/// <summary>
/// Create a KileClient instance.
/// </summary>
/// <param name="domain">The realm part of the client's principal identifier.
/// This argument cannot be null.</param>
/// <param name="cName">The account to logon the remote machine. Either user account or computer account
/// This argument cannot be null.</param>
/// <param name="password">The password of the user. This argument cannot be null.</param>
/// <param name="accountType">The type of the logon account. User or Computer</param>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
public KileClient(string domain, string cName, string password, KileAccountType accountType)
{
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (cName == null)
{
throw new ArgumentNullException("cName");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
context = new KileClientContext();
decoder = new KileDecoder(context);
transportBufferSize = ConstValue.TRANSPORT_BUFFER_SIZE;
this.domain = domain;
this.userName = cName;
this.password = password;
context.Password = password;
context.Salt = GenerateSalt(domain, cName, accountType);
}
/// <summary>
/// Create a KileDecrypter instance.
/// User should call following methods in sequence to initialize: AsExchange, TgsExchange and ApExchange.
/// After exchanges are done, call DecryptRequest or DecryptResponse from first encrypted message to last.
/// Do not skip any request or response.
/// </summary>
/// <param name="domain">
/// The realm part of the client's principal identifier.
/// This argument cannot be null.
/// </param>
/// <param name="cName">
/// The account to logon the remote machine. Either user account or computer account.
/// This argument cannot be null.
/// </param>
/// <param name="password">
/// The password of the user.
/// This argument cannot be null.
/// </param>
/// <param name="accountType">
/// The type of the logon account. User or Computer.
/// </param>
/// <param name="connectionType">
/// The connection type, TCP or UDP.
/// </param>
/// <exception cref="System.ArgumentNullException">
/// Thrown when any parameter is null.
/// </exception>
public KileDecrypter(
string domain,
string cName,
string password,
KileAccountType accountType,
KileConnectionType connectionType)
{
if (domain == null)
{
throw new ArgumentNullException(nameof(domain));
}
if (cName == null)
{
throw new ArgumentNullException(nameof(cName));
}
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
kileDecoder = new KileDecoder();
kileDecoder.connectionType = connectionType;
string salt = KileRole.GenerateSalt(domain, cName, accountType);
kileDecoder.clientContext = new KileClientContext();
kileDecoder.clientContext.Password = password;
kileDecoder.clientContext.TransportType = connectionType;
kileDecoder.clientContext.Salt = salt;
kileDecoder.serverContext = new KileServerContext();
kileDecoder.serverContext.TransportType = connectionType;
kileDecoder.serverContext.Salt = salt;
kileDecoder.serverContextList = new Dictionary <KileConnection, KileServerContext>(new KileServerContextComparer());
kileDecoder.serverContextList.Add(new KileConnection(FAKE_ENDPOINT), kileDecoder.serverContext);
}
public KileAsResponse CreateAsResponse(
KileConnection kileConnection,
KileAccountType accountType,
string password,
Asn1SequenceOf <PA_DATA> SeqofPaData,
EncTicketFlags encTicketFlags,
AuthorizationData ticketAuthorizationData)
{
KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
string cName = serverContext.UserName.name_string.Elements[0].Value;
string cRealm = serverContext.UserRealm.Value;
serverContext.Salt = GenerateSalt(cRealm, cName, accountType);
serverContext.TicketEncryptKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC),
new Asn1OctetString(GetEncryptionKeyByType(EncryptionType.RC4_HMAC)));
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
else
{
serverContext.Password = password;
}
KileAsResponse response = new KileAsResponse(serverContext);
// Construct a Ticket
var ticket = new Ticket();
ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
ticket.realm = new Realm(domain);
ticket.sname = serverContext.SName;
// Set EncTicketPart
var encTicketPart = new EncTicketPart();
EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.Elements[0].Value;
encTicketPart.key = new EncryptionKey(new KerbInt32((int)encryptionType), new Asn1OctetString(GetEncryptionKeyByType(encryptionType)));
encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
encTicketPart.crealm = serverContext.UserRealm;
encTicketPart.cname = serverContext.UserName;
encTicketPart.transited = new TransitedEncoding(new KerbInt32(4), null);
encTicketPart.authtime = KileUtility.CurrentKerberosTime;
encTicketPart.starttime = KileUtility.CurrentKerberosTime;
encTicketPart.endtime = serverContext.endTime;
encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime;
encTicketPart.caddr = serverContext.Addresses;
encTicketPart.authorization_data = ticketAuthorizationData;
response.TicketEncPart = encTicketPart;
// Set AS_REP
response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP);
response.Response.padata = SeqofPaData;
response.Response.crealm = serverContext.UserRealm;
response.Response.cname = serverContext.UserName;
response.Response.ticket = ticket;
// Set EncASRepPart
var encASRepPart = new EncASRepPart();
encASRepPart.key = encTicketPart.key;
var element = new LastReqElement(new KerbInt32(0), KileUtility.CurrentKerberosTime);
encASRepPart.last_req = new LastReq(new LastReqElement[] { element });
encASRepPart.nonce = serverContext.Nonce;
encASRepPart.flags = encTicketPart.flags;
encASRepPart.authtime = encTicketPart.authtime;
encASRepPart.starttime = encTicketPart.starttime;
encASRepPart.endtime = encTicketPart.endtime;
encASRepPart.renew_till = encTicketPart.renew_till;
encASRepPart.srealm = ticket.realm;
encASRepPart.sname = ticket.sname;
encASRepPart.caddr = encTicketPart.caddr;
response.EncPart = encASRepPart;
return(response);
}
