STEP01x ? OK RFC6113.asn ....
[metze/wireshark/wip.git] / epan / dissectors / asn1 / kerberos / kerberos.cnf
1 # kerberos.cnf
2 # kerberos conformation file
3 # Copyright 2008 Anders Broman
4
5 #.EXPORTS
6 ChangePasswdData
7 Applications ONLY_ENUM
8
9 #.FIELD_RENAME
10 KDC-REQ-BODY/etype kDC-REQ-BODY_etype
11 KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
12 EncKrbPrivPart/user-data encKrbPrivPart_user_data
13 EncryptedTicketData/cipher encryptedTicketData_cipher
14 EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
15 EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
16 PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
17 EncryptedAPREPData/cipher encryptedAPREPData_cipher
18 EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
19 EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
20 KRB-CRED/_untag/enc-part kRB_CRED_enc_part
21 KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
22 AP-REP/_untag/enc-part aP_REP_enc_part
23 KDC-REP/enc-part kDC_REP_enc_part
24 Ticket/_untag/enc-part ticket_enc_part
25
26 #.OMIT_ASSIGNMENT
27 AD-AND-OR
28 AD-KDCIssued
29 AD-LoginAlias
30 AD-MANDATORY-FOR-KDC
31 ChangePasswdDataMS
32 EtypeList
33 KRB5SignedPath
34 KRB5SignedPathData
35 KRB5SignedPathPrincipals
36 Krb5int32
37 Krb5uint32
38 PA-ClientCanonicalized
39 PA-ClientCanonicalizedNames
40 PA-ENC-SAM-RESPONSE-ENC
41 PA-PAC-REQUEST
42 PA-SAM-CHALLENGE-2
43 PA-SAM-CHALLENGE-2-BODY
44 PA-SAM-REDIRECT
45 PA-SAM-RESPONSE-2
46 PA-SAM-TYPE
47 PA-SERVER-REFERRAL-DATA
48 PA-ServerReferralData
49 PA-SvrReferralData
50 Principal
51 PROV-SRV-LOCATION
52 SAMFlags
53 TYPED-DATA
54 KrbFastReq
55 KrbFastResponse
56 KrbFastFinished
57 FastOptions
58 KerberosFlags
59
60 #.NO_EMIT ONLY_VALS
61 Applications
62 PA-FX-FAST-REPLY
63 PA-FX-FAST-REQUEST
64
65 #.MAKE_DEFINES
66 ADDR-TYPE TYPE_PREFIX
67 Applications TYPE_PREFIX
68
69 #.MAKE_ENUM
70 PADATA-TYPE PROT_PREFIX UPPER_CASE
71 AUTHDATA-TYPE PROT_PREFIX UPPER_CASE
72
73 #.VALS_ATTR
74 PADATA-TYPE UPPER_CASE_FIRST
75 AUTHDATA-TYPE UPPER_CASE_FIRST
76
77 #.FN_BODY KDC-REP
78         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
79 %(DEFAULT_BODY)s
80         if (!private_data->kdc_response_initialized) {
81                 private_data->kdc_response = TRUE;
82         }
83
84 #.FN_BODY Applications
85         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
86 %(DEFAULT_BODY)s
87         private_data->kdc_response_initialized = TRUE;
88
89 #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
90 guint32 msgtype;
91
92 %(DEFAULT_BODY)s
93
94 #.FN_FTR MESSAGE-TYPE
95         if (gbl_do_col_info) {
96                 col_add_str(actx->pinfo->cinfo, COL_INFO,
97                         val_to_str(msgtype, krb5_msg_types,
98                         "Unknown msg type %#x"));
99         }
100         gbl_do_col_info=FALSE;
101
102 ##if 0
103         /* append the application type to the tree */
104         proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
105 ##endif
106
107 #.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
108 %(DEFAULT_BODY)s
109
110 #.FN_FTR ERROR-CODE
111         if(krb5_errorcode) {
112                 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
113                         "KRB Error: %s",
114                         val_to_str(krb5_errorcode, krb5_error_codes,
115                         "Unknown error code %#x"));
116         }
117
118         return offset;
119 #.END
120 #.FN_BODY KRB-ERROR/_untag/e-data
121         switch(krb5_errorcode){
122         case KRB5_ET_KRB5KDC_ERR_BADOPTION:
123         case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
124         case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
125         case KRB5_ET_KRB5KDC_ERR_POLICY:
126                 /* ms windows kdc sends e-data of this type containing a "salt"
127                  * that contains the nt_status code for these error codes.
128                  */
129                 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
130                 break;
131         case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
132         case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
133         case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
134                 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
135
136                 break;
137         default:
138                 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
139         }
140
141
142 #.FN_BODY PADATA-TYPE VAL_PTR=&(private_data->padata_type)
143         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
144 %(DEFAULT_BODY)s
145 #.FN_FTR PADATA-TYPE
146         if(tree){
147                 proto_item_append_text(tree, " %s",
148                         val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
149                         "Unknown:%d"));
150         }
151
152 #.FN_BODY PA-DATA/padata-value
153         proto_tree *sub_tree=tree;
154         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
155
156         if(actx->created_item){
157                 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
158         }
159
160         switch(private_data->padata_type){
161         case KERBEROS_PA_TGS_REQ:
162                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
163                 break;
164         case KERBEROS_PA_PK_AS_REQ:
165                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
166                 break;
167         case KERBEROS_PA_PK_AS_REP:
168                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
169                 break;
170         case KERBEROS_PA_PAC_REQUEST:
171                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST);
172                 break;
173         case KERBEROS_PA_FOR_USER: /* S4U2SELF */
174                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
175                 break;
176         case KERBEROS_PA_FOR_X509_USER:
177                 if(private_data->msg_type == KRB5_MSG_AS_REQ){
178                         offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
179                 }else if(private_data->is_enc_padata){
180                         offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
181                 }else{
182                         offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
183                 }
184                 break;
185         case KERBEROS_PA_PROV_SRV_LOCATION:
186                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
187                 break;
188         case KERBEROS_PA_ENC_TIMESTAMP:
189                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
190                 break;
191         case KERBEROS_PA_ENCTYPE_INFO:
192                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
193                 break;
194         case KERBEROS_PA_ENCTYPE_INFO2:
195                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
196                 break;
197         case KERBEROS_PA_PW_SALT:
198                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
199                 break;
200         case KERBEROS_PA_AUTH_SET_SELECTED:
201                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
202                 break;
203         case KERBEROS_PA_FX_FAST:
204                 // TODO if (!private_data->kdc_response) { cee8d8d0be... STEP01x ? OK RFC6113.asn ....
205                 if(private_data->msg_type == KRB5_MSG_AS_REQ || private_data->msg_type == KRB5_MSG_TGS_REQ){
206                         offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
207                 }else{
208                         offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
209                 }
210                 break;
211         case KERBEROS_PA_FX_ERROR:
212                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
213                 break;
214         case KERBEROS_PA_ENCRYPTED_CHALLENGE:
215                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
216                 break;
217         default:
218                 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
219         }
220
221 #.FN_BODY HostAddress/address
222         gint8 appclass;
223         gboolean pc;
224         gint32 tag;
225         guint32 len;
226         const char *address_str;
227         proto_item *it=NULL;
228         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
229
230         /* read header and len for the octet string */
231         offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
232         offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
233
234         switch(private_data->addr_type){
235         case KERBEROS_ADDR_TYPE_IPV4:
236                 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
237                 address_str = tvb_ip_to_str(tvb, offset);
238                 break;
239         case KERBEROS_ADDR_TYPE_NETBIOS:
240                 {
241                 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
242                 int netbios_name_type;
243                 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
244
245                 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
246                 address_str = wmem_strdup_printf(wmem_packet_scope(), "%s<%02x>", netbios_name, netbios_name_type);
247                 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
248                 }
249                 break;
250         case KERBEROS_ADDR_TYPE_IPV6:
251                 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
252                 address_str = tvb_ip6_to_str(tvb, offset);
253                 break;
254         default:
255                 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len);
256                 address_str = NULL;
257         }
258
259         /* push it up two levels in the decode pane */
260         if(it && address_str){
261                 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
262                 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
263         }
264
265         offset+=len;
266         return offset;
267
268
269 #.TYPE_ATTR
270 #xxx TYPE = FT_UINT16  DISPLAY = BASE_DEC  STRINGS = VALS(xx_vals)
271
272 #.FN_BODY ENCTYPE VAL_PTR=&(private_data->etype)
273         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
274 %(DEFAULT_BODY)s
275
276 #.FN_BODY EncryptedTicketData/cipher
277 ##ifdef HAVE_KERBEROS
278         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
279 ##else
280 %(DEFAULT_BODY)s
281 ##endif
282         return offset;
283
284 #.FN_BODY EncryptedAuthorizationData/cipher
285 ##ifdef HAVE_KERBEROS
286         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
287 ##else
288 %(DEFAULT_BODY)s
289 ##endif
290         return offset;
291
292 #.FN_BODY EncryptedKDCREPData/cipher
293 ##ifdef HAVE_KERBEROS
294         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
295 ##else
296 %(DEFAULT_BODY)s
297 ##endif
298         return offset;
299
300 #.FN_BODY PA-ENC-TIMESTAMP/cipher
301 ##ifdef HAVE_KERBEROS
302         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
303 ##else
304 %(DEFAULT_BODY)s
305 ##endif
306         return offset;
307
308 #.FN_BODY EncryptedAPREPData/cipher
309 ##ifdef HAVE_KERBEROS
310         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
311 ##else
312 %(DEFAULT_BODY)s
313 ##endif
314         return offset;
315
316 #.FN_BODY EncryptedKrbPrivData/cipher
317 ##ifdef HAVE_KERBEROS
318         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
319 ##else
320 %(DEFAULT_BODY)s
321 ##endif
322         return offset;
323
324 #.FN_BODY EncryptedKrbCredData/cipher
325 ##ifdef HAVE_KERBEROS
326         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
327 ##else
328 %(DEFAULT_BODY)s
329 ##endif
330         return offset;
331
332
333 #.FN_BODY CKSUMTYPE VAL_PTR=&(private_data->checksum_type)
334         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
335 %(DEFAULT_BODY)s
336
337 #.FN_BODY Checksum/checksum
338         tvbuff_t *next_tvb;
339         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
340
341         switch(private_data->checksum_type){
342         case KRB5_CHKSUM_GSSAPI:
343                 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
344                 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
345                 break;
346         default:
347                 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
348         }
349         return offset;
350
351 #.FN_BODY EncryptionKey/keytype VAL_PTR=&gbl_keytype
352         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
353
354         offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
355                                                                         &gbl_keytype);
356         private_data->key.keytype = gbl_keytype;
357
358 #.FN_BODY EncryptionKey/keyvalue VAL_PTR=&out_tvb
359         tvbuff_t *out_tvb;
360         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
361
362 %(DEFAULT_BODY)s
363
364         private_data->key.keylength = tvb_reported_length(out_tvb);
365         private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength);
366
367 #.FN_BODY EncryptionKey
368         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
369
370         %(DEFAULT_BODY)s
371
372         if (private_data->key.keytype != 0 && private_data->key.keylength > 0) {
373 ##ifdef HAVE_KERBEROS
374                 add_encryption_key(actx->pinfo, private_data->key.keytype, private_data->key.keylength, private_data->key.keyvalue, "key");
375 ##endif
376         }
377
378 #.FN_BODY AUTHDATA-TYPE VAL_PTR=&(private_data->ad_type)
379         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
380 %(DEFAULT_BODY)s
381
382 #.FN_BODY AuthorizationData/_item/ad-data
383         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
384
385         switch(private_data->ad_type){
386         case KERBEROS_AD_WIN2K_PAC:
387                 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
388                 break;
389         case KERBEROS_AD_IF_RELEVANT:
390                 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
391                 break;
392         default:
393                 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
394         }
395
396 #.FN_BODY S4UUserID/subject-certificate
397         offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
398
399 #.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type)
400         kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
401 %(DEFAULT_BODY)s
402
403 #.FN_BODY KDC-REQ-BODY
404         conversation_t *conversation;
405
406         /*
407          * UDP replies to KDC_REQs are sent from the server back to the client's
408          * source port, similar to the way TFTP works.  Set up a conversation
409          * accordingly.
410          *
411          * Ref: Section 7.2.1 of
412          * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
413          */
414         if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
415                 conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
416                                                                                         actx->pinfo->srcport, 0, NO_PORT_B);
417                 if (conversation == NULL) {
418                         conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
419                                                                                         actx->pinfo->srcport, 0, NO_PORT2);
420                         conversation_set_dissector(conversation, kerberos_handle_udp);
421                 }
422         }
423
424         %(DEFAULT_BODY)s
425
426 #.FN_BODY KRB-SAFE-BODY/user-data
427         tvbuff_t *new_tvb;
428         offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
429         if (new_tvb) {
430                 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, (kerberos_callbacks*)actx->private_data);
431         }
432
433 #.FN_BODY EncKrbPrivPart/user-data
434         tvbuff_t *new_tvb;
435         offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
436         if (new_tvb) {
437                 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data);
438         }
439
440 #.FN_HDR EncKDCRepPart/encrypted-pa-data
441         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
442         private_data->is_enc_padata = TRUE;
443
444 #.FN_FTR EncKDCRepPart/encrypted-pa-data
445         private_data->is_enc_padata = FALSE;
446
447 #.FN_HDR AS-REQ
448         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
449         private_data->msg_type = KRB5_MSG_AS_REQ;
450
451 #.FN_HDR AS-REP
452         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
453         private_data->msg_type = KRB5_MSG_AS_REP;
454
455 #.FN_HDR KRB-ERROR
456         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
457         private_data->msg_type = KRB5_MSG_ERROR;
458
459 #.FN_HDR TGS-REQ
460         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
461         private_data->msg_type = KRB5_MSG_TGS_REQ;
462
463 #.FN_HDR TGS-REP
464         kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
465         private_data->msg_type = KRB5_MSG_TGS_REP;
466
467 #.FN_BODY KrbFastArmoredReq/enc-fast-req
468 ##ifdef HAVE_KERBEROS
469         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
470 ##else
471 %(DEFAULT_BODY)s
472 ##endif
473         return offset;
474
475 #.FN_BODY KrbFastArmoredRep/enc-fast-rep
476 ##ifdef HAVE_KERBEROS
477         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
478 ##else
479 %(DEFAULT_BODY)s
480 ##endif
481         return offset;
482
483 #.FN_BODY EncryptedChallenge
484 ##ifdef HAVE_KERBEROS
485         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
486 ##else
487 %(DEFAULT_BODY)s
488 ##endif
489         return offset;