CoCalc -- krb_cred

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/lib/rex/proto/kerberos/model/krb_cred_info.rb
Views: ¹¹⁷⁶⁶
1
# -*- coding: binary -*-
2

3
module Rex
4
  module Proto
5
    module Kerberos
6
      module Model
7
        # This class provides a representation of a KrbCredInfo object
8
        class KrbCredInfo < Element
9
          # @!attribute key
10
          #   @return [Rex::Proto::Kerberos::Model::EncryptionKey] The session key associated with a corresponding ticket in the enclosing KrbCred object
11
          attr_accessor :key
12
          # @!attribute prealm
13
          #   @return [String] The realm for the principal identity
14
          attr_accessor :prealm
15
          # @!attribute pname
16
          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name of the principal identity
17
          attr_accessor :pname
18
          # @!attribute flags
19
          #   @return [Rex::Proto::Kerberos::Model::KdcOptionFlags] This field indicates which of various options were used or
20
          #   requested when the ticket was issued
21
          attr_accessor :flags
22
          # @!attribute auth_time
23
          #   @return [Time] the time of initial authentication for the named principal
24
          attr_accessor :auth_time
25
          # @!attribute start_time
26
          #   @return [Time] Specifies the time after which the ticket is valid
27
          attr_accessor :start_time
28
          # @!attribute end_time
29
          #   @return [Time] This field contains the time after which the ticket will
30
          #   not be honored (its expiration time)
31
          attr_accessor :end_time
32
          # @!attribute renew_till
33
          #   @return [Time] This field is only present in tickets that have the
34
          #   RENEWABLE flag set in the flags field.  It indicates the maximum
35
          #   endtime that may be included in a renewal
36
          attr_accessor :renew_till
37
          # @!attribute srealm
38
          #   @return [String] The realm part of the server's principal identifier
39
          attr_accessor :srealm
40
          # @!attribute sname
41
          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
42
          attr_accessor :sname
43
          # @!attribute caddr
44
          #   @return [Rex::Proto::Kerberos::Model::HostAddress] These are the addresses from which the ticket can be used
45
          attr_accessor :caddr
46

47
          def ==(other)
48
            key == other.key &&
49
              prealm == other.prealm &&
50
              pname == other.pname &&
51
              flags == other.flags &&
52
              auth_time == other.auth_time &&
53
              start_time == other.start_time &&
54
              end_time == other.end_time &&
55
              renew_till == other.renew_till &&
56
              srealm == other.srealm &&
57
              sname == other.sname &&
58
              caddr == other.caddr
59
          end
60

61
          # Decodes the Rex::Proto::Kerberos::Model::KrbCredInfo from an input
62
          #
63
          # @param input [String, OpenSSL::ASN1::Sequence] the input to decode from
64
          # @return [self] if decoding succeeds
65
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
66
          def decode(input)
67
            case input
68
            when String
69
              decode_string(input)
70
            when OpenSSL::ASN1::Sequence
71
              decode_asn1(input)
72
            else
73
              raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode KrbCredInfo, invalid input'
74
            end
75

76
            self
77
          end
78

79
          def encode
80
            elems = []
81
            elems << OpenSSL::ASN1::ASN1Data.new([encode_key], 0, :CONTEXT_SPECIFIC)
82
            elems << OpenSSL::ASN1::ASN1Data.new([encode_prealm], 1, :CONTEXT_SPECIFIC) if prealm
83
            elems << OpenSSL::ASN1::ASN1Data.new([encode_pname], 2, :CONTEXT_SPECIFIC) if pname
84
            elems << OpenSSL::ASN1::ASN1Data.new([encode_flags], 3, :CONTEXT_SPECIFIC) if flags
85
            elems << OpenSSL::ASN1::ASN1Data.new([encode_auth_time], 4, :CONTEXT_SPECIFIC) if auth_time
86
            elems << OpenSSL::ASN1::ASN1Data.new([encode_start_time], 5, :CONTEXT_SPECIFIC) if start_time
87
            elems << OpenSSL::ASN1::ASN1Data.new([encode_end_time], 6, :CONTEXT_SPECIFIC) if end_time
88
            elems << OpenSSL::ASN1::ASN1Data.new([encode_renew_till], 7, :CONTEXT_SPECIFIC) if renew_till
89
            elems << OpenSSL::ASN1::ASN1Data.new([encode_srealm], 8, :CONTEXT_SPECIFIC) if srealm
90
            elems << OpenSSL::ASN1::ASN1Data.new([encode_sname], 9, :CONTEXT_SPECIFIC) if sname
91
            elems << OpenSSL::ASN1::ASN1Data.new([encode_caddr], 10, :CONTEXT_SPECIFIC) if caddr
92
            seq = OpenSSL::ASN1::Sequence.new(elems)
93
            seq.to_der
94
          end
95

96
          private
97

98
          # Encodes the key field
99
          #
100
          # @return [String]
101
          def encode_key
102
            key.encode
103
          end
104

105
          # Encodes the prealm field
106
          #
107
          # @return [OpenSSL::ASN1::GeneralString]
108
          def encode_prealm
109
            OpenSSL::ASN1::GeneralString.new(prealm)
110
          end
111

112
          # Encodes the pname field
113
          #
114
          # @return [String]
115
          def encode_pname
116
            pname.encode
117
          end
118

119
          # Encodes the flags
120
          #
121
          # @return [OpenSSL::ASN1::Integer]
122
          def encode_flags
123
            OpenSSL::ASN1::BitString.new([flags.value].pack('N'))
124
          end
125

126
          # Encodes the auth_time
127
          #
128
          # @return [OpenSSL::ASN1::GeneralizedTime]
129
          def encode_auth_time
130
            OpenSSL::ASN1::GeneralizedTime.new(auth_time)
131
          end
132

133
          # Encodes the start_time
134
          #
135
          # @return [OpenSSL::ASN1::GeneralizedTime]
136
          def encode_start_time
137
            OpenSSL::ASN1::GeneralizedTime.new(start_time)
138
          end
139

140
          # Encodes the end_time
141
          #
142
          # @return [OpenSSL::ASN1::GeneralizedTime]
143
          def encode_end_time
144
            OpenSSL::ASN1::GeneralizedTime.new(end_time)
145
          end
146

147
          # Encodes the renew_till
148
          #
149
          # @return [OpenSSL::ASN1::GeneralizedTime]
150
          def encode_renew_till
151
            OpenSSL::ASN1::GeneralizedTime.new(renew_till.nil? ? 0 : renew_till)
152
          end
153

154
          # Encodes the srealm field
155
          #
156
          # @return [OpenSSL::ASN1::GeneralString]
157
          def encode_srealm
158
            OpenSSL::ASN1::GeneralString.new(srealm)
159
          end
160

161
          # Encodes the sname field
162
          #
163
          # @return [String]
164
          def encode_sname
165
            sname.encode
166
          end
167

168
          # Encodes the caddr
169
          #
170
          # @return [String]
171
          def encode_caddr
172
            caddr.encode
173
          end
174

175
          # Decodes a Rex::Proto::Kerberos::Model::KrbCredInfo from a String
176
          #
177
          # @param input [String] the input to decode from
178
          def decode_string(input)
179
            asn1 = OpenSSL::ASN1.decode(input)
180

181
            decode_asn1(asn1)
182
          end
183

184
          # Decodes a Rex::Proto::Kerberos::Model::KrbCredInfo
185
          #
186
          # @param input [OpenSSL::ASN1::Sequence] the input to decode from
187
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
188
          def decode_asn1(input)
189
            input.value.each do |val|
190
              case val.tag
191
              when 0
192
                self.key = decode_key(val)
193
              when 1
194
                self.prealm = decode_prealm(val)
195
              when 2
196
                self.pname = decode_pname(val)
197
              when 3
198
                self.flags = decode_flags(val)
199
              when 4
200
                self.auth_time = decode_auth_time(val)
201
              when 5
202
                self.start_time = decode_start_time(val)
203
              when 6
204
                self.end_time = decode_end_time(val)
205
              when 7
206
                self.renew_till = decode_renew_till(val)
207
              when 8
208
                self.srealm = decode_srealm(val)
209
              when 9
210
                self.sname = decode_sname(val)
211
              when 10
212
                self.caddr = decode_caddr(val)
213
              else
214
                raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode KrbCredInfo SEQUENCE'
215
              end
216
            end
217
          end
218

219
          # Decodes the key from an OpenSSL::ASN1::ASN1Data
220
          #
221
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
222
          # @return [EncryptionKey]
223
          def decode_key(input)
224
            Rex::Proto::Kerberos::Model::EncryptionKey.decode(input.value[0])
225
          end
226

227
          # Decodes the flags field
228
          #
229
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
230
          # @return [Rex::Proto::Kerberos::Model::KdcOptionFlags]
231
          def decode_flags(input)
232
            flags = input.value[0].value.unpack1('N')
233
            # == OpenSSL::ASN1::BitString
234
            #
235
            # === Additional attributes
236
            # _unused_bits_: if the underlying BIT STRING's
237
            # length is a multiple of 8 then _unused_bits_ is 0. Otherwise
238
            # _unused_bits_ indicates the number of bits that are to be ignored in
239
            # the final octet of the BitString's _value_.
240
            unused_bits = input.value[0].unused_bits
241
            flags >>= unused_bits
242
            Rex::Proto::Kerberos::Model::KdcOptionFlags.new(flags)
243
          end
244

245
          # Decodes the auth_time field
246
          #
247
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
248
          # @return [Time]
249
          def decode_auth_time(input)
250
            input.value[0].value
251
          end
252

253
          # Decodes the start_time field
254
          #
255
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
256
          # @return [Time]
257
          def decode_start_time(input)
258
            input.value[0].value
259
          end
260

261
          # Decodes the end_time field
262
          #
263
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
264
          # @return [Time]
265
          def decode_end_time(input)
266
            input.value[0].value
267
          end
268

269
          # Decodes the renew_till field
270
          #
271
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
272
          # @return [Time]
273
          def decode_renew_till(input)
274
            input.value[0].value
275
          end
276

277
          # Decodes the srealm field
278
          #
279
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
280
          # @return [String]
281
          def decode_srealm(input)
282
            input.value[0].value
283
          end
284

285
          # Decodes the prealm field
286
          #
287
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
288
          # @return [String]
289
          def decode_prealm(input)
290
            input.value[0].value
291
          end
292

293
          # Decodes the sname field
294
          #
295
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
296
          # @return [Rex::Proto::Kerberos::Type::PrincipalName]
297
          def decode_sname(input)
298
            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
299
          end
300

301
          # Decodes the pname field
302
          #
303
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
304
          # @return [Rex::Proto::Kerberos::Type::PrincipalName]
305
          def decode_pname(input)
306
            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
307
          end
308

309
          # Decodes the caddr field
310
          #
311
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
312
          # @return [Array<Rex::Proto::Model::HostAddress>]
313
          def decode_caddr(input)
314
            caddr = []
315
            input.value[0].value.each do |host_address_data|
316
              caddr << Rex::Proto::Kerberos::Model::HostAddress.decode(host_address_data)
317
            end
318
            caddr
319
          end
320

321
        end
322
      end
323
    end
324
  end
325
end
326

327
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
