From afac2ac20f2caf7216954ebcaefbf663130c2fa2 Mon Sep 17 00:00:00 2001
From: Julien Wallior <wallior@sig.com>
Date: Tue, 8 May 2018 14:46:35 -0400
Subject: [PATCH] Add krb unit test

---
 .../.stdout                                   |   1 +
 testing/btest/Traces/krb/smb2_krb.keytab      | Bin 0 -> 102 bytes
 testing/btest/Traces/krb/smb2_krb.pcap        | Bin 0 -> 44485 bytes
 .../scripts/base/protocols/krb/smb2_krb.test  |  19 ++++++++++++++++++
 4 files changed, 20 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.krb.smb2_krb/.stdout
 create mode 100644 testing/btest/Traces/krb/smb2_krb.keytab
 create mode 100755 testing/btest/Traces/krb/smb2_krb.pcap
 create mode 100644 testing/btest/scripts/base/protocols/krb/smb2_krb.test

diff --git a/testing/btest/Baseline/scripts.base.protocols.krb.smb2_krb/.stdout b/testing/btest/Baseline/scripts.base.protocols.krb.smb2_krb/.stdout
new file mode 100644
index 0000000000..cd2430defe
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.krb.smb2_krb/.stdout
@@ -0,0 +1 @@
+wallior@DS.SUSQ.COM
diff --git a/testing/btest/Traces/krb/smb2_krb.keytab b/testing/btest/Traces/krb/smb2_krb.keytab
new file mode 100644
index 0000000000000000000000000000000000000000..0f637c1ef07b1df7d1cd11de45d1054333a606e9
GIT binary patch
literal 102
zcmZQ&VqjoMU|?e4b_v!C4h;^}bN2UTV9CfYE@6-;$f(FkOiD`3u`n{!ODWbXE-fz9
zOU};)YGI7nZ!5;cAjF{Xq9ofgF)lmD+Ua=L(bl^++r8R3`l6o;C;Kiv5g>9|9;lcJ
E0A=tV-2eap

literal 0
HcmV?d00001

diff --git a/testing/btest/Traces/krb/smb2_krb.pcap b/testing/btest/Traces/krb/smb2_krb.pcap
new file mode 100755
index 0000000000000000000000000000000000000000..0f726f45d7b9d2e0c5d69a54c67ddcb1d57019f9
GIT binary patch
literal 44485
zcmd6Q2V51$^Y|V-P{D#7D^H_XLBNL31}gS~6)XWk5wQRwDq?$L*JvzJQDej!do*@q
z&{(3V6g#$95)Jl-B`Wxv*}Hk=c;$@W|M&Y}K6`U}x3@DpJ3BMm9v6@OyxNAT7=<F$
z7!x2d<LLE3*KrQ41>9pi<k9!Zwt=y(Tc74k%Fp~5s~3L8hfT0w|DA(F<^5ZWm;Uy~
zHsROIfLo=oB(05_ojT8$jmmDfU~8LS5L7l;q8pUh4Blg8EQkpW#d4uUC+5MJ5A(5a
z-vdj-QiWe{Yzxvf840D9jxHAC^nALmL;*|7nc%>hKsgxm&{sYDET?akjK0!PVywTD
zz~=sqG+@B8>?b;~OK^`dPgy6!Q?aadpG=nJEU;fwupGAHQ}<3SV(`wn`zZtzK7IO>
z%kSfujekpZXTKf+UAlEp`*-WorkigkwWqrWv+3yDxsz{aej5-GIWTI>NcEto7<E8Y
z%+T<ds8P`))pgxHLm*!#Pj|0C4-YT;#LL~2*>vuq?$}A~;qD2Kfe5viJI^8BHgDdX
zSJDA0*#PLkn1}t<lUE`8=Nyu;KNi@(*WanJ`uRkWRlkiX#L9w<V3e046iiOSQf6N<
zS&DOG^@~vairvly(tPla2Z0M6rIbKl_~MfdW6^`-hJ}QNh79xe^2G1*@sG7|72_JG
ztuvNxJkM#xS6bE|0qY-RZ(qw^u(PvC>fzBXsftHs`vNtmw@r9kOt7)xx6{R22gs!o
z5*pgrIIOMdQ9a4ET$RYE*x-R-gCZis1_nn&26t=SvYux{Z=dL4VId>Kf+NBsqhi8P
zsD2+?h^+x!81o3#cj0MVKs{wbwKqu9G|=CfeM;Gbbh5$5oZ`>;g{mZpmi~q8t_ri!
zad%{q&gGvM{k!Pw>T$KsY+IZ~S#4~bcn3`diY-XUYAzuMjoY?qU}nJW$|NB(q29Zz
z3zj5g4VREhCQDHuAxi6w65^ylLf)@R`JYG#a_Sp*fjzWiJjx}+?nZbzO311#V+pxk
zIY`s2iN6!e9k2!4&taP=AtGM{=0c4M?Jfpu5>f_qK5;dW^>m;D`X@Ma)%B7D2S1Ml
z2j3(Q4|l6QrJ}t-uUV7e;HXM)$Oom_8gwjyMJ5z@>5)+2X_BptV7D4Bh1cY>wPR{P
zzcwNN<dB5?6Fd^~j}>1RD(Bd$yL<PZ-MhNC?9yosP=U{FR#)?=T23_}V$jHP6%18@
zdu-T%!Jru2M~)gf!hJy0a44}3lvWGBDu&2x)+FSwpi0PJ=G)BdcOTNT+Z@kozv)e@
zmQ$B?I<s!)sTn^CCl7B7oVfm{jIgN-S8Iy}jjmWHw`r}gYFCc8e!bSY&XpeZPv3EP
zas2m!Z{F;v|2TB~G~4TS-tNpjrMfYt(4-U20b^foD;>Ic;QWbWF1+Z`A*KG=qFH_}
zZ22_DfFkSH9c<b7=$2;78oSIXGyB2dM87khIhsw2f^X02(mhI3eC~{%bA8&5_`2_q
zV{sl+ot&<1*xIOu_Hbv9^1ItNnd`E2m_xtA?+S-jo1ne$h@Jjj^ECEmz9Z*5O<OR|
z|IW!81&SVd-Ka*Xm&d+3(5iyV_UhN(IA5%^{HN}jp*E*;W19D#xM6zZ-7|vSiuH-p
z>`eW0Q+2<e-S$?<yjU;GJ!eetp-Uca{;R!{O9^XNEH2x9UjOB{BKLXJ-(#Eo?DCU_
zhYqN1HjE2$+S@sJUz7T&w`SC^y%CVLVvWP#@e?&&)+`!6dS(mnkoZIMrtCfw`=_Hz
z$biyrw};FvG`slDn7ZXNZ_Z5jUvp^N`pxf03{5*ypvshdYS)cd4iEnH?C6H9ZtH)1
zk&rVar`5d+i|PiHPfFW<aJ_n*%Y{k{&lf4brka0c_06W&TJN0M=d}0Rx$9CFJpJms
zJ-0glJ~z~@#rQf`@4o-5$FBN|r*s(gAh%)%Ve!PL6N{}XwL7rUh_;hoZit`o_*=hi
zhsw@a;yvrH828@){QAMB?(vGtm(95T?H`kVneRI#`*xwqH!iMkb}DJx(>L#W?K$4A
z@K;$~hTZx)MKdDAeLz6D-<Q9<+akGYo1?=*9=`kP=t|A1@E*@<cYB?$ZsLA#zqjLZ
zlJZTT=lyZH`_cH~0kw)xyxP*C*yBG7l+6F;@sJ*N_mAFbyf)=xZqzuxKAR`_-OLJ9
zr*vIW+G9)oCsphH5p(|ez__gb6|&!Sx!&)qxl@)VeDa=lz-fr@<ays5@gAQ#v0+@j
z?^}J_aMFr>tIB?Tyxp>XRfgR=Vb|@e>wX<Kyy`fqo!^|oL!Y^3R-WM4=D~pJ{Vv(G
z3msc?b<&wS!QZ_udAH=!_=@-ToO{$uUAElU&u`=&?QwL|2fr0vJNlmJl`r~bqk&uh
z_~7$<$HgsUzbQ1}kpF~I36HbqpI8(1tmUCBk6le~hkCoKidXyQ@ynFZ3LSpA>KeUe
zf3<s?R?NO~y=;}8y^5c!rs;U$$Fpna6uq=H>i0T(>b6={YTBqe0m8sf=MP5O#5BH{
zcy-D7f=5Q(EIXoCLwDQl>vlTajlFujeZ2-<3ZJ>~Y544G^R`q_&nxYrZuInMpM*tA
zO7;46N!R*W*{_CH=xtLzH8ZHAz3rxq-!4vUd3#Mrm;H{Po~)Y}vj6*WZCiFN{`1tF
zC-?0ho|$!W^0DCl_dH`>H#py|&&l!uuie_%?kv&j=Ap@df4iyuPkwhERhT%t&-fb2
z`!lEYEMBkdxbYR2bRS=S+{1Mlo6nbg{+sW(b`gIRz8+Spz_@Ewub#Q@k>syVt}y$L
ze&s6t?)O`(D}`7SkK?x!(^b`D-joWf`*vr^JDJZ0W!Ju0Zei?>9tFcjCrtk9_QyKe
zhw8k4SM}7%(48;7`lrkLi5>R0+?yQz{`*%Yqdc0Pon7icd(`|3LGxR%v}?Jg<&HIK
zf6*0g)+96F-erF$pNr^=VJXX?l)7L)Fy^rzRl_sTekA>1Y(MT@=Jvyx<$Ba&>{$Pj
z8wVb~^?UVw=fdXqXxA>{V4+LpHqTwx<9<-Wjplx9*$MBsS{-Iau($WKY8Uxt?DiKO
z8g)L=q}`tr+8^Ig?8Q8LTkoqQ_RUkp*6>;Jlh1|KnP;3jYZ{Dg)ik%}l=zhB`ZuD7
zpK#c>HDkl$@yRwj*Pm(o<WfMTf<8YLeHr&|*Q)2Uisws7ncH^MydkM~+ok)BC|<D0
zq++|)-<$T{tyWGPYdE`kaMrUYH(K=1-Z1IV`joz25er(sITK%R$G-F74fgjOR=Gp_
z6}`3}?9nXb{X<Qp+j<Ajsvi%vt~$8q*}{V-7byRvX_@ceXPkL8eEg<wD?Cq_S?cD>
zjF&ye4}Ru#@YRgNt9K3FS+VDq`;{844ZJxv=J@^{p%VsWeVY*Se(Td&Ssq^>N|-QY
z{Idcv&+}j3v0&gY!-p(85jVM8pGMt$tIgXPUiWx2Ro8X7zw}!0@<VK$zgzr#qle>)
zx{IznyYXzEUBP<|r(HaFC~4d4dT(8uUVL~Zan06NRn^+Xr_{~=e6jU(c*n|PSG+uA
zuX(Y~xlK^j(hIwMdcVHGQ~T}-`G3+D8M-`Ub&YO*?!G@w?0dQHl8nhUF7$G_Ga~w@
zwXLhJb!l;IZPwLN`SW|NJ6B@KFWDUqWG!qT)Am-@<?_p3CuT0{ynn~}9#t<)Z?lJW
z9J?TDl>6_jR?3?fzZMzbGI!n&ngvnu6^|Y8oqtCdTR*MM=(g4O{Tdn<<ax4v(WY~z
z|2=o+&6D5Xe;D{Wb!zp(2fua-9#QJZzSK|c!wUbnk_Bw)Y&$J-_*cR1qcU1X74sid
zdrYsU`S!Ic>wfy<gnt$kZoj>wPxpBv_7>mzq~`FT4^EA;96CI$`sawU=gxN=vE-*!
zC#&`@{kF`}V|8K|KDm|V@bJ#a?6*y4_bOE)_KzYTYfm`y%Ybn+hpOW4F8=e<)>Fg2
zJF_I_@3=vQj?|p|sb_ka-@x}7wws?ux3HPmu%COt$6w}-c<Q(8{q;$q%V(v!?a7GW
za`x?V)_uXZs~u-LmFk}8?Onso`I247A7dWX8d2nAjHcYsiqSJFy!iIo93PjonXO%#
zmTm8M+T~V_2aBHVf1Ifj%B<1ux0_gMZ`SvbO$XolUS0aihd!g6y7maam$~i!&u&qN
zFPt0uSKsJbYwr|`FIvdO-mhox@;2>TveJ#7)e4xb8sf5h(sbLSMXNeK39~6vw$DF8
z>HO0M?)9h|<W?x;;;JSA@t3Dp*)-%;gnM?gB@LT)sP#kG1J}FJyKdN||FP(Bh08Y^
zrIflC(!)8pQ=^$_PwRX;{<}fb?sTq`sDAuS-_pg`B?#R-5`@m&eOZ$r_^A>E-{*6F
zw?ErEd$E6yE|ELG+0nCa=$bRjd>4QBecJ`6IvkGaexXi-F5bygy45JNJJO?0p&G8a
zYr=$2<!+9<y0n68nXrErU7T?B?+4w6t}M%ncT4!K-m1A{dzM`}cKg=(=T2@)o!{~6
z30tmK^1fPS$dQ?@8_QHHG-1%tV;X<QiEXRg_PXetcJI?M^=NOK-D5Xb+P`>{%f<4^
zyDODj(DvPmKZo=#8NAbNRMjKBqM!5*jc@*BL*pX-rk&U{&{rt(gKwAqE&dqm`%C1p
zPK7_LTXnk5@P<nV?#OBM_S)8%mm8hR&psC;%*?;*-O^LqSugv)efD&!cZ$RL<VRcV
z3)QSUw9X0}k1Fezx1V0?*AeBW_ODQ;>Xb|MhSg{j@-b(8YW0+g!%AF!Q~ctC+XK2Z
zxxZ@K+o#uV*AKJ58?&dif9IRsOS;d?j6T@sedYRIQ_HkpX^Sd!jb%l=jw|AQ#)B19
z#1Aj{JGGukiny_diZuow8e^V8v0L(bKIGYHvJ~gmGha->uLMEv$QQuJ5af=0dU)9j
z`27CS;v;XT^lx*kjiz~SHTOi!-<BO<t0(XEn7k{=)<Iya9SywoHIsi(O<vJ|a-xAB
zZo{G`&-9o)O?0!tF)p%Ztj8Ep&Z1S3kB7eudD%k~&~9+opI1~nW!w9Cx86T3K7OeZ
z8`f@E-)YAWPH25|*^&4^x-1_0<n8(%ol73}a_-vU%06~vp;yO`K6V{9J#}e)_juQ!
z!fRe0cY9i)aQll%Ge!s3^^aKis%L78qD_*V7EkLF^z=oG55IKt<d(6nifx68V3gZ5
z_CxpuK5DLPY||cI2+}n7g;8_PtVH;Xu^2;E+Umx?jM?(njM12gSSdZ$0g;t8SwHxT
zW`kKA8^%IdDEx)Moj3Dhp73TE8^uPlSQf*=xIIn;+AUc14P2P^7>hx3-^_qV?F@zK
z2aSr&21+o>g^7(%{*jl`-()EuOwVEB4T8U%16(rUg&_yt9BcijISx1(aP5=e!t3|3
zv5FOgf-uV4Mo@)c#I{-Yi*egLY6oqz7~AG%b52>NA!T+3SZEp&+r|=Qji4Cn61+s|
zqGe9}4(EWdwrYrR5Va5kAu{I6Izp@tcTNnkIrA@CwT<kGZ{@)m9#B4f*D20-0Oc`!
z-nDhaKzxqU+oGe2)db`i<!vXFPu_@aH~X-x?G|SSJg(~R+_A|EK6}WX%Q?gggYuMe
zs5j)rZ+z|@Z+kO3RUr5{?dF9gFdIe?vKR%Ce~eWTZdSz?^N*)hMu?pXIjDw6HO~+C
zh8#f|!9efTa8I1k!aauk_>qZ#oNMT>VjJNdM!9UU<>8ljzpr8}TaT*-X?$jZY<;XQ
z>dHt%&KdT5aFBUW*6&@d^!s+qpS5IFc#F^PYO%L&;=MJ<xW#>DL5nZN7Pr=04e9o|
zGHs#x-m32rn_vzIIohhbiX}s>G3Mduj_}KzqlIJ~T?!n%i5y+Hoil8zAx8~+t37`$
zYEny-nd_~qgkrn|>aD;h=&c2%QW@yg7&aQNquBsno1uX!hN?|eZ?eUM<H?&jpG(U4
zd^0oPiHpB;*XJ+F@`4lPwV|G+v^LbUbYv>L(MtIav@Fj%S*x{KzZias?RBfS%F=xC
z72aOejoa&qOOVEQEVS2$II;6e^TlGl40X6TGj6@TYB0eLHQ!)E^59-hIZ|AxkBTja
zcNpc`j(wB7g||sZ<2Laf3vDt7+vNFO{#k#+HbIK1O_Wkx0GuAAm@9K$q<Fz{Fe0U=
z`l?uaNMMxr1))iJCbwLZWW1dNyv4roVcAG5QE)P(w1AFI&};Y_0%{jaeZdoai6ov=
zyvTWK@QUBsF-Kc$)+C77zxO-s=dCQ-aDkob;?*I#)CHkfT%R_FBk#<_=c=z~&VE!r
zrRb`x{H&H!+y3|+^3+t`x^^Q*987N5Zc3Rw*PnfVwgGYrR|`z#tzCZKuwscme&jz8
zXC3=l)PGxja8;?VOa`D|K3(PS9I(!m{zJ}U=@^u9wkYIH!Vjc?Z9esD6~ifVjPf>T
zE5ony{#3!Z&7ZCc(zNjOhef@0M|n{r4BI@vjxNSTgQKL){q=?$inP||TwF7N^fbtf
zF;B-jlDv&GwUjYaTX<#$JS%}reNl>k_MMz`VyaToi-MVJ#fuUzcB~*5M|?)&_`Ew~
zg;+oTcK&|-M#hXDIT~Cf!edGlv0*}jRjd?b!YFSTA%FNa-WhiqH_WpV&@d_3Fq4XN
zYHk?T&QXUG7DOb9t#w8;Or?($&C?)p@SOW|0P&s&@Vuy2V3Ii(Fb{H}BhP^S(grvo
z288B@4VZ&e8$!cD1inK&$ff4}_0G0j1_V{|c9enH=VUUF0y2>8@BDS(i#}KuGjg_(
zOH>P`T*6gVQ(TJX#bYgvO@$q^;oL#<f!qP%=K=Am;7NY|l!2kQvB(8W9Kr&TLw7?|
zY$4oZl*<vD8h)L3@Om;i$_~=BTn|e9lOt9Q{8~dfve)s4F-QK|dI#sG2lC20Hd0tG
zRK@nfJB;!+WE+!z@<HWT+qex|uFnj3?vHKw9Lx!X@p1~O4V6-eJ0$*Xz*^kfsA4gI
z6r-Ha!octwyuWrg=JRv^AWbV6)Ue!uNW?988`gpx$xL`dF5kZ$_Dz=TK1vL71|#-c
zEyO^GKsR?JtHT`)PO!KBr-pro^(q3`K~?ZTy1-h!)Q}q^>=H2wrQsO{YyscR7KfEP
zP>yEHW~o|L%?x<)jlc7Ng4TwWN?U-OUm8vlq~Rn%k#7AJxs4&nt7k)mBX7mOK$r*-
zTSyI&S_TdNe{xtEvt7leK$#fx^uSTcJ9!WM+PDY$l_AbOKf^z3C$=#teh@BfV{(G1
zjR~3?o{`0^gpC>hlgiS@rJG!B%`@&!FTM%V_zi+p|C|`HCO{XKH6lgD`T$WF^K{LQ
z;eYV18DX+4n30*y9R)#cD8ke=vEqe!?L`%6Wkv=!<KzjmSTX*Lx+a>;I97_y2Z(VX
z%$tp5LtzFj3Ji%mi(ruu*%!~yI71mEP;jf8hroM!u7>+=BRX==o{f7`I_ce~PmP_x
zzkoo-2k$W;r>mc~C`dnZLFy+Hq(PYhFL(Gm4?bcnNCK<J*b(G3M+X>`a+(B5)Cy-+
z%nM4un5Xfpgx}(gKi|0VU+w@w+68(!=hP@(w|C|mzX*T*?;BsPm(@^S97L@Inbi3I
zNxiIwvZ+yb9NEjTQ8gACH6m5TUcxsR^Js^^l6P^v`dHSeyD|e_ZS{AKjD4ZupY4}(
zkQ!Af2Ya(mTo6c~5+r>}kYh8rkY2sC=~x0jZo6^e9fYV?)p!Ge#NCu$MX?S`S1}b3
zj8QH_>`nM>E<?W>%h0Q>L7LW4AVVLA!dDPZ8*-qqB-DdBcK)6Zj4dgUN~|i+D6dI>
zhH6D%HCd-V^Fiy%@sO=8Dx&!!JX$EDChu3lS5&NGHINE-EY^6c$^Eb7-6$3P9vMqT
z>!{3t?0A3Y*y=8g@hf*Dsle`ytQrg@Qma|>3vgPaEaZ>I;vkSz5G1J}DCW{%5sxXQ
ztj{6dX{86evT#rMwC_eVJnEY!=-}O~*7sYT7qk+TKGOljNA00|XyOKGvH@{)hd&Ic
z6EI9oD(+V!Bvl}IZt&~T%^su+1jStXE8?S3jQ(lfJF=Gpzz+-obAxh;f$(a3mtXI8
zFI8ZplQZvOeWf(P#>+#+4<yd0A%(cDg{@MC!K@)H7I{EzL%D&QNgrmlXg%jmnsDVv
z@`S=i(*-7_3C=A^8AWVbNLHjr7GT!ohrAhv!^m;~3x;b1z%VeaBjM@}#x@S3zWyBw
z-B{RSXsSTaZ)nq9_2;Au1m&oZn!@sjCep1d-{;LUhA){R6;aRvqW<UED|d|kXLY*1
z{!*Gr(6b3m%IfQ1!UP`qqX$y`aZxS=T#Vto*3ob`h-ZzKK3IR)wG%Fmn1k|iweUbm
ze_}UkbFCO66+rk7x7;yx)QnVt;E`To?=#P)3Iyf&u-4E`tOh~CHyHSfb=68=OlsdN
zpCj;>px3N}hfYJ9puAwjr-Z*1)eS4)x3SQo(UR-t1`DF@5HTe2D`R&qjCg%=%Q=DI
z>UTNyQz1>Tf5$W_X9kB_xQZo6kIewV^(Wp8W4JsGhyEM|GLDk%1-;A@7GOPCeSk<&
zEJ#2Mz)%*iE1UYg&EnmK9&Jt)%)y@Zi2&q`Xi=5Oea^|Ty#2>Oe;Wq4<2j%7diBlM
zQ%gPuyacQDb<<#)AYmn_R1WUVUhRzE420eu0g^!Vv}@aD?h`1V;GhP%iEkiHknj*h
zd`k3cu0cJA1D_+M0<;ob{cPeYhb^gsIoQu#$|z}5H6;0XgdUrL2c_rHu=qX<{z9OY
zaS7fXq;V{~qk6j(8?z1Z6Wsgf)IyGsCMYjnX}xDo2;lBU1aKNH$^faL=Tu;PhX)rI
zfjuz;+qR-!jTl9Jm_XlJfc5T(ay5vJVQ#Se7zG@U1i2powGU)<;TdYYVF0~A>wCgq
zFz*Q-aCKvy;0w%!{lXX0fsk$iIea1Q2G{y<Z4F<C0slgw>?kPJ4f4CgP{kcez(2BJ
zB9X*rRg+U;f9y;Z2!2d$vw|h33k2m=!dffoM-8R=;sy(BV;n4whHnY)=8PjV-T_{7
z&=g*g<MKDg>AEeBmBA-^yofzSkN5F~8IOJjyb^4+qu@+T6LdL9UXZ?hmDIO>ad)oQ
z!U0z_U>7%;z~ECNZ|bfO6I!247YN?1IH38uAI}Q}FLtAPh<LHEvh>ITd?DFOY+cbm
z3I?4T!RwC}8~YRnEx*DZr*4ar?JlGW1V6ei<!OS<DT3=i(0Cl;cS`KaIma0s!vK&y
zlw^01)rP<YZ;(O^)b7ok9Dm%HnJN(c>49s^CP)+HnGG(;4JG=l@V<23F@0GNzD=aN
zR7SJ}w+|X}!|PS5K+rXJ+bv8JG(gF35ifZ#@^^;mVAsW*PZ3btcz7{idf8*(<6`AL
zqzVKdoco8T31+)eDTqmIpX&6;0vym&#3#3(ZZHO`4w8p@tp>EdJ7|L_7Otab;m`X^
zXWOO;1h-v#whPk)<tULVCG-rG=xGU3hx%(IP!Pp>f|iTmav=H^sEJSmdFbSzR^R5A
zkCaLi2o8HIrU{y&M@c_yk-LJohq!(d4KzdnNA&%W9caCOXduXcc4GgP71IPt>!1uV
z@<EB;-o9uK$2$`IRMhKe)o^+Y^{^+@ygskJ-jC2aovpt8FpO6u7(2dZ(c5Fw1%fg%
zxRq5Rk5i=&aY_!y2_%niU#(9)ax+~Zm>g7kW6u0@0zp&wD$5_5NEfZVxi~(K1nrLg
zs~g``7Y2NH1KU#%>fH$9Af5lFmC8tpoA5MoK$<|%Co!u_hcRgaK`EOKU^_VLQs!??
ztW|S891XO@0A777phxM!XIJ>wiyc>;Xp|;Yeb=VLCZK~!X&scIK>W33&rBsR`)}iF
zTeS0DQ1^O()f>2BXy5C?Gqmzv+)iLQq#qj;NG$C+EKMMIDP=296WrsSB%$5Gp&G78
zo3-%#cyZ1b9K}X){UDBK#Znk^%l)-&^6)f)VB7i~+hLlZ<|r3$KqF$)!d(k%Na6iG
zyV4vl_6y`dG+>Y6y+ZW&(ev>DuOIaUdO98;FK)m!<XAn>sqUaxVnMQoNw~CxvtAL~
zzi_<Y`N*(aKqr&Z1TWC^odLbY=vxc$Z;4*Lf9MWA+91%RV$e!(waeU9XP%`C1dBSU
zR_|SMULd%m8?7?v`K3gDKT3XiEMUb^?<lA{POe8o8a)fbKcQq+uamFR1%k;t#WX?h
zoMsZGJ{;nAO6+*AAB*z#GPL73Dr*Q41Ig*UWfwa~|8q_t`2N$$DxGrA2?Tj&g9~y&
zi5*YHMP>-%w%j2gEn*<NTCZ}&cYxhuU3{i>N`Us4(gdFjx*~mXn?p5RmDr8n)`@xp
z_2x*hUO4g$gKuZ@QW(2&{hlfZ@R@@hIMtY0-`;BJTT8$;sG8J2hC|N`0Xf6Do>*vc
zQR;9MjFPZJD&&)@bBUy>X#&AQp)n;fO>ovFUL54s)6v2b0n)o5$J!DdmilQ!=#`$l
zhobJneu{k-$0hQ9O6@hJf4ed2<TQccj)3x`w?mqsoHV4GRy5`B4AV;oROa;J%v311
zJt6#cw3KOWQP(Za&!h<ib4xepX@Yh?()zoePr4>FL?pZ4bo~a$I}q>=f<LNf%>oN&
zxm-^Z%)zCBRFH^I4M`>aVT*(>1UMW8+5l}j1}(qBdWrqjoj05^1cC=Hr=??>pp;Dq
z5W5mR=(c(cU#&uYjh=+)#h@k-1J(QC{1O%H(lP{sv-dSyG%GzrAh@=zxCqNw2LDhC
zS0(jcxY?T<oUtHhq9-fjO%efHw{mw{Md6%a4)!2(CG`U}eCI8FYY9yGOSD&cN9e)O
zFQdR}qh1&Q5*G|wVg%f~gT5FH*I4Mg@j8Diqha-x4Tq!)1UI?Xxc3Os1m!efyHu7x
zG?8|TxWxUfSdjWqu#h-gAX-xNGwMN4Yyeb_gg-GvOK|hW^Y<qGnl2E0G2``uX^<ue
z5+xZ75o+N(CH*0y%L5gnAU`V+6A-i!Q5TBAJhb!Ihxz<Cr3tPL7V{bEDJA~ZQ)#^0
z4LCmn`hz&i7zkVtH381)#K2SZy|GQi*>Zh<X*{X%hbG&=|2G3$@!pNJVT*|0Dd{f_
zjOII{p-oUOVxjMdVZH=ez0*;DfgNcvwra<#Q_yb_(>h4`B#2a0mpwC;bnLg6_gBl~
zum(UCj>A0JZ7Sr}``PI;fDSWo<4{_(*7F1Bajb<(Qz~&zDx2>T{b9T+o9{w@k!H6%
zrC#92Iz!DwuU0?qaY~GB=nD3R;H>ijZ0)f$fuOt|O8LFJPgPz&%lt<FRpdA6%e}ts
z|7ubpT_ETk-+`wInxaREJuLF1a5?-IeZ)B3Y@6O+o7>ad{%u6MKyc8Kx;GktJ|bue
zuM)qh==gB%=%Q8}3H@;x$UN#El6P%0JFhdbsRF^@Smjy=N2dz}P2sH~e`qQlzk%yP
zw8MDVU=+7fIJR)(e>kU&{SQZh7^0;zwA~-{{u=5X+c)9phWK=W(gdY!I)L(^WZWGw
zr!6;Yc%%$5YNZlpIi&D;KY}YOUE^tjQZ^kxT~kVzGJo?-H}5xy`vsBE=2%~xS4O{;
z<Zaru_Mriw@65qNGCQe-Z<VxreVx7=3wTk}qU7o8y)HN?x%r@Uf#Af)87J~BI42N<
ztVRL(>}>SJbi!?}$Y<2{k<jXKk|sbcfNMxIrO)P$F7kNrV32nSI&CO8t^>$FL3!zj
zUoC%VBJDIyl=p!!vl<Dt#?{%OzyUWdYuExvmww(&TP%CbsU(npyWG3CV17rJmYyG|
z93f#r?uq=<O$|zKOo7(ZTJe5|b1vdK3VJ7TU<YwsBLe&rlzj3^^zzTDtU3S6aNSl)
z({twvBoN3Ekta&z|Gp%T;<~k7{`wrs_iGuL2PH`Jp#<f1L#!fZ`5WW(cxm2MJ`YO%
z$I{nJ8{<3*!ITNhuGWP#!QB^<qyl$vsD`VD^u!W)A<d(-VC`5J)*bjAz<Pmai7Pb0
zF!S6QuHsA+T3H+yVb0DveZVgM>EU3XCRA&d?uYX$lqUH8Jz*EQpoXLpeejo=c@~^G
zz_}B#mav;PZb28sOYrC1{{EOISfl_sKq7uEeA@z|wQ%1IesNyM6RfrQc^;hYF*km!
zoWJ&;Ye%FB=HM=!bEc<P$@pT;vFf~{(V(|*ggscQAn{2%yu|l>enEn9o0@FIG{Ley
z#1TE-R`kdMJZf^D!40UOk-r<)AgD?3urjXcp-uCE85s2Kk&`sHk7$x4T=yI9@%R?j
z=LueUA5j<61l^jaNjWn()WX$EdSVeMT(3t-M~YGB7_QeN9t?|q$t=?KmvaKaJ^R+~
z#xy}Om;Q=eRbmfpboAk>xi|(8$EuBh5>K5S-1DK?l6&*c3k18idG9uN>3M;m9<z9d
z_?5`foy$G=Fli*zeK^!SL@G!t!Ii<~eiRm*7tBHC;U?wu;1Iu4GEWyJ%|`3z>2MaN
z5lD!>94yeWS)=a70KX}SI|xf$wYZ)64&Tl^+js|Ic6^W~^cDUNV>dg*fdR{!V7aWj
zysTMy%Ze?6W%)ed1xaQ3UAK5T<WF8!?Yw1;s)eUR{`!-b6==BQ(C~B!DGh78_(%ff
zI~%dKzX64N0S!j^K0`Pi@~aP?4ykCo&u~;N*k^bd_ZeC{9io)NFFhUdw2{4~W2=90
zK9`g68GeLl)E4Bk*JWOLv&UAsiw;?k&z6o>nme{?bff|j$af!&y`?h&$(-;0GQMxg
z40zpw^WEr7fWY9_4v!cfTUAOijf%P8&uMItiT5}Y%NjHBbqiqPJ78k2r?|domWiYe
z{*z4H1r$$#hQXLect<54=1lA&W8ynt;&vrWR7$ZC6EDJ!!3-b<W1hXtN5k(U6W2YG
zF>!m4X0#tNv9DOx62l&Ec&?DPV_IWkBf##=ism`b69>=5cGCN{@QCjVM(D^i@UsIw
zB;U0Yj0jqTJq!cy5XWUGw?b2kEI-0o-r1Ptqx~`i-n8|19(zN61mSy-Tf-B9O6zCD
z@(Aw&md>*L&E<BgG0Wey1(q+wU$AVl94n3it2b-1qouPfS-kmzO_l}C7s<U7^JiJe
z1-7QJq4`XnWifr6!I@7}%!eA7TQ0__H`;{n1oxkN><kSEeGj+R&$68Ht%k=Q0xTSR
zc$wg6=~qgALqVFoK_*BGGXvfZ^LL)$YVA0gQclyc2U@@<NDKG`vDStGxrkxg^b!vd
z9-8*UbA*Wy10kv*635W9QhJ>1gtYK)=~qhjPIa_&T;c(j(cQ)}`gT~5X3TU@F*%n`
z0y!3rOVE)&Ycfj5CFC4XdRzi!3d5J+(ZcuQaf!Vz99cKm5{Xf635vE#K8n&5Kfzd<
z#!Sx)c&G7qn&2v|z^}?0ok7FtBb-FYfQ@)cd4k6!rbGT{EDi!m6G4(Df?_WH6{U&>
zuKK5W??_7ArB{THj%5&}V;KbHB_TeQ{Go}oR(d8sF2VNgdfe)1s&4xWr3nf;#~Lw-
z(?ZBsYvFgP7qo=Q34hj`Pd&7OkF@mRZ&kaDDWl(Z!=yC9&iN>#9xrJGdSeQnl<;<f
z0nkt|dxKyQD{kw?VUdB!v{LVE8VyN?R14oKnf^W{;qL}NZ|@5~d(a7g<{pBUU*Te<
z-uo$^gjWq|@?vzaOx&bMctc<+5+`59LA<ymh}pIDP4f4zvpXB`T}m?v-q6jl>G@9m
zoQg07PfPf57#PX99uAb?WV}1H1a2G<1N9?<A?>4CkwIw!L3!Cog^ncoOM`T!gWILy
zZwz45Z<k;(f1md6n<m^YF_CZcqBOx{y2ADK<@=@#$~JX-MyjveUL(ix8Pb3uP6SNb
zspAvuXG9032}(!cAh$?|8t#+~`_D>r;KD;BNO+ipPlxv$D;3r*P3Yfg60g5jN)wc_
z>i}X`BIgx~KI9`q+)j;4U9@puhxdAC&UYPNDXo>D4xx0T6mN>Ot<6x*u!v|XFuC&Y
z*xpGG#QHKRt%H<Lf{0g%{`^X+?{Jvj$1sy$;o`S9h2!g!Aj+4NrstH6AmS@e2@5bo
zsweel#EWh`ZpXp?gqvJ3X!#Z3<i{sD9ZhD4?JT9~`37Arkpl5MC3+=Ir&k7m9*yGI
z@i+?cLCZ^ni}SQoyq{%?_$f{Bfr);mM4zXd&?`7aE1vQ;sJ|pvw<Y`}X9NeQ5~2F~
zE5V;3;m>PNaCt?KpY#dgr!>KR3#d1X_|@<&O|1}Rrr<df^%wQ3m|H7-)ITom1#V*{
z7<~D1Hl_(~nnR`Q>#wB!&zrz+IPFXQeO0$v9G^M3dWNk;fWH1p{D?~uesMw-EgK%w
z()T}?;9odig16Qk=4pZni;e58hNKexe$iyT#mVqk(6zX<jDhNZYjBE)*9=TD;m?Si
z5X&)ly=jsT{3TH_xY(T*>u&~<-%EBy3!f>$drQJA))=>bx<RkgPh;P@dPc0T1Z(Z8
z@!+2@*hViwi98)ZS*ISLduZZDBiV6xzI6b%K#D;t!2;RO7Ciwx1Pg_|<Y|I$N92_=
zC30RUxCD3GaT8xKV8zXkxS1yuHdkTL@+*uZ;#MRbfPO`=%B+SvFilX(rUUq$5<TN2
z;m7T!c-&UB=lY(OD3!P=zB=bKLE<+-=7=L64ElavTYO;gYA4~xZA)VSKOP)F8xsS3
zz<W7Qa1$T~lEahXZu7BS%)wIo3B8^!C309?qD!uSwNi1rnjYlsPcZwcm?o&MlNYa&
z_P8L)Kl;&Fd$N8*!SZ0usXY?Hj&b}1j|s<lnqY?L{=*mgde<b9EWpbW{^6i&a4QQg
z?~5Br#EpL=feN$(cqALQJ<#@KtyHG!2ayhfewq`UE`rtf5OO_TO89a`qH7G`jsUvC
zfH&gdNn^g`FLILOBRFsWX`UwNy*aO(D&b3}gkSD=2ZM&fML!(nVT+;Un&QjsHm5ip
z1Pf|Yc$#3w?Yw+ZqCc)mbm=vRAy@SJ<IJBTeu9LTpwErG_?7qx*Ye;;&83$MoEbd<
zGc3(u-W8*KhNXZ<@(G+_NtkCm!!mOXpJ9Rdx__qYr9QpK8O}9=3u~nEG{O0e^0uxA
zRm=jsZnkyN-yaTtILZ<G0`>_UYhoR>Qkh-np5=59yl_IKi(vj=3AtYCm9*{+i7rE_
zH{>tjCp-ju=B9Ca2nHVbcliI1@Z)$Ie~iGm&*`PBT&oKlAHjaN#WcYq$$9ZBkuIjQ
z4us#Z_Ims)$6w_53I5@HiKhuho3H}TM3Mz4NceG!1j+$QfFTd&OWzV6f_G<K;rI#q
z+tJ*dzWs4#-CD4b@aNS!;&wy1F4jr~y6h3_Pq2U2%bXs9)ejM7Jv~aau&qgc=-Y%w
zr(d~da(w1s*@|`&0ebvOyknJwU-Zi5T)`P1F~mvmWv4rw4s%e-rUOd7#ghkq=CeNN
zC!yyi_ZAzUz0dIyY~J(%PZJE${SK{Ie>G5`L?75o^%uQGeXqn8z@X(<#&VOgI6i_l
z#UAlA!FS@`ImoTYucZC+nZYmG9R29%w^0u{K7v!*KjvwI*G%A7(*F64@SEzDA_IsI
zEw_vHCfLU1DW`*A*Vw#XyAnPWFrq_ld-d&LKjjI>NAOgDIEo<n!UP|b=p_du{KkAh
zS)lq89)fdfzu@!`>|+AIlKMLu;g?${ef?>)MDXk>5kJ9mb@TFHN&O3&#ZQtb%0b*3
zPd;iP*mz7`o+kL$@VxkGky|Xm^tG^r-~6aW?2)t>50g;Z!mvI=T94{zZ3RoWSS^u(
z-qiJ1j+WM}AM!Qp$;NAV?=(T0dA)FxQRTZ-BP{D=wxgw=pnb&4lKs~LENj7LTn{WU
znwMpElMyUu@nEf%#0~j+AX4b|+R@S`qm$@6&M9H+J1*D^zT*;H>$SGYNGXL)q?-I2
zfVFT@6=d<?nqri1?GT2AKj!PMjb&}NBuKNcCh+-V5_gpZACe}d!ti%4Npo7`bED7N
z8_<AnnVk=~<aSp4Ndphq?qPYB7(E<X$woW#|9tO2Ku&GkJJ8$0-T^<mf|m9UoI-h;
zy~<dg7S_xR_~)9Ey#q>Hg7yy3Y<<#a%;EzhS#Ph@g9zV`%;7)Rmk9TP5Y-Tg<LIC$
z-8(?D{+9L*l+Rbt(%yk5T!wcT%kV$ff;5XNf((Dy9suN6*gL?_?mz}>GE931<Q!1C
zcYxMFz66gJ=oI%3G|XR+IjCTU5u$u#Yx^-d1*K_5vavKRs+bw@ej`d#b~pUWHp8%A
z<J>eT38n?Zq?9MPcfcF+M`Ljq{>9o5jZee^OkYV#+@;rqkJeNP(jEnZ^3qTjaE8fW
z$kHdI(Py5$1Jc^6uGdIuTJyN!O9de&(Hjx(=(%ZlPFnjyzZ#ELia%d6Qa9Jg9(5Pj
zx~R8GX?k9NDa|y09^Ug3Uh#M{{xBFGf7kz143&TTjkMM$!&_-NEpmMx-U||5ocqPK
zJ#j|Q0IwuRI=r$q#t+~9yZT-<Szk|mqmcYcYl<Y#1P6sv*3YZ&C6o2_)cq{0+)Goc
zD@=K5j|vpD<XJuCo>e7dZTWs<kY>qCfA|sS{Nk#OS<j09f*~-$nieC^O0F%@C-HYE
zXvwoW%{{B4#=2|C%glfeDkYwkQVPG+vszlPAR7V-6Js9Fs$cjsZk5^^^ZA1+NV7Bs
z`P^zMN|NAVsDTYVD;f(}<MZcvR<0}wu+E2Q-m@~?XAt{e|3&fszGE7pC)LM-C$+1P
zMNjGs_oTizmY=0DnE@ZYm3UH0IZvJxt+#*9z7J>s7B@Nh4Z;C4r*uL1rJfY+6S3q;
zZ7gEZlX}i&cAK%xe)JB~Bn|>k>eH$=NT>N9trq`}ops$no|K#eN<AqxC*#ZTXrT<z
zld4j*AWMMZF-Ey3Wfz-#7Nu!=OJiwDgx{ynu}5ioeHy>AYirn#$&-2qu7*;cpeMB*
z@<(HF5dMu+De<I8O8!@#6xEM*CsD7Vv<`}F&|T5qD)HP>CC`m^>wF15@@;fPn7C;q
zt={8!G!EWtDbMl}ho4M1t=omhq%^_$>nJ1EOdLOv&7?P`;AzQ|Fx1lSu=i2)8AmF{
z?<UTm017>RCG)^%Oyb9%9|+~-YKdqo^)Hprc>W8&<C6{ay%~5`!jCJ&!@+mNJxTgK
zp9cIVPmXrQ$vnuSRS3c7)jw6jk9hS5Mcv?jFfR~gfCnr1?Q2m+J$}?1)<T+uA6JC%
zr)I<>@A|JuZ_sW)N)z;HMtMIEZ@PpRcR%6}qT!lUG!#X8Pwv60B{bIj7gHW=i{chN
z*caS`t!Qkea_oaND}P4M>O*~w+N=j#Ng-v_8|79CJ=i3ma4(dDQEoHf0AeclU<(`D
zjFmrw%?MTE!78QjOFh`0WeZyR_f#*rH_%kZ=g=U{4_?UU!1Gvl)Bm0d-&Dp61ZxuT
zc^<4g|3A0$p<HDitT<B`2e#wCJtz45+PKQrJlU9X7CqTC?#V7QmZKlMG6QmdP~yod
zZ2|IR$@YGZO~w|k)k%|!u=kJN4-h6o41}nL_;2O}$);NJWUE!M=*hm~vb)(>c5{CS
z(yVetPxh*)cFg|!m9Kzu4Ax|qJXtvhlzOscguVoi7U&c`*(1P{pJ6nLQLdGQb;;>m
znw*TKX_aecz$fu^+I##;h$D@TDe`3Ds4i2=6ZB+nz_(}}c#!s^e~wfs@nlI#$de^>
zWa$VWr3q3#f=+OwqJ#yg_nbwH#3#AsQ`)AcET6ZFMa!4XEuZX2_$N3em$U|?I;XTa
z({0xBRh4RIP1?xv$)y@C-(sN9g5}HLme0{x#*$!1)u&TRET2*eztr+YSF&jNUUTiC
zG1eZRP6cUJS4KYH<G!1D%jc?)&!1=cYJaxn!!gkR!tyzJ<fyG#zHcg9w0!5du3BO&
zN2@Dm1`2!*(Ar5_r7iHKmhZTK>vP!HiS>q!=MXMmV)<zFYRU4cs#vsqZ@BFKXe7J9
zwII!!QXsn@SDr#T&ClUf<FA!lJ~;=JT0Zo~Fj&(?WMNI=(Zctl<y#6ov0(Ymb7?AM
zEKO@lfi#`xev}o<r<5oEEz3tz^8cIVQ`)AcET4y~Ma%b=TRvx*RG$yhtX+s>k+)!k
zA(*v%HTY}m(ngj~E^TP}z5xm?SiTF~^5r*{v9${`18v-uSU#l`eyQafS>58Q#XGJ&
znj7=k#yv>0t{C$9Y*%EY`BjUW3i<qbmQTs5h2g2pe*g8cp3{-`Us<zwb81+$co(^j
zT4XFg>xyLt+VVLAYZgx_=gH#HX;__?tl*R^Hg37?!#5zDdm!Qp!bFH)V)5uyttE?B
ztCmHJ_YarZb;dGl3-c7~VTPW4+TIQ6G;i@}B2K9#l5;?*#iKJxUxG&q6%j3-U+scS
z1H%@K^0A((cJd{ZrWpyw(zM<_Gf?G$+9*2#zf$RD?=VGUy&W(ytCS~b@j@X#jrIPG
zR4Ezjk(7|dBYd>)gCOnuAc*xc3`)m(CuI9Sv{E6~>bF{l3^9qb(Mo2uD@tdr@su;3
zE5|cfhCjU?CzWdre?e#qG3fDQyIKn_I{bLP1b1Z^pE<RLce4(G9<N&W%>0d7!YiN4
z6VE#9=hx>;MOdR_unv`;4jPZ^UYWS5WR?zbWdkW04K0HwtPF!SdKT-1Tck$~A3GQp
zVCKHEL=T>c#NYBDtmft%l<F2!p4U4!i=Nke?s=6o)~+g#Ak8KR(5@fi#c3h4o)`V7
zh&8R}EOA1vUD5OE>2A^Uy39Q<J7Zn9$pLiTH%dG&r4)Xt=jB|lAPa?gG>m!ni}VQp
zz^zy-8K2?5*KeAQp4ao6$RMFQNdTq{_luBbw8rPp^Sml@`;NU&-b3{}adDO*^uO+L
z(SM$|v`?f#eTyE~74C7(m&wiS%s{*Sd{h{NJZ8`39EaxPK`F<{<D%JhTA8D?4oc+`
z5H$v4Iq#O;!)KvY9&$5~2={>y)e!&9>^l9fhb52eW&?{J*GDd^tBqyVZhw$w^F;Kx
zu88xHW@p#y0Oc60$tsQg<s4Azae0Vnz6g&N$`C!S=!O>O7&5su<ujJ1%@Z>N?Wc2T
zvNFe@lqcrq7(Pd;bVf<yk10S>LQ+n7$kQT7o)$sMM-Zi$yQuWQ43v9Z)azhiZ*+b|
zX`7m|bRWGfTDlx=>53Ukwf*!U&6f8d)wzXQanj9NI!~!))})#&om{HX(gilMXz8wU
zOJ`#&V_V*XjNMgY>6B9VrIzl##-gRm<=Vqn#^<|1nyvA`=bU}7k&)&totHvBf1agN
zE3kC<?<EHO*DalsI=!^DxrLHVELys2TsO@%mYc2dnSuEWE3tG+IZl?2bOS;9r89z3
f1L^=-y7<$T`2x_nZ@%N>m@l<-^b2X`EZzSB4}Hxm

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb.test b/testing/btest/scripts/base/protocols/krb/smb2_krb.test
new file mode 100644
index 0000000000..7aa78567b5
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test
@@ -0,0 +1,19 @@
+# This test verifies that given the proper keytab file, the 
+#   Kerberos analyzer can open the AD ticket in the Negociate
+#   Protocol Request and find the user.
+
+# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
+# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+redef KRB::keytab = "smb2_krb.keytab";
+global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;
+
+event bro_init() &priority=5{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
+}
+
+event krb_ap_request(c: connection, ticket: KRB::Ticket, opts:  KRB::AP_Options){
+   print ticket$authenticationinfo;
+}
+