/src/suricata7/rust/src/kerberos.rs

Source
/* Copyright (C) 2018 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

//! Kerberos parser wrapper module.

use nom7::IResult;
use nom7::error::{ErrorKind, ParseError};
use nom7::number::streaming::le_u16;
use der_parser6;
use der_parser6::der::parse_der_oid;
use der_parser6::error::BerError;
use kerberos_parser::krb5::{ApReq, PrincipalName, Realm};
use kerberos_parser::krb5_parser::parse_ap_req;

#[derive(Debug)]
pub enum SecBlobError {
    NotSpNego,
    KrbFmtError,
    Ber(BerError),
    NomError(ErrorKind),
}

impl From<BerError> for SecBlobError {
    fn from(error: BerError) -> Self {
        SecBlobError::Ber(error)
    }
}

impl<I> ParseError<I> for SecBlobError {
    fn from_error_kind(_input: I, kind: ErrorKind) -> Self {
        SecBlobError::NomError(kind)
    }
    fn append(_input: I, kind: ErrorKind, _other: Self) -> Self {
        SecBlobError::NomError(kind)
    }
}

#[derive(Debug, PartialEq)]
pub struct Kerberos5Ticket {
    pub realm: Realm,
    pub sname: PrincipalName,
}

fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq<'_>, SecBlobError>
{
    let (_,b) = der_parser6::parse_der(blob).map_err(nom7::Err::convert)?;
    let blob = b.as_slice().or(
        Err(nom7::Err::Error(SecBlobError::KrbFmtError))
    )?;
    let parser = |i| {
        let (i, _base_o) = parse_der_oid(i)?;
        let (i, _tok_id) = le_u16(i)?;
        let (i, ap_req) = parse_ap_req(i)?;
        Ok((i, ap_req))
    };
    parser(blob).map_err(nom7::Err::convert)
}

pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket, SecBlobError> {
    let (rem, req) = parse_kerberos5_request_do(blob)?;
    let t = Kerberos5Ticket {
        realm: req.ticket.realm,
        sname: req.ticket.sname,
    };
    return Ok((rem, t));
}

Line	Count	Source
1		/* Copyright (C) 2018 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		//! Kerberos parser wrapper module.
19
20		use nom7::IResult;
21		use nom7::error::{ErrorKind, ParseError};
22		use nom7::number::streaming::le_u16;
23		use der_parser6;
24		use der_parser6::der::parse_der_oid;
25		use der_parser6::error::BerError;
26		use kerberos_parser::krb5::{ApReq, PrincipalName, Realm};
27		use kerberos_parser::krb5_parser::parse_ap_req;
28
29		#[derive(Debug)]
30		pub enum SecBlobError {
31		NotSpNego,
32		KrbFmtError,
33		Ber(BerError),
34		NomError(ErrorKind),
35		}
36
37		impl From<BerError> for SecBlobError {
38	92.0k	fn from(error: BerError) -> Self {
39	92.0k	SecBlobError::Ber(error)
40	92.0k	}
41		}
42
43		impl<I> ParseError<I> for SecBlobError {
44	0	fn from_error_kind(_input: I, kind: ErrorKind) -> Self {
45	0	SecBlobError::NomError(kind)
46	0	}
47	0	fn append(_input: I, kind: ErrorKind, _other: Self) -> Self {
48	0	SecBlobError::NomError(kind)
49	0	}
50		}
51
52		#[derive(Debug, PartialEq)]
53		pub struct Kerberos5Ticket {
54		pub realm: Realm,
55		pub sname: PrincipalName,
56		}
57
58	55.6k	fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq<'_>, SecBlobError>
59		{
60	55.6k	let (_,b) = der_parser6::parse_der(blob).map_err(nom7::Err::convert)?;
61	42.2k	let blob = b.as_slice().or(
62	42.2k	Err(nom7::Err::Error(SecBlobError::KrbFmtError))
63	15.6k	)?;
64	26.6k	let parser = \|i\| {
65	26.6k	let (i, _base_o) = parse_der_oid(i)?;
66	19.9k	let (i, _tok_id) = le_u16(i)?;
67	19.4k	let (i, ap_req) = parse_ap_req(i)?;
68	388	Ok((i, ap_req))
69	26.6k	};
70	26.6k	parser(blob).map_err(nom7::Err::convert)
71	55.6k	}
72
73	55.6k	pub fn parse_kerberos5_request(blob: &[u8]) -> IResult<&[u8], Kerberos5Ticket, SecBlobError> {
74	55.6k	let (rem, req) = parse_kerberos5_request_do(blob)?;
75	388	let t = Kerberos5Ticket {
76	388	realm: req.ticket.realm,
77	388	sname: req.ticket.sname,
78	388	};
79	388	return Ok((rem, t));
80	55.6k	}

Coverage Report

Created: 2026-06-07 07:05