Class: Rex::Proto::Kerberos::Model::Authenticator

Inherits:
Element
  • Object
show all
Defined in:
lib/rex/proto/kerberos/model/authenticator.rb

Overview

This class provides a representation of an Authenticator, sent with a ticket to the server to certify the client's knowledge of the encryption key in the ticket.

Constant Summary

Constants included from Rex::Proto::Kerberos::Model

AD_IF_RELEVANT, AP_REQ, AS_REP, AS_REQ, AUTHENTICATOR, ERROR_CODES, KDC_OPTION_ALLOW_POST_DATE, KDC_OPTION_ENC_TKT_IN_SKEY, KDC_OPTION_FORWARDABLE, KDC_OPTION_FORWARDED, KDC_OPTION_POST_DATED, KDC_OPTION_PROXIABLE, KDC_OPTION_PROXY, KDC_OPTION_RENEW, KDC_OPTION_RENEWABLE, KDC_OPTION_RENEWABLE_OK, KDC_OPTION_RESERVED, KDC_OPTION_UNUSED_10, KDC_OPTION_UNUSED_11, KDC_OPTION_UNUSED_7, KDC_OPTION_UNUSED_9, KDC_OPTION_VALIDATE, KRB_ERROR, NT_PRINCIPAL, NT_SRV_HST, NT_SRV_INST, NT_SRV_XHST, NT_UID, NT_UNKNOWN, PA_ENC_TIMESTAMP, PA_PAC_REQUEST, PA_PW_SALT, PA_TGS_REQ, TGS_REP, TGS_REQ, TICKET, VERSION

Constants included from Crypto

Crypto::ENC_AS_RESPONSE, Crypto::ENC_KDC_REQUEST_BODY, Crypto::ENC_TGS_RESPONSE, Crypto::RC4_HMAC, Crypto::RSA_MD5

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Element

attr_accessor, attributes, #attributes, decode, #initialize

Methods included from Crypto::RsaMd5

#checksum_rsa_md5

Methods included from Crypto::Rc4Hmac

#decrypt_rc4_hmac, #encrypt_rc4_hmac

Constructor Details

This class inherits a constructor from Rex::Proto::Kerberos::Model::Element

Instance Attribute Details

#checksumRex::Proto::Kerberos::Model::Checksum

accompanies the KRB_AP_REQ.

Returns:


24
25
26
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 24

def checksum
  @checksum
end

#cnameRex::Proto::Kerberos::Model::PrincipalName

identifier

Returns:


20
21
22
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 20

def cname
  @cname
end

#crealmString

Returns The realm in which the client is registered.

Returns:

  • (String)

    The realm in which the client is registered


16
17
18
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 16

def crealm
  @crealm
end

#ctimeTime

Returns The current time of the client's host.

Returns:

  • (Time)

    The current time of the client's host


30
31
32
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 30

def ctime
  @ctime
end

#cusecInteger

Returns The microsecond part of the client's timestamp.

Returns:

  • (Integer)

    The microsecond part of the client's timestamp


27
28
29
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 27

def cusec
  @cusec
end

#subkeyRex::Proto::Kerberos::Model::EncryptionKey

key which is to be used to protect this specific application session

Returns:


34
35
36
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 34

def subkey
  @subkey
end

#vnoInteger

Returns The authenticator version number.

Returns:

  • (Integer)

    The authenticator version number


13
14
15
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 13

def vno
  @vno
end

Instance Method Details

#decode(input) ⇒ Object

Rex::Proto::Kerberos::Model::Authenticator decoding isn't supported


39
40
41
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 39

def decode(input)
  raise ::NotImplementedError, 'Authenticator decoding not supported'
end

#encodeString

Encodes the Rex::Proto::Kerberos::Model::Authenticator into an ASN.1 String

Returns:

  • (String)

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 46

def encode
  elems = []
  elems << OpenSSL::ASN1::ASN1Data.new([encode_vno], 0, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_crealm], 1, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_cname], 2, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_checksum], 3, :CONTEXT_SPECIFIC) if checksum
  elems << OpenSSL::ASN1::ASN1Data.new([encode_cusec], 4, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_ctime], 5, :CONTEXT_SPECIFIC)
  elems << OpenSSL::ASN1::ASN1Data.new([encode_subkey], 6, :CONTEXT_SPECIFIC) if subkey

  seq = OpenSSL::ASN1::Sequence.new(elems)
  seq_asn1 = OpenSSL::ASN1::ASN1Data.new([seq], AUTHENTICATOR, :APPLICATION)

  seq_asn1.to_der
end

#encrypt(etype, key) ⇒ String

Encrypts the Rex::Proto::Kerberos::Model::Authenticator

Parameters:

  • etype (Integer)

    the crypto schema to encrypt

  • key (String)

    the key to encrypt

Returns:

  • (String)

    the encrypted result

Raises:


68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/rex/proto/kerberos/model/authenticator.rb', line 68

def encrypt(etype, key)
  data = self.encode

  res = ''
  case etype
  when RC4_HMAC
    res = encrypt_rc4_hmac(data, key, 7)
  else
    raise ::NotImplementedError, 'EncryptedData schema is not supported'
  end

  res
end