#include "packet-smb-common.h"
#include "packet-x509af.h"
+#define KEY_USAGE_FAST_REQ_CHKSUM 50
+#define KEY_USAGE_FAST_ENC 51
+#define KEY_USAGE_FAST_REP 52
+#define KEY_USAGE_FAST_FINISHED 53
+#define KEY_USAGE_ENC_CHALLENGE_CLIENT 54
+#define KEY_USAGE_ENC_CHALLENGE_KDC 55
+
void proto_register_kerberos(void);
void proto_reg_handoff_kerberos(void);
typedef struct {
guint32 msg_type;
+ gboolean kdc_response_initialized;
+ gboolean kdc_response;
guint32 etype;
guint32 padata_type;
guint32 is_enc_padata;
/* Forward declarations */
static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
-static int dissect_kerberos_PA_AUTHENTICATION_SET(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
-static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
/* Desegment Kerberos over TCP messages */
static gboolean krb_desegment = TRUE;
* unless it's expired.
*/
-/* pre-authentication type constants */
-#define KRB5_PA_TGS_REQ 1
-#define KRB5_PA_ENC_TIMESTAMP 2
-#define KRB5_PA_PW_SALT 3
-#define KRB5_PA_ENC_ENCKEY 4
-#define KRB5_PA_ENC_UNIX_TIME 5
-#define KRB5_PA_ENC_SANDIA_SECURID 6
-#define KRB5_PA_SESAME 7
-#define KRB5_PA_OSF_DCE 8
-#define KRB5_PA_CYBERSAFE_SECUREID 9
-#define KRB5_PA_AFS3_SALT 10
-#define KRB5_PA_ENCTYPE_INFO 11
-#define KRB5_PA_SAM_CHALLENGE 12
-#define KRB5_PA_SAM_RESPONSE 13
-#define KRB5_PA_PK_AS_REQ 14
-#define KRB5_PA_PK_AS_REP 15
-#define KRB5_PA_DASS 16
-#define KRB5_PA_PK_AS_REP_17 17
-#define KRB5_PA_ENCTYPE_INFO2 19
-#define KRB5_PA_USE_SPECIFIED_KVNO 20
-#define KRB5_PA_SAM_REDIRECT 21
-#define KRB5_PA_GET_FROM_TYPED_DATA 22
-#define KRB5_PA_SAM_ETYPE_INFO 23
-#define KRB5_PA_ALT_PRINC 24
-#define KRB5_PA_SAM_CHALLENGE2 30
-#define KRB5_PA_SAM_RESPONSE2 31
-#define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
-#define KRB5_TD_KRB_PRINCIPAL 102
-#define KRB5_TD_KRB_REALM 103
-#define KRB5_TD_TRUSTED_CERTIFIERS 104
-#define KRB5_TD_CERTIFICATE_INDEX 105
-#define KRB5_TD_APP_DEFINED_ERROR 106
-#define KRB5_TD_REQ_NONCE 107
-#define KRB5_TD_REQ_SEQ 108
-/* preauthentication types >127 (i.e. negative ones) are app specific.
- however since Microsoft is the dominant(only?) user of types in this range
- we also treat the type as unsigned.
-*/
-#define KRB5_PA_PAC_REQUEST 128 /* (Microsoft extension) */
-#define KRB5_PA_FOR_USER 129 /* Impersonation (Microsoft extension) See [MS-SFU]. XXX - replaced by KRB5_PA_S4U2SELF */
-#define KRB5_PA_S4U2SELF 129
-#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */
-#define KRB5_PADATA_FX_COOKIE 133
-#define KRB5_PA_AUTHENTICATION_SET 134
-#define KRB5_PADATA_FX_FAST 136
-#define KRB5_PADATA_FX_ERROR 137
-#define KRB5_PADATA_ENCRYPTED_CHALLENGE 138
-#define KRB5_PADATA_PKINIT_KX 147
-#define KRB5_ENCPADATA_REQ_ENC_PA_REP 149
-
-
-#define KRB5_PA_PROV_SRV_LOCATION 0xffffffff /* (gint32)0xFF) packetcable stuff */
/* Principal name-type */
#define KRB5_NT_UNKNOWN 0
#define KRB5_NT_PRINCIPAL 1
{ 0, NULL },
};
-#if 0
-static const value_string krb5_princ_types[] = {
- { KRB5_NT_UNKNOWN , "Unknown" },
- { KRB5_NT_PRINCIPAL , "Principal" },
- { KRB5_NT_SRV_INST , "Service and Instance" },
- { KRB5_NT_SRV_HST , "Service and Host" },
- { KRB5_NT_SRV_XHST , "Service and Host Components" },
- { KRB5_NT_UID , "Unique ID" },
- { KRB5_NT_X500_PRINCIPAL , "Encoded X.509 Distinguished Name" },
- { KRB5_NT_SMTP_NAME , "SMTP Name" },
- { KRB5_NT_ENTERPRISE , "Enterprise Name" },
- { KRB5_NT_MS_PRINCIPAL , "NT 4.0 style name (MS specific)" },
- { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
- { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
- { KRB5_NT_PRINCIPAL_AND_SID , "Principal name and SID (MS specific)"},
- { KRB5_NT_SRV_INST_AND_SID , "SPN and SID (MS specific)"},
- { 0 , NULL },
-};
-#endif
-
-static const value_string krb5_preauthentication_types[] = {
- { KRB5_PA_TGS_REQ , "PA-TGS-REQ" },
- { KRB5_PA_ENC_TIMESTAMP , "PA-ENC-TIMESTAMP" },
- { KRB5_PA_PW_SALT , "PA-PW-SALT" },
- { KRB5_PA_ENC_ENCKEY , "PA-ENC-ENCKEY" },
- { KRB5_PA_ENC_UNIX_TIME , "PA-ENC-UNIX-TIME" },
- { KRB5_PA_ENC_SANDIA_SECURID , "PA-PW-SALT" },
- { KRB5_PA_SESAME , "PA-SESAME" },
- { KRB5_PA_OSF_DCE , "PA-OSF-DCE" },
- { KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
- { KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
- { KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
- { KRB5_PA_ENCTYPE_INFO2 , "PA-ENCTYPE-INFO2" },
- { KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
- { KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
- { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
- { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" },
- { KRB5_PA_DASS , "PA-DASS" },
- { KRB5_PA_PK_AS_REP_17 , "PA-PK-AS-REP-17" },
- { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" },
- { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" },
- { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" },
- { KRB5_PA_SAM_ETYPE_INFO , "PA-SAM-ETYPE-INFO" },
- { KRB5_PA_ALT_PRINC , "PA-ALT-PRINC" },
- { KRB5_PA_SAM_CHALLENGE2 , "PA-SAM-CHALLENGE2" },
- { KRB5_PA_SAM_RESPONSE2 , "PA-SAM-RESPONSE2" },
- { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
- { KRB5_TD_KRB_PRINCIPAL , "TD-KRB-PRINCIPAL" },
- { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
- { KRB5_TD_TRUSTED_CERTIFIERS , "TD-TRUSTED-CERTIFIERS" },
- { KRB5_TD_CERTIFICATE_INDEX , "TD-CERTIFICATE-INDEX" },
- { KRB5_TD_APP_DEFINED_ERROR , "TD-APP-DEFINED-ERROR" },
- { KRB5_TD_REQ_NONCE , "TD-REQ-NONCE" },
- { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" },
- { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" },
- { KRB5_PA_FOR_USER , "PA-FOR-USER" },
- { KRB5_PADATA_S4U_X509_USER , "PA-S4U-X509-USER" },
- { KRB5_PADATA_FX_COOKIE , "PA-FX-COOKIE" },
- { KRB5_PA_AUTHENTICATION_SET , "KRB5-PA-AUTHENTICATION-SET" },
-
- { KRB5_PADATA_FX_FAST , "PA-FX-FAST" },
- { KRB5_PADATA_FX_ERROR , "PA-FX-ERROR" },
- { KRB5_PADATA_ENCRYPTED_CHALLENGE , "PA-ENCRYPTED-CHALLENGE" },
- { KRB5_PADATA_PKINIT_KX , "PA-PKINIT-KX" },
- { KRB5_ENCPADATA_REQ_ENC_PA_REP , "PA-REQ-ENC-PA-REP" },
- { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" },
- { 0 , NULL },
-};
-
-#define KRB5_AD_IF_RELEVANT 1
-#define KRB5_AD_INTENDED_FOR_SERVER 2
-#define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS 3
-#define KRB5_AD_KDC_ISSUED 4
-#define KRB5_AD_OR 5
-#define KRB5_AD_MANDATORY_TICKET_EXTENSIONS 6
-#define KRB5_AD_IN_TICKET_EXTENSIONS 7
-#define KRB5_AD_MANDATORY_FOR_KDC 8
-#define KRB5_AD_OSF_DCE 64
-#define KRB5_AD_SESAME 65
-#define KRB5_AD_OSF_DCE_PKI_CERTID 66
-#define KRB5_AD_WIN2K_PAC 128
-#define KRB5_AD_SIGNTICKET 0xffffffef
-
-static const value_string krb5_ad_types[] = {
- { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" },
- { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" },
- { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS , "AD-Intended-For-Application-Class" },
- { KRB5_AD_KDC_ISSUED , "AD-KDCIssued" },
- { KRB5_AD_OR , "AD-AND-OR" },
- { KRB5_AD_MANDATORY_TICKET_EXTENSIONS , "AD-Mandatory-Ticket-Extensions" },
- { KRB5_AD_IN_TICKET_EXTENSIONS , "AD-IN-Ticket-Extensions" },
- { KRB5_AD_MANDATORY_FOR_KDC , "AD-MANDATORY-FOR-KDC" },
- { KRB5_AD_OSF_DCE , "AD-OSF-DCE" },
- { KRB5_AD_SESAME , "AD-SESAME" },
- { KRB5_AD_OSF_DCE_PKI_CERTID , "AD-OSF-DCE-PKI-CertID" },
- { KRB5_AD_WIN2K_PAC , "AD-Win2k-PAC" },
- { KRB5_AD_SIGNTICKET , "AD-SignTicket" },
- { 0 , NULL },
-};
-#if 0
-static const value_string krb5_transited_types[] = {
- { 1 , "DOMAIN-X500-COMPRESS" },
- { 0 , NULL }
-};
-#endif
-
static const value_string krb5_msg_types[] = {
{ KRB5_MSG_TICKET, "Ticket" },
{ KRB5_MSG_AUTHENTICATOR, "Authenticator" },
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
- offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
}
return offset;
}
}
return offset;
}
+
+static int
+dissect_krb5_decrypt_KrbFastReq(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /* RFC6113 :
+ * KrbFastResponse encrypted with usage
+ * KEY_USAGE_FAST_ENC 51
+ */
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, KEY_USAGE_FAST_ENC,
+ next_tvb, private_data->etype, NULL);
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+ tvb_set_free_cb(child_tvb, g_free);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_KrbFastReq(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
+
+static int
+dissect_krb5_decrypt_KrbFastResponse(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /*
+ * RFC6113 :
+ * KrbFastResponse encrypted with usage
+ * KEY_USAGE_FAST_REP 52
+ */
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, KEY_USAGE_FAST_REP,
+ next_tvb, private_data->etype, NULL);
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+ tvb_set_free_cb(child_tvb, g_free);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_KrbFastResponse(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
+
+static int
+dissect_krb5_decrypt_EncryptedChallenge(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+ int usage = 0;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /* RFC6113 :
+ * KEY_USAGE_ENC_CHALLENGE_CLIENT 54
+ * KEY_USAGE_ENC_CHALLENGE_KDC 55
+ */
+ if (private_data->kdc_response) {
+ usage = KEY_USAGE_ENC_CHALLENGE_KDC;
+ } else {
+ usage = KEY_USAGE_ENC_CHALLENGE_CLIENT;
+ }
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, private_data->etype, NULL);
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+ tvb_set_free_cb(child_tvb, g_free);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
#endif
/* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.