/// <summary>
/// Create an instance.
/// </summary>
public KpasswordRequest(KerberosTicket ticket, Authenticator authenticator, string newPwd, bool isAuthErrorRequired = false)
{
//Create KerberosApRequest
long pvno = KerberosConstValue.KERBEROSV5;
APOptions option = new APOptions(KerberosUtility.ConvertInt2Flags((int)ApOptions.None));
KerberosApRequest ap_req = new KerberosApRequest(pvno, option, ticket, authenticator, KeyUsageNumber.AP_REQ_Authenticator);
//Create KRB_PRIV
ChangePasswdData pwd_data = new ChangePasswdData(new Asn1OctetString(newPwd), null, null);
priv_enc_part = new EncKrbPrivPart();
priv_enc_part.user_data = pwd_data.newpasswd;
priv_enc_part.usec = authenticator.cusec;
priv_enc_part.seq_number = authenticator.seq_number;
priv_enc_part.s_address = new HostAddress(new KerbInt32((int)AddressType.NetBios), new Asn1OctetString(Encoding.ASCII.GetBytes(System.Net.Dns.GetHostName())));
Asn1BerEncodingBuffer asnBuffPriv = new Asn1BerEncodingBuffer();
priv_enc_part.BerEncode(asnBuffPriv, true);
byte[] encAsnEncodedPriv = null;
if (!isAuthErrorRequired)
{
encAsnEncodedPriv = KerberosUtility.Encrypt((EncryptionType)authenticator.subkey.keytype.Value,
authenticator.subkey.keyvalue.ByteArrayValue,
asnBuffPriv.Data,
(int)KeyUsageNumber.KRB_PRIV_EncPart);
}
else
{
encAsnEncodedPriv = KerberosUtility.Encrypt((EncryptionType)authenticator.subkey.keytype.Value,
authenticator.subkey.keyvalue.ByteArrayValue,
asnBuffPriv.Data,
(int)KeyUsageNumber.None);
}
var encrypted = new EncryptedData();
encrypted.etype = new KerbInt32(authenticator.subkey.keytype.Value);
encrypted.cipher = new Asn1OctetString(encAsnEncodedPriv);
KRB_PRIV krb_priv = new KRB_PRIV(new Asn1Integer(pvno), new Asn1Integer((long)MsgType.KRB_PRIV), encrypted);
//Calculate the msg_length and ap_req_length
krb_priv.BerEncode(privBuffer, true);
ap_req.Request.BerEncode(apBuffer, true);
version = 0x0001;
ap_req_length = (ushort)apBuffer.Data.Length;
msg_length = (ushort)(ap_req_length + privBuffer.Data.Length + 3 * sizeof(ushort));
//Convert Endian
version = KerberosUtility.ConvertEndian(version);
ap_req_length = KerberosUtility.ConvertEndian(ap_req_length);
msg_length = KerberosUtility.ConvertEndian(msg_length);
}
/// <summary>
/// Create an instance.
/// </summary>
public KerberosApRequest(long pvno, APOptions ap_options, KerberosTicket ticket, Authenticator authenticator, KeyUsageNumber keyUsageNumber)
{
Asn1BerEncodingBuffer asnBuffPlainAuthenticator = new Asn1BerEncodingBuffer();
authenticator.BerEncode(asnBuffPlainAuthenticator, true);
KerberosUtility.OnDumpMessage("KRB5:Authenticator",
"Authenticator in AP-REQ structure",
KerberosUtility.DumpLevel.PartialMessage,
asnBuffPlainAuthenticator.Data);
byte[] encAsnEncodedAuth = KerberosUtility.Encrypt((EncryptionType)ticket.SessionKey.keytype.Value,
ticket.SessionKey.keyvalue.ByteArrayValue,
asnBuffPlainAuthenticator.Data,
(int)keyUsageNumber);
var encrypted = new EncryptedData();
encrypted.etype = new KerbInt32(ticket.SessionKey.keytype.Value);
encrypted.cipher = new Asn1OctetString(encAsnEncodedAuth);
long msg_type = (long)MsgType.KRB_AP_REQ;
Request = new AP_REQ(new Asn1Integer(pvno), new Asn1Integer(msg_type), ap_options, ticket.Ticket, encrypted);
Authenticator = authenticator;
}
private Authenticator CreateAuthenticator(
KerberosTicket ticket,
AuthorizationData data,
EncryptionKey subkey
)
{
Authenticator plaintextAuthenticator = new Authenticator();
plaintextAuthenticator.authenticator_vno = new Asn1Integer(KerberosConstValue.KERBEROSV5);
plaintextAuthenticator.crealm = Context.CName.Realm;
plaintextAuthenticator.cusec = new Microseconds(0);
plaintextAuthenticator.ctime = KerberosUtility.CurrentKerberosTime;
plaintextAuthenticator.seq_number = new KerbUInt32(0);
plaintextAuthenticator.cname = ticket.TicketOwner;
plaintextAuthenticator.subkey = subkey;
plaintextAuthenticator.authorization_data = data;
return plaintextAuthenticator;
}
private Authenticator CreateAuthenticator(PrincipalName cname, Realm realm, EncryptionKey subkey = null, AuthorizationData data = null)
{
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Create authenticator");
Random r = new Random();
int seqNum = r.Next();
Authenticator plaintextAuthenticator = new Authenticator
{
authenticator_vno = new Asn1Integer(KerberosConstValue.KERBEROSV5),
crealm = realm,
cusec = new Microseconds(0),
ctime = KerberosUtility.CurrentKerberosTime,
seq_number = new KerbUInt32(seqNum),
cname = cname,
subkey = subkey,
authorization_data = data
};
AuthCheckSum checksum = new AuthCheckSum { Lgth = KerberosConstValue.AUTHENTICATOR_CHECKSUM_LENGTH };
checksum.Bnd = new byte[checksum.Lgth];
checksum.Flags = (int)(ChecksumFlags.GSS_C_MUTUAL_FLAG | ChecksumFlags.GSS_C_INTEG_FLAG);
byte[] checkData = ArrayUtility.ConcatenateArrays(BitConverter.GetBytes(checksum.Lgth),
checksum.Bnd, BitConverter.GetBytes(checksum.Flags));
plaintextAuthenticator.cksum = new Checksum(new KerbInt32((int)ChecksumType.ap_authenticator_8003), new Asn1OctetString(checkData));
return plaintextAuthenticator;
}
