public KileAsRequest CreateAsRequest(string sName,
KRBFlags kdcOptions,
Asn1SequenceOf <PA_DATA> paData,
params EncryptionType[] encryptionTypes)
{
KileAsRequest request = new KileAsRequest(context);
request.Request.msg_type = new Asn1Integer((int)MsgType.KRB_AS_REQ);
request.Request.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
request.Request.padata = paData;
request.Request.req_body = new KDC_REQ_BODY();
request.Request.req_body.kdc_options = new KDCOptions(KileUtility.ConvertInt2Flags((int)kdcOptions));
request.Request.req_body.nonce = new KerbUInt32((uint)Math.Abs((int)DateTime.Now.Ticks));
request.Request.req_body.till = new KerberosTime(ConstValue.TGT_TILL_TIME);
request.Request.req_body.rtime = new KerberosTime(ConstValue.TGT_RTIME);
request.Request.req_body.addresses =
new HostAddresses(new HostAddress[1] {
new HostAddress(new KerbInt32((int)AddressType.NetBios),
new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName())))
});
if (userName != null)
{
request.Request.req_body.cname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(userName));
}
if (domain != null)
{
request.Request.req_body.realm = new Realm(domain);
}
if (sName != null)
{
request.Request.req_body.sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KileUtility.String2SeqKerbString(sName, domain));
}
if (encryptionTypes != null)
{
KerbInt32[] etypes = new KerbInt32[encryptionTypes.Length];
for (int i = 0; i < encryptionTypes.Length; i++)
{
etypes[i] = new KerbInt32((int)encryptionTypes[i]);
}
request.Request.req_body.etype = new Asn1SequenceOf <KerbInt32>(etypes);
}
return(request);
}
/// <summary>
/// Update the context.
/// </summary>
/// <param name="pdu">The PDU to update the context.</param>
internal override void UpdateContext(KilePdu pdu)
{
if (pdu == null)
{
return;
}
lock (contextLock)
{
Type pduType = pdu.GetType();
if (pduType == typeof(KileAsRequest))
{
KileAsRequest request = (KileAsRequest)pdu;
if (request.Request != null && request.Request.req_body != null)
{
cName = request.Request.req_body.cname;
cRealm = request.Request.req_body.realm;
eType = request.Request.req_body.etype;
}
}
else if (pduType == typeof(KileAsResponse))
{
KileAsResponse response = (KileAsResponse)pdu;
if (response.EncPart != null)
{
tgsSessionKey = response.EncPart.key;
}
if (response.Response != null)
{
tgsTicket = response.Response.ticket;
if (tgsTicket != null && tgsTicket.sname != null &&
tgsTicket.sname.name_string != null && tgsTicket.sname.name_string.Elements != null &&
tgsTicket.sname.name_string.Elements.Length > 1)
{
int count = tgsTicket.sname.name_string.Elements.Length;
cRealm = new Realm(tgsTicket.sname.name_string.Elements[count - 1].Value);
}
if (response.Response.padata != null && response.Response.padata.Elements != null)
{
foreach (PA_DATA paData in response.Response.padata.Elements)
{
if (paData.padata_type != null &&
paData.padata_type.Value == (long)PaDataType.PA_ETYPE_INFO2)
{
Asn1DecodingBuffer buffer = new Asn1DecodingBuffer(paData.padata_value.ByteArrayValue);
ETYPE_INFO2 eTypeInfo2 = new ETYPE_INFO2();
eTypeInfo2.BerDecode(buffer);
if (eTypeInfo2.Elements != null && eTypeInfo2.Elements.Length > 0)
{
// the salt is received from KDC
salt = eTypeInfo2.Elements[0].salt.Value;
return;
}
}
}
}
}
}
else if (pduType == typeof(KileTgsResponse))
{
KileTgsResponse response = (KileTgsResponse)pdu;
if (response.Response != null)
{
apTicket = response.Response.ticket;
if (apTicket != null && apTicket.sname != null &&
apTicket.sname.name_string != null && apTicket.sname.name_string.Elements != null &&
apTicket.sname.name_string.Elements.Length > 1)
{
int count = apTicket.sname.name_string.Elements.Length;
cRealm = new Realm(apTicket.sname.name_string.Elements[count - 1].Value);
}
}
if (response.EncPart != null)
{
apSessionKey = response.EncPart.key;
}
}
else if (pduType == typeof(KileApRequest))
{
KileApRequest request = (KileApRequest)pdu;
if (request.Authenticator != null)
{
apSubKey = request.Authenticator.subkey;
apRequestCtime = request.Authenticator.ctime;
apRequestCusec = request.Authenticator.cusec;
if (request.Authenticator.cksum != null &&
request.Authenticator.cksum.cksumtype.Value == (int)ChecksumType.ap_authenticator_8003 &&
request.Authenticator.cksum.checksum != null &&
request.Authenticator.cksum.checksum.Value != null &&
request.Authenticator.cksum.checksum.Value.Length == ConstValue.AUTH_CHECKSUM_SIZE)
{
int flag = BitConverter.ToInt32(request.Authenticator.cksum.checksum.ByteArrayValue,
ConstValue.AUTHENTICATOR_CHECKSUM_LENGTH + sizeof(int));
checksumFlag = (ChecksumFlags)flag;
}
if (request.Authenticator.seq_number != null)
{
currentLocalSequenceNumber = (ulong)request.Authenticator.seq_number.Value;
currentRemoteSequenceNumber = currentLocalSequenceNumber;
}
}
}
else if (pduType == typeof(KileApResponse))
{
KileApResponse response = (KileApResponse)pdu;
if (response.ApEncPart != null)
{
if (response.ApEncPart.seq_number != null)
{
currentRemoteSequenceNumber = (ulong)response.ApEncPart.seq_number.Value;
}
if (response.ApEncPart.subkey != null)
{
acceptorSubKey = response.ApEncPart.subkey;
}
}
}
// else do nothing
}
}
/// <summary>
/// Update the context.
/// </summary>
/// <param name="pdu">The Pdu to update the context.</param>
internal override void UpdateContext(KilePdu pdu)
{
if (pdu != null)
{
Type pduType = pdu.GetType();
if (pduType == typeof(KileAsRequest))
{
KileAsRequest request = (KileAsRequest)pdu;
if (request.Request != null && request.Request.req_body != null)
{
cName = request.Request.req_body.cname;
cRealm = request.Request.req_body.realm;
sName = request.Request.req_body.sname;
encryptType = request.Request.req_body.etype;
addresses = request.Request.req_body.addresses;
nonce = request.Request.req_body.nonce;
endTime = request.Request.req_body.till;
rtime = request.Request.req_body.rtime;
}
}
else if (pduType == typeof(KileAsResponse))
{
KileAsResponse response = (KileAsResponse)pdu;
tgsSessionKey = response.EncPart.key;
}
else if (pduType == typeof(KileTgsRequest))
{
KileTgsRequest request = (KileTgsRequest)pdu;
encryptType = request.Request.req_body.etype;
nonce = request.Request.req_body.nonce;
tgsTicket = request.tgtTicket;
sName = request.Request.req_body.sname;
if (request.authenticator != null)
{
tgsSubSessionKey = request.authenticator.subkey;
}
}
else if (pduType == typeof(KileTgsResponse))
{
KileTgsResponse response = (KileTgsResponse)pdu;
apSessionKey = response.EncPart.key;
}
else if (pduType == typeof(KileApRequest))
{
KileApRequest request = (KileApRequest)pdu;
apRequestCtime = request.Authenticator.ctime;
apRequestCusec = request.Authenticator.cusec;
if (request.Authenticator.cksum != null)
{
int flag = BitConverter.ToInt32(request.Authenticator.cksum.checksum.mValue,
ConstValue.AUTHENTICATOR_CHECKSUM_LENGTH + sizeof(ChecksumFlags));
checksumFlag = (ChecksumFlags)flag;
}
apSubKey = request.Authenticator.subkey;
if (request.Authenticator.seq_number != null)
{
currentRemoteSequenceNumber = (ulong)request.Authenticator.seq_number.mValue;
currentLocalSequenceNumber = currentRemoteSequenceNumber;
}
}
else if (pduType == typeof(KileApResponse))
{
KileApResponse response = (KileApResponse)pdu;
if (response.ApEncPart.subkey != null)
{
acceptorSubKey = response.ApEncPart.subkey;
}
}
else
{
// Do nothing.
}
}
}
/// <summary>
/// Decode KILE PDUs from received message bytes
/// </summary>
/// <param name="endPoint">An endpoint from which the message bytes are received</param>
/// <param name="receivedBytes">The received bytes to be decoded</param>
/// <param name="consumedLength">Length of message bytes consumed by decoder</param>
/// <param name="expectedLength">Length of message bytes the decoder expects to receive</param>
/// <returns>The decoded KILE PDUs</returns>
/// <exception cref="System.FormatException">thrown when a kile message type is unsupported</exception>
internal KilePdu[] DecodePacketCallback(object endPoint,
byte[] receivedBytes,
out int consumedLength,
out int expectedLength)
{
// initialize lengths
consumedLength = 0;
expectedLength = 0;
if (null == receivedBytes || 0 == receivedBytes.Length)
{
return(null);
}
if (!isClientRole)
{
serverContext = null;
if (serverContextList != null)
{
KileConnection kileConnection = new KileConnection((IPEndPoint)endPoint);
if (!serverContextList.ContainsKey(kileConnection))
{
serverContext = new KileServerContext();
serverContext.TransportType = connectionType;
serverContextList.Add(kileConnection, serverContext);
}
else
{
serverContext = serverContextList[kileConnection];
}
}
if (serverContext == null)
{
throw new InvalidOperationException("The kileConnection related context does not exist.");
}
}
// TCP has a 4 bytes length header, while UDP has not
byte[] pduBytes = receivedBytes;
if ((isClientRole && clientContext.TransportType == KileConnectionType.TCP) ||
(!isClientRole && serverContext.TransportType == KileConnectionType.TCP))
{
// insufficient data, needs to receive more
if (receivedBytes.Length < sizeof(int))
{
return(null);
}
// get pdu data length
byte[] lengthBytes = ArrayUtility.SubArray(receivedBytes, 0, sizeof(int));
Array.Reverse(lengthBytes);
int pduLength = BitConverter.ToInt32(lengthBytes, 0);
// insufficient data, needs to receive more
expectedLength = sizeof(int) + pduLength;
if (receivedBytes.Length < expectedLength)
{
return(null);
}
// check if it is a krb zero message
if (pduLength == 0 && receivedBytes.Length == sizeof(int))
{
consumedLength = sizeof(int);
KrbZero krbZeroPdu = new KrbZero(clientContext);
return(new KilePdu[] { krbZeroPdu });
}
// remove length header from pdu bytes
pduBytes = ArrayUtility.SubArray <byte>(receivedBytes, sizeof(int), pduLength);
}
else
{
// UDP has no length header
expectedLength = pduBytes.Length;
}
// get message type
// (the lower 5 bits indicates its kile message type)
MsgType kileMessageType = (MsgType)(pduBytes[0] & 0x1f);
// decode according to message type
consumedLength = expectedLength;
KilePdu pdu = null;
switch (kileMessageType)
{
case MsgType.KRB_AS_REQ:
pdu = new KileAsRequest(serverContext);
break;
case MsgType.KRB_AS_RESP:
pdu = new KileAsResponse(clientContext);
break;
case MsgType.KRB_TGS_REQ:
pdu = new KileTgsRequest(serverContext);
break;
case MsgType.KRB_TGS_RESP:
pdu = new KileTgsResponse(clientContext);
break;
case MsgType.KRB_ERROR:
pdu = new KileKrbError();
break;
default:
throw new FormatException(
"Unsupported Message Type: " + kileMessageType.ToString());
}
pdu.FromBytes(pduBytes);
// update context
if (isClientRole)
{
clientContext.UpdateContext(pdu);
}
else
{
serverContext.UpdateContext(pdu);
}
return(new KilePdu[] { pdu });
}
