private KDC_REQ_BODY CreateKdcRequestBody(KdcOptions kdcOptions, PrincipalName sName, AuthorizationData authData = null)
{
KDC_REQ_BODY kdcReqBody = this.CreateKdcRequestBody(kdcOptions, sName);
if (authData == null)
{
return(kdcReqBody);
}
Asn1BerEncodingBuffer asnEncBuffer = new Asn1BerEncodingBuffer();
authData.BerEncode(asnEncBuffer, true);
EncryptedData encryptData = new EncryptedData();
encryptData.etype = new KerbInt32(0);
byte[] encryptAsnEncoded = asnEncBuffer.Data;
if (this.Context.SessionKey != null && this.Context.SessionKey.keytype != null && this.Context.SessionKey.keyvalue != null && this.Context.SessionKey.keyvalue.Value != null)
{
encryptAsnEncoded = KerberosUtility.Encrypt(
(EncryptionType)this.Context.SessionKey.keytype.Value,
this.Context.SessionKey.keyvalue.ByteArrayValue,
encryptAsnEncoded,
(int)KeyUsageNumber.TGS_REQ_KDC_REQ_BODY_AuthorizationData
);
encryptData.etype = new KerbInt32(this.Context.SessionKey.keytype.Value);
}
encryptData.cipher = new Asn1OctetString(encryptAsnEncoded);
kdcReqBody.enc_authorization_data = encryptData;
return(kdcReqBody);
}
private void SendTgsRequest(string sName, KdcOptions kdcOptions, Asn1SequenceOf <PA_DATA> seqPadata = null, AuthorizationData dataInAuthentiator = null, AuthorizationData dataInEncAuthData = null, MsgType msgType = MsgType.KRB_TGS_REQ)
{
if (string.IsNullOrEmpty(sName))
{
throw new ArgumentNullException("sName");
}
PrincipalName sname = new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName.Split('/')));
KDC_REQ_BODY kdcReqBody = this.CreateKdcRequestBody(kdcOptions, sname, dataInEncAuthData); // almost same as AS request
Asn1BerEncodingBuffer bodyBuffer = new Asn1BerEncodingBuffer();
kdcReqBody.BerEncode(bodyBuffer);
ChecksumType checksumType = KerberosUtility.GetChecksumType(this.Context.SelectedEType);
PA_DATA paTgsReq = CreatePaTgsReqest(checksumType, bodyBuffer.Data, dataInAuthentiator); // use AS session key encrypt authenticator.
Asn1SequenceOf <PA_DATA> tempPaData = null;
if (seqPadata == null || seqPadata.Elements == null || seqPadata.Elements.Length == 0)
{
tempPaData = new Asn1SequenceOf <PA_DATA>(new PA_DATA[] { paTgsReq });
}
else
{
PA_DATA[] paDatas = new PA_DATA[seqPadata.Elements.Length + 1];
Array.Copy(seqPadata.Elements, paDatas, seqPadata.Elements.Length);
paDatas[seqPadata.Elements.Length] = paTgsReq;
tempPaData = new Asn1SequenceOf <PA_DATA>(paDatas);
}
KerberosTgsRequest tgsRequest = new KerberosTgsRequest(KerberosConstValue.KERBEROSV5, kdcReqBody, tempPaData, Context.TransportType);
tgsRequest.Request.msg_type.Value = (long)msgType;
this.client.SendPdu(tgsRequest);
}
public KDC_REQ()
{
this.pvno = null;
this.msg_type = null;
this.padata = null;
this.req_body = null;
}
public KrbFastReq(
FastOptions param0,
Asn1SequenceOf<PA_DATA> param1,
KDC_REQ_BODY param2)
{
this.fast_options = param0;
this.padata = param1;
this.req_body = param2;
}
private KerberosAsRequest CreateAsRequest(KDC_REQ_BODY kdcReqBody, Asn1SequenceOf <PA_DATA> paDatas, long pvno = KerberosConstValue.KERBEROSV5)
{
KerberosAsRequest request = new KerberosAsRequest(
pvno,
kdcReqBody,
paDatas,
Context.TransportType);
return(request);
}
public TGS_REQ(
Asn1Integer param0,
Asn1Integer param1,
Asn1SequenceOf<PA_DATA> param2,
KDC_REQ_BODY param3)
{
this.pvno = param0;
this.msg_type = param1;
this.padata = param2;
this.req_body = param3;
}
public AS_REQ(
Asn1Integer param0,
Asn1Integer param1,
Asn1SequenceOf <PA_DATA> param2,
KDC_REQ_BODY param3)
{
this.pvno = param0;
this.msg_type = param1;
this.padata = param2;
this.req_body = param3;
}
private KerberosAsRequest SendAsRequest(KdcOptions kdcOptions, Asn1SequenceOf <PA_DATA> seqPaData)
{
string sName = KerberosConstValue.KERBEROS_SNAME;
string domain = this.Context.Realm.Value;
PrincipalName sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
KDC_REQ_BODY kdcReqBody = CreateKdcRequestBody(kdcOptions, sname);
KerberosAsRequest asRequest = this.CreateAsRequest(kdcReqBody, seqPaData);
this.client.SendPdu(asRequest);
return(asRequest);
}
private KDC_REQ_BODY CreateKdcRequestBody(KdcOptions kdcOptions, PrincipalName sName)
{
KerbUInt32 nonce = new KerbUInt32((uint)Math.Abs((int)DateTime.Now.Ticks));
KerberosTime till = new KerberosTime(KerberosConstValue.TGT_TILL_TIME);
KerberosTime rtime = new KerberosTime(KerberosConstValue.TGT_RTIME);
HostAddresses addresses =
new HostAddresses(new HostAddress[1] {
new HostAddress(new KerbInt32((int)AddressType.NetBios),
new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName())))
});
KDCOptions options = new KDCOptions(KerberosUtility.ConvertInt2Flags((int)kdcOptions));
KDC_REQ_BODY kdcReqBody = new KDC_REQ_BODY(options, Context.CName.Name, Context.Realm, sName, null, till, rtime, nonce, Context.SupportedEType, addresses, null, null);
return(kdcReqBody);
}
public KerberosTgsRequest(long pvno, KDC_REQ_BODY kdcReqBody, Asn1SequenceOf <PA_DATA> paDatas, TransportType transportType)
{
this.Request = new TGS_REQ(new Asn1Integer(pvno), new Asn1Integer((long)MsgType.KRB_TGS_REQ), paDatas, kdcReqBody);
this.transportType = transportType;
}
public KerberosFastRequest(FastOptions options, Asn1SequenceOf <PA_DATA> seqPaData, KDC_REQ_BODY kdcReqBody)
{
this.FastReq = new KrbFastReq(options, seqPaData, kdcReqBody);
}
private KerberosAsRequest CreateAsRequest(KDC_REQ_BODY kdcReqBody, Asn1SequenceOf<PA_DATA> paDatas, long pvno = KerberosConstValue.KERBEROSV5)
{
KerberosAsRequest request = new KerberosAsRequest(
pvno,
kdcReqBody,
paDatas,
Context.TransportType);
return request;
}
public PaFxFastReq CreateAsPaFxFast(
EncryptionKey subKey,
FastOptions fastOptions,
ApOptions apOptions,
Asn1SequenceOf<PA_DATA> seqPaData,
string sName,
KDC_REQ_BODY kdcReqBody,
KrbFastArmorType armorType
)
{
string domain = this.Context.Realm.Value;
PrincipalName sname =
new PrincipalName(new KerbInt32((int)PrincipalType.NT_SRV_INST), KerberosUtility.String2SeqKerbString(sName, domain));
var armorKey = KerberosUtility.MakeArmorKey(
Context.SelectedEType,
subKey.keyvalue.ByteArrayValue,
Context.ArmorSessionKey.keyvalue.ByteArrayValue);
Context.FastArmorkey = new EncryptionKey(new KerbInt32((long)Context.SelectedEType), new Asn1OctetString(armorKey));
Asn1BerEncodingBuffer encodebuf = new Asn1BerEncodingBuffer();
kdcReqBody.BerEncode(encodebuf);
var checksumType = KerberosUtility.GetChecksumType(Context.SelectedEType);
var chksum = KerberosUtility.GetChecksum(
armorKey,
encodebuf.Data,
(int)KeyUsageNumber.FAST_REQ_CHECKSUM,
checksumType);
Checksum checkSum = new Checksum(new KerbInt32((int)checksumType), new Asn1OctetString(chksum));
Authenticator plaintextAuthenticator = CreateAuthenticator(Context.ArmorTicket, null, subKey);
KerberosApRequest apReq = new KerberosApRequest(Context.Pvno,
new APOptions(KerberosUtility.ConvertInt2Flags((int)apOptions)),
Context.ArmorTicket,
plaintextAuthenticator,
KeyUsageNumber.AP_REQ_Authenticator);
KDC_REQ_BODY innerKdcReqBody = CreateKdcRequestBody(KdcOptions.CANONICALIZE | KdcOptions.FORWARDABLE | KdcOptions.RENEWABLE, sname);
KerberosFastRequest fastReq = new KerberosFastRequest(fastOptions, seqPaData, innerKdcReqBody);
FastArmorApRequest fastArmor = new FastArmorApRequest(apReq.Request);
fastArmor.armorType = armorType;
KerberosArmoredRequest armoredReq
= new KerberosArmoredRequest(fastArmor, checkSum, (long)Context.SelectedEType, armorKey, fastReq);
PA_FX_FAST_REQUEST paFxFastReq = new PA_FX_FAST_REQUEST();
paFxFastReq.SetData(PA_FX_FAST_REQUEST.armored_data, armoredReq.FastArmoredReq);
PaFxFastReq paFxfast = new PaFxFastReq(paFxFastReq);
return paFxfast;
}
private KDC_REQ_BODY CreateKdcRequestBody(
KdcOptions kdcOptions,
PrincipalName sName,
KerberosTime from,
KerberosTime till
)
{
KerbUInt32 nonce = new KerbUInt32((uint)Math.Abs((int)DateTime.Now.Ticks));
KerberosTime rtime = new KerberosTime(KerberosConstValue.TGT_RTIME);
HostAddresses addresses =
new HostAddresses(new HostAddress[1] { new HostAddress(new KerbInt32((int)AddressType.NetBios),
new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName()))) });
KDCOptions options = new KDCOptions(KerberosUtility.ConvertInt2Flags((int)kdcOptions));
KDC_REQ_BODY kdcReqBody = new KDC_REQ_BODY(options, Context.CName.Name, Context.Realm, sName, from, till, rtime, nonce, Context.SupportedEType, addresses, null, null);
return kdcReqBody;
}
public KerberosFastRequest(FastOptions options, Asn1SequenceOf<PA_DATA> seqPaData, KDC_REQ_BODY kdcReqBody)
{
this.FastReq = new KrbFastReq(options, seqPaData, kdcReqBody);
}
public KerberosAsRequest(long pvno, KDC_REQ_BODY kdcReqBody, Asn1SequenceOf<PA_DATA> paDatas, TransportType transportType)
{
this.Request = new AS_REQ(new Asn1Integer(pvno), new Asn1Integer((long)MsgType.KRB_AS_REQ), paDatas, kdcReqBody);
this.transportType = transportType;
}
