public KileTgsResponse CreateTgsResponse(
KileConnection kileConnection,
Asn1SequenceOf <PA_DATA> seqOfPaData,
EncTicketFlags encTicketFlags,
EncryptionKey ticketEncryptKey,
AuthorizationData ticketAuthorizationData)
{
KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
if (ticketEncryptKey == null)
{
throw new ArgumentNullException(nameof(ticketEncryptKey));
}
else
{
serverContext.TicketEncryptKey = ticketEncryptKey;
}
var response = new KileTgsResponse(serverContext);
// Construct a Ticket
var ticket = new Ticket();
ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
ticket.realm = new Realm(domain);
ticket.sname = serverContext.SName;
// Set EncTicketPart
var encTicketPart = new EncTicketPart();
EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.Elements[0].Value;
encTicketPart.key = new EncryptionKey(new KerbInt32((int)encryptionType), new Asn1OctetString(GetEncryptionKeyByType(encryptionType)));
encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
encTicketPart.crealm = serverContext.TgsTicket.crealm;
encTicketPart.cname = serverContext.TgsTicket.cname;
encTicketPart.transited = serverContext.TgsTicket.transited;
encTicketPart.authtime = KileUtility.CurrentKerberosTime;
encTicketPart.starttime = KileUtility.CurrentKerberosTime;
encTicketPart.endtime = serverContext.TgsTicket.endtime;
encTicketPart.renew_till = serverContext.TgsTicket.renew_till;
encTicketPart.caddr = serverContext.Addresses;
encTicketPart.authorization_data = ticketAuthorizationData;
response.TicketEncPart = encTicketPart;
// Set AS_REP
response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_TGS_RESP);
response.Response.padata = seqOfPaData;
response.Response.crealm = serverContext.UserRealm;
response.Response.cname = serverContext.UserName;
response.Response.ticket = ticket;
// Set EncASRepPart
var encTGSRepPart = new EncTGSRepPart();
encTGSRepPart.key = encTicketPart.key;
var element = new LastReqElement(new KerbInt32(0), KileUtility.CurrentKerberosTime);
encTGSRepPart.last_req = new LastReq(new LastReqElement[] { element });
encTGSRepPart.nonce = serverContext.Nonce;
encTGSRepPart.flags = encTicketPart.flags;
encTGSRepPart.authtime = encTicketPart.authtime;
encTGSRepPart.starttime = encTicketPart.starttime;
encTGSRepPart.endtime = encTicketPart.endtime;
encTGSRepPart.renew_till = encTicketPart.renew_till;
encTGSRepPart.srealm = ticket.realm;
encTGSRepPart.sname = ticket.sname;
encTGSRepPart.caddr = encTicketPart.caddr;
response.EncPart = encTGSRepPart;
return(response);
}
public KileAsResponse CreateAsResponse(
KileConnection kileConnection,
KileAccountType accountType,
string password,
Asn1SequenceOf <PA_DATA> SeqofPaData,
EncTicketFlags encTicketFlags,
AuthorizationData ticketAuthorizationData)
{
KileServerContext serverContext = GetServerContextByKileConnection(kileConnection);
string cName = serverContext.UserName.name_string.Elements[0].Value;
string cRealm = serverContext.UserRealm.Value;
serverContext.Salt = GenerateSalt(cRealm, cName, accountType);
serverContext.TicketEncryptKey = new EncryptionKey(new KerbInt32((int)EncryptionType.RC4_HMAC),
new Asn1OctetString(GetEncryptionKeyByType(EncryptionType.RC4_HMAC)));
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
else
{
serverContext.Password = password;
}
KileAsResponse response = new KileAsResponse(serverContext);
// Construct a Ticket
var ticket = new Ticket();
ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5);
ticket.realm = new Realm(domain);
ticket.sname = serverContext.SName;
// Set EncTicketPart
var encTicketPart = new EncTicketPart();
EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.Elements[0].Value;
encTicketPart.key = new EncryptionKey(new KerbInt32((int)encryptionType), new Asn1OctetString(GetEncryptionKeyByType(encryptionType)));
encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags));
encTicketPart.crealm = serverContext.UserRealm;
encTicketPart.cname = serverContext.UserName;
encTicketPart.transited = new TransitedEncoding(new KerbInt32(4), null);
encTicketPart.authtime = KileUtility.CurrentKerberosTime;
encTicketPart.starttime = KileUtility.CurrentKerberosTime;
encTicketPart.endtime = serverContext.endTime;
encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime;
encTicketPart.caddr = serverContext.Addresses;
encTicketPart.authorization_data = ticketAuthorizationData;
response.TicketEncPart = encTicketPart;
// Set AS_REP
response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5);
response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP);
response.Response.padata = SeqofPaData;
response.Response.crealm = serverContext.UserRealm;
response.Response.cname = serverContext.UserName;
response.Response.ticket = ticket;
// Set EncASRepPart
var encASRepPart = new EncASRepPart();
encASRepPart.key = encTicketPart.key;
var element = new LastReqElement(new KerbInt32(0), KileUtility.CurrentKerberosTime);
encASRepPart.last_req = new LastReq(new LastReqElement[] { element });
encASRepPart.nonce = serverContext.Nonce;
encASRepPart.flags = encTicketPart.flags;
encASRepPart.authtime = encTicketPart.authtime;
encASRepPart.starttime = encTicketPart.starttime;
encASRepPart.endtime = encTicketPart.endtime;
encASRepPart.renew_till = encTicketPart.renew_till;
encASRepPart.srealm = ticket.realm;
encASRepPart.sname = ticket.sname;
encASRepPart.caddr = encTicketPart.caddr;
response.EncPart = encASRepPart;
return(response);
}