//Get the expected Kerberos PDU from byte array
private KerberosPdu getExpectedPduFromBytes(
byte[] receivedBytes,
out int consumedLength,
out int expectedLength)
{
// initialize lengths
consumedLength = 0;
expectedLength = 0;
if (null == receivedBytes || 0 == receivedBytes.Length)
{
return(null);
}
// TCP has a 4 bytes length header, while UDP has not
byte[] pduBytes = receivedBytes;
if ((this.Context.TransportType == TransportType.TCP))
{
// insufficient data, needs to receive more
if (receivedBytes.Length < sizeof(int))
{
return(null);
}
// get pdu data length
byte[] lengthBytes = ArrayUtility.SubArray(receivedBytes, 0, sizeof(int));
Array.Reverse(lengthBytes);
int pduLength = BitConverter.ToInt32(lengthBytes, 0);
// insufficient data, needs to receive more
expectedLength = sizeof(int) + pduLength;
if (receivedBytes.Length < expectedLength)
{
return(null);
}
// remove length header from pdu bytes
pduBytes = ArrayUtility.SubArray <byte>(receivedBytes, sizeof(int), pduLength);
}
else
{
// UDP has no length header
expectedLength = pduBytes.Length;
}
consumedLength = expectedLength;
KerberosPdu pdu = null;
//Get AP data in message to judge the kpassword type
byte[] apLengthBytes = ArrayUtility.SubArray <byte>(pduBytes, 2 * sizeof(ushort), sizeof(ushort));
Array.Reverse(apLengthBytes);
ushort apLength = BitConverter.ToUInt16(apLengthBytes, 0);
//If the length is zero, then the last field contains a KRB-ERROR message instead of a KRB-PRIV message.
if (apLength == 0)
{
pdu = new KerberosKrbError();
pdu.FromBytes(ArrayUtility.SubArray <byte>(pduBytes, 3 * sizeof(ushort)));
return(pdu);
}
// get message type
// (the lower 5 bits indicates its message type)
byte[] apBytes = ArrayUtility.SubArray <byte>(pduBytes, 3 * sizeof(ushort), apLength);
MsgType kpassMsgType = (MsgType)(apBytes[0] & 0x1f);
if (kpassMsgType == MsgType.KRB_AP_REQ)
{
pdu = new KpasswordRequest();
}
else
{
pdu = new KpasswordResponse();
pdu.FromBytes(pduBytes);
}
return(pdu);
}
public PaFxError(PA_DATA PaData)
{
paData = PaData;
KrbError = new KerberosKrbError();
KrbError.FromBytes(PaData.padata_value.ByteArrayValue);
}
//Get the expected Kerberos PDU from byte array
private KerberosPdu getExpectedPduFromBytes(
byte[] receivedBytes,
out int consumedLength,
out int expectedLength)
{
// initialize lengths
consumedLength = 0;
expectedLength = 0;
if (null == receivedBytes || 0 == receivedBytes.Length)
{
return(null);
}
// TCP has a 4 bytes length header, while UDP has not
byte[] pduBytes = receivedBytes;
if ((this.Context.TransportType == TransportType.TCP))
{
// insufficient data, needs to receive more
if (receivedBytes.Length < sizeof(int))
{
return(null);
}
// get pdu data length
byte[] lengthBytes = ArrayUtility.SubArray(receivedBytes, 0, sizeof(int));
Array.Reverse(lengthBytes);
int pduLength = BitConverter.ToInt32(lengthBytes, 0);
// insufficient data, needs to receive more
expectedLength = sizeof(int) + pduLength;
if (receivedBytes.Length < expectedLength)
{
return(null);
}
// remove length header from pdu bytes
pduBytes = ArrayUtility.SubArray <byte>(receivedBytes, sizeof(int), pduLength);
}
else
{
// UDP has no length header
expectedLength = pduBytes.Length;
}
// decode according to message type
consumedLength = expectedLength;
// get message type
// (the lower 5 bits indicates its kile message type)
MsgType kileMessageType = (MsgType)(pduBytes[0] & 0x1f);
KerberosPdu pdu = null;
switch (kileMessageType)
{
case MsgType.KRB_AS_REQ:
pdu = new KerberosAsRequest();
break;
case MsgType.KRB_AS_RESP:
pdu = new KerberosAsResponse();
break;
case MsgType.KRB_TGS_REQ:
pdu = new KerberosTgsRequest();
break;
case MsgType.KRB_TGS_RESP:
pdu = new KerberosTgsResponse();
break;
case MsgType.KRB_ERROR:
pdu = new KerberosKrbError();
break;
default:
throw new FormatException(
"Unsupported Message Type: " + kileMessageType.ToString());
}
pdu.FromBytes(pduBytes);
// update context
if (this.expectedPduType == null || this.expectedPduType == pdu.GetType())
{
this.UpdateContext(pdu);
}
return(pdu);
}
public KerberosKrbError GetKrbErrorFromToken(byte[] token)
{
token = KerberosUtility.DecodeNegotiationToken(token);
if (token[0] == KerberosConstValue.KERBEROS_TAG)
{
byte[] apData = KerberosUtility.VerifyGssApiTokenHeader(token, this.oidPkt);
// Check if it has a two-byte tok_id
if (null == apData || apData.Length <= sizeof(TOK_ID))
{
throw new FormatException(
"Data length is shorter than a valid AP Response data length.");
}
// verify TOK_ID
byte[] tokenID = ArrayUtility.SubArray<byte>(apData, 0, sizeof(TOK_ID));
Array.Reverse(tokenID);
TOK_ID id = (TOK_ID)BitConverter.ToUInt16(tokenID, 0);
this.testSite.Assert.AreEqual(TOK_ID.KRB_ERROR, id, "The Token ID should be KRB_ERROR");
// Get apBody
token = ArrayUtility.SubArray(apData, sizeof(TOK_ID));
}
KerberosKrbError error = new KerberosKrbError();
error.FromBytes(token);
return error;
}
public PaFxError(PA_DATA PaData)
{
paData = PaData;
KrbError = new KerberosKrbError();
KrbError.FromBytes(PaData.padata_value.ByteArrayValue);
}
//Get the expected Kerberos PDU from byte array
private KerberosPdu getExpectedPduFromBytes(
byte[] receivedBytes,
out int consumedLength,
out int expectedLength)
{
// initialize lengths
consumedLength = 0;
expectedLength = 0;
if (null == receivedBytes || 0 == receivedBytes.Length)
{
return null;
}
// TCP has a 4 bytes length header, while UDP has not
byte[] pduBytes = receivedBytes;
if ((this.Context.TransportType == TransportType.TCP))
{
// insufficient data, needs to receive more
if (receivedBytes.Length < sizeof(int))
{
return null;
}
// get pdu data length
byte[] lengthBytes = ArrayUtility.SubArray(receivedBytes, 0, sizeof(int));
Array.Reverse(lengthBytes);
int pduLength = BitConverter.ToInt32(lengthBytes, 0);
// insufficient data, needs to receive more
expectedLength = sizeof(int) + pduLength;
if (receivedBytes.Length < expectedLength)
{
return null;
}
// remove length header from pdu bytes
pduBytes = ArrayUtility.SubArray<byte>(receivedBytes, sizeof(int), pduLength);
}
else
{
// UDP has no length header
expectedLength = pduBytes.Length;
}
// decode according to message type
consumedLength = expectedLength;
// get message type
// (the lower 5 bits indicates its kile message type)
MsgType kileMessageType = (MsgType)(pduBytes[0] & 0x1f);
KerberosPdu pdu = null;
switch (kileMessageType)
{
case MsgType.KRB_AS_REQ:
pdu = new KerberosAsRequest();
break;
case MsgType.KRB_AS_RESP:
pdu = new KerberosAsResponse();
break;
case MsgType.KRB_TGS_REQ:
pdu = new KerberosTgsRequest();
break;
case MsgType.KRB_TGS_RESP:
pdu = new KerberosTgsResponse();
break;
case MsgType.KRB_ERROR:
pdu = new KerberosKrbError();
break;
default:
throw new FormatException(
"Unsupported Message Type: " + kileMessageType.ToString());
}
pdu.FromBytes(pduBytes);
// update context
if (this.expectedPduType == null || this.expectedPduType == pdu.GetType())
this.UpdateContext(pdu);
return pdu;
}
//Get the expected Kerberos PDU from byte array
private KerberosPdu getExpectedPduFromBytes(
byte[] receivedBytes,
out int consumedLength,
out int expectedLength)
{
// initialize lengths
consumedLength = 0;
expectedLength = 0;
if (null == receivedBytes || 0 == receivedBytes.Length)
{
return null;
}
// TCP has a 4 bytes length header, while UDP has not
byte[] pduBytes = receivedBytes;
if ((this.Context.TransportType == TransportType.TCP))
{
// insufficient data, needs to receive more
if (receivedBytes.Length < sizeof(int))
{
return null;
}
// get pdu data length
byte[] lengthBytes = ArrayUtility.SubArray(receivedBytes, 0, sizeof(int));
Array.Reverse(lengthBytes);
int pduLength = BitConverter.ToInt32(lengthBytes, 0);
// insufficient data, needs to receive more
expectedLength = sizeof(int) + pduLength;
if (receivedBytes.Length < expectedLength)
{
return null;
}
// remove length header from pdu bytes
pduBytes = ArrayUtility.SubArray<byte>(receivedBytes, sizeof(int), pduLength);
}
else
{
// UDP has no length header
expectedLength = pduBytes.Length;
}
consumedLength = expectedLength;
KerberosPdu pdu = null;
//Get AP data in message to judge the kpassword type
byte[] apLengthBytes = ArrayUtility.SubArray<byte>(pduBytes, 2 * sizeof(ushort), sizeof(ushort));
Array.Reverse(apLengthBytes);
ushort apLength = BitConverter.ToUInt16(apLengthBytes, 0);
//If the length is zero, then the last field contains a KRB-ERROR message instead of a KRB-PRIV message.
if (apLength == 0)
{
pdu = new KerberosKrbError();
pdu.FromBytes(ArrayUtility.SubArray<byte>(pduBytes, 3 * sizeof(ushort)));
return pdu;
}
// get message type
// (the lower 5 bits indicates its message type)
byte[] apBytes = ArrayUtility.SubArray<byte>(pduBytes, 3 * sizeof(ushort), apLength);
MsgType kpassMsgType = (MsgType)(apBytes[0] & 0x1f);
if (kpassMsgType == MsgType.KRB_AP_REQ)
{
pdu = new KpasswordRequest();
}
else
{
pdu = new KpasswordResponse();
pdu.FromBytes(pduBytes);
}
return pdu;
}
