Esempio n. 1
0
        /// <summary>
        /// Kerberos Client Initialize without server token
        /// </summary>
        private void ClientInitialize()
        {
            this.ApRequestAuthenticator = null;
            // Create and send AS request for pre-authentication
            KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE;

            KerberosTicket ticket = this.GetTGTCachedToken(this.credential, this.serverName);

            if (ticket == null)
            {
                this.SendAsRequest(options, null);

                // Expect recieve preauthentication required error
                METHOD_DATA methodData;
                this.ExpectPreauthRequiredError(out methodData);

                // Create sequence of PA data
                string         timeStamp      = KerberosUtility.CurrentKerberosTime.Value;
                PaEncTimeStamp paEncTimeStamp = new PaEncTimeStamp(timeStamp,
                                                                   0,
                                                                   this.Context.SelectedEType,
                                                                   this.Context.CName.Password,
                                                                   this.Context.CName.Salt);
                PaPacRequest             paPacRequest   = new PaPacRequest(true);
                PaPacOptions             paPacOptions   = new PaPacOptions(PacOptions.Claims | PacOptions.ForwardToFullDc);
                Asn1SequenceOf <PA_DATA> seqOfPaData_AS = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data, paPacOptions.Data });
                // Create and send AS request for TGT
                KerberosAsRequest asRequest = this.SendAsRequest(options, seqOfPaData_AS);

                // Expect TGT(AS) Response from KDC
                KerberosAsResponse asResponse = this.ExpectAsResponse();

                // Create and send TGS request
                Asn1SequenceOf <PA_DATA> seqOfPaData_TGS = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paPacRequest.Data, paPacOptions.Data });
                this.SendTgsRequest(this.serverName, options, seqOfPaData_TGS);

                // Expect TGS Response from KDC
                KerberosTgsResponse tgsResponse = this.ExpectTgsResponse();
                this.UpdateTGTCachedToken(this.Context.Ticket);
            }
            else
            {
                // Restore SessionKey and Ticket from cache
                this.Context.SessionKey    = ticket.SessionKey;
                this.Context.ApSessionKey  = ticket.SessionKey;
                this.Context.Ticket        = ticket;
                this.Context.SelectedEType = (EncryptionType)Context.Ticket.Ticket.enc_part.etype.Value;
            }

            // cache this.Context.Ticket;
            ApOptions apOption;

            GetFlagsByContextAttribute(out apOption);

            AuthorizationData data   = null;
            EncryptionKey     subkey = KerberosUtility.GenerateKey(this.client.Context.ContextKey);

            this.token = this.CreateGssApiToken(apOption,
                                                data,
                                                subkey,
                                                this.Context.ChecksumFlag,
                                                KerberosConstValue.GSSToken.GSSAPI);

            bool isMutualAuth = (contextAttribute & ClientSecurityContextAttribute.MutualAuth)
                                == ClientSecurityContextAttribute.MutualAuth;
            bool isDceStyle = (contextAttribute & ClientSecurityContextAttribute.DceStyle)
                              == ClientSecurityContextAttribute.DceStyle;

            if (isMutualAuth || isDceStyle)
            {
                this.needContinueProcessing = true;
            }
            else
            {
                this.needContinueProcessing = false;
            }
        }