public GssKeytabCredential(string principal, string keytab, CredentialUsage usage, uint expiry = GSS_C_INDEFINITE)
        {
            // TODO: Wrap this with pinvoke
            if (!string.IsNullOrEmpty(keytab))
            {
                // krb5_gss_register_acceptor_identity(string)
            }

            // allocate a gss buffer and copy the principal name to it
            using (var gssNameBuffer = GssBuffer.FromString(principal))
            {
                uint minorStatus = 0;
                uint majorStatus = 0;

                // use the buffer to import the name into a gss_name
                majorStatus = gss_import_name(
                    out minorStatus,
                    ref gssNameBuffer.Value,
                    ref GssNtPrincipalName,
                    out var acceptorName
                    );
                if (majorStatus != GSS_S_COMPLETE)
                {
                    throw new GssException("The GSS provider was unable to import the supplied principal name",
                                           majorStatus, minorStatus, GssNtHostBasedService);
                }

                // use the name to attempt to obtain the servers credentials, this is usually from a keytab file. The
                // server credentials are required to decrypt and verify incoming service tickets
                var actualMechanims = default(GssOidDesc);

                majorStatus = gss_acquire_cred(
                    out minorStatus,
                    acceptorName,
                    expiry,
                    ref GssSpnegoMechOidSet,
                    (int)usage,
                    ref _credentials,
                    ref actualMechanims,
                    out var actualExpiry);

                // release the gss_name allocated by gss, the gss_buffer we allocated is free'd by the using block
                gss_release_name(out minorStatus, ref acceptorName);

                if (majorStatus != GSS_S_COMPLETE)
                {
                    throw new GssException("The GSS Provider was unable aquire credentials for authentication",
                                           majorStatus, minorStatus, GssSpnegoMechOidDesc);
                }
            }
        }
        public GssPasswordCredential(string principal, string password, CredentialUsage usage)
        {
            uint minorStatus = 0;
            uint majorStatus = 0;

            // copy the principal name to a gss_buffer
            using (var gssUsernameBuffer = GssBuffer.FromString(principal))
                using (var gssPasswordBuffer = GssBuffer.FromString(password))
                {
                    // use the buffer to import the name into a gss_name
                    majorStatus = gss_import_name(
                        out minorStatus,
                        ref gssUsernameBuffer.Value,
                        ref GssNtPrincipalName,
                        out var gssUsername
                        );
                    if (majorStatus != GSS_S_COMPLETE)
                    {
                        throw new GssException("The GSS provider was unable to import the supplied principal name",
                                               majorStatus, minorStatus, GssNtHostBasedService);
                    }

                    // attempt to obtain a TGT from the KDC using the supplied username and password
                    var actualMechanims = default(GssOidDesc);

                    majorStatus = gss_acquire_cred_with_password(
                        out minorStatus,
                        gssUsername,
                        ref gssPasswordBuffer.Value,
                        0xffffffff,
                        ref GssSpnegoMechOidSet,
                        (int)usage,
                        ref _credentials,
                        ref actualMechanims,
                        out var actualExpiry);

                    // release the gss_name allocated by gss, the gss_buffer we allocated is free'd by the using block
                    gss_release_name(out var _, ref gssUsername);

                    if (majorStatus != GSS_S_COMPLETE)
                    {
                        throw new GssException("The GSS Provider was unable aquire credentials for authentication",
                                               majorStatus, minorStatus, GssSpnegoMechOidDesc);
                    }
                }
        }
Esempio n. 3
0
        public GssPasswordCredential(string principal, string password, CredentialUsage usage)
        {
            uint minorStatus = 0;
            uint majorStatus = 0;

            // copy the principal name to a gss_buffer
            using (var gssUsernameBuffer = GssBuffer.FromString(principal))
                using (var gssPasswordBuffer = GssBuffer.FromString(password))
                {
                    // use the buffer to import the name into a gss_name
                    majorStatus = gss_import_name(
                        out minorStatus,
                        ref gssUsernameBuffer.Value,
                        ref GssNtPrincipalName,
                        out _gssUsername
                        );
                    if (majorStatus != GSS_S_COMPLETE)
                    {
                        throw new GssException("The GSS provider was unable to import the supplied principal name",
                                               majorStatus, minorStatus, GssNtHostBasedService);
                    }

                    majorStatus = gss_acquire_cred_with_password(
                        out minorStatus,
                        _gssUsername,
                        ref gssPasswordBuffer.Value,
                        0,
                        ref GssSpnegoMechOidSet,
                        (int)usage,
                        ref _credentials,
                        IntPtr.Zero,        // dont't mind when mechs we got
                        out var actualExpiry);

                    if (majorStatus != GSS_S_COMPLETE)
                    {
                        throw new GssException("The GSS Provider was unable aquire credentials for authentication",
                                               majorStatus, minorStatus, GssSpnegoMechOidDesc);
                    }
                }
        }
        public GssKeytabCredential(string principal, string keytab, CredentialUsage usage, uint expiry = GSS_C_INDEFINITE)
        {
            // allocate a gss buffer and copy the principal name to it
            using (var gssNameBuffer = GssBuffer.FromString(principal))
            {
                uint minorStatus = 0;
                uint majorStatus = 0;

                // use the buffer to import the name into a gss_name
                majorStatus = gss_import_name(
                    out minorStatus,
                    ref gssNameBuffer.Value,
                    ref GssNtPrincipalName,
                    out var acceptorName
                    );
                if (majorStatus != GSS_S_COMPLETE)
                {
                    throw new GssException("The GSS provider was unable to import the supplied principal name",
                                           majorStatus, minorStatus, GssNtHostBasedService);
                }

                majorStatus = gss_acquire_cred(
                    out minorStatus,
                    acceptorName,
                    expiry,
                    ref GssSpnegoMechOidSet,
                    (int)usage,
                    ref _credentials,
                    IntPtr.Zero,            // dont mind what mechs we got
                    out var actualExpiry);

                if (majorStatus != GSS_S_COMPLETE)
                {
                    throw new GssException("The GSS Provider was unable aquire credentials for authentication",
                                           majorStatus, minorStatus, GssSpnegoMechOidDesc);
                }
            }
        }
 /// <summary>
 /// Aquires credentials for the supplied principal using material stored in a valid keytab
 /// </summary>
 /// <param name="keytab"></param>
 /// <param name="username"></param>
 /// <param name="usage"></param>
 /// <returns></returns>
 public static GssCredential FromKeytab(string username,
                                        CredentialUsage usage = CredentialUsage.Both,
                                        string keytab         = null)
 {
     return(new GssKeytabCredential(username, keytab, usage));
 }
 /// <summary>
 /// Aquires credentials for the supplied principal using the supplied password
 /// </summary>
 /// <param name="username"></param>
 /// <param name="password"></param>
 /// <param name="usage"></param>
 /// <returns></returns>
 public static GssCredential FromPassword(string username, string password, CredentialUsage usage = CredentialUsage.Both)
 {
     return(new GssPasswordCredential(username, password, usage));
 }