private KerberosAsRequest SendAsRequest(KdcOptions kdcOptions, Asn1SequenceOf <PA_DATA> seqPaData) { string sName = KerberosConstValue.KERBEROS_SNAME; string domain = this.Context.Realm.Value; PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain)); KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname); KerberosAsRequest asRequest = this.CreateAsRequest(kdcReqBody, seqPaData); this.client.SendPdu(asRequest); return(asRequest); }
private void SendTgsRequest(string sName, KdcOptions kdcOptions, Asn1SequenceOf <PA_DATA> seqPadata = null, AuthorizationData dataInAuthentiator = null, AuthorizationData dataInEncAuthData = null, MsgType msgType = MsgType.KRB_TGS_REQ) { if (string.IsNullOrEmpty(sName)) { throw new ArgumentNullException("sName"); } PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName.Split('/'))); KDC_REQ_BODY kdcReqBody = this.CreateKdcRequestBody(kdcOptions, sname, dataInEncAuthData); // almost same as AS request Asn1BerEncodingBuffer bodyBuffer = new Asn1BerEncodingBuffer(); kdcReqBody.BerEncode(bodyBuffer); ChecksumType checksumType = KerberosUtility.GetChecksumType(this.Context.SelectedEType); PA_DATA paTgsReq = CreatePaTgsReqest(checksumType, bodyBuffer.Data, dataInAuthentiator); // use AS session key encrypt authenticator. Asn1SequenceOf <PA_DATA> tempPaData = null; if (seqPadata == null || seqPadata.Elements == null || seqPadata.Elements.Length == 0) { tempPaData = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paTgsReq }); } else { PA_DATA[] paDatas = new PA_DATA[seqPadata.Elements.Length + 1]; Array.Copy(seqPadata.Elements, paDatas, seqPadata.Elements.Length); paDatas[seqPadata.Elements.Length] = paTgsReq; tempPaData = new Asn1SequenceOf <PA_DATA>(paDatas); } KerberosTgsRequest tgsRequest = new KerberosTgsRequest(KerberosConstValue.KERBEROSV5, kdcReqBody, tempPaData, Context.TransportType); tgsRequest.Request.msg_type.Value = (long)msgType; this.client.SendPdu(tgsRequest); }
/// <summary> /// Create context /// </summary> /// <param name="domain">Domain name</param> /// <param name="cName">Principal name</param> /// <param name="password">Password of principal</param> /// <param name="accountType">Accoundtype, user or device</param> public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt = null) : this() { if (domain == null) { throw new ArgumentNullException("domain"); } if (cName == null) { throw new ArgumentNullException("cName"); } if (password == null) { throw new ArgumentNullException("password"); } this.Realm = new Realm(domain); PrincipalName name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(cName)); if (null == salt) { if (accountType == KerberosAccountType.User) { salt = KerberosUtility.GenerateSalt(domain, cName, accountType); } else if (accountType == KerberosAccountType.Device) { salt = KerberosUtility.GenerateSalt(domain, cName, accountType); } else { throw new ArgumentOutOfRangeException("Account type not support"); } } this.CName = new Principal(accountType, this.Realm, name, password, salt); }
/// <summary> /// Constructor /// </summary> /// <param name="type">Type of Principal</param> /// <param name="name">Principal name</param> /// <param name="password">Password of principal</param> /// <param name="salt">Salt of principal</param> public Principal(KerberosAccountType type, string realm, string name, string password, string salt) { Type = type; Realm = new Realm(realm); Name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(name)); Password = password; Salt = salt; }