2 # kerberos conformation file
3 # Copyright 2008 Anders Broman
10 KDC-REQ-BODY/etype kDC-REQ-BODY_etype
11 KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
12 EncKrbPrivPart/user-data encKrbPrivPart_user_data
13 EncryptedTicketData/cipher encryptedTicketData_cipher
14 EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
15 EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
16 PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
17 EncryptedAPREPData/cipher encryptedAPREPData_cipher
18 EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
19 EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
20 KRB-CRED/_untag/enc-part kRB_CRED_enc_part
21 KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
22 AP-REP/_untag/enc-part aP_REP_enc_part
23 KDC-REP/enc-part kDC_REP_enc_part
24 Ticket/_untag/enc-part ticket_enc_part
35 KRB5SignedPathPrincipals
38 PA-ClientCanonicalized
39 PA-ClientCanonicalizedNames
40 PA-ENC-SAM-RESPONSE-ENC
43 PA-SAM-CHALLENGE-2-BODY
47 PA-SERVER-REFERRAL-DATA
67 Applications TYPE_PREFIX
70 PADATA-TYPE PROT_PREFIX UPPER_CASE
71 AUTHDATA-TYPE PROT_PREFIX UPPER_CASE
74 PADATA-TYPE UPPER_CASE_FIRST
75 AUTHDATA-TYPE UPPER_CASE_FIRST
78 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
80 if (!private_data->kdc_response_initialized) {
81 private_data->kdc_response = TRUE;
84 #.FN_BODY Applications
85 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
87 private_data->kdc_response_initialized = TRUE;
89 #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
95 if (gbl_do_col_info) {
96 col_add_str(actx->pinfo->cinfo, COL_INFO,
97 val_to_str(msgtype, krb5_msg_types,
98 "Unknown msg type %#x"));
100 gbl_do_col_info=FALSE;
103 /* append the application type to the tree */
104 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
107 #.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
112 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
114 val_to_str(krb5_errorcode, krb5_error_codes,
115 "Unknown error code %#x"));
120 #.FN_BODY KRB-ERROR/_untag/e-data
121 switch(krb5_errorcode){
122 case KRB5_ET_KRB5KDC_ERR_BADOPTION:
123 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
124 case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
125 case KRB5_ET_KRB5KDC_ERR_POLICY:
126 /* ms windows kdc sends e-data of this type containing a "salt"
127 * that contains the nt_status code for these error codes.
129 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
131 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
132 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
133 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
134 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
138 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
142 #.FN_BODY PADATA-TYPE VAL_PTR=&(private_data->padata_type)
143 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
147 proto_item_append_text(tree, " %s",
148 val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
152 #.FN_BODY PA-DATA/padata-value
153 proto_tree *sub_tree=tree;
154 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
156 if(actx->created_item){
157 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
160 switch(private_data->padata_type){
161 case KERBEROS_PA_TGS_REQ:
162 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
164 case KERBEROS_PA_PK_AS_REQ:
165 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
167 case KERBEROS_PA_PK_AS_REP:
168 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
170 case KERBEROS_PA_PAC_REQUEST:
171 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST);
173 case KERBEROS_PA_FOR_USER: /* S4U2SELF */
174 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
176 case KERBEROS_PA_PROV_SRV_LOCATION:
177 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
179 case KERBEROS_PA_ENC_TIMESTAMP:
180 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
182 case KERBEROS_PA_ENCTYPE_INFO:
183 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
185 case KERBEROS_PA_ENCTYPE_INFO2:
186 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
188 case KERBEROS_PA_PW_SALT:
189 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
191 case KERBEROS_PA_AUTH_SET_SELECTED:
192 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
194 case KERBEROS_PA_FX_FAST:
195 if (private_data->kdc_response) {
196 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
198 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
201 case KERBEROS_PA_FX_ERROR:
202 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
204 case KERBEROS_PA_ENCRYPTED_CHALLENGE:
205 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
207 case KERBEROS_PA_SUPPORTED_ETYPES:
208 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES);
210 case KERBEROS_PA_PAC_OPTIONS:
211 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_OPTIONS);
214 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
217 #.FN_BODY HostAddress/address
222 const char *address_str;
224 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
226 /* read header and len for the octet string */
227 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
228 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
230 switch(private_data->addr_type){
231 case KERBEROS_ADDR_TYPE_IPV4:
232 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
233 address_str = tvb_ip_to_str(tvb, offset);
235 case KERBEROS_ADDR_TYPE_NETBIOS:
237 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
238 int netbios_name_type;
239 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
241 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
242 address_str = wmem_strdup_printf(wmem_packet_scope(), "%s<%02x>", netbios_name, netbios_name_type);
243 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
246 case KERBEROS_ADDR_TYPE_IPV6:
247 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
248 address_str = tvb_ip6_to_str(tvb, offset);
251 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len);
255 /* push it up two levels in the decode pane */
256 if(it && address_str){
257 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
258 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
266 #xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
268 #.FN_BODY ENCTYPE VAL_PTR=&(private_data->etype)
269 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
272 #.FN_BODY EncryptedTicketData/cipher
273 ##ifdef HAVE_KERBEROS
274 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
280 #.FN_BODY EncryptedAuthorizationData/cipher
281 ##ifdef HAVE_KERBEROS
282 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
288 #.FN_BODY EncryptedKDCREPData/cipher
289 ##ifdef HAVE_KERBEROS
290 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
296 #.FN_BODY PA-ENC-TIMESTAMP/cipher
297 ##ifdef HAVE_KERBEROS
298 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
304 #.FN_BODY EncryptedAPREPData/cipher
305 ##ifdef HAVE_KERBEROS
306 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
312 #.FN_BODY EncryptedKrbPrivData/cipher
313 ##ifdef HAVE_KERBEROS
314 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
320 #.FN_BODY EncryptedKrbCredData/cipher
321 ##ifdef HAVE_KERBEROS
322 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
329 #.FN_BODY CKSUMTYPE VAL_PTR=&(private_data->checksum_type)
330 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
333 #.FN_BODY Checksum/checksum
335 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
337 switch(private_data->checksum_type){
338 case KRB5_CHKSUM_GSSAPI:
339 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
340 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
343 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
347 #.FN_BODY EncryptionKey/keytype VAL_PTR=&gbl_keytype
348 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
350 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
352 private_data->key.keytype = gbl_keytype;
354 #.FN_BODY EncryptionKey/keyvalue VAL_PTR=&out_tvb
356 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
360 private_data->key.keylength = tvb_reported_length(out_tvb);
361 private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength);
363 #.FN_BODY EncryptionKey
364 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
368 if (private_data->key.keytype != 0 && private_data->key.keylength > 0) {
369 ##ifdef HAVE_KERBEROS
370 add_encryption_key(actx->pinfo, private_data->key.keytype, private_data->key.keylength, private_data->key.keyvalue, "key");
374 #.FN_BODY AUTHDATA-TYPE VAL_PTR=&(private_data->ad_type)
375 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
378 #.FN_BODY AuthorizationData/_item/ad-data
379 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
381 switch(private_data->ad_type){
382 case KERBEROS_AD_WIN2K_PAC:
383 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
385 case KERBEROS_AD_IF_RELEVANT:
386 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
388 case KERBEROS_AD_TOKEN_RESTRICTIONS:
389 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY);
392 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
395 #.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type)
396 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
399 #.FN_BODY KDC-REQ-BODY
400 conversation_t *conversation;
403 * UDP replies to KDC_REQs are sent from the server back to the client's
404 * source port, similar to the way TFTP works. Set up a conversation
407 * Ref: Section 7.2.1 of
408 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
410 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
411 conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
412 actx->pinfo->srcport, 0, NO_PORT_B);
413 if (conversation == NULL) {
414 conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
415 actx->pinfo->srcport, 0, NO_PORT2);
416 conversation_set_dissector(conversation, kerberos_handle_udp);
422 #.FN_BODY KRB-SAFE-BODY/user-data
424 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
426 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, (kerberos_callbacks*)actx->private_data);
429 #.FN_BODY EncKrbPrivPart/user-data
431 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
433 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data);
436 #.FN_BODY KrbFastArmoredReq/enc-fast-req
437 ##ifdef HAVE_KERBEROS
438 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
444 #.FN_BODY KrbFastArmoredRep/enc-fast-rep
445 ##ifdef HAVE_KERBEROS
446 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
452 #.FN_BODY EncryptedChallenge
453 ##ifdef HAVE_KERBEROS
454 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);