Example #1
0
        /// <summary>
        /// Recieve a Kpassword response
        /// </summary>
        /// <returns></returns>
        public KpasswordResponse ExpectKpasswordResponse()
        {
            KerberosPdu responsePdu = this.ExpectPdu(KerberosConstValue.TIMEOUT_DEFAULT, typeof(KerberosAsResponse));

            this.testSite.Assert.IsNotNull(responsePdu, "Response Pdu should not be null.");
            if (responsePdu is KerberosKrbError)
            {
                KerberosKrbError error = responsePdu as KerberosKrbError;
                this.testSite.Log.Add(LogEntryKind.Comment, "ERROR CODE: {0}", error.ErrorCode.ToString());
            }
            this.testSite.Assert.IsInstanceOfType(responsePdu, typeof(KpasswordResponse), "Response type mismatches");

            KpasswordResponse response = responsePdu as KpasswordResponse;

            this.testSite.Log.Add(LogEntryKind.Comment, "Recieve Kpassword response.");

            //User the subkey to decrypt the KRB-PRIV
            response.DecryptKrbPriv(Context.Subkey);
            return(response);
        }
Example #2
0
        public void ChangePasswordSuccess()
        {
            base.Logging();

            if (!this.testConfig.UseProxy)
            {
                BaseTestSite.Assert.Inconclusive("This case is only applicable when Kerberos Proxy Service is in use.");
            }

            //Create kerberos test client and connect
            client = new KerberosTestClient(this.testConfig.LocalRealm.RealmName,
                                            this.testConfig.LocalRealm.User[22].Username,
                                            this.testConfig.LocalRealm.User[22].Password,
                                            KerberosAccountType.User,
                                            testConfig.LocalRealm.KDC[0].IPAddress,
                                            testConfig.LocalRealm.KDC[0].Port,
                                            testConfig.TransportType,
                                            testConfig.SupportedOid);

            // Kerberos Proxy Service is used
            if (this.testConfig.UseProxy)
            {
                BaseTestSite.Log.Add(LogEntryKind.Comment, "Initialize KKDCP Client .");
                KKDCPClient proxyClient = new KKDCPClient(proxyClientConfig);
                proxyClient.TargetDomain = this.testConfig.LocalRealm.RealmName;
                client.UseProxy          = true;
                client.ProxyClient       = proxyClient;
            }

            KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE;

            BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends AS_REQ without Pre-Authentication data");
            client.SendAsRequestForPwdChange(options, null);
            //Recieve preauthentication required error
            METHOD_DATA methodData;

            BaseTestSite.Log.Add(LogEntryKind.TestStep, "KDC returns KRB_ERROR: KDC_ERR_PREAUTH_REQUIRED");
            KerberosKrbError krbError = client.ExpectPreauthRequiredError(out methodData);

            //Create sequence of PA data
            BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends AS_REQ with PA-ENC-TIMESTAMP and PA-PAC-REQUEST");
            string         timeStamp      = KerberosUtility.CurrentKerberosTime.Value;
            PaEncTimeStamp paEncTimeStamp = new PaEncTimeStamp(timeStamp,
                                                               0,
                                                               this.client.Context.SelectedEType,
                                                               this.client.Context.CName.Password,
                                                               this.client.Context.CName.Salt);

            PaPacRequest             paPacRequest = new PaPacRequest(true);
            Asn1SequenceOf <PA_DATA> seqOfPaData  = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data });

            //Create and send AS request
            client.SendAsRequestForPwdChange(options, seqOfPaData);
            BaseTestSite.Log.Add(LogEntryKind.TestStep, "KDC returns AS_REP");
            KerberosAsResponse asResponse = client.ExpectAsResponse();

            BaseTestSite.Assert.IsNotNull(asResponse.Response.ticket, "AS response should contain a TGT.");

            //Create kpassword test client and connect
            KpasswdTestClient kpassClient = new KpasswdTestClient(
                testConfig.LocalRealm.KDC[0].IPAddress,
                KerberosConstValue.KPASSWORD_PORT,
                testConfig.TransportType,
                client.Context.Ticket);

            // Kerberos Proxy Service is used
            if (this.testConfig.UseProxy)
            {
                BaseTestSite.Log.Add(LogEntryKind.Comment, "Initialize KKDCP Client .");
                KKDCPClient proxyClient = new KKDCPClient(proxyClientConfig);
                proxyClient.TargetDomain = this.testConfig.LocalRealm.RealmName;
                kpassClient.UseProxy     = true;
                kpassClient.ProxyClient  = proxyClient;
            }

            //Create and send Kpassword request
            string newPwd = this.testConfig.LocalRealm.User[22].Password;

            BaseTestSite.Log.Add(LogEntryKind.TestStep, "Client sends KpasswordRequest");
            kpassClient.SendKpasswordRequest(newPwd);
            BaseTestSite.Log.Add(LogEntryKind.TestStep, "KDC returns KpasswordResponse");
            KpasswordResponse kpassResponse = kpassClient.ExpectKpasswordResponse();

            //Verify the result code
            BaseTestSite.Assert.AreEqual(KpasswdError.KRB5_KPASSWD_SUCCESS, (KpasswdError)kpassClient.GetResultCode(kpassResponse), "The result code should be KRB5_KPASSWD_SUCCESS.");
        }
Example #3
0
 public ushort GetResultCode(KpasswordResponse response)
 {
     byte[] resultCodeBytes = ArrayUtility.SubArray <byte>(response.priv_enc_part.user_data.ByteArrayValue, 0, sizeof(ushort));
     Array.Reverse(resultCodeBytes);
     return(BitConverter.ToUInt16(resultCodeBytes, 0));
 }