public KrbFastReq(
FastOptions param0,
Asn1SequenceOf <PA_DATA> param1,
KDC_REQ_BODY param2)
{
this.fast_options = param0;
this.padata = param1;
this.req_body = param2;
}
public KrbFastReq(
FastOptions param0,
Asn1SequenceOf<PA_DATA> param1,
KDC_REQ_BODY param2)
{
this.fast_options = param0;
this.padata = param1;
this.req_body = param2;
}
/// <summary>
/// Create and send FAST TGS request
/// </summary>
/// <param name="sName">Service principal name</param>
/// <param name="kdcOptions">KDC options</param>
/// <param name="innerSeqPaData">A sequence of preauthentication data in FAST request</param>
/// <param name="outerSeqPaData">A sequence of preauthentication data</param>
/// <param name="subKey">Sub-session key for authenticator in FAST armor field</param>
/// <param name="fastOptions">FAST options</param>
/// <param name="apOptions">AP options in FAST armor field</param>
/// <param name="data">Authorization data</param>
public void SendTgsRequestWithFast(
string sName,
KdcOptions kdcOptions,
Asn1SequenceOf<PA_DATA> innerSeqPaData,
Asn1SequenceOf<PA_DATA> outerSeqPaData,
EncryptionKey subKey,
FastOptions fastOptions,
ApOptions apOptions,
AuthorizationData data = null)
{
Context.Subkey = subKey;
Context.ReplyKey = subKey;
string domain = this.Context.Realm.Value;
PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST),
KerberosUtility.String2SeqKerbString(sName.Split('/')));
KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname, data);
Asn1BerEncodingBuffer bodyBuffer = new Asn1BerEncodingBuffer();
kdcReqBody.BerEncode(bodyBuffer);
APOptions option = new APOptions(KerberosUtility.ConvertInt2Flags((int)ApOptions.None));
ChecksumType checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
KerberosApRequest apRequest = CreateApRequest(
option,
Context.Ticket,
subKey,
data,
KeyUsageNumber.TG_REQ_PA_TGS_REQ_padataOR_AP_REQ_Authenticator,
checksumType,
bodyBuffer.Data);
PaTgsReq paTgsReq = new PaTgsReq(apRequest.Request);
Asn1SequenceOf<PA_DATA> tempPaData = null;
if (outerSeqPaData == null || outerSeqPaData.Elements == null || outerSeqPaData.Elements.Length == 0)
{
tempPaData = new Asn1SequenceOf<PA_DATA>(new PA_DATA[] { paTgsReq.Data });
}
else
{
tempPaData.Elements = new PA_DATA[outerSeqPaData.Elements.Length + 1];
Array.Copy(outerSeqPaData.Elements, tempPaData.Elements, outerSeqPaData.Elements.Length);
tempPaData.Elements[outerSeqPaData.Elements.Length] = paTgsReq.Data;
}
var armorKey = GetArmorKey(Context.SessionKey, subKey);
var pafxfast = CreateTgsPaFxFast(armorKey, Context.Ticket, fastOptions, apOptions, tempPaData, sName, paTgsReq.Data.padata_value.ByteArrayValue);
Context.FastArmorkey = armorKey;
PA_DATA[] elements;
if (outerSeqPaData != null && outerSeqPaData.Elements.Length > 0)
{
elements = new PA_DATA[outerSeqPaData.Elements.Length + 1];
Array.Copy(outerSeqPaData.Elements, elements, outerSeqPaData.Elements.Length);
elements[outerSeqPaData.Elements.Length] = pafxfast.Data;
elements[outerSeqPaData.Elements.Length + 1] = paTgsReq.Data;
}
else
{
elements = new PA_DATA[] { pafxfast.Data, paTgsReq.Data };
}
Asn1SequenceOf<PA_DATA> seqPaData = new Asn1SequenceOf<PA_DATA>();
KerberosTgsRequest tgsRequest = new KerberosTgsRequest(KerberosConstValue.KERBEROSV5, kdcReqBody, new Asn1SequenceOf<PA_DATA>(elements), Context.TransportType);
this.SendPdu(tgsRequest);
this.testSite.Log.Add(LogEntryKind.Debug, "Send FAST TGS request.");
}
/// <summary>
/// Create and send FAST AS request with an unknown armor type
/// </summary>
/// <param name="kdcOptions">KDC options</param>
/// <param name="innerSeqPaData">A sequence of preauthentication data in FAST request</param>
/// <param name="outerSeqPaData">A sequence of preauthentication data</param>
/// <param name="subKey">Sub-session key for authenticator in FAST armor field</param>
/// <param name="fastOptions">FAST options</param>
/// <param name="apOptions">AP options in FAST armor field</param>
/// <param name="armorType">armorType</param>
public void SendAsRequestWithFast(
KdcOptions kdcOptions,
Asn1SequenceOf<PA_DATA> innerSeqPaData,
Asn1SequenceOf<PA_DATA> outerSeqPaData,
EncryptionKey subKey,
FastOptions fastOptions,
ApOptions apOptions,
KrbFastArmorType armorType
)
{
Context.Subkey = subKey;
string sName = KerberosConstValue.KERBEROS_SNAME;
string domain = this.Context.Realm.Value;
PrincipalName sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname);
var pafxfast = CreateAsPaFxFast(subKey, fastOptions, apOptions, innerSeqPaData, sName, kdcReqBody, armorType);
PA_DATA[] elements;
if (outerSeqPaData != null && outerSeqPaData.Elements.Length > 0)
{
elements = new PA_DATA[outerSeqPaData.Elements.Length + 1];
Array.Copy(outerSeqPaData.Elements, elements, outerSeqPaData.Elements.Length);
elements[outerSeqPaData.Elements.Length] = pafxfast.Data;
}
else
{
elements = new PA_DATA[] { pafxfast.Data };
}
Asn1SequenceOf<PA_DATA> seqPaData = new Asn1SequenceOf<PA_DATA>();
KerberosAsRequest asRequest = this.CreateAsRequest(kdcReqBody, new Asn1SequenceOf<PA_DATA>(elements));
this.SendPdu(asRequest);
this.testSite.Log.Add(LogEntryKind.Debug, "Send AS Request with FAST PA-DATA.");
}
public PaFxFastReq CreateTgsPaFxFast(
EncryptionKey armorKey,
KerberosTicket armorTicket,
FastOptions fastOptions,
ApOptions apOptions,
Asn1SequenceOf<PA_DATA> seqPaData,
string sName,
byte[] apReq,
IFastArmor armor = null
)
{
string domain = this.Context.Realm.Value;
PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST),
KerberosUtility.String2SeqKerbString(sName.Split('/')));
KDC_REQ_BODY innerKdcReqBody = CreateKdcRequestBody(KdcOptions.CANONICALIZE | KdcOptions.FORWARDABLE | KdcOptions.RENEWABLE, sname);
//Generate checksum
var checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
var chksum = KerberosUtility.GetChecksum(
armorKey.keyvalue.ByteArrayValue,
apReq,
(int)KeyUsageNumber.FAST_REQ_CHECKSUM,
checksumType);
Checksum checkSum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(chksum));
KerberosFastRequest fastReq = new KerberosFastRequest(fastOptions, seqPaData, innerKdcReqBody);
KerberosArmoredRequest armoredReq
= new KerberosArmoredRequest(armor, checkSum, (long)Context.SelectedEType, armorKey.keyvalue.ByteArrayValue, fastReq);
PA_FX_FAST_REQUEST paFxFastReq = new PA_FX_FAST_REQUEST();
paFxFastReq.SetData(PA_FX_FAST_REQUEST.armored_data, armoredReq.FastArmoredReq);
PaFxFastReq paFxfast = new PaFxFastReq(paFxFastReq);
return paFxfast;
}
public PaFxFastReq CreateAsPaFxFast(
EncryptionKey subKey,
FastOptions fastOptions,
ApOptions apOptions,
Asn1SequenceOf<PA_DATA> seqPaData,
string sName,
KDC_REQ_BODY kdcReqBody,
KrbFastArmorType armorType
)
{
string domain = this.Context.Realm.Value;
PrincipalName sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
var armorKey = KerberosUtility.MakeArmorKey(
Context.SelectedEType,
subKey.keyvalue.ByteArrayValue,
Context.ArmorSessionKey.keyvalue.ByteArrayValue);
Context.FastArmorkey = new EncryptionKey(new KerbInt32((long)Context.SelectedEType), new Asn1OctetString(armorKey));
Asn1BerEncodingBuffer encodebuf = new Asn1BerEncodingBuffer();
kdcReqBody.BerEncode(encodebuf);
var checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
var chksum = KerberosUtility.GetChecksum(
armorKey,
encodebuf.Data,
(int)KeyUsageNumber.FAST_REQ_CHECKSUM,
checksumType);
Checksum checkSum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(chksum));
Authenticator plaintextAuthenticator = CreateAuthenticator(Context.ArmorTicket, null, subKey);
KerberosApRequest apReq = new KerberosApRequest(Context.Pvno,
new APOptions(KerberosUtility.ConvertInt2Flags((int)apOptions)),
Context.ArmorTicket,
plaintextAuthenticator,
KeyUsageNumber.AP_REQ_Authenticator);
KDC_REQ_BODY innerKdcReqBody = CreateKdcRequestBody(KdcOptions.CANONICALIZE | KdcOptions.FORWARDABLE | KdcOptions.RENEWABLE, sname);
KerberosFastRequest fastReq = new KerberosFastRequest(fastOptions, seqPaData, innerKdcReqBody);
FastArmorApRequest fastArmor = new FastArmorApRequest(apReq.Request);
fastArmor.armorType = armorType;
KerberosArmoredRequest armoredReq
= new KerberosArmoredRequest(fastArmor, checkSum, (long)Context.SelectedEType, armorKey, fastReq);
PA_FX_FAST_REQUEST paFxFastReq = new PA_FX_FAST_REQUEST();
paFxFastReq.SetData(PA_FX_FAST_REQUEST.armored_data, armoredReq.FastArmoredReq);
PaFxFastReq paFxfast = new PaFxFastReq(paFxFastReq);
return paFxfast;
}
public KerberosFastRequest(FastOptions options, Asn1SequenceOf<PA_DATA> seqPaData, KDC_REQ_BODY kdcReqBody)
{
this.FastReq = new KrbFastReq(options, seqPaData, kdcReqBody);
}
