#include <epan/asn1.h>
#include <epan/expert.h>
#include <epan/prefs.h>
+#include <epan/proto_data.h>
#include <wsutil/wsgcrypt.h>
#include <wsutil/file_util.h>
#include <wsutil/str_util.h>
+#include <wsutil/pint.h>
#include "packet-kerberos.h"
#include "packet-netbios.h"
#include "packet-tcp.h"
guint32 msg_type;
gboolean kdc_response_initialized;
gboolean kdc_response;
+ guint32 errorcode;
+ gboolean try_nt_status;
guint32 etype;
guint32 padata_type;
guint32 is_enc_padata;
guint32 addr_type;
guint32 checksum_type;
const enc_key_t *last_decryption_key;
+ gboolean is_win2k_pkinit;
guint32 fast_type;
gboolean fast_armor_request;
gboolean fast_armor_within_enc_ticket_part;
/* Forward declarations */
static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_AuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
-static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static gint hf_krb_pac_namelen = -1;
static gint hf_krb_pac_clientname = -1;
static gint hf_krb_pac_logon_info = -1;
-static gint hf_krb_pac_credential_type = -1;
+static gint hf_krb_pac_credential_data = -1;
+static gint hf_krb_pac_credential_info = -1;
+static gint hf_krb_pac_credential_info_version = -1;
+static gint hf_krb_pac_credential_info_etype = -1;
static gint hf_krb_pac_s4u_delegation_info = -1;
static gint hf_krb_pac_upn_dns_info = -1;
static gint hf_krb_pac_upn_flags = -1;
static gint hf_krb_pac_server_checksum = -1;
static gint hf_krb_pac_privsvr_checksum = -1;
static gint hf_krb_pac_client_info_type = -1;
+static gint hf_krb_pac_client_claims_info = -1;
+static gint hf_krb_pac_device_info = -1;
+static gint hf_krb_pac_device_claims_info = -1;
static gint hf_krb_pa_supported_enctypes = -1;
static gint hf_krb_pa_supported_enctypes_des_cbc_crc = -1;
static gint hf_krb_pa_supported_enctypes_des_cbc_md5 = -1;
static gint ett_krb_pac_drep = -1;
static gint ett_krb_pac_midl_blob = -1;
static gint ett_krb_pac_logon_info = -1;
+static gint ett_krb_pac_credential_info = -1;
static gint ett_krb_pac_s4u_delegation_info = -1;
static gint ett_krb_pac_upn_dns_info = -1;
static gint ett_krb_pac_server_checksum = -1;
static dissector_handle_t krb4_handle=NULL;
/* Global variables */
-static guint32 krb5_errorcode;
static guint32 gbl_keytype;
static gboolean gbl_do_col_info;
static kerberos_private_data_t*
kerberos_get_private_data(asn1_ctx_t *actx)
{
- return kerberos_get_private_data_p(actx->pinfo);
+ if (actx->private_data == NULL) {
+ actx->private_data = kerberos_get_private_data_p(actx->pinfo);
+ }
+ return (kerberos_private_data_t *)(actx->private_data);
+}
+
+gboolean
+kerberos_is_win2k_pkinit(asn1_ctx_t *actx)
+{
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+
+ return private_data->is_win2k_pkinit;
}
#ifdef HAVE_KERBEROS
new_key->keyvalue=(char *)g_memdup(keyvalue, keylength);
}
+static void used_encryption_key(proto_tree *tree, packet_info *pinfo,
+ enc_key_t *ek, int usage, tvbuff_t *cryptotvb)
+{
+ kerberos_private_data_t *private_data = kerberos_get_private_data_p(pinfo);
+
+ proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
+ cryptotvb, 0, 0,
+ "Decrypted keytype %d usage %d in frame %u "
+ "using %s (%02x%02x%02x%02x...)",
+ ek->keytype, pinfo->fd->num, usage, ek->key_origin,
+ ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
+ ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
+
+ private_data->last_decryption_key = ek;
+}
+
+static void used_signing_key(proto_tree *tree, packet_info *pinfo,
+ enc_key_t *ek, tvbuff_t *tvb,
+ krb5_cksumtype checksum,
+ const char *reason)
+{
+ proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
+ tvb, 0, 0,
+ "%s checksum %d keytype %d in frame %u "
+ "using %s (%02x%02x%02x%02x...)",
+ reason, checksum, ek->keytype, pinfo->fd->num, ek->key_origin,
+ ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
+ ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
+}
+
static void
krb5_fast_key(packet_info *pinfo,
const enc_key_t *ek1, const char *p1,
p1);
krb5_free_keyblock(krb5_ctx, k);
ek = enc_key_list;
- expert_add_info_format(pinfo, NULL, &ei_kerberos_decrypted_keytype,
- "Decrypted keytype %d in frame %u using %s",
- ek->keytype, pinfo->fd->num, ek->key_origin);
-
- proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
- private_data->last_decryption_key = ek;
+ used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
/* return a private g_malloced blob to the caller */
user_data=data.data;
"strengthenkey");
krb5_free_keyblock(krb5_ctx, k);
ek = enc_key_list;
- expert_add_info_format(pinfo, NULL, &ei_kerberos_decrypted_keytype,
- "Decrypted keytype %d in frame %u using %s",
- ek->keytype, pinfo->fd->num, ek->key_origin);
-
- proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
- private_data->last_decryption_key = ek;
+ used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
/* return a private g_malloced blob to the caller */
user_data=data.data;
if(ret == 0){
char *user_data;
- expert_add_info_format(pinfo, NULL, &ei_kerberos_decrypted_keytype,
- "Decrypted keytype %d in frame %u using %s",
- ek->keytype, pinfo->num, ek->key_origin);
-
- proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
- private_data->last_decryption_key = ek;
+ used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
user_data=data.data;
if (datalen) {
}
USES_APPLE_RST
+extern krb5_error_code
+krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
+
+static void
+verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb)
+{
+ krb5_error_code ret;
+ enc_key_t *ek = NULL;;
+ krb5_data checksum_data = {0,0,NULL};
+ krb5_cksumtype server_checksum = 0;
+ krb5_cksumtype kdc_checksum = 0;
+ int length = tvb_captured_length(pactvb);
+ const guint8 *pacbuffer = NULL;
+ krb5_pac pac;
+
+ /* don't do anything if we are not attempting to decrypt data */
+ if(!krb_decrypt || length < 1){
+ return;
+ }
+
+ /* make sure we have all the data we need */
+ if (tvb_captured_length(pactvb) < tvb_reported_length(pactvb)) {
+ return;
+ }
+
+ pacbuffer = tvb_get_ptr(pactvb, 0, length);
+
+ ret = krb5_pac_parse(krb5_ctx, pacbuffer, length, &pac);
+ if (ret != 0) {
+ proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype,
+ pactvb, 0, 0,
+ "Failed to parse PAC buffer %d in frame %u",
+ ret, actx->pinfo->fd->num);
+ return;
+ }
+
+ ret = krb5_pac_get_buffer(krb5_ctx, pac, KRB5_PAC_SERVER_CHECKSUM,
+ &checksum_data);
+ if (ret == 0) {
+ server_checksum = pletoh32(checksum_data.data);
+ krb5_free_data_contents(krb5_ctx, &checksum_data);
+ };
+ ret = krb5_pac_get_buffer(krb5_ctx, pac, KRB5_PAC_PRIVSVR_CHECKSUM,
+ &checksum_data);
+ if (ret == 0) {
+ kdc_checksum = pletoh32(checksum_data.data);
+ krb5_free_data_contents(krb5_ctx, &checksum_data);
+ };
+
+ read_keytab_file_from_preferences();
+
+ for(ek=enc_key_list;ek;ek=ek->next){
+ krb5_keyblock keyblock;
+ krb5_cksumtype checksumtype = 0;
+
+ if (server_checksum == 0 && kdc_checksum == 0) {
+ break;
+ }
+
+ ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype,
+ &checksumtype);
+ if (ret != 0) {
+ continue;
+ }
+
+ keyblock.magic = KV5M_KEYBLOCK;
+ keyblock.enctype = ek->keytype;
+ keyblock.length = ek->keylength;
+ keyblock.contents = (guint8 *)ek->keyvalue;
+
+ if (checksumtype == server_checksum) {
+ ret = krb5_pac_verify(krb5_ctx, pac, 0, NULL,
+ &keyblock, NULL);
+ if (ret == 0) {
+ used_signing_key(tree, actx->pinfo, ek, pactvb,
+ server_checksum, "Verified Server");
+ server_checksum = 0;
+ }
+ }
+
+ if (checksumtype == kdc_checksum) {
+ ret = krb5_pac_verify(krb5_ctx, pac, 0, NULL,
+ NULL, &keyblock);
+ if (ret == 0) {
+ used_signing_key(tree, actx->pinfo, ek, pactvb,
+ kdc_checksum, "Verified KDC");
+ kdc_checksum = 0;
+ }
+ }
+
+ }
+
+ krb5_pac_free(krb5_ctx, pac);
+}
+
#elif defined(HAVE_HEIMDAL_KERBEROS)
static krb5_context krb5_ctx;
if((ret == 0) && (length>0)){
char *user_data;
- expert_add_info_format(pinfo, NULL, &ei_kerberos_decrypted_keytype,
- "Decrypted keytype %d in frame %u using %s",
- ek->keytype, pinfo->num, ek->key_origin);
-
- proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
+ proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
+ NULL, 0, 0,
+ "Decrypted keytype %d in frame %u using %s",
+ ek->keytype, pinfo->num, ek->key_origin);
krb5_crypto_destroy(krb5_ctx, crypto);
/* return a private wmem_alloced blob to the caller */
#define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
#define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
#define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
+#define KRB5_ET_KDC_ERR_PREAUTH_EXPIRED 90
+#define KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED 91
+#define KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET 92
+#define KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS 93
static const value_string krb5_error_codes[] = {
{ KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
{ KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
{ KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
{ KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
+ { KRB5_ET_KDC_ERR_PREAUTH_EXPIRED, "KDC_ERR_PREAUTH_EXPIRED" },
+ { KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED, "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED" },
+ { KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET, "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET" },
+ { KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS, "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS" },
{ 0, NULL }
};
#define PAC_PRIVSVR_CHECKSUM 7
#define PAC_CLIENT_INFO_TYPE 10
#define PAC_S4U_DELEGATION_INFO 11
-#define PAC_UPN_DNS_INFO 12
+#define PAC_UPN_DNS_INFO 12
+#define PAC_CLIENT_CLAIMS_INFO 13
+#define PAC_DEVICE_INFO 14
+#define PAC_DEVICE_CLAIMS_INFO 15
static const value_string w2k_pac_types[] = {
{ PAC_LOGON_INFO , "Logon Info" },
- { PAC_CREDENTIAL_TYPE , "Credential Type" },
- { PAC_SERVER_CHECKSUM , "Server Checksum" },
- { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
- { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
- { PAC_S4U_DELEGATION_INFO, "S4U Delegation Info" },
+ { PAC_CREDENTIAL_TYPE , "Credential Type" },
+ { PAC_SERVER_CHECKSUM , "Server Checksum" },
+ { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
+ { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
+ { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" },
{ PAC_UPN_DNS_INFO , "UPN DNS Info" },
+ { PAC_CLIENT_CLAIMS_INFO , "Client Claims Info" },
+ { PAC_DEVICE_INFO , "Device Info" },
+ { PAC_DEVICE_CLAIMS_INFO , "Device Claims Info" },
{ 0, NULL },
};
return offset;
}
+static int
+dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
+ * 7.5.1
+ * Authenticators are encrypted with usage
+ * == 5 or
+ * == 4
+ */
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, private_data->etype, NULL);
+
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, private_data->etype, NULL);
+ }
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_AuthorizationData(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
+
static int
dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
proto_tree *tree, int hf_index _U_)
if(plaintext){
tvbuff_t *child_tvb;
child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
- tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
if(plaintext){
tvbuff_t *child_tvb;
child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
- tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
if(plaintext){
tvbuff_t *child_tvb;
child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
- tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
static int
dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
{
- guint32 nt_status;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ gint remaining = tvb_reported_length_remaining(tvb, offset);
+ guint32 nt_status = 0;
+ guint32 val_0 = 0;
+ guint32 val_1 = 0;
+
+ if (private_data->errorcode == 0) {
+ goto no_error;
+ }
+
+ if (!private_data->try_nt_status) {
+ goto no_error;
+ }
+
+ if (remaining != 12) {
+ goto no_error;
+ }
+
+ nt_status=tvb_get_letohl(tvb, offset);
+ val_0=tvb_get_letohl(tvb, offset + 4);
+ val_1=tvb_get_letohl(tvb, offset + 8);
+
+ if (val_0 != 0 || val_1 != 1) {
+ goto no_error;
+ }
/* Microsoft stores a special 12 byte blob here
* guint32 NT_status
- * guint32 unknown
- * guint32 unknown
- * decode everything as this blob for now until we see if anyone
- * else ever uses it or we learn how to tell whether this
- * is such an MS blob or not.
+ * guint32 unknown (== 0)
+ * guint32 unknown (== 1)
*/
proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
ENC_LITTLE_ENDIAN);
offset += 4;
return offset;
+
+ no_error:
+ return offset + remaining;
}
static int
return offset;
}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
+{
+ proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
+{
+ proto_item *item;
+ proto_tree *tree;
+ guint32 etype;
+ guint8 *plaintext = NULL;
+ int plainlen = 0;
+ int length;
+ tvbuff_t *next_tvb;
+#define KRB5_KU_OTHER_ENCRYPTED 16
+ int usage = KRB5_KU_OTHER_ENCRYPTED;
+
+ item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_krb_pac_credential_info);
+
+ /* version */
+ proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb,
+ offset, 4, ENC_LITTLE_ENDIAN);
+ offset+=4;
+
+ /* etype */
+ etype = tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb,
+ offset, 4, ENC_LITTLE_ENDIAN);
+ offset+=4;
+
+ /* data */
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen);
+
+ if (plaintext != NULL) {
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo);
+ }
+
+ return offset + length;
+}
+
static int
dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
{
}
static int
-dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+dissect_krb5_PAC_CLIENT_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
- proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA);
+ proto_tree_add_item(parent_tree, hf_krb_pac_client_claims_info, tvb, offset, -1, ENC_NA);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_DEVICE_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+ proto_tree_add_item(parent_tree, hf_krb_pac_device_info, tvb, offset, -1, ENC_NA);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_DEVICE_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+ proto_tree_add_item(parent_tree, hf_krb_pac_device_claims_info, tvb, offset, -1, ENC_NA);
return offset;
}
dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
break;
case PAC_CREDENTIAL_TYPE:
- dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx);
+ dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx);
break;
case PAC_SERVER_CHECKSUM:
dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
case PAC_UPN_DNS_INFO:
dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
break;
+ case PAC_CLIENT_CLAIMS_INFO:
+ dissect_krb5_PAC_CLIENT_CLAIMS_INFO(tr, next_tvb, 0, actx);
+ break;
+ case PAC_DEVICE_INFO:
+ dissect_krb5_PAC_DEVICE_INFO(tr, next_tvb, 0, actx);
+ break;
+ case PAC_DEVICE_CLAIMS_INFO:
+ dissect_krb5_PAC_DEVICE_CLAIMS_INFO(tr, next_tvb, 0, actx);
+ break;
default:
break;
guint32 version;
guint32 i;
+#ifdef HAVE_KERBEROS
+ verify_krb5_pac(tree, actx, tvb);
+#endif
+
/* first in the PAC structure comes the number of entries */
entries=tvb_get_letohl(tvb, offset);
proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
{ &hf_krb_pac_logon_info, {
"PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
- { &hf_krb_pac_credential_type, {
- "PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE,
- NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
+ { &hf_krb_pac_credential_data, {
+ "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }},
+ { &hf_krb_pac_credential_info, {
+ "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }},
+ { &hf_krb_pac_credential_info_version, {
+ "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_credential_info_etype, {
+ "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_pac_server_checksum, {
"PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
{ &hf_krb_pac_upn_dns_name, {
"DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_client_claims_info, {
+ "PAC_CLIENT_CLAIMS_INFO", "kerberos.pac_client_claims_info", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CLIENT_CLAIMS_INFO structure", HFILL }},
+ { &hf_krb_pac_device_info, {
+ "PAC_DEVICE_INFO", "kerberos.pac_device_info", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_DEVICE_INFO structure", HFILL }},
+ { &hf_krb_pac_device_claims_info, {
+ "PAC_DEVICE_CLAIMS_INFO", "kerberos.pac_device_claims_info", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_DEVICE_CLAIMS_INFO structure", HFILL }},
{ &hf_krb_pa_supported_enctypes,
{ "SupportedEnctypes", "kerberos.supported_entypes",
FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
FT_BOOLEAN, 32, TFS(&supported_tfs), 0x00040000, NULL, HFILL }},
{ &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled,
{ "resource-sid-compression-disabled", "kerberos.supported_entypes.resource-sid-compression-disabled",
- FT_BOOLEAN, 32, TFS(&supported_tfs), 0x00040000, NULL, HFILL }},
+ FT_BOOLEAN, 32, TFS(&supported_tfs), 0x00080000, NULL, HFILL }},
{ &hf_krb_ad_ap_options,
{ "AD-AP-Options", "kerberos.ad_ap_options",
FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
&ett_krb_pac_drep,
&ett_krb_pac_midl_blob,
&ett_krb_pac_logon_info,
+ &ett_krb_pac_credential_info,
&ett_krb_pac_s4u_delegation_info,
&ett_krb_pac_upn_dns_info,
&ett_krb_pac_server_checksum,