/// <summary>
        /// Create TGS response.
        /// </summary>
        /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param>
        /// <param name="seqOfPaData">The pre-authentication data.
        /// This argument can be generated by method ConstructPaData. This argument could be null.</param>
        /// <param name="encTicketFlags">Ticket Flags</param>
        /// <param name="ticketEncryptKey">Encryption key used to encrypt ticket. This parameter cannot be null
        /// In User-User Authentication mode, use session key in additional ticket in KileTgsRequest.
        /// Otherwise use service's secret key.
        /// A 16 byte buffer. RC4-HMAC encryption type is used for this key</param>
        /// <returns>The created TGS response.</returns>
        /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
        /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context
        /// is found </exception>
        public KileTgsResponse CreateTgsResponse(
            KileConnection kileConnection,
            _SeqOfPA_DATA seqOfPaData,
            EncTicketFlags encTicketFlags,
            byte[] ticketEncryptKey)
        {
            if (ticketEncryptKey == null)
            {
                throw new ArgumentNullException("ticketEncryptKey");
            }
            EncryptionKey ticketKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, ticketEncryptKey);

            return(CreateTgsResponse(kileConnection, seqOfPaData, encTicketFlags, ticketKey, null));
        }
Example #2
0
        public KileTgsResponse CreateTgsResponse(
            KileConnection kileConnection,
            Asn1SequenceOf <PA_DATA> seqOfPaData,
            EncTicketFlags encTicketFlags,
            byte[] ticketEncryptKey)
        {
            if (ticketEncryptKey == null)
            {
                throw new ArgumentNullException(nameof(ticketEncryptKey));
            }
            var ticketKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC), new Asn1OctetString(ticketEncryptKey));

            return(CreateTgsResponse(kileConnection, seqOfPaData, encTicketFlags, ticketKey, null));
        }
 public KileTgsResponse CreateTgsResponse(
     KileConnection kileConnection,
     _SeqOfPA_DATA seqOfPaData,
     EncTicketFlags encTicketFlags,
     byte[] ticketEncryptKey)
 {
     if (ticketEncryptKey == null)
     {
         throw new ArgumentNullException("ticketEncryptKey");
     }
     EncryptionKey ticketKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, ticketEncryptKey);
     return CreateTgsResponse(kileConnection, seqOfPaData, encTicketFlags, ticketKey, null);
 }
        public KileTgsResponse CreateTgsResponse(
            KileConnection kileConnection,
            _SeqOfPA_DATA seqOfPaData,
            EncTicketFlags encTicketFlags,
            EncryptionKey ticketEncryptKey,
            AuthorizationData ticketAuthorizationData)
        {
            KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);

            if (ticketEncryptKey == null)
            {
                throw new ArgumentNullException("ticketEncryptKey");
            }
            else
            {
                serverContext.TicketEncryptKey = ticketEncryptKey;
            }
            KileTgsResponse response = new KileTgsResponse(serverContext);

            // Construct a Ticket
            Ticket ticket = new Ticket();
            ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
            ticket.realm = new Realm(domain);
            ticket.sname = serverContext.SName;

            // Set EncTicketPart
            EncTicketPart encTicketPart = new EncTicketPart();
            EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue;
            encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType));
            encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
            encTicketPart.crealm = serverContext.TgsTicket.crealm;
            encTicketPart.cname = serverContext.TgsTicket.cname;
            encTicketPart.transited = serverContext.TgsTicket.transited;
            encTicketPart.authtime = KileUtility.CurrentKerberosTime;
            encTicketPart.starttime = KileUtility.CurrentKerberosTime;
            encTicketPart.endtime = serverContext.TgsTicket.endtime;
            encTicketPart.renew_till = serverContext.TgsTicket.renew_till;
            encTicketPart.caddr = serverContext.Addresses;
            encTicketPart.authorization_data = ticketAuthorizationData;
            response.TicketEncPart = encTicketPart;

            // Set AS_REP
            response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
            response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_TGS_RESP);
            response.Response.padata = seqOfPaData;
            response.Response.crealm = serverContext.UserRealm;
            response.Response.cname = serverContext.UserName;
            response.Response.ticket = ticket;

            // Set EncASRepPart
            EncTGSRepPart encTGSRepPart = new EncTGSRepPart();
            encTGSRepPart.key = encTicketPart.key;
            LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime);
            encTGSRepPart.last_req = new LastReq(new LastReq_element[] { element });
            encTGSRepPart.nonce = serverContext.Nonce;
            encTGSRepPart.flags = encTicketPart.flags;
            encTGSRepPart.authtime = encTicketPart.authtime;
            encTGSRepPart.starttime = encTicketPart.starttime;
            encTGSRepPart.endtime = encTicketPart.endtime;
            encTGSRepPart.renew_till = encTicketPart.renew_till;
            encTGSRepPart.srealm = ticket.realm;
            encTGSRepPart.sname = ticket.sname;
            encTGSRepPart.caddr = encTicketPart.caddr;
            response.EncPart = encTGSRepPart;

            return response;
        }
        public KileAsResponse CreateAsResponse(
            KileConnection kileConnection,
            KerberosAccountType accountType,
            string password,
            _SeqOfPA_DATA SeqofPaData,
            EncTicketFlags encTicketFlags,
            AuthorizationData ticketAuthorizationData)
        {
            KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
            string cName = serverContext.UserName.name_string.elements[0].mValue;
            string cRealm = serverContext.UserRealm.mValue;
            serverContext.Salt = GenerateSalt(cRealm, cName, accountType);
            serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC,
                GetEncryptionKeyByType(EncryptionType.RC4_HMAC));

            if (password == null)
            {
                throw new ArgumentNullException("password");
            }
            else
            {
                serverContext.Password = password;
            }
            KileAsResponse response = new KileAsResponse(serverContext);

            // Construct a Ticket
            Ticket ticket = new Ticket();
            ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
            ticket.realm = new Realm(domain);
            ticket.sname = serverContext.SName;

            // Set EncTicketPart
            EncTicketPart encTicketPart = new EncTicketPart();
            EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue;

            encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType));
            encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
            encTicketPart.crealm = serverContext.UserRealm;
            encTicketPart.cname = serverContext.UserName;
            encTicketPart.transited = new TransitedEncoding(4, null);
            encTicketPart.authtime = KileUtility.CurrentKerberosTime;
            encTicketPart.starttime = KileUtility.CurrentKerberosTime;
            encTicketPart.endtime = serverContext.endTime;
            encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime;
            encTicketPart.caddr = serverContext.Addresses;
            encTicketPart.authorization_data = ticketAuthorizationData;
            response.TicketEncPart = encTicketPart;

            // Set AS_REP
            response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
            response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP);
            response.Response.padata = SeqofPaData;
            response.Response.crealm = serverContext.UserRealm;
            response.Response.cname = serverContext.UserName;
            response.Response.ticket = ticket;

            // Set EncASRepPart
            EncASRepPart encASRepPart = new EncASRepPart();
            encASRepPart.key = encTicketPart.key;
            LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime);
            encASRepPart.last_req = new LastReq(new LastReq_element[] { element });
            encASRepPart.nonce = serverContext.Nonce;
            encASRepPart.flags = encTicketPart.flags;
            encASRepPart.authtime = encTicketPart.authtime;
            encASRepPart.starttime = encTicketPart.starttime;
            encASRepPart.endtime = encTicketPart.endtime;
            encASRepPart.renew_till = encTicketPart.renew_till;
            encASRepPart.srealm = ticket.realm;
            encASRepPart.sname = ticket.sname;
            encASRepPart.caddr = encTicketPart.caddr;
            response.EncPart = encASRepPart;

            return response;
        }
        /// <summary>
        /// Create TGS response.
        /// </summary>
        /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param>
        /// <param name="seqOfPaData">The pre-authentication data.
        /// This argument can be generated by method ConstructPaData. This argument could be null.</param>
        /// <param name="encTicketFlags">Ticket Flags</param>
        /// <param name="ticketEncryptKey">Encryption key used to encrypt ticket. This parameter cannot be null
        /// In User-User Authentication mode, use session key in additional ticket in KileTgsRequest.
        /// Otherwise use service's secret key.</param>
        /// <param name="ticketAuthorizationData">The authorization-data field is used to pass authorization data from
        /// the principal on whose behalf a ticket was issued to the application service. This parameter could be null.
        /// </param>
        /// <returns>The created TGS response.</returns>
        /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
        /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context
        /// is found </exception>
        public KileTgsResponse CreateTgsResponse(
            KileConnection kileConnection,
            _SeqOfPA_DATA seqOfPaData,
            EncTicketFlags encTicketFlags,
            EncryptionKey ticketEncryptKey,
            AuthorizationData ticketAuthorizationData)
        {
            KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);

            if (ticketEncryptKey == null)
            {
                throw new ArgumentNullException("ticketEncryptKey");
            }
            else
            {
                serverContext.TicketEncryptKey = ticketEncryptKey;
            }
            KileTgsResponse response = new KileTgsResponse(serverContext);

            // Construct a Ticket
            Ticket ticket = new Ticket();

            ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
            ticket.realm   = new Realm(domain);
            ticket.sname   = serverContext.SName;

            // Set EncTicketPart
            EncTicketPart  encTicketPart  = new EncTicketPart();
            EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue;

            encTicketPart.key                = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType));
            encTicketPart.flags              = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
            encTicketPart.crealm             = serverContext.TgsTicket.crealm;
            encTicketPart.cname              = serverContext.TgsTicket.cname;
            encTicketPart.transited          = serverContext.TgsTicket.transited;
            encTicketPart.authtime           = KileUtility.CurrentKerberosTime;
            encTicketPart.starttime          = KileUtility.CurrentKerberosTime;
            encTicketPart.endtime            = serverContext.TgsTicket.endtime;
            encTicketPart.renew_till         = serverContext.TgsTicket.renew_till;
            encTicketPart.caddr              = serverContext.Addresses;
            encTicketPart.authorization_data = ticketAuthorizationData;
            response.TicketEncPart           = encTicketPart;

            // Set AS_REP
            response.Response.pvno     = new Asn1Integer(ConstValue.KERBEROSV5);
            response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_TGS_RESP);
            response.Response.padata   = seqOfPaData;
            response.Response.crealm   = serverContext.UserRealm;
            response.Response.cname    = serverContext.UserName;
            response.Response.ticket   = ticket;

            // Set EncASRepPart
            EncTGSRepPart encTGSRepPart = new EncTGSRepPart();

            encTGSRepPart.key = encTicketPart.key;
            LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime);

            encTGSRepPart.last_req   = new LastReq(new LastReq_element[] { element });
            encTGSRepPart.nonce      = serverContext.Nonce;
            encTGSRepPart.flags      = encTicketPart.flags;
            encTGSRepPart.authtime   = encTicketPart.authtime;
            encTGSRepPart.starttime  = encTicketPart.starttime;
            encTGSRepPart.endtime    = encTicketPart.endtime;
            encTGSRepPart.renew_till = encTicketPart.renew_till;
            encTGSRepPart.srealm     = ticket.realm;
            encTGSRepPart.sname      = ticket.sname;
            encTGSRepPart.caddr      = encTicketPart.caddr;
            response.EncPart         = encTGSRepPart;

            return(response);
        }
        /// <summary>
        /// Create AS response.
        /// </summary>
        /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param>
        /// <param name="accountType">The type of the logoned account. User or Computer</param>
        /// <param name="password">Password of the user who logon the system. This argument cannot be null.</param>
        /// <param name="SeqofPaData">The pre-authentication data in AS request.
        /// This argument can be generated by method ConstructPaData. This argument could be null.</param>
        /// <param name="encTicketFlags">Ticket Flags</param>
        /// <param name="ticketAuthorizationData">The authorization-data field is used to pass authorization data from
        /// the principal on whose behalf a ticket was issued to the application service. This parameter could be null.
        /// </param>
        /// <returns>The created AS response.</returns>
        /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
        /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context
        /// is found </exception>
        public KileAsResponse CreateAsResponse(
            KileConnection kileConnection,
            KerberosAccountType accountType,
            string password,
            _SeqOfPA_DATA SeqofPaData,
            EncTicketFlags encTicketFlags,
            AuthorizationData ticketAuthorizationData)
        {
            KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
            string            cName         = serverContext.UserName.name_string.elements[0].mValue;
            string            cRealm        = serverContext.UserRealm.mValue;

            serverContext.Salt             = GenerateSalt(cRealm, cName, accountType);
            serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC,
                                                               GetEncryptionKeyByType(EncryptionType.RC4_HMAC));

            if (password == null)
            {
                throw new ArgumentNullException("password");
            }
            else
            {
                serverContext.Password = password;
            }
            KileAsResponse response = new KileAsResponse(serverContext);

            // Construct a Ticket
            Ticket ticket = new Ticket();

            ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
            ticket.realm   = new Realm(domain);
            ticket.sname   = serverContext.SName;

            // Set EncTicketPart
            EncTicketPart  encTicketPart  = new EncTicketPart();
            EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue;

            encTicketPart.key                = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType));
            encTicketPart.flags              = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
            encTicketPart.crealm             = serverContext.UserRealm;
            encTicketPart.cname              = serverContext.UserName;
            encTicketPart.transited          = new TransitedEncoding(4, null);
            encTicketPart.authtime           = KileUtility.CurrentKerberosTime;
            encTicketPart.starttime          = KileUtility.CurrentKerberosTime;
            encTicketPart.endtime            = serverContext.endTime;
            encTicketPart.renew_till         = serverContext.rtime ?? encTicketPart.endtime;
            encTicketPart.caddr              = serverContext.Addresses;
            encTicketPart.authorization_data = ticketAuthorizationData;
            response.TicketEncPart           = encTicketPart;

            // Set AS_REP
            response.Response.pvno     = new Asn1Integer(ConstValue.KERBEROSV5);
            response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP);
            response.Response.padata   = SeqofPaData;
            response.Response.crealm   = serverContext.UserRealm;
            response.Response.cname    = serverContext.UserName;
            response.Response.ticket   = ticket;

            // Set EncASRepPart
            EncASRepPart encASRepPart = new EncASRepPart();

            encASRepPart.key = encTicketPart.key;
            LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime);

            encASRepPart.last_req   = new LastReq(new LastReq_element[] { element });
            encASRepPart.nonce      = serverContext.Nonce;
            encASRepPart.flags      = encTicketPart.flags;
            encASRepPart.authtime   = encTicketPart.authtime;
            encASRepPart.starttime  = encTicketPart.starttime;
            encASRepPart.endtime    = encTicketPart.endtime;
            encASRepPart.renew_till = encTicketPart.renew_till;
            encASRepPart.srealm     = ticket.realm;
            encASRepPart.sname      = ticket.sname;
            encASRepPart.caddr      = encTicketPart.caddr;
            response.EncPart        = encASRepPart;

            return(response);
        }