Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for loading CCache Version 3 #1106

Merged
merged 2 commits into from
Mar 11, 2022
Merged

Add support for loading CCache Version 3 #1106

merged 2 commits into from
Mar 11, 2022

Conversation

reznok
Copy link
Contributor

@reznok reznok commented Jun 29, 2021

Recently ran into an environment that was using version 3 ccache. The ccache parser was originally written to only support version 4, which has some minor yet important differences. This PR adds support for V3 while taking care to not modify anything that will break existing implementations.

V3 ccaches will essentially be converted into V4 after being loaded. This only addresses the parsing of V3s, it does not add the capability to generate V3s.

The updates made are based off the ccache file format at:
https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html

Quick overview of the changes:

The ccache version is determined by the 2nd byte of data:
ccache_version = data[1]

Ccache V3 does not contain a meta header, so that's skipped over in the ccache init:

else:
      data = data[2:]

Due to differences in their keyblocks, two new CredentialHeader classes were made:
CredentialHeaderV4: The old CredentialHeader, with KeyBlock updated to KeyBlockV4
CredentialHeaderV3: The old CredentialHeader, with KeyBlock updated to KeyBlockV3

Two new KeyBlock classes were made:
KeyBlockV4: The old KeyBlock, no changes
KeyBlockV3: A V3 KeyBlock where the encryption type field is repeated twice (for some reason).

@reznok reznok changed the title Add Support For Loading CCache Version 3 Add support for loading CCache Version 3 Jun 29, 2021
@0xdeaddood 0xdeaddood added the in review This issue or pull request is being analyzed label Feb 7, 2022
martingalloar
martingalloar reviewed Feb 9, 2022
View reviewed changes
Copy link
Contributor

@martingalloar martingalloar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, check the minor comment on versions 1 and 2 to see if make sense!

0xdeaddood pushed a commit to 0xdeaddood/impacket that referenced this pull request Mar 5, 2022
@martingalloar
CCache: Added some unit tests
1c9624c 
- Parsing v3 and v4 ccache files to check fortra#1106 (and not support for v1 and v2)
- Parsing creds from kirbi to check fortra#1254
- Checking fortra#1166 parseFile function
This was referenced Mar 8, 2022
Closed
Merged
@0xdeaddood 0xdeaddood merged commit e844037 into fortra:master Mar 11, 2022
@0xdeaddood
Copy link
Collaborator

Great addition! Thanks @reznok!

@0xdeaddood 0xdeaddood removed the in review This issue or pull request is being analyzed label Mar 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martingalloar martingalloar martingalloar left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@reznok @0xdeaddood @martingalloar