public PrivilegedAttributeCertificate(KrbAuthorizationData authz, SignatureMode mode = SignatureMode.Kdc) : base(authz?.Type ?? 0, AuthorizationDataType.AdWin2kPac) { var pac = authz.Data; this.pacData = new byte[pac.Length]; this.Mode = mode; pac.CopyTo(this.pacData); using (var stream = new NdrBuffer(pac, align: false)) { var count = stream.ReadInt32LittleEndian(); this.Version = stream.ReadInt32LittleEndian(); if (this.Version != PAC_VERSION) { throw new InvalidDataException($"Unknown PAC Version {this.Version}"); } var errors = new List <PacDecodeError>(); for (var i = 0; i < count; i++) { var type = (PacType)stream.ReadInt32LittleEndian(); var size = stream.ReadInt32LittleEndian(); var offset = stream.ReadInt64LittleEndian(); var pacInfoBuffer = pac.Slice((int)offset, size); int exclusionStart; int exclusionLength; try { this.ParsePacType(type, pacInfoBuffer, out exclusionStart, out exclusionLength); } catch (Exception ex) { errors.Add(new PacDecodeError() { Type = type, Data = pacInfoBuffer, Exception = ex }); throw; } if (exclusionStart > 0 && exclusionLength > 0) { this.pacData.Span.Slice((int)offset + exclusionStart, exclusionLength).Clear(); } } this.DecodingErrors = errors; } }
internal static void Decode <T>(AsnReader reader, out T decoded) where T : KrbAuthorizationDataSequence, new() { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } decoded = new T(); Asn1Tag tag = reader.PeekTag(); AsnReader collectionReader; if (tag.HasSameClassAndValue(Asn1Tag.Sequence)) { // Decode SEQUENCE OF for AuthorizationData { collectionReader = reader.ReadSequence(); var tmpList = new List <KrbAuthorizationData>(); KrbAuthorizationData tmpItem; while (collectionReader.HasData) { KrbAuthorizationData.Decode <KrbAuthorizationData>(collectionReader, out tmpItem); tmpList.Add(tmpItem); } decoded.AuthorizationData = tmpList.ToArray(); } } else { throw new CryptographicException(); } }
public PrivilegedAttributeCertificate(KrbAuthorizationData authz) : base(authz.Type, AuthorizationDataType.AdWin2kPac) { var pac = authz.Data; pacData = MemoryMarshal.AsMemory(pac); var stream = new NdrBuffer(pac, align: false); var count = stream.ReadInt32LittleEndian(); Version = stream.ReadInt32LittleEndian(); if (Version != PAC_VERSION) { throw new InvalidDataException($"Unknown PAC Version {Version}"); } var errors = new List <PacDecodeError>(); for (var i = 0; i < count; i++) { var type = (PacType)stream.ReadInt32LittleEndian(); var size = stream.ReadInt32LittleEndian(); var offset = stream.ReadInt64LittleEndian(); var pacInfoBuffer = pac.Slice((int)offset, size); int exclusionStart; int exclusionLength; try { ParsePacType(type, pacInfoBuffer, out exclusionStart, out exclusionLength); } catch (Exception ex) { errors.Add(new PacDecodeError() { Type = type, Data = pacInfoBuffer, Exception = ex }); throw; } if (exclusionStart > 0 && exclusionLength > 0) { pacData.Span.Slice((int)offset + exclusionStart, exclusionLength).Fill(0); } } DecodingErrors = errors; }
public PrivilegedAttributeCertificate(KrbAuthorizationData authz) : base(authz.Type, AuthorizationDataType.AdWin2kPac) { var pac = authz.Data; Stream = new NdrBinaryStream(pac); pacData = MemoryMarshal.AsMemory(authz.Data); var count = Stream.ReadInt(); var version = Stream.ReadInt(); if (version != PAC_VERSION) { throw new InvalidDataException($"Unknown PAC Version {version}"); } var errors = new List <PacDecodeError>(); for (var i = 0; i < count; i++) { var type = (PacType)Stream.ReadInt(); var size = Stream.ReadInt(); var offset = Stream.ReadLong(); var pacInfoBuffer = pac.Slice((int)offset, size); int exclusionStart = 0; int exclusionLength = 0; try { ParsePacType(type, pacInfoBuffer, out exclusionStart, out exclusionLength); } catch (Exception ex) { errors.Add(new PacDecodeError() { Type = type, Data = pacInfoBuffer, Exception = ex }); } if (exclusionStart > 0 && exclusionLength > 0) { pacData.Span.Slice((int)offset + exclusionStart, exclusionLength).Fill(0); } } DecodingErrors = errors; HasRequiredFields = ServerSignature != null && KdcSignature != null; }
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded) where T : KrbEncTicketPart, new() { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } decoded = new T(); AsnReader sequenceReader = reader.ReadSequence(expectedTag); AsnReader explicitReader; AsnReader collectionReader; explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); if (explicitReader.TryReadPrimitiveBitStringValue(out _, out ReadOnlyMemory <byte> tmpFlags)) { decoded.Flags = (TicketFlags)tmpFlags.AsLong(); } else { decoded.Flags = (TicketFlags)explicitReader.ReadBitString(out _).AsLong(); } explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1)); KrbEncryptionKey.Decode <KrbEncryptionKey>(explicitReader, out decoded.Key); explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2)); decoded.CRealm = explicitReader.ReadCharacterString(UniversalTagNumber.GeneralString); explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3)); KrbPrincipalName.Decode <KrbPrincipalName>(explicitReader, out decoded.CName); explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 4)); KrbTransitedEncoding.Decode <KrbTransitedEncoding>(explicitReader, out decoded.Transited); explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 5)); decoded.AuthTime = explicitReader.ReadGeneralizedTime(); explicitReader.ThrowIfNotEmpty(); if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 6))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 6)); decoded.StartTime = explicitReader.ReadGeneralizedTime(); explicitReader.ThrowIfNotEmpty(); } explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 7)); decoded.EndTime = explicitReader.ReadGeneralizedTime(); explicitReader.ThrowIfNotEmpty(); if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 8))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 8)); decoded.RenewTill = explicitReader.ReadGeneralizedTime(); explicitReader.ThrowIfNotEmpty(); } if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 9))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 9)); // Decode SEQUENCE OF for CAddr { collectionReader = explicitReader.ReadSequence(); var tmpList = new List <KrbHostAddress>(); KrbHostAddress tmpItem; while (collectionReader.HasData) { KrbHostAddress.Decode <KrbHostAddress>(collectionReader, out tmpItem); tmpList.Add(tmpItem); } decoded.CAddr = tmpList.ToArray(); } explicitReader.ThrowIfNotEmpty(); } if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 10))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 10)); // Decode SEQUENCE OF for AuthorizationData { collectionReader = explicitReader.ReadSequence(); var tmpList = new List <KrbAuthorizationData>(); KrbAuthorizationData tmpItem; while (collectionReader.HasData) { KrbAuthorizationData.Decode <KrbAuthorizationData>(collectionReader, out tmpItem); tmpList.Add(tmpItem); } decoded.AuthorizationData = tmpList.ToArray(); } explicitReader.ThrowIfNotEmpty(); } sequenceReader.ThrowIfNotEmpty(); }
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded) where T : KrbAuthenticator, new() { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } decoded = new T(); AsnReader sequenceReader = reader.ReadSequence(expectedTag); AsnReader explicitReader; AsnReader collectionReader; explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); if (!explicitReader.TryReadInt32(out int tmpAuthenticatorVersionNumber)) { explicitReader.ThrowIfNotEmpty(); } decoded.AuthenticatorVersionNumber = tmpAuthenticatorVersionNumber; explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1)); decoded.Realm = explicitReader.ReadCharacterString(UniversalTagNumber.GeneralString); explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2)); KrbPrincipalName.Decode <KrbPrincipalName>(explicitReader, out KrbPrincipalName tmpCName); decoded.CName = tmpCName; explicitReader.ThrowIfNotEmpty(); if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3)); KrbChecksum.Decode <KrbChecksum>(explicitReader, out KrbChecksum tmpChecksum); decoded.Checksum = tmpChecksum; explicitReader.ThrowIfNotEmpty(); } explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 4)); if (!explicitReader.TryReadInt32(out int tmpCuSec)) { explicitReader.ThrowIfNotEmpty(); } decoded.CuSec = tmpCuSec; explicitReader.ThrowIfNotEmpty(); explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 5)); decoded.CTime = explicitReader.ReadGeneralizedTime(); explicitReader.ThrowIfNotEmpty(); if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 6))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 6)); KrbEncryptionKey.Decode <KrbEncryptionKey>(explicitReader, out KrbEncryptionKey tmpSubkey); decoded.Subkey = tmpSubkey; explicitReader.ThrowIfNotEmpty(); } if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 7))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 7)); if (explicitReader.TryReadInt32(out int tmpSequenceNumber)) { decoded.SequenceNumber = tmpSequenceNumber; } else { explicitReader.ThrowIfNotEmpty(); } explicitReader.ThrowIfNotEmpty(); } if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 8))) { explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 8)); // Decode SEQUENCE OF for AuthorizationData { collectionReader = explicitReader.ReadSequence(); var tmpList = new List <KrbAuthorizationData>(); KrbAuthorizationData tmpItem; while (collectionReader.HasData) { KrbAuthorizationData.Decode <KrbAuthorizationData>(collectionReader, out KrbAuthorizationData tmp); tmpItem = tmp; tmpList.Add(tmpItem); } decoded.AuthorizationData = tmpList.ToArray(); } explicitReader.ThrowIfNotEmpty(); } sequenceReader.ThrowIfNotEmpty(); }