Skip to content

Commit a3001a2

Browse files
tyranidtyranid
committed
Added fallback Kerberos parsing.
1 parent e701acd commit a3001a2

1 file changed

Lines changed: 56 additions & 44 deletions

File tree

NtApiDotNet/Win32/Security/Authentication/Kerberos/KerberosAuthenticationToken.cs

Lines changed: 56 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -74,54 +74,66 @@ internal static bool TryParse(byte[] data, int token_count, bool client, out Ker
7474
try
7575
{
7676
if (!GSSAPIUtils.TryParse(data, out byte[] inner_token, out string oid))
77+
{
78+
// If using DCE style then there's no GSS-API header, try manually parsing.
79+
var values = DERParser.ParseData(data, 0);
80+
if (KerberosAPRequestAuthenticationToken.TryParse(data, values, out token))
81+
return true;
82+
if (KerberosAPReplyAuthenticationToken.TryParse(data, values, out token))
83+
return true;
84+
if (KerberosErrorAuthenticationToken.TryParse(data, values, out token))
85+
return true;
7786
return false;
78-
79-
byte[] tok_id = new byte[] { inner_token[0], inner_token[1] };
80-
var values = DERParser.ParseData(inner_token, 2);
81-
82-
switch (oid)
87+
}
88+
else
8389
{
84-
case OIDValues.KERBEROS:
85-
case OIDValues.KERBEROS_USER_TO_USER:
86-
if (tok_id[0] == 1)
87-
{
88-
if (KerberosAPRequestAuthenticationToken.TryParse(data, values, out token))
89-
return true;
90-
break;
91-
}
92-
if (tok_id[0] == 2)
93-
{
94-
if (KerberosAPReplyAuthenticationToken.TryParse(data, values, out token))
95-
return true;
96-
break;
97-
}
98-
if (tok_id[0] == 3)
99-
{
100-
if (KerberosErrorAuthenticationToken.TryParse(data, values, out token))
101-
return true;
102-
break;
103-
}
104-
if (tok_id[0] != 4)
105-
{
90+
byte[] tok_id = new byte[] { inner_token[0], inner_token[1] };
91+
var values = DERParser.ParseData(inner_token, 2);
92+
93+
switch (oid)
94+
{
95+
case OIDValues.KERBEROS:
96+
case OIDValues.KERBEROS_USER_TO_USER:
97+
if (tok_id[0] == 1)
98+
{
99+
if (KerberosAPRequestAuthenticationToken.TryParse(data, values, out token))
100+
return true;
101+
break;
102+
}
103+
if (tok_id[0] == 2)
104+
{
105+
if (KerberosAPReplyAuthenticationToken.TryParse(data, values, out token))
106+
return true;
107+
break;
108+
}
109+
if (tok_id[0] == 3)
110+
{
111+
if (KerberosErrorAuthenticationToken.TryParse(data, values, out token))
112+
return true;
113+
break;
114+
}
115+
if (tok_id[0] != 4)
116+
{
117+
break;
118+
}
119+
if (tok_id[1] == 0)
120+
{
121+
if (KerberosTGTRequestAuthenticationToken.TryParse(data, values, out token))
122+
return true;
123+
}
124+
if (tok_id[1] == 1)
125+
{
126+
if (KerberosTGTReplyAuthenticationToken.TryParse(data, values, out token))
127+
return true;
128+
}
106129
break;
107-
}
108-
if (tok_id[1] == 0 )
109-
{
110-
if (KerberosTGTRequestAuthenticationToken.TryParse(data, values, out token))
111-
return true;
112-
}
113-
if (tok_id[1] == 1)
114-
{
115-
if (KerberosTGTReplyAuthenticationToken.TryParse(data, values, out token))
116-
return true;
117-
}
118-
break;
119-
default:
120-
return false;
121-
}
130+
default:
131+
return false;
132+
}
122133

123-
token = new KerberosAuthenticationToken(data, values, KerberosMessageType.UNKNOWN);
124-
return true;
134+
token = new KerberosAuthenticationToken(data, values, KerberosMessageType.UNKNOWN);
135+
return true;
136+
}
125137
}
126138
catch (EndOfStreamException)
127139
{

0 commit comments

Comments
 (0)