Applications ONLY_ENUM
#.FIELD_RENAME
-#EncryptedData/etype encryptedData_etype
KDC-REQ-BODY/etype kDC-REQ-BODY_etype
KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
EncKrbPrivPart/user-data encKrbPrivPart_user_data
Krb5uint32
PA-ClientCanonicalized
PA-ClientCanonicalizedNames
-PA-ENC-TS-ENC
PA-ENC-SAM-RESPONSE-ENC
PA-PAC-REQUEST
PA-SAM-CHALLENGE-2
PADATA-TYPE UPPER_CASE_FIRST
AUTHDATA-TYPE UPPER_CASE_FIRST
+#.FN_BODY KDC-REP
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+%(DEFAULT_BODY)s
+ if (!private_data->kdc_response_initialized) {
+ private_data->kdc_response = TRUE;
+ }
+
+#.FN_BODY Applications
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+%(DEFAULT_BODY)s
+ private_data->kdc_response_initialized = TRUE;
+
#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
guint32 msgtype;
case KERBEROS_PA_PW_SALT:
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
break;
- case KERBEROS_PA_AUTHENTICATION_SET:
- offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET);
+ case KERBEROS_PA_AUTH_SET_SELECTED:
+ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
break;
- case KERBEROS_PADATA_FX_FAST:
- if(private_data->is_request){
- offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
- }else{
+ case KERBEROS_PA_FX_FAST:
+ if (private_data->kdc_response) {
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
+ } else {
+ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
}
break;
- case KERBEROS_PADATA_ENCRYPTED_CHALLENGE:
+ case KERBEROS_PA_FX_ERROR:
+ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
+ break;
+ case KERBEROS_PA_ENCRYPTED_CHALLENGE:
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
break;
default:
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data);
}
-#.FN_HDR AS-REQ
- kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
- private_data->is_request = TRUE;
+#.FN_BODY KrbFastArmoredReq/enc-fast-req
+##ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
+##else
+%(DEFAULT_BODY)s
+##endif
+ return offset;
-#.FN_HDR AS-REP
- kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
- private_data->is_request = FALSE;
+#.FN_BODY KrbFastArmoredRep/enc-fast-rep
+##ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
+##else
+%(DEFAULT_BODY)s
+##endif
+ return offset;
-#.FN_HDR KRB-ERROR
- kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
- private_data->is_request = FALSE;
+#.FN_BODY EncryptedChallenge
+##ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
+##else
+%(DEFAULT_BODY)s
+##endif
+ return offset;
#include "packet-gssapi.h"
#include "packet-smb-common.h"
+#define KEY_USAGE_FAST_REQ_CHKSUM 50
+#define KEY_USAGE_FAST_ENC 51
+#define KEY_USAGE_FAST_REP 52
+#define KEY_USAGE_FAST_FINISHED 53
+#define KEY_USAGE_ENC_CHALLENGE_CLIENT 54
+#define KEY_USAGE_ENC_CHALLENGE_KDC 55
void proto_register_kerberos(void);
void proto_reg_handoff_kerberos(void);
} kerberos_key_t;
typedef struct {
- gboolean is_request;
+ gboolean kdc_response_initialized;
+ gboolean kdc_response;
guint32 etype;
guint32 padata_type;
guint32 enctype;
/* Forward declarations */
static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
-static int dissect_kerberos_PA_AUTHENTICATION_SET(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
-static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
/* Desegment Kerberos over TCP messages */
static gboolean krb_desegment = TRUE;
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
- offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
}
return offset;
}
}
return offset;
}
+
+static int
+dissect_krb5_decrypt_KrbFastReq(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /* RFC6113 :
+ * KrbFastResponse encrypted with usage
+ * KEY_USAGE_FAST_ENC 51
+ */
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, KEY_USAGE_FAST_ENC,
+ next_tvb, private_data->etype, NULL);
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+ tvb_set_free_cb(child_tvb, g_free);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_KrbFastReq(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
+
+static int
+dissect_krb5_decrypt_KrbFastResponse(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /*
+ * RFC6113 :
+ * KrbFastResponse encrypted with usage
+ * KEY_USAGE_FAST_REP 52
+ */
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, KEY_USAGE_FAST_REP,
+ next_tvb, private_data->etype, NULL);
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+ tvb_set_free_cb(child_tvb, g_free);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_KrbFastResponse(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
+
+static int
+dissect_krb5_decrypt_EncryptedChallenge(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
+ proto_tree *tree, int hf_index _U_)
+{
+ guint8 *plaintext;
+ int length;
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+ tvbuff_t *next_tvb;
+ int usage = 0;
+
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ /* RFC6113 :
+ * KEY_USAGE_ENC_CHALLENGE_CLIENT 54
+ * KEY_USAGE_ENC_CHALLENGE_KDC 55
+ */
+ if (private_data->kdc_response) {
+ usage = KEY_USAGE_ENC_CHALLENGE_KDC;
+ } else {
+ usage = KEY_USAGE_ENC_CHALLENGE_CLIENT;
+ }
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, private_data->etype, NULL);
+
+ if(plaintext){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
+ tvb_set_free_cb(child_tvb, g_free);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
+ }
+ return offset;
+}
#endif
/* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.