private byte[] GetResponsePayload(TacacsHeader responseHeader, byte[] responsePacket)
{
var responsePayload = responsePacket.Skip(responsePacket.Length - responseHeader.Length).ToArray();
var pseudoPad = TacacsPlusProtocol.GetPseudoPad(responseHeader, responseHeader.Length, _sharedSecret);
return(TacacsPlusProtocol.XorPseudoPad(responsePayload, pseudoPad));
}
public bool Authenticate(TacacsAuthenticationType type, TacacsAuthenticationService service, string user,
SecureString password)
{
if (string.IsNullOrEmpty(user))
{
throw new ArgumentException("Must specify a valid user name", nameof(user));
}
if (password == null)
{
throw new ArgumentException("Must specify a valid password", nameof(password));
}
var requestPacket = TacacsPlusProtocol.GetAuthenticationPacket(type, service, user, password, _sharedSecret);
var responsePacket = SendReceive(requestPacket);
var responsePayload = ValidateResponseAndGetPayload(responsePacket);
var authenticationReplyHeader =
StructConverter.BytesToStruct <TacacsAuthenticationReplyHeader>(responsePayload);
switch (authenticationReplyHeader.Status)
{
case TacacsAuthenticationStatus.Pass:
return(true);
case TacacsAuthenticationStatus.Fail:
return(false);
case TacacsAuthenticationStatus.Error:
var serverMessage =
Encoding.UTF8.GetString(responsePacket.Skip(6 /* Authentication Reply Header Size */)
.Take(authenticationReplyHeader.ServerMessageLength).ToArray());
throw new Exception($"Server responded with an error: {serverMessage}");
default:
throw new Exception($"Unexpected authentication status: {authenticationReplyHeader.Status}");
}
}
