/// <summary> /// Recieve a Kpassword response /// </summary> /// <returns></returns> public KpasswordResponse ExpectKpasswordResponse() { KerberosPdu responsePdu = this.ExpectPdu(KerberosConstValue.TIMEOUT_DEFAULT, typeof(KerberosAsResponse)); this.testSite.Assert.IsNotNull(responsePdu, "Response Pdu should not be null."); if (responsePdu is KerberosKrbError) { KerberosKrbError error = responsePdu as KerberosKrbError; this.testSite.Log.Add(LogEntryKind.Comment, "ERROR CODE: {0}", error.ErrorCode.ToString()); } this.testSite.Assert.IsInstanceOfType(responsePdu, typeof(KpasswordResponse), "Response type mismatches"); KpasswordResponse response = responsePdu as KpasswordResponse; this.testSite.Log.Add(LogEntryKind.Comment, "Recieve Kpassword response."); //User the subkey to decrypt the KRB-PRIV response.DecryptKrbPriv(Context.Subkey); return(response); }
public void ChangePasswordSuccess() { base.Logging(); if (!this.testConfig.UseProxy) { BaseTestSite.Assert.Inconclusive("This case is only applicable when Kerberos Proxy Service is in use."); } //Create kerberos test client and connect client = new KerberosTestClient(this.testConfig.LocalRealm.RealmName, this.testConfig.LocalRealm.User[22].Username, this.testConfig.LocalRealm.User[22].Password, KerberosAccountType.User, testConfig.LocalRealm.KDC[0].IPAddress, testConfig.LocalRealm.KDC[0].Port, testConfig.TransportType, testConfig.SupportedOid); // Kerberos Proxy Service is used if (this.testConfig.UseProxy) { BaseTestSite.Log.Add(LogEntryKind.Comment, "Initialize KKDCP Client ."); KKDCPClient proxyClient = new KKDCPClient(proxyClientConfig); proxyClient.TargetDomain = this.testConfig.LocalRealm.RealmName; client.UseProxy = true; client.ProxyClient = proxyClient; } KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends AS_REQ without Pre-Authentication data"); client.SendAsRequestForPwdChange(options, null); //Recieve preauthentication required error METHOD_DATA methodData; BaseTestSite.Log.Add(LogEntryKind.TestStep, "KDC returns KRB_ERROR: KDC_ERR_PREAUTH_REQUIRED"); KerberosKrbError krbError = client.ExpectPreauthRequiredError(out methodData); //Create sequence of PA data BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends AS_REQ with PA-ENC-TIMESTAMP and PA-PAC-REQUEST"); string timeStamp = KerberosUtility.CurrentKerberosTime.Value; PaEncTimeStamp paEncTimeStamp = new PaEncTimeStamp(timeStamp, 0, this.client.Context.SelectedEType, this.client.Context.CName.Password, this.client.Context.CName.Salt); PaPacRequest paPacRequest = new PaPacRequest(true); Asn1SequenceOf <PA_DATA> seqOfPaData = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data }); //Create and send AS request client.SendAsRequestForPwdChange(options, seqOfPaData); BaseTestSite.Log.Add(LogEntryKind.TestStep, "KDC returns AS_REP"); KerberosAsResponse asResponse = client.ExpectAsResponse(); BaseTestSite.Assert.IsNotNull(asResponse.Response.ticket, "AS response should contain a TGT."); //Create kpassword test client and connect KpasswdTestClient kpassClient = new KpasswdTestClient( testConfig.LocalRealm.KDC[0].IPAddress, KerberosConstValue.KPASSWORD_PORT, testConfig.TransportType, client.Context.Ticket); // Kerberos Proxy Service is used if (this.testConfig.UseProxy) { BaseTestSite.Log.Add(LogEntryKind.Comment, "Initialize KKDCP Client ."); KKDCPClient proxyClient = new KKDCPClient(proxyClientConfig); proxyClient.TargetDomain = this.testConfig.LocalRealm.RealmName; kpassClient.UseProxy = true; kpassClient.ProxyClient = proxyClient; } //Create and send Kpassword request string newPwd = this.testConfig.LocalRealm.User[22].Password; BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends KpasswordRequest"); kpassClient.SendKpasswordRequest(newPwd); BaseTestSite.Log.Add(LogEntryKind.TestStep, "KDC returns KpasswordResponse"); KpasswordResponse kpassResponse = kpassClient.ExpectKpasswordResponse(); //Verify the result code BaseTestSite.Assert.AreEqual(KpasswdError.KRB5_KPASSWD_SUCCESS, (KpasswdError)kpassClient.GetResultCode(kpassResponse), "The result code should be KRB5_KPASSWD_SUCCESS."); }
public ushort GetResultCode(KpasswordResponse response) { byte[] resultCodeBytes = ArrayUtility.SubArray <byte>(response.priv_enc_part.user_data.ByteArrayValue, 0, sizeof(ushort)); Array.Reverse(resultCodeBytes); return(BitConverter.ToUInt16(resultCodeBytes, 0)); }