public GssKeytabCredential(string principal, string keytab, CredentialUsage usage, uint expiry = GSS_C_INDEFINITE) { // TODO: Wrap this with pinvoke if (!string.IsNullOrEmpty(keytab)) { // krb5_gss_register_acceptor_identity(string) } // allocate a gss buffer and copy the principal name to it using (var gssNameBuffer = GssBuffer.FromString(principal)) { uint minorStatus = 0; uint majorStatus = 0; // use the buffer to import the name into a gss_name majorStatus = gss_import_name( out minorStatus, ref gssNameBuffer.Value, ref GssNtPrincipalName, out var acceptorName ); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS provider was unable to import the supplied principal name", majorStatus, minorStatus, GssNtHostBasedService); } // use the name to attempt to obtain the servers credentials, this is usually from a keytab file. The // server credentials are required to decrypt and verify incoming service tickets var actualMechanims = default(GssOidDesc); majorStatus = gss_acquire_cred( out minorStatus, acceptorName, expiry, ref GssSpnegoMechOidSet, (int)usage, ref _credentials, ref actualMechanims, out var actualExpiry); // release the gss_name allocated by gss, the gss_buffer we allocated is free'd by the using block gss_release_name(out minorStatus, ref acceptorName); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS Provider was unable aquire credentials for authentication", majorStatus, minorStatus, GssSpnegoMechOidDesc); } } }
public GssPasswordCredential(string principal, string password, CredentialUsage usage) { uint minorStatus = 0; uint majorStatus = 0; // copy the principal name to a gss_buffer using (var gssUsernameBuffer = GssBuffer.FromString(principal)) using (var gssPasswordBuffer = GssBuffer.FromString(password)) { // use the buffer to import the name into a gss_name majorStatus = gss_import_name( out minorStatus, ref gssUsernameBuffer.Value, ref GssNtPrincipalName, out var gssUsername ); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS provider was unable to import the supplied principal name", majorStatus, minorStatus, GssNtHostBasedService); } // attempt to obtain a TGT from the KDC using the supplied username and password var actualMechanims = default(GssOidDesc); majorStatus = gss_acquire_cred_with_password( out minorStatus, gssUsername, ref gssPasswordBuffer.Value, 0xffffffff, ref GssSpnegoMechOidSet, (int)usage, ref _credentials, ref actualMechanims, out var actualExpiry); // release the gss_name allocated by gss, the gss_buffer we allocated is free'd by the using block gss_release_name(out var _, ref gssUsername); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS Provider was unable aquire credentials for authentication", majorStatus, minorStatus, GssSpnegoMechOidDesc); } } }
public GssPasswordCredential(string principal, string password, CredentialUsage usage) { uint minorStatus = 0; uint majorStatus = 0; // copy the principal name to a gss_buffer using (var gssUsernameBuffer = GssBuffer.FromString(principal)) using (var gssPasswordBuffer = GssBuffer.FromString(password)) { // use the buffer to import the name into a gss_name majorStatus = gss_import_name( out minorStatus, ref gssUsernameBuffer.Value, ref GssNtPrincipalName, out _gssUsername ); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS provider was unable to import the supplied principal name", majorStatus, minorStatus, GssNtHostBasedService); } majorStatus = gss_acquire_cred_with_password( out minorStatus, _gssUsername, ref gssPasswordBuffer.Value, 0, ref GssSpnegoMechOidSet, (int)usage, ref _credentials, IntPtr.Zero, // dont't mind when mechs we got out var actualExpiry); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS Provider was unable aquire credentials for authentication", majorStatus, minorStatus, GssSpnegoMechOidDesc); } } }
public GssKeytabCredential(string principal, string keytab, CredentialUsage usage, uint expiry = GSS_C_INDEFINITE) { // allocate a gss buffer and copy the principal name to it using (var gssNameBuffer = GssBuffer.FromString(principal)) { uint minorStatus = 0; uint majorStatus = 0; // use the buffer to import the name into a gss_name majorStatus = gss_import_name( out minorStatus, ref gssNameBuffer.Value, ref GssNtPrincipalName, out var acceptorName ); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS provider was unable to import the supplied principal name", majorStatus, minorStatus, GssNtHostBasedService); } majorStatus = gss_acquire_cred( out minorStatus, acceptorName, expiry, ref GssSpnegoMechOidSet, (int)usage, ref _credentials, IntPtr.Zero, // dont mind what mechs we got out var actualExpiry); if (majorStatus != GSS_S_COMPLETE) { throw new GssException("The GSS Provider was unable aquire credentials for authentication", majorStatus, minorStatus, GssSpnegoMechOidDesc); } } }
/// <summary> /// Aquires credentials for the supplied principal using material stored in a valid keytab /// </summary> /// <param name="keytab"></param> /// <param name="username"></param> /// <param name="usage"></param> /// <returns></returns> public static GssCredential FromKeytab(string username, CredentialUsage usage = CredentialUsage.Both, string keytab = null) { return(new GssKeytabCredential(username, keytab, usage)); }
/// <summary> /// Aquires credentials for the supplied principal using the supplied password /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <param name="usage"></param> /// <returns></returns> public static GssCredential FromPassword(string username, string password, CredentialUsage usage = CredentialUsage.Both) { return(new GssPasswordCredential(username, password, usage)); }