HEX

File: //usr/lib/python3/dist-packages/samba/tests/krb5/__pycache__/raw_testcase.cpython-310.pyc
o

eF�c��@s�ddlZddlZddlZddlZddlZddlZddlZddlZddlZddl	m
Z
ddlmZ
ddlmZddlmZddlmZddlmZddlmZddlmZddlmZmZdd	lmZdd
l m!Z!m"Z"ddl#m$Z$m%Z%ddl&Z'ddl&m(Z(ddl)m*m+m,Z-dd
l.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJmKZKmLZLmMZMmNZNmOZOmPZPmQZQmRZRmSZSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_m`Z`maZaddlbm*m+mcZcdd�Zdede_ed"dd�Zfe-jgjhe-ji_je-jgjhe-ji_hefe-ji_ke-jljhe-jm_je-jljhe-jm_hefe-jm_ke-jnjhe-jo_je-jnjhe-jo_hefe-jo_ke-jpjhe-jq_je-jpjhe-jq_hefe-jq_kd"dd�Zre-jsjhe-jt_jere-jt_ke-jujhe-jv_jere-jv_ke-jwjhe-jx_jere-jx_ke-jyjhe-jz_jere-jz_ke-j{jhe-j|_jere-j|_ke-j}jhe-j~_jere-j~_kGdd�d�ZGdd�de�Z�Gdd�de��Z�Gdd�de��Z�Gdd�de�Z�Gdd�d�Z�Gd d!�d!e(�Z�dS)#�N)�Enum)�decode)�encode)�BitStringEncoder)�PyAsn1Error)�Credentials)�krb5pac�security)�FEATURE_SEAL)�ndr_pack�
ndr_unpack)�SEC_CHAN_WKSTA�SEC_CHAN_BDC)�TestCaseInTempDir)3�AD_IF_RELEVANT�AD_WIN2K_PAC�FX_FAST_ARMOR_AP_REQUEST�KDC_ERR_GENERIC�KDC_ERR_PREAUTH_FAILED�%KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS�KERB_ERR_TYPE_EXTENDED�
KRB_AP_REP�
KRB_AP_REQ�
KRB_AS_REP�
KRB_AS_REQ�	KRB_ERROR�KRB_PRIV�KRB_TGS_REP�KRB_TGS_REQ�KU_AP_REQ_AUTH�KU_AS_REP_ENC_PART�KU_AP_REQ_ENC_PART�	KU_AS_REQ�KU_ENC_CHALLENGE_KDC�KU_FAST_ENC�KU_FAST_FINISHED�KU_FAST_REP�KU_FAST_REQ_CHKSUM�KU_KRB_PRIV�KU_NON_KERB_CKSUM_SALT�KU_TGS_REP_ENC_PART_SESSION�KU_TGS_REP_ENC_PART_SUB_KEY�KU_TGS_REQ_AUTH�KU_TGS_REQ_AUTH_CKSUM�KU_TGS_REQ_AUTH_DAT_SESSION�KU_TGS_REQ_AUTH_DAT_SUBKEY�	KU_TICKET�NT_PRINCIPAL�NT_SRV_INST�NT_WELLKNOWN�PADATA_ENCRYPTED_CHALLENGE�PADATA_ENC_TIMESTAMP�PADATA_ETYPE_INFO�PADATA_ETYPE_INFO2�PADATA_FOR_USER�PADATA_FX_COOKIE�PADATA_FX_ERROR�PADATA_FX_FAST�PADATA_KDC_REQ�PADATA_PAC_OPTIONS�PADATA_PAC_REQUEST�PADATA_PK_AS_REQ�PADATA_PK_AS_REP_19�PADATA_REQ_ENC_PA_REP�PADATA_SUPPORTED_ETYPEScKsx|dur	|�|�}t|�}|dr|d|d>}n|}|��}t|�}|dkr-d|}	nd}	d|d|	}
|
ddfS)N��r�FT)�clone�len�asOctets)�self�value�asn1Spec�	encodeFun�options�valueLength�alignedValue�	substrate�length�padding�ret�rT�?/usr/lib/python3/dist-packages/samba/tests/krb5/raw_testcase.py�BitStringEncoder_encodeValue32ms


rVc
Cs�d|��}g}d}|��D]}dD]}d|>}||@rd}nd}|�|�qqt|�|kr=tt|�|�D]}	|�d�q5d|}
d|
}t|�D](}	|	|jvrV|j|	}n||	dkrad|	}nqI|d	||||	f7}d
|
}qI|d|
7}|S)N�%s� )���rD���rr^r� z: (
%s zunknown-bit-%uz%s%s:%uz,
%s z
%s))�asBinary�	asNumbers�appendrG�range�prettyPrintNamedValues)
rI�scoperS�bits�highest_bit�byte�bit�mask�val�bitPosition�indent�delim�namerTrTrU�!BitString_NamedValues_prettyPrint�s4�


rpcCs4t|�}||jvr|j|}nd}d|||f}|S)Nz
<__unknown__>z%d (0x%x) %s)�intrd)rIre�intvalrorSrTrTrU�Integer_NamedValues_prettyPrint�s
rsc@sHeZdZdd�Zdd�Zdd�Zddd	�Zdd
d�Zdd
�Zdd�Z	dS)�Krb5EncryptionKeycCsLtjjtjjtjjtjjtjjtjji}||_	|j
|_||j|_||_
dS�N)�kcrypto�Enctype�AES256�	Cksumtype�SHA1_AES256�AES128�SHA1_AES128�RC4�HMAC_MD5�key�enctype�etype�ctype�kvno)rIrr��EncTypeChecksumrTrTrU�__init__�s�
zKrb5EncryptionKey.__init__cC�t�|j||�}|Sru)rv�encryptr)rI�usage�	plaintext�
ciphertextrTrTrUr���zKrb5EncryptionKey.encryptcCr�ru)rv�decryptr)rIr�r�r�rTrTrUr��r�zKrb5EncryptionKey.decryptNcCs |dur|j}t�|�}t|�Sru)r�rv�checksum_len�bytes)rIr�r�rTrTrU�make_zeroed_checksum�s
z&Krb5EncryptionKey.make_zeroed_checksumcCs$|dur|j}t�||j||�}|Sru)r�rv�
make_checksumr�rIr�r�r��cksumrTrTrUr�szKrb5EncryptionKey.make_checksumcCs:|j|krtd|j�d|�d���t�||j|||�dS)Nzkey checksum type (z) != checksum type (�))r��AssertionErrorrv�verify_checksumrr�rTrTrUr�s

��z!Krb5EncryptionKey.verify_checksumcCs|j|jjd�}|S)N)�keytype�keyvalue)r�r�contents�rI�EncryptionKey_objrTrTrU�
export_objs�zKrb5EncryptionKey.export_objru)
�__name__�
__module__�__qualname__r�r�r�r�r�r�r�rTrTrTrUrt�s

rtcsFeZdZd
�fdd�	Zd
�fdd�	Zd
�fdd�	Z�fdd	�Z�ZS)�RodcPacEncryptionKeyNcsbt��||�|dur|j}|dur|dL}|dM}|pd}|dur,|jddd�|_dSd|_dS)N��r]�little��	byteorder�)�superr�r��to_bytes�rodc_id)rIrr�r���	__class__rTrUr�s
zRodcPacEncryptionKey.__init__cst��|�}|tt|j��Sru)r�r�r�rGr�)rIr��checksumr�rTrU�make_rodc_zeroed_checksum,sz.RodcPacEncryptionKey.make_rodc_zeroed_checksumcst��|||�}||jSru)r�r�r��rIr�r�r�r�r�rTrU�make_rodc_checksum0s
z'RodcPacEncryptionKey.make_rodc_checksumcs\|jr#|dd�|dd�}}|j|kr#t|j���d|������t��||||�dS)N���z != )r�r��hexr�r�)rIr�r�r�r��
cksum_rodc_idr�rTrU�verify_rodc_checksum4s
��z)RodcPacEncryptionKey.verify_rodc_checksumru)r�r�r�r�r�r�r��
__classcell__rTrTr�rUr�s
r�c@s eZdZddd�Zddd�ZdS)�ZeroedChecksumKeyNcC�
|�|�Sru)r��rIr�r�r�rTrTrUr�C�
zZeroedChecksumKey.make_checksumcCr�ru)r�r�rTrTrUr�Fr�z$ZeroedChecksumKey.make_rodc_checksumru)r�r�r�r�r�rTrTrTrUr�Bs
r�csXeZdZ�fdd�Zedd��Zddd�Zd�fdd	�	Zdd
d�Zd�fdd
�	Z	�Z
S)�WrongLengthChecksumKeycst��||�||_dSru)r�r��_length)rIrr�rQr�rTrUr�Ks
zWrongLengthChecksumKey.__init__cCs<|t|�}|dkr|t|�7}|S|dkr|d|�}|S�Nr)rGr�)�clsr�rQ�diffrTrTrU�_adjust_to_lengthPs�z(WrongLengthChecksumKey._adjust_to_lengthNcC�
t|j�Sru�r�r��rIr�rTrTrUr�Zr�z+WrongLengthChecksumKey.make_zeroed_checksumc�t��|||�}|�||j�Sru)r�r�r�r�r�r�rTrUr�]�z$WrongLengthChecksumKey.make_checksumcCr�rur�r�rTrTrUr�ar�z0WrongLengthChecksumKey.make_rodc_zeroed_checksumcr�ru)r�r�r�r�r�r�rTrUr�dr�z)WrongLengthChecksumKey.make_rodc_checksumru)r�r�r�r��classmethodr�r�r�r�r�r�rTrTr�rUr�Js

	
r�cs<eZdZejejBejBZeejBej	BZ
�fdd�Zdd�Zdd�Z
dd�Ze�ejjejfejjejfejjejfejjejfejjejfg�Zed	d
��Zedd��Z d
d�Z!dd�Z"dd�Z#dd�Z$dd�Z%dd�Z&dd�Z'dd�Z(dd�Z)dd �Z*d!d"�Z+d#d$�Z,d%d&�Z-d'd(�Z.d)d*�Z/d+d,�Z0d-d.�Z1�Z2S)/�KerberosCredentialscsjtt|���d}|tjO}|tjO}|tjO}||_||_||_	d|_
i|_d|_d|_
d|_d|_dSr�)r�r�r�r	�KERB_ENCTYPE_RC4_HMAC_MD5�$KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96�$KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96�as_supported_enctypes�tgs_supported_enctypes�ap_supported_enctypesr��forced_keys�forced_salt�dn�upn�spn)rI�
all_enc_typesr�rTrUr�ss



zKerberosCredentials.__init__cC�t|�|_dSru)rqr��rIrJrTrTrU�set_as_supported_enctypes��z-KerberosCredentials.set_as_supported_enctypescCr�ru)rqr�r�rTrTrU�set_tgs_supported_enctypes�r�z.KerberosCredentials.set_tgs_supported_enctypescCr�ru)rqr�r�rTrTrU�set_ap_supported_enctypes�r�z-KerberosCredentials.set_ap_supported_enctypescCs:d}|D]}|j|}||@rtd|����||O}q|S)NrzGot duplicate etype: )�	etype_map�
ValueError)r��etypesrfr�rirTrTrU�etypes_to_bits�s

z"KerberosCredentials.etypes_to_bitscCsZd}|j��D]\}}||@r||M}||f7}q||jM}|dkr+td|����|S)NrTrzUnsupported etype bits: )r��items�non_etype_bitsr�)r�rfr�r�rirTrTrU�bits_to_etypes�s

�z"KerberosCredentials.bits_to_etypescC�|�|j�Sru)r�r��rIrTrTrU�get_as_krb5_etypes��z&KerberosCredentials.get_as_krb5_etypescCr�ru)r�r�r�rTrTrU�get_tgs_krb5_etypes�r�z'KerberosCredentials.get_tgs_krb5_etypescCr�ru)r�r�r�rTrTrU�get_ap_krb5_etypes�r�z&KerberosCredentials.get_ap_krb5_etypescCs|d@r|dO}||_dS)N����r�)rIr�rTrTrU�set_kvno�s
zKerberosCredentials.set_kvnocC�|jSrur�r�rTrTrU�get_kvno��zKerberosCredentials.get_kvnocCs4t|�}t�|�}t�||�}t||j�|j|<dSru)rq�binascii�a2b_hexrv�Keyr�r�r�)rIr��hexkeyr�rrTrTrU�set_forced_key�s
z"KerberosCredentials.set_forced_keycCst|�}|j�|�Sru)rqr��get)rIr�rTrTrU�get_forced_key�sz"KerberosCredentials.get_forced_keycCr�ru)r�r�)rI�saltrTrTrU�set_forced_salt�r�z#KerberosCredentials.set_forced_saltcCr�ru)r�r�rTrTrU�get_forced_salt�r�z#KerberosCredentials.get_forced_saltcCs�|jdur|jS|��}|dur|�dd�d�dd�}n|��}|��}|ttfvrM|����}|ddkr=|dd�}d|�	��
�||�	���f}n|�	��
�|}|�d	�S)
N�@r^r�/�����$z%shost%s.%s�utf-8)r��get_upn�rsplit�replace�get_username�get_secure_channel_typer
r�lower�	get_realm�upperr)rIr��	salt_name�secure_schannel_type�salt_stringrTrTrU�get_salt�s$


�
zKerberosCredentials.get_saltcC�
||_dSru�r�)rIr�rTrTrU�set_dn�r�zKerberosCredentials.set_dncCr�rurr�rTrTrU�get_dn�r�zKerberosCredentials.get_dncCrru�r�)rIr�rTrTrU�set_spn�r�zKerberosCredentials.set_spncCr�rurr�rTrTrU�get_spn�r�zKerberosCredentials.get_spncCrru�r�)rIr�rTrTrU�set_upn�r�zKerberosCredentials.set_upncCr�rurr�rTrTrUr��r�zKerberosCredentials.get_upncCs |�|�|�|��d�dS�Nr^)�set_passwordr�r�)rI�passwordrTrTrU�update_passwords
z#KerberosCredentials.update_password)3r�r�r�r	�KERB_ENCTYPE_FAST_SUPPORTED�(KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED�KERB_ENCTYPE_CLAIMS_SUPPORTED�fast_supported_bits�.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED�'KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SKr�r�r�r�r��collections�OrderedDictrvrwrxr�r{r�r}r��DES_MD5�KERB_ENCTYPE_DES_CBC_MD5�DES_CRC�KERB_ENCTYPE_DES_CBC_CRCr�r�r�r�r�r�r�r�r�r�r�r�r�rr	r
rr
rr�rr�rTrTr�rUr�isj����������



r�c@s(eZdZ					ddd�Zdd�ZdS)�KerberosTicketCredsNc

Cs:||_||_||_||_||_||_||_||_|	|_dSru)	�ticket�session_key�crealm�cname�srealm�sname�decryption_key�ticket_private�encpart_private)
rIr!r"r#r$r%r&r'r(r)rTrTrUr�s
zKerberosTicketCreds.__init__cCs||jd<||_dS�Nr&)r!r&)rIr&rTrTrU�	set_sname�

zKerberosTicketCreds.set_sname)NNNNNNN)r�r�r�r�r+rTrTrTrUr s
�r c0s�eZdZdZGdd�de�Zejejej	ej
hZddd�ej
jdd�ej
jdd�ej
jd	d�fZe�Zd
Zedd��Zed
d��Zdd�Ze�fdd��Z�fdd�Z�fdd�Zdd�Zd�dd�Zd�dd�Z		
d�dd �Z		
		
d�d!d"�Z 		
		
	d�d#d$�Z!	
	�dd%d&�Z"	
	�dd'd(�Z#	
	�dd)d*�Z$	
	�dd+d,�Z%	
	�dd-d.�Z&		
d�d/d0�Z'		
d�d1d2�Z(d3d4�Z)d�d5d6�Z*d�d7d8�Z+				�dd9d:�Z,				�dd;d<�Z-�dd=d>�Z.d�d?d@�Z/�ddBdC�Z0�ddDdE�Z1�ddFdG�Z2�ddHdI�Z3dJdK�Z4dLdM�Z5				
�ddNdO�Z6dPdQ�Z7dRdS�Z8dTdU�Z9dVdW�Z:�ddXdY�Z;dZd[�Z<d\d]�Z=d^d_�Z>d`da�Z?dbdc�Z@ddde�ZAdddf�dgdh�ZB�ddidj�ZC�ddkdl�ZDdmdn�ZEdodp�ZFdqdr�ZGd�dsdt�ZH		�ddudv�ZId�dwdx�ZJd�dydz�ZKd{d|�ZLd}d~�ZMdd��ZNd�d�d��ZOed�d���ZPd�d��ZQd�d��ZRd�d��ZSd�d��ZTd�d��ZUd�d��ZVd�d��ZWd�d��ZX�dd�d��ZYd�d��ZZ		�dd�d��Z[			�dd�d��Z\			�d	d�d��Z]d�d��Z^d�d��Z_					�d
d�d��Z`d�d�d��Za		�dd�d��Zb				�dd�d��Zcd�d��Zdd�d��Ze				�dd�d��Zf												�d
d�d��Zgddd
ddddddddddddddehdddddd�dddddddddd�ddddddddddddd
f/d�d��Ziddd
ddddddddddddddehddddd�dddddddddd�ddddddddddddddd
f0d�d��Zjd�d��Zk	
	�dd�d��Zld�d��Zmd�d��Zn	
�dd�dZod�dĄZp	��dd�dƄZq		�dd�dȄZrd�dʄZsd�d̄Ztd�d΄Zud�dЄZvd�d҄Zwd�dԄZxd�dքZy			�dd�d؄Zzdddd
d
ddddٜd�dۄZ{	d�d�d݄Z|		
d�d�d߄Z}�dd�d�Z~�dd�d�Zd�d�Z�d�d�Z�d�d�Z�d�d�Z�d�d�Z�d�d�Z�d�d�Z�d�d�Z�d�d��Z�d�d��Z�d�d��Z�																	
�dd�d��Z��Z�S(�RawKerberosTestzA raw Kerberos Test case.c@seZdZe�Ze�ZdS)zRawKerberosTest.KpasswdModeN)r�r�r��object�SET�CHANGErTrTrTrU�KpasswdMode s
r1i�����dummy)rJro�aes128�aes256�rc4FcCs�|jrdSg}t|j�}g}td|d�D]}tt�t|�|��}|D]}t|�}|�|�q#q|D]3}d}	d}
|D] }|j|d}|	durJ|}	n|	d|7}	|
|j|df7}
q:|	|
d�}
|�|
�q2||_d|_dS)Nr^rTroz_%srJ)ror�T)	�"setup_etype_test_permutations_donerG�etypes_to_testrc�list�	itertools�permutationsrb�etype_test_permutations)r��res�num_idxsr:�num�chunk�e�el�pror��idx�n�rrTrTrU�setup_etype_test_permutations4s0
�

z-RawKerberosTest.setup_etype_test_permutationscCs>|��g}d}|jD]}|d|f}|d7}|�|�q|S)Nrror^)rFr;rb)r�r<rCr@rErTrTrU�etype_test_permutation_name_idxTs
z/RawKerberosTest.etype_test_permutation_name_idxcCs|j|}|d|dfS)Nror�)r;)rIrCr@rTrTrU�etype_test_permutation_by_idx_s
z-RawKerberosTest.etype_test_permutation_by_idxc
s�t���tj�d�|_tj�d�|_i|_tjjddd�}|dur$d}tt	|��|_
tjjddd�}|dur9d}tt	|��|_tjjddd�}|durNd}tt	|��|_tjjd	dd�}|durcd}tt	|��|_
tjjd
dd�}|durxd}tt	|��|_tjjddd�}|dur�d}tt	|��|_tjjd
dd�}|dur�d}tt	|��|_tjjddd�}|dur�t	|�}||_tjjddd�}	|	dur�d}	tt	|	��|_dS)N�SERVER�	DC_SERVER�FAST_SUPPORTT��
allow_missing�0�CLAIMS_SUPPORT�COMPOUND_ID_SUPPORT�TKT_SIG_SUPPORT�FULL_SIG_SUPPORT�
EXPECT_PAC�1�EXPECT_EXTRA_PAC_BUFFERS�DEFAULT_ETYPES�
FORCED_RC4)r��
setUpClass�samba�tests�env_get_var_value�host�dc_host�
creds_dict�boolrq�kdc_fast_support�kdc_claims_support�kdc_compound_id_support�tkt_sig_support�full_sig_support�
expect_pac�expect_extra_pac_buffers�default_etypes�
forced_rc4)
r�r`rarbrcrdrerfrgrhr�rTrUrXcsx
���������zRawKerberosTest.setUpClasscsRt���d|_d|_tjjddd�}|durd}tt|��|_	d|_
t�|_dS)NF�STRICT_CHECKINGTrLrT)
r��setUp�
do_asn1_print�
do_hexdumprYrZr[r_rq�strict_checking�sr.�unspecified_kvno)rIrmr�rTrUrj�s
�zRawKerberosTest.setUpcs|�d�t���dS)N�tearDown)�_disconnectr�rpr�r�rTrUrp�s
zRawKerberosTest.tearDowncCs<|jdurdS|j��d|_|jrtj�d|�dSdS)Nzdisconnect[%s]
)rn�closerl�sys�stderr�write)rI�reasonrTrTrUrq�s

�zRawKerberosTest._disconnectNcCs�|durd}z9t�||tjtjtjd�|_t�|jdd|jdd|jdd�|_|j�d�|j�|jdd�WdStj	yM|j�
��tyY|j�
��w)N�Xrr^r]�
rD)�socket�getaddrinfo�	AF_UNSPEC�SOCK_STREAM�SOL_TCP�arn�
settimeout�connect�errorrr�IOError�rIr\�portrTrTrU�_connect_tcp�s"�.

�zRawKerberosTest._connect_tcpcCs2|��|�||�|jrtj�d|�dSdS)Nzconnected[%s]
)�assertNotConnectedr�rlrsrtrur�rTrTrUr��s
�zRawKerberosTest.connectTcCsRd}|dur|p	|}tjjd||f|d�}nd}|dur'|r'tjj||d�}|S)Nz%s_%srLT)rYrZr[)rI�varname�prefix�fallback_defaultrMrk�allow_missing_prefixrTrTrU�env_get_var�s
��zRawKerberosTest.env_get_varcCs�t�}|��|�d|�}|�d|�}|du}	|jd|d|	d�}
|
dur&|}
|jd|d|d�}|�|�|�|�|�|
�|durG|�|�|jd|dd	�}|durX|�|�|jd
|dd	�}
|
duri|�|
�|jd|dd	�}|durz|�	|�|r�d}|dur�d}nd}n|}|}|jd|d|d�}|dur�|�
t|��|jd
|d|d�}|dur�|�t
jj|�|jd|ddd�}|dur�|�t
jj|�|jd|ddd�}|dur�|�t
jj|�|s�|�|jd|�|S)N�DOMAIN�REALM�USERNAMEF)r�rM�PASSWORD�AS_SUPPORTED_ENCTYPESTrL�TGS_SUPPORTED_ENCTYPES�AP_SUPPORTED_ENCTYPES�KVNO�AES256_KEY_HEX�AES128_KEY_HEX�RC4_KEY_HEXz/Please supply %s encryption keys in environment)r��guessr��
set_domain�	set_realm�set_usernamerr�r�r�r�rqr�rvrwrxr{r}�
assertTruer�)rIr��default_username�allow_missing_password�allow_missing_keys�require_strongest_key�c�domain�realm�allow_missing_username�usernamerr�r�r��kvno_allow_missing�aes256_allow_missingr��
aes256_key�
aes128_key�rc4_keyrTrTrU�_get_krb5_creds_from_env�s���



�
�
�
������z(RawKerberosTest._get_krb5_creds_from_envc

Cs�||jvr
|j|Sd}d}z|j|||||d�}Wnty.}	z|	}WYd}	~	nd}	~	ww|�|�||j|<|S|durvz|�}Wn%tyi}	ztd|�td|�td|	�WYd}	~	|�d}	~	ww|�|�||j|<|S|�)N)r�r�r�r�zERROR FROM ENV: %rzFALLBACK-FN: %szFALLBACK-ERROR: %r)r^r��	Exception�assertIsNotNone�print)
rIr�r�r�r�r��fallback_creds_fn�creds�env_err�errrTrTrU�_get_krb5_creds1sB


���


	��

zRawKerberosTest._get_krb5_credscCs|jd||d�}|S)N�r�r�r��r��rIr�r�r�rTrTrU�get_user_credsa�
�zRawKerberosTest.get_user_credscC�|jd||d�}|S)N�SERVICEr�r�r�rTrTrU�get_service_credsir�z!RawKerberosTest.get_service_credscCr�)N�CLIENTr�r�r�rTrTrU�get_client_credsqr�z RawKerberosTest.get_client_credscCr�)NrIr�r�r�rTrTrU�get_server_credsyr�z RawKerberosTest.get_server_credscCs0|jd||d�}|�|��tB�|�d�|S)N�ADMINr�r�)r��set_gensec_features�get_gensec_featuresr
�set_workstationr�rTrTrU�get_admin_creds�s�
zRawKerberosTest.get_admin_credscCs&|r|�|�|jdd||d�}|S)N�RODC_KRBTGTT)r�r�r�r��r�r��rI�require_keysr�r�rTrTrU�get_rodc_krbtgt_creds�s
�z%RawKerberosTest.get_rodc_krbtgt_credscCs(|r|�|�|jddd||d�}|S)N�KRBTGT�krbtgtT)r�r�r�r�r�r�r�rTrTrU�get_krbtgt_creds�s
�z RawKerberosTest.get_krbtgt_credscCst�}|��|Sru)r�
set_anonymous)rIr�rTrTrU�get_anon_creds�szRawKerberosTest.get_anon_credscCsJ|dur|j}|r#|durtj�d||f�dStj�d|�dSdS)Nz%s:
%srW)rkrsrtru)rIro�obj�
asn1_printrTrTrU�	asn1_dump�s�zRawKerberosTest.asn1_dumpcCs:|dur|j}|rtj�d|t|�|�|�f�dSdS)Nz	%s: %d
%s)rlrsrtrurG�hexdump)rIro�blobr�rTrTrU�hex_dump�s��zRawKerberosTest.hex_dumpc	Csb|durt|�j�d�d}nd}|j|||d�t||d�\}}|jd||d�|r/t|�}|S)N�:rz<None-asn1Spec>�r��rK�r�)�typer��splitr��pyasn1_der_decoder��pyasn1_native_encode)	rIr�rK�
native_encoder�r��
class_namer��_rTrTrU�
der_decode�szRawKerberosTest.der_decodecCs`|rt||d�}t|�j�d�d}|dur|jd||d�t|�}|dur.|j|||d�|S)Nr�r�rr�r�)�pyasn1_native_decoder�r�r�r��pyasn1_der_encoder�)rIr�rK�
native_decoder�r�r�r�rTrTrU�
der_encode�szRawKerberosTest.der_encodecCs$|j|d|dd�}|j||d�dS)NF)r�r�r�r�)r��send_msg)rI�reqr�r��k5_pdurTrTrU�send_pdu�s�zRawKerberosTest.send_pduc
Cs�t�dt|��}|}||7}|jd||d�|jd||d�z	|j�|d�}|t|�kr0WdS||d�}q tjyK}z|�d|��d}~wt	y^}z|�d|��d}~ww)N�>Ir�r�Trzsend_msg: %s)
�struct�packrGr�rn�sendryr�rqr�)rI�msgr��header�req_pdu�sentr@rTrTrUr��s*����zRawKerberosTest.send_msgr�c
Cs�d}z0|dur
|j�|�|j�|d�}|j�d�t|�dkr(|�d�WdS|jd||d�W|StjyI|j�d�tj	�
d�Y|Stjy]}z|�d|��d}~wtyp}z|�d|��d}~ww)Nrrxz
recv_raw: EOF�recv_rawr�zrecv_raw: TIMEOUT
zrecv_raw: %s)
rnr�recvrGrqr�ry�timeoutrsrtrur�r�)rI�num_recvr�r��rep_pdur@rTrTrUr��s0

�����zRawKerberosTest.recv_rawc	Cs�|jd||d�}|durdSt�d|dd��}|d}|dkr"dS|}d}|dkrH|j|||d�}|�t|�d�||7}|t|�}|dks*|S)NrD)r�r�r�r�rr�r�r^)r�r��unpack�assertGreaterEqualrG)	rIr�r�r��raw_pdur��k5_len�missingr�rTrTrU�recv_pdu_raw	s(���zRawKerberosTest.recv_pdu_rawc
Cs�|j|||d�}|sd|fS|j|ddddd�}|d}|�|d�|d}|�|tttg�|tkr8t��}n|tkrAt�	�}n|tkrIt��}|j|||dd�}	|	|fS)N�r�r�r�F)rKr�r�r�zfield-0r[zfield-1�rKr�r�)
r�r��assertEqual�assertInrrr�	krb5_asn1�AS_REP�TGS_REP)
rIr�r�r�r��k5_raw�pvno�msg_typerK�reprTrTrU�
recv_replys6��

�zRawKerberosTest.recv_replycCs|j|||d�\}}|S)Nr�)r)rIr�r�r�rr�rTrTrU�recv_pdu6s

�zRawKerberosTest.recv_pducC�|j|jdd�dS)Nz
Not connected�r�)r�rnr�rTrTrU�assertIsConnected<�z!RawKerberosTest.assertIsConnectedcCr)NzIs connectedr)�assertIsNonernr�rTrTrUr�?r
z"RawKerberosTest.assertNotConnectedcCsh|r|jn|j}|�|�z|j|||d�|j|||d�}Wn
ty,|�d��w|�d�|S)N)r�r�r�ztransaction failed�transaction done)r\r]r�r�rr�rq)rIr�r�r�r��to_rodcr\rrTrTrU�send_recv_transactionBs

�
�
z%RawKerberosTest.send_recv_transactioncCs|�|j�dSru)r��	isNoValuer�rTrTrU�
assertNoValueU�zRawKerberosTest.assertNoValuecCs|�|�dSru)r�r�rTrTrU�assertHasValueXr�zRawKerberosTest.assertHasValuecCs
|�|�Sru)r�)rIr��elemrTrTrU�getElementValue[r�zRawKerberosTest.getElementValuecCs|�||�}|�|�dSru)rr)rIr�r�vrTrTrU�assertElementMissing^sz$RawKerberosTest.assertElementMissingcCs^|�||�}|�|�|jr+t|tjj�r-|r!|�dt|��dS|�	dt|��dSdSdSr�)
rr�rm�
isinstancer�abc�	Containerr�rG�assertNotEqual)rIr�r�expect_emptyrrTrTrU�assertElementPresentbs
�z$RawKerberosTest.assertElementPresentcCs&|�||�}|�|�|�||�dSru)rr�r��rIr�rrJrrTrTrU�assertElementEqualls
z"RawKerberosTest.assertElementEqualcCs,|�||�}|�|�|�|t|d��dS)N�utf8)rr�r�r�rrTrTrU�assertElementEqualUTF8qs
z&RawKerberosTest.assertElementEqualUTF8cCs~|�|d|d�|jt|d�t|d�d||fd�tt|d��D]}|j|d||d|d||fd�q&dS)N�	name-type�name-stringzprinc1=%s != princ2=%sr)r�rGrc)rI�princ1�princ2rCrTrTrU�assertPrincipalEqualvs


�


��z$RawKerberosTest.assertPrincipalEqualcCs6|�||�}|�|�t|t��d�}|�||�dS�Nr�)rr�r�r��
PrincipalNamer%rrTrTrU�assertElementEqualPrincipal�s
z+RawKerberosTest.assertElementEqualPrincipalcCsv|�||�}|dkr|}|dur4|�|�|�|d�||jur2t|�}|�|d�|�||�dSdS|�|�dS)N�
autodetectr)rr�rrorqr�rrrTrTrU�assertElementKVNO�s

�z!RawKerberosTest.assertElementKVNOc	Cs�|�||�}|�|�|dur5|�|tj�t|�D]\}}|dkr4|�d||d|j|�d|���q|dur_|�|tj�t|�D]\}}|dkr^|�d||d|j|�d|���qDdSdS)Nr^rT�'z' expected in rNz' unexpected in )rr��assertIsInstancer��TicketFlags�	enumerater��namedValues)rIr�r�expected�
unexpectedr�i�flagrTrTrU�assertElementFlags�s0
�������z"RawKerberosTest.assertElementFlags)�require_strict�require_orderedcs~|jr
|r
|�||�dSd|�d|��}|js6�dur6|d��d�7}�fdd�|D�}�fdd�|D�}|�|||�dS)Nz
expected: z got: z (ignoring: r�c3��|]	}|�vr|VqdSrurT��.0�x�r5rTrU�	<genexpr>���z>RawKerberosTest.assertSequenceElementsEqual.<locals>.<genexpr>c3r7rurTr8r;rTrUr<�r=)rmr��assertCountEqual)rIr0�gotr5r6�fail_msgrTr;rU�assertSequenceElementsEqual�s
z+RawKerberosTest.assertSequenceElementsEqualcCsH|durt��}|dur|t|�}tjj|tjjd�}|�d�|jfS)N)�tz�
%Y%m%d%H%M%SZ)�timerq�datetime�
fromtimestamp�timezone�utc�strftime�microsecond)rI�epoch�offset�dtrTrTrU�get_KerberosTimeWithUsec�sz(RawKerberosTest.get_KerberosTimeWithUseccCs|j||d�\}}|S)N)rKrL)rN)rIrKrLrnr�rTrTrU�get_KerberosTime��z RawKerberosTest.get_KerberosTimecCs@t|t�r	|��}tj�|d�}|jtjjd�}t|�	��}|S)NrC)�tzinfo)
rr�rrE�strptimer�rGrHrq�	timestamp)rI�
kerberos_timerKrTrTrU�get_EpochFromKerberosTime�s
�z)RawKerberosTest.get_EpochFromKerberosTimecCsd}d}t�||�}|S)Nii���)�random�randint)rI�	nonce_min�	nonce_maxrrTrTrU�	get_Nonce�szRawKerberosTest.get_NoncecCsDi}|dur |D]}|d}||vrtd|����|d||<q|S)N�padata-typezDuplicate type �padata-value)�RuntimeError)rI�pa_data�pa_dict�pa�pa_typerTrTrU�get_pa_dict�szRawKerberosTest.get_pa_dictcCst�||�}t||�Sru)rvr�r�)rIr�r�r�rrTrTrU�SessionKey_create�s
z!RawKerberosTest.SessionKey_createcCs0|�|�|�|�tj||||d�}t||�S)N)�params)r�rv�
string_to_keyr�)rIr��pwdr�r�rdrrTrTrU�PasswordKey_create�s


z"RawKerberosTest.PasswordKey_createc	Cs\|d}|�d�}|tjjkr|��}|j|||d�S|�d�}|��}|j|||||d�S)Nr�r��r�r�r��	s2kparams)r�rfr�r�rd)r�rvrwr}�get_nt_hashrc�get_passwordrg)	rIr��etype_info2r�r@r��nthashrdrrTrTrU�PasswordKey_from_etype_info2�s


�z,RawKerberosTest.PasswordKey_from_etype_info2c
Cs�|dur|��}|r|dtjjtjjfvr|d}ntjj}|�|�}|dur*|S|��}d|��||f}|tjjkrP|�	�}|j
||d�|j|||d�S|��}|j
||d�|�
�}	|j|||	|d�S)NrzE%s has no fixed key for etype[%s] kvno[%s] nor a password specified, rrh)r�rfr�r�)r�rvrwrrr}r�r�r�rjr�rcrkrrg)
rIr�r�r��
forced_keyr�r@rmrr�rTrTrU�TicketDecryptionKey_from_creds�s<�


����z.RawKerberosTest.TicketDecryptionKey_from_credscCs$t�|�}t�|j�}|j||d�S)N)r�r�)rv�_get_enctype_profilerY�generate_random_bytes�keysizerc)rIr�r@r�rTrTrU�	RandomKey s
zRawKerberosTest.RandomKeycCs|�|d|d�S)Nr�r�)rcr�rTrTrU�EncryptionKey_import%s
�z$RawKerberosTest.EncryptionKey_importcCs0|�||�}|j|d�}|jdur|j|d<|S)N)r��cipherr�)r�r�r�)rIrr�r�r��EncryptedData_objrTrTrU�EncryptedData_create)s�

z$RawKerberosTest.EncryptedData_createcCs,|dur|j}|j|||d�}||d�}|S)N�r�)�	cksumtyper�)r�r�)rIrr�r�r�r��Checksum_objrTrTrU�Checksum_create8s�zRawKerberosTest.Checksum_createcC�||d�}|S)N)r!r"rT)r��	name_type�names�PrincipalName_objrTrTrU�PrincipalName_createF��z$RawKerberosTest.PrincipalName_createcCr})N)�ad-type�ad-datarT)rI�ad_type�ad_data�
AUTH_DATA_objrTrTrU�AuthorizationData_createR��z(RawKerberosTest.AuthorizationData_createcCr})N)r[r\rT)rI�padata_type�padata_value�PA_DATA_objrTrTrU�PA_DATA_create]r�zRawKerberosTest.PA_DATA_createcCr})N)�patimestamp�pausecrT)rI�ts�usec�PA_ENC_TS_ENC_objrTrTrU�PA_ENC_TS_ENC_createir�z$RawKerberosTest.PA_ENC_TS_ENC_createcC�d|i}|S)NrMrT)rIrM�PA_PAC_OPTIONS_objrTrTrU�PA_PAC_OPTIONS_createts�z%RawKerberosTest.PA_PAC_OPTIONS_createcCr})N)z
armor-typezarmor-valuerT)rI�
armor_type�armor_value�KRB_FAST_ARMOR_objrTrTrU�KRB_FAST_ARMOR_create}r�z%RawKerberosTest.KRB_FAST_ARMOR_createcCs|||d�}|S)N)zfast-options�padata�req-bodyrT)rI�fast_optionsr��req_body�KRB_FAST_REQ_objrTrTrU�KRB_FAST_REQ_create�s
�z#RawKerberosTest.KRB_FAST_REQ_createcCs||d�}|dur
||d<|S)N)zreq-checksumzenc-fast-req�armorrT)rIr��req_checksum�enc_fast_req�KRB_FAST_ARMORED_REQ_objrTrTrU�KRB_FAST_ARMORED_REQ_create�s�z+RawKerberosTest.KRB_FAST_ARMORED_REQ_createcCr�)N�armored-datarT)rI�armored_data�PA_FX_FAST_REQUEST_objrTrTrU�PA_FX_FAST_REQUEST_create�s�z)RawKerberosTest.PA_FX_FAST_REQUEST_createcCs2d|i}|s|S|j|t��d�}|�t|�}|S)Nzinclude-pacr�)r�r��KERB_PA_PAC_REQUESTr�r>)rI�include_pac�pa_data_create�KERB_PA_PAC_REQUEST_obj�pa_pacr^rTrTrU�KERB_PA_PAC_REQUEST_create�s��z*RawKerberosTest.KERB_PA_PAC_REQUEST_createcCs,|�|�}|j|t��d�}|�t|�}|Sr&)r�r�r��PA_PAC_OPTIONSr�r=)rIrM�pac_optionsrTrTrU�get_pa_pac_options�s
�z"RawKerberosTest.get_pa_pac_optionscCs�|dur|j|t��||d�}|�|
||�}nd}|||||	d�}|dur)||d<|dur1||d<|dur9||d<|durA||d<|
durI|
|d<|durQ||d<|durY||d	<|S)
Nr�)zkdc-optionsr��till�noncer�r$r&�from�rtime�	addresseszenc-authorization-datazadditional-tickets)r�r��AuthorizationDatarx)rI�kdc_optionsr$r�r&�	from_time�	till_time�
renew_timer�r�r��additional_tickets�EncAuthorizationData�EncAuthorizationData_key�EncAuthorizationData_usager�r��enc_ad_plain�enc_ad�KDC_REQ_BODY_objrTrTrU�KDC_REQ_BODY_create�sB&���z#RawKerberosTest.KDC_REQ_BODY_createc	CsDd||d�}|dur||d<|durt||d�}||fSd}||fS)Nr[)r�msg-typer�r�r�)r�)	rIrr�r�rKr�r��KDC_REQ_obj�KDC_REQ_decodedrTrTrU�KDC_REQ_creates���zRawKerberosTest.KDC_REQ_createcCsX|j||||||||	|
||ddd||d�}|jt||t��||d�\}}|
r(|S||fS)N)r�r�r�r�r��rr�r�rKr�r�)r�r�rr��AS_REQ)rIr�r�r$r�r&r�r�r�r�r�r�r��native_decoded_onlyr�r�r�r��decodedrTrTrU�
AS_REQ_create.s:.�
�zRawKerberosTest.AS_REQ_createcCsdt|||d�}|S)Nr[)rr�z
ap-optionsr!�
authenticator)r)rI�
ap_optionsr!r��
AP_REQ_objrTrTrU�
AP_REQ_createxs	�zRawKerberosTest.AP_REQ_createc	
CsTd||||d�}	|dur||	d<|dur||	d<|dur ||	d<|dur(||	d<|	S)Nr[)zauthenticator-vnor#r$�cusec�ctimer��subkey�
seq-number�authorization-datarT)
rIr#r$r�r�r�r��
seq_number�authorization_data�Authenticator_objrTrTrU�Authenticator_create�s�z$RawKerberosTest.Authenticator_createc$CsF|durt}nt}|j|d|||	|
|||
|||||d�}|j|t��||d�}|j|t||d�}d}|dur:|��}t	�
dd�}|j|||||||dd�}|j|t��||d�}|�
|t|�}t�d�}|jt|�||d�} |j| t��||d�} |�t| �}!|dur�|�|!�n|!g}|jt||t��||d	�\}"}#|r�|#S|#|"fS)
N�r�r$r�r&r�r�r�r�r�r�r�r�r�r�r�ryr����r#r$r�r�r�r�r�r�rN�r�r!r�r�)r/r.r�r�r��KDC_REQ_BODYr|r-r�rVrWr��
Authenticatorrxr,�	APOptionsr��str�AP_REQr�r<rbr�r�TGS_REQ)$rIr�r�r�r!r�r$r�r&r�r�r�r�r�r�r�r�r��ticket_session_key�authenticator_subkey�body_checksum_typer�r�r�r�r��
req_body_blob�req_body_checksum�
subkey_objr�r�r��ap_req�
pa_tgs_reqr�r�rTrTrU�TGS_REQ_create�s�7����	��

��
�zRawKerberosTest.TGS_REQ_createc
Cs�|djddd�}|dD]}||��7}q
||��7}|d��7}|�|t||�}|||dd�}|j|t��d�}	|�t|	�S)	Nr!rDr�r�r"�Kerberos)ror�r��authr�)	r�rr|r)r�r��PA_S4U2Selfr�r8)
rIror��tgt_session_keyr��
cksum_datarDr��PA_S4U2Self_obj�pa_s4u2selfrTrTrU�PA_S4U2Self_create*s&���z"RawKerberosTest.PA_S4U2Self_createcCs>d|i}|dur||d<|dur||d<|j|t��d�}|S)N�	newpasswd�targname�	targrealmr�)r�r��ChangePasswdDataMS)rI�new_password�target_princ�target_realm�ChangePasswdDataMS_obj�change_password_datarTrTrU�ChangePasswdDataMS_createEs��z)RawKerberosTest.ChangePasswdDataMS_createc
Cs�||d�}|dur
||d<|dur||d<|dur||d<|dur%||d<|j|t��d�}	|�|t|	�}
dt|
d�}|j|t��d�}|S)	N)�	user-dataz	s-addressrSr�r�z	r-addressr�r[)rr��enc-part)r�r��EncKrbPrivPartrxr(r)
rIr��	user_data�	s_addressrSr�r��	r_address�EncKrbPrivPart_obj�enc_krb_priv_part�enc_data�KRB_PRIV_obj�krb_privrTrTrU�KRB_PRIV_createVs4	�����zRawKerberosTest.KRB_PRIV_createc
	Cs�|�|jd�|��\}}	|j|||||	||d�}
dt|�t|
�}|�|d�t�}|�|d?�|�|d@�|�|d?�|�|d@�|�t|�d?�|�t|�d@�|�|�|�|
�|S)Nzcall self.connect() first)rrSr�r�rrZirC�)	r�rnrNrrG�
assertLess�	bytearrayrb�extend)
rIr�r�versionr�r��
local_address�remote_addressrSr�r
�sizer�rTrTrU�kpasswd_create}s,�

zRawKerberosTest.kpasswd_createcCsJ|�|dd�|d}|�|d|j�|�|d|j�|�||d�}|S)Nrr[rr�r�rv)rr�r*r�r�)rIr�rr��enc_partrTrTrU�get_enc_part�szRawKerberosTest.get_enc_partc
.	s�||jjurd}
|�|||�}n"||jjur*|�|d�|�|d�d}
|�d�}n|�d|���|�tj	j
�}|dur?d}tt�
|��}||d|d�}
|	rVt�d	d
�}nd}|j|
dddt|d�}|j|jd
d�|�|j�|jj��tjkr}d�n�tjkr�d�n|�d������fdd�}|j��d	}||�}d}|�|||
||||�}|�|�|��}|�d�|�|�|dd�}|dd�}|d	d>|dB}|dd>|dB}|dd>|dB}|�|t |��|�d|�|�!||�|�"d|d�|�"d|d�|�r�|d|�}||d�}|j#}|j$|t�%�d�}|�&|dt'�|�(||t)�}|j$|t�*�d�}|�+|d�|�+|d�z|j$|t�,�d�}Wnt-�yd|��Ynw|�&|dt,�|�(||t.�}|j$|t�/�d�}|�0|d �|�0|d!�|d"} n~|j$|t�1�d�}!|j2t3d#d$gd%�}"|�4��5��6�}#|�&|!d&d�|�&|!dt1�|�0|!d�|�0|!d!�|�+|!d'�|�+|!d(�|!d)}$t7|t8��r�|�|$|�n|�9|$|�|�0|!d*�|�0|!d+�|�&|!d,|#�d��|�:|!d-|"�|�0|!d.�|!d/} | dd�}%| dd�}&|%d	d>|%dB}'t7|t8��r.|�|'|�n|�9|'|�|&�s@|�d	|'d0�dS|&d	�r[t7|t;��rS|�|&|�dS|�9|&|�dS|�d1t |&��t<�=d2|&�\}(})}*}+},}-dS)3Ni��z"target_princ only valid for pw setz"target_realm only valid for pw setr^r�z
invalid mode rN)�tgtr��	auth_datar�rr�F)r�r�r�r�i�)r�r]�zunknown family cs�t��|�d�S)N)z	addr-type�address)ry�	inet_pton)�ip��	addr_type�familyrTrU�create_address�s
�z8RawKerberosTest.kpasswd_exchange.<locals>.create_addressrrZrCr\rDr[�~�^r�r�r�r�rSr�r�kadmin�changepw�r~rr�stime�susec�
error-coder#r$r�r&�e-text�e-dataz#got an error result, but no message�z>HIIIQQ)>r1r/r�r0rr�failrtrvrwrxr�r�r�rVrW�generate_ap_reqrr�r\r�rnrry�AF_INET�AF_INET6�getsocknamerr�r�rqr�rGr
rr"r��AP_REPrrrr!�EncAPRepPartrrrr(rrrr�r1r�rrrrqr�r(r�r�r�).rIr!r��
expected_code�expected_msg�moder�r�r��send_seq_numberrrr��kdc_exchange_dictr�r�r �local_iprrr�r�r��reply�	reply_len�
reply_version�
ap_rep_len�ap_repr
rr�
priv_enc_part�result_data�	krb_errorr&r��
error_code�status�message�status_code�empty_bytes�
min_length�history_length�
properties�expire_time�min_agerTrrU�kpasswd_exchange�s
�����

	�


���
��

�z RawKerberosTest.kpasswd_exchangec:Csn|d}|d}|d}|d}|d}|d}|d}|d}|d	}|d
}|d}|d}|d
}|d}|d}|d}|durJ|jdd�}d|vrS|d}n|��}||d<|j||||||||||	|
|||
d�}t|�} |dur�|��D]\}!}"|"dur�|"| |!<qz| |!=qz|dur�|��D]\}!}"|"dur�|"||!<q�||!=q�g}#|dur�|�|�}$|#�|$�|dur�|�|�}%|#�|%�|tkr�d}&d}'n|�	t
|�|j|||dd�}&|�t
|&�}'|dur�|�|�||||�\}(}ng}(|du�r|�|�|||ddd�})|d}*|�|*|)�}+nd}+|du�r2||||�\},}|�|,�|�t
dd�|,D�d�nd},|du�rn|d}-|�|-�|tk�rQ|j|t��d�}.n|�	t
|�|&}.|�|-t|.�}/|(|#7}(|||| |(|+|/�}0nd}0g}1|'du�r||1�|'�|0du�r�|1�|0�|,du�r�|1|,7}1|0du�r�|1|#7}1|1�s�d}1|1|d<|(|d<| |d <|j||1||�d!�\}2}3|2|d"<|d#}4|j|3|4d$�}5|�|5�|�|5d%�}6|�|6�d}7|du�r�t}7|�|�|�d&t|��|�d&|�|du�r|}7|�|�|�	d&t|��|�|7�|6tk�r|�|5d'�}8d(|8��}9nd)|��}9|�	|6|7|9�|6tk�r1||||5�S||||5�S)*N�check_error_fn�check_rep_fn�generate_fast_fn�generate_fast_armor_fn�generate_fast_padata_fn�generate_padata_fn�
callback_dict�req_msg_type�req_asn1Spec�rep_msg_type�expected_error_moder��pac_requestr��	inner_req�	outer_reqi��)rLr�r�F�r�T�fast_armor_typecSsg|]}|d�qS)r[rT�r9r`rTrTrU�
<listcomp>�sz9RawKerberosTest._generic_kdc_exchange.<locals>.<listcomp>zDon't create TGS-REQ manually�	armor_keyr��
req_padata�fast_padatar�)rr�r�rK�req_objr
)r
r�rr(zGot unexpected error: zExpected to fail with error: )rOrZr��dictr�r�rbr�rr�rr-r�r<r�r��assertNotInr�r�r�r|r'r�rrrrrrG):rIr7r$r�r&r�r�r�r�r�r�r�r�r�rLrMrNrOrPrQrRrSrTrUrVr�rWr�rXrYr�r��inner_req_bodyrrJ�additional_padata�pa_pac_request�pa_pac_options�tgs_req�tgs_req_padatar`�fast_ap_reqr[�
fast_armor�outer_padatar^�
checksum_blobr��fastr�ra�req_decodedr
rr�expected_msg_typerAr@rTrTrU�_generic_kdc_exchange|sL
�





�

�

��
�
�


���






�









�z%RawKerberosTest._generic_kdc_exchangerr�c01Cs~|dkrd}n
t|tjj�s|f}idt�dtj�dt�dtj�dtj	�d|�d	|�d
|�d|�d|�d
|�d|�d|�d|	�d|
�d|�d|�id|
�d|�d|�d|�d|�d|�d|�d|�d|�d|�d|�d|�d |�d!|�d"|�d#|�d$|��id%|�d&|�d'| �d(|!�d)|"�d*|#�d+|$�d,|%�d-|&�d.|'�d/|(�d0|)�d1|*�d2|+�d3|,�d4|-�d5|.��d6|/i�}0|dur�i}|0S)7NrrTrSrTrU�rep_asn1Spec�rep_encpart_asn1Spec�expected_crealm�expected_cname�
expected_anon�expected_srealm�expected_sname�expected_account_name�expected_upn_name�expected_sid�expected_supported_etypes�expected_flags�unexpected_flags�ticket_decryption_key�expect_ticket_checksum�expect_full_checksumrNrOrPr[rQrLrM�check_kdc_private_fnrRrV�expected_status�client_as_etypes�
expected_saltr��preauth_keyr^�	armor_tgt�armor_subkeyrr�rXrYrWr��expect_edatare�
expect_claims�expect_upn_dns_info_ex�expect_pac_attrs�expect_pac_attrs_pac_request�expect_requester_sid�strict_etype_infor
)
rrrrrr�r�rr��EncASRepPart)1rIrtrurvrwrxryrzr{r|r}r~rr�r�rNrOrPr[rQrLrMr�rRrVr�r�r�r�r�r^r�r�rr�rXrYrWr�r�rer�r�r�r�r�r�r
r7rTrTrU�as_exchange_dictV	s�0��������	�
���
������������������� �!�"�#�$�%�&�'�(�)�*�+�,�-�.�/�0�1�2�3�4�6z RawKerberosTest.as_exchange_dictc12Cs�|dkrd}n
t|tjj�s|f}idt�dtj�dt�dtj�dtj	�d|�d	|�d
|�d|�d|�d
|�d|�d|�d|	�d|
�d|�d|�id|
�d|�d|�d|�d|�d|�d|�d|�d|�d|�d|�d|�d |�d!|�d"| �d#|�d$|��id%|�d&|�d'|�d(|!�d)|"�d*|#�d+|$�d,|%�d-|&�d.|'�d/|(�d0|)�d1|*�d2|+�d3|,�d4|-�d5|.��|/|0d6��}1|dur�i}|1S)7NrrTrSrTrUrrrsrtrurvrwrxryrzr{r|r}r~rr�r�rNrOrPr[rQrLrMr�rRrVr�rr�r^r�r�rr�r�rXrYrWr�r�rer�r�r�r�r��expected_proxy_target�expected_transited_services)r�r
)
rrrrrr�r�rr�
EncTGSRepPart)2rIrtrurvrwrxryrzr{r|r}r~rr�r�rNrOrPr[rQrLrMr�rVr�rRrr^r�r�r�rr�r�rXrYrWr�r�rer�r�r�r�r�r�r�r�r
r7rTrTrU�tgs_exchange_dict�	s�1��������	�
���
������������������� �!�"�#�$�%�&�'�(�)�*�+�,�-�.�/�0�1�2�3�4�7z!RawKerberosTest.tgs_exchange_dictc#Cs�|d}|d}|d}|d}|d}|d}	|d}
|d}|d	}|�|d
|�|�|d�}
|jrR|�|d|�|rG|jtd
dgd�}n|d}|�|d|�|�|d�|�|d�}d}d}|�|�|dur�|�|dd�|�|d|�|�|d|�|�|d�|�|d�}|�|�|dur�|�|d�|d}t	t
t�d���d}|t	|�kp�||dk}|r�|�
|d|j�n|�|d�|�|d�|�|d�}|�|d�|�|d�}d}|�|�|du�r|�|d�|�
|dd�|�|d�|�|d�}d}|�|�\}}|du�rT|�|
�}t|v�rT|t}|j|||d d!�}d"|v�r;|�|d"�}|�||�}|�d#�}|du�rI|d$}|j|||dd%d&�d}|du�rz|�|d|j�|�
|d|j�|�t|�} |j| t��d'�}d}!|�|�|du�r�|�|d|j�|j�r�|�
|d|j�|�||�}"z
|j|"|
�d'�}!Wnt�y�|j|"t��d'�}!Ynw||d(<|�|	�|	du�r�|	|||||!|�|S))Nrtrvrwrxrr�rsrUr^r�r�r#�	WELLKNOWN�	ANONYMOUSr%rur$r!ztkt-vnor[r�r&rr�r�zenc-tkt-in-skeyr^rTr�rvr)T)�finished�strengthen-keyr�zticket-checksumr)rAr��	reply_key) rrrmr r�r3r(rr�rG�tupler��
KDCOptionsr*ror�get_preauth_keyrbr;�check_fx_fast_dataru�generate_strengthen_reply_keyr��check_rep_padatar�r�r�r0r��
EncTicketPartr�r�)#rIr7rRrrtrvrwrxrr�rsrr^r�rur!�ticket_encpart�
ticket_cipherr��pos�expect_kvno�encpart�encpart_cipher�ticket_checksum�encpart_decryption_key�encpart_decryption_usager_�fx_fast_data�
fast_response�strengthen_key�
fast_finishedr(�ticket_decpartr)�rep_decpartrTrTrU�generic_check_kdc_rep8
s�


��

�


�
���

�
����

���
�
��

�z%RawKerberosTest.generic_check_kdc_repc
Cs�|j|t��d�}|dd}|�|d|j�|�t|d�}|j|t��d�}|r4|jr4|�	d|�|r<|�	d|�|d}	|�|	|d�|S)	Nr�r�zenc-fast-repr�rvr�r�r�)
r�r��PA_FX_FAST_REPLYr�r�r�r&�KrbFastResponsermr�)
rIr7r�r^r��expect_strengthen_key�enc_fast_rep�fast_repr�r�rTrTrUr��
s ��
z"RawKerberosTest.check_fx_fast_datac7
Cs�|d}ttt�d���d}|t|�ko||dk}	ttt�d���d}
|
t|�ko1||
dk}ttt�d���d}|t|�koH||dk}
|pL|
}|d}|d}|d	}|d
}|d}|d}|�d
�}|�d�}|�|d�}|dur�|d}|�|||�|d}|r�|��}n|��}|�	|�}|g}|j
s�|j	|tjj
d�}|�|�|jr�|�|�r�d}n|d}d}|du�rJ|�|d||�|�|d�|�|d�} |�| �| dur�|�| d�|�| d�|�| �}|�|d|�|j
�r|�|d|�|�|d�|�|d�|j
�r|�|d�|�|d�|�r,|j
�r+|�|d�n|�|d�|j
�r<|�|d �|du�rJ|j|d!|d"�d}!|du�r�|�|d�|�|d�}"|�|"�|"du�rx|�|"d�|�|"d�|�|"�}!|�|d#�|�|d$|d$�|tk�r�|j
�r�|�|d%�n|�|d%�|�|d||�|�|d�|j
�r�|�|d�|�|d�|�r�|j
�r�|�|d�n|�|d�|�|d&|�|�|d'|�|j
�r�|�|d �|�|�}#|�|�}$|�|d(�}%|	�sd|#v�s|tk�r�|$�r�|j
�r|�|%�|%du�r�|�|%�}&|j
�r@|	�r(|�t|&�n|�t|&�d|#v�r:|�t |&�n|�t |&�|tk�rO|$�rO|�t!|&�n|�t!|&�t|&v�r�|d)}'t"�#d*|&t�\}(t$j%t$j&B})|�'|(|)@|'|)@d+|(�d,|(d-�d.|'�d,|'d-�d/�	�t |&v�r�|j(|&t t�)�d0�}*|�|*d1|#�t!|&v�r�|&t!}+|j(|+t�*�d0�}+|d2},|d3}-|d4}.|j+|-|.�d0�}-|+d5}/|+d6}0|,�,t-|-|0|/�n|%du�r�|�'|%g�|du�r�|!du�r�|�'|j.|!j.�|�'|j/j0|!j/j0�|!du�r|!}1n|}1t1||1|||||||d7�	}2|du�rA|j2|2|d8�}3|du�r,|�|3�n
|d9u�r6|�3|3�|3du�rA|�4|3|�|d:}4|d;}5|4�sO|5�rT|�|�|du�rw|�|��oc|t5k}6|j6|2||6||4�po|j7|5�pt|j8d<�|2|d=<dS)>Nr��canonicalizer^rT�	renewable�renewrtrurwrxrrUr}r~r!r^r
)r�Tre�flagsrr�r�r#r$�	transited�authtime�	starttime�endtimez
renew-till�caddrr�)rzlast-reqr�zkey-expirationr%r&zencrypted-pa-datar|z<LzPADATA_SUPPORTED_ETYPES: got: z (0x�Xz
), expected: r�r�rMr�rarTr�rz)r#r$r%r&r'r(r)�reFr�r�)�service_ticketrer�r��rep_ticket_creds)9rGr�r�r�r�r�verify_ticket_checksumr�r�rprmrvrwr}rbre�is_tgsr4rr�rur r(rrr�get_sent_pac_options�sent_enc_pa_reprbr�rBrcr=rAr�r�r	rrr�r�r��Checksumr�r�r"r�rr�r �get_ticket_pacr�check_pac_buffersr�
verify_ticketrcrd)7rIr7rRrr(r)r�r��	canon_posr��
renewable_posr��	renew_posr��expect_renew_tillrtrurwrxrrUr}r~r!r^r
�krbtgt_creds�
krbtgt_key�krbtgt_keys�krbtgt_key_rc4rer��
ticket_key�encpart_session_key�encpart_key�sent_pac_optionsr��
enc_padata�enc_pa_dictr|�supported_etypes�ignore_bitsr��
enc_pa_repr�rarTr�r�r"�ticket_creds�pac_datar�r�r�rTrTrU�generic_check_kdc_private�
s�
�
�
�



�

�

���
�



�
�������

�


�

������
��
����
�
�
�






��z)RawKerberosTest.generic_check_kdc_privatec'CsTttj|�}|d}|d}|d}|d}tjtjtjtjtjg}|d}	tt	t
�d���d}
|
t|	�ko<|	|
dk}|rE|�tj
�|jrd|rP|�tj�|tkrd|durd|�tj�|�tj�|�|�sy|tkry|�tj�|�tj�tjh}|js�|�tj�|js�|�tj�|�|�}
|d	}|r�|d
}n|d}|dur�|jr�|
}n|�tj�|r�|�tj�|d}|dur�|jr�|
}n|�tj�|r�|�tj�d
d�|jD�}|j||d|d�|d}|d}|d}|du�r|du�s|du�rd}|jD�]}|jtj
k�r7|d}|d}|jj}|� |t!|j"��t#t$t!|j%��}|� ||��q|jtjk�rR|d}|dd}|� ||jj&��q|jtjk�r�|jjj'j(}|du�rm|� |t!|j&��|du�r�t)|�*dd�d�}|� ||j+��q|jtjk�r�|j}|j,}|d} |� | |j-�|d}!|!du�r�|� |!|j.�|�r�|�/|�|du�r�|du�r�|� ||j0�|du�r�|� |t!|j1���q|jtjk�r|�r|j}"|� d|"j2�|"j3}#t4|#d@�}$t4|#d@�}%|� |du|$�|� |du|%��q|jtjk�r&|�r&|jj5}&|du�r&|� |t!|&���qdS)NrUr�rxr�r�zcname-in-addl-tktr^rTr�r�rWr�cSsg|]}|j�qSrT)r�)r9�
pac_bufferrTrTrUr](s
�z5RawKerberosTest.check_pac_buffers.<locals>.<listcomp>F)r6r5ryr{r�Tr�r�rur"r�-rtrzr])6rr�PAC_DATA�PAC_TYPE_LOGON_INFO�PAC_TYPE_SRV_CHECKSUM�PAC_TYPE_KDC_CHECKSUM�PAC_TYPE_LOGON_NAME�PAC_TYPE_UPN_DNS_INFOrGr�r�r�rb�PAC_TYPE_CONSTRAINED_DELEGATIONr`�PAC_TYPE_CLIENT_CLAIMS_INFOr�PAC_TYPE_DEVICE_INFO�PAC_TYPE_DEVICE_CLAIMS_INFOr��PAC_TYPE_TICKET_CHECKSUM�PAC_TYPE_FULL_CHECKSUMrc�addrdrf�PAC_TYPE_ATTRIBUTES_INFO�PAC_TYPE_REQUESTER_SID�buffersrAr��infor�r��proxy_targetr8�map�transited_services�account_name�info3�baserqr��rid�ex�dns_domain_name�upn_namer��samaccountname�	objectsid�flags_lengthr�r_�sid)'rIr�r7�pacrUr�rxr��expected_typesr�r��constrained_delegationr5rfr�r�r��buffer_typesryr{r�r�r�r��delegation_infor�rur��
logon_info�expected_rid�upn_dns_info�upn_dns_info_ex�expected_realmrz�	attr_infor��
requested_pac�	given_pac�
requester_sidrTrTrUr��s(�
�
����


�����
�
��
�


�
���
�
��
��z!RawKerberosTest.check_pac_bufferscCs�|d}|d}|d}|d}|d}	|�|�}
|d}|�|dd�|�|d	t�|�|d
�}|�||	�|jrF|�|d�|�|d�|�|d
�|�|d�|jr�|�|d�|rp|sp|jt	ddgd�}
|�
|d|
�n|�|d�|�|d|�|�
|d|�|�|d�|d}|d}|dur�|tko�|
p�|dup�|t
ko�|}|r�||jur�d}|s�|�|�|�|d�|S|�|d�}|jr�|�|�|du�rj|tk�r|
�s|j|t��d�}|�t|d�|d}|�dt|��t�|dd�d �}t�|d!d�d �}|�||�|�d"|�|S|�|�|j|t��d�}|�t|�d#�|
�r^|�d$t|��|�|�}|�t|�|d%}|�|�|j||t|dd&�}|d'}|�||||�}||d(<|S))NrUrvrwrxrVr[rr[r�r(r�r�r&r'r#r�r�r%r$r�r&r)r�r�Fr*r�z	data-typez
data-value�rDr�rCr\rr^r^)r�r��preauth_etype_info2) �	sent_fastrrrr�rmrrr�r3r(r rr�expect_padata_outerrr�rr�r��KERB_ERROR_DATAr�rrGrq�
from_bytes�METHOD_DATA�
assertGreaterrbr;r�r�)rIr7rRr�innerrUrvrwrxrVrr[rArur�r��edata�
error_data�extended_errorrBr��
rep_padata�rep_pa_dictr^r�rlrTrTrU�generic_check_kdc_error�s�
���


��
��

��z'RawKerberosTest.generic_check_kdc_errorc.Cs|d}|d}|d}|�dg�}|�|�}	|�|�}
|tkr%|�|	�d}d}d}
d}tjj|vr5d}|D]*}||vr>q7|tjjtjj	fvrPd}||
krP|}
|tjjfvra|dkra||kra|}q7|
dkrk||
f7}|dkrt||f7}d}|	r�|dkr�|t
f7}|tf7}|tkr�|�|�}d	|vr�|dt
fvr�|tf7}nL|t
kr�|r�|�t|�d�|tf7}t|�dkr�|tf7}|tkr�|	r�|tf7}n|tf7}|
s�|tf7}|tf7}|jr�|	s�|
s�|tf7}|tf7}ttttth}|d
}|s�|�t�tdd�|D��}|j|||d
�|�sdS|�|�}|�t�}|du�r*|�t|�d�|�t�}|du�r<|�t|�d�|�t�}|du�rN|�t|�d�|�t�}|du�r`|�t|�d�|�t�}|du�rn||d<|�t
�}|du�r�|j|t �!�d�}|j"|||dd�|�t�}|du�r�|j|t �#�d�}|�$|d|�|�t�}|du�r)|
�s�|�t|�d�no|d}|�%|�|�&|�\}} |�'||�}!|j(�r�|�)t|�d�t|�dk�r)|j|t �*�d�}"|�|"d|!j+�|!�,t-|"d�}#|j|#t �.�d�}#|#d}$|�/d|#�|�0|$�}%t1�1�}&|�2|&d|%�|�2|%|&d�|�t�}'|'du�r�|j|'t �3�d�}'|�4t|'�d�|j(�rR|�t|'�t|��t5dt|'��D]U}(|�6|'|(d�})|j(�ro|�|)||(�|�6|'|(d�}*|)tjjk�r�|j(�r�|�7|*�n|�%|*�|d}+|+du�r�|�|*|+�|�6|'|(d�},|j(�r�|�7|,��qY|�t�}-|-du�r|d
}|j|-t �8�d�}-|�t|-�d�|�6|-dd�})|�|)tjj�|�r�|�|)|d�|�6|-dd�}*|j(�r|�%|*�|�t|*�d�|'S)NrUr�r�r�rTFrTrTr�css�|]}|dVqdS)r[NrTr\rTrTrUr<F
s�z3RawKerberosTest.check_rep_padata.<locals>.<genexpr>r;�fast_cookier�)rrMr^rvr�r�i,r^r�r�ri)9r�r�sent_enc_challengerr�rvrwr}rxr{r:r9r�rr=rrGr6r7rr4r5r?r@r`r;r�r�rArbr�r�r�rrr�rr�r��generate_kdc_challenge_keyrmr�
EncryptedDatar�r�r#�
PA_ENC_TS_ENCr�rUrDr
�ETYPE_INFO2r�rcrr�
ETYPE_INFO).rIr7rRrrArUr��proposed_etypesr�rr�expect_etype_info2�expect_etype_info�expected_aes_type�expected_rc4_typer��expected_patypesr�r5r��got_patypesr_�
enc_timestamp�	pk_as_req�pk_as_rep19�fx_fastr�
fast_errorr��
enc_challenger^r�r��kdc_challenge_key�encrypted_challenge�	challenge�
rep_patime�rep_time�current_timerlr2r@r�r�ri�
etype_inforTrTrUr��sl


�





�




��

�
�












��

�


��
���


�
�


�

�
z RawKerberosTest.check_rep_padatacCsp|d}|�|||�}	|j|	t��d�}	|�|t|	�}	|�|||	�}
|�|
�}|j|t��d�}|�	t
|�}|S)Nr^r�)r�r�r��
KrbFastReqrxr$r�r��PA_FX_FAST_REQUESTr�r;)rIr7�_callback_dictr�r`rkr�r�r^�fast_req�fast_armored_req�fx_fast_requestrTrTrU�generate_simple_fast�
s2����
��z$RawKerberosTest.generate_simple_fastc
Cs0d}|r|�|�|d}|d}	n#|d}|d}	|dur5|d}
|j|t��d�}|j|jt||
d�}|d}d}
|	durC|	��}
|durMt�	d	d
�}|�
�\}}|j|j|j
||||
||d�}|j|t��d�}|duru|rstnt}|�|j||�}t�d�}|jt|�|j|d
�}|j|t��d�}|S)Nr�r�rr�r�r�ryrrr�r�rNr�)rr�r�r�r|r"r-r�rVrWrNr�r#r$r�rr,rxr�r�r�r!r�)rIr7r;r�r�r�r�r�rr�r�r�rr�r�r��authenticator_obj�authenticator_blobr�r��
ap_req_objr�rTrTrUr-�
sh

���	��

�zRawKerberosTest.generate_ap_reqcCs,|j|||dd�}|�t|�}|g}||fS)NFrZ)r-r�r<)rIr7rRr�r�r�r�rTrTrU�generate_simple_tgs_padata+s�z*RawKerberosTest.generate_simple_tgs_padatacCs\|d}|tkr|d}t}n|d}|dur|}t}n	|d}|j}t}|�|�||fS)NrUr�r�r)rr r+r"r*r�)rIr7rrr�r�rrTrTrUr�8s
zRawKerberosTest.get_preauth_keycC�"t�|j|jdd�}t|d�}|S)Nssubkeyarmorsticketarmor�rv�cf2rrt)rIr�r"r^rTrTrU�generate_armor_keyL��
z"RawKerberosTest.generate_armor_keycCs$t�|j|jdd�}t||j�}|S)Ns
strengthenkeysreplykey)rvrFrrtr�)rIr�r��strengthen_reply_keyrTrTrUr�Us��z-RawKerberosTest.generate_strengthen_reply_keycCrD)Nsclientchallengearmor�challengelongtermrE)rIr^�longterm_key�client_challenge_keyrTrTrU�generate_client_challenge_key_rHz-RawKerberosTest.generate_client_challenge_keycCrD)NskdcchallengearmorrJrE)rIr^rKr2rTrTrUr hrHz*RawKerberosTest.generate_kdc_challenge_keycCsF|d}|�|j|�|j|t��d�}|�|t|�}|�||�dS)Nrzr�)r�r�r�r��Ticketr|r%)rIr!�expected_checksumr^�
expected_type�ticket_blobr�rTrTrUr�qs��z&RawKerberosTest.verify_ticket_checksumcs|j}|jd}|�|d|j�|�|d|j�|�t|d�}|j|t	�
�d�}|�d�}	|r6|�|	�n|	dur<dS|�
�}
|j|	|
|d�\}	}|sNdSttj|�}ttj|�}
i}d}t|j|
j�D]N\}}|j}||jvr�|�||d|���|jj}|jj}|d	@r�|d
O}||f||<|tjkr�|}qe|tjkr�ttj|jj�}tt|��|_t |�|j_qet |
�}|dur�ttj|jj�}tt|��|_t |�|j_t |
�}|tj!\}}|�"t#|||�|tj$\}�t%|t&j'j(��r|j)r�|d}nt*�fdd
�|D��}n|}|�+t#|�|�|�s$|�tj|�|�tj|�dS|�tjd�\}}|�r6|�|�n
|du�r@|�,|�|du�rZ|	|d<|j-|t	�
�d�}|�+t#|||�|�tjd�\}}|�rl|�|�n
|du�rv|�,|�|du�r�|�+t#|||�dSdS)Nrr�r�rvr�r�r��Duplicate checksum type r�r�rc3s�|]
}|j�kr|VqdSrury)r9r��	kdc_ctyperTrUr<�s�
��z0RawKerberosTest.verify_ticket.<locals>.<genexpr>�NNF).r'r!rr�r*r�r�r0r�r�r�r�r��
get_empty_pac�replace_pacrrr��PAC_DATA_RAW�zipr�r��pac_checksum_typesrcr��	signaturer�r��PAC_SIGNATURE_DATA�	remainingr�rGrr�r�r)r�rrrrrm�nextr�rr�)rIr!r�r�rer�r�rrr�	empty_pacr�r�raw_pac�	checksums�full_checksum_bufferr��raw_pac_buffer�buffer_typer�r�r[�
full_pac_data�server_checksum�server_ctype�kdc_checksumr�r��ticket_ctype�
full_checksum�
full_ctyperTrSrUr�|s�
�

���
�

��������
��


���


��zRawKerberosTest.verify_ticket)�new_ticket_key�	modify_fn�
modify_pac_fn�exclude_pac�allow_empty_authdata�update_pac_checksums�
checksum_keys�include_checksumscCsn|duri}|	duri}	|�|��|j�|�|	��|j�|r'|�|�d}|s3|�|�|�|	�|du}
|j}|dur@|}tj|vrJ||tj<tj|vr^|�	tj
�}|dur^||tj<tj|vrr|�	tj
�}|durr||tj<|jd}
|�
|
d|j�|�|
d|j�|�t|
d�}
|j|
t��d�}
|dur�||
�}
|
�	d�}|
r�|�|�|du�r	d}|s�|��}|j|||
d�\}}|dur�ttj|�}|dur�||�}|r�|
��}||d<|j|t��d�}|�|||	|�t|�}|�t |�}|j|||
|d	�\}}||
d<|j|
t��d�}|�!|t|�}|j��}||d<t"||j#|j$|j%|j&|j'||
|j(d
�	}|S)NFrr�r�rvr�r�r�)rerp)r"r#r$r%r&r'r(r)))�assertLessEqual�keysrZr�assertFalser'rr�r�r�r�r�r!rr�r*r�r�r0r�r�r�r�rVrWrr��copyr�rqrr�rrxr r"r#r$r%r&r))rIr!rlrmrnrorprqrrrsrer�kdc_checksum_keyrr�new_pacr_�empty_pac_auth_datar�r�enc_part_to_signr��enc_part_new�
new_ticket�new_ticket_credsrTrTrU�modified_tickets�






�
�
�



�����
���
�zRawKerberosTest.modified_ticketcCs|j}i}|D]}|j}||jvr|�||d|���|||<q|jD]D}||vrB|�|�durA|�|�}	|jd8_|�|	�q#|�|�durgt�	�}
t�
�}	||	_|
|	_|�|	�|jd7_|	||<q#|�
�D]4\}}	||}|jd@}|tjkr�|�|�|�t|�}
n|tjkr�|��}
n|��}
|
|	j_||	j_ql||_|�tj�}|dur�|tj}t|�}|�t|�}||j_|�tj�}|dur�|tj}t|�}|�t|�}||j_|�tj�}|du�r|dur�t�}|tj}|�t|�}||j_dSdS)NrRFr^Tl��)r�r�rZrcr��pop�num_buffers�removerr\�
PAC_BUFFERr�rbr�r�r�r�r�r)r�r�r�r[r�rr�r�r�)rIrrrrsr�pac_buffers�checksum_buffersr�rd�checksum_bufferr��checksum_keyr�r[rb�full_checksum_keyr�rj�server_checksum_buffer�server_checksum_keyrf�kdc_checksum_bufferrxrhrTrTrUrq�s�
��


�
�


�


�
��
��

��z$RawKerberosTest.update_pac_checksumscCs|dur|�|dt�|�|d�g}d}d}|D]b}|dtkrp|j|dt��d�}g}	|D]!}
|
dtkrL|�|d�|
d}|durK|	�|�q0|	�|
�q0|rZ|�|d�|	s^|rn|j	|	t��d�}|�
t|�}nd}|dusv|r{|�|�q|r�|�|d�||fS)Nr�r�r�zMultiple PACs detectedzExpected PACzExpected AD-RELEVANT)rrrrr�r�rrbr�r�r�)rIrryrerp�
new_auth_data�ad_relevant�old_pac�
authdata_elem�relevant_elems�
relevant_elemrTrTrUrWsN�
���
�zRawKerberosTest.replace_paccCs|�|d|�\}}|Sru)rW)rIrrer�rrTrTrU�get_pacHrPzRawKerberosTest.get_paccCs6|j�d�}|r|�|�n|durdS|j||d�S)Nr�r�)r(r�r�r�)rIr!rerrTrTrUr�LszRawKerberosTest.get_ticket_paccCs|��}|�|�}tj|iSru)r�rprr�)rIr�r�rTrTrU�get_krbtgt_checksum_keyUs
�z'RawKerberosTest.get_krbtgt_checksum_keycCs|dd}|dvS)Nr"r)r�skrbtgtrT)rI�	principalrorTrTrUr�]szRawKerberosTest.is_tgscCs|jd}|�|�Sr*)r!r�)rIr!r&rTrTrU�is_tgtar,zRawKerberosTest.is_tgtcCs|�ttd��Sr)r�rr�r�rTrTrUrVerzRawKerberosTest.get_empty_paccCs|�|d�S)Nr_)rb)rIr7rTrTrU�get_outer_pa_dicthr�z!RawKerberosTest.get_outer_pa_dictcCs |�|d�}|r|S|�|�S)Nr`)rbr�)rIr7�req_pa_dictrTrTrU�get_fast_pa_dictks
z RawKerberosTest.get_fast_pa_dictcC�|�|�}t|vSru)r�r;)rIr7�
outer_pa_dictrTrTrUrs�
zRawKerberosTest.sent_fastcCr�ru)r�r4�rIr7�fast_pa_dictrTrTrUrxr�z"RawKerberosTest.sent_enc_challengecCr�ru)r�rAr�rTrTrUr�}r�zRawKerberosTest.sent_enc_pa_repcCsb|�|�}t|vrdS|j|tt��d�}|d}|dd�|dd�}}|dt|�7}|S)Nr�r�rMrDrN)r�r=r�r�r�rG)rIr7r�r�r]rTrTrUr��s

�z$RawKerberosTest.get_sent_pac_optionscCs.|��}|��}|��}|jt||gd�}|S)Nr%)r�r�rr�r2)rIr��krbtgt_username�krbtgt_realm�krbtgt_snamerTrTrU�get_krbtgt_sname�s�z RawKerberosTest.get_krbtgt_snamec &s�fdd�} |sd}!|j}"n|j}!d}"�dur| }#nd}#|jd!id|�d|�d|	�d|
�d|�d|�d	|�d
|�d|�d|#�d
|!�d|"�d|j�d|�d|�d|�d|�d|�d|�dt|��d|�d|�d|�d|�d|�d|�d|�d|�d|��}$|j|$|||||d �}%|%|$fS)"Ncs�|fSrurT)�_kdc_exchange_dictr;r��r�rTrU�_generate_padata_copy�sz@RawKerberosTest._test_as_exchange.<locals>._generate_padata_copyrtrurwrxryrzr{r|rrQrLrMr�rVr�r�r}r~r�r�rWr�rer�r�r�r�r�r
)r$r�r&r�r�rT)r�rr�r�r�rq)&rIr$r�r&r�r�rVrtrurwrxr�r�r�r�ryrzr{r}r~r|r�rrWr�rer�r�r�r�r�r
r�rLrMrQr7rrTr�rU�_test_as_exchange�s�!
��������	�
���
������������������z!RawKerberosTest._test_as_exchangeru)TF)NFTF)NFTFN)FT)NTNNrU)r�NN)NNN)NNNF)F)NNNNN)T)TNN)NNTNN)NNNN)NNNT)NNNNNNNNNNNN)r�)TTN)NNNNNNNNNNTNNNNTF)�r�r�r��__doc__rr1rr�r�r�r�rZrvrwrxr{r}r7r.rr6r�rFrGrHrXrjrprqr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrr	r�rrrrrrrr r%r(r*r4rArNrOrUrZrbrcrgrnrprtrurxr|r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrKrqrr�r�r�r�r�r�rr�r?r-rCr�rGr�rMr r�r�rrqrWr�r�r�r�r�rVr�r�rrr�r�r�r�r�rTrTr�rUr-s���


B


�
�K
�1�	�	�	�	�
�
�

	
��
�
�
�

#

	
�L�+�J3�
��'%�R�\
�q
�r�-�h_�&�A
	
		��
�k
�1	�r-)r)�rsryr�rDrErVr�r9r�enumr�pyasn1.codec.der.decoderrr��pyasn1.codec.der.encoderrr��pyasn1.codec.native.decoderr��pyasn1.codec.native.encoderr��pyasn1.codec.ber.encoderr�pyasn1.errorr�samba.credentialsr�samba.dcerpcrr	�samba.gensecr
�	samba.ndrrr�samba.dcerpc.miscr
r�samba.testsrYr�samba.tests.krb5.rfc4120_pyasn1rZ�krb5�rfc4120_pyasn1r��"samba.tests.krb5.rfc4120_constantsrrrrrrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r9r:r;r<r=r>r?r@rArB�samba.tests.krb5.kcryptorvrV�encodeValuerp�TicketFlagsValuesr/r-rd�prettyPrint�KDCOptionsValuesr��APOptionsValuesr��PACOptionFlagsValues�PACOptionFlagsrs�NameTypeValues�NameType�AuthDataTypeValues�AuthDataType�PADataTypeValues�
PADataType�EncryptionTypeValues�EncryptionType�ChecksumTypeValues�ChecksumType�KerbErrorDataTypeValues�KerbErrorDataTypertr�r�r�r�r r-rTrTrTrU�<module>s��5
������������
������������4'