def to_kirbi(self):
filename = '%s@%s_%s' % (self.client.to_string() , self.server.to_string(), hashlib.sha1(self.ticket.to_asn1()).hexdigest()[:8])
krbcredinfo = {}
krbcredinfo['key'] = EncryptionKey(self.key.to_asn1())
krbcredinfo['prealm'] = self.client.realm.to_string()
krbcredinfo['pname'] = self.client.to_asn1()[0]
krbcredinfo['flags'] = core.IntegerBitString(self.tktflags).cast(TicketFlags)
if self.time.authtime != 0: #this parameter is not mandatory, and most of the time not present
krbcredinfo['authtime'] = datetime.datetime.fromtimestamp(self.time.authtime)
krbcredinfo['starttime'] = datetime.datetime.fromtimestamp(self.time.starttime)
krbcredinfo['endtime'] = datetime.datetime.fromtimestamp(self.time.endtime)
if self.time.renew_till != 0: #this parameter is not mandatory, and sometimes it's not present
krbcredinfo['renew-till'] = datetime.datetime.fromtimestamp(self.time.authtime)
krbcredinfo['srealm'] = self.server.realm.to_string()
krbcredinfo['sname'] = self.server.to_asn1()[0]
enc_krbcred = {}
enc_krbcred['ticket-info'] = [KrbCredInfo(krbcredinfo)]
krbcred = {}
krbcred['pvno'] = krb5_pvno
krbcred['msg-type'] = MESSAGE_TYPE.KRB_CRED.value
krbcred['tickets'] = [Ticket.load(self.ticket.to_asn1())]
krbcred['enc-part'] = EncryptedData({'etype': EncryptionType.NULL.value, 'cipher': EncKrbCredPart(enc_krbcred).dump()})
kirbi = KRBCRED(krbcred)
return kirbi, filename
def to_asn1(self):
krbcredinfo = {}
krbcredinfo['key'] = EncryptionKey({
'keytype': self.KeyType,
'keyvalue': self.Key
})
krbcredinfo['prealm'] = self.AltTargetDomainName
krbcredinfo['pname'] = PrincipalName({
'name-type': self.EClientName_type,
'name-string': self.EClientName
})
krbcredinfo['flags'] = core.IntegerBitString(
self.TicketFlags).cast(TicketFlags)
krbcredinfo['starttime'] = self.StartTime
krbcredinfo['endtime'] = self.EndTime
krbcredinfo['renew-till'] = self.RenewUntil
krbcredinfo['srealm'] = self.DomainName
krbcredinfo['sname'] = PrincipalName({
'name-type': self.ServiceName_type,
'name-string': self.ServiceName
})
enc_krbcred = {}
enc_krbcred['ticket-info'] = [KrbCredInfo(krbcredinfo)]
ticket = {}
ticket['tkt-vno'] = krb5_pvno
ticket['realm'] = self.DomainName
ticket['sname'] = PrincipalName({
'name-type': NAME_TYPE.SRV_INST.value,
'name-string': self.ServiceName
})
ticket['enc-part'] = EncryptedData({
'etype': self.TicketEncType,
'kvno': self.TicketKvno,
'cipher': self.Ticket
})
krbcred = {}
krbcred['pvno'] = krb5_pvno
krbcred['msg-type'] = MESSAGE_TYPE.KRB_CRED.value
krbcred['tickets'] = [Ticket(ticket)]
krbcred['enc-part'] = EncryptedData({
'etype':
EncryptionType.NULL.value,
'cipher':
EncKrbCredPart(enc_krbcred).dump()
})
return KRBCRED(krbcred)
def to_tgt(self):
"""
Returns the native format of an AS_REP message and the sessionkey in EncryptionKey native format
"""
enc_part = EncryptedData({'etype': 1, 'cipher': b''})
tgt_rep = {}
tgt_rep['pvno'] = krb5_pvno
tgt_rep['msg-type'] = MESSAGE_TYPE.KRB_AS_REP.value
tgt_rep['crealm'] = self.server.realm.to_string()
tgt_rep['cname'] = self.client.to_asn1()[0]
tgt_rep['ticket'] = Ticket.load(self.ticket.to_asn1()).native
tgt_rep['enc-part'] = enc_part.native
t = EncryptionKey(self.key.to_asn1()).native
return tgt_rep, t
def build_apreq(self,
asrep,
session_key,
cipher,
subkey_data,
krb_finished_data,
flags=GSSAPIFlags.GSS_C_MUTUAL_FLAG
| GSSAPIFlags.GSS_C_INTEG_FLAG
| GSSAPIFlags.GSS_C_EXTENDED_ERROR_FLAG):
# TODO: https://www.ietf.org/rfc/rfc4757.txt
#subkey_data = {}
#subkey_data['keytype'] = Enctype.AES256
#subkey_data['keyvalue'] = os.urandom(32)
subkey_cipher = _enctype_table[subkey_data['keytype']]
subkey_key = Key(subkey_cipher.enctype, subkey_data['keyvalue'])
subkey_checksum = _checksum_table[
16] # ChecksumTypes.hmac_sha1_96_aes256
krb_finished_checksum_data = {}
krb_finished_checksum_data['cksumtype'] = 16
krb_finished_checksum_data['checksum'] = subkey_checksum.checksum(
subkey_key, 41, krb_finished_data)
krb_finished_data = {}
krb_finished_data['gss-mic'] = Checksum(krb_finished_checksum_data)
krb_finished = KRB_FINISHED(krb_finished_data).dump()
a = 2
extensions_data = a.to_bytes(
4, byteorder='big', signed=True) + len(krb_finished).to_bytes(
4, byteorder='big', signed=True) + krb_finished
ac = AuthenticatorChecksum()
ac.flags = flags
ac.channel_binding = b'\x00' * 16
chksum = {}
chksum['cksumtype'] = 0x8003
chksum['checksum'] = ac.to_bytes() + extensions_data
tii = LSAP_TOKEN_INFO_INTEGRITY()
tii.Flags = 1
tii.TokenIL = 0x00002000 # Medium integrity
tii.MachineID = bytes.fromhex(
'7e303fffe6bff25146addca4fbddf1b94f1634178eb4528fb2731c669ca23cde')
restriction_data = {}
restriction_data['restriction-type'] = 0
restriction_data['restriction'] = tii.to_bytes()
restriction_data = KERB_AD_RESTRICTION_ENTRY(restriction_data)
x = KERB_AD_RESTRICTION_ENTRYS([restriction_data]).dump()
restrictions = AuthorizationData([{
'ad-type': 141,
'ad-data': x
}]).dump()
now = datetime.datetime.now(datetime.timezone.utc)
authenticator_data = {}
authenticator_data['authenticator-vno'] = krb5_pvno
authenticator_data['crealm'] = Realm(asrep['crealm'])
authenticator_data['cname'] = asrep['cname']
authenticator_data['cusec'] = now.microsecond
authenticator_data['ctime'] = now.replace(microsecond=0)
authenticator_data['subkey'] = EncryptionKey(subkey_data)
authenticator_data['seq-number'] = 682437742 #??? TODO: check this!
authenticator_data['authorization-data'] = AuthorizationData([{
'ad-type':
1,
'ad-data':
restrictions
}])
authenticator_data['cksum'] = Checksum(chksum)
#print('Authenticator(authenticator_data).dump()')
#print(Authenticator(authenticator_data).dump().hex())
authenticator_data_enc = cipher.encrypt(
session_key, 11,
Authenticator(authenticator_data).dump(), None)
ap_opts = ['mutual-required']
ap_req = {}
ap_req['pvno'] = krb5_pvno
ap_req['msg-type'] = MESSAGE_TYPE.KRB_AP_REQ.value
ap_req['ticket'] = Ticket(asrep['ticket'])
ap_req['ap-options'] = APOptions(set(ap_opts))
ap_req['authenticator'] = EncryptedData({
'etype':
session_key.enctype,
'cipher':
authenticator_data_enc
})
#pprint('AP_REQ \r\n%s' % AP_REQ(ap_req).native)
#print(AP_REQ(ap_req).dump().hex())
#input()
return AP_REQ(ap_req).dump()