public static KrbAsReq CreateAsReq(KerberosCredential credential, AuthenticationOptions options) { var kdcOptions = (KdcOptions)(options & ~AuthenticationOptions.AllAuthentication); var hostAddress = Environment.MachineName; var pacRequest = new KrbPaPacRequest { IncludePac = options.HasFlag(AuthenticationOptions.IncludePacRequest) }; var padata = new List <KrbPaData>() { new KrbPaData { Type = PaDataType.PA_PAC_REQUEST, Value = pacRequest.Encode() } }; var asreq = new KrbAsReq() { MessageType = MessageType.KRB_AS_REQ, Body = new KrbKdcReqBody { Addresses = new[] { new KrbHostAddress { AddressType = AddressType.NetBios, Address = Encoding.ASCII.GetBytes(hostAddress.PadRight(16, ' ')) } }, CName = KrbPrincipalName.FromString( credential.UserName, PrincipalNameType.NT_ENTERPRISE, credential.Domain ), EType = KerberosConstants.ETypes.ToArray(), KdcOptions = kdcOptions, Nonce = KerberosConstants.GetNonce(), RTime = KerberosConstants.EndOfTime, Realm = credential.Domain, SName = new KrbPrincipalName { Type = PrincipalNameType.NT_SRV_INST, Name = new[] { "krbtgt", credential.Domain } }, Till = KerberosConstants.EndOfTime }, PaData = padata.ToArray() }; if (options.HasFlag(AuthenticationOptions.PreAuthenticate)) { credential.TransformKdcReq(asreq); } return(asreq); }
public static KrbAsReq CreateAsReq(KerberosCredential credential, AuthenticationOptions options) { if (credential == null) { throw new ArgumentNullException(nameof(credential)); } var config = credential.Configuration ?? Krb5Config.Default(); var kdcOptions = (KdcOptions)(options & ~AuthenticationOptions.AllAuthentication); var pacRequest = new KrbPaPacRequest { IncludePac = options.HasFlag(AuthenticationOptions.IncludePacRequest) }; var padata = new List <KrbPaData>() { new KrbPaData { Type = PaDataType.PA_PAC_REQUEST, Value = pacRequest.Encode() } }; var asreq = new KrbAsReq() { Body = new KrbKdcReqBody { Addresses = IncludeAddresses(config), CName = ExtractCName(credential), EType = GetPreferredETypes(config.Defaults.DefaultTicketEncTypes, config.Defaults.AllowWeakCrypto).ToArray(), KdcOptions = kdcOptions, Nonce = GetNonce(), RTime = CalculateRenewTime(kdcOptions, config), Realm = credential.Domain, SName = new KrbPrincipalName { Type = PrincipalNameType.NT_SRV_INST, Name = new[] { "krbtgt", credential.Domain } }, Till = CalculateExpirationTime(config) }, PaData = padata.ToArray() }; if (options.HasFlag(AuthenticationOptions.PreAuthenticate)) { credential.TransformKdcReq(asreq); } return(asreq); }
public static KrbAsReq CreateAsReq(KerberosCredential credential, AuthenticationOptions options) { var kdcOptions = (KdcOptions)(options & ~AuthenticationOptions.AllAuthentication); var hostAddress = Environment.MachineName; var padata = new List <KrbPaData>() { new KrbPaData { Type = PaDataType.PA_PAC_REQUEST, Value = new KrbPaPacRequest { IncludePac = options.HasFlag(AuthenticationOptions.IncludePacRequest) }.Encode().AsMemory() } }; if (options.HasFlag(AuthenticationOptions.PreAuthenticate)) { KerberosConstants.Now(out DateTimeOffset timestamp, out int usec); var ts = new KrbPaEncTsEnc { PaTimestamp = timestamp, PaUSec = usec }; var tsEncoded = ts.Encode().AsMemory(); KrbEncryptedData encData = KrbEncryptedData.Encrypt( tsEncoded, credential.CreateKey(), KeyUsage.PaEncTs ); padata.Add(new KrbPaData { Type = PaDataType.PA_ENC_TIMESTAMP, Value = encData.Encode().AsMemory() }); } var asreq = new KrbAsReq() { MessageType = MessageType.KRB_AS_REQ, Body = new KrbKdcReqBody { Addresses = new[] { new KrbHostAddress { AddressType = AddressType.NetBios, Address = Encoding.ASCII.GetBytes(hostAddress.PadRight(16, ' ')) } }, CName = new KrbPrincipalName { Name = new[] { $"{credential.UserName}@{credential.Domain}" }, Type = PrincipalNameType.NT_ENTERPRISE }, EType = KerberosConstants.ETypes.ToArray(), KdcOptions = kdcOptions, Nonce = KerberosConstants.GetNonce(), RTime = KerberosConstants.EndOfTime, Realm = credential.Domain, SName = new KrbPrincipalName { Type = PrincipalNameType.NT_SRV_INST, Name = new[] { "krbtgt", credential.Domain } }, Till = KerberosConstants.EndOfTime }, PaData = padata.ToArray() }; return(asreq); }