private KerberosAsRequest SendAsRequest(KdcOptions kdcOptions, Asn1SequenceOf <PA_DATA> seqPaData)
{
string sName = KerberosConstValue.KERBEROS_SNAME;
string domain = this.Context.Realm.Value;
PrincipalName sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname);
KerberosAsRequest asRequest = this.CreateAsRequest(kdcReqBody, seqPaData);
this.client.SendPdu(asRequest);
return(asRequest);
}
private void SendTgsRequest(string sName, KdcOptions kdcOptions, Asn1SequenceOf <PA_DATA> seqPadata = null, AuthorizationData dataInAuthentiator = null, AuthorizationData dataInEncAuthData = null, MsgType msgType = MsgType.KRB_TGS_REQ)
{
if (string.IsNullOrEmpty(sName))
{
throw new ArgumentNullException("sName");
}
PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName.Split('/')));
KDC_REQ_BODY kdcReqBody = this.CreateKdcRequestBody(kdcOptions, sname, dataInEncAuthData); // almost same as AS request
Asn1BerEncodingBuffer bodyBuffer = new Asn1BerEncodingBuffer();
kdcReqBody.BerEncode(bodyBuffer);
ChecksumType checksumType = KerberosUtility.GetChecksumType(this.Context.SelectedEType);
PA_DATA paTgsReq = CreatePaTgsReqest(checksumType, bodyBuffer.Data, dataInAuthentiator); // use AS session key encrypt authenticator.
Asn1SequenceOf <PA_DATA> tempPaData = null;
if (seqPadata == null || seqPadata.Elements == null || seqPadata.Elements.Length == 0)
{
tempPaData = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paTgsReq });
}
else
{
PA_DATA[] paDatas = new PA_DATA[seqPadata.Elements.Length + 1];
Array.Copy(seqPadata.Elements, paDatas, seqPadata.Elements.Length);
paDatas[seqPadata.Elements.Length] = paTgsReq;
tempPaData = new Asn1SequenceOf <PA_DATA>(paDatas);
}
KerberosTgsRequest tgsRequest = new KerberosTgsRequest(KerberosConstValue.KERBEROSV5, kdcReqBody, tempPaData, Context.TransportType);
tgsRequest.Request.msg_type.Value = (long)msgType;
this.client.SendPdu(tgsRequest);
}
/// <summary>
/// Create context
/// </summary>
/// <param name="domain">Domain name</param>
/// <param name="cName">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="accountType">Accoundtype, user or device</param>
public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt = null)
: this()
{
if (domain == null)
{
throw new ArgumentNullException("domain");
}
if (cName == null)
{
throw new ArgumentNullException("cName");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
this.Realm = new Realm(domain);
PrincipalName name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(cName));
if (null == salt)
{
if (accountType == KerberosAccountType.User)
{
salt = KerberosUtility.GenerateSalt(domain, cName, accountType);
}
else if (accountType == KerberosAccountType.Device)
{
salt = KerberosUtility.GenerateSalt(domain, cName, accountType);
}
else
{
throw new ArgumentOutOfRangeException("Account type not support");
}
}
this.CName = new Principal(accountType, this.Realm, name, password, salt);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="type">Type of Principal</param>
/// <param name="name">Principal name</param>
/// <param name="password">Password of principal</param>
/// <param name="salt">Salt of principal</param>
public Principal(KerberosAccountType type, string realm, string name, string password, string salt)
{
Type = type;
Realm = new Realm(realm);
Name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(name));
Password = password;
Salt = salt;
}
