Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/lib/rex/proto/kerberos/model/krb_error.rb
19715 views
1
# -*- coding: binary -*-
2
3
module Rex
4
module Proto
5
module Kerberos
6
module Model
7
# This class provides a representation of a Kerberos KRB-ERROR (response error)
8
# message definition.
9
class KrbError < Element
10
# @!attribute pvno
11
# @return [Integer] The protocol version number
12
attr_accessor :pvno
13
# @!attribute msg_type
14
# @return [Integer] The type of a protocol message
15
attr_accessor :msg_type
16
# @!attribute ctime
17
# @return [Time] The current time of the client's host
18
attr_accessor :ctime
19
# @!attribute cusec
20
# @return [Integer] The microseconds part of the client timestamp
21
attr_accessor :cusec
22
# @!attribute stime
23
# @return [Time] The current time of the server
24
attr_accessor :stime
25
# @!attribute susec
26
# @return [Integer] The microseconds part of the server timestamp
27
attr_accessor :susec
28
# @!attribute error_code
29
# @return [Rex::Proto::Kerberos::Model::Error::ErrorCode] The error request returned by kerberos or the server when a request fails
30
attr_accessor :error_code
31
# @!attribute crealm
32
# @return [String] The realm part of the client's principal identifier
33
attr_accessor :crealm
34
# @!attribute cname
35
# @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the client's principal identifier
36
attr_accessor :cname
37
# @!attribute realm
38
# @return [String] The realm part of the server's principal identifier
39
attr_accessor :realm
40
# @!attribute sname
41
# @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
42
attr_accessor :sname
43
# @!attribute etext
44
# @return [String] Additional text to help explain the error code
45
attr_accessor :etext
46
# @!attribute e_data
47
# @return [String] additional data about the error (ASN.1 encoded data)
48
attr_accessor :e_data
49
50
# Decodes the Rex::Proto::Kerberos::Model::KrbError from an input
51
#
52
# @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
53
# @return [self] if decoding succeeds
54
# @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
55
def decode(input)
56
case input
57
when String
58
decode_string(input)
59
when OpenSSL::ASN1::ASN1Data
60
decode_asn1(input)
61
else
62
raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode KrbError, invalid input'
63
end
64
65
self
66
end
67
68
# Rex::Proto::Kerberos::Model::KrbError encoding isn't supported
69
#
70
# @raise [NotImplementedError]
71
def encode
72
raise ::NotImplementedError, 'KrbError encoding not supported'
73
end
74
75
# Decodes the e_data field as an Array<PreAuthDataEntry>.
76
#
77
# @return [Array<Rex::Proto::Kerberos::Model::PreAuthDataEntry>]
78
def e_data_as_pa_data
79
return [] unless self.e_data
80
81
pre_auth = []
82
decoded = OpenSSL::ASN1.decode(self.e_data)
83
84
if decoded.first.tag_class == :UNIVERSAL && decoded.first.tag == 16
85
decoded.each do |pre_auth_data|
86
pre_auth << Rex::Proto::Kerberos::Model::PreAuthDataEntry.decode(pre_auth_data)
87
end
88
else
89
pre_auth << Rex::Proto::Kerberos::Model::PreAuthDataEntry.decode(decoded)
90
end
91
92
pre_auth
93
end
94
95
private
96
97
# Decodes a Rex::Proto::Kerberos::Model::KrbError from an String
98
#
99
# @param input [String] the input to decode from
100
def decode_string(input)
101
asn1 = OpenSSL::ASN1.decode(input)
102
103
decode_asn1(asn1)
104
end
105
106
# Decodes a Rex::Proto::Kerberos::Model::KrbError
107
#
108
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
109
# @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
110
def decode_asn1(input)
111
input.value[0].value.each do |val|
112
case val.tag
113
when 0
114
self.pvno = decode_pvno(val)
115
when 1
116
self.msg_type = decode_msg_type(val)
117
when 2
118
self.ctime = decode_ctime(val)
119
when 3
120
self.cusec = decode_cusec(val)
121
when 4
122
self.stime = decode_stime(val)
123
when 5
124
self.susec = decode_susec(val)
125
when 6
126
self.error_code = decode_error_code(val)
127
when 7
128
self.crealm = decode_crealm(val)
129
when 8
130
self.cname = decode_cname(val)
131
when 9
132
self.realm = decode_realm(val)
133
when 10
134
self.sname = decode_sname(val)
135
when 11
136
self.etext = decode_etext(val)
137
when 12
138
self.e_data = decode_e_data(val)
139
else
140
raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, "Failed to decode KRB-ERROR SEQUENCE (#{val.tag})"
141
end
142
end
143
end
144
145
# Decodes the pvno from an OpenSSL::ASN1::ASN1Data
146
#
147
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
148
# @return [Integer]
149
def decode_pvno(input)
150
input.value[0].value.to_i
151
end
152
153
# Decodes the msg_type from an OpenSSL::ASN1::ASN1Data
154
#
155
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
156
# @return [Integer]
157
def decode_msg_type(input)
158
input.value[0].value.to_i
159
end
160
161
# Decodes the ctime field
162
#
163
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
164
# @return [Time]
165
def decode_ctime(input)
166
input.value[0].value
167
end
168
169
# Decodes the cusec field
170
#
171
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
172
# @return [Integer]
173
def decode_cusec(input)
174
input.value[0].value
175
end
176
177
# Decodes the stime field
178
#
179
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
180
# @return [Time]
181
def decode_stime(input)
182
input.value[0].value
183
end
184
185
# Decodes the susec field
186
#
187
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
188
# @return [Integer]
189
def decode_susec(input)
190
input.value[0].value.to_i
191
end
192
193
# Decodes the error_code field
194
#
195
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
196
# @return [Rex::Proto::Kerberos::Model::Error::ErrorCode]
197
def decode_error_code(input)
198
value = input.value[0].value.to_i
199
200
Error::ErrorCodes::ERROR_MAP[value] || Error::ErrorCode.new('UNKNOWN', value, 'Unknown error')
201
end
202
203
# Decodes the crealm field
204
#
205
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
206
# @return [String]
207
def decode_crealm(input)
208
input.value[0].value
209
end
210
211
# Decodes the cname field
212
#
213
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
214
# @return [Rex::Proto::Kerberos::Model::PrincipalName]
215
def decode_cname(input)
216
Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
217
end
218
219
# Decodes the realm field
220
#
221
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
222
# @return [String]
223
def decode_realm(input)
224
input.value[0].value
225
end
226
227
# Decodes the sname field
228
#
229
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
230
# @return [Rex::Proto::Kerberos::Model::PrincipalName]
231
def decode_sname(input)
232
Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
233
end
234
235
# Decodes the e-text field
236
#
237
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
238
# @return [String]
239
def decode_etext(input)
240
input.value[0].value
241
end
242
243
# Decodes the e_data from an OpenSSL::ASN1::ASN1Data
244
#
245
# @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
246
# @return [String]
247
def decode_e_data(input)
248
input.value[0].value
249
end
250
end
251
end
252
end
253
end
254
end
255
256