2 * Routines for Kerberos
3 * Wes Hardaker (c) 2000
4 * wjhardaker@ucdavis.edu
5 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
6 * added AP-REQ and AP-REP dissection
8 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
9 * decryption of kerberos blobs if keytab is provided
11 * See RFC 1510, and various I-Ds and other documents showing additions,
12 * e.g. ones listed under
14 * http://www.isi.edu/people/bcn/krb-revisions/
18 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
22 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-05.txt
24 * Some structures from RFC2630
26 * Ted Percival ted[AT]midg3t.net
27 * Support for PA-S4U2Self Kerberos packet type based on ASN.1 description
29 * http://loka.it.su.se/source/xref/heimdal/heimdal/lib/asn1/k5.asn1
33 * Wireshark - Network traffic analyzer
34 * By Gerald Combs <gerald@wireshark.org>
35 * Copyright 1998 Gerald Combs
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License
39 * as published by the Free Software Foundation; either version 2
40 * of the License, or (at your option) any later version.
42 * This program is distributed in the hope that it will be useful,
43 * but WITHOUT ANY WARRANTY; without even the implied warranty of
44 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 * GNU General Public License for more details.
47 * You should have received a copy of the GNU General Public License
48 * along with this program; if not, write to the Free Software
49 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
53 * Some of the development of the Kerberos protocol decoder was sponsored by
54 * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary
55 * CableLabs' specifications. Your license and use of this protocol decoder
56 * does not mean that you are licensed to use the CableLabs'
57 * specifications. If you have questions about this protocol, contact
58 * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional
77 #include <nettle/des.h>
78 #include <nettle/cbc.h>
80 #include <epan/crypt/md5.h>
81 #include <sys/stat.h> /* For keyfile manipulation */
84 #include <epan/packet.h>
86 #include <epan/strutil.h>
88 #include <epan/conversation.h>
89 #include <epan/emem.h>
90 #include <epan/asn1.h>
91 #include <epan/expert.h>
92 #include <epan/dissectors/packet-kerberos.h>
93 #include <epan/dissectors/packet-netbios.h>
94 #include <epan/dissectors/packet-tcp.h>
95 #include <epan/prefs.h>
96 #include <epan/dissectors/packet-ber.h>
97 #include <epan/dissectors/packet-pkinit.h>
98 #include <epan/dissectors/packet-cms.h>
99 #include <epan/dissectors/packet-windows-common.h>
101 #include <epan/dissectors/packet-dcerpc-netlogon.h>
102 #include <epan/dissectors/packet-dcerpc.h>
104 #include <epan/dissectors/packet-gssapi.h>
105 #include <epan/dissectors/packet-smb-common.h>
107 #include <wsutil/file_util.h>
109 #define UDP_PORT_KERBEROS 88
110 #define TCP_PORT_KERBEROS 88
112 static dissector_handle_t kerberos_handle_udp;
114 /* Desegment Kerberos over TCP messages */
115 static gboolean krb_desegment = TRUE;
117 static gint proto_kerberos = -1;
118 static gint hf_krb_rm_reserved = -1;
119 static gint hf_krb_rm_reclen = -1;
121 static gint hf_krb_pac_signature_type = -1;
122 static gint hf_krb_pac_signature_signature = -1;
123 static gint hf_krb_pac_clientid = -1;
124 static gint hf_krb_pac_namelen = -1;
125 static gint hf_krb_pac_clientname = -1;
126 static gint hf_krb_pac_upn_flags = -1;
127 static gint hf_krb_pac_upn_upn_name = -1;
128 static gint hf_krb_pac_upn_dns_name = -1;
129 static gint hf_krb_pac_upn_dns_offset = -1;
130 static gint hf_krb_pac_upn_dns_len = -1;
131 static gint hf_krb_pac_upn_upn_offset = -1;
132 static gint hf_krb_pac_upn_upn_len = -1;
133 static gint hf_krb_w2k_pac_entries = -1;
134 static gint hf_krb_w2k_pac_version = -1;
135 static gint hf_krb_w2k_pac_type = -1;
136 static gint hf_krb_w2k_pac_size = -1;
137 static gint hf_krb_w2k_pac_offset = -1;
138 static gint hf_krb_padata = -1;
139 static gint hf_krb_error_code = -1;
140 static gint hf_krb_ticket = -1;
141 static gint hf_krb_AP_REP_enc = -1;
142 static gint hf_krb_KDC_REP_enc = -1;
143 static gint hf_krb_tkt_vno = -1;
144 static gint hf_krb_e_data = -1;
145 static gint hf_krb_TransitedEncoding = -1;
146 static gint hf_krb_PA_PAC_REQUEST_flag = -1;
147 static gint hf_krb_encrypted_authenticator_data = -1;
148 static gint hf_krb_PAC_LOGON_INFO = -1;
149 static gint hf_krb_PAC_CREDENTIAL_TYPE = -1;
150 static gint hf_krb_PAC_SERVER_CHECKSUM = -1;
151 static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
152 static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
153 static gint hf_krb_PAC_S4U_DELEGATION_INFO = -1;
154 static gint hf_krb_PAC_UPN_DNS_INFO = -1;
155 static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
156 static gint hf_krb_encrypted_enc_authorization_data = -1;
157 static gint hf_krb_encrypted_EncKrbCredPart = -1;
158 static gint hf_krb_checksum_checksum = -1;
159 static gint hf_krb_encrypted_PRIV = -1;
160 static gint hf_krb_encrypted_Ticket_data = -1;
161 static gint hf_krb_encrypted_AP_REP_data = -1;
162 static gint hf_krb_encrypted_KDC_REP_data = -1;
163 static gint hf_krb_PA_DATA_type = -1;
164 static gint hf_krb_PA_DATA_value = -1;
165 static gint hf_krb_etype_info_salt = -1;
166 static gint hf_krb_etype_info2_salt = -1;
167 static gint hf_krb_etype_info2_s2kparams = -1;
168 static gint hf_krb_SAFE_BODY_user_data = -1;
169 static gint hf_krb_PRIV_BODY_user_data = -1;
170 static gint hf_krb_realm = -1;
171 static gint hf_krb_srealm = -1;
172 static gint hf_krb_prealm = -1;
173 static gint hf_krb_crealm = -1;
174 static gint hf_krb_sname = -1;
175 static gint hf_krb_pname = -1;
176 static gint hf_krb_cname = -1;
177 static gint hf_krb_name_string = -1;
178 static gint hf_krb_provsrv_location = -1;
179 static gint hf_krb_e_text = -1;
180 static gint hf_krb_s4u2self_auth = -1;
181 static gint hf_krb_name_type = -1;
182 static gint hf_krb_lr_type = -1;
183 static gint hf_krb_from = -1;
184 static gint hf_krb_till = -1;
185 static gint hf_krb_authtime = -1;
186 static gint hf_krb_patimestamp = -1;
187 static gint hf_krb_SAFE_BODY_timestamp = -1;
188 static gint hf_krb_pausec = -1;
189 static gint hf_krb_lr_time = -1;
190 static gint hf_krb_starttime = -1;
191 static gint hf_krb_endtime = -1;
192 static gint hf_krb_key_expire = -1;
193 static gint hf_krb_renew_till = -1;
194 static gint hf_krb_rtime = -1;
195 static gint hf_krb_ctime = -1;
196 static gint hf_krb_cusec = -1;
197 static gint hf_krb_stime = -1;
198 static gint hf_krb_susec = -1;
199 static gint hf_krb_SAFE_BODY_usec = -1;
200 static gint hf_krb_nonce = -1;
201 static gint hf_krb_transitedtype = -1;
202 static gint hf_krb_transitedcontents = -1;
203 static gint hf_krb_keytype = -1;
204 static gint hf_krb_keyvalue = -1;
205 static gint hf_krb_IF_RELEVANT_type = -1;
206 static gint hf_krb_IF_RELEVANT_value = -1;
207 static gint hf_krb_adtype = -1;
208 static gint hf_krb_advalue = -1;
209 static gint hf_krb_etype = -1;
210 static gint hf_krb_etypes = -1;
211 static gint hf_krb_KrbCredInfos = -1;
212 static gint hf_krb_sq_tickets = -1;
213 static gint hf_krb_LastReqs = -1;
214 static gint hf_krb_IF_RELEVANT = -1;
215 static gint hf_krb_addr_type = -1;
216 static gint hf_krb_address_ip = -1;
217 static gint hf_krb_address_ipv6 = -1;
218 static gint hf_krb_address_netbios = -1;
219 static gint hf_krb_msg_type = -1;
220 static gint hf_krb_pvno = -1;
221 static gint hf_krb_kvno = -1;
222 static gint hf_krb_checksum_type = -1;
223 static gint hf_krb_authenticator_vno = -1;
224 static gint hf_krb_AuthorizationData = -1;
225 static gint hf_krb_key = -1;
226 static gint hf_krb_subkey = -1;
227 static gint hf_krb_seq_number = -1;
228 static gint hf_krb_EncTicketPart = -1;
229 static gint hf_krb_EncAPRepPart = -1;
230 static gint hf_krb_EncKrbPrivPart = -1;
231 static gint hf_krb_EncKrbCredPart = -1;
232 static gint hf_krb_EncKDCRepPart = -1;
233 static gint hf_krb_LastReq = -1;
234 static gint hf_krb_Authenticator = -1;
235 static gint hf_krb_Checksum = -1;
236 static gint hf_krb_s_address = -1;
237 static gint hf_krb_r_address = -1;
238 static gint hf_krb_KrbCredInfo = -1;
239 static gint hf_krb_HostAddress = -1;
240 static gint hf_krb_HostAddresses = -1;
241 static gint hf_krb_APOptions = -1;
242 static gint hf_krb_APOptions_reserved = -1;
243 static gint hf_krb_APOptions_use_session_key = -1;
244 static gint hf_krb_APOptions_mutual_required = -1;
245 static gint hf_krb_TicketFlags = -1;
246 static gint hf_krb_TicketFlags_forwardable = -1;
247 static gint hf_krb_TicketFlags_forwarded = -1;
248 static gint hf_krb_TicketFlags_proxiable = -1;
249 static gint hf_krb_TicketFlags_proxy = -1;
250 static gint hf_krb_TicketFlags_allow_postdate = -1;
251 static gint hf_krb_TicketFlags_postdated = -1;
252 static gint hf_krb_TicketFlags_invalid = -1;
253 static gint hf_krb_TicketFlags_renewable = -1;
254 static gint hf_krb_TicketFlags_initial = -1;
255 static gint hf_krb_TicketFlags_pre_auth = -1;
256 static gint hf_krb_TicketFlags_hw_auth = -1;
257 static gint hf_krb_TicketFlags_transited_policy_checked = -1;
258 static gint hf_krb_TicketFlags_ok_as_delegate = -1;
259 static gint hf_krb_KDCOptions = -1;
260 static gint hf_krb_KDCOptions_forwardable = -1;
261 static gint hf_krb_KDCOptions_forwarded = -1;
262 static gint hf_krb_KDCOptions_proxiable = -1;
263 static gint hf_krb_KDCOptions_proxy = -1;
264 static gint hf_krb_KDCOptions_allow_postdate = -1;
265 static gint hf_krb_KDCOptions_postdated = -1;
266 static gint hf_krb_KDCOptions_renewable = -1;
267 static gint hf_krb_KDCOptions_constrained_delegation = -1;
268 static gint hf_krb_KDCOptions_canonicalize = -1;
269 static gint hf_krb_KDCOptions_opt_hardware_auth = -1;
270 static gint hf_krb_KDCOptions_disable_transited_check = -1;
271 static gint hf_krb_KDCOptions_renewable_ok = -1;
272 static gint hf_krb_KDCOptions_enc_tkt_in_skey = -1;
273 static gint hf_krb_KDCOptions_renew = -1;
274 static gint hf_krb_KDCOptions_validate = -1;
275 static gint hf_krb_KDC_REQ_BODY = -1;
276 static gint hf_krb_PRIV_BODY = -1;
277 static gint hf_krb_CRED_BODY = -1;
278 static gint hf_krb_ENC_PRIV = -1;
279 static gint hf_krb_authenticator_enc = -1;
280 static gint hf_krb_CRED_enc = -1;
281 static gint hf_krb_ticket_enc = -1;
282 static gint hf_krb_e_checksum = -1;
283 static gint hf_krb_gssapi_len = -1;
284 static gint hf_krb_gssapi_bnd = -1;
285 static gint hf_krb_gssapi_dlgopt = -1;
286 static gint hf_krb_gssapi_dlglen = -1;
287 static gint hf_krb_gssapi_c_flag_deleg = -1;
288 static gint hf_krb_gssapi_c_flag_mutual = -1;
289 static gint hf_krb_gssapi_c_flag_replay = -1;
290 static gint hf_krb_gssapi_c_flag_sequence = -1;
291 static gint hf_krb_gssapi_c_flag_conf = -1;
292 static gint hf_krb_gssapi_c_flag_integ = -1;
293 static gint hf_krb_gssapi_c_flag_dce_style = -1;
294 static gint hf_krb_smb_nt_status = -1;
295 static gint hf_krb_smb_unknown = -1;
296 static gint hf_krb_midl_blob_len = -1;
297 static gint hf_krb_midl_fill_bytes = -1;
298 static gint hf_krb_midl_version = -1;
299 static gint hf_krb_midl_hdr_len = -1;
301 static gint ett_krb_kerberos = -1;
302 static gint ett_krb_TransitedEncoding = -1;
303 static gint ett_krb_PAC_LOGON_INFO = -1;
304 static gint ett_krb_PAC_SERVER_CHECKSUM = -1;
305 static gint ett_krb_PAC_PRIVSVR_CHECKSUM = -1;
306 static gint ett_krb_PAC_CLIENT_INFO_TYPE = -1;
307 static gint ett_krb_PAC_S4U_DELEGATION_INFO = -1;
308 static gint ett_krb_KDC_REP_enc = -1;
309 static gint ett_krb_EncTicketPart = -1;
310 static gint ett_krb_EncAPRepPart = -1;
311 static gint ett_krb_EncKrbPrivPart = -1;
312 static gint ett_krb_EncKrbCredPart = -1;
313 static gint ett_krb_EncKDCRepPart = -1;
314 static gint ett_krb_LastReq = -1;
315 static gint ett_krb_Authenticator = -1;
316 static gint ett_krb_Checksum = -1;
317 static gint ett_krb_key = -1;
318 static gint ett_krb_subkey = -1;
319 static gint ett_krb_AuthorizationData = -1;
320 static gint ett_krb_sname = -1;
321 static gint ett_krb_pname = -1;
322 static gint ett_krb_cname = -1;
323 static gint ett_krb_AP_REP_enc = -1;
324 static gint ett_krb_padata = -1;
325 static gint ett_krb_etypes = -1;
326 static gint ett_krb_KrbCredInfos = -1;
327 static gint ett_krb_sq_tickets = -1;
328 static gint ett_krb_LastReqs = -1;
329 static gint ett_krb_IF_RELEVANT = -1;
330 static gint ett_krb_PA_DATA_tree = -1;
331 static gint ett_krb_PAC = -1;
332 static gint ett_krb_s_address = -1;
333 static gint ett_krb_r_address = -1;
334 static gint ett_krb_KrbCredInfo = -1;
335 static gint ett_krb_HostAddress = -1;
336 static gint ett_krb_HostAddresses = -1;
337 static gint ett_krb_authenticator_enc = -1;
338 static gint ett_krb_CRED_enc = -1;
339 static gint ett_krb_AP_Options = -1;
340 static gint ett_krb_KDC_Options = -1;
341 static gint ett_krb_Ticket_Flags = -1;
342 static gint ett_krb_request = -1;
343 static gint ett_krb_recordmark = -1;
344 static gint ett_krb_ticket = -1;
345 static gint ett_krb_ticket_enc = -1;
346 static gint ett_krb_CRED = -1;
347 static gint ett_krb_PRIV = -1;
348 static gint ett_krb_PRIV_enc = -1;
349 static gint ett_krb_e_checksum = -1;
350 static gint ett_krb_PAC_MIDL_BLOB = -1;
351 static gint ett_krb_PAC_DREP = -1;
352 static gint ett_krb_PAC_UPN_DNS_INFO = -1;
354 static guint32 krb5_errorcode;
357 static dissector_handle_t krb4_handle=NULL;
359 static gboolean gbl_do_col_info;
363 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag)
365 kerberos_callbacks *cb=(kerberos_callbacks *)pinfo->private_data;
373 cb->callback(pinfo, tvb, tree);
385 /* Decrypt Kerberos blobs */
386 gboolean krb_decrypt = FALSE;
388 /* keytab filename */
389 static const char *keytab_filename = "insert filename here";
391 void read_keytab_file(const char *);
394 read_keytab_file_from_preferences(void)
396 static char *last_keytab = NULL;
402 if (keytab_filename == NULL) {
406 if (last_keytab && !strcmp(last_keytab, keytab_filename)) {
410 if (last_keytab != NULL) {
414 last_keytab = g_strdup(keytab_filename);
416 read_keytab_file(last_keytab);
419 #elif defined(_WIN32)
421 /* Dummy version to allow us to put this function in libwireshark.def--even
422 * on systems without KERBEROS.
425 read_keytab_file_from_preferences(void)
431 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
433 /* prevent redefinition warnings in kfw-2.5\inc\win_mac.h */
435 #undef HAVE_SYS_TYPES_H
438 enc_key_t *enc_key_list=NULL;
441 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
445 if(pinfo->fd->flags.visited){
448 printf("added key in %u keytype:%d len:%d\n",pinfo->fd->num, keytype, keylength);
450 new_key=g_malloc(sizeof(enc_key_t));
451 g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u",origin,pinfo->fd->num);
452 new_key->next=enc_key_list;
453 enc_key_list=new_key;
454 new_key->keytype=keytype;
455 new_key->keylength=keylength;
456 /*XXX this needs to be freed later */
457 new_key->keyvalue=g_memdup(keyvalue, keylength);
459 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
461 #if defined(_WIN32) && !defined(HAVE_HEIMDAL_KERBEROS) && !defined(HAVE_MIT_KERBEROS) && !defined(HAVE_LIBNETTLE)
463 read_keytab_file(const char *filename _U_)
468 #ifdef HAVE_MIT_KERBEROS
470 static krb5_context krb5_ctx;
473 read_keytab_file(const char *filename)
477 krb5_keytab_entry key;
478 krb5_kt_cursor cursor;
480 static gboolean first_time=TRUE;
482 printf("read keytab file %s\n", filename);
485 ret = krb5_init_context(&krb5_ctx);
486 if(ret && ret != KRB5_CONFIG_CANTOPEN){
491 /* should use a file in the wireshark users dir */
492 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
494 fprintf(stderr, "KERBEROS ERROR: Badly formatted keytab filename :%s\n",filename);
499 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
501 fprintf(stderr, "KERBEROS ERROR: Could not open or could not read from keytab file :%s\n",filename);
506 new_key=g_malloc(sizeof(enc_key_t));
507 new_key->next=enc_key_list;
508 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
513 /* generate origin string, describing where this key came from */
514 pos=new_key->key_origin;
515 pos+=MIN(KRB_MAX_ORIG_LEN,
516 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
517 for(i=0;i<key.principal->length;i++){
518 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
519 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data));
521 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
522 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data));
524 /*printf("added key for principal :%s\n", new_key->key_origin);*/
525 new_key->keytype=key.key.enctype;
526 new_key->keylength=key.key.length;
527 new_key->keyvalue=g_memdup(key.key.contents, key.key.length);
528 enc_key_list=new_key;
532 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
534 krb5_kt_close(krb5_ctx, keytab);
541 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
549 krb5_data data = {0,0,NULL};
550 krb5_keytab_entry key;
551 int length = tvb_length(cryptotvb);
552 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
554 /* don't do anything if we are not attempting to decrypt data */
555 if(!krb_decrypt || length < 1){
559 /* make sure we have all the data we need */
560 if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
564 read_keytab_file_from_preferences();
565 data.data = g_malloc(length);
566 data.length = length;
568 for(ek=enc_key_list;ek;ek=ek->next){
571 /* shortcircuit and bail out if enctypes are not matching */
572 if((keytype != -1) && (ek->keytype != keytype)) {
576 input.enctype = ek->keytype;
577 input.ciphertext.length = length;
578 input.ciphertext.data = (guint8 *)cryptotext;
580 key.key.enctype=ek->keytype;
581 key.key.length=ek->keylength;
582 key.key.contents=ek->keyvalue;
583 ret = krb5_c_decrypt(krb5_ctx, &(key.key), usage, 0, &input, &data);
587 expert_add_info_format(pinfo, NULL, PI_SECURITY, PI_CHAT,
588 "Decrypted keytype %d in frame %u using %s",
589 ek->keytype, pinfo->fd->num, ek->key_origin);
591 proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
592 /* return a private g_malloced blob to the caller */
595 *datalen = data.length;
605 #elif defined(HAVE_HEIMDAL_KERBEROS)
606 static krb5_context krb5_ctx;
609 read_keytab_file(const char *filename)
613 krb5_keytab_entry key;
614 krb5_kt_cursor cursor;
616 static gboolean first_time=TRUE;
620 ret = krb5_init_context(&krb5_ctx);
626 /* should use a file in the wireshark users dir */
627 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
629 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
634 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
636 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
641 new_key=g_malloc(sizeof(enc_key_t));
642 new_key->next=enc_key_list;
643 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
648 /* generate origin string, describing where this key came from */
649 pos=new_key->key_origin;
650 pos+=MIN(KRB_MAX_ORIG_LEN,
651 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
652 for(i=0;i<key.principal->name.name_string.len;i++){
653 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
654 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]));
656 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
657 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm));
659 new_key->keytype=key.keyblock.keytype;
660 new_key->keylength=key.keyblock.keyvalue.length;
661 new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length);
662 enc_key_list=new_key;
666 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
668 krb5_kt_close(krb5_ctx, keytab);
675 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
684 int length = tvb_length(cryptotvb);
685 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
687 /* don't do anything if we are not attempting to decrypt data */
692 /* make sure we have all the data we need */
693 if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
697 read_keytab_file_from_preferences();
699 for(ek=enc_key_list;ek;ek=ek->next){
700 krb5_keytab_entry key;
702 guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
704 /* shortcircuit and bail out if enctypes are not matching */
705 if((keytype != -1) && (ek->keytype != keytype)) {
709 key.keyblock.keytype=ek->keytype;
710 key.keyblock.keyvalue.length=ek->keylength;
711 key.keyblock.keyvalue.data=ek->keyvalue;
712 ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), 0, &crypto);
717 /* pre-0.6.1 versions of Heimdal would sometimes change
718 the cryptotext data even when the decryption failed.
719 This would obviously not work since we iterate over the
720 keys. So just give it a copy of the crypto data instead.
721 This has been seen for RC4-HMAC blobs.
723 cryptocopy=g_memdup(cryptotext, length);
724 ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage,
729 if((ret == 0) && (length>0)){
732 printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num);
733 proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
734 krb5_crypto_destroy(krb5_ctx, crypto);
735 /* return a private g_malloced blob to the caller */
736 user_data=g_memdup(data.data, data.length);
738 *datalen = data.length;
742 krb5_crypto_destroy(krb5_ctx, crypto);
747 #elif defined (HAVE_LIBNETTLE)
749 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
750 #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */
752 typedef struct _service_key_t {
757 char origin[KRB_MAX_ORIG_LEN+1];
759 GSList *service_key_list = NULL;
763 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
765 service_key_t *new_key;
767 if(pinfo->fd->flags.visited){
770 printf("added key in %u\n",pinfo->fd->num);
772 new_key = g_malloc(sizeof(service_key_t));
774 new_key->keytype = keytype;
775 new_key->length = keylength;
776 new_key->contents = g_memdup(keyvalue, keylength);
777 g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->fd->num);
778 service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
786 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
787 sk = (service_key_t *) ske->data;
789 g_free(sk->contents);
793 g_slist_free(service_key_list);
794 service_key_list = NULL;
798 read_keytab_file(const char *service_key_file)
803 unsigned char buf[SERVICE_KEY_SIZE];
804 int newline_skip = 0, count = 0;
806 if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) {
808 /* The service key file contains raw 192-bit (24 byte) 3DES keys.
809 * There can be zero, one (\n), or two (\r\n) characters between
810 * keys. Trailing characters are ignored.
813 /* XXX We should support the standard keytab format instead */
814 if (st.st_size > SERVICE_KEY_SIZE) {
815 if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) ||
816 (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) {
818 } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) ||
819 (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) {
824 skf = ws_fopen(service_key_file, "rb");
827 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
828 sk = g_malloc(sizeof(service_key_t));
829 sk->kvno = buf[0] << 8 | buf[1];
830 sk->keytype = KEYTYPE_DES3_CBC_MD5;
831 sk->length = DES3_KEY_SIZE;
832 sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
833 g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
834 service_key_list = g_slist_append(service_key_list, (gpointer) sk);
835 fseek(skf, newline_skip, SEEK_CUR);
837 g_warning("added key: %s", sk->origin);
843 #define CONFOUNDER_PLUS_CHECKSUM 24
846 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
853 guint8 *decrypted_data = NULL, *plaintext = NULL;
857 guint32 tag, item_len, data_len;
858 int id_offset, offset;
859 guint8 key[DES3_KEY_SIZE];
860 guint8 initial_vector[DES_BLOCK_SIZE];
862 md5_byte_t digest[16];
863 md5_byte_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
864 md5_byte_t confounder[8];
869 int length = tvb_length(cryptotvb);
870 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
873 /* don't do anything if we are not attempting to decrypt data */
878 /* make sure we have all the data we need */
879 if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
883 if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
887 decrypted_data = g_malloc(length);
888 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
889 gboolean do_continue = FALSE;
890 sk = (service_key_t *) ske->data;
892 des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
895 memset(initial_vector, 0, DES_BLOCK_SIZE);
896 res = des3_set_key(&ctx, key);
897 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
898 length, decrypted_data, cryptotext);
899 encr_tvb = tvb_new_real_data(decrypted_data, length, length);
901 tvb_memcpy(encr_tvb, confounder, 0, 8);
903 /* We have to pull the decrypted data length from the decrypted
904 * content. If the key doesn't match or we otherwise get garbage,
905 * an exception may get thrown while decoding the ASN.1 header.
906 * Catch it, just in case.
909 id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
910 offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind);
912 CATCH (BoundsError) {
918 if (do_continue) continue;
920 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM;
921 if ((int) item_len + offset > length) {
926 md5_append(&md5s, confounder, 8);
927 md5_append(&md5s, zero_fill, 16);
928 md5_append(&md5s, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
929 md5_finish(&md5s, digest);
931 if (tvb_memeql (encr_tvb, 8, digest, 16) == 0) {
932 g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
933 plaintext = g_malloc(data_len);
934 tvb_memcpy(encr_tvb, plaintext, CONFOUNDER_PLUS_CHECKSUM, data_len);
940 g_free(decrypted_data);
946 g_free(decrypted_data);
951 #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
953 #define INET6_ADDRLEN 16
955 /* TCP Record Mark */
956 #define KRB_RM_RESERVED 0x80000000L
957 #define KRB_RM_RECLEN 0x7fffffffL
959 #define KRB5_MSG_TICKET 1 /* Ticket */
960 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
961 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
962 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
963 #define KRB5_MSG_AS_REP 11 /* AS-REP type */
964 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
965 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
966 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
967 #define KRB5_MSG_AP_REP 15 /* AP-REP type */
969 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
970 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
971 #define KRB5_MSG_CRED 22 /* KRB-CRED type */
972 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
973 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
974 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
975 #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */
976 #define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */
977 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
979 /* address type constants */
980 #define KRB5_ADDR_IPv4 0x02
981 #define KRB5_ADDR_CHAOS 0x05
982 #define KRB5_ADDR_XEROX 0x06
983 #define KRB5_ADDR_ISO 0x07
984 #define KRB5_ADDR_DECNET 0x0c
985 #define KRB5_ADDR_APPLETALK 0x10
986 #define KRB5_ADDR_NETBIOS 0x14
987 #define KRB5_ADDR_IPv6 0x18
989 /* encryption type constants */
990 #define KRB5_ENCTYPE_NULL 0
991 #define KRB5_ENCTYPE_DES_CBC_CRC 1
992 #define KRB5_ENCTYPE_DES_CBC_MD4 2
993 #define KRB5_ENCTYPE_DES_CBC_MD5 3
994 #define KRB5_ENCTYPE_DES_CBC_RAW 4
995 #define KRB5_ENCTYPE_DES3_CBC_SHA 5
996 #define KRB5_ENCTYPE_DES3_CBC_RAW 6
997 #define KRB5_ENCTYPE_DES_HMAC_SHA1 8
998 #define KRB5_ENCTYPE_DSA_SHA1_CMS 9
999 #define KRB5_ENCTYPE_RSA_MD5_CMS 10
1000 #define KRB5_ENCTYPE_RSA_SHA1_CMS 11
1001 #define KRB5_ENCTYPE_RC2_CBC_ENV 12
1002 #define KRB5_ENCTYPE_RSA_ENV 13
1003 #define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
1004 #define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
1005 #define KRB5_ENCTYPE_DES3_CBC_SHA1 16
1006 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
1007 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
1008 #define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
1009 #define KERB_ENCTYPE_RC4_HMAC 23
1010 #define KERB_ENCTYPE_RC4_HMAC_EXP 24
1011 #define KRB5_ENCTYPE_UNKNOWN 0x1ff
1012 #define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
1013 #define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73
1014 #define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74
1015 #define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78
1016 #define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79
1017 #define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a
1018 #define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b
1019 #define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c
1020 #define KRB5_ENCTYPE_RC4_SHA 0xffffff7d
1021 #define KRB5_ENCTYPE_RC4_LM 0xffffff7e
1022 #define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f
1023 #define KRB5_ENCTYPE_RC4_MD4 0xffffff80
1025 /* checksum types */
1026 #define KRB5_CHKSUM_NONE 0
1027 #define KRB5_CHKSUM_CRC32 1
1028 #define KRB5_CHKSUM_MD4 2
1029 #define KRB5_CHKSUM_KRB_DES_MAC 4
1030 #define KRB5_CHKSUM_KRB_DES_MAC_K 5
1031 #define KRB5_CHKSUM_MD5 7
1032 #define KRB5_CHKSUM_MD5_DES 8
1033 /* the following four come from packetcable */
1034 #define KRB5_CHKSUM_MD5_DES3 9
1035 #define KRB5_CHKSUM_HMAC_SHA1_DES3_KD 12
1036 #define KRB5_CHKSUM_HMAC_SHA1_DES3 13
1037 #define KRB5_CHKSUM_SHA1_UNKEYED 14
1038 #define KRB5_CHKSUM_HMAC_MD5 0xffffff76
1039 #define KRB5_CHKSUM_MD5_HMAC 0xffffff77
1040 #define KRB5_CHKSUM_RC4_MD5 0xffffff78
1041 #define KRB5_CHKSUM_MD25 0xffffff79
1042 #define KRB5_CHKSUM_DES_MAC_MD5 0xffffff7a
1043 #define KRB5_CHKSUM_DES_MAC 0xffffff7b
1044 #define KRB5_CHKSUM_REAL_CRC32 0xffffff7c
1045 #define KRB5_CHKSUM_SHA1 0xffffff7d
1046 #define KRB5_CHKSUM_LM 0xffffff7e
1047 #define KRB5_CHKSUM_GSSAPI 0x8003
1050 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
1052 * http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-04.txt
1054 * unless it's expired.
1057 /* pre-authentication type constants */
1058 #define KRB5_PA_TGS_REQ 1
1059 #define KRB5_PA_ENC_TIMESTAMP 2
1060 #define KRB5_PA_PW_SALT 3
1061 #define KRB5_PA_ENC_ENCKEY 4
1062 #define KRB5_PA_ENC_UNIX_TIME 5
1063 #define KRB5_PA_ENC_SANDIA_SECURID 6
1064 #define KRB5_PA_SESAME 7
1065 #define KRB5_PA_OSF_DCE 8
1066 #define KRB5_PA_CYBERSAFE_SECUREID 9
1067 #define KRB5_PA_AFS3_SALT 10
1068 #define KRB5_PA_ENCTYPE_INFO 11
1069 #define KRB5_PA_SAM_CHALLENGE 12
1070 #define KRB5_PA_SAM_RESPONSE 13
1071 #define KRB5_PA_PK_AS_REQ 14
1072 #define KRB5_PA_PK_AS_REP 15
1073 #define KRB5_PA_DASS 16
1074 #define KRB5_PA_ENCTYPE_INFO2 19
1075 #define KRB5_PA_USE_SPECIFIED_KVNO 20
1076 #define KRB5_PA_SAM_REDIRECT 21
1077 #define KRB5_PA_GET_FROM_TYPED_DATA 22
1078 #define KRB5_PA_SAM_ETYPE_INFO 23
1079 #define KRB5_PA_ALT_PRINC 24
1080 #define KRB5_PA_SAM_CHALLENGE2 30
1081 #define KRB5_PA_SAM_RESPONSE2 31
1082 #define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
1083 #define KRB5_TD_KRB_PRINCIPAL 102
1084 #define KRB5_TD_KRB_REALM 103
1085 #define KRB5_TD_TRUSTED_CERTIFIERS 104
1086 #define KRB5_TD_CERTIFICATE_INDEX 105
1087 #define KRB5_TD_APP_DEFINED_ERROR 106
1088 #define KRB5_TD_REQ_NONCE 107
1089 #define KRB5_TD_REQ_SEQ 108
1091 /* preauthentication types >127 (i.e. negative ones) are app specific.
1092 however since Microsoft is the dominant(only?) user of types in this range
1093 we also treat the type as unsigned.
1095 #define KRB5_PA_PAC_REQUEST 128 /* (Microsoft extension) */
1096 #define KRB5_PA_FOR_USER 129 /* Impersonation (Microsoft extension) See [MS-SFU] */
1098 #define KRB5_PA_PROV_SRV_LOCATION 0xffffffff /* (gint32)0xFF) packetcable stuff */
1100 /* Principal name-type */
1101 #define KRB5_NT_UNKNOWN 0
1102 #define KRB5_NT_PRINCIPAL 1
1103 #define KRB5_NT_SRV_INST 2
1104 #define KRB5_NT_SRV_HST 3
1105 #define KRB5_NT_SRV_XHST 4
1106 #define KRB5_NT_UID 5
1107 #define KRB5_NT_X500_PRINCIPAL 6
1108 #define KRB5_NT_SMTP_NAME 7
1109 #define KRB5_NT_ENTERPRISE 10
1112 * MS specific name types, from
1114 * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
1116 #define KRB5_NT_MS_PRINCIPAL -128
1117 #define KRB5_NT_MS_PRINCIPAL_AND_SID -129
1118 #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130
1119 #define KRB5_NT_PRINCIPAL_AND_SID -131
1120 #define KRB5_NT_SRV_INST_AND_SID -132
1122 /* error table constants */
1123 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
1124 #define KRB5_ET_KRB5KDC_ERR_NONE 0
1125 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1
1126 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2
1127 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3
1128 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4
1129 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5
1130 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6
1131 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7
1132 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
1133 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9
1134 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10
1135 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11
1136 #define KRB5_ET_KRB5KDC_ERR_POLICY 12
1137 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13
1138 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14
1139 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15
1140 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16
1141 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17
1142 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18
1143 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19
1144 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20
1145 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21
1146 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22
1147 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23
1148 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
1149 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
1150 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
1151 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
1152 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
1153 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
1154 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
1155 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
1156 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
1157 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34
1158 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35
1159 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36
1160 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37
1161 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38
1162 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39
1163 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40
1164 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41
1165 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42
1166 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43
1167 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44
1168 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45
1169 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46
1170 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47
1171 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
1172 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
1173 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
1174 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
1175 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
1176 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60
1177 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
1178 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
1179 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
1180 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64
1181 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
1182 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
1183 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67
1184 #define KRB5_ET_KDC_ERR_WRONG_REALM 68
1185 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
1186 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
1187 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
1188 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
1189 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
1190 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
1191 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
1192 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
1194 static const value_string krb5_error_codes[] = {
1195 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
1196 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
1197 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
1198 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
1199 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
1200 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
1201 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
1202 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
1203 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
1204 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
1205 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
1206 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
1207 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
1208 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
1209 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
1210 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
1211 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
1212 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
1213 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
1214 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
1215 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
1216 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
1217 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
1218 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
1219 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
1220 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
1221 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
1222 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
1223 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
1224 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
1225 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
1226 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
1227 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
1228 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
1229 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
1230 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
1231 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
1232 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
1233 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
1234 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
1235 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
1236 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
1237 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
1238 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
1239 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
1240 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
1241 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
1242 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
1243 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
1244 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
1245 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
1246 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
1247 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
1248 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
1249 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
1250 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
1251 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
1252 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
1253 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
1254 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
1255 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
1256 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
1257 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
1258 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
1259 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
1260 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
1261 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
1262 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
1263 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
1268 #define PAC_LOGON_INFO 1
1269 #define PAC_CREDENTIAL_TYPE 2
1270 #define PAC_SERVER_CHECKSUM 6
1271 #define PAC_PRIVSVR_CHECKSUM 7
1272 #define PAC_CLIENT_INFO_TYPE 10
1273 #define PAC_S4U_DELEGATION_INFO 11
1274 #define PAC_UPN_DNS_INFO 12
1276 static const value_string w2k_pac_types[] = {
1277 { PAC_LOGON_INFO , "Logon Info" },
1278 { PAC_CREDENTIAL_TYPE , "Credential Type" },
1279 { PAC_SERVER_CHECKSUM , "Server Checksum" },
1280 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
1281 { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
1282 { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" },
1283 { PAC_UPN_DNS_INFO , "UPN DNS Info" },
1289 static const value_string krb5_princ_types[] = {
1290 { KRB5_NT_UNKNOWN , "Unknown" },
1291 { KRB5_NT_PRINCIPAL , "Principal" },
1292 { KRB5_NT_SRV_INST , "Service and Instance" },
1293 { KRB5_NT_SRV_HST , "Service and Host" },
1294 { KRB5_NT_SRV_XHST , "Service and Host Components" },
1295 { KRB5_NT_UID , "Unique ID" },
1296 { KRB5_NT_X500_PRINCIPAL , "Encoded X.509 Distinguished Name" },
1297 { KRB5_NT_SMTP_NAME , "SMTP Name" },
1298 { KRB5_NT_ENTERPRISE , "Enterprise Name" },
1299 { KRB5_NT_MS_PRINCIPAL , "NT 4.0 style name (MS specific)" },
1300 { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
1301 { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
1302 { KRB5_NT_PRINCIPAL_AND_SID , "Principal name and SID (MS specific)"},
1303 { KRB5_NT_SRV_INST_AND_SID , "SPN and SID (MS specific)"},
1307 static const value_string krb5_preauthentication_types[] = {
1308 { KRB5_PA_TGS_REQ , "PA-TGS-REQ" },
1309 { KRB5_PA_ENC_TIMESTAMP , "PA-ENC-TIMESTAMP" },
1310 { KRB5_PA_PW_SALT , "PA-PW-SALT" },
1311 { KRB5_PA_ENC_ENCKEY , "PA-ENC-ENCKEY" },
1312 { KRB5_PA_ENC_UNIX_TIME , "PA-ENC-UNIX-TIME" },
1313 { KRB5_PA_ENC_SANDIA_SECURID , "PA-PW-SALT" },
1314 { KRB5_PA_SESAME , "PA-SESAME" },
1315 { KRB5_PA_OSF_DCE , "PA-OSF-DCE" },
1316 { KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
1317 { KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
1318 { KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
1319 { KRB5_PA_ENCTYPE_INFO2 , "PA-ENCTYPE-INFO2" },
1320 { KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
1321 { KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
1322 { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
1323 { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" },
1324 { KRB5_PA_DASS , "PA-DASS" },
1325 { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" },
1326 { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" },
1327 { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" },
1328 { KRB5_PA_SAM_ETYPE_INFO , "PA-SAM-ETYPE-INFO" },
1329 { KRB5_PA_ALT_PRINC , "PA-ALT-PRINC" },
1330 { KRB5_PA_SAM_CHALLENGE2 , "PA-SAM-CHALLENGE2" },
1331 { KRB5_PA_SAM_RESPONSE2 , "PA-SAM-RESPONSE2" },
1332 { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
1333 { KRB5_TD_KRB_PRINCIPAL , "TD-KRB-PRINCIPAL" },
1334 { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
1335 { KRB5_TD_TRUSTED_CERTIFIERS , "TD-TRUSTED-CERTIFIERS" },
1336 { KRB5_TD_CERTIFICATE_INDEX , "TD-CERTIFICATE-INDEX" },
1337 { KRB5_TD_APP_DEFINED_ERROR , "TD-APP-DEFINED-ERROR" },
1338 { KRB5_TD_REQ_NONCE , "TD-REQ-NONCE" },
1339 { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" },
1340 { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" },
1341 { KRB5_PA_FOR_USER , "PA-FOR-USER" },
1342 { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" },
1346 static const value_string krb5_encryption_types[] = {
1347 { KRB5_ENCTYPE_NULL , "NULL" },
1348 { KRB5_ENCTYPE_DES_CBC_CRC , "des-cbc-crc" },
1349 { KRB5_ENCTYPE_DES_CBC_MD4 , "des-cbc-md4" },
1350 { KRB5_ENCTYPE_DES_CBC_MD5 , "des-cbc-md5" },
1351 { KRB5_ENCTYPE_DES_CBC_RAW , "des-cbc-raw" },
1352 { KRB5_ENCTYPE_DES3_CBC_SHA , "des3-cbc-sha" },
1353 { KRB5_ENCTYPE_DES3_CBC_RAW , "des3-cbc-raw" },
1354 { KRB5_ENCTYPE_DES_HMAC_SHA1 , "des-hmac-sha1" },
1355 { KRB5_ENCTYPE_DSA_SHA1_CMS , "dsa-sha1-cms" },
1356 { KRB5_ENCTYPE_RSA_MD5_CMS , "rsa-md5-cms" },
1357 { KRB5_ENCTYPE_RSA_SHA1_CMS , "rsa-sha1-cms" },
1358 { KRB5_ENCTYPE_RC2_CBC_ENV , "rc2-cbc-env" },
1359 { KRB5_ENCTYPE_RSA_ENV , "rsa-env" },
1360 { KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
1361 { KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
1362 { KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
1363 { KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 , "aes128-cts-hmac-sha1-96" },
1364 { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 , "aes256-cts-hmac-sha1-96" },
1365 { KRB5_ENCTYPE_DES_CBC_MD5_NT , "des-cbc-md5-nt" },
1366 { KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
1367 { KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
1368 { KRB5_ENCTYPE_UNKNOWN , "unknown" },
1369 { KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 , "local-des3-hmac-sha1" },
1370 { KRB5_ENCTYPE_RC4_PLAIN_EXP , "rc4-plain-exp" },
1371 { KRB5_ENCTYPE_RC4_PLAIN , "rc4-plain" },
1372 { KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP, "rc4-plain-old-exp" },
1373 { KRB5_ENCTYPE_RC4_HMAC_OLD_EXP, "rc4-hmac-old-exp" },
1374 { KRB5_ENCTYPE_RC4_PLAIN_OLD , "rc4-plain-old" },
1375 { KRB5_ENCTYPE_RC4_HMAC_OLD , "rc4-hmac-old" },
1376 { KRB5_ENCTYPE_DES_PLAIN , "des-plain" },
1377 { KRB5_ENCTYPE_RC4_SHA , "rc4-sha" },
1378 { KRB5_ENCTYPE_RC4_LM , "rc4-lm" },
1379 { KRB5_ENCTYPE_RC4_PLAIN2 , "rc4-plain2" },
1380 { KRB5_ENCTYPE_RC4_MD4 , "rc4-md4" },
1384 static const value_string krb5_checksum_types[] = {
1385 { KRB5_CHKSUM_NONE , "none" },
1386 { KRB5_CHKSUM_CRC32 , "crc32" },
1387 { KRB5_CHKSUM_MD4 , "md4" },
1388 { KRB5_CHKSUM_KRB_DES_MAC , "krb-des-mac" },
1389 { KRB5_CHKSUM_KRB_DES_MAC_K , "krb-des-mac-k" },
1390 { KRB5_CHKSUM_MD5 , "md5" },
1391 { KRB5_CHKSUM_MD5_DES , "md5-des" },
1392 { KRB5_CHKSUM_MD5_DES3 , "md5-des3" },
1393 { KRB5_CHKSUM_HMAC_SHA1_DES3_KD, "hmac-sha1-des3-kd" },
1394 { KRB5_CHKSUM_HMAC_SHA1_DES3 , "hmac-sha1-des3" },
1395 { KRB5_CHKSUM_SHA1_UNKEYED , "sha1 (unkeyed)" },
1396 { KRB5_CHKSUM_HMAC_MD5 , "hmac-md5" },
1397 { KRB5_CHKSUM_MD5_HMAC , "md5-hmac" },
1398 { KRB5_CHKSUM_RC4_MD5 , "rc5-md5" },
1399 { KRB5_CHKSUM_MD25 , "md25" },
1400 { KRB5_CHKSUM_DES_MAC_MD5 , "des-mac-md5" },
1401 { KRB5_CHKSUM_DES_MAC , "des-mac" },
1402 { KRB5_CHKSUM_REAL_CRC32 , "real-crc32" },
1403 { KRB5_CHKSUM_SHA1 , "sha1" },
1404 { KRB5_CHKSUM_LM , "lm" },
1405 { KRB5_CHKSUM_GSSAPI , "gssapi-8003" },
1409 #define KRB5_AD_IF_RELEVANT 1
1410 #define KRB5_AD_INTENDED_FOR_SERVER 2
1411 #define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS 3
1412 #define KRB5_AD_KDC_ISSUED 4
1413 #define KRB5_AD_OR 5
1414 #define KRB5_AD_MANDATORY_TICKET_EXTENSIONS 6
1415 #define KRB5_AD_IN_TICKET_EXTENSIONS 7
1416 #define KRB5_AD_MANDATORY_FOR_KDC 8
1417 #define KRB5_AD_OSF_DCE 64
1418 #define KRB5_AD_SESAME 65
1419 #define KRB5_AD_OSF_DCE_PKI_CERTID 66
1420 #define KRB5_AD_WIN2K_PAC 128
1421 #define KRB5_AD_SIGNTICKET 0xffffffef
1423 static const value_string krb5_ad_types[] = {
1424 { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" },
1425 { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" },
1426 { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS , "AD-Intended-For-Application-Class" },
1427 { KRB5_AD_KDC_ISSUED , "AD-KDCIssued" },
1428 { KRB5_AD_OR , "AD-AND-OR" },
1429 { KRB5_AD_MANDATORY_TICKET_EXTENSIONS , "AD-Mandatory-Ticket-Extensions" },
1430 { KRB5_AD_IN_TICKET_EXTENSIONS , "AD-IN-Ticket-Extensions" },
1431 { KRB5_AD_MANDATORY_FOR_KDC , "AD-MANDATORY-FOR-KDC" },
1432 { KRB5_AD_OSF_DCE , "AD-OSF-DCE" },
1433 { KRB5_AD_SESAME , "AD-SESAME" },
1434 { KRB5_AD_OSF_DCE_PKI_CERTID , "AD-OSF-DCE-PKI-CertID" },
1435 { KRB5_AD_WIN2K_PAC , "AD-Win2k-PAC" },
1436 { KRB5_AD_SIGNTICKET , "AD-SignTicket" },
1440 static const value_string krb5_transited_types[] = {
1441 { 1 , "DOMAIN-X500-COMPRESS" },
1445 static const value_string krb5_address_types[] = {
1446 { KRB5_ADDR_IPv4, "IPv4"},
1447 { KRB5_ADDR_CHAOS, "CHAOS"},
1448 { KRB5_ADDR_XEROX, "XEROX"},
1449 { KRB5_ADDR_ISO, "ISO"},
1450 { KRB5_ADDR_DECNET, "DECNET"},
1451 { KRB5_ADDR_APPLETALK, "APPLETALK"},
1452 { KRB5_ADDR_NETBIOS, "NETBIOS"},
1453 { KRB5_ADDR_IPv6, "IPv6"},
1457 static const value_string krb5_msg_types[] = {
1458 { KRB5_MSG_TICKET, "Ticket" },
1459 { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
1460 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
1461 { KRB5_MSG_TGS_REQ, "TGS-REQ" },
1462 { KRB5_MSG_TGS_REP, "TGS-REP" },
1463 { KRB5_MSG_AS_REQ, "AS-REQ" },
1464 { KRB5_MSG_AS_REP, "AS-REP" },
1465 { KRB5_MSG_AP_REQ, "AP-REQ" },
1466 { KRB5_MSG_AP_REP, "AP-REP" },
1467 { KRB5_MSG_SAFE, "KRB-SAFE" },
1468 { KRB5_MSG_PRIV, "KRB-PRIV" },
1469 { KRB5_MSG_CRED, "KRB-CRED" },
1470 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
1471 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
1472 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
1473 { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" },
1474 { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" },
1475 { KRB5_MSG_ERROR, "KRB-ERROR" },
1482 static int dissect_krb5_application_choice(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1483 static int dissect_krb5_Application_1(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1484 static int dissect_krb5_Authenticator(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1485 static int dissect_krb5_EncTicketPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1486 static int dissect_krb5_EncAPRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1487 static int dissect_krb5_EncKrbPrivPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1488 static int dissect_krb5_EncKrbCredPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1489 static int dissect_krb5_EncKDCRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1490 static int dissect_krb5_KDC_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1491 static int dissect_krb5_KDC_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1492 static int dissect_krb5_AP_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1493 static int dissect_krb5_AP_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1494 static int dissect_krb5_SAFE(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1495 static int dissect_krb5_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1496 static int dissect_krb5_CRED(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1497 static int dissect_krb5_ERROR(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1499 static const ber_old_choice_t kerberos_applications_choice[] = {
1500 { KRB5_MSG_TICKET, BER_CLASS_APP, KRB5_MSG_TICKET, 0, dissect_krb5_Application_1 },
1501 { KRB5_MSG_AUTHENTICATOR, BER_CLASS_APP, KRB5_MSG_AUTHENTICATOR, 0, dissect_krb5_Authenticator },
1502 { KRB5_MSG_ENC_TICKET_PART, BER_CLASS_APP, KRB5_MSG_ENC_TICKET_PART, 0, dissect_krb5_EncTicketPart },
1503 { KRB5_MSG_AS_REQ, BER_CLASS_APP, KRB5_MSG_AS_REQ, 0, dissect_krb5_KDC_REQ },
1504 { KRB5_MSG_AS_REP, BER_CLASS_APP, KRB5_MSG_AS_REP, 0, dissect_krb5_KDC_REP },
1505 { KRB5_MSG_TGS_REQ, BER_CLASS_APP, KRB5_MSG_TGS_REQ, 0, dissect_krb5_KDC_REQ },
1506 { KRB5_MSG_TGS_REP, BER_CLASS_APP, KRB5_MSG_TGS_REP, 0, dissect_krb5_KDC_REP },
1507 { KRB5_MSG_AP_REQ, BER_CLASS_APP, KRB5_MSG_AP_REQ, 0, dissect_krb5_AP_REQ },
1508 { KRB5_MSG_AP_REP, BER_CLASS_APP, KRB5_MSG_AP_REP, 0, dissect_krb5_AP_REP },
1509 { KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
1510 { KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
1511 { KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart },
1512 { KRB5_MSG_ENC_KRB_PRIV_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_PRIV_PART, 0, dissect_krb5_EncKrbPrivPart },
1513 { KRB5_MSG_ENC_KRB_CRED_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_CRED_PART, 0, dissect_krb5_EncKrbCredPart },
1514 { KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE },
1515 { KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV },
1516 { KRB5_MSG_CRED, BER_CLASS_APP, KRB5_MSG_CRED, 0, dissect_krb5_CRED },
1517 { KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR },
1518 { 0, 0, 0, 0, NULL }
1523 dissect_krb5_application_choice(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1525 offset=dissect_ber_old_choice(actx, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
1529 static const true_false_string krb5_apoptions_reserved = {
1533 static const true_false_string krb5_apoptions_use_session_key = {
1534 "USE SESSION KEY to encrypt the ticket",
1535 "Do NOT use the session key to encrypt the ticket"
1537 static const true_false_string krb5_apoptions_mutual_required = {
1538 "MUTUAL authentication is REQUIRED",
1539 "Mutual authentication is NOT required"
1542 static int *APOptions_bits[] = {
1543 &hf_krb_APOptions_reserved,
1544 &hf_krb_APOptions_use_session_key,
1545 &hf_krb_APOptions_mutual_required,
1549 dissect_krb5_APOptions(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1551 offset=dissect_ber_bitstring32(FALSE, actx, tree, tvb, offset, APOptions_bits, hf_krb_APOptions, ett_krb_AP_Options, NULL);
1557 static const true_false_string krb5_kdcoptions_forwardable = {
1558 "FORWARDABLE tickets are allowed/requested",
1559 "Do NOT use forwardable tickets"
1561 static const true_false_string krb5_kdcoptions_forwarded = {
1562 "This ticket has been FORWARDED",
1563 "This is NOT a forwarded ticket"
1565 static const true_false_string krb5_kdcoptions_proxiable = {
1566 "PROXIABLE tickets are allowed/requested",
1567 "Do NOT use proxiable tickets"
1569 static const true_false_string krb5_kdcoptions_proxy = {
1570 "This is a PROXY ticket",
1571 "This ticket has NOT been proxied"
1573 static const true_false_string krb5_kdcoptions_allow_postdate = {
1574 "We allow the ticket to be POSTDATED",
1575 "We do NOT allow the ticket to be postdated"
1577 static const true_false_string krb5_kdcoptions_postdated = {
1578 "This ticket is POSTDATED",
1579 "This ticket is NOT postdated"
1581 static const true_false_string krb5_kdcoptions_renewable = {
1582 "This ticket is RENEWABLE",
1583 "This ticket is NOT renewable"
1585 static const true_false_string krb5_kdcoptions_constrained_delegation = {
1586 "This is a request for a CONSTRAINED DELEGATION PAC",
1587 "This is a normal request (no constrained delegation)"
1589 static const true_false_string krb5_kdcoptions_canonicalize = {
1590 "This is a request for a CANONICALIZED ticket",
1591 "This is NOT a canonicalized ticket request"
1593 static const true_false_string krb5_kdcoptions_disable_transited_check = {
1594 "Transited checking is DISABLED",
1595 "Transited checking is NOT disabled"
1597 static const true_false_string krb5_kdcoptions_renewable_ok = {
1598 "We accept RENEWED tickets",
1599 "We do NOT accept renewed tickets"
1601 static const true_false_string krb5_kdcoptions_enc_tkt_in_skey = {
1602 "ENCrypt TKT in SKEY",
1603 "Do NOT encrypt the tkt inside the skey"
1605 static const true_false_string krb5_kdcoptions_renew = {
1606 "This is a request to RENEW a ticket",
1607 "This is NOT a request to renew a ticket"
1609 static const true_false_string krb5_kdcoptions_validate = {
1610 "This is a request to VALIDATE a postdated ticket",
1611 "This is NOT a request to validate a postdated ticket"
1614 static int* KDCOptions_bits[] = {
1615 &hf_krb_KDCOptions_forwardable,
1616 &hf_krb_KDCOptions_forwarded,
1617 &hf_krb_KDCOptions_proxiable,
1618 &hf_krb_KDCOptions_proxy,
1619 &hf_krb_KDCOptions_allow_postdate,
1620 &hf_krb_KDCOptions_postdated,
1621 &hf_krb_KDCOptions_renewable,
1622 &hf_krb_KDCOptions_opt_hardware_auth,
1623 &hf_krb_KDCOptions_constrained_delegation,
1624 &hf_krb_KDCOptions_canonicalize,
1625 &hf_krb_KDCOptions_disable_transited_check,
1626 &hf_krb_KDCOptions_renewable_ok,
1627 &hf_krb_KDCOptions_enc_tkt_in_skey,
1628 &hf_krb_KDCOptions_renew,
1629 &hf_krb_KDCOptions_validate,
1634 dissect_krb5_KDCOptions(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1636 offset=dissect_ber_bitstring32(FALSE, actx, tree, tvb, offset, KDCOptions_bits, hf_krb_KDCOptions, ett_krb_KDC_Options, NULL);
1641 dissect_krb5_rtime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1643 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_rtime);
1648 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1650 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_ctime);
1654 dissect_krb5_cusec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1656 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_cusec, NULL);
1661 dissect_krb5_stime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1663 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_stime);
1667 dissect_krb5_susec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1669 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_susec, NULL);
1675 dissect_krb5_error_code(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1677 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
1678 if(krb5_errorcode && check_col(actx->pinfo->cinfo, COL_INFO)) {
1679 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
1681 val_to_str(krb5_errorcode, krb5_error_codes,
1682 "Unknown error code %#x"));
1690 dissect_krb5_till(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1692 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_till);
1696 dissect_krb5_from(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1698 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_from);
1705 dissect_krb5_nonce(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1707 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_nonce, NULL);
1713 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
1716 dissect_krb5_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1720 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &etype);
1722 proto_item_append_text(tree, " %s",
1723 val_to_str(etype, krb5_encryption_types,
1728 static ber_old_sequence_t etype_sequence_of[1] = {
1729 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_krb5_etype },
1732 dissect_krb5_etype_sequence_of(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1734 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, etype_sequence_of, hf_krb_etypes, ett_krb_etypes);
1738 static guint32 authenticator_etype;
1740 dissect_krb5_authenticator_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1742 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
1744 proto_item_append_text(tree, " %s",
1745 val_to_str(authenticator_etype, krb5_encryption_types,
1750 static guint32 Ticket_etype;
1752 dissect_krb5_Ticket_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1754 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
1756 proto_item_append_text(tree, " %s",
1757 val_to_str(Ticket_etype, krb5_encryption_types,
1762 static guint32 AP_REP_etype;
1764 dissect_krb5_AP_REP_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1766 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
1768 proto_item_append_text(tree, " %s",
1769 val_to_str(AP_REP_etype, krb5_encryption_types,
1774 static guint32 PA_ENC_TIMESTAMP_etype;
1776 dissect_krb5_PA_ENC_TIMESTAMP_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1778 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
1780 proto_item_append_text(tree, " %s",
1781 val_to_str(PA_ENC_TIMESTAMP_etype, krb5_encryption_types,
1789 * HostAddress ::= SEQUENCE {
1790 * addr-type[0] INTEGER,
1791 * address[1] OCTET STRING
1794 static guint32 addr_type;
1795 static int dissect_krb5_addr_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1797 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_addr_type, &addr_type);
1801 #define ADDRESS_STR_BUFSIZ 256
1802 static int dissect_krb5_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1809 proto_item *it=NULL;
1811 /* read header and len for the octet string */
1812 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
1813 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
1815 address_str=ep_alloc(ADDRESS_STR_BUFSIZ);
1816 address_str[0]='\0';
1818 case KRB5_ADDR_IPv4:
1819 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
1820 g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
1822 case KRB5_ADDR_NETBIOS:
1824 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
1825 int netbios_name_type;
1826 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
1828 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
1829 g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
1830 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
1833 case KRB5_ADDR_IPv6:
1834 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
1835 g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", tvb_ip6_to_str(tvb, offset));
1838 proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I don't know how to parse this type of address yet");
1842 /* push it up two levels in the decode pane */
1844 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
1845 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
1851 static ber_old_sequence_t HostAddress_sequence[] = {
1852 { BER_CLASS_CON, 0, 0, dissect_krb5_addr_type },
1853 { BER_CLASS_CON, 1, 0, dissect_krb5_address },
1857 dissect_krb5_HostAddress(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1860 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, HostAddress_sequence, hf_krb_HostAddress, ett_krb_HostAddress);
1865 dissect_krb5_s_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1868 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, HostAddress_sequence, hf_krb_s_address, ett_krb_s_address);
1874 dissect_krb5_r_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1877 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, HostAddress_sequence, hf_krb_r_address, ett_krb_r_address);
1883 * HostAddresses ::= SEQUENCE OF SEQUENCE {
1884 * addr-type[0] INTEGER,
1885 * address[1] OCTET STRING
1889 static ber_old_sequence_t HostAddresses_sequence_of[1] = {
1890 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_HostAddress },
1893 dissect_krb5_HostAddresses(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1895 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, HostAddresses_sequence_of, hf_krb_HostAddresses, ett_krb_HostAddresses);
1901 /* sequence of tickets */
1902 static ber_old_sequence_t sequence_of_tickets[1] = {
1903 { BER_CLASS_APP, 1, 0, dissect_krb5_Application_1},
1906 dissect_krb5_sq_tickets(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1908 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, sequence_of_tickets, hf_krb_sq_tickets, ett_krb_sq_tickets);
1914 dissect_krb5_msg_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1918 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_msg_type, &msgtype);
1920 if (gbl_do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) {
1921 col_add_str(actx->pinfo->cinfo, COL_INFO,
1922 val_to_str(msgtype, krb5_msg_types,
1923 "Unknown msg type %#x"));
1925 gbl_do_col_info=FALSE;
1927 /* append the application type to the subtree */
1928 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
1936 dissect_krb5_pvno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1938 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_pvno, NULL);
1945 * PrincipalName ::= SEQUENCE {
1946 * name-type[0] INTEGER,
1947 * name-string[1] SEQUENCE OF GeneralString
1950 static guint32 name_type;
1952 dissect_krb5_name_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1954 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_name_type, &name_type);
1956 proto_item_append_text(tree, " (%s):",
1957 val_to_str(name_type, krb5_princ_types,
1962 static char name_string_separator;
1964 dissect_krb5_name_string(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1966 char name_string[256];
1968 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_name_string, name_string, 255);
1970 proto_item_append_text(tree, "%c%s", name_string_separator, name_string);
1971 name_string_separator='/';
1976 static ber_old_sequence_t name_stringe_sequence_of[1] = {
1977 { BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_krb5_name_string },
1980 dissect_krb5_name_strings(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1982 name_string_separator=' ';
1983 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, name_stringe_sequence_of, -1, -1);
1987 static ber_old_sequence_t PrincipalName_sequence[] = {
1988 { BER_CLASS_CON, 0, 0, dissect_krb5_name_type },
1989 { BER_CLASS_CON, 1, 0, dissect_krb5_name_strings },
1993 dissect_krb5_sname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1996 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PrincipalName_sequence, hf_krb_sname, ett_krb_sname);
2001 dissect_krb5_pname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2004 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PrincipalName_sequence, hf_krb_pname, ett_krb_pname);
2009 dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2012 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PrincipalName_sequence, hf_krb_cname, ett_krb_cname);
2019 dissect_krb5_prealm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2021 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_prealm, NULL, 0);
2026 dissect_krb5_srealm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2028 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_srealm, NULL, 0);
2033 dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2035 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_realm, NULL, 0);
2040 dissect_krb5_crealm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2042 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_crealm, NULL, 0);
2049 dissect_krb5_PA_PAC_REQUEST_flag(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2051 offset=dissect_ber_boolean(FALSE, actx, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag, NULL);
2056 static ber_old_sequence_t PA_PAC_REQUEST_sequence[] = {
2057 { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PAC_REQUEST_flag },
2061 dissect_krb5_PA_PAC_REQUEST(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2064 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_PAC_REQUEST_sequence, -1, -1);
2070 dissect_krb5_s4u2self_auth(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2072 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_s4u2self_auth, NULL, 0);
2076 static ber_old_sequence_t PA_FOR_USER_sequence[] = {
2077 { BER_CLASS_CON, 0, 0, dissect_krb5_cname },
2078 { BER_CLASS_CON, 1, 0, dissect_krb5_realm },
2079 { BER_CLASS_CON, 2, 0, dissect_krb5_Checksum },
2080 { BER_CLASS_CON, 3, 0, dissect_krb5_s4u2self_auth },
2085 dissect_krb5_PA_FOR_USER(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2087 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_FOR_USER_sequence, -1, -1);
2093 dissect_krb5_PA_PROV_SRV_LOCATION(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2095 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
2103 dissect_krb5_kvno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2105 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_kvno, NULL);
2113 dissect_krb5_seq_number(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2115 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_seq_number, NULL);
2123 dissect_krb5_patimestamp(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2125 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_patimestamp);
2128 #ifdef HAVE_KERBEROS
2130 dissect_krb5_pausec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2132 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_pausec, NULL);
2135 static const ber_old_sequence_t PA_ENC_TS_ENC_sequence[] = {
2136 { BER_CLASS_CON, 0, 0, dissect_krb5_patimestamp },
2137 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_pausec },
2141 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2143 guint8 *plaintext=NULL;
2146 length=tvb_length_remaining(tvb, offset);
2148 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
2150 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
2156 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
2157 plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, PA_ENC_TIMESTAMP_etype, NULL);
2162 next_tvb = tvb_new_child_real_data(tvb, plaintext,
2165 tvb_set_free_cb(next_tvb, g_free);
2167 /* Add the decrypted data to the data source list. */
2168 add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
2171 offset=dissect_ber_old_sequence(FALSE, actx, tree, next_tvb, 0, PA_ENC_TS_ENC_sequence, -1, -1);
2180 dissect_krb5_encrypted_PA_ENC_TIMESTAMP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2182 #ifdef HAVE_KERBEROS
2183 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
2185 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, NULL);
2189 static ber_old_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
2190 { BER_CLASS_CON, 0, 0,
2191 dissect_krb5_PA_ENC_TIMESTAMP_etype },
2192 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2193 dissect_krb5_kvno },
2194 { BER_CLASS_CON, 2, 0,
2195 dissect_krb5_encrypted_PA_ENC_TIMESTAMP },
2199 dissect_krb5_PA_ENC_TIMESTAMP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2201 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_ENC_TIMESTAMP_sequence, -1, -1);
2209 dissect_krb5_etype_info_salt(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2211 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_etype_info_salt, NULL);
2216 dissect_krb5_etype_info2_salt(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2218 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_etype_info2_salt, NULL, 0);
2223 dissect_krb5_etype_info2_s2kparams(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2225 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_etype_info2_s2kparams, NULL);
2229 static ber_old_sequence_t PA_ENCTYPE_INFO_ENTRY_sequence[] = {
2230 { BER_CLASS_CON, 0, 0,
2231 dissect_krb5_etype },
2232 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2233 dissect_krb5_etype_info_salt },
2237 dissect_krb5_PA_ENCTYPE_INFO_ENTRY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2239 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO_ENTRY_sequence, -1, -1);
2244 static ber_old_sequence_t PA_ENCTYPE_INFO_sequence_of[1] = {
2245 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO_ENTRY },
2248 dissect_krb5_PA_ENCTYPE_INFO(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2250 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO_sequence_of, -1, -1);
2255 static ber_old_sequence_t PA_ENCTYPE_INFO2_ENTRY_sequence[] = {
2256 { BER_CLASS_CON, 0, 0,
2257 dissect_krb5_etype },
2258 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2259 dissect_krb5_etype_info2_salt },
2260 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
2261 dissect_krb5_etype_info2_s2kparams },
2265 dissect_krb5_PA_ENCTYPE_INFO2_ENTRY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2267 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO2_ENTRY_sequence, -1, -1);
2272 static ber_old_sequence_t PA_ENCTYPE_INFO2_sequence_of[1] = {
2273 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO2_ENTRY },
2276 dissect_krb5_PA_ENCTYPE_INFO2(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2278 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO2_sequence_of, -1, -1);
2285 dissect_krb5_PW_SALT(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2289 /* Microsoft stores a special 12 byte blob here
2293 * decode everything as this blob for now until we see if anyone
2294 * else ever uses it or we learn how to tell whether this
2295 * is such an MS blob or not.
2297 proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2298 nt_status=tvb_get_letohl(tvb, offset);
2299 if(nt_status && check_col(actx->pinfo->cinfo, COL_INFO)) {
2300 col_append_fstr(actx->pinfo->cinfo, COL_INFO,
2302 val_to_str(nt_status, NT_errors,
2303 "Unknown error code %#x"));
2307 proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2310 proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2317 * PA-DATA ::= SEQUENCE {
2318 * padata-type[1] INTEGER,
2319 * padata-value[2] OCTET STRING,
2320 * -- might be encoded AP-REQ
2323 static guint32 krb_PA_DATA_type;
2325 dissect_krb5_PA_DATA_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2327 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
2330 proto_item_append_text(tree, " %s",
2331 val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
2337 dissect_krb5_PA_DATA_value(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2339 proto_tree *tree=parent_tree;
2341 if(actx->created_item){
2342 tree=proto_item_add_subtree(actx->created_item, ett_krb_PA_DATA_tree);
2346 switch(krb_PA_DATA_type){
2347 case KRB5_PA_TGS_REQ:
2348 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_application_choice);
2350 case KRB5_PA_PK_AS_REQ:
2351 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_pkinit_PA_PK_AS_REQ);
2353 case KRB5_PA_PK_AS_REP:
2354 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_pkinit_PA_PK_AS_REP);
2356 case KRB5_PA_PAC_REQUEST:
2357 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PAC_REQUEST);
2359 case KRB5_PA_FOR_USER:
2360 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_FOR_USER);
2362 case KRB5_PA_PROV_SRV_LOCATION:
2363 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PROV_SRV_LOCATION);
2365 case KRB5_PA_ENC_TIMESTAMP:
2366 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENC_TIMESTAMP);
2368 case KRB5_PA_ENCTYPE_INFO:
2369 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
2371 case KRB5_PA_ENCTYPE_INFO2:
2372 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO2);
2374 case KRB5_PA_PW_SALT:
2375 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PW_SALT);
2378 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
2384 static ber_old_sequence_t PA_DATA_sequence[] = {
2385 { BER_CLASS_CON, 1, 0, dissect_krb5_PA_DATA_type },
2386 { BER_CLASS_CON, 2, 0, dissect_krb5_PA_DATA_value },
2390 dissect_krb5_PA_DATA(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2392 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_DATA_sequence, -1, -1);
2401 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
2404 static ber_old_sequence_t PA_DATA_sequence_of[1] = {
2405 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_DATA },
2408 dissect_krb5_padata(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2410 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, PA_DATA_sequence_of, hf_krb_padata, ett_krb_padata);
2417 static const true_false_string krb5_ticketflags_forwardable = {
2418 "FORWARDABLE tickets are allowed/requested",
2419 "Do NOT use forwardable tickets"
2421 static const true_false_string krb5_ticketflags_forwarded = {
2422 "This ticket has been FORWARDED",
2423 "This is NOT a forwarded ticket"
2425 static const true_false_string krb5_ticketflags_proxiable = {
2426 "PROXIABLE tickets are allowed/requested",
2427 "Do NOT use proxiable tickets"
2429 static const true_false_string krb5_ticketflags_proxy = {
2430 "This is a PROXY ticket",
2431 "This ticket has NOT been proxied"
2433 static const true_false_string krb5_ticketflags_allow_postdate = {
2434 "We allow the ticket to be POSTDATED",
2435 "We do NOT allow the ticket to be postdated"
2437 static const true_false_string krb5_ticketflags_postdated = {
2438 "This ticket is POSTDATED",
2439 "This ticket is NOT postdated"
2441 static const true_false_string krb5_ticketflags_invalid = {
2442 "This ticket is INVALID",
2443 "This ticket is NOT invalid"
2445 static const true_false_string krb5_ticketflags_renewable = {
2446 "This ticket is RENEWABLE",
2447 "This ticket is NOT renewable"
2449 static const true_false_string krb5_ticketflags_initial = {
2450 "This ticket was granted by AS and not TGT protocol",
2451 "This ticket was granted by TGT and not as protocol"
2453 static const true_false_string krb5_ticketflags_pre_auth = {
2454 "The client was PRE-AUTHenticated",
2455 "The client was NOT pre-authenticated"
2457 static const true_false_string krb5_ticketflags_hw_auth = {
2458 "The client was authenticated by HardWare",
2459 "The client was NOT authenticated using hardware"
2461 static const true_false_string krb5_ticketflags_transited_policy_checked = {
2462 "Kdc has performed TRANSITED POLICY CHECKING",
2463 "Kdc has NOT performed transited policy checking"
2465 static const true_false_string krb5_ticketflags_ok_as_delegate = {
2466 "This ticket is OK AS a DELEGATED ticket",
2467 "This ticket is NOT ok as a delegated ticket"
2470 static int* TicketFlags_bits[] = {
2471 &hf_krb_TicketFlags_forwardable,
2472 &hf_krb_TicketFlags_forwarded,
2473 &hf_krb_TicketFlags_proxiable,
2474 &hf_krb_TicketFlags_proxy,
2475 &hf_krb_TicketFlags_allow_postdate,
2476 &hf_krb_TicketFlags_postdated,
2477 &hf_krb_TicketFlags_invalid,
2478 &hf_krb_TicketFlags_renewable,
2479 &hf_krb_TicketFlags_initial,
2480 &hf_krb_TicketFlags_pre_auth,
2481 &hf_krb_TicketFlags_hw_auth,
2482 &hf_krb_TicketFlags_transited_policy_checked,
2483 &hf_krb_TicketFlags_ok_as_delegate,
2488 dissect_krb5_TicketFlags(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2490 offset=dissect_ber_bitstring32(FALSE, actx, tree, tvb, offset, TicketFlags_bits, hf_krb_TicketFlags, ett_krb_Ticket_Flags, NULL);
2495 static guint32 keytype;
2497 dissect_krb5_keytype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2499 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_keytype, &keytype);
2501 proto_item_append_text(tree, " %s",
2502 val_to_str(keytype, krb5_encryption_types,
2507 static int keylength;
2508 static const guint8 *keyvalue;
2510 store_keyvalue(proto_tree *tree _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2512 keylength=tvb_length_remaining(tvb, offset);
2513 keyvalue=tvb_get_ptr(tvb, offset, keylength);
2517 dissect_krb5_keyvalue(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2519 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_keyvalue, store_keyvalue);
2525 * EncryptionKey ::= SEQUENCE {
2527 * keyvalue [1] octet string
2529 static ber_old_sequence_t EncryptionKey_sequence[] = {
2530 { BER_CLASS_CON, 0, 0,
2531 dissect_krb5_keytype },
2532 { BER_CLASS_CON, 1, 0,
2533 dissect_krb5_keyvalue },
2537 dissect_krb5_key(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2539 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncryptionKey_sequence, hf_krb_key, ett_krb_key);
2541 #ifdef HAVE_KERBEROS
2542 add_encryption_key(actx->pinfo, keytype, keylength, keyvalue, "key");
2547 dissect_krb5_subkey(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2549 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncryptionKey_sequence, hf_krb_subkey, ett_krb_subkey);
2550 #ifdef HAVE_KERBEROS
2551 add_encryption_key(actx->pinfo, keytype, keylength, keyvalue, "subkey");
2557 dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep)
2559 proto_item *item=NULL;
2560 proto_tree *tree=NULL;
2564 item=proto_tree_add_text(parent_tree, tvb, offset, 16, "DREP");
2565 tree=proto_item_add_subtree(item, ett_krb_PAC_DREP);
2568 val = tvb_get_guint8(tvb, offset);
2569 proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4);
2580 /* This might be some sort of header that MIDL generates when creating
2581 * marshalling/unmarshalling code for blobs that are not to be transported
2582 * ontop of DCERPC and where the DREP fields specifying things such as
2583 * endianess and similar are not available.
2586 dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep, asn1_ctx_t *actx _U_)
2588 proto_item *item=NULL;
2589 proto_tree *tree=NULL;
2592 item=proto_tree_add_text(parent_tree, tvb, offset, 16, "MES header");
2593 tree=proto_item_add_subtree(item, ett_krb_PAC_MIDL_BLOB);
2596 /* modified DREP field that is used for stuff that is transporetd ontop
2599 proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2602 offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep);
2605 proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2608 proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2611 /* length of blob that follows */
2612 proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN);
2619 dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2621 proto_item *item=NULL;
2622 proto_tree *tree=NULL;
2623 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
2624 static dcerpc_info di; /* fake dcerpc_info struct */
2625 static dcerpc_call_value call_data;
2626 void *old_private_data;
2628 item=proto_tree_add_item(parent_tree, hf_krb_PAC_LOGON_INFO, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2630 tree=proto_item_add_subtree(item, ett_krb_PAC_LOGON_INFO);
2633 /* skip the first 16 bytes, they are some magic created by the idl
2634 * compiler the first 4 bytes might be flags?
2636 offset=dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
2638 /* the PAC_LOGON_INFO blob */
2639 /* fake whatever state the dcerpc runtime support needs */
2640 di.conformant_run=0;
2641 /* we need di->call_data->flags.NDR64 == 0 */
2642 di.call_data=&call_data;
2643 old_private_data=actx->pinfo->private_data;
2644 actx->pinfo->private_data=&di;
2645 init_ndr_pointer_list(actx->pinfo);
2646 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, drep,
2647 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE,
2648 "PAC_LOGON_INFO:", -1);
2649 actx->pinfo->private_data=old_private_data;
2655 dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2657 proto_item *item=NULL;
2658 proto_tree *tree=NULL;
2659 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
2660 static dcerpc_info di; /* fake dcerpc_info struct */
2661 static dcerpc_call_value call_data;
2662 void *old_private_data;
2664 item=proto_tree_add_item(parent_tree, hf_krb_PAC_S4U_DELEGATION_INFO, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2666 tree=proto_item_add_subtree(item, ett_krb_PAC_S4U_DELEGATION_INFO);
2669 /* skip the first 16 bytes, they are some magic created by the idl
2670 * compiler the first 4 bytes might be flags?
2672 offset=dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
2675 /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */
2676 /* fake whatever state the dcerpc runtime support needs */
2677 di.conformant_run=0;
2678 /* we need di->call_data->flags.NDR64 == 0 */
2679 di.call_data=&call_data;
2680 old_private_data=actx->pinfo->private_data;
2681 actx->pinfo->private_data=&di;
2682 init_ndr_pointer_list(actx->pinfo);
2683 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, drep,
2684 netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE,
2685 "PAC_S4U_DELEGATION_INFO:", -1);
2686 actx->pinfo->private_data=old_private_data;
2692 dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2694 proto_item *item=NULL;
2695 proto_tree *tree=NULL;
2696 guint16 dns_offset, dns_len;
2697 guint16 upn_offset, upn_len;
2702 item=proto_tree_add_item(parent_tree, hf_krb_PAC_UPN_DNS_INFO, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2704 tree=proto_item_add_subtree(item, ett_krb_PAC_UPN_DNS_INFO);
2708 upn_len = tvb_get_letohs(tvb, offset);
2709 proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2711 upn_offset = tvb_get_letohs(tvb, offset);
2712 proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2716 dns_len = tvb_get_letohs(tvb, offset);
2717 proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2719 dns_offset = tvb_get_letohs(tvb, offset);
2720 proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2724 proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2727 offset = upn_offset;
2729 bc = tvb_length_remaining(tvb, offset);
2730 dn = get_unicode_or_ascii_string(tvb, &offset,
2731 TRUE, &dn_len, TRUE, TRUE, &bc);
2732 proto_tree_add_string(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, dn);
2735 offset = dns_offset;
2737 bc = tvb_length_remaining(tvb, offset);
2738 dn = get_unicode_or_ascii_string(tvb, &offset,
2739 TRUE, &dn_len, TRUE, TRUE, &bc);
2740 proto_tree_add_string(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, dn);
2746 dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2748 proto_tree_add_item(parent_tree, hf_krb_PAC_CREDENTIAL_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2755 dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2757 proto_item *item=NULL;
2758 proto_tree *tree=NULL;
2760 item=proto_tree_add_item(parent_tree, hf_krb_PAC_SERVER_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2762 tree=proto_item_add_subtree(item, ett_krb_PAC_SERVER_CHECKSUM);
2765 /* signature type */
2766 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2769 /* signature data */
2770 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2776 dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2778 proto_item *item=NULL;
2779 proto_tree *tree=NULL;
2781 item=proto_tree_add_item(parent_tree, hf_krb_PAC_PRIVSVR_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2783 tree=proto_item_add_subtree(item, ett_krb_PAC_PRIVSVR_CHECKSUM);
2786 /* signature type */
2787 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2790 /* signature data */
2791 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2797 dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2799 proto_item *item=NULL;
2800 proto_tree *tree=NULL;
2804 item=proto_tree_add_item(parent_tree, hf_krb_PAC_CLIENT_INFO_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2806 tree=proto_item_add_subtree(item, ett_krb_PAC_CLIENT_INFO_TYPE);
2810 offset = dissect_nt_64bit_time(tvb, tree, offset,
2811 hf_krb_pac_clientid);
2814 namelen=tvb_get_letohs(tvb, offset);
2815 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
2819 name=tvb_get_ephemeral_unicode_string(tvb, offset, namelen/2, ENC_LITTLE_ENDIAN);
2820 proto_tree_add_string(tree, hf_krb_pac_clientname, tvb, offset, namelen, name);
2827 dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2832 proto_item *it=NULL;
2833 proto_tree *tr=NULL;
2836 /* type of pac data */
2837 pac_type=tvb_get_letohl(tvb, offset);
2838 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
2840 tr=proto_item_add_subtree(it, ett_krb_PAC);
2845 /* size of pac data */
2846 pac_size=tvb_get_letohl(tvb, offset);
2847 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
2850 /* offset to pac data */
2851 pac_offset=tvb_get_letohl(tvb, offset);
2852 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
2856 next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size);
2858 case PAC_LOGON_INFO:
2859 dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
2861 case PAC_CREDENTIAL_TYPE:
2862 dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx);
2864 case PAC_SERVER_CHECKSUM:
2865 dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
2867 case PAC_PRIVSVR_CHECKSUM:
2868 dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx);
2870 case PAC_CLIENT_INFO_TYPE:
2871 dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx);
2873 case PAC_S4U_DELEGATION_INFO:
2874 dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx);
2876 case PAC_UPN_DNS_INFO:
2877 dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
2887 dissect_krb5_AD_WIN2K_PAC(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2893 /* first in the PAC structure comes the number of entries */
2894 entries=tvb_get_letohl(tvb, offset);
2895 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
2898 /* second comes the version */
2899 version=tvb_get_letohl(tvb, offset);
2900 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
2903 for(i=0;i<entries;i++){
2904 offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx);
2911 int dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx);
2913 static ber_old_sequence_t AD_SIGNTICKET_sequence[] = {
2914 { BER_CLASS_CON, 0, 0,
2915 dissect_krb5_etype },
2916 { BER_CLASS_CON, 1, 0,
2917 dissect_krb5_Checksum },
2921 /* first seen in traces from vista */
2923 dissect_krb5_AD_SIGNTICKET(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
2925 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AD_SIGNTICKET_sequence, -1, -1);
2930 static guint32 IF_RELEVANT_type;
2932 dissect_krb5_IF_RELEVANT_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2934 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
2936 proto_item_append_text(tree, " %s",
2937 val_to_str(IF_RELEVANT_type, krb5_ad_types,
2943 dissect_krb5_IF_RELEVANT_value(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2945 switch(IF_RELEVANT_type){
2946 case KRB5_AD_WIN2K_PAC:
2947 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_WIN2K_PAC);
2949 case KRB5_AD_SIGNTICKET:
2950 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_SIGNTICKET);
2953 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_IF_RELEVANT_value, NULL);
2957 static ber_old_sequence_t IF_RELEVANT_item_sequence[] = {
2958 { BER_CLASS_CON, 0, 0,
2959 dissect_krb5_IF_RELEVANT_type },
2960 { BER_CLASS_CON, 1, 0,
2961 dissect_krb5_IF_RELEVANT_value },
2965 dissect_krb5_IF_RELEVANT_item(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2967 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, IF_RELEVANT_item_sequence, hf_krb_IF_RELEVANT, ett_krb_IF_RELEVANT);
2972 static ber_old_sequence_t IF_RELEVANT_sequence_of[1] = {
2973 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_IF_RELEVANT_item },
2977 dissect_krb5_IF_RELEVANT(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2979 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, IF_RELEVANT_sequence_of, -1, -1);
2984 static guint32 adtype;
2986 dissect_krb5_adtype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2988 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_adtype, &adtype);
2990 proto_item_append_text(tree, " %s",
2991 val_to_str(adtype, krb5_ad_types,
2997 dissect_krb5_advalue(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3000 case KRB5_AD_IF_RELEVANT:
3001 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_advalue, dissect_krb5_IF_RELEVANT);
3004 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_advalue, NULL);
3009 * AuthorizationData ::= SEQUENCE {
3011 * ad-data [1] octet string
3013 static ber_old_sequence_t AuthorizationData_item_sequence[] = {
3014 { BER_CLASS_CON, 0, 0,
3015 dissect_krb5_adtype },
3016 { BER_CLASS_CON, 1, 0,
3017 dissect_krb5_advalue },
3021 dissect_krb5_AuthorizationData_item(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3023 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AuthorizationData_item_sequence, hf_krb_AuthorizationData, ett_krb_AuthorizationData);
3028 static ber_old_sequence_t AuthorizationData_sequence_of[1] = {
3029 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_AuthorizationData_item },
3032 dissect_krb5_AuthorizationData(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3034 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, AuthorizationData_sequence_of, -1, -1);
3041 dissect_krb5_transited_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3045 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_transitedtype, &trtype);
3047 proto_item_append_text(tree, " %s",
3048 val_to_str(trtype, krb5_transited_types,
3055 dissect_krb5_transited_contents(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3057 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_transitedcontents, NULL);
3062 * TransitedEncoding ::= SEQUENCE {
3064 * contents [1] octet string
3066 static ber_old_sequence_t TransitedEncoding_sequence[] = {
3067 { BER_CLASS_CON, 0, 0,
3068 dissect_krb5_transited_type },
3069 { BER_CLASS_CON, 1, 0,
3070 dissect_krb5_transited_contents },
3074 dissect_krb5_transited(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3076 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, TransitedEncoding_sequence, hf_krb_TransitedEncoding, ett_krb_TransitedEncoding);
3083 dissect_krb5_authtime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3085 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_authtime);
3089 dissect_krb5_starttime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3091 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_starttime);
3095 dissect_krb5_endtime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3097 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_endtime);
3101 dissect_krb5_renew_till(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3103 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_renew_till);
3108 * EncTicketPart ::= SEQUENCE {
3109 * flags [0] TicketFlags,
3110 * key [1] EncryptionKey,
3112 * cname [3] PrincipalName,
3113 * transited [4] TransitedEncoding,
3114 * authtime [5] KerberosTime,
3115 * starttime [6] KerberosTime OPTIONAL,
3116 * endtime [7] KerberosTime,
3117 * renew-till [8] KerberosTime OPTIONAL,
3118 * caddr [9] HostAddresses OPTIONAL,
3119 * authorization-data [10] AuthorizationData OPTIONAL
3122 static ber_old_sequence_t EncTicketPart_sequence[] = {
3123 { BER_CLASS_CON, 0, 0,
3124 dissect_krb5_TicketFlags },
3125 { BER_CLASS_CON, 1, 0,
3127 { BER_CLASS_CON, 2, 0,
3128 dissect_krb5_crealm },
3129 { BER_CLASS_CON, 3, 0,
3130 dissect_krb5_cname },
3131 { BER_CLASS_CON, 4, 0,
3132 dissect_krb5_transited },
3133 { BER_CLASS_CON, 5, 0,
3134 dissect_krb5_authtime },
3135 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3136 dissect_krb5_starttime },
3137 { BER_CLASS_CON, 7, 0,
3138 dissect_krb5_endtime },
3139 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3140 dissect_krb5_renew_till },
3141 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
3142 dissect_krb5_HostAddresses },
3143 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
3144 dissect_krb5_AuthorizationData },
3148 dissect_krb5_EncTicketPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3150 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncTicketPart_sequence, hf_krb_EncTicketPart, ett_krb_EncTicketPart);
3161 * EncAPRepPart ::= SEQUENCE {
3162 * ctime [0] KerberosTime
3163 * cusec [1] Microseconds
3164 * subkey [2] encryptionKey OPTIONAL
3165 * seq-number [3] uint32 OPTIONAL
3168 static ber_old_sequence_t EncAPRepPart_sequence[] = {
3169 { BER_CLASS_CON, 0, 0,
3170 dissect_krb5_ctime },
3171 { BER_CLASS_CON, 1, 0,
3172 dissect_krb5_cusec },
3173 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3174 dissect_krb5_subkey },
3175 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3176 dissect_krb5_seq_number },
3180 dissect_krb5_EncAPRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3182 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncAPRepPart_sequence, hf_krb_EncAPRepPart, ett_krb_EncAPRepPart);
3189 static guint32 lr_type;
3190 static const value_string krb5_lr_types[] = {
3191 { 0 , "No information available" },
3192 { 1 , "Time of last initial TGT request" },
3193 { 2 , "Time of last initial request" },
3194 { 3 , "Time of issue of latest TGT ticket" },
3195 { 4 , "Time of last renewal" },
3196 { 5 , "Time of last request" },
3197 { 6 , "Time when password will expire" },
3198 { 7 , "Time when account will expire" },
3202 dissect_krb5_lr_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3204 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_lr_type, &lr_type);
3209 dissect_krb5_lr_value(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3211 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_lr_time);
3216 static ber_old_sequence_t LastReq_sequence[] = {
3217 { BER_CLASS_CON, 0, 0,
3218 dissect_krb5_lr_type },
3219 { BER_CLASS_CON, 1, 0,
3220 dissect_krb5_lr_value },
3224 dissect_krb5_LastReq(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3226 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, LastReq_sequence, hf_krb_LastReq, ett_krb_LastReq);
3230 static ber_old_sequence_t LastReq_sequence_of[1] = {
3231 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_LastReq },
3234 dissect_krb5_LastReq_sequence_of(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3236 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, LastReq_sequence_of, hf_krb_LastReqs, ett_krb_LastReqs);
3242 dissect_krb5_key_expiration(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3244 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_key_expire);
3248 static ber_old_sequence_t EncKDCRepPart_sequence[] = {
3249 { BER_CLASS_CON, 0, 0,
3251 { BER_CLASS_CON, 1, 0,
3252 dissect_krb5_LastReq_sequence_of },
3253 { BER_CLASS_CON, 2, 0,
3254 dissect_krb5_nonce },
3255 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3256 dissect_krb5_key_expiration },
3257 { BER_CLASS_CON, 4, 0,
3258 dissect_krb5_TicketFlags },
3259 { BER_CLASS_CON, 5, 0,
3260 dissect_krb5_authtime },
3261 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3262 dissect_krb5_starttime },
3263 { BER_CLASS_CON, 7, 0,
3264 dissect_krb5_endtime },
3265 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3266 dissect_krb5_renew_till },
3267 { BER_CLASS_CON, 9, 0,
3268 dissect_krb5_realm },
3269 { BER_CLASS_CON, 10, 0,
3270 dissect_krb5_sname },
3271 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
3272 dissect_krb5_HostAddresses },
3276 dissect_krb5_EncKDCRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3278 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncKDCRepPart_sequence, hf_krb_EncKDCRepPart, ett_krb_EncKDCRepPart);
3285 dissect_krb5_authenticator_vno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3287 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
3293 #define KRB5_GSS_C_DELEG_FLAG 0x01
3294 #define KRB5_GSS_C_MUTUAL_FLAG 0x02
3295 #define KRB5_GSS_C_REPLAY_FLAG 0x04
3296 #define KRB5_GSS_C_SEQUENCE_FLAG 0x08
3297 #define KRB5_GSS_C_CONF_FLAG 0x10
3298 #define KRB5_GSS_C_INTEG_FLAG 0x20
3299 #define KRB5_GSS_C_DCE_STYLE 0x1000
3301 static const true_false_string tfs_gss_flags_deleg = {
3302 "Delegate credentials to remote peer",
3305 static const true_false_string tfs_gss_flags_mutual = {
3306 "Request that remote peer authenticates itself",
3307 "Mutual authentication NOT required"
3309 static const true_false_string tfs_gss_flags_replay = {
3310 "Enable replay protection for signed or sealed messages",
3311 "Do NOT enable replay protection"
3313 static const true_false_string tfs_gss_flags_sequence = {
3314 "Enable Out-of-sequence detection for sign or sealed messages",
3315 "Do NOT enable out-of-sequence detection"
3317 static const true_false_string tfs_gss_flags_conf = {
3318 "Confidentiality (sealing) may be invoked",
3319 "Do NOT use Confidentiality (sealing)"
3321 static const true_false_string tfs_gss_flags_integ = {
3322 "Integrity protection (signing) may be invoked",
3323 "Do NOT use integrity protection"
3326 static const true_false_string tfs_gss_flags_dce_style = {
3328 "Not using DCE-STYLE"
3331 /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.
3334 dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb)
3340 /* Length of Bnd field */
3341 len=tvb_get_letohl(tvb, offset);
3342 proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3346 proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA);
3351 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3352 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3353 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3354 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3355 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3356 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3357 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3360 /* the next fields are optional so we have to check that we have
3361 * more data in our buffers */
3362 if(tvb_length_remaining(tvb, offset)<2){
3365 /* dlgopt identifier */
3366 proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3369 if(tvb_length_remaining(tvb, offset)<2){
3372 /* dlglen identifier */
3373 dlglen=tvb_get_letohs(tvb, offset);
3374 proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3377 if(dlglen!=tvb_length_remaining(tvb, offset)){
3378 proto_tree_add_text(tree, tvb, 0, 0, "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_length_remaining(tvb, offset));
3382 /* this should now be a KRB_CRED message */
3383 offset=dissect_ber_old_choice(actx, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
3389 static guint32 checksum_type;
3392 dissect_krb5_checksum_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3394 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_checksum_type, &checksum_type);
3400 dissect_krb5_checksum_checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3404 switch(checksum_type){
3405 case KRB5_CHKSUM_GSSAPI:
3406 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_checksum_checksum, &next_tvb);
3407 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
3410 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
3416 * Checksum ::= SEQUENCE {
3419 static ber_old_sequence_t Checksum_sequence[] = {
3420 { BER_CLASS_CON, 0, 0,
3421 dissect_krb5_checksum_type },
3422 { BER_CLASS_CON, 1, 0,
3423 dissect_krb5_checksum_checksum },
3427 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3429 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Checksum_sequence, hf_krb_Checksum, ett_krb_Checksum);
3435 * Authenticator ::= SEQUENCE {
3436 * authenticator-vno [0] integer
3438 * cname [2] PrincipalName
3439 * cksum [3] Checksum OPTIONAL
3440 * cusec [4] Microseconds
3441 * ctime [5] KerberosTime
3442 * subkey [6] encryptionKey OPTIONAL
3443 * seq-number [7] uint32 OPTIONAL
3444 * authorization-data [8] AuthorizationData OPTIONAL
3447 static ber_old_sequence_t Authenticator_sequence[] = {
3448 { BER_CLASS_CON, 0, 0,
3449 dissect_krb5_authenticator_vno },
3450 { BER_CLASS_CON, 1, 0,
3451 dissect_krb5_crealm },
3452 { BER_CLASS_CON, 2, 0,
3453 dissect_krb5_cname },
3454 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3455 dissect_krb5_Checksum },
3456 { BER_CLASS_CON, 4, 0,
3457 dissect_krb5_cusec },
3458 { BER_CLASS_CON, 5, 0,
3459 dissect_krb5_ctime },
3460 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3461 dissect_krb5_subkey },
3462 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
3463 dissect_krb5_seq_number },
3464 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3465 dissect_krb5_AuthorizationData },
3469 dissect_krb5_Authenticator(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3471 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Authenticator_sequence, hf_krb_Authenticator, ett_krb_Authenticator);
3478 dissect_krb5_PRIV_BODY_user_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3481 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_PRIV_BODY_user_data, &new_tvb);
3484 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA);
3489 static ber_old_sequence_t EncKrbPrivPart_sequence[] = {
3490 { BER_CLASS_CON, 0, 0,
3491 dissect_krb5_PRIV_BODY_user_data },
3492 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3493 dissect_krb5_patimestamp },
3494 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3495 dissect_krb5_cusec },
3496 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3497 dissect_krb5_seq_number },
3498 { BER_CLASS_CON, 4, 0,
3499 dissect_krb5_s_address },
3500 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3501 dissect_krb5_HostAddresses },
3505 dissect_krb5_EncKrbPrivPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3507 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncKrbPrivPart_sequence, hf_krb_EncKrbPrivPart, ett_krb_EncKrbPrivPart);
3512 static guint32 PRIV_etype;
3514 dissect_krb5_PRIV_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3516 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &PRIV_etype);
3518 proto_item_append_text(tree, " %s",
3519 val_to_str(PRIV_etype, krb5_encryption_types,
3525 #ifdef HAVE_KERBEROS
3527 dissect_krb5_decrypt_PRIV (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3529 guint8 *plaintext=NULL;
3532 length=tvb_length_remaining(tvb, offset);
3537 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
3538 plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, PRIV_etype, NULL);
3543 next_tvb = tvb_new_child_real_data(tvb, plaintext,
3546 tvb_set_free_cb(next_tvb, g_free);
3548 /* Add the decrypted data to the data source list. */
3549 add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
3551 offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3559 * PRIV-BODY ::= SEQUENCE {
3560 * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
3562 * msg-type[1] INTEGER,
3563 * enc-part[3] EncryptedData
3567 dissect_krb5_encrypted_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3569 #ifdef HAVE_KERBEROS
3570 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PRIV, dissect_krb5_decrypt_PRIV);
3572 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
3576 static ber_old_sequence_t ENC_PRIV_sequence[] = {
3577 { BER_CLASS_CON, 0, 0,
3578 dissect_krb5_PRIV_etype },
3579 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3580 dissect_krb5_kvno },
3581 { BER_CLASS_CON, 2, 0,
3582 dissect_krb5_encrypted_PRIV },
3586 dissect_krb5_ENC_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3588 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, ENC_PRIV_sequence, hf_krb_ENC_PRIV, ett_krb_PRIV_enc);
3591 static ber_old_sequence_t PRIV_BODY_sequence[] = {
3592 { BER_CLASS_CON, 0, 0,
3593 dissect_krb5_pvno },
3594 { BER_CLASS_CON, 1, 0,
3595 dissect_krb5_msg_type },
3596 { BER_CLASS_CON, 3, 0,
3597 dissect_krb5_ENC_PRIV },
3601 dissect_krb5_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3604 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PRIV_BODY_sequence, hf_krb_PRIV_BODY, ett_krb_PRIV);
3609 static guint32 EncKrbCredPart_etype;
3611 dissect_krb5_EncKrbCredPart_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3613 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &EncKrbCredPart_etype);
3615 proto_item_append_text(tree, " %s",
3616 val_to_str(EncKrbCredPart_etype, krb5_encryption_types,
3626 static ber_old_sequence_t KrbCredInfo_sequence[] = {
3627 { BER_CLASS_CON, 0, 0, dissect_krb5_key },
3628 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_prealm },
3629 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_pname },
3630 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_TicketFlags },
3631 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_krb5_authtime },
3632 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_krb5_starttime },
3633 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_krb5_endtime },
3634 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_krb5_renew_till },
3635 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_krb5_srealm },
3636 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_krb5_sname },
3637 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_krb5_HostAddresses },
3641 dissect_krb5_KrbCredInfo(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3644 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KrbCredInfo_sequence, hf_krb_KrbCredInfo, ett_krb_KrbCredInfo);
3649 static ber_old_sequence_t KrbCredInfo_sequence_of[1] = {
3650 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_KrbCredInfo },
3653 dissect_krb5_KrbCredInfo_sequence_of(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3655 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, KrbCredInfo_sequence_of, hf_krb_KrbCredInfos, ett_krb_KrbCredInfos);
3659 static const ber_old_sequence_t EncKrbCredPart_sequence[] = {
3660 { BER_CLASS_CON, 0, 0, dissect_krb5_KrbCredInfo_sequence_of },
3661 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_nonce },
3662 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_ctime },
3663 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_cusec },
3664 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_krb5_s_address },
3665 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_krb5_r_address },
3670 dissect_krb5_EncKrbCredPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3672 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncKrbCredPart_sequence, hf_krb_EncKrbCredPart, ett_krb_EncKrbCredPart);
3677 #ifdef HAVE_KERBEROS
3679 dissect_krb5_decrypt_EncKrbCredPart (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3681 guint8 *plaintext=NULL;
3685 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
3687 length=tvb_length_remaining(tvb, offset);
3690 * EncKrbCredPart encrypted with usage
3694 plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, EncKrbCredPart_etype, NULL);
3698 tvbuff_t *child_tvb;
3699 child_tvb = tvb_new_child_real_data(tvb, plaintext,
3702 tvb_set_free_cb(child_tvb, g_free);
3704 /* Add the decrypted data to the data source list. */
3705 add_new_data_source(actx->pinfo, child_tvb, "EncKrbCredPart");
3707 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3714 dissect_krb5_encrypted_CRED_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3716 #ifdef HAVE_KERBEROS
3717 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_EncKrbCredPart, dissect_krb5_decrypt_EncKrbCredPart);
3719 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_EncKrbCredPart, NULL);
3724 static ber_old_sequence_t encrypted_CRED_sequence[] = {
3725 { BER_CLASS_CON, 0, 0,
3726 dissect_krb5_EncKrbCredPart_etype },
3727 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3728 dissect_krb5_kvno },
3729 { BER_CLASS_CON, 2, 0,
3730 dissect_krb5_encrypted_CRED_data },
3734 dissect_krb5_encrypted_CRED(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3736 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_CRED_sequence, hf_krb_CRED_enc, ett_krb_CRED_enc);
3741 static ber_old_sequence_t CRED_BODY_sequence[] = {
3742 { BER_CLASS_CON, 0, 0,
3743 dissect_krb5_pvno },
3744 { BER_CLASS_CON, 1, 0,
3745 dissect_krb5_msg_type },
3746 { BER_CLASS_CON, 2, 0,
3747 dissect_krb5_sq_tickets },
3748 { BER_CLASS_CON, 3, 0,
3749 dissect_krb5_encrypted_CRED },
3753 dissect_krb5_CRED(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3756 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, CRED_BODY_sequence, hf_krb_CRED_BODY, ett_krb_CRED);
3763 dissect_krb5_SAFE_BODY_user_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3766 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, &new_tvb);
3768 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
3772 dissect_krb5_SAFE_BODY_timestamp(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3774 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
3779 dissect_krb5_SAFE_BODY_usec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3781 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
3785 static ber_old_sequence_t SAFE_BODY_sequence[] = {
3786 { BER_CLASS_CON, 0, 0,
3787 dissect_krb5_SAFE_BODY_user_data },
3788 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3789 dissect_krb5_SAFE_BODY_timestamp },
3790 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3791 dissect_krb5_SAFE_BODY_usec },
3792 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3793 dissect_krb5_seq_number },
3794 /*XXX this one is OPTIONAL in packetcable? but mandatory in kerberos */
3795 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
3796 dissect_krb5_s_address },
3797 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3798 dissect_krb5_HostAddresses },
3802 dissect_krb5_SAFE_BODY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3805 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, SAFE_BODY_sequence, -1, -1);
3812 static ber_old_sequence_t SAFE_sequence[] = {
3813 { BER_CLASS_CON, 0, 0,
3814 dissect_krb5_pvno },
3815 { BER_CLASS_CON, 1, 0,
3816 dissect_krb5_msg_type },
3817 { BER_CLASS_CON, 2, 0,
3818 dissect_krb5_SAFE_BODY },
3819 { BER_CLASS_CON, 3, 0,
3820 dissect_krb5_Checksum },
3824 dissect_krb5_SAFE(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3827 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, SAFE_sequence, -1, -1);
3832 #ifdef HAVE_KERBEROS
3833 static guint32 enc_authorization_data_etype;
3836 dissect_krb5_decrypt_enc_authorization_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3838 guint8 *plaintext=NULL;
3842 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
3844 length=tvb_length_remaining(tvb, offset);
3848 The key usage value used when encrypting is 5
3849 if a sub-session key is used, or 4 if the session key is used.
3852 plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, enc_authorization_data_etype, NULL);
3855 plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, enc_authorization_data_etype, NULL);
3859 tvbuff_t *child_tvb;
3860 child_tvb = tvb_new_child_real_data(tvb, plaintext,
3863 tvb_set_free_cb(child_tvb, g_free);
3865 /* Add the decrypted data to the data source list. */
3866 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
3869 proto_tree_add_text(tree, child_tvb, 0, length, "AtuhorizationData for TGS_REQ not implemented yet");
3877 dissect_krb5_encrypted_enc_authorization_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3879 #ifdef HAVE_KERBEROS
3880 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_enc_authorization_data, dissect_krb5_decrypt_enc_authorization_data);
3882 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_enc_authorization_data, NULL);
3888 dissect_krb5_enc_authorization_data_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3890 #ifndef HAVE_KERBEROS
3891 guint32 enc_authorization_data_etype;
3893 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &enc_authorization_data_etype);
3895 proto_item_append_text(tree, " %s",
3896 val_to_str(enc_authorization_data_etype, krb5_encryption_types,
3901 static ber_old_sequence_t enc_authorization_data_sequence[] = {
3902 { BER_CLASS_CON, 0, 0,
3903 dissect_krb5_enc_authorization_data_etype },
3904 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3905 dissect_krb5_kvno },
3906 { BER_CLASS_CON, 2, 0,
3907 dissect_krb5_encrypted_enc_authorization_data },
3911 dissect_krb5_enc_authorization_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3913 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, enc_authorization_data_sequence, -1, -1);
3919 * KDC-REQ-BODY ::= SEQUENCE {
3920 * kdc-options[0] KDCOptions,
3921 * cname[1] PrincipalName OPTIONAL,
3922 * -- Used only in AS-REQ
3923 * realm[2] Realm, -- Server's realm
3924 * -- Also client's in AS-REQ
3925 * sname[3] PrincipalName OPTIONAL,
3926 * from[4] KerberosTime OPTIONAL,
3927 * till[5] KerberosTime,
3928 * rtime[6] KerberosTime OPTIONAL,
3930 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
3931 * -- in preference order
3932 * addresses[9] HostAddresses OPTIONAL,
3933 * enc-authorization-data[10] EncryptedData OPTIONAL,
3934 * -- Encrypted AuthorizationData encoding
3935 * additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
3939 static ber_old_sequence_t KDC_REQ_BODY_sequence[] = {
3940 { BER_CLASS_CON, 0, 0,
3941 dissect_krb5_KDCOptions },
3942 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3943 dissect_krb5_cname },
3944 { BER_CLASS_CON, 2, 0,
3945 dissect_krb5_realm},
3946 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3947 dissect_krb5_sname },
3948 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
3949 dissect_krb5_from },
3950 /* this field is not optional in the kerberos spec,
3951 * however, in the packetcable spec it is optional.
3952 * make it optional here since normal kerberos will
3953 * still decode the pdu correctly.
3955 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3956 dissect_krb5_till },
3957 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3958 dissect_krb5_rtime },
3959 { BER_CLASS_CON, 7, 0,
3960 dissect_krb5_nonce },
3961 { BER_CLASS_CON, 8, 0,
3962 dissect_krb5_etype_sequence_of },
3963 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
3964 dissect_krb5_HostAddresses },
3965 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
3966 dissect_krb5_enc_authorization_data },
3967 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
3968 dissect_krb5_sq_tickets },
3972 dissect_krb5_KDC_REQ_BODY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3974 conversation_t *conversation;
3977 * UDP replies to KDC_REQs are sent from the server back to the client's
3978 * source port, similar to the way TFTP works. Set up a conversation
3981 * Ref: Section 7.2.1 of
3982 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
3984 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
3985 conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
3986 actx->pinfo->srcport, 0, NO_PORT_B);
3987 if (conversation == NULL) {
3988 conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
3989 actx->pinfo->srcport, 0, NO_PORT2);
3990 conversation_set_dissector(conversation, kerberos_handle_udp);
3994 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KDC_REQ_BODY_sequence, hf_krb_KDC_REQ_BODY, ett_krb_request);
4002 * KDC-REQ ::= SEQUENCE {
4004 * msg-type[2] INTEGER,
4005 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
4006 * req-body[4] KDC-REQ-BODY
4009 static ber_old_sequence_t KDC_REQ_sequence[] = {
4010 { BER_CLASS_CON, 1, 0,
4011 dissect_krb5_pvno },
4012 { BER_CLASS_CON, 2, 0,
4013 dissect_krb5_msg_type },
4014 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
4015 dissect_krb5_padata },
4016 { BER_CLASS_CON, 4, 0,
4017 dissect_krb5_KDC_REQ_BODY },
4021 dissect_krb5_KDC_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4023 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KDC_REQ_sequence, -1, -1);
4029 #ifdef HAVE_KERBEROS
4031 dissect_krb5_decrypt_authenticator_data (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4033 guint8 *plaintext=NULL;
4037 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
4039 length=tvb_length_remaining(tvb, offset);
4041 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4043 * Authenticators are encrypted with usage
4048 plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, authenticator_etype, NULL);
4051 plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, authenticator_etype, NULL);
4055 tvbuff_t *child_tvb;
4056 child_tvb = tvb_new_child_real_data(tvb, plaintext,
4059 tvb_set_free_cb(child_tvb, g_free);
4061 /* Add the decrypted data to the data source list. */
4062 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
4065 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4074 * EncryptedData ::= SEQUENCE {
4075 * etype[0] INTEGER, -- EncryptionType
4076 * kvno[1] INTEGER OPTIONAL,
4077 * cipher[2] OCTET STRING -- ciphertext
4081 dissect_krb5_encrypted_authenticator_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4083 #ifdef HAVE_KERBEROS
4084 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_authenticator_data, dissect_krb5_decrypt_authenticator_data);
4086 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_authenticator_data, NULL);
4090 static ber_old_sequence_t encrypted_authenticator_sequence[] = {
4091 { BER_CLASS_CON, 0, 0,
4092 dissect_krb5_authenticator_etype },
4093 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4094 dissect_krb5_kvno },
4095 { BER_CLASS_CON, 2, 0,
4096 dissect_krb5_encrypted_authenticator_data },
4100 dissect_krb5_encrypted_authenticator(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4102 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_authenticator_sequence, hf_krb_authenticator_enc, ett_krb_authenticator_enc);
4111 dissect_krb5_tkt_vno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4113 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_tkt_vno, NULL);
4118 #ifdef HAVE_KERBEROS
4120 dissect_krb5_decrypt_Ticket_data (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4126 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
4128 length=tvb_length_remaining(tvb, offset);
4130 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4132 * All Ticket encrypted parts use usage == 2
4134 if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, Ticket_etype, NULL)) ){
4135 tvbuff_t *child_tvb;
4136 child_tvb = tvb_new_child_real_data(tvb, plaintext,
4139 tvb_set_free_cb(child_tvb, g_free);
4141 /* Add the decrypted data to the data source list. */
4142 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
4145 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4153 dissect_krb5_encrypted_Ticket_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4155 #ifdef HAVE_KERBEROS
4156 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_Ticket_data, dissect_krb5_decrypt_Ticket_data);
4158 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_Ticket_data, NULL);
4162 static ber_old_sequence_t encrypted_Ticket_sequence[] = {
4163 { BER_CLASS_CON, 0, 0,
4164 dissect_krb5_Ticket_etype },
4165 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4166 dissect_krb5_kvno },
4167 { BER_CLASS_CON, 2, 0,
4168 dissect_krb5_encrypted_Ticket_data },
4172 dissect_krb5_Ticket_encrypted(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4174 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_Ticket_sequence, hf_krb_ticket_enc, ett_krb_ticket_enc);
4179 static ber_old_sequence_t Application_1_sequence[] = {
4180 { BER_CLASS_CON, 0, 0,
4181 dissect_krb5_tkt_vno },
4182 { BER_CLASS_CON, 1, 0,
4183 dissect_krb5_realm },
4184 { BER_CLASS_CON, 2, 0,
4185 dissect_krb5_sname },
4186 { BER_CLASS_CON, 3, 0,
4187 dissect_krb5_Ticket_encrypted },
4191 dissect_krb5_Application_1(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4193 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Application_1_sequence, hf_krb_ticket, ett_krb_ticket);
4200 static const ber_old_choice_t Ticket_choice[] = {
4201 { 1, BER_CLASS_APP, 1, 0,
4202 dissect_krb5_Application_1 },
4203 { 0, 0, 0, 0, NULL }
4206 dissect_krb5_Ticket(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4208 offset=dissect_ber_old_choice(actx, tree, tvb, offset, Ticket_choice, -1, -1, NULL);
4217 * AP-REQ ::= [APPLICATION 14] SEQUENCE {
4219 * msg-type[1] INTEGER,
4220 * ap-options[2] APOptions,
4222 * authenticator[4] EncryptedData
4225 static ber_old_sequence_t AP_REQ_sequence[] = {
4226 { BER_CLASS_CON, 0, 0,
4227 dissect_krb5_pvno },
4228 { BER_CLASS_CON, 1, 0,
4229 dissect_krb5_msg_type },
4230 { BER_CLASS_CON, 2, 0,
4231 dissect_krb5_APOptions },
4232 { BER_CLASS_CON, 3, 0,
4233 dissect_krb5_Ticket },
4234 { BER_CLASS_CON, 4, 0,
4235 dissect_krb5_encrypted_authenticator },
4239 dissect_krb5_AP_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4241 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AP_REQ_sequence, -1, -1);
4249 #ifdef HAVE_KERBEROS
4251 dissect_krb5_decrypt_AP_REP_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4253 guint8 *plaintext=NULL;
4256 length=tvb_length_remaining(tvb, offset);
4258 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4260 * Authenticators are encrypted with usage
4267 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
4268 plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, AP_REP_etype, NULL);
4273 next_tvb = tvb_new_child_real_data(tvb, plaintext,
4276 tvb_set_free_cb(next_tvb, g_free);
4278 /* Add the decrypted data to the data source list. */
4279 add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
4282 offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4291 dissect_krb5_encrypted_AP_REP_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4293 #ifdef HAVE_KERBEROS
4294 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, dissect_krb5_decrypt_AP_REP_data);
4296 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, NULL);
4300 static ber_old_sequence_t encrypted_AP_REP_sequence[] = {
4301 { BER_CLASS_CON, 0, 0,
4302 dissect_krb5_AP_REP_etype },
4303 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4304 dissect_krb5_kvno },
4305 { BER_CLASS_CON, 2, 0,
4306 dissect_krb5_encrypted_AP_REP_data },
4310 dissect_krb5_encrypted_AP_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4312 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_AP_REP_sequence, hf_krb_AP_REP_enc, ett_krb_AP_REP_enc);
4318 * AP-REP ::= [APPLICATION 15] SEQUENCE {
4320 * msg-type[1] INTEGER,
4321 * enc-part[2] EncryptedData
4324 static ber_old_sequence_t AP_REP_sequence[] = {
4325 { BER_CLASS_CON, 0, 0,
4326 dissect_krb5_pvno },
4327 { BER_CLASS_CON, 1, 0,
4328 dissect_krb5_msg_type },
4329 { BER_CLASS_CON, 2, 0,
4330 dissect_krb5_encrypted_AP_REP },
4334 dissect_krb5_AP_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4336 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AP_REP_sequence, -1, -1);
4345 static guint32 KDC_REP_etype;
4347 dissect_krb5_KDC_REP_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4349 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
4351 proto_item_append_text(tree, " %s",
4352 val_to_str(KDC_REP_etype, krb5_encryption_types,
4358 #ifdef HAVE_KERBEROS
4360 dissect_krb5_decrypt_KDC_REP_data (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4362 guint8 *plaintext=NULL;
4366 next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
4368 length=tvb_length_remaining(tvb, offset);
4370 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4372 * ASREP/TGSREP encryptedparts are encrypted with usage
4378 plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, KDC_REP_etype, NULL);
4381 plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, KDC_REP_etype, NULL);
4384 plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, KDC_REP_etype, NULL);
4388 tvbuff_t *child_tvb;
4389 child_tvb = tvb_new_child_real_data(tvb, plaintext,
4392 tvb_set_free_cb(child_tvb, g_free);
4394 /* Add the decrypted data to the data source list. */
4395 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
4398 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4407 dissect_krb5_encrypted_KDC_REP_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4409 #ifdef HAVE_KERBEROS
4410 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, dissect_krb5_decrypt_KDC_REP_data);
4412 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, NULL);
4416 static ber_old_sequence_t encrypted_KDC_REP_sequence[] = {
4417 { BER_CLASS_CON, 0, 0,
4418 dissect_krb5_KDC_REP_etype },
4419 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4420 dissect_krb5_kvno },
4421 { BER_CLASS_CON, 2, 0,
4422 dissect_krb5_encrypted_KDC_REP_data },
4426 dissect_krb5_encrypted_KDC_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4428 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_KDC_REP_sequence, hf_krb_KDC_REP_enc, ett_krb_KDC_REP_enc);
4434 * KDC-REP ::= SEQUENCE {
4436 * msg-type[1] INTEGER,
4437 * padata[2] SEQUENCE OF PA-DATA OPTIONAL,
4439 * cname[4] PrincipalName,
4441 * enc-part[6] EncryptedData
4444 static ber_old_sequence_t KDC_REP_sequence[] = {
4445 { BER_CLASS_CON, 0, 0,
4446 dissect_krb5_pvno },
4447 { BER_CLASS_CON, 1, 0,
4448 dissect_krb5_msg_type },
4449 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
4450 dissect_krb5_padata },
4451 { BER_CLASS_CON, 3, 0,
4452 dissect_krb5_crealm },
4453 { BER_CLASS_CON, 4, 0,
4454 dissect_krb5_cname },
4455 { BER_CLASS_CON, 5, 0,
4456 dissect_krb5_Ticket },
4457 { BER_CLASS_CON, 6, 0,
4458 dissect_krb5_encrypted_KDC_REP },
4462 dissect_krb5_KDC_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4464 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KDC_REP_sequence, -1, -1);
4473 dissect_krb5_e_text(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4475 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_e_text, NULL, 0);
4480 dissect_krb5_e_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4482 switch(krb5_errorcode){
4483 case KRB5_ET_KRB5KDC_ERR_BADOPTION:
4484 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
4485 case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
4486 case KRB5_ET_KRB5KDC_ERR_POLICY:
4487 /* ms windows kdc sends e-data of this type containing a "salt"
4488 * that contains the nt_status code for these error codes.
4490 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_e_data, dissect_krb5_PA_DATA);
4492 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
4493 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
4494 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
4495 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_e_data, dissect_krb5_padata);
4499 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_e_data, NULL);
4505 /* This optional field in KRB_ERR is used by the early drafts which
4506 * PacketCable still use.
4509 dissect_krb5_e_checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4511 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Checksum_sequence, hf_krb_e_checksum, ett_krb_e_checksum);
4518 * KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
4520 * msg-type[1] INTEGER,
4521 * ctime[2] KerberosTime OPTIONAL,
4522 * cusec[3] INTEGER OPTIONAL,
4523 * stime[4] KerberosTime,
4525 * error-code[6] INTEGER,
4526 * crealm[7] Realm OPTIONAL,
4527 * cname[8] PrincipalName OPTIONAL,
4528 * realm[9] Realm, -- Correct realm
4529 * sname[10] PrincipalName, -- Correct name
4530 * e-text[11] GeneralString OPTIONAL,
4531 * e-data[12] OCTET STRING OPTIONAL
4534 * e-data This field contains additional data about the error for use
4535 * by the application to help it recover from or handle the
4536 * error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
4537 * the e-data field will contain an encoding of a sequence of
4538 * padata fields, each corresponding to an acceptable pre-
4539 * authentication method and optionally containing data for
4542 static ber_old_sequence_t ERROR_sequence[] = {
4543 { BER_CLASS_CON, 0, 0,
4544 dissect_krb5_pvno },
4545 { BER_CLASS_CON, 1, 0,
4546 dissect_krb5_msg_type },
4547 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
4548 dissect_krb5_ctime },
4549 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
4550 dissect_krb5_cusec },
4551 { BER_CLASS_CON, 4, 0,
4552 dissect_krb5_stime },
4553 { BER_CLASS_CON, 5, 0,
4554 dissect_krb5_susec },
4555 { BER_CLASS_CON, 6, 0,
4556 dissect_krb5_error_code },
4557 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
4558 dissect_krb5_crealm },
4559 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
4560 dissect_krb5_cname },
4561 { BER_CLASS_CON, 9, 0,
4562 dissect_krb5_realm },
4563 { BER_CLASS_CON, 10, 0,
4564 dissect_krb5_sname },
4565 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
4566 dissect_krb5_e_text },
4567 { BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL,
4568 dissect_krb5_e_data },
4569 { BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL,
4570 dissect_krb5_e_checksum }, /* used by PacketCable */
4574 dissect_krb5_ERROR(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4576 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, ERROR_sequence, -1, -1);
4583 static gint dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
4585 static void dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo,
4587 static gint dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo,
4588 proto_tree *tree, gboolean do_col_info,
4589 gboolean do_col_protocol,
4591 kerberos_callbacks *cb);
4592 static void dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo,
4597 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
4599 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, FALSE, cb));
4603 kerberos_output_keytype(void)
4609 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4611 /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
4612 Since all (except weirdo transarc krb4 stuff) use
4613 an opcode <=16 in the first byte, use this to see if it might
4615 All krb5 commands start with an APPL tag and thus is >=0x60
4616 so if first byte is <=16 just blindly assume it is krb4 then
4618 if(tvb_length(tvb) >= 1 && tvb_get_guint8(tvb, 0)<=0x10){
4622 res=call_dissector_only(krb4_handle, tvb, pinfo, tree);
4630 return dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, FALSE, NULL);
4634 kerberos_rm_to_reclen(guint krb_rm)
4636 return (krb_rm & KRB_RM_RECLEN);
4640 get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4645 krb_rm = tvb_get_ntohl(tvb, offset);
4646 pdulen = kerberos_rm_to_reclen(krb_rm);
4647 return (pdulen + 4);
4651 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4653 pinfo->fragmented = TRUE;
4654 if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, TRUE, NULL) < 0) {
4656 * The dissector failed to recognize this as a valid
4657 * Kerberos message. Mark it as a continuation packet.
4659 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
4664 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4666 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4667 col_clear(pinfo->cinfo, COL_INFO);
4669 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
4670 dissect_kerberos_tcp_pdu);
4674 * Display the TCP record mark.
4677 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
4680 proto_item *rm_item;
4681 proto_tree *rm_tree;
4686 rec_len = kerberos_rm_to_reclen(krb_rm);
4687 rm_item = proto_tree_add_text(tree, tvb, start, 4,
4688 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
4689 rm_tree = proto_item_add_subtree(rm_item, ett_krb_recordmark);
4690 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
4691 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
4696 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
4697 gboolean dci, gboolean do_col_protocol, gboolean have_rm,
4698 kerberos_callbacks *cb)
4700 volatile int offset = 0;
4701 proto_tree *volatile kerberos_tree = NULL;
4702 proto_item *volatile item = NULL;
4703 void *saved_private_data;
4704 asn1_ctx_t asn1_ctx;
4706 /* TCP record mark and length */
4708 gint krb_reclen = 0;
4710 saved_private_data=pinfo->private_data;
4711 pinfo->private_data=cb;
4712 gbl_do_col_info=dci;
4715 krb_rm = tvb_get_ntohl(tvb, offset);
4716 krb_reclen = kerberos_rm_to_reclen(krb_rm);
4718 * What is a reasonable size limit?
4720 if (krb_reclen > 10 * 1024 * 1024) {
4721 pinfo->private_data=saved_private_data;
4724 if (do_col_protocol) {
4725 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4728 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
4729 kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
4731 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
4734 /* Do some sanity checking here,
4735 * All krb5 packets start with a TAG class that is BER_CLASS_APP
4736 * and a tag value that is either of the values below:
4737 * If it doesnt look like kerberos, return 0 and let someone else have
4744 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
4745 if(tmp_class!=BER_CLASS_APP){
4746 pinfo->private_data=saved_private_data;
4750 case KRB5_MSG_TICKET:
4751 case KRB5_MSG_AUTHENTICATOR:
4752 case KRB5_MSG_ENC_TICKET_PART:
4753 case KRB5_MSG_AS_REQ:
4754 case KRB5_MSG_AS_REP:
4755 case KRB5_MSG_TGS_REQ:
4756 case KRB5_MSG_TGS_REP:
4757 case KRB5_MSG_AP_REQ:
4758 case KRB5_MSG_AP_REP:
4759 case KRB5_MSG_ENC_AS_REP_PART:
4760 case KRB5_MSG_ENC_TGS_REP_PART:
4761 case KRB5_MSG_ENC_AP_REP_PART:
4762 case KRB5_MSG_ENC_KRB_PRIV_PART:
4763 case KRB5_MSG_ENC_KRB_CRED_PART:
4766 case KRB5_MSG_ERROR:
4769 pinfo->private_data=saved_private_data;
4772 if (do_col_protocol) {
4773 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4775 if (gbl_do_col_info) {
4776 col_clear(pinfo->cinfo, COL_INFO);
4779 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
4780 kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
4783 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
4786 offset=dissect_ber_old_choice(&asn1_ctx, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
4788 pinfo->private_data=saved_private_data;
4792 proto_item_set_len(item, offset);
4793 pinfo->private_data=saved_private_data;
4798 kerberos_prefs_apply_cb(void) {
4799 #ifdef HAVE_LIBNETTLE
4801 read_keytab_file(keytab_filename);
4806 proto_register_kerberos(void)
4808 static hf_register_info hf[] = {
4809 { &hf_krb_rm_reserved, {
4810 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
4811 TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
4812 { &hf_krb_rm_reclen, {
4813 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
4814 NULL, KRB_RM_RECLEN, NULL, HFILL }},
4815 { &hf_krb_transitedtype, {
4816 "Type", "kerberos.transited.type", FT_UINT32, BASE_DEC,
4817 VALS(krb5_transited_types), 0, "Transited Type", HFILL }},
4818 { &hf_krb_transitedcontents, {
4819 "Contents", "kerberos.transited.contents", FT_BYTES, BASE_NONE,
4820 NULL, 0, "Transited Contents string", HFILL }},
4821 { &hf_krb_keytype, {
4822 "Key type", "kerberos.keytype", FT_UINT32, BASE_DEC,
4823 VALS(krb5_encryption_types), 0, NULL, HFILL }},
4824 { &hf_krb_keyvalue, {
4825 "Key value", "kerberos.keyvalue", FT_BYTES, BASE_NONE,
4826 NULL, 0, "Key value (encryption key)", HFILL }},
4828 "Type", "kerberos.adtype", FT_UINT32, BASE_DEC,
4829 VALS(krb5_ad_types), 0, "Authorization Data Type", HFILL }},
4830 { &hf_krb_IF_RELEVANT_type, {
4831 "Type", "kerberos.IF_RELEVANT.type", FT_UINT32, BASE_DEC,
4832 VALS(krb5_ad_types), 0, "IF-RELEVANT Data Type", HFILL }},
4833 { &hf_krb_advalue, {
4834 "Data", "kerberos.advalue", FT_BYTES, BASE_NONE,
4835 NULL, 0, "Authentication Data", HFILL }},
4836 { &hf_krb_IF_RELEVANT_value, {
4837 "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_NONE,
4838 NULL, 0, "IF_RELEVANT Data", HFILL }},
4840 "Encryption type", "kerberos.etype", FT_INT32, BASE_DEC,
4841 VALS(krb5_encryption_types), 0, NULL, HFILL }},
4842 { &hf_krb_addr_type, {
4843 "Addr-type", "kerberos.addr_type", FT_UINT32, BASE_DEC,
4844 VALS(krb5_address_types), 0, "Address Type", HFILL }},
4845 { &hf_krb_pac_signature_type, {
4846 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
4847 NULL, 0, "PAC Signature Type", HFILL }},
4848 { &hf_krb_name_type, {
4849 "Name-type", "kerberos.name_type", FT_INT32, BASE_DEC,
4850 VALS(krb5_princ_types), 0, "Type of principal name", HFILL }},
4851 { &hf_krb_lr_type, {
4852 "Lr-type", "kerberos.lr_type", FT_UINT32, BASE_DEC,
4853 VALS(krb5_lr_types), 0, "Type of lastreq value", HFILL }},
4854 { &hf_krb_address_ip, {
4855 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
4856 NULL, 0, NULL, HFILL }},
4857 { &hf_krb_address_ipv6, {
4858 "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
4859 NULL, 0, NULL, HFILL }},
4860 { &hf_krb_address_netbios, {
4861 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
4862 NULL, 0, "NetBIOS Address and type", HFILL }},
4863 { &hf_krb_authtime, {
4864 "Authtime", "kerberos.authtime", FT_STRING, BASE_NONE,
4865 NULL, 0, "Time of initial authentication", HFILL }},
4866 { &hf_krb_SAFE_BODY_timestamp, {
4867 "Timestamp", "kerberos.SAFE_BODY.timestamp", FT_STRING, BASE_NONE,
4868 NULL, 0, "Timestamp of this SAFE_BODY", HFILL }},
4869 { &hf_krb_patimestamp, {
4870 "patimestamp", "kerberos.patimestamp", FT_STRING, BASE_NONE,
4871 NULL, 0, "Time of client", HFILL }},
4873 "pausec", "kerberos.pausec", FT_UINT32, BASE_DEC,
4874 NULL, 0, "Microsecond component of client time", HFILL }},
4875 { &hf_krb_lr_time, {
4876 "Lr-time", "kerberos.lr_time", FT_STRING, BASE_NONE,
4877 NULL, 0, "Time of LR-entry", HFILL }},
4878 { &hf_krb_starttime, {
4879 "Start time", "kerberos.starttime", FT_STRING, BASE_NONE,
4880 NULL, 0, "The time after which the ticket is valid", HFILL }},
4881 { &hf_krb_endtime, {
4882 "End time", "kerberos.endtime", FT_STRING, BASE_NONE,
4883 NULL, 0, "The time after which the ticket has expired", HFILL }},
4884 { &hf_krb_key_expire, {
4885 "Key Expiration", "kerberos.key_expiration", FT_STRING, BASE_NONE,
4886 NULL, 0, "The time after which the key will expire", HFILL }},
4887 { &hf_krb_renew_till, {
4888 "Renew-till", "kerberos.renenw_till", FT_STRING, BASE_NONE,
4889 NULL, 0, "The maximum time we can renew the ticket until", HFILL }},
4891 "rtime", "kerberos.rtime", FT_STRING, BASE_NONE,
4892 NULL, 0, "Renew Until timestamp", HFILL }},
4894 "ctime", "kerberos.ctime", FT_STRING, BASE_NONE,
4895 NULL, 0, "Current Time on the client host", HFILL }},
4897 "cusec", "kerberos.cusec", FT_UINT32, BASE_DEC,
4898 NULL, 0, "micro second component of client time", HFILL }},
4899 { &hf_krb_SAFE_BODY_usec, {
4900 "usec", "kerberos.SAFE_BODY.usec", FT_UINT32, BASE_DEC,
4901 NULL, 0, "micro second component of SAFE_BODY time", HFILL }},
4903 "stime", "kerberos.stime", FT_STRING, BASE_NONE,
4904 NULL, 0, "Current Time on the server host", HFILL }},
4906 "susec", "kerberos.susec", FT_UINT32, BASE_DEC,
4907 NULL, 0, "micro second component of server time", HFILL }},
4908 { &hf_krb_error_code, {
4909 "error_code", "kerberos.error_code", FT_UINT32, BASE_DEC,
4910 VALS(krb5_error_codes), 0, "Kerberos error code", HFILL }},
4912 "from", "kerberos.from", FT_STRING, BASE_NONE,
4913 NULL, 0, "From when the ticket is to be valid (postdating)", HFILL }},
4915 "till", "kerberos.till", FT_STRING, BASE_NONE,
4916 NULL, 0, "When the ticket will expire", HFILL }},
4917 { &hf_krb_name_string, {
4918 "Name", "kerberos.name_string", FT_STRING, BASE_NONE,
4919 NULL, 0, "String component that is part of a PrincipalName", HFILL }},
4920 { &hf_krb_provsrv_location, {
4921 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
4922 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
4924 "e-text", "kerberos.e_text", FT_STRING, BASE_NONE,
4925 NULL, 0, "Additional (human readable) error description", HFILL }},
4926 { &hf_krb_s4u2self_auth, {
4927 "S4U2Self Auth", "kerberos.s4u2self.auth", FT_STRING, BASE_NONE,
4928 NULL, 0, "S4U2Self authentication string", HFILL }},
4930 "Realm", "kerberos.realm", FT_STRING, BASE_NONE,
4931 NULL, 0, "Name of the Kerberos Realm", HFILL }},
4933 "SRealm", "kerberos.srealm", FT_STRING, BASE_NONE,
4934 NULL, 0, "Name of the Kerberos SRealm", HFILL }},
4936 "Delegated Principal Realm", "kerberos.prealm", FT_STRING, BASE_NONE,
4937 NULL, 0, "Name of the Kerberos PRealm", HFILL }},
4939 "Client Realm", "kerberos.crealm", FT_STRING, BASE_NONE,
4940 NULL, 0, "Name of the Clients Kerberos Realm", HFILL }},
4941 { &hf_krb_pac_clientname, {
4942 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
4943 NULL, 0, "Name of the Client in the PAC structure", HFILL }},
4944 { &hf_krb_msg_type, {
4945 "MSG Type", "kerberos.msg.type", FT_UINT32, BASE_DEC,
4946 VALS(krb5_msg_types), 0, "Kerberos Message Type", HFILL }},
4947 { &hf_krb_APOptions, {
4948 "APOptions", "kerberos.apoptions", FT_BYTES, BASE_NONE,
4949 NULL, 0, "Kerberos APOptions bitstring", HFILL }},
4950 { &hf_krb_APOptions_reserved, {
4951 "reserved", "kerberos.apoptions.reserved", FT_BOOLEAN, 32,
4952 TFS(&krb5_apoptions_reserved), 0x80000000, NULL, HFILL }},
4953 { &hf_krb_APOptions_use_session_key, {
4954 "Use Session Key", "kerberos.apoptions.use_session_key", FT_BOOLEAN, 32,
4955 TFS(&krb5_apoptions_use_session_key), 0x40000000, NULL, HFILL }},
4956 { &hf_krb_APOptions_mutual_required, {
4957 "Mutual required", "kerberos.apoptions.mutual_required", FT_BOOLEAN, 32,
4958 TFS(&krb5_apoptions_mutual_required), 0x20000000, NULL, HFILL }},
4959 { &hf_krb_KDCOptions, {
4960 "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_NONE,
4961 NULL, 0, "Kerberos KDCOptions bitstring", HFILL }},
4962 { &hf_krb_TicketFlags, {
4963 "Ticket Flags", "kerberos.ticketflags", FT_NONE, BASE_NONE,
4964 NULL, 0, "Kerberos Ticket Flags", HFILL }},
4965 { &hf_krb_TicketFlags_forwardable, {
4966 "Forwardable", "kerberos.ticketflags.forwardable", FT_BOOLEAN, 32,
4967 TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickets are forwardable or not", HFILL }},
4968 { &hf_krb_TicketFlags_forwarded, {
4969 "Forwarded", "kerberos.ticketflags.forwarded", FT_BOOLEAN, 32,
4970 TFS(&krb5_ticketflags_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
4971 { &hf_krb_TicketFlags_proxiable, {
4972 "Proxiable", "kerberos.ticketflags.proxiable", FT_BOOLEAN, 32,
4973 TFS(&krb5_ticketflags_proxiable), 0x10000000, "Flag controlling whether the tickets are proxiable or not", HFILL }},
4974 { &hf_krb_TicketFlags_proxy, {
4975 "Proxy", "kerberos.ticketflags.proxy", FT_BOOLEAN, 32,
4976 TFS(&krb5_ticketflags_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
4977 { &hf_krb_TicketFlags_allow_postdate, {
4978 "Allow Postdate", "kerberos.ticketflags.allow_postdate", FT_BOOLEAN, 32,
4979 TFS(&krb5_ticketflags_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
4980 { &hf_krb_TicketFlags_postdated, {
4981 "Postdated", "kerberos.ticketflags.postdated", FT_BOOLEAN, 32,
4982 TFS(&krb5_ticketflags_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
4983 { &hf_krb_TicketFlags_invalid, {
4984 "Invalid", "kerberos.ticketflags.invalid", FT_BOOLEAN, 32,
4985 TFS(&krb5_ticketflags_invalid), 0x01000000, "Whether this ticket is invalid or not", HFILL }},
4986 { &hf_krb_TicketFlags_renewable, {
4987 "Renewable", "kerberos.ticketflags.renewable", FT_BOOLEAN, 32,
4988 TFS(&krb5_ticketflags_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
4989 { &hf_krb_TicketFlags_initial, {
4990 "Initial", "kerberos.ticketflags.initial", FT_BOOLEAN, 32,
4991 TFS(&krb5_ticketflags_initial), 0x00400000, "Whether this ticket is an initial ticket or not", HFILL }},
4992 { &hf_krb_TicketFlags_pre_auth, {
4993 "Pre-Auth", "kerberos.ticketflags.pre_auth", FT_BOOLEAN, 32,
4994 TFS(&krb5_ticketflags_pre_auth), 0x00200000, "Whether this ticket is pre-authenticated or not", HFILL }},
4995 { &hf_krb_TicketFlags_hw_auth, {
4996 "HW-Auth", "kerberos.ticketflags.hw_auth", FT_BOOLEAN, 32,
4997 TFS(&krb5_ticketflags_hw_auth), 0x00100000, "Whether this ticket is hardware-authenticated or not", HFILL }},
4998 { &hf_krb_TicketFlags_transited_policy_checked, {
4999 "Transited Policy Checked", "kerberos.ticketflags.transited_policy_checked", FT_BOOLEAN, 32,
5000 TFS(&krb5_ticketflags_transited_policy_checked), 0x00080000, "Whether this ticket is transited policy checked or not", HFILL }},
5001 { &hf_krb_TicketFlags_ok_as_delegate, {
5002 "Ok As Delegate", "kerberos.ticketflags.ok_as_delegate", FT_BOOLEAN, 32,
5003 TFS(&krb5_ticketflags_ok_as_delegate), 0x00040000, "Whether this ticket is Ok As Delegate or not", HFILL }},
5004 { &hf_krb_KDC_REQ_BODY, {
5005 "KDC_REQ_BODY", "kerberos.kdc_req_body", FT_NONE, BASE_NONE,
5006 NULL, 0, "Kerberos KDC REQuest BODY", HFILL }},
5007 { &hf_krb_PRIV_BODY, {
5008 "PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE,
5009 NULL, 0, "Kerberos PRIVate BODY", HFILL }},
5010 { &hf_krb_CRED_BODY, {
5011 "CRED_BODY", "kerberos.cred_body", FT_NONE, BASE_NONE,
5012 NULL, 0, "Kerberos CREDential BODY", HFILL }},
5013 { &hf_krb_encrypted_PRIV, {
5014 "Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE,
5015 NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
5016 { &hf_krb_KDCOptions_forwardable, {
5017 "Forwardable", "kerberos.kdcoptions.forwardable", FT_BOOLEAN, 32,
5018 TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickets are forwardable or not", HFILL }},
5019 { &hf_krb_KDCOptions_forwarded, {
5020 "Forwarded", "kerberos.kdcoptions.forwarded", FT_BOOLEAN, 32,
5021 TFS(&krb5_kdcoptions_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
5022 { &hf_krb_KDCOptions_proxiable, {
5023 "Proxiable", "kerberos.kdcoptions.proxiable", FT_BOOLEAN, 32,
5024 TFS(&krb5_kdcoptions_proxiable), 0x10000000, "Flag controlling whether the tickets are proxiable or not", HFILL }},
5025 { &hf_krb_KDCOptions_proxy, {
5026 "Proxy", "kerberos.kdcoptions.proxy", FT_BOOLEAN, 32,
5027 TFS(&krb5_kdcoptions_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
5028 { &hf_krb_KDCOptions_allow_postdate, {
5029 "Allow Postdate", "kerberos.kdcoptions.allow_postdate", FT_BOOLEAN, 32,
5030 TFS(&krb5_kdcoptions_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
5031 { &hf_krb_KDCOptions_postdated, {
5032 "Postdated", "kerberos.kdcoptions.postdated", FT_BOOLEAN, 32,
5033 TFS(&krb5_kdcoptions_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
5034 { &hf_krb_KDCOptions_renewable, {
5035 "Renewable", "kerberos.kdcoptions.renewable", FT_BOOLEAN, 32,
5036 TFS(&krb5_kdcoptions_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
5037 { &hf_krb_KDCOptions_constrained_delegation, {
5038 "Constrained Delegation", "kerberos.kdcoptions.constrained_delegation", FT_BOOLEAN, 32,
5039 TFS(&krb5_kdcoptions_constrained_delegation), 0x00020000, "Do we want a PAC containing constrained delegation info or not", HFILL }},
5040 { &hf_krb_KDCOptions_canonicalize, {
5041 "Canonicalize", "kerberos.kdcoptions.canonicalize", FT_BOOLEAN, 32,
5042 TFS(&krb5_kdcoptions_canonicalize), 0x00010000, "Do we want the KDC to canonicalize the principal or not", HFILL }},
5043 { &hf_krb_KDCOptions_opt_hardware_auth, {
5044 "Opt HW Auth", "kerberos.kdcoptions.opt_hardware_auth", FT_BOOLEAN, 32,
5045 NULL, 0x00100000, "Opt HW Auth flag", HFILL }},
5046 { &hf_krb_KDCOptions_disable_transited_check, {
5047 "Disable Transited Check", "kerberos.kdcoptions.disable_transited_check", FT_BOOLEAN, 32,
5048 TFS(&krb5_kdcoptions_disable_transited_check), 0x00000020, "Whether we should do transited checking or not", HFILL }},
5049 { &hf_krb_KDCOptions_renewable_ok, {
5050 "Renewable OK", "kerberos.kdcoptions.renewable_ok", FT_BOOLEAN, 32,
5051 TFS(&krb5_kdcoptions_renewable_ok), 0x00000010, "Whether we accept renewed tickets or not", HFILL }},
5052 { &hf_krb_KDCOptions_enc_tkt_in_skey, {
5053 "Enc-Tkt-in-Skey", "kerberos.kdcoptions.enc_tkt_in_skey", FT_BOOLEAN, 32,
5054 TFS(&krb5_kdcoptions_enc_tkt_in_skey), 0x00000008, "Whether the ticket is encrypted in the skey or not", HFILL }},
5055 { &hf_krb_KDCOptions_renew, {
5056 "Renew", "kerberos.kdcoptions.renew", FT_BOOLEAN, 32,
5057 TFS(&krb5_kdcoptions_renew), 0x00000002, "Is this a request to renew a ticket?", HFILL }},
5058 { &hf_krb_KDCOptions_validate, {
5059 "Validate", "kerberos.kdcoptions.validate", FT_BOOLEAN, 32,
5060 TFS(&krb5_kdcoptions_validate), 0x00000001, "Is this a request to validate a postdated ticket?", HFILL }},
5062 "Pvno", "kerberos.pvno", FT_UINT32, BASE_DEC,
5063 NULL, 0, "Kerberos Protocol Version Number", HFILL }},
5065 "Kvno", "kerberos.kvno", FT_UINT32, BASE_DEC,
5066 NULL, 0, "Version Number for the encryption Key", HFILL }},
5067 { &hf_krb_checksum_type, {
5068 "Type", "kerberos.checksum.type", FT_UINT32, BASE_DEC,
5069 VALS(krb5_checksum_types), 0, "Type of checksum", HFILL }},
5070 { &hf_krb_authenticator_vno, {
5071 "Authenticator vno", "kerberos.authenticator_vno", FT_UINT32, BASE_DEC,
5072 NULL, 0, "Version Number for the Authenticator", HFILL }},
5073 { &hf_krb_encrypted_authenticator_data, {
5074 "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_NONE,
5075 NULL, 0, "Data content of an encrypted authenticator", HFILL }},
5076 { &hf_krb_encrypted_EncKrbCredPart, {
5077 "enc EncKrbCredPart", "kerberos.EncKrbCredPart.encrypted", FT_BYTES, BASE_NONE,
5078 NULL, 0, "Encrypted EncKrbCredPart blob", HFILL }},
5079 { &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
5080 "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_NONE,
5081 NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
5082 { &hf_krb_encrypted_enc_authorization_data, {
5083 "enc-authorization-data", "kerberos.enc_authorization_data.encrypted", FT_BYTES, BASE_NONE,
5084 NULL, 0, NULL, HFILL }},
5085 { &hf_krb_PAC_LOGON_INFO, {
5086 "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_NONE,
5087 NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
5088 { &hf_krb_PAC_CREDENTIAL_TYPE, {
5089 "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_NONE,
5090 NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
5091 { &hf_krb_PAC_SERVER_CHECKSUM, {
5092 "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_NONE,
5093 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
5094 { &hf_krb_PAC_PRIVSVR_CHECKSUM, {
5095 "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_NONE,
5096 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
5097 { &hf_krb_PAC_CLIENT_INFO_TYPE, {
5098 "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_NONE,
5099 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
5100 { &hf_krb_PAC_S4U_DELEGATION_INFO, {
5101 "PAC_S4U_DELEGATION_INFO", "kerberos.PAC_S4U_DELEGATION_INFO", FT_BYTES, BASE_NONE,
5102 NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }},
5103 { &hf_krb_PAC_UPN_DNS_INFO, {
5104 "UPN_DNS_INFO", "kerberos.PAC_UPN_DNS_INFO", FT_BYTES, BASE_NONE,
5105 NULL, 0, "UPN_DNS_INFO structure", HFILL }},
5106 { &hf_krb_checksum_checksum, {
5107 "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_NONE,
5108 NULL, 0, "Kerberos Checksum", HFILL }},
5109 { &hf_krb_ENC_PRIV, {
5110 "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_NONE,
5111 NULL, 0, "Encrypted PRIV blob", HFILL }},
5112 { &hf_krb_encrypted_Ticket_data, {
5113 "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_NONE,
5114 NULL, 0, "The encrypted part of a ticket", HFILL }},
5115 { &hf_krb_encrypted_AP_REP_data, {
5116 "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_NONE,
5117 NULL, 0, "The encrypted part of AP-REP", HFILL }},
5118 { &hf_krb_encrypted_KDC_REP_data, {
5119 "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_NONE,
5120 NULL, 0, "The encrypted part of KDC-REP", HFILL }},
5121 { &hf_krb_PA_DATA_value, {
5122 "Value", "kerberos.padata.value", FT_BYTES, BASE_NONE,
5123 NULL, 0, "Content of the PADATA blob", HFILL }},
5124 { &hf_krb_etype_info_salt, {
5125 "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_NONE,
5126 NULL, 0, NULL, HFILL }},
5127 { &hf_krb_etype_info2_salt, {
5128 "Salt", "kerberos.etype_info2.salt", FT_BYTES, BASE_NONE,
5129 NULL, 0, NULL, HFILL }},
5130 { &hf_krb_etype_info2_s2kparams, {
5131 "Salt", "kerberos.etype_info.s2kparams", FT_BYTES, BASE_NONE,
5132 NULL, 0, "S2kparams", HFILL }},
5133 { &hf_krb_SAFE_BODY_user_data, {
5134 "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_NONE,
5135 NULL, 0, "SAFE BODY userdata field", HFILL }},
5136 { &hf_krb_PRIV_BODY_user_data, {
5137 "User Data", "kerberos.PRIV_BODY.user_data", FT_BYTES, BASE_NONE,
5138 NULL, 0, "PRIV BODY userdata field", HFILL }},
5139 { &hf_krb_pac_signature_signature, {
5140 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
5141 NULL, 0, "A PAC signature blob", HFILL }},
5142 { &hf_krb_PA_DATA_type, {
5143 "Type", "kerberos.padata.type", FT_INT32, BASE_DEC,
5144 VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
5146 "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
5147 NULL, 0, "Kerberos Nonce random number", HFILL }},
5148 { &hf_krb_tkt_vno, {
5149 "Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
5150 NULL, 0, "Version number for the Ticket format", HFILL }},
5151 { &hf_krb_KrbCredInfo, {
5152 "KrbCredInfo", "kerberos.KrbCredInfo", FT_NONE, BASE_NONE,
5153 NULL, 0, "This is a Kerberos KrbCredInfo", HFILL }},
5154 { &hf_krb_HostAddress, {
5155 "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_NONE,
5156 NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
5157 { &hf_krb_s_address, {
5158 "S-Address", "kerberos.s_address", FT_NONE, BASE_NONE,
5159 NULL, 0, "This is the Senders address", HFILL }},
5160 { &hf_krb_r_address, {
5161 "R-Address", "kerberos.r_address", FT_NONE, BASE_NONE,
5162 NULL, 0, "This is the Recipient address", HFILL }},
5164 "key", "kerberos.key", FT_NONE, BASE_NONE,
5165 NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
5167 "Subkey", "kerberos.subkey", FT_NONE, BASE_NONE,
5168 NULL, 0, "This is a Kerberos subkey", HFILL }},
5169 { &hf_krb_seq_number, {
5170 "Seq Number", "kerberos.seq_number", FT_UINT32, BASE_DEC,
5171 NULL, 0, "This is a Kerberos sequence number", HFILL }},
5172 { &hf_krb_AuthorizationData, {
5173 "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_NONE,
5174 NULL, 0, "This is a Kerberos AuthorizationData sequence", HFILL }},
5175 { &hf_krb_EncTicketPart, {
5176 "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_NONE,
5177 NULL, 0, "This is a decrypted Kerberos EncTicketPart sequence", HFILL }},
5178 { &hf_krb_EncAPRepPart, {
5179 "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_NONE,
5180 NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
5181 { &hf_krb_EncKrbPrivPart, {
5182 "EncKrbPrivPart", "kerberos.EncKrbPrivPart", FT_NONE, BASE_NONE,
5183 NULL, 0, "This is a decrypted Kerberos EncKrbPrivPart sequence", HFILL }},
5184 { &hf_krb_EncKrbCredPart, {
5185 "EncKrbCredPart", "kerberos.EncKrbCredPart", FT_NONE, BASE_NONE,
5186 NULL, 0, "This is a decrypted Kerberos EncKrbCredPart sequence", HFILL }},
5187 { &hf_krb_EncKDCRepPart, {
5188 "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_NONE,
5189 NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
5190 { &hf_krb_LastReq, {
5191 "LastReq", "kerberos.LastReq", FT_NONE, BASE_NONE,
5192 NULL, 0, "This is a LastReq sequence", HFILL }},
5193 { &hf_krb_Authenticator, {
5194 "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_NONE,
5195 NULL, 0, "This is a decrypted Kerberos Authenticator sequence", HFILL }},
5196 { &hf_krb_Checksum, {
5197 "Checksum", "kerberos.Checksum", FT_NONE, BASE_NONE,
5198 NULL, 0, "This is a Kerberos Checksum sequence", HFILL }},
5199 { &hf_krb_HostAddresses, {
5200 "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_NONE,
5201 NULL, 0, "This is a list of Kerberos HostAddress sequences", HFILL }},
5202 { &hf_krb_IF_RELEVANT, {
5203 "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_NONE,
5204 NULL, 0, "This is a list of IF-RELEVANT sequences", HFILL }},
5206 "Encryption Types", "kerberos.etypes", FT_NONE, BASE_NONE,
5207 NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
5208 { &hf_krb_KrbCredInfos, {
5209 "Sequence of KrbCredInfo", "kerberos.KrbCredInfos", FT_NONE, BASE_NONE,
5210 NULL, 0, "This is a list of KrbCredInfo", HFILL }},
5211 { &hf_krb_sq_tickets, {
5212 "Tickets", "kerberos.sq.tickets", FT_NONE, BASE_NONE,
5213 NULL, 0, "This is a list of Kerberos Tickets", HFILL }},
5214 { &hf_krb_LastReqs, {
5215 "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_NONE,
5216 NULL, 0, "This is a list of LastReq structures", HFILL }},
5218 "Server Name", "kerberos.sname", FT_NONE, BASE_NONE,
5219 NULL, 0, "This is the name part server's identity", HFILL }},
5221 "Delegated Principal Name", "kerberos.pname", FT_NONE, BASE_NONE,
5222 NULL, 0, "Identity of the delegated principal", HFILL }},
5224 "Client Name", "kerberos.cname", FT_NONE, BASE_NONE,
5225 NULL, 0, "The name part of the client principal identifier", HFILL }},
5226 { &hf_krb_authenticator_enc, {
5227 "Authenticator", "kerberos.authenticator", FT_NONE, BASE_NONE,
5228 NULL, 0, "Encrypted authenticator blob", HFILL }},
5229 { &hf_krb_CRED_enc, {
5230 "EncKrbCredPart", "kerberos.encrypted_cred", FT_NONE, BASE_NONE,
5231 NULL, 0, "Encrypted Cred blob", HFILL }},
5232 { &hf_krb_ticket_enc, {
5233 "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_NONE,
5234 NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
5235 { &hf_krb_AP_REP_enc, {
5236 "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_NONE,
5237 NULL, 0, "The structure holding the encrypted part of AP-REP", HFILL }},
5238 { &hf_krb_KDC_REP_enc, {
5239 "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_NONE,
5240 NULL, 0, "The structure holding the encrypted part of KDC-REP", HFILL }},
5242 "e-data", "kerberos.e_data", FT_NONE, BASE_NONE,
5243 NULL, 0, "The e-data blob", HFILL }},
5245 "padata", "kerberos.padata", FT_NONE, BASE_NONE,
5246 NULL, 0, "Sequence of preauthentication data", HFILL }},
5248 "Ticket", "kerberos.ticket", FT_NONE, BASE_NONE,
5249 NULL, 0, "This is a Kerberos Ticket", HFILL }},
5250 { &hf_krb_TransitedEncoding, {
5251 "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_NONE,
5252 NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
5253 { &hf_krb_PA_PAC_REQUEST_flag, {
5254 "PAC Request", "kerberos.pac_request.flag", FT_BOOLEAN, 32,
5255 NULL, 0, "This is a MS PAC Request Flag", HFILL }},
5256 { &hf_krb_w2k_pac_entries, {
5257 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
5258 NULL, 0, "Number of W2k PAC entries", HFILL }},
5259 { &hf_krb_w2k_pac_version, {
5260 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
5261 NULL, 0, "Version of PAC structures", HFILL }},
5262 { &hf_krb_w2k_pac_type, {
5263 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
5264 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
5265 { &hf_krb_w2k_pac_size, {
5266 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
5267 NULL, 0, "Size of W2k PAC entry", HFILL }},
5268 { &hf_krb_w2k_pac_offset, {
5269 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
5270 NULL, 0, "Offset to W2k PAC entry", HFILL }},
5271 { &hf_krb_pac_clientid, {
5272 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
5273 NULL, 0, "ClientID Timestamp", HFILL }},
5274 { &hf_krb_pac_namelen, {
5275 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
5276 NULL, 0, "Length of client name", HFILL }},
5277 { &hf_krb_pac_upn_flags, {
5278 "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX,
5279 NULL, 0, "UPN flags", HFILL }},
5280 { &hf_krb_pac_upn_dns_offset, {
5281 "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC,
5282 NULL, 0, NULL, HFILL }},
5283 { &hf_krb_pac_upn_dns_len, {
5284 "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC,
5285 NULL, 0, NULL, HFILL }},
5286 { &hf_krb_pac_upn_upn_offset, {
5287 "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC,
5288 NULL, 0, NULL, HFILL }},
5289 { &hf_krb_pac_upn_upn_len, {
5290 "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC,
5291 NULL, 0, NULL, HFILL }},
5292 { &hf_krb_pac_upn_upn_name, {
5293 "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE,
5294 NULL, 0, NULL, HFILL }},
5295 { &hf_krb_pac_upn_dns_name, {
5296 "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
5297 NULL, 0, NULL, HFILL }},
5298 { &hf_krb_e_checksum, {
5299 "e-checksum", "kerberos.e_checksum", FT_NONE, BASE_NONE,
5300 NULL, 0, "This is a Kerberos e-checksum", HFILL }},
5301 { &hf_krb_gssapi_len, {
5302 "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
5303 NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
5304 { &hf_krb_gssapi_bnd, {
5305 "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE,
5306 NULL, 0, "GSSAPI Bnd field", HFILL }},
5307 { &hf_krb_gssapi_c_flag_deleg, {
5308 "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
5309 TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }},
5310 { &hf_krb_gssapi_c_flag_mutual, {
5311 "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
5312 TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }},
5313 { &hf_krb_gssapi_c_flag_replay, {
5314 "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
5315 TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }},
5316 { &hf_krb_gssapi_c_flag_sequence, {
5317 "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
5318 TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }},
5319 { &hf_krb_gssapi_c_flag_conf, {
5320 "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
5321 TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }},
5322 { &hf_krb_gssapi_c_flag_integ, {
5323 "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
5324 TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }},
5325 { &hf_krb_gssapi_c_flag_dce_style, {
5326 "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
5327 TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }},
5328 { &hf_krb_gssapi_dlgopt, {
5329 "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
5330 NULL, 0, "GSSAPI DlgOpt", HFILL }},
5331 { &hf_krb_gssapi_dlglen, {
5332 "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
5333 NULL, 0, "GSSAPI DlgLen", HFILL }},
5334 { &hf_krb_smb_nt_status, {
5335 "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
5336 VALS(NT_errors), 0, "NT Status code", HFILL }},
5337 { &hf_krb_smb_unknown, {
5338 "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
5339 NULL, 0, NULL, HFILL }},
5340 { &hf_krb_midl_blob_len, {
5341 "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC,
5342 NULL, 0, "Length of NDR encoded data that follows", HFILL }},
5343 { &hf_krb_midl_fill_bytes, {
5344 "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX,
5345 NULL, 0, "Just some fill bytes", HFILL }},
5346 { &hf_krb_midl_version, {
5347 "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC,
5348 NULL, 0, "Version of pickling", HFILL }},
5349 { &hf_krb_midl_hdr_len, {
5350 "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC,
5351 NULL, 0, "Length of header", HFILL }},
5355 static gint *ett[] = {
5357 &ett_krb_KDC_REP_enc,
5361 &ett_krb_AP_REP_enc,
5364 &ett_krb_KrbCredInfos,
5365 &ett_krb_sq_tickets,
5367 &ett_krb_IF_RELEVANT,
5368 &ett_krb_PA_DATA_tree,
5371 &ett_krb_KrbCredInfo,
5372 &ett_krb_HostAddress,
5373 &ett_krb_HostAddresses,
5374 &ett_krb_authenticator_enc,
5376 &ett_krb_AP_Options,
5377 &ett_krb_KDC_Options,
5378 &ett_krb_Ticket_Flags,
5380 &ett_krb_recordmark,
5382 &ett_krb_ticket_enc,
5386 &ett_krb_EncTicketPart,
5387 &ett_krb_EncAPRepPart,
5388 &ett_krb_EncKrbPrivPart,
5389 &ett_krb_EncKrbCredPart,
5390 &ett_krb_EncKDCRepPart,
5392 &ett_krb_Authenticator,
5396 &ett_krb_AuthorizationData,
5397 &ett_krb_TransitedEncoding,
5399 &ett_krb_PAC_LOGON_INFO,
5400 &ett_krb_PAC_SERVER_CHECKSUM,
5401 &ett_krb_PAC_PRIVSVR_CHECKSUM,
5402 &ett_krb_PAC_CLIENT_INFO_TYPE,
5403 &ett_krb_PAC_S4U_DELEGATION_INFO,
5404 &ett_krb_e_checksum,
5405 &ett_krb_PAC_MIDL_BLOB,
5407 &ett_krb_PAC_UPN_DNS_INFO
5409 module_t *krb_module;
5411 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
5412 proto_register_field_array(proto_kerberos, hf, array_length(hf));
5413 proto_register_subtree_array(ett, array_length(ett));
5415 /* Register preferences */
5416 krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
5417 prefs_register_bool_preference(krb_module, "desegment",
5418 "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
5419 "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
5420 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5422 #ifdef HAVE_KERBEROS
5423 prefs_register_bool_preference(krb_module, "decrypt",
5424 "Try to decrypt Kerberos blobs",
5425 "Whether the dissector should try to decrypt "
5426 "encrypted Kerberos blobs. This requires that the proper "
5427 "keytab file is installed as well.",
5430 prefs_register_string_preference(krb_module, "file",
5431 "Kerberos keytab file",
5432 "The keytab file containing all the secrets",
5438 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
5439 proto_tree *tree, guint8 *drep _U_)
5443 auth_tvb = tvb_new_subset(
5444 tvb, offset, tvb_length_remaining(tvb, offset),
5445 tvb_reported_length_remaining(tvb, offset));
5447 dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
5449 return tvb_length_remaining(tvb, offset);
5453 static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = {
5454 wrap_dissect_gss_kerb, /* Bind */
5455 wrap_dissect_gss_kerb, /* Bind ACK */
5456 wrap_dissect_gss_kerb, /* AUTH3 */
5457 NULL, /* Request verifier */
5458 NULL, /* Response verifier */
5459 NULL, /* Request data */
5460 NULL /* Response data */
5463 static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = {
5464 wrap_dissect_gss_kerb, /* Bind */
5465 wrap_dissect_gss_kerb, /* Bind ACK */
5466 wrap_dissect_gss_kerb, /* AUTH3 */
5467 wrap_dissect_gssapi_verf, /* Request verifier */
5468 wrap_dissect_gssapi_verf, /* Response verifier */
5469 NULL, /* Request data */
5470 NULL /* Response data */
5473 static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = {
5474 wrap_dissect_gss_kerb, /* Bind */
5475 wrap_dissect_gss_kerb, /* Bind ACK */
5476 wrap_dissect_gss_kerb, /* AUTH3 */
5477 wrap_dissect_gssapi_verf, /* Request verifier */
5478 wrap_dissect_gssapi_verf, /* Response verifier */
5479 wrap_dissect_gssapi_payload, /* Request data */
5480 wrap_dissect_gssapi_payload /* Response data */
5485 proto_reg_handoff_kerberos(void)
5487 dissector_handle_t kerberos_handle_tcp;
5489 krb4_handle = find_dissector("krb4");
5491 kerberos_handle_udp = new_create_dissector_handle(dissect_kerberos_udp,
5493 kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp,
5495 dissector_add_uint("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
5496 dissector_add_uint("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
5498 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT,
5499 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5500 &gss_kerb_auth_connect_fns);
5502 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
5503 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5504 &gss_kerb_auth_sign_fns);
5506 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
5507 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5508 &gss_kerb_auth_seal_fns);
5514 MISC definitions from RFC1510:
5516 Realm ::= GeneralString
5518 KerberosTime ::= GeneralizedTime
5520 AuthorizationData ::= SEQUENCE OF SEQUENCE {
5522 ad-data[1] OCTET STRING
5524 APOptions ::= BIT STRING {
5531 TicketFlags ::= BIT STRING {
5546 KDCOptions ::= BIT STRING {
5560 enc-tkt-in-skey(28),
5566 LastReq ::= SEQUENCE OF SEQUENCE {
5568 lr-value[1] KerberosTime
5571 Ticket ::= [APPLICATION 1] SEQUENCE {
5574 sname[2] PrincipalName,
5575 enc-part[3] EncryptedData
5578 -- Encrypted part of ticket
5579 EncTicketPart ::= [APPLICATION 3] SEQUENCE {
5580 flags[0] TicketFlags,
5581 key[1] EncryptionKey,
5583 cname[3] PrincipalName,
5584 transited[4] TransitedEncoding,
5585 authtime[5] KerberosTime,
5586 starttime[6] KerberosTime OPTIONAL,
5587 endtime[7] KerberosTime,
5588 renew-till[8] KerberosTime OPTIONAL,
5589 caddr[9] HostAddresses OPTIONAL,
5590 authorization-data[10] AuthorizationData OPTIONAL
5593 -- encoded Transited field
5594 TransitedEncoding ::= SEQUENCE {
5595 tr-type[0] INTEGER, -- must be registered
5596 contents[1] OCTET STRING
5599 -- Unencrypted authenticator
5600 Authenticator ::= [APPLICATION 2] SEQUENCE {
5601 authenticator-vno[0] INTEGER,
5603 cname[2] PrincipalName,
5604 cksum[3] Checksum OPTIONAL,
5606 ctime[5] KerberosTime,
5607 subkey[6] EncryptionKey OPTIONAL,
5608 seq-number[7] INTEGER OPTIONAL,
5609 authorization-data[8] AuthorizationData OPTIONAL
5612 PA-DATA ::= SEQUENCE {
5613 padata-type[1] INTEGER,
5614 padata-value[2] OCTET STRING,
5615 -- might be encoded AP-REQ
5618 padata-type ::= PA-ENC-TIMESTAMP
5619 padata-value ::= EncryptedData -- PA-ENC-TS-ENC
5621 PA-ENC-TS-ENC ::= SEQUENCE {
5622 patimestamp[0] KerberosTime, -- client's time
5623 pausec[1] INTEGER OPTIONAL
5626 EncASRepPart ::= [APPLICATION 25[25]] EncKDCRepPart
5627 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
5629 EncKDCRepPart ::= SEQUENCE {
5630 key[0] EncryptionKey,
5631 last-req[1] LastReq,
5633 key-expiration[3] KerberosTime OPTIONAL,
5634 flags[4] TicketFlags,
5635 authtime[5] KerberosTime,
5636 starttime[6] KerberosTime OPTIONAL,
5637 endtime[7] KerberosTime,
5638 renew-till[8] KerberosTime OPTIONAL,
5640 sname[10] PrincipalName,
5641 caddr[11] HostAddresses OPTIONAL
5644 APOptions ::= BIT STRING {
5650 EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
5651 ctime[0] KerberosTime,
5653 subkey[2] EncryptionKey OPTIONAL,
5654 seq-number[3] INTEGER OPTIONAL
5657 KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
5659 msg-type[1] INTEGER,
5660 safe-body[2] KRB-SAFE-BODY,
5664 KRB-SAFE-BODY ::= SEQUENCE {
5665 user-data[0] OCTET STRING,
5666 timestamp[1] KerberosTime OPTIONAL,
5667 usec[2] INTEGER OPTIONAL,
5668 seq-number[3] INTEGER OPTIONAL,
5669 s-address[4] HostAddress,
5670 r-address[5] HostAddress OPTIONAL
5673 KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
5675 msg-type[1] INTEGER,
5676 enc-part[3] EncryptedData
5679 EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
5680 user-data[0] OCTET STRING,
5681 timestamp[1] KerberosTime OPTIONAL,
5682 usec[2] INTEGER OPTIONAL,
5683 seq-number[3] INTEGER OPTIONAL,
5684 s-address[4] HostAddress, -- sender's addr
5685 r-address[5] HostAddress OPTIONAL
5689 KRB-CRED ::= [APPLICATION 22] SEQUENCE {
5691 msg-type[1] INTEGER, -- KRB_CRED
5692 tickets[2] SEQUENCE OF Ticket,
5693 enc-part[3] EncryptedData
5696 EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
5697 ticket-info[0] SEQUENCE OF KrbCredInfo,
5698 nonce[1] INTEGER OPTIONAL,
5699 timestamp[2] KerberosTime OPTIONAL,
5700 usec[3] INTEGER OPTIONAL,
5701 s-address[4] HostAddress OPTIONAL,
5702 r-address[5] HostAddress OPTIONAL
5705 KrbCredInfo ::= SEQUENCE {
5706 key[0] EncryptionKey,
5707 prealm[1] Realm OPTIONAL,
5708 pname[2] PrincipalName OPTIONAL,
5709 flags[3] TicketFlags OPTIONAL,
5710 authtime[4] KerberosTime OPTIONAL,
5711 starttime[5] KerberosTime OPTIONAL,
5712 endtime[6] KerberosTime OPTIONAL
5713 renew-till[7] KerberosTime OPTIONAL,
5714 srealm[8] Realm OPTIONAL,
5715 sname[9] PrincipalName OPTIONAL,
5716 caddr[10] HostAddresses OPTIONAL
5719 METHOD-DATA ::= SEQUENCE of PA-DATA
5721 If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
5722 contain an encoding of the following sequence:
5724 METHOD-DATA ::= SEQUENCE {
5725 method-type[0] INTEGER,
5726 method-data[1] OCTET STRING OPTIONAL
5729 EncryptionKey ::= SEQUENCE {
5731 keyvalue[1] OCTET STRING
5734 Checksum ::= SEQUENCE {
5735 cksumtype[0] INTEGER,
5736 checksum[1] OCTET STRING