2 * Routines for kpasswd packet dissection
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@ethereal.com>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
33 #include <epan/emem.h>
34 #include "packet-tcp.h"
35 #include "packet-kerberos.h"
36 #include "packet-ber.h"
37 #include <epan/prefs.h>
39 /* Desegment Kerberos over TCP messages */
40 static gboolean kpasswd_desegment = TRUE;
42 static int proto_kpasswd = -1;
43 static int hf_kpasswd_message_len = -1;
44 static int hf_kpasswd_version = -1;
45 static int hf_kpasswd_result = -1;
46 static int hf_kpasswd_result_string = -1;
47 static int hf_kpasswd_newpassword = -1;
48 static int hf_kpasswd_ap_req_len = -1;
49 static int hf_kpasswd_ap_req_data = -1;
50 static int hf_kpasswd_krb_priv_message = -1;
51 static int hf_kpasswd_ChangePasswdData = -1;
53 static gint ett_kpasswd = -1;
54 static gint ett_ap_req_data = -1;
55 static gint ett_krb_priv_message = -1;
56 static gint ett_ChangePasswdData = -1;
59 #define UDP_PORT_KPASSWD 464
60 #define TCP_PORT_KPASSWD 464
63 static const value_string vers_vals[] = {
65 { 0xff80, "Request" },
70 /** Dissects AP-REQ or AP-REP part of password change. */
72 dissect_kpasswd_ap_req_data(packet_info *pinfo _U_, tvbuff_t *tvb, proto_tree *parent_tree)
75 proto_tree *tree=NULL;
78 it=proto_tree_add_item(parent_tree, hf_kpasswd_ap_req_data, tvb, 0, -1, FALSE);
79 tree=proto_item_add_subtree(it, ett_ap_req_data);
81 dissect_kerberos_main(tvb, pinfo, tree, FALSE, NULL);
85 static int dissect_kpasswd_newpassword(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
87 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_kpasswd_newpassword, NULL);
92 static ber_sequence_t ChangePasswdData_sequence[] = {
93 { BER_CLASS_CON, 0, 0,
94 dissect_kpasswd_newpassword },
95 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
97 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
103 dissect_kpasswd_user_data_request(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
107 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ChangePasswdData_sequence, hf_kpasswd_ChangePasswdData, ett_ChangePasswdData);
112 static kerberos_callbacks cb_req[] = {
113 { KRB_CBTAG_PRIV_USER_DATA, dissect_kpasswd_user_data_request },
117 #define KRB5_KPASSWD_SUCCESS 0
118 #define KRB5_KPASSWD_MALFORMED 1
119 #define KRB5_KPASSWD_HARDERROR 2
120 #define KRB5_KPASSWD_AUTHERROR 3
121 #define KRB5_KPASSWD_SOFTERROR 4
122 #define KRB5_KPASSWD_ACCESSDENIED 5
123 #define KRB5_KPASSWD_BAD_VERSION 6
124 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
125 static const value_string kpasswd_result_types[] = {
126 { KRB5_KPASSWD_SUCCESS, "Success" },
127 { KRB5_KPASSWD_MALFORMED, "Malformed" },
128 { KRB5_KPASSWD_HARDERROR, "HardError" },
129 { KRB5_KPASSWD_AUTHERROR, "AuthError" },
130 { KRB5_KPASSWD_SOFTERROR, "SoftError" },
131 { KRB5_KPASSWD_ACCESSDENIED, "AccessDenied" },
132 { KRB5_KPASSWD_BAD_VERSION, "BadVersion" },
133 { KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "InitialFlagNeeded" },
138 dissect_kpasswd_user_data_reply(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
144 result = tvb_get_letohs(tvb, offset);
145 proto_tree_add_uint(tree, hf_kpasswd_result, tvb, offset, 2, result);
147 if (check_col(pinfo->cinfo, COL_INFO))
148 col_set_str(pinfo->cinfo, COL_INFO,
149 val_to_str(result, kpasswd_result_types, "Result: %u"));
152 /* optional result string */
153 if(tvb_length_remaining(tvb, offset)){
154 proto_tree_add_item(tree, hf_kpasswd_result_string, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
155 offset+=tvb_length_remaining(tvb, offset);
162 static kerberos_callbacks cb_rep[] = {
163 { KRB_CBTAG_PRIV_USER_DATA, dissect_kpasswd_user_data_reply },
168 dissect_kpasswd_krb_priv_message(packet_info *pinfo _U_, tvbuff_t *tvb, proto_tree *parent_tree, gboolean isrequest)
171 proto_tree *tree=NULL;
175 it=proto_tree_add_item(parent_tree, hf_kpasswd_krb_priv_message, tvb, 0, -1, FALSE);
176 tree=proto_item_add_subtree(it, ett_krb_priv_message);
179 offset = dissect_kerberos_main(tvb, pinfo, tree, FALSE, cb_req);
181 offset = dissect_kerberos_main(tvb, pinfo, tree, FALSE, cb_rep);
184 /* offset is bytes consumed in child tvb given to us */
190 dissect_kpasswd_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean have_rm)
192 proto_item *kpasswd_item=NULL;
193 proto_tree *kpasswd_tree=NULL;
195 guint16 message_len, version, ap_req_len;
198 /* TCP record mark and length */
201 gint krb_rm_size = 0; /* bytes consumed by record mark: 0 or 4 */
203 if (check_col(pinfo->cinfo, COL_PROTOCOL))
204 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KPASSWD");
205 if (check_col(pinfo->cinfo, COL_INFO))
206 col_clear(pinfo->cinfo, COL_INFO);
208 /* can't pass have_rm to dissect_kerberos_main, so strip rm first */
210 krb_rm = tvb_get_ntohl(tvb, offset);
211 krb_reclen = kerberos_rm_to_reclen(krb_rm);
214 * What is a reasonable size limit?
216 if (krb_reclen > 10 * 1024 * 1024) {
219 offset += krb_rm_size;
222 /* it might be a KERBEROS ERROR */
223 if(tvb_get_guint8(tvb, offset)==0x7e){
224 /* TCP record mark, if any, not displayed. But hopefully
225 KRB-ERROR dissection will proceed correctly. */
226 next_tvb=tvb_new_subset(tvb, offset, -1, -1);
227 return dissect_kerberos_main(next_tvb, pinfo, tree, FALSE, NULL);
230 message_len=tvb_get_ntohs(tvb, offset);
231 version=tvb_get_ntohs(tvb, offset+2);
232 ap_req_len=tvb_get_ntohs(tvb, offset+4);
234 kpasswd_item=proto_tree_add_item(tree, proto_kpasswd, tvb, offset-krb_rm_size, message_len+krb_rm_size, FALSE);
235 kpasswd_tree=proto_item_add_subtree(kpasswd_item, ett_kpasswd);
237 show_krb_recordmark(kpasswd_tree, tvb, offset-krb_rm_size, krb_rm);
241 proto_tree_add_uint(kpasswd_tree, hf_kpasswd_message_len, tvb, offset, 2, message_len);
242 proto_tree_add_uint(kpasswd_tree, hf_kpasswd_version, tvb, offset+2, 2, version);
243 if (check_col(pinfo->cinfo, COL_INFO))
244 col_set_str(pinfo->cinfo, COL_INFO, val_to_str(version, vers_vals, "Unknown command"));
245 proto_tree_add_uint(kpasswd_tree, hf_kpasswd_ap_req_len, tvb, offset+4, 2, ap_req_len);
248 /* AP-REQ / AP-REP data */
249 next_tvb=tvb_new_subset(tvb, offset, ap_req_len, ap_req_len);
250 dissect_kpasswd_ap_req_data(pinfo, next_tvb, kpasswd_tree);
253 /* KRB-PRIV message */
254 next_tvb=tvb_new_subset(tvb, offset, -1, -1);
255 offset += dissect_kpasswd_krb_priv_message(pinfo, next_tvb, kpasswd_tree, (version==0xff80));
257 proto_item_set_len(kpasswd_item, offset);
263 dissect_kpasswd_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
266 dissect_kpasswd_common(tvb, pinfo, tree, FALSE);
271 dissect_kpasswd_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
273 pinfo->fragmented = TRUE;
274 if (dissect_kpasswd_common(tvb, pinfo, tree, TRUE) < 0) {
276 * The dissector failed to recognize this as a valid
277 * Kerberos message. Mark it as a continuation packet.
279 if (check_col(pinfo->cinfo, COL_INFO)) {
280 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
286 dissect_kpasswd_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
288 if (check_col(pinfo->cinfo, COL_PROTOCOL))
289 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KPASSWD");
290 if (check_col(pinfo->cinfo, COL_INFO))
291 col_clear(pinfo->cinfo, COL_INFO);
293 tcp_dissect_pdus(tvb, pinfo, tree, kpasswd_desegment, 4, get_krb_pdu_len,
294 dissect_kpasswd_tcp_pdu);
298 proto_register_kpasswd(void)
300 static hf_register_info hf[] = {
301 { &hf_kpasswd_message_len,
302 { "Message Length", "kpasswd.message_len", FT_UINT16, BASE_DEC,
303 NULL, 0, "Message Length", HFILL }},
304 { &hf_kpasswd_ap_req_len,
305 { "AP_REQ Length", "kpasswd.ap_req_len", FT_UINT16, BASE_DEC,
306 NULL, 0, "Length of AP_REQ data", HFILL }},
307 { &hf_kpasswd_version,
308 { "Version", "kpasswd.version", FT_UINT16, BASE_HEX,
309 VALS(vers_vals), 0, "Version", HFILL }},
310 { &hf_kpasswd_result,
311 { "Result", "kpasswd.result", FT_UINT16, BASE_DEC,
312 VALS(kpasswd_result_types), 0, "Result", HFILL }},
313 { &hf_kpasswd_result_string,
314 { "Result String", "kpasswd.result_string", FT_STRING, BASE_NONE,
315 NULL, 0, "Result String", HFILL }},
316 { &hf_kpasswd_newpassword,
317 { "New Password", "kpasswd.new_password", FT_STRING, BASE_NONE,
318 NULL, 0, "New Password", HFILL }},
319 { &hf_kpasswd_ap_req_data,
320 { "AP_REQ", "kpasswd.ap_req", FT_NONE, BASE_NONE,
321 NULL, 0, "AP_REQ structure", HFILL }},
322 { &hf_kpasswd_krb_priv_message,
323 { "KRB-PRIV", "kpasswd.krb_priv", FT_NONE, BASE_NONE,
324 NULL, 0, "KRB-PRIV message", HFILL }},
325 { &hf_kpasswd_ChangePasswdData, {
326 "ChangePasswdData", "kpasswd.ChangePasswdData", FT_NONE, BASE_DEC,
327 NULL, 0, "Change Password Data structure", HFILL }},
330 static gint *ett[] = {
333 &ett_krb_priv_message,
334 &ett_ChangePasswdData,
336 module_t *kpasswd_module;
338 proto_kpasswd = proto_register_protocol("MS Kpasswd",
339 "Kpasswd", "kpasswd");
340 proto_register_field_array(proto_kpasswd, hf, array_length(hf));
341 proto_register_subtree_array(ett, array_length(ett));
343 /* Register preferences */
344 kpasswd_module = prefs_register_protocol(proto_kpasswd, NULL);
345 prefs_register_bool_preference(kpasswd_module, "desegment",
346 "Reassemble Kpasswd over TCP messages spanning multiple TCP segments",
347 "Whether the Kpasswd dissector should reassemble messages spanning multiple TCP segments."
348 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
353 proto_reg_handoff_kpasswd(void)
355 dissector_handle_t kpasswd_handle_udp;
356 dissector_handle_t kpasswd_handle_tcp;
358 kpasswd_handle_udp = create_dissector_handle(dissect_kpasswd_udp, proto_kpasswd);
359 kpasswd_handle_tcp = create_dissector_handle(dissect_kpasswd_tcp, proto_kpasswd);
360 dissector_add("udp.port", UDP_PORT_KPASSWD, kpasswd_handle_udp);
361 dissector_add("tcp.port", TCP_PORT_KPASSWD, kpasswd_handle_tcp);