private void ReadCredentials(NdrBuffer buffer) { while (buffer.BytesAvailable > 0) { var cred = new Krb5Credential { Client = ReadPrincipal(buffer), Server = ReadPrincipal(buffer), KeyBlock = ReadKeyBlock(buffer), AuthTime = ReadDateTimeOffset(buffer), StartTime = ReadDateTimeOffset(buffer), EndTime = ReadDateTimeOffset(buffer), RenewTill = ReadDateTimeOffset(buffer), IsKey = buffer.ReadByteLittleEndian() != 0, Flags = (TicketFlags)buffer.ReadInt32BigEndian(), Addresses = ReadAddresses(buffer), AuthData = ReadAuthData(buffer), Ticket = ReadData(buffer).value, SecondTicket = ReadData(buffer).value }; if ("X-CACHECONF:".Equals(cred.Server.Realm, StringComparison.OrdinalIgnoreCase)) { this.ParseConfiguration(cred); } else { this.Credentials.Add(cred); } } }
private void ParseConfiguration(Krb5Credential cred) { if (cred.Server.Names.Count < 2) { return; } if (!"krb5_ccache_conf_data".Equals(cred.Server.Names[0], StringComparison.OrdinalIgnoreCase)) { return; } switch (cred.Server.Names[1]) { case "fast_avail": this.FastAvailable = "yes".Equals(Encoding.UTF8.GetString(cred.Ticket.ToArray()), StringComparison.OrdinalIgnoreCase); break; case "pa_config_data": this.PreAuthConfiguration = Encoding.UTF8.GetString(cred.Ticket.ToArray()); break; case "pa_type": this.PreAuthType = (PaDataType)(int)char.GetNumericValue((char)cred.Ticket.Span[0]); break; case "proxy_impersonator": this.ProxyImpersonator = Encoding.UTF8.GetString(cred.Ticket.ToArray()); break; case "refresh_time": break; } }
internal object GetCacheItem(string key) { Krb5Credential cred = this.FindCredential(key); if (cred is null) { return(cred); } return(new KerberosClientCacheEntry { KdcResponse = new KrbTgsRep { Ticket = KrbTicket.DecodeApplication(cred.Ticket), CName = KrbPrincipalName.FromString(cred.Client.FullyQualifiedName), CRealm = cred.Client.Realm, EncPart = new KrbEncryptedData { } }, SessionKey = new KrbEncryptionKey { EType = cred.KeyBlock.Key, KeyValue = cred.KeyBlock.Value }, Flags = cred.Flags, SName = KrbPrincipalName.FromString(cred.Server.FullyQualifiedName) }); }
private static object CredToCacheEntry(Krb5Credential cred) { return(new KerberosClientCacheEntry { KdcResponse = new KrbTgsRep { Ticket = KrbTicket.DecodeApplication(cred.Ticket), CName = KrbPrincipalName.FromString(cred.Client.FullyQualifiedName, cred.Client.Type), CRealm = cred.Client.Realm, EncPart = new KrbEncryptedData { } }, SessionKey = new KrbEncryptionKey { EType = cred.KeyBlock.Key, KeyValue = cred.KeyBlock.Value }, Flags = cred.Flags, SName = KrbPrincipalName.FromString(cred.Server.FullyQualifiedName), AuthTime = cred.AuthTime, StartTime = cred.StartTime, EndTime = cred.EndTime, RenewTill = cred.RenewTill <= DateTimeOffset.MinValue ? null : cred.RenewTill }); }
internal object GetCacheItem(string key) { Krb5Credential cred = this.FindCredential(key); if (cred is null) { return(null); } return(CredToCacheEntry(cred)); }
private static void WriteCredential(Krb5Credential cred, NdrBuffer buffer) { WritePrincipal(cred.Client, buffer); WritePrincipal(cred.Server, buffer); WriteKeyBlock(cred.KeyBlock, buffer); WriteDateTimeOffset(cred.AuthTime, buffer); WriteDateTimeOffset(cred.StartTime, buffer); WriteDateTimeOffset(cred.EndTime, buffer); WriteDateTimeOffset(cred.RenewTill, buffer); buffer.WriteByte(cred.IsKey ? (byte)0x1 : (byte)0x0); buffer.WriteInt32BigEndian((int)cred.Flags); WriteAddresses(cred.Addresses, buffer); WriteAuthData(cred.AuthData, buffer); WriteData(cred.Ticket, buffer); WriteData(cred.SecondTicket, buffer); }
internal bool Contains(TicketCacheEntry entry) { Krb5Credential cred = this.FindCredential(entry.Key); return(cred != null); }