/// <summary> /// Create AP request and encode to GSSAPI token /// </summary> /// <param name="apOptions">AP options</param> /// <param name="data">Authorization data</param> /// <param name="subkey">Sub-session key in authenticator</param> /// <param name="checksumFlags">Checksum flags</param> /// <returns></returns> private byte[] CreateGssApiToken(ApOptions apOptions, AuthorizationData data, EncryptionKey subkey, ChecksumFlags checksumFlags, KerberosConstValue.GSSToken gssToken = KerberosConstValue.GSSToken.GSSSPNG) { APOptions options = new APOptions(KerberosUtility.ConvertInt2Flags((int)apOptions)); Authenticator authenticator = CreateAuthenticator(Context.Ticket, data, subkey, checksumFlags); this.ApRequestAuthenticator = authenticator; KerberosApRequest request = new KerberosApRequest( Context.Pvno, options, Context.Ticket, authenticator, KeyUsageNumber.AP_REQ_Authenticator ); this.client.UpdateContext(request); if ((this.Context.ChecksumFlag & ChecksumFlags.GSS_C_DCE_STYLE) == ChecksumFlags.GSS_C_DCE_STYLE) { return(request.ToBytes()); } else { return(KerberosUtility.AddGssApiTokenHeader(request, this.client.OidPkt, gssToken)); } }
private PA_DATA CreatePaTgsReqest(ChecksumType checksumType, byte[] checksumBody, AuthorizationData data) { APOptions option = new APOptions(KerberosUtility.ConvertInt2Flags((int)ApOptions.None)); EncryptionKey key = Context.SessionKey; KerberosApRequest apRequest = CreateApRequest(option, Context.Ticket, null, data, KeyUsageNumber.TG_REQ_PA_TGS_REQ_padataOR_AP_REQ_Authenticator, checksumType, checksumBody); PaTgsReq paTgsReq = new PaTgsReq(apRequest.Request); return(paTgsReq.Data); }
/// <summary> /// Create an instance. /// </summary> public KpasswordRequest(KerberosTicket ticket, Authenticator authenticator, string newPwd, bool isAuthErrorRequired = false) { //Create KerberosApRequest long pvno = KerberosConstValue.KERBEROSV5; APOptions option = new APOptions(KerberosUtility.ConvertInt2Flags((int)ApOptions.None)); KerberosApRequest ap_req = new KerberosApRequest(pvno, option, ticket, authenticator, KeyUsageNumber.AP_REQ_Authenticator); //Create KRB_PRIV ChangePasswdData pwd_data = new ChangePasswdData(new Asn1OctetString(newPwd), null, null); priv_enc_part = new EncKrbPrivPart(); priv_enc_part.user_data = pwd_data.newpasswd; priv_enc_part.usec = authenticator.cusec; priv_enc_part.seq_number = authenticator.seq_number; priv_enc_part.s_address = new HostAddress(new KerbInt32((int)AddressType.NetBios), new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName()))); Asn1BerEncodingBuffer asnBuffPriv = new Asn1BerEncodingBuffer(); priv_enc_part.BerEncode(asnBuffPriv, true); byte[] encAsnEncodedPriv = null; if (!isAuthErrorRequired) { encAsnEncodedPriv = KerberosUtility.Encrypt((EncryptionType)authenticator.subkey.keytype.Value, authenticator.subkey.keyvalue.ByteArrayValue, asnBuffPriv.Data, (int)KeyUsageNumber.KRB_PRIV_EncPart); } else { encAsnEncodedPriv = KerberosUtility.Encrypt((EncryptionType)authenticator.subkey.keytype.Value, authenticator.subkey.keyvalue.ByteArrayValue, asnBuffPriv.Data, (int)KeyUsageNumber.None); } var encrypted = new EncryptedData(); encrypted.etype = new KerbInt32(authenticator.subkey.keytype.Value); encrypted.cipher = new Asn1OctetString(encAsnEncodedPriv); KRB_PRIV krb_priv = new KRB_PRIV(new Asn1Integer(pvno), new Asn1Integer((long)MsgType.KRB_PRIV), encrypted); //Calculate the msg_length and ap_req_length krb_priv.BerEncode(privBuffer, true); ap_req.Request.BerEncode(apBuffer, true); version = 0x0001; ap_req_length = (ushort)apBuffer.Data.Length; msg_length = (ushort)(ap_req_length + privBuffer.Data.Length + 3 * sizeof(ushort)); //Convert Endian version = KerberosUtility.ConvertEndian(version); ap_req_length = KerberosUtility.ConvertEndian(ap_req_length); msg_length = KerberosUtility.ConvertEndian(msg_length); }
private KDC_REQ_BODY CreateKdcRequestBody(KdcOptions kdcOptions, PrincipalName sName) { KerbUInt32 nonce = new KerbUInt32((uint)Math.Abs((int)DateTime.Now.Ticks)); KerberosTime till = new KerberosTime(KerberosConstValue.TGT_TILL_TIME); KerberosTime rtime = new KerberosTime(KerberosConstValue.TGT_RTIME); HostAddresses addresses = new HostAddresses(new HostAddress[1] { new HostAddress(new KerbInt32((int)AddressType.NetBios), new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName()))) }); KDCOptions options = new KDCOptions(KerberosUtility.ConvertInt2Flags((int)kdcOptions)); KDC_REQ_BODY kdcReqBody = new KDC_REQ_BODY(options, Context.CName.Name, Context.Realm, sName, null, till, rtime, nonce, Context.SupportedEType, addresses, null, null); return(kdcReqBody); }