Scott Baker | 2c1c482 | 2019-10-16 11:02:41 -0700 | [diff] [blame] | 1 | package messages |
| 2 | |
| 3 | import ( |
| 4 | "fmt" |
| 5 | "time" |
| 6 | |
| 7 | "github.com/jcmturner/gofork/encoding/asn1" |
| 8 | "gopkg.in/jcmturner/gokrb5.v7/iana/asnAppTag" |
| 9 | "gopkg.in/jcmturner/gokrb5.v7/iana/msgtype" |
| 10 | "gopkg.in/jcmturner/gokrb5.v7/krberror" |
| 11 | "gopkg.in/jcmturner/gokrb5.v7/types" |
| 12 | ) |
| 13 | |
| 14 | /* |
| 15 | KRB-SAFE ::= [APPLICATION 20] SEQUENCE { |
| 16 | pvno [0] INTEGER (5), |
| 17 | msg-type [1] INTEGER (20), |
| 18 | safe-body [2] KRB-SAFE-BODY, |
| 19 | cksum [3] Checksum |
| 20 | } |
| 21 | |
| 22 | KRB-SAFE-BODY ::= SEQUENCE { |
| 23 | user-data [0] OCTET STRING, |
| 24 | timestamp [1] KerberosTime OPTIONAL, |
| 25 | usec [2] Microseconds OPTIONAL, |
| 26 | seq-number [3] UInt32 OPTIONAL, |
| 27 | s-address [4] HostAddress, |
| 28 | r-address [5] HostAddress OPTIONAL |
| 29 | } |
| 30 | */ |
| 31 | |
| 32 | // KRBSafe implements RFC 4120 KRB_SAFE: https://tools.ietf.org/html/rfc4120#section-5.6.1. |
| 33 | type KRBSafe struct { |
| 34 | PVNO int `asn1:"explicit,tag:0"` |
| 35 | MsgType int `asn1:"explicit,tag:1"` |
| 36 | SafeBody KRBSafeBody `asn1:"explicit,tag:2"` |
| 37 | Cksum types.Checksum `asn1:"explicit,tag:3"` |
| 38 | } |
| 39 | |
| 40 | // KRBSafeBody implements the KRB_SAFE_BODY of KRB_SAFE. |
| 41 | type KRBSafeBody struct { |
| 42 | UserData []byte `asn1:"explicit,tag:0"` |
| 43 | Timestamp time.Time `asn1:"generalized,optional,explicit,tag:1"` |
| 44 | Usec int `asn1:"optional,explicit,tag:2"` |
| 45 | SequenceNumber int64 `asn1:"optional,explicit,tag:3"` |
| 46 | SAddress types.HostAddress `asn1:"explicit,tag:4"` |
| 47 | RAddress types.HostAddress `asn1:"optional,explicit,tag:5"` |
| 48 | } |
| 49 | |
| 50 | // Unmarshal bytes b into the KRBSafe struct. |
| 51 | func (s *KRBSafe) Unmarshal(b []byte) error { |
| 52 | _, err := asn1.UnmarshalWithParams(b, s, fmt.Sprintf("application,explicit,tag:%v", asnAppTag.KRBSafe)) |
| 53 | if err != nil { |
| 54 | return processUnmarshalReplyError(b, err) |
| 55 | } |
| 56 | expectedMsgType := msgtype.KRB_SAFE |
| 57 | if s.MsgType != expectedMsgType { |
| 58 | return krberror.NewErrorf(krberror.KRBMsgError, "message ID does not indicate a KRB_SAFE. Expected: %v; Actual: %v", expectedMsgType, s.MsgType) |
| 59 | } |
| 60 | return nil |
| 61 | } |