packet-dcerpc-krb5rpc.c

   1 /* packet-dcerpc-krb5rpc.c
   2  *
   3  * Routines for dcerpc DCE/KRB5 interface
   4  * Copyright 2002, Jaime Fournier <jafour1@yahoo.com>
   5  * This information is based off the released idl files from opengroup.
   6  * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/krb5rpc.idl
   7  *
   8  * $Id: packet-dcerpc-krb5rpc.c,v 1.4 2003/01/11 07:40:09 guy Exp $
   9  *
  10  * Ethereal - Network traffic analyzer
  11  * By Gerald Combs <gerald@ethereal.com>
  12  * Copyright 1998 Gerald Combs
  13  *
  14  * This program is free software; you can redistribute it and/or
  15  * modify it under the terms of the GNU General Public License
  16  * as published by the Free Software Foundation; either version 2
  17  * of the License, or (at your option) any later version.
  18  *
  19  * This program is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with this program; if not, write to the Free Software
  26  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  27  */
  28
  29 #ifdef HAVE_CONFIG_H
  30 #include "config.h"
  31 #endif
  32
  33
  34 #ifdef HAVE_SYS_TYPES_H
  35 #include <sys/types.h>
  36 #endif
  37
  38 #include <string.h>
  39
  40 #include <glib.h>
  41 #include <epan/packet.h>
  42 #include "packet-dcerpc.h"
  43 #include "packet-kerberos.h"
  44 #include "packet-dcerpc-dce122.h"
  45
  46 static int proto_krb5rpc = -1;
  47
  48 static gint ett_krb5rpc = -1;
  49
  50
  51 static e_uuid_t uuid_krb5rpc =
  52   { 0x8f73de50, 0x768c, 0x11ca, {0xbf, 0xfc, 0x08, 0x00, 0x1e, 0x03, 0x94,
  53                                  0x31}
  54 };
  55 static guint16 ver_krb5rpc = 1;
  56 static int hf_krb5rpc_sendto_kdc_rqst_keysize = -1;
  57 static int hf_krb5rpc_sendto_kdc_rqst_spare1 = -1;
  58 static int hf_krb5rpc_sendto_kdc_resp_len = -1;
  59 static int hf_krb5rpc_sendto_kdc_resp_max = -1;
  60 static int hf_krb5rpc_sendto_kdc_resp_spare1 = -1;
  61 static int hf_krb5rpc_sendto_kdc_resp_keysize = -1;
  62 static int hf_krb5rpc_sendto_kdc_resp_st = -1;
  63 static int hf_krb5rpc_krb5 = -1;
  64 static gint ett_krb5rpc_krb5 = -1;
  65
  66 static int
  67 krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset,
  68                                  packet_info * pinfo, proto_tree * tree,
  69                                  char *drep)
  70 {
  71   guint32 keysize, spare1, remain;
  72   proto_item *item;
  73   tvbuff_t *krb5_tvb;
  74   proto_tree *subtree;
  75
  76
  77   /*
  78    *        [in]        handle_t        h,
  79    *        [in]        unsigned32      len,
  80    *        [in, size_is(len)]
  81    *        byte            message[],
  82    *        [in]        unsigned32      out_buf_len,
  83    */
  84
  85   offset =
  86     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
  87                         hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize);
  88   offset =
  89     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
  90                         hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1);
  91   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE);
  92   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
  93
  94   remain = tvb_length_remaining(tvb, offset);
  95   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
  96   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE);
  97
  98
  99   return offset;
 100 }
 101
 102
 103 static int
 104 krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset,
 105                                  packet_info * pinfo, proto_tree * tree,
 106                                  char *drep)
 107 {
 108   guint32 resp_len, maxsize, spare1, keysize, remain;
 109   proto_item *item;
 110   tvbuff_t *krb5_tvb;
 111   proto_tree *subtree;
 112
 113
 114   /*
 115    *
 116    *        [out]       unsigned32      *resp_len,
 117    *        [out, length_is(*resp_len), size_is(out_buf_len)]
 118    *        byte            out_buf[],
 119    *        [out]       error_status_t  *st unsigned long
 120    *
 121    */
 122
 123   offset =
 124     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 125                         hf_krb5rpc_sendto_kdc_resp_len, &resp_len);
 126   offset =
 127     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 128                         hf_krb5rpc_sendto_kdc_resp_max, &maxsize);
 129   offset =
 130     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 131                         hf_krb5rpc_sendto_kdc_resp_spare1, &spare1);
 132   offset =
 133     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 134                         hf_krb5rpc_sendto_kdc_resp_keysize, &keysize);
 135
 136
 137   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE);
 138   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
 139   remain = tvb_length_remaining(tvb, offset);
 140   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
 141
 142   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE);
 143   offset += 16; /* no idea what this is, probably just extended encrypted text. */
 144
 145   return offset;
 146 }
 147
 148
 149 static dcerpc_sub_dissector krb5rpc_dissectors[] = {
 150   {0, "rsec_krb5rpc_sendto_kdc", krb5rpc_dissect_sendto_kdc_rqst,
 151    krb5rpc_dissect_sendto_kdc_resp},
 152   {0, NULL, NULL, NULL},
 153 };
 154
 155
 156 void
 157 proto_register_krb5rpc (void)
 158 {
 159   static hf_register_info hf[] = {
 160     {&hf_krb5rpc_sendto_kdc_rqst_keysize,
 161      {"hf_krb5rpc_sendto_kdc_rqst_keysize",
 162       "hf_krb5rpc_sendto_kdc_rqst_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 163       "", HFILL}},
 164     {&hf_krb5rpc_sendto_kdc_rqst_spare1,
 165      {"hf_krb5rpc_sendto_kdc_rqst_spare1",
 166       "hf_krb5rpc_sendto_kdc_rqst_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "",
 167       HFILL}},
 168     {&hf_krb5rpc_sendto_kdc_resp_len,
 169      {"hf_krb5rpc_sendto_kdc_resp_len", "hf_krb5rpc_sendto_kdc_resp_len",
 170       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 171     {&hf_krb5rpc_sendto_kdc_resp_max,
 172      {"hf_krb5rpc_sendto_kdc_resp_max", "hf_krb5rpc_sendto_kdc_resp_max",
 173       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 174     {&hf_krb5rpc_sendto_kdc_resp_spare1,
 175      {"hf_krb5rpc_sendto_kdc_resp_spare1",
 176       "hf_krb5rpc_sendto_kdc_resp_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "",
 177       HFILL}},
 178     {&hf_krb5rpc_sendto_kdc_resp_keysize,
 179      {"hf_krb5rpc_sendto_kdc_resp_keysize",
 180       "hf_krb5rpc_sendto_kdc_resp_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 181       "", HFILL}},
 182     {&hf_krb5rpc_sendto_kdc_resp_st,
 183      {"hf_krb5rpc_sendto_kdc_resp_st", "hf_krb5rpc_sendto_kdc_resp_st",
 184       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 185     {&hf_krb5rpc_krb5,
 186      {"hf_krb5rpc_krb5", "hf_krb5rpc_krb5", FT_BYTES, BASE_HEX, NULL, 0x0,
 187       "krb5_blob", HFILL}},
 188
 189   };
 190
 191   static gint *ett[] = {
 192     &ett_krb5rpc,
 193     &ett_krb5rpc_krb5,
 194   };
 195   proto_krb5rpc =
 196     proto_register_protocol ("DCE/RPC Kerberos V", "KRB5RPC", "krb5rpc");
 197   proto_register_field_array (proto_krb5rpc, hf, array_length (hf));
 198   proto_register_subtree_array (ett, array_length (ett));
 199 }
 200
 201 void
 202 proto_reg_handoff_krb5rpc (void)
 203 {
 204   /* Register the protocol as dcerpc */
 205   dcerpc_init_uuid (proto_krb5rpc, ett_krb5rpc, &uuid_krb5rpc, ver_krb5rpc,
 206                     krb5rpc_dissectors, -1);
 207 }