private byte[] GetResponsePayload(TacacsHeader responseHeader, byte[] responsePacket) { var responsePayload = responsePacket.Skip(responsePacket.Length - responseHeader.Length).ToArray(); var pseudoPad = TacacsPlusProtocol.GetPseudoPad(responseHeader, responseHeader.Length, _sharedSecret); return(TacacsPlusProtocol.XorPseudoPad(responsePayload, pseudoPad)); }
public bool Authenticate(TacacsAuthenticationType type, TacacsAuthenticationService service, string user, SecureString password) { if (string.IsNullOrEmpty(user)) { throw new ArgumentException("Must specify a valid user name", nameof(user)); } if (password == null) { throw new ArgumentException("Must specify a valid password", nameof(password)); } var requestPacket = TacacsPlusProtocol.GetAuthenticationPacket(type, service, user, password, _sharedSecret); var responsePacket = SendReceive(requestPacket); var responsePayload = ValidateResponseAndGetPayload(responsePacket); var authenticationReplyHeader = StructConverter.BytesToStruct <TacacsAuthenticationReplyHeader>(responsePayload); switch (authenticationReplyHeader.Status) { case TacacsAuthenticationStatus.Pass: return(true); case TacacsAuthenticationStatus.Fail: return(false); case TacacsAuthenticationStatus.Error: var serverMessage = Encoding.UTF8.GetString(responsePacket.Skip(6 /* Authentication Reply Header Size */) .Take(authenticationReplyHeader.ServerMessageLength).ToArray()); throw new Exception($"Server responded with an error: {serverMessage}"); default: throw new Exception($"Unexpected authentication status: {authenticationReplyHeader.Status}"); } }