Beispiel #1
0
        public void PacHandlesCustomKdcSignatureType()
        {
            var principal = new FakeKerberosPrincipal("*****@*****.**");

            var pac = principal.GeneratePac();

            var kdcKey    = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
            var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);

            CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData));
            CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform());

            var encoded = pac.Encode(kdcKey, serverKey);

            var roundtrip = new PrivilegedAttributeCertificate(
                new KrbAuthorizationData
            {
                Type = AuthorizationDataType.AdWin2kPac,
                Data = encoded
            },
                SignatureMode.Kdc
                );

            Assert.IsNotNull(roundtrip);

            roundtrip.ServerSignature.Validate(serverKey);

            Assert.AreEqual((ChecksumType)(-1), roundtrip.KdcSignature.Type);

            roundtrip.KdcSignature.Validate(serverKey);
        }
Beispiel #2
0
        public IKerberosPrincipal Find(KrbPrincipalName principalName, string realm = null)
        {
            IKerberosPrincipal principal = null;

            if (principalName.FullyQualifiedName.EndsWith(this.realm, StringComparison.InvariantCultureIgnoreCase) ||
                principalName.FullyQualifiedName.StartsWith("krbtgt", StringComparison.InvariantCultureIgnoreCase) ||
                principalName.Type == PrincipalNameType.NT_PRINCIPAL)
            {
                principal = new FakeKerberosPrincipal(principalName.FullyQualifiedName);
            }

            return(principal);
        }
Beispiel #3
0
        public void ThrowsUnknownChecksumType()
        {
            var principal = new FakeKerberosPrincipal("*****@*****.**");

            var pac = principal.GeneratePac();

            var kdcKey    = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
            var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);

            CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1));
            CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1));

            pac.Encode(kdcKey, serverKey);
        }
Beispiel #4
0
        public void MarshalNativeFromManaged_Baseline_DoesntExplode()
        {
            var principal = new FakeKerberosPrincipal("*****@*****.**");

            var pac = principal.GeneratePac();

            var encodedLogonInfo = pac.LogonInfo.Encode();

            Assert.IsNotNull(encodedLogonInfo);
            Assert.IsTrue(encodedLogonInfo.Length > 0);

            var logonInfoDecoded = new PacLogonInfo();

            logonInfoDecoded.Unmarshal(encodedLogonInfo);

            Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString());

            AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo);
        }
Beispiel #5
0
        public void MarshalNativeFromManaged_Groups_ExtraSids_ResourceDomain_ResourceDomainGroups()
        {
            var principal = new FakeKerberosPrincipal("*****@*****.**");

            var pac = principal.GeneratePac();

            GeneratePacExtensions(pac, includeGroups: true, includeExtraIds: true, includeResourceDomain: true, includeResourceGroups: true);

            var encodedLogonInfo = pac.LogonInfo.Encode();

            Assert.IsNotNull(encodedLogonInfo);
            Assert.IsTrue(encodedLogonInfo.Length > 0);

            var logonInfoDecoded = new PacLogonInfo();

            logonInfoDecoded.Unmarshal(encodedLogonInfo);

            Assert.AreEqual("*****@*****.**", logonInfoDecoded.UserName.ToString());

            AssertManagedMatchesNative(logonInfoDecoded, encodedLogonInfo);
        }
        public IKerberosPrincipal Find(KrbPrincipalName principalName, string realm = null)
        {
            IKerberosPrincipal principal = null;

            bool fallback = false;

            if (principalName.FullyQualifiedName.Contains("-fallback", StringComparison.OrdinalIgnoreCase) &&
                principalName.Type == PrincipalNameType.NT_ENTERPRISE)
            {
                principal = null;
                fallback  = true;
            }

            if ((principalName.FullyQualifiedName.EndsWith(this.realm, StringComparison.InvariantCultureIgnoreCase) ||
                 principalName.FullyQualifiedName.StartsWith("krbtgt", StringComparison.InvariantCultureIgnoreCase) ||
                 principalName.Type == PrincipalNameType.NT_PRINCIPAL) &&
                !fallback)
            {
                principal = new FakeKerberosPrincipal(principalName.FullyQualifiedName);
            }

            return(principal);
        }
Beispiel #7
0
        public void PacFailsOnUnknownKdcSignatureType()
        {
            var principal = new FakeKerberosPrincipal("*****@*****.**");

            var pac = principal.GeneratePac();

            var kdcKey    = new KerberosKey(new byte[234], etype: (EncryptionType)(-1));
            var serverKey = new KerberosKey(new byte[32], etype: EncryptionType.AES256_CTS_HMAC_SHA1_96);

            CryptoService.RegisterChecksumAlgorithm((ChecksumType)(-1), (signature, signatureData) => new FakeChecksum(signature, signatureData));
            CryptoService.RegisterCryptographicAlgorithm((EncryptionType)(-1), () => new FakeCryptoTransform());

            var encoded = pac.Encode(kdcKey, serverKey);

            CryptoService.UnregisterChecksumAlgorithm((ChecksumType)(-1));
            CryptoService.UnregisterCryptographicAlgorithm((EncryptionType)(-1));

            bool threw = false;

            try
            {
                _ = new PrivilegedAttributeCertificate(
                    new KrbAuthorizationData
                {
                    Type = AuthorizationDataType.AdWin2kPac,
                    Data = encoded
                },
                    SignatureMode.Kdc
                    );
            }
            catch (InvalidOperationException)
            {
                threw = true;
            }

            Assert.IsTrue(threw);
        }
            public Task <IKerberosPrincipal> RetrieveKrbtgt()
            {
                IKerberosPrincipal krbtgt = new FakeKerberosPrincipal("krbtgt");

                return(Task.FromResult(krbtgt));
            }
            public Task <IKerberosPrincipal> Find(string principalName)
            {
                IKerberosPrincipal principal = new FakeKerberosPrincipal(principalName);

                return(Task.FromResult(principal));
            }