Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
require 'bindata'
4

5
require 'rex/proto/kerberos/credential_cache/primitive'
6
require 'rex/proto/kerberos/credential_cache/krb5_ccache_credential'
7
require 'rex/proto/kerberos/credential_cache/krb5_ccache_principal'
8

9
module Rex::Proto::Kerberos::CredentialCache
10
  # see: https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html
11
  class Krb5Ccache < BinData::Record
12
    endian :big
13
    search_prefix :krb5_ccache
14
    unregister_self
15

16
    uint8      :magic,   asserted_value: 5
17
    uint8      :version, asserted_value: 4
18

19
    struct :header, onlyif: -> { version == 4 } do
20
      endian :big
21

22
      uint16     :header_length, initial_length: -> { header_fields.num_bytes }
23
      buffer     :header_fields, length: :header_length do
24
        array    read_until: :eof do
25
          uint16 :field_type
26
          uint16 :field_length, initial_value: -> { field_value.num_bytes }
27
          choice :field_value, selection: :field_type do
28
            struct 1 do # time offset of the KDC relative to the client
29
              int32 :seconds
30
              int32 :microseconds
31
            end
32
            string :default, read_length: :field_length
33
          end
34
        end
35
      end
36
    end
37

38
    principal  :default_principal
39
    array      :credentials, type: :credential, read_until: :eof
40

41
    # the other kerberos models use #encode so alias that for simplicity
42
    alias_method :encode, :to_binary_s
43

44
    # @param [Rex::Proto::Kerberos::Model::KdcResponse] res The KDC response
45
    # @param [Rex::Proto::Kerberos::Model::EncKdcResponse] enc_res The encrypted KDC response
46
    # @return [Rex::Proto::Kerberos::CredentialCache::Krb5Ccache]
47
    def self.from_responses(res, enc_res)
48
      self.new(
49
        default_principal: {
50
          name_type: res.cname.name_type, # NT_PRINCIPAL
51
          realm: res.crealm,
52
          components: res.cname.name_string
53
        },
54
        credentials: [
55
          {
56
            client: {
57
              name_type: res.cname.name_type,
58
              realm: res.crealm,
59
              components: res.cname.name_string
60
            },
61
            server: {
62
              name_type: enc_res.sname.name_type,
63
              realm: enc_res.srealm,
64
              components: enc_res.sname.name_string
65
            },
66
            keyblock: {
67
              enctype: enc_res.key.type,
68
              data: enc_res.key.value
69
            },
70
            authtime: enc_res.auth_time,
71
            starttime: enc_res.start_time,
72
            endtime: enc_res.end_time,
73
            renew_till: enc_res.renew_till,
74
            ticket_flags: enc_res.flags.to_i,
75
            ticket: res.ticket.encode
76
          }
77
        ]
78
      )
79
    end
80
  end
81
end
82

83