2 * Routines for Kerberos
3 * Wes Hardaker (c) 2000
4 * wjhardaker@ucdavis.edu
5 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
6 * added AP-REQ and AP-REP dissection
8 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
9 * decryption of kerberos blobs if keytab is provided
11 * See RFC 1510, and various I-Ds and other documents showing additions,
12 * e.g. ones listed under
14 * http://www.isi.edu/people/bcn/krb-revisions/
18 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
22 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-05.txt
24 * Some structures from RFC2630
28 * Ethereal - Network traffic analyzer
29 * By Gerald Combs <gerald@ethereal.com>
30 * Copyright 1998 Gerald Combs
32 * This program is free software; you can redistribute it and/or
33 * modify it under the terms of the GNU General Public License
34 * as published by the Free Software Foundation; either version 2
35 * of the License, or (at your option) any later version.
37 * This program is distributed in the hope that it will be useful,
38 * but WITHOUT ANY WARRANTY; without even the implied warranty of
39 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
40 * GNU General Public License for more details.
42 * You should have received a copy of the GNU General Public License
43 * along with this program; if not, write to the Free Software
44 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
48 * Some of the development of the Kerberos protocol decoder was sponsored by
49 * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary
50 * CableLabs' specifications. Your license and use of this protocol decoder
51 * does not mean that you are licensed to use the CableLabs'
52 * specifications. If you have questions about this protocol, contact
53 * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional
71 #include <nettle/des.h>
72 #include <nettle/cbc.h>
74 #include "crypt-md5.h"
75 #include <sys/stat.h> /* For keyfile manipulation */
80 #include <epan/packet.h>
82 #include <epan/strutil.h>
84 #include <epan/conversation.h>
85 #include <epan/dissectors/packet-kerberos.h>
86 #include <epan/dissectors/packet-netbios.h>
87 #include <epan/dissectors/packet-tcp.h>
88 #include <epan/prefs.h>
89 #include <epan/dissectors/packet-ber.h>
90 #include <epan/dissectors/packet-pkinit.h>
91 #include <epan/dissectors/packet-cms.h>
92 #include <epan/dissectors/packet-windows-common.h>
94 #include <epan/dissectors/packet-dcerpc-netlogon.h>
95 #include <epan/dissectors/packet-dcerpc.h>
97 #include <epan/dissectors/packet-gssapi.h>
99 #define UDP_PORT_KERBEROS 88
100 #define TCP_PORT_KERBEROS 88
102 static dissector_handle_t kerberos_handle_udp;
104 /* Desegment Kerberos over TCP messages */
105 static gboolean krb_desegment = TRUE;
107 static gint proto_kerberos = -1;
108 static gint hf_krb_rm_reserved = -1;
109 static gint hf_krb_rm_reclen = -1;
111 static gint hf_krb_pac_signature_type = -1;
112 static gint hf_krb_pac_signature_signature = -1;
113 static gint hf_krb_pac_clientid = -1;
114 static gint hf_krb_pac_namelen = -1;
115 static gint hf_krb_pac_clientname = -1;
116 static gint hf_krb_w2k_pac_entries = -1;
117 static gint hf_krb_w2k_pac_version = -1;
118 static gint hf_krb_w2k_pac_type = -1;
119 static gint hf_krb_w2k_pac_size = -1;
120 static gint hf_krb_w2k_pac_offset = -1;
121 static gint hf_krb_padata = -1;
122 static gint hf_krb_error_code = -1;
123 static gint hf_krb_ticket = -1;
124 static gint hf_krb_AP_REP_enc = -1;
125 static gint hf_krb_KDC_REP_enc = -1;
126 static gint hf_krb_tkt_vno = -1;
127 static gint hf_krb_e_data = -1;
128 static gint hf_krb_TransitedEncoding = -1;
129 static gint hf_krb_PA_PAC_REQUEST_flag = -1;
130 static gint hf_krb_encrypted_authenticator_data = -1;
131 static gint hf_krb_PAC_LOGON_INFO = -1;
132 static gint hf_krb_PAC_CREDENTIAL_TYPE = -1;
133 static gint hf_krb_PAC_SERVER_CHECKSUM = -1;
134 static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
135 static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
136 static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
137 static gint hf_krb_checksum_checksum = -1;
138 static gint hf_krb_encrypted_PRIV = -1;
139 static gint hf_krb_encrypted_Ticket_data = -1;
140 static gint hf_krb_encrypted_AP_REP_data = -1;
141 static gint hf_krb_encrypted_KDC_REP_data = -1;
142 static gint hf_krb_PA_DATA_type = -1;
143 static gint hf_krb_PA_DATA_value = -1;
144 static gint hf_krb_etype_info_salt = -1;
145 static gint hf_krb_SAFE_BODY_user_data = -1;
146 static gint hf_krb_PRIV_BODY_user_data = -1;
147 static gint hf_krb_realm = -1;
148 static gint hf_krb_crealm = -1;
149 static gint hf_krb_sname = -1;
150 static gint hf_krb_cname = -1;
151 static gint hf_krb_name_string = -1;
152 static gint hf_krb_provsrv_location = -1;
153 static gint hf_krb_e_text = -1;
154 static gint hf_krb_name_type = -1;
155 static gint hf_krb_lr_type = -1;
156 static gint hf_krb_from = -1;
157 static gint hf_krb_till = -1;
158 static gint hf_krb_authtime = -1;
159 static gint hf_krb_patimestamp = -1;
160 static gint hf_krb_SAFE_BODY_timestamp = -1;
161 static gint hf_krb_pausec = -1;
162 static gint hf_krb_lr_time = -1;
163 static gint hf_krb_starttime = -1;
164 static gint hf_krb_endtime = -1;
165 static gint hf_krb_key_expire = -1;
166 static gint hf_krb_renew_till = -1;
167 static gint hf_krb_rtime = -1;
168 static gint hf_krb_ctime = -1;
169 static gint hf_krb_cusec = -1;
170 static gint hf_krb_stime = -1;
171 static gint hf_krb_susec = -1;
172 static gint hf_krb_SAFE_BODY_usec = -1;
173 static gint hf_krb_nonce = -1;
174 static gint hf_krb_transitedtype = -1;
175 static gint hf_krb_transitedcontents = -1;
176 static gint hf_krb_keytype = -1;
177 static gint hf_krb_keyvalue = -1;
178 static gint hf_krb_IF_RELEVANT_type = -1;
179 static gint hf_krb_IF_RELEVANT_value = -1;
180 static gint hf_krb_adtype = -1;
181 static gint hf_krb_advalue = -1;
182 static gint hf_krb_etype = -1;
183 static gint hf_krb_etypes = -1;
184 static gint hf_krb_LastReqs = -1;
185 static gint hf_krb_IF_RELEVANT = -1;
186 static gint hf_krb_addr_type = -1;
187 static gint hf_krb_address_ip = -1;
188 static gint hf_krb_address_netbios = -1;
189 static gint hf_krb_msg_type = -1;
190 static gint hf_krb_pvno = -1;
191 static gint hf_krb_kvno = -1;
192 static gint hf_krb_checksum_type = -1;
193 static gint hf_krb_authenticator_vno = -1;
194 static gint hf_krb_AuthorizationData = -1;
195 static gint hf_krb_key = -1;
196 static gint hf_krb_subkey = -1;
197 static gint hf_krb_seq_number = -1;
198 static gint hf_krb_EncTicketPart = -1;
199 static gint hf_krb_EncAPRepPart = -1;
200 static gint hf_krb_EncKrbPrivPart = -1;
201 static gint hf_krb_EncKDCRepPart = -1;
202 static gint hf_krb_LastReq = -1;
203 static gint hf_krb_Authenticator = -1;
204 static gint hf_krb_Checksum = -1;
205 static gint hf_krb_s_address = -1;
206 static gint hf_krb_HostAddress = -1;
207 static gint hf_krb_HostAddresses = -1;
208 static gint hf_krb_APOptions = -1;
209 static gint hf_krb_APOptions_use_session_key = -1;
210 static gint hf_krb_APOptions_mutual_required = -1;
211 static gint hf_krb_TicketFlags = -1;
212 static gint hf_krb_TicketFlags_forwardable = -1;
213 static gint hf_krb_TicketFlags_forwarded = -1;
214 static gint hf_krb_TicketFlags_proxyable = -1;
215 static gint hf_krb_TicketFlags_proxy = -1;
216 static gint hf_krb_TicketFlags_allow_postdate = -1;
217 static gint hf_krb_TicketFlags_postdated = -1;
218 static gint hf_krb_TicketFlags_invalid = -1;
219 static gint hf_krb_TicketFlags_renewable = -1;
220 static gint hf_krb_TicketFlags_initial = -1;
221 static gint hf_krb_TicketFlags_pre_auth = -1;
222 static gint hf_krb_TicketFlags_hw_auth = -1;
223 static gint hf_krb_TicketFlags_transited_policy_checked = -1;
224 static gint hf_krb_TicketFlags_ok_as_delegate = -1;
225 static gint hf_krb_KDCOptions = -1;
226 static gint hf_krb_KDCOptions_forwardable = -1;
227 static gint hf_krb_KDCOptions_forwarded = -1;
228 static gint hf_krb_KDCOptions_proxyable = -1;
229 static gint hf_krb_KDCOptions_proxy = -1;
230 static gint hf_krb_KDCOptions_allow_postdate = -1;
231 static gint hf_krb_KDCOptions_postdated = -1;
232 static gint hf_krb_KDCOptions_renewable = -1;
233 static gint hf_krb_KDCOptions_canonicalize = -1;
234 static gint hf_krb_KDCOptions_opt_hardware_auth = -1;
235 static gint hf_krb_KDCOptions_disable_transited_check = -1;
236 static gint hf_krb_KDCOptions_renewable_ok = -1;
237 static gint hf_krb_KDCOptions_enc_tkt_in_skey = -1;
238 static gint hf_krb_KDCOptions_renew = -1;
239 static gint hf_krb_KDCOptions_validate = -1;
240 static gint hf_krb_KDC_REQ_BODY = -1;
241 static gint hf_krb_PRIV_BODY = -1;
242 static gint hf_krb_ENC_PRIV = -1;
243 static gint hf_krb_authenticator_enc = -1;
244 static gint hf_krb_ticket_enc = -1;
245 static gint hf_krb_e_checksum = -1;
247 static gint ett_krb_kerberos = -1;
248 static gint ett_krb_TransitedEncoding = -1;
249 static gint ett_krb_PAC_LOGON_INFO = -1;
250 static gint ett_krb_PAC_CREDENTIAL_TYPE = -1;
251 static gint ett_krb_PAC_SERVER_CHECKSUM = -1;
252 static gint ett_krb_PAC_PRIVSVR_CHECKSUM = -1;
253 static gint ett_krb_PAC_CLIENT_INFO_TYPE = -1;
254 static gint ett_krb_KDC_REP_enc = -1;
255 static gint ett_krb_EncTicketPart = -1;
256 static gint ett_krb_EncAPRepPart = -1;
257 static gint ett_krb_EncKrbPrivPart = -1;
258 static gint ett_krb_EncKDCRepPart = -1;
259 static gint ett_krb_LastReq = -1;
260 static gint ett_krb_Authenticator = -1;
261 static gint ett_krb_Checksum = -1;
262 static gint ett_krb_key = -1;
263 static gint ett_krb_subkey = -1;
264 static gint ett_krb_AuthorizationData = -1;
265 static gint ett_krb_sname = -1;
266 static gint ett_krb_cname = -1;
267 static gint ett_krb_AP_REP_enc = -1;
268 static gint ett_krb_padata = -1;
269 static gint ett_krb_etypes = -1;
270 static gint ett_krb_LastReqs = -1;
271 static gint ett_krb_IF_RELEVANT = -1;
272 static gint ett_krb_PA_DATA_tree = -1;
273 static gint ett_krb_PAC = -1;
274 static gint ett_krb_s_address = -1;
275 static gint ett_krb_HostAddress = -1;
276 static gint ett_krb_HostAddresses = -1;
277 static gint ett_krb_authenticator_enc = -1;
278 static gint ett_krb_AP_Options = -1;
279 static gint ett_krb_KDC_Options = -1;
280 static gint ett_krb_Ticket_Flags = -1;
281 static gint ett_krb_request = -1;
282 static gint ett_krb_recordmark = -1;
283 static gint ett_krb_ticket = -1;
284 static gint ett_krb_ticket_enc = -1;
285 static gint ett_krb_PRIV = -1;
286 static gint ett_krb_PRIV_enc = -1;
287 static gint ett_krb_e_checksum = -1;
289 guint32 krb5_errorcode;
292 dissector_handle_t krb4_handle=NULL;
294 static int do_col_info;
298 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag)
300 kerberos_callbacks *cb=(kerberos_callbacks *)pinfo->private_data;
308 cb->callback(pinfo, tvb, tree);
320 /* Decrypt Kerberos blobs */
321 static gboolean krb_decrypt = FALSE;
323 /* keytab filename */
324 static char *keytab_filename = "insert filename here";
328 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
330 enc_key_t *enc_key_list=NULL;
333 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin)
337 if(pinfo->fd->flags.visited){
340 printf("added key in %d\n",pinfo->fd->num);
342 new_key=g_malloc(sizeof(enc_key_t));
343 sprintf(new_key->key_origin, "%s learnt from frame %d",origin,pinfo->fd->num);
344 new_key->next=enc_key_list;
345 enc_key_list=new_key;
346 new_key->keytype=keytype;
347 new_key->keylength=keylength;
348 /*XXX this needs to be freed later */
349 new_key->keyvalue=g_memdup(keyvalue, keylength);
351 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
354 #ifdef HAVE_MIT_KERBEROS
357 read_keytab_file(char *filename, krb5_context *context)
360 krb5_keytab_entry key;
362 krb5_kt_cursor cursor;
365 /* should use a file in the ethereal users dir */
366 ret = krb5_kt_resolve(*context, filename, &keytab);
368 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
373 ret = krb5_kt_start_seq_get(*context, keytab, &cursor);
375 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
380 new_key=g_malloc(sizeof(enc_key_t));
381 new_key->next=enc_key_list;
382 ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
387 /* generate origin string, describing where this key came from */
388 pos=new_key->key_origin;
389 pos+=sprintf(pos, "keytab principal ");
390 for(i=0;i<key.principal->length;i++){
391 pos+=sprintf(pos,"%s%s",(i?"/":""),(key.principal->data[i]).data);
393 pos+=sprintf(pos,"@%s",key.principal->realm.data);
395 /*printf("added key for principal :%s\n", new_key->key_origin);*/
396 new_key->keytype=key.key.enctype;
397 new_key->keylength=key.key.length;
398 new_key->keyvalue=g_memdup(key.key.contents, key.key.length);
399 enc_key_list=new_key;
403 ret = krb5_kt_end_seq_get(*context, keytab, &cursor);
405 krb5_kt_close(*context, keytab);
412 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
415 const char *cryptotext,
418 static int first_time=1;
419 static krb5_context context;
422 static krb5_data data = {0,0,NULL};
423 krb5_keytab_entry key;
425 /* dont do anything if we are not attempting to decrypt data */
430 /* XXX we should only do this for first time, then store somewhere */
431 /* XXX We also need to re-read the keytab when the preference changes */
433 /* should this have a destroy context ? MIT people would know */
436 ret = krb5_init_context(&context);
440 read_keytab_file(keytab_filename, &context);
443 for(ek=enc_key_list;ek;ek=ek->next){
446 /* shortcircuit and bail out if enctypes are not matching */
447 if(ek->keytype!=keytype){
451 input.enctype = ek->keytype;
452 input.ciphertext.length = length;
453 input.ciphertext.data = (guint8 *)cryptotext;
455 data.length = length;
459 data.data = g_malloc(length);
461 key.key.enctype=ek->keytype;
462 key.key.length=ek->keylength;
463 key.key.contents=ek->keyvalue;
464 ret = krb5_c_decrypt(context, &(key.key), usage, 0, &input, &data);
466 printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
467 proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
475 #elif defined(HAVE_HEIMDAL_KERBEROS)
477 read_keytab_file(char *filename, krb5_context *context)
480 krb5_keytab_entry key;
482 krb5_kt_cursor cursor;
485 /* should use a file in the ethereal users dir */
486 ret = krb5_kt_resolve(*context, filename, &keytab);
488 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
493 ret = krb5_kt_start_seq_get(*context, keytab, &cursor);
495 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
500 new_key=g_malloc(sizeof(enc_key_t));
501 new_key->next=enc_key_list;
502 ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
507 /* generate origin string, describing where this key came from */
508 pos=new_key->key_origin;
509 pos+=sprintf(pos, "keytab principal ");
510 for(i=0;i<key.principal->name.name_string.len;i++){
511 pos+=sprintf(pos,"%s%s",(i?"/":""),key.principal->name.name_string.val[i]);
513 pos+=sprintf(pos,"@%s",key.principal->realm);
515 new_key->keytype=key.keyblock.keytype;
516 new_key->keylength=key.keyblock.keyvalue.length;
517 new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length);
518 enc_key_list=new_key;
522 ret = krb5_kt_end_seq_get(*context, keytab, &cursor);
524 krb5_kt_close(*context, keytab);
531 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
534 const char *cryptotext,
537 static int first_time=1;
538 static krb5_context context;
543 /* dont do anything if we are not attempting to decrypt data */
548 /* XXX we should only do this for first time, then store somewhere */
549 /* XXX We also need to re-read the keytab when the preference changes */
551 /* should this have a destroy context ? Heimdal people would know */
554 ret = krb5_init_context(&context);
558 read_keytab_file(keytab_filename, &context);
561 for(ek=enc_key_list;ek;ek=ek->next){
562 krb5_keytab_entry key;
564 guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
566 /* shortcircuit and bail out if enctypes are not matching */
567 if(ek->keytype!=keytype){
571 key.keyblock.keytype=ek->keytype;
572 key.keyblock.keyvalue.length=ek->keylength;
573 key.keyblock.keyvalue.data=ek->keyvalue;
574 ret = krb5_crypto_init(context, &(key.keyblock), 0, &crypto);
579 /* pre-0.6.1 versions of Heimdal would sometimes change
580 the cryptotext data even when the decryption failed.
581 This would obviously not work since we iterate over the
582 keys. So just give it a copy of the crypto data instead.
583 This has been seen for RC4-HMAC blobs.
585 cryptocopy=g_malloc(length);
586 memcpy(cryptocopy, cryptotext, length);
587 ret = krb5_decrypt_ivec(context, crypto, usage,
593 printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
594 proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
595 krb5_crypto_destroy(context, crypto);
598 krb5_crypto_destroy(context, crypto);
603 #elif defined (HAVE_LIBNETTLE)
605 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
606 #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */
608 typedef struct _service_key_t {
613 char origin[KRB_MAX_ORIG_LEN+1];
615 GSList *service_key_list = NULL;
619 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin)
621 service_key_t *new_key;
623 if(pinfo->fd->flags.visited){
626 printf("added key in %d\n",pinfo->fd->num);
628 new_key = g_malloc(sizeof(service_key_t));
630 new_key->keytype = keytype;
631 new_key->length = keylength;
632 new_key->contents = g_malloc(keylength);
633 memcpy(new_key->contents, keyvalue, keylength);
634 sprintf(new_key->origin, "%s learnt from frame %d", origin, pinfo->fd->num);
635 service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
643 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
644 sk = (service_key_t *) ske->data;
645 if (sk && sk->contents) g_free(sk->contents);
648 g_slist_free(service_key_list);
649 service_key_list = NULL;
653 read_keytab_file(char *service_key_file)
658 unsigned char buf[SERVICE_KEY_SIZE];
659 int newline_skip = 0, count = 0;
661 if (service_key_file != NULL && stat (service_key_file, &st) == 0) {
663 /* The service key file contains raw 192-bit (24 byte) 3DES keys.
664 * There can be zero, one (\n), or two (\r\n) characters between
665 * keys. Trailing characters are ignored.
668 /* XXX We should support the standard keytab format instead */
669 if (st.st_size > SERVICE_KEY_SIZE) {
670 if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) ||
671 (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) {
673 } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) ||
674 (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) {
679 skf = fopen(service_key_file, "rb");
682 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
683 sk = g_malloc(sizeof(service_key_t));
684 sk->kvno = buf[0] << 8 | buf[1];
685 sk->keytype = KEYTYPE_DES3_CBC_MD5;
686 sk->length = DES3_KEY_SIZE;
687 sk->contents = g_malloc(DES3_KEY_SIZE);
688 memcpy(sk->contents, buf + 2, DES3_KEY_SIZE);
689 sprintf(sk->origin, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
690 service_key_list = g_slist_append(service_key_list, (gpointer) sk);
691 fseek(skf, newline_skip, SEEK_CUR);
693 g_warning("added key: %s", sk->origin);
699 #define CONFOUNDER_PLUS_CHECKSUM 24
702 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
705 const char *cryptotext,
709 guint8 *decrypted_data = NULL, *plaintext = NULL;
713 guint32 tag, item_len, data_len;
714 int id_offset, offset;
715 guint8 key[DES3_KEY_SIZE];
716 guint8 initial_vector[DES_BLOCK_SIZE];
718 md5_byte_t digest[16];
719 md5_byte_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
720 md5_byte_t confounder[8];
727 /* dont do anything if we are not attempting to decrypt data */
732 if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
736 decrypted_data = g_malloc(length);
737 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
738 sk = (service_key_t *) ske->data;
740 des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
743 memset(initial_vector, 0, DES_BLOCK_SIZE);
744 res = des3_set_key(&ctx, key);
745 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
746 length, decrypted_data, cryptotext);
747 encr_tvb = tvb_new_real_data(decrypted_data, length, length);
749 tvb_memcpy(encr_tvb, confounder, 0, 8);
751 /* We have to pull the decrypted data length from the decrypted
752 * content. If the key doesn't match or we otherwise get garbage,
753 * an exception may get thrown while decoding the ASN.1 header.
754 * Catch it, just in case.
757 id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
758 offset = get_ber_length(tree, encr_tvb, id_offset, &item_len, &ind);
760 CATCH (BoundsError) {
766 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM;
767 if ((int) item_len + offset > length) {
772 md5_append(&md5s, confounder, 8);
773 md5_append(&md5s, zero_fill, 16);
774 md5_append(&md5s, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
775 md5_finish(&md5s, digest);
777 if (tvb_memeql (encr_tvb, 8, digest, 16) == 0) {
778 g_warning("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
779 plaintext = g_malloc(data_len);
780 tvb_memcpy(encr_tvb, plaintext, CONFOUNDER_PLUS_CHECKSUM, data_len);
783 g_free(decrypted_data);
788 g_free(decrypted_data);
793 #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
797 /* TCP Record Mark */
798 #define KRB_RM_RESERVED 0x80000000L
799 #define KRB_RM_RECLEN 0x7fffffffL
801 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
802 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
803 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
804 #define KRB5_MSG_AS_REP 11 /* AS-REP type */
805 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
806 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
807 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
808 #define KRB5_MSG_AP_REP 15 /* AP-REP type */
810 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
811 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
812 #define KRB5_MSG_CRED 22 /* KRB-CRED type */
813 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
814 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
815 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
816 #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncAPRepPart */
817 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
819 /* address type constants */
820 #define KRB5_ADDR_IPv4 0x02
821 #define KRB5_ADDR_CHAOS 0x05
822 #define KRB5_ADDR_XEROX 0x06
823 #define KRB5_ADDR_ISO 0x07
824 #define KRB5_ADDR_DECNET 0x0c
825 #define KRB5_ADDR_APPLETALK 0x10
826 #define KRB5_ADDR_NETBIOS 0x14
827 #define KRB5_ADDR_IPv6 0x18
829 /* encryption type constants */
830 #define KRB5_ENCTYPE_NULL 0
831 #define KRB5_ENCTYPE_DES_CBC_CRC 1
832 #define KRB5_ENCTYPE_DES_CBC_MD4 2
833 #define KRB5_ENCTYPE_DES_CBC_MD5 3
834 #define KRB5_ENCTYPE_DES_CBC_RAW 4
835 #define KRB5_ENCTYPE_DES3_CBC_SHA 5
836 #define KRB5_ENCTYPE_DES3_CBC_RAW 6
837 #define KRB5_ENCTYPE_DES_HMAC_SHA1 8
838 #define KRB5_ENCTYPE_DSA_SHA1_CMS 9
839 #define KRB5_ENCTYPE_RSA_MD5_CMS 10
840 #define KRB5_ENCTYPE_RSA_SHA1_CMS 11
841 #define KRB5_ENCTYPE_RC2_CBC_ENV 12
842 #define KRB5_ENCTYPE_RSA_ENV 13
843 #define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
844 #define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
845 #define KRB5_ENCTYPE_DES3_CBC_SHA1 16
846 #define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
847 #define KERB_ENCTYPE_RC4_HMAC 23
848 #define KERB_ENCTYPE_RC4_HMAC_EXP 24
849 #define KRB5_ENCTYPE_UNKNOWN 0x1ff
850 #define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
851 #define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73
852 #define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74
853 #define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78
854 #define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79
855 #define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a
856 #define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b
857 #define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c
858 #define KRB5_ENCTYPE_RC4_SHA 0xffffff7d
859 #define KRB5_ENCTYPE_RC4_LM 0xffffff7e
860 #define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f
861 #define KRB5_ENCTYPE_RC4_MD4 0xffffff80
864 #define KRB5_CHKSUM_NONE 0
865 #define KRB5_CHKSUM_CRC32 1
866 #define KRB5_CHKSUM_MD4 2
867 #define KRB5_CHKSUM_KRB_DES_MAC 4
868 #define KRB5_CHKSUM_KRB_DES_MAC_K 5
869 #define KRB5_CHKSUM_MD5 7
870 #define KRB5_CHKSUM_MD5_DES 8
871 /* the following four comes from packetcable */
872 #define KRB5_CHKSUM_MD5_DES3 9
873 #define KRB5_CHKSUM_HMAC_SHA1_DES3_KD 12
874 #define KRB5_CHKSUM_HMAC_SHA1_DES3 13
875 #define KRB5_CHKSUM_SHA1_UNKEYED 14
876 #define KRB5_CHKSUM_HMAC_MD5 0xffffff76
877 #define KRB5_CHKSUM_MD5_HMAC 0xffffff77
878 #define KRB5_CHKSUM_RC4_MD5 0xffffff78
879 #define KRB5_CHKSUM_MD25 0xffffff79
880 #define KRB5_CHKSUM_DES_MAC_MD5 0xffffff7a
881 #define KRB5_CHKSUM_DES_MAC 0xffffff7b
882 #define KRB5_CHKSUM_REAL_CRC32 0xffffff7c
883 #define KRB5_CHKSUM_SHA1 0xffffff7d
884 #define KRB5_CHKSUM_LM 0xffffff7e
885 #define KRB5_CHKSUM_GSSAPI 0x8003
888 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
890 * http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-04.txt
892 * unless it's expired.
895 /* pre-authentication type constants */
896 #define KRB5_PA_TGS_REQ 1
897 #define KRB5_PA_ENC_TIMESTAMP 2
898 #define KRB5_PA_PW_SALT 3
899 #define KRB5_PA_ENC_ENCKEY 4
900 #define KRB5_PA_ENC_UNIX_TIME 5
901 #define KRB5_PA_ENC_SANDIA_SECURID 6
902 #define KRB5_PA_SESAME 7
903 #define KRB5_PA_OSF_DCE 8
904 #define KRB5_PA_CYBERSAFE_SECUREID 9
905 #define KRB5_PA_AFS3_SALT 10
906 #define KRB5_PA_ENCTYPE_INFO 11
907 #define KRB5_PA_SAM_CHALLENGE 12
908 #define KRB5_PA_SAM_RESPONSE 13
909 #define KRB5_PA_PK_AS_REQ 14
910 #define KRB5_PA_PK_AS_REP 15
911 #define KRB5_PA_DASS 16
912 #define KRB5_PA_USE_SPECIFIED_KVNO 20
913 #define KRB5_PA_SAM_REDIRECT 21
914 #define KRB5_PA_GET_FROM_TYPED_DATA 22
915 #define KRB5_PA_SAM_ETYPE_INFO 23
916 #define KRB5_PA_ALT_PRINC 24
917 #define KRB5_PA_SAM_CHALLENGE2 30
918 #define KRB5_PA_SAM_RESPONSE2 31
919 #define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
920 #define KRB5_TD_KRB_PRINCIPAL 102
921 #define KRB5_TD_KRB_REALM 103
922 #define KRB5_TD_TRUSTED_CERTIFIERS 104
923 #define KRB5_TD_CERTIFICATE_INDEX 105
924 #define KRB5_TD_APP_DEFINED_ERROR 106
925 #define KRB5_TD_REQ_NONCE 107
926 #define KRB5_TD_REQ_SEQ 108
927 /* preauthentication types >127 (i.e. negative ones) are app specific.
928 hopefully there will be no collissions here or we will have to
929 come up with something better
931 #define KRB5_PA_PAC_REQUEST 128 /* MS extension */
932 #define KRB5_PA_PROV_SRV_LOCATION 255 /* packetcable stuff */
934 /* Principal name-type */
935 #define KRB5_NT_UNKNOWN 0
936 #define KRB5_NT_PRINCIPAL 1
937 #define KRB5_NT_SRV_INST 2
938 #define KRB5_NT_SRV_HST 3
939 #define KRB5_NT_SRV_XHST 4
940 #define KRB5_NT_UID 5
941 #define KRB5_NT_X500_PRINCIPAL 6
942 #define KRB5_NT_SMTP_NAME 7
943 #define KRB5_NT_ENTERPRISE 10
946 * MS specific name types, from
948 * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
950 #define KRB5_NT_MS_PRINCIPAL -128
951 #define KRB5_NT_MS_PRINCIPAL_AND_SID -129
952 #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130
953 #define KRB5_NT_PRINCIPAL_AND_SID -131
954 #define KRB5_NT_SRV_INST_AND_SID -132
956 /* error table constants */
957 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
958 #define KRB5_ET_KRB5KDC_ERR_NONE 0
959 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1
960 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2
961 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3
962 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4
963 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5
964 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6
965 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7
966 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
967 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9
968 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10
969 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11
970 #define KRB5_ET_KRB5KDC_ERR_POLICY 12
971 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13
972 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14
973 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15
974 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16
975 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17
976 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18
977 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19
978 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20
979 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21
980 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22
981 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23
982 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
983 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
984 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
985 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
986 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
987 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
988 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
989 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
990 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
991 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34
992 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35
993 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36
994 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37
995 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38
996 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39
997 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40
998 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41
999 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42
1000 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43
1001 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44
1002 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45
1003 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46
1004 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47
1005 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
1006 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
1007 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
1008 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
1009 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
1010 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60
1011 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
1012 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
1013 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
1014 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64
1015 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
1016 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
1017 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67
1018 #define KRB5_ET_KDC_ERR_WRONG_REALM 68
1019 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
1020 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
1021 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
1022 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
1023 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
1024 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
1025 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
1026 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
1028 static const value_string krb5_error_codes[] = {
1029 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
1030 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
1031 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
1032 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
1033 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
1034 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
1035 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
1036 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
1037 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
1038 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
1039 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
1040 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
1041 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
1042 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
1043 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
1044 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
1045 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
1046 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
1047 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
1048 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
1049 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
1050 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
1051 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
1052 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
1053 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
1054 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
1055 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
1056 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
1057 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
1058 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
1059 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
1060 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
1061 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
1062 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
1063 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
1064 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
1065 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
1066 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
1067 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
1068 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
1069 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
1070 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
1071 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
1072 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
1073 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
1074 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
1075 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
1076 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
1077 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
1078 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
1079 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
1080 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
1081 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
1082 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
1083 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
1084 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
1085 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
1086 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
1087 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
1088 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
1089 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
1090 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
1091 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
1092 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
1093 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
1094 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
1095 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
1096 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
1097 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
1102 #define PAC_LOGON_INFO 1
1103 #define PAC_CREDENTIAL_TYPE 2
1104 #define PAC_SERVER_CHECKSUM 6
1105 #define PAC_PRIVSVR_CHECKSUM 7
1106 #define PAC_CLIENT_INFO_TYPE 10
1107 static const value_string w2k_pac_types[] = {
1108 { PAC_LOGON_INFO , "Logon Info" },
1109 { PAC_CREDENTIAL_TYPE , "Credential Type" },
1110 { PAC_SERVER_CHECKSUM , "Server Checksum" },
1111 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
1112 { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
1118 static const value_string krb5_princ_types[] = {
1119 { KRB5_NT_UNKNOWN , "Unknown" },
1120 { KRB5_NT_PRINCIPAL , "Principal" },
1121 { KRB5_NT_SRV_INST , "Service and Instance" },
1122 { KRB5_NT_SRV_HST , "Service and Host" },
1123 { KRB5_NT_SRV_XHST , "Service and Host Components" },
1124 { KRB5_NT_UID , "Unique ID" },
1125 { KRB5_NT_X500_PRINCIPAL , "Encoded X.509 Distinguished Name" },
1126 { KRB5_NT_SMTP_NAME , "SMTP Name" },
1127 { KRB5_NT_ENTERPRISE , "Enterprise Name" },
1128 { KRB5_NT_MS_PRINCIPAL , "NT 4.0 style name (MS specific)" },
1129 { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
1130 { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
1131 { KRB5_NT_PRINCIPAL_AND_SID , "Principal name and SID (MS specific)"},
1132 { KRB5_NT_SRV_INST_AND_SID , "SPN and SID (MS specific)"},
1136 static const value_string krb5_preauthentication_types[] = {
1137 { KRB5_PA_TGS_REQ , "PA-TGS-REQ" },
1138 { KRB5_PA_ENC_TIMESTAMP , "PA-ENC-TIMESTAMP" },
1139 { KRB5_PA_PW_SALT , "PA-PW-SALT" },
1140 { KRB5_PA_ENC_ENCKEY , "PA-ENC-ENCKEY" },
1141 { KRB5_PA_ENC_UNIX_TIME , "PA-ENC-UNIX-TIME" },
1142 { KRB5_PA_ENC_SANDIA_SECURID , "PA-PW-SALT" },
1143 { KRB5_PA_SESAME , "PA-SESAME" },
1144 { KRB5_PA_OSF_DCE , "PA-OSF-DCE" },
1145 { KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
1146 { KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
1147 { KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
1148 { KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
1149 { KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
1150 { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
1151 { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" },
1152 { KRB5_PA_DASS , "PA-DASS" },
1153 { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" },
1154 { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" },
1155 { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" },
1156 { KRB5_PA_SAM_ETYPE_INFO , "PA-SAM-ETYPE-INFO" },
1157 { KRB5_PA_ALT_PRINC , "PA-ALT-PRINC" },
1158 { KRB5_PA_SAM_CHALLENGE2 , "PA-SAM-CHALLENGE2" },
1159 { KRB5_PA_SAM_RESPONSE2 , "PA-SAM-RESPONSE2" },
1160 { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
1161 { KRB5_TD_KRB_PRINCIPAL , "TD-KRB-PRINCIPAL" },
1162 { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
1163 { KRB5_TD_TRUSTED_CERTIFIERS , "TD-TRUSTED-CERTIFIERS" },
1164 { KRB5_TD_CERTIFICATE_INDEX , "TD-CERTIFICATE-INDEX" },
1165 { KRB5_TD_APP_DEFINED_ERROR , "TD-APP-DEFINED-ERROR" },
1166 { KRB5_TD_REQ_NONCE , "TD-REQ-NONCE" },
1167 { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" },
1168 { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" },
1169 { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" },
1173 static const value_string krb5_encryption_types[] = {
1174 { KRB5_ENCTYPE_NULL , "NULL" },
1175 { KRB5_ENCTYPE_DES_CBC_CRC , "des-cbc-crc" },
1176 { KRB5_ENCTYPE_DES_CBC_MD4 , "des-cbc-md4" },
1177 { KRB5_ENCTYPE_DES_CBC_MD5 , "des-cbc-md5" },
1178 { KRB5_ENCTYPE_DES_CBC_RAW , "des-cbc-raw" },
1179 { KRB5_ENCTYPE_DES3_CBC_SHA , "des3-cbc-sha" },
1180 { KRB5_ENCTYPE_DES3_CBC_RAW , "des3-cbc-raw" },
1181 { KRB5_ENCTYPE_DES_HMAC_SHA1 , "des-hmac-sha1" },
1182 { KRB5_ENCTYPE_DSA_SHA1_CMS , "dsa-sha1-cms" },
1183 { KRB5_ENCTYPE_RSA_MD5_CMS , "rsa-md5-cms" },
1184 { KRB5_ENCTYPE_RSA_SHA1_CMS , "rsa-sha1-cms" },
1185 { KRB5_ENCTYPE_RC2_CBC_ENV , "rc2-cbc-env" },
1186 { KRB5_ENCTYPE_RSA_ENV , "rsa-env" },
1187 { KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
1188 { KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
1189 { KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
1190 { KRB5_ENCTYPE_DES_CBC_MD5_NT , "des-cbc-md5-nt" },
1191 { KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
1192 { KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
1193 { KRB5_ENCTYPE_UNKNOWN , "unknown" },
1194 { KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 , "local-des3-hmac-sha1" },
1195 { KRB5_ENCTYPE_RC4_PLAIN_EXP , "rc4-plain-exp" },
1196 { KRB5_ENCTYPE_RC4_PLAIN , "rc4-plain" },
1197 { KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP, "rc4-plain-old-exp" },
1198 { KRB5_ENCTYPE_RC4_HMAC_OLD_EXP, "rc4-hmac-old-exp" },
1199 { KRB5_ENCTYPE_RC4_PLAIN_OLD , "rc4-plain-old" },
1200 { KRB5_ENCTYPE_RC4_HMAC_OLD , "rc4-hmac-old" },
1201 { KRB5_ENCTYPE_DES_PLAIN , "des-plain" },
1202 { KRB5_ENCTYPE_RC4_SHA , "rc4-sha" },
1203 { KRB5_ENCTYPE_RC4_LM , "rc4-lm" },
1204 { KRB5_ENCTYPE_RC4_PLAIN2 , "rc4-plain2" },
1205 { KRB5_ENCTYPE_RC4_MD4 , "rc4-md4" },
1209 static const value_string krb5_checksum_types[] = {
1210 { KRB5_CHKSUM_NONE , "none" },
1211 { KRB5_CHKSUM_CRC32 , "crc32" },
1212 { KRB5_CHKSUM_MD4 , "md4" },
1213 { KRB5_CHKSUM_KRB_DES_MAC , "krb-des-mac" },
1214 { KRB5_CHKSUM_KRB_DES_MAC_K , "krb-des-mac-k" },
1215 { KRB5_CHKSUM_MD5 , "md5" },
1216 { KRB5_CHKSUM_MD5_DES , "md5-des" },
1217 { KRB5_CHKSUM_MD5_DES3 , "md5-des3" },
1218 { KRB5_CHKSUM_HMAC_SHA1_DES3_KD, "hmac-sha1-des3-kd" },
1219 { KRB5_CHKSUM_HMAC_SHA1_DES3 , "hmac-sha1-des3" },
1220 { KRB5_CHKSUM_SHA1_UNKEYED , "sha1 (unkeyed)" },
1221 { KRB5_CHKSUM_HMAC_MD5 , "hmac-md5" },
1222 { KRB5_CHKSUM_MD5_HMAC , "md5-hmac" },
1223 { KRB5_CHKSUM_RC4_MD5 , "rc5-md5" },
1224 { KRB5_CHKSUM_MD25 , "md25" },
1225 { KRB5_CHKSUM_DES_MAC_MD5 , "des-mac-md5" },
1226 { KRB5_CHKSUM_DES_MAC , "des-mac" },
1227 { KRB5_CHKSUM_REAL_CRC32 , "real-crc32" },
1228 { KRB5_CHKSUM_SHA1 , "sha1" },
1229 { KRB5_CHKSUM_LM , "lm" },
1230 { KRB5_CHKSUM_GSSAPI , "gssapi-8003" },
1234 #define KRB5_AD_IF_RELEVANT 1
1235 #define KRB5_AD_INTENDED_FOR_SERVER 2
1236 #define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS 3
1237 #define KRB5_AD_KDC_ISSUED 4
1238 #define KRB5_AD_OR 5
1239 #define KRB5_AD_MANDATORY_TICKET_EXTENSIONS 6
1240 #define KRB5_AD_IN_TICKET_EXTENSIONS 7
1241 #define KRB5_AD_MANDATORY_FOR_KDC 8
1242 #define KRB5_AD_OSF_DCE 64
1243 #define KRB5_AD_SESAME 65
1244 #define KRB5_AD_OSF_DCE_PKI_CERTID 66
1245 #define KRB5_AD_WIN2K_PAC 128
1246 static const value_string krb5_ad_types[] = {
1247 { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" },
1248 { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" },
1249 { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS , "AD-Intended-For-Application-Class" },
1250 { KRB5_AD_KDC_ISSUED , "AD-KDCIssued" },
1251 { KRB5_AD_OR , "AD-AND-OR" },
1252 { KRB5_AD_MANDATORY_TICKET_EXTENSIONS , "AD-Mandatory-Ticket-Extensions" },
1253 { KRB5_AD_IN_TICKET_EXTENSIONS , "AD-IN-Ticket-Extensions" },
1254 { KRB5_AD_MANDATORY_FOR_KDC , "AD-MANDATORY-FOR-KDC" },
1255 { KRB5_AD_OSF_DCE , "AD-OSF-DCE" },
1256 { KRB5_AD_SESAME , "AD-SESAME" },
1257 { KRB5_AD_OSF_DCE_PKI_CERTID , "AD-OSF-DCE-PKI-CertID" },
1258 { KRB5_AD_WIN2K_PAC , "AD-Win2k-PAC" },
1262 static const value_string krb5_transited_types[] = {
1263 { 1 , "DOMAIN-X500-COMPRESS" },
1267 static const value_string krb5_address_types[] = {
1268 { KRB5_ADDR_IPv4, "IPv4"},
1269 { KRB5_ADDR_CHAOS, "CHAOS"},
1270 { KRB5_ADDR_XEROX, "XEROX"},
1271 { KRB5_ADDR_ISO, "ISO"},
1272 { KRB5_ADDR_DECNET, "DECNET"},
1273 { KRB5_ADDR_APPLETALK, "APPLETALK"},
1274 { KRB5_ADDR_NETBIOS, "NETBIOS"},
1275 { KRB5_ADDR_IPv6, "IPv6"},
1279 static const value_string krb5_msg_types[] = {
1280 { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
1281 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
1282 { KRB5_MSG_TGS_REQ, "TGS-REQ" },
1283 { KRB5_MSG_TGS_REP, "TGS-REP" },
1284 { KRB5_MSG_AS_REQ, "AS-REQ" },
1285 { KRB5_MSG_AS_REP, "AS-REP" },
1286 { KRB5_MSG_AP_REQ, "AP-REQ" },
1287 { KRB5_MSG_AP_REP, "AP-REP" },
1288 { KRB5_MSG_SAFE, "KRB-SAFE" },
1289 { KRB5_MSG_PRIV, "KRB-PRIV" },
1290 { KRB5_MSG_CRED, "KRB-CRED" },
1291 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
1292 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
1293 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
1294 { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" },
1295 { KRB5_MSG_ERROR, "KRB-ERROR" },
1302 static int dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1303 static int dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1304 static int dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1305 static int dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1306 static int dissect_krb5_EncKrbPrivPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1307 static int dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1308 static int dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1309 static int dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1310 static int dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1311 static int dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1312 static int dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1313 static int dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1314 static int dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
1316 static const ber_choice_t kerberos_applications_choice[] = {
1317 { KRB5_MSG_AUTHENTICATOR, BER_CLASS_APP, KRB5_MSG_AUTHENTICATOR, 0, dissect_krb5_Authenticator },
1318 { KRB5_MSG_ENC_TICKET_PART, BER_CLASS_APP, KRB5_MSG_ENC_TICKET_PART, 0, dissect_krb5_EncTicketPart },
1319 { KRB5_MSG_AS_REQ, BER_CLASS_APP, KRB5_MSG_AS_REQ, 0, dissect_krb5_KDC_REQ },
1320 { KRB5_MSG_AS_REP, BER_CLASS_APP, KRB5_MSG_AS_REP, 0, dissect_krb5_KDC_REP },
1321 { KRB5_MSG_TGS_REQ, BER_CLASS_APP, KRB5_MSG_TGS_REQ, 0, dissect_krb5_KDC_REQ },
1322 { KRB5_MSG_TGS_REP, BER_CLASS_APP, KRB5_MSG_TGS_REP, 0, dissect_krb5_KDC_REP },
1323 { KRB5_MSG_AP_REQ, BER_CLASS_APP, KRB5_MSG_AP_REQ, 0, dissect_krb5_AP_REQ },
1324 { KRB5_MSG_AP_REP, BER_CLASS_APP, KRB5_MSG_AP_REP, 0, dissect_krb5_AP_REP },
1325 { KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
1326 { KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
1327 { KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart },
1328 { KRB5_MSG_ENC_KRB_PRIV_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_PRIV_PART, 0, dissect_krb5_EncKrbPrivPart },
1329 { KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE },
1330 { KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV },
1331 { KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR },
1332 { 0, 0, 0, 0, NULL }
1337 dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1339 offset=dissect_ber_CHOICE(pinfo, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
1344 static const true_false_string krb5_apoptions_use_session_key = {
1345 "USE SESSION KEY to encrypt the ticket",
1346 "Do NOT use the session key to encrypt the ticket"
1348 static const true_false_string krb5_apoptions_mutual_required = {
1349 "MUTUAL authentication is REQUIRED",
1350 "Mutual authentication is NOT required"
1353 static int *APOptions_bits[] = {
1354 &hf_krb_APOptions_use_session_key,
1355 &hf_krb_APOptions_mutual_required,
1359 dissect_krb5_APOptions(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1361 offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, APOptions_bits, hf_krb_APOptions, ett_krb_AP_Options, NULL);
1367 static const true_false_string krb5_kdcoptions_forwardable = {
1368 "FORWARDABLE tickets are allowed/requested",
1369 "Do NOT use forwardable tickets"
1371 static const true_false_string krb5_kdcoptions_forwarded = {
1372 "This ticket has been FORWARDED",
1373 "This is NOT a forwarded ticket"
1375 static const true_false_string krb5_kdcoptions_proxyable = {
1376 "PROXIABLE tickets are allowed/requested",
1377 "Do NOT use proxiable tickets"
1379 static const true_false_string krb5_kdcoptions_proxy = {
1380 "This is a PROXY ticket",
1381 "This ticket has NOT been proxied"
1383 static const true_false_string krb5_kdcoptions_allow_postdate = {
1384 "We allow the ticket to be POSTDATED",
1385 "We do NOT allow the ticket to be postdated"
1387 static const true_false_string krb5_kdcoptions_postdated = {
1388 "This ticket is POSTDATED",
1389 "This ticket is NOT postdated"
1391 static const true_false_string krb5_kdcoptions_renewable = {
1392 "This ticket is RENEWABLE",
1393 "This ticket is NOT renewable"
1395 static const true_false_string krb5_kdcoptions_canonicalize = {
1396 "This is a request for a CANONICALIZED ticket",
1397 "This is NOT a canonicalized ticket request"
1399 static const true_false_string krb5_kdcoptions_disable_transited_check = {
1400 "Transited checking is DISABLED",
1401 "Transited checking is NOT disabled"
1403 static const true_false_string krb5_kdcoptions_renewable_ok = {
1404 "We accept RENEWED tickets",
1405 "We do NOT accept renewed tickets"
1407 static const true_false_string krb5_kdcoptions_enc_tkt_in_skey = {
1408 "ENCrypt TKT in SKEY",
1409 "Do NOT encrypt the tkt inside the skey"
1411 static const true_false_string krb5_kdcoptions_renew = {
1412 "This is a request to RENEW a ticket",
1413 "This is NOT a request to renew a ticket"
1415 static const true_false_string krb5_kdcoptions_validate = {
1416 "This is a request to VALIDATE a postdated ticket",
1417 "This is NOT a request to validate a postdated ticket"
1420 static int* KDCOptions_bits[] = {
1421 &hf_krb_KDCOptions_forwardable,
1422 &hf_krb_KDCOptions_forwarded,
1423 &hf_krb_KDCOptions_proxyable,
1424 &hf_krb_KDCOptions_proxy,
1425 &hf_krb_KDCOptions_allow_postdate,
1426 &hf_krb_KDCOptions_postdated,
1427 &hf_krb_KDCOptions_renewable,
1428 &hf_krb_KDCOptions_opt_hardware_auth,
1429 &hf_krb_KDCOptions_canonicalize,
1430 &hf_krb_KDCOptions_disable_transited_check,
1431 &hf_krb_KDCOptions_renewable_ok,
1432 &hf_krb_KDCOptions_enc_tkt_in_skey,
1433 &hf_krb_KDCOptions_renew,
1434 &hf_krb_KDCOptions_validate,
1439 dissect_krb5_KDCOptions(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1441 offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, KDCOptions_bits, hf_krb_KDCOptions, ett_krb_KDC_Options, NULL);
1446 dissect_krb5_rtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1448 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_rtime);
1453 dissect_krb5_ctime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1455 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_ctime);
1459 dissect_krb5_cusec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1461 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_cusec, NULL);
1466 dissect_krb5_stime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1468 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_stime);
1472 dissect_krb5_susec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1474 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_susec, NULL);
1480 dissect_krb5_error_code(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1482 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
1483 if(krb5_errorcode && check_col(pinfo->cinfo, COL_INFO)) {
1484 col_add_fstr(pinfo->cinfo, COL_INFO,
1486 val_to_str(krb5_errorcode, krb5_error_codes,
1487 "Unknown error code %#x"));
1495 dissect_krb5_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1497 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_till);
1501 dissect_krb5_from(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1503 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_from);
1510 dissect_krb5_nonce(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1512 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_nonce, NULL);
1518 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
1521 dissect_krb5_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1525 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &etype);
1527 proto_item_append_text(tree, " %s",
1528 val_to_str(etype, krb5_encryption_types,
1533 static ber_sequence_t etype_sequence_of[1] = {
1534 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_krb5_etype },
1537 dissect_krb5_etype_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1539 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, etype_sequence_of, hf_krb_etypes, ett_krb_etypes);
1543 static guint32 authenticator_etype;
1545 dissect_krb5_authenticator_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1547 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
1549 proto_item_append_text(tree, " %s",
1550 val_to_str(authenticator_etype, krb5_encryption_types,
1555 static guint32 Ticket_etype;
1557 dissect_krb5_Ticket_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1559 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
1561 proto_item_append_text(tree, " %s",
1562 val_to_str(Ticket_etype, krb5_encryption_types,
1567 static guint32 AP_REP_etype;
1569 dissect_krb5_AP_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1571 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
1573 proto_item_append_text(tree, " %s",
1574 val_to_str(AP_REP_etype, krb5_encryption_types,
1579 static guint32 PA_ENC_TIMESTAMP_etype;
1581 dissect_krb5_PA_ENC_TIMESTAMP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1583 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
1585 proto_item_append_text(tree, " %s",
1586 val_to_str(PA_ENC_TIMESTAMP_etype, krb5_encryption_types,
1594 * HostAddress ::= SEQUENCE {
1595 * addr-type[0] INTEGER,
1596 * address[1] OCTET STRING
1599 static guint32 addr_type;
1600 static int dissect_krb5_addr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1602 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_addr_type, &addr_type);
1605 static int dissect_krb5_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1611 char address_str[256];
1612 proto_item *it=NULL;
1614 /* read header and len for the octet string */
1615 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
1616 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
1622 case KRB5_ADDR_IPv4:
1623 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, FALSE);
1624 sprintf(address_str,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
1626 case KRB5_ADDR_NETBIOS:
1628 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
1629 int netbios_name_type;
1631 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name);
1632 snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
1633 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
1637 proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
1641 /* push it up two levels in the decode pane */
1643 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
1644 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
1650 static ber_sequence_t HostAddress_sequence[] = {
1651 { BER_CLASS_CON, 0, 0, dissect_krb5_addr_type },
1652 { BER_CLASS_CON, 1, 0, dissect_krb5_address },
1656 dissect_krb5_HostAddress(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1659 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_HostAddress, ett_krb_HostAddress);
1664 dissect_krb5_s_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1667 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_s_address, ett_krb_s_address);
1673 * HostAddresses ::= SEQUENCE OF SEQUENCE {
1674 * addr-type[0] INTEGER,
1675 * address[1] OCTET STRING
1679 static ber_sequence_t HostAddresses_sequence_of[1] = {
1680 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_HostAddress },
1683 dissect_krb5_HostAddresses(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1685 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, HostAddresses_sequence_of, hf_krb_HostAddresses, ett_krb_HostAddresses);
1693 dissect_krb5_msg_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1697 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_msg_type, &msgtype);
1699 if (do_col_info & check_col(pinfo->cinfo, COL_INFO)) {
1700 col_add_str(pinfo->cinfo, COL_INFO,
1701 val_to_str(msgtype, krb5_msg_types,
1702 "Unknown msg type %#x"));
1706 /* append the application type to the subtree */
1707 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
1715 dissect_krb5_pvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1717 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_pvno, NULL);
1724 * PrincipalName ::= SEQUENCE {
1725 * name-type[0] INTEGER,
1726 * name-string[1] SEQUENCE OF GeneralString
1731 dissect_krb5_name_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1734 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_name_type, &name_type);
1736 proto_item_append_text(tree, " (%s):",
1737 val_to_str(name_type, krb5_princ_types,
1742 static char name_string_separator;
1744 dissect_krb5_name_string(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1746 char name_string[256];
1748 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_name_string, name_string, 255);
1750 proto_item_append_text(tree, "%c%s", name_string_separator, name_string);
1751 name_string_separator='/';
1756 static ber_sequence_t name_stringe_sequence_of[1] = {
1757 { BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_krb5_name_string },
1760 dissect_krb5_name_strings(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1762 name_string_separator=' ';
1763 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, name_stringe_sequence_of, -1, -1);
1767 static ber_sequence_t PrincipalName_sequence[] = {
1768 { BER_CLASS_CON, 0, 0, dissect_krb5_name_type },
1769 { BER_CLASS_CON, 1, 0, dissect_krb5_name_strings },
1773 dissect_krb5_sname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1776 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_sname, ett_krb_sname);
1781 dissect_krb5_cname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1784 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_cname, ett_krb_cname);
1791 dissect_krb5_realm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1793 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_realm, NULL, 0);
1798 dissect_krb5_crealm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1800 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_crealm, NULL, 0);
1807 dissect_krb5_PA_PAC_REQUEST_flag(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1809 offset=dissect_ber_boolean(FALSE, pinfo, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag);
1814 static ber_sequence_t PA_PAC_REQUEST_sequence[] = {
1815 { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PAC_REQUEST_flag },
1819 dissect_krb5_PA_PAC_REQUEST(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1822 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_PAC_REQUEST_sequence, -1, -1);
1831 dissect_krb5_PA_PROV_SRV_LOCATION(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1833 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
1841 dissect_krb5_kvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1843 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_kvno, NULL);
1851 dissect_krb5_seq_number(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1853 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_seq_number, NULL);
1861 dissect_krb5_patimestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1863 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_patimestamp);
1866 #ifdef HAVE_KERBEROS
1868 dissect_krb5_pausec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1870 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_pausec, NULL);
1873 static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
1874 { BER_CLASS_CON, 0, 0, dissect_krb5_patimestamp },
1875 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_pausec },
1879 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1881 guint8 *plaintext=NULL;
1884 length=tvb_length_remaining(tvb, offset);
1886 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1888 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
1892 plaintext=decrypt_krb5_data(tree, pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype);
1897 next_tvb = tvb_new_real_data (plaintext,
1900 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
1902 /* Add the decrypted data to the data source list. */
1903 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
1906 offset=dissect_ber_sequence(FALSE, pinfo, tree, next_tvb, 0, PA_ENC_TS_ENC_sequence, -1, -1);
1915 dissect_krb5_encrypted_PA_ENC_TIMESTAMP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1917 #ifdef HAVE_KERBEROS
1918 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
1920 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, NULL);
1924 static ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
1925 { BER_CLASS_CON, 0, 0,
1926 dissect_krb5_PA_ENC_TIMESTAMP_etype },
1927 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
1928 dissect_krb5_kvno },
1929 { BER_CLASS_CON, 2, 0,
1930 dissect_krb5_encrypted_PA_ENC_TIMESTAMP },
1934 dissect_krb5_PA_ENC_TIMESTAMP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1936 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENC_TIMESTAMP_sequence, -1, -1);
1944 dissect_krb5_etype_info_salt(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1946 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_etype_info_salt, NULL);
1950 static ber_sequence_t PA_ENCTYPE_INFO_ENTRY_sequence[] = {
1951 { BER_CLASS_CON, 0, 0,
1952 dissect_krb5_etype },
1953 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
1954 dissect_krb5_etype_info_salt },
1958 dissect_krb5_PA_ENCTYPE_INFO_ENTRY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1960 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO_ENTRY_sequence, -1, -1);
1965 static ber_sequence_t PA_ENCTYPE_INFO_sequence_of[1] = {
1966 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO_ENTRY },
1969 dissect_krb5_PA_ENCTYPE_INFO(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1971 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO_sequence_of, -1, -1);
1977 * PA-DATA ::= SEQUENCE {
1978 * padata-type[1] INTEGER,
1979 * padata-value[2] OCTET STRING,
1980 * -- might be encoded AP-REQ
1983 guint32 krb_PA_DATA_type;
1985 dissect_krb5_PA_DATA_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1987 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
1988 krb_PA_DATA_type&=0xff; /*this is really just one single byte */
1991 proto_item_append_text(tree, " %s",
1992 val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
1998 dissect_krb5_PA_DATA_value(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2000 proto_tree *tree=parent_tree;
2002 if(ber_last_created_item){
2003 tree=proto_item_add_subtree(ber_last_created_item, ett_krb_PA_DATA_tree);
2007 switch(krb_PA_DATA_type){
2008 case KRB5_PA_TGS_REQ:
2009 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_application_choice);
2011 case KRB5_PA_PK_AS_REQ:
2012 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_pkinit_PA_PK_AS_REQ);
2014 case KRB5_PA_PK_AS_REP:
2015 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_pkinit_PA_PK_AS_REP);
2017 case KRB5_PA_PAC_REQUEST:
2018 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PAC_REQUEST);
2020 case KRB5_PA_PROV_SRV_LOCATION:
2021 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PROV_SRV_LOCATION);
2023 case KRB5_PA_ENC_TIMESTAMP:
2024 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENC_TIMESTAMP);
2026 case KRB5_PA_ENCTYPE_INFO:
2027 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
2030 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
2036 static ber_sequence_t PA_DATA_sequence[] = {
2037 { BER_CLASS_CON, 1, 0, dissect_krb5_PA_DATA_type },
2038 { BER_CLASS_CON, 2, 0, dissect_krb5_PA_DATA_value },
2042 dissect_krb5_PA_DATA(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2044 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_DATA_sequence, -1, -1);
2053 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
2056 static ber_sequence_t PA_DATA_sequence_of[1] = {
2057 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_DATA },
2060 dissect_krb5_padata(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2062 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_DATA_sequence_of, hf_krb_padata, ett_krb_padata);
2070 static const true_false_string krb5_ticketflags_forwardable = {
2071 "FORWARDABLE tickets are allowed/requested",
2072 "Do NOT use forwardable tickets"
2074 static const true_false_string krb5_ticketflags_forwarded = {
2075 "This ticket has been FORWARDED",
2076 "This is NOT a forwarded ticket"
2078 static const true_false_string krb5_ticketflags_proxyable = {
2079 "PROXIABLE tickets are allowed/requested",
2080 "Do NOT use proxiable tickets"
2082 static const true_false_string krb5_ticketflags_proxy = {
2083 "This is a PROXY ticket",
2084 "This ticket has NOT been proxied"
2086 static const true_false_string krb5_ticketflags_allow_postdate = {
2087 "We allow the ticket to be POSTDATED",
2088 "We do NOT allow the ticket to be postdated"
2090 static const true_false_string krb5_ticketflags_postdated = {
2091 "This ticket is POSTDATED",
2092 "This ticket is NOT postdated"
2094 static const true_false_string krb5_ticketflags_invalid = {
2095 "This ticket is INVALID",
2096 "This ticket is NOT invalid"
2098 static const true_false_string krb5_ticketflags_renewable = {
2099 "This ticket is RENEWABLE",
2100 "This ticket is NOT renewable"
2102 static const true_false_string krb5_ticketflags_initial = {
2103 "This ticket was granted by AS and not TGT protocol",
2104 "This ticket was granted by TGT and not as protocol"
2106 static const true_false_string krb5_ticketflags_pre_auth = {
2107 "The client was PRE-AUTHenticated",
2108 "The client was NOT pre-authenticated"
2110 static const true_false_string krb5_ticketflags_hw_auth = {
2111 "The client was authenticated by HardWare",
2112 "The client was NOT authenticated using hardware"
2114 static const true_false_string krb5_ticketflags_transited_policy_checked = {
2115 "Kdc has performed TRANSITED POLICY CHECKING",
2116 "Kdc has NOT performed transited policy checking"
2118 static const true_false_string krb5_ticketflags_ok_as_delegate = {
2119 "This ticket is OK AS a DELEGATED ticket",
2120 "This ticket is NOT ok as a delegated ticket"
2123 static int* TicketFlags_bits[] = {
2124 &hf_krb_TicketFlags_forwardable,
2125 &hf_krb_TicketFlags_forwarded,
2126 &hf_krb_TicketFlags_proxyable,
2127 &hf_krb_TicketFlags_proxy,
2128 &hf_krb_TicketFlags_allow_postdate,
2129 &hf_krb_TicketFlags_postdated,
2130 &hf_krb_TicketFlags_invalid,
2131 &hf_krb_TicketFlags_renewable,
2132 &hf_krb_TicketFlags_initial,
2133 &hf_krb_TicketFlags_pre_auth,
2134 &hf_krb_TicketFlags_hw_auth,
2135 &hf_krb_TicketFlags_transited_policy_checked,
2136 &hf_krb_TicketFlags_ok_as_delegate,
2141 dissect_krb5_TicketFlags(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2143 offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, TicketFlags_bits, hf_krb_TicketFlags, ett_krb_Ticket_Flags, NULL);
2148 static guint32 keytype;
2150 dissect_krb5_keytype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2152 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_keytype, &keytype);
2154 proto_item_append_text(tree, " %s",
2155 val_to_str(keytype, krb5_encryption_types,
2160 static int keylength;
2161 static const char *keyvalue;
2163 store_keyvalue(packet_info *pinfo _U_, proto_tree *tree _U_, tvbuff_t *tvb, int offset)
2165 keylength=tvb_length_remaining(tvb, offset);
2166 keyvalue=tvb_get_ptr(tvb, offset, keylength);
2170 dissect_krb5_keyvalue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2172 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_keyvalue, store_keyvalue);
2178 * EncryptionKey ::= SEQUENCE {
2180 * keyvalue [1] octet string
2182 static ber_sequence_t EncryptionKey_sequence[] = {
2183 { BER_CLASS_CON, 0, 0,
2184 dissect_krb5_keytype },
2185 { BER_CLASS_CON, 1, 0,
2186 dissect_krb5_keyvalue },
2190 dissect_krb5_key(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2192 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncryptionKey_sequence, hf_krb_key, ett_krb_key);
2194 #ifdef HAVE_KERBEROS
2195 add_encryption_key(pinfo, keytype, keylength, keyvalue, "key");
2200 dissect_krb5_subkey(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2202 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncryptionKey_sequence, hf_krb_subkey, ett_krb_subkey);
2203 #ifdef HAVE_KERBEROS
2204 add_encryption_key(pinfo, keytype, keylength, keyvalue, "subkey");
2212 dissect_krb5_PAC_LOGON_INFO(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2214 proto_item *item=NULL;
2215 proto_tree *tree=NULL;
2216 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
2217 dcerpc_info di; /* fake dcerpc_info struct */
2218 void *old_private_data;
2220 item=proto_tree_add_item(parent_tree, hf_krb_PAC_LOGON_INFO, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2222 tree=proto_item_add_subtree(item, ett_krb_PAC_LOGON_INFO);
2225 /* skip the first 20 bytes, they look like a unique ndr pointer
2226 followed by (where did it come from?) a contect_handle ?*/
2227 proto_tree_add_text(tree, tvb, offset, 20, "unknown: is this an undocumented policy handle?");
2231 /* the PAC_LOGON_INFO blob */
2232 /* fake whatever state the dcerpc runtime support needs */
2233 di.conformant_run=0;
2235 old_private_data=pinfo->private_data;
2236 pinfo->private_data=&di;
2237 init_ndr_pointer_list(pinfo);
2238 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
2239 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_REF,
2240 "PAC_LOGON_INFO:", -1);
2241 pinfo->private_data=old_private_data;
2247 dissect_krb5_PAC_CREDENTIAL_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2249 proto_item *item=NULL;
2250 proto_tree *tree=NULL;
2252 item=proto_tree_add_item(parent_tree, hf_krb_PAC_CREDENTIAL_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2254 tree=proto_item_add_subtree(item, ett_krb_PAC_CREDENTIAL_TYPE);
2262 dissect_krb5_PAC_SERVER_CHECKSUM(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2264 proto_item *item=NULL;
2265 proto_tree *tree=NULL;
2267 item=proto_tree_add_item(parent_tree, hf_krb_PAC_SERVER_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2269 tree=proto_item_add_subtree(item, ett_krb_PAC_SERVER_CHECKSUM);
2272 /* signature type */
2273 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, TRUE);
2276 /* signature data */
2277 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2283 dissect_krb5_PAC_PRIVSVR_CHECKSUM(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2285 proto_item *item=NULL;
2286 proto_tree *tree=NULL;
2288 item=proto_tree_add_item(parent_tree, hf_krb_PAC_PRIVSVR_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2290 tree=proto_item_add_subtree(item, ett_krb_PAC_PRIVSVR_CHECKSUM);
2293 /* signature type */
2294 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, TRUE);
2297 /* signature data */
2298 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2304 dissect_krb5_PAC_CLIENT_INFO_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
2306 proto_item *item=NULL;
2307 proto_tree *tree=NULL;
2311 item=proto_tree_add_item(parent_tree, hf_krb_PAC_CLIENT_INFO_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
2313 tree=proto_item_add_subtree(item, ett_krb_PAC_CLIENT_INFO_TYPE);
2317 offset = dissect_nt_64bit_time(tvb, tree, offset,
2318 hf_krb_pac_clientid);
2321 namelen=tvb_get_letohs(tvb, offset);
2322 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
2326 name=tvb_fake_unicode(tvb, offset, namelen/2, TRUE);
2327 proto_tree_add_string(tree, hf_krb_pac_clientname, tvb, offset, namelen, name);
2335 dissect_krb5_AD_WIN2K_PAC_struct(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2340 proto_item *it=NULL;
2341 proto_tree *tr=NULL;
2344 /* type of pac data */
2345 pac_type=tvb_get_letohl(tvb, offset);
2346 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
2348 tr=proto_item_add_subtree(it, ett_krb_PAC);
2353 /* size of pac data */
2354 pac_size=tvb_get_letohl(tvb, offset);
2355 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
2358 /* offset to pac data */
2359 pac_offset=tvb_get_letohl(tvb, offset);
2360 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
2364 next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size);
2366 case PAC_LOGON_INFO:
2367 dissect_krb5_PAC_LOGON_INFO(pinfo, tr, next_tvb, 0);
2369 case PAC_CREDENTIAL_TYPE:
2370 dissect_krb5_PAC_CREDENTIAL_TYPE(pinfo, tr, next_tvb, 0);
2372 case PAC_SERVER_CHECKSUM:
2373 dissect_krb5_PAC_SERVER_CHECKSUM(pinfo, tr, next_tvb, 0);
2375 case PAC_PRIVSVR_CHECKSUM:
2376 dissect_krb5_PAC_PRIVSVR_CHECKSUM(pinfo, tr, next_tvb, 0);
2378 case PAC_CLIENT_INFO_TYPE:
2379 dissect_krb5_PAC_CLIENT_INFO_TYPE(pinfo, tr, next_tvb, 0);
2388 dissect_krb5_AD_WIN2K_PAC(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2394 /* first in the PAC structure comes the number of entries */
2395 entries=tvb_get_letohl(tvb, offset);
2396 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
2399 /* second comes the version */
2400 version=tvb_get_letohl(tvb, offset);
2401 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
2404 for(i=0;i<entries;i++){
2405 offset=dissect_krb5_AD_WIN2K_PAC_struct(pinfo, tree, tvb, offset);
2411 static guint32 IF_RELEVANT_type;
2413 dissect_krb5_IF_RELEVANT_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2415 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
2417 proto_item_append_text(tree, " %s",
2418 val_to_str(IF_RELEVANT_type, krb5_ad_types,
2424 dissect_krb5_IF_RELEVANT_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2426 switch(IF_RELEVANT_type){
2427 case KRB5_AD_WIN2K_PAC:
2428 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_WIN2K_PAC);
2431 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_value, NULL);
2435 static ber_sequence_t IF_RELEVANT_item_sequence[] = {
2436 { BER_CLASS_CON, 0, 0,
2437 dissect_krb5_IF_RELEVANT_type },
2438 { BER_CLASS_CON, 1, 0,
2439 dissect_krb5_IF_RELEVANT_value },
2443 dissect_krb5_IF_RELEVANT_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2445 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, IF_RELEVANT_item_sequence, hf_krb_IF_RELEVANT, ett_krb_IF_RELEVANT);
2450 static ber_sequence_t IF_RELEVANT_sequence_of[1] = {
2451 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_IF_RELEVANT_item },
2455 dissect_krb5_IF_RELEVANT(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2457 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, IF_RELEVANT_sequence_of, -1, -1);
2462 static guint32 adtype;
2464 dissect_krb5_adtype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2466 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_adtype, &adtype);
2468 proto_item_append_text(tree, " %s",
2469 val_to_str(adtype, krb5_ad_types,
2475 dissect_krb5_advalue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2478 case KRB5_AD_IF_RELEVANT:
2479 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, dissect_krb5_IF_RELEVANT);
2482 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, NULL);
2487 * AuthorizationData ::= SEQUENCE {
2489 * ad-data [1] octet string
2491 static ber_sequence_t AuthorizationData_item_sequence[] = {
2492 { BER_CLASS_CON, 0, 0,
2493 dissect_krb5_adtype },
2494 { BER_CLASS_CON, 1, 0,
2495 dissect_krb5_advalue },
2499 dissect_krb5_AuthorizationData_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2501 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AuthorizationData_item_sequence, hf_krb_AuthorizationData, ett_krb_AuthorizationData);
2506 static ber_sequence_t AuthorizationData_sequence_of[1] = {
2507 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_AuthorizationData_item },
2510 dissect_krb5_AuthorizationData(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2512 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, AuthorizationData_sequence_of, -1, -1);
2519 dissect_krb5_transited_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2523 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_transitedtype, &trtype);
2525 proto_item_append_text(tree, " %s",
2526 val_to_str(trtype, krb5_transited_types,
2533 dissect_krb5_transited_contents(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2535 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_transitedcontents, NULL);
2540 * TransitedEncoding ::= SEQUENCE {
2542 * contents [1] octet string
2544 static ber_sequence_t TransitedEncoding_sequence[] = {
2545 { BER_CLASS_CON, 0, 0,
2546 dissect_krb5_transited_type },
2547 { BER_CLASS_CON, 1, 0,
2548 dissect_krb5_transited_contents },
2552 dissect_krb5_transited(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2554 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, TransitedEncoding_sequence, hf_krb_TransitedEncoding, ett_krb_TransitedEncoding);
2561 dissect_krb5_authtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2563 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_authtime);
2567 dissect_krb5_starttime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2569 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_starttime);
2573 dissect_krb5_endtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2575 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_endtime);
2579 dissect_krb5_renew_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2581 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_renew_till);
2586 * EncTicketPart ::= SEQUENCE {
2587 * flags [0] TicketFlags,
2588 * key [1] EncryptionKey,
2590 * cname [3] PrincipalName,
2591 * transited [4] TransitedEncoding,
2592 * authtime [5] KerberosTime,
2593 * starttime [6] KerberosTime OPTIONAL,
2594 * endtime [7] KerberosTime,
2595 * renew-till [8] KerberosTime OPTIONAL,
2596 * caddr [9] HostAddresses OPTIONAL,
2597 * authorization-data [10] AuthorizationData OPTIONAL
2600 static ber_sequence_t EncTicketPart_sequence[] = {
2601 { BER_CLASS_CON, 0, 0,
2602 dissect_krb5_TicketFlags },
2603 { BER_CLASS_CON, 1, 0,
2605 { BER_CLASS_CON, 2, 0,
2606 dissect_krb5_crealm },
2607 { BER_CLASS_CON, 3, 0,
2608 dissect_krb5_cname },
2609 { BER_CLASS_CON, 4, 0,
2610 dissect_krb5_transited },
2611 { BER_CLASS_CON, 5, 0,
2612 dissect_krb5_authtime },
2613 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2614 dissect_krb5_starttime },
2615 { BER_CLASS_CON, 7, 0,
2616 dissect_krb5_endtime },
2617 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
2618 dissect_krb5_renew_till },
2619 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
2620 dissect_krb5_HostAddresses },
2621 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
2622 dissect_krb5_AuthorizationData },
2626 dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2628 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncTicketPart_sequence, hf_krb_EncTicketPart, ett_krb_EncTicketPart);
2639 * EncAPRepPart ::= SEQUENCE {
2640 * ctime [0] KerberosTime
2641 * cusec [1] Microseconds
2642 * subkey [2] encryptionKey OPTIONAL
2643 * seq-number [3] uint32 OPTIONAL
2646 static ber_sequence_t EncAPRepPart_sequence[] = {
2647 { BER_CLASS_CON, 0, 0,
2648 dissect_krb5_ctime },
2649 { BER_CLASS_CON, 1, 0,
2650 dissect_krb5_cusec },
2651 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
2652 dissect_krb5_subkey },
2653 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2654 dissect_krb5_seq_number },
2658 dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2660 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncAPRepPart_sequence, hf_krb_EncAPRepPart, ett_krb_EncAPRepPart);
2667 static guint32 lr_type;
2668 static const value_string krb5_lr_types[] = {
2669 { 0 , "No information available" },
2670 { 1 , "Time of last initial TGT request" },
2671 { 2 , "Time of last initial request" },
2672 { 3 , "Time of issue of latest TGT ticket" },
2673 { 4 , "Time of last renewal" },
2674 { 5 , "Time of last request" },
2675 { 6 , "Time when password will expire" },
2676 { 7 , "Time when account will expire" },
2680 dissect_krb5_lr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2682 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_lr_type, &lr_type);
2687 dissect_krb5_lr_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2689 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_lr_time);
2694 static ber_sequence_t LastReq_sequence[] = {
2695 { BER_CLASS_CON, 0, 0,
2696 dissect_krb5_lr_type },
2697 { BER_CLASS_CON, 1, 0,
2698 dissect_krb5_lr_value },
2702 dissect_krb5_LastReq(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2704 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, LastReq_sequence, hf_krb_LastReq, ett_krb_LastReq);
2708 static ber_sequence_t LastReq_sequence_of[1] = {
2709 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_LastReq },
2712 dissect_krb5_LastReq_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2714 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, LastReq_sequence_of, hf_krb_LastReqs, ett_krb_LastReqs);
2720 dissect_krb5_key_expiration(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2722 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_key_expire);
2726 static ber_sequence_t EncKDCRepPart_sequence[] = {
2727 { BER_CLASS_CON, 0, 0,
2729 { BER_CLASS_CON, 1, 0,
2730 dissect_krb5_LastReq_sequence_of },
2731 { BER_CLASS_CON, 2, 0,
2732 dissect_krb5_nonce },
2733 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2734 dissect_krb5_key_expiration },
2735 { BER_CLASS_CON, 4, 0,
2736 dissect_krb5_TicketFlags },
2737 { BER_CLASS_CON, 5, 0,
2738 dissect_krb5_authtime },
2739 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2740 dissect_krb5_starttime },
2741 { BER_CLASS_CON, 7, 0,
2742 dissect_krb5_endtime },
2743 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
2744 dissect_krb5_renew_till },
2745 { BER_CLASS_CON, 9, 0,
2746 dissect_krb5_realm },
2747 { BER_CLASS_CON, 10, 0,
2748 dissect_krb5_sname },
2749 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
2750 dissect_krb5_HostAddresses },
2754 dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2756 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncKDCRepPart_sequence, hf_krb_EncKDCRepPart, ett_krb_EncKDCRepPart);
2763 dissect_krb5_authenticator_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2765 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
2772 dissect_krb5_checksum_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2774 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_type, NULL);
2779 dissect_krb5_checksum_checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2781 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
2786 * Checksum ::= SEQUENCE {
2789 static ber_sequence_t Checksum_sequence[] = {
2790 { BER_CLASS_CON, 0, 0,
2791 dissect_krb5_checksum_type },
2792 { BER_CLASS_CON, 1, 0,
2793 dissect_krb5_checksum_checksum },
2797 dissect_krb5_Checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2799 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Checksum_sequence, hf_krb_Checksum, ett_krb_Checksum);
2805 * Authenticator ::= SEQUENCE {
2806 * authenticator-vno [0] integer
2808 * cname [2] PrincipalName
2809 * cksum [3] Checksum OPTIONAL
2810 * cusec [4] Microseconds
2811 * ctime [5] KerberosTime
2812 * subkey [6] encryptionKey OPTIONAL
2813 * seq-number [7] uint32 OPTIONAL
2814 * authorization-data [8] AuthorizationData OPTIONAL
2817 static ber_sequence_t Authenticator_sequence[] = {
2818 { BER_CLASS_CON, 0, 0,
2819 dissect_krb5_authenticator_vno },
2820 { BER_CLASS_CON, 1, 0,
2821 dissect_krb5_crealm },
2822 { BER_CLASS_CON, 2, 0,
2823 dissect_krb5_cname },
2824 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2825 dissect_krb5_Checksum },
2826 { BER_CLASS_CON, 4, 0,
2827 dissect_krb5_cusec },
2828 { BER_CLASS_CON, 5, 0,
2829 dissect_krb5_ctime },
2830 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2831 dissect_krb5_subkey },
2832 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
2833 dissect_krb5_seq_number },
2834 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
2835 dissect_krb5_AuthorizationData },
2839 dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2841 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Authenticator_sequence, hf_krb_Authenticator, ett_krb_Authenticator);
2848 dissect_krb5_PRIV_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2851 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_PRIV_BODY_user_data, &new_tvb);
2853 call_kerberos_callbacks(pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA);
2858 static ber_sequence_t EncKrbPrivPart_sequence[] = {
2859 { BER_CLASS_CON, 0, 0,
2860 dissect_krb5_PRIV_BODY_user_data },
2861 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2862 dissect_krb5_patimestamp },
2863 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
2864 dissect_krb5_cusec },
2865 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2866 dissect_krb5_seq_number },
2867 { BER_CLASS_CON, 4, 0,
2868 dissect_krb5_s_address },
2869 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
2870 dissect_krb5_HostAddresses },
2874 dissect_krb5_EncKrbPrivPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2876 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncKrbPrivPart_sequence, hf_krb_EncKrbPrivPart, ett_krb_EncKrbPrivPart);
2881 static guint32 PRIV_etype;
2883 dissect_krb5_PRIV_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2885 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &PRIV_etype);
2887 proto_item_append_text(tree, " %s",
2888 val_to_str(PRIV_etype, krb5_encryption_types,
2894 #ifdef HAVE_KERBEROS
2896 dissect_krb5_decrypt_PRIV (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2898 guint8 *plaintext=NULL;
2901 length=tvb_length_remaining(tvb, offset);
2904 plaintext=decrypt_krb5_data(tree, pinfo, 13, length, tvb_get_ptr(tvb, offset, length), PRIV_etype);
2909 next_tvb = tvb_new_real_data (plaintext,
2912 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
2914 /* Add the decrypted data to the data source list. */
2915 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
2917 offset=dissect_ber_CHOICE(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
2925 * PRIV-BODY ::= SEQUENCE {
2926 * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
2928 * msg-type[1] INTEGER,
2929 * enc-part[3] EncryptedData
2933 dissect_krb5_encrypted_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2935 #ifdef HAVE_KERBEROS
2936 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, dissect_krb5_decrypt_PRIV);
2938 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
2942 static ber_sequence_t ENC_PRIV_sequence[] = {
2943 { BER_CLASS_CON, 0, 0,
2944 dissect_krb5_PRIV_etype },
2945 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2946 dissect_krb5_kvno },
2947 { BER_CLASS_CON, 2, 0,
2948 dissect_krb5_encrypted_PRIV },
2952 dissect_krb5_ENC_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2954 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ENC_PRIV_sequence, hf_krb_ENC_PRIV, ett_krb_PRIV_enc);
2957 static ber_sequence_t PRIV_BODY_sequence[] = {
2958 { BER_CLASS_CON, 0, 0,
2959 dissect_krb5_pvno },
2960 { BER_CLASS_CON, 1, 0,
2961 dissect_krb5_msg_type },
2962 { BER_CLASS_CON, 3, 0,
2963 dissect_krb5_ENC_PRIV },
2967 dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2970 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PRIV_BODY_sequence, hf_krb_PRIV_BODY, ett_krb_PRIV);
2977 dissect_krb5_SAFE_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2980 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, &new_tvb);
2981 call_kerberos_callbacks(pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
2985 dissect_krb5_SAFE_BODY_timestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2987 offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
2992 dissect_krb5_SAFE_BODY_usec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2994 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
2998 static ber_sequence_t SAFE_BODY_sequence[] = {
2999 { BER_CLASS_CON, 0, 0,
3000 dissect_krb5_SAFE_BODY_user_data },
3001 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3002 dissect_krb5_SAFE_BODY_timestamp },
3003 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3004 dissect_krb5_SAFE_BODY_usec },
3005 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3006 dissect_krb5_seq_number },
3007 /*XXX this one is OPTIONAL in packetcable? but mandatory in kerberos */
3008 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
3009 dissect_krb5_s_address },
3010 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3011 dissect_krb5_HostAddresses },
3015 dissect_krb5_SAFE_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3018 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_BODY_sequence, -1, -1);
3025 static ber_sequence_t SAFE_sequence[] = {
3026 { BER_CLASS_CON, 0, 0,
3027 dissect_krb5_pvno },
3028 { BER_CLASS_CON, 1, 0,
3029 dissect_krb5_msg_type },
3030 { BER_CLASS_CON, 2, 0,
3031 dissect_krb5_SAFE_BODY },
3032 { BER_CLASS_CON, 3, 0,
3033 dissect_krb5_Checksum },
3037 dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3040 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_sequence, -1, -1);
3047 * KDC-REQ-BODY ::= SEQUENCE {
3048 * kdc-options[0] KDCOptions,
3049 * cname[1] PrincipalName OPTIONAL,
3050 * -- Used only in AS-REQ
3051 * realm[2] Realm, -- Server's realm
3052 * -- Also client's in AS-REQ
3053 * sname[3] PrincipalName OPTIONAL,
3054 * from[4] KerberosTime OPTIONAL,
3055 * till[5] KerberosTime,
3056 * rtime[6] KerberosTime OPTIONAL,
3058 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
3059 * -- in preference order
3060 * addresses[9] HostAddresses OPTIONAL,
3061 * enc-authorization-data[10] EncryptedData OPTIONAL,
3062 * -- Encrypted AuthorizationData encoding
3063 * additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
3067 static ber_sequence_t KDC_REQ_BODY_sequence[] = {
3068 { BER_CLASS_CON, 0, 0,
3069 dissect_krb5_KDCOptions },
3070 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3071 dissect_krb5_cname },
3072 { BER_CLASS_CON, 2, 0,
3073 dissect_krb5_realm},
3074 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3075 dissect_krb5_sname },
3076 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
3077 dissect_krb5_from },
3078 /* this field is not optional in the kerberos spec,
3079 * however, in the packetcable spec it is optional.
3080 * make it optional here since normal kerberos will
3081 * still decode the pdu correctly.
3083 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3084 dissect_krb5_till },
3085 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3086 dissect_krb5_rtime },
3087 { BER_CLASS_CON, 7, 0,
3088 dissect_krb5_nonce },
3089 { BER_CLASS_CON, 8, 0,
3090 dissect_krb5_etype_sequence_of },
3091 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
3092 dissect_krb5_HostAddresses },
3093 /* XXX [10] and [11] enc-authorization-data and additional-tickets should be added */
3097 dissect_krb5_KDC_REQ_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3099 conversation_t *conversation;
3102 * UDP replies to KDC_REQs are sent from the server back to the client's
3103 * source port, similar to the way TFTP works. Set up a conversation
3106 * Ref: Section 7.2.1 of
3107 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
3109 if (pinfo->destport == UDP_PORT_KERBEROS && pinfo->ptype == PT_UDP) {
3110 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
3111 pinfo->srcport, 0, NO_PORT_B);
3112 if (conversation == NULL) {
3113 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
3114 pinfo->srcport, 0, NO_PORT2);
3115 conversation_set_dissector(conversation, kerberos_handle_udp);
3119 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_BODY_sequence, hf_krb_KDC_REQ_BODY, ett_krb_request);
3127 * KDC-REQ ::= SEQUENCE {
3129 * msg-type[2] INTEGER,
3130 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
3131 * req-body[4] KDC-REQ-BODY
3134 static ber_sequence_t KDC_REQ_sequence[] = {
3135 { BER_CLASS_CON, 1, 0,
3136 dissect_krb5_pvno },
3137 { BER_CLASS_CON, 2, 0,
3138 dissect_krb5_msg_type },
3139 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3140 dissect_krb5_padata },
3141 { BER_CLASS_CON, 4, 0,
3142 dissect_krb5_KDC_REQ_BODY },
3146 dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3148 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_sequence, -1, -1);
3154 #ifdef HAVE_KERBEROS
3156 dissect_krb5_decrypt_authenticator_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3158 guint8 *plaintext=NULL;
3161 length=tvb_length_remaining(tvb, offset);
3163 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3165 * Authenticators are encrypted with usage
3170 plaintext=decrypt_krb5_data(tree, pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
3173 plaintext=decrypt_krb5_data(tree, pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
3178 next_tvb = tvb_new_real_data (plaintext,
3181 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
3183 /* Add the decrypted data to the data source list. */
3184 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
3187 offset=dissect_ber_CHOICE(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3196 * EncryptedData ::= SEQUENCE {
3197 * etype[0] INTEGER, -- EncryptionType
3198 * kvno[1] INTEGER OPTIONAL,
3199 * cipher[2] OCTET STRING -- ciphertext
3203 dissect_krb5_encrypted_authenticator_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3205 #ifdef HAVE_KERBEROS
3206 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_authenticator_data, dissect_krb5_decrypt_authenticator_data);
3208 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_authenticator_data, NULL);
3212 static ber_sequence_t encrypted_authenticator_sequence[] = {
3213 { BER_CLASS_CON, 0, 0,
3214 dissect_krb5_authenticator_etype },
3215 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3216 dissect_krb5_kvno },
3217 { BER_CLASS_CON, 2, 0,
3218 dissect_krb5_encrypted_authenticator_data },
3222 dissect_krb5_encrypted_authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3224 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_authenticator_sequence, hf_krb_authenticator_enc, ett_krb_authenticator_enc);
3233 dissect_krb5_tkt_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3235 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_tkt_vno, NULL);
3240 #ifdef HAVE_KERBEROS
3242 dissect_krb5_decrypt_Ticket_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3247 length=tvb_length_remaining(tvb, offset);
3249 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3251 * All Ticket encrypted parts use usage == 2
3253 if( (plaintext=decrypt_krb5_data(tree, pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype)) ){
3255 next_tvb = tvb_new_real_data (plaintext,
3258 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
3260 /* Add the decrypted data to the data source list. */
3261 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
3264 offset=dissect_ber_CHOICE(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3272 dissect_krb5_encrypted_Ticket_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3274 #ifdef HAVE_KERBEROS
3275 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_Ticket_data, dissect_krb5_decrypt_Ticket_data);
3277 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_Ticket_data, NULL);
3281 static ber_sequence_t encrypted_Ticket_sequence[] = {
3282 { BER_CLASS_CON, 0, 0,
3283 dissect_krb5_Ticket_etype },
3284 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3285 dissect_krb5_kvno },
3286 { BER_CLASS_CON, 2, 0,
3287 dissect_krb5_encrypted_Ticket_data },
3291 dissect_krb5_Ticket_encrypted(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3293 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_Ticket_sequence, hf_krb_ticket_enc, ett_krb_ticket_enc);
3298 static ber_sequence_t Application_1_sequence[] = {
3299 { BER_CLASS_CON, 0, 0,
3300 dissect_krb5_tkt_vno },
3301 { BER_CLASS_CON, 1, 0,
3302 dissect_krb5_realm },
3303 { BER_CLASS_CON, 2, 0,
3304 dissect_krb5_sname },
3305 { BER_CLASS_CON, 3, 0,
3306 dissect_krb5_Ticket_encrypted },
3310 dissect_krb5_Application_1(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3312 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Application_1_sequence, hf_krb_ticket, ett_krb_ticket);
3319 static const ber_choice_t Ticket_choice[] = {
3320 { 1, BER_CLASS_APP, 1, 0,
3321 dissect_krb5_Application_1 },
3322 { 0, 0, 0, 0, NULL }
3325 dissect_krb5_Ticket(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3327 offset=dissect_ber_CHOICE(pinfo, tree, tvb, offset, Ticket_choice, -1, -1, NULL);
3336 * AP-REQ ::= [APPLICATION 14] SEQUENCE {
3338 * msg-type[1] INTEGER,
3339 * ap-options[2] APOptions,
3341 * authenticator[4] EncryptedData
3344 static ber_sequence_t AP_REQ_sequence[] = {
3345 { BER_CLASS_CON, 0, 0,
3346 dissect_krb5_pvno },
3347 { BER_CLASS_CON, 1, 0,
3348 dissect_krb5_msg_type },
3349 { BER_CLASS_CON, 2, 0,
3350 dissect_krb5_APOptions },
3351 { BER_CLASS_CON, 3, 0,
3352 dissect_krb5_Ticket },
3353 { BER_CLASS_CON, 4, 0,
3354 dissect_krb5_encrypted_authenticator },
3358 dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3360 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AP_REQ_sequence, -1, -1);
3368 #ifdef HAVE_KERBEROS
3370 dissect_krb5_decrypt_AP_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3372 guint8 *plaintext=NULL;
3375 length=tvb_length_remaining(tvb, offset);
3377 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3379 * Authenticators are encrypted with usage
3384 plaintext=decrypt_krb5_data(tree, pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype);
3389 next_tvb = tvb_new_real_data (plaintext,
3392 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
3394 /* Add the decrypted data to the data source list. */
3395 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
3398 offset=dissect_ber_CHOICE(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3407 dissect_krb5_encrypted_AP_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3409 #ifdef HAVE_KERBEROS
3410 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, dissect_krb5_decrypt_AP_REP_data);
3412 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, NULL);
3416 static ber_sequence_t encrypted_AP_REP_sequence[] = {
3417 { BER_CLASS_CON, 0, 0,
3418 dissect_krb5_AP_REP_etype },
3419 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3420 dissect_krb5_kvno },
3421 { BER_CLASS_CON, 2, 0,
3422 dissect_krb5_encrypted_AP_REP_data },
3426 dissect_krb5_encrypted_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3428 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_AP_REP_sequence, hf_krb_AP_REP_enc, ett_krb_AP_REP_enc);
3434 * AP-REP ::= [APPLICATION 15] SEQUENCE {
3436 * msg-type[1] INTEGER,
3437 * enc-part[2] EncryptedData
3440 static ber_sequence_t AP_REP_sequence[] = {
3441 { BER_CLASS_CON, 0, 0,
3442 dissect_krb5_pvno },
3443 { BER_CLASS_CON, 1, 0,
3444 dissect_krb5_msg_type },
3445 { BER_CLASS_CON, 2, 0,
3446 dissect_krb5_encrypted_AP_REP },
3450 dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3452 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AP_REP_sequence, -1, -1);
3461 static guint32 KDC_REP_etype;
3463 dissect_krb5_KDC_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3465 offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
3467 proto_item_append_text(tree, " %s",
3468 val_to_str(KDC_REP_etype, krb5_encryption_types,
3474 #ifdef HAVE_KERBEROS
3476 dissect_krb5_decrypt_KDC_REP_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3478 guint8 *plaintext=NULL;
3481 length=tvb_length_remaining(tvb, offset);
3483 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3485 * ASREP/TGSREP encryptedparts are encrypted with usage
3491 plaintext=decrypt_krb5_data(tree, pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
3494 plaintext=decrypt_krb5_data(tree, pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
3497 plaintext=decrypt_krb5_data(tree, pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
3502 next_tvb = tvb_new_real_data (plaintext,
3505 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
3507 /* Add the decrypted data to the data source list. */
3508 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
3511 offset=dissect_ber_CHOICE(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3520 dissect_krb5_encrypted_KDC_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3522 #ifdef HAVE_KERBEROS
3523 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, dissect_krb5_decrypt_KDC_REP_data);
3525 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, NULL);
3529 static ber_sequence_t encrypted_KDC_REP_sequence[] = {
3530 { BER_CLASS_CON, 0, 0,
3531 dissect_krb5_KDC_REP_etype },
3532 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3533 dissect_krb5_kvno },
3534 { BER_CLASS_CON, 2, 0,
3535 dissect_krb5_encrypted_KDC_REP_data },
3539 dissect_krb5_encrypted_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3541 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_KDC_REP_sequence, hf_krb_KDC_REP_enc, ett_krb_KDC_REP_enc);
3547 * KDC-REP ::= SEQUENCE {
3549 * msg-type[1] INTEGER,
3550 * padata[2] SEQUENCE OF PA-DATA OPTIONAL,
3552 * cname[4] PrincipalName,
3554 * enc-part[6] EncryptedData
3557 static ber_sequence_t KDC_REP_sequence[] = {
3558 { BER_CLASS_CON, 0, 0,
3559 dissect_krb5_pvno },
3560 { BER_CLASS_CON, 1, 0,
3561 dissect_krb5_msg_type },
3562 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3563 dissect_krb5_padata },
3564 { BER_CLASS_CON, 3, 0,
3565 dissect_krb5_crealm },
3566 { BER_CLASS_CON, 4, 0,
3567 dissect_krb5_cname },
3568 { BER_CLASS_CON, 5, 0,
3569 dissect_krb5_Ticket },
3570 { BER_CLASS_CON, 6, 0,
3571 dissect_krb5_encrypted_KDC_REP },
3575 dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3577 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REP_sequence, -1, -1);
3586 dissect_krb5_e_text(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3588 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_e_text, NULL, 0);
3593 dissect_krb5_e_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3595 switch(krb5_errorcode){
3596 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
3597 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, dissect_krb5_padata);
3601 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, NULL);
3607 /* This optional field in KRB_ERR is used by the early drafts which
3608 * PacketCable still use.
3611 dissect_krb5_e_checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3613 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Checksum_sequence, hf_krb_e_checksum, ett_krb_e_checksum);
3620 * KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
3622 * msg-type[1] INTEGER,
3623 * ctime[2] KerberosTime OPTIONAL,
3624 * cusec[3] INTEGER OPTIONAL,
3625 * stime[4] KerberosTime,
3627 * error-code[6] INTEGER,
3628 * crealm[7] Realm OPTIONAL,
3629 * cname[8] PrincipalName OPTIONAL,
3630 * realm[9] Realm, -- Correct realm
3631 * sname[10] PrincipalName, -- Correct name
3632 * e-text[11] GeneralString OPTIONAL,
3633 * e-data[12] OCTET STRING OPTIONAL
3636 * e-data This field contains additional data about the error for use
3637 * by the application to help it recover from or handle the
3638 * error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
3639 * the e-data field will contain an encoding of a sequence of
3640 * padata fields, each corresponding to an acceptable pre-
3641 * authentication method and optionally containing data for
3644 static ber_sequence_t ERROR_sequence[] = {
3645 { BER_CLASS_CON, 0, 0,
3646 dissect_krb5_pvno },
3647 { BER_CLASS_CON, 1, 0,
3648 dissect_krb5_msg_type },
3649 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3650 dissect_krb5_ctime },
3651 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3652 dissect_krb5_cusec },
3653 { BER_CLASS_CON, 4, 0,
3654 dissect_krb5_stime },
3655 { BER_CLASS_CON, 5, 0,
3656 dissect_krb5_susec },
3657 { BER_CLASS_CON, 6, 0,
3658 dissect_krb5_error_code },
3659 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
3660 dissect_krb5_crealm },
3661 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3662 dissect_krb5_cname },
3663 { BER_CLASS_CON, 9, 0,
3664 dissect_krb5_realm },
3665 { BER_CLASS_CON, 10, 0,
3666 dissect_krb5_sname },
3667 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
3668 dissect_krb5_e_text },
3669 { BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL,
3670 dissect_krb5_e_data },
3671 { BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL,
3672 dissect_krb5_e_checksum }, /* used by PacketCable */
3676 dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3678 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ERROR_sequence, -1, -1);
3685 static struct { char *set; char *unset; } bitval = { "Set", "Not set" };
3687 static gint dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
3689 static void dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo,
3691 static gint dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo,
3692 proto_tree *tree, int do_col_info,
3694 kerberos_callbacks *cb);
3695 static gint kerberos_rm_to_reclen(guint krb_rm);
3696 static void dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo,
3698 static guint get_krb_pdu_len(tvbuff_t *tvb, int offset);
3703 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
3705 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, cb));
3709 kerberos_output_keytype(void)
3715 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3717 /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
3718 Since all (except weirdo transarc krb4 stuff) use
3719 an opcode <=16 in the first byte, use this to see if it might
3721 All krb5 commands start with an APPL tag and thus is >=0x60
3722 so if first byte is <=16 just blindly assume it is krb4 then
3724 if(tvb_bytes_exist(tvb, 0, 1) && tvb_get_guint8(tvb, 0)<=0x10){
3726 return call_dissector(krb4_handle, tvb, pinfo, tree);
3733 if (check_col(pinfo->cinfo, COL_PROTOCOL))
3734 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
3736 (void)dissect_kerberos_common(tvb, pinfo, tree, TRUE, FALSE, NULL);
3737 return tvb_length(tvb);
3741 kerberos_rm_to_reclen(guint krb_rm)
3743 return (krb_rm & KRB_RM_RECLEN);
3747 get_krb_pdu_len(tvbuff_t *tvb, int offset)
3752 krb_rm = tvb_get_ntohl(tvb, offset);
3753 pdulen = kerberos_rm_to_reclen(krb_rm);
3754 return (pdulen + 4);
3758 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3760 pinfo->fragmented = TRUE;
3761 if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, NULL) < 0) {
3763 * The dissector failed to recognize this as a valid
3764 * Kerberos message. Mark it as a continuation packet.
3766 if (check_col(pinfo->cinfo, COL_INFO)) {
3767 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
3773 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3775 if (check_col(pinfo->cinfo, COL_PROTOCOL))
3776 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
3778 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
3779 dissect_kerberos_tcp_pdu);
3783 * Display the TCP record mark.
3786 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
3789 proto_item *rm_item;
3790 proto_tree *rm_tree;
3795 rec_len = kerberos_rm_to_reclen(krb_rm);
3796 rm_item = proto_tree_add_text(tree, tvb, start, 4,
3797 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
3798 rm_tree = proto_item_add_subtree(rm_item, ett_krb_recordmark);
3799 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
3800 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
3805 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
3806 int dci, gboolean have_rm, kerberos_callbacks *cb)
3809 proto_tree *kerberos_tree = NULL;
3810 proto_item *item = NULL;
3811 void *saved_private_data;
3813 /* TCP record mark and length */
3815 gint krb_reclen = 0;
3817 saved_private_data=pinfo->private_data;
3818 pinfo->private_data=cb;
3822 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
3823 kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
3827 krb_rm = tvb_get_ntohl(tvb, offset);
3828 krb_reclen = kerberos_rm_to_reclen(krb_rm);
3830 * What is a reasonable size limit?
3832 if (krb_reclen > 10 * 1024 * 1024) {
3833 pinfo->private_data=saved_private_data;
3836 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
3840 offset=dissect_ber_CHOICE(pinfo, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
3842 proto_item_set_len(item, offset);
3843 pinfo->private_data=saved_private_data;
3848 kerberos_prefs_apply_cb(void) {
3849 #ifdef HAVE_LIBNETTLE
3851 read_keytab_file(keytab_filename);
3856 proto_register_kerberos(void)
3858 static hf_register_info hf[] = {
3859 { &hf_krb_rm_reserved, {
3860 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
3861 &bitval, KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
3862 { &hf_krb_rm_reclen, {
3863 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
3864 NULL, KRB_RM_RECLEN, "Record length", HFILL }},
3865 { &hf_krb_transitedtype, {
3866 "Type", "kerberos.transited.type", FT_UINT32, BASE_DEC,
3867 VALS(krb5_transited_types), 0, "Transited Type", HFILL }},
3868 { &hf_krb_transitedcontents, {
3869 "Contents", "kerberos.transited.contents", FT_BYTES, BASE_HEX,
3870 NULL, 0, "Transitent Contents string", HFILL }},
3871 { &hf_krb_keytype, {
3872 "Key type", "kerberos.keytype", FT_UINT32, BASE_DEC,
3873 VALS(krb5_encryption_types), 0, "Key Type", HFILL }},
3874 { &hf_krb_keyvalue, {
3875 "Key value", "kerberos.keyvalue", FT_BYTES, BASE_HEX,
3876 NULL, 0, "Key value (encryption key)", HFILL }},
3878 "Type", "kerberos.adtype", FT_UINT32, BASE_DEC,
3879 VALS(krb5_ad_types), 0, "Authorization Data Type", HFILL }},
3880 { &hf_krb_IF_RELEVANT_type, {
3881 "Type", "kerberos.IF_RELEVANT.type", FT_UINT32, BASE_DEC,
3882 VALS(krb5_ad_types), 0, "IF-RELEVANT Data Type", HFILL }},
3883 { &hf_krb_advalue, {
3884 "Data", "kerberos.advalue", FT_BYTES, BASE_HEX,
3885 NULL, 0, "Authentication Data", HFILL }},
3886 { &hf_krb_IF_RELEVANT_value, {
3887 "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_HEX,
3888 NULL, 0, "IF_RELEVANT Data", HFILL }},
3890 "Encryption type", "kerberos.etype", FT_INT32, BASE_DEC,
3891 VALS(krb5_encryption_types), 0, "Encryption Type", HFILL }},
3892 { &hf_krb_addr_type, {
3893 "Addr-type", "kerberos.addr_type", FT_UINT32, BASE_DEC,
3894 VALS(krb5_address_types), 0, "Address Type", HFILL }},
3895 { &hf_krb_pac_signature_type, {
3896 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
3897 NULL, 0, "PAC Signature Type", HFILL }},
3898 { &hf_krb_name_type, {
3899 "Name-type", "kerberos.name_type", FT_INT32, BASE_DEC,
3900 VALS(krb5_princ_types), 0, "Type of principal name", HFILL }},
3901 { &hf_krb_lr_type, {
3902 "Lr-type", "kerberos.lr_type", FT_UINT32, BASE_DEC,
3903 VALS(krb5_lr_types), 0, "Type of lastreq value", HFILL }},
3904 { &hf_krb_address_ip, {
3905 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
3906 NULL, 0, "IP Address", HFILL }},
3907 { &hf_krb_address_netbios, {
3908 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
3909 NULL, 0, "NetBIOS Address and type", HFILL }},
3910 { &hf_krb_authtime, {
3911 "Authtime", "kerberos.authtime", FT_STRING, BASE_NONE,
3912 NULL, 0, "Time of initial authentication", HFILL }},
3913 { &hf_krb_SAFE_BODY_timestamp, {
3914 "Timestamp", "kerberos.SAFE_BODY.timestamp", FT_STRING, BASE_NONE,
3915 NULL, 0, "Timestamp of this SAFE_BODY", HFILL }},
3916 { &hf_krb_patimestamp, {
3917 "patimestamp", "kerberos.patimestamp", FT_STRING, BASE_NONE,
3918 NULL, 0, "Time of client", HFILL }},
3920 "pausec", "kerberos.pausec", FT_UINT32, BASE_DEC,
3921 NULL, 0, "Microsecond component of client time", HFILL }},
3922 { &hf_krb_lr_time, {
3923 "Lr-time", "kerberos.lr_time", FT_STRING, BASE_NONE,
3924 NULL, 0, "Time of LR-entry", HFILL }},
3925 { &hf_krb_starttime, {
3926 "Start time", "kerberos.starttime", FT_STRING, BASE_NONE,
3927 NULL, 0, "The time after which the ticket is valid", HFILL }},
3928 { &hf_krb_endtime, {
3929 "End time", "kerberos.endtime", FT_STRING, BASE_NONE,
3930 NULL, 0, "The time after which the ticket has expired", HFILL }},
3931 { &hf_krb_key_expire, {
3932 "Key Expiration", "kerberos.key_expiration", FT_STRING, BASE_NONE,
3933 NULL, 0, "The time after which the key will expire", HFILL }},
3934 { &hf_krb_renew_till, {
3935 "Renew-till", "kerberos.renenw_till", FT_STRING, BASE_NONE,
3936 NULL, 0, "The maximum time we can renew the ticket until", HFILL }},
3938 "rtime", "kerberos.rtime", FT_STRING, BASE_NONE,
3939 NULL, 0, "Renew Until timestamp", HFILL }},
3941 "ctime", "kerberos.ctime", FT_STRING, BASE_NONE,
3942 NULL, 0, "Current Time on the client host", HFILL }},
3944 "cusec", "kerberos.cusec", FT_UINT32, BASE_DEC,
3945 NULL, 0, "micro second component of client time", HFILL }},
3946 { &hf_krb_SAFE_BODY_usec, {
3947 "usec", "kerberos.SAFE_BODY.usec", FT_UINT32, BASE_DEC,
3948 NULL, 0, "micro second component of SAFE_BODY time", HFILL }},
3950 "stime", "kerberos.stime", FT_STRING, BASE_NONE,
3951 NULL, 0, "Current Time on the server host", HFILL }},
3953 "susec", "kerberos.susec", FT_UINT32, BASE_DEC,
3954 NULL, 0, "micro second component of server time", HFILL }},
3955 { &hf_krb_error_code, {
3956 "error_code", "kerberos.error_code", FT_UINT32, BASE_DEC,
3957 VALS(krb5_error_codes), 0, "Kerberos error code", HFILL }},
3959 "from", "kerberos.from", FT_STRING, BASE_NONE,
3960 NULL, 0, "From when the ticket is to be valid (postdating)", HFILL }},
3962 "till", "kerberos.till", FT_STRING, BASE_NONE,
3963 NULL, 0, "When the ticket will expire", HFILL }},
3964 { &hf_krb_name_string, {
3965 "Name", "kerberos.name_string", FT_STRING, BASE_NONE,
3966 NULL, 0, "String component that is part of a PrincipalName", HFILL }},
3967 { &hf_krb_provsrv_location, {
3968 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
3969 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
3971 "e-text", "kerberos.e_text", FT_STRING, BASE_NONE,
3972 NULL, 0, "Additional (human readable) error description", HFILL }},
3974 "Realm", "kerberos.realm", FT_STRING, BASE_NONE,
3975 NULL, 0, "Name of the Kerberos Realm", HFILL }},
3977 "Client Realm", "kerberos.crealm", FT_STRING, BASE_NONE,
3978 NULL, 0, "Name of the Clients Kerberos Realm", HFILL }},
3979 { &hf_krb_pac_clientname, {
3980 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
3981 NULL, 0, "Name of the Client in the PAC structure", HFILL }},
3982 { &hf_krb_msg_type, {
3983 "MSG Type", "kerberos.msg.type", FT_UINT32, BASE_DEC,
3984 VALS(krb5_msg_types), 0, "Kerberos Message Type", HFILL }},
3985 { &hf_krb_APOptions, {
3986 "APOptions", "kerberos.apoptions", FT_BYTES, BASE_HEX,
3987 NULL, 0, "Kerberos APOptions bitstring", HFILL }},
3988 { &hf_krb_APOptions_use_session_key, {
3989 "Use Session Key", "kerberos.apoptions.use_session_key", FT_BOOLEAN, 32,
3990 TFS(&krb5_apoptions_use_session_key), 0x40000000, "", HFILL }},
3991 { &hf_krb_APOptions_mutual_required, {
3992 "Mutual required", "kerberos.apoptions.mutual_required", FT_BOOLEAN, 32,
3993 TFS(&krb5_apoptions_mutual_required), 0x20000000, "", HFILL }},
3994 { &hf_krb_KDCOptions, {
3995 "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_HEX,
3996 NULL, 0, "Kerberos KDCOptions bitstring", HFILL }},
3997 { &hf_krb_TicketFlags, {
3998 "Ticket Flags", "kerberos.ticketflags", FT_NONE, BASE_NONE,
3999 NULL, 0, "Kerberos Ticket Flags", HFILL }},
4000 { &hf_krb_TicketFlags_forwardable, {
4001 "Forwardable", "kerberos.ticketflags.forwardable", FT_BOOLEAN, 32,
4002 TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
4003 { &hf_krb_TicketFlags_forwarded, {
4004 "Forwarded", "kerberos.ticketflags.forwarded", FT_BOOLEAN, 32,
4005 TFS(&krb5_ticketflags_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
4006 { &hf_krb_TicketFlags_proxyable, {
4007 "Proxyable", "kerberos.ticketflags.proxyable", FT_BOOLEAN, 32,
4008 TFS(&krb5_ticketflags_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
4009 { &hf_krb_TicketFlags_proxy, {
4010 "Proxy", "kerberos.ticketflags.proxy", FT_BOOLEAN, 32,
4011 TFS(&krb5_ticketflags_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
4012 { &hf_krb_TicketFlags_allow_postdate, {
4013 "Allow Postdate", "kerberos.ticketflags.allow_postdate", FT_BOOLEAN, 32,
4014 TFS(&krb5_ticketflags_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
4015 { &hf_krb_TicketFlags_postdated, {
4016 "Postdated", "kerberos.ticketflags.postdated", FT_BOOLEAN, 32,
4017 TFS(&krb5_ticketflags_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
4018 { &hf_krb_TicketFlags_invalid, {
4019 "Invalid", "kerberos.ticketflags.invalid", FT_BOOLEAN, 32,
4020 TFS(&krb5_ticketflags_invalid), 0x01000000, "Whether this ticket is invalid or not", HFILL }},
4021 { &hf_krb_TicketFlags_renewable, {
4022 "Renewable", "kerberos.ticketflags.renewable", FT_BOOLEAN, 32,
4023 TFS(&krb5_ticketflags_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
4024 { &hf_krb_TicketFlags_initial, {
4025 "Initial", "kerberos.ticketflags.initial", FT_BOOLEAN, 32,
4026 TFS(&krb5_ticketflags_initial), 0x00400000, "Whether this ticket is an initial ticket or not", HFILL }},
4027 { &hf_krb_TicketFlags_pre_auth, {
4028 "Pre-Auth", "kerberos.ticketflags.pre_auth", FT_BOOLEAN, 32,
4029 TFS(&krb5_ticketflags_pre_auth), 0x00200000, "Whether this ticket is pre-authenticated or not", HFILL }},
4030 { &hf_krb_TicketFlags_hw_auth, {
4031 "HW-Auth", "kerberos.ticketflags.hw_auth", FT_BOOLEAN, 32,
4032 TFS(&krb5_ticketflags_hw_auth), 0x00100000, "Whether this ticket is hardware-authenticated or not", HFILL }},
4033 { &hf_krb_TicketFlags_transited_policy_checked, {
4034 "Transited Policy Checked", "kerberos.ticketflags.transited_policy_checked", FT_BOOLEAN, 32,
4035 TFS(&krb5_ticketflags_transited_policy_checked), 0x00080000, "Whether this ticket is transited policy checked or not", HFILL }},
4036 { &hf_krb_TicketFlags_ok_as_delegate, {
4037 "Ok As Delegate", "kerberos.ticketflags.ok_as_delegate", FT_BOOLEAN, 32,
4038 TFS(&krb5_ticketflags_ok_as_delegate), 0x00040000, "Whether this ticket is Ok As Delegate or not", HFILL }},
4039 { &hf_krb_KDC_REQ_BODY, {
4040 "KDC_REQ_BODY", "kerberos.kdc_req_body", FT_NONE, BASE_NONE,
4041 NULL, 0, "Kerberos KDC REQuest BODY", HFILL }},
4042 { &hf_krb_PRIV_BODY, {
4043 "PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE,
4044 NULL, 0, "Kerberos PRIVate BODY", HFILL }},
4045 { &hf_krb_encrypted_PRIV, {
4046 "Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE,
4047 NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
4048 { &hf_krb_KDCOptions_forwardable, {
4049 "Forwardable", "kerberos.kdcoptions.forwardable", FT_BOOLEAN, 32,
4050 TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
4051 { &hf_krb_KDCOptions_forwarded, {
4052 "Forwarded", "kerberos.kdcoptions.forwarded", FT_BOOLEAN, 32,
4053 TFS(&krb5_kdcoptions_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
4054 { &hf_krb_KDCOptions_proxyable, {
4055 "Proxyable", "kerberos.kdcoptions.proxyable", FT_BOOLEAN, 32,
4056 TFS(&krb5_kdcoptions_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
4057 { &hf_krb_KDCOptions_proxy, {
4058 "Proxy", "kerberos.kdcoptions.proxy", FT_BOOLEAN, 32,
4059 TFS(&krb5_kdcoptions_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
4060 { &hf_krb_KDCOptions_allow_postdate, {
4061 "Allow Postdate", "kerberos.kdcoptions.allow_postdate", FT_BOOLEAN, 32,
4062 TFS(&krb5_kdcoptions_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
4063 { &hf_krb_KDCOptions_postdated, {
4064 "Postdated", "kerberos.kdcoptions.postdated", FT_BOOLEAN, 32,
4065 TFS(&krb5_kdcoptions_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
4066 { &hf_krb_KDCOptions_renewable, {
4067 "Renewable", "kerberos.kdcoptions.renewable", FT_BOOLEAN, 32,
4068 TFS(&krb5_kdcoptions_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
4069 { &hf_krb_KDCOptions_canonicalize, {
4070 "Canonicalize", "kerberos.kdcoptions.canonicalize", FT_BOOLEAN, 32,
4071 TFS(&krb5_kdcoptions_canonicalize), 0x00010000, "Do we want the KDC to canonicalize the principal or not", HFILL }},
4072 { &hf_krb_KDCOptions_opt_hardware_auth, {
4073 "Opt HW Auth", "kerberos.kdcoptions.opt_hardware_auth", FT_BOOLEAN, 32,
4074 NULL, 0x00100000, "Opt HW Auth flag", HFILL }},
4075 { &hf_krb_KDCOptions_disable_transited_check, {
4076 "Disable Transited Check", "kerberos.kdcoptions.disable_transited_check", FT_BOOLEAN, 32,
4077 TFS(&krb5_kdcoptions_disable_transited_check), 0x00000020, "Whether we should do transited checking or not", HFILL }},
4078 { &hf_krb_KDCOptions_renewable_ok, {
4079 "Renewable OK", "kerberos.kdcoptions.renewable_ok", FT_BOOLEAN, 32,
4080 TFS(&krb5_kdcoptions_renewable_ok), 0x00000010, "Whether we accept renewed tickets or not", HFILL }},
4081 { &hf_krb_KDCOptions_enc_tkt_in_skey, {
4082 "Enc-Tkt-in-Skey", "kerberos.kdcoptions.enc_tkt_in_skey", FT_BOOLEAN, 32,
4083 TFS(&krb5_kdcoptions_enc_tkt_in_skey), 0x00000008, "Whether the ticket is encrypted in the skey or not", HFILL }},
4084 { &hf_krb_KDCOptions_renew, {
4085 "Renew", "kerberos.kdcoptions.renew", FT_BOOLEAN, 32,
4086 TFS(&krb5_kdcoptions_renew), 0x00000002, "Is this a request to renew a ticket?", HFILL }},
4087 { &hf_krb_KDCOptions_validate, {
4088 "Validate", "kerberos.kdcoptions.validate", FT_BOOLEAN, 32,
4089 TFS(&krb5_kdcoptions_validate), 0x00000001, "Is this a request to validate a postdated ticket?", HFILL }},
4091 "Pvno", "kerberos.pvno", FT_UINT32, BASE_DEC,
4092 NULL, 0, "Kerberos Protocol Version Number", HFILL }},
4094 "Kvno", "kerberos.kvno", FT_UINT32, BASE_DEC,
4095 NULL, 0, "Version Number for the encryption Key", HFILL }},
4096 { &hf_krb_checksum_type, {
4097 "Type", "kerberos.checksum.type", FT_UINT32, BASE_DEC,
4098 VALS(krb5_checksum_types), 0, "Type of checksum", HFILL }},
4099 { &hf_krb_authenticator_vno, {
4100 "Authenticator vno", "kerberos.authenticator_vno", FT_UINT32, BASE_DEC,
4101 NULL, 0, "Version Number for the Authenticator", HFILL }},
4102 { &hf_krb_encrypted_authenticator_data, {
4103 "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_HEX,
4104 NULL, 0, "Data content of an encrypted authenticator", HFILL }},
4105 { &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
4106 "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_HEX,
4107 NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
4108 { &hf_krb_PAC_LOGON_INFO, {
4109 "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_HEX,
4110 NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
4111 { &hf_krb_PAC_CREDENTIAL_TYPE, {
4112 "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_HEX,
4113 NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
4114 { &hf_krb_PAC_SERVER_CHECKSUM, {
4115 "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_HEX,
4116 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
4117 { &hf_krb_PAC_PRIVSVR_CHECKSUM, {
4118 "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_HEX,
4119 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
4120 { &hf_krb_PAC_CLIENT_INFO_TYPE, {
4121 "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_HEX,
4122 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
4123 { &hf_krb_checksum_checksum, {
4124 "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_HEX,
4125 NULL, 0, "Kerberos Checksum", HFILL }},
4126 { &hf_krb_ENC_PRIV, {
4127 "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_HEX,
4128 NULL, 0, "Encrypted PRIV blob", HFILL }},
4129 { &hf_krb_encrypted_Ticket_data, {
4130 "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_HEX,
4131 NULL, 0, "The encrypted part of a ticket", HFILL }},
4132 { &hf_krb_encrypted_AP_REP_data, {
4133 "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_HEX,
4134 NULL, 0, "The encrypted part of AP-REP", HFILL }},
4135 { &hf_krb_encrypted_KDC_REP_data, {
4136 "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_HEX,
4137 NULL, 0, "The encrypted part of KDC-REP", HFILL }},
4138 { &hf_krb_PA_DATA_value, {
4139 "Value", "kerberos.padata.value", FT_BYTES, BASE_HEX,
4140 NULL, 0, "Content of the PADATA blob", HFILL }},
4141 { &hf_krb_etype_info_salt, {
4142 "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX,
4143 NULL, 0, "Salt", HFILL }},
4144 { &hf_krb_SAFE_BODY_user_data, {
4145 "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX,
4146 NULL, 0, "SAFE BODY userdata field", HFILL }},
4147 { &hf_krb_PRIV_BODY_user_data, {
4148 "User Data", "kerberos.PRIV_BODY.user_data", FT_BYTES, BASE_HEX,
4149 NULL, 0, "PRIV BODY userdata field", HFILL }},
4150 { &hf_krb_pac_signature_signature, {
4151 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_HEX,
4152 NULL, 0, "A PAC signature blob", HFILL }},
4153 { &hf_krb_PA_DATA_type, {
4154 "Type", "kerberos.padata.type", FT_UINT32, BASE_DEC,
4155 VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
4157 "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
4158 NULL, 0, "Kerberos Nonce random number", HFILL }},
4159 { &hf_krb_tkt_vno, {
4160 "Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
4161 NULL, 0, "Version number for the Ticket format", HFILL }},
4162 { &hf_krb_HostAddress, {
4163 "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_DEC,
4164 NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
4165 { &hf_krb_s_address, {
4166 "S-Address", "kerberos.s_address", FT_NONE, BASE_DEC,
4167 NULL, 0, "This is the Senders address", HFILL }},
4169 "key", "kerberos.key", FT_NONE, BASE_DEC,
4170 NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
4172 "Subkey", "kerberos.subkey", FT_NONE, BASE_DEC,
4173 NULL, 0, "This is a Kerberos subkey", HFILL }},
4174 { &hf_krb_seq_number, {
4175 "Seq Number", "kerberos.seq_number", FT_UINT32, BASE_DEC,
4176 NULL, 0, "This is a Kerberos sequence number", HFILL }},
4177 { &hf_krb_AuthorizationData, {
4178 "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_DEC,
4179 NULL, 0, "This is a Kerberos AuthorizationData sequence", HFILL }},
4180 { &hf_krb_EncTicketPart, {
4181 "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_DEC,
4182 NULL, 0, "This is a decrypted Kerberos EncTicketPart sequence", HFILL }},
4183 { &hf_krb_EncAPRepPart, {
4184 "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_DEC,
4185 NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
4186 { &hf_krb_EncKrbPrivPart, {
4187 "EncKrbPrivPart", "kerberos.EncKrbPrivPart", FT_NONE, BASE_DEC,
4188 NULL, 0, "This is a decrypted Kerberos EncKrbPrivPart sequence", HFILL }},
4189 { &hf_krb_EncKDCRepPart, {
4190 "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_DEC,
4191 NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
4192 { &hf_krb_LastReq, {
4193 "LastReq", "kerberos.LastReq", FT_NONE, BASE_DEC,
4194 NULL, 0, "This is a LastReq sequence", HFILL }},
4195 { &hf_krb_Authenticator, {
4196 "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_DEC,
4197 NULL, 0, "This is a decrypted Kerberos Authenticator sequence", HFILL }},
4198 { &hf_krb_Checksum, {
4199 "Checksum", "kerberos.Checksum", FT_NONE, BASE_DEC,
4200 NULL, 0, "This is a Kerberos Checksum sequence", HFILL }},
4201 { &hf_krb_HostAddresses, {
4202 "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_DEC,
4203 NULL, 0, "This is a list of Kerberos HostAddress sequences", HFILL }},
4204 { &hf_krb_IF_RELEVANT, {
4205 "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_DEC,
4206 NULL, 0, "This is a list of IF-RELEVANT sequences", HFILL }},
4208 "Encryption Types", "kerberos.etypes", FT_NONE, BASE_DEC,
4209 NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
4210 { &hf_krb_LastReqs, {
4211 "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_DEC,
4212 NULL, 0, "This is a list of LastReq structures", HFILL }},
4214 "Server Name", "kerberos.sname", FT_NONE, BASE_DEC,
4215 NULL, 0, "This is the name part server's identity", HFILL }},
4217 "Client Name", "kerberos.cname", FT_NONE, BASE_DEC,
4218 NULL, 0, "The name part of the client principal identifier", HFILL }},
4219 { &hf_krb_authenticator_enc, {
4220 "Authenticator", "kerberos.authenticator", FT_NONE, BASE_DEC,
4221 NULL, 0, "Encrypted authenticator blob", HFILL }},
4222 { &hf_krb_ticket_enc, {
4223 "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_DEC,
4224 NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
4225 { &hf_krb_AP_REP_enc, {
4226 "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_DEC,
4227 NULL, 0, "The structure holding the encrypted part of AP-REP", HFILL }},
4228 { &hf_krb_KDC_REP_enc, {
4229 "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_DEC,
4230 NULL, 0, "The structure holding the encrypted part of KDC-REP", HFILL }},
4232 "e-data", "kerberos.e_data", FT_NONE, BASE_DEC,
4233 NULL, 0, "The e-data blob", HFILL }},
4235 "padata", "kerberos.padata", FT_NONE, BASE_DEC,
4236 NULL, 0, "Sequence of preauthentication data", HFILL }},
4238 "Ticket", "kerberos.ticket", FT_NONE, BASE_DEC,
4239 NULL, 0, "This is a Kerberos Ticket", HFILL }},
4240 { &hf_krb_TransitedEncoding, {
4241 "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_DEC,
4242 NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
4243 { &hf_krb_PA_PAC_REQUEST_flag, {
4244 "PAC Request", "kerberos.pac_request.flag", FT_UINT32, BASE_DEC,
4245 NULL, 0, "This is a MS PAC Request Flag", HFILL }},
4246 { &hf_krb_w2k_pac_entries, {
4247 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
4248 NULL, 0, "Number of W2k PAC entries", HFILL }},
4249 { &hf_krb_w2k_pac_version, {
4250 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
4251 NULL, 0, "Version of PAC structures", HFILL }},
4252 { &hf_krb_w2k_pac_type, {
4253 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
4254 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
4255 { &hf_krb_w2k_pac_size, {
4256 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
4257 NULL, 0, "Size of W2k PAC entry", HFILL }},
4258 { &hf_krb_w2k_pac_offset, {
4259 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
4260 NULL, 0, "Offset to W2k PAC entry", HFILL }},
4261 { &hf_krb_pac_clientid, {
4262 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, BASE_NONE,
4263 NULL, 0, "ClientID Timestamp", HFILL }},
4264 { &hf_krb_pac_namelen, {
4265 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
4266 NULL, 0, "Length of client name", HFILL }},
4267 { &hf_krb_e_checksum, {
4268 "e-checksum", "kerberos.e_checksum", FT_NONE, BASE_DEC,
4269 NULL, 0, "This is a Kerberos e-checksum", HFILL }},
4272 static gint *ett[] = {
4274 &ett_krb_KDC_REP_enc,
4277 &ett_krb_AP_REP_enc,
4281 &ett_krb_IF_RELEVANT,
4282 &ett_krb_PA_DATA_tree,
4284 &ett_krb_HostAddress,
4285 &ett_krb_HostAddresses,
4286 &ett_krb_authenticator_enc,
4287 &ett_krb_AP_Options,
4288 &ett_krb_KDC_Options,
4289 &ett_krb_Ticket_Flags,
4291 &ett_krb_recordmark,
4293 &ett_krb_ticket_enc,
4296 &ett_krb_EncTicketPart,
4297 &ett_krb_EncAPRepPart,
4298 &ett_krb_EncKrbPrivPart,
4299 &ett_krb_EncKDCRepPart,
4301 &ett_krb_Authenticator,
4305 &ett_krb_AuthorizationData,
4306 &ett_krb_TransitedEncoding,
4308 &ett_krb_PAC_LOGON_INFO,
4309 &ett_krb_PAC_CREDENTIAL_TYPE,
4310 &ett_krb_PAC_SERVER_CHECKSUM,
4311 &ett_krb_PAC_PRIVSVR_CHECKSUM,
4312 &ett_krb_PAC_CLIENT_INFO_TYPE,
4313 &ett_krb_e_checksum,
4315 module_t *krb_module;
4317 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
4318 proto_register_field_array(proto_kerberos, hf, array_length(hf));
4319 proto_register_subtree_array(ett, array_length(ett));
4321 /* Register preferences */
4322 krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
4323 prefs_register_bool_preference(krb_module, "desegment",
4324 "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
4325 "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
4326 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
4328 #ifdef HAVE_KERBEROS
4329 prefs_register_bool_preference(krb_module, "decrypt",
4330 "Try to decrypt Kerberos blobs",
4331 "Whether the dissector should try to decrypt "
4332 "encrypted Kerberos blobs. This requires that the proper "
4333 "keytab file is installed as well.", &krb_decrypt);
4335 prefs_register_string_preference(krb_module, "file",
4336 "Kerberos keytab file",
4337 "The keytab file containing all the secrets",
4343 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
4344 proto_tree *tree, guint8 *drep _U_)
4348 auth_tvb = tvb_new_subset(
4349 tvb, offset, tvb_length_remaining(tvb, offset),
4350 tvb_length_remaining(tvb, offset));
4352 dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
4354 return tvb_length_remaining(tvb, offset);
4358 static dcerpc_auth_subdissector_fns gss_kerb_auth_fns = {
4359 wrap_dissect_gss_kerb, /* Bind */
4360 wrap_dissect_gss_kerb, /* Bind ACK */
4362 wrap_dissect_gssapi_verf, /* Request verifier */
4363 wrap_dissect_gssapi_verf, /* Response verifier */
4364 wrap_dissect_gssapi_payload, /* Request data */
4365 wrap_dissect_gssapi_payload /* Response data */
4370 proto_reg_handoff_kerberos(void)
4372 dissector_handle_t kerberos_handle_tcp;
4374 krb4_handle = find_dissector("krb4");
4376 kerberos_handle_udp = new_create_dissector_handle(dissect_kerberos_udp,
4378 kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp,
4380 dissector_add("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
4381 dissector_add("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
4383 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
4384 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
4385 &gss_kerb_auth_fns);
4387 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
4388 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
4389 &gss_kerb_auth_fns);
4395 MISC definitions from RFC1510:
4397 Realm ::= GeneralString
4399 KerberosTime ::= GeneralizedTime
4401 AuthorizationData ::= SEQUENCE OF SEQUENCE {
4403 ad-data[1] OCTET STRING
4405 APOptions ::= BIT STRING {
4412 TicketFlags ::= BIT STRING {
4427 KDCOptions ::= BIT STRING {
4441 enc-tkt-in-skey(28),
4447 LastReq ::= SEQUENCE OF SEQUENCE {
4449 lr-value[1] KerberosTime
4452 Ticket ::= [APPLICATION 1] SEQUENCE {
4455 sname[2] PrincipalName,
4456 enc-part[3] EncryptedData
4459 -- Encrypted part of ticket
4460 EncTicketPart ::= [APPLICATION 3] SEQUENCE {
4461 flags[0] TicketFlags,
4462 key[1] EncryptionKey,
4464 cname[3] PrincipalName,
4465 transited[4] TransitedEncoding,
4466 authtime[5] KerberosTime,
4467 starttime[6] KerberosTime OPTIONAL,
4468 endtime[7] KerberosTime,
4469 renew-till[8] KerberosTime OPTIONAL,
4470 caddr[9] HostAddresses OPTIONAL,
4471 authorization-data[10] AuthorizationData OPTIONAL
4474 -- encoded Transited field
4475 TransitedEncoding ::= SEQUENCE {
4476 tr-type[0] INTEGER, -- must be registered
4477 contents[1] OCTET STRING
4480 -- Unencrypted authenticator
4481 Authenticator ::= [APPLICATION 2] SEQUENCE {
4482 authenticator-vno[0] INTEGER,
4484 cname[2] PrincipalName,
4485 cksum[3] Checksum OPTIONAL,
4487 ctime[5] KerberosTime,
4488 subkey[6] EncryptionKey OPTIONAL,
4489 seq-number[7] INTEGER OPTIONAL,
4490 authorization-data[8] AuthorizationData OPTIONAL
4493 PA-DATA ::= SEQUENCE {
4494 padata-type[1] INTEGER,
4495 padata-value[2] OCTET STRING,
4496 -- might be encoded AP-REQ
4499 padata-type ::= PA-ENC-TIMESTAMP
4500 padata-value ::= EncryptedData -- PA-ENC-TS-ENC
4502 PA-ENC-TS-ENC ::= SEQUENCE {
4503 patimestamp[0] KerberosTime, -- client's time
4504 pausec[1] INTEGER OPTIONAL
4507 EncASRepPart ::= [APPLICATION 25[25]] EncKDCRepPart
4508 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
4510 EncKDCRepPart ::= SEQUENCE {
4511 key[0] EncryptionKey,
4512 last-req[1] LastReq,
4514 key-expiration[3] KerberosTime OPTIONAL,
4515 flags[4] TicketFlags,
4516 authtime[5] KerberosTime,
4517 starttime[6] KerberosTime OPTIONAL,
4518 endtime[7] KerberosTime,
4519 renew-till[8] KerberosTime OPTIONAL,
4521 sname[10] PrincipalName,
4522 caddr[11] HostAddresses OPTIONAL
4525 APOptions ::= BIT STRING {
4531 EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
4532 ctime[0] KerberosTime,
4534 subkey[2] EncryptionKey OPTIONAL,
4535 seq-number[3] INTEGER OPTIONAL
4538 KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
4540 msg-type[1] INTEGER,
4541 safe-body[2] KRB-SAFE-BODY,
4545 KRB-SAFE-BODY ::= SEQUENCE {
4546 user-data[0] OCTET STRING,
4547 timestamp[1] KerberosTime OPTIONAL,
4548 usec[2] INTEGER OPTIONAL,
4549 seq-number[3] INTEGER OPTIONAL,
4550 s-address[4] HostAddress,
4551 r-address[5] HostAddress OPTIONAL
4554 KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
4556 msg-type[1] INTEGER,
4557 enc-part[3] EncryptedData
4560 EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
4561 user-data[0] OCTET STRING,
4562 timestamp[1] KerberosTime OPTIONAL,
4563 usec[2] INTEGER OPTIONAL,
4564 seq-number[3] INTEGER OPTIONAL,
4565 s-address[4] HostAddress, -- sender's addr
4566 r-address[5] HostAddress OPTIONAL
4570 KRB-CRED ::= [APPLICATION 22] SEQUENCE {
4572 msg-type[1] INTEGER, -- KRB_CRED
4573 tickets[2] SEQUENCE OF Ticket,
4574 enc-part[3] EncryptedData
4577 EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
4578 ticket-info[0] SEQUENCE OF KrbCredInfo,
4579 nonce[1] INTEGER OPTIONAL,
4580 timestamp[2] KerberosTime OPTIONAL,
4581 usec[3] INTEGER OPTIONAL,
4582 s-address[4] HostAddress OPTIONAL,
4583 r-address[5] HostAddress OPTIONAL
4586 KrbCredInfo ::= SEQUENCE {
4587 key[0] EncryptionKey,
4588 prealm[1] Realm OPTIONAL,
4589 pname[2] PrincipalName OPTIONAL,
4590 flags[3] TicketFlags OPTIONAL,
4591 authtime[4] KerberosTime OPTIONAL,
4592 starttime[5] KerberosTime OPTIONAL,
4593 endtime[6] KerberosTime OPTIONAL
4594 renew-till[7] KerberosTime OPTIONAL,
4595 srealm[8] Realm OPTIONAL,
4596 sname[9] PrincipalName OPTIONAL,
4597 caddr[10] HostAddresses OPTIONAL
4600 METHOD-DATA ::= SEQUENCE of PA-DATA
4602 If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
4603 contain an encoding of the following sequence:
4605 METHOD-DATA ::= SEQUENCE {
4606 method-type[0] INTEGER,
4607 method-data[1] OCTET STRING OPTIONAL
4610 EncryptionKey ::= SEQUENCE {
4612 keyvalue[1] OCTET STRING
4615 Checksum ::= SEQUENCE {
4616 cksumtype[0] INTEGER,
4617 checksum[1] OCTET STRING