Example #1
0
 internal static bool Parse(KerberosAuthorizationDataPACEntryType type, byte[] data, out KerberosAuthorizationDataPACEntry entry)
 {
     entry = null;
     try {
         var info = KerbValidationInfoParser.Decode(new NdrPickledType(data));
         if (!info.HasValue)
         {
             return(false);
         }
         entry = new KerberosAuthorizationDataPACLogon(type, data, info.Value);
         return(true);
     } catch {
         return(false);
     }
 }
        internal static bool Parse(byte[] data, out KerberosAuthorizationDataPAC auth_data)
        {
            auth_data = null;
            if (data.Length < 8)
            {
                return(false);
            }
            BinaryReader reader  = new BinaryReader(new MemoryStream(data));
            long         count   = reader.ReadInt32();
            int          version = reader.ReadInt32();

            if (version != 0)
            {
                return(false);
            }
            if (reader.RemainingLength() < count * 16)
            {
                return(false);
            }

            List <KerberosAuthorizationDataPACEntry> entries = new List <KerberosAuthorizationDataPACEntry>();

            for (long i = 0; i < count; ++i)
            {
                int  type   = reader.ReadInt32();
                int  length = reader.ReadInt32();
                long offset = reader.ReadInt64();

                if (offset >= data.LongLength || (offset + length) > data.LongLength)
                {
                    return(false);
                }

                byte[] entry_data = new byte[length];
                Buffer.BlockCopy(data, (int)offset, entry_data, 0, length);

                KerberosAuthorizationDataPACEntryType entry_type = (KerberosAuthorizationDataPACEntryType)type;
                KerberosAuthorizationDataPACEntry     pac_entry  = null;
                switch (entry_type)
                {
                case KerberosAuthorizationDataPACEntryType.UserClaims:
                case KerberosAuthorizationDataPACEntryType.DeviceClaims:
                    if (!KerberosAuthorizationDataPACClaimSet.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.KDCChecksum:
                case KerberosAuthorizationDataPACEntryType.ServerChecksum:
                    if (!KerberosAuthorizationDataPACSignature.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.ClientInfo:
                    if (!KerberosAuthorizationDataPACClientInfo.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.UserPrincipalName:
                    if (!KerberosAuthorizationDataPACUpnDnsInfo.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.Logon:
                    if (!KerberosAuthorizationDataPACLogon.Parse(entry_type, entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;

                case KerberosAuthorizationDataPACEntryType.Device:
                    if (!KerberosAuthorizationDataPACDevice.Parse(entry_data, out pac_entry))
                    {
                        pac_entry = null;
                    }
                    break;
                }

                if (pac_entry == null)
                {
                    pac_entry = new KerberosAuthorizationDataPACEntry(entry_type, entry_data);
                }

                entries.Add(pac_entry);
            }

            auth_data = new KerberosAuthorizationDataPAC(data, entries.AsReadOnly());
            return(true);
        }