public async Task ParseKdcProxyMessage_WithoutLength() { var req = KrbAsReq.CreateAsReq( new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!"), 0 ).EncodeApplication(); var domain = "corp.identityintervention.com"; var hint = DcLocatorHint.DS_AVOID_SELF; var message = KdcProxyMessage.WrapMessage(req, domain, hint, mode: KdcProxyMessageMode.NoPrefix); var kdc = new KdcServer(new KdcServerOptions { RealmLocator = realm => new FakeRealmService(realm) }); var response = await kdc.ProcessMessage(message.Encode()); Assert.IsTrue(response.Length > 0); Assert.IsFalse(KrbError.CanDecode(response)); var proxy = KdcProxyMessage.Decode(response); var preAuthReq = KrbError.DecodeApplication(proxy.UnwrapMessage(out KdcProxyMessageMode mode)); Assert.AreEqual(KdcProxyMessageMode.NoPrefix, mode); Assert.AreEqual(KerberosErrorCode.KDC_ERR_PREAUTH_REQUIRED, preAuthReq.ErrorCode); }
public async Task KdcTagPeekFailureApplication() { var kdc = new KdcServer(new KdcServerOptions { DefaultRealm = "domain.com", IsDebug = true, Log = new FakeExceptionLoggerFactory() }); var checksum = new KrbChecksum { }; var response = await kdc.ProcessMessage(checksum.Encode()); var err = KrbError.DecodeApplication(response); Assert.IsNotNull(err); Assert.AreEqual(KerberosErrorCode.KRB_ERR_GENERIC, err.ErrorCode); }
public Task <IPEndPoint> Start() { _cancellationTokenSource = new CancellationTokenSource(); _running = true; _tcpListener.Start(); var cancellationToken = _cancellationTokenSource.Token; Task.Run(async() => { try { byte[] sizeBuffer = new byte[4]; do { using var socket = await _tcpListener.AcceptSocketAsync(cancellationToken); using var socketStream = new NetworkStream(socket); await socketStream.ReadExactlyAsync(sizeBuffer, cancellationToken); var messageSize = BinaryPrimitives.ReadInt32BigEndian(sizeBuffer); var requestRented = ArrayPool <byte> .Shared.Rent(messageSize); var request = requestRented.AsMemory(0, messageSize); await socketStream.ReadExactlyAsync(request); var response = await _kdcServer.ProcessMessage(request); ArrayPool <byte> .Shared.Return(requestRented); var responseLength = response.Length + 4; var responseRented = ArrayPool <byte> .Shared.Rent(responseLength); BinaryPrimitives.WriteInt32BigEndian(responseRented.AsSpan(0, 4), responseLength); response.CopyTo(responseRented.AsMemory(4, responseLength)); await socketStream.WriteAsync(responseRented.AsMemory(0, responseLength + 4), cancellationToken); ArrayPool <byte> .Shared.Return(responseRented); }while (!cancellationToken.IsCancellationRequested); } finally { lock (_runningLock) { _running = false; Monitor.Pulse(_runningLock); } } }); return(Task.FromResult((IPEndPoint)_tcpListener.LocalEndpoint)); }
public async Task KdcTagPeekFailureUnknownHandler() { var kdc = new KdcServer(new KdcServerOptions { DefaultRealm = "domain.com", IsDebug = true }); var krbCred = new KrbCred { Tickets = Array.Empty <KrbTicket>() }; var response = await kdc.ProcessMessage(krbCred.EncodeApplication()); var err = KrbError.DecodeApplication(response); Assert.IsNotNull(err); Assert.AreEqual(KerberosErrorCode.KRB_ERR_GENERIC, err.ErrorCode); Assert.IsTrue(err.EText.Contains("doesn't have a message handler registered")); }
public async Task TestKdcTagPeekFailureUnknownHandler() { var kdc = new KdcServer(new ListenerOptions { DefaultRealm = "domain.com", IsDebug = true }); var aprepPart = new KrbEncApRepPart { }; ReadOnlySequence <byte> request = new ReadOnlySequence <byte>(aprepPart.EncodeApplication().ToArray()); var response = await kdc.ProcessMessage(request); var err = KrbError.DecodeApplication(response); Assert.IsNotNull(err); Assert.AreEqual(KerberosErrorCode.KRB_ERR_GENERIC, err.ErrorCode); Assert.IsTrue(err.EText.Contains("doesn't have a message handler registered")); }
public async Task TestKdcTagPeekFailureApplication() { var kdc = new KdcServer(new ListenerOptions { DefaultRealm = "domain.com", IsDebug = true, Log = new ValidatorTests.TestLogger() }); var checksum = new KrbChecksum { }; ReadOnlySequence <byte> request = new ReadOnlySequence <byte>(checksum.Encode().ToArray()); var response = await kdc.ProcessMessage(request); var err = KrbError.DecodeApplication(response); Assert.IsNotNull(err); Assert.AreEqual(KerberosErrorCode.KRB_ERR_GENERIC, err.ErrorCode); Assert.IsTrue(err.EText.Contains("Unknown incoming tag")); }
public async Task KdcTagPeekFailureNullBuilder() { var kdc = new KdcServer(new KdcServerOptions { DefaultRealm = "domain.com", IsDebug = true }); kdc.RegisterMessageHandler(MessageType.KRB_CRED, (b, o) => null); var krbCred = new KrbCred { Tickets = Array.Empty <KrbTicket>() }; var response = await kdc.ProcessMessage(krbCred.EncodeApplication()); var err = KrbError.DecodeApplication(response); Assert.IsNotNull(err); Assert.AreEqual(KerberosErrorCode.KRB_ERR_GENERIC, err.ErrorCode); Assert.IsTrue(err.EText.Contains("Message handler builder KRB_CRED must not return null")); }
public async Task TestKdcTagPeekFailureNullBuilder() { var kdc = new KdcServer(new ListenerOptions { DefaultRealm = "domain.com", IsDebug = true }); kdc.RegisterMessageHandler((MessageType)27, (b, o) => null); var aprepPart = new KrbEncApRepPart { }; ReadOnlySequence <byte> request = new ReadOnlySequence <byte>(aprepPart.EncodeApplication().ToArray()); var response = await kdc.ProcessMessage(request); var err = KrbError.DecodeApplication(response); Assert.IsNotNull(err); Assert.AreEqual(KerberosErrorCode.KRB_ERR_GENERIC, err.ErrorCode); Assert.IsTrue(err.EText.Contains("Message handler builder 27 must not return null")); }
public async Task ParseKdcProxyMessage() { var req = KrbAsReq.CreateAsReq( new KerberosPasswordCredential("*****@*****.**", "P@ssw0rd!"), 0 ).EncodeApplication(); var domain = "corp.identityintervention.com"; var hint = DcLocatorHint.DS_AVOID_SELF; var messageBytes = new Memory <byte>(new byte[req.Length + 4]); Endian.ConvertToBigEndian(req.Length, messageBytes.Slice(0, 4)); req.CopyTo(messageBytes.Slice(4, req.Length)); var message = new KdcProxyMessage { TargetDomain = domain, KerbMessage = messageBytes, DcLocatorHint = hint }; var kdc = new KdcServer(new ListenerOptions { RealmLocator = LocateFakeRealm }); var response = await kdc.ProcessMessage(new ReadOnlySequence <byte>(message.Encode())); Assert.IsTrue(response.Length > 0); Assert.IsFalse(KrbError.CanDecode(response)); var proxy = KdcProxyMessage.Decode(response); var preAuthReq = KrbError.DecodeApplication(proxy.UnwrapMessage()); Assert.AreEqual(KerberosErrorCode.KDC_ERR_PREAUTH_REQUIRED, preAuthReq.ErrorCode); }
internal async Task <ReadOnlyMemory <byte> > Receive(ReadOnlyMemory <byte> req) { return(await server.ProcessMessage(req)); }