/// <summary>
/// Logon user using Kerberos Ticket.
/// </summary>
/// <param name="type">The type of logon token.</param>
/// <param name="service_ticket">The service ticket.</param>
/// <param name="tgt_ticket">Optional TGT.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The logged on token.</returns>
public static NtResult <NtToken> LsaLogonTicket(SecurityLogonType type, KerberosTicket service_ticket, KerberosCredential tgt_ticket, bool throw_on_error)
{
if (service_ticket is null)
{
throw new ArgumentNullException(nameof(service_ticket));
}
return(LsaLogonTicket(type, service_ticket.TicketData, tgt_ticket?.ToArray(), throw_on_error));
}
private Authenticator CreateAuthenticator(
KerberosTicket ticket,
AuthorizationData data,
EncryptionKey subkey
)
{
Authenticator plaintextAuthenticator = new Authenticator();
plaintextAuthenticator.authenticator_vno = new Asn1Integer(KerberosConstValue.KERBEROSV5);
plaintextAuthenticator.crealm = ticket.Ticket.realm;
plaintextAuthenticator.cusec = new Microseconds(0);
plaintextAuthenticator.ctime = KerberosUtility.CurrentKerberosTime;
plaintextAuthenticator.seq_number = new Protocols.TestTools.StackSdk.Security.KerberosLib.KerbUInt32(0);
plaintextAuthenticator.cname = ticket.TicketOwner;
plaintextAuthenticator.subkey = subkey;
plaintextAuthenticator.authorization_data = data;
return(plaintextAuthenticator);
}
/// <summary>
/// Logon user using Kerberos Ticket.
/// </summary>
/// <param name="type">The type of logon token.</param>
/// <param name="service_ticket">The service ticket.</param>
/// <param name="tgt_ticket">Optional TGT.</param>
/// <returns>The logged on token.</returns>
public static NtToken LsaLogonTicket(SecurityLogonType type, KerberosTicket service_ticket, KerberosCredential tgt_ticket)
{
return(LsaLogonTicket(type, service_ticket, tgt_ticket, true).Result);
}
/// <summary>
/// Construct a kpassword test client
/// </summary>
/// <param name="kdcAddress">The IP address of the KDC.</param>
/// <param name="kdcPort">The port of the KDC for Kpassword.</param>
/// <param name="transportType">Whether the transport is TCP or UDP transport.</param>
/// <param name="ticket">The ticket authorized to change password</param>
public KpasswdTestClient(string kdcAddress, int kdcPort, TransportType transportType, KerberosTicket ticket)
: base(kdcAddress, kdcPort, transportType)
{
testSite = TestClassBase.BaseTestSite;
this.Context.Ticket = ticket;
}
/// <summary>Check whether the server principal is the TGS's principal</summary>
/// <param name="ticket">
/// the original TGT (the ticket that is obtained when a
/// kinit is done)
/// </param>
/// <returns>true or false</returns>
protected internal static bool IsOriginalTGT(KerberosTicket ticket)
{
return(IsTGSPrincipal(ticket.GetServer()));
}