private void ReadCredentials(NdrBuffer buffer)
{
while (buffer.BytesAvailable > 0)
{
var cred = new Krb5Credential
{
Client = ReadPrincipal(buffer),
Server = ReadPrincipal(buffer),
KeyBlock = ReadKeyBlock(buffer),
AuthTime = ReadDateTimeOffset(buffer),
StartTime = ReadDateTimeOffset(buffer),
EndTime = ReadDateTimeOffset(buffer),
RenewTill = ReadDateTimeOffset(buffer),
IsKey = buffer.ReadByteLittleEndian() != 0,
Flags = (TicketFlags)buffer.ReadInt32BigEndian(),
Addresses = ReadAddresses(buffer),
AuthData = ReadAuthData(buffer),
Ticket = ReadData(buffer).value,
SecondTicket = ReadData(buffer).value
};
if ("X-CACHECONF:".Equals(cred.Server.Realm, StringComparison.OrdinalIgnoreCase))
{
this.ParseConfiguration(cred);
}
else
{
this.Credentials.Add(cred);
}
}
}
private void ParseConfiguration(Krb5Credential cred)
{
if (cred.Server.Names.Count < 2)
{
return;
}
if (!"krb5_ccache_conf_data".Equals(cred.Server.Names[0], StringComparison.OrdinalIgnoreCase))
{
return;
}
switch (cred.Server.Names[1])
{
case "fast_avail":
this.FastAvailable = "yes".Equals(Encoding.UTF8.GetString(cred.Ticket.ToArray()), StringComparison.OrdinalIgnoreCase);
break;
case "pa_config_data":
this.PreAuthConfiguration = Encoding.UTF8.GetString(cred.Ticket.ToArray());
break;
case "pa_type":
this.PreAuthType = (PaDataType)(int)char.GetNumericValue((char)cred.Ticket.Span[0]);
break;
case "proxy_impersonator":
this.ProxyImpersonator = Encoding.UTF8.GetString(cred.Ticket.ToArray());
break;
case "refresh_time":
break;
}
}
internal object GetCacheItem(string key)
{
Krb5Credential cred = this.FindCredential(key);
if (cred is null)
{
return(cred);
}
return(new KerberosClientCacheEntry
{
KdcResponse = new KrbTgsRep
{
Ticket = KrbTicket.DecodeApplication(cred.Ticket),
CName = KrbPrincipalName.FromString(cred.Client.FullyQualifiedName),
CRealm = cred.Client.Realm,
EncPart = new KrbEncryptedData {
}
},
SessionKey = new KrbEncryptionKey
{
EType = cred.KeyBlock.Key,
KeyValue = cred.KeyBlock.Value
},
Flags = cred.Flags,
SName = KrbPrincipalName.FromString(cred.Server.FullyQualifiedName)
});
}
private static object CredToCacheEntry(Krb5Credential cred)
{
return(new KerberosClientCacheEntry
{
KdcResponse = new KrbTgsRep
{
Ticket = KrbTicket.DecodeApplication(cred.Ticket),
CName = KrbPrincipalName.FromString(cred.Client.FullyQualifiedName, cred.Client.Type),
CRealm = cred.Client.Realm,
EncPart = new KrbEncryptedData {
}
},
SessionKey = new KrbEncryptionKey
{
EType = cred.KeyBlock.Key,
KeyValue = cred.KeyBlock.Value
},
Flags = cred.Flags,
SName = KrbPrincipalName.FromString(cred.Server.FullyQualifiedName),
AuthTime = cred.AuthTime,
StartTime = cred.StartTime,
EndTime = cred.EndTime,
RenewTill = cred.RenewTill <= DateTimeOffset.MinValue ? null : cred.RenewTill
});
}
internal object GetCacheItem(string key)
{
Krb5Credential cred = this.FindCredential(key);
if (cred is null)
{
return(null);
}
return(CredToCacheEntry(cred));
}
private static void WriteCredential(Krb5Credential cred, NdrBuffer buffer)
{
WritePrincipal(cred.Client, buffer);
WritePrincipal(cred.Server, buffer);
WriteKeyBlock(cred.KeyBlock, buffer);
WriteDateTimeOffset(cred.AuthTime, buffer);
WriteDateTimeOffset(cred.StartTime, buffer);
WriteDateTimeOffset(cred.EndTime, buffer);
WriteDateTimeOffset(cred.RenewTill, buffer);
buffer.WriteByte(cred.IsKey ? (byte)0x1 : (byte)0x0);
buffer.WriteInt32BigEndian((int)cred.Flags);
WriteAddresses(cred.Addresses, buffer);
WriteAuthData(cred.AuthData, buffer);
WriteData(cred.Ticket, buffer);
WriteData(cred.SecondTicket, buffer);
}
internal bool Contains(TicketCacheEntry entry)
{
Krb5Credential cred = this.FindCredential(entry.Key);
return(cred != null);
}
