/// <summary> /// Create a KileClient instance. /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="password">The password of the user. This argument cannot be null.</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> public KileClient(string domain, string cName, string password, KileAccountType accountType) { if (domain == null) { throw new ArgumentNullException("domain"); } if (cName == null) { throw new ArgumentNullException("cName"); } if (password == null) { throw new ArgumentNullException("password"); } context = new KileClientContext(); decoder = new KileDecoder(context); transportBufferSize = ConstValue.TRANSPORT_BUFFER_SIZE; this.domain = domain; this.userName = cName; this.password = password; context.Password = password; context.Salt = GenerateSalt(domain, cName, accountType); }
/// <summary> /// Create a KileDecrypter instance. /// User should call following methods in sequence to initialize: AsExchange, TgsExchange and ApExchange. /// After exchanges are done, call DecryptRequest or DecryptResponse from first encrypted message to last. /// Do not skip any request or response. /// </summary> /// <param name="domain"> /// The realm part of the client's principal identifier. /// This argument cannot be null. /// </param> /// <param name="cName"> /// The account to logon the remote machine. Either user account or computer account. /// This argument cannot be null. /// </param> /// <param name="password"> /// The password of the user. /// This argument cannot be null. /// </param> /// <param name="accountType"> /// The type of the logon account. User or Computer. /// </param> /// <param name="connectionType"> /// The connection type, TCP or UDP. /// </param> /// <exception cref="System.ArgumentNullException"> /// Thrown when any parameter is null. /// </exception> public KileDecrypter( string domain, string cName, string password, KileAccountType accountType, KileConnectionType connectionType) { if (domain == null) { throw new ArgumentNullException(nameof(domain)); } if (cName == null) { throw new ArgumentNullException(nameof(cName)); } if (password == null) { throw new ArgumentNullException(nameof(password)); } kileDecoder = new KileDecoder(); kileDecoder.connectionType = connectionType; string salt = KileRole.GenerateSalt(domain, cName, accountType); kileDecoder.clientContext = new KileClientContext(); kileDecoder.clientContext.Password = password; kileDecoder.clientContext.TransportType = connectionType; kileDecoder.clientContext.Salt = salt; kileDecoder.serverContext = new KileServerContext(); kileDecoder.serverContext.TransportType = connectionType; kileDecoder.serverContext.Salt = salt; kileDecoder.serverContextList = new Dictionary <KileConnection, KileServerContext>(new KileServerContextComparer()); kileDecoder.serverContextList.Add(new KileConnection(FAKE_ENDPOINT), kileDecoder.serverContext); }
public KileAsResponse CreateAsResponse( KileConnection kileConnection, KileAccountType accountType, string password, Asn1SequenceOf <PA_DATA> SeqofPaData, EncTicketFlags encTicketFlags, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); string cName = serverContext.UserName.name_string.Elements[0].Value; string cRealm = serverContext.UserRealm.Value; serverContext.Salt = GenerateSalt(cRealm, cName, accountType); serverContext.TicketEncryptKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC), new Asn1OctetString(GetEncryptionKeyByType(EncryptionType.RC4_HMAC))); if (password == null) { throw new ArgumentNullException(nameof(password)); } else { serverContext.Password = password; } KileAsResponse response = new KileAsResponse(serverContext); // Construct a Ticket var ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart var encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.Elements[0].Value; encTicketPart.key = new EncryptionKey(new KerbInt32((int)encryptionType), new Asn1OctetString(GetEncryptionKeyByType(encryptionType))); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.UserRealm; encTicketPart.cname = serverContext.UserName; encTicketPart.transited = new TransitedEncoding(new KerbInt32(4), null); encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.endTime; encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP); response.Response.padata = SeqofPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart var encASRepPart = new EncASRepPart(); encASRepPart.key = encTicketPart.key; var element = new LastReqElement(new KerbInt32(0), KileUtility.CurrentKerberosTime); encASRepPart.last_req = new LastReq(new LastReqElement[] { element }); encASRepPart.nonce = serverContext.Nonce; encASRepPart.flags = encTicketPart.flags; encASRepPart.authtime = encTicketPart.authtime; encASRepPart.starttime = encTicketPart.starttime; encASRepPart.endtime = encTicketPart.endtime; encASRepPart.renew_till = encTicketPart.renew_till; encASRepPart.srealm = ticket.realm; encASRepPart.sname = ticket.sname; encASRepPart.caddr = encTicketPart.caddr; response.EncPart = encASRepPart; return(response); }