[PATCH] Use krb5_wrap function in gensec_krb5

Andreas Schneider asn at samba.org
Mon Aug 29 13:16:18 UTC 2016 

On Monday, 29 August 2016 21:23:07 CEST Andrew Bartlett wrote:
> Have you run tests against Windows?

asn: ~/workspace/projects/samba> bin/smbtorture --option='fss:sequence 
timeout=1' --maximum-runtime=1200 --option=torture:progress=no ncacn_np:dwdc1 
-k yes -UAdministrator%Samba777 --workgroup=DISCWORLD.SITE --
option=clientusespnegoprincipal=yes --option=gensec:fake_gssapi_krb5=yes --
option=gensec:gssapi_krb5=no --option=gensec:target_hostname=DWDC1 
'rpc.lsa.secrets.none*'
smbtorture 4.6.0pre1-DEVELOPERBUILD
Using seed 1472476204
time: 2016-08-29 15:10:04.930207
test: none keyexchange:yes ntlm2:yes lm_key:yes
time: 2016-08-29 15:10:04.931027

Testing OpenPolicy2
Testing CreateSecret of torturesecret-540396684
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.028226
success: none keyexchange:yes ntlm2:yes lm_key:yes
test: none keyexchange:yes ntlm2:yes lm_key:yes
time: 2016-08-29 15:10:05.028277

Testing OpenPolicy2
Testing CreateSecret of torturesecret-2013987131
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.039913
success: none keyexchange:yes ntlm2:yes lm_key:yes
test: none keyexchange:yes ntlm2:yes lm_key:no
time: 2016-08-29 15:10:05.039967

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1461337782
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.051143
success: none keyexchange:yes ntlm2:yes lm_key:no
test: none keyexchange:yes ntlm2:yes lm_key:no
time: 2016-08-29 15:10:05.051172

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1406052089
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.062028
success: none keyexchange:yes ntlm2:yes lm_key:no
test: none keyexchange:yes ntlm2:no lm_key:yes
time: 2016-08-29 15:10:05.062061

Testing OpenPolicy2
Testing CreateSecret of torturesecret-975954445
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.073636
success: none keyexchange:yes ntlm2:no lm_key:yes
test: none keyexchange:yes ntlm2:no lm_key:yes
time: 2016-08-29 15:10:05.073687

Testing OpenPolicy2
Testing CreateSecret of torturesecret-663334993
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.085899
success: none keyexchange:yes ntlm2:no lm_key:yes
test: none keyexchange:yes ntlm2:no lm_key:no
time: 2016-08-29 15:10:05.085941

Testing OpenPolicy2
Testing CreateSecret of torturesecret-51680497
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.097437
success: none keyexchange:yes ntlm2:no lm_key:no
test: none keyexchange:yes ntlm2:no lm_key:no
time: 2016-08-29 15:10:05.097469

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1880885519
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.108561
success: none keyexchange:yes ntlm2:no lm_key:no
test: none keyexchange:no ntlm2:yes lm_key:yes
time: 2016-08-29 15:10:05.108594

Testing OpenPolicy2
Testing CreateSecret of torturesecret-32453894
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.120184
success: none keyexchange:no ntlm2:yes lm_key:yes
test: none keyexchange:no ntlm2:yes lm_key:yes
time: 2016-08-29 15:10:05.120235

Testing OpenPolicy2
Testing CreateSecret of torturesecret-157268836
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.132432
success: none keyexchange:no ntlm2:yes lm_key:yes
test: none keyexchange:no ntlm2:yes lm_key:no
time: 2016-08-29 15:10:05.132471

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1899989946
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.143482
success: none keyexchange:no ntlm2:yes lm_key:no
test: none keyexchange:no ntlm2:yes lm_key:no
time: 2016-08-29 15:10:05.143511

Testing OpenPolicy2
Testing CreateSecret of torturesecret-917994290
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.154568
success: none keyexchange:no ntlm2:yes lm_key:no
test: none keyexchange:no ntlm2:no lm_key:yes
time: 2016-08-29 15:10:05.154602

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1570710709
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.166834
success: none keyexchange:no ntlm2:no lm_key:yes
test: none keyexchange:no ntlm2:no lm_key:yes
time: 2016-08-29 15:10:05.166880

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1151138564
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.179294
success: none keyexchange:no ntlm2:no lm_key:yes
test: none keyexchange:no ntlm2:no lm_key:no
time: 2016-08-29 15:10:05.179335

Testing OpenPolicy2
Testing CreateSecret of torturesecret-787868027
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.191495
success: none keyexchange:no ntlm2:no lm_key:no
test: none keyexchange:no ntlm2:no lm_key:no
time: 2016-08-29 15:10:05.191532

Testing OpenPolicy2
Testing CreateSecret of torturesecret-1964127422
Testing SetSecret
Testing SetSecret with broken key
Testing QuerySecret
decrypted string 'abcdef12345699qwerty' of length 20
time: 2016-08-29 15:10:05.203748
success: none keyexchange:no ntlm2:no lm_key:no

 
> That is the only thing I would need beyond the re-read I've done to
> give a review.  (I have to ask because these things are really easy to
> break symmetrically).

Is that enough?


Cheers,


	-- andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list