kerberos: kerberos_private_is_kdc_req
authorStefan Metzmacher <metze@samba.org>
Thu, 10 Jan 2019 10:11:25 +0000 (11:11 +0100)
committerStefan Metzmacher <metze@samba.org>
Sun, 20 Jan 2019 22:14:58 +0000 (23:14 +0100)
Change-Id: Ifae42c79ca8ff9826bb48d0d2e56bbc123277277

epan/dissectors/asn1/kerberos/kerberos.cnf
epan/dissectors/asn1/kerberos/packet-kerberos-template.c

index 7c450f1..73a9090 100644 (file)
@@ -82,27 +82,6 @@ PADATA-TYPE UPPER_CASE_FIRST
 AUTHDATA-TYPE UPPER_CASE_FIRST
 KrbFastArmorTypes UPPER_CASE_FIRST
 
-#.FN_BODY KDC-REP
-       kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
-       if (!private_data->kdc_response_initialized) {
-               private_data->kdc_response = TRUE;
-               private_data->kdc_response_initialized = TRUE;
-       }
-%(DEFAULT_BODY)s
-
-#.FN_BODY KRB-ERROR
-       // TODO kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
-       if (!private_data->kdc_response_initialized) {
-               private_data->kdc_response = TRUE;
-               private_data->kdc_response_initialized = TRUE;
-       }
-%(DEFAULT_BODY)s
-
-#.FN_BODY Applications
-       kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
-%(DEFAULT_BODY)s
-       private_data->kdc_response_initialized = TRUE;
-
 #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
        kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
        guint32 msgtype;
@@ -239,8 +218,7 @@ KrbFastArmorTypes UPPER_CASE_FIRST
                offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
                break;
        case KERBEROS_PA_FX_FAST:
-               // TODO if (!private_data->kdc_response) { cee8d8d0be... STEP01x ? OK RFC6113.asn ....
-               if(private_data->msg_type == KRB5_MSG_AS_REQ || private_data->msg_type == KRB5_MSG_TGS_REQ){
+               if (kerberos_private_is_kdc_req(private_data)) {
                        offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
                }else{
                        offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
index 686981c..61ef5bc 100644 (file)
@@ -100,8 +100,6 @@ typedef struct kerberos_key {
 
 typedef struct {
        guint32 msg_type;
-       gboolean kdc_response_initialized;
-       gboolean kdc_response;
        guint32 errorcode;
        gboolean try_nt_status;
        guint32 etype;
@@ -296,6 +294,18 @@ kerberos_is_win2k_pkinit(asn1_ctx_t *actx)
        return private_data->is_win2k_pkinit;
 }
 
+static gboolean
+kerberos_private_is_kdc_req(kerberos_private_data_t *private_data)
+{
+       switch (private_data->msg_type) {
+       case KERBEROS_APPLICATIONS_AS_REQ:
+       case KERBEROS_APPLICATIONS_TGS_REQ:
+               return TRUE;
+       }
+
+       return FALSE;
+}
+
 #ifdef HAVE_KERBEROS
 
 /* Decrypt Kerberos blobs */
@@ -609,10 +619,10 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
                        k2.length = ek->keylength;
                        k2.contents = (guint8 *)ek->keyvalue;
 
-                       if (private_data->kdc_response) {
-                               p1 = "kdcchallengearmor";
-                       } else {
+                       if (kerberos_private_is_kdc_req(private_data)) {
                                p1 = "clientchallengearmor";
+                       } else {
+                               p1 = "kdcchallengearmor";
                        }
 
                        ret = krb5_c_fx_cf2_simple(krb5_ctx,
@@ -1826,10 +1836,10 @@ dissect_krb5_decrypt_EncryptedChallenge(gboolean imp_tag _U_, tvbuff_t *tvb, int
         * KEY_USAGE_ENC_CHALLENGE_CLIENT  54
         * KEY_USAGE_ENC_CHALLENGE_KDC     55
         */
-       if (private_data->kdc_response) {
-               usage = KEY_USAGE_ENC_CHALLENGE_KDC;
-       } else {
+       if (kerberos_private_is_kdc_req(private_data)) {
                usage = KEY_USAGE_ENC_CHALLENGE_CLIENT;
+       } else {
+               usage = KEY_USAGE_ENC_CHALLENGE_KDC;
        }
        plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, private_data->etype, NULL);