Beispiel #1
0
 public KrbFastReq(
     FastOptions param0,
     Asn1SequenceOf <PA_DATA> param1,
     KDC_REQ_BODY param2)
 {
     this.fast_options = param0;
     this.padata       = param1;
     this.req_body     = param2;
 }
 public KrbFastReq(
     FastOptions param0,
     Asn1SequenceOf<PA_DATA> param1,
     KDC_REQ_BODY param2)
 {
     this.fast_options = param0;
     this.padata = param1;
     this.req_body = param2;
 }
        /// <summary>
        /// Create and send FAST TGS request
        /// </summary>
        /// <param name="sName">Service principal name</param>
        /// <param name="kdcOptions">KDC options</param>
        /// <param name="innerSeqPaData">A sequence of preauthentication data in FAST request</param>
        /// <param name="outerSeqPaData">A sequence of preauthentication data</param>
        /// <param name="subKey">Sub-session key for authenticator in FAST armor field</param>
        /// <param name="fastOptions">FAST options</param>
        /// <param name="apOptions">AP options in FAST armor field</param>
        /// <param name="data">Authorization data</param>
        public void SendTgsRequestWithFast(
            string sName,
            KdcOptions kdcOptions,
            Asn1SequenceOf<PA_DATA> innerSeqPaData,
            Asn1SequenceOf<PA_DATA> outerSeqPaData,
            EncryptionKey subKey,
            FastOptions fastOptions,
            ApOptions apOptions,
            AuthorizationData data = null)
        {
            Context.Subkey = subKey;
            Context.ReplyKey = subKey;
            string domain = this.Context.Realm.Value;
            PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST),
                KerberosUtility.String2SeqKerbString(sName.Split('/')));

            KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname, data);
            Asn1BerEncodingBuffer bodyBuffer = new Asn1BerEncodingBuffer();
            kdcReqBody.BerEncode(bodyBuffer);

            APOptions option = new APOptions(KerberosUtility.ConvertInt2Flags((int)ApOptions.None));
            ChecksumType checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
            KerberosApRequest apRequest = CreateApRequest(
                option,
                Context.Ticket,
                subKey,
                data,
                KeyUsageNumber.TG_REQ_PA_TGS_REQ_padataOR_AP_REQ_Authenticator,
                checksumType,
                bodyBuffer.Data);

            PaTgsReq paTgsReq = new PaTgsReq(apRequest.Request);

            Asn1SequenceOf<PA_DATA> tempPaData = null;
            if (outerSeqPaData == null || outerSeqPaData.Elements == null || outerSeqPaData.Elements.Length == 0)
            {
                tempPaData = new Asn1SequenceOf<PA_DATA>(new PA_DATA[] { paTgsReq.Data });
            }
            else
            {
                tempPaData.Elements = new PA_DATA[outerSeqPaData.Elements.Length + 1];
                Array.Copy(outerSeqPaData.Elements, tempPaData.Elements, outerSeqPaData.Elements.Length);
                tempPaData.Elements[outerSeqPaData.Elements.Length] = paTgsReq.Data;
            }
            var armorKey = GetArmorKey(Context.SessionKey, subKey);
            var pafxfast = CreateTgsPaFxFast(armorKey, Context.Ticket, fastOptions, apOptions, tempPaData, sName, paTgsReq.Data.padata_value.ByteArrayValue);
            Context.FastArmorkey = armorKey;
            PA_DATA[] elements;
            if (outerSeqPaData != null && outerSeqPaData.Elements.Length > 0)
            {
                elements = new PA_DATA[outerSeqPaData.Elements.Length + 1];
                Array.Copy(outerSeqPaData.Elements, elements, outerSeqPaData.Elements.Length);
                elements[outerSeqPaData.Elements.Length] = pafxfast.Data;
                elements[outerSeqPaData.Elements.Length + 1] = paTgsReq.Data;
            }
            else
            {
                elements = new PA_DATA[] { pafxfast.Data, paTgsReq.Data };
            }
            Asn1SequenceOf<PA_DATA> seqPaData = new Asn1SequenceOf<PA_DATA>();
            KerberosTgsRequest tgsRequest = new KerberosTgsRequest(KerberosConstValue.KERBEROSV5, kdcReqBody, new Asn1SequenceOf<PA_DATA>(elements), Context.TransportType);

            this.SendPdu(tgsRequest);
            this.testSite.Log.Add(LogEntryKind.Debug, "Send FAST TGS request.");
        }
 /// <summary>
 /// Create and send FAST AS request with an unknown armor type
 /// </summary>
 /// <param name="kdcOptions">KDC options</param>
 /// <param name="innerSeqPaData">A sequence of preauthentication data in FAST request</param>
 /// <param name="outerSeqPaData">A sequence of preauthentication data</param>
 /// <param name="subKey">Sub-session key for authenticator in FAST armor field</param>
 /// <param name="fastOptions">FAST options</param>
 /// <param name="apOptions">AP options in FAST armor field</param>
 /// <param name="armorType">armorType</param>
 public void SendAsRequestWithFast(
     KdcOptions kdcOptions,
     Asn1SequenceOf<PA_DATA> innerSeqPaData,
     Asn1SequenceOf<PA_DATA> outerSeqPaData,
     EncryptionKey subKey,
     FastOptions fastOptions,
     ApOptions apOptions,
     KrbFastArmorType armorType
     )
 {
     Context.Subkey = subKey;
     string sName = KerberosConstValue.KERBEROS_SNAME;
     string domain = this.Context.Realm.Value;
     PrincipalName sname =
         new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
     KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname);
     var pafxfast = CreateAsPaFxFast(subKey, fastOptions, apOptions, innerSeqPaData, sName, kdcReqBody, armorType);
     PA_DATA[] elements;
     if (outerSeqPaData != null && outerSeqPaData.Elements.Length > 0)
     {
         elements = new PA_DATA[outerSeqPaData.Elements.Length + 1];
         Array.Copy(outerSeqPaData.Elements, elements, outerSeqPaData.Elements.Length);
         elements[outerSeqPaData.Elements.Length] = pafxfast.Data;
     }
     else
     {
         elements = new PA_DATA[] { pafxfast.Data };
     }
     Asn1SequenceOf<PA_DATA> seqPaData = new Asn1SequenceOf<PA_DATA>();
     KerberosAsRequest asRequest = this.CreateAsRequest(kdcReqBody, new Asn1SequenceOf<PA_DATA>(elements));
     this.SendPdu(asRequest);
     this.testSite.Log.Add(LogEntryKind.Debug, "Send AS Request with FAST PA-DATA.");
 }
        public PaFxFastReq CreateTgsPaFxFast(
            EncryptionKey armorKey,
            KerberosTicket armorTicket,
            FastOptions fastOptions,
            ApOptions apOptions,
            Asn1SequenceOf<PA_DATA> seqPaData,
            string sName,
            byte[] apReq,
            IFastArmor armor = null
            )
        {
            string domain = this.Context.Realm.Value;
            PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST),
                KerberosUtility.String2SeqKerbString(sName.Split('/')));

            KDC_REQ_BODY innerKdcReqBody = CreateKdcRequestBody(KdcOptions.CANONICALIZE | KdcOptions.FORWARDABLE | KdcOptions.RENEWABLE, sname);

            //Generate checksum
            var checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
            var chksum = KerberosUtility.GetChecksum(
                armorKey.keyvalue.ByteArrayValue,
                apReq,
                (int)KeyUsageNumber.FAST_REQ_CHECKSUM,
                checksumType);
            Checksum checkSum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(chksum));

            KerberosFastRequest fastReq = new KerberosFastRequest(fastOptions, seqPaData, innerKdcReqBody);
            KerberosArmoredRequest armoredReq
                = new KerberosArmoredRequest(armor, checkSum, (long)Context.SelectedEType, armorKey.keyvalue.ByteArrayValue, fastReq);
            PA_FX_FAST_REQUEST paFxFastReq = new PA_FX_FAST_REQUEST();
            paFxFastReq.SetData(PA_FX_FAST_REQUEST.armored_data, armoredReq.FastArmoredReq);
            PaFxFastReq paFxfast = new PaFxFastReq(paFxFastReq);
            return paFxfast;
        }
        public PaFxFastReq CreateAsPaFxFast(
            EncryptionKey subKey,
            FastOptions fastOptions,
            ApOptions apOptions,
            Asn1SequenceOf<PA_DATA> seqPaData,
            string sName,
            KDC_REQ_BODY kdcReqBody,
            KrbFastArmorType armorType
            )
        {
            string domain = this.Context.Realm.Value;
            PrincipalName sname =
                new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));

            var armorKey = KerberosUtility.MakeArmorKey(
                Context.SelectedEType,
                subKey.keyvalue.ByteArrayValue,
                Context.ArmorSessionKey.keyvalue.ByteArrayValue);
            Context.FastArmorkey = new EncryptionKey(new KerbInt32((long)Context.SelectedEType), new Asn1OctetString(armorKey));

            Asn1BerEncodingBuffer encodebuf = new Asn1BerEncodingBuffer();
            kdcReqBody.BerEncode(encodebuf);
            var checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
            var chksum = KerberosUtility.GetChecksum(
                armorKey,
                encodebuf.Data,
                (int)KeyUsageNumber.FAST_REQ_CHECKSUM,
                checksumType);
            Checksum checkSum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(chksum));

            Authenticator plaintextAuthenticator = CreateAuthenticator(Context.ArmorTicket, null, subKey);

            KerberosApRequest apReq = new KerberosApRequest(Context.Pvno,
                new APOptions(KerberosUtility.ConvertInt2Flags((int)apOptions)),
                Context.ArmorTicket,
                plaintextAuthenticator,
                KeyUsageNumber.AP_REQ_Authenticator);

            KDC_REQ_BODY innerKdcReqBody = CreateKdcRequestBody(KdcOptions.CANONICALIZE | KdcOptions.FORWARDABLE | KdcOptions.RENEWABLE, sname);
            KerberosFastRequest fastReq = new KerberosFastRequest(fastOptions, seqPaData, innerKdcReqBody);
            FastArmorApRequest fastArmor = new FastArmorApRequest(apReq.Request);
            fastArmor.armorType = armorType;
            KerberosArmoredRequest armoredReq
                = new KerberosArmoredRequest(fastArmor, checkSum, (long)Context.SelectedEType, armorKey, fastReq);
            PA_FX_FAST_REQUEST paFxFastReq = new PA_FX_FAST_REQUEST();
            paFxFastReq.SetData(PA_FX_FAST_REQUEST.armored_data, armoredReq.FastArmoredReq);
            PaFxFastReq paFxfast = new PaFxFastReq(paFxFastReq);
            return paFxfast;
        }
 public KerberosFastRequest(FastOptions options, Asn1SequenceOf<PA_DATA> seqPaData, KDC_REQ_BODY kdcReqBody)
 {
     this.FastReq = new KrbFastReq(options, seqPaData, kdcReqBody);
 }