/// <summary>
/// Create context
/// </summary>
/// <param name="domain">Domain name</param>
/// <param name="cName">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="accountType">Accoundtype, user or device</param>
/// <param name="armorTicket">Computer TGT as armor ticket</param>
/// <param name="armorSessionKey">Computer TGS session key as armor session key</param>
public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt, KerberosTicket armorTicket, EncryptionKey armorSessionKey)
: this(domain, cName, password, accountType, salt)
{
this.ArmorTicket = armorTicket;
this.ArmorSessionKey = armorSessionKey;
this.SelectedEType = (EncryptionType)this.ArmorTicket.SessionKey.keytype.Value;
}
/// <summary>
/// Construct a Kerberos test client for FAST
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="password">The password of the user. This argument cannot be null.</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
public KerberosFunctionalClient(string domain, string cName, string password, KerberosAccountType accountType, KerberosTicket armorTicket, EncryptionKey armorSessionKey, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt omiPkt, ITestSite baseTestSite)
: base(domain, cName, password, accountType, armorTicket, armorSessionKey, kdcAddress, kdcPort, transportType, omiPkt)
{
testSite = baseTestSite;
if (accountType == KerberosAccountType.Device)
{
testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using computer account: {0}@{1}.",
cName, domain);
}
else
{
testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using user account: {0}@{1}.",
cName, domain);
}
EncryptionType[] encryptionTypes = new EncryptionType[]
{
EncryptionType.AES256_CTS_HMAC_SHA1_96,
EncryptionType.AES128_CTS_HMAC_SHA1_96,
EncryptionType.RC4_HMAC,
EncryptionType.RC4_HMAC_EXP,
EncryptionType.DES_CBC_CRC,
EncryptionType.DES_CBC_MD5
};
KerbInt32[] etypes = new KerbInt32[encryptionTypes.Length];
for (int i = 0; i < encryptionTypes.Length; i++)
{
etypes[i] = new KerbInt32((int)encryptionTypes[i]);
}
Asn1SequenceOf<KerbInt32> etype = new Asn1SequenceOf<KerbInt32>(etypes);
Context.SupportedEType = etype;
Context.Pvno = KerberosConstValue.KERBEROSV5;
}
/// <summary>
/// Create context
/// </summary>
/// <param name="domain">Domain name</param>
/// <param name="cName">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="accountType">Accoundtype, user or device</param>
public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt = null)
: this()
{
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (cName == null)
{
throw new ArgumentNullException("cName");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
this.Realm = new Realm(domain);
PrincipalName name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(cName));
if (null == salt)
{
if (accountType == KerberosAccountType.User)
salt = KerberosUtility.GenerateSalt(domain, cName, accountType);
else if (accountType == KerberosAccountType.Device)
salt = KerberosUtility.GenerateSalt(domain, cName, accountType);
else
{
throw new ArgumentOutOfRangeException("Account type not support");
}
}
this.CName = new Principal(accountType, this.Realm, name, password, salt);
}
/// <summary>
/// Create context
/// </summary>
/// <param name="domain">Domain name</param>
/// <param name="cName">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="accountType">Accoundtype, user or device</param>
/// <param name="armorTicket">Computer TGT as armor ticket</param>
/// <param name="armorSessionKey">Computer TGS session key as armor session key</param>
public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt, KerberosTicket armorTicket, EncryptionKey armorSessionKey)
: this(domain, cName, password, accountType, salt)
{
this.ArmorTicket = armorTicket;
this.ArmorSessionKey = armorSessionKey;
this.SelectedEType = (EncryptionType)this.ArmorTicket.SessionKey.keytype.Value;
}
/// <summary>
/// Generate client account's salt.
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <returns>Client account's salt</returns>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
/// <exception cref="System.NotSupportedException">Thrown when the account type is neither user nor computer.
/// </exception>
public static string GenerateSalt(string domain, string cName, KerberosAccountType accountType)
{
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (cName == null)
{
throw new ArgumentNullException("cName");
}
string salt;
if (accountType == KerberosAccountType.User)
{
salt = domain.ToUpper() + cName;
}
else if (accountType == KerberosAccountType.Device)
{
string computerName = cName;
if (cName.EndsWith("$"))
{
computerName = cName.Substring(0, cName.Length - 1);
}
salt = domain.ToUpper() + "host" + computerName.ToLower() + "." + domain.ToLower();
}
else
{
throw new NotSupportedException("Kile only support user or computer account.");
}
return(salt);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="type">Type of Principal</param>
/// <param name="name">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="salt">Salt of principal</param>
public Principal(KerberosAccountType type, string realm, string name, string password, string salt)
{
Type = type;
Realm = new Realm(realm);
Name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(name));
Password = password;
Salt = salt;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="type">Type of Principal</param>
/// <param name="name">Principal name</param>
/// <param name="password">Password of principal</param>
public Principal(KerberosAccountType type, Realm realm, PrincipalName name, string password, string salt)
{
Type = type;
Realm = realm;
Name = name;
Password = password;
Salt = salt;
}
/// <summary>
/// Create a KileClient instance.
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="password">The password of the user. This argument cannot be null.</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <param name="kdcAddress">The IP address of the KDC.</param>
/// <param name="kdcPort">The port of the KDC.</param>
/// <param name="transportType">Whether the transport is TCP or UDP transport.</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
public KerberosClient(string domain, string cName, string password, KerberosAccountType accountType, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null)
{
TransportBufferSize = KerberosConstValue.TRANSPORT_BUFFER_SIZE;
this.Context = new KerberosContext(domain, cName, password, accountType, salt);
this.kdcAddress = kdcAddress;
this.kdcPort = kdcPort;
this.transportType = transportType;
this.oidPkt = oidPkt;
this.Context.TransportType = transportType;
}
/// <summary>
/// Create a KileClient instance.
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="password">The password of the user. This argument cannot be null.</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <param name="kdcAddress">The IP address of the KDC.</param>
/// <param name="kdcPort">The port of the KDC.</param>
/// <param name="transportType">Whether the transport is TCP or UDP transport.</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
public KerberosClient(string domain, string cName, string password, KerberosAccountType accountType, KerberosTicket armorTicket, EncryptionKey armorSessionKey, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null)
{
TransportBufferSize = KerberosConstValue.TRANSPORT_BUFFER_SIZE;
this.Context = new KerberosContext(domain, cName, password, accountType, salt, armorTicket, armorSessionKey);
this.kdcAddress = kdcAddress;
this.kdcPort = kdcPort;
this.transportType = transportType;
this.oidPkt = oidPkt;
this.Context.TransportType = transportType;
}
/// <summary>
/// Generate a new NlmpClient Security Context
/// </summary>
/// <param name="domain" cref="KerberosClientCredential">Login user Credential</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <param name="kdcAddress">The IP address of the KDC.</param>
/// <param name="kdcPort">The port of the KDC.</param>
/// <param name="transportType">Whether the transport is TCP or UDP transport.</param>
/// <returns></returns>
public static ClientSecurityContext CreateClientSecurityContext(
string serverName,
AccountCredential credential,
KerberosAccountType accountType,
IPAddress kdcAddress,
int kdcPort,
TransportType transportType,
ClientSecurityContextAttribute contextAttribute,
KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken,
string salt = null
)
{
return(new KerberosClientSecurityContext(serverName, credential, accountType, kdcAddress, kdcPort, transportType, contextAttribute, oidPkt, salt));
}
/// <summary>
/// Create a KerberosClientSecurityContext instance.
/// </summary>
/// <param name="domain" cref="KerberosClientCredential">Login user Credential</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <param name="kdcAddress">The IP address of the KDC.</param>
/// <param name="kdcPort">The port of the KDC.</param>
/// <param name="transportType">Whether the transport is TCP or UDP transport.</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
public KerberosClientSecurityContext(
string serverName,
AccountCredential credential,
KerberosAccountType accountType,
IPAddress kdcAddress,
int kdcPort,
TransportType transportType,
ClientSecurityContextAttribute contextAttribute,
KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken,
string salt = null
)
{
this.credential = credential;
this.serverName = serverName;
this.contextAttribute = contextAttribute;
this.client = new KerberosClient(this.credential.DomainName, this.credential.AccountName, this.credential.Password, accountType, kdcAddress, kdcPort, transportType, oidPkt, salt);
this.UpdateDefaultSettings();
}
/// <summary>
/// Create context
/// </summary>
/// <param name="domain">Domain name</param>
/// <param name="cName">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="accountType">Accoundtype, user or device</param>
public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt = null)
: this()
{
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (cName == null)
{
throw new ArgumentNullException("cName");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
this.Realm = new Realm(domain);
PrincipalName name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(cName));
if (null == salt)
{
if (accountType == KerberosAccountType.User)
{
salt = KerberosUtility.GenerateSalt(domain, cName, accountType);
}
else if (accountType == KerberosAccountType.Device)
{
salt = KerberosUtility.GenerateSalt(domain, cName, accountType);
}
else
{
throw new ArgumentOutOfRangeException("Account type not support");
}
}
this.CName = new Principal(accountType, this.Realm, name, password, salt);
}
/// <summary>
/// Construct a Kerberos test client
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="password">The password of the user. This argument cannot be null.</param>
/// <param name="accountType">The type of the logged on account. User or Computer</param>
public KerberosTestClient(string domain, string cName, string password, KerberosAccountType accountType, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt, string salt = null)
: base(domain, cName, password, accountType, kdcAddress, kdcPort, transportType, oidPkt, salt)
{
testSite = TestClassBase.BaseTestSite;
if (accountType == KerberosAccountType.Device)
{
testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using computer account: {0}@{1}.",
cName, domain);
}
else
{
testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using user account: {0}@{1}.",
cName, domain);
}
EncryptionType[] encryptionTypes = new EncryptionType[]
{
EncryptionType.AES256_CTS_HMAC_SHA1_96,
EncryptionType.AES128_CTS_HMAC_SHA1_96,
EncryptionType.RC4_HMAC,
EncryptionType.RC4_HMAC_EXP,
EncryptionType.DES_CBC_CRC,
EncryptionType.DES_CBC_MD5
};
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32[] etypes =
new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32[encryptionTypes.Length];
for (int i = 0; i < encryptionTypes.Length; i++)
{
etypes[i] = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32((int)encryptionTypes[i]);
}
Asn1SequenceOf<KerbInt32> etype = new Asn1SequenceOf<KerbInt32>(etypes);
Context.SupportedEType = etype;
Context.Pvno = KerberosConstValue.KERBEROSV5;
}
/// <summary>
/// Generate a GCC AP token for the given account and SPN.
/// </summary>
/// <param name="kdcIpAddr">KDC IP address</param>
/// <param name="account">Account Name.</param>
/// <param name="pwd">Password of the account.</param>
/// <param name="domain">Domain name.</param>
/// <param name="spn">SPN</param>
/// <param name="aType">Account type</param>
/// <returns>Token</returns>
public static byte[] GenerateGssApToken(string kdcIpAddr, string account, string pwd, string domain, string spn, KerberosAccountType aType)
{
KerberosTestClient client = new KerberosTestClient(
domain,
account,
pwd,
KerberosAccountType.User,
kdcIpAddr,
88,
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.TransportType.TCP,
(KerberosConstValue.OidPkt)Enum.Parse(typeof(KerberosConstValue.OidPkt), "MSKerberosToken"));
//Create and send AS request
KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE | KdcOptions.OK_AS_DELEGATE;
client.SendAsRequest(options, null);
//Recieve preauthentication required error
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.METHOD_DATA methodData;
KerberosKrbError krbError = client.ExpectPreauthRequiredError(out methodData);
//Create sequence of PA data
string timeStamp = KerberosUtility.CurrentKerberosTime.Value;
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaEncTimeStamp paEncTimeStamp = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaEncTimeStamp(timeStamp, 0, client.Context.SelectedEType, client.Context.CName.Password, client.Context.CName.Salt);
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaPacRequest paPacRequest = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaPacRequest(true);
Microsoft.Protocols.TestTools.StackSdk.Asn1.Asn1SequenceOf <PA_DATA> seqOfPaData = new Microsoft.Protocols.TestTools.StackSdk.Asn1.Asn1SequenceOf <PA_DATA>(new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data });
//Create and send AS request
client.SendAsRequest(options, seqOfPaData);
KerberosAsResponse asResponse = client.ExpectAsResponse();
//Create and send TGS request
client.SendTgsRequest(spn, options);
KerberosTgsResponse refTgsResponse = client.ExpectTgsResponse();
// client.ChangeRealm(childDomain, childDcIp, 88, Microsoft.Protocols.TestTools.StackSdk.Security.Kerberos.TransportType.TCP);
// client.SendTgsRequest(spn, options);
// KerberosTgsResponse tgsResponse = client.ExpectTgsResponse();
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.AuthorizationData data = null;
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.EncryptionKey subkey = Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerberosUtility.GenerateKey(client.Context.SessionKey);
byte[] token = client.CreateGssApiToken(Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.ApOptions.None,
data,
subkey,
Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.ChecksumFlags.None,
KerberosConstValue.GSSToken.GSSAPI
);
return(token);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="type">Type of Principal</param>
/// <param name="name">Principal name</param>
/// <param name="password">Password of principal</param>
public Principal(KerberosAccountType type, Realm realm, PrincipalName name, string password, string salt)
{
Type = type;
Realm = realm;
Name = name;
Password = password;
Salt = salt;
}
/// <summary>
/// Create AS response.
/// </summary>
/// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param>
/// <param name="accountType">The type of the logoned account. User or Computer</param>
/// <param name="password">Password of the user who logon the system. This argument cannot be null.</param>
/// <param name="SeqofPaData">The pre-authentication data in AS request.
/// This argument can be generated by method ConstructPaData. This argument could be null.</param>
/// <param name="encTicketFlags">Ticket Flags</param>
/// <param name="ticketAuthorizationData">The authorization-data field is used to pass authorization data from
/// the principal on whose behalf a ticket was issued to the application service. This parameter could be null.
/// </param>
/// <returns>The created AS response.</returns>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
/// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context
/// is found </exception>
public KileAsResponse CreateAsResponse(
KileConnection kileConnection,
KerberosAccountType accountType,
string password,
_SeqOfPA_DATA SeqofPaData,
EncTicketFlags encTicketFlags,
AuthorizationData ticketAuthorizationData)
{
KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
string cName = serverContext.UserName.name_string.elements[0].mValue;
string cRealm = serverContext.UserRealm.mValue;
serverContext.Salt = GenerateSalt(cRealm, cName, accountType);
serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC,
GetEncryptionKeyByType(EncryptionType.RC4_HMAC));
if (password == null)
{
throw new ArgumentNullException("password");
}
else
{
serverContext.Password = password;
}
KileAsResponse response = new KileAsResponse(serverContext);
// Construct a Ticket
Ticket ticket = new Ticket();
ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
ticket.realm = new Realm(domain);
ticket.sname = serverContext.SName;
// Set EncTicketPart
EncTicketPart encTicketPart = new EncTicketPart();
EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue;
encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType));
encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
encTicketPart.crealm = serverContext.UserRealm;
encTicketPart.cname = serverContext.UserName;
encTicketPart.transited = new TransitedEncoding(4, null);
encTicketPart.authtime = KileUtility.CurrentKerberosTime;
encTicketPart.starttime = KileUtility.CurrentKerberosTime;
encTicketPart.endtime = serverContext.endTime;
encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime;
encTicketPart.caddr = serverContext.Addresses;
encTicketPart.authorization_data = ticketAuthorizationData;
response.TicketEncPart = encTicketPart;
// Set AS_REP
response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP);
response.Response.padata = SeqofPaData;
response.Response.crealm = serverContext.UserRealm;
response.Response.cname = serverContext.UserName;
response.Response.ticket = ticket;
// Set EncASRepPart
EncASRepPart encASRepPart = new EncASRepPart();
encASRepPart.key = encTicketPart.key;
LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime);
encASRepPart.last_req = new LastReq(new LastReq_element[] { element });
encASRepPart.nonce = serverContext.Nonce;
encASRepPart.flags = encTicketPart.flags;
encASRepPart.authtime = encTicketPart.authtime;
encASRepPart.starttime = encTicketPart.starttime;
encASRepPart.endtime = encTicketPart.endtime;
encASRepPart.renew_till = encTicketPart.renew_till;
encASRepPart.srealm = ticket.realm;
encASRepPart.sname = ticket.sname;
encASRepPart.caddr = encTicketPart.caddr;
response.EncPart = encASRepPart;
return(response);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="type">Type of Principal</param>
/// <param name="name">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="salt">Salt of principal</param>
public Principal(KerberosAccountType type, string realm, string name, string password, string salt)
{
Type = type;
Realm = new Realm(realm);
Name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(name));
Password = password;
Salt = salt;
}
public KileAsResponse CreateAsResponse(
KileConnection kileConnection,
KerberosAccountType accountType,
string password,
_SeqOfPA_DATA SeqofPaData,
EncTicketFlags encTicketFlags,
AuthorizationData ticketAuthorizationData)
{
KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
string cName = serverContext.UserName.name_string.elements[0].mValue;
string cRealm = serverContext.UserRealm.mValue;
serverContext.Salt = GenerateSalt(cRealm, cName, accountType);
serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC,
GetEncryptionKeyByType(EncryptionType.RC4_HMAC));
if (password == null)
{
throw new ArgumentNullException("password");
}
else
{
serverContext.Password = password;
}
KileAsResponse response = new KileAsResponse(serverContext);
// Construct a Ticket
Ticket ticket = new Ticket();
ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
ticket.realm = new Realm(domain);
ticket.sname = serverContext.SName;
// Set EncTicketPart
EncTicketPart encTicketPart = new EncTicketPart();
EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue;
encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType));
encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
encTicketPart.crealm = serverContext.UserRealm;
encTicketPart.cname = serverContext.UserName;
encTicketPart.transited = new TransitedEncoding(4, null);
encTicketPart.authtime = KileUtility.CurrentKerberosTime;
encTicketPart.starttime = KileUtility.CurrentKerberosTime;
encTicketPart.endtime = serverContext.endTime;
encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime;
encTicketPart.caddr = serverContext.Addresses;
encTicketPart.authorization_data = ticketAuthorizationData;
response.TicketEncPart = encTicketPart;
// Set AS_REP
response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP);
response.Response.padata = SeqofPaData;
response.Response.crealm = serverContext.UserRealm;
response.Response.cname = serverContext.UserName;
response.Response.ticket = ticket;
// Set EncASRepPart
EncASRepPart encASRepPart = new EncASRepPart();
encASRepPart.key = encTicketPart.key;
LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime);
encASRepPart.last_req = new LastReq(new LastReq_element[] { element });
encASRepPart.nonce = serverContext.Nonce;
encASRepPart.flags = encTicketPart.flags;
encASRepPart.authtime = encTicketPart.authtime;
encASRepPart.starttime = encTicketPart.starttime;
encASRepPart.endtime = encTicketPart.endtime;
encASRepPart.renew_till = encTicketPart.renew_till;
encASRepPart.srealm = ticket.realm;
encASRepPart.sname = ticket.sname;
encASRepPart.caddr = encTicketPart.caddr;
response.EncPart = encASRepPart;
return response;
}
/// <summary>
/// Create a KileClient instance.
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="password">The password of the user. This argument cannot be null.</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <param name="kdcAddress">The IP address of the KDC.</param>
/// <param name="kdcPort">The port of the KDC.</param>
/// <param name="transportType">Whether the transport is TCP or UDP transport.</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
public KerberosClient(string domain, string cName, string password, KerberosAccountType accountType, KerberosTicket armorTicket, EncryptionKey armorSessionKey, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null)
: this(domain, cName, password, accountType, armorTicket, armorSessionKey, IPAddress.Parse(kdcAddress), kdcPort, transportType, oidPkt, salt)
{
}
