def build_pac(user_realm,
user_name,
user_sid,
logon_time,
server_key=(RSA_MD5, None),
kdc_key=(RSA_MD5, None)):
logon_time = epoch2filetime(logon_time)
domain_sid, user_id = user_sid.rsplit('-', 1)
user_id = int(user_id)
elements = []
elements.append((PAC_LOGON_INFO,
_build_pac_logon_info(domain_sid, user_realm, user_id,
user_name, logon_time)))
elements.append(
(PAC_CLIENT_INFO, _build_pac_client_info(user_name, logon_time)))
elements.append(
(PAC_SERVER_CHECKSUM, pack('I', server_key[0]) + chr(0) * 16))
elements.append(
(PAC_PRIVSVR_CHECKSUM, pack('I', kdc_key[0]) + chr(0) * 16))
buf = ''
# cBuffers
buf += pack('I', len(elements))
# Version
buf += pack('I', 0)
offset = 8 + len(elements) * 16
for ultype, data in elements:
# Buffers[i].ulType
buf += pack('I', ultype)
# Buffers[i].cbBufferSize
buf += pack('I', len(data))
# Buffers[0].Offset
buf += pack('Q', offset)
offset = (offset + len(data) + 7) / 8 * 8
for ultype, data in elements:
if ultype == PAC_SERVER_CHECKSUM:
ch_offset1 = len(buf) + 4
elif ultype == PAC_PRIVSVR_CHECKSUM:
ch_offset2 = len(buf) + 4
buf += data
buf += chr(0) * ((len(data) + 7) / 8 * 8 - len(data))
chksum1 = checksum(server_key[0], buf, server_key[1])
chksum2 = checksum(kdc_key[0], chksum1, kdc_key[1])
buf = buf[:ch_offset1] + chksum1 + buf[
ch_offset1 + len(chksum1):ch_offset2] + chksum2 + buf[ch_offset2 +
len(chksum2):]
return buf
def build_tgs_req(target_realm,
target_service,
target_host,
user_realm,
user_name,
tgt,
session_key,
subkey,
nonce,
current_time,
authorization_data=None,
pac_request=None):
if authorization_data is not None:
ad1 = AuthorizationData()
ad1[0] = None
ad1[0]['ad-type'] = authorization_data[0]
ad1[0]['ad-data'] = authorization_data[1]
ad = AuthorizationData()
ad[0] = None
ad[0]['ad-type'] = AD_IF_RELEVANT
ad[0]['ad-data'] = encode(ad1)
enc_ad = (subkey[0], encrypt(subkey[0], subkey[1], 5, encode(ad)))
else:
ad = None
enc_ad = None
req_body = build_req_body(target_realm,
target_service,
target_host,
nonce,
authorization_data=enc_ad)
chksum = (RSA_MD5, checksum(RSA_MD5, encode(req_body)))
authenticator = build_authenticator(user_realm, user_name, chksum, subkey,
current_time) #, ad)
ap_req = build_ap_req(tgt, session_key, 7, authenticator)
tgs_req = TgsReq()
tgs_req['pvno'] = 5
tgs_req['msg-type'] = 12
tgs_req['padata'] = None
tgs_req['padata'][0] = None
tgs_req['padata'][0]['padata-type'] = 1
tgs_req['padata'][0]['padata-value'] = encode(ap_req)
if pac_request is not None:
pa_pac_request = KerbPaPacRequest()
pa_pac_request['include-pac'] = pac_request
tgs_req['padata'][1] = None
tgs_req['padata'][1]['padata-type'] = 128
tgs_req['padata'][1]['padata-value'] = encode(pa_pac_request)
tgs_req['req-body'] = _v(4, req_body)
return tgs_req
def build_pac(user_realm, user_name, user_sid, logon_time, server_key=(RSA_MD5, None), kdc_key=(RSA_MD5, None)):
logon_time = epoch2filetime(logon_time)
domain_sid, user_id = user_sid.rsplit('-', 1)
user_id = int(user_id)
elements = []
elements.append((PAC_LOGON_INFO, _build_pac_logon_info(domain_sid, user_realm, user_id, user_name, logon_time)))
elements.append((PAC_CLIENT_INFO, _build_pac_client_info(user_name, logon_time)))
elements.append((PAC_SERVER_CHECKSUM, pack('I', server_key[0]) + chr(0)*16))
elements.append((PAC_PRIVSVR_CHECKSUM, pack('I', kdc_key[0]) + chr(0)*16))
buf = ''
# cBuffers
buf += pack('I', len(elements))
# Version
buf += pack('I', 0)
offset = 8 + len(elements) * 16
for ultype, data in elements:
# Buffers[i].ulType
buf += pack('I', ultype)
# Buffers[i].cbBufferSize
buf += pack('I', len(data))
# Buffers[0].Offset
buf += pack('Q', offset)
offset = (offset + len(data) + 7) / 8 * 8
for ultype, data in elements:
if ultype == PAC_SERVER_CHECKSUM:
ch_offset1 = len(buf) + 4
elif ultype == PAC_PRIVSVR_CHECKSUM:
ch_offset2 = len(buf) + 4
buf += data
buf += chr(0) * ((len(data) + 7) / 8 * 8 - len(data))
chksum1 = checksum(server_key[0], buf, server_key[1])
chksum2 = checksum(kdc_key[0], chksum1, kdc_key[1])
buf = buf[:ch_offset1] + chksum1 + buf[ch_offset1+len(chksum1):ch_offset2] + chksum2 + buf[ch_offset2+len(chksum2):]
return buf
def build_tgs_req(target_realm, target_service, target_host,
user_realm, user_name, tgt, session_key, subkey,
nonce, current_time, authorization_data=None, pac_request=None):
if authorization_data is not None:
ad1 = AuthorizationData()
ad1[0] = None
ad1[0]['ad-type'] = authorization_data[0]
ad1[0]['ad-data'] = authorization_data[1]
ad = AuthorizationData()
ad[0] = None
ad[0]['ad-type'] = AD_IF_RELEVANT
ad[0]['ad-data'] = encode(ad1)
enc_ad = (subkey[0], encrypt(subkey[0], subkey[1], 5, encode(ad)))
else:
ad = None
enc_ad = None
req_body = build_req_body(target_realm, target_service, target_host, nonce, authorization_data=enc_ad)
chksum = (RSA_MD5, checksum(RSA_MD5, encode(req_body)))
authenticator = build_authenticator(user_realm, user_name, chksum, subkey, current_time)#, ad)
ap_req = build_ap_req(tgt, session_key, 7, authenticator)
tgs_req = TgsReq()
tgs_req['pvno'] = 5
tgs_req['msg-type'] = 12
tgs_req['padata'] = None
tgs_req['padata'][0] = None
tgs_req['padata'][0]['padata-type'] = 1
tgs_req['padata'][0]['padata-value'] = encode(ap_req)
if pac_request is not None:
pa_pac_request = KerbPaPacRequest()
pa_pac_request['include-pac'] = pac_request
tgs_req['padata'][1] = None
tgs_req['padata'][1]['padata-type'] = 128
tgs_req['padata'][1]['padata-value'] = encode(pa_pac_request)
tgs_req['req-body'] = _v(4, req_body)
return tgs_req
