From 883bfd1f46716f4f1a65890329ca4061b250b2fa Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sun, 14 Dec 2014 17:23:37 -0600
Subject: [PATCH] Add support to retrieve e-data

---
 .../proto/kerberos/model/message/krb_error.rb |  13 ++
 .../kerberos/model/message/krb_error_spec.rb  | 193 +++++++++++++++++-
 2 files changed, 205 insertions(+), 1 deletion(-)

diff --git a/lib/rex/proto/kerberos/model/message/krb_error.rb b/lib/rex/proto/kerberos/model/message/krb_error.rb
index 8f6470f9c3..f45f5e512f 100644
--- a/lib/rex/proto/kerberos/model/message/krb_error.rb
+++ b/lib/rex/proto/kerberos/model/message/krb_error.rb
@@ -39,6 +39,9 @@ module Rex
             # @!attribute sname
             #   @return [Rex::Proto::Kerberos::Type::PrincipalName] The name part of the server's identity
             attr_accessor :sname
+            # @!attribute e_data
+            #   @return [String] additional data about the error (ASN.1 encoded data)
+            attr_accessor :e_data
 
             # Decodes the Rex::Proto::Kerberos::Model::Message::KrbError from an input
             #
@@ -102,6 +105,8 @@ module Rex
                   self.realm = decode_realm(val)
                 when 10
                   self.sname = decode_sname(val)
+                when 12
+                  self.e_data = decode_e_data(val)
                 else
                   raise ::RuntimeError, 'Failed to decode KRB-ERROR SEQUENCE'
                 end
@@ -195,6 +200,14 @@ module Rex
             def decode_sname(input)
               Rex::Proto::Kerberos::Model::Type::PrincipalName.decode(input.value[0])
             end
+
+            # Decodes the e_data from an OpenSSL::ASN1::ASN1Data
+            #
+            # @param input [OpenSSL::ASN1::ASN1Data] the input to decode from
+            # @return [String]
+            def decode_e_data(input)
+              input.value[0].value
+            end
           end
         end
       end
diff --git a/spec/lib/rex/proto/kerberos/model/message/krb_error_spec.rb b/spec/lib/rex/proto/kerberos/model/message/krb_error_spec.rb
index 6875254d52..be87c929dc 100644
--- a/spec/lib/rex/proto/kerberos/model/message/krb_error_spec.rb
+++ b/spec/lib/rex/proto/kerberos/model/message/krb_error_spec.rb
@@ -11,6 +11,7 @@ describe Rex::Proto::Kerberos::Model::Message::KrbError do
 
   let(:msg_type) { 30 }
   let(:error_code_generic) { 60 }
+  let(:error_code_pre_auth) { 24 }
 
 =begin
 #<OpenSSL::ASN1::ASN1Data:0x007ff1f7cbc370
@@ -146,8 +147,157 @@ describe Rex::Proto::Kerberos::Model::Message::KrbError do
     "\x62\x74\x67\x74\x1b\x0a\x44\x45\x4d\x4f\x2e\x4c\x4f\x43\x41\x4c"
   end
 
+=begin
+#<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9e7e0
+ @infinite_length=false,
+ @tag=30,
+ @tag_class=:APPLICATION,
+ @value=
+  [#<OpenSSL::ASN1::Sequence:0x007ff1f1c9e998
+    @infinite_length=false,
+    @tag=16,
+    @tag_class=:UNIVERSAL,
+    @tagging=nil,
+    @value=
+     [#<OpenSSL::ASN1::ASN1Data:0x007ff1f1ca0068
+       @infinite_length=false,
+       @tag=0,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::Integer:0x007ff1f1ca0090
+          @infinite_length=false,
+          @tag=2,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=#<OpenSSL::BN:0x007ff1f1ca00e0>>]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9fbe0
+       @infinite_length=false,
+       @tag=1,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::Integer:0x007ff1f1c9fe60
+          @infinite_length=false,
+          @tag=2,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=#<OpenSSL::BN:0x007ff1f1c9fe88>>]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9f988
+       @infinite_length=false,
+       @tag=4,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::GeneralizedTime:0x007ff1f1c9f9b0
+          @infinite_length=false,
+          @tag=24,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=2014-12-14 22:45:22 UTC>]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9f8c0
+       @infinite_length=false,
+       @tag=5,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::Integer:0x007ff1f1c9f910
+          @infinite_length=false,
+          @tag=2,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=#<OpenSSL::BN:0x007ff1f1c9f938>>]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9f578
+       @infinite_length=false,
+       @tag=6,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::Integer:0x007ff1f1c9f708
+          @infinite_length=false,
+          @tag=2,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=#<OpenSSL::BN:0x007ff1f1c9f730>>]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9f4b0
+       @infinite_length=false,
+       @tag=9,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::GeneralString:0x007ff1f1c9f4d8
+          @infinite_length=false,
+          @tag=27,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value="DEMO.LOCAL">]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9eb78
+       @infinite_length=false,
+       @tag=10,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::Sequence:0x007ff1f1c9eba0
+          @infinite_length=false,
+          @tag=16,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=
+           [#<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9f2a8
+             @infinite_length=false,
+             @tag=0,
+             @tag_class=:CONTEXT_SPECIFIC,
+             @value=
+              [#<OpenSSL::ASN1::Integer:0x007ff1f1c9f2f8
+                @infinite_length=false,
+                @tag=2,
+                @tag_class=:UNIVERSAL,
+                @tagging=nil,
+                @value=#<OpenSSL::BN:0x007ff1f1c9f348>>]>,
+            #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9ebf0
+             @infinite_length=false,
+             @tag=1,
+             @tag_class=:CONTEXT_SPECIFIC,
+             @value=
+              [#<OpenSSL::ASN1::Sequence:0x007ff1f1c9ec18
+                @infinite_length=false,
+                @tag=16,
+                @tag_class=:UNIVERSAL,
+                @tagging=nil,
+                @value=
+                 [#<OpenSSL::ASN1::GeneralString:0x007ff1f1c9ef88
+                   @infinite_length=false,
+                   @tag=27,
+                   @tag_class=:UNIVERSAL,
+                   @tagging=nil,
+                   @value="krbtgt">,
+                  #<OpenSSL::ASN1::GeneralString:0x007ff1f1c9ec40
+                   @infinite_length=false,
+                   @tag=27,
+                   @tag_class=:UNIVERSAL,
+                   @tagging=nil,
+                   @value="DEMO.LOCAL">]>]>]>]>,
+      #<OpenSSL::ASN1::ASN1Data:0x007ff1f1c9e9c0
+       @infinite_length=false,
+       @tag=12,
+       @tag_class=:CONTEXT_SPECIFIC,
+       @value=
+        [#<OpenSSL::ASN1::OctetString:0x007ff1f1c9ea10
+          @infinite_length=false,
+          @tag=4,
+          @tag_class=:UNIVERSAL,
+          @tagging=nil,
+          @value=
+           "0,0\x16\xA1\x03\x02\x01\v\xA2\x0F\x04\r0\v0\t\xA0\x03\x02\x01\x17\xA1\x02\x04\x000\x12\xA1\x03\x02\x01\x13\xA2\v\x04\t0\a0\x05\xA0\x03\x02\x01\x17">]>]>]>
+=end
+  let(:pre_auth_failed) do
+    "\x7e\x81\x8d\x30\x81\x8a\xa0\x03\x02\x01\x05\xa1" +
+    "\x03\x02\x01\x1e\xa4\x11\x18\x0f\x32\x30\x31\x34\x31\x32\x31\x34" +
+    "\x32\x32\x34\x35\x32\x32\x5a\xa5\x05\x02\x03\x07\x5a\x47\xa6\x03" +
+    "\x02\x01\x18\xa9\x0c\x1b\x0a\x44\x45\x4d\x4f\x2e\x4c\x4f\x43\x41" +
+    "\x4c\xaa\x1f\x30\x1d\xa0\x03\x02\x01\x01\xa1\x16\x30\x14\x1b\x06" +
+    "\x6b\x72\x62\x74\x67\x74\x1b\x0a\x44\x45\x4d\x4f\x2e\x4c\x4f\x43" +
+    "\x41\x4c\xac\x30\x04\x2e\x30\x2c\x30\x16\xa1\x03\x02\x01\x0b\xa2" +
+    "\x0f\x04\x0d\x30\x0b\x30\x09\xa0\x03\x02\x01\x17\xa1\x02\x04\x00" +
+    "\x30\x12\xa1\x03\x02\x01\x13\xa2\x0b\x04\x09\x30\x07\x30\x05\xa0" +
+    "\x03\x02\x01\x17"
+  end
+
   describe "#decode" do
-    context "generic error" do
+    context "when generic error" do
       it "returns the Rex::Proto::Kerberos::Model::Message::KrbError decoded" do
         expect(krb_error.decode(generic_error)).to eq(krb_error)
       end
@@ -182,5 +332,46 @@ describe Rex::Proto::Kerberos::Model::Message::KrbError do
         expect(krb_error.sname.name_string).to eq(['krbtgt', 'DEMO.LOCAL'])
       end
     end
+
+    context "when pre auth failed error" do
+      it "returns the Rex::Proto::Kerberos::Model::Message::KrbError decoded" do
+        expect(krb_error.decode(pre_auth_failed)).to eq(krb_error)
+      end
+
+      it "decodes msg_type correctly" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.msg_type).to eq(msg_type)
+      end
+
+      it "decodes stime correctly" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.stime.to_s).to eq('2014-12-14 22:45:22 UTC')
+      end
+
+      it "decodes susec correctly" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.susec).to eq(481863)
+      end
+
+      it "decodes error_code correctly" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.error_code).to eq(error_code_pre_auth)
+      end
+
+      it "decodes realm correctly" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.realm).to eq('DEMO.LOCAL')
+      end
+
+      it "decodes sname correctly" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.sname.name_string).to eq(['krbtgt', 'DEMO.LOCAL'])
+      end
+
+      it "retrieves the e-data" do
+        krb_error.decode(pre_auth_failed)
+        expect(krb_error.e_data.length).to eq(46)
+      end
+    end
   end
 end