git.samba.org / obnox / wireshark / wip.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
smb2-dissector: learn the "REPLAY_OPERATION" flag
[obnox/wireshark/wip.git] / epan / dissectors / packet-kpasswd.c
1 /* packet-kpasswd.c
2  * Routines for kpasswd packet dissection
3  *    Ronnie Sahlberg 2003
4  *
5  * See RFC 3244
6  *
7  * $Id$
8  *
9  * Wireshark - Network traffic analyzer
10  * By Gerald Combs <gerald@wireshark.org>
11  * Copyright 1998 Gerald Combs
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software
25  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
26  */
27
28 #ifdef HAVE_CONFIG_H
29 # include "config.h"
30 #endif
31
32 #include <epan/packet.h>
33 #include <epan/asn1.h>
34 #include "packet-tcp.h"
35 #include "packet-kerberos.h"
36 #include "packet-ber.h"
37 #include <epan/prefs.h>
38
39 /* Desegment Kerberos over TCP messages */
40 static gboolean kpasswd_desegment = TRUE;
41
42 static int proto_kpasswd = -1;
43 static int hf_kpasswd_message_len = -1;
44 static int hf_kpasswd_version = -1;
45 static int hf_kpasswd_result = -1;
46 static int hf_kpasswd_result_string = -1;
47 static int hf_kpasswd_newpassword = -1;
48 static int hf_kpasswd_ap_req_len = -1;
49 static int hf_kpasswd_ap_req_data = -1;
50 static int hf_kpasswd_krb_priv_message = -1;
51 static int hf_kpasswd_ChangePasswdData = -1;
52
53 static gint ett_kpasswd = -1;
54 static gint ett_ap_req_data = -1;
55 static gint ett_krb_priv_message = -1;
56 static gint ett_ChangePasswdData = -1;
57
58
59 #define UDP_PORT_KPASSWD                464
60 #define TCP_PORT_KPASSWD                464
61
62
63 static const value_string vers_vals[] = {
64         { 0x0001,       "Reply" },
65         { 0xff80,       "Request" },
66         { 0,    NULL },
67 };
68
69
70 /** Dissects AP-REQ or AP-REP part of password change. */
71 static void
72 dissect_kpasswd_ap_req_data(packet_info *pinfo _U_, tvbuff_t *tvb, proto_tree *parent_tree)
73 {
74         proto_item *it;
75         proto_tree *tree=NULL;
76
77         if(parent_tree){
78                 it=proto_tree_add_item(parent_tree, hf_kpasswd_ap_req_data, tvb, 0, -1, ENC_NA);
79                 tree=proto_item_add_subtree(it, ett_ap_req_data);
80         }
81         dissect_kerberos_main(tvb, pinfo, tree, FALSE, NULL);
82 }
83
84
85 static int dissect_kpasswd_newpassword(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
86 {
87         offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kpasswd_newpassword, NULL);
88
89         return offset;
90 }
91
92 static ber_old_sequence_t ChangePasswdData_sequence[] = {
93         { BER_CLASS_CON, 0, 0,
94                 dissect_kpasswd_newpassword },
95         { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
96                 dissect_krb5_cname },
97         { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
98                 dissect_krb5_realm },
99         { 0, 0, 0, NULL }
100 };
101
102 static int
103 dissect_kpasswd_user_data_request(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
104 {
105     int offset=0;
106         asn1_ctx_t asn1_ctx;
107         asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
108
109     offset=dissect_ber_old_sequence(FALSE, &asn1_ctx, tree, tvb, offset, ChangePasswdData_sequence, hf_kpasswd_ChangePasswdData, ett_ChangePasswdData);
110
111     return offset;
112 }
113
114 static kerberos_callbacks cb_req[] = {
115     { KRB_CBTAG_PRIV_USER_DATA,      dissect_kpasswd_user_data_request },
116     { 0, NULL }
117 };
118
119 #define KRB5_KPASSWD_SUCCESS             0
120 #define KRB5_KPASSWD_MALFORMED           1
121 #define KRB5_KPASSWD_HARDERROR           2
122 #define KRB5_KPASSWD_AUTHERROR           3
123 #define KRB5_KPASSWD_SOFTERROR           4
124 #define KRB5_KPASSWD_ACCESSDENIED        5
125 #define KRB5_KPASSWD_BAD_VERSION         6
126 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
127 static const value_string kpasswd_result_types[] = {
128     { KRB5_KPASSWD_SUCCESS, "Success" },
129     { KRB5_KPASSWD_MALFORMED, "Malformed" },
130     { KRB5_KPASSWD_HARDERROR, "HardError" },
131     { KRB5_KPASSWD_AUTHERROR, "AuthError" },
132     { KRB5_KPASSWD_SOFTERROR, "SoftError" },
133     { KRB5_KPASSWD_ACCESSDENIED, "AccessDenied" },
134     { KRB5_KPASSWD_BAD_VERSION, "BadVersion" },
135     { KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "InitialFlagNeeded" },
136     { 0, NULL }
137 };
138
139 static int
140 dissect_kpasswd_user_data_reply(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
141 {
142     int offset=0;
143     guint16 result;
144
145     /* result */
146     result = tvb_get_ntohs(tvb, offset);
147     proto_tree_add_uint(tree, hf_kpasswd_result, tvb, offset, 2, result);
148     offset+=2;
149     if (check_col(pinfo->cinfo, COL_INFO))
150         col_add_str(pinfo->cinfo, COL_INFO,
151                    val_to_str(result, kpasswd_result_types, "Result: %u"));
152
153
154     /* optional result string */
155     if(tvb_length_remaining(tvb, offset)){
156         proto_tree_add_item(tree, hf_kpasswd_result_string, tvb, offset, tvb_length_remaining(tvb, offset), ENC_ASCII|ENC_NA);
157         offset+=tvb_length_remaining(tvb, offset);
158     }
159
160     return offset;
161 }
162
163
164 static kerberos_callbacks cb_rep[] = {
165     { KRB_CBTAG_PRIV_USER_DATA,      dissect_kpasswd_user_data_reply },
166     { 0, NULL }
167 };
168
169 static gint
170 dissect_kpasswd_krb_priv_message(packet_info *pinfo _U_, tvbuff_t *tvb, proto_tree *parent_tree, gboolean isrequest)
171 {
172         proto_item *it;
173         proto_tree *tree=NULL;
174         gint offset;
175
176         if(parent_tree){
177                 it=proto_tree_add_item(parent_tree, hf_kpasswd_krb_priv_message, tvb, 0, -1, ENC_NA);
178                 tree=proto_item_add_subtree(it, ett_krb_priv_message);
179         }
180         if(isrequest){
181                 offset = dissect_kerberos_main(tvb, pinfo, tree, FALSE, cb_req);
182         } else {
183                 offset = dissect_kerberos_main(tvb, pinfo, tree, FALSE, cb_rep);
184         }
185
186         /* offset is bytes consumed in child tvb given to us */
187         return offset;
188 }
189
190
191 static gint
192 dissect_kpasswd_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean have_rm)
193 {
194         proto_item *kpasswd_item=NULL;
195         proto_tree *kpasswd_tree=NULL;
196         int offset = 0;
197         guint16 message_len, version, ap_req_len;
198         tvbuff_t *next_tvb;
199
200         /* TCP record mark and length */
201         guint32 krb_rm = 0;
202         gint krb_reclen = 0;
203         gint krb_rm_size = 0;    /* bytes consumed by record mark: 0 or 4 */
204
205         col_set_str(pinfo->cinfo, COL_PROTOCOL, "KPASSWD");
206         col_clear(pinfo->cinfo, COL_INFO);
207
208         /* can't pass have_rm to dissect_kerberos_main, so strip rm first */
209         if (have_rm) {
210             krb_rm = tvb_get_ntohl(tvb, offset);
211             krb_reclen = kerberos_rm_to_reclen(krb_rm);
212             krb_rm_size = 4;
213             /*
214              * What is a reasonable size limit?
215              */
216             if (krb_reclen > 10 * 1024 * 1024) {
217                 return (-1);
218             }
219             offset += krb_rm_size;
220         }
221
222         /* it might be a KERBEROS ERROR */
223         if(tvb_get_guint8(tvb, offset)==0x7e){
224                 /* TCP record mark, if any, not displayed.  But hopefully
225                    KRB-ERROR dissection will proceed correctly. */
226                 next_tvb=tvb_new_subset_remaining(tvb, offset);
227                 return dissect_kerberos_main(next_tvb, pinfo, tree, FALSE, NULL);
228         }
229
230         message_len=tvb_get_ntohs(tvb, offset);
231         version=tvb_get_ntohs(tvb, offset+2);
232         ap_req_len=tvb_get_ntohs(tvb, offset+4);
233         if(tree){
234                 kpasswd_item=proto_tree_add_item(tree, proto_kpasswd, tvb, offset-krb_rm_size, message_len+krb_rm_size, ENC_NA);
235                 kpasswd_tree=proto_item_add_subtree(kpasswd_item, ett_kpasswd);
236                 if (have_rm) {
237                     show_krb_recordmark(kpasswd_tree, tvb, offset-krb_rm_size, krb_rm);
238                 }
239         }
240
241         proto_tree_add_uint(kpasswd_tree, hf_kpasswd_message_len, tvb, offset, 2, message_len);
242         proto_tree_add_uint(kpasswd_tree, hf_kpasswd_version, tvb, offset+2, 2, version);
243         if (check_col(pinfo->cinfo, COL_INFO))
244                 col_add_str(pinfo->cinfo, COL_INFO, val_to_str(version, vers_vals, "Unknown command"));
245         proto_tree_add_uint(kpasswd_tree, hf_kpasswd_ap_req_len, tvb, offset+4, 2, ap_req_len);
246         offset+=6;
247
248         /* AP-REQ / AP-REP data */
249         next_tvb=tvb_new_subset(tvb, offset, ap_req_len, ap_req_len);
250         dissect_kpasswd_ap_req_data(pinfo, next_tvb, kpasswd_tree);
251         offset+=ap_req_len;
252
253         /* KRB-PRIV message */
254         next_tvb=tvb_new_subset_remaining(tvb, offset);
255         offset += dissect_kpasswd_krb_priv_message(pinfo, next_tvb, kpasswd_tree, (version==0xff80));
256
257         proto_item_set_len(kpasswd_item, offset);
258         return offset;
259
260 }
261
262 static void
263 dissect_kpasswd_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
264 {
265
266         dissect_kpasswd_common(tvb, pinfo, tree, FALSE);
267
268 }
269
270 static void
271 dissect_kpasswd_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
272 {
273     pinfo->fragmented = TRUE;
274     if (dissect_kpasswd_common(tvb, pinfo, tree, TRUE) < 0) {
275         /*
276          * The dissector failed to recognize this as a valid
277          * Kerberos message.  Mark it as a continuation packet.
278          */
279         col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
280     }
281 }
282
283 static void
284 dissect_kpasswd_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
285 {
286     col_set_str(pinfo->cinfo, COL_PROTOCOL, "KPASSWD");
287     col_clear(pinfo->cinfo, COL_INFO);
288
289     tcp_dissect_pdus(tvb, pinfo, tree, kpasswd_desegment, 4, get_krb_pdu_len,
290         dissect_kpasswd_tcp_pdu);
291 }
292
293 void
294 proto_register_kpasswd(void)
295 {
296         static hf_register_info hf[] = {
297         { &hf_kpasswd_message_len,
298                 { "Message Length", "kpasswd.message_len", FT_UINT16, BASE_DEC,
299                 NULL, 0, NULL, HFILL }},
300         { &hf_kpasswd_ap_req_len,
301                 { "AP_REQ Length", "kpasswd.ap_req_len", FT_UINT16, BASE_DEC,
302                 NULL, 0, "Length of AP_REQ data", HFILL }},
303         { &hf_kpasswd_version,
304                 { "Version", "kpasswd.version", FT_UINT16, BASE_HEX,
305                 VALS(vers_vals), 0, NULL, HFILL }},
306         { &hf_kpasswd_result,
307                 { "Result", "kpasswd.result", FT_UINT16, BASE_DEC,
308                 VALS(kpasswd_result_types), 0, NULL, HFILL }},
309         { &hf_kpasswd_result_string,
310                 { "Result String", "kpasswd.result_string", FT_STRING, BASE_NONE,
311                 NULL, 0, NULL, HFILL }},
312         { &hf_kpasswd_newpassword,
313                 { "New Password", "kpasswd.new_password", FT_STRING, BASE_NONE,
314                 NULL, 0, NULL, HFILL }},
315         { &hf_kpasswd_ap_req_data,
316                 { "AP_REQ", "kpasswd.ap_req", FT_NONE, BASE_NONE,
317                 NULL, 0, "AP_REQ structure", HFILL }},
318         { &hf_kpasswd_krb_priv_message,
319                 { "KRB-PRIV", "kpasswd.krb_priv", FT_NONE, BASE_NONE,
320                 NULL, 0, "KRB-PRIV message", HFILL }},
321         { &hf_kpasswd_ChangePasswdData, {
322             "ChangePasswdData", "kpasswd.ChangePasswdData", FT_NONE, BASE_NONE,
323             NULL, 0, "Change Password Data structure", HFILL }},
324         };
325
326         static gint *ett[] = {
327                 &ett_kpasswd,
328                 &ett_ap_req_data,
329                 &ett_krb_priv_message,
330                 &ett_ChangePasswdData,
331         };
332         module_t *kpasswd_module;
333
334         proto_kpasswd = proto_register_protocol("MS Kpasswd",
335                 "Kpasswd", "kpasswd");
336         proto_register_field_array(proto_kpasswd, hf, array_length(hf));
337         proto_register_subtree_array(ett, array_length(ett));
338
339         /* Register preferences */
340         kpasswd_module = prefs_register_protocol(proto_kpasswd, NULL);
341         prefs_register_bool_preference(kpasswd_module, "desegment",
342             "Reassemble Kpasswd over TCP messages spanning multiple TCP segments",
343             "Whether the Kpasswd dissector should reassemble messages spanning multiple TCP segments."
344             " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
345         &kpasswd_desegment);
346 }
347
348 void
349 proto_reg_handoff_kpasswd(void)
350 {
351         dissector_handle_t kpasswd_handle_udp;
352         dissector_handle_t kpasswd_handle_tcp;
353
354         kpasswd_handle_udp = create_dissector_handle(dissect_kpasswd_udp, proto_kpasswd);
355         kpasswd_handle_tcp = create_dissector_handle(dissect_kpasswd_tcp, proto_kpasswd);
356         dissector_add_uint("udp.port", UDP_PORT_KPASSWD, kpasswd_handle_udp);
357         dissector_add_uint("tcp.port", TCP_PORT_KPASSWD, kpasswd_handle_tcp);
358
359 }
git mirror of the wireshark svn