Example #1
0
        internal static bool Parse(byte[] data, out KerberosAuthorizationDataPACEntry entry)
        {
            entry = null;
            try {
                var info = PacDeviceInfoParser.Decode(new NdrPickledType(data));
                if (!info.HasValue)
                {
                    return(false);
                }

                entry = new KerberosAuthorizationDataPACDevice(data, info.Value);
                return(true);
            } catch {
                return(false);
            }
        }
        internal static bool Parse(KerberosAuthorizationDataPACEntryType type, byte[] data, out KerberosAuthorizationDataPACEntry entry)
        {
            entry = null;

            if (data.Length < 4)
            {
                return(false);
            }

            int signature_length = 0;
            KerberosChecksumType signature_type = (KerberosChecksumType)BitConverter.ToInt32(data, 0);

            switch (signature_type)
            {
            case KerberosChecksumType.HMAC_MD5:
                signature_length = 16;
                break;

            case KerberosChecksumType.HMAC_SHA1_96_AES_128:
            case KerberosChecksumType.HMAC_SHA1_96_AES_256:
                signature_length = 12;
                break;

            default:
                signature_length = data.Length - 4;
                break;
            }

            byte[] signature = new byte[signature_length];
            Buffer.BlockCopy(data, 4, signature, 0, signature_length);
            int?rodc_id    = null;
            int total_size = 4 + signature_length;

            if (data.Length - total_size >= 2)
            {
                rodc_id = BitConverter.ToUInt16(data, total_size);
            }

            entry = new KerberosAuthorizationDataPACSignature(type, data, signature_type, signature, rodc_id);
            return(true);
        }
Example #3
0
        internal static bool Parse(KerberosAuthorizationDataPACEntryType type, byte[] data, out KerberosAuthorizationDataPACEntry entry)
        {
            entry = null;
            try
            {
                var set = ClaimSetMetadataParser.Decode(new NdrPickledType(data));
                if (!set.HasValue || set.Value.ClaimsSet == null || set.Value.usCompressionFormat != 0)
                {
                    return(false);
                }
                var claims = ClaimSetParser.Decode(new NdrPickledType(set.Value.ClaimsSet));
                if (!claims.HasValue || claims.Value.ClaimsArrays == null)
                {
                    return(false);
                }

                List <KerberosClaimsArray> claims_array = new List <KerberosClaimsArray>();

                foreach (var claim in claims.Value.ClaimsArrays.GetValue())
                {
                    KerberosClaimsSource source = (KerberosClaimsSource)claim.usClaimsSourceType.Value;
                    claims_array.Add(new KerberosClaimsArray(source, claim.ClaimEntries.GetValue().Select(ConvertToClaim)));
                }

                entry = new KerberosAuthorizationDataPACClaimSet(type, data, claims_array.AsReadOnly());
                return(true);
            }
            catch
            {
                return(false);
            }
        }
        internal static bool Parse(KerberosAuthorizationDataPACEntryType type, byte[] data, out KerberosAuthorizationDataPACEntry entry)
        {
            entry = null;
            if (data.Length < 12)
            {
                return(false);
            }

            int upn_length = BitConverter.ToUInt16(data, 0);
            int upn_offset = BitConverter.ToUInt16(data, 2);
            int dns_length = BitConverter.ToUInt16(data, 4);
            int dns_offset = BitConverter.ToUInt16(data, 6);
            KerberosUpnDnsInfoFlags flags = (KerberosUpnDnsInfoFlags)BitConverter.ToInt32(data, 8);

            if (upn_length + upn_offset > data.Length || dns_length + dns_offset > data.Length)
            {
                return(false);
            }

            string upn = Encoding.Unicode.GetString(data, upn_offset, upn_length);
            string dns = Encoding.Unicode.GetString(data, dns_offset, dns_length);

            entry = new KerberosAuthorizationDataPACUpnDnsInfo(type, data, flags, upn, dns);
            return(true);
        }
        internal static bool Parse(byte[] data, out KerberosAuthorizationDataPAC auth_data)
        {
            auth_data = null;
            if (data.Length < 8)
            {
                return(false);
            }
            BinaryReader reader  = new BinaryReader(new MemoryStream(data));
            long         count   = reader.ReadInt32();
            int          version = reader.ReadInt32();

            if (version != 0)
            {
                return(false);
            }
            if (reader.RemainingLength() < count * 16)
            {
                return(false);
            }

            List <KerberosAuthorizationDataPACEntry> entries = new List <KerberosAuthorizationDataPACEntry>();

            for (long i = 0; i < count; ++i)
            {
                int  type   = reader.ReadInt32();
                int  length = reader.ReadInt32();
                long offset = reader.ReadInt64();

                if (offset >= data.LongLength || (offset + length) > data.LongLength)
                {
                    return(false);
                }

                byte[] entry_data = new byte[length];
                Buffer.BlockCopy(data, (int)offset, entry_data, 0, length);

                KerberosAuthorizationDataPACEntryType entry_type = (KerberosAuthorizationDataPACEntryType)type;
                KerberosAuthorizationDataPACEntry     pac_entry  = null;
                switch (entry_type)
                {
                case KerberosAuthorizationDataPACEntryType.UserClaims:
                case KerberosAuthorizationDataPACEntryType.DeviceClaims:
                    if (!KerberosAuthorizationDataPACClaimSet.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.KDCChecksum:
                case KerberosAuthorizationDataPACEntryType.ServerChecksum:
                    if (!KerberosAuthorizationDataPACSignature.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.ClientInfo:
                    if (!KerberosAuthorizationDataPACClientInfo.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.UserPrincipalName:
                    if (!KerberosAuthorizationDataPACUpnDnsInfo.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;
                }

                if (pac_entry == null)
                {
                    pac_entry = new KerberosAuthorizationDataPACEntry(entry_type, entry_data);
                }

                entries.Add(pac_entry);
            }

            auth_data = new KerberosAuthorizationDataPAC(data, entries.AsReadOnly());
            return(true);
        }
Example #6
0
        internal static bool Parse(KerberosAuthorizationDataPACEntryType type, byte[] data, out KerberosAuthorizationDataPACEntry entry)
        {
            entry = null;
            if (data.Length < 10)
            {
                return(false);
            }

            long client_id   = BitConverter.ToInt64(data, 0);
            int  name_length = BitConverter.ToUInt16(data, 8);

            if (name_length + 10 > data.Length)
            {
                return(false);
            }
            string name = Encoding.Unicode.GetString(data, 10, name_length);

            entry = new KerberosAuthorizationDataPACClientInfo(type, data, client_id, name);
            return(true);
        }