epan/dissectors/packet-dcerpc-krb5rpc.c

   1 /* packet-dcerpc-krb5rpc.c
   2  *
   3  * Routines for dcerpc DCE/KRB5 interface
   4  * Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
   5  * This information is based off the released idl files from opengroup.
   6  * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/krb5rpc.idl
   7  *
   8  * $Id$
   9  *
  10  * Wireshark - Network traffic analyzer
  11  * By Gerald Combs <gerald@wireshark.org>
  12  * Copyright 1998 Gerald Combs
  13  *
  14  * This program is free software; you can redistribute it and/or
  15  * modify it under the terms of the GNU General Public License
  16  * as published by the Free Software Foundation; either version 2
  17  * of the License, or (at your option) any later version.
  18  *
  19  * This program is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with this program; if not, write to the Free Software
  26  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  27  */
  28
  29 #ifdef HAVE_CONFIG_H
  30 #include "config.h"
  31 #endif
  32
  33
  34 #ifdef HAVE_SYS_TYPES_H
  35 #include <sys/types.h>
  36 #endif
  37
  38 #include <string.h>
  39
  40 #include <glib.h>
  41 #include <epan/packet.h>
  42 #include <epan/asn1.h>
  43 #include "packet-dcerpc.h"
  44 #include "packet-kerberos.h"
  45 #include "packet-dcerpc-dce122.h"
  46
  47 static int proto_krb5rpc = -1;
  48
  49 static gint ett_krb5rpc = -1;
  50
  51
  52 static e_uuid_t uuid_krb5rpc =
  53   { 0x8f73de50, 0x768c, 0x11ca, {0xbf, 0xfc, 0x08, 0x00, 0x1e, 0x03, 0x94,
  54                                  0x31}
  55 };
  56 static guint16 ver_krb5rpc = 1;
  57 static int hf_krb5rpc_opnum = -1;
  58 static int hf_krb5rpc_sendto_kdc_rqst_keysize = -1;
  59 static int hf_krb5rpc_sendto_kdc_rqst_spare1 = -1;
  60 static int hf_krb5rpc_sendto_kdc_resp_len = -1;
  61 static int hf_krb5rpc_sendto_kdc_resp_max = -1;
  62 static int hf_krb5rpc_sendto_kdc_resp_spare1 = -1;
  63 static int hf_krb5rpc_sendto_kdc_resp_keysize = -1;
  64 static int hf_krb5rpc_sendto_kdc_resp_st = -1;
  65 static int hf_krb5rpc_krb5 = -1;
  66 static gint ett_krb5rpc_krb5 = -1;
  67
  68 static int
  69 krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset,
  70                                  packet_info * pinfo, proto_tree * tree,
  71                                  guint8 *drep)
  72 {
  73   guint32 keysize, spare1, remain;
  74   proto_item *item;
  75   tvbuff_t *krb5_tvb;
  76   proto_tree *subtree;
  77
  78
  79   /*
  80    *        [in]        handle_t        h,
  81    *        [in]        unsigned32      len,
  82    *        [in, size_is(len)]
  83    *        byte            message[],
  84    *        [in]        unsigned32      out_buf_len,
  85    */
  86
  87   offset =
  88     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
  89                         hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize);
  90   offset =
  91     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
  92                         hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1);
  93   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE);
  94   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
  95
  96   remain = tvb_length_remaining(tvb, offset);
  97   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
  98   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
  99
 100
 101   return offset;
 102 }
 103
 104
 105 static int
 106 krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset,
 107                                  packet_info * pinfo, proto_tree * tree,
 108                                  guint8 *drep)
 109 {
 110   guint32 resp_len, maxsize, spare1, keysize, remain;
 111   proto_item *item;
 112   tvbuff_t *krb5_tvb;
 113   proto_tree *subtree;
 114
 115
 116   /*
 117    *
 118    *        [out]       unsigned32      *resp_len,
 119    *        [out, length_is(*resp_len), size_is(out_buf_len)]
 120    *        byte            out_buf[],
 121    *        [out]       error_status_t  *st unsigned long
 122    *
 123    */
 124
 125   offset =
 126     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 127                         hf_krb5rpc_sendto_kdc_resp_len, &resp_len);
 128   offset =
 129     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 130                         hf_krb5rpc_sendto_kdc_resp_max, &maxsize);
 131   offset =
 132     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 133                         hf_krb5rpc_sendto_kdc_resp_spare1, &spare1);
 134   offset =
 135     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 136                         hf_krb5rpc_sendto_kdc_resp_keysize, &keysize);
 137
 138
 139   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE);
 140   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
 141   remain = tvb_length_remaining(tvb, offset);
 142   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
 143
 144   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
 145   offset += 16; /* no idea what this is, probably just extended encrypted text. */
 146
 147   return offset;
 148 }
 149
 150
 151 static dcerpc_sub_dissector krb5rpc_dissectors[] = {
 152   {0, "rsec_krb5rpc_sendto_kdc", krb5rpc_dissect_sendto_kdc_rqst,
 153    krb5rpc_dissect_sendto_kdc_resp},
 154   {0, NULL, NULL, NULL},
 155 };
 156
 157
 158 void
 159 proto_register_krb5rpc (void)
 160 {
 161   static hf_register_info hf[] = {
 162     {&hf_krb5rpc_opnum,
 163      {"hf_krb5rpc_opnum", "hf_krb5rpc_opnum", FT_UINT16, BASE_DEC, NULL, 0x0,
 164       "", HFILL }},
 165     {&hf_krb5rpc_sendto_kdc_rqst_keysize,
 166      {"hf_krb5rpc_sendto_kdc_rqst_keysize",
 167       "hf_krb5rpc_sendto_kdc_rqst_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 168       "", HFILL}},
 169     {&hf_krb5rpc_sendto_kdc_rqst_spare1,
 170      {"hf_krb5rpc_sendto_kdc_rqst_spare1",
 171       "hf_krb5rpc_sendto_kdc_rqst_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "",
 172       HFILL}},
 173     {&hf_krb5rpc_sendto_kdc_resp_len,
 174      {"hf_krb5rpc_sendto_kdc_resp_len", "hf_krb5rpc_sendto_kdc_resp_len",
 175       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 176     {&hf_krb5rpc_sendto_kdc_resp_max,
 177      {"hf_krb5rpc_sendto_kdc_resp_max", "hf_krb5rpc_sendto_kdc_resp_max",
 178       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 179     {&hf_krb5rpc_sendto_kdc_resp_spare1,
 180      {"hf_krb5rpc_sendto_kdc_resp_spare1",
 181       "hf_krb5rpc_sendto_kdc_resp_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "",
 182       HFILL}},
 183     {&hf_krb5rpc_sendto_kdc_resp_keysize,
 184      {"hf_krb5rpc_sendto_kdc_resp_keysize",
 185       "hf_krb5rpc_sendto_kdc_resp_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 186       "", HFILL}},
 187     {&hf_krb5rpc_sendto_kdc_resp_st,
 188      {"hf_krb5rpc_sendto_kdc_resp_st", "hf_krb5rpc_sendto_kdc_resp_st",
 189       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 190     {&hf_krb5rpc_krb5,
 191      {"hf_krb5rpc_krb5", "hf_krb5rpc_krb5", FT_BYTES, BASE_HEX, NULL, 0x0,
 192       "krb5_blob", HFILL}},
 193
 194   };
 195
 196   static gint *ett[] = {
 197     &ett_krb5rpc,
 198     &ett_krb5rpc_krb5,
 199   };
 200   proto_krb5rpc =
 201     proto_register_protocol ("DCE/RPC Kerberos V", "KRB5RPC", "krb5rpc");
 202   proto_register_field_array (proto_krb5rpc, hf, array_length (hf));
 203   proto_register_subtree_array (ett, array_length (ett));
 204 }
 205
 206 void
 207 proto_reg_handoff_krb5rpc (void)
 208 {
 209   /* Register the protocol as dcerpc */
 210   dcerpc_init_uuid (proto_krb5rpc, ett_krb5rpc, &uuid_krb5rpc, ver_krb5rpc,
 211                     krb5rpc_dissectors, hf_krb5rpc_opnum);
 212 }