public async Task Authenticator_RoundtripKeytab() { var keytab = new KeyTable(ReadDataFile("sample.keytab")); var buffer = new MemoryStream(); using (var writer = new BinaryWriter(buffer)) { keytab.Write(writer); var secondKeytab = new KeyTable(buffer.ToArray()); var authenticator = new KerberosAuthenticator( new KerberosValidator(secondKeytab) { ValidateAfterDecrypt = DefaultActions }); Assert.IsNotNull(authenticator); var result = await authenticator.Authenticate(RC4Header); Assert.IsNotNull(result); Assert.AreEqual("*****@*****.**", result.Name); } }
private static void AssertKeytablesAreEqual(KeyTable keytable, KeyTable secondKeyTable) { for (var i = 0; i < keytable.Entries.Count; i++) { Assert.AreEqual(keytable.Entries.ElementAt(i), secondKeyTable.Entries.ElementAt(i)); } }
public void KeyGeneration() { var keys = new[] { new KerberosKey( "password", new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }), host: "appservice", etype: EncryptionType.AES256_CTS_HMAC_SHA1_96 ) }; var keytable = new KeyTable(keys); var buffer = new MemoryStream(); using (var writer = new BinaryWriter(buffer)) { keytable.Write(writer); var secondKeytab = new KeyTable(buffer.ToArray()); AssertKeytablesAreEqual(keytable, secondKeytab); } }
public async Task KrbApReqWithoutPacLogonInfo() { var data = Convert.FromBase64String(ApReqWithoutPacLogonInfo); var key = new KeyTable( new KerberosKey( "P@ssw0rd!", principalName: new PrincipalName( PrincipalNameType.NT_PRINCIPAL, "CORP.IDENTITYINTERVENTION.com", new[] { "host/downlevel.corp.identityintervention.com" } ), saltType: SaltType.ActiveDirectoryUser ) ); var authenticator = new KerberosAuthenticator(new KerberosValidator(key) { ValidateAfterDecrypt = DefaultActions }); var result = await authenticator.Authenticate(data); Assert.IsNotNull(result); Assert.AreEqual(1, result.Claims.Count()); Assert.AreEqual("administrator/CORP.IDENTITYINTERVENTION.COM/CORP.IDENTITYINTERVENTION.COM", result.Name); }
public void MultipleVersionsInSameKeytab() { var keys = new[] { new KerberosKey( "password", new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }), host: "appservice", etype: EncryptionType.AES256_CTS_HMAC_SHA1_96, kvno: 1 ), new KerberosKey( "password", new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }), host: "appservice", etype: EncryptionType.AES256_CTS_HMAC_SHA1_96, kvno: 2 ), new KerberosKey( "password", new PrincipalName(PrincipalNameType.NT_PRINCIPAL, "REALM.COM", new[] { "host/appservice" }), host: "appservice", etype: EncryptionType.AES256_CTS_HMAC_SHA1_96, kvno: 12 ) }; var keytable = new KeyTable(keys); var key = keytable.GetKey(EncryptionType.AES256_CTS_HMAC_SHA1_96, KrbPrincipalName.FromString("host/appservice")); Assert.AreEqual(12, key.Version); }
public async Task Authenticator_SerializedKeytab() { var key = new KerberosKey( password: "******", principalName: new PrincipalName( PrincipalNameType.NT_SRV_INST, "IDENTITYINTERVENTION.COM", new[] { "host", "aadg.windows.net.nsatc.net" } ), etype: EncryptionType.RC4_HMAC_NT ); var keytab = new KeyTable(key); var buffer = new MemoryStream(); keytab.Write(new BinaryWriter(buffer)); var secondKeytab = new KeyTable(buffer.ToArray()); var authenticator = new KerberosAuthenticator( new KerberosValidator(secondKeytab) { ValidateAfterDecrypt = DefaultActions }); Assert.IsNotNull(authenticator); var result = await authenticator.Authenticate(RC4Header); Assert.IsNotNull(result); Assert.AreEqual("*****@*****.**", result.Name); }
public void KeyVersionOverride_32Bit() { var keyTable = new KeyTable(ReadDataFile("sample_with_32_bit_version_override.keytab")); Assert.IsNotNull(keyTable); Assert.AreEqual(2, keyTable.Entries.First().Version); }
private object GenerateFormattedKeyTable(KeyTable keytab) { if (keytab == null) { return(null); } var keys = keytab.Entries.Select(k => { var key = new KerberosKey(Encoding.Unicode.GetString(k.Key.GetKey(NoOpEncryptor)), k.Principal); return(new { k.EncryptionType, k.Length, k.Timestamp, k.Version, key.Host, key.PasswordBytes, Key = key.PrincipalName }); }); var table = new { keytab.FileVersion, keytab.KerberosVersion, Entries = keys.ToArray() }; return(table); }
public void Compile(Stream input) { var keyTab = new KeyTable(); scanner = new Scanner(input, keyTab); NextToken(); Module(); }
public void Test32BitKeyVersionOverride() { var keyTable = new KeyTable(File.ReadAllBytes("data\\sample_with_32_bit_version_override.keytab")); Assert.IsNotNull(keyTable); Assert.AreEqual(2, keyTable.Entries.First().Version); }
public static void ClearCache(object threadid) { try { while (true) { Thread.Sleep(5); if (!KeyTable.HasAutoCacheTable && KeyTable.CheckSysAutoCacheTable()) //检测并创建表,放在循环中,是因为可能在代码中延后会AppConifg.Cache.AutoCacheConn赋值; { ThreadBreak.AddGlobalThread(new ParameterizedThreadStart(AutoCacheKeyTask)); //将数据库检测独立一个线程,不影响此内存操作。 } if (removeList.Count > 0) { string baseKey = removeList.Dequeue(); if (!string.IsNullOrEmpty(baseKey)) { RemoveCache(baseKey); if (KeyTable.HasAutoCacheTable)//检测是否开启AutoCacheConn数据库链接 { removeListForKeyTask.Enqueue(baseKey); } } } } } catch { } }
private void LoadKeytab(string fileName) { try { var keytab = new KeyTable(File.ReadAllBytes(fileName)); if (keytab.Entries.Any()) { table = keytab; lblKeytab.Text = fileName; if (string.IsNullOrWhiteSpace(txtTicket.Text)) { var formatted = GenerateFormattedKeyTable(table); var serialized = FormatSerialize(new { KeyTable = formatted }); DisplayDeconstructed(serialized, "KeyTable"); } } } catch (Exception ex) { lblKeytab.Text = ""; this.ShowError(ex); } }
private async Task Decode() { if (chkRemember.Checked) { TryPersistingValues(); } else { ResetPersistedValues(); } if (string.IsNullOrWhiteSpace(txtTicket.Text)) { return; } string ticket; if (string.IsNullOrWhiteSpace(txtKey.Text)) { ticket = Decode(txtTicket.Text); } else { var key = table; var domain = Environment.GetEnvironmentVariable("USERDNSDOMAIN"); if (key == null) { if (chkEncodedKey.Checked) { var bytes = Convert.FromBase64String(txtKey.Text); key = new KeyTable( new KerberosKey( password: bytes, principal: new PrincipalName(PrincipalNameType.NT_SRV_HST, domain, new[] { Environment.MachineName }), host: txtHost.Text ) ); } else { key = new KeyTable( new KerberosKey( txtKey.Text, principalName: new PrincipalName(PrincipalNameType.NT_SRV_HST, domain, new[] { Environment.MachineName }), host: string.IsNullOrWhiteSpace(txtHost.Text) ? null : txtHost.Text ) ); } } ticket = await Decode(txtTicket.Text, key); } DisplayDeconstructed(ticket, "Decoded Ticket"); }
public KerberosAuthenticator(string upn, KeyTable keytab, Krb5Config config, ILoggerFactory logger = null) : this(new KerberosValidator(keytab, logger)) { if (!string.IsNullOrWhiteSpace(upn)) { this.s4uProvider = new S4UProviderFactory(upn, keytab, config, logger); } }
internal void Validate(KeyTable keytab, KrbPrincipalName sname) { var key = keytab.GetKey(Type, sname); Validator.Validate(key); Validated = true; }
protected static int GetTimeStepNumber(Program solver) { solver.QueryResultTable.FormatTable(out string[] KeyColumnNames, out string[] ValueColumnNames, out object[,] KeyTable, out object[,] ValueTable); int iCol = Array.IndexOf(KeyColumnNames, "Timestep"); int iTimeStep = (int)(KeyTable.GetColumn(iCol).Last()); return(iTimeStep); }
public KerberosValidator(KeyTable keytab, ITicketReplayValidator ticketCache = null) { this.keytab = keytab; TokenCache = ticketCache ?? new TicketReplayValidator(); ValidateAfterDecrypt = ValidationActions.All; }
public void AddKeyEvent(KeyTable table, UnityAction action) { if (!actionTable.ContainsKey(table)) { actionTable.Add(table, new List <UnityAction>()); } actionTable[table].Add(action); }
protected DatFile FromBytesInternal([NotNull] byte[] bytes) { DatHeader header = BuildDatHeaderFromBytesInternal(bytes); IndexTable indexTable = BuildIndexTableFromBytesInternal(bytes, header.KeyCount); ValueTable valueTable = BuildValueTableFromBytesInternal(bytes, indexTable, header.KeyCount); KeyTable keyTable = BuildKeyTableFromBytesInternal(bytes, indexTable, header.KeyCount); return(new DatFile(header, indexTable, valueTable, keyTable)); }
public void TrailingPadding() { var keyTable = new KeyTable(ReadDataFile("sample_with_padding.keytab")); Assert.IsNotNull(keyTable); Assert.AreEqual(15, keyTable.Entries.Count); Assert.AreEqual(keyTable.Entries.First().EncryptionType, EncryptionType.DES_CBC_CRC); Assert.AreEqual(keyTable.Entries.Last().EncryptionType, EncryptionType.RC4_HMAC_NT); }
public DatFile Build(byte[] bytes) { DatHeader header = BuildDatHeader(bytes); IndexTable indexTable = BuildIndexTable(bytes, header.KeyCount); ValueTable valueTable = BuildValueTable(bytes, indexTable, header.KeyCount); KeyTable keyTable = BuildKeyTable(bytes, indexTable, header.KeyCount); return(new DatFile(header, indexTable, valueTable, keyTable)); }
public KerberosValidator(KeyTable keytab, ILoggerFactory logger = null, ITicketReplayValidator ticketCache = null) { this.keytab = keytab; this.logger = logger.CreateLoggerSafe <KerberosValidator>(); TokenCache = ticketCache ?? new TicketReplayValidator(logger); ValidateAfterDecrypt = ValidationActions.All; }
public override DecryptedData Decrypt(KeyTable keys) { if (NegotiationToken?.MechToken?.NtlmNegotiate != null) { throw new NotSupportedException("NTLM is not supported"); } var token = NegotiationToken?.MechToken?.InnerContextToken; return(Decrypt(token, keys)); }
private void btnClear_Click(object sender, EventArgs e) { txtTicket.Text = ""; txtDump.Text = ""; txtHost.Text = ""; txtKey.Text = ""; treeView1.Nodes.Clear(); table = null; lblKeytab.Text = ""; }
public KeytabCredential(string username, KeyTable keytab, string domain = null) { TrySplitUserNameDomain(username, out username, ref domain); this.UserName = username; this.keytab = keytab ?? throw new ArgumentNullException(nameof(keytab)); if (!string.IsNullOrWhiteSpace(domain)) { this.Domain = domain.ToUpperInvariant(); } }
protected static DecryptedKrbApReq DecryptApReq(KrbApReq token, KeyTable keytab) { if (token.Ticket == null) { return(null); } var decryptedApReq = new DecryptedKrbApReq(token); decryptedApReq.Decrypt(keytab); return(decryptedApReq); }
public DecryptedData Decrypt(KeyTable keytab) { if (NegotiationToken != null) { return(DecryptNegotiate(NegotiationToken, keytab)); } if (Request != null) { return(DecryptKerberos(Request, keytab)); } return(null); }
private void LoadKeyTable(GXXmlReader reader) { KeyTable.Clear(); if (reader.IsStartElement("KeyTable", true)) { while (reader.IsStartElement("Item", true)) { byte k = (byte)reader.ReadElementContentAsInt("Key"); byte[] d = GXDLMSTranslator.HexToBytes(reader.ReadElementContentAsString("Data")); KeyTable.Add(new GXKeyValuePair <byte, byte[]>(k, d)); } reader.ReadEndElement("KeyTable"); } }
public override DecryptedKrbApReq DecryptApReq(KeyTable keys) { var mechToken = token.InitialToken.MechToken; var apReq = MessageParser.Parse <ContextToken>(mechToken.Value); if (apReq is NegotiateContextToken) { throw new InvalidOperationException( "Negotiated ContextToken is another negotiated token. Failing to prevent stack overflow." ); } return(apReq.DecryptApReq(keys)); }
private async Task <KerberosIdentity> ProcessAsMiddleBox(Krb5Config config, ILoggerFactory logger, ApplicationSessionContext serviceTicket) { var serviceCred = new KerberosPasswordCredential(this.ServicePrincipalSamAccountName, this.ServicePrincipalNamePassword, serviceTicket.ApReq.Ticket.Realm); var ping = await KerberosPing.Ping(serviceCred, config, logger); serviceCred.IncludePreAuthenticationHints(ping.Error.DecodePreAuthentication()); var keytab = new KeyTable(serviceCred.CreateKey()); var authenticator = new KerberosAuthenticator(this.ServicePrincipalSamAccountName, keytab, config, logger); var identity = await authenticator.Authenticate(serviceTicket.ApReq.EncodeGssApi()) as KerberosIdentity; return(identity); }
private async Task <string> Decode(string ticket, KeyTable key) { var validator = new KerberosValidator(key) { ValidateAfterDecrypt = ValidationActions.None }; var ticketBytes = Convert.FromBase64String(ticket); var decrypted = await validator.Validate(ticketBytes); var request = KerberosRequest.Parse(ticketBytes); var keytableFormat = GenerateFormattedKeyTable(key); return(FormatSerialize(new { Request = request, Decrypted = decrypted, KeyTable = keytableFormat })); }
public Scanner(Stream t, KeyTable keyTable) { this.t = t; this.keyTable = keyTable; if (Eof()) throw new InvalidOperationException("Cannot init empty stream"); ReadChar(); EnterKW(Token.Null, "BY"); EnterKW(Token.Do, "DO"); EnterKW(Token.If, "IF"); EnterKW(Token.Null, "IN"); EnterKW(Token.Null, "IS"); EnterKW(Token.Of, "OF"); EnterKW(Token.Or, "OR"); EnterKW(Token.Null, "TO"); EnterKW(Token.End, "END"); EnterKW(Token.Null, "FOR"); EnterKW(Token.Mod, "MOD"); EnterKW(Token.Null, "NIL"); EnterKW(Token.Var, "VAR"); EnterKW(Token.Null, "CASE"); EnterKW(Token.Else, "ELSE"); EnterKW(Token.Null, "EXIT"); EnterKW(Token.Then, "THEN"); EnterKW(Token.Type, "TYPE"); EnterKW(Token.Null, "WITH"); EnterKW(Token.Array, "ARRAY"); EnterKW(Token.Begin, "BEGIN"); EnterKW(Token.Const, "CONST"); EnterKW(Token.Elsif, "ELSIF"); EnterKW(Token.Null, "IMPORT"); EnterKW(Token.Null, "UNTIL"); EnterKW(Token.While, "WHILE"); EnterKW(Token.Record, "RECORD"); EnterKW(Token.Null, "REPEAT"); EnterKW(Token.Null, "RETURN"); EnterKW(Token.Null, "POINTER"); EnterKW(Token.Procedure, "PROCEDURE"); EnterKW(Token.Div, "DIV"); EnterKW(Token.Null, "LOOP"); EnterKW(Token.Module, "MODULE"); }
void AddToTable (Keywords keywords, char[] word) { KeyTable[] curTable = table; for (int i = 0; i < word.Length; i++) { uint idx = (uint)word[i]; if (idx > 255) throw new ArgumentOutOfRangeException (word + " contains invalid chars."); if (curTable[idx] == null) curTable[idx] = new KeyTable (); if (i == word.Length -1) { curTable[idx].keywords = keywords; break; } curTable = curTable[idx].table; } }