* Routines for Kerberos
* Wes Hardaker (c) 2000
* wjhardaker@ucdavis.edu
+ * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
+ * added AP-REQ and AP-REP dissection
*
- * $Id: packet-kerberos.c,v 1.18 2001/12/03 03:59:36 guy Exp $
+ * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
+ * decryption of kerberos blobs if keytab is provided
+ *
+ * See RFC 1510, and various I-Ds and other documents showing additions,
+ * e.g. ones listed under
+ *
+ * http://www.isi.edu/people/bcn/krb-revisions/
+ *
+ * and
+ *
+ * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-05.txt
+ *
+ * and
+ *
+ * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-03.txt
+ *
+ * Some structures from RFC2630
+ *
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include <string.h>
#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
#include <glib.h>
-#include "packet.h"
+#include <epan/packet.h>
-#include "strutil.h"
+#include <epan/strutil.h>
-#include "asn1.h"
+#include "packet-kerberos.h"
+#include "packet-netbios.h"
+#include "packet-tcp.h"
+#include "prefs.h"
+#include "packet-ber.h"
+#include "packet-smb-common.h"
+
+#include "packet-dcerpc-netlogon.h"
+#include "packet-dcerpc.h"
+
+#include "asn1.h" /* for "subid_t" */
+#include "packet-gssapi.h"
#define UDP_PORT_KERBEROS 88
#define TCP_PORT_KERBEROS 88
+/* Desegment Kerberos over TCP messages */
+static gboolean krb_desegment = TRUE;
+
static gint proto_kerberos = -1;
+static gint hf_krb_rm_reserved = -1;
+static gint hf_krb_rm_reclen = -1;
+
+static gint hf_krb_pac_signature_type = -1;
+static gint hf_krb_pac_signature_signature = -1;
+static gint hf_krb_pac_clientid = -1;
+static gint hf_krb_pac_namelen = -1;
+static gint hf_krb_pac_clientname = -1;
+static gint hf_krb_w2k_pac_entries = -1;
+static gint hf_krb_w2k_pac_version = -1;
+static gint hf_krb_w2k_pac_type = -1;
+static gint hf_krb_w2k_pac_size = -1;
+static gint hf_krb_w2k_pac_offset = -1;
+static gint hf_krb_padata = -1;
+static gint hf_krb_contentinfo_contenttype = -1;
+static gint hf_krb_error_code = -1;
+static gint hf_krb_ticket = -1;
+static gint hf_krb_AP_REP_enc = -1;
+static gint hf_krb_KDC_REP_enc = -1;
+static gint hf_krb_tkt_vno = -1;
+static gint hf_krb_e_data = -1;
+static gint hf_krb_TransitedEncoding = -1;
+static gint hf_krb_PA_PAC_REQUEST_flag = -1;
+static gint hf_krb_encrypted_authenticator_data = -1;
+static gint hf_krb_PAC_LOGON_INFO = -1;
+static gint hf_krb_PAC_CREDENTIAL_TYPE = -1;
+static gint hf_krb_PAC_SERVER_CHECKSUM = -1;
+static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
+static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
+static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
+static gint hf_krb_checksum_checksum = -1;
+static gint hf_krb_encrypted_PRIV = -1;
+static gint hf_krb_encrypted_Ticket_data = -1;
+static gint hf_krb_encrypted_AP_REP_data = -1;
+static gint hf_krb_encrypted_KDC_REP_data = -1;
+static gint hf_krb_PA_DATA_type = -1;
+static gint hf_krb_PA_DATA_value = -1;
+static gint hf_krb_etype_info_salt = -1;
+static gint hf_krb_SAFE_BODY_user_data = -1;
+static gint hf_krb_realm = -1;
+static gint hf_krb_crealm = -1;
+static gint hf_krb_sname = -1;
+static gint hf_krb_cname = -1;
+static gint hf_krb_name_string = -1;
+static gint hf_krb_provsrv_location = -1;
+static gint hf_krb_e_text = -1;
+static gint hf_krb_name_type = -1;
+static gint hf_krb_lr_type = -1;
+static gint hf_krb_from = -1;
+static gint hf_krb_till = -1;
+static gint hf_krb_authtime = -1;
+static gint hf_krb_patimestamp = -1;
+static gint hf_krb_SAFE_BODY_timestamp = -1;
+static gint hf_krb_pausec = -1;
+static gint hf_krb_lr_time = -1;
+static gint hf_krb_starttime = -1;
+static gint hf_krb_endtime = -1;
+static gint hf_krb_key_expire = -1;
+static gint hf_krb_renew_till = -1;
+static gint hf_krb_rtime = -1;
+static gint hf_krb_ctime = -1;
+static gint hf_krb_cusec = -1;
+static gint hf_krb_stime = -1;
+static gint hf_krb_susec = -1;
+static gint hf_krb_SAFE_BODY_usec = -1;
+static gint hf_krb_nonce = -1;
+static gint hf_krb_transitedtype = -1;
+static gint hf_krb_transitedcontents = -1;
+static gint hf_krb_keytype = -1;
+static gint hf_krb_keyvalue = -1;
+static gint hf_krb_IF_RELEVANT_type = -1;
+static gint hf_krb_IF_RELEVANT_value = -1;
+static gint hf_krb_adtype = -1;
+static gint hf_krb_advalue = -1;
+static gint hf_krb_etype = -1;
+static gint hf_krb_etypes = -1;
+static gint hf_krb_LastReqs = -1;
+static gint hf_krb_IF_RELEVANT = -1;
+static gint hf_krb_addr_type = -1;
+static gint hf_krb_address_ip = -1;
+static gint hf_krb_address_netbios = -1;
+static gint hf_krb_msg_type = -1;
+static gint hf_krb_pvno = -1;
+static gint hf_krb_kvno = -1;
+static gint hf_krb_checksum_type = -1;
+static gint hf_krb_authenticator_vno = -1;
+static gint hf_krb_AuthorizationData = -1;
+static gint hf_krb_key = -1;
+static gint hf_krb_subkey = -1;
+static gint hf_krb_seq_number = -1;
+static gint hf_krb_EncTicketPart = -1;
+static gint hf_krb_EncAPRepPart = -1;
+static gint hf_krb_EncKDCRepPart = -1;
+static gint hf_krb_LastReq = -1;
+static gint hf_krb_Authenticator = -1;
+static gint hf_krb_Checksum = -1;
+static gint hf_krb_signedAuthPack = -1;
+static gint hf_krb_s_address = -1;
+static gint hf_krb_HostAddress = -1;
+static gint hf_krb_HostAddresses = -1;
+static gint hf_krb_APOptions = -1;
+static gint hf_krb_APOptions_use_session_key = -1;
+static gint hf_krb_APOptions_mutual_required = -1;
+static gint hf_krb_TicketFlags = -1;
+static gint hf_krb_TicketFlags_forwardable = -1;
+static gint hf_krb_TicketFlags_forwarded = -1;
+static gint hf_krb_TicketFlags_proxyable = -1;
+static gint hf_krb_TicketFlags_proxy = -1;
+static gint hf_krb_TicketFlags_allow_postdate = -1;
+static gint hf_krb_TicketFlags_postdated = -1;
+static gint hf_krb_TicketFlags_invalid = -1;
+static gint hf_krb_TicketFlags_renewable = -1;
+static gint hf_krb_TicketFlags_initial = -1;
+static gint hf_krb_TicketFlags_pre_auth = -1;
+static gint hf_krb_TicketFlags_hw_auth = -1;
+static gint hf_krb_TicketFlags_transited_policy_checked = -1;
+static gint hf_krb_TicketFlags_ok_as_delegate = -1;
+static gint hf_krb_KDCOptions = -1;
+static gint hf_krb_KDCOptions_forwardable = -1;
+static gint hf_krb_KDCOptions_forwarded = -1;
+static gint hf_krb_KDCOptions_proxyable = -1;
+static gint hf_krb_KDCOptions_proxy = -1;
+static gint hf_krb_KDCOptions_allow_postdate = -1;
+static gint hf_krb_KDCOptions_postdated = -1;
+static gint hf_krb_KDCOptions_renewable = -1;
+static gint hf_krb_KDCOptions_canonicalize = -1;
+static gint hf_krb_KDCOptions_opt_hardware_auth = -1;
+static gint hf_krb_KDCOptions_disable_transited_check = -1;
+static gint hf_krb_KDCOptions_renewable_ok = -1;
+static gint hf_krb_KDCOptions_enc_tkt_in_skey = -1;
+static gint hf_krb_KDCOptions_renew = -1;
+static gint hf_krb_KDCOptions_validate = -1;
+static gint hf_krb_KDC_REQ_BODY = -1;
+static gint hf_krb_PRIV_BODY = -1;
+static gint hf_krb_ENC_PRIV = -1;
+static gint hf_krb_authenticator_enc = -1;
+static gint hf_krb_ticket_enc = -1;
+
+static gint ett_krb_kerberos = -1;
+static gint ett_krb_TransitedEncoding = -1;
+static gint ett_krb_PAC_LOGON_INFO = -1;
+static gint ett_krb_signedAuthPack = -1;
+static gint ett_krb_PAC_CREDENTIAL_TYPE = -1;
+static gint ett_krb_PAC_SERVER_CHECKSUM = -1;
+static gint ett_krb_PAC_PRIVSVR_CHECKSUM = -1;
+static gint ett_krb_PAC_CLIENT_INFO_TYPE = -1;
+static gint ett_krb_KDC_REP_enc = -1;
+static gint ett_krb_EncTicketPart = -1;
+static gint ett_krb_EncAPRepPart = -1;
+static gint ett_krb_EncKDCRepPart = -1;
+static gint ett_krb_LastReq = -1;
+static gint ett_krb_Authenticator = -1;
+static gint ett_krb_Checksum = -1;
+static gint ett_krb_key = -1;
+static gint ett_krb_subkey = -1;
+static gint ett_krb_AuthorizationData = -1;
+static gint ett_krb_sname = -1;
+static gint ett_krb_cname = -1;
+static gint ett_krb_AP_REP_enc = -1;
+static gint ett_krb_padata = -1;
+static gint ett_krb_etypes = -1;
+static gint ett_krb_LastReqs = -1;
+static gint ett_krb_IF_RELEVANT = -1;
+static gint ett_krb_PA_DATA_tree = -1;
+static gint ett_krb_PAC = -1;
+static gint ett_krb_s_address = -1;
+static gint ett_krb_HostAddress = -1;
+static gint ett_krb_HostAddresses = -1;
+static gint ett_krb_authenticator_enc = -1;
+static gint ett_krb_AP_Options = -1;
+static gint ett_krb_KDC_Options = -1;
+static gint ett_krb_Ticket_Flags = -1;
+static gint ett_krb_request = -1;
+static gint ett_krb_recordmark = -1;
+static gint ett_krb_ticket = -1;
+static gint ett_krb_ticket_enc = -1;
+static gint ett_krb_PRIV = -1;
+static gint ett_krb_PRIV_enc = -1;
+
+
+guint32 krb5_errorcode;
+
+
+static int do_col_info;
+
+
+static void
+call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag)
+{
+ kerberos_callbacks *cb=(kerberos_callbacks *)pinfo->private_data;
+
+ if(!cb){
+ return;
+ }
+
+ while(cb->tag){
+ if(cb->tag==tag){
+ cb->callback(pinfo, tvb, tree);
+ return;
+ }
+ cb++;
+ }
+ return;
+}
+
+
+
+#ifdef HAVE_KERBEROS
+
+/* Decrypt Kerberos blobs */
+static gboolean krb_decrypt = FALSE;
+
+/* keytab filename */
+static char *keytab_filename = "insert filename here";
+
+#endif
+
+#ifdef HAVE_HEIMDAL_KERBEROS
+#include <krb5.h>
+
+typedef struct _enc_key_t {
+ struct _enc_key_t *next;
+ krb5_keytab_entry key;
+} enc_key_t;
+static enc_key_t *enc_key_list=NULL;
+
+
+static void
+add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue)
+{
+ enc_key_t *new_key;
+
+ if(pinfo->fd->flags.visited){
+ return;
+ }
+printf("added key in %d\n",pinfo->fd->num);
+
+ new_key=g_malloc(sizeof(enc_key_t));
+ new_key->next=enc_key_list;
+ enc_key_list=new_key;
+ new_key->key.principal=NULL;
+ new_key->key.vno=0;
+ new_key->key.keyblock.keytype=keytype;
+ new_key->key.keyblock.keyvalue.length=keylength;
+ new_key->key.keyblock.keyvalue.data=g_malloc(keylength);
+ memcpy(new_key->key.keyblock.keyvalue.data, keyvalue, keylength);
+ new_key->key.timestamp=0;
+}
+
+static void
+read_keytab_file(char *filename, krb5_context *context)
+{
+ krb5_keytab keytab;
+ krb5_error_code ret;
+ krb5_kt_cursor cursor;
+ enc_key_t *new_key;
+
+ /* should use a file in the ethereal users dir */
+ ret = krb5_kt_resolve(*context, filename, &keytab);
+ if(ret){
+ fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
+
+ return;
+ }
+
+ ret = krb5_kt_start_seq_get(*context, keytab, &cursor);
+ if(ret){
+ fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
+ return;
+ }
+
+ do{
+ new_key=g_malloc(sizeof(enc_key_t));
+ new_key->next=enc_key_list;
+ ret = krb5_kt_next_entry(*context, keytab, &(new_key->key), &cursor);
+ if(ret==0){
+ enc_key_list=new_key;
+ }
+ }while(ret==0);
+
+ ret = krb5_kt_end_seq_get(*context, keytab, &cursor);
+ if(ret){
+ krb5_kt_close(*context, keytab);
+ }
+
+}
+
+
+static guint8 *
+decrypt_krb5_data(packet_info *pinfo,
+ krb5_keyusage usage,
+ int length,
+ const char *cryptotext,
+ int keytype)
+{
+ static int first_time=1;
+ static krb5_context context;
+ krb5_error_code ret;
+ krb5_data data;
+ enc_key_t *ek;
+
+ /* dont do anything if we are not attempting to decrypt data */
+ if(!krb_decrypt){
+ return NULL;
+ }
+
+ /* XXX we should only do this for first time, then store somewhere */
+
+ /* should this have a destroy context ? heidal people would know */
+ if(first_time){
+ first_time=0;
+ ret = krb5_init_context(&context);
+ if(ret){
+ return NULL;
+ }
+ read_keytab_file(keytab_filename, &context);
+ }
+
+ for(ek=enc_key_list;ek;ek=ek->next){
+ krb5_crypto crypto;
+ guint8 *cryptocopy; /* workaround for pre-6.1 heimdal bug */
+
+ /* shortcircuit and bail out if enctypes are not matching */
+ if(ek->key.keyblock.keytype!=keytype){
+ continue;
+ }
+
+ ret = krb5_crypto_init(context, &(ek->key.keyblock), 0, &crypto);
+ if(ret){
+ return NULL;
+ }
+
+ /* pre-6.1 versions of heimdal would sometimes change
+ the cryptotext data even when the decryption failed.
+ This would obviously not work since we iterate over the
+ keys. So just give it a copy of the crypto data instead.
+ This has been seen for RC4-HMAC blobs.
+ */
+ cryptocopy=g_malloc(length);
+ memcpy(cryptocopy, cryptotext, length);
+ ret = krb5_decrypt_ivec(context, crypto, usage,
+ cryptocopy, length,
+ &data,
+ NULL);
+ g_free(cryptocopy);
+ if (ret == 0) {
+printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
+ krb5_crypto_destroy(context, crypto);
+ return data.data;
+ }
+ krb5_crypto_destroy(context, crypto);
+ }
+ return NULL;
+}
+#endif
+
+
+
+/* TCP Record Mark */
+#define KRB_RM_RESERVED 0x80000000L
+#define KRB_RM_RECLEN 0x7fffffffL
+
+#define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
+#define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
+#define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
+#define KRB5_MSG_AS_REP 11 /* AS-REP type */
+#define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
+#define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
+#define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
+#define KRB5_MSG_AP_REP 15 /* AP-REP type */
-static gint ett_kerberos = -1;
-static gint ett_preauth = -1;
-static gint ett_addresses = -1;
-static gint ett_request = -1;
-static gint ett_princ = -1;
-static gint ett_ticket = -1;
-static gint ett_encrypted = -1;
-static gint ett_etype = -1;
-static gint ett_additional_tickets = -1;
-
-#define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
-#define KRB5_MSG_AS_REP 11 /* AS-REP type */
-#define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
-#define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
-#define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
-#define KRB5_MSG_AP_REP 15 /* AP-REP type */
-
-#define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
-#define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
-#define KRB5_MSG_CRED 22 /* KRB-CRED type */
-#define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
-
-/* Type tags within KDC-REQ */
-#define KRB5_KDC_REQ_PVNO 1
-#define KRB5_KDC_REQ_MSG_TYPE 2
-#define KRB5_KDC_REQ_PADATA 3
-#define KRB5_KDC_REQ_REQBODY 4
-
-/* Type tags within KDC-REP */
-#define KRB5_KDC_REP_PVNO 0
-#define KRB5_KDC_REP_MSG_TYPE 1
-#define KRB5_KDC_REP_PADATA 2
-#define KRB5_KDC_REP_CREALM 3
-#define KRB5_KDC_REP_CNAME 4
-#define KRB5_KDC_REP_TICKET 5
-#define KRB5_KDC_REP_ENC_PART 6
-
-/* Type tags within KDC-REQ-BODY */
-#define KRB5_BODY_KDC_OPTIONS 0
-#define KRB5_BODY_CNAME 1
-#define KRB5_BODY_REALM 2
-#define KRB5_BODY_SNAME 3
-#define KRB5_BODY_FROM 4
-#define KRB5_BODY_TILL 5
-#define KRB5_BODY_RTIME 6
-#define KRB5_BODY_NONCE 7
-#define KRB5_BODY_ENCTYPE 8
-#define KRB5_BODY_ADDRESSES 9
-#define KRB5_BODY_ENC_AUTHORIZATION_DATA 10
-#define KRB5_BODY_ADDITIONAL_TICKETS 11
-
-/* Type tags within KRB-ERROR */
-#define KRB5_ERROR_PVNO 0
-#define KRB5_ERROR_MSG_TYPE 1
-#define KRB5_ERROR_CTIME 2
-#define KRB5_ERROR_CUSEC 3
-#define KRB5_ERROR_STIME 4
-#define KRB5_ERROR_SUSEC 5
-#define KRB5_ERROR_ERROR_CODE 6
-#define KRB5_ERROR_CREALM 7
-#define KRB5_ERROR_CNAME 8
-#define KRB5_ERROR_REALM 9
-#define KRB5_ERROR_SNAME 10
-#define KRB5_ERROR_ETEXT 11
-#define KRB5_ERROR_EDATA 12
+#define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
+#define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
+#define KRB5_MSG_CRED 22 /* KRB-CRED type */
+#define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
+#define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
+#define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
+#define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
/* address type constants */
#define KRB5_ADDR_IPv4 0x02
#define KRB5_ADDR_ISO 0x07
#define KRB5_ADDR_DECNET 0x0c
#define KRB5_ADDR_APPLETALK 0x10
+#define KRB5_ADDR_NETBIOS 0x14
+#define KRB5_ADDR_IPv6 0x18
/* encryption type constants */
#define KRB5_ENCTYPE_NULL 0
#define KRB5_ENCTYPE_DES3_CBC_SHA 5
#define KRB5_ENCTYPE_DES3_CBC_RAW 6
#define KRB5_ENCTYPE_DES_HMAC_SHA1 8
-#define KRB5_ENCTYPE_DES3_CBC_SHA1 0x10
+#define KRB5_ENCTYPE_DSA_SHA1_CMS 9
+#define KRB5_ENCTYPE_RSA_MD5_CMS 10
+#define KRB5_ENCTYPE_RSA_SHA1_CMS 11
+#define KRB5_ENCTYPE_RC2_CBC_ENV 12
+#define KRB5_ENCTYPE_RSA_ENV 13
+#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
+#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
+#define KRB5_ENCTYPE_DES3_CBC_SHA1 16
+#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
+#define KERB_ENCTYPE_RC4_HMAC 23
+#define KERB_ENCTYPE_RC4_HMAC_EXP 24
#define KRB5_ENCTYPE_UNKNOWN 0x1ff
#define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
+#define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73
+#define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74
+#define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78
+#define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79
+#define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a
+#define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b
+#define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c
+#define KRB5_ENCTYPE_RC4_SHA 0xffffff7d
+#define KRB5_ENCTYPE_RC4_LM 0xffffff7e
+#define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f
+#define KRB5_ENCTYPE_RC4_MD4 0xffffff80
+
+/* checksum types */
+#define KRB5_CHKSUM_NONE 0
+#define KRB5_CHKSUM_CRC32 1
+#define KRB5_CHKSUM_MD4 2
+#define KRB5_CHKSUM_KRB_DES_MAC 4
+#define KRB5_CHKSUM_KRB_DES_MAC_K 5
+#define KRB5_CHKSUM_MD5 7
+#define KRB5_CHKSUM_MD5_DES 8
+#define KRB5_CHKSUM_HMAC_MD5 0xffffff76
+#define KRB5_CHKSUM_MD5_HMAC 0xffffff77
+#define KRB5_CHKSUM_RC4_MD5 0xffffff78
+#define KRB5_CHKSUM_MD25 0xffffff79
+#define KRB5_CHKSUM_DES_MAC_MD5 0xffffff7a
+#define KRB5_CHKSUM_DES_MAC 0xffffff7b
+#define KRB5_CHKSUM_REAL_CRC32 0xffffff7c
+#define KRB5_CHKSUM_SHA1 0xffffff7d
+#define KRB5_CHKSUM_LM 0xffffff7e
+
+
+/*
+ * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
+ *
+ * http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-04.txt
+ *
+ * unless it's expired.
+ */
/* pre-authentication type constants */
#define KRB5_PA_TGS_REQ 1
#define KRB5_PA_OSF_DCE 8
#define KRB5_PA_CYBERSAFE_SECUREID 9
#define KRB5_PA_AFS3_SALT 10
-#define KRB5_PA_ENCTYPE_INFO 11
+#define KRB5_PA_ENCTYPE_INFO 11
#define KRB5_PA_SAM_CHALLENGE 12
#define KRB5_PA_SAM_RESPONSE 13
+#define KRB5_PA_PK_AS_REQ 14
+#define KRB5_PA_PK_AS_REP 15
#define KRB5_PA_DASS 16
-
-/* Type tags within Ticket */
-#define KRB5_TKT_TKT_VNO 0
-#define KRB5_TKT_REALM 1
-#define KRB5_TKT_SNAME 2
-#define KRB5_TKT_ENC_PART 3
+#define KRB5_PA_USE_SPECIFIED_KVNO 20
+#define KRB5_PA_SAM_REDIRECT 21
+#define KRB5_PA_GET_FROM_TYPED_DATA 22
+#define KRB5_PA_SAM_ETYPE_INFO 23
+#define KRB5_PA_ALT_PRINC 24
+#define KRB5_PA_SAM_CHALLENGE2 30
+#define KRB5_PA_SAM_RESPONSE2 31
+#define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
+#define KRB5_TD_KRB_PRINCIPAL 102
+#define KRB5_TD_KRB_REALM 103
+#define KRB5_TD_TRUSTED_CERTIFIERS 104
+#define KRB5_TD_CERTIFICATE_INDEX 105
+#define KRB5_TD_APP_DEFINED_ERROR 106
+#define KRB5_TD_REQ_NONCE 107
+#define KRB5_TD_REQ_SEQ 108
+/* preauthentication types >127 (i.e. negative ones) are app specific.
+ hopefully there will be no collissions here or we will have to
+ come up with something better
+*/
+#define KRB5_PA_PAC_REQUEST 128 /* MS extension */
+#define KRB5_PA_PROV_SRV_LOCATION 255 /* packetcable stuff */
/* Principal name-type */
-#define KRB5_NT_UNKNOWN 0
-#define KRB5_NT_PRINCIPAL 1
-#define KRB5_NT_SRV_INST 2
-#define KRB5_NT_SRV_HST 3
-#define KRB5_NT_SRV_XHST 4
-#define KRB5_NT_UID 5
+#define KRB5_NT_UNKNOWN 0
+#define KRB5_NT_PRINCIPAL 1
+#define KRB5_NT_SRV_INST 2
+#define KRB5_NT_SRV_HST 3
+#define KRB5_NT_SRV_XHST 4
+#define KRB5_NT_UID 5
+#define KRB5_NT_X500_PRINCIPAL 6
+#define KRB5_NT_SMTP_NAME 7
+#define KRB5_NT_ENTERPRISE 10
+
+/*
+ * MS specific name types, from
+ *
+ * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
+ */
+#define KRB5_NT_MS_PRINCIPAL -128
+#define KRB5_NT_MS_PRINCIPAL_AND_SID -129
+#define KRB5_NT_ENT_PRINCIPAL_AND_SID -130
+#define KRB5_NT_PRINCIPAL_AND_SID -131
+#define KRB5_NT_SRV_INST_AND_SID -132
/* error table constants */
/* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
#define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
#define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
#define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
+#define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
+#define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
+#define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
#define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
#define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
#define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
#define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
#define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
#define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
+#define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
+#define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
#define KRB5_ET_KRB5KRB_ERR_GENERIC 60
#define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
+#define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
+#define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
+#define KRB5_ET_KDC_ERROR_INVALID_SIG 64
+#define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
+#define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
+#define KRB5_ET_KRB_AP_ERR_NO_TGT 67
+#define KRB5_ET_KDC_ERR_WRONG_REALM 68
+#define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
+#define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
+#define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
+#define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
+#define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
+#define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
+#define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
+#define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
static const value_string krb5_error_codes[] = {
{ KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
{ KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
{ KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
{ KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
+ { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
+ { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
+ { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
{ KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
{ KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
{ KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
{ KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
{ KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
{ KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
+ { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
+ { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
{ KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
{ KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
+ { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
+ { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
+ { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
+ { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
+ { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
+ { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
+ { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
+ { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
+ { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
+ { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
+ { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
+ { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
+ { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
+ { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
+ { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
{ 0, NULL }
};
+#define PAC_LOGON_INFO 1
+#define PAC_CREDENTIAL_TYPE 2
+#define PAC_SERVER_CHECKSUM 6
+#define PAC_PRIVSVR_CHECKSUM 7
+#define PAC_CLIENT_INFO_TYPE 10
+static const value_string w2k_pac_types[] = {
+ { PAC_LOGON_INFO , "Logon Info" },
+ { PAC_CREDENTIAL_TYPE , "Credential Type" },
+ { PAC_SERVER_CHECKSUM , "Server Checksum" },
+ { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
+ { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
+ { 0, NULL },
+};
+
+
+
static const value_string krb5_princ_types[] = {
{ KRB5_NT_UNKNOWN , "Unknown" },
{ KRB5_NT_PRINCIPAL , "Principal" },
{ KRB5_NT_SRV_HST , "Service and Host" },
{ KRB5_NT_SRV_XHST , "Service and Host Components" },
{ KRB5_NT_UID , "Unique ID" },
+ { KRB5_NT_X500_PRINCIPAL , "Encoded X.509 Distinguished Name" },
+ { KRB5_NT_SMTP_NAME , "SMTP Name" },
+ { KRB5_NT_ENTERPRISE , "Enterprise Name" },
+ { KRB5_NT_MS_PRINCIPAL , "NT 4.0 style name (MS specific)" },
+ { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
+ { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
+ { KRB5_NT_PRINCIPAL_AND_SID , "Principal name and SID (MS specific)"},
+ { KRB5_NT_SRV_INST_AND_SID , "SPN and SID (MS specific)"},
{ 0 , NULL },
};
{ KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
{ KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
{ KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
+ { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
+ { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" },
{ KRB5_PA_DASS , "PA-DASS" },
+ { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" },
+ { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" },
+ { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" },
+ { KRB5_PA_SAM_ETYPE_INFO , "PA-SAM-ETYPE-INFO" },
+ { KRB5_PA_ALT_PRINC , "PA-ALT-PRINC" },
+ { KRB5_PA_SAM_CHALLENGE2 , "PA-SAM-CHALLENGE2" },
+ { KRB5_PA_SAM_RESPONSE2 , "PA-SAM-RESPONSE2" },
+ { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
+ { KRB5_TD_KRB_PRINCIPAL , "TD-KRB-PRINCIPAL" },
+ { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
+ { KRB5_TD_TRUSTED_CERTIFIERS , "TD-TRUSTED-CERTIFIERS" },
+ { KRB5_TD_CERTIFICATE_INDEX , "TD-CERTIFICATE-INDEX" },
+ { KRB5_TD_APP_DEFINED_ERROR , "TD-APP-DEFINED-ERROR" },
+ { KRB5_TD_REQ_NONCE , "TD-REQ-NONCE" },
+ { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" },
+ { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" },
+ { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" },
{ 0 , NULL },
};
{ KRB5_ENCTYPE_DES3_CBC_SHA , "des3-cbc-sha" },
{ KRB5_ENCTYPE_DES3_CBC_RAW , "des3-cbc-raw" },
{ KRB5_ENCTYPE_DES_HMAC_SHA1 , "des-hmac-sha1" },
+ { KRB5_ENCTYPE_DSA_SHA1_CMS , "dsa-sha1-cms" },
+ { KRB5_ENCTYPE_RSA_MD5_CMS , "rsa-md5-cms" },
+ { KRB5_ENCTYPE_RSA_SHA1_CMS , "rsa-sha1-cms" },
+ { KRB5_ENCTYPE_RC2_CBC_ENV , "rc2-cbc-env" },
+ { KRB5_ENCTYPE_RSA_ENV , "rsa-env" },
+ { KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
+ { KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
{ KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
+ { KRB5_ENCTYPE_DES_CBC_MD5_NT , "des-cbc-md5-nt" },
+ { KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
+ { KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
{ KRB5_ENCTYPE_UNKNOWN , "unknown" },
{ KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 , "local-des3-hmac-sha1" },
- { 0 , NULL },
+ { KRB5_ENCTYPE_RC4_PLAIN_EXP , "rc4-plain-exp" },
+ { KRB5_ENCTYPE_RC4_PLAIN , "rc4-plain" },
+ { KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP, "rc4-plain-old-exp" },
+ { KRB5_ENCTYPE_RC4_HMAC_OLD_EXP, "rc4-hmac-old-exp" },
+ { KRB5_ENCTYPE_RC4_PLAIN_OLD , "rc4-plain-old" },
+ { KRB5_ENCTYPE_RC4_HMAC_OLD , "rc4-hmac-old" },
+ { KRB5_ENCTYPE_DES_PLAIN , "des-plain" },
+ { KRB5_ENCTYPE_RC4_SHA , "rc4-sha" },
+ { KRB5_ENCTYPE_RC4_LM , "rc4-lm" },
+ { KRB5_ENCTYPE_RC4_PLAIN2 , "rc4-plain2" },
+ { KRB5_ENCTYPE_RC4_MD4 , "rc4-md4" },
+ { 0 , NULL },
+};
+
+static const value_string krb5_checksum_types[] = {
+ { KRB5_CHKSUM_NONE , "none" },
+ { KRB5_CHKSUM_CRC32 , "crc32" },
+ { KRB5_CHKSUM_MD4 , "md4" },
+ { KRB5_CHKSUM_KRB_DES_MAC , "krb-des-mac" },
+ { KRB5_CHKSUM_KRB_DES_MAC_K , "krb-des-mac-k" },
+ { KRB5_CHKSUM_MD5 , "md5" },
+ { KRB5_CHKSUM_MD5_DES , "md5-des" },
+ { KRB5_CHKSUM_HMAC_MD5 , "hmac-md5" },
+ { KRB5_CHKSUM_MD5_HMAC , "md5-hmac" },
+ { KRB5_CHKSUM_RC4_MD5 , "rc5-md5" },
+ { KRB5_CHKSUM_MD25 , "md25" },
+ { KRB5_CHKSUM_DES_MAC_MD5 , "des-mac-md5" },
+ { KRB5_CHKSUM_DES_MAC , "des-mac" },
+ { KRB5_CHKSUM_REAL_CRC32 , "real-crc32" },
+ { KRB5_CHKSUM_SHA1 , "sha1" },
+ { KRB5_CHKSUM_LM , "lm" },
+ { 0 , NULL },
+};
+
+#define KRB5_AD_IF_RELEVANT 1
+#define KRB5_AD_INTENDED_FOR_SERVER 2
+#define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS 3
+#define KRB5_AD_KDC_ISSUED 4
+#define KRB5_AD_OR 5
+#define KRB5_AD_MANDATORY_TICKET_EXTENSIONS 6
+#define KRB5_AD_IN_TICKET_EXTENSIONS 7
+#define KRB5_AD_MANDATORY_FOR_KDC 8
+#define KRB5_AD_OSF_DCE 64
+#define KRB5_AD_SESAME 65
+#define KRB5_AD_OSF_DCE_PKI_CERTID 66
+#define KRB5_AD_WIN2K_PAC 128
+static const value_string krb5_ad_types[] = {
+ { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" },
+ { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" },
+ { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS , "AD-Intended-For-Application-Class" },
+ { KRB5_AD_KDC_ISSUED , "AD-KDCIssued" },
+ { KRB5_AD_OR , "AD-AND-OR" },
+ { KRB5_AD_MANDATORY_TICKET_EXTENSIONS , "AD-Mandatory-Ticket-Extensions" },
+ { KRB5_AD_IN_TICKET_EXTENSIONS , "AD-IN-Ticket-Extensions" },
+ { KRB5_AD_MANDATORY_FOR_KDC , "AD-MANDATORY-FOR-KDC" },
+ { KRB5_AD_OSF_DCE , "AD-OSF-DCE" },
+ { KRB5_AD_SESAME , "AD-SESAME" },
+ { KRB5_AD_OSF_DCE_PKI_CERTID , "AD-OSF-DCE-PKI-CertID" },
+ { KRB5_AD_WIN2K_PAC , "AD-Win2k-PAC" },
+ { 0 , NULL },
+};
+
+static const value_string krb5_transited_types[] = {
+ { 1 , "DOMAIN-X500-COMPRESS" },
+ { 0 , NULL }
};
static const value_string krb5_address_types[] = {
{ KRB5_ADDR_ISO, "ISO"},
{ KRB5_ADDR_DECNET, "DECNET"},
{ KRB5_ADDR_APPLETALK, "APPLETALK"},
+ { KRB5_ADDR_NETBIOS, "NETBIOS"},
+ { KRB5_ADDR_IPv6, "IPv6"},
{ 0, NULL },
};
-static const value_string krb5_msg_types[] = {
- { KRB5_MSG_TGS_REQ, "TGS-REQ" },
- { KRB5_MSG_TGS_REP, "TGS-REP" },
- { KRB5_MSG_AS_REQ, "AS-REQ" },
- { KRB5_MSG_AS_REP, "AS-REP" },
- { KRB5_MSG_AP_REQ, "AP-REQ" },
- { KRB5_MSG_AP_REP, "AP-REP" },
- { KRB5_MSG_SAFE, "KRB-SAFE" },
- { KRB5_MSG_PRIV, "KRB-PRIV" },
- { KRB5_MSG_CRED, "KRB-CRED" },
- { KRB5_MSG_ERROR, "KRB-ERROR" },
- { 0, NULL },
-};
-
-static int dissect_PrincipalName(char *title, ASN1_SCK *asn1p,
- packet_info *pinfo, proto_tree *tree,
- int start_offset);
-static int dissect_Ticket(char *title, ASN1_SCK *asn1p, packet_info *pinfo,
- proto_tree *tree, int start_offset);
-static int dissect_EncryptedData(char *title, ASN1_SCK *asn1p,
- packet_info *pinfo, proto_tree *tree,
- int start_offset);
-static int dissect_Addresses(char *title, ASN1_SCK *asn1p, packet_info *pinfo,
- proto_tree *tree, int start_offset);
-
-static const char *
-to_error_str(int ret) {
- switch (ret) {
-
- case ASN1_ERR_EOC_MISMATCH:
- return("EOC mismatch");
-
- case ASN1_ERR_WRONG_TYPE:
- return("Wrong type for that item");
-
- case ASN1_ERR_LENGTH_NOT_DEFINITE:
- return("Length was indefinite");
-
- case ASN1_ERR_LENGTH_MISMATCH:
- return("Length mismatch");
-
- case ASN1_ERR_WRONG_LENGTH_FOR_TYPE:
- return("Wrong length for that item's type");
+static const value_string krb5_msg_types[] = {
+ { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
+ { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
+ { KRB5_MSG_TGS_REQ, "TGS-REQ" },
+ { KRB5_MSG_TGS_REP, "TGS-REP" },
+ { KRB5_MSG_AS_REQ, "AS-REQ" },
+ { KRB5_MSG_AS_REP, "AS-REP" },
+ { KRB5_MSG_AP_REQ, "AP-REQ" },
+ { KRB5_MSG_AP_REP, "AP-REP" },
+ { KRB5_MSG_SAFE, "KRB-SAFE" },
+ { KRB5_MSG_PRIV, "KRB-PRIV" },
+ { KRB5_MSG_CRED, "KRB-CRED" },
+ { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
+ { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
+ { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
+ { KRB5_MSG_ERROR, "KRB-ERROR" },
+ { 0, NULL },
+};
+
+
+
+
+static int dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+
+static const ber_choice kerberos_applications_choice[] = {
+ { KRB5_MSG_AUTHENTICATOR, BER_CLASS_APP, KRB5_MSG_AUTHENTICATOR, 0, dissect_krb5_Authenticator },
+ { KRB5_MSG_ENC_TICKET_PART, BER_CLASS_APP, KRB5_MSG_ENC_TICKET_PART, 0, dissect_krb5_EncTicketPart },
+ { KRB5_MSG_AS_REQ, BER_CLASS_APP, KRB5_MSG_AS_REQ, 0, dissect_krb5_KDC_REQ },
+ { KRB5_MSG_AS_REP, BER_CLASS_APP, KRB5_MSG_AS_REP, 0, dissect_krb5_KDC_REP },
+ { KRB5_MSG_TGS_REQ, BER_CLASS_APP, KRB5_MSG_TGS_REQ, 0, dissect_krb5_KDC_REQ },
+ { KRB5_MSG_TGS_REP, BER_CLASS_APP, KRB5_MSG_TGS_REP, 0, dissect_krb5_KDC_REP },
+ { KRB5_MSG_AP_REQ, BER_CLASS_APP, KRB5_MSG_AP_REQ, 0, dissect_krb5_AP_REQ },
+ { KRB5_MSG_AP_REP, BER_CLASS_APP, KRB5_MSG_AP_REP, 0, dissect_krb5_AP_REP },
+ { KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
+ { KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
+ { KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart },
+ { KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE },
+ { KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV },
+ { KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR },
+ { 0, 0, 0, 0, NULL }
+};
+
+
+static int
+dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_choice(pinfo, tree, tvb, offset, kerberos_applications_choice, -1, -1);
+ return offset;
+}
+
+
+static const true_false_string krb5_apoptions_use_session_key = {
+ "USE SESSION KEY to encrypt the ticket",
+ "Do NOT use the session key to encrypt the ticket"
+};
+static const true_false_string krb5_apoptions_mutual_required = {
+ "MUTUAL authentication is REQUIRED",
+ "Mutual authentication is NOT required"
+};
+
+static int *APOptions_bits[] = {
+ &hf_krb_APOptions_use_session_key,
+ &hf_krb_APOptions_mutual_required,
+ NULL
+};
+static int
+dissect_krb5_APOptions(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, APOptions_bits, hf_krb_APOptions, ett_krb_AP_Options, NULL);
+ return offset;
+}
+
+
+
+static const true_false_string krb5_kdcoptions_forwardable = {
+ "FORWARDABLE tickets are allowed/requested",
+ "Do NOT use forwardable tickets"
+};
+static const true_false_string krb5_kdcoptions_forwarded = {
+ "This ticket has been FORWARDED",
+ "This is NOT a forwarded ticket"
+};
+static const true_false_string krb5_kdcoptions_proxyable = {
+ "PROXIABLE tickets are allowed/requested",
+ "Do NOT use proxiable tickets"
+};
+static const true_false_string krb5_kdcoptions_proxy = {
+ "This is a PROXY ticket",
+ "This ticket has NOT been proxied"
+};
+static const true_false_string krb5_kdcoptions_allow_postdate = {
+ "We allow the ticket to be POSTDATED",
+ "We do NOT allow the ticket to be postdated"
+};
+static const true_false_string krb5_kdcoptions_postdated = {
+ "This ticket is POSTDATED",
+ "This ticket is NOT postdated"
+};
+static const true_false_string krb5_kdcoptions_renewable = {
+ "This ticket is RENEWABLE",
+ "This ticket is NOT renewable"
+};
+static const true_false_string krb5_kdcoptions_canonicalize = {
+ "This is a request for a CANONICALIZED ticket",
+ "This is NOT a canonicalized ticket request"
+};
+static const true_false_string krb5_kdcoptions_disable_transited_check = {
+ "Transited checking is DISABLED",
+ "Transited checking is NOT disabled"
+};
+static const true_false_string krb5_kdcoptions_renewable_ok = {
+ "We accept RENEWED tickets",
+ "We do NOT accept renewed tickets"
+};
+static const true_false_string krb5_kdcoptions_enc_tkt_in_skey = {
+ "ENCrypt TKT in SKEY",
+ "Do NOT encrypt the tkt inside the skey"
+};
+static const true_false_string krb5_kdcoptions_renew = {
+ "This is a request to RENEW a ticket",
+ "This is NOT a request to renew a ticket"
+};
+static const true_false_string krb5_kdcoptions_validate = {
+ "This is a request to VALIDATE a postdated ticket",
+ "This is NOT a request to validate a postdated ticket"
+};
+
+static int* KDCOptions_bits[] = {
+ &hf_krb_KDCOptions_forwardable,
+ &hf_krb_KDCOptions_forwarded,
+ &hf_krb_KDCOptions_proxyable,
+ &hf_krb_KDCOptions_proxy,
+ &hf_krb_KDCOptions_allow_postdate,
+ &hf_krb_KDCOptions_postdated,
+ &hf_krb_KDCOptions_renewable,
+ &hf_krb_KDCOptions_opt_hardware_auth,
+ &hf_krb_KDCOptions_canonicalize,
+ &hf_krb_KDCOptions_disable_transited_check,
+ &hf_krb_KDCOptions_renewable_ok,
+ &hf_krb_KDCOptions_enc_tkt_in_skey,
+ &hf_krb_KDCOptions_renew,
+ &hf_krb_KDCOptions_validate,
+ NULL
+};
+
+static int
+dissect_krb5_KDCOptions(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, KDCOptions_bits, hf_krb_KDCOptions, ett_krb_KDC_Options, NULL);
+ return offset;
+}
+
+static int
+dissect_krb5_rtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_rtime);
+ return offset;
+}
+
+static int
+dissect_krb5_ctime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_ctime);
+ return offset;
+}
+static int
+dissect_krb5_cusec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_cusec, NULL);
+ return offset;
+}
+
+static int
+dissect_krb5_stime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_stime);
+ return offset;
+}
+static int
+dissect_krb5_susec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_susec, NULL);
+ return offset;
+}
+
+
+static int
+dissect_krb5_error_code(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
+ if(krb5_errorcode && check_col(pinfo->cinfo, COL_INFO)) {
+ col_add_fstr(pinfo->cinfo, COL_INFO,
+ "KRB Error: %s",
+ val_to_str(krb5_errorcode, krb5_error_codes,
+ "Unknown error code %#x"));
+ }
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_till);
+ return offset;
+}
+static int
+dissect_krb5_from(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_from);
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_nonce(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_nonce, NULL);
+ return offset;
+}
+
+
+/*
+ * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
+ */
+static int
+dissect_krb5_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint32 etype;
+
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(etype, krb5_encryption_types,
+ "%d"));
+ }
+ return offset;
+}
+static ber_sequence etype_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_krb5_etype },
+};
+static int
+dissect_krb5_etype_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, etype_sequence_of, hf_krb_etypes, ett_krb_etypes);
+
+ return offset;
+}
+static guint32 authenticator_etype;
+static int
+dissect_krb5_authenticator_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(authenticator_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+static guint32 Ticket_etype;
+static int
+dissect_krb5_Ticket_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(Ticket_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+static guint32 AP_REP_etype;
+static int
+dissect_krb5_AP_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(AP_REP_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+static guint32 PA_ENC_TIMESTAMP_etype;
+static int
+dissect_krb5_PA_ENC_TIMESTAMP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(PA_ENC_TIMESTAMP_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+
+
+/*
+ * HostAddress ::= SEQUENCE {
+ * addr-type[0] INTEGER,
+ * address[1] OCTET STRING
+ * }
+ */
+static guint32 addr_type;
+static int dissect_krb5_addr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_addr_type, &addr_type);
+ return offset;
+}
+static int dissect_krb5_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 class;
+ gboolean pc;
+ guint32 tag;
+ guint32 len;
+ char address_str[256];
+ proto_item *it=NULL;
+
+ /* read header and len for the octet string */
+ offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
+ offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
+
+
+ address_str[0]=0;
+ address_str[255]=0;
+ switch(addr_type){
+ case KRB5_ADDR_IPv4:
+ it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, FALSE);
+ sprintf(address_str,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
+ break;
+ case KRB5_ADDR_NETBIOS:
+ {
+ char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
+ int netbios_name_type;
+
+ netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name);
+ snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
+ it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
+ }
+ break;
+ default:
+ proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
+
+ }
+
+ /* push it up two levels in the decode pane */
+ if(it){
+ proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
+ proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
+ }
+
+ offset+=len;
+ return offset;
+}
+static ber_sequence HostAddress_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_addr_type },
+ { BER_CLASS_CON, 1, 0, dissect_krb5_address },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_HostAddress(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_HostAddress, ett_krb_HostAddress);
+
+ return offset;
+}
+static int
+dissect_krb5_s_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_s_address, ett_krb_s_address);
+
+ return offset;
+}
+
+/*
+ * HostAddresses ::= SEQUENCE OF SEQUENCE {
+ * addr-type[0] INTEGER,
+ * address[1] OCTET STRING
+ * }
+ *
+ */
+static ber_sequence HostAddresses_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_HostAddress },
+};
+static int
+dissect_krb5_HostAddresses(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, HostAddresses_sequence_of, hf_krb_HostAddresses, ett_krb_HostAddresses);
+
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_msg_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint32 msgtype;
+
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_msg_type, &msgtype);
+
+ if (do_col_info & check_col(pinfo->cinfo, COL_INFO)) {
+ col_add_str(pinfo->cinfo, COL_INFO,
+ val_to_str(msgtype, krb5_msg_types,
+ "Unknown msg type %#x"));
+ }
+ do_col_info=FALSE;
+
+ /* append the application type to the subtree */
+ proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
+
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_pvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_pvno, NULL);
+
+ return offset;
+}
+
+
+/*
+ * PrincipalName ::= SEQUENCE {
+ * name-type[0] INTEGER,
+ * name-string[1] SEQUENCE OF GeneralString
+ * }
+ */
+static int
+dissect_krb5_name_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint32 name_type;
+
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_name_type, &name_type);
+ if(tree){
+ proto_item_append_text(tree, " (%s):",
+ val_to_str(name_type, krb5_princ_types,
+ "Unknown:%d"));
+ }
+ return offset;
+}
+static int
+dissect_krb5_name_string(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ char name_string[256];
+
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_name_string, name_string, 255);
+ if(tree){
+ proto_item_append_text(tree, " %s", name_string);
+ }
+
+ return offset;
+}
+static ber_sequence name_stringe_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_krb5_name_string },
+};
+static int
+dissect_krb5_name_strings(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, name_stringe_sequence_of, -1, -1);
+
+ return offset;
+}
+static ber_sequence PrincipalName_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_name_type },
+ { BER_CLASS_CON, 1, 0, dissect_krb5_name_strings },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_sname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_sname, ett_krb_sname);
+
+ return offset;
+}
+static int
+dissect_krb5_cname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_cname, ett_krb_cname);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_realm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_realm, NULL, 0);
+ return offset;
+}
+
+static int
+dissect_krb5_crealm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_crealm, NULL, 0);
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_PA_PAC_REQUEST_flag(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_boolean(pinfo, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag);
+ return offset;
+}
+
+
+static ber_sequence PA_PAC_REQUEST_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PAC_REQUEST_flag },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_PAC_REQUEST(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_PAC_REQUEST_sequence, -1, -1);
+
+ return offset;
+}
+
+
+
+
+static int
+dissect_krb5_SignedData(packet_info *pinfo _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset)
+{
+/*qqq*/
+ return offset;
+}
+
+
+static char ContentType[64]; /*64 chars should be long enough */
+static int
+dissect_krb5_ContentInfo_ContentType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ ContentType[0]=0;
+ offset=dissect_ber_object_identifier(TRUE, pinfo, tree, tvb, offset, hf_krb_contentinfo_contenttype, ContentType);
+
+ return offset;
+}
+
+/* the content of this structure depends on the ContentType object identifier */
+static int
+dissect_krb5_ContentInfo_content(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ if(!strcmp(ContentType, "1.2.840.113549.1.7.2")){
+ offset=dissect_krb5_SignedData(pinfo, tree, tvb, offset);
+ } else {
+ proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "ContentInfo: dont know how to parse this type yet.");
+ }
+
+ return offset;
+}
+
+static ber_sequence ContentInfo_sequence[] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_krb5_ContentInfo_ContentType },
+ { BER_CLASS_CON, 0, 0, dissect_krb5_ContentInfo_content },
+ { 0, 0, 0, NULL }
+};
+
+static int
+dissect_krb5_PA_PK_AS_REQ_signedAuthPack(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ContentInfo_sequence, hf_krb_signedAuthPack, ett_krb_signedAuthPack);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PA_PK_AS_REQ_trustedCertifiers(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ BER_NOT_DECODED_YET("trustedCertifiers");
+
+ return offset;
+}
+static int
+dissect_krb5_PA_PK_AS_REQ_kdcCert(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ BER_NOT_DECODED_YET("kdcCert");
+
+ return offset;
+}
+static int
+dissect_krb5_PA_PK_AS_REQ_encryptionCert(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ BER_NOT_DECODED_YET("encryptionCert");
+
+ return offset;
+}
+
+
+
+static ber_sequence PA_PK_AS_REQ_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PK_AS_REQ_signedAuthPack },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_PA_PK_AS_REQ_trustedCertifiers },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_PA_PK_AS_REQ_kdcCert },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_PA_PK_AS_REQ_encryptionCert },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_PK_AS_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_PK_AS_REQ_sequence, -1, -1);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_PA_PROV_SRV_LOCATION(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
+
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_kvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_kvno, NULL);
+
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_seq_number(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_seq_number, NULL);
+
+ return offset;
+}
+
+
+
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_pausec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_pausec, NULL);
+ return offset;
+}
+static int
+dissect_krb5_patimestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_patimestamp);
+ return offset;
+}
+static const ber_sequence PA_ENC_TS_ENC_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_patimestamp },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_pausec },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_decrypt_PA_ENC_TIMESTAMP (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 *plaintext=NULL;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
+ * 7.5.1
+ * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
+ * == 1
+ */
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype);
+ }
+
+ if(plaintext){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
+
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, next_tvb, 0, PA_ENC_TS_ENC_sequence, -1, -1);
+
+ }
+ return offset;
+}
+#endif
+
+
+static int
+dissect_krb5_encrypted_PA_ENC_TIMESTAMP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, NULL);
+#endif
+ return offset;
+}
+static ber_sequence PA_ENC_TIMESTAMP_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_PA_ENC_TIMESTAMP_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_PA_ENC_TIMESTAMP },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_ENC_TIMESTAMP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENC_TIMESTAMP_sequence, -1, -1);
+
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_etype_info_salt(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_etype_info_salt, NULL);
+ return offset;
+}
+
+static ber_sequence PA_ENCTYPE_INFO_ENTRY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_etype_info_salt },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_ENCTYPE_INFO_ENTRY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO_ENTRY_sequence, -1, -1);
+
+ return offset;
+}
+
+static ber_sequence PA_ENCTYPE_INFO_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO_ENTRY },
+};
+static int
+dissect_krb5_PA_ENCTYPE_INFO(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO_sequence_of, -1, -1);
+
+ return offset;
+}
+
+/*
+ * PA-DATA ::= SEQUENCE {
+ * padata-type[1] INTEGER,
+ * padata-value[2] OCTET STRING,
+ * -- might be encoded AP-REQ
+ * }
+ */
+guint32 krb_PA_DATA_type;
+static int
+dissect_krb5_PA_DATA_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
+ krb_PA_DATA_type&=0xff; /*this is really just one single byte */
+
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
+ "Unknown:%d"));
+ }
+ return offset;
+}
+static int
+dissect_krb5_PA_DATA_value(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_tree *tree=parent_tree;
+
+ if(ber_last_created_item){
+ tree=proto_item_add_subtree(ber_last_created_item, ett_krb_PA_DATA_tree);
+ }
+
+
+ switch(krb_PA_DATA_type){
+ case KRB5_PA_TGS_REQ:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_application_choice);
+ break;
+ case KRB5_PA_PK_AS_REQ:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PK_AS_REQ);
+ break;
+ case KRB5_PA_PAC_REQUEST:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PAC_REQUEST);
+ break;
+ case KRB5_PA_PROV_SRV_LOCATION:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PROV_SRV_LOCATION);
+ break;
+ case KRB5_PA_ENC_TIMESTAMP:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENC_TIMESTAMP);
+ break;
+ case KRB5_PA_ENCTYPE_INFO:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
+ break;
+ default:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
+ }
+ return offset;
+/*qqq*/
+}
+
+static ber_sequence PA_DATA_sequence[] = {
+ { BER_CLASS_CON, 1, 0, dissect_krb5_PA_DATA_type },
+ { BER_CLASS_CON, 2, 0, dissect_krb5_PA_DATA_value },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_DATA(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_DATA_sequence, -1, -1);
+
+ return offset;
+}
+
+
+
+
+/*
+ * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
+ *
+ */
+static ber_sequence PA_DATA_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_DATA },
+};
+static int
+dissect_krb5_padata(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_DATA_sequence_of, hf_krb_padata, ett_krb_padata);
+
+ return offset;
+}
+
+
+
+
+static const true_false_string krb5_ticketflags_forwardable = {
+ "FORWARDABLE tickets are allowed/requested",
+ "Do NOT use forwardable tickets"
+};
+static const true_false_string krb5_ticketflags_forwarded = {
+ "This ticket has been FORWARDED",
+ "This is NOT a forwarded ticket"
+};
+static const true_false_string krb5_ticketflags_proxyable = {
+ "PROXIABLE tickets are allowed/requested",
+ "Do NOT use proxiable tickets"
+};
+static const true_false_string krb5_ticketflags_proxy = {
+ "This is a PROXY ticket",
+ "This ticket has NOT been proxied"
+};
+static const true_false_string krb5_ticketflags_allow_postdate = {
+ "We allow the ticket to be POSTDATED",
+ "We do NOT allow the ticket to be postdated"
+};
+static const true_false_string krb5_ticketflags_postdated = {
+ "This ticket is POSTDATED",
+ "This ticket is NOT postdated"
+};
+static const true_false_string krb5_ticketflags_invalid = {
+ "This ticket is INVALID",
+ "This ticket is NOT invalid"
+};
+static const true_false_string krb5_ticketflags_renewable = {
+ "This ticket is RENEWABLE",
+ "This ticket is NOT renewable"
+};
+static const true_false_string krb5_ticketflags_initial = {
+ "This ticket was granted by AS and not TGT protocol",
+ "This ticket was granted by TGT and not as protocol"
+};
+static const true_false_string krb5_ticketflags_pre_auth = {
+ "The client was PRE-AUTHenticated",
+ "The client was NOT pre-authenticated"
+};
+static const true_false_string krb5_ticketflags_hw_auth = {
+ "The client was authenticated by HardWare",
+ "The client was NOT authenticated using hardware"
+};
+static const true_false_string krb5_ticketflags_transited_policy_checked = {
+ "Kdc has performed TRANSITED POLICY CHECKING",
+ "Kdc has NOT performed transited policy checking"
+};
+static const true_false_string krb5_ticketflags_ok_as_delegate = {
+ "This ticket is OK AS a DELEGATED ticket",
+ "This ticket is NOT ok as a delegated ticket"
+};
+
+static int* TicketFlags_bits[] = {
+ &hf_krb_TicketFlags_forwardable,
+ &hf_krb_TicketFlags_forwarded,
+ &hf_krb_TicketFlags_proxyable,
+ &hf_krb_TicketFlags_proxy,
+ &hf_krb_TicketFlags_allow_postdate,
+ &hf_krb_TicketFlags_postdated,
+ &hf_krb_TicketFlags_invalid,
+ &hf_krb_TicketFlags_renewable,
+ &hf_krb_TicketFlags_initial,
+ &hf_krb_TicketFlags_pre_auth,
+ &hf_krb_TicketFlags_hw_auth,
+ &hf_krb_TicketFlags_transited_policy_checked,
+ &hf_krb_TicketFlags_ok_as_delegate,
+ NULL
+};
+
+static int
+dissect_krb5_TicketFlags(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, TicketFlags_bits, hf_krb_TicketFlags, ett_krb_Ticket_Flags, NULL);
+ return offset;
+}
+
+
+static guint32 keytype;
+static int
+dissect_krb5_keytype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_keytype, &keytype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(keytype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+static int keylength;
+static const char *keyvalue;
+static int
+store_keyvalue(packet_info *pinfo _U_, proto_tree *tree _U_, tvbuff_t *tvb, int offset)
+{
+ keylength=tvb_length_remaining(tvb, offset);
+ keyvalue=tvb_get_ptr(tvb, offset, keylength);
+ return 0;
+}
+static int
+dissect_krb5_keyvalue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_keyvalue, store_keyvalue);
+ return offset;
+}
+
+
+/*
+ * EncryptionKey ::= SEQUENCE {
+ * keytype [0] int32
+ * keyvalue [1] octet string
+ */
+static ber_sequence EncryptionKey_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_keytype },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_keyvalue },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_key(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncryptionKey_sequence, hf_krb_key, ett_krb_key);
+
+#ifdef HAVE_KERBEROS
+ add_encryption_key(pinfo, keytype, keylength, keyvalue);
+#endif
+ return offset;
+}
+static int
+dissect_krb5_subkey(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncryptionKey_sequence, hf_krb_subkey, ett_krb_subkey);
+#ifdef HAVE_KERBEROS
+ add_encryption_key(pinfo, keytype, keylength, keyvalue);
+#endif
+ return offset;
+}
+
+
+
+static int
+dissect_krb5_PAC_LOGON_INFO(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+ dcerpc_info di; /* fake dcerpc_info struct */
+ void *old_private_data;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_LOGON_INFO, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_LOGON_INFO);
+ }
+
+ /* skip the first 20 bytes, they look like a unique ndr pointer
+ followed by (where did it come from?) a contect_handle ?*/
+ proto_tree_add_text(tree, tvb, offset, 20, "unknown: is this an undocumented policy handle?");
+ offset+=20;
+
+
+ /* the PAC_LOGON_INFO blob */
+ /* fake whatever state the dcerpc runtime support needs */
+ di.conformant_run=0;
+ di.call_data=NULL;
+ old_private_data=pinfo->private_data;
+ pinfo->private_data=&di;
+ init_ndr_pointer_list(pinfo);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_REF,
+ "PAC_LOGON_INFO:", -1);
+ pinfo->private_data=old_private_data;
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_CREDENTIAL_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_CREDENTIAL_TYPE);
+ }
+
+/*qqq*/
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_SERVER_CHECKSUM(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_SERVER_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_SERVER_CHECKSUM);
+ }
+
+ /* signature type */
+ proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, TRUE);
+ offset+=4;
+
+ /* signature data */
+ proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_PRIVSVR_CHECKSUM(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_PRIVSVR_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_PRIVSVR_CHECKSUM);
+ }
+
+ /* signature type */
+ proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, TRUE);
+ offset+=4;
+
+ /* signature data */
+ proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_CLIENT_INFO_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ guint16 namelen;
+ char *name;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_CLIENT_INFO_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_CLIENT_INFO_TYPE);
+ }
+
+ /* clientid */
+ offset = dissect_smb_64bit_time(tvb, tree, offset,
+ hf_krb_pac_clientid);
+
+ /* name length */
+ namelen=tvb_get_letohs(tvb, offset);
+ proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
+ offset+=2;
+
+ /* client name */
+ name=tvb_fake_unicode(tvb, offset, namelen/2, TRUE);
+ proto_tree_add_string(tree, hf_krb_pac_clientname, tvb, offset, namelen, name);
+ offset+=namelen;
+
+ return offset;
+}
+
+static int
+dissect_krb5_AD_WIN2K_PAC_struct(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint32 pac_type;
+ guint32 pac_size;
+ guint32 pac_offset;
+ proto_item *it=NULL;
+ proto_tree *tr=NULL;
+ tvbuff_t *next_tvb;
+
+ /* type of pac data */
+ pac_type=tvb_get_letohl(tvb, offset);
+ it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
+ if(it){
+ tr=proto_item_add_subtree(it, ett_krb_PAC);
+ }
+
+ offset += 4;
+
+ /* size of pac data */
+ pac_size=tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
+ offset += 4;
+
+ /* offset to pac data */
+ pac_offset=tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
+ offset += 8;
+
+
+ next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size);
+ switch(pac_type){
+ case PAC_LOGON_INFO:
+ dissect_krb5_PAC_LOGON_INFO(pinfo, tr, next_tvb, 0);
+ break;
+ case PAC_CREDENTIAL_TYPE:
+ dissect_krb5_PAC_CREDENTIAL_TYPE(pinfo, tr, next_tvb, 0);
+ break;
+ case PAC_SERVER_CHECKSUM:
+ dissect_krb5_PAC_SERVER_CHECKSUM(pinfo, tr, next_tvb, 0);
+ break;
+ case PAC_PRIVSVR_CHECKSUM:
+ dissect_krb5_PAC_PRIVSVR_CHECKSUM(pinfo, tr, next_tvb, 0);
+ break;
+ case PAC_CLIENT_INFO_TYPE:
+ dissect_krb5_PAC_CLIENT_INFO_TYPE(pinfo, tr, next_tvb, 0);
+ break;
+ default:;
+/*qqq*/
+ }
+ return offset;
+}
+
+static int
+dissect_krb5_AD_WIN2K_PAC(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint32 entries;
+ guint32 version;
+ guint32 i;
+
+ /* first in the PAC structure comes the number of entries */
+ entries=tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
+ offset += 4;
+
+ /* second comes the version */
+ version=tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
+ offset += 4;
+
+ for(i=0;i<entries;i++){
+ offset=dissect_krb5_AD_WIN2K_PAC_struct(pinfo, tree, tvb, offset);
+ }
+
+ return offset;
+}
+
+static guint32 IF_RELEVANT_type;
+static int
+dissect_krb5_IF_RELEVANT_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(IF_RELEVANT_type, krb5_ad_types,
+ "%#x"));
+ }
+ return offset;
+}
+static int
+dissect_krb5_IF_RELEVANT_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ switch(IF_RELEVANT_type){
+ case KRB5_AD_WIN2K_PAC:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_WIN2K_PAC);
+ break;
+ default:
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_value, NULL);
+ }
+ return offset;
+}
+static ber_sequence IF_RELEVANT_item_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_IF_RELEVANT_type },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_IF_RELEVANT_value },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_IF_RELEVANT_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, IF_RELEVANT_item_sequence, hf_krb_IF_RELEVANT, ett_krb_IF_RELEVANT);
+
+ return offset;
+}
+
+static ber_sequence IF_RELEVANT_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_IF_RELEVANT_item },
+};
+
+static int
+dissect_krb5_IF_RELEVANT(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, IF_RELEVANT_sequence_of, -1, -1);
+
+ return offset;
+}
+
+static guint32 adtype;
+static int
+dissect_krb5_adtype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_adtype, &adtype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(adtype, krb5_ad_types,
+ "%#x"));
+ }
+ return offset;
+}
+static int
+dissect_krb5_advalue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ switch(adtype){
+ case KRB5_AD_IF_RELEVANT:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, dissect_krb5_IF_RELEVANT);
+ break;
+ default:
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, NULL);
+ }
+ return offset;
+}
+/*
+ * AuthorizationData ::= SEQUENCE {
+ * ad-type [0] int32
+ * ad-data [1] octet string
+ */
+static ber_sequence AuthorizationData_item_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_adtype },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_advalue },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_AuthorizationData_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AuthorizationData_item_sequence, hf_krb_AuthorizationData, ett_krb_AuthorizationData);
+
+ return offset;
+}
+
+static ber_sequence AuthorizationData_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_AuthorizationData_item },
+};
+static int
+dissect_krb5_AuthorizationData(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, AuthorizationData_sequence_of, -1, -1);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_transited_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint32 trtype;
+
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_transitedtype, &trtype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(trtype, krb5_transited_types,
+ "%#x"));
+ }
+ return offset;
+}
+
+static int
+dissect_krb5_transited_contents(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_transitedcontents, NULL);
+ return offset;
+}
+
+/*
+ * TransitedEncoding ::= SEQUENCE {
+ * tr-type [0] int32
+ * contents [1] octet string
+ */
+static ber_sequence TransitedEncoding_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_transited_type },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_transited_contents },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_transited(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, TransitedEncoding_sequence, hf_krb_TransitedEncoding, ett_krb_TransitedEncoding);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_authtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_authtime);
+ return offset;
+}
+static int
+dissect_krb5_starttime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_starttime);
+ return offset;
+}
+static int
+dissect_krb5_endtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_endtime);
+ return offset;
+}
+static int
+dissect_krb5_renew_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_renew_till);
+ return offset;
+}
+
+/*
+ * EncTicketPart ::= SEQUENCE {
+ * flags [0] TicketFlags,
+ * key [1] EncryptionKey,
+ * crealm [2] Realm,
+ * cname [3] PrincipalName,
+ * transited [4] TransitedEncoding,
+ * authtime [5] KerberosTime,
+ * starttime [6] KerberosTime OPTIONAL,
+ * endtime [7] KerberosTime,
+ * renew-till [8] KerberosTime OPTIONAL,
+ * caddr [9] HostAddresses OPTIONAL,
+ * authorization-data [10] AuthorizationData OPTIONAL
+ * }
+ */
+static ber_sequence EncTicketPart_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_TicketFlags },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_key },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_crealm },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_cname },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_transited },
+ { BER_CLASS_CON, 5, 0,
+ dissect_krb5_authtime },
+ { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
+ dissect_krb5_starttime },
+ { BER_CLASS_CON, 7, 0,
+ dissect_krb5_endtime },
+ { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
+ dissect_krb5_renew_till },
+ { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
+ dissect_krb5_HostAddresses },
+ { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
+ dissect_krb5_AuthorizationData },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncTicketPart_sequence, hf_krb_EncTicketPart, ett_krb_EncTicketPart);
+
+ return offset;
+}
+
+
+
+
+
+
+/*
+ * EncAPRepPart ::= SEQUENCE {
+ * ctime [0] KerberosTime
+ * cusec [1] Microseconds
+ * subkey [2] encryptionKey OPTIONAL
+ * seq-number [3] uint32 OPTIONAL
+ * }
+ */
+static ber_sequence EncAPRepPart_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_ctime },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_cusec },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
+ dissect_krb5_subkey },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_seq_number },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncAPRepPart_sequence, hf_krb_EncAPRepPart, ett_krb_EncAPRepPart);
+
+ return offset;
+}
+
+
+
+static guint32 lr_type;
+static const value_string krb5_lr_types[] = {
+ { 0 , "No information available" },
+ { 1 , "Time of last initial TGT request" },
+ { 2 , "Time of last initial request" },
+ { 3 , "Time of issue of latest TGT ticket" },
+ { 4 , "Time of last renewal" },
+ { 5 , "Time of last request" },
+ { 6 , "Time when password will expire" },
+ { 7 , "Time when account will expire" },
+ { 0, NULL }
+};
+static int
+dissect_krb5_lr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_lr_type, &lr_type);
+
+ return offset;
+}
+static int
+dissect_krb5_lr_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_lr_time);
+
+ return offset;
+}
+
+static ber_sequence LastReq_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_lr_type },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_lr_value },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_LastReq(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, LastReq_sequence, hf_krb_LastReq, ett_krb_LastReq);
+
+ return offset;
+}
+static ber_sequence LastReq_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_LastReq },
+};
+static int
+dissect_krb5_LastReq_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, LastReq_sequence_of, hf_krb_LastReqs, ett_krb_LastReqs);
+
+ return offset;
+}
+
+static int
+dissect_krb5_key_expiration(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_key_expire);
+ return offset;
+}
+
+static ber_sequence EncKDCRepPart_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_key },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_LastReq_sequence_of },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_nonce },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_key_expiration },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_TicketFlags },
+ { BER_CLASS_CON, 5, 0,
+ dissect_krb5_authtime },
+ { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
+ dissect_krb5_starttime },
+ { BER_CLASS_CON, 7, 0,
+ dissect_krb5_endtime },
+ { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
+ dissect_krb5_renew_till },
+ { BER_CLASS_CON, 9, 0,
+ dissect_krb5_realm },
+ { BER_CLASS_CON, 10, 0,
+ dissect_krb5_sname },
+ { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
+ dissect_krb5_HostAddresses },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncKDCRepPart_sequence, hf_krb_EncKDCRepPart, ett_krb_EncKDCRepPart);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_authenticator_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_checksum_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_checksum_type, NULL);
+
+ return offset;
+}
+static int
+dissect_krb5_checksum_checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
+ return offset;
+}
+
+/*
+ * Checksum ::= SEQUENCE {
+ * }
+ */
+static ber_sequence Checksum_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_checksum_type },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_checksum_checksum },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_Checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Checksum_sequence, hf_krb_Checksum, ett_krb_Checksum);
+
+ return offset;
+}
+
+/*
+ * Authenticator ::= SEQUENCE {
+ * authenticator-vno [0] integer
+ * crealm [1] Realm
+ * cname [2] PrincipalName
+ * cksum [3] Checksum OPTIONAL
+ * cusec [4] Microseconds
+ * ctime [5] KerberosTime
+ * subkey [6] encryptionKey OPTIONAL
+ * seq-number [7] uint32 OPTIONAL
+ * authorization-data [8] AuthorizationData OPTIONAL
+ * }
+ */
+static ber_sequence Authenticator_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_authenticator_vno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_crealm },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_cname },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_Checksum },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_cusec },
+ { BER_CLASS_CON, 5, 0,
+ dissect_krb5_ctime },
+ { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
+ dissect_krb5_subkey },
+ { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
+ dissect_krb5_seq_number },
+ { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
+ dissect_krb5_AuthorizationData },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Authenticator_sequence, hf_krb_Authenticator, ett_krb_Authenticator);
+
+ return offset;
+}
+
+
+/*
+ * PRIV-BODY ::= SEQUENCE {
+ * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * enc-part[3] EncryptedData
+ * }
+ */
+static int
+dissect_krb5_encrypted_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
+ return offset;
+}
+static ber_sequence ENC_PRIV_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_PRIV },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_ENC_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ENC_PRIV_sequence, hf_krb_ENC_PRIV, ett_krb_PRIV_enc);
+ return offset;
+}
+static ber_sequence PRIV_BODY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_ENC_PRIV },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PRIV_BODY_sequence, hf_krb_PRIV_BODY, ett_krb_PRIV);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_SAFE_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ tvbuff_t *new_tvb;
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, &new_tvb);
+ call_kerberos_callbacks(pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
+ return offset;
+}
+static int
+dissect_krb5_SAFE_BODY_timestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
+ return offset;
+}
+
+static int
+dissect_krb5_SAFE_BODY_usec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
+ return offset;
+}
+
+static ber_sequence SAFE_BODY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_SAFE_BODY_user_data },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_SAFE_BODY_timestamp },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
+ dissect_krb5_SAFE_BODY_usec },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_seq_number },
+ /*XXX this one is OPTIONAL in packetcable? but mandatory in kerberos */
+ { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
+ dissect_krb5_s_address },
+ { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
+ dissect_krb5_HostAddresses },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_SAFE_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_BODY_sequence, -1, -1);
+
+ return offset;
+}
+
+
+
+static ber_sequence SAFE_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_SAFE_BODY },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_Checksum },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_sequence, -1, -1);
+
+ return offset;
+}
+
+
+/*
+ * KDC-REQ-BODY ::= SEQUENCE {
+ * kdc-options[0] KDCOptions,
+ * cname[1] PrincipalName OPTIONAL,
+ * -- Used only in AS-REQ
+ * realm[2] Realm, -- Server's realm
+ * -- Also client's in AS-REQ
+ * sname[3] PrincipalName OPTIONAL,
+ * from[4] KerberosTime OPTIONAL,
+ * till[5] KerberosTime,
+ * rtime[6] KerberosTime OPTIONAL,
+ * nonce[7] INTEGER,
+ * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
+ * -- in preference order
+ * addresses[9] HostAddresses OPTIONAL,
+ * enc-authorization-data[10] EncryptedData OPTIONAL,
+ * -- Encrypted AuthorizationData encoding
+ * additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
+ * }
+ *
+ */
+static ber_sequence KDC_REQ_BODY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_KDCOptions },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_cname },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_realm},
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_sname },
+ { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
+ dissect_krb5_from },
+ /* this field is not optional in the kerberos spec,
+ * however, in the packetcable spec it is optional.
+ * make it optional here since normal kerberos will
+ * still decode the pdu correctly.
+ */
+ { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
+ dissect_krb5_till },
+ { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
+ dissect_krb5_rtime },
+ { BER_CLASS_CON, 7, 0,
+ dissect_krb5_nonce },
+ { BER_CLASS_CON, 8, 0,
+ dissect_krb5_etype_sequence_of },
+ { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
+ dissect_krb5_HostAddresses },
+/* XXX [10] and [11] enc-authorization-data and additional-tickets should be added */
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_KDC_REQ_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_BODY_sequence, hf_krb_KDC_REQ_BODY, ett_krb_request);
- }
- return("Unknown error");
+ return offset;
}
-static void
-krb_proto_tree_add_time(proto_tree *tree, tvbuff_t *tvb, int offset,
- int str_len, char *name, guchar *str)
-{
- if (tree)
- proto_tree_add_text(tree, tvb, offset, str_len,
- "%s: %.4s-%.2s-%.2s %.2s:%.2s:%.2s (%.1s)",
- name, str, str+4, str+6,
- str+8, str+10, str+12,
- str+14);
-}
/*
- * You must be kidding. I'm going to actually use a macro to do something?
- * bad me. Bad me.
+ * KDC-REQ ::= SEQUENCE {
+ * pvno[1] INTEGER,
+ * msg-type[2] INTEGER,
+ * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
+ * req-body[4] KDC-REQ-BODY
+ * }
*/
+static ber_sequence KDC_REQ_sequence[] = {
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_padata },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_KDC_REQ_BODY },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_sequence, -1, -1);
-#define KRB_HEAD_DECODE_OR_DIE(token) \
- start = asn1p->offset; \
- ret = asn1_header_decode (asn1p, &cls, &con, &tag, &def, &item_len); \
- if (ret != ASN1_ERR_NOERROR) {\
- if (check_col(pinfo->fd, COL_INFO)) \
- col_add_fstr(pinfo->fd, COL_INFO, "ERROR: Problem at %s: %s", \
- token, to_error_str(ret)); \
- return -1; \
- } \
- if (!def) {\
- if (check_col(pinfo->fd, COL_INFO)) \
- col_add_fstr(pinfo->fd, COL_INFO, "not definite: %s", token); \
- fprintf(stderr,"not definite: %s\n", token); \
- return -1; \
- } \
- offset += (asn1p->offset - start);
-
-#define CHECK_APPLICATION_TYPE(expected_tag) \
- (cls == ASN1_APL && con == ASN1_CON && tag == expected_tag)
-
-#define DIE_IF_NOT_APPLICATION_TYPE(token, expected_tag) \
- if (!CHECK_APPLICATION_TYPE(expected_tag)) \
- DIE_WITH_BAD_TYPE(token, expected_tag);
-
-#define CHECK_CONTEXT_TYPE(expected_tag) \
- (cls == ASN1_CTX && con == ASN1_CON && tag == expected_tag)
-
-#define DIE_IF_NOT_CONTEXT_TYPE(token, expected_tag) \
- if (!CHECK_CONTEXT_TYPE(expected_tag)) \
- DIE_WITH_BAD_TYPE(token, expected_tag);
-
-#define DIE_WITH_BAD_TYPE(token, expected_tag) \
- { \
- if (check_col(pinfo->fd, COL_INFO)) \
- col_add_fstr(pinfo->fd, COL_INFO, "ERROR: Problem at %s: %s (tag=%d exp=%d)", \
- token, to_error_str(ASN1_ERR_WRONG_TYPE), tag, expected_tag); \
- return -1; \
- }
+ return offset;
+}
-#define KRB_DECODE_APPLICATION_TAGGED_HEAD_OR_DIE(token, expected_tag) \
- KRB_HEAD_DECODE_OR_DIE(token); \
- DIE_IF_NOT_APPLICATION_TYPE(token, expected_tag);
-
-#define KRB_DECODE_CONTEXT_HEAD_OR_DIE(token, expected_tag) \
- KRB_HEAD_DECODE_OR_DIE(token); \
- DIE_IF_NOT_CONTEXT_TYPE(token, expected_tag);
-
-#define KRB_SEQ_HEAD_DECODE_OR_DIE(token) \
- ret = asn1_sequence_decode (asn1p, &item_len, &header_len); \
- if (ret != ASN1_ERR_NOERROR) {\
- if (check_col(pinfo->fd, COL_INFO)) \
- col_add_fstr(pinfo->fd, COL_INFO, "ERROR: Problem at %s: %s", \
- token, to_error_str(ret)); \
- return -1; \
- } \
- offset += header_len;
-
-#define KRB_DECODE_OR_DIE(token, fn, val) \
- ret = fn (asn1p, &val, &length); \
- if (ret != ASN1_ERR_NOERROR) { \
- if (check_col(pinfo->fd, COL_INFO)) \
- col_add_fstr(pinfo->fd, COL_INFO, "ERROR: Problem at %s: %s", \
- token, to_error_str(ret)); \
- return -1; \
- } \
-
-#define KRB_DECODE_UINT32_OR_DIE(token, val) \
- KRB_DECODE_OR_DIE(token, asn1_uint32_decode, val);
-
-#define KRB_DECODE_STRING_OR_DIE(token, expected_tag, val, val_len, item_len) \
- ret = asn1_string_decode (asn1p, &val, &val_len, &item_len, expected_tag); \
- if (ret != ASN1_ERR_NOERROR) { \
- if (check_col(pinfo->fd, COL_INFO)) \
- col_add_fstr(pinfo->fd, COL_INFO, "ERROR: Problem at %s: %s", \
- token, to_error_str(ret)); \
- return -1; \
- }
-#define KRB_DECODE_OCTET_STRING_OR_DIE(token, val, val_len, item_len) \
- KRB_DECODE_STRING_OR_DIE(token, ASN1_OTS, val, val_len, item_len)
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_decrypt_authenticator_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 *plaintext=NULL;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
+ * 7.5.1
+ * Authenticators are encrypted with usage
+ * == 7 or
+ * == 11
+ */
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
+ }
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
+ }
+
+ if(plaintext){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
+
-#define KRB_DECODE_GENERAL_STRING_OR_DIE(token, val, val_len, item_len) \
- KRB_DECODE_STRING_OR_DIE(token, ASN1_GENSTR, val, val_len, item_len)
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
-#define KRB_DECODE_GENERAL_TIME_OR_DIE(token, val, val_len, item_len) \
- KRB_DECODE_STRING_OR_DIE(token, ASN1_GENTIM, val, val_len, item_len)
+ }
+ return offset;
+}
+#endif
-/* dissect_type_value_pair decodes (roughly) this:
- SEQUENCE {
- INTEGER,
- OCTET STRING
- }
+/*
+ * EncryptedData ::= SEQUENCE {
+ * etype[0] INTEGER, -- EncryptionType
+ * kvno[1] INTEGER OPTIONAL,
+ * cipher[2] OCTET STRING -- ciphertext
+ * }
+ */
+static int
+dissect_krb5_encrypted_authenticator_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_authenticator_data, dissect_krb5_decrypt_authenticator_data);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_authenticator_data, NULL);
+#endif
+ return offset;
+}
+static ber_sequence encrypted_authenticator_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_authenticator_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_authenticator_data },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_encrypted_authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_authenticator_sequence, hf_krb_authenticator_enc, ett_krb_authenticator_enc);
+
+ return offset;
+}
- which is all over the place in krb5 */
-static void
-dissect_type_value_pair(ASN1_SCK *asn1p, int *inoff,
- guint32 *type, int *type_len, int *type_off,
- guchar **val, int *val_len, int *val_off) {
- int offset = *inoff;
- guint cls, con, tag;
- gboolean def;
- int start;
- guint tmp_len;
- int ret;
-
- /* SEQUENCE */
- start = asn1p->offset;
- asn1_header_decode (asn1p, &cls, &con, &tag, &def, &tmp_len);
- offset += (asn1p->offset - start);
-
- /* INT */
- /* wrapper */
- start = asn1p->offset;
- asn1_header_decode (asn1p, &cls, &con, &tag, &def, &tmp_len);
- offset += (asn1p->offset - start);
-
- if (type_off)
- *type_off = offset;
-
- /* value */
- ret = asn1_uint32_decode(asn1p, type, type_len);
- if (ret != ASN1_ERR_NOERROR) {
- fprintf(stderr,"die: type_value_pair: type, %s\n", to_error_str(ret));
- return;
- }
- offset += tmp_len;
-
- /* OCTET STRING (or generic data) */
- /* wrapper */
- start = asn1p->offset;
- asn1_header_decode (asn1p, &cls, &con, &tag, &def, val_len);
- asn1_header_decode (asn1p, &cls, &con, &tag, &def, val_len);
- offset += asn1p->offset - start;
-
- if (val_off)
- *val_off = offset;
- /* value */
- asn1_string_value_decode (asn1p, *val_len, val);
- *inoff = offset + *val_len;
+static int
+dissect_krb5_tkt_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_tkt_vno, NULL);
+ return offset;
}
-static gboolean
-dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_decrypt_Ticket_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- int offset = 0;
- proto_tree *kerberos_tree = NULL;
- proto_tree *etype_tree = NULL;
- proto_tree *preauth_tree = NULL;
- proto_tree *request_tree = NULL;
- proto_tree *additional_tickets_tree = NULL;
- ASN1_SCK asn1, *asn1p = &asn1;
- proto_item *item = NULL;
+ guint8 *plaintext;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
+ * 7.5.1
+ * All Ticket encrypted parts use usage == 2
+ */
+ if( (plaintext=decrypt_krb5_data(pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype)) ){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
+
- gint length;
- guint cls, con, tag;
- gboolean def;
- gint item_len;
- guint total_len;
- int start, end, message_end, sequence_end;
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
- int ret;
+ }
+ return offset;
+}
+#endif
- guint protocol_message_type;
-
- guint32 version;
- guint32 msg_type;
- guint32 preauth_type;
- guint32 tmp_int;
+static int
+dissect_krb5_encrypted_Ticket_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_Ticket_data, dissect_krb5_decrypt_Ticket_data);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_Ticket_data, NULL);
+#endif
+ return offset;
+}
+static ber_sequence encrypted_Ticket_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_Ticket_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_Ticket_data },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_Ticket_encrypted(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_Ticket_sequence, hf_krb_ticket_enc, ett_krb_ticket_enc);
- /* simple holders */
- int str_len;
- guchar *str;
- int tmp_pos1, tmp_pos2;
+ return offset;
+}
- asn1_open(&asn1, tvb, 0);
+static ber_sequence Application_1_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_tkt_vno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_realm },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_sname },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_Ticket_encrypted },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_Application_1(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Application_1_sequence, hf_krb_ticket, ett_krb_ticket);
- /* top header */
- KRB_HEAD_DECODE_OR_DIE("top");
- protocol_message_type = tag;
- if (tree) {
- item = proto_tree_add_item(tree, proto_kerberos, tvb, offset,
- item_len, FALSE);
- kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
- }
- message_end = asn1p->offset + item_len;
-
- /* second header */
- KRB_HEAD_DECODE_OR_DIE("top2");
+ return offset;
+}
- /* version number */
- KRB_HEAD_DECODE_OR_DIE("version-wrap");
- KRB_DECODE_UINT32_OR_DIE("version", version);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, length,
- "Version: %d",
- version);
- }
- offset += length;
- /* message type */
- KRB_HEAD_DECODE_OR_DIE("message-type-wrap");
- KRB_DECODE_UINT32_OR_DIE("message-type", msg_type);
+static const ber_choice Ticket_choice[] = {
+ { 1, BER_CLASS_APP, 1, 0,
+ dissect_krb5_Application_1 },
+ { 0, 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_Ticket(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_choice(pinfo, tree, tvb, offset, Ticket_choice, -1, -1);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, length,
- "MSG Type: %s",
- val_to_str(msg_type, krb5_msg_types,
- "Unknown msg type %#x"));
- }
- offset += length;
-
- if (check_col(pinfo->fd, COL_INFO))
- col_add_str(pinfo->fd, COL_INFO, val_to_str(msg_type, krb5_msg_types,
- "Unknown msg type %#x"));
-
- /* is preauthentication present? */
- KRB_HEAD_DECODE_OR_DIE("padata-or-body");
- if (((protocol_message_type == KRB5_MSG_AS_REQ ||
- protocol_message_type == KRB5_MSG_TGS_REQ) &&
- tag == KRB5_KDC_REQ_PADATA) ||
- ((protocol_message_type == KRB5_MSG_AS_REP ||
- protocol_message_type == KRB5_MSG_TGS_REP) &&
- tag == KRB5_KDC_REP_PADATA)) {
- /* pre-authentication supplied */
-
- if (tree) {
- item = proto_tree_add_text(kerberos_tree, tvb, offset,
- item_len, "Pre-Authentication");
- preauth_tree = proto_item_add_subtree(item, ett_preauth);
- }
-
- KRB_HEAD_DECODE_OR_DIE("sequence of pa-data");
- end = asn1p->offset + item_len;
-
- while(asn1p->offset < end) {
- dissect_type_value_pair(asn1p, &offset,
- &preauth_type, &item_len, &tmp_pos1,
- &str, &str_len, &tmp_pos2);
-
- if (preauth_tree) {
- proto_tree_add_text(preauth_tree, tvb, tmp_pos1,
- item_len, "Type: %s",
- val_to_str(preauth_type,
- krb5_preauthentication_types,
- "Unknown preauth type %#x"));
- proto_tree_add_text(preauth_tree, tvb, tmp_pos2,
- str_len, "Value: %s",
- bytes_to_str(str, str_len));
- }
- }
- KRB_HEAD_DECODE_OR_DIE("message-body");
- }
+ return offset;
+}
- switch (protocol_message_type) {
- case KRB5_MSG_AS_REQ:
- case KRB5_MSG_TGS_REQ:
-/*
- AS-REQ ::= [APPLICATION 10] KDC-REQ
- TGS-REQ ::= [APPLICATION 12] KDC-REQ
-
- KDC-REQ ::= SEQUENCE {
- pvno[1] INTEGER,
- msg-type[2] INTEGER,
- padata[3] SEQUENCE OF PA-DATA OPTIONAL,
- req-body[4] KDC-REQ-BODY
- }
- KDC-REQ-BODY ::= SEQUENCE {
- kdc-options[0] KDCOptions,
- cname[1] PrincipalName OPTIONAL,
- -- Used only in AS-REQ
- realm[2] Realm, -- Server's realm
- -- Also client's in AS-REQ
- sname[3] PrincipalName OPTIONAL,
- from[4] KerberosTime OPTIONAL,
- till[5] KerberosTime,
- rtime[6] KerberosTime OPTIONAL,
- nonce[7] INTEGER,
- etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
- -- in preference order
- addresses[9] HostAddresses OPTIONAL,
- enc-authorization-data[10] EncryptedData OPTIONAL,
- -- Encrypted AuthorizationData encoding
- additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
- }
-*/
- /* request body */
- KRB_HEAD_DECODE_OR_DIE("body-sequence");
- if (tree) {
- item = proto_tree_add_text(kerberos_tree, tvb, offset,
- item_len, "Request");
- request_tree = proto_item_add_subtree(item, ett_request);
- }
- sequence_end = asn1p->offset + item_len;
-
- /* kdc options */
- KRB_HEAD_DECODE_OR_DIE("kdc options");
-
- KRB_HEAD_DECODE_OR_DIE("kdc options:bits");
-
- if (request_tree) {
- proto_tree_add_text(request_tree, tvb, offset, item_len,
- "Options: %s",
- tvb_bytes_to_str(asn1p->tvb, asn1p->offset,
- item_len));
- }
- offset += item_len;
- asn1p->offset += item_len;
-
- KRB_HEAD_DECODE_OR_DIE("Client Name or Realm");
-
- if (CHECK_CONTEXT_TYPE(KRB5_BODY_CNAME)) {
- item_len = dissect_PrincipalName("Client Name", asn1p, pinfo,
- request_tree, offset);
- if (item_len == -1)
- return -1;
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("Realm");
- }
-
- DIE_IF_NOT_CONTEXT_TYPE("Realm", KRB5_BODY_REALM);
- KRB_DECODE_GENERAL_STRING_OR_DIE("Realm", str, str_len, item_len);
- if (request_tree) {
- proto_tree_add_text(request_tree, tvb, offset, item_len,
- "Realm: %.*s", str_len, str);
- }
- offset += item_len;
-
- KRB_HEAD_DECODE_OR_DIE("Server Name");
- if (CHECK_CONTEXT_TYPE(KRB5_BODY_SNAME)) {
- item_len = dissect_PrincipalName("Server Name", asn1p, pinfo,
- request_tree, offset);
- if (item_len == -1)
- return -1;
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("From or Till");
- }
-
- if (CHECK_CONTEXT_TYPE(KRB5_BODY_FROM)) {
- KRB_DECODE_GENERAL_TIME_OR_DIE("From", str, str_len, item_len);
- krb_proto_tree_add_time(request_tree, asn1p->tvb, offset, item_len,
- "Start Time", str);
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("Till");
- }
-
- DIE_IF_NOT_CONTEXT_TYPE("Till", KRB5_BODY_TILL);
- KRB_DECODE_GENERAL_TIME_OR_DIE("Till", str, str_len, item_len);
- krb_proto_tree_add_time(request_tree, asn1p->tvb, offset, item_len,
- "End Time", str);
- offset += item_len;
-
- KRB_HEAD_DECODE_OR_DIE("Renewable Until or Nonce");
- if (CHECK_CONTEXT_TYPE(KRB5_BODY_RTIME)) {
- KRB_DECODE_GENERAL_TIME_OR_DIE("Renewable Until", str, str_len, item_len);
- krb_proto_tree_add_time(request_tree, asn1p->tvb, offset, item_len,
- "Renewable Until", str);
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("Nonce");
- }
-
- DIE_IF_NOT_CONTEXT_TYPE("Nonce", KRB5_BODY_NONCE);
- KRB_DECODE_UINT32_OR_DIE("Nonce", tmp_int);
- if (request_tree) {
- proto_tree_add_text(request_tree, tvb, offset, length,
- "Random Number: %u",
- tmp_int);
- }
- offset += length;
-
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("encryption type spot",
- KRB5_BODY_ENCTYPE);
- KRB_HEAD_DECODE_OR_DIE("encryption type list");
- if (kerberos_tree) {
- item = proto_tree_add_text(request_tree, tvb, offset,
- item_len, "Encryption Types");
- etype_tree = proto_item_add_subtree(item, ett_etype);
- }
- total_len = item_len;
- while(total_len > 0) {
- KRB_DECODE_UINT32_OR_DIE("encryption type", tmp_int);
- if (etype_tree) {
- proto_tree_add_text(etype_tree, tvb, offset, length,
- "Type: %s",
- val_to_str(tmp_int,
- krb5_encryption_types,
- "Unknown encryption type %#x"));
- }
- offset += length;
- total_len -= length;
- }
-
- if (asn1p->offset >= sequence_end)
- break;
- KRB_HEAD_DECODE_OR_DIE("addresses or enc-authorization-data");
- if (CHECK_CONTEXT_TYPE(KRB5_BODY_ADDRESSES)) {
- /* addresses supplied */
-
- length = dissect_Addresses("Addresses", asn1p, pinfo, kerberos_tree,
- offset);
- if (offset == -1)
- return -1;
- offset += length;
- if (asn1p->offset >= sequence_end)
- break;
- KRB_HEAD_DECODE_OR_DIE("enc-authorization-data or additional-tickets");
- }
-
- if (CHECK_CONTEXT_TYPE(KRB5_BODY_ENC_AUTHORIZATION_DATA)) {
- /* enc-authorization-data supplied */
- length = dissect_EncryptedData("Encrypted Payload", asn1p, pinfo,
- kerberos_tree, offset);
- if (length == -1)
- return -1;
- offset += length;
- if (asn1p->offset >= sequence_end)
- break;
- KRB_HEAD_DECODE_OR_DIE("additional-tickets");
- }
-
- /* additional-tickets supplied */
- if (tree) {
- item = proto_tree_add_text(kerberos_tree, tvb, offset,
- item_len, "Additional Tickets");
- additional_tickets_tree = proto_item_add_subtree(item, ett_additional_tickets);
- }
- end = asn1p->offset + item_len;
- while(asn1p->offset < end) {
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("ticket", KRB5_KDC_REP_TICKET);
- length = dissect_Ticket("ticket", asn1p, pinfo, additional_tickets_tree,
- offset);
- if (length == -1)
- return -1;
- offset += length;
- }
-
- break;
-
- case KRB5_MSG_AS_REP:
- case KRB5_MSG_TGS_REP:
/*
- AS-REP ::= [APPLICATION 11] KDC-REP
- TGS-REP ::= [APPLICATION 13] KDC-REP
-
- KDC-REP ::= SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- padata[2] SEQUENCE OF PA-DATA OPTIONAL,
- crealm[3] Realm,
- cname[4] PrincipalName,
- ticket[5] Ticket,
- enc-part[6] EncryptedData
- }
-*/
+ * AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * ap-options[2] APOptions,
+ * ticket[3] Ticket,
+ * authenticator[4] EncryptedData
+ * }
+ */
+static ber_sequence AP_REQ_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_APOptions },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_Ticket },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_encrypted_authenticator },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AP_REQ_sequence, -1, -1);
- DIE_IF_NOT_CONTEXT_TYPE("crealm", KRB5_KDC_REP_CREALM);
- KRB_DECODE_GENERAL_STRING_OR_DIE("realm name", str, str_len, item_len);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, item_len,
- "Realm: %.*s", str_len, str);
- }
- offset += item_len;
-
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("cname", KRB5_KDC_REP_CNAME);
- item_len = dissect_PrincipalName("Client Name", asn1p, pinfo,
- kerberos_tree, offset);
- if (item_len == -1)
- return -1;
- offset += item_len;
-
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("ticket", KRB5_KDC_REP_TICKET);
- length = dissect_Ticket("ticket", asn1p, pinfo, kerberos_tree, offset);
- if (length == -1)
- return -1;
- offset += length;
-
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("enc-msg-part",
- KRB5_KDC_REP_ENC_PART);
- length = dissect_EncryptedData("Encrypted Payload", asn1p, pinfo,
- kerberos_tree, offset);
- if (length == -1)
- return -1;
- offset += length;
- break;
-
- case KRB5_MSG_ERROR:
-/*
- KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- ctime[2] KerberosTime OPTIONAL,
- cusec[3] INTEGER OPTIONAL,
- stime[4] KerberosTime,
- susec[5] INTEGER,
- error-code[6] INTEGER,
- crealm[7] Realm OPTIONAL,
- cname[8] PrincipalName OPTIONAL,
- realm[9] Realm, -- Correct realm
- sname[10] PrincipalName, -- Correct name
- e-text[11] GeneralString OPTIONAL,
- e-data[12] OCTET STRING OPTIONAL
- }
- }
+ return offset;
+}
-*/
- /* ctime */
- if (CHECK_CONTEXT_TYPE(KRB5_ERROR_CTIME)) {
- KRB_DECODE_GENERAL_TIME_OR_DIE("ctime", str, str_len, item_len);
- krb_proto_tree_add_time(kerberos_tree, asn1p->tvb, offset, item_len,
- "ctime", str);
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("cusec");
- }
-
- /* cusec */
- if (CHECK_CONTEXT_TYPE(KRB5_ERROR_CUSEC)) {
- KRB_DECODE_UINT32_OR_DIE("cusec", tmp_int);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, length,
- "cusec: %u",
- tmp_int);
- }
-
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("sutime");
- }
-
- DIE_IF_NOT_CONTEXT_TYPE("sutime", KRB5_ERROR_STIME);
- KRB_DECODE_GENERAL_TIME_OR_DIE("stime", str, str_len, item_len);
- krb_proto_tree_add_time(kerberos_tree, asn1p->tvb, offset, item_len,
- "stime", str);
- offset += item_len;
-
- KRB_HEAD_DECODE_OR_DIE("susec");
- DIE_IF_NOT_CONTEXT_TYPE("susec", KRB5_ERROR_SUSEC);
- KRB_DECODE_UINT32_OR_DIE("susec", tmp_int);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, length,
- "susec: %u",
- tmp_int);
- }
- offset += item_len;
-
- KRB_HEAD_DECODE_OR_DIE("errcode");
- DIE_IF_NOT_CONTEXT_TYPE("errcode", KRB5_ERROR_ERROR_CODE);
- KRB_DECODE_UINT32_OR_DIE("errcode", tmp_int);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, length,
- "Error Code: %s",
- val_to_str(tmp_int, krb5_error_codes,
- "Unknown error code %#x"));
- }
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("crealm");
-
- if (CHECK_CONTEXT_TYPE(KRB5_ERROR_CREALM)) {
- KRB_DECODE_GENERAL_STRING_OR_DIE("crealm", str, str_len, item_len);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, item_len,
- "crealm: %.*s", str_len, str);
- }
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("cname");
- }
- if (CHECK_CONTEXT_TYPE(KRB5_ERROR_CNAME)) {
- item_len = dissect_PrincipalName("cname", asn1p, pinfo,
- kerberos_tree, offset);
- if (item_len == -1)
- return -1;
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("realm");
- }
- DIE_IF_NOT_CONTEXT_TYPE("realm", KRB5_ERROR_REALM);
- KRB_DECODE_GENERAL_STRING_OR_DIE("realm", str, str_len, item_len);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, item_len,
- "realm: %.*s", str_len, str);
- }
- offset += item_len;
- KRB_HEAD_DECODE_OR_DIE("sname");
-
- DIE_IF_NOT_CONTEXT_TYPE("sname", KRB5_ERROR_SNAME);
- item_len = dissect_PrincipalName("sname", asn1p, pinfo,
- kerberos_tree, offset);
- if (item_len == -1)
- return -1;
- offset += item_len;
-
- if (asn1p->offset >= message_end)
- break;
- KRB_HEAD_DECODE_OR_DIE("e-text");
- if ( CHECK_CONTEXT_TYPE(KRB5_ERROR_ETEXT) ) {
- KRB_DECODE_GENERAL_STRING_OR_DIE("etext", str, str_len, item_len);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, item_len,
- "etext: %.*s", str_len, str);
- }
- offset += item_len;
- if (asn1p->offset >= message_end)
- break;
- KRB_HEAD_DECODE_OR_DIE("e-data");
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_decrypt_AP_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 *plaintext=NULL;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
+ * 7.5.1
+ * Authenticators are encrypted with usage
+ * == 7 or
+ * == 11
+ */
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype);
}
- if ( CHECK_CONTEXT_TYPE(KRB5_ERROR_EDATA) ) {
- guchar *data;
- guint data_len;
+ if(plaintext){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
+
- KRB_DECODE_OCTET_STRING_OR_DIE("e-data", data, data_len, item_len);
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
- if (kerberos_tree) {
- proto_tree_add_text(kerberos_tree, tvb, offset, data_len,
- "Error Data: %s", bytes_to_str(data, item_len));
- }
- offset += data_len;
}
-
- break;
- }
- return offset;
+ return offset;
}
+#endif
-static void
-dissect_kerberos(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+
+static int
+dissect_krb5_encrypted_AP_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, dissect_krb5_decrypt_AP_REP_data);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, NULL);
+#endif
+ return offset;
+}
+static ber_sequence encrypted_AP_REP_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_AP_REP_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_AP_REP_data },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_encrypted_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- if (check_col(pinfo->fd, COL_PROTOCOL))
- col_set_str(pinfo->fd, COL_PROTOCOL, "KRB5");
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_AP_REP_sequence, hf_krb_AP_REP_enc, ett_krb_AP_REP_enc);
- dissect_kerberos_main(tvb, pinfo, tree);
+ return offset;
}
+/*
+ * AP-REP ::= [APPLICATION 15] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * enc-part[2] EncryptedData
+ * }
+ */
+static ber_sequence AP_REP_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_AP_REP },
+ { 0, 0, 0, NULL }
+};
static int
-dissect_PrincipalName(char *title, ASN1_SCK *asn1p, packet_info *pinfo,
- proto_tree *tree, int start_offset)
+dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
-/*
- PrincipalName ::= SEQUENCE {
- name-type[0] INTEGER,
- name-string[1] SEQUENCE OF GeneralString
- }
-*/
- proto_tree *princ_tree = NULL;
- int offset = start_offset;
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AP_REP_sequence, -1, -1);
- guint32 princ_type;
+ return offset;
+}
- int start;
- guint cls, con, tag;
- guint header_len, item_len, total_len, type_len;
- int ret;
- proto_item *item = NULL;
- guint length;
- gboolean def;
- int type_offset;
- guchar *name;
- guint name_len;
- /* principal name */
- KRB_SEQ_HEAD_DECODE_OR_DIE("principal section");
+static guint32 KDC_REP_etype;
+static int
+dissect_krb5_KDC_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(KDC_REP_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
- if (tree) {
- item = proto_tree_add_text(tree, asn1p->tvb, start_offset,
- (offset - start_offset) + item_len, "%s",
- title);
- princ_tree = proto_item_add_subtree(item, ett_princ);
- } else {
- item = NULL;
- princ_tree = NULL;
- }
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_decrypt_KDC_REP_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 *plaintext=NULL;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
+ * 7.5.1
+ * ASREP/TGSREP encryptedparts are encrypted with usage
+ * == 3 or
+ * == 8 or
+ * == 9
+ */
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ }
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ }
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ }
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("principal type", 0);
- KRB_DECODE_UINT32_OR_DIE("princ-type", princ_type);
- type_offset = offset;
- type_len = item_len;
- offset += length;
-
- if (princ_tree) {
- proto_tree_add_text(princ_tree, asn1p->tvb, type_offset, type_len,
- "Type: %s",
- val_to_str(princ_type, krb5_princ_types,
- "Unknown name type %#x"));
- }
+ if(plaintext){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
+
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("principal name-string", 1);
- KRB_SEQ_HEAD_DECODE_OR_DIE("principal name-string sequence-of");
- total_len = item_len;
- if (total_len == 0) {
- /* There are no name strings in this PrincipalName, so we can't
- put any in the top-level item. */
- return offset - start_offset;
- }
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
- /* Put the first name string in the top-level item. */
- KRB_DECODE_GENERAL_STRING_OR_DIE("principal name", name, name_len, item_len);
- if (princ_tree) {
- proto_item_set_text(item, "%s: %.*s", title, (int) name_len, name);
- proto_tree_add_text(princ_tree, asn1p->tvb, offset, item_len,
- "Name: %.*s", (int) name_len, name);
- }
- total_len -= item_len;
- offset += item_len;
-
- /* Now process the rest of the strings.
- XXX - put them in the item as well? */
- while (total_len > 0) {
- KRB_DECODE_GENERAL_STRING_OR_DIE("principal name", name, name_len, item_len);
- if (princ_tree) {
- proto_tree_add_text(princ_tree, asn1p->tvb, offset, item_len,
- "Name: %.*s", (int) name_len, name);
- }
- total_len -= item_len;
- offset += item_len;
- }
- return offset - start_offset;
+ }
+ return offset;
}
+#endif
+
+static int
+dissect_krb5_encrypted_KDC_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, dissect_krb5_decrypt_KDC_REP_data);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, NULL);
+#endif
+ return offset;
+}
+static ber_sequence encrypted_KDC_REP_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_KDC_REP_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_KDC_REP_data },
+ { 0, 0, 0, NULL }
+};
static int
-dissect_Addresses(char *title, ASN1_SCK *asn1p, packet_info *pinfo,
- proto_tree *tree, int start_offset) {
- proto_tree *address_tree = NULL;
- int offset = start_offset;
+dissect_krb5_encrypted_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_KDC_REP_sequence, hf_krb_KDC_REP_enc, ett_krb_KDC_REP_enc);
- int start, end;
- guint cls, con, tag;
- guint item_len;
- int ret;
+ return offset;
+}
- proto_item *item = NULL;
- gboolean def;
+/*
+ * KDC-REP ::= SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * padata[2] SEQUENCE OF PA-DATA OPTIONAL,
+ * crealm[3] Realm,
+ * cname[4] PrincipalName,
+ * ticket[5] Ticket,
+ * enc-part[6] EncryptedData
+ * }
+ */
+static ber_sequence KDC_REP_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
+ dissect_krb5_padata },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_crealm },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_cname },
+ { BER_CLASS_CON, 5, 0,
+ dissect_krb5_Ticket },
+ { BER_CLASS_CON, 6, 0,
+ dissect_krb5_encrypted_KDC_REP },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REP_sequence, -1, -1);
- int tmp_pos1, tmp_pos2;
- guint32 address_type;
+ return offset;
+}
- int str_len;
- guchar *str;
- KRB_HEAD_DECODE_OR_DIE("sequence of addresses");
- if (tree) {
- item = proto_tree_add_text(tree, asn1p->tvb, offset,
- item_len, "Addresses");
- address_tree = proto_item_add_subtree(item, ett_addresses);
- }
- start = offset;
- end = asn1p->offset + item_len;
-
- while(asn1p->offset < end) {
- dissect_type_value_pair(asn1p, &offset,
- &address_type, &item_len, &tmp_pos1,
- &str, &str_len, &tmp_pos2);
-
- if (address_tree) {
- proto_tree_add_text(address_tree, asn1p->tvb, tmp_pos1,
- item_len, "Type: %s",
- val_to_str(address_type, krb5_address_types,
- "Unknown address type %#x"));
- switch(address_type) {
- case KRB5_ADDR_IPv4:
- proto_tree_add_text(address_tree, asn1p->tvb, tmp_pos2,
- str_len, "Value: %d.%d.%d.%d",
- str[0], str[1], str[2], str[3]);
- break;
-
- default:
- proto_tree_add_text(address_tree, asn1p->tvb, tmp_pos2,
- str_len, "Value: %s",
- bytes_to_str(str, str_len));
- }
- }
- }
-
- return offset - start_offset;
+
+static int
+dissect_krb5_e_text(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_e_text, NULL, 0);
+ return offset;
}
-static int
-dissect_EncryptedData(char *title, ASN1_SCK *asn1p, packet_info *pinfo,
- proto_tree *tree, int start_offset)
+static int
+dissect_krb5_e_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
+ switch(krb5_errorcode){
+ case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, dissect_krb5_padata);
+
+ break;
+ default:
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, NULL);
+ }
+ return offset;
+}
+
+
/*
- EncryptedData ::= SEQUENCE {
- etype[0] INTEGER, -- EncryptionType
- kvno[1] INTEGER OPTIONAL,
- cipher[2] OCTET STRING -- ciphertext
- }
-*/
- proto_tree *encr_tree = NULL;
- int offset = start_offset;
+ * KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * ctime[2] KerberosTime OPTIONAL,
+ * cusec[3] INTEGER OPTIONAL,
+ * stime[4] KerberosTime,
+ * susec[5] INTEGER,
+ * error-code[6] INTEGER,
+ * crealm[7] Realm OPTIONAL,
+ * cname[8] PrincipalName OPTIONAL,
+ * realm[9] Realm, -- Correct realm
+ * sname[10] PrincipalName, -- Correct name
+ * e-text[11] GeneralString OPTIONAL,
+ * e-data[12] OCTET STRING OPTIONAL
+ * }
+ *
+ * e-data This field contains additional data about the error for use
+ * by the application to help it recover from or handle the
+ * error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
+ * the e-data field will contain an encoding of a sequence of
+ * padata fields, each corresponding to an acceptable pre-
+ * authentication method and optionally containing data for
+ * the method:
+ */
+static ber_sequence ERROR_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
+ dissect_krb5_ctime },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_cusec },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_stime },
+ { BER_CLASS_CON, 5, 0,
+ dissect_krb5_susec },
+ { BER_CLASS_CON, 6, 0,
+ dissect_krb5_error_code },
+ { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
+ dissect_krb5_crealm },
+ { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
+ dissect_krb5_cname },
+ { BER_CLASS_CON, 9, 0,
+ dissect_krb5_realm },
+ { BER_CLASS_CON, 10, 0,
+ dissect_krb5_sname },
+ { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
+ dissect_krb5_e_text },
+ { BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL,
+ dissect_krb5_e_data },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ERROR_sequence, -1, -1);
- int start;
- guint cls, con, tag;
- guint header_len, item_len, data_len;
- int ret;
+ return offset;
+}
- proto_item *item = NULL;
- guint length;
- gboolean def;
- guint32 val;
- guchar *data;
- KRB_SEQ_HEAD_DECODE_OR_DIE("encrypted data section");
+static struct { char *set; char *unset; } bitval = { "Set", "Not set" };
- if (tree) {
- item = proto_tree_add_text(tree, asn1p->tvb, start_offset,
- (offset - start_offset) + item_len,
- "Encrypted Data: %s", title);
- encr_tree = proto_item_add_subtree(item, ett_princ);
- }
+static void dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree);
+static void dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree);
+static gint dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, int do_col_info,
+ gboolean have_rm,
+ kerberos_callbacks *cb);
+static gint kerberos_rm_to_reclen(guint krb_rm);
+static void dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree);
+static guint get_krb_pdu_len(tvbuff_t *tvb, int offset);
- /* type */
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("encryption type", 0);
- KRB_DECODE_UINT32_OR_DIE("encr-type", val);
- if (encr_tree) {
- proto_tree_add_text(encr_tree, asn1p->tvb, offset, length,
- "Type: %s",
- val_to_str(val, krb5_encryption_types,
- "Unknown encryption type %#x"));
- }
- offset += length;
-
- /* kvno */
- KRB_HEAD_DECODE_OR_DIE("kvno-wrap or cipher-wrap");
- if (CHECK_CONTEXT_TYPE(1)) {
- KRB_DECODE_UINT32_OR_DIE("kvno", val);
- if (encr_tree) {
- proto_tree_add_text(encr_tree, asn1p->tvb, offset, length,
- "KVNO: %d", val);
- }
- offset += length;
- KRB_HEAD_DECODE_OR_DIE("cipher-wrap");
- }
- DIE_IF_NOT_CONTEXT_TYPE("cipher-wrap", 2);
- KRB_DECODE_OCTET_STRING_OR_DIE("cipher", data, data_len, item_len);
- if (encr_tree) {
- proto_tree_add_text(encr_tree, asn1p->tvb, offset, data_len,
- "CipherText: %s", bytes_to_str(data, item_len));
+gint
+dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
+{
+ return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, cb));
+}
+
+static void
+dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+
+ (void)dissect_kerberos_common(tvb, pinfo, tree, TRUE, FALSE, NULL);
+}
+
+static gint
+kerberos_rm_to_reclen(guint krb_rm)
+{
+ return (krb_rm & KRB_RM_RECLEN);
+}
+
+static guint
+get_krb_pdu_len(tvbuff_t *tvb, int offset)
+{
+ guint krb_rm;
+ gint pdulen;
+
+ krb_rm = tvb_get_ntohl(tvb, offset);
+ pdulen = kerberos_rm_to_reclen(krb_rm);
+ return (pdulen + 4);
+}
+
+static void
+dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ pinfo->fragmented = TRUE;
+ if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, NULL) < 0) {
+ /*
+ * The dissector failed to recognize this as a valid
+ * Kerberos message. Mark it as a continuation packet.
+ */
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
+ }
}
- offset += data_len;
-
- return offset - start_offset;
}
-static int
-dissect_Ticket(char *title, ASN1_SCK *asn1p, packet_info *pinfo,
- proto_tree *tree, int start_offset)
+static void
+dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+
+ tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
+ dissect_kerberos_tcp_pdu);
+}
+
/*
- Ticket ::= [APPLICATION 1] SEQUENCE {
- tkt-vno[0] INTEGER,
- realm[1] Realm,
- sname[2] PrincipalName,
- enc-part[3] EncryptedData
- }
-*/
- proto_tree *ticket_tree = NULL;
- int offset = start_offset;
+ * Display the TCP record mark.
+ */
+static void
+show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
+{
+ gint rec_len;
+ proto_item *rm_item;
+ proto_tree *rm_tree;
+
+ if (tree == NULL)
+ return;
+
+ rec_len = kerberos_rm_to_reclen(krb_rm);
+ rm_item = proto_tree_add_text(tree, tvb, start, 4,
+ "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
+ rm_tree = proto_item_add_subtree(rm_item, ett_krb_recordmark);
+ proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
+ proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
+}
- int start;
- guint cls, con, tag;
- guint header_len, total_len;
- gint item_len;
- int ret;
+static gint
+dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ int dci, gboolean have_rm, kerberos_callbacks *cb)
+{
+ int offset = 0;
+ proto_tree *kerberos_tree = NULL;
proto_item *item = NULL;
- gint length;
- gboolean def;
- guint32 val;
+ void *saved_private_data;
- int str_len;
- guchar *str;
+ /* TCP record mark and length */
+ guint32 krb_rm = 0;
+ gint krb_reclen = 0;
- KRB_DECODE_APPLICATION_TAGGED_HEAD_OR_DIE("Ticket section", 1);
- KRB_SEQ_HEAD_DECODE_OR_DIE("Ticket sequence");
- total_len = item_len;
+ saved_private_data=pinfo->private_data;
+ pinfo->private_data=cb;
+ do_col_info=dci;
if (tree) {
- item = proto_tree_add_text(tree, asn1p->tvb, start_offset,
- (offset - start_offset) + item_len,
- "Ticket");
- ticket_tree = proto_item_add_subtree(item, ett_ticket);
+ item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
+ kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
}
- /* type */
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("Ticket tkt-vno", KRB5_TKT_TKT_VNO);
- KRB_DECODE_UINT32_OR_DIE("Ticket tkt-vno", val);
- if (ticket_tree) {
- proto_tree_add_text(ticket_tree, asn1p->tvb, offset, length,
- "Version: %u", val);
- }
- offset += length;
- total_len -= length;
-
- /* realm name */
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("Ticket realm", KRB5_TKT_REALM);
- KRB_DECODE_GENERAL_STRING_OR_DIE("Ticket realm string", str, str_len, item_len);
- if (ticket_tree) {
- proto_tree_add_text(ticket_tree, asn1p->tvb, offset, item_len,
- "Realm: %.*s", str_len, str);
+ if (have_rm) {
+ krb_rm = tvb_get_ntohl(tvb, offset);
+ krb_reclen = kerberos_rm_to_reclen(krb_rm);
+ /*
+ * What is a reasonable size limit?
+ */
+ if (krb_reclen > 10 * 1024 * 1024) {
+ pinfo->private_data=saved_private_data;
+ return (-1);
+ }
+ show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
+ offset += 4;
}
- offset += item_len;
- total_len -= item_len;
- /* server name (sname) */
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("Ticket sname", KRB5_TKT_SNAME);
- item_len = dissect_PrincipalName("Service Name", asn1p, pinfo, ticket_tree,
- offset);
- if (item_len == -1)
- return -1;
- offset += item_len;
+ offset=dissect_ber_choice(pinfo, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1);
- /* encrypted part */
- KRB_DECODE_CONTEXT_HEAD_OR_DIE("enc-part", KRB5_TKT_ENC_PART);
- length = dissect_EncryptedData("Ticket data", asn1p, pinfo, ticket_tree,
- offset);
- if (length == -1)
- return -1;
- offset += length;
-
- return offset - start_offset;
+ proto_item_set_len(item, offset);
+ pinfo->private_data=saved_private_data;
+ return offset;
}
void
-proto_register_kerberos(void) {
-/*
+proto_register_kerberos(void)
+{
static hf_register_info hf[] = {
+ { &hf_krb_rm_reserved, {
+ "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
+ &bitval, KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
+ { &hf_krb_rm_reclen, {
+ "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
+ NULL, KRB_RM_RECLEN, "Record length", HFILL }},
+ { &hf_krb_transitedtype, {
+ "Type", "kerberos.transited.type", FT_UINT32, BASE_DEC,
+ VALS(krb5_transited_types), 0, "Transited Type", HFILL }},
+ { &hf_krb_transitedcontents, {
+ "Contents", "kerberos.transited.contents", FT_BYTES, BASE_HEX,
+ NULL, 0, "Transitent Contents string", HFILL }},
+ { &hf_krb_keytype, {
+ "Key type", "kerberos.keytype", FT_UINT32, BASE_DEC,
+ VALS(krb5_encryption_types), 0, "Key Type", HFILL }},
+ { &hf_krb_keyvalue, {
+ "Key value", "kerberos.keyvalue", FT_BYTES, BASE_HEX,
+ NULL, 0, "Key value (encryption key)", HFILL }},
+ { &hf_krb_adtype, {
+ "Type", "kerberos.adtype", FT_UINT32, BASE_DEC,
+ VALS(krb5_ad_types), 0, "Authorization Data Type", HFILL }},
+ { &hf_krb_IF_RELEVANT_type, {
+ "Type", "kerberos.IF_RELEVANT.type", FT_UINT32, BASE_DEC,
+ VALS(krb5_ad_types), 0, "IF-RELEVANT Data Type", HFILL }},
+ { &hf_krb_advalue, {
+ "Data", "kerberos.advalue", FT_BYTES, BASE_HEX,
+ NULL, 0, "Authentication Data", HFILL }},
+ { &hf_krb_IF_RELEVANT_value, {
+ "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_HEX,
+ NULL, 0, "IF_RELEVANT Data", HFILL }},
+ { &hf_krb_etype, {
+ "Encryption type", "kerberos.etype", FT_INT32, BASE_DEC,
+ VALS(krb5_encryption_types), 0, "Encryption Type", HFILL }},
+ { &hf_krb_addr_type, {
+ "Addr-type", "kerberos.addr_type", FT_UINT32, BASE_DEC,
+ VALS(krb5_address_types), 0, "Address Type", HFILL }},
+ { &hf_krb_pac_signature_type, {
+ "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
+ NULL, 0, "PAC Signature Type", HFILL }},
+ { &hf_krb_name_type, {
+ "Name-type", "kerberos.name_type", FT_INT32, BASE_DEC,
+ VALS(krb5_princ_types), 0, "Type of principal name", HFILL }},
+ { &hf_krb_lr_type, {
+ "Lr-type", "kerberos.lr_type", FT_UINT32, BASE_DEC,
+ VALS(krb5_lr_types), 0, "Type of lastreq value", HFILL }},
+ { &hf_krb_address_ip, {
+ "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
+ NULL, 0, "IP Address", HFILL }},
+ { &hf_krb_address_netbios, {
+ "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
+ NULL, 0, "NetBIOS Address and type", HFILL }},
+ { &hf_krb_contentinfo_contenttype, {
+ "ContentType", "kerberos.contenttype", FT_STRING, BASE_NONE,
+ NULL, 0, "ContentInfo ContentType field", HFILL }},
+ { &hf_krb_authtime, {
+ "Authtime", "kerberos.authtime", FT_STRING, BASE_NONE,
+ NULL, 0, "Time of initial authentication", HFILL }},
+ { &hf_krb_SAFE_BODY_timestamp, {
+ "Timestamp", "kerberos.SAFE_BODY.timestamp", FT_STRING, BASE_NONE,
+ NULL, 0, "Timestamp of this SAFE_BODY", HFILL }},
+ { &hf_krb_patimestamp, {
+ "patimestamp", "kerberos.patimestamp", FT_STRING, BASE_NONE,
+ NULL, 0, "Time of client", HFILL }},
+ { &hf_krb_pausec, {
+ "pausec", "kerberos.pausec", FT_UINT32, BASE_DEC,
+ NULL, 0, "Microsecond component of client time", HFILL }},
+ { &hf_krb_lr_time, {
+ "Lr-time", "kerberos.lr_time", FT_STRING, BASE_NONE,
+ NULL, 0, "Time of LR-entry", HFILL }},
+ { &hf_krb_starttime, {
+ "Start time", "kerberos.starttime", FT_STRING, BASE_NONE,
+ NULL, 0, "The time after which the ticket is valid", HFILL }},
+ { &hf_krb_endtime, {
+ "End time", "kerberos.endtime", FT_STRING, BASE_NONE,
+ NULL, 0, "The time after which the ticket has expired", HFILL }},
+ { &hf_krb_key_expire, {
+ "Key Expiration", "kerberos.key_expiration", FT_STRING, BASE_NONE,
+ NULL, 0, "The time after which the key will expire", HFILL }},
+ { &hf_krb_renew_till, {
+ "Renew-till", "kerberos.renenw_till", FT_STRING, BASE_NONE,
+ NULL, 0, "The maximum time we can renew the ticket until", HFILL }},
+ { &hf_krb_rtime, {
+ "rtime", "kerberos.rtime", FT_STRING, BASE_NONE,
+ NULL, 0, "Renew Until timestamp", HFILL }},
+ { &hf_krb_ctime, {
+ "ctime", "kerberos.ctime", FT_STRING, BASE_NONE,
+ NULL, 0, "Current Time on the client host", HFILL }},
+ { &hf_krb_cusec, {
+ "cusec", "kerberos.cusec", FT_UINT32, BASE_DEC,
+ NULL, 0, "micro second component of client time", HFILL }},
+ { &hf_krb_SAFE_BODY_usec, {
+ "usec", "kerberos.SAFE_BODY.usec", FT_UINT32, BASE_DEC,
+ NULL, 0, "micro second component of SAFE_BODY time", HFILL }},
+ { &hf_krb_stime, {
+ "stime", "kerberos.stime", FT_STRING, BASE_NONE,
+ NULL, 0, "Current Time on the server host", HFILL }},
+ { &hf_krb_susec, {
+ "susec", "kerberos.susec", FT_UINT32, BASE_DEC,
+ NULL, 0, "micro second component of server time", HFILL }},
+ { &hf_krb_error_code, {
+ "error_code", "kerberos.error_code", FT_UINT32, BASE_DEC,
+ VALS(krb5_error_codes), 0, "Kerberos error code", HFILL }},
+ { &hf_krb_from, {
+ "from", "kerberos.from", FT_STRING, BASE_NONE,
+ NULL, 0, "From when the ticket is to be valid (postdating)", HFILL }},
+ { &hf_krb_till, {
+ "till", "kerberos.till", FT_STRING, BASE_NONE,
+ NULL, 0, "When the ticket will expire", HFILL }},
+ { &hf_krb_name_string, {
+ "Name", "kerberos.name_string", FT_STRING, BASE_NONE,
+ NULL, 0, "String component that is part of a PrincipalName", HFILL }},
+ { &hf_krb_provsrv_location, {
+ "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
+ NULL, 0, "PacketCable PROV SRV Location", HFILL }},
+ { &hf_krb_e_text, {
+ "e-text", "kerberos.e_text", FT_STRING, BASE_NONE,
+ NULL, 0, "Additional (human readable) error description", HFILL }},
+ { &hf_krb_realm, {
+ "Realm", "kerberos.realm", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the Kerberos Realm", HFILL }},
+ { &hf_krb_crealm, {
+ "Client Realm", "kerberos.crealm", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the Clients Kerberos Realm", HFILL }},
+ { &hf_krb_pac_clientname, {
+ "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the Client in the PAC structure", HFILL }},
+ { &hf_krb_msg_type, {
+ "MSG Type", "kerberos.msg.type", FT_UINT32, BASE_DEC,
+ VALS(krb5_msg_types), 0, "Kerberos Message Type", HFILL }},
+ { &hf_krb_APOptions, {
+ "APOptions", "kerberos.apoptions", FT_BYTES, BASE_HEX,
+ NULL, 0, "Kerberos APOptions bitstring", HFILL }},
+ { &hf_krb_APOptions_use_session_key, {
+ "Use Session Key", "kerberos.apoptions.use_session_key", FT_BOOLEAN, 32,
+ TFS(&krb5_apoptions_use_session_key), 0x40000000, "", HFILL }},
+ { &hf_krb_APOptions_mutual_required, {
+ "Mutual required", "kerberos.apoptions.mutual_required", FT_BOOLEAN, 32,
+ TFS(&krb5_apoptions_mutual_required), 0x20000000, "", HFILL }},
+ { &hf_krb_KDCOptions, {
+ "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_HEX,
+ NULL, 0, "Kerberos KDCOptions bitstring", HFILL }},
+ { &hf_krb_TicketFlags, {
+ "Ticket Flags", "kerberos.ticketflags", FT_NONE, BASE_NONE,
+ NULL, 0, "Kerberos Ticket Flags", HFILL }},
+ { &hf_krb_TicketFlags_forwardable, {
+ "Forwardable", "kerberos.ticketflags.forwardable", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
+ { &hf_krb_TicketFlags_forwarded, {
+ "Forwarded", "kerberos.ticketflags.forwarded", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
+ { &hf_krb_TicketFlags_proxyable, {
+ "Proxyable", "kerberos.ticketflags.proxyable", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
+ { &hf_krb_TicketFlags_proxy, {
+ "Proxy", "kerberos.ticketflags.proxy", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
+ { &hf_krb_TicketFlags_allow_postdate, {
+ "Allow Postdate", "kerberos.ticketflags.allow_postdate", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
+ { &hf_krb_TicketFlags_postdated, {
+ "Postdated", "kerberos.ticketflags.postdated", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
+ { &hf_krb_TicketFlags_invalid, {
+ "Invalid", "kerberos.ticketflags.invalid", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_invalid), 0x01000000, "Whether this ticket is invalid or not", HFILL }},
+ { &hf_krb_TicketFlags_renewable, {
+ "Renewable", "kerberos.ticketflags.renewable", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
+ { &hf_krb_TicketFlags_initial, {
+ "Initial", "kerberos.ticketflags.initial", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_initial), 0x00400000, "Whether this ticket is an initial ticket or not", HFILL }},
+ { &hf_krb_TicketFlags_pre_auth, {
+ "Pre-Auth", "kerberos.ticketflags.pre_auth", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_pre_auth), 0x00200000, "Whether this ticket is pre-authenticated or not", HFILL }},
+ { &hf_krb_TicketFlags_hw_auth, {
+ "HW-Auth", "kerberos.ticketflags.hw_auth", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_hw_auth), 0x00100000, "Whether this ticket is hardware-authenticated or not", HFILL }},
+ { &hf_krb_TicketFlags_transited_policy_checked, {
+ "Transited Policy Checked", "kerberos.ticketflags.transited_policy_checked", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_transited_policy_checked), 0x00080000, "Whether this ticket is transited policy checked or not", HFILL }},
+ { &hf_krb_TicketFlags_ok_as_delegate, {
+ "Ok As Delegate", "kerberos.ticketflags.ok_as_delegate", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_ok_as_delegate), 0x00040000, "Whether this ticket is Ok As Delegate or not", HFILL }},
+ { &hf_krb_KDC_REQ_BODY, {
+ "KDC_REQ_BODY", "kerberos.kdc_req_body", FT_NONE, BASE_NONE,
+ NULL, 0, "Kerberos KDC REQuest BODY", HFILL }},
+ { &hf_krb_PRIV_BODY, {
+ "PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE,
+ NULL, 0, "Kerberos PRIVate BODY", HFILL }},
+ { &hf_krb_encrypted_PRIV, {
+ "Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE,
+ NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
+ { &hf_krb_KDCOptions_forwardable, {
+ "Forwardable", "kerberos.kdcoptions.forwardable", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
+ { &hf_krb_KDCOptions_forwarded, {
+ "Forwarded", "kerberos.kdcoptions.forwarded", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
+ { &hf_krb_KDCOptions_proxyable, {
+ "Proxyable", "kerberos.kdcoptions.proxyable", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
+ { &hf_krb_KDCOptions_proxy, {
+ "Proxy", "kerberos.kdcoptions.proxy", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
+ { &hf_krb_KDCOptions_allow_postdate, {
+ "Allow Postdate", "kerberos.kdcoptions.allow_postdate", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
+ { &hf_krb_KDCOptions_postdated, {
+ "Postdated", "kerberos.kdcoptions.postdated", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
+ { &hf_krb_KDCOptions_renewable, {
+ "Renewable", "kerberos.kdcoptions.renewable", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
+ { &hf_krb_KDCOptions_canonicalize, {
+ "Canonicalize", "kerberos.kdcoptions.canonicalize", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_canonicalize), 0x00010000, "Do we want the KDC to canonicalize the principal or not", HFILL }},
+ { &hf_krb_KDCOptions_opt_hardware_auth, {
+ "Opt HW Auth", "kerberos.kdcoptions.opt_hardware_auth", FT_BOOLEAN, 32,
+ NULL, 0x00100000, "Opt HW Auth flag", HFILL }},
+ { &hf_krb_KDCOptions_disable_transited_check, {
+ "Disable Transited Check", "kerberos.kdcoptions.disable_transited_check", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_disable_transited_check), 0x00000020, "Whether we should do transited checking or not", HFILL }},
+ { &hf_krb_KDCOptions_renewable_ok, {
+ "Renewable OK", "kerberos.kdcoptions.renewable_ok", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_renewable_ok), 0x00000010, "Whether we accept renewed tickets or not", HFILL }},
+ { &hf_krb_KDCOptions_enc_tkt_in_skey, {
+ "Enc-Tkt-in-Skey", "kerberos.kdcoptions.enc_tkt_in_skey", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_enc_tkt_in_skey), 0x00000008, "Whether the ticket is encrypted in the skey or not", HFILL }},
+ { &hf_krb_KDCOptions_renew, {
+ "Renew", "kerberos.kdcoptions.renew", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_renew), 0x00000002, "Is this a request to renew a ticket?", HFILL }},
+ { &hf_krb_KDCOptions_validate, {
+ "Validate", "kerberos.kdcoptions.validate", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_validate), 0x00000001, "Is this a request to validate a postdated ticket?", HFILL }},
+ { &hf_krb_pvno, {
+ "Pvno", "kerberos.pvno", FT_UINT32, BASE_DEC,
+ NULL, 0, "Kerberos Protocol Version Number", HFILL }},
+ { &hf_krb_kvno, {
+ "Kvno", "kerberos.kvno", FT_UINT32, BASE_DEC,
+ NULL, 0, "Version Number for the encryption Key", HFILL }},
+ { &hf_krb_checksum_type, {
+ "Type", "kerberos.checksum.type", FT_UINT32, BASE_DEC,
+ VALS(krb5_checksum_types), 0, "Type of checksum", HFILL }},
+ { &hf_krb_authenticator_vno, {
+ "Authenticator vno", "kerberos.authenticator_vno", FT_UINT32, BASE_DEC,
+ NULL, 0, "Version Number for the Authenticator", HFILL }},
+ { &hf_krb_encrypted_authenticator_data, {
+ "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_HEX,
+ NULL, 0, "Data content of an encrypted authenticator", HFILL }},
+ { &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
+ "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_HEX,
+ NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
+ { &hf_krb_PAC_LOGON_INFO, {
+ "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_HEX,
+ NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
+ { &hf_krb_PAC_CREDENTIAL_TYPE, {
+ "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_HEX,
+ NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
+ { &hf_krb_PAC_SERVER_CHECKSUM, {
+ "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_HEX,
+ NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
+ { &hf_krb_PAC_PRIVSVR_CHECKSUM, {
+ "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_HEX,
+ NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
+ { &hf_krb_PAC_CLIENT_INFO_TYPE, {
+ "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_HEX,
+ NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
+ { &hf_krb_checksum_checksum, {
+ "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_HEX,
+ NULL, 0, "Kerberos Checksum", HFILL }},
+ { &hf_krb_ENC_PRIV, {
+ "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_HEX,
+ NULL, 0, "Encrypted PRIV blob", HFILL }},
+ { &hf_krb_encrypted_Ticket_data, {
+ "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_HEX,
+ NULL, 0, "The encrypted part of a ticket", HFILL }},
+ { &hf_krb_encrypted_AP_REP_data, {
+ "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_HEX,
+ NULL, 0, "The encrypted part of AP-REP", HFILL }},
+ { &hf_krb_encrypted_KDC_REP_data, {
+ "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_HEX,
+ NULL, 0, "The encrypted part of KDC-REP", HFILL }},
+ { &hf_krb_PA_DATA_value, {
+ "Value", "kerberos.padata.value", FT_BYTES, BASE_HEX,
+ NULL, 0, "Content of the PADATA blob", HFILL }},
+ { &hf_krb_etype_info_salt, {
+ "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX,
+ NULL, 0, "Salt", HFILL }},
+ { &hf_krb_SAFE_BODY_user_data, {
+ "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX,
+ NULL, 0, "SAFE BODY userdata field", HFILL }},
+ { &hf_krb_pac_signature_signature, {
+ "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_HEX,
+ NULL, 0, "A PAC signature blob", HFILL }},
+ { &hf_krb_PA_DATA_type, {
+ "Type", "kerberos.padata.type", FT_UINT32, BASE_DEC,
+ VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
+ { &hf_krb_nonce, {
+ "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
+ NULL, 0, "Kerberos Nonce random number", HFILL }},
+ { &hf_krb_tkt_vno, {
+ "Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
+ NULL, 0, "Version number for the Ticket format", HFILL }},
+ { &hf_krb_HostAddress, {
+ "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
+ { &hf_krb_s_address, {
+ "S-Address", "kerberos.s_address", FT_NONE, BASE_DEC,
+ NULL, 0, "This is the Senders address", HFILL }},
+ { &hf_krb_signedAuthPack, {
+ "signedAuthPack", "kerberos.signedAuthPack", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos ContentInfo sequence", HFILL }},
+ { &hf_krb_key, {
+ "key", "kerberos.key", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
+ { &hf_krb_subkey, {
+ "Subkey", "kerberos.subkey", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos subkey", HFILL }},
+ { &hf_krb_seq_number, {
+ "Seq Number", "kerberos.seq_number", FT_UINT32, BASE_DEC,
+ NULL, 0, "This is a Kerberos sequence number", HFILL }},
+ { &hf_krb_AuthorizationData, {
+ "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos AuthorizationData sequence", HFILL }},
+ { &hf_krb_EncTicketPart, {
+ "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a decrypted Kerberos EncTicketPart sequence", HFILL }},
+ { &hf_krb_EncAPRepPart, {
+ "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
+ { &hf_krb_EncKDCRepPart, {
+ "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
+ { &hf_krb_LastReq, {
+ "LastReq", "kerberos.LastReq", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a LastReq sequence", HFILL }},
+ { &hf_krb_Authenticator, {
+ "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a decrypted Kerberos Authenticator sequence", HFILL }},
+ { &hf_krb_Checksum, {
+ "Checksum", "kerberos.Checksum", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos Checksum sequence", HFILL }},
+ { &hf_krb_HostAddresses, {
+ "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a list of Kerberos HostAddress sequences", HFILL }},
+ { &hf_krb_IF_RELEVANT, {
+ "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a list of IF-RELEVANT sequences", HFILL }},
+ { &hf_krb_etypes, {
+ "Encryption Types", "kerberos.etypes", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
+ { &hf_krb_LastReqs, {
+ "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a list of LastReq structures", HFILL }},
+ { &hf_krb_sname, {
+ "Server Name", "kerberos.sname", FT_NONE, BASE_DEC,
+ NULL, 0, "This is the name part server's identity", HFILL }},
+ { &hf_krb_cname, {
+ "Client Name", "kerberos.cname", FT_NONE, BASE_DEC,
+ NULL, 0, "The name part of the client principal identifier", HFILL }},
+ { &hf_krb_authenticator_enc, {
+ "Authenticator", "kerberos.authenticator", FT_NONE, BASE_DEC,
+ NULL, 0, "Encrypted authenticator blob", HFILL }},
+ { &hf_krb_ticket_enc, {
+ "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_DEC,
+ NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
+ { &hf_krb_AP_REP_enc, {
+ "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_DEC,
+ NULL, 0, "The structure holding the encrypted part of AP-REP", HFILL }},
+ { &hf_krb_KDC_REP_enc, {
+ "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_DEC,
+ NULL, 0, "The structure holding the encrypted part of KDC-REP", HFILL }},
+ { &hf_krb_e_data, {
+ "e-data", "kerberos.e_data", FT_NONE, BASE_DEC,
+ NULL, 0, "The e-data blob", HFILL }},
+ { &hf_krb_padata, {
+ "padata", "kerberos.padata", FT_NONE, BASE_DEC,
+ NULL, 0, "Sequence of preauthentication data", HFILL }},
+ { &hf_krb_ticket, {
+ "Ticket", "kerberos.ticket", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos Ticket", HFILL }},
+ { &hf_krb_TransitedEncoding, {
+ "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
+ { &hf_krb_PA_PAC_REQUEST_flag, {
+ "PAC Request", "kerberos.pac_request.flag", FT_UINT32, BASE_DEC,
+ NULL, 0, "This is a MS PAC Request Flag", HFILL }},
+ { &hf_krb_w2k_pac_entries, {
+ "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
+ NULL, 0, "Number of W2k PAC entries", HFILL }},
+ { &hf_krb_w2k_pac_version, {
+ "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
+ NULL, 0, "Version of PAC structures", HFILL }},
+ { &hf_krb_w2k_pac_type, {
+ "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
+ VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
+ { &hf_krb_w2k_pac_size, {
+ "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
+ NULL, 0, "Size of W2k PAC entry", HFILL }},
+ { &hf_krb_w2k_pac_offset, {
+ "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
+ NULL, 0, "Offset to W2k PAC entry", HFILL }},
+ { &hf_krb_pac_clientid, {
+ "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, BASE_NONE,
+ NULL, 0, "ClientID Timestamp", HFILL }},
+ { &hf_krb_pac_namelen, {
+ "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
+ NULL, 0, "Length of client name", HFILL }},
};
-*/
+
static gint *ett[] = {
- &ett_kerberos,
- &ett_preauth,
- &ett_request,
- &ett_princ,
- &ett_encrypted,
- &ett_ticket,
- &ett_addresses,
- &ett_etype,
- &ett_additional_tickets,
+ &ett_krb_kerberos,
+ &ett_krb_KDC_REP_enc,
+ &ett_krb_sname,
+ &ett_krb_cname,
+ &ett_krb_AP_REP_enc,
+ &ett_krb_padata,
+ &ett_krb_etypes,
+ &ett_krb_LastReqs,
+ &ett_krb_IF_RELEVANT,
+ &ett_krb_PA_DATA_tree,
+ &ett_krb_s_address,
+ &ett_krb_HostAddress,
+ &ett_krb_HostAddresses,
+ &ett_krb_authenticator_enc,
+ &ett_krb_AP_Options,
+ &ett_krb_KDC_Options,
+ &ett_krb_Ticket_Flags,
+ &ett_krb_request,
+ &ett_krb_recordmark,
+ &ett_krb_ticket,
+ &ett_krb_ticket_enc,
+ &ett_krb_PRIV,
+ &ett_krb_PRIV_enc,
+ &ett_krb_EncTicketPart,
+ &ett_krb_EncAPRepPart,
+ &ett_krb_EncKDCRepPart,
+ &ett_krb_LastReq,
+ &ett_krb_Authenticator,
+ &ett_krb_Checksum,
+ &ett_krb_key,
+ &ett_krb_subkey,
+ &ett_krb_AuthorizationData,
+ &ett_krb_TransitedEncoding,
+ &ett_krb_PAC,
+ &ett_krb_PAC_LOGON_INFO,
+ &ett_krb_PAC_CREDENTIAL_TYPE,
+ &ett_krb_PAC_SERVER_CHECKSUM,
+ &ett_krb_PAC_PRIVSVR_CHECKSUM,
+ &ett_krb_PAC_CLIENT_INFO_TYPE,
+ &ett_krb_signedAuthPack,
};
+ module_t *krb_module;
+
proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
-/*
proto_register_field_array(proto_kerberos, hf, array_length(hf));
-*/
proto_register_subtree_array(ett, array_length(ett));
+
+ /* Register preferences */
+ krb_module = prefs_register_protocol(proto_kerberos, NULL);
+ prefs_register_bool_preference(krb_module, "desegment",
+ "Desegment Kerberos over TCP messages",
+ "Whether the dissector should desegment "
+ "multi-segment Kerberos messages", &krb_desegment);
+#ifdef HAVE_KERBEROS
+ prefs_register_bool_preference(krb_module, "decrypt",
+ "Try to decrypt Kerberos blobs",
+ "Whether the dissector should try to decrypt "
+ "encrypted Kerberos blobs. This requires that the proper "
+ "keytab file is installed as well.", &krb_decrypt);
+
+ prefs_register_string_preference(krb_module, "file",
+ "Kerberos keytab file",
+ "The keytab file containing all the secrets",
+ &keytab_filename);
+#endif
+}
+
+static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
+ proto_tree *tree, guint8 *drep _U_)
+{
+ tvbuff_t *auth_tvb;
+
+ auth_tvb = tvb_new_subset(
+ tvb, offset, tvb_length_remaining(tvb, offset),
+ tvb_length_remaining(tvb, offset));
+
+ dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
+
+ return tvb_length_remaining(tvb, offset);
}
+
+static dcerpc_auth_subdissector_fns gss_kerb_auth_fns = {
+ wrap_dissect_gss_kerb, /* Bind */
+ wrap_dissect_gss_kerb, /* Bind ACK */
+ NULL, /* AUTH3 */
+ wrap_dissect_gssapi_verf, /* Request verifier */
+ wrap_dissect_gssapi_verf, /* Response verifier */
+ NULL, /* Request data */
+ NULL /* Response data */
+};
+
+
void
proto_reg_handoff_kerberos(void)
{
- dissector_handle_t kerberos_handle;
+ dissector_handle_t kerberos_handle_udp;
+ dissector_handle_t kerberos_handle_tcp;
+
+ kerberos_handle_udp = create_dissector_handle(dissect_kerberos_udp,
+ proto_kerberos);
+ kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp,
+ proto_kerberos);
+ dissector_add("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
+ dissector_add("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
+
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
+ DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
+ &gss_kerb_auth_fns);
- kerberos_handle = create_dissector_handle(dissect_kerberos, proto_kerberos);
- dissector_add("udp.port", UDP_PORT_KERBEROS, kerberos_handle);
- dissector_add("tcp.port", TCP_PORT_KERBEROS, kerberos_handle);
}
/*
MISC definitions from RFC1510:
-
+
Realm ::= GeneralString
KerberosTime ::= GeneralizedTime
- HostAddress ::= SEQUENCE {
- addr-type[0] INTEGER,
- address[1] OCTET STRING
- }
-
- HostAddresses ::= SEQUENCE OF SEQUENCE {
- addr-type[0] INTEGER,
- address[1] OCTET STRING
- }
-
AuthorizationData ::= SEQUENCE OF SEQUENCE {
ad-type[0] INTEGER,
ad-data[1] OCTET STRING
caddr[11] HostAddresses OPTIONAL
}
- AP-REQ ::= [APPLICATION 14] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- ap-options[2] APOptions,
- ticket[3] Ticket,
- authenticator[4] EncryptedData
- }
-
APOptions ::= BIT STRING {
reserved(0),
use-session-key(1),
mutual-required(2)
}
- AP-REP ::= [APPLICATION 15] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- enc-part[2] EncryptedData
- }
-
EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
ctime[0] KerberosTime,
cusec[1] INTEGER,
caddr[10] HostAddresses OPTIONAL
}
- KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- ctime[2] KerberosTime OPTIONAL,
- cusec[3] INTEGER OPTIONAL,
- stime[4] KerberosTime,
- susec[5] INTEGER,
- error-code[6] INTEGER,
- crealm[7] Realm OPTIONAL,
- cname[8] PrincipalName OPTIONAL,
- realm[9] Realm, -- Correct realm
- sname[10] PrincipalName, -- Correct name
- e-text[11] GeneralString OPTIONAL,
- e-data[12] OCTET STRING OPTIONAL
- }
-
- e-data This field contains additional data about the error for use
- by the application to help it recover from or handle the
- error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
- the e-data field will contain an encoding of a sequence of
- padata fields, each corresponding to an acceptable pre-
- authentication method and optionally containing data for
- the method:
-
METHOD-DATA ::= SEQUENCE of PA-DATA
If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
}
*/
+
git.samba.org / obnox / wireshark / wip.git / blobdiff