packet-dcerpc-krb5rpc.c

   1 /* packet-dcerpc-krb5rpc.c
   2  *
   3  * Routines for dcerpc DCE/KRB5 interface
   4  * Copyright 2002, Jaime Fournier <jafour1@yahoo.com>
   5  * This information is based off the released idl files from opengroup.
   6  * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/krb5rpc.idl
   7  *
   8  * $Id: packet-dcerpc-krb5rpc.c,v 1.6 2003/08/04 02:49:02 tpot Exp $
   9  *
  10  * Ethereal - Network traffic analyzer
  11  * By Gerald Combs <gerald@ethereal.com>
  12  * Copyright 1998 Gerald Combs
  13  *
  14  * This program is free software; you can redistribute it and/or
  15  * modify it under the terms of the GNU General Public License
  16  * as published by the Free Software Foundation; either version 2
  17  * of the License, or (at your option) any later version.
  18  *
  19  * This program is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with this program; if not, write to the Free Software
  26  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  27  */
  28
  29 #ifdef HAVE_CONFIG_H
  30 #include "config.h"
  31 #endif
  32
  33
  34 #ifdef HAVE_SYS_TYPES_H
  35 #include <sys/types.h>
  36 #endif
  37
  38 #include <string.h>
  39
  40 #include <glib.h>
  41 #include <epan/packet.h>
  42 #include "packet-dcerpc.h"
  43 #include "packet-kerberos.h"
  44 #include "packet-dcerpc-dce122.h"
  45
  46 static int proto_krb5rpc = -1;
  47
  48 static gint ett_krb5rpc = -1;
  49
  50
  51 static e_uuid_t uuid_krb5rpc =
  52   { 0x8f73de50, 0x768c, 0x11ca, {0xbf, 0xfc, 0x08, 0x00, 0x1e, 0x03, 0x94,
  53                                  0x31}
  54 };
  55 static guint16 ver_krb5rpc = 1;
  56 static int hf_krb5rpc_opnum = -1;
  57 static int hf_krb5rpc_sendto_kdc_rqst_keysize = -1;
  58 static int hf_krb5rpc_sendto_kdc_rqst_spare1 = -1;
  59 static int hf_krb5rpc_sendto_kdc_resp_len = -1;
  60 static int hf_krb5rpc_sendto_kdc_resp_max = -1;
  61 static int hf_krb5rpc_sendto_kdc_resp_spare1 = -1;
  62 static int hf_krb5rpc_sendto_kdc_resp_keysize = -1;
  63 static int hf_krb5rpc_sendto_kdc_resp_st = -1;
  64 static int hf_krb5rpc_krb5 = -1;
  65 static gint ett_krb5rpc_krb5 = -1;
  66
  67 static int
  68 krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset,
  69                                  packet_info * pinfo, proto_tree * tree,
  70                                  char *drep)
  71 {
  72   guint32 keysize, spare1, remain;
  73   proto_item *item;
  74   tvbuff_t *krb5_tvb;
  75   proto_tree *subtree;
  76
  77
  78   /*
  79    *        [in]        handle_t        h,
  80    *        [in]        unsigned32      len,
  81    *        [in, size_is(len)]
  82    *        byte            message[],
  83    *        [in]        unsigned32      out_buf_len,
  84    */
  85
  86   offset =
  87     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
  88                         hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize);
  89   offset =
  90     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
  91                         hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1);
  92   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE);
  93   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
  94
  95   remain = tvb_length_remaining(tvb, offset);
  96   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
  97   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE);
  98
  99
 100   return offset;
 101 }
 102
 103
 104 static int
 105 krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset,
 106                                  packet_info * pinfo, proto_tree * tree,
 107                                  char *drep)
 108 {
 109   guint32 resp_len, maxsize, spare1, keysize, remain;
 110   proto_item *item;
 111   tvbuff_t *krb5_tvb;
 112   proto_tree *subtree;
 113
 114
 115   /*
 116    *
 117    *        [out]       unsigned32      *resp_len,
 118    *        [out, length_is(*resp_len), size_is(out_buf_len)]
 119    *        byte            out_buf[],
 120    *        [out]       error_status_t  *st unsigned long
 121    *
 122    */
 123
 124   offset =
 125     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 126                         hf_krb5rpc_sendto_kdc_resp_len, &resp_len);
 127   offset =
 128     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 129                         hf_krb5rpc_sendto_kdc_resp_max, &maxsize);
 130   offset =
 131     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 132                         hf_krb5rpc_sendto_kdc_resp_spare1, &spare1);
 133   offset =
 134     dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
 135                         hf_krb5rpc_sendto_kdc_resp_keysize, &keysize);
 136
 137
 138   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, TRUE);
 139   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
 140   remain = tvb_length_remaining(tvb, offset);
 141   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
 142
 143   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE);
 144   offset += 16; /* no idea what this is, probably just extended encrypted text. */
 145
 146   return offset;
 147 }
 148
 149
 150 static dcerpc_sub_dissector krb5rpc_dissectors[] = {
 151   {0, "rsec_krb5rpc_sendto_kdc", krb5rpc_dissect_sendto_kdc_rqst,
 152    krb5rpc_dissect_sendto_kdc_resp},
 153   {0, NULL, NULL, NULL},
 154 };
 155
 156
 157 void
 158 proto_register_krb5rpc (void)
 159 {
 160   static hf_register_info hf[] = {
 161     {&hf_krb5rpc_opnum,
 162      {"hf_krb5rpc_opnum", "hf_krb5rpc_opnum", FT_UINT16, BASE_DEC, NULL, 0x0,
 163       "", HFILL }},
 164     {&hf_krb5rpc_sendto_kdc_rqst_keysize,
 165      {"hf_krb5rpc_sendto_kdc_rqst_keysize",
 166       "hf_krb5rpc_sendto_kdc_rqst_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 167       "", HFILL}},
 168     {&hf_krb5rpc_sendto_kdc_rqst_spare1,
 169      {"hf_krb5rpc_sendto_kdc_rqst_spare1",
 170       "hf_krb5rpc_sendto_kdc_rqst_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "",
 171       HFILL}},
 172     {&hf_krb5rpc_sendto_kdc_resp_len,
 173      {"hf_krb5rpc_sendto_kdc_resp_len", "hf_krb5rpc_sendto_kdc_resp_len",
 174       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 175     {&hf_krb5rpc_sendto_kdc_resp_max,
 176      {"hf_krb5rpc_sendto_kdc_resp_max", "hf_krb5rpc_sendto_kdc_resp_max",
 177       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 178     {&hf_krb5rpc_sendto_kdc_resp_spare1,
 179      {"hf_krb5rpc_sendto_kdc_resp_spare1",
 180       "hf_krb5rpc_sendto_kdc_resp_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, "",
 181       HFILL}},
 182     {&hf_krb5rpc_sendto_kdc_resp_keysize,
 183      {"hf_krb5rpc_sendto_kdc_resp_keysize",
 184       "hf_krb5rpc_sendto_kdc_resp_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 185       "", HFILL}},
 186     {&hf_krb5rpc_sendto_kdc_resp_st,
 187      {"hf_krb5rpc_sendto_kdc_resp_st", "hf_krb5rpc_sendto_kdc_resp_st",
 188       FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL}},
 189     {&hf_krb5rpc_krb5,
 190      {"hf_krb5rpc_krb5", "hf_krb5rpc_krb5", FT_BYTES, BASE_HEX, NULL, 0x0,
 191       "krb5_blob", HFILL}},
 192
 193   };
 194
 195   static gint *ett[] = {
 196     &ett_krb5rpc,
 197     &ett_krb5rpc_krb5,
 198   };
 199   proto_krb5rpc =
 200     proto_register_protocol ("DCE/RPC Kerberos V", "KRB5RPC", "krb5rpc");
 201   proto_register_field_array (proto_krb5rpc, hf, array_length (hf));
 202   proto_register_subtree_array (ett, array_length (ett));
 203 }
 204
 205 void
 206 proto_reg_handoff_krb5rpc (void)
 207 {
 208   /* Register the protocol as dcerpc */
 209   dcerpc_init_uuid (proto_krb5rpc, ett_krb5rpc, &uuid_krb5rpc, ver_krb5rpc,
 210                     krb5rpc_dissectors, hf_krb5rpc_opnum);
 211 }