public LastReqElement(
KerbInt32 param0,
KerberosTime param1)
{
this.lr_type = param0;
this.lr_value = param1;
}
public EncASRepPart(
EncryptionKey param0,
LastReq param1,
KerbUInt32 param2,
KerberosTime param3,
TicketFlags param4,
KerberosTime param5,
KerberosTime param6,
KerberosTime param7,
KerberosTime param8,
Realm param9,
PrincipalName param10,
HostAddresses param11,
Asn1SequenceOf <PA_DATA> param12)
{
this.key = param0;
this.last_req = param1;
this.nonce = param2;
this.key_expiration = param3;
this.flags = param4;
this.authtime = param5;
this.starttime = param6;
this.endtime = param7;
this.renew_till = param8;
this.srealm = param9;
this.sname = param10;
this.caddr = param11;
this.pa_datas = param12;
}
public KDC_REQ_BODY(
KDCOptions param0,
PrincipalName param1,
Realm param2,
PrincipalName param3,
KerberosTime param4,
KerberosTime param5,
KerberosTime param6,
KerbUInt32 param7,
Asn1SequenceOf <KerbInt32> param8,
HostAddresses param9,
EncryptedData param10,
Asn1SequenceOf <Ticket> param11)
{
this.kdc_options = param0;
this.cname = param1;
this.realm = param2;
this.sname = param3;
this.from = param4;
this.till = param5;
this.rtime = param6;
this.nonce = param7;
this.etype = param8;
this.addresses = param9;
this.enc_authorization_data = param10;
this.additional_tickets = param11;
}
public LastReqElement(
KerbInt32 param0,
KerberosTime param1)
{
this.lr_type = param0;
this.lr_value = param1;
}
public KRB_ERROR(
Asn1Integer param0,
Asn1Integer param1,
KerberosTime param2,
Microseconds param3,
KerberosTime param4,
Microseconds param5,
KerbInt32 param6,
Realm param7,
PrincipalName param8,
Realm param9,
PrincipalName param10,
KerberosString param11,
Asn1OctetString param12)
{
this.pvno = param0;
this.msg_type = param1;
this.ctime = param2;
this.cusec = param3;
this.stime = param4;
this.susec = param5;
this.error_code = param6;
this.crealm = param7;
this.cname = param8;
this.realm = param9;
this.sname = param10;
this.e_text = param11;
this.e_data = param12;
}
public KrbCredInfo(
EncryptionKey param0,
Realm param1,
PrincipalName param2,
TicketFlags param3,
KerberosTime param4,
KerberosTime param5,
KerberosTime param6,
KerberosTime param7,
Realm param8,
PrincipalName param9,
HostAddresses param10)
{
this.key = param0;
this.prealm = param1;
this.pname = param2;
this.flags = param3;
this.authtime = param4;
this.starttime = param5;
this.endtime = param6;
this.renew_till = param7;
this.srealm = param8;
this.sname = param9;
this.caddr = param10;
}
public PA_ENC_TS_ENC(
KerberosTime param0,
Microseconds param1)
{
this.patimestamp = param0;
this.pausec = param1;
}
public EncTicketPart(
TicketFlags param0,
EncryptionKey param1,
Realm param2,
PrincipalName param3,
TransitedEncoding param4,
KerberosTime param5,
KerberosTime param6,
KerberosTime param7,
KerberosTime param8,
HostAddresses param9,
AuthorizationData param10)
{
this.flags = param0;
this.key = param1;
this.crealm = param2;
this.cname = param3;
this.transited = param4;
this.authtime = param5;
this.starttime = param6;
this.endtime = param7;
this.renew_till = param8;
this.caddr = param9;
this.authorization_data = param10;
}
public KDC_REQ_BODY(
KDCOptions param0,
PrincipalName param1,
Realm param2,
PrincipalName param3,
KerberosTime param4,
KerberosTime param5,
KerberosTime param6,
KerbUInt32 param7,
Asn1SequenceOf<KerbInt32> param8,
HostAddresses param9,
EncryptedData param10,
Asn1SequenceOf<Ticket> param11)
{
this.kdc_options = param0;
this.cname = param1;
this.realm = param2;
this.sname = param3;
this.from = param4;
this.till = param5;
this.rtime = param6;
this.nonce = param7;
this.etype = param8;
this.addresses = param9;
this.enc_authorization_data = param10;
this.additional_tickets = param11;
}
public EncTicketPart(
TicketFlags param0,
EncryptionKey param1,
Realm param2,
PrincipalName param3,
TransitedEncoding param4,
KerberosTime param5,
KerberosTime param6,
KerberosTime param7,
KerberosTime param8,
HostAddresses param9,
AuthorizationData param10)
{
this.flags = param0;
this.key = param1;
this.crealm = param2;
this.cname = param3;
this.transited = param4;
this.authtime = param5;
this.starttime = param6;
this.endtime = param7;
this.renew_till = param8;
this.caddr = param9;
this.authorization_data = param10;
}
public EncASRepPart(
EncryptionKey param0,
LastReq param1,
KerbUInt32 param2,
KerberosTime param3,
TicketFlags param4,
KerberosTime param5,
KerberosTime param6,
KerberosTime param7,
KerberosTime param8,
Realm param9,
PrincipalName param10,
HostAddresses param11,
Asn1SequenceOf<PA_DATA> param12)
{
this.key = param0;
this.last_req = param1;
this.nonce = param2;
this.key_expiration = param3;
this.flags = param4;
this.authtime = param5;
this.starttime = param6;
this.endtime = param7;
this.renew_till = param8;
this.srealm = param9;
this.sname = param10;
this.caddr = param11;
this.pa_datas = param12;
}
public KRB_ERROR(
Asn1Integer param0,
Asn1Integer param1,
KerberosTime param2,
Microseconds param3,
KerberosTime param4,
Microseconds param5,
KerbInt32 param6,
Realm param7,
PrincipalName param8,
Realm param9,
PrincipalName param10,
KerberosString param11,
Asn1OctetString param12)
{
this.pvno = param0;
this.msg_type = param1;
this.ctime = param2;
this.cusec = param3;
this.stime = param4;
this.susec = param5;
this.error_code = param6;
this.crealm = param7;
this.cname = param8;
this.realm = param9;
this.sname = param10;
this.e_text = param11;
this.e_data = param12;
}
public PA_ENC_TS_ENC(
KerberosTime param0,
Microseconds param1)
{
this.patimestamp = param0;
this.pausec = param1;
}
public KrbCredInfo(
EncryptionKey param0,
Realm param1,
PrincipalName param2,
TicketFlags param3,
KerberosTime param4,
KerberosTime param5,
KerberosTime param6,
KerberosTime param7,
Realm param8,
PrincipalName param9,
HostAddresses param10)
{
this.key = param0;
this.prealm = param1;
this.pname = param2;
this.flags = param3;
this.authtime = param4;
this.starttime = param5;
this.endtime = param6;
this.renew_till = param7;
this.srealm = param8;
this.sname = param9;
this.caddr = param10;
}
public EncAPRepPart(
KerberosTime param0,
Microseconds param1,
EncryptionKey param2,
KerbUInt32 param3)
{
this.ctime = param0;
this.cusec = param1;
this.subkey = param2;
this.seq_number = param3;
}
public EncAPRepPart(
KerberosTime param0,
Microseconds param1,
EncryptionKey param2,
KerbUInt32 param3)
{
this.ctime = param0;
this.cusec = param1;
this.subkey = param2;
this.seq_number = param3;
}
public KrbFastFinished(
KerberosTime param0,
Microseconds param1,
Realm param2,
PrincipalName param3,
Checksum param4)
{
this.timestamp = param0;
this.usec = param1;
this.crealm = param2;
this.cname = param3;
this.ticket_checksum = param4;
}
public EncKrbPrivPart(
Asn1OctetString param0,
KerberosTime param1,
Microseconds param2,
KerbUInt32 param3,
HostAddress param4,
HostAddress param5)
{
this.user_data = param0;
this.timestamp = param1;
this.usec = param2;
this.seq_number = param3;
this.s_address = param4;
this.r_address = param5;
}
public EncKrbPrivPart(
Asn1OctetString param0,
KerberosTime param1,
Microseconds param2,
KerbUInt32 param3,
HostAddress param4,
HostAddress param5)
{
this.user_data = param0;
this.timestamp = param1;
this.usec = param2;
this.seq_number = param3;
this.s_address = param4;
this.r_address = param5;
}
public EncKrbCredPart(
Asn1SequenceOf <KrbCredInfo> param0,
KerbUInt32 param1,
KerberosTime param2,
Microseconds param3,
HostAddress param4,
HostAddress param5)
{
this.ticket_info = param0;
this.nonce = param1;
this.timestamp = param2;
this.usec = param3;
this.s_address = param4;
this.r_address = param5;
}
public KRB_SAFE_BODY(
Asn1OctetString user_data,
KerberosTime timestamp,
Microseconds usec,
KerbUInt32 seq_number,
HostAddress s_address,
HostAddress r_address)
{
this.user_data = user_data;
this.timestamp = timestamp;
this.usec = usec;
this.seq_number = seq_number;
this.s_address = s_address;
this.r_address = r_address;
}
public EncKrbCredPart(
Asn1SequenceOf<KrbCredInfo> param0,
KerbUInt32 param1,
KerberosTime param2,
Microseconds param3,
HostAddress param4,
HostAddress param5)
{
this.ticket_info = param0;
this.nonce = param1;
this.timestamp = param2;
this.usec = param3;
this.s_address = param4;
this.r_address = param5;
}
public KRB_SAFE_BODY(
Asn1OctetString user_data,
KerberosTime timestamp,
Microseconds usec,
KerbUInt32 seq_number,
HostAddress s_address,
HostAddress r_address)
{
this.user_data = user_data;
this.timestamp = timestamp;
this.usec = usec;
this.seq_number = seq_number;
this.s_address = s_address;
this.r_address = r_address;
}
private KDC_REQ_BODY CreateKdcRequestBody(KdcOptions kdcOptions, PrincipalName sName)
{
KerbUInt32 nonce = new KerbUInt32((uint)Math.Abs((int)DateTime.Now.Ticks));
KerberosTime till = new KerberosTime(KerberosConstValue.TGT_TILL_TIME);
KerberosTime rtime = new KerberosTime(KerberosConstValue.TGT_RTIME);
HostAddresses addresses =
new HostAddresses(new HostAddress[1] {
new HostAddress(new KerbInt32((int)AddressType.NetBios),
new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName())))
});
KDCOptions options = new KDCOptions(KerberosUtility.ConvertInt2Flags((int)kdcOptions));
KDC_REQ_BODY kdcReqBody = new KDC_REQ_BODY(options, Context.CName.Name, Context.Realm, sName, null, till, rtime, nonce, Context.SupportedEType, addresses, null, null);
return(kdcReqBody);
}
public Authenticator(
Asn1Integer param0,
Realm param1,
PrincipalName param2,
Checksum param3,
Microseconds param4,
KerberosTime param5,
EncryptionKey param6,
KerbUInt32 param7,
AuthorizationData param8)
{
this.authenticator_vno = param0;
this.crealm = param1;
this.cname = param2;
this.cksum = param3;
this.cusec = param4;
this.ctime = param5;
this.subkey = param6;
this.seq_number = param7;
this.authorization_data = param8;
}
public Authenticator(
Asn1Integer param0,
Realm param1,
PrincipalName param2,
Checksum param3,
Microseconds param4,
KerberosTime param5,
EncryptionKey param6,
KerbUInt32 param7,
AuthorizationData param8)
{
this.authenticator_vno = param0;
this.crealm = param1;
this.cname = param2;
this.cksum = param3;
this.cusec = param4;
this.ctime = param5;
this.subkey = param6;
this.seq_number = param7;
this.authorization_data = param8;
}
/// <summary>
/// Create and send AS request
/// </summary>
/// <param name="kdcOptions">KDC options</param>
/// <param name="seqPaData">A sequence of preauthentication data</param>
public void SendAsRequest(KdcOptions kdcOptions, Asn1SequenceOf<PA_DATA> seqPaData, KerberosTime from, KerberosTime till)
{
string sName = KerberosConstValue.KERBEROS_SNAME;
string domain = this.Context.Realm.Value;
PrincipalName sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname, from, till);
KerberosAsRequest asRequest = this.CreateAsRequest(kdcReqBody, seqPaData);
this.SendPdu(asRequest);
this.testSite.Log.Add(LogEntryKind.Debug, "Send AS Request.");
}
public LastReqElement()
{
this.lr_type = null;
this.lr_value = null;
}
public void KrbErrorTicketNeverValid()
{
base.Logging();
client = new KerberosTestClient(this.testConfig.LocalRealm.RealmName, this.testConfig.LocalRealm.User[1].Username,
this.testConfig.LocalRealm.User[1].Password, KerberosAccountType.User, testConfig.LocalRealm.KDC[0].IPAddress, testConfig.LocalRealm.KDC[0].Port, testConfig.TransportType,
testConfig.SupportedOid);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Construct Kerberos client for testing.");
//Create and send AS request
KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE;
KerberosTime till = new KerberosTime("20110810035805Z");
KerberosTime from = new KerberosTime("20110811035805Z");
client.SendAsRequest(options, null, from, till);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Create and send AS request with no PA data.");
//Recieve preauthentication required error
METHOD_DATA methodData;
KerberosKrbError krbError = client.ExpectPreauthRequiredError(out methodData);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Recieve preauthentication required error.");
//Create sequence of PA data
string timeStamp = KerberosUtility.CurrentKerberosTime.Value;
PaEncTimeStamp paEncTimeStamp = new PaEncTimeStamp(timeStamp, 0, client.Context.SelectedEType, this.client.Context.CName.Password, this.client.Context.CName.Salt);
PaPacRequest paPacRequest = new PaPacRequest(true);
Asn1SequenceOf<PA_DATA> seqOfPaData = new Asn1SequenceOf<PA_DATA>(new PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data });
BaseTestSite.Log.Add(LogEntryKind.Comment, "Create a sequence of PA data.");
//Create and send AS request
client.SendAsRequest(options, seqOfPaData, from, till);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Create and send AS request with PA data.");
krbError = client.ExpectKrbError();
BaseTestSite.Log.Add(LogEntryKind.Comment, "Recieve Kerberos error.");
BaseTestSite.Assert.AreEqual(KRB_ERROR_CODE.KDC_ERR_NEVER_VALID, krbError.ErrorCode, "If the requested expiration time minus the starttime is less than a site-determined minimum lifetime, an error message with code KDC_ERR_NEVER_VALID is returned.");
}
private KDC_REQ_BODY CreateKdcRequestBody(
KdcOptions kdcOptions,
PrincipalName sName,
KerberosTime from,
KerberosTime till
)
{
KerbUInt32 nonce = new KerbUInt32((uint)Math.Abs((int)DateTime.Now.Ticks));
KerberosTime rtime = new KerberosTime(KerberosConstValue.TGT_RTIME);
HostAddresses addresses =
new HostAddresses(new HostAddress[1] { new HostAddress(new KerbInt32((int)AddressType.NetBios),
new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName()))) });
KDCOptions options = new KDCOptions(KerberosUtility.ConvertInt2Flags((int)kdcOptions));
KDC_REQ_BODY kdcReqBody = new KDC_REQ_BODY(options, Context.CName.Name, Context.Realm, sName, from, till, rtime, nonce, Context.SupportedEType, addresses, null, null);
return kdcReqBody;
}
public void KrbErrorCannotPostdate()
{
base.Logging();
client = new KerberosTestClient(this.testConfig.LocalRealm.RealmName, this.testConfig.LocalRealm.User[1].Username,
this.testConfig.LocalRealm.User[1].Password, KerberosAccountType.User, testConfig.LocalRealm.KDC[0].IPAddress, testConfig.LocalRealm.KDC[0].Port, testConfig.TransportType,
testConfig.SupportedOid);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Construct Kerberos client for testing.");
// Kerberos Proxy Service is used
if (this.testConfig.UseProxy)
{
BaseTestSite.Log.Add(LogEntryKind.Comment, "Initialize KKDCP Client .");
KKDCPClient proxyClient = new KKDCPClient(proxyClientConfig);
proxyClient.TargetDomain = this.testConfig.LocalRealm.RealmName;
client.UseProxy = true;
client.ProxyClient = proxyClient;
}
//Create and send AS request
KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE;
KerberosTime from = new KerberosTime("20370811035805Z");
KerberosTime till = new KerberosTime("20370810035805Z");
client.SendAsRequest(options, null, from, till);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Create and send AS request with no PA data.");
//Recieve preauthentication required error
METHOD_DATA methodData;
KerberosKrbError krbError = client.ExpectPreauthRequiredError(out methodData);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Recieve preauthentication required error.");
//Create sequence of PA data
string timeStamp = KerberosUtility.CurrentKerberosTime.Value;
PaEncTimeStamp paEncTimeStamp = new PaEncTimeStamp(timeStamp, 0, client.Context.SelectedEType, this.client.Context.CName.Password, this.client.Context.CName.Salt);
PaPacRequest paPacRequest = new PaPacRequest(true);
Asn1SequenceOf<PA_DATA> seqOfPaData = new Asn1SequenceOf<PA_DATA>(new PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data });
BaseTestSite.Log.Add(LogEntryKind.Comment, "Create a sequence of PA data.");
//Create and send AS request
client.SendAsRequest(options, seqOfPaData, from, till);
BaseTestSite.Log.Add(LogEntryKind.Comment, "Create and send AS request with PA data.");
krbError = client.ExpectKrbError();
BaseTestSite.Log.Add(LogEntryKind.Comment, "Recieve Kerberos error.");
BaseTestSite.Assert.AreEqual(KRB_ERROR_CODE.KDC_ERR_CANNOT_POSTDATE, krbError.ErrorCode, "If the requested starttime indicates a time in the future beyond the acceptable clock skew but the POSTDATED option has not been specified, an error message with code KDC_ERR_CANNOT_POSTDATE is returned.");
}
