start tgs exchange

client/ASExchange.go

@@ -12,6 +12,10 @@ import (
 	"sort"
 )
 
+func (cl *Client) Login() error {
+	return cl.ASExchange()
+}
+
 func (cl *Client) ASExchange() error {
 	if !cl.IsConfigured() {
 		return errors.New("Client is not configured correctly.")
@@ -75,6 +79,13 @@ func (cl *Client) ASExchange() error {
 	if ok, err := ar.IsValid(cl.Config, a); !ok {
 		return fmt.Errorf("AS_REQ is not valid: %v", err)
 	}
-	fmt.Fprintf(os.Stderr, "AS_REP: %+v\n", ar)
+	cl.Session = Session{
+		AuthTime:             ar.DecryptedEncPart.AuthTime,
+		EndTime:              ar.DecryptedEncPart.EndTime,
+		RenewTill:            ar.DecryptedEncPart.RenewTill,
+		TGT:                  ar.Ticket,
+		SessionKey:           ar.DecryptedEncPart.Key,
+		SessionKeyExpiration: ar.DecryptedEncPart.KeyExpiration,
+	}
 	return nil
 }

client/TGSExchange.go

@@ -0,0 +1,6 @@
+package client
+
+func (cl *Client) TGSExchange() error {
+
+	return nil
+}

client/client.go

@@ -9,6 +9,7 @@ import (
 type Client struct {
 	Credentials *credentials.Credentials
 	Config      *config.Config
+	Session     *Session
 }
 
 func NewClientWithPassword(username, password string) Client {

client/session.go

@@ -5,13 +5,11 @@ import (
 	"time"
 )
 
-
 type Session struct {
-	AuthTime  time.Time
-	EndTime   time.Time
-	RenewTill time.Time
-	//TODO Need to check if this is the TGT
-	TGT        types.Ticket
-	SessionKey types.EncryptionKey
+	AuthTime             time.Time
+	EndTime              time.Time
+	RenewTill            time.Time
+	TGT                  types.Ticket
+	SessionKey           types.EncryptionKey
+	SessionKeyExpiration time.Time
 }
-

messages/KDCRep.go

@@ -31,12 +31,11 @@ type marshalKDCRep struct {
 }
 
 type KDCRep struct {
-	PVNO    int
-	MsgType int
-	PAData  []types.PAData
-	CRealm  string
-	CName   types.PrincipalName
-	// Ticket needs to be a raw value as it is wrapped in an APPLICATION tag
+	PVNO             int
+	MsgType          int
+	PAData           []types.PAData
+	CRealm           string
+	CName            types.PrincipalName
 	Ticket           types.Ticket
 	EncPart          types.EncryptedData
 	DecryptedEncPart EncKDCRepPart
@@ -128,43 +127,6 @@ func (e *EncKDCRepPart) Unmarshal(b []byte) error {
 	return err
 }
 
-//func (k *ASRep) DecryptEncPartWithPassword(passwd string) error {
-//	key, etype, err := crypto.GetKeyFromPassword(passwd, k.CName, k.CRealm, k.EncPart.EType, k.PAData)
-//	b, err := crypto.DecryptEncPart(key, k.EncPart, etype, keyusage.AS_REP_ENCPART)
-//	if err != nil {
-//		return fmt.Errorf("Error decrypting KDC_REP EncPart: %v", err)
-//	}
-//	var denc EncKDCRepPart
-//	err = denc.Unmarshal(b)
-//	if err != nil {
-//		return fmt.Errorf("Error unmarshalling encrypted part: %v", err)
-//	}
-//	k.DecryptedEncPart = denc
-//	return nil
-//}
-//
-//func (k *ASRep) DecryptEncPartWithKeytab(kt keytab.Keytab) error {
-//	etype, err := crypto.GetEtype(k.EncPart.EType)
-//	if err != nil {
-//		return fmt.Errorf("Error getting encryption type: %v", err)
-//	}
-//	key, err := kt.GetKey(k.CName.NameString[0], k.CRealm, k.EncPart.KVNO, k.EncPart.EType)
-//	if err != nil {
-//		return fmt.Errorf("Could not get key from keytab: %v", err)
-//	}
-//	b, err := crypto.DecryptEncPart(key, k.EncPart, etype, keyusage.AS_REP_ENCPART)
-//	if err != nil {
-//		return fmt.Errorf("Error decrypting KDC_REP EncPart: %v", err)
-//	}
-//	var denc EncKDCRepPart
-//	err = denc.Unmarshal(b)
-//	if err != nil {
-//		return fmt.Errorf("Error unmarshalling encrypted part: %v", err)
-//	}
-//	k.DecryptedEncPart = denc
-//	return nil
-//}
-
 func (k *ASRep) DecryptEncPart(c *credentials.Credentials) error {
 	var etype crypto.EType
 	var key []byte

messages/KDCReq.go

@@ -110,6 +110,50 @@ func NewASReq(c *config.Config, username string) ASReq {
 	return a
 }
 
+func NewTGSReq(c *config.Config, sname, realm string) ASReq {
+	pas := types.PADataSequence{
+		types.PAData{
+			PADataType: patype.PA_REQ_ENC_PA_REP,
+		},
+	}
+	nonce := int(rand.Int31())
+	t := time.Now()
+
+	a := TGSReq{
+		PVNO:    iana.PVNO,
+		MsgType: msgtype.KRB_TGS_REQ,
+		PAData:  pas,
+		ReqBody: KDCReqBody{
+			KDCOptions: c.LibDefaults.Kdc_default_options,
+			Realm:      c.LibDefaults.Default_realm,
+			CName: types.PrincipalName{
+				NameType:   nametype.KRB_NT_PRINCIPAL,
+				NameString: []string{username},
+			},
+			SName: types.PrincipalName{
+				NameType:   nametype.KRB_NT_SRV_INST,
+				NameString: []string{"krbtgt", c.LibDefaults.Default_realm},
+			},
+			Till:  t.Add(c.LibDefaults.Ticket_lifetime),
+			Nonce: nonce,
+			EType: c.LibDefaults.Default_tkt_enctype_ids,
+		},
+	}
+	if c.LibDefaults.Forwardable {
+		types.SetFlag(&a.ReqBody.KDCOptions, types.Forwardable)
+	}
+	if c.LibDefaults.Canonicalize {
+		types.SetFlag(&a.ReqBody.KDCOptions, types.Canonicalize)
+	}
+	if c.LibDefaults.Proxiable {
+		types.SetFlag(&a.ReqBody.KDCOptions, types.Proxiable)
+	}
+	if c.LibDefaults.Renew_lifetime != 0 {
+		a.ReqBody.RTime = t.Add(c.LibDefaults.Renew_lifetime)
+	}
+	return a
+}
+
 func (k *ASReq) Unmarshal(b []byte) error {
 	var m marshalKDCReq
 	_, err := asn1.UnmarshalWithParams(b, &m, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.ASREQ))