Class: Rex::Proto::Kerberos::Model::KdcRequestBody

Inherits:
Element
  • Object
show all
Defined in:
lib/rex/proto/kerberos/model/kdc_request_body.rb

Overview

This class provides a representation of a Kerberos KDC-REQ-BODY (request body) data definition

https://datatracker.ietf.org/doc/html/rfc4120#section-5.4.1
KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData OPTIONAL
                                    -- AuthorizationData --,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
                                       -- NOTE: not empty
}

Constant Summary

Constants included from Rex::Proto::Kerberos::Model

AP_REP, AP_REQ, AS_REP, AS_REQ, AUTHENTICATOR, ENC_AP_REP_PART, ENC_KRB_CRED_PART, KRB_CRED, KRB_ERROR, TGS_REP, TGS_REQ, TICKET, VERSION

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Element

attr_accessor, attributes, #attributes, decode, #initialize

Constructor Details

This class inherits a constructor from Rex::Proto::Kerberos::Model::Element

Instance Attribute Details

#additional_ticketsArray<Rex::Proto::Kerberos::Model::EncryptedData>

Returns Additional tickets.

Returns:



66
67
68
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 66

def additional_tickets
  @additional_tickets
end

#addressesArray<Rex::Proto::Kerberos::Model::HostAddress>?

Returns A list of addresses from which the requested ticket is valid.

Returns:



57
58
59
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 57

def addresses
  @addresses
end

#cnameRex::Proto::Kerberos::Model::PrincipalName

Returns The name part of the client’s principal identifier.

Returns:



36
37
38
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 36

def cname
  @cname
end

#enc_auth_dataRex::Proto::Kerberos::Model::EncryptedData

Returns An encoding of the desired authorization-data encrypted.

Returns:



63
64
65
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 63

def enc_auth_data
  @enc_auth_data
end

#etypeArray<Integer>

Returns The desired encryption algorithm to be used in the response.

Returns:

  • (Array<Integer>)

    The desired encryption algorithm to be used in the response



60
61
62
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 60

def etype
  @etype
end

#fromTime

Returns Start time when the ticket is to be postdated.

Returns:

  • (Time)

    Start time when the ticket is to be postdated



45
46
47
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 45

def from
  @from
end

#nonceInteger

Returns random number.

Returns:

  • (Integer)

    random number



54
55
56
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 54

def nonce
  @nonce
end

#optionsInteger

Returns The ticket flags.

Returns:

  • (Integer)

    The ticket flags



33
34
35
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 33

def options
  @options
end

#realmString

Returns The realm part of the server’s principal identifier.

Returns:

  • (String)

    The realm part of the server's principal identifier



39
40
41
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 39

def realm
  @realm
end

#rtimeTime

Returns Optional requested renew-till time.

Returns:

  • (Time)

    Optional requested renew-till time



51
52
53
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 51

def rtime
  @rtime
end

#snameRex::Proto::Kerberos::Model::PrincipalName

Returns The name part of the server’s identity.

Returns:



42
43
44
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 42

def sname
  @sname
end

#tillTime

Returns Expiration date requested by the client.

Returns:

  • (Time)

    Expiration date requested by the client



48
49
50
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 48

def till
  @till
end

Instance Method Details

#checksum(etype, key, key_usage) ⇒ String

Makes a checksum from the Rex::Proto::Kerberos::Model::KdcRequestBody

Parameters:

  • etype (Integer)

    the crypto schema to checksum

  • key (String)

    the key used as the HMAC secret (applicable to most but not all checksum algorithms)

Returns:

  • (String)

    the checksum

Raises:

  • (NotImplementedError)

    if the encryption schema isn't supported



116
117
118
119
120
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 116

def checksum(etype, key, key_usage)
  data = self.encode
  checksummer = Rex::Proto::Kerberos::Crypto::Checksum::from_checksum_type(etype)
  checksummer.checksum(key, key_usage, data)
end

#decode(input) ⇒ self

Decodes the Rex::Proto::Kerberos::Model::KdcRequestBody attributes from input

Parameters:

  • input (String, OpenSSL::ASN1::Sequence)

    the input to decode from

Returns:

  • (self)

    if decoding succeeds

Raises:



73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 73

def decode(input)
  case input
  when String
    decode_string(input)
  when OpenSSL::ASN1::Sequence
    decode_asn1(input)
  else
    raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode KdcRequestBody, invalid input'
  end

  self
end

#encodeString

Encodes the Rex::Proto::Kerberos::Model::KdcRequestBody into an ASN.1 String

Returns:

  • (String)


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/rex/proto/kerberos/model/kdc_request_body.rb', line 89

def encode
  elems = []

  elems << OpenSSL::ASN1::ASN1Data.new([encode_options], 0, :CONTEXT_SPECIFIC) if options
  elems << OpenSSL::ASN1::ASN1Data.new([encode_cname], 1, :CONTEXT_SPECIFIC) if cname
  elems << OpenSSL::ASN1::ASN1Data.new([encode_realm], 2, :CONTEXT_SPECIFIC) if realm
  elems << OpenSSL::ASN1::ASN1Data.new([encode_sname], 3, :CONTEXT_SPECIFIC) if sname
  elems << OpenSSL::ASN1::ASN1Data.new([encode_from], 4, :CONTEXT_SPECIFIC) if from
  elems << OpenSSL::ASN1::ASN1Data.new([encode_till], 5, :CONTEXT_SPECIFIC) if till
  elems << OpenSSL::ASN1::ASN1Data.new([encode_rtime], 6, :CONTEXT_SPECIFIC) if rtime
  elems << OpenSSL::ASN1::ASN1Data.new([encode_nonce], 7, :CONTEXT_SPECIFIC) if nonce
  elems << OpenSSL::ASN1::ASN1Data.new([encode_etype], 8, :CONTEXT_SPECIFIC) if etype
  elems << OpenSSL::ASN1::ASN1Data.new([encode_addresses], 9, :CONTEXT_SPECIFIC) if addresses&.any?
  elems << OpenSSL::ASN1::ASN1Data.new([encode_enc_auth_data], 10, :CONTEXT_SPECIFIC) if enc_auth_data
  elems << OpenSSL::ASN1::ASN1Data.new([encode_additional_tickets], 11, :CONTEXT_SPECIFIC) if additional_tickets

  seq = OpenSSL::ASN1::Sequence.new(elems)

  seq.to_der
end