Exception: Rex::Proto::Kerberos::Model::Error::KerberosError

Inherits:
StandardError
  • Object
show all
Defined in:
lib/rex/proto/kerberos/model/error.rb

Overview

Runtime Error which can be raised by the Rex::Proto::Kerberos API

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(message = nil, error_code: nil, res: nil) ⇒ KerberosError

Returns a new instance of KerberosError.



159
160
161
162
163
164
165
# File 'lib/rex/proto/kerberos/model/error.rb', line 159

def initialize(message = nil, error_code: nil, res: nil)
  error_code ||= res&.error_code
  @error_code = error_code
  @res = res

  super(message || message_for(error_code))
end

Instance Attribute Details

#error_codeRex::Proto::Kerberos::Model::Error::ErrorCode (readonly)

Returns A ErrorCode generated from a KDC.

Returns:



154
155
156
# File 'lib/rex/proto/kerberos/model/error.rb', line 154

def error_code
  @error_code
end

#resRex::Proto::Kerberos::Model::KdcResponse, Rex::Proto::Kerberos::Model::EncKdcResponse (readonly)

Returns The response associated with this error.

Returns:



157
158
159
# File 'lib/rex/proto/kerberos/model/error.rb', line 157

def res
  @res
end

Instance Method Details

#message_for(error_code) ⇒ Object



167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# File 'lib/rex/proto/kerberos/model/error.rb', line 167

def message_for(error_code)
  return "Kerberos Error" unless error_code

  if error_code == ErrorCodes::KRB_AP_ERR_SKEW && res&.respond_to?(:stime)
    now = Time.now
    skew = (res.stime - now).abs.to_i
    return "#{error_code}. Local time: #{now}, Server time: #{res.stime}, off by #{skew} seconds"
  elsif error_code == ErrorCodes::KDC_ERR_CLIENT_REVOKED && res&.respond_to?(:e_data) && res.e_data.present?
    begin
      pa_datas = res.e_data_as_pa_data
    rescue OpenSSL::ASN1::ASN1Error
    else
      pa_data_entry = pa_datas.find do |pa_data|
        pa_data.type == Rex::Proto::Kerberos::Model::PreAuthType::KERB_SUPERSEDED_BY_USER
      end

      if pa_data_entry
        error_code = "#{error_code}. This account has been superseded by #{pa_data_entry.decoded_value}."
      end
    end
  end

  "Kerberos Error - #{error_code}"
end