public void KrbErrorRoundtrip()
{
var err = new KrbError
{
CName = new KrbPrincipalName {
Name = new[] { "krbtgt", "domain.com" }, Type = PrincipalNameType.NT_SRV_HST
},
CRealm = "domain.com",
CTime = DateTimeOffset.UtcNow,
Cusec = 123,
EData = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 },
ErrorCode = KerberosErrorCode.KRB_ERR_GENERIC,
EText = "this is a test of the error roundtrip",
Realm = "domain.com",
SName = new KrbPrincipalName {
Name = new[] { "krbtgt", "domain.com" }, Type = PrincipalNameType.NT_SRV_HST
},
STime = DateTimeOffset.UtcNow,
Susc = 2345356
};
var encoded = err.EncodeApplication();
var decoded = KrbError.DecodeApplication(encoded);
Assert.IsNotNull(decoded);
Assert.AreEqual(err.CRealm, decoded.CRealm);
Assert.AreEqual(MessageType.KRB_ERROR, decoded.MessageType);
Assert.AreEqual(5, decoded.ProtocolVersionNumber);
Assert.AreEqual(err.CTime.ToString(), decoded.CTime.ToString());
Assert.AreEqual(err.ErrorCode, decoded.ErrorCode);
Assert.AreEqual(err.Realm, decoded.Realm);
}
private ReadOnlyMemory <byte> PreAuthFailed(KerberosValidationException kex, IKerberosPrincipal principal)
{
var err = new KrbError
{
ErrorCode = KerberosErrorCode.KDC_ERR_PREAUTH_FAILED,
EText = kex.Message,
Realm = RealmService.Name,
SName = KrbPrincipalName.FromPrincipal(principal)
};
return(err.EncodeApplication());
}
private ReadOnlyMemory <byte> PreAuthFailed(PreAuthenticationContext context)
{
var err = new KrbError
{
ErrorCode = KerberosErrorCode.KDC_ERR_PREAUTH_FAILED,
EText = context.Failure.Message,
Realm = this.RealmService.Name,
SName = KrbPrincipalName.FromPrincipal(context.Principal)
};
return(err.EncodeApplication());
}
private ReadOnlyMemory <byte> RequirePreAuth(IEnumerable <KrbPaData> preAuthRequests, IKerberosPrincipal principal)
{
var err = new KrbError
{
ErrorCode = KerberosErrorCode.KDC_ERR_PREAUTH_REQUIRED,
EText = "",
Realm = RealmService.Name,
SName = KrbPrincipalName.FromPrincipal(principal),
EData = new KrbMethodData
{
MethodData = preAuthRequests.ToArray()
}.Encode().AsMemory()
};
return(err.EncodeApplication());
}
private ReadOnlyMemory <byte> RequirePreAuth(PreAuthenticationContext context)
{
this.logger.LogTrace("AS-REQ requires pre-auth for user {User}", context.Principal.PrincipalName);
var err = new KrbError
{
ErrorCode = KerberosErrorCode.KDC_ERR_PREAUTH_REQUIRED,
EText = string.Empty,
Realm = this.RealmService.Name,
SName = KrbPrincipalName.FromPrincipal(context.Principal),
EData = new KrbMethodData
{
MethodData = context.PaData.ToArray()
}.Encode()
};
return(err.EncodeApplication());
}
internal static ReadOnlyMemory <byte> GenerateError(KerberosErrorCode code, string error, string realm, string sname)
{
var krbErr = new KrbError()
{
ErrorCode = code,
EText = error,
Realm = realm,
SName = new KrbPrincipalName
{
Type = PrincipalNameType.NT_SRV_INST,
Name = new[] {
sname,
realm
}
}
};
krbErr.StampServerTime();
return(krbErr.EncodeApplication());
}