Class: Rex::Proto::Kerberos::Model::S4uUserId

Inherits:
Element
  • Object
show all
Defined in:
lib/rex/proto/kerberos/model/s4u_user_id.rb

Overview

This class provides a representation of the S4UUserID structure as defined in the Kerberos protocol.

Constant Summary

Constants included from Rex::Proto::Kerberos::Model

AP_REP, AP_REQ, AS_REP, AS_REQ, AUTHENTICATOR, ENC_AP_REP_PART, ENC_KRB_CRED_PART, KRB_CRED, KRB_ERROR, TGS_REP, TGS_REQ, TICKET, VERSION

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Element

attr_accessor, attributes, #attributes, decode

Constructor Details

#initialize(name, impersonate_type, realm, nonce) ⇒ S4uUserId

Returns a new instance of S4uUserId.



38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 38

def initialize(name, impersonate_type, realm, nonce)
  self.nonce = nonce
  # Set cname name_type based on dMSA flag
  self.cname = Rex::Proto::Kerberos::Model::PrincipalName.new(
    name_type: impersonate_type == 'dmsa' ? NameType::NT_PRINCIPAL : NameType::NT_ENTERPRISE,
    name_string: [name]
  )
  self.crealm = realm

  # Default options
  self.options = impersonate_type == 'dmsa' ? ::Rex::Proto::Kerberos::Model::PaS4uX509UserOptions::UNCONDITIONAL_DELEGATION | ::Rex::Proto::Kerberos::Model::PaS4uX509UserOptions::SIGN_REPLY : ::Rex::Proto::Kerberos::Model::PaS4uX509UserOptions::SIGN_REPLY
end

Instance Attribute Details

#cnameRex::Proto::Kerberos::Model::PrincipalName?

Returns The principal name (optional).

Returns:



15
16
17
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 15

def cname
  @cname
end

#crealmString

Returns The realm.

Returns:

  • (String)

    The realm



18
19
20
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 18

def crealm
  @crealm
end

#nonceInteger

Returns The nonce in KDC-REQ-BODY.

Returns:

  • (Integer)

    The nonce in KDC-REQ-BODY



12
13
14
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 12

def nonce
  @nonce
end

#optionsString?

Returns The options (optional).

Returns:

  • (String, nil)

    The options (optional)



24
25
26
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 24

def options
  @options
end

#subject_certificateString?

Returns The subject certificate (optional).

Returns:

  • (String, nil)

    The subject certificate (optional)



21
22
23
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 21

def subject_certificate
  @subject_certificate
end

Instance Method Details

#decode(input) ⇒ self

Decodes the S4UUserID from an input

Parameters:

  • input (String, OpenSSL::ASN1::ASN1Data)

    the input to decode from

Returns:

  • (self)

    if decoding succeeds

Raises:



56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 56

def decode(input)
  case input
  when String
    decode_string(input)
  when OpenSSL::ASN1::ASN1Data
    decode_asn1(input)
  else
    raise ::Rex::Proto::Kerberos::Model::Error::KerberosDecodingError, 'Failed to decode S4UUserID, invalid input'
  end

  self
end

#encodeString

Encodes the S4UUserID into an ASN.1 String

Returns:

  • (String) 


72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/rex/proto/kerberos/model/s4u_user_id.rb', line 72

def encode
  elems = []
  elems << OpenSSL::ASN1::ASN1Data.new([encode_nonce], 0, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_cname], 1, :CONTEXT_SPECIFIC) if cname
  elems << OpenSSL::ASN1::ASN1Data.new([encode_crealm], 2, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_subject_certificate], 3, :CONTEXT_SPECIFIC) if subject_certificate
  # Convert options to a byte array
  options_bytes = [self.options].pack('N') # Pack as a big-endian unsigned 32-bit integer
  elems << OpenSSL::ASN1::ASN1Data.new([OpenSSL::ASN1::BitString.new(options_bytes)], 4, :CONTEXT_SPECIFIC)


  seq = OpenSSL::ASN1::Sequence.new(elems)

  seq.to_der
end