1
# -*- coding: binary -*-
2

3
module Rex
4
  module Proto
5
    module Kerberos
6
      module Model
7
        # This class provides a representation of a Kerberos KRB-ERROR (response error)
8
        # message definition.
9
        class KrbError < Element
10
          # @!attribute pvno
11
          #   @return [Integer] The protocol version number
12
          attr_accessor :pvno
13
          # @!attribute msg_type
14
          #   @return [Integer] The type of a protocol message
15
          attr_accessor :msg_type
16
          # @!attribute ctime
17
          #   @return [Time] The current time of the client's host
18
          attr_accessor :ctime
19
          # @!attribute cusec
20
          #   @return [Integer] The microseconds part of the client timestamp
21
          attr_accessor :cusec
22
          # @!attribute stime
23
          #   @return [Time] The current time of the server
24
          attr_accessor :stime
25
          # @!attribute susec
26
          #   @return [Integer] The microseconds part of the server timestamp
27
          attr_accessor :susec
28
          # @!attribute error_code
29
          #   @return [Rex::Proto::Kerberos::Model::Error::ErrorCode] The error request returned by kerberos or the server when a request fails
30
          attr_accessor :error_code
31
          # @!attribute crealm
32
          #   @return [String] The realm part of the client's principal identifier
33
          attr_accessor :crealm
34
          # @!attribute cname
35
          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the client's principal identifier
36
          attr_accessor :cname
37
          # @!attribute realm
38
          #   @return [String] The realm part of the server's principal identifier
39
          attr_accessor :realm
40
          # @!attribute sname
41
          #   @return [Rex::Proto::Kerberos::Model::PrincipalName] The name part of the server's identity
42
          attr_accessor :sname
43
          # @!attribute etext
44
          #   @return [String] Additional text to help explain the error code
45
          attr_accessor :etext
46
          # @!attribute e_data
47
          #   @return [String] additional data about the error (ASN.1 encoded data)
48
          attr_accessor :e_data
49

50
          # Decodes the Rex::Proto::Kerberos::Model::KrbError from an input
51
          #
52
          # @param input [String, OpenSSL::ASN1::ASN1Data] the input to decode from
53
          # @return [self] if decoding succeeds
54
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
55
          def decode(input)
56
            case input
57
            when String
58
              decode_string(input)
59
            when OpenSSL::ASN1::ASN1Data
60
              decode_asn1(input)
61
            else
62
              raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode KrbError, invalid input'
63
            end
64

65
            self
66
          end
67

68
          # Rex::Proto::Kerberos::Model::KrbError encoding isn't supported
69
          #
70
          # @raise [NotImplementedError]
71
          def encode
72
            raise ::NotImplementedError, 'KrbError encoding not supported'
73
          end
74

75
          # Decodes the e_data field as an Array<PreAuthDataEntry>.
76
          #
77
          # @return [Array<Rex::Proto::Kerberos::Model::PreAuthDataEntry>]
78
          def e_data_as_pa_data
79
            return [] unless self.e_data
80

81
            pre_auth = []
82
            decoded = OpenSSL::ASN1.decode(self.e_data)
83

84
            if decoded.first.tag_class == :UNIVERSAL && decoded.first.tag == 16
85
              decoded.each do |pre_auth_data|
86
                pre_auth << Rex::Proto::Kerberos::Model::PreAuthDataEntry.decode(pre_auth_data)
87
              end
88
            else
89
              pre_auth << Rex::Proto::Kerberos::Model::PreAuthDataEntry.decode(decoded)
90
            end
91

92
            pre_auth
93
          end
94

95
          private
96

97
          # Decodes a Rex::Proto::Kerberos::Model::KrbError from an String
98
          #
99
          # @param input [String] the input to decode from
100
          def decode_string(input)
101
            asn1 = OpenSSL::ASN1.decode(input)
102

103
            decode_asn1(asn1)
104
          end
105

106
          # Decodes a Rex::Proto::Kerberos::Model::KrbError
107
          #
108
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
109
          # @raise [Rex::Proto::Kerberos::Model::Error::KerberosDecodingError] if decoding doesn't succeed
110
          def decode_asn1(input)
111
            input.value[0].value.each do |val|
112
              case val.tag
113
              when 0
114
                self.pvno = decode_pvno(val)
115
              when 1
116
                self.msg_type = decode_msg_type(val)
117
              when 2
118
                self.ctime = decode_ctime(val)
119
              when 3
120
                self.cusec = decode_cusec(val)
121
              when 4
122
                self.stime = decode_stime(val)
123
              when 5
124
                self.susec = decode_susec(val)
125
              when 6
126
                self.error_code = decode_error_code(val)
127
              when 7
128
                self.crealm = decode_crealm(val)
129
              when 8
130
                self.cname = decode_cname(val)
131
              when 9
132
                self.realm = decode_realm(val)
133
              when 10
134
                self.sname = decode_sname(val)
135
              when 11
136
                self.etext = decode_etext(val)
137
              when 12
138
                self.e_data = decode_e_data(val)
139
              else
140
                raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, "Failed to decode KRB-ERROR SEQUENCE (#{val.tag})"
141
              end
142
            end
143
          end
144

145
          # Decodes the pvno from an OpenSSL::ASN1::ASN1Data
146
          #
147
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
148
          # @return [Integer]
149
          def decode_pvno(input)
150
            input.value[0].value.to_i
151
          end
152

153
          # Decodes the msg_type from an OpenSSL::ASN1::ASN1Data
154
          #
155
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
156
          # @return [Integer]
157
          def decode_msg_type(input)
158
            input.value[0].value.to_i
159
          end
160

161
          # Decodes the ctime field
162
          #
163
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
164
          # @return [Time]
165
          def decode_ctime(input)
166
            input.value[0].value
167
          end
168

169
          # Decodes the cusec field
170
          #
171
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
172
          # @return [Integer]
173
          def decode_cusec(input)
174
            input.value[0].value
175
          end
176

177
          # Decodes the stime field
178
          #
179
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
180
          # @return [Time]
181
          def decode_stime(input)
182
            input.value[0].value
183
          end
184

185
          # Decodes the susec field
186
          #
187
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
188
          # @return [Integer]
189
          def decode_susec(input)
190
            input.value[0].value.to_i
191
          end
192

193
          # Decodes the error_code field
194
          #
195
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
196
          # @return [Rex::Proto::Kerberos::Model::Error::ErrorCode]
197
          def decode_error_code(input)
198
            value = input.value[0].value.to_i
199

200
            Error::ErrorCodes::ERROR_MAP[value] || Error::ErrorCode.new('UNKNOWN', value, 'Unknown error')
201
          end
202

203
          # Decodes the crealm field
204
          #
205
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
206
          # @return [String]
207
          def decode_crealm(input)
208
            input.value[0].value
209
          end
210

211
          # Decodes the cname field
212
          #
213
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
214
          # @return [Rex::Proto::Kerberos::Model::PrincipalName]
215
          def decode_cname(input)
216
            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
217
          end
218

219
          # Decodes the realm field
220
          #
221
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
222
          # @return [String]
223
          def decode_realm(input)
224
            input.value[0].value
225
          end
226

227
          # Decodes the sname field
228
          #
229
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
230
          # @return [Rex::Proto::Kerberos::Model::PrincipalName]
231
          def decode_sname(input)
232
            Rex::Proto::Kerberos::Model::PrincipalName.decode(input.value[0])
233
          end
234

235
          # Decodes the e-text field
236
          #
237
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
238
          # @return [String]
239
          def decode_etext(input)
240
            input.value[0].value
241
          end
242

243
          # Decodes the e_data from an OpenSSL::ASN1::ASN1Data
244
          #
245
          # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
246
          # @return [String]
247
          def decode_e_data(input)
248
            input.value[0].value
249
          end
250
        end
251
      end
252
    end
253
  end
254
end
255

256