public DateTimeOffset DecryptTimestamp(KerberosKey key, out EncryptionType etype) { var timestampPaData = this.PaData.FirstOrDefault(p => p.Type == PaDataType.PA_ENC_TIMESTAMP); if (timestampPaData == null) { etype = EncryptionType.NULL; return(DateTimeOffset.MinValue); } var encryptedTimestamp = KrbEncryptedData.Decode(timestampPaData.Value); var tsEnc = encryptedTimestamp.Decrypt(key, KeyUsage.PaEncTs, d => KrbPaEncTsEnc.Decode(d)); var timestamp = tsEnc.PaTimestamp; if (tsEnc.PaUSec > 0) { timestamp = timestamp.AddTicks(tsEnc.PaUSec.Value / 10); } etype = encryptedTimestamp.EType; return(timestamp); }
internal static KrbPaEncTsEnc CreateForNow() { var ts = new KrbPaEncTsEnc(); Now(out DateTimeOffset timestamp, out int usec); ts.PaTimestamp = timestamp; ts.PaUSec = usec; return(ts); }
internal static KrbPaEncTsEnc Now() { var ts = new KrbPaEncTsEnc(); KerberosConstants.Now(out DateTimeOffset timestamp, out int usec); ts.PaTimestamp = timestamp; ts.PaUSec = usec; return(ts); }
public static KrbAsReq CreateAsReq(KerberosCredential credential, AuthenticationOptions options) { var kdcOptions = (KdcOptions)(options & ~AuthenticationOptions.AllAuthentication); var hostAddress = Environment.MachineName; var padata = new List <KrbPaData>() { new KrbPaData { Type = PaDataType.PA_PAC_REQUEST, Value = new KrbPaPacRequest { IncludePac = options.HasFlag(AuthenticationOptions.IncludePacRequest) }.Encode().AsMemory() } }; if (options.HasFlag(AuthenticationOptions.PreAuthenticate)) { KerberosConstants.Now(out DateTimeOffset timestamp, out int usec); var ts = new KrbPaEncTsEnc { PaTimestamp = timestamp, PaUSec = usec }; var tsEncoded = ts.Encode().AsMemory(); KrbEncryptedData encData = KrbEncryptedData.Encrypt( tsEncoded, credential.CreateKey(), KeyUsage.PaEncTs ); padata.Add(new KrbPaData { Type = PaDataType.PA_ENC_TIMESTAMP, Value = encData.Encode().AsMemory() }); } var asreq = new KrbAsReq() { MessageType = MessageType.KRB_AS_REQ, Body = new KrbKdcReqBody { Addresses = new[] { new KrbHostAddress { AddressType = AddressType.NetBios, Address = Encoding.ASCII.GetBytes(hostAddress.PadRight(16, ' ')) } }, CName = new KrbPrincipalName { Name = new[] { $"{credential.UserName}@{credential.Domain}" }, Type = PrincipalNameType.NT_ENTERPRISE }, EType = KerberosConstants.ETypes.ToArray(), KdcOptions = kdcOptions, Nonce = KerberosConstants.GetNonce(), RTime = KerberosConstants.EndOfTime, Realm = credential.Domain, SName = new KrbPrincipalName { Type = PrincipalNameType.NT_SRV_INST, Name = new[] { "krbtgt", credential.Domain } }, Till = KerberosConstants.EndOfTime }, PaData = padata.ToArray() }; return(asreq); }