git.samba.org / metze / wireshark / wip.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Get rid of obsolete references to nettle
[metze/wireshark/wip.git] / epan / dissectors / packet-kerberos.c
1 /* Do not modify this file. Changes will be overwritten.                      */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
3 /* packet-kerberos.c                                                          */
4 /* ../../tools/asn2wrs.py -b -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../../epan/dissectors KerberosV5Spec2.asn k5.asn RFC3244.asn */
5
6 /* Input file: packet-kerberos-template.c */
7
8 #line 1 "../../asn1/kerberos/packet-kerberos-template.c"
9 /* packet-kerberos.c
10  * Routines for Kerberos
11  * Wes Hardaker (c) 2000
12  * wjhardaker@ucdavis.edu
13  * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
14  *                          added AP-REQ and AP-REP dissection
15  *
16  * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
17  *                           decryption of kerberos blobs if keytab is provided
18  *
19  * See RFC 1510, and various I-Ds and other documents showing additions,
20  * e.g. ones listed under
21  *
22  *      http://www.isi.edu/people/bcn/krb-revisions/
23  *
24  * and
25  *
26  *      http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
27  *
28  * and
29  *
30  *      http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-05.txt
31  *
32  * Some structures from RFC2630
33  *
34  * Wireshark - Network traffic analyzer
35  * By Gerald Combs <gerald@wireshark.org>
36  * Copyright 1998 Gerald Combs
37  *
38  * This program is free software; you can redistribute it and/or
39  * modify it under the terms of the GNU General Public License
40  * as published by the Free Software Foundation; either version 2
41  * of the License, or (at your option) any later version.
42  *
43  * This program is distributed in the hope that it will be useful,
44  * but WITHOUT ANY WARRANTY; without even the implied warranty of
45  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
46  * GNU General Public License for more details.
47  *
48  * You should have received a copy of the GNU General Public License
49  * along with this program; if not, write to the Free Software
50  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
51  */
52
53 /*
54  * Some of the development of the Kerberos protocol decoder was sponsored by
55  * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary
56  * CableLabs' specifications. Your license and use of this protocol decoder
57  * does not mean that you are licensed to use the CableLabs'
58  * specifications.  If you have questions about this protocol, contact
59  * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional
60  * information.
61  */
62
63 #include "config.h"
64
65 #include <stdio.h>
66 #include <string.h>
67 #include <glib.h>
68
69 #include <wsutil/file_util.h>
70 #include <epan/packet.h>
71 #include <epan/exceptions.h>
72 #include <epan/strutil.h>
73
74 #include <epan/conversation.h>
75 #include <epan/asn1.h>
76 #include <epan/expert.h>
77 #include <epan/prefs.h>
78 #include <epan/dissectors/packet-kerberos.h>
79 #include <epan/dissectors/packet-netbios.h>
80 #include <epan/dissectors/packet-tcp.h>
81 #include <epan/dissectors/packet-ber.h>
82 #include <epan/dissectors/packet-pkinit.h>
83 #include <epan/dissectors/packet-cms.h>
84 #include <epan/dissectors/packet-windows-common.h>
85
86 #include <epan/dissectors/packet-dcerpc-netlogon.h>
87 #include <epan/dissectors/packet-dcerpc.h>
88
89 #include <epan/dissectors/packet-gssapi.h>
90 #include <epan/dissectors/packet-smb-common.h>
91
92 #define UDP_PORT_KERBEROS               88
93 #define TCP_PORT_KERBEROS               88
94
95 #define ADDRESS_STR_BUFSIZ 256
96
97 typedef struct kerberos_key {
98         guint32 keytype;
99         int keylength;
100         const guint8 *keyvalue;
101 } kerberos_key_t;
102
103 typedef struct {
104         guint32 etype;
105         guint32 padata_type;
106         guint32 enctype;
107         kerberos_key_t key;
108         guint32 ad_type;
109         guint32 addr_type;
110         guint32 checksum_type;
111 } kerberos_private_data_t;
112
113 static dissector_handle_t kerberos_handle_udp;
114
115 /* Forward declarations */
116 static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
117 static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
118 static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
119 static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
120 static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
121 static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
122 static int dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
123
124
125 /* Desegment Kerberos over TCP messages */
126 static gboolean krb_desegment = TRUE;
127
128 static gint proto_kerberos = -1;
129
130 static gint hf_krb_rm_reserved = -1;
131 static gint hf_krb_rm_reclen = -1;
132 static gint hf_krb_provsrv_location = -1;
133 static gint hf_krb_smb_nt_status = -1;
134 static gint hf_krb_smb_unknown = -1;
135 static gint hf_krb_address_ip = -1;
136 static gint hf_krb_address_netbios = -1;
137 static gint hf_krb_address_ipv6 = -1;
138 static gint hf_krb_gssapi_len = -1;
139 static gint hf_krb_gssapi_bnd = -1;
140 static gint hf_krb_gssapi_dlgopt = -1;
141 static gint hf_krb_gssapi_dlglen = -1;
142 static gint hf_krb_gssapi_c_flag_deleg = -1;
143 static gint hf_krb_gssapi_c_flag_mutual = -1;
144 static gint hf_krb_gssapi_c_flag_replay = -1;
145 static gint hf_krb_gssapi_c_flag_sequence = -1;
146 static gint hf_krb_gssapi_c_flag_conf = -1;
147 static gint hf_krb_gssapi_c_flag_integ = -1;
148 static gint hf_krb_gssapi_c_flag_dce_style = -1;
149
150 /*--- Included file: packet-kerberos-hf.c ---*/
151 #line 1 "../../asn1/kerberos/packet-kerberos-hf.c"
152 static int hf_kerberos_ticket = -1;               /* Ticket */
153 static int hf_kerberos_authenticator = -1;        /* Authenticator */
154 static int hf_kerberos_encTicketPart = -1;        /* EncTicketPart */
155 static int hf_kerberos_as_req = -1;               /* AS_REQ */
156 static int hf_kerberos_as_rep = -1;               /* AS_REP */
157 static int hf_kerberos_tgs_req = -1;              /* TGS_REQ */
158 static int hf_kerberos_tgs_rep = -1;              /* TGS_REP */
159 static int hf_kerberos_ap_req = -1;               /* AP_REQ */
160 static int hf_kerberos_ap_rep = -1;               /* AP_REP */
161 static int hf_kerberos_krb_safe = -1;             /* KRB_SAFE */
162 static int hf_kerberos_krb_priv = -1;             /* KRB_PRIV */
163 static int hf_kerberos_krb_cred = -1;             /* KRB_CRED */
164 static int hf_kerberos_encASRepPart = -1;         /* EncASRepPart */
165 static int hf_kerberos_encTGSRepPart = -1;        /* EncTGSRepPart */
166 static int hf_kerberos_encAPRepPart = -1;         /* EncAPRepPart */
167 static int hf_kerberos_encKrbPrivPart = -1;       /* ENC_KRB_PRIV_PART */
168 static int hf_kerberos_encKrbCredPart = -1;       /* EncKrbCredPart */
169 static int hf_kerberos_krb_error = -1;            /* KRB_ERROR */
170 static int hf_kerberos_name_type = -1;            /* NAME_TYPE */
171 static int hf_kerberos_name_string = -1;          /* SEQUENCE_OF_KerberosString */
172 static int hf_kerberos_name_string_item = -1;     /* KerberosString */
173 static int hf_kerberos_addr_type = -1;            /* ADDR_TYPE */
174 static int hf_kerberos_address = -1;              /* T_address */
175 static int hf_kerberos_HostAddresses_item = -1;   /* HostAddress */
176 static int hf_kerberos_AuthorizationData_item = -1;  /* AuthorizationData_item */
177 static int hf_kerberos_ad_type = -1;              /* T_ad_type */
178 static int hf_kerberos_ad_data = -1;              /* T_ad_data */
179 static int hf_kerberos_padata_type = -1;          /* PADATA_TYPE */
180 static int hf_kerberos_padata_value = -1;         /* T_padata_value */
181 static int hf_kerberos_keytype = -1;              /* T_keytype */
182 static int hf_kerberos_keyvalue = -1;             /* T_keyvalue */
183 static int hf_kerberos_cksumtype = -1;            /* CKSUMTYPE */
184 static int hf_kerberos_checksum = -1;             /* T_checksum */
185 static int hf_kerberos_etype = -1;                /* ENCTYPE */
186 static int hf_kerberos_kvno = -1;                 /* UInt32 */
187 static int hf_kerberos_encryptedTicketData_cipher = -1;  /* T_encryptedTicketData_cipher */
188 static int hf_kerberos_encryptedAuthorizationData_cipher = -1;  /* T_encryptedAuthorizationData_cipher */
189 static int hf_kerberos_encryptedKDCREPData_cipher = -1;  /* T_encryptedKDCREPData_cipher */
190 static int hf_kerberos_encryptedAPREPData_cipher = -1;  /* T_encryptedAPREPData_cipher */
191 static int hf_kerberos_encryptedKrbPrivData_cipher = -1;  /* T_encryptedKrbPrivData_cipher */
192 static int hf_kerberos_encryptedKrbCredData_cipher = -1;  /* T_encryptedKrbCredData_cipher */
193 static int hf_kerberos_tkt_vno = -1;              /* INTEGER_5 */
194 static int hf_kerberos_realm = -1;                /* Realm */
195 static int hf_kerberos_sname = -1;                /* PrincipalName */
196 static int hf_kerberos_ticket_enc_part = -1;      /* EncryptedTicketData */
197 static int hf_kerberos_flags = -1;                /* TicketFlags */
198 static int hf_kerberos_key = -1;                  /* EncryptionKey */
199 static int hf_kerberos_crealm = -1;               /* Realm */
200 static int hf_kerberos_cname = -1;                /* PrincipalName */
201 static int hf_kerberos_transited = -1;            /* TransitedEncoding */
202 static int hf_kerberos_authtime = -1;             /* KerberosTime */
203 static int hf_kerberos_starttime = -1;            /* KerberosTime */
204 static int hf_kerberos_endtime = -1;              /* KerberosTime */
205 static int hf_kerberos_renew_till = -1;           /* KerberosTime */
206 static int hf_kerberos_caddr = -1;                /* HostAddresses */
207 static int hf_kerberos_authorization_data = -1;   /* AuthorizationData */
208 static int hf_kerberos_tr_type = -1;              /* Int32 */
209 static int hf_kerberos_contents = -1;             /* OCTET_STRING */
210 static int hf_kerberos_pvno = -1;                 /* INTEGER_5 */
211 static int hf_kerberos_msg_type = -1;             /* MESSAGE_TYPE */
212 static int hf_kerberos_padata = -1;               /* SEQUENCE_OF_PA_DATA */
213 static int hf_kerberos_padata_item = -1;          /* PA_DATA */
214 static int hf_kerberos_req_body = -1;             /* KDC_REQ_BODY */
215 static int hf_kerberos_kdc_options = -1;          /* KDCOptions */
216 static int hf_kerberos_from = -1;                 /* KerberosTime */
217 static int hf_kerberos_till = -1;                 /* KerberosTime */
218 static int hf_kerberos_rtime = -1;                /* KerberosTime */
219 static int hf_kerberos_nonce = -1;                /* UInt32 */
220 static int hf_kerberos_kDC_REQ_BODY_etype = -1;   /* SEQUENCE_OF_ENCTYPE */
221 static int hf_kerberos_kDC_REQ_BODY_etype_item = -1;  /* ENCTYPE */
222 static int hf_kerberos_addresses = -1;            /* HostAddresses */
223 static int hf_kerberos_enc_authorization_data = -1;  /* EncryptedAuthorizationData */
224 static int hf_kerberos_additional_tickets = -1;   /* SEQUENCE_OF_Ticket */
225 static int hf_kerberos_additional_tickets_item = -1;  /* Ticket */
226 static int hf_kerberos_kDC_REP_enc_part = -1;     /* EncryptedKDCREPData */
227 static int hf_kerberos_last_req = -1;             /* LastReq */
228 static int hf_kerberos_key_expiration = -1;       /* KerberosTime */
229 static int hf_kerberos_srealm = -1;               /* Realm */
230 static int hf_kerberos_encrypted_pa_data = -1;    /* METHOD_DATA */
231 static int hf_kerberos_LastReq_item = -1;         /* LastReq_item */
232 static int hf_kerberos_lr_type = -1;              /* LR_TYPE */
233 static int hf_kerberos_lr_value = -1;             /* KerberosTime */
234 static int hf_kerberos_ap_options = -1;           /* APOptions */
235 static int hf_kerberos_authenticator_01 = -1;     /* EncryptedAuthorizationData */
236 static int hf_kerberos_authenticator_vno = -1;    /* INTEGER_5 */
237 static int hf_kerberos_cksum = -1;                /* Checksum */
238 static int hf_kerberos_cusec = -1;                /* Microseconds */
239 static int hf_kerberos_ctime = -1;                /* KerberosTime */
240 static int hf_kerberos_subkey = -1;               /* EncryptionKey */
241 static int hf_kerberos_seq_number = -1;           /* UInt32 */
242 static int hf_kerberos_aP_REP_enc_part = -1;      /* EncryptedAPREPData */
243 static int hf_kerberos_safe_body = -1;            /* KRB_SAFE_BODY */
244 static int hf_kerberos_kRB_SAFE_BODY_user_data = -1;  /* T_kRB_SAFE_BODY_user_data */
245 static int hf_kerberos_timestamp = -1;            /* KerberosTime */
246 static int hf_kerberos_usec = -1;                 /* Microseconds */
247 static int hf_kerberos_s_address = -1;            /* HostAddress */
248 static int hf_kerberos_r_address = -1;            /* HostAddress */
249 static int hf_kerberos_kRB_PRIV_enc_part = -1;    /* EncryptedKrbPrivData */
250 static int hf_kerberos_encKrbPrivPart_user_data = -1;  /* T_encKrbPrivPart_user_data */
251 static int hf_kerberos_tickets = -1;              /* SEQUENCE_OF_Ticket */
252 static int hf_kerberos_tickets_item = -1;         /* Ticket */
253 static int hf_kerberos_kRB_CRED_enc_part = -1;    /* EncryptedKrbCredData */
254 static int hf_kerberos_ticket_info = -1;          /* SEQUENCE_OF_KrbCredInfo */
255 static int hf_kerberos_ticket_info_item = -1;     /* KrbCredInfo */
256 static int hf_kerberos_prealm = -1;               /* Realm */
257 static int hf_kerberos_pname = -1;                /* PrincipalName */
258 static int hf_kerberos_stime = -1;                /* KerberosTime */
259 static int hf_kerberos_susec = -1;                /* Microseconds */
260 static int hf_kerberos_error_code = -1;           /* ERROR_CODE */
261 static int hf_kerberos_e_text = -1;               /* KerberosString */
262 static int hf_kerberos_e_data = -1;               /* T_e_data */
263 static int hf_kerberos_e_checksum = -1;           /* Checksum */
264 static int hf_kerberos_METHOD_DATA_item = -1;     /* PA_DATA */
265 static int hf_kerberos_pA_ENC_TIMESTAMP_cipher = -1;  /* T_pA_ENC_TIMESTAMP_cipher */
266 static int hf_kerberos_salt = -1;                 /* OCTET_STRING */
267 static int hf_kerberos_ETYPE_INFO_item = -1;      /* ETYPE_INFO_ENTRY */
268 static int hf_kerberos_salt_01 = -1;              /* KerberosString */
269 static int hf_kerberos_s2kparams = -1;            /* OCTET_STRING */
270 static int hf_kerberos_ETYPE_INFO2_item = -1;     /* ETYPE_INFO2_ENTRY */
271 static int hf_kerberos_name = -1;                 /* PrincipalName */
272 static int hf_kerberos_auth = -1;                 /* GeneralString */
273 static int hf_kerberos_include_pac = -1;          /* BOOLEAN */
274 static int hf_kerberos_newpasswd = -1;            /* OCTET_STRING */
275 static int hf_kerberos_targname = -1;             /* PrincipalName */
276 static int hf_kerberos_targrealm = -1;            /* Realm */
277 /* named bits */
278 static int hf_kerberos_APOptions_reserved = -1;
279 static int hf_kerberos_APOptions_use_session_key = -1;
280 static int hf_kerberos_APOptions_mutual_required = -1;
281 static int hf_kerberos_TicketFlags_reserved = -1;
282 static int hf_kerberos_TicketFlags_forwardable = -1;
283 static int hf_kerberos_TicketFlags_forwarded = -1;
284 static int hf_kerberos_TicketFlags_proxiable = -1;
285 static int hf_kerberos_TicketFlags_proxy = -1;
286 static int hf_kerberos_TicketFlags_may_postdate = -1;
287 static int hf_kerberos_TicketFlags_postdated = -1;
288 static int hf_kerberos_TicketFlags_invalid = -1;
289 static int hf_kerberos_TicketFlags_renewable = -1;
290 static int hf_kerberos_TicketFlags_initial = -1;
291 static int hf_kerberos_TicketFlags_pre_authent = -1;
292 static int hf_kerberos_TicketFlags_hw_authent = -1;
293 static int hf_kerberos_TicketFlags_transited_policy_checked = -1;
294 static int hf_kerberos_TicketFlags_ok_as_delegate = -1;
295 static int hf_kerberos_TicketFlags_anonymous = -1;
296 static int hf_kerberos_KDCOptions_reserved = -1;
297 static int hf_kerberos_KDCOptions_forwardable = -1;
298 static int hf_kerberos_KDCOptions_forwarded = -1;
299 static int hf_kerberos_KDCOptions_proxiable = -1;
300 static int hf_kerberos_KDCOptions_proxy = -1;
301 static int hf_kerberos_KDCOptions_allow_postdate = -1;
302 static int hf_kerberos_KDCOptions_postdated = -1;
303 static int hf_kerberos_KDCOptions_unused7 = -1;
304 static int hf_kerberos_KDCOptions_renewable = -1;
305 static int hf_kerberos_KDCOptions_unused9 = -1;
306 static int hf_kerberos_KDCOptions_unused10 = -1;
307 static int hf_kerberos_KDCOptions_opt_hardware_auth = -1;
308 static int hf_kerberos_KDCOptions_request_anonymous = -1;
309 static int hf_kerberos_KDCOptions_canonicalize = -1;
310 static int hf_kerberos_KDCOptions_constrained_delegation = -1;
311 static int hf_kerberos_KDCOptions_disable_transited_check = -1;
312 static int hf_kerberos_KDCOptions_renewable_ok = -1;
313 static int hf_kerberos_KDCOptions_enc_tkt_in_skey = -1;
314 static int hf_kerberos_KDCOptions_renew = -1;
315 static int hf_kerberos_KDCOptions_validate = -1;
316
317 /*--- End of included file: packet-kerberos-hf.c ---*/
318 #line 142 "../../asn1/kerberos/packet-kerberos-template.c"
319
320 /* Initialize the subtree pointers */
321 static gint ett_kerberos = -1;
322 static gint ett_krb_recordmark = -1;
323
324
325 /*--- Included file: packet-kerberos-ett.c ---*/
326 #line 1 "../../asn1/kerberos/packet-kerberos-ett.c"
327 static gint ett_kerberos_Applications = -1;
328 static gint ett_kerberos_PrincipalName = -1;
329 static gint ett_kerberos_SEQUENCE_OF_KerberosString = -1;
330 static gint ett_kerberos_HostAddress = -1;
331 static gint ett_kerberos_HostAddresses = -1;
332 static gint ett_kerberos_AuthorizationData = -1;
333 static gint ett_kerberos_AuthorizationData_item = -1;
334 static gint ett_kerberos_PA_DATA = -1;
335 static gint ett_kerberos_EncryptionKey = -1;
336 static gint ett_kerberos_Checksum = -1;
337 static gint ett_kerberos_EncryptedTicketData = -1;
338 static gint ett_kerberos_EncryptedAuthorizationData = -1;
339 static gint ett_kerberos_EncryptedKDCREPData = -1;
340 static gint ett_kerberos_EncryptedAPREPData = -1;
341 static gint ett_kerberos_EncryptedKrbPrivData = -1;
342 static gint ett_kerberos_EncryptedKrbCredData = -1;
343 static gint ett_kerberos_Ticket_U = -1;
344 static gint ett_kerberos_EncTicketPart_U = -1;
345 static gint ett_kerberos_TransitedEncoding = -1;
346 static gint ett_kerberos_KDC_REQ = -1;
347 static gint ett_kerberos_SEQUENCE_OF_PA_DATA = -1;
348 static gint ett_kerberos_KDC_REQ_BODY = -1;
349 static gint ett_kerberos_SEQUENCE_OF_ENCTYPE = -1;
350 static gint ett_kerberos_SEQUENCE_OF_Ticket = -1;
351 static gint ett_kerberos_KDC_REP = -1;
352 static gint ett_kerberos_EncKDCRepPart = -1;
353 static gint ett_kerberos_LastReq = -1;
354 static gint ett_kerberos_LastReq_item = -1;
355 static gint ett_kerberos_AP_REQ_U = -1;
356 static gint ett_kerberos_Authenticator_U = -1;
357 static gint ett_kerberos_AP_REP_U = -1;
358 static gint ett_kerberos_EncAPRepPart_U = -1;
359 static gint ett_kerberos_KRB_SAFE_U = -1;
360 static gint ett_kerberos_KRB_SAFE_BODY = -1;
361 static gint ett_kerberos_KRB_PRIV_U = -1;
362 static gint ett_kerberos_EncKrbPrivPart = -1;
363 static gint ett_kerberos_KRB_CRED_U = -1;
364 static gint ett_kerberos_EncKrbCredPart_U = -1;
365 static gint ett_kerberos_SEQUENCE_OF_KrbCredInfo = -1;
366 static gint ett_kerberos_KrbCredInfo = -1;
367 static gint ett_kerberos_KRB_ERROR_U = -1;
368 static gint ett_kerberos_METHOD_DATA = -1;
369 static gint ett_kerberos_PA_ENC_TIMESTAMP = -1;
370 static gint ett_kerberos_ETYPE_INFO_ENTRY = -1;
371 static gint ett_kerberos_ETYPE_INFO = -1;
372 static gint ett_kerberos_ETYPE_INFO2_ENTRY = -1;
373 static gint ett_kerberos_ETYPE_INFO2 = -1;
374 static gint ett_kerberos_APOptions = -1;
375 static gint ett_kerberos_TicketFlags = -1;
376 static gint ett_kerberos_KDCOptions = -1;
377 static gint ett_kerberos_PA_S4U2Self = -1;
378 static gint ett_kerberos_KERB_PA_PAC_REQUEST = -1;
379 static gint ett_kerberos_ChangePasswdData = -1;
380
381 /*--- End of included file: packet-kerberos-ett.c ---*/
382 #line 148 "../../asn1/kerberos/packet-kerberos-template.c"
383
384 static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
385
386 static dissector_handle_t krb4_handle=NULL;
387
388 /* Global variables */
389 static guint32 krb5_errorcode;
390 static guint32 gbl_keytype;
391 static gboolean gbl_do_col_info;
392
393
394 /*--- Included file: packet-kerberos-val.h ---*/
395 #line 1 "../../asn1/kerberos/packet-kerberos-val.h"
396 #define id_krb5                        "1.3.6.1.5.2"
397
398 /* enumerated values for ADDR_TYPE */
399 #define KERBEROS_ADDR_TYPE_IPV4   2
400 #define KERBEROS_ADDR_TYPE_CHAOS   5
401 #define KERBEROS_ADDR_TYPE_XEROX   6
402 #define KERBEROS_ADDR_TYPE_ISO   7
403 #define KERBEROS_ADDR_TYPE_DECNET  12
404 #define KERBEROS_ADDR_TYPE_APPLETALK  16
405 #define KERBEROS_ADDR_TYPE_NETBIOS  20
406 #define KERBEROS_ADDR_TYPE_IPV6  24
407
408 /*--- End of included file: packet-kerberos-val.h ---*/
409 #line 159 "../../asn1/kerberos/packet-kerberos-template.c"
410
411 static void
412 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
413 {
414         if(!cb){
415                 return;
416         }
417
418         while(cb->tag){
419                 if(cb->tag==tag){
420                         cb->callback(pinfo, tvb, tree);
421                         return;
422                 }
423                 cb++;
424         }
425         return;
426 }
427
428 static kerberos_private_data_t*
429 kerberos_get_private_data(asn1_ctx_t *actx)
430 {
431         if (!actx->private_data) {
432                 actx->private_data = wmem_new0(wmem_packet_scope(), kerberos_private_data_t);
433         }
434         return (kerberos_private_data_t *)(actx->private_data);
435 }
436
437 #ifdef HAVE_KERBEROS
438
439 /* Decrypt Kerberos blobs */
440 gboolean krb_decrypt = FALSE;
441
442 /* keytab filename */
443 static const char *keytab_filename = "";
444
445 WS_DLL_PUBLIC
446 void read_keytab_file(const char *);
447
448 void
449 read_keytab_file_from_preferences(void)
450 {
451         static char *last_keytab = NULL;
452
453         if (!krb_decrypt) {
454                 return;
455         }
456
457         if (keytab_filename == NULL) {
458                 return;
459         }
460
461         if (last_keytab && !strcmp(last_keytab, keytab_filename)) {
462                 return;
463         }
464
465         if (last_keytab != NULL) {
466                 g_free(last_keytab);
467                 last_keytab = NULL;
468         }
469         last_keytab = g_strdup(keytab_filename);
470
471         read_keytab_file(last_keytab);
472 }
473
474 #elif defined(_WIN32)
475
476 /*
477  * Dummy version to allow us to export this function -- even
478  * on systems without KERBEROS.
479  */
480 void
481 read_keytab_file_from_preferences(void)
482 {
483 }
484
485 #endif
486
487 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
488 #ifdef _WIN32
489 /* prevent redefinition warnings in kfw-2.5\inc\win_mac.h */
490 #undef HAVE_STDARG_H
491 #undef HAVE_SYS_TYPES_H
492 #endif
493 #include <krb5.h>
494 enc_key_t *enc_key_list=NULL;
495
496 static void
497 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
498 {
499         enc_key_t *new_key;
500
501         if(pinfo->fd->flags.visited){
502                 return;
503         }
504 printf("added key in %u    keytype:%d len:%d\n",pinfo->fd->num, keytype, keylength);
505
506         new_key=(enc_key_t *)g_malloc(sizeof(enc_key_t));
507         g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u",origin,pinfo->fd->num);
508         new_key->fd_num = pinfo->fd->num;
509         new_key->next=enc_key_list;
510         enc_key_list=new_key;
511         new_key->keytype=keytype;
512         new_key->keylength=keylength;
513         /*XXX this needs to be freed later */
514         new_key->keyvalue=(char *)g_memdup(keyvalue, keylength);
515 }
516 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
517
518 #if defined(_WIN32) && !defined(HAVE_HEIMDAL_KERBEROS) && !defined(HAVE_MIT_KERBEROS) && !defined(HAVE_LIBNETTLE)
519 void
520 read_keytab_file(const char *filename _U_)
521 {
522 }
523 #endif
524
525 #ifdef HAVE_MIT_KERBEROS
526
527 static krb5_context krb5_ctx;
528
529 void
530 read_keytab_file(const char *filename)
531 {
532         krb5_keytab keytab;
533         krb5_error_code ret;
534         krb5_keytab_entry key;
535         krb5_kt_cursor cursor;
536         enc_key_t *new_key;
537         static gboolean first_time=TRUE;
538
539         if (filename == NULL || filename[0] == 0) {
540                 return;
541         }
542
543         if(first_time){
544                 first_time=FALSE;
545                 ret = krb5_init_context(&krb5_ctx);
546                 if(ret && ret != KRB5_CONFIG_CANTOPEN){
547                         return;
548                 }
549         }
550
551         /* should use a file in the wireshark users dir */
552         ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
553         if(ret){
554                 fprintf(stderr, "KERBEROS ERROR: Badly formatted keytab filename :%s\n",filename);
555
556                 return;
557         }
558
559         ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
560         if(ret){
561                 fprintf(stderr, "KERBEROS ERROR: Could not open or could not read from keytab file :%s\n",filename);
562                 return;
563         }
564
565         do{
566                 new_key=(enc_key_t *)g_malloc(sizeof(enc_key_t));
567                 new_key->fd_num = -1;
568                 new_key->next=enc_key_list;
569                 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
570                 if(ret==0){
571                         int i;
572                         char *pos;
573
574                         /* generate origin string, describing where this key came from */
575                         pos=new_key->key_origin;
576                         pos+=MIN(KRB_MAX_ORIG_LEN,
577                                          g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
578                         for(i=0;i<key.principal->length;i++){
579                                 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
580                                                  g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data));
581                         }
582                         pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
583                                          g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data));
584                         *pos=0;
585 /*printf("added key for principal :%s\n", new_key->key_origin);*/
586                         new_key->keytype=key.key.enctype;
587                         new_key->keylength=key.key.length;
588                         new_key->keyvalue=(char *)g_memdup(key.key.contents, key.key.length);
589                         enc_key_list=new_key;
590                 }
591         }while(ret==0);
592
593         ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
594         if(ret){
595                 krb5_kt_close(krb5_ctx, keytab);
596         }
597
598 }
599
600
601 guint8 *
602 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
603                                         int usage,
604                                         tvbuff_t *cryptotvb,
605                                         int keytype,
606                                         int *datalen)
607 {
608         krb5_error_code ret;
609         enc_key_t *ek;
610         krb5_data data = {0,0,NULL};
611         krb5_keytab_entry key;
612         int length = tvb_captured_length(cryptotvb);
613         const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
614
615         /* don't do anything if we are not attempting to decrypt data */
616         if(!krb_decrypt || length < 1){
617                 return NULL;
618         }
619
620         /* make sure we have all the data we need */
621         if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
622                 return NULL;
623         }
624
625         read_keytab_file_from_preferences();
626         data.data = (char *)g_malloc(length);
627         data.length = length;
628
629         for(ek=enc_key_list;ek;ek=ek->next){
630                 krb5_enc_data input;
631
632                 /* shortcircuit and bail out if enctypes are not matching */
633                 if((keytype != -1) && (ek->keytype != keytype)) {
634                         continue;
635                 }
636
637                 input.enctype = ek->keytype;
638                 input.ciphertext.length = length;
639                 input.ciphertext.data = (guint8 *)cryptotext;
640
641                 key.key.enctype=ek->keytype;
642                 key.key.length=ek->keylength;
643                 key.key.contents=ek->keyvalue;
644                 ret = krb5_c_decrypt(krb5_ctx, &(key.key), usage, 0, &input, &data);
645                 if(ret == 0){
646                         char *user_data;
647
648                         expert_add_info_format(pinfo, NULL, &ei_kerberos_decrypted_keytype,
649                                                                    "Decrypted keytype %d in frame %u using %s",
650                                                                    ek->keytype, pinfo->fd->num, ek->key_origin);
651
652                         proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
653                         /* return a private g_malloced blob to the caller */
654                         user_data=data.data;
655                         if (datalen) {
656                                 *datalen = data.length;
657                         }
658                         return user_data;
659                 }
660         }
661         g_free(data.data);
662
663         return NULL;
664 }
665
666 #elif defined(HAVE_HEIMDAL_KERBEROS)
667 static krb5_context krb5_ctx;
668
669 void
670 read_keytab_file(const char *filename)
671 {
672         krb5_keytab keytab;
673         krb5_error_code ret;
674         krb5_keytab_entry key;
675         krb5_kt_cursor cursor;
676         enc_key_t *new_key;
677         static gboolean first_time=TRUE;
678
679         if (filename == NULL || filename[0] == 0) {
680                 return;
681         }
682
683         if(first_time){
684                 first_time=FALSE;
685                 ret = krb5_init_context(&krb5_ctx);
686                 if(ret){
687                         return;
688                 }
689         }
690
691         /* should use a file in the wireshark users dir */
692         ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
693         if(ret){
694                 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
695
696                 return;
697         }
698
699         ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
700         if(ret){
701                 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
702                 return;
703         }
704
705         do{
706                 new_key=g_malloc(sizeof(enc_key_t));
707                 new_key->fd_num = -1;
708                 new_key->next=enc_key_list;
709                 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
710                 if(ret==0){
711                         unsigned int i;
712                         char *pos;
713
714                         /* generate origin string, describing where this key came from */
715                         pos=new_key->key_origin;
716                         pos+=MIN(KRB_MAX_ORIG_LEN,
717                                          g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
718                         for(i=0;i<key.principal->name.name_string.len;i++){
719                                 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
720                                                  g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]));
721                         }
722                         pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
723                                          g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm));
724                         *pos=0;
725                         new_key->keytype=key.keyblock.keytype;
726                         new_key->keylength=key.keyblock.keyvalue.length;
727                         new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length);
728                         enc_key_list=new_key;
729                 }
730         }while(ret==0);
731
732         ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
733         if(ret){
734                 krb5_kt_close(krb5_ctx, keytab);
735         }
736
737 }
738
739
740 guint8 *
741 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
742                                         int usage,
743                                         tvbuff_t *cryptotvb,
744                                         int keytype,
745                                         int *datalen)
746 {
747         krb5_error_code ret;
748         krb5_data data;
749         enc_key_t *ek;
750         int length = tvb_captured_length(cryptotvb);
751         const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
752
753         /* don't do anything if we are not attempting to decrypt data */
754         if(!krb_decrypt){
755                 return NULL;
756         }
757
758         /* make sure we have all the data we need */
759         if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
760                 return NULL;
761         }
762
763         read_keytab_file_from_preferences();
764
765         for(ek=enc_key_list;ek;ek=ek->next){
766                 krb5_keytab_entry key;
767                 krb5_crypto crypto;
768                 guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
769
770                 /* shortcircuit and bail out if enctypes are not matching */
771                 if((keytype != -1) && (ek->keytype != keytype)) {
772                         continue;
773                 }
774
775                 key.keyblock.keytype=ek->keytype;
776                 key.keyblock.keyvalue.length=ek->keylength;
777                 key.keyblock.keyvalue.data=ek->keyvalue;
778                 ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), 0, &crypto);
779                 if(ret){
780                         return NULL;
781                 }
782
783                 /* pre-0.6.1 versions of Heimdal would sometimes change
784                    the cryptotext data even when the decryption failed.
785                    This would obviously not work since we iterate over the
786                    keys. So just give it a copy of the crypto data instead.
787                    This has been seen for RC4-HMAC blobs.
788                 */
789                 cryptocopy=g_memdup(cryptotext, length);
790                 ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage,
791                                                                 cryptocopy, length,
792                                                                 &data,
793                                                                 NULL);
794                 g_free(cryptocopy);
795                 if((ret == 0) && (length>0)){
796                         char *user_data;
797
798 printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num);
799                         proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
800                         krb5_crypto_destroy(krb5_ctx, crypto);
801                         /* return a private g_malloced blob to the caller */
802                         user_data=g_memdup(data.data, data.length);
803                         if (datalen) {
804                                 *datalen = data.length;
805                         }
806                         return user_data;
807                 }
808                 krb5_crypto_destroy(krb5_ctx, crypto);
809         }
810         return NULL;
811 }
812
813 #elif defined (HAVE_LIBNETTLE)
814
815 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
816 #define KEYTYPE_DES3_CBC_MD5 5  /* Currently the only one supported */
817
818 typedef struct _service_key_t {
819         guint16 kvno;
820         int     keytype;
821         int     length;
822         guint8 *contents;
823         char    origin[KRB_MAX_ORIG_LEN+1];
824 } service_key_t;
825 GSList *service_key_list = NULL;
826
827
828 static void
829 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
830 {
831         service_key_t *new_key;
832
833         if(pinfo->fd->flags.visited){
834                 return;
835         }
836 printf("added key in %u\n",pinfo->fd->num);
837
838         new_key = g_malloc(sizeof(service_key_t));
839         new_key->kvno = 0;
840         new_key->keytype = keytype;
841         new_key->length = keylength;
842         new_key->contents = g_memdup(keyvalue, keylength);
843         g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->fd->num);
844         service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
845 }
846
847 static void
848 clear_keytab(void) {
849         GSList *ske;
850         service_key_t *sk;
851
852         for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
853                 sk = (service_key_t *) ske->data;
854                 if (sk) {
855                                         g_free(sk->contents);
856                                         g_free(sk);
857                                 }
858         }
859         g_slist_free(service_key_list);
860         service_key_list = NULL;
861 }
862
863 static void
864 read_keytab_file(const char *service_key_file)
865 {
866         FILE *skf;
867         ws_statb64 st;
868         service_key_t *sk;
869         unsigned char buf[SERVICE_KEY_SIZE];
870         int newline_skip = 0, count = 0;
871
872         if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) {
873
874                 /* The service key file contains raw 192-bit (24 byte) 3DES keys.
875                  * There can be zero, one (\n), or two (\r\n) characters between
876                  * keys.  Trailing characters are ignored.
877                  */
878
879                 /* XXX We should support the standard keytab format instead */
880                 if (st.st_size > SERVICE_KEY_SIZE) {
881                         if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) ||
882                                  (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) {
883                                 newline_skip = 1;
884                         } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) ||
885                                  (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) {
886                                 newline_skip = 2;
887                         }
888                 }
889
890                 skf = ws_fopen(service_key_file, "rb");
891                 if (! skf) return;
892
893                 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
894                         sk = g_malloc(sizeof(service_key_t));
895                         sk->kvno = buf[0] << 8 | buf[1];
896                         sk->keytype = KEYTYPE_DES3_CBC_MD5;
897                         sk->length = DES3_KEY_SIZE;
898                         sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
899                         g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
900                         service_key_list = g_slist_append(service_key_list, (gpointer) sk);
901                         fseek(skf, newline_skip, SEEK_CUR);
902                         count++;
903 g_warning("added key: %s", sk->origin);
904                 }
905                 fclose(skf);
906         }
907 }
908
909 #define CONFOUNDER_PLUS_CHECKSUM 24
910
911 guint8 *
912 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
913                                         int _U_ usage,
914                                         tvbuff_t *cryptotvb,
915                                         int keytype,
916                                         int *datalen)
917 {
918         tvbuff_t *encr_tvb;
919         guint8 *decrypted_data = NULL, *plaintext = NULL;
920         guint8 cls;
921         gboolean pc;
922         guint32 tag, item_len, data_len;
923         int id_offset, offset;
924         guint8 key[DES3_KEY_SIZE];
925         guint8 initial_vector[DES_BLOCK_SIZE];
926         md5_state_t md5s;
927         md5_byte_t digest[16];
928         md5_byte_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
929         md5_byte_t confounder[8];
930         gboolean ind;
931         GSList *ske;
932         service_key_t *sk;
933         struct des3_ctx ctx;
934         int length = tvb_captured_length(cryptotvb);
935         const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
936
937
938         /* don't do anything if we are not attempting to decrypt data */
939         if(!krb_decrypt){
940                 return NULL;
941         }
942
943         /* make sure we have all the data we need */
944         if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
945                 return NULL;
946         }
947
948         if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
949                 return NULL;
950         }
951
952         decrypted_data = g_malloc(length);
953         for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
954                 gboolean do_continue = FALSE;
955                 sk = (service_key_t *) ske->data;
956
957                 des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
958
959                 md5_init(&md5s);
960                 memset(initial_vector, 0, DES_BLOCK_SIZE);
961                 des3_set_key(&ctx, key);
962                 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
963                                         length, decrypted_data, cryptotext);
964                 encr_tvb = tvb_new_real_data(decrypted_data, length, length);
965
966                 tvb_memcpy(encr_tvb, confounder, 0, 8);
967
968                 /* We have to pull the decrypted data length from the decrypted
969                  * content.  If the key doesn't match or we otherwise get garbage,
970                  * an exception may get thrown while decoding the ASN.1 header.
971                  * Catch it, just in case.
972                  */
973                 TRY {
974                         id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
975                         offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind);
976                 }
977                 CATCH_BOUNDS_ERRORS {
978                         tvb_free(encr_tvb);
979                         do_continue = TRUE;
980                 }
981                 ENDTRY;
982
983                 if (do_continue) continue;
984
985                 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM;
986                 if ((int) item_len + offset > length) {
987                         tvb_free(encr_tvb);
988                         continue;
989                 }
990
991                 md5_append(&md5s, confounder, 8);
992                 md5_append(&md5s, zero_fill, 16);
993                 md5_append(&md5s, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
994                 md5_finish(&md5s, digest);
995
996                 if (tvb_memeql (encr_tvb, 8, digest, 16) == 0) {
997 g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
998                         plaintext = g_malloc(data_len);
999                         tvb_memcpy(encr_tvb, plaintext, CONFOUNDER_PLUS_CHECKSUM, data_len);
1000                         tvb_free(encr_tvb);
1001
1002                         if (datalen) {
1003                                 *datalen = data_len;
1004                         }
1005                         g_free(decrypted_data);
1006                         return(plaintext);
1007                 }
1008                 tvb_free(encr_tvb);
1009         }
1010
1011         g_free(decrypted_data);
1012         return NULL;
1013 }
1014
1015 #endif  /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
1016
1017 #define INET6_ADDRLEN   16
1018
1019 /* TCP Record Mark */
1020 #define KRB_RM_RESERVED 0x80000000U
1021 #define KRB_RM_RECLEN   0x7fffffffU
1022
1023 #define KRB5_MSG_TICKET                 1       /* Ticket */
1024 #define KRB5_MSG_AUTHENTICATOR          2       /* Authenticator */
1025 #define KRB5_MSG_ENC_TICKET_PART        3       /* EncTicketPart */
1026 #define KRB5_MSG_AS_REQ                 10      /* AS-REQ type */
1027 #define KRB5_MSG_AS_REP                 11      /* AS-REP type */
1028 #define KRB5_MSG_TGS_REQ                12      /* TGS-REQ type */
1029 #define KRB5_MSG_TGS_REP                13      /* TGS-REP type */
1030 #define KRB5_MSG_AP_REQ                 14      /* AP-REQ type */
1031 #define KRB5_MSG_AP_REP                 15      /* AP-REP type */
1032
1033 #define KRB5_MSG_SAFE                   20      /* KRB-SAFE type */
1034 #define KRB5_MSG_PRIV                   21      /* KRB-PRIV type */
1035 #define KRB5_MSG_CRED                   22      /* KRB-CRED type */
1036 #define KRB5_MSG_ENC_AS_REP_PART        25      /* EncASRepPart */
1037 #define KRB5_MSG_ENC_TGS_REP_PART       26      /* EncTGSRepPart */
1038 #define KRB5_MSG_ENC_AP_REP_PART        27      /* EncAPRepPart */
1039 #define KRB5_MSG_ENC_KRB_PRIV_PART      28      /* EncKrbPrivPart */
1040 #define KRB5_MSG_ENC_KRB_CRED_PART      29      /* EncKrbCredPart */
1041 #define KRB5_MSG_ERROR                  30      /* KRB-ERROR type */
1042
1043 /* encryption type constants */
1044 #define KRB5_ENCTYPE_NULL                0
1045 #define KRB5_ENCTYPE_DES_CBC_CRC         1
1046 #define KRB5_ENCTYPE_DES_CBC_MD4         2
1047 #define KRB5_ENCTYPE_DES_CBC_MD5         3
1048 #define KRB5_ENCTYPE_DES_CBC_RAW         4
1049 #define KRB5_ENCTYPE_DES3_CBC_SHA        5
1050 #define KRB5_ENCTYPE_DES3_CBC_RAW        6
1051 #define KRB5_ENCTYPE_DES_HMAC_SHA1       8
1052 #define KRB5_ENCTYPE_DSA_SHA1_CMS        9
1053 #define KRB5_ENCTYPE_RSA_MD5_CMS         10
1054 #define KRB5_ENCTYPE_RSA_SHA1_CMS        11
1055 #define KRB5_ENCTYPE_RC2_CBC_ENV         12
1056 #define KRB5_ENCTYPE_RSA_ENV             13
1057 #define KRB5_ENCTYPE_RSA_ES_OEAP_ENV     14
1058 #define KRB5_ENCTYPE_DES_EDE3_CBC_ENV    15
1059 #define KRB5_ENCTYPE_DES3_CBC_SHA1       16
1060 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
1061 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
1062 #define KRB5_ENCTYPE_DES_CBC_MD5_NT      20
1063 #define KERB_ENCTYPE_RC4_HMAC            23
1064 #define KERB_ENCTYPE_RC4_HMAC_EXP        24
1065 #define KRB5_ENCTYPE_UNKNOWN                0x1ff
1066 #define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1   0x7007
1067 #define KRB5_ENCTYPE_RC4_PLAIN_EXP      0xffffff73
1068 #define KRB5_ENCTYPE_RC4_PLAIN          0xffffff74
1069 #define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP  0xffffff78
1070 #define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP   0xffffff79
1071 #define KRB5_ENCTYPE_RC4_PLAIN_OLD      0xffffff7a
1072 #define KRB5_ENCTYPE_RC4_HMAC_OLD       0xffffff7b
1073 #define KRB5_ENCTYPE_DES_PLAIN          0xffffff7c
1074 #define KRB5_ENCTYPE_RC4_SHA            0xffffff7d
1075 #define KRB5_ENCTYPE_RC4_LM             0xffffff7e
1076 #define KRB5_ENCTYPE_RC4_PLAIN2         0xffffff7f
1077 #define KRB5_ENCTYPE_RC4_MD4            0xffffff80
1078
1079 /* checksum types */
1080 #define KRB5_CHKSUM_NONE                0
1081 #define KRB5_CHKSUM_CRC32               1
1082 #define KRB5_CHKSUM_MD4                 2
1083 #define KRB5_CHKSUM_KRB_DES_MAC         4
1084 #define KRB5_CHKSUM_KRB_DES_MAC_K       5
1085 #define KRB5_CHKSUM_MD5                 7
1086 #define KRB5_CHKSUM_MD5_DES             8
1087 /* the following four come from packetcable */
1088 #define KRB5_CHKSUM_MD5_DES3            9
1089 #define KRB5_CHKSUM_HMAC_SHA1_DES3_KD   12
1090 #define KRB5_CHKSUM_HMAC_SHA1_DES3      13
1091 #define KRB5_CHKSUM_SHA1_UNKEYED        14
1092 #define KRB5_CHKSUM_HMAC_MD5            0xffffff76
1093 #define KRB5_CHKSUM_MD5_HMAC            0xffffff77
1094 #define KRB5_CHKSUM_RC4_MD5             0xffffff78
1095 #define KRB5_CHKSUM_MD25                0xffffff79
1096 #define KRB5_CHKSUM_DES_MAC_MD5         0xffffff7a
1097 #define KRB5_CHKSUM_DES_MAC             0xffffff7b
1098 #define KRB5_CHKSUM_REAL_CRC32          0xffffff7c
1099 #define KRB5_CHKSUM_SHA1                0xffffff7d
1100 #define KRB5_CHKSUM_LM                  0xffffff7e
1101 #define KRB5_CHKSUM_GSSAPI              0x8003
1102
1103 /*
1104  * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
1105  *
1106  *      http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-04.txt
1107  *
1108  * unless it's expired.
1109  */
1110
1111 /* pre-authentication type constants */
1112 #define KRB5_PA_TGS_REQ                1
1113 #define KRB5_PA_ENC_TIMESTAMP          2
1114 #define KRB5_PA_PW_SALT                3
1115 #define KRB5_PA_ENC_ENCKEY             4
1116 #define KRB5_PA_ENC_UNIX_TIME          5
1117 #define KRB5_PA_ENC_SANDIA_SECURID     6
1118 #define KRB5_PA_SESAME                 7
1119 #define KRB5_PA_OSF_DCE                8
1120 #define KRB5_PA_CYBERSAFE_SECUREID     9
1121 #define KRB5_PA_AFS3_SALT              10
1122 #define KRB5_PA_ENCTYPE_INFO           11
1123 #define KRB5_PA_SAM_CHALLENGE          12
1124 #define KRB5_PA_SAM_RESPONSE           13
1125 #define KRB5_PA_PK_AS_REQ              14
1126 #define KRB5_PA_PK_AS_REP              15
1127 #define KRB5_PA_DASS                   16
1128 #define KRB5_PA_ENCTYPE_INFO2          19
1129 #define KRB5_PA_USE_SPECIFIED_KVNO     20
1130 #define KRB5_PA_SAM_REDIRECT           21
1131 #define KRB5_PA_GET_FROM_TYPED_DATA    22
1132 #define KRB5_PA_SAM_ETYPE_INFO         23
1133 #define KRB5_PA_ALT_PRINC              24
1134 #define KRB5_PA_SAM_CHALLENGE2         30
1135 #define KRB5_PA_SAM_RESPONSE2          31
1136 #define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
1137 #define KRB5_TD_KRB_PRINCIPAL          102
1138 #define KRB5_TD_KRB_REALM              103
1139 #define KRB5_TD_TRUSTED_CERTIFIERS     104
1140 #define KRB5_TD_CERTIFICATE_INDEX      105
1141 #define KRB5_TD_APP_DEFINED_ERROR      106
1142 #define KRB5_TD_REQ_NONCE              107
1143 #define KRB5_TD_REQ_SEQ                108
1144 /* preauthentication types >127 (i.e. negative ones) are app specific.
1145    however since Microsoft is the dominant(only?) user of types in this range
1146    we also treat the type as unsigned.
1147 */
1148 #define KRB5_PA_PAC_REQUEST              128    /* (Microsoft extension) */
1149 #define KRB5_PA_FOR_USER                 129    /* Impersonation (Microsoft extension) See [MS-SFU]. XXX - replaced by KRB5_PA_S4U2SELF */
1150 #define KRB5_PA_S4U2SELF                 129
1151
1152 #define KRB5_PA_PROV_SRV_LOCATION 0xffffffff    /* (gint32)0xFF) packetcable stuff */
1153 /* Principal name-type */
1154 #define KRB5_NT_UNKNOWN        0
1155 #define KRB5_NT_PRINCIPAL      1
1156 #define KRB5_NT_SRV_INST       2
1157 #define KRB5_NT_SRV_HST        3
1158 #define KRB5_NT_SRV_XHST       4
1159 #define KRB5_NT_UID            5
1160 #define KRB5_NT_X500_PRINCIPAL 6
1161 #define KRB5_NT_SMTP_NAME      7
1162 #define KRB5_NT_ENTERPRISE    10
1163
1164 /*
1165  * MS specific name types, from
1166  *
1167  *      http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
1168  */
1169 #define KRB5_NT_MS_PRINCIPAL            -128
1170 #define KRB5_NT_MS_PRINCIPAL_AND_SID    -129
1171 #define KRB5_NT_ENT_PRINCIPAL_AND_SID   -130
1172 #define KRB5_NT_PRINCIPAL_AND_SID       -131
1173 #define KRB5_NT_SRV_INST_AND_SID        -132
1174
1175 /* error table constants */
1176 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
1177 #define KRB5_ET_KRB5KDC_ERR_NONE                         0
1178 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP                     1
1179 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP                  2
1180 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO                     3
1181 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO              4
1182 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO              5
1183 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN          6
1184 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN          7
1185 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE         8
1186 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY                     9
1187 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE              10
1188 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID                  11
1189 #define KRB5_ET_KRB5KDC_ERR_POLICY                       12
1190 #define KRB5_ET_KRB5KDC_ERR_BADOPTION                    13
1191 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP                 14
1192 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP               15
1193 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP           16
1194 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP                17
1195 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED               18
1196 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED              19
1197 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED                  20
1198 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET                21
1199 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET               22
1200 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP                      23
1201 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED               24
1202 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED             25
1203 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH               26
1204 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER           27
1205 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED            28
1206 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE              29
1207 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY             31
1208 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED               32
1209 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV                   33
1210 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT                    34
1211 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US                    35
1212 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH                  36
1213 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW                      37
1214 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR                   38
1215 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION                39
1216 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE                  40
1217 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED                  41
1218 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER                  42
1219 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT                43
1220 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER                 44
1221 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY                     45
1222 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL                  46
1223 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION              47
1224 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD                    48
1225 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ                    49
1226 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM               50
1227 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED             51
1228 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG             52
1229 #define KRB5_ET_KRB5KRB_ERR_GENERIC                      60
1230 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG                61
1231 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED             62
1232 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED                63
1233 #define KRB5_ET_KDC_ERROR_INVALID_SIG                    64
1234 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK                     65
1235 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH             66
1236 #define KRB5_ET_KRB_AP_ERR_NO_TGT                        67
1237 #define KRB5_ET_KDC_ERR_WRONG_REALM                      68
1238 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED         69
1239 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE          70
1240 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE              71
1241 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE              72
1242 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN        73
1243 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE    74
1244 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH             75
1245 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH                76
1246
1247 static const value_string krb5_error_codes[] = {
1248         { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
1249         { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
1250         { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
1251         { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
1252         { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
1253         { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
1254         { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
1255         { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
1256         { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
1257         { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
1258         { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
1259         { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
1260         { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
1261         { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
1262         { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
1263         { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
1264         { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
1265         { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
1266         { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
1267         { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
1268         { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
1269         { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
1270         { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
1271         { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
1272         { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
1273         { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
1274         { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
1275         { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
1276         { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
1277         { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
1278         { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
1279         { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
1280         { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
1281         { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
1282         { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
1283         { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
1284         { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
1285         { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
1286         { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
1287         { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
1288         { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
1289         { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
1290         { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
1291         { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
1292         { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
1293         { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
1294         { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
1295         { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
1296         { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
1297         { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
1298         { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
1299         { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
1300         { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
1301         { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
1302         { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
1303         { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
1304         { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
1305         { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
1306         { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
1307         { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
1308         { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
1309         { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
1310         { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
1311         { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
1312         { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
1313         { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
1314         { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
1315         { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
1316         { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
1317         { 0, NULL }
1318 };
1319
1320
1321 #if 0
1322 #define PAC_LOGON_INFO          1
1323 #define PAC_CREDENTIAL_TYPE     2
1324 #define PAC_SERVER_CHECKSUM     6
1325 #define PAC_PRIVSVR_CHECKSUM    7
1326 #define PAC_CLIENT_INFO_TYPE    10
1327 #define PAC_S4U_DELEGATION_INFO 11
1328 #define PAC_UPN_DNS_INFO                12
1329 static const value_string w2k_pac_types[] = {
1330     { PAC_LOGON_INFO            , "Logon Info" },
1331     { PAC_CREDENTIAL_TYPE       , "Credential Type" },
1332     { PAC_SERVER_CHECKSUM       , "Server Checksum" },
1333     { PAC_PRIVSVR_CHECKSUM      , "Privsvr Checksum" },
1334     { PAC_CLIENT_INFO_TYPE      , "Client Info Type" },
1335     { PAC_S4U_DELEGATION_INFO, "S4U Delegation Info" },
1336     { PAC_UPN_DNS_INFO          , "UPN DNS Info" },
1337     { 0, NULL },
1338 };
1339
1340
1341 static const value_string krb5_princ_types[] = {
1342     { KRB5_NT_UNKNOWN              , "Unknown" },
1343     { KRB5_NT_PRINCIPAL            , "Principal" },
1344     { KRB5_NT_SRV_INST             , "Service and Instance" },
1345     { KRB5_NT_SRV_HST              , "Service and Host" },
1346     { KRB5_NT_SRV_XHST             , "Service and Host Components" },
1347     { KRB5_NT_UID                  , "Unique ID" },
1348     { KRB5_NT_X500_PRINCIPAL       , "Encoded X.509 Distinguished Name" },
1349     { KRB5_NT_SMTP_NAME            , "SMTP Name" },
1350     { KRB5_NT_ENTERPRISE           , "Enterprise Name" },
1351     { KRB5_NT_MS_PRINCIPAL         , "NT 4.0 style name (MS specific)" },
1352     { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
1353     { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
1354     { KRB5_NT_PRINCIPAL_AND_SID    , "Principal name and SID (MS specific)"},
1355     { KRB5_NT_SRV_INST_AND_SID     , "SPN and SID (MS specific)"},
1356     { 0                            , NULL },
1357 };
1358 #endif
1359
1360 static const value_string krb5_preauthentication_types[] = {
1361     { KRB5_PA_TGS_REQ              , "PA-TGS-REQ" },
1362     { KRB5_PA_ENC_TIMESTAMP        , "PA-ENC-TIMESTAMP" },
1363     { KRB5_PA_PW_SALT              , "PA-PW-SALT" },
1364     { KRB5_PA_ENC_ENCKEY           , "PA-ENC-ENCKEY" },
1365     { KRB5_PA_ENC_UNIX_TIME        , "PA-ENC-UNIX-TIME" },
1366     { KRB5_PA_ENC_SANDIA_SECURID   , "PA-PW-SALT" },
1367     { KRB5_PA_SESAME               , "PA-SESAME" },
1368     { KRB5_PA_OSF_DCE              , "PA-OSF-DCE" },
1369     { KRB5_PA_CYBERSAFE_SECUREID   , "PA-CYBERSAFE-SECURID" },
1370     { KRB5_PA_AFS3_SALT            , "PA-AFS3-SALT" },
1371     { KRB5_PA_ENCTYPE_INFO         , "PA-ENCTYPE-INFO" },
1372     { KRB5_PA_ENCTYPE_INFO2         , "PA-ENCTYPE-INFO2" },
1373     { KRB5_PA_SAM_CHALLENGE        , "PA-SAM-CHALLENGE" },
1374     { KRB5_PA_SAM_RESPONSE         , "PA-SAM-RESPONSE" },
1375     { KRB5_PA_PK_AS_REQ            , "PA-PK-AS-REQ" },
1376     { KRB5_PA_PK_AS_REP            , "PA-PK-AS-REP" },
1377     { KRB5_PA_DASS                 , "PA-DASS" },
1378     { KRB5_PA_USE_SPECIFIED_KVNO   , "PA-USE-SPECIFIED-KVNO" },
1379     { KRB5_PA_SAM_REDIRECT         , "PA-SAM-REDIRECT" },
1380     { KRB5_PA_GET_FROM_TYPED_DATA  , "PA-GET-FROM-TYPED-DATA" },
1381     { KRB5_PA_SAM_ETYPE_INFO       , "PA-SAM-ETYPE-INFO" },
1382     { KRB5_PA_ALT_PRINC            , "PA-ALT-PRINC" },
1383     { KRB5_PA_SAM_CHALLENGE2       , "PA-SAM-CHALLENGE2" },
1384     { KRB5_PA_SAM_RESPONSE2        , "PA-SAM-RESPONSE2" },
1385     { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
1386     { KRB5_TD_KRB_PRINCIPAL        , "TD-KRB-PRINCIPAL" },
1387     { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
1388     { KRB5_TD_TRUSTED_CERTIFIERS   , "TD-TRUSTED-CERTIFIERS" },
1389     { KRB5_TD_CERTIFICATE_INDEX    , "TD-CERTIFICATE-INDEX" },
1390     { KRB5_TD_APP_DEFINED_ERROR    , "TD-APP-DEFINED-ERROR" },
1391     { KRB5_TD_REQ_NONCE            , "TD-REQ-NONCE" },
1392     { KRB5_TD_REQ_SEQ              , "TD-REQ-SEQ" },
1393     { KRB5_PA_PAC_REQUEST          , "PA-PAC-REQUEST" },
1394     { KRB5_PA_FOR_USER             , "PA-FOR-USER" },
1395     { KRB5_PA_PROV_SRV_LOCATION    , "PA-PROV-SRV-LOCATION" },
1396     { 0                            , NULL },
1397 };
1398
1399 #if 0
1400 static const value_string krb5_encryption_types[] = {
1401     { KRB5_ENCTYPE_NULL           , "NULL" },
1402     { KRB5_ENCTYPE_DES_CBC_CRC    , "des-cbc-crc" },
1403     { KRB5_ENCTYPE_DES_CBC_MD4    , "des-cbc-md4" },
1404     { KRB5_ENCTYPE_DES_CBC_MD5    , "des-cbc-md5" },
1405     { KRB5_ENCTYPE_DES_CBC_RAW    , "des-cbc-raw" },
1406     { KRB5_ENCTYPE_DES3_CBC_SHA   , "des3-cbc-sha" },
1407     { KRB5_ENCTYPE_DES3_CBC_RAW   , "des3-cbc-raw" },
1408     { KRB5_ENCTYPE_DES_HMAC_SHA1  , "des-hmac-sha1" },
1409     { KRB5_ENCTYPE_DSA_SHA1_CMS   , "dsa-sha1-cms" },
1410     { KRB5_ENCTYPE_RSA_MD5_CMS    , "rsa-md5-cms" },
1411     { KRB5_ENCTYPE_RSA_SHA1_CMS   , "rsa-sha1-cms" },
1412     { KRB5_ENCTYPE_RC2_CBC_ENV    , "rc2-cbc-env" },
1413     { KRB5_ENCTYPE_RSA_ENV        , "rsa-env" },
1414     { KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
1415     { KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
1416     { KRB5_ENCTYPE_DES3_CBC_SHA1  , "des3-cbc-sha1" },
1417     { KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96  , "aes128-cts-hmac-sha1-96" },
1418     { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96  , "aes256-cts-hmac-sha1-96" },
1419     { KRB5_ENCTYPE_DES_CBC_MD5_NT  , "des-cbc-md5-nt" },
1420     { KERB_ENCTYPE_RC4_HMAC       , "rc4-hmac" },
1421     { KERB_ENCTYPE_RC4_HMAC_EXP   , "rc4-hmac-exp" },
1422     { KRB5_ENCTYPE_UNKNOWN        , "unknown" },
1423     { KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1    , "local-des3-hmac-sha1" },
1424     { KRB5_ENCTYPE_RC4_PLAIN_EXP  , "rc4-plain-exp" },
1425     { KRB5_ENCTYPE_RC4_PLAIN      , "rc4-plain" },
1426     { KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP, "rc4-plain-old-exp" },
1427     { KRB5_ENCTYPE_RC4_HMAC_OLD_EXP, "rc4-hmac-old-exp" },
1428     { KRB5_ENCTYPE_RC4_PLAIN_OLD  , "rc4-plain-old" },
1429     { KRB5_ENCTYPE_RC4_HMAC_OLD   , "rc4-hmac-old" },
1430     { KRB5_ENCTYPE_DES_PLAIN      , "des-plain" },
1431     { KRB5_ENCTYPE_RC4_SHA        , "rc4-sha" },
1432     { KRB5_ENCTYPE_RC4_LM         , "rc4-lm" },
1433     { KRB5_ENCTYPE_RC4_PLAIN2     , "rc4-plain2" },
1434     { KRB5_ENCTYPE_RC4_MD4        , "rc4-md4" },
1435     { 0                           , NULL },
1436 };
1437
1438 static const value_string krb5_checksum_types[] = {
1439     { KRB5_CHKSUM_NONE            , "none" },
1440     { KRB5_CHKSUM_CRC32           , "crc32" },
1441     { KRB5_CHKSUM_MD4             , "md4" },
1442     { KRB5_CHKSUM_KRB_DES_MAC     , "krb-des-mac" },
1443     { KRB5_CHKSUM_KRB_DES_MAC_K   , "krb-des-mac-k" },
1444     { KRB5_CHKSUM_MD5             , "md5" },
1445     { KRB5_CHKSUM_MD5_DES         , "md5-des" },
1446     { KRB5_CHKSUM_MD5_DES3        , "md5-des3" },
1447     { KRB5_CHKSUM_HMAC_SHA1_DES3_KD, "hmac-sha1-des3-kd" },
1448     { KRB5_CHKSUM_HMAC_SHA1_DES3  , "hmac-sha1-des3" },
1449     { KRB5_CHKSUM_SHA1_UNKEYED    , "sha1 (unkeyed)" },
1450     { KRB5_CHKSUM_HMAC_MD5        , "hmac-md5" },
1451     { KRB5_CHKSUM_MD5_HMAC        , "md5-hmac" },
1452     { KRB5_CHKSUM_RC4_MD5         , "rc5-md5" },
1453     { KRB5_CHKSUM_MD25            , "md25" },
1454     { KRB5_CHKSUM_DES_MAC_MD5     , "des-mac-md5" },
1455     { KRB5_CHKSUM_DES_MAC         , "des-mac" },
1456     { KRB5_CHKSUM_REAL_CRC32      , "real-crc32" },
1457     { KRB5_CHKSUM_SHA1            , "sha1" },
1458     { KRB5_CHKSUM_LM              , "lm" },
1459     { KRB5_CHKSUM_GSSAPI          , "gssapi-8003" },
1460     { 0                           , NULL },
1461 };
1462 #endif
1463
1464 #define KRB5_AD_IF_RELEVANT                     1
1465 #define KRB5_AD_INTENDED_FOR_SERVER             2
1466 #define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS  3
1467 #define KRB5_AD_KDC_ISSUED                      4
1468 #define KRB5_AD_OR                              5
1469 #define KRB5_AD_MANDATORY_TICKET_EXTENSIONS     6
1470 #define KRB5_AD_IN_TICKET_EXTENSIONS            7
1471 #define KRB5_AD_MANDATORY_FOR_KDC               8
1472 #define KRB5_AD_OSF_DCE                         64
1473 #define KRB5_AD_SESAME                          65
1474 #define KRB5_AD_OSF_DCE_PKI_CERTID              66
1475 #define KRB5_AD_WIN2K_PAC                               128
1476 #define KRB5_AD_SIGNTICKET                      0xffffffef
1477 #if 0
1478 static const value_string krb5_ad_types[] = {
1479     { KRB5_AD_IF_RELEVANT                       , "AD-IF-RELEVANT" },
1480     { KRB5_AD_INTENDED_FOR_SERVER               , "AD-Intended-For-Server" },
1481     { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS    , "AD-Intended-For-Application-Class" },
1482     { KRB5_AD_KDC_ISSUED                        , "AD-KDCIssued" },
1483     { KRB5_AD_OR                                , "AD-AND-OR" },
1484     { KRB5_AD_MANDATORY_TICKET_EXTENSIONS       , "AD-Mandatory-Ticket-Extensions" },
1485     { KRB5_AD_IN_TICKET_EXTENSIONS              , "AD-IN-Ticket-Extensions" },
1486     { KRB5_AD_MANDATORY_FOR_KDC                 , "AD-MANDATORY-FOR-KDC" },
1487     { KRB5_AD_OSF_DCE                           , "AD-OSF-DCE" },
1488     { KRB5_AD_SESAME                            , "AD-SESAME" },
1489     { KRB5_AD_OSF_DCE_PKI_CERTID                , "AD-OSF-DCE-PKI-CertID" },
1490     { KRB5_AD_WIN2K_PAC                         , "AD-Win2k-PAC" },
1491     { KRB5_AD_SIGNTICKET                        , "AD-SignTicket" },
1492     { 0 , NULL },
1493 };
1494
1495 static const value_string krb5_transited_types[] = {
1496     { 1                           , "DOMAIN-X500-COMPRESS" },
1497     { 0                           , NULL }
1498 };
1499 #endif
1500
1501 static const value_string krb5_msg_types[] = {
1502         { KRB5_MSG_TICKET,              "Ticket" },
1503         { KRB5_MSG_AUTHENTICATOR,       "Authenticator" },
1504         { KRB5_MSG_ENC_TICKET_PART,     "EncTicketPart" },
1505         { KRB5_MSG_TGS_REQ,             "TGS-REQ" },
1506         { KRB5_MSG_TGS_REP,             "TGS-REP" },
1507         { KRB5_MSG_AS_REQ,              "AS-REQ" },
1508         { KRB5_MSG_AS_REP,              "AS-REP" },
1509         { KRB5_MSG_AP_REQ,              "AP-REQ" },
1510         { KRB5_MSG_AP_REP,              "AP-REP" },
1511         { KRB5_MSG_SAFE,                "KRB-SAFE" },
1512         { KRB5_MSG_PRIV,                "KRB-PRIV" },
1513         { KRB5_MSG_CRED,                "KRB-CRED" },
1514         { KRB5_MSG_ENC_AS_REP_PART,     "EncASRepPart" },
1515         { KRB5_MSG_ENC_TGS_REP_PART,    "EncTGSRepPart" },
1516         { KRB5_MSG_ENC_AP_REP_PART,     "EncAPRepPart" },
1517         { KRB5_MSG_ENC_KRB_PRIV_PART,   "EncKrbPrivPart" },
1518         { KRB5_MSG_ENC_KRB_CRED_PART,   "EncKrbCredPart" },
1519         { KRB5_MSG_ERROR,               "KRB-ERROR" },
1520         { 0, NULL },
1521 };
1522
1523 #define KRB5_GSS_C_DELEG_FLAG             0x01
1524 #define KRB5_GSS_C_MUTUAL_FLAG            0x02
1525 #define KRB5_GSS_C_REPLAY_FLAG            0x04
1526 #define KRB5_GSS_C_SEQUENCE_FLAG          0x08
1527 #define KRB5_GSS_C_CONF_FLAG              0x10
1528 #define KRB5_GSS_C_INTEG_FLAG             0x20
1529 #define KRB5_GSS_C_DCE_STYLE            0x1000
1530
1531 static const true_false_string tfs_gss_flags_deleg = {
1532         "Delegate credentials to remote peer",
1533         "Do NOT delegate"
1534 };
1535 static const true_false_string tfs_gss_flags_mutual = {
1536         "Request that remote peer authenticates itself",
1537         "Mutual authentication NOT required"
1538 };
1539 static const true_false_string tfs_gss_flags_replay = {
1540         "Enable replay protection for signed or sealed messages",
1541         "Do NOT enable replay protection"
1542 };
1543 static const true_false_string tfs_gss_flags_sequence = {
1544         "Enable Out-of-sequence detection for sign or sealed messages",
1545         "Do NOT enable out-of-sequence detection"
1546 };
1547 static const true_false_string tfs_gss_flags_conf = {
1548         "Confidentiality (sealing) may be invoked",
1549         "Do NOT use Confidentiality (sealing)"
1550 };
1551 static const true_false_string tfs_gss_flags_integ = {
1552         "Integrity protection (signing) may be invoked",
1553         "Do NOT use integrity protection"
1554 };
1555
1556 static const true_false_string tfs_gss_flags_dce_style = {
1557         "DCE-STYLE",
1558         "Not using DCE-STYLE"
1559 };
1560
1561 #ifdef HAVE_KERBEROS
1562 static int
1563 dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1564                                                                         proto_tree *tree, int hf_index _U_)
1565 {
1566         guint8 *plaintext;
1567         int length;
1568         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1569         tvbuff_t *next_tvb;
1570
1571         next_tvb=tvb_new_subset_remaining(tvb, offset);
1572         length=tvb_captured_length_remaining(tvb, offset);
1573
1574         /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1575          * 7.5.1
1576          * All Ticket encrypted parts use usage == 2
1577          */
1578         plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, private_data->etype, NULL);
1579
1580         if(plaintext){
1581                 tvbuff_t *child_tvb;
1582                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1583                 tvb_set_free_cb(child_tvb, g_free);
1584
1585                 /* Add the decrypted data to the data source list. */
1586                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1587
1588                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1589         }
1590         return offset;
1591 }
1592
1593 static int
1594 dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1595                                                                                         proto_tree *tree, int hf_index _U_)
1596 {
1597         guint8 *plaintext;
1598         int length;
1599         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1600         tvbuff_t *next_tvb;
1601
1602         next_tvb=tvb_new_subset_remaining(tvb, offset);
1603         length=tvb_captured_length_remaining(tvb, offset);
1604
1605         /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1606          * 7.5.1
1607          * Authenticators are encrypted with usage
1608          * == 7 or
1609          * == 11
1610          */
1611         plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, private_data->etype, NULL);
1612
1613         if(!plaintext){
1614                 plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, private_data->etype, NULL);
1615         }
1616
1617         if(plaintext){
1618                 tvbuff_t *child_tvb;
1619                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1620                 tvb_set_free_cb(child_tvb, g_free);
1621
1622                 /* Add the decrypted data to the data source list. */
1623                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1624
1625                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1626         }
1627         return offset;
1628 }
1629
1630 static int
1631 dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1632                                                                         proto_tree *tree, int hf_index _U_)
1633 {
1634         guint8 *plaintext;
1635         int length;
1636         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1637         tvbuff_t *next_tvb;
1638
1639         next_tvb=tvb_new_subset_remaining(tvb, offset);
1640         length=tvb_captured_length_remaining(tvb, offset);
1641
1642         /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1643          * 7.5.1
1644          * ASREP/TGSREP encryptedparts are encrypted with usage
1645          * == 3 or
1646          * == 8 or
1647          * == 9
1648          */
1649         plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, private_data->etype, NULL);
1650
1651         if(!plaintext){
1652                 plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, private_data->etype, NULL);
1653         }
1654
1655         if(!plaintext){
1656                 plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, private_data->etype, NULL);
1657         }
1658
1659         if(plaintext){
1660                 tvbuff_t *child_tvb;
1661                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1662                 tvb_set_free_cb(child_tvb, g_free);
1663
1664                 /* Add the decrypted data to the data source list. */
1665                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1666
1667                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1668         }
1669         return offset;
1670 }
1671
1672 static int
1673 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1674                                                                                 proto_tree *tree, int hf_index _U_)
1675 {
1676         guint8 *plaintext;
1677         int length;
1678         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1679         tvbuff_t *next_tvb;
1680
1681         next_tvb=tvb_new_subset_remaining(tvb, offset);
1682         length=tvb_captured_length_remaining(tvb, offset);
1683
1684         /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1685          * 7.5.1
1686          * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
1687          * == 1
1688          */
1689         plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, private_data->etype, NULL);
1690
1691         if(plaintext){
1692                 tvbuff_t *child_tvb;
1693                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1694                 tvb_set_free_cb(child_tvb, g_free);
1695
1696                 /* Add the decrypted data to the data source list. */
1697                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1698
1699                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1700         }
1701         return offset;
1702 }
1703
1704 static int
1705 dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1706                                                                         proto_tree *tree, int hf_index _U_)
1707 {
1708         guint8 *plaintext;
1709         int length;
1710         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1711         tvbuff_t *next_tvb;
1712
1713         next_tvb=tvb_new_subset_remaining(tvb, offset);
1714         length=tvb_captured_length_remaining(tvb, offset);
1715
1716         /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1717          * 7.5.1
1718          * AP-REP are encrypted with usage == 12
1719          */
1720         plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, private_data->etype, NULL);
1721
1722         if(plaintext){
1723                 tvbuff_t *child_tvb;
1724                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1725                 tvb_set_free_cb(child_tvb, g_free);
1726
1727                 /* Add the decrypted data to the data source list. */
1728                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1729
1730                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1731         }
1732         return offset;
1733 }
1734
1735 static int
1736 dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1737                                                                         proto_tree *tree, int hf_index _U_)
1738 {
1739         guint8 *plaintext;
1740         int length;
1741         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1742         tvbuff_t *next_tvb;
1743
1744         next_tvb=tvb_new_subset_remaining(tvb, offset);
1745         length=tvb_captured_length_remaining(tvb, offset);
1746
1747         /* RFC4120 :
1748          * EncKrbPrivPart encrypted with usage
1749          * == 13
1750          */
1751         plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, private_data->etype, NULL);
1752
1753         if(plaintext){
1754                 tvbuff_t *child_tvb;
1755                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1756                 tvb_set_free_cb(child_tvb, g_free);
1757
1758                 /* Add the decrypted data to the data source list. */
1759                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1760
1761                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1762         }
1763         return offset;
1764 }
1765
1766 static int
1767 dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
1768                                                                         proto_tree *tree, int hf_index _U_)
1769 {
1770         guint8 *plaintext;
1771         int length;
1772         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1773         tvbuff_t *next_tvb;
1774
1775         next_tvb=tvb_new_subset_remaining(tvb, offset);
1776         length=tvb_captured_length_remaining(tvb, offset);
1777
1778         /* RFC4120 :
1779          * EncKrbCredPart encrypted with usage
1780          * == 14
1781          */
1782         plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, private_data->etype, NULL);
1783
1784         if(plaintext){
1785                 tvbuff_t *child_tvb;
1786                 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
1787                 tvb_set_free_cb(child_tvb, g_free);
1788
1789                 /* Add the decrypted data to the data source list. */
1790                 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
1791
1792                 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
1793         }
1794         return offset;
1795 }
1796 #endif
1797
1798 /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.
1799  */
1800 static int
1801 dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb)
1802 {
1803         int offset=0;
1804         guint32 len;
1805         guint16 dlglen;
1806
1807         /* Length of Bnd field */
1808         len=tvb_get_letohl(tvb, offset);
1809         proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1810         offset += 4;
1811
1812         /* Bnd field */
1813         proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA);
1814         offset += len;
1815
1816
1817         /* flags */
1818         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1819         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1820         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1821         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1822         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1823         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1824         proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1825         offset += 4;
1826
1827         /* the next fields are optional so we have to check that we have
1828          * more data in our buffers */
1829         if(tvb_captured_length_remaining(tvb, offset)<2){
1830                 return offset;
1831         }
1832         /* dlgopt identifier */
1833         proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1834         offset += 2;
1835
1836         if(tvb_captured_length_remaining(tvb, offset)<2){
1837                 return offset;
1838         }
1839         /* dlglen identifier */
1840         dlglen=tvb_get_letohs(tvb, offset);
1841         proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1842         offset += 2;
1843
1844         if(dlglen!=tvb_captured_length_remaining(tvb, offset)){
1845                 proto_tree_add_text(tree, tvb, 0, 0, "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_captured_length_remaining(tvb, offset));
1846                 return offset;
1847         }
1848
1849         /* this should now be a KRB_CRED message */
1850         offset=dissect_kerberos_Applications(FALSE, tvb, offset, actx, tree, /* hf_index */ -1);
1851
1852         return offset;
1853 }
1854
1855 static int
1856 dissect_krb5_PA_PROV_SRV_LOCATION(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
1857 {
1858         offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
1859
1860         return offset;
1861 }
1862
1863 static int
1864 dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
1865 {
1866         guint32 nt_status;
1867
1868         /* Microsoft stores a special 12 byte blob here
1869          * guint32 NT_status
1870          * guint32 unknown
1871          * guint32 unknown
1872          * decode everything as this blob for now until we see if anyone
1873          * else ever uses it   or we learn how to tell whether this
1874          * is such an MS blob or not.
1875          */
1876         proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
1877                         ENC_LITTLE_ENDIAN);
1878         nt_status=tvb_get_letohl(tvb, offset);
1879         if(nt_status) {
1880                 col_append_fstr(actx->pinfo->cinfo, COL_INFO,
1881                         " NT Status: %s",
1882                         val_to_str(nt_status, NT_errors,
1883                         "Unknown error code %#x"));
1884         }
1885         offset += 4;
1886
1887         proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
1888                         ENC_LITTLE_ENDIAN);
1889         offset += 4;
1890
1891         proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
1892                         ENC_LITTLE_ENDIAN);
1893         offset += 4;
1894
1895         return offset;
1896 }
1897
1898
1899 /*--- Included file: packet-kerberos-fn.c ---*/
1900 #line 1 "../../asn1/kerberos/packet-kerberos-fn.c"
1901
1902
1903 static int
1904 dissect_kerberos_INTEGER_5(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1905   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1906                                                 NULL);
1907
1908   return offset;
1909 }
1910
1911
1912
1913 static int
1914 dissect_kerberos_KerberosString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1915   offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
1916                                             actx, tree, tvb, offset, hf_index,
1917                                             NULL);
1918
1919   return offset;
1920 }
1921
1922
1923
1924 static int
1925 dissect_kerberos_Realm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1926   offset = dissect_kerberos_KerberosString(implicit_tag, tvb, offset, actx, tree, hf_index);
1927
1928   return offset;
1929 }
1930
1931
1932 static const value_string kerberos_NAME_TYPE_vals[] = {
1933   {   0, "kRB5-NT-UNKNOWN" },
1934   {   1, "kRB5-NT-PRINCIPAL" },
1935   {   2, "kRB5-NT-SRV-INST" },
1936   {   3, "kRB5-NT-SRV-HST" },
1937   {   4, "kRB5-NT-SRV-XHST" },
1938   {   5, "kRB5-NT-UID" },
1939   {   6, "kRB5-NT-X500-PRINCIPAL" },
1940   {   7, "kRB5-NT-SMTP-NAME" },
1941   {  10, "kRB5-NT-ENTERPRISE-PRINCIPAL" },
1942   { -130, "kRB5-NT-ENT-PRINCIPAL-AND-ID" },
1943   { -128, "kRB5-NT-MS-PRINCIPAL" },
1944   { -129, "kRB5-NT-MS-PRINCIPAL-AND-ID" },
1945   { 0, NULL }
1946 };
1947
1948
1949 static int
1950 dissect_kerberos_NAME_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1951   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1952                                                 NULL);
1953
1954   return offset;
1955 }
1956
1957
1958 static const ber_sequence_t SEQUENCE_OF_KerberosString_sequence_of[1] = {
1959   { &hf_kerberos_name_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_KerberosString },
1960 };
1961
1962 static int
1963 dissect_kerberos_SEQUENCE_OF_KerberosString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1964   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1965                                       SEQUENCE_OF_KerberosString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KerberosString);
1966
1967   return offset;
1968 }
1969
1970
1971 static const ber_sequence_t PrincipalName_sequence[] = {
1972   { &hf_kerberos_name_type  , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
1973   { &hf_kerberos_name_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_KerberosString },
1974   { NULL, 0, 0, 0, NULL }
1975 };
1976
1977 static int
1978 dissect_kerberos_PrincipalName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1979   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1980                                    PrincipalName_sequence, hf_index, ett_kerberos_PrincipalName);
1981
1982   return offset;
1983 }
1984
1985
1986 static const value_string kerberos_ENCTYPE_vals[] = {
1987   {   0, "eTYPE-NULL" },
1988   {   1, "eTYPE-DES-CBC-CRC" },
1989   {   2, "eTYPE-DES-CBC-MD4" },
1990   {   3, "eTYPE-DES-CBC-MD5" },
1991   {   5, "eTYPE-DES3-CBC-MD5" },
1992   {   7, "eTYPE-OLD-DES3-CBC-SHA1" },
1993   {   8, "eTYPE-SIGN-DSA-GENERATE" },
1994   {   9, "eTYPE-ENCRYPT-RSA-PRIV" },
1995   {  10, "eTYPE-ENCRYPT-RSA-PUB" },
1996   {  16, "eTYPE-DES3-CBC-SHA1" },
1997   {  17, "eTYPE-AES128-CTS-HMAC-SHA1-96" },
1998   {  18, "eTYPE-AES256-CTS-HMAC-SHA1-96" },
1999   {  23, "eTYPE-ARCFOUR-HMAC-MD5" },
2000   {  24, "eTYPE-ARCFOUR-HMAC-MD5-56" },
2001   {  48, "eTYPE-ENCTYPE-PK-CROSS" },
2002   { -128, "eTYPE-ARCFOUR-MD4" },
2003   { -133, "eTYPE-ARCFOUR-HMAC-OLD" },
2004   { -135, "eTYPE-ARCFOUR-HMAC-OLD-EXP" },
2005   { -4096, "eTYPE-DES-CBC-NONE" },
2006   { -4097, "eTYPE-DES3-CBC-NONE" },
2007   { -4098, "eTYPE-DES-CFB64-NONE" },
2008   { -4099, "eTYPE-DES-PCBC-NONE" },
2009   { -4100, "eTYPE-DIGEST-MD5-NONE" },
2010   { -4101, "eTYPE-CRAM-MD5-NONE" },
2011   { 0, NULL }
2012 };
2013
2014
2015 static int
2016 dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2017 #line 223 "../../asn1/kerberos/kerberos.cnf"
2018         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2019   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2020                                                 &(private_data->etype));
2021
2022
2023
2024
2025   return offset;
2026 }
2027
2028
2029
2030 static int
2031 dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2032   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2033                                                 NULL);
2034
2035   return offset;
2036 }
2037
2038
2039
2040 static int
2041 dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2042 #line 227 "../../asn1/kerberos/kerberos.cnf"
2043 #ifdef HAVE_KERBEROS
2044         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
2045 #else
2046   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2047                                        NULL);
2048
2049 #endif
2050         return offset;
2051
2052
2053
2054   return offset;
2055 }
2056
2057
2058 static const ber_sequence_t EncryptedTicketData_sequence[] = {
2059   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
2060   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
2061   { &hf_kerberos_encryptedTicketData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedTicketData_cipher },
2062   { NULL, 0, 0, 0, NULL }
2063 };
2064
2065 static int
2066 dissect_kerberos_EncryptedTicketData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2067   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2068                                    EncryptedTicketData_sequence, hf_index, ett_kerberos_EncryptedTicketData);
2069
2070   return offset;
2071 }
2072
2073
2074 static const ber_sequence_t Ticket_U_sequence[] = {
2075   { &hf_kerberos_tkt_vno    , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
2076   { &hf_kerberos_realm      , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
2077   { &hf_kerberos_sname      , BER_CLASS_CON, 2, 0, dissect_kerberos_PrincipalName },
2078   { &hf_kerberos_ticket_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedTicketData },
2079   { NULL, 0, 0, 0, NULL }
2080 };
2081
2082 static int
2083 dissect_kerberos_Ticket_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2084   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2085                                    Ticket_U_sequence, hf_index, ett_kerberos_Ticket_U);
2086
2087   return offset;
2088 }
2089
2090
2091
2092 static int
2093 dissect_kerberos_Ticket(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2094   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2095                                       hf_index, BER_CLASS_APP, 1, FALSE, dissect_kerberos_Ticket_U);
2096
2097   return offset;
2098 }
2099
2100
2101 static const value_string kerberos_CKSUMTYPE_vals[] = {
2102   {   0, "cKSUMTYPE-NONE" },
2103   {   1, "cKSUMTYPE-CRC32" },
2104   {   2, "cKSUMTYPE-RSA-MD4" },
2105   {   3, "cKSUMTYPE-RSA-MD4-DES" },
2106   {   4, "cKSUMTYPE-DES-MAC" },
2107   {   5, "cKSUMTYPE-DES-MAC-K" },
2108   {   6, "cKSUMTYPE-RSA-MD4-DES-K" },
2109   {   7, "cKSUMTYPE-RSA-MD5" },
2110   {   8, "cKSUMTYPE-RSA-MD5-DES" },
2111   {   9, "cKSUMTYPE-RSA-MD5-DES3" },
2112   {  10, "cKSUMTYPE-SHA1-OTHER" },
2113   {  12, "cKSUMTYPE-HMAC-SHA1-DES3" },
2114   {  14, "cKSUMTYPE-SHA1" },
2115   {  15, "cKSUMTYPE-HMAC-SHA1-96-AES-128" },
2116   {  16, "cKSUMTYPE-HMAC-SHA1-96-AES-256" },
2117   { 32771, "cKSUMTYPE-GSSAPI" },
2118   { -138, "cKSUMTYPE-HMAC-MD5" },
2119   { -1138, "cKSUMTYPE-HMAC-MD5-ENC" },
2120   { 0, NULL }
2121 };
2122
2123
2124 static int
2125 dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2126 #line 284 "../../asn1/kerberos/kerberos.cnf"
2127         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2128   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2129                                                 &(private_data->checksum_type));
2130
2131
2132
2133
2134   return offset;
2135 }
2136
2137
2138
2139 static int
2140 dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2141 #line 288 "../../asn1/kerberos/kerberos.cnf"
2142         tvbuff_t *next_tvb;
2143         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2144
2145         switch(private_data->checksum_type){
2146         case KRB5_CHKSUM_GSSAPI:
2147                 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
2148                 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
2149                 break;
2150         default:
2151                 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
2152         }
2153         return offset;
2154
2155
2156
2157   return offset;
2158 }
2159
2160
2161 static const ber_sequence_t Checksum_sequence[] = {
2162   { &hf_kerberos_cksumtype  , BER_CLASS_CON, 0, 0, dissect_kerberos_CKSUMTYPE },
2163   { &hf_kerberos_checksum   , BER_CLASS_CON, 1, 0, dissect_kerberos_T_checksum },
2164   { NULL, 0, 0, 0, NULL }
2165 };
2166
2167 static int
2168 dissect_kerberos_Checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2169   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2170                                    Checksum_sequence, hf_index, ett_kerberos_Checksum);
2171
2172   return offset;
2173 }
2174
2175
2176
2177 static int
2178 dissect_kerberos_Microseconds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2179   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2180                                                 NULL);
2181
2182   return offset;
2183 }
2184
2185
2186
2187 static int
2188 dissect_kerberos_KerberosTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2189   offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index);
2190
2191   return offset;
2192 }
2193
2194
2195
2196 static int
2197 dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2198   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2199                                                 NULL);
2200
2201   return offset;
2202 }
2203
2204
2205
2206 static int
2207 dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2208 #line 302 "../../asn1/kerberos/kerberos.cnf"
2209         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2210
2211         offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2212                                                                         &gbl_keytype);
2213         private_data->key.keytype = gbl_keytype;
2214
2215
2216
2217   return offset;
2218 }
2219
2220
2221
2222 static int
2223 dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2224 #line 309 "../../asn1/kerberos/kerberos.cnf"
2225         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2226
2227         private_data->key.keylength = tvb_captured_length_remaining(tvb, offset);
2228         private_data->key.keyvalue = tvb_get_ptr(tvb, offset, private_data->key.keylength);
2229
2230   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2231                                        NULL);
2232
2233
2234
2235
2236   return offset;
2237 }
2238
2239
2240 static const ber_sequence_t EncryptionKey_sequence[] = {
2241   { &hf_kerberos_keytype    , BER_CLASS_CON, 0, 0, dissect_kerberos_T_keytype },
2242   { &hf_kerberos_keyvalue   , BER_CLASS_CON, 1, 0, dissect_kerberos_T_keyvalue },
2243   { NULL, 0, 0, 0, NULL }
2244 };
2245
2246 static int
2247 dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2248 #line 317 "../../asn1/kerberos/kerberos.cnf"
2249         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2250
2251           offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2252                                    EncryptionKey_sequence, hf_index, ett_kerberos_EncryptionKey);
2253
2254
2255         if (private_data->key.keytype != 0) {
2256 #ifdef HAVE_KERBEROS
2257                 add_encryption_key(actx->pinfo, private_data->key.keytype, private_data->key.keylength, private_data->key.keyvalue, "key");
2258 #endif
2259         }
2260
2261
2262
2263   return offset;
2264 }
2265
2266
2267
2268 static int
2269 dissect_kerberos_T_ad_type(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2270 #line 328 "../../asn1/kerberos/kerberos.cnf"
2271         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2272         offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2273                                                                         &(private_data->ad_type));
2274
2275
2276
2277   return offset;
2278 }
2279
2280
2281
2282 static int
2283 dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2284 #line 333 "../../asn1/kerberos/kerberos.cnf"
2285         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2286
2287         switch(private_data->ad_type){
2288         case KRB5_AD_IF_RELEVANT:
2289                 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
2290                 break;
2291         default:
2292                 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
2293         }
2294
2295
2296
2297   return offset;
2298 }
2299
2300
2301 static const ber_sequence_t AuthorizationData_item_sequence[] = {
2302   { &hf_kerberos_ad_type    , BER_CLASS_CON, 0, 0, dissect_kerberos_T_ad_type },
2303   { &hf_kerberos_ad_data    , BER_CLASS_CON, 1, 0, dissect_kerberos_T_ad_data },
2304   { NULL, 0, 0, 0, NULL }
2305 };
2306
2307 static int
2308 dissect_kerberos_AuthorizationData_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2309   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2310                                    AuthorizationData_item_sequence, hf_index, ett_kerberos_AuthorizationData_item);
2311
2312   return offset;
2313 }
2314
2315
2316 static const ber_sequence_t AuthorizationData_sequence_of[1] = {
2317   { &hf_kerberos_AuthorizationData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_AuthorizationData_item },
2318 };
2319
2320 static int
2321 dissect_kerberos_AuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2322   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2323                                       AuthorizationData_sequence_of, hf_index, ett_kerberos_AuthorizationData);
2324
2325   return offset;
2326 }
2327
2328
2329 static const ber_sequence_t Authenticator_U_sequence[] = {
2330   { &hf_kerberos_authenticator_vno, BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
2331   { &hf_kerberos_crealm     , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
2332   { &hf_kerberos_cname      , BER_CLASS_CON, 2, 0, dissect_kerberos_PrincipalName },
2333   { &hf_kerberos_cksum      , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum },
2334   { &hf_kerberos_cusec      , BER_CLASS_CON, 4, 0, dissect_kerberos_Microseconds },
2335   { &hf_kerberos_ctime      , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
2336   { &hf_kerberos_subkey     , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptionKey },
2337   { &hf_kerberos_seq_number , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
2338   { &hf_kerberos_authorization_data, BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData },
2339   { NULL, 0, 0, 0, NULL }
2340 };
2341
2342 static int
2343 dissect_kerberos_Authenticator_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2344   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2345                                    Authenticator_U_sequence, hf_index, ett_kerberos_Authenticator_U);
2346
2347   return offset;
2348 }
2349
2350
2351
2352 static int
2353 dissect_kerberos_Authenticator(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2354   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2355                                       hf_index, BER_CLASS_APP, 2, FALSE, dissect_kerberos_Authenticator_U);
2356
2357   return offset;
2358 }
2359
2360
2361 static const asn_namedbit TicketFlags_bits[] = {
2362   {  0, &hf_kerberos_TicketFlags_reserved, -1, -1, "reserved", NULL },
2363   {  1, &hf_kerberos_TicketFlags_forwardable, -1, -1, "forwardable", NULL },
2364   {  2, &hf_kerberos_TicketFlags_forwarded, -1, -1, "forwarded", NULL },
2365   {  3, &hf_kerberos_TicketFlags_proxiable, -1, -1, "proxiable", NULL },
2366   {  4, &hf_kerberos_TicketFlags_proxy, -1, -1, "proxy", NULL },
2367   {  5, &hf_kerberos_TicketFlags_may_postdate, -1, -1, "may-postdate", NULL },
2368   {  6, &hf_kerberos_TicketFlags_postdated, -1, -1, "postdated", NULL },
2369   {  7, &hf_kerberos_TicketFlags_invalid, -1, -1, "invalid", NULL },
2370   {  8, &hf_kerberos_TicketFlags_renewable, -1, -1, "renewable", NULL },
2371   {  9, &hf_kerberos_TicketFlags_initial, -1, -1, "initial", NULL },
2372   { 10, &hf_kerberos_TicketFlags_pre_authent, -1, -1, "pre-authent", NULL },
2373   { 11, &hf_kerberos_TicketFlags_hw_authent, -1, -1, "hw-authent", NULL },
2374   { 12, &hf_kerberos_TicketFlags_transited_policy_checked, -1, -1, "transited-policy-checked", NULL },
2375   { 13, &hf_kerberos_TicketFlags_ok_as_delegate, -1, -1, "ok-as-delegate", NULL },
2376   { 14, &hf_kerberos_TicketFlags_anonymous, -1, -1, "anonymous", NULL },
2377   { 0, NULL, 0, 0, NULL, NULL }
2378 };
2379
2380 static int
2381 dissect_kerberos_TicketFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2382   offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
2383                                     TicketFlags_bits, hf_index, ett_kerberos_TicketFlags,
2384                                     NULL);
2385
2386   return offset;
2387 }
2388
2389
2390
2391 static int
2392 dissect_kerberos_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2393   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2394                                        NULL);
2395
2396   return offset;
2397 }
2398
2399
2400 static const ber_sequence_t TransitedEncoding_sequence[] = {
2401   { &hf_kerberos_tr_type    , BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 },
2402   { &hf_kerberos_contents   , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
2403   { NULL, 0, 0, 0, NULL }
2404 };
2405
2406 static int
2407 dissect_kerberos_TransitedEncoding(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2408   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2409                                    TransitedEncoding_sequence, hf_index, ett_kerberos_TransitedEncoding);
2410
2411   return offset;
2412 }
2413
2414
2415 static const value_string kerberos_ADDR_TYPE_vals[] = {
2416   { KERBEROS_ADDR_TYPE_IPV4, "iPv4" },
2417   { KERBEROS_ADDR_TYPE_CHAOS, "cHAOS" },
2418   { KERBEROS_ADDR_TYPE_XEROX, "xEROX" },
2419   { KERBEROS_ADDR_TYPE_ISO, "iSO" },
2420   { KERBEROS_ADDR_TYPE_DECNET, "dECNET" },
2421   { KERBEROS_ADDR_TYPE_APPLETALK, "aPPLETALK" },
2422   { KERBEROS_ADDR_TYPE_NETBIOS, "nETBIOS" },
2423   { KERBEROS_ADDR_TYPE_IPV6, "iPv6" },
2424   { 0, NULL }
2425 };
2426
2427
2428 static int
2429 dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2430 #line 344 "../../asn1/kerberos/kerberos.cnf"
2431         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2432   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2433                                                 &(private_data->addr_type));
2434
2435
2436
2437
2438   return offset;
2439 }
2440
2441
2442
2443 static int
2444 dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2445 #line 172 "../../asn1/kerberos/kerberos.cnf"
2446         gint8 appclass;
2447         gboolean pc;
2448         gint32 tag;
2449         guint32 len;
2450         const char *address_str;
2451         proto_item *it=NULL;
2452         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2453
2454         /* read header and len for the octet string */
2455         offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
2456         offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
2457
2458         switch(private_data->addr_type){
2459         case KERBEROS_ADDR_TYPE_IPV4:
2460                 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
2461                 address_str = tvb_ip_to_str(tvb, offset);
2462                 break;
2463         case KERBEROS_ADDR_TYPE_NETBIOS:
2464                 {
2465                 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
2466                 int netbios_name_type;
2467                 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
2468
2469                 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
2470                 address_str = wmem_strdup_printf(wmem_packet_scope(), "%s<%02x>", netbios_name, netbios_name_type);
2471                 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
2472                 }
2473                 break;
2474         case KERBEROS_ADDR_TYPE_IPV6:
2475                 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
2476                 address_str = tvb_ip6_to_str(tvb, offset);
2477                 break;
2478         default:
2479                 proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
2480                 address_str = NULL;
2481         }
2482
2483         /* push it up two levels in the decode pane */
2484         if(it && address_str){
2485                 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
2486                 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
2487         }
2488
2489         offset+=len;
2490         return offset;
2491
2492
2493
2494
2495   return offset;
2496 }
2497
2498
2499 static const ber_sequence_t HostAddress_sequence[] = {
2500   { &hf_kerberos_addr_type  , BER_CLASS_CON, 0, 0, dissect_kerberos_ADDR_TYPE },
2501   { &hf_kerberos_address    , BER_CLASS_CON, 1, 0, dissect_kerberos_T_address },
2502   { NULL, 0, 0, 0, NULL }
2503 };
2504
2505 static int
2506 dissect_kerberos_HostAddress(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2507   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2508                                    HostAddress_sequence, hf_index, ett_kerberos_HostAddress);
2509
2510   return offset;
2511 }
2512
2513
2514 static const ber_sequence_t HostAddresses_sequence_of[1] = {
2515   { &hf_kerberos_HostAddresses_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_HostAddress },
2516 };
2517
2518 static int
2519 dissect_kerberos_HostAddresses(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2520   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2521                                       HostAddresses_sequence_of, hf_index, ett_kerberos_HostAddresses);
2522
2523   return offset;
2524 }
2525
2526
2527 static const ber_sequence_t EncTicketPart_U_sequence[] = {
2528   { &hf_kerberos_flags      , BER_CLASS_CON, 0, 0, dissect_kerberos_TicketFlags },
2529   { &hf_kerberos_key        , BER_CLASS_CON, 1, 0, dissect_kerberos_EncryptionKey },
2530   { &hf_kerberos_crealm     , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
2531   { &hf_kerberos_cname      , BER_CLASS_CON, 3, 0, dissect_kerberos_PrincipalName },
2532   { &hf_kerberos_transited  , BER_CLASS_CON, 4, 0, dissect_kerberos_TransitedEncoding },
2533   { &hf_kerberos_authtime   , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
2534   { &hf_kerberos_starttime  , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
2535   { &hf_kerberos_endtime    , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime },
2536   { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
2537   { &hf_kerberos_caddr      , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
2538   { &hf_kerberos_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData },
2539   { NULL, 0, 0, 0, NULL }
2540 };
2541
2542 static int
2543 dissect_kerberos_EncTicketPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2544   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2545                                    EncTicketPart_U_sequence, hf_index, ett_kerberos_EncTicketPart_U);
2546
2547   return offset;
2548 }
2549
2550
2551
2552 static int
2553 dissect_kerberos_EncTicketPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2554   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2555                                       hf_index, BER_CLASS_APP, 3, FALSE, dissect_kerberos_EncTicketPart_U);
2556
2557   return offset;
2558 }
2559
2560
2561 static const value_string kerberos_MESSAGE_TYPE_vals[] = {
2562   {  10, "krb-as-req" },
2563   {  11, "krb-as-rep" },
2564   {  12, "krb-tgs-req" },
2565   {  13, "krb-tgs-rep" },
2566   {  14, "krb-ap-req" },
2567   {  15, "krb-ap-rep" },
2568   {  20, "krb-safe" },
2569   {  21, "krb-priv" },
2570   {  22, "krb-cred" },
2571   {  30, "krb-error" },
2572   { 0, NULL }
2573 };
2574
2575
2576 static int
2577 dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2578 #line 66 "../../asn1/kerberos/kerberos.cnf"
2579 guint32 msgtype;
2580
2581   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2582                                                 &msgtype);
2583
2584
2585
2586
2587 #line 71 "../../asn1/kerberos/kerberos.cnf"
2588         if (gbl_do_col_info) {
2589                 col_add_str(actx->pinfo->cinfo, COL_INFO,
2590                         val_to_str(msgtype, krb5_msg_types,
2591                         "Unknown msg type %#x"));
2592         }
2593         gbl_do_col_info=FALSE;
2594
2595 #if 0
2596         /* append the application type to the tree */
2597         proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
2598 #endif
2599
2600
2601   return offset;
2602 }
2603
2604
2605 static const value_string kerberos_PADATA_TYPE_vals[] = {
2606   {   0, "kRB5-PADATA-NONE" },
2607   {   1, "kRB5-PADATA-TGS-REQ" },
2608   {   1, "kRB5-PADATA-AP-REQ" },
2609   {   2, "kRB5-PADATA-ENC-TIMESTAMP" },
2610   {   3, "kRB5-PADATA-PW-SALT" },
2611   {   5, "kRB5-PADATA-ENC-UNIX-TIME" },
2612   {   6, "kRB5-PADATA-SANDIA-SECUREID" },
2613   {   7, "kRB5-PADATA-SESAME" },
2614   {   8, "kRB5-PADATA-OSF-DCE" },
2615   {   9, "kRB5-PADATA-CYBERSAFE-SECUREID" },
2616   {  10, "kRB5-PADATA-AFS3-SALT" },
2617   {  11, "kRB5-PADATA-ETYPE-INFO" },
2618   {  12, "kRB5-PADATA-SAM-CHALLENGE" },
2619   {  13, "kRB5-PADATA-SAM-RESPONSE" },
2620   {  14, "kRB5-PADATA-PK-AS-REQ-19" },
2621   {  15, "kRB5-PADATA-PK-AS-REP-19" },
2622   {  15, "kRB5-PADATA-PK-AS-REQ-WIN" },
2623   {  16, "kRB5-PADATA-PK-AS-REQ" },
2624   {  17, "kRB5-PADATA-PK-AS-REP" },
2625   {  18, "kRB5-PADATA-PA-PK-OCSP-RESPONSE" },
2626   {  19, "kRB5-PADATA-ETYPE-INFO2" },
2627   {  20, "kRB5-PADATA-USE-SPECIFIED-KVNO" },
2628   {  20, "kRB5-PADATA-SVR-REFERRAL-INFO" },
2629   {  21, "kRB5-PADATA-SAM-REDIRECT" },
2630   {  22, "kRB5-PADATA-GET-FROM-TYPED-DATA" },
2631   {  23, "kRB5-PADATA-SAM-ETYPE-INFO" },
2632   {  25, "kRB5-PADATA-SERVER-REFERRAL" },
2633   { 102, "kRB5-PADATA-TD-KRB-PRINCIPAL" },
2634   { 104, "kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS" },
2635   { 105, "kRB5-PADATA-PK-TD-CERTIFICATE-INDEX" },
2636   { 106, "kRB5-PADATA-TD-APP-DEFINED-ERROR" },
2637   { 107, "kRB5-PADATA-TD-REQ-NONCE" },
2638   { 108, "kRB5-PADATA-TD-REQ-SEQ" },
2639   { 128, "kRB5-PADATA-PA-PAC-REQUEST" },
2640   { 129, "kRB5-PADATA-S4U2SELF" },
2641   { 132, "kRB5-PADATA-PK-AS-09-BINDING" },
2642   { 133, "kRB5-PADATA-CLIENT-CANONICALIZED" },
2643   { 0, NULL }
2644 };
2645
2646
2647 static int
2648 dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2649 #line 119 "../../asn1/kerberos/kerberos.cnf"
2650         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
2651   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2652                                                 &(private_data->padata_type));
2653
2654
2655
2656 #line 122 "../../asn1/kerberos/kerberos.cnf"
2657         if(tree){
2658                 proto_item_append_text(tree, " %s",
2659                         val_to_str(private_data->padata_type, krb5_preauthentication_types,
2660                         "Unknown:%d"));
2661         }
2662
2663
2664   return offset;
2665 }
2666
2667
2668
2669 static int
2670 dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2671 #line 129 "../../asn1/kerberos/kerberos.cnf"
2672         proto_tree *sub_tree=tree;
2673         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
2674
2675         if(actx->created_item){
2676                 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
2677         }
2678
2679         switch(private_data->padata_type){
2680         case KRB5_PA_TGS_REQ:
2681                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
2682                 break;
2683         case KRB5_PA_PK_AS_REQ:
2684                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
2685                 break;
2686         case KRB5_PA_PK_AS_REP:
2687                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
2688                 break;
2689         case KRB5_PA_PAC_REQUEST:
2690                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST);
2691                 break;
2692         case KRB5_PA_S4U2SELF:
2693                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
2694                 break;
2695         case KRB5_PA_PROV_SRV_LOCATION:
2696                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
2697                 break;
2698         case KRB5_PA_ENC_TIMESTAMP:
2699                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
2700                 break;
2701         case KRB5_PA_ENCTYPE_INFO:
2702                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
2703                 break;
2704         case KRB5_PA_ENCTYPE_INFO2:
2705                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
2706                 break;
2707         case KRB5_PA_PW_SALT:
2708                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
2709                 break;
2710         default:
2711                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
2712         }
2713
2714
2715
2716   return offset;
2717 }
2718
2719
2720 static const ber_sequence_t PA_DATA_sequence[] = {
2721   { &hf_kerberos_padata_type, BER_CLASS_CON, 1, 0, dissect_kerberos_PADATA_TYPE },
2722   { &hf_kerberos_padata_value, BER_CLASS_CON, 2, 0, dissect_kerberos_T_padata_value },
2723   { NULL, 0, 0, 0, NULL }
2724 };
2725
2726 static int
2727 dissect_kerberos_PA_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2728   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2729                                    PA_DATA_sequence, hf_index, ett_kerberos_PA_DATA);
2730
2731   return offset;
2732 }
2733
2734
2735 static const ber_sequence_t SEQUENCE_OF_PA_DATA_sequence_of[1] = {
2736   { &hf_kerberos_padata_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
2737 };
2738
2739 static int
2740 dissect_kerberos_SEQUENCE_OF_PA_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2741   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2742                                       SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_PA_DATA);
2743
2744   return offset;
2745 }
2746
2747
2748 static const asn_namedbit KDCOptions_bits[] = {
2749   {  0, &hf_kerberos_KDCOptions_reserved, -1, -1, "reserved", NULL },
2750   {  1, &hf_kerberos_KDCOptions_forwardable, -1, -1, "forwardable", NULL },
2751   {  2, &hf_kerberos_KDCOptions_forwarded, -1, -1, "forwarded", NULL },
2752   {  3, &hf_kerberos_KDCOptions_proxiable, -1, -1, "proxiable", NULL },
2753   {  4, &hf_kerberos_KDCOptions_proxy, -1, -1, "proxy", NULL },
2754   {  5, &hf_kerberos_KDCOptions_allow_postdate, -1, -1, "allow-postdate", NULL },
2755   {  6, &hf_kerberos_KDCOptions_postdated, -1, -1, "postdated", NULL },
2756   {  7, &hf_kerberos_KDCOptions_unused7, -1, -1, "unused7", NULL },
2757   {  8, &hf_kerberos_KDCOptions_renewable, -1, -1, "renewable", NULL },
2758   {  9, &hf_kerberos_KDCOptions_unused9, -1, -1, "unused9", NULL },
2759   { 10, &hf_kerberos_KDCOptions_unused10, -1, -1, "unused10", NULL },
2760   { 11, &hf_kerberos_KDCOptions_opt_hardware_auth, -1, -1, "opt-hardware-auth", NULL },
2761   { 14, &hf_kerberos_KDCOptions_request_anonymous, -1, -1, "request-anonymous", NULL },
2762   { 15, &hf_kerberos_KDCOptions_canonicalize, -1, -1, "canonicalize", NULL },
2763   { 16, &hf_kerberos_KDCOptions_constrained_delegation, -1, -1, "constrained-delegation", NULL },
2764   { 26, &hf_kerberos_KDCOptions_disable_transited_check, -1, -1, "disable-transited-check", NULL },
2765   { 27, &hf_kerberos_KDCOptions_renewable_ok, -1, -1, "renewable-ok", NULL },
2766   { 28, &hf_kerberos_KDCOptions_enc_tkt_in_skey, -1, -1, "enc-tkt-in-skey", NULL },
2767   { 30, &hf_kerberos_KDCOptions_renew, -1, -1, "renew", NULL },
2768   { 31, &hf_kerberos_KDCOptions_validate, -1, -1, "validate", NULL },
2769   { 0, NULL, 0, 0, NULL, NULL }
2770 };
2771
2772 static int
2773 dissect_kerberos_KDCOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2774   offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
2775                                     KDCOptions_bits, hf_index, ett_kerberos_KDCOptions,
2776                                     NULL);
2777
2778   return offset;
2779 }
2780
2781
2782 static const ber_sequence_t SEQUENCE_OF_ENCTYPE_sequence_of[1] = {
2783   { &hf_kerberos_kDC_REQ_BODY_etype_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE },
2784 };
2785
2786 static int
2787 dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2788   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2789                                       SEQUENCE_OF_ENCTYPE_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_ENCTYPE);
2790
2791   return offset;
2792 }
2793
2794
2795
2796 static int
2797 dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2798 #line 235 "../../asn1/kerberos/kerberos.cnf"
2799 #ifdef HAVE_KERBEROS
2800         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
2801 #else
2802   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2803                                        NULL);
2804
2805 #endif
2806         return offset;
2807
2808
2809
2810   return offset;
2811 }
2812
2813
2814 static const ber_sequence_t EncryptedAuthorizationData_sequence[] = {
2815   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
2816   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
2817   { &hf_kerberos_encryptedAuthorizationData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthorizationData_cipher },
2818   { NULL, 0, 0, 0, NULL }
2819 };
2820
2821 static int
2822 dissect_kerberos_EncryptedAuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2823   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2824                                    EncryptedAuthorizationData_sequence, hf_index, ett_kerberos_EncryptedAuthorizationData);
2825
2826   return offset;
2827 }
2828
2829
2830 static const ber_sequence_t SEQUENCE_OF_Ticket_sequence_of[1] = {
2831   { &hf_kerberos_additional_tickets_item, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket },
2832 };
2833
2834 static int
2835 dissect_kerberos_SEQUENCE_OF_Ticket(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2836   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2837                                       SEQUENCE_OF_Ticket_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_Ticket);
2838
2839   return offset;
2840 }
2841
2842
2843 static const ber_sequence_t KDC_REQ_BODY_sequence[] = {
2844   { &hf_kerberos_kdc_options, BER_CLASS_CON, 0, 0, dissect_kerberos_KDCOptions },
2845   { &hf_kerberos_cname      , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
2846   { &hf_kerberos_realm      , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
2847   { &hf_kerberos_sname      , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
2848   { &hf_kerberos_from       , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
2849   { &hf_kerberos_till       , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
2850   { &hf_kerberos_rtime      , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
2851   { &hf_kerberos_nonce      , BER_CLASS_CON, 7, 0, dissect_kerberos_UInt32 },
2852   { &hf_kerberos_kDC_REQ_BODY_etype, BER_CLASS_CON, 8, 0, dissect_kerberos_SEQUENCE_OF_ENCTYPE },
2853   { &hf_kerberos_addresses  , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
2854   { &hf_kerberos_enc_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptedAuthorizationData },
2855   { &hf_kerberos_additional_tickets, BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_Ticket },
2856   { NULL, 0, 0, 0, NULL }
2857 };
2858
2859 static int
2860 dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2861 #line 348 "../../asn1/kerberos/kerberos.cnf"
2862         conversation_t *conversation;
2863
2864         /*
2865          * UDP replies to KDC_REQs are sent from the server back to the client's
2866          * source port, similar to the way TFTP works.  Set up a conversation
2867          * accordingly.
2868          *
2869          * Ref: Section 7.2.1 of
2870          * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
2871          */
2872         if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
2873                 conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
2874                                                                                         actx->pinfo->srcport, 0, NO_PORT_B);
2875                 if (conversation == NULL) {
2876                         conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
2877                                                                                         actx->pinfo->srcport, 0, NO_PORT2);
2878                         conversation_set_dissector(conversation, kerberos_handle_udp);
2879                 }
2880         }
2881
2882           offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2883                                    KDC_REQ_BODY_sequence, hf_index, ett_kerberos_KDC_REQ_BODY);
2884
2885
2886
2887
2888   return offset;
2889 }
2890
2891
2892 static const ber_sequence_t KDC_REQ_sequence[] = {
2893   { &hf_kerberos_pvno       , BER_CLASS_CON, 1, 0, dissect_kerberos_INTEGER_5 },
2894   { &hf_kerberos_msg_type   , BER_CLASS_CON, 2, 0, dissect_kerberos_MESSAGE_TYPE },
2895   { &hf_kerberos_padata     , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_PA_DATA },
2896   { &hf_kerberos_req_body   , BER_CLASS_CON, 4, 0, dissect_kerberos_KDC_REQ_BODY },
2897   { NULL, 0, 0, 0, NULL }
2898 };
2899
2900 static int
2901 dissect_kerberos_KDC_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2902   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2903                                    KDC_REQ_sequence, hf_index, ett_kerberos_KDC_REQ);
2904
2905   return offset;
2906 }
2907
2908
2909
2910 static int
2911 dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2912   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2913                                       hf_index, BER_CLASS_APP, 10, FALSE, dissect_kerberos_KDC_REQ);
2914
2915   return offset;
2916 }
2917
2918
2919
2920 static int
2921 dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2922 #line 243 "../../asn1/kerberos/kerberos.cnf"
2923 #ifdef HAVE_KERBEROS
2924         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
2925 #else
2926   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2927                                        NULL);
2928
2929 #endif
2930         return offset;
2931
2932
2933
2934   return offset;
2935 }
2936
2937
2938 static const ber_sequence_t EncryptedKDCREPData_sequence[] = {
2939   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
2940   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
2941   { &hf_kerberos_encryptedKDCREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKDCREPData_cipher },
2942   { NULL, 0, 0, 0, NULL }
2943 };
2944
2945 static int
2946 dissect_kerberos_EncryptedKDCREPData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2947   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2948                                    EncryptedKDCREPData_sequence, hf_index, ett_kerberos_EncryptedKDCREPData);
2949
2950   return offset;
2951 }
2952
2953
2954 static const ber_sequence_t KDC_REP_sequence[] = {
2955   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
2956   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
2957   { &hf_kerberos_padata     , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_PA_DATA },
2958   { &hf_kerberos_crealm     , BER_CLASS_CON, 3, 0, dissect_kerberos_Realm },
2959   { &hf_kerberos_cname      , BER_CLASS_CON, 4, 0, dissect_kerberos_PrincipalName },
2960   { &hf_kerberos_ticket     , BER_CLASS_CON, 5, 0, dissect_kerberos_Ticket },
2961   { &hf_kerberos_kDC_REP_enc_part, BER_CLASS_CON, 6, 0, dissect_kerberos_EncryptedKDCREPData },
2962   { NULL, 0, 0, 0, NULL }
2963 };
2964
2965 static int
2966 dissect_kerberos_KDC_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2967   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2968                                    KDC_REP_sequence, hf_index, ett_kerberos_KDC_REP);
2969
2970   return offset;
2971 }
2972
2973
2974
2975 static int
2976 dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2977   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2978                                       hf_index, BER_CLASS_APP, 11, FALSE, dissect_kerberos_KDC_REP);
2979
2980   return offset;
2981 }
2982
2983
2984
2985 static int
2986 dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2987   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2988                                       hf_index, BER_CLASS_APP, 12, FALSE, dissect_kerberos_KDC_REQ);
2989
2990   return offset;
2991 }
2992
2993
2994
2995 static int
2996 dissect_kerberos_TGS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2997   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2998                                       hf_index, BER_CLASS_APP, 13, FALSE, dissect_kerberos_KDC_REP);
2999
3000   return offset;
3001 }
3002
3003
3004 static const asn_namedbit APOptions_bits[] = {
3005   {  0, &hf_kerberos_APOptions_reserved, -1, -1, "reserved", NULL },
3006   {  1, &hf_kerberos_APOptions_use_session_key, -1, -1, "use-session-key", NULL },
3007   {  2, &hf_kerberos_APOptions_mutual_required, -1, -1, "mutual-required", NULL },
3008   { 0, NULL, 0, 0, NULL, NULL }
3009 };
3010
3011 static int
3012 dissect_kerberos_APOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3013   offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
3014                                     APOptions_bits, hf_index, ett_kerberos_APOptions,
3015                                     NULL);
3016
3017   return offset;
3018 }
3019
3020
3021 static const ber_sequence_t AP_REQ_U_sequence[] = {
3022   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
3023   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
3024   { &hf_kerberos_ap_options , BER_CLASS_CON, 2, 0, dissect_kerberos_APOptions },
3025   { &hf_kerberos_ticket     , BER_CLASS_CON, 3, 0, dissect_kerberos_Ticket },
3026   { &hf_kerberos_authenticator_01, BER_CLASS_CON, 4, 0, dissect_kerberos_EncryptedAuthorizationData },
3027   { NULL, 0, 0, 0, NULL }
3028 };
3029
3030 static int
3031 dissect_kerberos_AP_REQ_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3032   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3033                                    AP_REQ_U_sequence, hf_index, ett_kerberos_AP_REQ_U);
3034
3035   return offset;
3036 }
3037
3038
3039
3040 static int
3041 dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3042   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3043                                       hf_index, BER_CLASS_APP, 14, FALSE, dissect_kerberos_AP_REQ_U);
3044
3045   return offset;
3046 }
3047
3048
3049
3050 static int
3051 dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3052 #line 259 "../../asn1/kerberos/kerberos.cnf"
3053 #ifdef HAVE_KERBEROS
3054         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
3055 #else
3056   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3057                                        NULL);
3058
3059 #endif
3060         return offset;
3061
3062
3063
3064   return offset;
3065 }
3066
3067
3068 static const ber_sequence_t EncryptedAPREPData_sequence[] = {
3069   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
3070   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3071   { &hf_kerberos_encryptedAPREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAPREPData_cipher },
3072   { NULL, 0, 0, 0, NULL }
3073 };
3074
3075 static int
3076 dissect_kerberos_EncryptedAPREPData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3077   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3078                                    EncryptedAPREPData_sequence, hf_index, ett_kerberos_EncryptedAPREPData);
3079
3080   return offset;
3081 }
3082
3083
3084 static const ber_sequence_t AP_REP_U_sequence[] = {
3085   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
3086   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
3087   { &hf_kerberos_aP_REP_enc_part, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedAPREPData },
3088   { NULL, 0, 0, 0, NULL }
3089 };
3090
3091 static int
3092 dissect_kerberos_AP_REP_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3093   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3094                                    AP_REP_U_sequence, hf_index, ett_kerberos_AP_REP_U);
3095
3096   return offset;
3097 }
3098
3099
3100
3101 static int
3102 dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3103   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3104                                       hf_index, BER_CLASS_APP, 15, FALSE, dissect_kerberos_AP_REP_U);
3105
3106   return offset;
3107 }
3108
3109
3110
3111 static int
3112 dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3113 #line 371 "../../asn1/kerberos/kerberos.cnf"
3114         tvbuff_t *new_tvb;
3115         offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
3116         if (new_tvb) {
3117                 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, (kerberos_callbacks*)actx->private_data);
3118         }
3119
3120
3121
3122   return offset;
3123 }
3124
3125
3126 static const ber_sequence_t KRB_SAFE_BODY_sequence[] = {
3127   { &hf_kerberos_kRB_SAFE_BODY_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_kRB_SAFE_BODY_user_data },
3128   { &hf_kerberos_timestamp  , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3129   { &hf_kerberos_usec       , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
3130   { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3131   { &hf_kerberos_s_address  , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
3132   { &hf_kerberos_r_address  , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
3133   { NULL, 0, 0, 0, NULL }
3134 };
3135
3136 static int
3137 dissect_kerberos_KRB_SAFE_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3138   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3139                                    KRB_SAFE_BODY_sequence, hf_index, ett_kerberos_KRB_SAFE_BODY);
3140
3141   return offset;
3142 }
3143
3144
3145 static const ber_sequence_t KRB_SAFE_U_sequence[] = {
3146   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
3147   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
3148   { &hf_kerberos_safe_body  , BER_CLASS_CON, 2, 0, dissect_kerberos_KRB_SAFE_BODY },
3149   { &hf_kerberos_cksum      , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum },
3150   { NULL, 0, 0, 0, NULL }
3151 };
3152
3153 static int
3154 dissect_kerberos_KRB_SAFE_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3155   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3156                                    KRB_SAFE_U_sequence, hf_index, ett_kerberos_KRB_SAFE_U);
3157
3158   return offset;
3159 }
3160
3161
3162
3163 static int
3164 dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3165   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3166                                       hf_index, BER_CLASS_APP, 20, FALSE, dissect_kerberos_KRB_SAFE_U);
3167
3168   return offset;
3169 }
3170
3171
3172
3173 static int
3174 dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3175 #line 267 "../../asn1/kerberos/kerberos.cnf"
3176 #ifdef HAVE_KERBEROS
3177         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
3178 #else
3179   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3180                                        NULL);
3181
3182 #endif
3183         return offset;
3184
3185
3186
3187   return offset;
3188 }
3189
3190
3191 static const ber_sequence_t EncryptedKrbPrivData_sequence[] = {
3192   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
3193   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3194   { &hf_kerberos_encryptedKrbPrivData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbPrivData_cipher },
3195   { NULL, 0, 0, 0, NULL }
3196 };
3197
3198 static int
3199 dissect_kerberos_EncryptedKrbPrivData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3200   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3201                                    EncryptedKrbPrivData_sequence, hf_index, ett_kerberos_EncryptedKrbPrivData);
3202
3203   return offset;
3204 }
3205
3206
3207 static const ber_sequence_t KRB_PRIV_U_sequence[] = {
3208   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
3209   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
3210   { &hf_kerberos_kRB_PRIV_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbPrivData },
3211   { NULL, 0, 0, 0, NULL }
3212 };
3213
3214 static int
3215 dissect_kerberos_KRB_PRIV_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3216   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3217                                    KRB_PRIV_U_sequence, hf_index, ett_kerberos_KRB_PRIV_U);
3218
3219   return offset;
3220 }
3221
3222
3223
3224 static int
3225 dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3226   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3227                                       hf_index, BER_CLASS_APP, 21, FALSE, dissect_kerberos_KRB_PRIV_U);
3228
3229   return offset;
3230 }
3231
3232
3233
3234 static int
3235 dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3236 #line 275 "../../asn1/kerberos/kerberos.cnf"
3237 #ifdef HAVE_KERBEROS
3238         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
3239 #else
3240   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3241                                        NULL);
3242
3243 #endif
3244         return offset;
3245
3246
3247
3248
3249   return offset;
3250 }
3251
3252
3253 static const ber_sequence_t EncryptedKrbCredData_sequence[] = {
3254   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
3255   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3256   { &hf_kerberos_encryptedKrbCredData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbCredData_cipher },
3257   { NULL, 0, 0, 0, NULL }
3258 };
3259
3260 static int
3261 dissect_kerberos_EncryptedKrbCredData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3262   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3263                                    EncryptedKrbCredData_sequence, hf_index, ett_kerberos_EncryptedKrbCredData);
3264
3265   return offset;
3266 }
3267
3268
3269 static const ber_sequence_t KRB_CRED_U_sequence[] = {
3270   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
3271   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
3272   { &hf_kerberos_tickets    , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_OF_Ticket },
3273   { &hf_kerberos_kRB_CRED_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbCredData },
3274   { NULL, 0, 0, 0, NULL }
3275 };
3276
3277 static int
3278 dissect_kerberos_KRB_CRED_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3279   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3280                                    KRB_CRED_U_sequence, hf_index, ett_kerberos_KRB_CRED_U);
3281
3282   return offset;
3283 }
3284
3285
3286
3287 static int
3288 dissect_kerberos_KRB_CRED(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3289   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3290                                       hf_index, BER_CLASS_APP, 22, FALSE, dissect_kerberos_KRB_CRED_U);
3291
3292   return offset;
3293 }
3294
3295
3296 static const value_string kerberos_LR_TYPE_vals[] = {
3297   {   0, "lR-NONE" },
3298   {   1, "lR-INITIAL-TGT" },
3299   {   2, "lR-INITIAL" },
3300   {   3, "lR-ISSUE-USE-TGT" },
3301   {   4, "lR-RENEWAL" },
3302   {   5, "lR-REQUEST" },
3303   {   6, "lR-PW-EXPTIME" },
3304   {   7, "lR-ACCT-EXPTIME" },
3305   { 0, NULL }
3306 };
3307
3308
3309 static int
3310 dissect_kerberos_LR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3311   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3312                                                 NULL);
3313
3314   return offset;
3315 }
3316
3317
3318 static const ber_sequence_t LastReq_item_sequence[] = {
3319   { &hf_kerberos_lr_type    , BER_CLASS_CON, 0, 0, dissect_kerberos_LR_TYPE },
3320   { &hf_kerberos_lr_value   , BER_CLASS_CON, 1, 0, dissect_kerberos_KerberosTime },
3321   { NULL, 0, 0, 0, NULL }
3322 };
3323
3324 static int
3325 dissect_kerberos_LastReq_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3326   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3327                                    LastReq_item_sequence, hf_index, ett_kerberos_LastReq_item);
3328
3329   return offset;
3330 }
3331
3332
3333 static const ber_sequence_t LastReq_sequence_of[1] = {
3334   { &hf_kerberos_LastReq_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_LastReq_item },
3335 };
3336
3337 static int
3338 dissect_kerberos_LastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3339   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3340                                       LastReq_sequence_of, hf_index, ett_kerberos_LastReq);
3341
3342   return offset;
3343 }
3344
3345
3346 static const ber_sequence_t METHOD_DATA_sequence_of[1] = {
3347   { &hf_kerberos_METHOD_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
3348 };
3349
3350 static int
3351 dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3352   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3353                                       METHOD_DATA_sequence_of, hf_index, ett_kerberos_METHOD_DATA);
3354
3355   return offset;
3356 }
3357
3358
3359 static const ber_sequence_t EncKDCRepPart_sequence[] = {
3360   { &hf_kerberos_key        , BER_CLASS_CON, 0, 0, dissect_kerberos_EncryptionKey },
3361   { &hf_kerberos_last_req   , BER_CLASS_CON, 1, 0, dissect_kerberos_LastReq },
3362   { &hf_kerberos_nonce      , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 },
3363   { &hf_kerberos_key_expiration, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3364   { &hf_kerberos_flags      , BER_CLASS_CON, 4, 0, dissect_kerberos_TicketFlags },
3365   { &hf_kerberos_authtime   , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
3366   { &hf_kerberos_starttime  , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3367   { &hf_kerberos_endtime    , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime },
3368   { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3369   { &hf_kerberos_srealm     , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm },
3370   { &hf_kerberos_sname      , BER_CLASS_CON, 10, 0, dissect_kerberos_PrincipalName },
3371   { &hf_kerberos_caddr      , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
3372   { &hf_kerberos_encrypted_pa_data, BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_METHOD_DATA },
3373   { NULL, 0, 0, 0, NULL }
3374 };
3375
3376 static int
3377 dissect_kerberos_EncKDCRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3378   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3379                                    EncKDCRepPart_sequence, hf_index, ett_kerberos_EncKDCRepPart);
3380
3381   return offset;
3382 }
3383
3384
3385
3386 static int
3387 dissect_kerberos_EncASRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3388   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3389                                       hf_index, BER_CLASS_APP, 25, FALSE, dissect_kerberos_EncKDCRepPart);
3390
3391   return offset;
3392 }
3393
3394
3395
3396 static int
3397 dissect_kerberos_EncTGSRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3398   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3399                                       hf_index, BER_CLASS_APP, 26, FALSE, dissect_kerberos_EncKDCRepPart);
3400
3401   return offset;
3402 }
3403
3404
3405 static const ber_sequence_t EncAPRepPart_U_sequence[] = {
3406   { &hf_kerberos_ctime      , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
3407   { &hf_kerberos_cusec      , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
3408   { &hf_kerberos_subkey     , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptionKey },
3409   { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3410   { NULL, 0, 0, 0, NULL }
3411 };
3412
3413 static int
3414 dissect_kerberos_EncAPRepPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3415   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3416                                    EncAPRepPart_U_sequence, hf_index, ett_kerberos_EncAPRepPart_U);
3417
3418   return offset;
3419 }
3420
3421
3422
3423 static int
3424 dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3425   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3426                                       hf_index, BER_CLASS_APP, 27, FALSE, dissect_kerberos_EncAPRepPart_U);
3427
3428   return offset;
3429 }
3430
3431
3432
3433 static int
3434 dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3435 #line 378 "../../asn1/kerberos/kerberos.cnf"
3436         tvbuff_t *new_tvb;
3437         offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
3438         if (new_tvb) {
3439                 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data);
3440         }
3441
3442
3443   return offset;
3444 }
3445
3446
3447 static const ber_sequence_t EncKrbPrivPart_sequence[] = {
3448   { &hf_kerberos_encKrbPrivPart_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKrbPrivPart_user_data },
3449   { &hf_kerberos_timestamp  , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3450   { &hf_kerberos_usec       , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
3451   { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3452   { &hf_kerberos_s_address  , BER_CLASS_CON, 4, 0, dissect_kerberos_HostAddress },
3453   { &hf_kerberos_r_address  , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
3454   { NULL, 0, 0, 0, NULL }
3455 };
3456
3457 static int
3458 dissect_kerberos_EncKrbPrivPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3459   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3460                                    EncKrbPrivPart_sequence, hf_index, ett_kerberos_EncKrbPrivPart);
3461
3462   return offset;
3463 }
3464
3465
3466
3467 static int
3468 dissect_kerberos_ENC_KRB_PRIV_PART(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3469   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3470                                       hf_index, BER_CLASS_APP, 28, FALSE, dissect_kerberos_EncKrbPrivPart);
3471
3472   return offset;
3473 }
3474
3475
3476 static const ber_sequence_t KrbCredInfo_sequence[] = {
3477   { &hf_kerberos_key        , BER_CLASS_CON, 0, 0, dissect_kerberos_EncryptionKey },
3478   { &hf_kerberos_prealm     , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
3479   { &hf_kerberos_pname      , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
3480   { &hf_kerberos_flags      , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_TicketFlags },
3481   { &hf_kerberos_authtime   , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3482   { &hf_kerberos_starttime  , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3483   { &hf_kerberos_endtime    , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3484   { &hf_kerberos_renew_till , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3485   { &hf_kerberos_srealm     , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
3486   { &hf_kerberos_sname      , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
3487   { &hf_kerberos_caddr      , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
3488   { NULL, 0, 0, 0, NULL }
3489 };
3490
3491 static int
3492 dissect_kerberos_KrbCredInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3493   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3494                                    KrbCredInfo_sequence, hf_index, ett_kerberos_KrbCredInfo);
3495
3496   return offset;
3497 }
3498
3499
3500 static const ber_sequence_t SEQUENCE_OF_KrbCredInfo_sequence_of[1] = {
3501   { &hf_kerberos_ticket_info_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KrbCredInfo },
3502 };
3503
3504 static int
3505 dissect_kerberos_SEQUENCE_OF_KrbCredInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3506   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3507                                       SEQUENCE_OF_KrbCredInfo_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KrbCredInfo);
3508
3509   return offset;
3510 }
3511
3512
3513 static const ber_sequence_t EncKrbCredPart_U_sequence[] = {
3514   { &hf_kerberos_ticket_info, BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_KrbCredInfo },
3515   { &hf_kerberos_nonce      , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3516   { &hf_kerberos_timestamp  , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3517   { &hf_kerberos_usec       , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
3518   { &hf_kerberos_s_address  , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
3519   { &hf_kerberos_r_address  , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
3520   { NULL, 0, 0, 0, NULL }
3521 };
3522
3523 static int
3524 dissect_kerberos_EncKrbCredPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3525   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3526                                    EncKrbCredPart_U_sequence, hf_index, ett_kerberos_EncKrbCredPart_U);
3527
3528   return offset;
3529 }
3530
3531
3532
3533 static int
3534 dissect_kerberos_EncKrbCredPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3535   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3536                                       hf_index, BER_CLASS_APP, 29, FALSE, dissect_kerberos_EncKrbCredPart_U);
3537
3538   return offset;
3539 }
3540
3541
3542 static const value_string kerberos_ERROR_CODE_vals[] = {
3543   {   0, "eRR-NONE" },
3544   {   1, "eRR-NAME-EXP" },
3545   {   2, "eRR-SERVICE-EXP" },
3546   {   3, "eRR-BAD-PVNO" },
3547   {   4, "eRR-C-OLD-MAST-KVNO" },
3548   {   5, "eRR-S-OLD-MAST-KVNO" },
3549   {   6, "eRR-C-PRINCIPAL-UNKNOWN" },
3550   {   7, "eRR-S-PRINCIPAL-UNKNOWN" },
3551   {   8, "eRR-PRINCIPAL-NOT-UNIQUE" },
3552   {   9, "eRR-NULL-KEY" },
3553   {  10, "eRR-CANNOT-POSTDATE" },
3554   {  11, "eRR-NEVER-VALID" },
3555   {  12, "eRR-POLICY" },
3556   {  13, "eRR-BADOPTION" },
3557   {  14, "eRR-ETYPE-NOSUPP" },
3558   {  15, "eRR-SUMTYPE-NOSUPP" },
3559   {  16, "eRR-PADATA-TYPE-NOSUPP" },
3560   {  17, "eRR-TRTYPE-NOSUPP" },
3561   {  18, "eRR-CLIENT-REVOKED" },
3562   {  19, "eRR-SERVICE-REVOKED" },
3563   {  20, "eRR-TGT-REVOKED" },
3564   {  21, "eRR-CLIENT-NOTYET" },
3565   {  22, "eRR-SERVICE-NOTYET" },
3566   {  23, "eRR-KEY-EXP" },
3567   {  24, "eRR-PREAUTH-FAILED" },
3568   {  25, "eRR-PREAUTH-REQUIRED" },
3569   {  26, "eRR-SERVER-NOMATCH" },
3570   {  27, "eRR-MUST-USE-USER2USER" },
3571   {  28, "eRR-PATH-NOT-ACCEPTED" },
3572   {  29, "eRR-SVC-UNAVAILABLE" },
3573   {  31, "eRR-BAD-INTEGRITY" },
3574   {  32, "eRR-TKT-EXPIRED" },
3575   {  33, "eRR-TKT-NYV" },
3576   {  34, "eRR-REPEAT" },
3577   {  35, "eRR-NOT-US" },
3578   {  36, "eRR-BADMATCH" },
3579   {  37, "eRR-SKEW" },
3580   {  38, "eRR-BADADDR" },
3581   {  39, "eRR-BADVERSION" },
3582   {  40, "eRR-MSG-TYPE" },
3583   {  41, "eRR-MODIFIED" },
3584   {  42, "eRR-BADORDER" },
3585   {  43, "eRR-ILL-CR-TKT" },
3586   {  44, "eRR-BADKEYVER" },
3587   {  45, "eRR-NOKEY" },
3588   {  46, "eRR-MUT-FAIL" },
3589   {  47, "eRR-BADDIRECTION" },
3590   {  48, "eRR-METHOD" },
3591   {  49, "eRR-BADSEQ" },
3592   {  50, "eRR-INAPP-CKSUM" },
3593   {  51, "pATH-NOT-ACCEPTED" },
3594   {  52, "eRR-RESPONSE-TOO-BIG" },
3595   {  60, "eRR-GENERIC" },
3596   {  61, "eRR-FIELD-TOOLONG" },
3597   {  62, "eRROR-CLIENT-NOT-TRUSTED" },
3598   {  63, "eRROR-KDC-NOT-TRUSTED" },
3599   {  64, "eRROR-INVALID-SIG" },
3600   {  65, "eRR-KEY-TOO-WEAK" },
3601   {  66, "eRR-CERTIFICATE-MISMATCH" },
3602   {  67, "eRR-NO-TGT" },
3603   {  68, "eRR-WRONG-REALM" },
3604   {  69, "eRR-USER-TO-USER-REQUIRED" },
3605   {  70, "eRR-CANT-VERIFY-CERTIFICATE" },
3606   {  71, "eRR-INVALID-CERTIFICATE" },
3607   {  72, "eRR-REVOKED-CERTIFICATE" },
3608   {  73, "eRR-REVOCATION-STATUS-UNKNOWN" },
3609   {  74, "eRR-REVOCATION-STATUS-UNAVAILABLE" },
3610   {  75, "eRR-CLIENT-NAME-MISMATCH" },
3611   {  76, "eRR-KDC-NAME-MISMATCH" },
3612   { 0, NULL }
3613 };
3614
3615
3616 static int
3617 dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3618 #line 84 "../../asn1/kerberos/kerberos.cnf"
3619   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3620                                                 &krb5_errorcode);
3621
3622
3623
3624
3625 #line 87 "../../asn1/kerberos/kerberos.cnf"
3626         if(krb5_errorcode) {
3627                 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
3628                         "KRB Error: %s",
3629                         val_to_str(krb5_errorcode, krb5_error_codes,
3630                         "Unknown error code %#x"));
3631         }
3632
3633         return offset;
3634
3635   return offset;
3636 }
3637
3638
3639
3640 static int
3641 dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3642 #line 97 "../../asn1/kerberos/kerberos.cnf"
3643         switch(krb5_errorcode){
3644         case KRB5_ET_KRB5KDC_ERR_BADOPTION:
3645         case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
3646         case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
3647         case KRB5_ET_KRB5KDC_ERR_POLICY:
3648                 /* ms windows kdc sends e-data of this type containing a "salt"
3649                  * that contains the nt_status code for these error codes.
3650                  */
3651                 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
3652                 break;
3653         case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
3654         case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
3655         case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
3656                 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
3657
3658                 break;
3659         default:
3660                 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
3661         }
3662
3663
3664
3665
3666   return offset;
3667 }
3668
3669
3670 static const ber_sequence_t KRB_ERROR_U_sequence[] = {
3671   { &hf_kerberos_pvno       , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
3672   { &hf_kerberos_msg_type   , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
3673   { &hf_kerberos_ctime      , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
3674   { &hf_kerberos_cusec      , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
3675   { &hf_kerberos_stime      , BER_CLASS_CON, 4, 0, dissect_kerberos_KerberosTime },
3676   { &hf_kerberos_susec      , BER_CLASS_CON, 5, 0, dissect_kerberos_Microseconds },
3677   { &hf_kerberos_error_code , BER_CLASS_CON, 6, 0, dissect_kerberos_ERROR_CODE },
3678   { &hf_kerberos_crealm     , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
3679   { &hf_kerberos_cname      , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
3680   { &hf_kerberos_realm      , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm },
3681   { &hf_kerberos_sname      , BER_CLASS_CON, 10, 0, dissect_kerberos_PrincipalName },
3682   { &hf_kerberos_e_text     , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString },
3683   { &hf_kerberos_e_data     , BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_e_data },
3684   { &hf_kerberos_e_checksum , BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum },
3685   { NULL, 0, 0, 0, NULL }
3686 };
3687
3688 static int
3689 dissect_kerberos_KRB_ERROR_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3690   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3691                                    KRB_ERROR_U_sequence, hf_index, ett_kerberos_KRB_ERROR_U);
3692
3693   return offset;
3694 }
3695
3696
3697
3698 static int
3699 dissect_kerberos_KRB_ERROR(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3700   offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3701                                       hf_index, BER_CLASS_APP, 30, FALSE, dissect_kerberos_KRB_ERROR_U);
3702
3703   return offset;
3704 }
3705
3706
3707 static const ber_choice_t Applications_choice[] = {
3708   {   1, &hf_kerberos_ticket     , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket },
3709   {   2, &hf_kerberos_authenticator, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_kerberos_Authenticator },
3710   {   3, &hf_kerberos_encTicketPart, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTicketPart },
3711   {  10, &hf_kerberos_as_req     , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REQ },
3712   {  11, &hf_kerberos_as_rep     , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REP },
3713   {  12, &hf_kerberos_tgs_req    , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REQ },
3714   {  13, &hf_kerberos_tgs_rep    , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REP },
3715   {  14, &hf_kerberos_ap_req     , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REQ },
3716   {  15, &hf_kerberos_ap_rep     , BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REP },
3717   {  20, &hf_kerberos_krb_safe   , BER_CLASS_APP, 20, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_SAFE },
3718   {  21, &hf_kerberos_krb_priv   , BER_CLASS_APP, 21, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_PRIV },
3719   {  22, &hf_kerberos_krb_cred   , BER_CLASS_APP, 22, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_CRED },
3720   {  25, &hf_kerberos_encASRepPart, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncASRepPart },
3721   {  26, &hf_kerberos_encTGSRepPart, BER_CLASS_APP, 26, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTGSRepPart },
3722   {  27, &hf_kerberos_encAPRepPart, BER_CLASS_APP, 27, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncAPRepPart },
3723   {  28, &hf_kerberos_encKrbPrivPart, BER_CLASS_APP, 28, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENC_KRB_PRIV_PART },
3724   {  29, &hf_kerberos_encKrbCredPart, BER_CLASS_APP, 29, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncKrbCredPart },
3725   {  30, &hf_kerberos_krb_error  , BER_CLASS_APP, 30, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_ERROR },
3726   { 0, NULL, 0, 0, 0, NULL }
3727 };
3728
3729 static int
3730 dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3731   offset = dissect_ber_choice(actx, tree, tvb, offset,
3732                                  Applications_choice, hf_index, ett_kerberos_Applications,
3733                                  NULL);
3734
3735   return offset;
3736 }
3737
3738
3739
3740 static int
3741 dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3742 #line 251 "../../asn1/kerberos/kerberos.cnf"
3743 #ifdef HAVE_KERBEROS
3744         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
3745 #else
3746   offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3747                                        NULL);
3748
3749 #endif
3750         return offset;
3751
3752
3753
3754   return offset;
3755 }
3756
3757
3758 static const ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
3759   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
3760   { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
3761   { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher },
3762   { NULL, 0, 0, 0, NULL }
3763 };
3764
3765 static int
3766 dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3767   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3768                                    PA_ENC_TIMESTAMP_sequence, hf_index, ett_kerberos_PA_ENC_TIMESTAMP);
3769
3770   return offset;
3771 }
3772
3773
3774 static const ber_sequence_t ETYPE_INFO_ENTRY_sequence[] = {
3775   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
3776   { &hf_kerberos_salt       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
3777   { NULL, 0, 0, 0, NULL }
3778 };
3779
3780 static int
3781 dissect_kerberos_ETYPE_INFO_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3782   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3783                                    ETYPE_INFO_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO_ENTRY);
3784
3785   return offset;
3786 }
3787
3788
3789 static const ber_sequence_t ETYPE_INFO_sequence_of[1] = {
3790   { &hf_kerberos_ETYPE_INFO_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO_ENTRY },
3791 };
3792
3793 static int
3794 dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3795   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3796                                       ETYPE_INFO_sequence_of, hf_index, ett_kerberos_ETYPE_INFO);
3797
3798   return offset;
3799 }
3800
3801
3802 static const ber_sequence_t ETYPE_INFO2_ENTRY_sequence[] = {
3803   { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
3804   { &hf_kerberos_salt_01    , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString },
3805   { &hf_kerberos_s2kparams  , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
3806   { NULL, 0, 0, 0, NULL }
3807 };
3808
3809 static int
3810 dissect_kerberos_ETYPE_INFO2_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3811   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3812                                    ETYPE_INFO2_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO2_ENTRY);
3813
3814   return offset;
3815 }
3816
3817
3818 static const ber_sequence_t ETYPE_INFO2_sequence_of[1] = {
3819   { &hf_kerberos_ETYPE_INFO2_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO2_ENTRY },
3820 };
3821
3822 static int
3823 dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3824   offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3825                                       ETYPE_INFO2_sequence_of, hf_index, ett_kerberos_ETYPE_INFO2);
3826
3827   return offset;
3828 }
3829
3830
3831
3832 static int
3833 dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3834   offset = dissect_kerberos_AuthorizationData(implicit_tag, tvb, offset, actx, tree, hf_index);
3835
3836   return offset;
3837 }
3838
3839
3840
3841 static int
3842 dissect_kerberos_GeneralString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3843   offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
3844                                             actx, tree, tvb, offset, hf_index,
3845                                             NULL);
3846
3847   return offset;
3848 }
3849
3850
3851 static const ber_sequence_t PA_S4U2Self_sequence[] = {
3852   { &hf_kerberos_name       , BER_CLASS_CON, 0, 0, dissect_kerberos_PrincipalName },
3853   { &hf_kerberos_realm      , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
3854   { &hf_kerberos_cksum      , BER_CLASS_CON, 2, 0, dissect_kerberos_Checksum },
3855   { &hf_kerberos_auth       , BER_CLASS_CON, 3, 0, dissect_kerberos_GeneralString },
3856   { NULL, 0, 0, 0, NULL }
3857 };
3858
3859 static int
3860 dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3861   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3862                                    PA_S4U2Self_sequence, hf_index, ett_kerberos_PA_S4U2Self);
3863
3864   return offset;
3865 }
3866
3867
3868
3869 static int
3870 dissect_kerberos_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3871   offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
3872
3873   return offset;
3874 }
3875
3876
3877 static const ber_sequence_t KERB_PA_PAC_REQUEST_sequence[] = {
3878   { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN },
3879   { NULL, 0, 0, 0, NULL }
3880 };
3881
3882 static int
3883 dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3884   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3885                                    KERB_PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_KERB_PA_PAC_REQUEST);
3886
3887   return offset;
3888 }
3889
3890
3891 static const ber_sequence_t ChangePasswdData_sequence[] = {
3892   { &hf_kerberos_newpasswd  , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING },
3893   { &hf_kerberos_targname   , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
3894   { &hf_kerberos_targrealm  , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
3895   { NULL, 0, 0, 0, NULL }
3896 };
3897
3898 int
3899 dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3900   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3901                                    ChangePasswdData_sequence, hf_index, ett_kerberos_ChangePasswdData);
3902
3903   return offset;
3904 }
3905
3906
3907 /*--- End of included file: packet-kerberos-fn.c ---*/
3908 #line 1648 "../../asn1/kerberos/packet-kerberos-template.c"
3909
3910 /* Make wrappers around exported functions for now */
3911 int
3912 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3913 {
3914         return dissect_kerberos_Checksum(FALSE, tvb, offset, actx, tree, hf_kerberos_cksum);
3915
3916 }
3917
3918 int
3919 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3920 {
3921         return dissect_kerberos_KerberosTime(FALSE, tvb, offset, actx, tree, hf_kerberos_ctime);
3922 }
3923
3924
3925 int
3926 dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3927 {
3928         return dissect_kerberos_PrincipalName(FALSE, tvb, offset, actx, tree, hf_kerberos_cname);
3929 }
3930 int
3931 dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3932 {
3933         return dissect_kerberos_Realm(FALSE, tvb, offset, actx, tree, hf_kerberos_realm);
3934 }
3935
3936
3937 static gint
3938 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
3939     gboolean dci, gboolean do_col_protocol, gboolean have_rm,
3940     kerberos_callbacks *cb)
3941 {
3942         volatile int offset = 0;
3943         proto_tree *volatile kerberos_tree = NULL;
3944         proto_item *volatile item = NULL;
3945         asn1_ctx_t asn1_ctx;
3946
3947         /* TCP record mark and length */
3948         guint32 krb_rm = 0;
3949         gint krb_reclen = 0;
3950
3951         gbl_do_col_info=dci;
3952
3953         if (have_rm) {
3954                 krb_rm = tvb_get_ntohl(tvb, offset);
3955                 krb_reclen = kerberos_rm_to_reclen(krb_rm);
3956                 /*
3957                  * What is a reasonable size limit?
3958                  */
3959                 if (krb_reclen > 10 * 1024 * 1024) {
3960                         return (-1);
3961                 }
3962
3963                 if (do_col_protocol) {
3964                         col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
3965                 }
3966
3967                 if (tree) {
3968                         item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
3969                         kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
3970                 }
3971
3972                 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
3973                 offset += 4;
3974         } else {
3975                 /* Do some sanity checking here,
3976                  * All krb5 packets start with a TAG class that is BER_CLASS_APP
3977                  * and a tag value that is either of the values below:
3978                  * If it doesnt look like kerberos, return 0 and let someone else have
3979                  * a go at it.
3980                  */
3981                 gint8 tmp_class;
3982                 gboolean tmp_pc;
3983                 gint32 tmp_tag;
3984
3985                 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
3986                 if(tmp_class!=BER_CLASS_APP){
3987                         return 0;
3988                 }
3989                 switch(tmp_tag){
3990                         case KRB5_MSG_TICKET:
3991                         case KRB5_MSG_AUTHENTICATOR:
3992                         case KRB5_MSG_ENC_TICKET_PART:
3993                         case KRB5_MSG_AS_REQ:
3994                         case KRB5_MSG_AS_REP:
3995                         case KRB5_MSG_TGS_REQ:
3996                         case KRB5_MSG_TGS_REP:
3997                         case KRB5_MSG_AP_REQ:
3998                         case KRB5_MSG_AP_REP:
3999                         case KRB5_MSG_ENC_AS_REP_PART:
4000                         case KRB5_MSG_ENC_TGS_REP_PART:
4001                         case KRB5_MSG_ENC_AP_REP_PART:
4002                         case KRB5_MSG_ENC_KRB_PRIV_PART:
4003                         case KRB5_MSG_ENC_KRB_CRED_PART:
4004                         case KRB5_MSG_SAFE:
4005                         case KRB5_MSG_PRIV:
4006                         case KRB5_MSG_ERROR:
4007                                 break;
4008                         default:
4009                                 return 0;
4010                 }
4011         if (do_col_protocol) {
4012                         col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4013         }
4014         if (gbl_do_col_info) {
4015                         col_clear(pinfo->cinfo, COL_INFO);
4016                 }
4017                 if (tree) {
4018                         item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
4019                         kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
4020                 }
4021         }
4022         asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
4023         asn1_ctx.private_data = cb;
4024
4025         TRY {
4026                 offset=dissect_kerberos_Applications(FALSE, tvb, 0, &asn1_ctx , kerberos_tree, /* hf_index */ -1);
4027         } CATCH_BOUNDS_ERRORS {
4028                 RETHROW;
4029         } ENDTRY;
4030
4031         proto_item_set_len(item, offset);
4032         return offset;
4033 }
4034
4035 /*
4036  * Display the TCP record mark.
4037  */
4038 void
4039 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
4040 {
4041         gint rec_len;
4042         proto_item *rm_item;
4043         proto_tree *rm_tree;
4044
4045         if (tree == NULL)
4046                 return;
4047
4048         rec_len = kerberos_rm_to_reclen(krb_rm);
4049         rm_item = proto_tree_add_text(tree, tvb, start, 4,
4050         "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
4051         rm_tree = proto_item_add_subtree(rm_item, ett_krb_recordmark);
4052         proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
4053         proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
4054 }
4055
4056 gint
4057 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
4058 {
4059         return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, FALSE, cb));
4060 }
4061
4062 guint32
4063 kerberos_output_keytype(void)
4064 {
4065         return gbl_keytype;
4066 }
4067
4068 static gint
4069 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
4070 {
4071         /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
4072            Since all (except weirdo transarc krb4 stuff) use
4073            an opcode <=16 in the first byte, use this to see if it might
4074            be krb4.
4075            All krb5 commands start with an APPL tag and thus is >=0x60
4076            so if first byte is <=16  just blindly assume it is krb4 then
4077         */
4078         if(tvb_captured_length(tvb) >= 1 && tvb_get_guint8(tvb, 0)<=0x10){
4079                 if(krb4_handle){
4080                         gboolean res;
4081
4082                         res=call_dissector_only(krb4_handle, tvb, pinfo, tree, NULL);
4083                         return res;
4084                 }else{
4085                         return 0;
4086                 }
4087         }
4088
4089
4090         return dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, FALSE, NULL);
4091 }
4092
4093 gint
4094 kerberos_rm_to_reclen(guint krb_rm)
4095 {
4096     return (krb_rm & KRB_RM_RECLEN);
4097 }
4098
4099 guint
4100 get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4101 {
4102         guint krb_rm;
4103         gint pdulen;
4104
4105         krb_rm = tvb_get_ntohl(tvb, offset);
4106         pdulen = kerberos_rm_to_reclen(krb_rm);
4107         return (pdulen + 4);
4108 }
4109 static void
4110 kerberos_prefs_apply_cb(void) {
4111 #ifdef HAVE_LIBNETTLE
4112         clear_keytab();
4113         read_keytab_file(keytab_filename);
4114 #endif
4115 }
4116
4117 static int
4118 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4119 {
4120         pinfo->fragmented = TRUE;
4121         if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, TRUE, NULL) < 0) {
4122                 /*
4123                  * The dissector failed to recognize this as a valid
4124                  * Kerberos message.  Mark it as a continuation packet.
4125                  */
4126                 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
4127         }
4128
4129         return tvb_captured_length(tvb);
4130 }
4131
4132 static int
4133 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
4134 {
4135         col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4136         col_clear(pinfo->cinfo, COL_INFO);
4137
4138         tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
4139                                          dissect_kerberos_tcp_pdu, data);
4140         return tvb_captured_length(tvb);
4141 }
4142
4143 /*--- proto_register_kerberos -------------------------------------------*/
4144 void proto_register_kerberos(void) {
4145
4146         /* List of fields */
4147
4148         static hf_register_info hf[] = {
4149         { &hf_krb_rm_reserved, {
4150                 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
4151                 TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
4152         { &hf_krb_rm_reclen, {
4153                 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
4154                 NULL, KRB_RM_RECLEN, NULL, HFILL }},
4155         { &hf_krb_provsrv_location, {
4156                 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
4157                 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
4158         { &hf_krb_smb_nt_status,
4159                 { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
4160                 VALS(NT_errors), 0, "NT Status code", HFILL }},
4161         { &hf_krb_smb_unknown,
4162                 { "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
4163                 NULL, 0, NULL, HFILL }},
4164         { &hf_krb_address_ip, {
4165                 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
4166                 NULL, 0, NULL, HFILL }},
4167         { &hf_krb_address_ipv6, {
4168                 "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
4169                 NULL, 0, NULL, HFILL }},
4170         { &hf_krb_address_netbios, {
4171                 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
4172                 NULL, 0, "NetBIOS Address and type", HFILL }},
4173         { &hf_krb_gssapi_len, {
4174                 "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
4175                 NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
4176         { &hf_krb_gssapi_bnd, {
4177                 "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE,
4178                 NULL, 0, "GSSAPI Bnd field", HFILL }},
4179         { &hf_krb_gssapi_c_flag_deleg, {
4180                 "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
4181                 TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }},
4182         { &hf_krb_gssapi_c_flag_mutual, {
4183                 "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
4184                 TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }},
4185         { &hf_krb_gssapi_c_flag_replay, {
4186                 "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
4187                 TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }},
4188         { &hf_krb_gssapi_c_flag_sequence, {
4189                 "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
4190                 TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }},
4191         { &hf_krb_gssapi_c_flag_conf, {
4192                 "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
4193                 TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }},
4194         { &hf_krb_gssapi_c_flag_integ, {
4195                 "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
4196                 TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }},
4197         { &hf_krb_gssapi_c_flag_dce_style, {
4198                 "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
4199                 TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }},
4200         { &hf_krb_gssapi_dlgopt, {
4201                 "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
4202                 NULL, 0, "GSSAPI DlgOpt", HFILL }},
4203         { &hf_krb_gssapi_dlglen, {
4204                 "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
4205                 NULL, 0, "GSSAPI DlgLen", HFILL }},
4206
4207
4208 /*--- Included file: packet-kerberos-hfarr.c ---*/
4209 #line 1 "../../asn1/kerberos/packet-kerberos-hfarr.c"
4210     { &hf_kerberos_ticket,
4211       { "ticket", "kerberos.ticket_element",
4212         FT_NONE, BASE_NONE, NULL, 0,
4213         NULL, HFILL }},
4214     { &hf_kerberos_authenticator,
4215       { "authenticator", "kerberos.authenticator_element",
4216         FT_NONE, BASE_NONE, NULL, 0,
4217         NULL, HFILL }},
4218     { &hf_kerberos_encTicketPart,
4219       { "encTicketPart", "kerberos.encTicketPart_element",
4220         FT_NONE, BASE_NONE, NULL, 0,
4221         NULL, HFILL }},
4222     { &hf_kerberos_as_req,
4223       { "as-req", "kerberos.as_req_element",
4224         FT_NONE, BASE_NONE, NULL, 0,
4225         NULL, HFILL }},
4226     { &hf_kerberos_as_rep,
4227       { "as-rep", "kerberos.as_rep_element",
4228         FT_NONE, BASE_NONE, NULL, 0,
4229         NULL, HFILL }},
4230     { &hf_kerberos_tgs_req,
4231       { "tgs-req", "kerberos.tgs_req_element",
4232         FT_NONE, BASE_NONE, NULL, 0,
4233         NULL, HFILL }},
4234     { &hf_kerberos_tgs_rep,
4235       { "tgs-rep", "kerberos.tgs_rep_element",
4236         FT_NONE, BASE_NONE, NULL, 0,
4237         NULL, HFILL }},
4238     { &hf_kerberos_ap_req,
4239       { "ap-req", "kerberos.ap_req_element",
4240         FT_NONE, BASE_NONE, NULL, 0,
4241         NULL, HFILL }},
4242     { &hf_kerberos_ap_rep,
4243       { "ap-rep", "kerberos.ap_rep_element",
4244         FT_NONE, BASE_NONE, NULL, 0,
4245         NULL, HFILL }},
4246     { &hf_kerberos_krb_safe,
4247       { "krb-safe", "kerberos.krb_safe_element",
4248         FT_NONE, BASE_NONE, NULL, 0,
4249         NULL, HFILL }},
4250     { &hf_kerberos_krb_priv,
4251       { "krb-priv", "kerberos.krb_priv_element",
4252         FT_NONE, BASE_NONE, NULL, 0,
4253         NULL, HFILL }},
4254     { &hf_kerberos_krb_cred,
4255       { "krb-cred", "kerberos.krb_cred_element",
4256         FT_NONE, BASE_NONE, NULL, 0,
4257         NULL, HFILL }},
4258     { &hf_kerberos_encASRepPart,
4259       { "encASRepPart", "kerberos.encASRepPart_element",
4260         FT_NONE, BASE_NONE, NULL, 0,
4261         NULL, HFILL }},
4262     { &hf_kerberos_encTGSRepPart,
4263       { "encTGSRepPart", "kerberos.encTGSRepPart_element",
4264         FT_NONE, BASE_NONE, NULL, 0,
4265         NULL, HFILL }},
4266     { &hf_kerberos_encAPRepPart,
4267       { "encAPRepPart", "kerberos.encAPRepPart_element",
4268         FT_NONE, BASE_NONE, NULL, 0,
4269         NULL, HFILL }},
4270     { &hf_kerberos_encKrbPrivPart,
4271       { "encKrbPrivPart", "kerberos.encKrbPrivPart_element",
4272         FT_NONE, BASE_NONE, NULL, 0,
4273         "ENC_KRB_PRIV_PART", HFILL }},
4274     { &hf_kerberos_encKrbCredPart,
4275       { "encKrbCredPart", "kerberos.encKrbCredPart_element",
4276         FT_NONE, BASE_NONE, NULL, 0,
4277         NULL, HFILL }},
4278     { &hf_kerberos_krb_error,
4279       { "krb-error", "kerberos.krb_error_element",
4280         FT_NONE, BASE_NONE, NULL, 0,
4281         NULL, HFILL }},
4282     { &hf_kerberos_name_type,
4283       { "name-type", "kerberos.name_type",
4284         FT_INT32, BASE_DEC, VALS(kerberos_NAME_TYPE_vals), 0,
4285         NULL, HFILL }},
4286     { &hf_kerberos_name_string,
4287       { "name-string", "kerberos.name_string",
4288         FT_UINT32, BASE_DEC, NULL, 0,
4289         "SEQUENCE_OF_KerberosString", HFILL }},
4290     { &hf_kerberos_name_string_item,
4291       { "KerberosString", "kerberos.KerberosString",
4292         FT_STRING, BASE_NONE, NULL, 0,
4293         NULL, HFILL }},
4294     { &hf_kerberos_addr_type,
4295       { "addr-type", "kerberos.addr_type",
4296         FT_INT32, BASE_DEC, VALS(kerberos_ADDR_TYPE_vals), 0,
4297         NULL, HFILL }},
4298     { &hf_kerberos_address,
4299       { "address", "kerberos.address",
4300         FT_BYTES, BASE_NONE, NULL, 0,
4301         NULL, HFILL }},
4302     { &hf_kerberos_HostAddresses_item,
4303       { "HostAddress", "kerberos.HostAddress_element",
4304         FT_NONE, BASE_NONE, NULL, 0,
4305         NULL, HFILL }},
4306     { &hf_kerberos_AuthorizationData_item,
4307       { "AuthorizationData item", "kerberos.AuthorizationData_item_element",
4308         FT_NONE, BASE_NONE, NULL, 0,
4309         NULL, HFILL }},
4310     { &hf_kerberos_ad_type,
4311       { "ad-type", "kerberos.ad_type",
4312         FT_INT32, BASE_DEC, NULL, 0,
4313         NULL, HFILL }},
4314     { &hf_kerberos_ad_data,
4315       { "ad-data", "kerberos.ad_data",
4316         FT_BYTES, BASE_NONE, NULL, 0,
4317         NULL, HFILL }},
4318     { &hf_kerberos_padata_type,
4319       { "padata-type", "kerberos.padata_type",
4320         FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0,
4321         NULL, HFILL }},
4322     { &hf_kerberos_padata_value,
4323       { "padata-value", "kerberos.padata_value",
4324         FT_BYTES, BASE_NONE, NULL, 0,
4325         NULL, HFILL }},
4326     { &hf_kerberos_keytype,
4327       { "keytype", "kerberos.keytype",
4328         FT_INT32, BASE_DEC, NULL, 0,
4329         NULL, HFILL }},
4330     { &hf_kerberos_keyvalue,
4331       { "keyvalue", "kerberos.keyvalue",
4332         FT_BYTES, BASE_NONE, NULL, 0,
4333         NULL, HFILL }},
4334     { &hf_kerberos_cksumtype,
4335       { "cksumtype", "kerberos.cksumtype",
4336         FT_INT32, BASE_DEC, VALS(kerberos_CKSUMTYPE_vals), 0,
4337         NULL, HFILL }},
4338     { &hf_kerberos_checksum,
4339       { "checksum", "kerberos.checksum",
4340         FT_BYTES, BASE_NONE, NULL, 0,
4341         NULL, HFILL }},
4342     { &hf_kerberos_etype,
4343       { "etype", "kerberos.etype",
4344         FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
4345         "ENCTYPE", HFILL }},
4346     { &hf_kerberos_kvno,
4347       { "kvno", "kerberos.kvno",
4348         FT_UINT32, BASE_DEC, NULL, 0,
4349         "UInt32", HFILL }},
4350     { &hf_kerberos_encryptedTicketData_cipher,
4351       { "cipher", "kerberos.cipher",
4352         FT_BYTES, BASE_NONE, NULL, 0,
4353         "T_encryptedTicketData_cipher", HFILL }},
4354     { &hf_kerberos_encryptedAuthorizationData_cipher,
4355       { "cipher", "kerberos.cipher",
4356         FT_BYTES, BASE_NONE, NULL, 0,
4357         "T_encryptedAuthorizationData_cipher", HFILL }},
4358     { &hf_kerberos_encryptedKDCREPData_cipher,
4359       { "cipher", "kerberos.cipher",
4360         FT_BYTES, BASE_NONE, NULL, 0,
4361         "T_encryptedKDCREPData_cipher", HFILL }},
4362     { &hf_kerberos_encryptedAPREPData_cipher,
4363       { "cipher", "kerberos.cipher",
4364         FT_BYTES, BASE_NONE, NULL, 0,
4365         "T_encryptedAPREPData_cipher", HFILL }},
4366     { &hf_kerberos_encryptedKrbPrivData_cipher,
4367       { "cipher", "kerberos.cipher",
4368         FT_BYTES, BASE_NONE, NULL, 0,
4369         "T_encryptedKrbPrivData_cipher", HFILL }},
4370     { &hf_kerberos_encryptedKrbCredData_cipher,
4371       { "cipher", "kerberos.cipher",
4372         FT_BYTES, BASE_NONE, NULL, 0,
4373         "T_encryptedKrbCredData_cipher", HFILL }},
4374     { &hf_kerberos_tkt_vno,
4375       { "tkt-vno", "kerberos.tkt_vno",
4376         FT_UINT32, BASE_DEC, NULL, 0,
4377         "INTEGER_5", HFILL }},
4378     { &hf_kerberos_realm,
4379       { "realm", "kerberos.realm",
4380         FT_STRING, BASE_NONE, NULL, 0,
4381         NULL, HFILL }},
4382     { &hf_kerberos_sname,
4383       { "sname", "kerberos.sname_element",
4384         FT_NONE, BASE_NONE, NULL, 0,
4385         "PrincipalName", HFILL }},
4386     { &hf_kerberos_ticket_enc_part,
4387       { "enc-part", "kerberos.enc_part_element",
4388         FT_NONE, BASE_NONE, NULL, 0,
4389         "EncryptedTicketData", HFILL }},
4390     { &hf_kerberos_flags,
4391       { "flags", "kerberos.flags",
4392         FT_BYTES, BASE_NONE, NULL, 0,
4393         "TicketFlags", HFILL }},
4394     { &hf_kerberos_key,
4395       { "key", "kerberos.key_element",
4396         FT_NONE, BASE_NONE, NULL, 0,
4397         "EncryptionKey", HFILL }},
4398     { &hf_kerberos_crealm,
4399       { "crealm", "kerberos.crealm",
4400         FT_STRING, BASE_NONE, NULL, 0,
4401         "Realm", HFILL }},
4402     { &hf_kerberos_cname,
4403       { "cname", "kerberos.cname_element",
4404         FT_NONE, BASE_NONE, NULL, 0,
4405         "PrincipalName", HFILL }},
4406     { &hf_kerberos_transited,
4407       { "transited", "kerberos.transited_element",
4408         FT_NONE, BASE_NONE, NULL, 0,
4409         "TransitedEncoding", HFILL }},
4410     { &hf_kerberos_authtime,
4411       { "authtime", "kerberos.authtime",
4412         FT_STRING, BASE_NONE, NULL, 0,
4413         "KerberosTime", HFILL }},
4414     { &hf_kerberos_starttime,
4415       { "starttime", "kerberos.starttime",
4416         FT_STRING, BASE_NONE, NULL, 0,
4417         "KerberosTime", HFILL }},
4418     { &hf_kerberos_endtime,
4419       { "endtime", "kerberos.endtime",
4420         FT_STRING, BASE_NONE, NULL, 0,
4421         "KerberosTime", HFILL }},
4422     { &hf_kerberos_renew_till,
4423       { "renew-till", "kerberos.renew_till",
4424         FT_STRING, BASE_NONE, NULL, 0,
4425         "KerberosTime", HFILL }},
4426     { &hf_kerberos_caddr,
4427       { "caddr", "kerberos.caddr",
4428         FT_UINT32, BASE_DEC, NULL, 0,
4429         "HostAddresses", HFILL }},
4430     { &hf_kerberos_authorization_data,
4431       { "authorization-data", "kerberos.authorization_data",
4432         FT_UINT32, BASE_DEC, NULL, 0,
4433         "AuthorizationData", HFILL }},
4434     { &hf_kerberos_tr_type,
4435       { "tr-type", "kerberos.tr_type",
4436         FT_INT32, BASE_DEC, NULL, 0,
4437         "Int32", HFILL }},
4438     { &hf_kerberos_contents,
4439       { "contents", "kerberos.contents",
4440         FT_BYTES, BASE_NONE, NULL, 0,
4441         "OCTET_STRING", HFILL }},
4442     { &hf_kerberos_pvno,
4443       { "pvno", "kerberos.pvno",
4444         FT_UINT32, BASE_DEC, NULL, 0,
4445         "INTEGER_5", HFILL }},
4446     { &hf_kerberos_msg_type,
4447       { "msg-type", "kerberos.msg_type",
4448         FT_INT32, BASE_DEC, VALS(kerberos_MESSAGE_TYPE_vals), 0,
4449         "MESSAGE_TYPE", HFILL }},
4450     { &hf_kerberos_padata,
4451       { "padata", "kerberos.padata",
4452         FT_UINT32, BASE_DEC, NULL, 0,
4453         "SEQUENCE_OF_PA_DATA", HFILL }},
4454     { &hf_kerberos_padata_item,
4455       { "PA-DATA", "kerberos.PA_DATA_element",
4456         FT_NONE, BASE_NONE, NULL, 0,
4457         NULL, HFILL }},
4458     { &hf_kerberos_req_body,
4459       { "req-body", "kerberos.req_body_element",
4460         FT_NONE, BASE_NONE, NULL, 0,
4461         "KDC_REQ_BODY", HFILL }},
4462     { &hf_kerberos_kdc_options,
4463       { "kdc-options", "kerberos.kdc_options",
4464         FT_BYTES, BASE_NONE, NULL, 0,
4465         "KDCOptions", HFILL }},
4466     { &hf_kerberos_from,
4467       { "from", "kerberos.from",
4468         FT_STRING, BASE_NONE, NULL, 0,
4469         "KerberosTime", HFILL }},
4470     { &hf_kerberos_till,
4471       { "till", "kerberos.till",
4472         FT_STRING, BASE_NONE, NULL, 0,
4473         "KerberosTime", HFILL }},
4474     { &hf_kerberos_rtime,
4475       { "rtime", "kerberos.rtime",
4476         FT_STRING, BASE_NONE, NULL, 0,
4477         "KerberosTime", HFILL }},
4478     { &hf_kerberos_nonce,
4479       { "nonce", "kerberos.nonce",
4480         FT_UINT32, BASE_DEC, NULL, 0,
4481         "UInt32", HFILL }},
4482     { &hf_kerberos_kDC_REQ_BODY_etype,
4483       { "etype", "kerberos.etype",
4484         FT_UINT32, BASE_DEC, NULL, 0,
4485         "SEQUENCE_OF_ENCTYPE", HFILL }},
4486     { &hf_kerberos_kDC_REQ_BODY_etype_item,
4487       { "ENCTYPE", "kerberos.ENCTYPE",
4488         FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
4489         NULL, HFILL }},
4490     { &hf_kerberos_addresses,
4491       { "addresses", "kerberos.addresses",
4492         FT_UINT32, BASE_DEC, NULL, 0,
4493         "HostAddresses", HFILL }},
4494     { &hf_kerberos_enc_authorization_data,
4495       { "enc-authorization-data", "kerberos.enc_authorization_data_element",
4496         FT_NONE, BASE_NONE, NULL, 0,
4497         "EncryptedAuthorizationData", HFILL }},
4498     { &hf_kerberos_additional_tickets,
4499       { "additional-tickets", "kerberos.additional_tickets",
4500         FT_UINT32, BASE_DEC, NULL, 0,
4501         "SEQUENCE_OF_Ticket", HFILL }},
4502     { &hf_kerberos_additional_tickets_item,
4503       { "Ticket", "kerberos.Ticket_element",
4504         FT_NONE, BASE_NONE, NULL, 0,
4505         NULL, HFILL }},
4506     { &hf_kerberos_kDC_REP_enc_part,
4507       { "enc-part", "kerberos.enc_part_element",
4508         FT_NONE, BASE_NONE, NULL, 0,
4509         "EncryptedKDCREPData", HFILL }},
4510     { &hf_kerberos_last_req,
4511       { "last-req", "kerberos.last_req",
4512         FT_UINT32, BASE_DEC, NULL, 0,
4513         "LastReq", HFILL }},
4514     { &hf_kerberos_key_expiration,
4515       { "key-expiration", "kerberos.key_expiration",
4516         FT_STRING, BASE_NONE, NULL, 0,
4517         "KerberosTime", HFILL }},
4518     { &hf_kerberos_srealm,
4519       { "srealm", "kerberos.srealm",
4520         FT_STRING, BASE_NONE, NULL, 0,
4521         "Realm", HFILL }},
4522     { &hf_kerberos_encrypted_pa_data,
4523       { "encrypted-pa-data", "kerberos.encrypted_pa_data",
4524         FT_UINT32, BASE_DEC, NULL, 0,
4525         "METHOD_DATA", HFILL }},
4526     { &hf_kerberos_LastReq_item,
4527       { "LastReq item", "kerberos.LastReq_item_element",
4528         FT_NONE, BASE_NONE, NULL, 0,
4529         NULL, HFILL }},
4530     { &hf_kerberos_lr_type,
4531       { "lr-type", "kerberos.lr_type",
4532         FT_INT32, BASE_DEC, VALS(kerberos_LR_TYPE_vals), 0,
4533         NULL, HFILL }},
4534     { &hf_kerberos_lr_value,
4535       { "lr-value", "kerberos.lr_value",
4536         FT_STRING, BASE_NONE, NULL, 0,
4537         "KerberosTime", HFILL }},
4538     { &hf_kerberos_ap_options,
4539       { "ap-options", "kerberos.ap_options",
4540         FT_BYTES, BASE_NONE, NULL, 0,
4541         "APOptions", HFILL }},
4542     { &hf_kerberos_authenticator_01,
4543       { "authenticator", "kerberos.authenticator_element",
4544         FT_NONE, BASE_NONE, NULL, 0,
4545         "EncryptedAuthorizationData", HFILL }},
4546     { &hf_kerberos_authenticator_vno,
4547       { "authenticator-vno", "kerberos.authenticator_vno",
4548         FT_UINT32, BASE_DEC, NULL, 0,
4549         "INTEGER_5", HFILL }},
4550     { &hf_kerberos_cksum,
4551       { "cksum", "kerberos.cksum_element",
4552         FT_NONE, BASE_NONE, NULL, 0,
4553         "Checksum", HFILL }},
4554     { &hf_kerberos_cusec,
4555       { "cusec", "kerberos.cusec",
4556         FT_UINT32, BASE_DEC, NULL, 0,
4557         "Microseconds", HFILL }},
4558     { &hf_kerberos_ctime,
4559       { "ctime", "kerberos.ctime",
4560         FT_STRING, BASE_NONE, NULL, 0,
4561         "KerberosTime", HFILL }},
4562     { &hf_kerberos_subkey,
4563       { "subkey", "kerberos.subkey_element",
4564         FT_NONE, BASE_NONE, NULL, 0,
4565         "EncryptionKey", HFILL }},
4566     { &hf_kerberos_seq_number,
4567       { "seq-number", "kerberos.seq_number",
4568         FT_UINT32, BASE_DEC, NULL, 0,
4569         "UInt32", HFILL }},
4570     { &hf_kerberos_aP_REP_enc_part,
4571       { "enc-part", "kerberos.enc_part_element",
4572         FT_NONE, BASE_NONE, NULL, 0,
4573         "EncryptedAPREPData", HFILL }},
4574     { &hf_kerberos_safe_body,
4575       { "safe-body", "kerberos.safe_body_element",
4576         FT_NONE, BASE_NONE, NULL, 0,
4577         "KRB_SAFE_BODY", HFILL }},
4578     { &hf_kerberos_kRB_SAFE_BODY_user_data,
4579       { "user-data", "kerberos.user_data",
4580         FT_BYTES, BASE_NONE, NULL, 0,
4581         "T_kRB_SAFE_BODY_user_data", HFILL }},
4582     { &hf_kerberos_timestamp,
4583       { "timestamp", "kerberos.timestamp",
4584         FT_STRING, BASE_NONE, NULL, 0,
4585         "KerberosTime", HFILL }},
4586     { &hf_kerberos_usec,
4587       { "usec", "kerberos.usec",
4588         FT_UINT32, BASE_DEC, NULL, 0,
4589         "Microseconds", HFILL }},
4590     { &hf_kerberos_s_address,
4591       { "s-address", "kerberos.s_address_element",
4592         FT_NONE, BASE_NONE, NULL, 0,
4593         "HostAddress", HFILL }},
4594     { &hf_kerberos_r_address,
4595       { "r-address", "kerberos.r_address_element",
4596         FT_NONE, BASE_NONE, NULL, 0,
4597         "HostAddress", HFILL }},
4598     { &hf_kerberos_kRB_PRIV_enc_part,
4599       { "enc-part", "kerberos.enc_part_element",
4600         FT_NONE, BASE_NONE, NULL, 0,
4601         "EncryptedKrbPrivData", HFILL }},
4602     { &hf_kerberos_encKrbPrivPart_user_data,
4603       { "user-data", "kerberos.user_data",
4604         FT_BYTES, BASE_NONE, NULL, 0,
4605         "T_encKrbPrivPart_user_data", HFILL }},
4606     { &hf_kerberos_tickets,
4607       { "tickets", "kerberos.tickets",
4608         FT_UINT32, BASE_DEC, NULL, 0,
4609         "SEQUENCE_OF_Ticket", HFILL }},
4610     { &hf_kerberos_tickets_item,
4611       { "Ticket", "kerberos.Ticket_element",
4612         FT_NONE, BASE_NONE, NULL, 0,
4613         NULL, HFILL }},
4614     { &hf_kerberos_kRB_CRED_enc_part,
4615       { "enc-part", "kerberos.enc_part_element",
4616         FT_NONE, BASE_NONE, NULL, 0,
4617         "EncryptedKrbCredData", HFILL }},
4618     { &hf_kerberos_ticket_info,
4619       { "ticket-info", "kerberos.ticket_info",
4620         FT_UINT32, BASE_DEC, NULL, 0,
4621         "SEQUENCE_OF_KrbCredInfo", HFILL }},
4622     { &hf_kerberos_ticket_info_item,
4623       { "KrbCredInfo", "kerberos.KrbCredInfo_element",
4624         FT_NONE, BASE_NONE, NULL, 0,
4625         NULL, HFILL }},
4626     { &hf_kerberos_prealm,
4627       { "prealm", "kerberos.prealm",
4628         FT_STRING, BASE_NONE, NULL, 0,
4629         "Realm", HFILL }},
4630     { &hf_kerberos_pname,
4631       { "pname", "kerberos.pname_element",
4632         FT_NONE, BASE_NONE, NULL, 0,
4633         "PrincipalName", HFILL }},
4634     { &hf_kerberos_stime,
4635       { "stime", "kerberos.stime",
4636         FT_STRING, BASE_NONE, NULL, 0,
4637         "KerberosTime", HFILL }},
4638     { &hf_kerberos_susec,
4639       { "susec", "kerberos.susec",
4640         FT_UINT32, BASE_DEC, NULL, 0,
4641         "Microseconds", HFILL }},
4642     { &hf_kerberos_error_code,
4643       { "error-code", "kerberos.error_code",
4644         FT_INT32, BASE_DEC, VALS(kerberos_ERROR_CODE_vals), 0,
4645         NULL, HFILL }},
4646     { &hf_kerberos_e_text,
4647       { "e-text", "kerberos.e_text",
4648         FT_STRING, BASE_NONE, NULL, 0,
4649         "KerberosString", HFILL }},
4650     { &hf_kerberos_e_data,
4651       { "e-data", "kerberos.e_data",
4652         FT_BYTES, BASE_NONE, NULL, 0,
4653         NULL, HFILL }},
4654     { &hf_kerberos_e_checksum,
4655       { "e-checksum", "kerberos.e_checksum_element",
4656         FT_NONE, BASE_NONE, NULL, 0,
4657         "Checksum", HFILL }},
4658     { &hf_kerberos_METHOD_DATA_item,
4659       { "PA-DATA", "kerberos.PA_DATA_element",
4660         FT_NONE, BASE_NONE, NULL, 0,
4661         NULL, HFILL }},
4662     { &hf_kerberos_pA_ENC_TIMESTAMP_cipher,
4663       { "cipher", "kerberos.cipher",
4664         FT_BYTES, BASE_NONE, NULL, 0,
4665         "T_pA_ENC_TIMESTAMP_cipher", HFILL }},
4666     { &hf_kerberos_salt,
4667       { "salt", "kerberos.salt",
4668         FT_BYTES, BASE_NONE, NULL, 0,
4669         "OCTET_STRING", HFILL }},
4670     { &hf_kerberos_ETYPE_INFO_item,
4671       { "ETYPE-INFO-ENTRY", "kerberos.ETYPE_INFO_ENTRY_element",
4672         FT_NONE, BASE_NONE, NULL, 0,
4673         NULL, HFILL }},
4674     { &hf_kerberos_salt_01,
4675       { "salt", "kerberos.salt",
4676         FT_STRING, BASE_NONE, NULL, 0,
4677         "KerberosString", HFILL }},
4678     { &hf_kerberos_s2kparams,
4679       { "s2kparams", "kerberos.s2kparams",
4680         FT_BYTES, BASE_NONE, NULL, 0,
4681         "OCTET_STRING", HFILL }},
4682     { &hf_kerberos_ETYPE_INFO2_item,
4683       { "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element",
4684         FT_NONE, BASE_NONE, NULL, 0,
4685         NULL, HFILL }},
4686     { &hf_kerberos_name,
4687       { "name", "kerberos.name_element",
4688         FT_NONE, BASE_NONE, NULL, 0,
4689         "PrincipalName", HFILL }},
4690     { &hf_kerberos_auth,
4691       { "auth", "kerberos.auth",
4692         FT_STRING, BASE_NONE, NULL, 0,
4693         "GeneralString", HFILL }},
4694     { &hf_kerberos_include_pac,
4695       { "include-pac", "kerberos.include_pac",
4696         FT_BOOLEAN, BASE_NONE, NULL, 0,
4697         "BOOLEAN", HFILL }},
4698     { &hf_kerberos_newpasswd,
4699       { "newpasswd", "kerberos.newpasswd",
4700         FT_BYTES, BASE_NONE, NULL, 0,
4701         "OCTET_STRING", HFILL }},
4702     { &hf_kerberos_targname,
4703       { "targname", "kerberos.targname_element",
4704         FT_NONE, BASE_NONE, NULL, 0,
4705         "PrincipalName", HFILL }},
4706     { &hf_kerberos_targrealm,
4707       { "targrealm", "kerberos.targrealm",
4708         FT_STRING, BASE_NONE, NULL, 0,
4709         "Realm", HFILL }},
4710     { &hf_kerberos_APOptions_reserved,
4711       { "reserved", "kerberos.reserved",
4712         FT_BOOLEAN, 8, NULL, 0x80,
4713         NULL, HFILL }},
4714     { &hf_kerberos_APOptions_use_session_key,
4715       { "use-session-key", "kerberos.use-session-key",
4716         FT_BOOLEAN, 8, NULL, 0x40,
4717         NULL, HFILL }},
4718     { &hf_kerberos_APOptions_mutual_required,
4719       { "mutual-required", "kerberos.mutual-required",
4720         FT_BOOLEAN, 8, NULL, 0x20,
4721         NULL, HFILL }},
4722     { &hf_kerberos_TicketFlags_reserved,
4723       { "reserved", "kerberos.reserved",
4724         FT_BOOLEAN, 8, NULL, 0x80,
4725         NULL, HFILL }},
4726     { &hf_kerberos_TicketFlags_forwardable,
4727       { "forwardable", "kerberos.forwardable",
4728         FT_BOOLEAN, 8, NULL, 0x40,
4729         NULL, HFILL }},
4730     { &hf_kerberos_TicketFlags_forwarded,
4731       { "forwarded", "kerberos.forwarded",
4732         FT_BOOLEAN, 8, NULL, 0x20,
4733         NULL, HFILL }},
4734     { &hf_kerberos_TicketFlags_proxiable,
4735       { "proxiable", "kerberos.proxiable",
4736         FT_BOOLEAN, 8, NULL, 0x10,
4737         NULL, HFILL }},
4738     { &hf_kerberos_TicketFlags_proxy,
4739       { "proxy", "kerberos.proxy",
4740         FT_BOOLEAN, 8, NULL, 0x08,
4741         NULL, HFILL }},
4742     { &hf_kerberos_TicketFlags_may_postdate,
4743       { "may-postdate", "kerberos.may-postdate",
4744         FT_BOOLEAN, 8, NULL, 0x04,
4745         NULL, HFILL }},
4746     { &hf_kerberos_TicketFlags_postdated,
4747       { "postdated", "kerberos.postdated",
4748         FT_BOOLEAN, 8, NULL, 0x02,
4749         NULL, HFILL }},
4750     { &hf_kerberos_TicketFlags_invalid,
4751       { "invalid", "kerberos.invalid",
4752         FT_BOOLEAN, 8, NULL, 0x01,
4753         NULL, HFILL }},
4754     { &hf_kerberos_TicketFlags_renewable,
4755       { "renewable", "kerberos.renewable",
4756         FT_BOOLEAN, 8, NULL, 0x80,
4757         NULL, HFILL }},
4758     { &hf_kerberos_TicketFlags_initial,
4759       { "initial", "kerberos.initial",
4760         FT_BOOLEAN, 8, NULL, 0x40,
4761         NULL, HFILL }},
4762     { &hf_kerberos_TicketFlags_pre_authent,
4763       { "pre-authent", "kerberos.pre-authent",
4764         FT_BOOLEAN, 8, NULL, 0x20,
4765         NULL, HFILL }},
4766     { &hf_kerberos_TicketFlags_hw_authent,
4767       { "hw-authent", "kerberos.hw-authent",
4768         FT_BOOLEAN, 8, NULL, 0x10,
4769         NULL, HFILL }},
4770     { &hf_kerberos_TicketFlags_transited_policy_checked,
4771       { "transited-policy-checked", "kerberos.transited-policy-checked",
4772         FT_BOOLEAN, 8, NULL, 0x08,
4773         NULL, HFILL }},
4774     { &hf_kerberos_TicketFlags_ok_as_delegate,
4775       { "ok-as-delegate", "kerberos.ok-as-delegate",
4776         FT_BOOLEAN, 8, NULL, 0x04,
4777         NULL, HFILL }},
4778     { &hf_kerberos_TicketFlags_anonymous,
4779       { "anonymous", "kerberos.anonymous",
4780         FT_BOOLEAN, 8, NULL, 0x02,
4781         NULL, HFILL }},
4782     { &hf_kerberos_KDCOptions_reserved,
4783       { "reserved", "kerberos.reserved",
4784         FT_BOOLEAN, 8, NULL, 0x80,
4785         NULL, HFILL }},
4786     { &hf_kerberos_KDCOptions_forwardable,
4787       { "forwardable", "kerberos.forwardable",
4788         FT_BOOLEAN, 8, NULL, 0x40,
4789         NULL, HFILL }},
4790     { &hf_kerberos_KDCOptions_forwarded,
4791       { "forwarded", "kerberos.forwarded",
4792         FT_BOOLEAN, 8, NULL, 0x20,
4793         NULL, HFILL }},
4794     { &hf_kerberos_KDCOptions_proxiable,
4795       { "proxiable", "kerberos.proxiable",
4796         FT_BOOLEAN, 8, NULL, 0x10,
4797         NULL, HFILL }},
4798     { &hf_kerberos_KDCOptions_proxy,
4799       { "proxy", "kerberos.proxy",
4800         FT_BOOLEAN, 8, NULL, 0x08,
4801         NULL, HFILL }},
4802     { &hf_kerberos_KDCOptions_allow_postdate,
4803       { "allow-postdate", "kerberos.allow-postdate",
4804         FT_BOOLEAN, 8, NULL, 0x04,
4805         NULL, HFILL }},
4806     { &hf_kerberos_KDCOptions_postdated,
4807       { "postdated", "kerberos.postdated",
4808         FT_BOOLEAN, 8, NULL, 0x02,
4809         NULL, HFILL }},
4810     { &hf_kerberos_KDCOptions_unused7,
4811       { "unused7", "kerberos.unused7",
4812         FT_BOOLEAN, 8, NULL, 0x01,
4813         NULL, HFILL }},
4814     { &hf_kerberos_KDCOptions_renewable,
4815       { "renewable", "kerberos.renewable",
4816         FT_BOOLEAN, 8, NULL, 0x80,
4817         NULL, HFILL }},
4818     { &hf_kerberos_KDCOptions_unused9,
4819       { "unused9", "kerberos.unused9",
4820         FT_BOOLEAN, 8, NULL, 0x40,
4821         NULL, HFILL }},
4822     { &hf_kerberos_KDCOptions_unused10,
4823       { "unused10", "kerberos.unused10",
4824         FT_BOOLEAN, 8, NULL, 0x20,
4825         NULL, HFILL }},
4826     { &hf_kerberos_KDCOptions_opt_hardware_auth,
4827       { "opt-hardware-auth", "kerberos.opt-hardware-auth",
4828         FT_BOOLEAN, 8, NULL, 0x10,
4829         NULL, HFILL }},
4830     { &hf_kerberos_KDCOptions_request_anonymous,
4831       { "request-anonymous", "kerberos.request-anonymous",
4832         FT_BOOLEAN, 8, NULL, 0x02,
4833         NULL, HFILL }},
4834     { &hf_kerberos_KDCOptions_canonicalize,
4835       { "canonicalize", "kerberos.canonicalize",
4836         FT_BOOLEAN, 8, NULL, 0x01,
4837         NULL, HFILL }},
4838     { &hf_kerberos_KDCOptions_constrained_delegation,
4839       { "constrained-delegation", "kerberos.constrained-delegation",
4840         FT_BOOLEAN, 8, NULL, 0x80,
4841         NULL, HFILL }},
4842     { &hf_kerberos_KDCOptions_disable_transited_check,
4843       { "disable-transited-check", "kerberos.disable-transited-check",
4844         FT_BOOLEAN, 8, NULL, 0x20,
4845         NULL, HFILL }},
4846     { &hf_kerberos_KDCOptions_renewable_ok,
4847       { "renewable-ok", "kerberos.renewable-ok",
4848         FT_BOOLEAN, 8, NULL, 0x10,
4849         NULL, HFILL }},
4850     { &hf_kerberos_KDCOptions_enc_tkt_in_skey,
4851       { "enc-tkt-in-skey", "kerberos.enc-tkt-in-skey",
4852         FT_BOOLEAN, 8, NULL, 0x08,
4853         NULL, HFILL }},
4854     { &hf_kerberos_KDCOptions_renew,
4855       { "renew", "kerberos.renew",
4856         FT_BOOLEAN, 8, NULL, 0x02,
4857         NULL, HFILL }},
4858     { &hf_kerberos_KDCOptions_validate,
4859       { "validate", "kerberos.validate",
4860         FT_BOOLEAN, 8, NULL, 0x01,
4861         NULL, HFILL }},
4862
4863 /*--- End of included file: packet-kerberos-hfarr.c ---*/
4864 #line 1947 "../../asn1/kerberos/packet-kerberos-template.c"
4865   };
4866
4867   /* List of subtrees */
4868   static gint *ett[] = {
4869           &ett_kerberos,
4870           &ett_krb_recordmark,
4871
4872 /*--- Included file: packet-kerberos-ettarr.c ---*/
4873 #line 1 "../../asn1/kerberos/packet-kerberos-ettarr.c"
4874     &ett_kerberos_Applications,
4875     &ett_kerberos_PrincipalName,
4876     &ett_kerberos_SEQUENCE_OF_KerberosString,
4877     &ett_kerberos_HostAddress,
4878     &ett_kerberos_HostAddresses,
4879     &ett_kerberos_AuthorizationData,
4880     &ett_kerberos_AuthorizationData_item,
4881     &ett_kerberos_PA_DATA,
4882     &ett_kerberos_EncryptionKey,
4883     &ett_kerberos_Checksum,
4884     &ett_kerberos_EncryptedTicketData,
4885     &ett_kerberos_EncryptedAuthorizationData,
4886     &ett_kerberos_EncryptedKDCREPData,
4887     &ett_kerberos_EncryptedAPREPData,
4888     &ett_kerberos_EncryptedKrbPrivData,
4889     &ett_kerberos_EncryptedKrbCredData,
4890     &ett_kerberos_Ticket_U,
4891     &ett_kerberos_EncTicketPart_U,
4892     &ett_kerberos_TransitedEncoding,
4893     &ett_kerberos_KDC_REQ,
4894     &ett_kerberos_SEQUENCE_OF_PA_DATA,
4895     &ett_kerberos_KDC_REQ_BODY,
4896     &ett_kerberos_SEQUENCE_OF_ENCTYPE,
4897     &ett_kerberos_SEQUENCE_OF_Ticket,
4898     &ett_kerberos_KDC_REP,
4899     &ett_kerberos_EncKDCRepPart,
4900     &ett_kerberos_LastReq,
4901     &ett_kerberos_LastReq_item,
4902     &ett_kerberos_AP_REQ_U,
4903     &ett_kerberos_Authenticator_U,
4904     &ett_kerberos_AP_REP_U,
4905     &ett_kerberos_EncAPRepPart_U,
4906     &ett_kerberos_KRB_SAFE_U,
4907     &ett_kerberos_KRB_SAFE_BODY,
4908     &ett_kerberos_KRB_PRIV_U,
4909     &ett_kerberos_EncKrbPrivPart,
4910     &ett_kerberos_KRB_CRED_U,
4911     &ett_kerberos_EncKrbCredPart_U,
4912     &ett_kerberos_SEQUENCE_OF_KrbCredInfo,
4913     &ett_kerberos_KrbCredInfo,
4914     &ett_kerberos_KRB_ERROR_U,
4915     &ett_kerberos_METHOD_DATA,
4916     &ett_kerberos_PA_ENC_TIMESTAMP,
4917     &ett_kerberos_ETYPE_INFO_ENTRY,
4918     &ett_kerberos_ETYPE_INFO,
4919     &ett_kerberos_ETYPE_INFO2_ENTRY,
4920     &ett_kerberos_ETYPE_INFO2,
4921     &ett_kerberos_APOptions,
4922     &ett_kerberos_TicketFlags,
4923     &ett_kerberos_KDCOptions,
4924     &ett_kerberos_PA_S4U2Self,
4925     &ett_kerberos_KERB_PA_PAC_REQUEST,
4926     &ett_kerberos_ChangePasswdData,
4927
4928 /*--- End of included file: packet-kerberos-ettarr.c ---*/
4929 #line 1954 "../../asn1/kerberos/packet-kerberos-template.c"
4930   };
4931
4932   static ei_register_info ei[] = {
4933      { &ei_kerberos_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decryted keytype", EXPFILL }},
4934   };
4935
4936         expert_module_t* expert_krb;
4937         module_t *krb_module;
4938
4939         proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
4940         proto_register_field_array(proto_kerberos, hf, array_length(hf));
4941         proto_register_subtree_array(ett, array_length(ett));
4942         expert_krb = expert_register_protocol(proto_kerberos);
4943         expert_register_field_array(expert_krb, ei, array_length(ei));
4944
4945         /* Register preferences */
4946         krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
4947         prefs_register_bool_preference(krb_module, "desegment",
4948         "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
4949         "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
4950         " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
4951         &krb_desegment);
4952 #ifdef HAVE_KERBEROS
4953         prefs_register_bool_preference(krb_module, "decrypt",
4954         "Try to decrypt Kerberos blobs",
4955         "Whether the dissector should try to decrypt "
4956         "encrypted Kerberos blobs. This requires that the proper "
4957         "keytab file is installed as well.", &krb_decrypt);
4958
4959         prefs_register_filename_preference(krb_module, "file",
4960                                    "Kerberos keytab file",
4961                                    "The keytab file containing all the secrets",
4962                                    &keytab_filename);
4963 #endif
4964
4965 }
4966 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
4967                                  proto_tree *tree, dcerpc_info *di _U_,guint8 *drep _U_)
4968 {
4969         tvbuff_t *auth_tvb;
4970
4971         auth_tvb = tvb_new_subset_remaining(tvb, offset);
4972
4973         dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
4974
4975         return tvb_captured_length_remaining(tvb, offset);
4976 }
4977
4978
4979 static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = {
4980         wrap_dissect_gss_kerb,                      /* Bind */
4981         wrap_dissect_gss_kerb,                      /* Bind ACK */
4982         wrap_dissect_gss_kerb,                      /* AUTH3 */
4983         NULL,                                       /* Request verifier */
4984         NULL,                                       /* Response verifier */
4985         NULL,                                       /* Request data */
4986         NULL                                        /* Response data */
4987 };
4988
4989 static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = {
4990         wrap_dissect_gss_kerb,                      /* Bind */
4991         wrap_dissect_gss_kerb,                      /* Bind ACK */
4992         wrap_dissect_gss_kerb,                      /* AUTH3 */
4993         wrap_dissect_gssapi_verf,                   /* Request verifier */
4994         wrap_dissect_gssapi_verf,                   /* Response verifier */
4995         NULL,                                       /* Request data */
4996         NULL                                        /* Response data */
4997 };
4998
4999 static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = {
5000         wrap_dissect_gss_kerb,                      /* Bind */
5001         wrap_dissect_gss_kerb,                      /* Bind ACK */
5002         wrap_dissect_gss_kerb,                      /* AUTH3 */
5003         wrap_dissect_gssapi_verf,                   /* Request verifier */
5004         wrap_dissect_gssapi_verf,                   /* Response verifier */
5005         wrap_dissect_gssapi_payload,                /* Request data */
5006         wrap_dissect_gssapi_payload                 /* Response data */
5007 };
5008
5009
5010
5011 void
5012 proto_reg_handoff_kerberos(void)
5013 {
5014         dissector_handle_t kerberos_handle_tcp;
5015
5016         krb4_handle = find_dissector("krb4");
5017
5018         kerberos_handle_udp = new_create_dissector_handle(dissect_kerberos_udp,
5019         proto_kerberos);
5020
5021         kerberos_handle_tcp = new_create_dissector_handle(dissect_kerberos_tcp,
5022         proto_kerberos);
5023
5024         dissector_add_uint("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
5025         dissector_add_uint("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
5026
5027         register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT,
5028                                                                           DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5029                                                                           &gss_kerb_auth_connect_fns);
5030
5031         register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
5032                                                                           DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5033                                                                           &gss_kerb_auth_sign_fns);
5034
5035         register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
5036                                                                           DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5037                                                                           &gss_kerb_auth_seal_fns);
5038 }
5039
5040
Unnamed repository; edit this file to name it for gitweb.