def build_tgs_req(target_realm,
target_service,
target_host,
user_realm,
user_name,
tgt,
session_key,
subkey,
nonce,
current_time,
authorization_data=None,
pac_request=None,
etype=RC4_HMAC):
if authorization_data is not None:
ad1 = AuthorizationData()
ad1[0] = None
ad1[0]['ad-type'] = authorization_data[0]
ad1[0]['ad-data'] = authorization_data[1]
ad = AuthorizationData()
ad[0] = None
ad[0]['ad-type'] = AD_IF_RELEVANT
ad[0]['ad-data'] = encode(ad1)
enc_ad = (subkey[0], encrypt(subkey[0], subkey[1], 5, encode(ad)))
else:
ad = None
enc_ad = None
req_body = build_req_body(target_realm,
target_service,
target_host,
nonce,
authorization_data=enc_ad,
etype=etype)
chksum = (RSA_MD5, checksum(RSA_MD5, encode(req_body)))
authenticator = build_authenticator(user_realm, user_name, chksum, subkey,
current_time) #, ad)
ap_req = build_ap_req(tgt, session_key, 7, authenticator)
tgs_req = TgsReq()
tgs_req['pvno'] = 5
tgs_req['msg-type'] = 12
tgs_req['padata'] = None
tgs_req['padata'][0] = None
tgs_req['padata'][0]['padata-type'] = 1
tgs_req['padata'][0]['padata-value'] = encode(ap_req)
if pac_request is not None:
pa_pac_request = KerbPaPacRequest()
pa_pac_request['include-pac'] = pac_request
tgs_req['padata'][1] = None
tgs_req['padata'][1]['padata-type'] = 128
tgs_req['padata'][1]['padata-value'] = encode(pa_pac_request)
tgs_req['req-body'] = _v(4, req_body)
return tgs_req
def send_req(req, kdc, port=88):
data = encode(req)
data = pack('>I', len(data)) + data
sock = socket()
sock.connect((kdc, port))
sock.send(data)
return sock
def build_pa_enc_timestamp(current_time, key):
gt, ms = epoch2gt(current_time, microseconds=True)
pa_ts_enc = PaEncTsEnc()
pa_ts_enc['patimestamp'] = gt
pa_ts_enc['pausec'] = ms
pa_ts = PaEncTimestamp()
pa_ts['etype'] = key[0]
pa_ts['cipher'] = encrypt(key[0], key[1], 1, encode(pa_ts_enc))
return pa_ts
def build_ap_req(ticket, key, msg_type, authenticator):
enc_auth = encrypt(key[0], key[1], msg_type, encode(authenticator))
ap_req = APReq()
ap_req['pvno'] = 5
ap_req['msg-type'] = 14
ap_req['ap-options'] = "'00000000000000000000000000000000'B"
ap_req['ticket'] = _v(3, ticket)
ap_req['authenticator'] = None
ap_req['authenticator']['etype'] = key[0]
ap_req['authenticator']['cipher'] = enc_auth
return ap_req