public GssKeytabCredential(string principal, string keytab, CredentialUsage usage, uint expiry = GSS_C_INDEFINITE)
{
// TODO: Wrap this with pinvoke
if (!string.IsNullOrEmpty(keytab))
{
// krb5_gss_register_acceptor_identity(string)
}
// allocate a gss buffer and copy the principal name to it
using (var gssNameBuffer = GssBuffer.FromString(principal))
{
uint minorStatus = 0;
uint majorStatus = 0;
// use the buffer to import the name into a gss_name
majorStatus = gss_import_name(
out minorStatus,
ref gssNameBuffer.Value,
ref GssNtPrincipalName,
out var acceptorName
);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS provider was unable to import the supplied principal name",
majorStatus, minorStatus, GssNtHostBasedService);
}
// use the name to attempt to obtain the servers credentials, this is usually from a keytab file. The
// server credentials are required to decrypt and verify incoming service tickets
var actualMechanims = default(GssOidDesc);
majorStatus = gss_acquire_cred(
out minorStatus,
acceptorName,
expiry,
ref GssSpnegoMechOidSet,
(int)usage,
ref _credentials,
ref actualMechanims,
out var actualExpiry);
// release the gss_name allocated by gss, the gss_buffer we allocated is free'd by the using block
gss_release_name(out minorStatus, ref acceptorName);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS Provider was unable aquire credentials for authentication",
majorStatus, minorStatus, GssSpnegoMechOidDesc);
}
}
}
public GssPasswordCredential(string principal, string password, CredentialUsage usage)
{
uint minorStatus = 0;
uint majorStatus = 0;
// copy the principal name to a gss_buffer
using (var gssUsernameBuffer = GssBuffer.FromString(principal))
using (var gssPasswordBuffer = GssBuffer.FromString(password))
{
// use the buffer to import the name into a gss_name
majorStatus = gss_import_name(
out minorStatus,
ref gssUsernameBuffer.Value,
ref GssNtPrincipalName,
out var gssUsername
);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS provider was unable to import the supplied principal name",
majorStatus, minorStatus, GssNtHostBasedService);
}
// attempt to obtain a TGT from the KDC using the supplied username and password
var actualMechanims = default(GssOidDesc);
majorStatus = gss_acquire_cred_with_password(
out minorStatus,
gssUsername,
ref gssPasswordBuffer.Value,
0xffffffff,
ref GssSpnegoMechOidSet,
(int)usage,
ref _credentials,
ref actualMechanims,
out var actualExpiry);
// release the gss_name allocated by gss, the gss_buffer we allocated is free'd by the using block
gss_release_name(out var _, ref gssUsername);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS Provider was unable aquire credentials for authentication",
majorStatus, minorStatus, GssSpnegoMechOidDesc);
}
}
}
public GssInitiator(GssCredential credential, string spn)
{
credentials = credential.Credentials;
using (var gssTargetNameBuffer = GssBuffer.FromString(spn))
{
// use the buffer to import the name into a gss_name
var majorStatus = gss_import_name(
out var minorStatus,
ref gssTargetNameBuffer.Value,
ref GssNtPrincipalName,
out gssTargetName
);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS provider was unable to import the supplied Target Name (SPN)",
majorStatus, minorStatus, GssNtHostBasedService);
}
}
}
public GssPasswordCredential(string principal, string password, CredentialUsage usage)
{
uint minorStatus = 0;
uint majorStatus = 0;
// copy the principal name to a gss_buffer
using (var gssUsernameBuffer = GssBuffer.FromString(principal))
using (var gssPasswordBuffer = GssBuffer.FromString(password))
{
// use the buffer to import the name into a gss_name
majorStatus = gss_import_name(
out minorStatus,
ref gssUsernameBuffer.Value,
ref GssNtPrincipalName,
out _gssUsername
);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS provider was unable to import the supplied principal name",
majorStatus, minorStatus, GssNtHostBasedService);
}
majorStatus = gss_acquire_cred_with_password(
out minorStatus,
_gssUsername,
ref gssPasswordBuffer.Value,
0,
ref GssSpnegoMechOidSet,
(int)usage,
ref _credentials,
IntPtr.Zero, // dont't mind when mechs we got
out var actualExpiry);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS Provider was unable aquire credentials for authentication",
majorStatus, minorStatus, GssSpnegoMechOidDesc);
}
}
}
public GssKeytabCredential(string principal, string keytab, CredentialUsage usage, uint expiry = GSS_C_INDEFINITE)
{
// allocate a gss buffer and copy the principal name to it
using (var gssNameBuffer = GssBuffer.FromString(principal))
{
uint minorStatus = 0;
uint majorStatus = 0;
// use the buffer to import the name into a gss_name
majorStatus = gss_import_name(
out minorStatus,
ref gssNameBuffer.Value,
ref GssNtPrincipalName,
out var acceptorName
);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS provider was unable to import the supplied principal name",
majorStatus, minorStatus, GssNtHostBasedService);
}
majorStatus = gss_acquire_cred(
out minorStatus,
acceptorName,
expiry,
ref GssSpnegoMechOidSet,
(int)usage,
ref _credentials,
IntPtr.Zero, // dont mind what mechs we got
out var actualExpiry);
if (majorStatus != GSS_S_COMPLETE)
{
throw new GssException("The GSS Provider was unable aquire credentials for authentication",
majorStatus, minorStatus, GssSpnegoMechOidDesc);
}
}
}