}|tj|}|d d }|d d}|r j}d}nd}j}||dd}tj|}|}t*j}|dt.t0f}|dd}|dd}|dd} fd}| ||| | ||d|||j|| |t7|d|}|d| ||s2|d}|}|i|dS)N client_opts account_typeopts service_optsmodify_service_tgt_fnr. service_namehostexpected_flagsunexpected_flagsexpected_error_moderexpected_statusr90rA expect_edataexpected_groupsunexpected_groupscJjd}|g|fSNrMrt session_key)_kdc_exchange_dict_callback_dictreq_bodyr client_cnamer;r( service_tgts r*generate_s4u2self_padatazES4UKerberosTests._run_s4u2self_test..generate_s4u2self_padata"s=,,! + 7 -F 8X% %r+TF)expected_crealmexpected_cnameexpected_srealmexpected_snameexpected_account_namer expected_sidrrticket_decryption_keyexpect_ticket_checksumgenerate_padata_fncheck_error_fn check_rep_fncheck_kdc_private_fnrrtgtrVr9 expect_claimsrr:r;r<rArep_ticket_creds) popget_cached_creds AccountTypeUSERCOMPUTERget_tgtrYr[r get_samdbget_dn get_objectSidrZr] TicketFlagsgeneric_check_kdc_errorgeneric_check_kdc_rep assertIsNoner^TicketDecryptionKey_from_credsrur AES256rrtgs_exchange_dictgeneric_check_kdc_privater`_generic_kdc_exchangeget_ticket_pacrbrc)!r(kdc_dictr client_credsrryr client_namesamdb client_dnsidr service_snamerrrrrrr9service_decryption_keyrVrArrrrkdc_exchange_dictrKpacrr;rs!` @@@r*_run_s4u2self_testz#S4UKerberosTests._run_s4u2self_testsll=$77 ,,).-  ||ND99 --)2. ll=11 ( -Dd K K ,// <BBN#<<(:DAA  '(45EFF &ll+@!DD",,'8$??  /!9NLL!N5L   o . . .ll=#66 *;77 !%!D!D "" $~~gn==h)@)9);<< ||ND99 ",,'8$??$LL).forwardable_no_pacfs/00d0CCF))&11 1r+rFr4)rrr9rrr)rr)r(rs` r*test_s4u2self_no_pacz%S4UKerberosTests.test_s4u2self_no_pacese 2 2 2 2 2 ':#U  -);"/ %       r+cn|dditj|jddddS)NrFTrr4)rrrrrs r*!test_s4u2self_without_forwardablez2S4UKerberosTests.test_s4u2self_without_forwardablexs\ $U *3):/d*<*<*<$1        r+cp|ddidtj|jddddS)NrFr4rrr9rrrrs r*test_s4u2self_not_forwardablez.S4UKerberosTests.test_s4u2self_not_forwardables_ $U  -)2):/e*=*=*=$1       r+cp|ddidtj|jddddS)NrTr4rrrrs r*"test_s4u2self_client_not_delegatedz3S4UKerberosTests.test_s4u2self_client_not_delegateds_ $T  -)2):/d*<*<*<$1       r+c x|ddiddddtj|jddddS) NrFtrusted_to_auth_for_delegationdelegation_to_spnr4Trrrr9rrrrs r*'test_s4u2self_not_trusted_empty_allowedz8S4UKerberosTests.test_s4u2self_not_trusted_empty_allowedsq $U 7<)+!! -)2):/d*<*<*<"/       r+c x|ddiddddtj|jddddS) NrFtestrr4Tr)rrr9rrrrs r**test_s4u2self_not_trusted_nonempty_allowedz;S4UKerberosTests.test_s4u2self_not_trusted_nonempty_allowedsq $U 7<)2!! -)2):/d*<*<*<$1       r+c x|ddiddddtj|jddddS) NrFTrrr4rrrrs r*#test_s4u2self_trusted_empty_allowedz4S4UKerberosTests.test_s4u2self_trusted_empty_allowedsq $U 7;)+!! -)2):/d*<*<*<"/       r+c x|ddiddddtj|jddddS) NrFTrrr4rrrrs r*&test_s4u2self_trusted_nonempty_allowedz7S4UKerberosTests.test_s4u2self_trusted_nonempty_allowedsq $U 7;)2!! -)2):/d*<*<*<"/       r+c ||jjddd}|dd}|t dddiddi|d t j|jd d dS) NTr)ridrrFrrr4r)rrrrrr9r) rrrrYrrrrr)r( other_creds other_snames r*test_s4u2self_wrong_snamez*S4UKerberosTests.test_s4u2self_wrong_snames++)226, "..00"5  '7 %#U 5d!!,,)2):/d*<*<*<       r+c x|ddiddddtj|jddddS)NrFT)rno_auth_data_requiredr4rrrrs r*#test_s4u2self_no_auth_data_requiredz4S4UKerberosTests.test_s4u2self_no_auth_data_requiredsq $U 7;-1!! -)2):/d*<*<*<"/       r+ch|dditjgtjgddS)NrF)rrr)rr SID_SERVICE_ASSERTED_IDENTITY.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITYrs r*test_s4u2self_asserted_identityz0S4UKerberosTests.test_s4u2self_asserted_identitysN $U %-$J#K&.&]%^        r+c 9:;|dd}|dd}jj|}}|}||}|di}|di} |dd} |dd} | o| | r}jj|} d | t| | d <jj| } nqjj| } | r- d || |d <jj|} | ;| }|:t |g 9| dd }| }d }t ||g }| }|dd}|dd}|dd}|dd}t%j|}|dt(t*f}|rň9:;fd}t%jd}t%jd}t%jd}t0j}:9||||||||||jj;|t|dd}|d||||d} n1 |||}!|!| ||} |dd}"|" |"| } | jg}#|dd}$|$ |$;;|dd}%|%!tt%jd}%| dd }&| }'d }(t |(|&g })| }*| j }+|d},|d d}-|,r j!}.d}/nd}.j}/"|-|d!d}0|0#|,|d"d}1t0j}2| }3|d#g}4d$|d%|}5|4$|5:9|'|)|||||+|*|.|/j|,|-i;|2|%|1|0|3|4|&}6|6d|'|)||#'|,sL|6d}7%|7|(}8|r&|8n"|8'i|dS))Ns4u2selfFrr service1_opts service2_optsallow_delegation allow_rbcddelegation_from_dnrr.rr expect_pacTrrclient_tkt_optionsr4rAcJjd}|g|fSrr)rrrrr client_realmr( service1_tgts r*rzGS4UKerberosTests._run_delegation_test..generate_s4u2self_padataks=00%&$0$< 1   x))r+r)rrrrrrrrrrrrrrrrVr9rrrr)r9rmodify_client_tkt_fnrr9zcname-in-addl-tktrrr pac_optionsexpected_transited_serviceszhost/@)rrrrrrrrexpected_supported_etypesrrrrrr callback_dictrrVr9r$rexpected_proxy_targetr%r)r:r;r<rArC)r)(rrrrrrr assertFalser assertNotInr`get_spnrrYrZr[rrr]rrrr^rur rrrrrget_service_ticketrKtgs_supported_enctypesrr assertTrueappendrrbrc) NN"./ABBh)@)9);<< 6 / * * * * * * * *'0&;M&J&J #(1(=c(B(B %#,#7 #F#F ,0NN7>,J,J ))-)?)? ,+ .-&5 /"3 6!:&=#;!7%)%C %B 455#"'*@*$*$ &*  & &'A-1-;-;.4 ' 6 6 6 "<>Lll=$77  i23FGGHHK&3355crc: '1133!22"+;+8+:3;;#'"E"E ##(?&ll+@AA",,'8$??  /!9NLL!N5L   o . . .||ND99  # OO/ 0 0 0ll=$77 #~~gn== . 6 6 8 8&.ll )2'/'/#EMDDNDD#**+<=== 22('*)"1+/&5"9)%!%!? 3+!5##%"7(C!13##4 ""#4)-)7)7*06H # J J J# '&'9:F%%f%DDC '$$S))))!!#&&& X&&&&&r+c|}||}|tjkr|ddSdS)NzRBCD requires FL2008)rget_domain_functional_levelrDS_DOMAIN_FUNCTION_2008skipTest)r(rfunctional_levels r*skip_unless_fl2008z#S4UKerberosTests.skip_unless_fl2008sT  ;;EBB d: : : MM0 1 1 1 1 1 ; :r+c6|ddddS)NrT)rrrGrs r*test_constrained_delegationz,S4UKerberosTests.test_constrained_delegation s4 !!'($(       r+cf|ddtjgtjgddS)NrT)rrrr)rGr rrrs r*|ddddidddS)NrTrF)rrrrrOrs r*1test_constrained_delegation_no_auth_data_requiredzBS4UKerberosTests.test_constrained_delegation_no_auth_data_required,sC !!'($(+T"$        r+ctgd}|ddtj|j||ddS)Nservice1service2service3rTservices)rrr#r%)rGrradd_delegation_infor(r]s r*4test_constrained_delegation_existing_delegation_infozES4UKerberosTests.test_constrained_delegation_existing_delegation_info8sd877 !!'($((1(9,x)A)A)A/7        r+cV|ttjdddS)NF)rrr)rGrrNT_STATUS_NOT_SUPPORTEDrs r*'test_constrained_delegation_not_allowedz8S4UKerberosTests.test_constrained_delegation_not_allowedGs< !!'8#+#C$)       r+c\|ttfd|jdddS)NTFrrr#r)rGrrrrs r*)test_constrained_delegation_no_client_pacz:S4UKerberosTests.test_constrained_delegation_no_client_pacQsG !!(8(;(=$((,(> %        r+cN|td|jdddS)NTF)rrrrrGrrrs r**test_constrained_delegation_no_service_pacz;S4UKerberosTests.test_constrained_delegation_no_service_pac]s? !!':$()-)? %        r+cb|ttfd|jdddiddS)NTFr)rrr#rr)rGrrrrs r*?test_constrained_delegation_no_client_pac_no_auth_data_requiredzPS4UKerberosTests.test_constrained_delegation_no_client_pac_no_auth_data_requiredhsQ !!(8(9(;$((,(> %+T"       r+c V|td|jddiddddS)NTrF)rrrrrrrhrs r*@test_constrained_delegation_no_service_pac_no_auth_data_requiredzQS4UKerberosTests.test_constrained_delegation_no_service_pac_no_auth_data_requiredwsN !!':$()-)?+T"$ %       r+c |ttjdt j|jdddS)NTFr)rrrr#)rGrrNT_STATUS_ACCOUNT_RESTRICTIONrrrrs r*+test_constrained_delegation_non_forwardablez        r+c ||ttjdd|jddiddS)NTrrr host/test)rrrr$r#rrMrGrrNT_STATUS_NO_MATCHrrs r*test_rbcd_no_client_pac_bz*S4UKerberosTests.test_rbcd_no_client_pac_bsa !!! !!'7#+#>"%(,(>'+"       r+cx||tdd|jdddS)NTrrF)rrr$rrrMrGrrrs r*test_rbcd_no_service_pacz)S4UKerberosTests.test_rbcd_no_service_pacsT !!! !!':"%)-)? %        r+c ||ttjdd|jddiddS)NTrrr)rrrr$r#rrrs r*/test_rbcd_no_client_pac_no_auth_data_required_az@S4UKerberosTests.test_rbcd_no_client_pac_no_auth_data_required_asa !!! !!'7#+#C"%(,(>+T"       r+c ||ttjdd|jddiddiddS)NTrrrrr)rrrr$r#rrrrs r*/test_rbcd_no_client_pac_no_auth_data_required_bz@S4UKerberosTests.test_rbcd_no_client_pac_no_auth_data_required_bsm !!! !!'7#+#>"%(,(>'+",T"       r+c ~||tdd|jddidddS)NTrrrF)rrr$rrrrrs r*.test_rbcd_no_service_pac_no_auth_data_requiredz?S4UKerberosTests.test_rbcd_no_service_pac_no_auth_data_requireds` !!! !!':"%)-)?+T"!&       r+c ||ttjddt j|jdddS)NTrrFrr~)rMrGrrrorrrrs r*test_rbcd_non_forwardablez*S4UKerberosTests.test_rbcd_non_forwardable)sn !!! !!'8#+#I"%(1(9/e)=)=)=        r+c||ttjddddS)NTrry)rMrGrrrbrs r*test_rbcd_no_pac_options_az+S4UKerberosTests.test_rbcd_no_pac_options_a8sQ !!! !!'8#+#C""        r+c||ttjddddiddS)NTrrr)rrrr$r)rMrGrrrrs r*test_rbcd_no_pac_options_bz+S4UKerberosTests.test_rbcd_no_pac_options_bEs[ !!! !!'8#+#>""'+"        r+c |ttfddtj|jdddddS)NTrFrupdate_pac_checksums)rrrr#r)rGrrrrrrs r*3test_bronze_bit_constrained_delegation_old_checksumzDS4UKerberosTests.test_bronze_bit_constrained_delegation_old_checksumVsd !!(8(=(?$(&)(1(9/E);););!&       r+c ||ttftjdddt j|jddddS)NTrrrFr)rrrr$rr#) rMrGrrrrbrrrrs r*!test_bronze_bit_rbcd_old_checksumz2S4UKerberosTests.test_bronze_bit_rbcd_old_checksumds| !!! !!(8(=(?#+#C"%&)(1(9/E);););       r+c (|jD]}||5|tjkrtt f}nt }||dtj |j |dddddn #1swxYwYdSNchecksumTFre) pac_checksum_typessubTestrPAC_TYPE_TICKET_CHECKSUMrrrrGrrremove_pac_checksumr(rrs r*3test_constrained_delegation_missing_client_checksumzDS4UKerberosTests.test_constrained_delegation_missing_client_checksumus/  Hx00  w???+;+<+>''+:'))/B,0090A 4x1I1I1I(-                  sABB B c tjtjfD]r}||5|t t jdtj |j |ddddn #1swxYwYsdS)NrTrrrr) rPAC_TYPE_SRV_CHECKSUMPAC_TYPE_KDC_CHECKSUMrrGrr NT_STATUS_INSUFFICIENT_RESOURCESrrrr(rs r*4test_constrained_delegation_missing_service_checksumzES4UKerberosTests.test_constrained_delegation_missing_service_checksums 6 68  Hx00  ))/>$E,01:1B 4x2I2I2I                  sABB B c X||jD]}||5|tjkrt }nt }||tj ddtj |j |ddddn #1swxYwYdSNrTrrr~) rMrrrrrrrGrrbrrrrs r*!test_rbcd_missing_client_checksumz2S4UKerberosTests.test_rbcd_missing_client_checksums  !!!/  Hx00  w???*:''*9'))/B$<&*'-090A 4x1I1I1I                      sABB" %B" c F|tjtjfD]s}||5|t tjddtj |j |ddddn #1swxYwYtdS)NrTrrrrrr$r) rMrrrrrGrrrrrrrs r*"test_rbcd_missing_service_checksumz3S4UKerberosTests.test_rbcd_missing_service_checksums !!!!6 68  Hx00  ))/>$E&*'-1:1B 4x2I2I2I                     sABB B c |jD]o}||5|ttfdt j|j|dddddn #1swxYwYpdSr)rrrGrrrrzeroed_pac_checksumrs r*2test_constrained_delegation_zeroed_client_checksumzCS4UKerberosTests.test_constrained_delegation_zeroed_client_checksums/  Hx00  ))0@0E0G,0090A 4x1I1I1I(-                  sAA,,A0 3A0 c :|jD]}||5|tjkrtt f}t j}nd}d}|||dtj |j |ddddn #1swxYwYdS)NrrTr) rrrrrrrNT_STATUS_WRONG_PASSWORDrGrrrr(rrrs r*3test_constrained_delegation_zeroed_service_checksumzDS4UKerberosTests.test_constrained_delegation_zeroed_service_checksums/  Hx00  w<<<+;+@+B'&.&GOO*+'&*O))/B+:,01:1B 4x2I2I2I                  sA#BB B c $||jD]s}||5|tt jddtj|j |ddddn #1swxYwYtdSr) rMrrrGrrrbrrrrs r* test_rbcd_zeroed_client_checksumz1S4UKerberosTests.test_rbcd_zeroed_client_checksums !!!/  Hx00  ))/?$<&*'-090A 4x1I1I1I                     sABB B c V||jD]}||5|tjkrt }t j}nd}d}|||ddtj |j |ddddn #1swxYwYdS)NrrTrrr) rMrrrrrrrrGrrrrs r*!test_rbcd_zeroed_service_checksumz2S4UKerberosTests.test_rbcd_zeroed_service_checksums !!!/  Hx00  w<<<*:'&.&GOO*+'&*O))/B+:&*'-1:1B 4x2I2I2I                  sABB! $B! c n|jD]}|jD]}|||5|tjkr|t jkrttf}nttf}| |dtj |j ||dddddn #1swxYwYdS)NrrPTFre)runkeyed_ctypesrrrr rrrrrGrrunkeyed_pac_checksumr(rrPrs r*3test_constrained_delegation_unkeyed_client_checksumzDS4UKerberosTests.test_constrained_delegation_unkeyed_client_checksum s1/  H,  \\85\AA G$AAA % 7 7/E/B/D++0?/B/D+--3F044=4E $ 9)15@5@5@-2    sA2B((B, /B, c |jD]}|jD]}|||5|tjkrF|t jkrttf}tj }nttf}tj }nd}d}| ||dtj|j||ddddn #1swxYwYdS)NrrTr)rrrrrr rrrrNT_STATUS_LOGON_FAILURErrrGrrrr(rrPrrs r*4test_constrained_delegation_unkeyed_service_checksumzES4UKerberosTests.test_constrained_delegation_unkeyed_service_checksum#sN/  H,  \\85\AA7#@@@ IN223I3F3H/.6.NOO3B3F3H/!) I,O/0+*.--3F/>045>5F $ 9)16@6@6@    sBCC C c||jD]}|jD]}|||5|tjkr|t jkrt}nt}| |tj ddtj|j||ddddn #1swxYwYdS)NrTrrr~)rMrrrrrr rrrrGrrbrrrrs r*!test_rbcd_unkeyed_client_checksumz2S4UKerberosTests.test_rbcd_unkeyed_client_checksum@s3 !!!/  H,  \\85\AA G$AAA % 7 7.D++.=+--3F ( @*.+14=4E $ 9)15@5@5@        sA/B99B= B= c||jD]}|jD]}|||5|tjkr8|t jkrt}tj }nt}tj }nd}d}| ||ddtj|j||ddddn #1swxYwYdS)NrrTrrr)rMrrrrrr rrrrrrrGrrrrs r*"test_rbcd_unkeyed_service_checksumz3S4UKerberosTests.test_rbcd_unkeyed_service_checksumYsQ !!!/  H,  \\85\AA7#@@@ IN222H/.6.NOO2A/ ( I,O/0+*.--3F/>*.+15>5F $ 9)16@6@6@       sBC  C C c|}||}|tjkrtt f}d}nd}d}||d|j|ddS)NFrTre)rrIrrJrrrGrc4_pac_checksums)r(rrLrrs r*/test_constrained_delegation_rc4_client_checksumz@S4UKerberosTests.test_constrained_delegation_rc4_client_checksumws  ;;EBB t; ; ;#2#6#8  LL"# L !!':$((,(> ,        r+c|ttf}||tjdd|jddSr})rMrrrGrrbr)r(rs r*test_rbcd_rc4_client_checksumz.S4UKerberosTests.test_rbcd_rc4_client_checksumsg !!! /02 !!':#+#C"%(,(>        r+c^|}||||diS)NF checksum_keysinclude_checksumsget_krbtgt_checksum_keymodified_ticket)r(rKrrs r*rz$S4UKerberosTests.remove_pac_checksums@4466 ##F2?7?6G$II Ir+cF|}||}|j}tj|tj|tj|i}|tjkr|}n|}t|j|j ||<| |||diSNTr) get_krbtgt_credsrdecryption_keyrrrrrrLkvnor)r(rKr krbtgt_creds krbtgt_key server_keyr zeroed_keys r*rz$S4UKerberosTests.zeroed_pac_checksums,,.. 88FF *   ):  ):  ,j w4 4 4#JJ#J"3JN4>O#E#E h##F2?7?6F$HH Hr+cV|}||}|j}tj|tj|tj|tj|i}||}t|j |j } || _ | ||<| |||diSr) rrrrrrrPAC_TYPE_FULL_CHECKSUMrrLrrPr) r(rKrrPrrrrrLnew_keys r*rz%S4UKerberosTests.unkeyed_pac_checksums,,.. 88FF *   ):  ):  ,j  *J  H%&sw99 ") h##F2?7?6F$HH Hr+cr|}||tj}|j}t j|t j|t j|t j |i}t jdt jdt jdt j di}| |||S)N)rvTr) rrr RC4rrrrrrr)r(rKrrc4_krbtgt_keyrrrs r*rz"S4UKerberosTests.rc4_pac_checksumss,,.. <<  =--*   ):  )>  ,n  *N    )4  )4  ,d  *D  ##F2?6G$II Ir+cjfd}}|||S)Nc(|j}tjd|Dt t t j}tj}t jd|_ ||_ t||_ tj }||_tj}tj|_||_||||_|xjdz c_|S)Nc3$K|] }|jV dSr!)type).0buffers r* zNS4UKerberosTests.add_delegation_info..modify_pac_fn..s$DDffkDDDDDDr+test_proxy_targetr-)buffersr+rPAC_TYPE_CONSTRAINED_DELEGATIONlistmaprStringPAC_CONSTRAINED_DELEGATION proxy_targettransited_serviceslennum_transited_servicesPAC_CONSTRAINED_DELEGATION_CTRinfo PAC_BUFFERrr0 num_buffers)r pac_buffersr delegationr pac_bufferr(r]s r* modify_pac_fnz;S4UKerberosTests.add_delegation_info..modify_pac_fns+K   WDDD DDD F F F"&c#*h&?&?!@!@  ;==J&)j1D&E&EJ #,>J )034F0G0GJ -9;;D"DI +--J%EJO"JO   z * * *%CK OOq OOJr+)rrr)r(rKr]rrs` ` r*r^z$S4UKerberosTests.add_delegation_infos]      44466 ##F2?2?$AA Ar+Tctj|jd|}|r|}nd}|||||S)Nr4)rvalue) modify_fnrr)rrmodify_ticket_flagrr)r(rKrrrrs r*rz'S4UKerberosTests.set_ticket_forwardable sq%d&=+8,0222   ! 88::MM M##F.72?9M$OO Or+c0||dS)NT) exclude_pac)r)r(rKs r*rz"S4UKerberosTests.remove_ticket_pacs$##F04$66 6r+r!)T)N__name__ __module__ __qualname__r#rrrrrrrrrrrrrrrr rrrrGrMrPrRrTrVr`rcrfrirkrmrprsrurwr{rrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrr^rr __classcell__)r)s@r*rr;sy))))) EEEER''' ''''''''''''s's's'n   &         &&&$6$\'\'\'|222                              $      "   "("      "   "&   ,$   *". mY^Y_EN.:2<* IIIHHH0HHH.III2AAAAB O O O O6666666r+r__main__)1sysospathinsertenvironrsambarr samba.dcerpcrrr samba.testsr samba.tests.krb5.kcryptor r samba.tests.krb5.kdc_base_testr samba.tests.krb5.raw_testcaserr"samba.tests.krb5.rfc4120_constantsrrrrrrrrrrrrrrsamba.tests.krb5.rfc4120_pyasn1testskrb5rfc4120_pyasn1r]r$r&rrunittestmainrr+r*rs & < !$  //////////))))))77777777666666 433333333333b6b6b6b6b6{b6b6b6J/ zNOOOHMOOOOO r+