public DateTimeOffset DecryptTimestamp(KerberosKey key, out EncryptionType etype)
{
var timestampPaData = this.PaData.FirstOrDefault(p => p.Type == PaDataType.PA_ENC_TIMESTAMP);
if (timestampPaData == null)
{
etype = EncryptionType.NULL;
return(DateTimeOffset.MinValue);
}
var encryptedTimestamp = KrbEncryptedData.Decode(timestampPaData.Value);
var tsEnc = encryptedTimestamp.Decrypt(key, KeyUsage.PaEncTs, d => KrbPaEncTsEnc.Decode(d));
var timestamp = tsEnc.PaTimestamp;
if (tsEnc.PaUSec > 0)
{
timestamp = timestamp.AddTicks(tsEnc.PaUSec.Value / 10);
}
etype = encryptedTimestamp.EType;
return(timestamp);
}
internal static KrbPaEncTsEnc CreateForNow()
{
var ts = new KrbPaEncTsEnc();
Now(out DateTimeOffset timestamp, out int usec);
ts.PaTimestamp = timestamp;
ts.PaUSec = usec;
return(ts);
}
internal static KrbPaEncTsEnc Now()
{
var ts = new KrbPaEncTsEnc();
KerberosConstants.Now(out DateTimeOffset timestamp, out int usec);
ts.PaTimestamp = timestamp;
ts.PaUSec = usec;
return(ts);
}
public static KrbAsReq CreateAsReq(KerberosCredential credential, AuthenticationOptions options)
{
var kdcOptions = (KdcOptions)(options & ~AuthenticationOptions.AllAuthentication);
var hostAddress = Environment.MachineName;
var padata = new List <KrbPaData>()
{
new KrbPaData
{
Type = PaDataType.PA_PAC_REQUEST,
Value = new KrbPaPacRequest
{
IncludePac = options.HasFlag(AuthenticationOptions.IncludePacRequest)
}.Encode().AsMemory()
}
};
if (options.HasFlag(AuthenticationOptions.PreAuthenticate))
{
KerberosConstants.Now(out DateTimeOffset timestamp, out int usec);
var ts = new KrbPaEncTsEnc
{
PaTimestamp = timestamp,
PaUSec = usec
};
var tsEncoded = ts.Encode().AsMemory();
KrbEncryptedData encData = KrbEncryptedData.Encrypt(
tsEncoded,
credential.CreateKey(),
KeyUsage.PaEncTs
);
padata.Add(new KrbPaData
{
Type = PaDataType.PA_ENC_TIMESTAMP,
Value = encData.Encode().AsMemory()
});
}
var asreq = new KrbAsReq()
{
MessageType = MessageType.KRB_AS_REQ,
Body = new KrbKdcReqBody
{
Addresses = new[] {
new KrbHostAddress {
AddressType = AddressType.NetBios,
Address = Encoding.ASCII.GetBytes(hostAddress.PadRight(16, ' '))
}
},
CName = new KrbPrincipalName
{
Name = new[] { $"{credential.UserName}@{credential.Domain}" },
Type = PrincipalNameType.NT_ENTERPRISE
},
EType = KerberosConstants.ETypes.ToArray(),
KdcOptions = kdcOptions,
Nonce = KerberosConstants.GetNonce(),
RTime = KerberosConstants.EndOfTime,
Realm = credential.Domain,
SName = new KrbPrincipalName
{
Type = PrincipalNameType.NT_SRV_INST,
Name = new[] { "krbtgt", credential.Domain }
},
Till = KerberosConstants.EndOfTime
},
PaData = padata.ToArray()
};
return(asreq);
}
