HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux spn-python 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64
User: arjun (1000)
PHP: 8.1.2-1ubuntu2.20
Disabled: NONE
Upload Files
File: //lib/python3/dist-packages/samba/tests/krb5/__pycache__/kdc_tgs_tests.cpython-310.pyc
o

eF�cZ��@s<ddlZddlZddlZddlmZmZddlmZmZej	�
dd�dejd<ddlm
mmZddlmZddlmZdd	lmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'ddl(m
mm)Z*d
Z+d
Z,Gdd�de�Z-Gd
d�de-�Z.e/dkr�d
Z+d
Z,ddl0Z0e0�1�dSdS)�N)�dsdb�ntstatus)�krb5pac�securityz
bin/python�1�PYTHONUNBUFFERED)�KDCBaseTest)�Krb5EncryptionKey)�AES256_CTS_HMAC_SHA1_96�ARCFOUR_HMAC_MD5�	KRB_ERROR�KRB_TGS_REP�KDC_ERR_BADKEYVER�KDC_ERR_BADMATCH�KDC_ERR_ETYPE_NOSUPP�KDC_ERR_GENERIC�KDC_ERR_MODIFIED�KDC_ERR_NOT_US�KDC_ERR_POLICY�KDC_ERR_PREAUTH_REQUIRED�KDC_ERR_C_PRINCIPAL_UNKNOWN�KDC_ERR_S_PRINCIPAL_UNKNOWN�KDC_ERR_TGT_REVOKED�KRB_ERR_TKT_NYV�KDC_ERR_WRONG_REALM�NT_PRINCIPAL�NT_SRV_INSTFc@sLeZdZ	d	dd�Z																					d
dd�ZdS)�KdcTgsBaseTestsNcCsD|��}|jt|�d�d�}|��}|jtd|dd�gd�}	|r$|	}
n|jt|gd�}
|��}|��}|jdd�}
|j||d�}|j}d}t	�
|�}|rRt|f}nt}|jd!id	|�d
|�d|	�d|
�d
|�d|�d|�d|�d|�d|	�d|�d|�d|�dd�d|�dd�d|��\}}|�
|�|�t|d�|d}|r�|�||�||kr�dSn|�||�|d}|�||d|���}|�|�}|g}|��}|jd!id	|�d
|�d|	�d|
�d
|�d|�d|�d|�d|�d|
�d|�d|�d|�d|�d|�d|�d|�dd��\}}|�r|�||�dS|�|�|d S)"N�/��	name_type�names�host���i����offset��etypez/forwardable,renewable,canonicalize,renewable-ok�cname�realm�sname�till�client_as_etypes�expected_error_mode�expected_crealm�expected_cname�expected_srealm�expected_sname�
expected_salt�expected_supported_etypes�etypes�padata�kdc_options�preauth_key�ticket_decryption_key�msg-type�
error-code�preauth_etype_info2r�expect_edataF�rep_ticket_creds�)�get_username�PrincipalName_creater�split�	get_realm�get_salt�get_KerberosTime�TicketDecryptionKey_from_creds�tgs_supported_enctypes�	krb5_asn1�
KDCOptionsr�_test_as_exchange�assertIsNotNone�assertEqualr�assertIn�PasswordKey_from_etype_info2�get_kvno�"get_enc_timestamp_pa_data_from_key�upper�check_error_rep�check_as_reply)�self�creds�expected_error�target_credsr'�expected_ticket_etype�	user_namer(�target_namer*r1r)�saltr+r8�expected_etypesr6�
initial_error�rep�kdc_exchange_dict�
error_code�etype_info2r7�
ts_enc_padatar5�expected_realmr>r>�@/usr/lib/python3/dist-packages/samba/tests/krb5/kdc_tgs_tests.py�_as_req@s������


��������	�
���
�����
��

��������	�
���
������
zKdcTgsBaseTests._as_req�0FTc'	Csn|durd}n|dur|��}|
durd}
|dur|��}n1|
durI|��}|dkr4|jt||gd�}
n|ddkr@|dd�}|jtd|gd�}
|durO|
}|dur[|jg}|j}n	d}|j||d�}|�	|jj
�}|dur�|�	|j
�}|�||j�}t�
|j|jdd	�}t|d�}|j} |j}!d
}"n
d}d}d} d}!d}"|dur�ttf}|r�|j}#d}$nd}#|j}$|dur�|j}|jd)id|j�d|�d
|�d|�d|�d|	�d| �d|!�d|#�d|$�d|j�d|�d|�d|�d|�d|�d|�d|"�d|�d|�d|�d |�d!|�d"|�d#|�d$|�d%|�d&|��}%|j|%d||
|
||d'�}&|�r-|�|&|�dS|�|&t�|%d(S)*NF�krbtgtrr#�$r"r&s
explicitarmorstgsarmorrr.r/r0r1r8�generate_padata_fn�generate_fast_fn�generate_fast_armor_fn�check_error_fn�check_rep_fn�check_kdc_private_fnr-�expected_status�tgt�	armor_key�	armor_tgt�armor_subkey�pac_options�authenticator_subkeyr6r3r<�
expect_pac�expect_pac_attrs�expect_pac_attrs_pac_request�expect_requester_sid�expected_sid�
expect_claims)r(r)r*�	till_timer4�additional_ticketsr=r>)rB�get_krbtgt_snamer?r@rr�ticket�session_keyrE�	RandomKeyr'�generate_armor_key�kcrypto�cf2�keyr	�generate_simple_fast�generate_ap_reqr
r�generic_check_kdc_error�generic_check_kdc_repr(�tgs_exchange_dict�crealm�generic_check_kdc_private�_generic_kdc_exchangerQ�check_replyr
)'rSrorUrVrqr6r/r1�additional_ticketrhr*�srealm�use_fastr+rzr4rWr3rurvrwrxr<ryrnrYr|�decryption_key�subkeyrr�explicit_armor_keyrprirjrsrkrlr^r]r>r>rc�_tgs_req�s������

��������	�
���
�����������������zKdcTgsBaseTests._tgs_req�N)NreNNNNNNFNTNNNTNNNFNN)�__name__�
__module__�__qualname__rdr�r>r>r>rcr?s2
�l�rcsb	eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Z d=d>�Z!d?d@�Z"dAdB�Z#dCdD�Z$dEdF�Z%dGdH�Z&dIdJ�Z'dKdL�Z(dMdN�Z)dOdP�Z*dQdR�Z+dSdT�Z,dUdV�Z-dWdX�Z.dYdZ�Z/d[d\�Z0d]d^�Z1d_d`�Z2dadb�Z3dcdd�Z4dedf�Z5dgdh�Z6didj�Z7dkdl�Z8dmdn�Z9dodp�Z:dqdr�Z;dsdt�Z<dudv�Z=dwdx�Z>dydz�Z?d{d|�Z@d}d~�ZAdd��ZBd�d��ZCd�d��ZDd�d��ZEd�d��ZFd�d��ZGd�d��ZHd�d��ZId�d��ZJd�d��ZKd�d��ZLd�d��ZMd�d��ZNd�d��ZOd�d��ZPd�d��ZQd�d��ZRd�d��ZSd�d��ZTd�d��ZUd�d��ZVd�d��ZWd�d��ZXd�d��ZYd�d��ZZd�d��Z[d�d��Z\d�d��Z]d�d��Z^d�d��Z_d�d��Z`d�d��Zad�d��Zbd�d„Zcd�dĄZdd�dƄZed�dȄZfd�dʄZgd�d̄Zhd�d΄Zid�dЄZjd�d҄Zkd�dԄZld�dքZmd�d؄Znd�dڄZod�d܄Zpd�dބZqd�d�Zrd�d�Zsd�d�Ztd�d�Zud�d�Zvd�d�Zwd�d�Zxd�d�Zyd�d�Zzd�d�Z{d�d�Z|d�d��Z}d�d��Z~d�d��Zd�d��Z�d�d��Z�d��d�Z��d�d�Z��d�d�Z��d�d�Z��d�d�Z��d	�d
�Z��d�d�Z��d
�d�Z��d�d�Z��d�d�Z��d�d�Z��d�d�Z��d�d�Z��d�d�Z��d�d�Z��d�d�Z��d�d �Z��d!�d"�Z��d#�d$�Z��d%�d&�Z��d'�d(�Z��d)�d*�Z��d+�d,�Z��d-�d.�Z��d/�d0�Z��d1�d2�Z��d3�d4�Z��d5�d6�Z��d7�d8�Z��d9�d:�Z��d;�d<�Z��d=�d>�Z��d?�d@�Z��dA�dB�Z��dC�dD�Z��dE�dF�Z��dG�dH�Z��dI�dJ�Z��dK�dL�Z��dM�dN�Z��dO�dP�Z��dQ�dR�Z��dS�dT�Z��dU�dV�Z��dW�dX�Z��dY�dZ�Z��d[�d\�Z��d]�d^�Z��d_�d`�Z��da�db�Z��dc�dd�Z��de�df�Z��dg�dh�Z��di�dj�Z��dk�dl�Z��dm�dn�Z��do�dp�Z��dq�dr�Z��ds�dt�Z��du�dv�Z��dw�dx�Z��dy�dz�Z��d{�d|�Z��d}�d~�Z��d�d��Zd��d��ZÐd��d��ZĐd��d��ZŐd��d��ZƐd��d��Zǐd��d��ZȐd��d��Zɐd��d��Zʐd��d��Zːd��d��Z̐d��d��Z͐d��d��Zΐd��d��Zϐd��d��ZАd��d��Zѐ	��	��	��	��	��	��	��	��	��	��	��	��d��d��d��ZҐ	��	��	��	��	��	��	��	��	��	��	��	��	��	��d��d��d��ZӐd��d��ZԐd��d��ZՐ	��	��	��d��d��d��Z֐	��	��	��d��d��d��Zאd��d��Zؐd��d��Zِ	��	��	��	��d��d��d��Zڐ	��	��	��dd��d��Zې	��	��	��	��	��dd��d��Zܐ	��	��dÐd��d��Zݐ	��	��	��dĐd��d��Zސ	��dŐd��d��Z߇Z�S(��KdcTgsTestscst���t|_t|_dSr�)�super�setUp�global_asn1_print�
do_asn1_print�global_hexdump�
do_hexdump�rS��	__class__r>rcr�7s

zKdcTgsTests.setUpc
CsL|��}d}|�||�\}}|����}tf}|jt|gd�}|jtd|gd�}|�||||�}	|�	|	�|�
||	�}
|�||	�}|j|||||
gd�}	|�|	�|�
||	�}|�|d�}|	d}
|jtdgd�}|jtd|��gd�}|j||||
||td	d
�\}	}|�|d|	|f�|�t|	dd
|	�|�t|	dd
|	�dS)z| Try and obtain a ticket from the TGS, but supply a cname
            that differs from that provided to the krbtgt
        �	tsttktusrrrf�r5r�r~�
Administratorr"F)r-r<zrep = {%s}, enc_part = {%s}r9z
rep = {%s}r:N)�	get_samdb�create_accountrB�lowerr
r@rr�as_req�check_pre_authentication�get_enc_timestamp_pa_data�get_as_rep_keyrR�get_as_rep_enc_data�EncryptionKey_import�
host_dns_name�tgs_reqr�assertIsNonerKr)rS�samdbrX�uc�_r)r'r(r*r]r5r��	enc_part2r~�enc_partr>r>rc�9test_tgs_req_cname_does_not_not_match_authenticator_cname<sT��

�
�
�
��zEKdcTgsTests.test_tgs_req_cname_does_not_not_match_authenticator_cnamec	Cs|��}d}|�||�\}}|����}tf}|jt|gd�}|jtd|gd�}|�||||�}	|�	|	�|�
||	�}
|�||	�}|j|||||
gd�}	|�|	�|�
||	�}|�|d�}|	d}
|jtd|��gd�}|j|||��|
|||��d�\}	}|�|	�d	S)
z)Get a ticket to the ldap service
        r�rrfr�r�r~�ldap��
service_credsN)r�r�rBr�r
r@rrr�r�r�r�rRr�r�r�r��get_dc_creds�check_tgs_reply)rSr�rXr�r�r)r'r(r*r]r5r�r�r~r>r>rc�test_ldap_service_ticketqs:��


�
�z$KdcTgsTests.test_ldap_service_ticketc	Cs�|��}d}|�||�\}}|j|d|jjd�\}}|����}ttf}|jt	|gd�}	|jt
d|gd�}
|�|	|
||�}|�|�|�
||�}|�||�}
|j|	|
|||gd�}|�|�|d}|�|
|�}|�|d�}
|jt	|gd�}	|jt	|��gd�}
|j|	|
|��||
||d	�\}}|�|�|d}|�||�}|�|d
�}|�||�}d|��|f}|�|��t|j�d||f�|�|��|jd||f�|�|��|jd||f�|�||jd||f�|�||jd||f�dS)
Nr��	tsttktmac)�account_typerrfr�r~r�r�zauthorization-dataz%s@%sz
rep = {%s},%s)r�r��AccountType�COMPUTERrBr�r
rr@rrr�r�r�r�rRr�r�r?r�r��decode_service_ticket�get_pac_data�
get_objectSidrK�str�account_name�
logon_name�domain_name�upn�account_sid)rSr�rXr��dn�mcr�r)r'r(r*r]r5r�r~r�r��pac_data�sidr�r>r>rc�3test_get_ticket_for_host_service_of_machine_account�s�
���

��
�

�
�
�
�
�z?KdcTgsTests.test_get_ticket_for_host_service_of_machine_accountcCsT|��}|��}|�|�}|�|�}|�|�|�|||�}|�|�}|�|�dSr�)�get_client_creds�get_service_creds�get_tgt�get_ticket_pacrJ�_make_tgs_request�rS�client_credsr�ro�pacr~r>r>rc�test_request�s



zKdcTgsTests.test_requestcCsb|��}|��}|j|dd�}|�|�}|�|�|j|||ddd�}|j|dd�}|�|�dS)NF��pac_request�r�ru�ru)r�r�r�r�rJr�r�r�r>r>rc�test_request_no_pac�s


�zKdcTgsTests.test_request_no_paccCsb|j|jjddid�}|��}|�|�}|�|�}|�|�|�|||�}|�|�}|�|�dS)N�no_auth_data_requiredT�r��opts��get_cached_credsr��USERr�r�r�rJr�r�r>r>rc�!test_client_no_auth_data_required�s�



z-KdcTgsTests.test_client_no_auth_data_requiredcCsh|j|jjddid�}|��}|�|�}|�|�}|�|�|j|||ddd�}|�|�}|�|�dS)Nr�Tr�Fr�r�r�r>r>rc�(test_no_pac_client_no_auth_data_requireds�



�
z4KdcTgsTests.test_no_pac_client_no_auth_data_requiredcCsj|��}|j|jjddid�}|�|�}|�|�}|�|�|j|||dd�}|j|dd�}|�|�dS)Nr�Tr�Fr��	r�r�r�r�r�r�rJr�r�r�r>r>rc�"test_service_no_auth_data_required s�



�z.KdcTgsTests.test_service_no_auth_data_requiredcCsp|��}|j|jjddid�}|j|dd�}|�|�}|�|�|j|||ddd�}|j|dd�}|�|�dS)Nr�Tr�Fr�r�r�r�r�r>r>rc�)test_no_pac_service_no_auth_data_required1s�


�z5KdcTgsTests.test_no_pac_service_no_auth_data_requiredcCs`|��}|j|jjddid�}|j|�|�dd�}|j|dd�}|�|�|j|||dd�dS�Nr�Tr���exclude_pacFr���expect_error)	r�r�r�r��modified_ticketr�r�r�r��rSr�r�ror�r>r>rc�-test_remove_pac_service_no_auth_data_requiredBs��


�z9KdcTgsTests.test_remove_pac_service_no_auth_data_requiredcCs`|j|jjddid�}|��}|j|�|�dd�}|j|dd�}|�|�|j|||dd�dSr�)	r�r�r�r�r�r�r�r�r�r�r>r>rc�,test_remove_pac_client_no_auth_data_requiredQs��


�z8KdcTgsTests.test_remove_pac_client_no_auth_data_requiredcCsR|��}|��}|j|�|�dd�}|j|dd�}|�|�|j|||dd�dS)NTr�Fr�r�)r�r�r�r�r�r�r�r�r>r>rc�test_remove_pac`s�


�zKdcTgsTests.test_remove_paccC�|��}|�|�dSr�)r��_run_upn_dns_info_ex_test�rSr�r>r>rc�test_upn_dns_info_ex_userm�z%KdcTgsTests.test_upn_dns_info_ex_usercCr�r�)�get_mach_credsr��rS�
mach_credsr>r>rc�test_upn_dns_info_ex_macqr�z$KdcTgsTests.test_upn_dns_info_ex_maccC�$|j|jjddid�}|�|�dS)Nr�zupn_dns_info_test_upn0@barr�)r�r�r�r�r�r>r>rc�test_upn_dns_info_ex_upn_useru�
�z)KdcTgsTests.test_upn_dns_info_ex_upn_usercCr�)Nr�zupn_dns_info_test_upn1@barr�)r�r�r�r�r�r>r>rc�test_upn_dns_info_ex_upn_mac{r�z(KdcTgsTests.test_upn_dns_info_ex_upn_macc
Cs�|��}|��}|��}|��}|��}|dur%|����}|�d|��}|�||�}|j||||d�}	|j	|||	|||d�dS)N�@)�expected_account_name�expected_upn_namery)
r�r��get_dnr?�get_upnrBr�r�r�r�)
rSr�r�r�r�r��upn_namer)r�ror>r>rcr��s&�

�z%KdcTgsTests._run_upn_dns_info_ex_testcCs$|��}|�|�}|j|dd�dS�Nr�rU��
_get_creds�_get_tgt�_run_tgs�rSrTror>r>rc�test_tgs_req�s
zKdcTgsTests.test_tgs_reqcC�.|��}|j|dd�}|j|ddddd�dS)NT��	renewabler�rUrvrwrx�r	r
�
_renew_tgtrr>r>rc�test_renew_req��
�zKdcTgsTests.test_renew_reqcCr)NT��invalidrr�r	r
�
_validate_tgtrr>r>rc�test_validate_req�rzKdcTgsTests.test_validate_reqcC�&|��}|�|�}|j||dd�dSr�r	r
�	_s4u2selfrr>r>rc�test_s4u2self_req��
zKdcTgsTests.test_s4u2self_reqcCrr�r	r
�
_user2userrr>r>rc�test_user2user_req�rzKdcTgsTests.test_user2user_reqcCrr)r	r
�_fastrr>r>rc�
test_fast_req�rzKdcTgsTests.test_fast_reqcC�(|��}|j|dd�}|j|td�dS�NTrr)r	r
rrrr>r>rc�test_tgs_req_invalid��z KdcTgsTests.test_tgs_req_invalidcC�*|��}|j|dd�}|j||td�dSr&)r	r
rrrr>r>rc�test_s4u2self_req_invalid��z%KdcTgsTests.test_s4u2self_req_invalidcCr)r&)r	r
r!rrr>r>rc�test_user2user_req_invalid�r+z&KdcTgsTests.test_user2user_req_invalidcC�0|��}|j|dd�}|j||t|��d�dS)NTr�rUr1)r	r
r#rr}rr>r>rc�test_fast_req_invalid��


�z!KdcTgsTests.test_fast_req_invalidcCr%)NT)�remove_requester_sidr�r	r
rrrr>r>rc�test_tgs_req_no_requester_sid�sz)KdcTgsTests.test_tgs_req_no_requester_sidcCs,|��}|j|dd�}|j|dddd�dS)NT)�remove_pac_attrsrF�rUrurvrrr>r>rc�test_tgs_req_no_pac_attrs�s


�z%KdcTgsTests.test_tgs_req_no_pac_attrscC�0|jddd�}|j|ddd�}|j|td�dS)NT��replication_allowed�revealed_to_rodc)�	from_rodcr1rr2rr>r>rc�'test_tgs_req_from_rodc_no_requester_sid�s
�z3KdcTgsTests.test_tgs_req_from_rodc_no_requester_sidcCs4|jddd�}|j|ddd�}|j|dddd�dS)NTr8)r;r4rFr5rrr>r>rc�#test_tgs_req_from_rodc_no_pac_attrs�s�

�z/KdcTgsTests.test_tgs_req_from_rodc_no_pac_attrscCr%�NT��
remove_pacrr2rr>r>rc�test_tgs_no_pac�r(zKdcTgsTests.test_tgs_no_paccC�*|��}|j|ddd�}|j|td�dS)NT)rr@r�r	r
rrrr>r>rc�test_renew_no_pac��zKdcTgsTests.test_renew_no_paccCrB)NT)rr@r�r	r
rrrr>r>rc�test_validate_no_pac�rEz KdcTgsTests.test_validate_no_paccCs,|��}|j|dd�}|j||tdd�dS)NTr?F�rUr<�r	r
rrrr>r>rc�test_s4u2self_no_pac�s
�z KdcTgsTests.test_s4u2self_no_paccCr)r>�r	r
r!rrr>r>rc�test_user2user_no_pacr+z!KdcTgsTests.test_user2user_no_paccCr-)NTr?r.�r	r
r#rr}rr>r>rc�test_fast_no_pac	r0zKdcTgsTests.test_fast_no_paccCrB�NT�r@�allow_empty_authdatarr2rr>r>rc�test_tgs_authdata_no_pacrEz$KdcTgsTests.test_tgs_authdata_no_paccC�,|��}|j|dddd�}|j|td�dS)NT)rr@rQrrCrr>r>rc�test_renew_authdata_no_pac�

�z&KdcTgsTests.test_renew_authdata_no_paccCrS)NT)rr@rQrrFrr>r>rc�test_validate_authdata_no_pacrUz)KdcTgsTests.test_validate_authdata_no_paccCs.|��}|j|ddd�}|j||tdd�dS)NTrPFrHrIrr>r>rc�test_s4u2self_authdata_no_pac!s
�z)KdcTgsTests.test_s4u2self_authdata_no_paccCs,|��}|j|ddd�}|j||td�dSrOrKrr>r>rc�test_user2user_authdata_no_pac(sz*KdcTgsTests.test_user2user_authdata_no_paccCs2|��}|j|ddd�}|j||t|��d�dS)NTrPr.rMrr>r>rc�test_fast_authdata_no_pac-s


�z%KdcTgsTests.test_fast_authdata_no_paccC�0|��}|��}|j||d�}|j|td�dS�N��new_ridr�r	�_get_existing_ridr
rr�rSrT�existing_ridror>r>rc�test_tgs_sid_mismatch_existing4�z*KdcTgsTests.test_tgs_sid_mismatch_existingcC�2|��}|��}|j|d|d�}|j|td�dS�NT)rr]r�r	r_r
rrr`r>r>rc� test_renew_sid_mismatch_existing:�z,KdcTgsTests.test_renew_sid_mismatch_existingcCrd�NT)rr]r�r	r_r
rrr`r>r>rc�#test_validate_sid_mismatch_existing@rhz/KdcTgsTests.test_validate_sid_mismatch_existingcC�2|��}|��}|j||d�}|j||td�dSr[�r	r_r
rrr`r>r>rc�#test_s4u2self_sid_mismatch_existingF�
�z/KdcTgsTests.test_s4u2self_sid_mismatch_existingcCrlr[�r	r_r
r!rr`r>r>rc�$test_user2user_sid_mismatch_existingMroz0KdcTgsTests.test_user2user_sid_mismatch_existingcC�8|��}|��}|j||d�}|j||t|��d�dS�Nr\r.�r	r_r
r#rr}r`r>r>rc�test_fast_sid_mismatch_existingT�
�z+KdcTgsTests.test_fast_sid_mismatch_existingcC�2|��}|��}|j||dd�}|j|td�dS�NF)r]�can_modify_logon_inforr^r`r>r>rc�$test_requester_sid_mismatch_existing\��z0KdcTgsTests.test_requester_sid_mismatch_existingcC�2|��}|��}|j||dd�}|j|dd�dS�NF)r]�can_modify_requester_sidrr�r	r_r
rr`r>r>rc�%test_logon_info_sid_mismatch_existingcr{z1KdcTgsTests.test_logon_info_sid_mismatch_existingcCrw�NT)r]r1rr^r`r>r>rc�*test_logon_info_only_sid_mismatch_existingjr{z6KdcTgsTests.test_logon_info_only_sid_mismatch_existingcCrZr[�r	�_get_non_existent_ridr
rr�rSrT�nonexistent_ridror>r>rc�!test_tgs_sid_mismatch_nonexistingrrcz-KdcTgsTests.test_tgs_sid_mismatch_nonexistingcCrdre�r	r�r
rrr�r>r>rc�#test_renew_sid_mismatch_nonexistingxr{z/KdcTgsTests.test_renew_sid_mismatch_nonexistingcCrdri�r	r�r
rrr�r>r>rc�&test_validate_sid_mismatch_nonexistingr{z2KdcTgsTests.test_validate_sid_mismatch_nonexistingcCrlr[�r	r�r
rrr�r>r>rc�&test_s4u2self_sid_mismatch_nonexisting�roz2KdcTgsTests.test_s4u2self_sid_mismatch_nonexistingcCrlr[�r	r�r
r!rr�r>r>rc�'test_user2user_sid_mismatch_nonexisting�roz3KdcTgsTests.test_user2user_sid_mismatch_nonexistingcCrrrs�r	r�r
r#rr}r�r>r>rc�"test_fast_sid_mismatch_nonexisting�rvz.KdcTgsTests.test_fast_sid_mismatch_nonexistingcCrwrxr�r�r>r>rc�'test_requester_sid_mismatch_nonexisting�r{z3KdcTgsTests.test_requester_sid_mismatch_nonexistingcCr|r}�r	r�r
rr�r>r>rc�(test_logon_info_sid_mismatch_nonexisting�r{z4KdcTgsTests.test_logon_info_sid_mismatch_nonexistingcCrwr�r�r�r>r>rc�-test_logon_info_only_sid_mismatch_nonexisting�r{z9KdcTgsTests.test_logon_info_only_sid_mismatch_nonexistingcCs.|jddd�}|j|dd�}|j|dd�dS�NTr8�r;rrrrr>r>rc�test_tgs_rodc_revealed��
�z"KdcTgsTests.test_tgs_rodc_revealedcC�4|jddd�}|j|ddd�}|j|dddd�dS)NTr8�rr;rF�rUrvrxrrr>r>rc�test_renew_rodc_revealed���
�z$KdcTgsTests.test_renew_rodc_revealedcCr�)NTr8�rr;rFr�rrr>r>rc�test_validate_rodc_revealed�r�z'KdcTgsTests.test_validate_rodc_revealedcC�0|jddd�}|j|dd�}|j||dd�dSr�rrr>r>rc�test_s4u2self_rodc_revealed��
�z'KdcTgsTests.test_s4u2self_rodc_revealedcCr�r�r rr>r>rc�test_user2user_rodc_revealed�r�z(KdcTgsTests.test_user2user_rodc_revealedcCs>|jddd�}|jddd�}|j|d|d�}|j|td�dS�NTr8�r;r]rr^r`r>r>rc�#test_tgs_rodc_sid_mismatch_existing�s��z/KdcTgsTests.test_tgs_rodc_sid_mismatch_existingcC�@|jddd�}|jddd�}|j|dd|d�}|j|td�dS�NTr8)rr;r]rrfr`r>r>rc�%test_renew_rodc_sid_mismatch_existing����
�z1KdcTgsTests.test_renew_rodc_sid_mismatch_existingcCr��NTr8)rr;r]rrjr`r>r>rc�(test_validate_rodc_sid_mismatch_existing�r�z4KdcTgsTests.test_validate_rodc_sid_mismatch_existingcC�@|jddd�}|jddd�}|j|d|d�}|j||td�dSr�rmr`r>r>rc�(test_s4u2self_rodc_sid_mismatch_existing�s��z4KdcTgsTests.test_s4u2self_rodc_sid_mismatch_existingcCr�r�rpr`r>r>rc�)test_user2user_rodc_sid_mismatch_existing�s��
�z5KdcTgsTests.test_user2user_rodc_sid_mismatch_existingcCsF|jddd�}|jddd�}|j|d|d�}|j||t|��d�dS�NTr8r�r.rtr`r>r>rc�$test_fast_rodc_sid_mismatch_existings��
�z0KdcTgsTests.test_fast_rodc_sid_mismatch_existingcCs@|jddd�}|jddd�}|j|d|dd�}|j|td�dS�NTr8F)r;r]ryrr^r`r>r>rc�-test_tgs_rodc_requester_sid_mismatch_existing
r�z9KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_existingcCs@|jddd�}|jddd�}|j|d|dd�}|j|dd�dS�NTr8F)r;r]r~rrrr`r>r>rc�.test_tgs_rodc_logon_info_sid_mismatch_existingr�z:KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_existingcCs@|jddd�}|jddd�}|j|d|dd�}|j|td�dS�NTr8)r;r]r1rr^r`r>r>rc�3test_tgs_rodc_logon_info_only_sid_mismatch_existingr�z?KdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_existingcCs8|jddd�}|��}|j|d|d�}|j|td�dSr�r�r�r>r>rc�&test_tgs_rodc_sid_mismatch_nonexisting*s�z2KdcTgsTests.test_tgs_rodc_sid_mismatch_nonexistingcC�:|jddd�}|��}|j|dd|d�}|j|td�dSr�r�r�r>r>rc�(test_renew_rodc_sid_mismatch_nonexisting1��
�z4KdcTgsTests.test_renew_rodc_sid_mismatch_nonexistingcCr�r�r�r�r>r>rc�+test_validate_rodc_sid_mismatch_nonexisting9r�z7KdcTgsTests.test_validate_rodc_sid_mismatch_nonexistingcC�:|jddd�}|��}|j|d|d�}|j||td�dSr�r�r�r>r>rc�+test_s4u2self_rodc_sid_mismatch_nonexistingAs�z7KdcTgsTests.test_s4u2self_rodc_sid_mismatch_nonexistingcCr�r�r�r�r>r>rc�,test_user2user_rodc_sid_mismatch_nonexistingHs�
�z8KdcTgsTests.test_user2user_rodc_sid_mismatch_nonexistingcCs@|jddd�}|��}|j|d|d�}|j||t|��d�dSr�r�r�r>r>rc�'test_fast_rodc_sid_mismatch_nonexistingPs�
�z3KdcTgsTests.test_fast_rodc_sid_mismatch_nonexistingcCs:|jddd�}|��}|j|d|dd�}|j|td�dSr�r�r�r>r>rc�0test_tgs_rodc_requester_sid_mismatch_nonexistingYr�z<KdcTgsTests.test_tgs_rodc_requester_sid_mismatch_nonexistingcCs:|jddd�}|��}|j|d|dd�}|j|dd�dSr�r�r�r>r>rc�1test_tgs_rodc_logon_info_sid_mismatch_nonexistingar�z=KdcTgsTests.test_tgs_rodc_logon_info_sid_mismatch_nonexistingcCs:|jddd�}|��}|j|d|dd�}|j|td�dSr�r�r�r>r>rc�6test_tgs_rodc_logon_info_only_sid_mismatch_nonexistingir�zBKdcTgsTests.test_tgs_rodc_logon_info_only_sid_mismatch_nonexistingcC�,|jdd�}|j|dd�}|j|td�dS�NT�r9r�rr2rr>r>rc�test_tgs_rodc_not_revealedssz&KdcTgsTests.test_tgs_rodc_not_revealedcC�.|jdd�}|j|ddd�}|j|td�dS)NTr�r�rrCrr>r>rc�test_renew_rodc_not_revealedy�z(KdcTgsTests.test_renew_rodc_not_revealedcCr�)NTr�r�rrFrr>r>rc�test_validate_rodc_not_revealed~r�z+KdcTgsTests.test_validate_rodc_not_revealedcC�.|jdd�}|j|dd�}|j||td�dSr�rIrr>r>rc�test_s4u2self_rodc_not_revealed��z+KdcTgsTests.test_s4u2self_rodc_not_revealedcCr�r�rKrr>r>rc� test_user2user_rodc_not_revealed�r�z,KdcTgsTests.test_user2user_rodc_not_revealedcC�6|jddd�}|j|dd�}|��|j|td�dS�NTr8r�r)r	r
�_remove_rodc_partial_secretsrrrr>r>rc� test_tgs_rodc_no_partial_secrets���z,KdcTgsTests.test_tgs_rodc_no_partial_secretscC�8|jddd�}|j|ddd�}|��|j|td�dS�NTr8r�r)r	r
r�rrrr>r>rc�"test_renew_rodc_no_partial_secrets���z.KdcTgsTests.test_renew_rodc_no_partial_secretscCr��NTr8r�r)r	r
r�rrrr>r>rc�%test_validate_rodc_no_partial_secrets�r�z1KdcTgsTests.test_validate_rodc_no_partial_secretscC�8|jddd�}|j|dd�}|��|j||td�dSr�)r	r
r�rrrr>r>rc�%test_s4u2self_rodc_no_partial_secrets���z1KdcTgsTests.test_s4u2self_rodc_no_partial_secretscCr�r�)r	r
r�r!rrr>r>rc�&test_user2user_rodc_no_partial_secrets�r�z2KdcTgsTests.test_user2user_rodc_no_partial_secretscC�>|jddd�}|j|dd�}|��|j||t|��d�dS�NTr8r�r.)r	r
r�r#rr}rr>r>rc�!test_fast_rodc_no_partial_secrets���

�z-KdcTgsTests.test_fast_rodc_no_partial_secretscCr�r�)r	r
�_remove_rodc_krbtgt_linkrrrr>r>rc�test_tgs_rodc_no_krbtgt_link�r�z(KdcTgsTests.test_tgs_rodc_no_krbtgt_linkcCr�r�)r	r
r�rrrr>r>rc�test_renew_rodc_no_krbtgt_link�r�z*KdcTgsTests.test_renew_rodc_no_krbtgt_linkcCr�r�)r	r
r�rrrr>r>rc�!test_validate_rodc_no_krbtgt_link�r�z-KdcTgsTests.test_validate_rodc_no_krbtgt_linkcCr�r�)r	r
r�rrrr>r>rc�!test_s4u2self_rodc_no_krbtgt_link�r�z-KdcTgsTests.test_s4u2self_rodc_no_krbtgt_linkcCr�r�)r	r
r�r!rrr>r>rc�"test_user2user_rodc_no_krbtgt_link�r�z.KdcTgsTests.test_user2user_rodc_no_krbtgt_linkcCr�r�)r	r
r�r#rr}rr>r>rc�test_fast_rodc_no_krbtgt_link�r�z)KdcTgsTests.test_fast_rodc_no_krbtgt_linkcCr��NT�r:r�rr2rr>r>rc�test_tgs_rodc_not_allowed�sz%KdcTgsTests.test_tgs_rodc_not_allowedcCr�)NTr�r�rrCrr>r>rc�test_renew_rodc_not_allowed�r�z'KdcTgsTests.test_renew_rodc_not_allowedcCr�)NTr�r�rrFrr>r>rc�test_validate_rodc_not_allowed�r�z*KdcTgsTests.test_validate_rodc_not_allowedcCr�r�rIrr>r>rc�test_s4u2self_rodc_not_allowed�r�z*KdcTgsTests.test_s4u2self_rodc_not_allowedcCr�r�rKrr>r>rc�test_user2user_rodc_not_allowed�r�z+KdcTgsTests.test_user2user_rodc_not_allowedcCs4|jdd�}|j|dd�}|j||t|��d�dS)NTr�r�r.rMrr>r>rc�test_fast_rodc_not_alloweds


�z&KdcTgsTests.test_fast_rodc_not_allowedcCs.|jddd�}|j|dd�}|j|td�dS�NT��replication_deniedr:r�rr2rr>r>rc�test_tgs_rodc_denied
r�z KdcTgsTests.test_tgs_rodc_deniedcCr7)NTr�r�rrCrr>r>rc�test_renew_rodc_denied�
�z"KdcTgsTests.test_renew_rodc_deniedcCr7)NTr�r�rrFrr>r>rc�test_validate_rodc_deniedr�z%KdcTgsTests.test_validate_rodc_deniedcC�0|jddd�}|j|dd�}|j||td�dSr�rIrr>r>rc�test_s4u2self_rodc_deniedr�z%KdcTgsTests.test_s4u2self_rodc_deniedcCr�r�rKrr>r>rc�test_user2user_rodc_denied"r�z&KdcTgsTests.test_user2user_rodc_deniedcCs6|jddd�}|j|dd�}|j||t|��d�dS)NTr�r�r.rMrr>r>rc�test_fast_rodc_denied(s�

�z!KdcTgsTests.test_fast_rodc_deniedcCs0|jdddd�}|j|dd�}|j|td�dS�NT�r9r�r:r�rr2rr>r>rc�test_tgs_rodc_allowed_denied1s�z(KdcTgsTests.test_tgs_rodc_allowed_deniedcC�2|jdddd�}|j|ddd�}|j|td�dS)NTr�r�rrCrr>r>rc�test_renew_rodc_allowed_denied8��z*KdcTgsTests.test_renew_rodc_allowed_deniedcCr)NTr�r�rrFrr>r>rc�!test_validate_rodc_allowed_denied?rz-KdcTgsTests.test_validate_rodc_allowed_deniedcC�2|jdddd�}|j|dd�}|j||td�dSr�rIrr>r>rc�!test_s4u2self_rodc_allowed_deniedF��z-KdcTgsTests.test_s4u2self_rodc_allowed_deniedcCrr�rKrr>r>rc�"test_user2user_rodc_allowed_deniedMrz.KdcTgsTests.test_user2user_rodc_allowed_deniedcCs8|jdddd�}|j|dd�}|j||t|��d�dS)NTr�r�r.rMrr>r>rc�test_fast_rodc_allowed_deniedTs�

�z)KdcTgsTests.test_fast_rodc_allowed_deniedcCs6|��}|j|tjjd�}|j|ttfdtj	d�dS�Nr&T)rUr<rn)
r	r
r��Enctype�RC4rrrr� NT_STATUS_INSUFFICIENT_RESOURCESrr>r>rc�test_tgs_rc4]s�
�zKdcTgsTests.test_tgs_rc4cC�8|��}|j|dtjjd�}|j|ttfdddd�dS)NT)rr'r)r	r
r�rrrrrrr>r>rc�test_renew_rc4e��
�zKdcTgsTests.test_renew_rc4cCr)NT)rr'r)r	r
r�rrrrrrr>r>rc�test_validate_rc4nrzKdcTgsTests.test_validate_rc4cCs8|��}|j|tjjd�}|j||ttfdtj	d�dSr
)
r	r
r�rrrrrrr
rr>r>rc�test_s4u2self_rc4ws
�
�zKdcTgsTests.test_s4u2self_rc4cCs.|��}|j|tjjd�}|j||td�dS)Nr&r)r	r
r�rrr!rrr>r>rc�test_user2user_rc4szKdcTgsTests.test_user2user_rc4cCs2|��}|j|tjjd�}|j||t|jd�dS)Nr&rH)r	r
r�rrr#r�expect_padata_outerrr>r>rc�
test_fast_rc4�s


�zKdcTgsTests.test_fast_rc4cCsB|��}|�|�}|��}|jtd|gd�}|j|||td�dS)Nr"r�r*rU)r	r
r?r@rr!r�rSrTrorXr*r>r>rc�"test_user2user_matching_sname_host�s
�

�z.KdcTgsTests.test_user2user_matching_sname_hostcCs@|��}|�|�}|��}|jt|gd�}|j|||dd�dS)Nrrr)r	r
r?r@rr!rr>r>rc�%test_user2user_matching_sname_no_host�s
�z1KdcTgsTests.test_user2user_matching_sname_no_hostcCsH|��}|�|�}|��}|��}|jt|gd�}|j|||td�dS)Nrr)r	r
�_get_mach_credsr?r@rr!r)rSrTro�other_credsrXr*r>r>rc�test_user2user_wrong_sname�s
�

�z&KdcTgsTests.test_user2user_wrong_snamecCsZ|��}d|��}|j|jjd|id�}|�|�}|jtd|gd�}|j|||dd�dS)Nzhost/�spnr�r"rrr)�get_new_usernamer�r�r�r
r@rr!)rS�
other_namerrTror*r>r>rc�test_user2user_other_sname�s
�
�z&KdcTgsTests.test_user2user_other_snamecCs0|��}|�|�}|��}|j|||td�dS)Nr)r	r
r}r!r�rSrTror*r>r>rc�!test_user2user_wrong_sname_krbtgt�s


�z-KdcTgsTests.test_user2user_wrong_sname_krbtgtcC�,|��}|�|�}|j||dttfd�dS)NzOTHER.REALM)r�rU)r	r
r!rrrr>r>rc�test_user2user_wrong_srealm��

�
�z'KdcTgsTests.test_user2user_wrong_srealmcCs@|��}|�|�}|���d�}|�||�}|j||dd�dS)N�utf-8rr)r	r
rB�encode�_modify_tgtr!)rSrTror)r>r>rc� test_user2user_tgt_correct_realm�s

�z,KdcTgsTests.test_user2user_tgt_correct_realmcCs2|��}|�|�}|�|d�}|j||dd�dS)NsOTHER.REALMrr)r	r
r)r!rr>r>rc�test_user2user_tgt_wrong_realm�s

�z*KdcTgsTests.test_user2user_tgt_wrong_realmcCsV|��}|�|�}|��}|�d�}|jt|gd�}|j||d�}|j||dd�dS)Nr'r�r(rr)r	r
r?r(r@rr)r!�rSrTrorXr(r>r>rc� test_user2user_tgt_correct_cname�s

�z,KdcTgsTests.test_user2user_tgt_correct_cnamecCsz|��}|��}|�d|����}|j|jjd|id�}|�|�}|jt|�	d�gd�}|j
||d�}|j||dd�dS)	Nrr�r�r'rr,rr)r�r�domain_dns_namer�r�r�r
r@rr(r)r!)rSr�r r�rTror(r>r>rc�test_user2user_tgt_other_cname�s�

�z*KdcTgsTests.test_user2user_tgt_other_cnamecCs\|��}|�|�}|��}|�d�}|jtd|gd�}|j||d�}|j||tt	fd�dS)Nr'shostrr,r)
r	r
r?r(r@rr)r!rrr-r>r>rc�test_user2user_tgt_cname_host�s

��
�z)KdcTgsTests.test_user2user_tgt_cname_hostcCs:|��}|�|�}|jtddgd�}|j|||td�dS)Nr"�non_existent_userrr)r	r
r@rr!rr"r>r>rc�!test_user2user_non_existent_snames
�

�z-KdcTgsTests.test_user2user_non_existent_snamecCr$)NFr)r	r
r!rrrr>r>rc�test_user2user_no_snamer&z#KdcTgsTests.test_user2user_no_snamecCs<|��}|�|�}|��}|�||�}|j|ttfd�dS�Nr)r	r
r��get_service_ticketrrr�rSrTror��service_ticketr>r>rc�test_tgs_service_tickets

�z#KdcTgsTests.test_tgs_service_ticketcC�N|��}|�|�}|��}|�||�}|j||j|��d�}|j|td�dS�N)�	modify_fn�
checksum_keysr)	r	r
r�r6r��_modify_renewable�get_krbtgt_checksum_keyrrr7r>r>rc�test_renew_service_ticket'�
�
�z%KdcTgsTests.test_renew_service_ticketcCr:r;)	r	r
r�r6r��_modify_invalidr?rrr7r>r>rc�test_validate_service_ticket6rAz(KdcTgsTests.test_validate_service_ticketcC�>|��}|�|�}|��}|�||�}|j||ttfd�dSr5)r	r
r�r6rrrr7r>r>rc�test_s4u2self_service_ticketE�

�z(KdcTgsTests.test_s4u2self_service_ticketcCrDr5)r	r
r�r6r!rrr7r>r>rc�test_user2user_service_ticketOrFz)KdcTgsTests.test_user2user_service_ticketcCs:|��}|�|�}|��}|�||�}|j||td�dSr5)r	r
r�r6r#rr7r>r>rc�test_fast_service_ticketZs

�z$KdcTgsTests.test_fast_service_ticketcCs |��}|j|ddddd�dS�NT�r�rurvrw�r	r��rSrTr>r>rc�test_pac_attrs_noned�
�zKdcTgsTests.test_pac_attrs_nonecCs |��}|j|ddddd�dS)NFTrJrKrLr>r>rc�test_pac_attrs_falsekrNz KdcTgsTests.test_pac_attrs_falsecCs |��}|j|ddddd�dSrIrKrLr>r>rc�test_pac_attrs_truerrNzKdcTgsTests.test_pac_attrs_truecCsD|��}|j|ddddd�}|j|dd�}|j|dddddd�dS�NTrJrr�rUrurvrwrx�r	r�r)rrr>r>rc�test_pac_attrs_renew_noney��
�z%KdcTgsTests.test_pac_attrs_renew_nonecCsD|��}|j|ddddd�}|j|dd�}|j|dddddd�dS)NFTrJrrrRrSrr>r>rc�test_pac_attrs_renew_false�rUz&KdcTgsTests.test_pac_attrs_renew_falsecCsD|��}|j|ddddd�}|j|dd�}|j|dddddd�dSrQrSrr>r>rc�test_pac_attrs_renew_true�rUz%KdcTgsTests.test_pac_attrs_renew_truecCsJ|jddd�}|j|ddddd�}|j|ddd�}|j|ddddd�dS�NTr8rJ�r;rrF�rUrurvrxrSrr>r>rc�test_pac_attrs_rodc_renew_none����
�z*KdcTgsTests.test_pac_attrs_rodc_renew_nonecCsJ|jddd�}|j|ddddd�}|j|ddd�}|j|ddddd�dS)NTr8FrJrYrrZrSrr>r>rc�test_pac_attrs_rodc_renew_false�r\z+KdcTgsTests.test_pac_attrs_rodc_renew_falsecCsJ|jddd�}|j|ddddd�}|j|ddd�}|j|ddddd�dSrXrSrr>r>rc�test_pac_attrs_rodc_renew_true�r\z*KdcTgsTests.test_pac_attrs_rodc_renew_truecCsD|��}|j|ddddd�}|j|ddd�}|j|ddddd�dS�NTrJ�rr4rFrZrSrr>r>rc�!test_pac_attrs_missing_renew_none����
�z-KdcTgsTests.test_pac_attrs_missing_renew_nonecCsD|��}|j|ddddd�}|j|ddd�}|j|ddddd�dS)NFTrJr`rrZrSrr>r>rc�"test_pac_attrs_missing_renew_false�rbz.KdcTgsTests.test_pac_attrs_missing_renew_falsecCsD|��}|j|ddddd�}|j|ddd�}|j|ddddd�dSr_rSrr>r>rc�!test_pac_attrs_missing_renew_true�rbz-KdcTgsTests.test_pac_attrs_missing_renew_truecCsL|jddd�}|j|ddddd�}|j|dddd�}|j|ddddd�dS�NTr8rJ�r;rr4rFrZrSrr>r>rc�&test_pac_attrs_missing_rodc_renew_none�� ��
�
�z2KdcTgsTests.test_pac_attrs_missing_rodc_renew_nonecCsL|jddd�}|j|ddddd�}|j|dddd�}|j|ddddd�dS)NTr8FrJrfrrZrSrr>r>rc�'test_pac_attrs_missing_rodc_renew_falserhz3KdcTgsTests.test_pac_attrs_missing_rodc_renew_falsecCsL|jddd�}|j|ddddd�}|j|dddd�}|j|ddddd�dSrerSrr>r>rc�&test_pac_attrs_missing_rodc_renew_truerhz2KdcTgsTests.test_pac_attrs_missing_rodc_renew_truecCs2|��}|j|ddddd�}|j|dddd�dS�NTrJrFr5�r	r�rrr>r>rc�test_tgs_pac_attrs_none$��

�z#KdcTgsTests.test_tgs_pac_attrs_nonecCs2|��}|j|ddddd�}|j|dddd�dS)NFTrJrr5rlrr>r>rc�test_tgs_pac_attrs_false.rnz$KdcTgsTests.test_tgs_pac_attrs_falsecCs2|��}|j|ddddd�}|j|dddd�dSrkrlrr>r>rc�test_tgs_pac_attrs_true8rnz#KdcTgsTests.test_tgs_pac_attrs_truecCs8|��}|��}|�||���}|j|dd|dd�dS)NT�r�ruryrx)r	r�r�rr�)rSrTr�r�r>r>rc�test_as_requester_sidBs
�z!KdcTgsTests.test_as_requester_sidcCsJ|��}|��}|�||���}|j|dd|dd�}|j|dddd�dS)NTrqrF)rUrurx)r	r�r�rr�r�rSrTr�r�ror>r>rc�test_tgs_requester_sidMs�

�z"KdcTgsTests.test_tgs_requester_sidc	C�^|��}|��}|�||���}|j|dd|dd�}|j|dd�}|j|dddd|dd�dS)NTrqrr�rUrurvrwryrx�r	r�r�rr�r)rrsr>r>rc�test_tgs_requester_sid_renew[��

�z(KdcTgsTests.test_tgs_requester_sid_renewcC�d|jddd�}|��}|�||���}|j|dd|dd�}|j|ddd�}|j|ddd|dd�dS)NTr8rqrYrF�rUrurvryrxrwrsr>r>rc�!test_tgs_requester_sid_rodc_renewm� ��

�z-KdcTgsTests.test_tgs_requester_sid_rodc_renewcC�V|��}|��}|�||���}|j|dd|dd�}|j|ddd�}|j|td�dS)NTrq)rr1r�r	r�r�rr�r)rrrsr>r>rc�$test_tgs_requester_sid_missing_renew���z0KdcTgsTests.test_tgs_requester_sid_missing_renewcC�^|jddd�}|��}|�||���}|j|dd|dd�}|j|dddd�}|j|td�dS)NTr8rq)r;rr1rrrsr>r>rc�)test_tgs_requester_sid_missing_rodc_renew����
�z5KdcTgsTests.test_tgs_requester_sid_missing_rodc_renewc	Cru)NTrqrrrv�r	r�r�rr�r)rrsr>r>rc�test_tgs_requester_sid_validate�ryz+KdcTgsTests.test_tgs_requester_sid_validatecCrz)NTr8rq)r;rrFr{r�rsr>r>rc�$test_tgs_requester_sid_rodc_validate�r}z0KdcTgsTests.test_tgs_requester_sid_rodc_validatecCr~)NTrq)rr1r�r	r�r�rr�r)rrrsr>r>rc�'test_tgs_requester_sid_missing_validate�r�z3KdcTgsTests.test_tgs_requester_sid_missing_validatecCr�)NTr8rq)r;rr1rr�rsr>r>rc�,test_tgs_requester_sid_missing_rodc_validate�r�z8KdcTgsTests.test_tgs_requester_sid_missing_rodc_validatecCs>|��}|j|dd�}|j|ddd�}|�|�}|�|�dS�Nr�rT�rUru�r	r�rr�rJ�rSrTror~r�r>r>rc�test_tgs_pac_request_none��

z%KdcTgsTests.test_tgs_pac_request_nonecCsD|��}|j|ddd�}|j|ddd�}|j|dd�}|�|�dS)NFr�rr�r�)r	r�rr�r�r�r>r>rc�test_tgs_pac_request_false�s
z&KdcTgsTests.test_tgs_pac_request_falsecCs>|��}|j|dd�}|j|ddd�}|�|�}|�|�dS�NTr�rr�r�r�r>r>rc�test_tgs_pac_request_true�r�z%KdcTgsTests.test_tgs_pac_request_truecC�b|��}|j|dd�}|j|dd�}|j|dddddd�}|j|ddd�}|�|�}|�|�dS)Nr�TrrrRr��r	r�r)rrr�rJr�r>r>rc�test_renew_pac_request_none��
�
z'KdcTgsTests.test_renew_pac_request_nonecC�h|��}|j|ddd�}|j|dd�}|j|dddddd�}|j|ddd�}|j|dd�}|�|�dS)	NFr�TrrrRr�r�)r	r�r)rrr�r�r�r>r>rc�test_renew_pac_request_false�
�z(KdcTgsTests.test_renew_pac_request_falsecC�b|��}|j|dd�}|j|dd�}|j|dddddd�}|j|ddd�}|�|�}|�|�dS)NTr�rrrRr�r�r�r>r>rc�test_renew_pac_request_truer�z'KdcTgsTests.test_renew_pac_request_truecC�h|jddd�}|j|dd�}|j|ddd�}|j|ddddd�}|j|ddd�}|�|�}|�|�dS�	NTr8r�r�rFrZr�r�r�r>r>rc� test_rodc_renew_pac_request_none)��
�
z,KdcTgsTests.test_rodc_renew_pac_request_nonecC�j|jddd�}|j|ddd�}|j|ddd�}|j|ddddd�}|j|ddd�}|�|�}|�|�dS)	NTr8Fr�r�rrZr�r�r�r>r>rc�!test_rodc_renew_pac_request_false8��
�
z-KdcTgsTests.test_rodc_renew_pac_request_falsecC�h|jddd�}|j|dd�}|j|ddd�}|j|ddddd�}|j|ddd�}|�|�}|�|�dSr�r�r�r>r>rc� test_rodc_renew_pac_request_trueGr�z,KdcTgsTests.test_rodc_renew_pac_request_truecCr�)Nr�TrrrRr��r	r�r)rrr�rJr�r>r>rc�test_validate_pac_request_noneVr�z*KdcTgsTests.test_validate_pac_request_nonecCr�)	NFr�TrrrRr�r�)r	r�r)rrr�r�r�r>r>rc�test_validate_pac_request_falseer�z+KdcTgsTests.test_validate_pac_request_falsecCr�)NTr�rrrRr�r�r�r>r>rc�test_validate_pac_request_truetr�z*KdcTgsTests.test_validate_pac_request_truecCr��	NTr8r�r�rFrZr�r�r�r>r>rc�#test_rodc_validate_pac_request_none�r�z/KdcTgsTests.test_rodc_validate_pac_request_nonecCr�)	NTr8Fr�r�rrZr�r�r�r>r>rc�$test_rodc_validate_pac_request_false�r�z0KdcTgsTests.test_rodc_validate_pac_request_falsecCr�r�r�r�r>r>rc�#test_rodc_validate_pac_request_true�r�z/KdcTgsTests.test_rodc_validate_pac_request_truecC�@|��}|j|dd�}|j||ddd�}|�|�}|�|�dSr��r	r�rr�rJr�r>r>rc�test_s4u2self_pac_request_none��

z*KdcTgsTests.test_s4u2self_pac_request_nonecCsB|��}|j|ddd�}|j||ddd�}|�|�}|�|�dS)NFr�rTr�r�r�r>r>rc�test_s4u2self_pac_request_false�s

z+KdcTgsTests.test_s4u2self_pac_request_falsecC�@|��}|j|dd�}|j||ddd�}|�|�}|�|�dSr�r�r�r>r>rc�test_s4u2self_pac_request_true�r�z*KdcTgsTests.test_s4u2self_pac_request_truecCr�r��r	r�r!r�rJr�r>r>rc�test_user2user_pac_request_none�r�z+KdcTgsTests.test_user2user_pac_request_nonecCsF|��}|j|ddd�}|j||ddd�}|j|dd�}|�|�dS)NFr�rTr�r�r�r�r>r>rc� test_user2user_pac_request_false�s
�z,KdcTgsTests.test_user2user_pac_request_falsecCr�r�r�r�r>r>rc�test_user2user_pac_request_true�r�z+KdcTgsTests.test_user2user_pac_request_truecCsT|��}|�|�}|��}|j|dd�}|j||d|dd�}|�|�}|�|�dS)Nr�rT�rU�user_tgtru�r	r�rr!r�rJ�rSrTro�
user_credsr�r~r�r>r>rc�$test_user2user_user_pac_request_none��

�
z0KdcTgsTests.test_user2user_user_pac_request_nonecCsZ|��}|�|�}|��}|j|ddd�}|j||d|dd�}|j|dd�}|�|�dS)NFr�rr�r�)r	r�rr!r�r�r�r>r>rc�%test_user2user_user_pac_request_false�s

�z1KdcTgsTests.test_user2user_user_pac_request_falsecCsT|��}|�|�}|��}|j|dd�}|j||d|dd�}|�|�}|�|�dS)NTr�rr�r�r�r>r>rc�$test_user2user_user_pac_request_true	r�z0KdcTgsTests.test_user2user_user_pac_request_truecCr�r��r	r�r#r�rJr�r>r>rc�test_fast_pac_request_none	r�z&KdcTgsTests.test_fast_pac_request_nonecCsD|��}|j|dd�}|j||ddd�}|j|dd�}|�|�dS)NFr�rTr�r�r�r�r>r>rc�test_fast_pac_request_false	s
�z'KdcTgsTests.test_fast_pac_request_falsecCr�r�r�r�r>r>rc�test_fast_pac_request_true!	r�z&KdcTgsTests.test_fast_pac_request_truecCsR|jddd�}|j|dd�}|j|dd�}|j|ddd�}|�|�}|�|�dS�NTr8r�r�rr��r	r�r)rr�rJr�r>r>rc�test_tgs_rodc_pac_request_none*	��
z*KdcTgsTests.test_tgs_rodc_pac_request_nonecCsT|jddd�}|j|ddd�}|j|dd�}|j|ddd�}|�|�}|�|�dS)NTr8Fr�r�rr�r�r�r>r>rc�test_tgs_rodc_pac_request_false5	s�
z+KdcTgsTests.test_tgs_rodc_pac_request_falsecCsR|jddd�}|j|dd�}|j|dd�}|j|ddd�}|�|�}|�|�dSr�r�r�r>r>rc�test_tgs_rodc_pac_request_true@	r�z*KdcTgsTests.test_tgs_rodc_pac_request_truecCsn|j|jjdd�}|�|�}|��}|��}t�|���}t�	|tj
d�|d<|�|�|j|t
tfd�dS)NF)r��	use_cache�sAMAccountNamer)r�r�r�r�rr��ldb�Messager�MessageElement�FLAG_MOD_REPLACE�modifyrrr)rSrTro�new_namer��msgr>r>rc�test_tgs_renameK	s
�
�
�zKdcTgsTests.test_tgs_renamecCs0|��}|�|�}|��}|j|d|dd�dS)Nr�99990913024805Z)rorUrVr+)r	r
r�r�)rSrTrorVr>r>rc�test_tgs_req_future_till^	s

�z$KdcTgsTests.test_tgs_req_future_tillcC�(|j|ddd�}|jdd�}||d<|S)NrT��valuei@~r$z
renew-till��modify_ticket_flagrD)rSr��
renew_tillr>r>rcr>i	�zKdcTgsTests._modify_renewablecCr�)NrTr�i����r$�	starttimer�)rSr��	past_timer>r>rcrBs	r�zKdcTgsTests._modify_invalidFNTcCsJ|�|o|�|r|�|�|�|�}|j|||||||||	|
|||
d�
S)N)
rorrr;r]r@rQryr~r4r1r'�cksum_etype)�assertFalser�r�r))rSr�rrr;r]r@rQryr~r4r1r'r�ror>r>rcr
}	s&

�zKdcTgsTests._get_tgtc
s�|r�	��}n�	��}�dus�s�r������	fdd��nd��	�||�}|r,d}n||kr3|}n�	�||�}tj|i}|rD�	j�n|rJ�	j�nd��dusT�dur]���fdd�}n�}�durk��fdd�}n�}�	j||||||||d�S)Ncs�|j}|D]`}|jtjkr�dur�r|jj}�|jj_q|jtjkrQ�r2|j	d8_	|�
|�q�durP�rP|j}���}|��}|�d���}t
�|�|_q|jtjkre�re|j	d8_	|�
|�q||_|S)N��-)�buffers�typer�PAC_TYPE_LOGON_INFO�info�info3�base�rid�PAC_TYPE_REQUESTER_SID�num_buffers�remover��get_domain_sidr�dom_sidr��PAC_TYPE_ATTRIBUTES_INFO)r��pac_buffers�
pac_buffer�
logon_info�
requester_sidr��
domain_sid�new_sid)ryr~r]r4r1rSr>rc�
change_sid_fn�	s2
��
�z.KdcTgsTests._modify_tgt.<locals>.change_sid_fncs4�dur�|�}�dur�|d<�dur�|d<|S)Nr(r�r>)r�)r(r��flags_modify_fnr>rcr<�	sz*KdcTgsTests._modify_tgt.<locals>.modify_fncsF�dur�|�}|jD]}|jtjkr |j}�dd�d�|_q|S)Nzname-stringrr')r�r�r�PAC_TYPE_LOGON_NAMEr��decoder�)r�r�r�)r�r(r>rc�
modify_pac_fn�	s
��z.KdcTgsTests._modify_tgt.<locals>.modify_pac_fn)�new_ticket_keyr<r�r�rQ�update_pac_checksumsr=)�get_mock_rodc_krbtgt_creds�get_krbtgt_credsrEr�PAC_TYPE_KDC_CHECKSUMr>rBr�)rSrorrr;r]r@rQr(r�ryr~r4r1r'r��krbtgt_creds�
krbtgt_keyr=�	cksum_keyr<r�r>)
ryr~r�r(r�r�r]r4r1rSrcr)�	sN
���
�zKdcTgsTests._modify_tgtcsz|���|���t���j�����fdd�}|�|��jtj@}t�	�}�|_
t�t|�tj
d�|d<��|�dS)Ncs6t��}�|_t�t�j�tjd�|d<��|�dS)N�userAccountControl)r�r�r�r�r�rr�r��r���rodc_ctx�rodc_dnr�r>rc�add_rodc_partial_secrets
s�zJKdcTgsTests._remove_rodc_partial_secrets.<locals>.add_rodc_partial_secretsr)r��get_mock_rodc_ctxr��Dn�acct_dn�
addCleanuprr�UF_PARTIAL_SECRETS_ACCOUNTr�r�r�r�r�r�)rSr
�uacr�r>rrcr�
s
	�z(KdcTgsTests._remove_rodc_partial_secretscsh|���|���t���j�����fdd�}|�|�t��}�|_t�gtj	d�|d<��
|�dS)Ncs2t��}�|_t��jtjd�|d<��|�dS)N�msDS-KrbTgtLink)r�r�r�r��
new_krbtgt_dn�FLAG_MOD_ADDr�rrr>rc�add_rodc_krbtgt_link7
s�zBKdcTgsTests._remove_rodc_krbtgt_link.<locals>.add_rodc_krbtgt_linkr)r�rr�rr
rr�r�r��FLAG_MOD_DELETEr�)rSrr�r>rrcr�1
s
	�z$KdcTgsTests._remove_rodc_krbtgt_linkcCs|j|jj|||dd�d�S)Nr��allowed_replication_mock�denied_replication_mock�revealed_to_mock_rodc�idr��r�r�r�)rSr9r�r:r>r>rcr	J
s��zKdcTgsTests._get_credsc	CsP|j|jj|||dd�d�}|��}|��}|�||�}t|�dd�d�}|S)Nr�rr�r�)r�r�r�r�rr��int�rsplit)	rSr9r�r:rr��other_dn�	other_sid�	other_ridr>r>rcr_W
s��	zKdcTgsTests._get_existing_ridcCs|j|jjddddd�d�S)NTF�rr�rr�r>r>rcrm
s��zKdcTgsTests._get_mach_credscCsdS)Ni���?r>r�r>r>rcr�w
sz!KdcTgsTests._get_non_existent_ridc
Cs&|��}
|j|||
|||||||	d�
S)N)rurvrwrxryr<rn)r�r�)rSrorUrurvrwrxryr<rnrVr>r>rcrz
s�zKdcTgsTests._run_tgsc
C�2|��}tt�d��}	|j||||	|||||d�	S)N�renew�r6rurvrwrxry�rr�rGrHr��
rSrorUrurvrwrxryrr6r>r>rcr�
s�zKdcTgsTests._renew_tgtc
Cr")N�validater$r%r&r>r>rcr�
s�zKdcTgsTests._validate_tgtc
sV���}|��}�jt|gd��|�������fdd�}	�j�||�|	d|||d�	S)Nrcs�j���jdd�}|g|fS)N)�namer)�tgt_session_key�ctype)�PA_S4U2Self_creater)�_kdc_exchange_dict�_callback_dict�req_bodyr5�rSro�
user_cname�
user_realmr>rc�generate_s4u2self_padata�
s�
z7KdcTgsTests._s4u2self.<locals>.generate_s4u2self_padataF)r/rhrzr<rnru)rr?r@rrBr�)
rSro�	tgt_credsrUrur<rnr�rXr2r>r/rcr�
s�
�zKdcTgsTests._s4u2selfc	CsD|dur
|��}	|�|	�}tt�d��}
|j||||
|||||d�	S)Nzenc-tkt-in-skey)r6r�r*r�rurn)rr�r�rGrHr�)rSror3rUr*r�r�rurnr�r6r>r>rcr!�
s

�zKdcTgsTests._user2userc
	Cs2|��}|�|�}|��}	|j|||	||||d�S)N)rqr1rur<)rr�r�r�)
rSrq�armor_tgt_credsrUr1rur<r�r�rVr>r>rcr#�
s

�zKdcTgsTests._fast)FFFNFFTTFFNN)FFFNFFNNTTFFNN)FFF)TNNNNFN)TNNNN)TFN)NNNTN)NTF)�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r
rrrr"r$r'r*r,r/r3r6r<r=rArDrGrJrLrNrRrTrVrWrXrYrbrgrkrnrqrurzr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrrr	rrrrrrrrrr!r#r%r*r+r.r0r1r3r4r9r@rCrErGrHrMrOrPrTrVrWr[r]r^rarcrdrgrirjrmrorprrrtrxr|r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r>rBr
r)r�r�r	r_rr�rrrrr!r#�
__classcell__r>r>r�rcr�5s 5)H

			
			


				


	
	







							
	


	
	
�&�u��
������r��__main__)2�sys�osr��sambarr�samba.dcerpcrr�path�insert�environ�samba.tests.krb5.kcrypto�tests�krb5r��samba.tests.krb5.kdc_base_testr�samba.tests.krb5.raw_testcaser	�"samba.tests.krb5.rfc4120_constantsr
rrr
rrrrrrrrrrrrrrr�samba.tests.krb5.rfc4120_pyasn1�rfc4120_pyasn1rGr�r�rr�r��unittest�mainr>r>r>rc�<module>sT
TwB�