예제 #1
0
        /// <summary>
        /// Construct PA_TGS_REQ for TGS request.
        /// </summary>
        /// <param name="cRealm">This field contains the name of the realm in which the client is registered and in
        /// which initial authentication took place.</param>
        /// <param name="cName">This field contains the name part of the client's principal identifier.</param>
        /// <param name="checksumType">The checksum type in Authenticator.</param>
        /// <param name="checksumBody">The data to compute checksum.</param>
        /// <returns>The constructed PaData.</returns>
        private PA_DATA ConstructTgsPaData(Realm cRealm, PrincipalName cName, ChecksumType checksumType, byte[] checksumBody)
        {
            AP_REQ request = new AP_REQ();

            KerbAuthDataTokenRestrictions adRestriction =
                ConstructKerbAuthDataTokenRestrictions(0,
                                                       (uint)LSAP_TOKEN_INFO_INTEGRITY_Flags.FULL_TOKEN,
                                                       (uint)LSAP_TOKEN_INFO_INTEGRITY_TokenIL.Medium,
                                                       new Guid().ToString());
            AuthorizationData authData = ConstructAuthorizationData(adRestriction);

            // create and encrypt authenticator
            Authenticator authenticator = CreateAuthenticator(cRealm,
                                                              cName,
                                                              checksumType,
                                                              0,
                                                              0,
                                                              null,
                                                              authData,
                                                              context.TgsSessionKey,
                                                              checksumBody);
            Asn1BerEncodingBuffer asnBuffPlainAuthenticator = new Asn1BerEncodingBuffer();

            authenticator.BerEncode(asnBuffPlainAuthenticator, true);
            byte[] encAsnEncodedAuth =
                KileUtility.Encrypt((EncryptionType)context.TgsSessionKey.keytype.Value,
                                    context.TgsSessionKey.keyvalue.ByteArrayValue,
                                    asnBuffPlainAuthenticator.Data,
                                    (int)KeyUsageNumber.TG_REQ_PA_TGS_REQ_padataOR_AP_REQ_Authenticator);
            request.authenticator        = new EncryptedData();
            request.authenticator.etype  = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32(context.TgsSessionKey.keytype.Value);
            request.authenticator.cipher = new Asn1OctetString(encAsnEncodedAuth);

            // create AP request
            request.ap_options = new APOptions(KileUtility.ConvertInt2Flags((int)ApOptions.None));
            request.msg_type   = new Asn1Integer((int)MsgType.KRB_AP_REQ);
            request.pvno       = new Asn1Integer(ConstValue.KERBEROSV5);
            request.ticket     = context.TgsTicket;
            Asn1BerEncodingBuffer apBerBuffer = new Asn1BerEncodingBuffer();

            request.BerEncode(apBerBuffer, true);

            return(new PA_DATA(new KerbInt32((int)PaDataType.PA_TGS_REQ), new Asn1OctetString(apBerBuffer.Data)));
        }