/// <summary> /// Create TGS response. /// </summary> /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param> /// <param name="seqOfPaData">The pre-authentication data. /// This argument can be generated by method ConstructPaData. This argument could be null.</param> /// <param name="encTicketFlags">Ticket Flags</param> /// <param name="ticketEncryptKey">Encryption key used to encrypt ticket. This parameter cannot be null /// In User-User Authentication mode, use session key in additional ticket in KileTgsRequest. /// Otherwise use service's secret key. /// A 16 byte buffer. RC4-HMAC encryption type is used for this key</param> /// <returns>The created TGS response.</returns> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context /// is found </exception> public KileTgsResponse CreateTgsResponse( KileConnection kileConnection, _SeqOfPA_DATA seqOfPaData, EncTicketFlags encTicketFlags, byte[] ticketEncryptKey) { if (ticketEncryptKey == null) { throw new ArgumentNullException("ticketEncryptKey"); } EncryptionKey ticketKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, ticketEncryptKey); return(CreateTgsResponse(kileConnection, seqOfPaData, encTicketFlags, ticketKey, null)); }
public KileTgsResponse CreateTgsResponse( KileConnection kileConnection, Asn1SequenceOf <PA_DATA> seqOfPaData, EncTicketFlags encTicketFlags, byte[] ticketEncryptKey) { if (ticketEncryptKey == null) { throw new ArgumentNullException(nameof(ticketEncryptKey)); } var ticketKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC), new Asn1OctetString(ticketEncryptKey)); return(CreateTgsResponse(kileConnection, seqOfPaData, encTicketFlags, ticketKey, null)); }
public KileTgsResponse CreateTgsResponse( KileConnection kileConnection, _SeqOfPA_DATA seqOfPaData, EncTicketFlags encTicketFlags, byte[] ticketEncryptKey) { if (ticketEncryptKey == null) { throw new ArgumentNullException("ticketEncryptKey"); } EncryptionKey ticketKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, ticketEncryptKey); return CreateTgsResponse(kileConnection, seqOfPaData, encTicketFlags, ticketKey, null); }
public KileTgsResponse CreateTgsResponse( KileConnection kileConnection, _SeqOfPA_DATA seqOfPaData, EncTicketFlags encTicketFlags, EncryptionKey ticketEncryptKey, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); if (ticketEncryptKey == null) { throw new ArgumentNullException("ticketEncryptKey"); } else { serverContext.TicketEncryptKey = ticketEncryptKey; } KileTgsResponse response = new KileTgsResponse(serverContext); // Construct a Ticket Ticket ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart EncTicketPart encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue; encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType)); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.TgsTicket.crealm; encTicketPart.cname = serverContext.TgsTicket.cname; encTicketPart.transited = serverContext.TgsTicket.transited; encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.TgsTicket.endtime; encTicketPart.renew_till = serverContext.TgsTicket.renew_till; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_TGS_RESP); response.Response.padata = seqOfPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart EncTGSRepPart encTGSRepPart = new EncTGSRepPart(); encTGSRepPart.key = encTicketPart.key; LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime); encTGSRepPart.last_req = new LastReq(new LastReq_element[] { element }); encTGSRepPart.nonce = serverContext.Nonce; encTGSRepPart.flags = encTicketPart.flags; encTGSRepPart.authtime = encTicketPart.authtime; encTGSRepPart.starttime = encTicketPart.starttime; encTGSRepPart.endtime = encTicketPart.endtime; encTGSRepPart.renew_till = encTicketPart.renew_till; encTGSRepPart.srealm = ticket.realm; encTGSRepPart.sname = ticket.sname; encTGSRepPart.caddr = encTicketPart.caddr; response.EncPart = encTGSRepPart; return response; }
public KileAsResponse CreateAsResponse( KileConnection kileConnection, KerberosAccountType accountType, string password, _SeqOfPA_DATA SeqofPaData, EncTicketFlags encTicketFlags, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); string cName = serverContext.UserName.name_string.elements[0].mValue; string cRealm = serverContext.UserRealm.mValue; serverContext.Salt = GenerateSalt(cRealm, cName, accountType); serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, GetEncryptionKeyByType(EncryptionType.RC4_HMAC)); if (password == null) { throw new ArgumentNullException("password"); } else { serverContext.Password = password; } KileAsResponse response = new KileAsResponse(serverContext); // Construct a Ticket Ticket ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart EncTicketPart encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue; encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType)); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.UserRealm; encTicketPart.cname = serverContext.UserName; encTicketPart.transited = new TransitedEncoding(4, null); encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.endTime; encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP); response.Response.padata = SeqofPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart EncASRepPart encASRepPart = new EncASRepPart(); encASRepPart.key = encTicketPart.key; LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime); encASRepPart.last_req = new LastReq(new LastReq_element[] { element }); encASRepPart.nonce = serverContext.Nonce; encASRepPart.flags = encTicketPart.flags; encASRepPart.authtime = encTicketPart.authtime; encASRepPart.starttime = encTicketPart.starttime; encASRepPart.endtime = encTicketPart.endtime; encASRepPart.renew_till = encTicketPart.renew_till; encASRepPart.srealm = ticket.realm; encASRepPart.sname = ticket.sname; encASRepPart.caddr = encTicketPart.caddr; response.EncPart = encASRepPart; return response; }
/// <summary> /// Create TGS response. /// </summary> /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param> /// <param name="seqOfPaData">The pre-authentication data. /// This argument can be generated by method ConstructPaData. This argument could be null.</param> /// <param name="encTicketFlags">Ticket Flags</param> /// <param name="ticketEncryptKey">Encryption key used to encrypt ticket. This parameter cannot be null /// In User-User Authentication mode, use session key in additional ticket in KileTgsRequest. /// Otherwise use service's secret key.</param> /// <param name="ticketAuthorizationData">The authorization-data field is used to pass authorization data from /// the principal on whose behalf a ticket was issued to the application service. This parameter could be null. /// </param> /// <returns>The created TGS response.</returns> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context /// is found </exception> public KileTgsResponse CreateTgsResponse( KileConnection kileConnection, _SeqOfPA_DATA seqOfPaData, EncTicketFlags encTicketFlags, EncryptionKey ticketEncryptKey, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); if (ticketEncryptKey == null) { throw new ArgumentNullException("ticketEncryptKey"); } else { serverContext.TicketEncryptKey = ticketEncryptKey; } KileTgsResponse response = new KileTgsResponse(serverContext); // Construct a Ticket Ticket ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart EncTicketPart encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue; encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType)); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.TgsTicket.crealm; encTicketPart.cname = serverContext.TgsTicket.cname; encTicketPart.transited = serverContext.TgsTicket.transited; encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.TgsTicket.endtime; encTicketPart.renew_till = serverContext.TgsTicket.renew_till; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_TGS_RESP); response.Response.padata = seqOfPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart EncTGSRepPart encTGSRepPart = new EncTGSRepPart(); encTGSRepPart.key = encTicketPart.key; LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime); encTGSRepPart.last_req = new LastReq(new LastReq_element[] { element }); encTGSRepPart.nonce = serverContext.Nonce; encTGSRepPart.flags = encTicketPart.flags; encTGSRepPart.authtime = encTicketPart.authtime; encTGSRepPart.starttime = encTicketPart.starttime; encTGSRepPart.endtime = encTicketPart.endtime; encTGSRepPart.renew_till = encTicketPart.renew_till; encTGSRepPart.srealm = ticket.realm; encTGSRepPart.sname = ticket.sname; encTGSRepPart.caddr = encTicketPart.caddr; response.EncPart = encTGSRepPart; return(response); }
/// <summary> /// Create AS response. /// </summary> /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param> /// <param name="accountType">The type of the logoned account. User or Computer</param> /// <param name="password">Password of the user who logon the system. This argument cannot be null.</param> /// <param name="SeqofPaData">The pre-authentication data in AS request. /// This argument can be generated by method ConstructPaData. This argument could be null.</param> /// <param name="encTicketFlags">Ticket Flags</param> /// <param name="ticketAuthorizationData">The authorization-data field is used to pass authorization data from /// the principal on whose behalf a ticket was issued to the application service. This parameter could be null. /// </param> /// <returns>The created AS response.</returns> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context /// is found </exception> public KileAsResponse CreateAsResponse( KileConnection kileConnection, KerberosAccountType accountType, string password, _SeqOfPA_DATA SeqofPaData, EncTicketFlags encTicketFlags, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); string cName = serverContext.UserName.name_string.elements[0].mValue; string cRealm = serverContext.UserRealm.mValue; serverContext.Salt = GenerateSalt(cRealm, cName, accountType); serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, GetEncryptionKeyByType(EncryptionType.RC4_HMAC)); if (password == null) { throw new ArgumentNullException("password"); } else { serverContext.Password = password; } KileAsResponse response = new KileAsResponse(serverContext); // Construct a Ticket Ticket ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart EncTicketPart encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue; encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType)); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.UserRealm; encTicketPart.cname = serverContext.UserName; encTicketPart.transited = new TransitedEncoding(4, null); encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.endTime; encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP); response.Response.padata = SeqofPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart EncASRepPart encASRepPart = new EncASRepPart(); encASRepPart.key = encTicketPart.key; LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime); encASRepPart.last_req = new LastReq(new LastReq_element[] { element }); encASRepPart.nonce = serverContext.Nonce; encASRepPart.flags = encTicketPart.flags; encASRepPart.authtime = encTicketPart.authtime; encASRepPart.starttime = encTicketPart.starttime; encASRepPart.endtime = encTicketPart.endtime; encASRepPart.renew_till = encTicketPart.renew_till; encASRepPart.srealm = ticket.realm; encASRepPart.sname = ticket.sname; encASRepPart.caddr = encTicketPart.caddr; response.EncPart = encASRepPart; return(response); }