2 * Routines for Kerberos
3 * Wes Hardaker (c) 2000
4 * wjhardaker@ucdavis.edu
5 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
6 * added AP-REQ and AP-REP dissection
8 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
9 * decryption of kerberos blobs if keytab is provided
11 * See RFC 1510, and various I-Ds and other documents showing additions,
12 * e.g. ones listed under
14 * http://www.isi.edu/people/bcn/krb-revisions/
18 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-05.txt
22 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-03.txt
24 * Some structures from RFC2630
26 * $Id: packet-kerberos.c,v 1.67 2004/05/27 08:22:04 sahlberg Exp $
28 * Ethereal - Network traffic analyzer
29 * By Gerald Combs <gerald@ethereal.com>
30 * Copyright 1998 Gerald Combs
32 * This program is free software; you can redistribute it and/or
33 * modify it under the terms of the GNU General Public License
34 * as published by the Free Software Foundation; either version 2
35 * of the License, or (at your option) any later version.
37 * This program is distributed in the hope that it will be useful,
38 * but WITHOUT ANY WARRANTY; without even the implied warranty of
39 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
40 * GNU General Public License for more details.
42 * You should have received a copy of the GNU General Public License
43 * along with this program; if not, write to the Free Software
44 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
57 #include <epan/packet.h>
59 #include <epan/strutil.h>
61 #include "packet-netbios.h"
62 #include "packet-tcp.h"
64 #include "packet-ber.h"
65 #include "packet-smb-common.h"
67 #include "packet-dcerpc-netlogon.h"
68 #include "packet-dcerpc.h"
70 #define UDP_PORT_KERBEROS 88
71 #define TCP_PORT_KERBEROS 88
73 /* Desegment Kerberos over TCP messages */
74 static gboolean krb_desegment = TRUE;
76 static gint proto_kerberos = -1;
77 static gint hf_krb_rm_reserved = -1;
78 static gint hf_krb_rm_reclen = -1;
80 static gint hf_krb_pac_signature_type = -1;
81 static gint hf_krb_pac_signature_signature = -1;
82 static gint hf_krb_pac_clientid = -1;
83 static gint hf_krb_pac_namelen = -1;
84 static gint hf_krb_pac_clientname = -1;
85 static gint hf_krb_w2k_pac_entries = -1;
86 static gint hf_krb_w2k_pac_version = -1;
87 static gint hf_krb_w2k_pac_type = -1;
88 static gint hf_krb_w2k_pac_size = -1;
89 static gint hf_krb_w2k_pac_offset = -1;
90 static gint hf_krb_padata = -1;
91 static gint hf_krb_contentinfo_contenttype = -1;
92 static gint hf_krb_error_code = -1;
93 static gint hf_krb_ticket = -1;
94 static gint hf_krb_AP_REP_enc = -1;
95 static gint hf_krb_KDC_REP_enc = -1;
96 static gint hf_krb_tkt_vno = -1;
97 static gint hf_krb_e_data = -1;
98 static gint hf_krb_TransitedEncoding = -1;
99 static gint hf_krb_PA_PAC_REQUEST_flag = -1;
100 static gint hf_krb_encrypted_authenticator_data = -1;
101 static gint hf_krb_PAC_LOGON_INFO = -1;
102 static gint hf_krb_PAC_CREDENTIAL_TYPE = -1;
103 static gint hf_krb_PAC_SERVER_CHECKSUM = -1;
104 static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
105 static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
106 static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
107 static gint hf_krb_checksum_checksum = -1;
108 static gint hf_krb_encrypted_PRIV = -1;
109 static gint hf_krb_encrypted_Ticket_data = -1;
110 static gint hf_krb_encrypted_AP_REP_data = -1;
111 static gint hf_krb_encrypted_KDC_REP_data = -1;
112 static gint hf_krb_PA_DATA_type = -1;
113 static gint hf_krb_PA_DATA_value = -1;
114 static gint hf_krb_etype_info_salt = -1;
115 static gint hf_krb_SAFE_BODY_user_data = -1;
116 static gint hf_krb_realm = -1;
117 static gint hf_krb_crealm = -1;
118 static gint hf_krb_sname = -1;
119 static gint hf_krb_cname = -1;
120 static gint hf_krb_name_string = -1;
121 static gint hf_krb_provsrv_location = -1;
122 static gint hf_krb_e_text = -1;
123 static gint hf_krb_name_type = -1;
124 static gint hf_krb_lr_type = -1;
125 static gint hf_krb_from = -1;
126 static gint hf_krb_till = -1;
127 static gint hf_krb_authtime = -1;
128 static gint hf_krb_patimestamp = -1;
129 static gint hf_krb_SAFE_BODY_timestamp = -1;
130 static gint hf_krb_pausec = -1;
131 static gint hf_krb_lr_time = -1;
132 static gint hf_krb_starttime = -1;
133 static gint hf_krb_endtime = -1;
134 static gint hf_krb_key_expire = -1;
135 static gint hf_krb_renew_till = -1;
136 static gint hf_krb_rtime = -1;
137 static gint hf_krb_ctime = -1;
138 static gint hf_krb_cusec = -1;
139 static gint hf_krb_stime = -1;
140 static gint hf_krb_susec = -1;
141 static gint hf_krb_SAFE_BODY_usec = -1;
142 static gint hf_krb_nonce = -1;
143 static gint hf_krb_transitedtype = -1;
144 static gint hf_krb_transitedcontents = -1;
145 static gint hf_krb_keytype = -1;
146 static gint hf_krb_keyvalue = -1;
147 static gint hf_krb_IF_RELEVANT_type = -1;
148 static gint hf_krb_IF_RELEVANT_value = -1;
149 static gint hf_krb_adtype = -1;
150 static gint hf_krb_advalue = -1;
151 static gint hf_krb_etype = -1;
152 static gint hf_krb_etypes = -1;
153 static gint hf_krb_LastReqs = -1;
154 static gint hf_krb_IF_RELEVANT = -1;
155 static gint hf_krb_addr_type = -1;
156 static gint hf_krb_address_ip = -1;
157 static gint hf_krb_address_netbios = -1;
158 static gint hf_krb_msg_type = -1;
159 static gint hf_krb_pvno = -1;
160 static gint hf_krb_kvno = -1;
161 static gint hf_krb_checksum_type = -1;
162 static gint hf_krb_authenticator_vno = -1;
163 static gint hf_krb_AuthorizationData = -1;
164 static gint hf_krb_key = -1;
165 static gint hf_krb_subkey = -1;
166 static gint hf_krb_seq_number = -1;
167 static gint hf_krb_EncTicketPart = -1;
168 static gint hf_krb_EncAPRepPart = -1;
169 static gint hf_krb_EncKDCRepPart = -1;
170 static gint hf_krb_LastReq = -1;
171 static gint hf_krb_Authenticator = -1;
172 static gint hf_krb_Checksum = -1;
173 static gint hf_krb_signedAuthPack = -1;
174 static gint hf_krb_s_address = -1;
175 static gint hf_krb_HostAddress = -1;
176 static gint hf_krb_HostAddresses = -1;
177 static gint hf_krb_APOptions = -1;
178 static gint hf_krb_APOptions_use_session_key = -1;
179 static gint hf_krb_APOptions_mutual_required = -1;
180 static gint hf_krb_TicketFlags = -1;
181 static gint hf_krb_TicketFlags_forwardable = -1;
182 static gint hf_krb_TicketFlags_forwarded = -1;
183 static gint hf_krb_TicketFlags_proxyable = -1;
184 static gint hf_krb_TicketFlags_proxy = -1;
185 static gint hf_krb_TicketFlags_allow_postdate = -1;
186 static gint hf_krb_TicketFlags_postdated = -1;
187 static gint hf_krb_TicketFlags_invalid = -1;
188 static gint hf_krb_TicketFlags_renewable = -1;
189 static gint hf_krb_TicketFlags_initial = -1;
190 static gint hf_krb_TicketFlags_pre_auth = -1;
191 static gint hf_krb_TicketFlags_hw_auth = -1;
192 static gint hf_krb_TicketFlags_transited_policy_checked = -1;
193 static gint hf_krb_TicketFlags_ok_as_delegate = -1;
194 static gint hf_krb_KDCOptions = -1;
195 static gint hf_krb_KDCOptions_forwardable = -1;
196 static gint hf_krb_KDCOptions_forwarded = -1;
197 static gint hf_krb_KDCOptions_proxyable = -1;
198 static gint hf_krb_KDCOptions_proxy = -1;
199 static gint hf_krb_KDCOptions_allow_postdate = -1;
200 static gint hf_krb_KDCOptions_postdated = -1;
201 static gint hf_krb_KDCOptions_renewable = -1;
202 static gint hf_krb_KDCOptions_canonicalize = -1;
203 static gint hf_krb_KDCOptions_opt_hardware_auth = -1;
204 static gint hf_krb_KDCOptions_disable_transited_check = -1;
205 static gint hf_krb_KDCOptions_renewable_ok = -1;
206 static gint hf_krb_KDCOptions_enc_tkt_in_skey = -1;
207 static gint hf_krb_KDCOptions_renew = -1;
208 static gint hf_krb_KDCOptions_validate = -1;
209 static gint hf_krb_KDC_REQ_BODY = -1;
210 static gint hf_krb_PRIV_BODY = -1;
211 static gint hf_krb_ENC_PRIV = -1;
212 static gint hf_krb_authenticator_enc = -1;
213 static gint hf_krb_ticket_enc = -1;
215 static gint ett_krb_kerberos = -1;
216 static gint ett_krb_TransitedEncoding = -1;
217 static gint ett_krb_PAC_LOGON_INFO = -1;
218 static gint ett_krb_signedAuthPack = -1;
219 static gint ett_krb_PAC_CREDENTIAL_TYPE = -1;
220 static gint ett_krb_PAC_SERVER_CHECKSUM = -1;
221 static gint ett_krb_PAC_PRIVSVR_CHECKSUM = -1;
222 static gint ett_krb_PAC_CLIENT_INFO_TYPE = -1;
223 static gint ett_krb_KDC_REP_enc = -1;
224 static gint ett_krb_EncTicketPart = -1;
225 static gint ett_krb_EncAPRepPart = -1;
226 static gint ett_krb_EncKDCRepPart = -1;
227 static gint ett_krb_LastReq = -1;
228 static gint ett_krb_Authenticator = -1;
229 static gint ett_krb_Checksum = -1;
230 static gint ett_krb_key = -1;
231 static gint ett_krb_subkey = -1;
232 static gint ett_krb_AuthorizationData = -1;
233 static gint ett_krb_sname = -1;
234 static gint ett_krb_cname = -1;
235 static gint ett_krb_AP_REP_enc = -1;
236 static gint ett_krb_padata = -1;
237 static gint ett_krb_etypes = -1;
238 static gint ett_krb_LastReqs = -1;
239 static gint ett_krb_IF_RELEVANT = -1;
240 static gint ett_krb_PA_DATA_tree = -1;
241 static gint ett_krb_PAC = -1;
242 static gint ett_krb_s_address = -1;
243 static gint ett_krb_HostAddress = -1;
244 static gint ett_krb_HostAddresses = -1;
245 static gint ett_krb_authenticator_enc = -1;
246 static gint ett_krb_AP_Options = -1;
247 static gint ett_krb_KDC_Options = -1;
248 static gint ett_krb_Ticket_Flags = -1;
249 static gint ett_krb_request = -1;
250 static gint ett_krb_recordmark = -1;
251 static gint ett_krb_ticket = -1;
252 static gint ett_krb_ticket_enc = -1;
253 static gint ett_krb_PRIV = -1;
254 static gint ett_krb_PRIV_enc = -1;
257 guint32 krb5_errorcode;
260 static int do_col_info;
269 /* Decrypt Kerberos blobs */
270 static gboolean krb_decrypt = FALSE;
272 /* keytab filename */
273 static char *keytab_filename = "insert filename here";
277 #ifdef HAVE_HEIMDAL_KERBEROS
280 typedef struct _enc_key_t {
281 struct _enc_key_t *next;
282 krb5_keytab_entry key;
284 static enc_key_t *enc_key_list=NULL;
288 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue)
292 if(pinfo->fd->flags.visited){
295 printf("added key in %d\n",pinfo->fd->num);
297 new_key=g_malloc(sizeof(enc_key_t));
298 new_key->next=enc_key_list;
299 enc_key_list=new_key;
300 new_key->key.principal=NULL;
302 new_key->key.keyblock.keytype=keytype;
303 new_key->key.keyblock.keyvalue.length=keylength;
304 new_key->key.keyblock.keyvalue.data=g_malloc(keylength);
305 memcpy(new_key->key.keyblock.keyvalue.data, keyvalue, keylength);
306 new_key->key.timestamp=0;
310 read_keytab_file(char *filename, krb5_context *context)
314 krb5_kt_cursor cursor;
317 /* should use a file in the ethereal users dir */
318 ret = krb5_kt_resolve(*context, filename, &keytab);
320 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
325 ret = krb5_kt_start_seq_get(*context, keytab, &cursor);
327 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
332 new_key=g_malloc(sizeof(enc_key_t));
333 new_key->next=enc_key_list;
334 ret = krb5_kt_next_entry(*context, keytab, &(new_key->key), &cursor);
336 enc_key_list=new_key;
340 ret = krb5_kt_end_seq_get(*context, keytab, &cursor);
342 krb5_kt_close(*context, keytab);
349 decrypt_krb5_data(packet_info *pinfo,
352 const char *cryptotext,
355 static int first_time=1;
356 static krb5_context context;
361 /* dont do anything if we are not attempting to decrypt data */
366 /* XXX we should only do this for first time, then store somewhere */
368 /* should this have a destroy context ? heidal people would know */
371 ret = krb5_init_context(&context);
375 read_keytab_file(keytab_filename, &context);
378 for(ek=enc_key_list;ek;ek=ek->next){
380 guint8 *cryptocopy; /* workaround for pre-6.1 heimdal bug */
382 /* shortcircuit and bail out if enctypes are not matching */
383 if(ek->key.keyblock.keytype!=keytype){
387 ret = krb5_crypto_init(context, &(ek->key.keyblock), 0, &crypto);
392 /* pre-6.1 versions of heimdal would sometimes change
393 the cryptotext data even when the decryption failed.
394 This would obviously not work since we iterate over the
395 keys. So just give it a copy of the crypto data instead.
396 This has been seen for RC4-HMAC blobs.
398 cryptocopy=g_malloc(length);
399 memcpy(cryptocopy, cryptotext, length);
400 ret = krb5_decrypt_ivec(context, crypto, usage,
406 printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
407 krb5_crypto_destroy(context, crypto);
410 krb5_crypto_destroy(context, crypto);
418 /* TCP Record Mark */
419 #define KRB_RM_RESERVED 0x80000000L
420 #define KRB_RM_RECLEN 0x7fffffffL
422 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
423 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
424 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
425 #define KRB5_MSG_AS_REP 11 /* AS-REP type */
426 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
427 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
428 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
429 #define KRB5_MSG_AP_REP 15 /* AP-REP type */
431 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
432 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
433 #define KRB5_MSG_CRED 22 /* KRB-CRED type */
434 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
435 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
436 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
437 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
439 /* address type constants */
440 #define KRB5_ADDR_IPv4 0x02
441 #define KRB5_ADDR_CHAOS 0x05
442 #define KRB5_ADDR_XEROX 0x06
443 #define KRB5_ADDR_ISO 0x07
444 #define KRB5_ADDR_DECNET 0x0c
445 #define KRB5_ADDR_APPLETALK 0x10
446 #define KRB5_ADDR_NETBIOS 0x14
447 #define KRB5_ADDR_IPv6 0x18
449 /* encryption type constants */
450 #define KRB5_ENCTYPE_NULL 0
451 #define KRB5_ENCTYPE_DES_CBC_CRC 1
452 #define KRB5_ENCTYPE_DES_CBC_MD4 2
453 #define KRB5_ENCTYPE_DES_CBC_MD5 3
454 #define KRB5_ENCTYPE_DES_CBC_RAW 4
455 #define KRB5_ENCTYPE_DES3_CBC_SHA 5
456 #define KRB5_ENCTYPE_DES3_CBC_RAW 6
457 #define KRB5_ENCTYPE_DES_HMAC_SHA1 8
458 #define KRB5_ENCTYPE_DES3_CBC_SHA1 16
459 #define KERB_ENCTYPE_RC4_HMAC 23
460 #define KERB_ENCTYPE_RC4_HMAC_EXP 24
461 #define KRB5_ENCTYPE_UNKNOWN 0x1ff
462 #define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
465 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
467 * http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-04.txt
469 * unless it's expired.
472 /* pre-authentication type constants */
473 #define KRB5_PA_TGS_REQ 1
474 #define KRB5_PA_ENC_TIMESTAMP 2
475 #define KRB5_PA_PW_SALT 3
476 #define KRB5_PA_ENC_ENCKEY 4
477 #define KRB5_PA_ENC_UNIX_TIME 5
478 #define KRB5_PA_ENC_SANDIA_SECURID 6
479 #define KRB5_PA_SESAME 7
480 #define KRB5_PA_OSF_DCE 8
481 #define KRB5_PA_CYBERSAFE_SECUREID 9
482 #define KRB5_PA_AFS3_SALT 10
483 #define KRB5_PA_ENCTYPE_INFO 11
484 #define KRB5_PA_SAM_CHALLENGE 12
485 #define KRB5_PA_SAM_RESPONSE 13
486 #define KRB5_PA_PK_AS_REQ 14
487 #define KRB5_PA_PK_AS_REP 15
488 #define KRB5_PA_DASS 16
489 #define KRB5_PA_USE_SPECIFIED_KVNO 20
490 #define KRB5_PA_SAM_REDIRECT 21
491 #define KRB5_PA_GET_FROM_TYPED_DATA 22
492 #define KRB5_PA_SAM_ETYPE_INFO 23
493 #define KRB5_PA_ALT_PRINC 24
494 #define KRB5_PA_SAM_CHALLENGE2 30
495 #define KRB5_PA_SAM_RESPONSE2 31
496 #define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
497 #define KRB5_TD_KRB_PRINCIPAL 102
498 #define KRB5_TD_KRB_REALM 103
499 #define KRB5_TD_TRUSTED_CERTIFIERS 104
500 #define KRB5_TD_CERTIFICATE_INDEX 105
501 #define KRB5_TD_APP_DEFINED_ERROR 106
502 #define KRB5_TD_REQ_NONCE 107
503 #define KRB5_TD_REQ_SEQ 108
504 /* preauthentication types >127 (i.e. negative ones) are app specific.
505 hopefully there will be no collissions here or we will have to
506 come up with something better
508 #define KRB5_PA_PAC_REQUEST 128 /* MS extension */
509 #define KRB5_PA_PROV_SRV_LOCATION 255 /* packetcable stuff */
511 /* Principal name-type */
512 #define KRB5_NT_UNKNOWN 0
513 #define KRB5_NT_PRINCIPAL 1
514 #define KRB5_NT_SRV_INST 2
515 #define KRB5_NT_SRV_HST 3
516 #define KRB5_NT_SRV_XHST 4
517 #define KRB5_NT_UID 5
518 #define KRB5_NT_X500_PRINCIPAL 6
519 #define KRB5_NT_SMTP_NAME 7
520 #define KRB5_NT_ENTERPRISE 10
522 /* error table constants */
523 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
524 #define KRB5_ET_KRB5KDC_ERR_NONE 0
525 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1
526 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2
527 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3
528 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4
529 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5
530 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6
531 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7
532 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
533 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9
534 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10
535 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11
536 #define KRB5_ET_KRB5KDC_ERR_POLICY 12
537 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13
538 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14
539 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15
540 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16
541 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17
542 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18
543 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19
544 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20
545 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21
546 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22
547 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23
548 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
549 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
550 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
551 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
552 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
553 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
554 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
555 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
556 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
557 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34
558 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35
559 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36
560 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37
561 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38
562 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39
563 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40
564 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41
565 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42
566 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43
567 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44
568 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45
569 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46
570 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47
571 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
572 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
573 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
574 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
575 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
576 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60
577 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
578 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
579 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
580 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64
581 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
582 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
583 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67
584 #define KRB5_ET_KDC_ERR_WRONG_REALM 68
585 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
586 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
587 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
588 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
589 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
590 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
591 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
592 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
594 static const value_string krb5_error_codes[] = {
595 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
596 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
597 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
598 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
599 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
600 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
601 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
602 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
603 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
604 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
605 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
606 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
607 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
608 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
609 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
610 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
611 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
612 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
613 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
614 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
615 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
616 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
617 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
618 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
619 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
620 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
621 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
622 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
623 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
624 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
625 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
626 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
627 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
628 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
629 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
630 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
631 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
632 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
633 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
634 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
635 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
636 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
637 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
638 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
639 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
640 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
641 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
642 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
643 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
644 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
645 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
646 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
647 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
648 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
649 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
650 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
651 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
652 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
653 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
654 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
655 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
656 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
657 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
658 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
659 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
660 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
661 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
662 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
663 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
668 #define PAC_LOGON_INFO 1
669 #define PAC_CREDENTIAL_TYPE 2
670 #define PAC_SERVER_CHECKSUM 6
671 #define PAC_PRIVSVR_CHECKSUM 7
672 #define PAC_CLIENT_INFO_TYPE 10
673 static const value_string w2k_pac_types[] = {
674 { PAC_LOGON_INFO , "Logon Info" },
675 { PAC_CREDENTIAL_TYPE , "Credential Type" },
676 { PAC_SERVER_CHECKSUM , "Server Checksum" },
677 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
678 { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
684 static const value_string krb5_princ_types[] = {
685 { KRB5_NT_UNKNOWN , "Unknown" },
686 { KRB5_NT_PRINCIPAL , "Principal" },
687 { KRB5_NT_SRV_INST , "Service and Instance" },
688 { KRB5_NT_SRV_HST , "Service and Host" },
689 { KRB5_NT_SRV_XHST , "Service and Host Components" },
690 { KRB5_NT_UID , "Unique ID" },
691 { KRB5_NT_X500_PRINCIPAL , "Encoded X.509 Distinguished Name" },
692 { KRB5_NT_SMTP_NAME , "SMTP Name" },
693 { KRB5_NT_ENTERPRISE , "Enterprise Name" },
697 static const value_string krb5_preauthentication_types[] = {
698 { KRB5_PA_TGS_REQ , "PA-TGS-REQ" },
699 { KRB5_PA_ENC_TIMESTAMP , "PA-ENC-TIMESTAMP" },
700 { KRB5_PA_PW_SALT , "PA-PW-SALT" },
701 { KRB5_PA_ENC_ENCKEY , "PA-ENC-ENCKEY" },
702 { KRB5_PA_ENC_UNIX_TIME , "PA-ENC-UNIX-TIME" },
703 { KRB5_PA_ENC_SANDIA_SECURID , "PA-PW-SALT" },
704 { KRB5_PA_SESAME , "PA-SESAME" },
705 { KRB5_PA_OSF_DCE , "PA-OSF-DCE" },
706 { KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
707 { KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
708 { KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
709 { KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
710 { KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
711 { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
712 { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" },
713 { KRB5_PA_DASS , "PA-DASS" },
714 { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" },
715 { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" },
716 { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" },
717 { KRB5_PA_SAM_ETYPE_INFO , "PA-SAM-ETYPE-INFO" },
718 { KRB5_PA_ALT_PRINC , "PA-ALT-PRINC" },
719 { KRB5_PA_SAM_CHALLENGE2 , "PA-SAM-CHALLENGE2" },
720 { KRB5_PA_SAM_RESPONSE2 , "PA-SAM-RESPONSE2" },
721 { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
722 { KRB5_TD_KRB_PRINCIPAL , "TD-KRB-PRINCIPAL" },
723 { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
724 { KRB5_TD_TRUSTED_CERTIFIERS , "TD-TRUSTED-CERTIFIERS" },
725 { KRB5_TD_CERTIFICATE_INDEX , "TD-CERTIFICATE-INDEX" },
726 { KRB5_TD_APP_DEFINED_ERROR , "TD-APP-DEFINED-ERROR" },
727 { KRB5_TD_REQ_NONCE , "TD-REQ-NONCE" },
728 { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" },
729 { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" },
730 { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" },
734 static const value_string krb5_encryption_types[] = {
735 { KRB5_ENCTYPE_NULL , "NULL" },
736 { KRB5_ENCTYPE_DES_CBC_CRC , "des-cbc-crc" },
737 { KRB5_ENCTYPE_DES_CBC_MD4 , "des-cbc-md4" },
738 { KRB5_ENCTYPE_DES_CBC_MD5 , "des-cbc-md5" },
739 { KRB5_ENCTYPE_DES_CBC_RAW , "des-cbc-raw" },
740 { KRB5_ENCTYPE_DES3_CBC_SHA , "des3-cbc-sha" },
741 { KRB5_ENCTYPE_DES3_CBC_RAW , "des3-cbc-raw" },
742 { KRB5_ENCTYPE_DES_HMAC_SHA1 , "des-hmac-sha1" },
743 { KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
744 { KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
745 { KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
746 { KRB5_ENCTYPE_UNKNOWN , "unknown" },
747 { KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 , "local-des3-hmac-sha1" },
752 #define KRB5_AD_IF_RELEVANT 1
753 #define KRB5_AD_INTENDED_FOR_SERVER 2
754 #define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS 3
755 #define KRB5_AD_KDC_ISSUED 4
757 #define KRB5_AD_MANDATORY_TICKET_EXTENSIONS 6
758 #define KRB5_AD_IN_TICKET_EXTENSIONS 7
759 #define KRB5_AD_MANDATORY_FOR_KDC 8
760 #define KRB5_AD_OSF_DCE 64
761 #define KRB5_AD_SESAME 65
762 #define KRB5_AD_OSF_DCE_PKI_CERTID 66
763 #define KRB5_AD_WIN2K_PAC 128
764 static const value_string krb5_ad_types[] = {
765 { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" },
766 { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" },
767 { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS , "AD-Intended-For-Application-Class" },
768 { KRB5_AD_KDC_ISSUED , "AD-KDCIssued" },
769 { KRB5_AD_OR , "AD-AND-OR" },
770 { KRB5_AD_MANDATORY_TICKET_EXTENSIONS , "AD-Mandatory-Ticket-Extensions" },
771 { KRB5_AD_IN_TICKET_EXTENSIONS , "AD-IN-Ticket-Extensions" },
772 { KRB5_AD_MANDATORY_FOR_KDC , "AD-MANDATORY-FOR-KDC" },
773 { KRB5_AD_OSF_DCE , "AD-OSF-DCE" },
774 { KRB5_AD_SESAME , "AD-SESAME" },
775 { KRB5_AD_OSF_DCE_PKI_CERTID , "AD-OSF-DCE-PKI-CertID" },
776 { KRB5_AD_WIN2K_PAC , "AD-Win2k-PAC" },
780 static const value_string krb5_transited_types[] = {
781 { 1 , "DOMAIN-X500-COMPRESS" },
785 static const value_string krb5_address_types[] = {
786 { KRB5_ADDR_IPv4, "IPv4"},
787 { KRB5_ADDR_CHAOS, "CHAOS"},
788 { KRB5_ADDR_XEROX, "XEROX"},
789 { KRB5_ADDR_ISO, "ISO"},
790 { KRB5_ADDR_DECNET, "DECNET"},
791 { KRB5_ADDR_APPLETALK, "APPLETALK"},
792 { KRB5_ADDR_NETBIOS, "NETBIOS"},
793 { KRB5_ADDR_IPv6, "IPv6"},
797 static const value_string krb5_msg_types[] = {
798 { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
799 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
800 { KRB5_MSG_TGS_REQ, "TGS-REQ" },
801 { KRB5_MSG_TGS_REP, "TGS-REP" },
802 { KRB5_MSG_AS_REQ, "AS-REQ" },
803 { KRB5_MSG_AS_REP, "AS-REP" },
804 { KRB5_MSG_AP_REQ, "AP-REQ" },
805 { KRB5_MSG_AP_REP, "AP-REP" },
806 { KRB5_MSG_SAFE, "KRB-SAFE" },
807 { KRB5_MSG_PRIV, "KRB-PRIV" },
808 { KRB5_MSG_CRED, "KRB-CRED" },
809 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
810 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
811 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
812 { KRB5_MSG_ERROR, "KRB-ERROR" },
819 static int dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
820 static int dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
821 static int dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
822 static int dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
823 static int dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
824 static int dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
825 static int dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
826 static int dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
827 static int dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
828 static int dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
829 static int dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
830 static int dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
832 static const ber_choice kerberos_applications_choice[] = {
833 { KRB5_MSG_AUTHENTICATOR, BER_CLASS_APP, KRB5_MSG_AUTHENTICATOR, 0, dissect_krb5_Authenticator },
834 { KRB5_MSG_ENC_TICKET_PART, BER_CLASS_APP, KRB5_MSG_ENC_TICKET_PART, 0, dissect_krb5_EncTicketPart },
835 { KRB5_MSG_AS_REQ, BER_CLASS_APP, KRB5_MSG_AS_REQ, 0, dissect_krb5_KDC_REQ },
836 { KRB5_MSG_AS_REP, BER_CLASS_APP, KRB5_MSG_AS_REP, 0, dissect_krb5_KDC_REP },
837 { KRB5_MSG_TGS_REQ, BER_CLASS_APP, KRB5_MSG_TGS_REQ, 0, dissect_krb5_KDC_REQ },
838 { KRB5_MSG_TGS_REP, BER_CLASS_APP, KRB5_MSG_TGS_REP, 0, dissect_krb5_KDC_REP },
839 { KRB5_MSG_AP_REQ, BER_CLASS_APP, KRB5_MSG_AP_REQ, 0, dissect_krb5_AP_REQ },
840 { KRB5_MSG_AP_REP, BER_CLASS_APP, KRB5_MSG_AP_REP, 0, dissect_krb5_AP_REP },
841 { KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
842 { KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
843 { KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart },
844 { KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE },
845 { KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV },
846 { KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR },
852 dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
854 offset=dissect_ber_choice(pinfo, tree, tvb, offset, kerberos_applications_choice, -1, -1);
859 static const true_false_string krb5_apoptions_use_session_key = {
860 "USE SESSION KEY to encrypt the ticket",
861 "Do NOT use the session key to encrypt the ticket"
863 static const true_false_string krb5_apoptions_mutual_required = {
864 "MUTUAL authentication is REQUIRED",
865 "Mutual authentication is NOT required"
868 static int *APOptions_bits[] = {
869 &hf_krb_APOptions_use_session_key,
870 &hf_krb_APOptions_mutual_required,
874 dissect_krb5_APOptions(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
876 offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, APOptions_bits, hf_krb_APOptions, ett_krb_AP_Options, NULL);
882 static const true_false_string krb5_kdcoptions_forwardable = {
883 "FORWARDABLE tickets are allowed/requested",
884 "Do NOT use forwardable tickets"
886 static const true_false_string krb5_kdcoptions_forwarded = {
887 "This ticket has been FORWARDED",
888 "This is NOT a forwarded ticket"
890 static const true_false_string krb5_kdcoptions_proxyable = {
891 "PROXIABLE tickets are allowed/requested",
892 "Do NOT use proxiable tickets"
894 static const true_false_string krb5_kdcoptions_proxy = {
895 "This is a PROXY ticket",
896 "This ticket has NOT been proxied"
898 static const true_false_string krb5_kdcoptions_allow_postdate = {
899 "We allow the ticket to be POSTDATED",
900 "We do NOT allow the ticket to be postdated"
902 static const true_false_string krb5_kdcoptions_postdated = {
903 "This ticket is POSTDATED",
904 "This ticket is NOT postdated"
906 static const true_false_string krb5_kdcoptions_renewable = {
907 "This ticket is RENEWABLE",
908 "This ticket is NOT renewable"
910 static const true_false_string krb5_kdcoptions_canonicalize = {
911 "This is a request for a CANONICALIZED ticket",
912 "This is NOT a canonicalized ticket request"
914 static const true_false_string krb5_kdcoptions_disable_transited_check = {
915 "Transited checking is DISABLED",
916 "Transited checking is NOT disabled"
918 static const true_false_string krb5_kdcoptions_renewable_ok = {
919 "We accept RENEWED tickets",
920 "We do NOT accept renewed tickets"
922 static const true_false_string krb5_kdcoptions_enc_tkt_in_skey = {
923 "ENCrypt TKT in SKEY",
924 "Do NOT encrypt the tkt inside the skey"
926 static const true_false_string krb5_kdcoptions_renew = {
927 "This is a request to RENEW a ticket",
928 "This is NOT a request to renew a ticket"
930 static const true_false_string krb5_kdcoptions_validate = {
931 "This is a request to VALIDATE a postdated ticket",
932 "This is NOT a request to validate a postdated ticket"
935 static int* KDCOptions_bits[] = {
936 &hf_krb_KDCOptions_forwardable,
937 &hf_krb_KDCOptions_forwarded,
938 &hf_krb_KDCOptions_proxyable,
939 &hf_krb_KDCOptions_proxy,
940 &hf_krb_KDCOptions_allow_postdate,
941 &hf_krb_KDCOptions_postdated,
942 &hf_krb_KDCOptions_renewable,
943 &hf_krb_KDCOptions_opt_hardware_auth,
944 &hf_krb_KDCOptions_canonicalize,
945 &hf_krb_KDCOptions_disable_transited_check,
946 &hf_krb_KDCOptions_renewable_ok,
947 &hf_krb_KDCOptions_enc_tkt_in_skey,
948 &hf_krb_KDCOptions_renew,
949 &hf_krb_KDCOptions_validate,
954 dissect_krb5_KDCOptions(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
956 offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, KDCOptions_bits, hf_krb_KDCOptions, ett_krb_KDC_Options, NULL);
961 dissect_krb5_rtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
963 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_rtime);
968 dissect_krb5_ctime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
970 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_ctime);
974 dissect_krb5_cusec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
976 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_cusec, NULL);
981 dissect_krb5_stime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
983 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_stime);
987 dissect_krb5_susec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
989 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_susec, NULL);
995 dissect_krb5_error_code(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
997 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
998 if(krb5_errorcode && check_col(pinfo->cinfo, COL_INFO)) {
999 col_add_fstr(pinfo->cinfo, COL_INFO,
1001 val_to_str(krb5_errorcode, krb5_error_codes,
1002 "Unknown error code %#x"));
1010 dissect_krb5_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1012 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_till);
1016 dissect_krb5_from(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1018 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_from);
1025 dissect_krb5_nonce(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1027 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_nonce, NULL);
1033 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
1036 dissect_krb5_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1040 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &etype);
1042 proto_item_append_text(tree, " %s",
1043 val_to_str(etype, krb5_encryption_types,
1048 static ber_sequence etype_sequence_of[1] = {
1049 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_krb5_etype },
1052 dissect_krb5_etype_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1054 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, etype_sequence_of, hf_krb_etypes, ett_krb_etypes);
1058 static guint32 authenticator_etype;
1060 dissect_krb5_authenticator_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1062 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
1064 proto_item_append_text(tree, " %s",
1065 val_to_str(authenticator_etype, krb5_encryption_types,
1070 static guint32 Ticket_etype;
1072 dissect_krb5_Ticket_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1074 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
1076 proto_item_append_text(tree, " %s",
1077 val_to_str(Ticket_etype, krb5_encryption_types,
1082 static guint32 AP_REP_etype;
1084 dissect_krb5_AP_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1086 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
1088 proto_item_append_text(tree, " %s",
1089 val_to_str(AP_REP_etype, krb5_encryption_types,
1094 static guint32 PA_ENC_TIMESTAMP_etype;
1096 dissect_krb5_PA_ENC_TIMESTAMP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1098 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
1100 proto_item_append_text(tree, " %s",
1101 val_to_str(PA_ENC_TIMESTAMP_etype, krb5_encryption_types,
1109 * HostAddress ::= SEQUENCE {
1110 * addr-type[0] INTEGER,
1111 * address[1] OCTET STRING
1114 static guint32 addr_type;
1115 static int dissect_krb5_addr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1117 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_addr_type, &addr_type);
1120 static int dissect_krb5_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1126 char address_str[256];
1127 proto_item *it=NULL;
1129 /* read header and len for the octet string */
1130 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
1131 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
1137 case KRB5_ADDR_IPv4:
1138 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, FALSE);
1139 sprintf(address_str,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
1141 case KRB5_ADDR_NETBIOS:
1143 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
1144 int netbios_name_type;
1146 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name);
1147 snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
1148 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
1152 proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
1156 /* push it up two levels in the decode pane */
1158 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
1159 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
1165 static ber_sequence HostAddress_sequence[] = {
1166 { BER_CLASS_CON, 0, 0, dissect_krb5_addr_type },
1167 { BER_CLASS_CON, 1, 0, dissect_krb5_address },
1171 dissect_krb5_HostAddress(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1174 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_HostAddress, ett_krb_HostAddress);
1179 dissect_krb5_s_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1182 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_s_address, ett_krb_s_address);
1188 * HostAddresses ::= SEQUENCE OF SEQUENCE {
1189 * addr-type[0] INTEGER,
1190 * address[1] OCTET STRING
1194 static ber_sequence HostAddresses_sequence_of[1] = {
1195 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_HostAddress },
1198 dissect_krb5_HostAddresses(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1200 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, HostAddresses_sequence_of, hf_krb_HostAddresses, ett_krb_HostAddresses);
1208 dissect_krb5_msg_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1212 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_msg_type, &msgtype);
1214 if (do_col_info & check_col(pinfo->cinfo, COL_INFO)) {
1215 col_add_str(pinfo->cinfo, COL_INFO,
1216 val_to_str(msgtype, krb5_msg_types,
1217 "Unknown msg type %#x"));
1221 /* append the application type to the subtree */
1222 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
1230 dissect_krb5_pvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1232 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_pvno, NULL);
1239 * PrincipalName ::= SEQUENCE {
1240 * name-type[0] INTEGER,
1241 * name-string[1] SEQUENCE OF GeneralString
1244 static guint32 name_type;
1246 dissect_krb5_name_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1248 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_name_type, &name_type);
1250 proto_item_append_text(tree, " (%s):",
1251 val_to_str(name_type, krb5_princ_types,
1257 dissect_krb5_name_string(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1259 char name_string[256];
1261 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_name_string, name_string, 255);
1263 proto_item_append_text(tree, " %s", name_string);
1268 static ber_sequence name_stringe_sequence_of[1] = {
1269 { BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_krb5_name_string },
1272 dissect_krb5_name_strings(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1274 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, name_stringe_sequence_of, -1, -1);
1278 static ber_sequence PrincipalName_sequence[] = {
1279 { BER_CLASS_CON, 0, 0, dissect_krb5_name_type },
1280 { BER_CLASS_CON, 1, 0, dissect_krb5_name_strings },
1284 dissect_krb5_sname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1287 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_sname, ett_krb_sname);
1292 dissect_krb5_cname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1295 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_cname, ett_krb_cname);
1302 dissect_krb5_realm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1304 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_realm, NULL, 0);
1309 dissect_krb5_crealm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1311 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_crealm, NULL, 0);
1318 dissect_krb5_PA_PAC_REQUEST_flag(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1320 offset=dissect_ber_boolean(pinfo, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag);
1325 static ber_sequence PA_PAC_REQUEST_sequence[] = {
1326 { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PAC_REQUEST_flag },
1330 dissect_krb5_PA_PAC_REQUEST(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1333 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_PAC_REQUEST_sequence, -1, -1);
1342 dissect_krb5_SignedData(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1349 static char ContentType[64]; /*64 chars should be long enough */
1351 dissect_krb5_ContentInfo_ContentType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1354 offset=dissect_ber_object_identifier(TRUE, pinfo, tree, tvb, offset, hf_krb_contentinfo_contenttype, ContentType);
1359 /* the content of this structure depends on the ContentType object identifier */
1361 dissect_krb5_ContentInfo_content(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1363 if(!strcmp(ContentType, "1.2.840.113549.1.7.2")){
1364 offset=dissect_krb5_SignedData(pinfo, tree, tvb, offset);
1366 proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "ContentInfo: dont know how to parse this type yet.");
1372 static ber_sequence ContentInfo_sequence[] = {
1373 { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_krb5_ContentInfo_ContentType },
1374 { BER_CLASS_CON, 0, 0, dissect_krb5_ContentInfo_content },
1379 dissect_krb5_PA_PK_AS_REQ_signedAuthPack(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1381 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ContentInfo_sequence, hf_krb_signedAuthPack, ett_krb_signedAuthPack);
1387 dissect_krb5_PA_PK_AS_REQ_trustedCertifiers(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1389 BER_NOT_DECODED_YET("trustedCertifiers");
1394 dissect_krb5_PA_PK_AS_REQ_kdcCert(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1396 BER_NOT_DECODED_YET("kdcCert");
1401 dissect_krb5_PA_PK_AS_REQ_encryptionCert(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1403 BER_NOT_DECODED_YET("encryptionCert");
1410 static ber_sequence PA_PK_AS_REQ_sequence[] = {
1411 { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PK_AS_REQ_signedAuthPack },
1412 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_PA_PK_AS_REQ_trustedCertifiers },
1413 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_PA_PK_AS_REQ_kdcCert },
1414 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_PA_PK_AS_REQ_encryptionCert },
1418 dissect_krb5_PA_PK_AS_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1421 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_PK_AS_REQ_sequence, -1, -1);
1428 dissect_krb5_PA_PROV_SRV_LOCATION(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1430 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
1438 dissect_krb5_kvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1440 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_kvno, NULL);
1448 dissect_krb5_seq_number(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1450 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_seq_number, NULL);
1457 #ifdef HAVE_KERBEROS
1459 dissect_krb5_pausec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1461 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_pausec, NULL);
1465 dissect_krb5_patimestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1467 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_patimestamp);
1470 static const ber_sequence PA_ENC_TS_ENC_sequence[] = {
1471 { BER_CLASS_CON, 0, 0, dissect_krb5_patimestamp },
1472 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_pausec },
1476 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1478 guint8 *plaintext=NULL;
1481 length=tvb_length_remaining(tvb, offset);
1483 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
1485 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
1489 plaintext=decrypt_krb5_data(pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype);
1494 next_tvb = tvb_new_real_data (plaintext,
1497 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
1499 /* Add the decrypted data to the data source list. */
1500 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
1503 offset=dissect_ber_sequence(FALSE, pinfo, tree, next_tvb, 0, PA_ENC_TS_ENC_sequence, -1, -1);
1512 dissect_krb5_encrypted_PA_ENC_TIMESTAMP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1514 #ifdef HAVE_KERBEROS
1515 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
1517 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, NULL);
1521 static ber_sequence PA_ENC_TIMESTAMP_sequence[] = {
1522 { BER_CLASS_CON, 0, 0,
1523 dissect_krb5_PA_ENC_TIMESTAMP_etype },
1524 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
1525 dissect_krb5_kvno },
1526 { BER_CLASS_CON, 2, 0,
1527 dissect_krb5_encrypted_PA_ENC_TIMESTAMP },
1531 dissect_krb5_PA_ENC_TIMESTAMP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1533 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENC_TIMESTAMP_sequence, -1, -1);
1541 dissect_krb5_etype_info_salt(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1543 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_etype_info_salt, NULL);
1547 static ber_sequence PA_ENCTYPE_INFO_ENTRY_sequence[] = {
1548 { BER_CLASS_CON, 0, 0,
1549 dissect_krb5_etype },
1550 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
1551 dissect_krb5_etype_info_salt },
1555 dissect_krb5_PA_ENCTYPE_INFO_ENTRY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1557 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO_ENTRY_sequence, -1, -1);
1562 static ber_sequence PA_ENCTYPE_INFO_sequence_of[1] = {
1563 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO_ENTRY },
1566 dissect_krb5_PA_ENCTYPE_INFO(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1568 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO_sequence_of, -1, -1);
1574 * PA-DATA ::= SEQUENCE {
1575 * padata-type[1] INTEGER,
1576 * padata-value[2] OCTET STRING,
1577 * -- might be encoded AP-REQ
1580 guint32 krb_PA_DATA_type;
1582 dissect_krb5_PA_DATA_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1584 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
1585 krb_PA_DATA_type&=0xff; /*this is really just one single byte */
1588 proto_item_append_text(tree, " %s",
1589 val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
1595 dissect_krb5_PA_DATA_value(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
1597 proto_tree *tree=parent_tree;
1599 if(ber_last_created_item){
1600 tree=proto_item_add_subtree(ber_last_created_item, ett_krb_PA_DATA_tree);
1604 switch(krb_PA_DATA_type){
1605 case KRB5_PA_TGS_REQ:
1606 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_application_choice);
1608 case KRB5_PA_PK_AS_REQ:
1609 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PK_AS_REQ);
1611 case KRB5_PA_PAC_REQUEST:
1612 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PAC_REQUEST);
1614 case KRB5_PA_PROV_SRV_LOCATION:
1615 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PROV_SRV_LOCATION);
1617 case KRB5_PA_ENC_TIMESTAMP:
1618 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENC_TIMESTAMP);
1620 case KRB5_PA_ENCTYPE_INFO:
1621 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
1624 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
1630 static ber_sequence PA_DATA_sequence[] = {
1631 { BER_CLASS_CON, 1, 0, dissect_krb5_PA_DATA_type },
1632 { BER_CLASS_CON, 2, 0, dissect_krb5_PA_DATA_value },
1636 dissect_krb5_PA_DATA(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1638 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_DATA_sequence, -1, -1);
1647 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
1650 static ber_sequence PA_DATA_sequence_of[1] = {
1651 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_DATA },
1654 dissect_krb5_padata(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1656 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_DATA_sequence_of, hf_krb_padata, ett_krb_padata);
1664 static const true_false_string krb5_ticketflags_forwardable = {
1665 "FORWARDABLE tickets are allowed/requested",
1666 "Do NOT use forwardable tickets"
1668 static const true_false_string krb5_ticketflags_forwarded = {
1669 "This ticket has been FORWARDED",
1670 "This is NOT a forwarded ticket"
1672 static const true_false_string krb5_ticketflags_proxyable = {
1673 "PROXIABLE tickets are allowed/requested",
1674 "Do NOT use proxiable tickets"
1676 static const true_false_string krb5_ticketflags_proxy = {
1677 "This is a PROXY ticket",
1678 "This ticket has NOT been proxied"
1680 static const true_false_string krb5_ticketflags_allow_postdate = {
1681 "We allow the ticket to be POSTDATED",
1682 "We do NOT allow the ticket to be postdated"
1684 static const true_false_string krb5_ticketflags_postdated = {
1685 "This ticket is POSTDATED",
1686 "This ticket is NOT postdated"
1688 static const true_false_string krb5_ticketflags_invalid = {
1689 "This ticket is INVALID",
1690 "This ticket is NOT invalid"
1692 static const true_false_string krb5_ticketflags_renewable = {
1693 "This ticket is RENEWABLE",
1694 "This ticket is NOT renewable"
1696 static const true_false_string krb5_ticketflags_initial = {
1697 "This ticket was granted by AS and not TGT protocol",
1698 "This ticket was granted by TGT and not as protocol"
1700 static const true_false_string krb5_ticketflags_pre_auth = {
1701 "The client was PRE-AUTHenticated",
1702 "The client was NOT pre-authenticated"
1704 static const true_false_string krb5_ticketflags_hw_auth = {
1705 "The client was authenticated by HardWare",
1706 "The client was NOT authenticated using hardware"
1708 static const true_false_string krb5_ticketflags_transited_policy_checked = {
1709 "Kdc has performed TRANSITED POLICY CHECKING",
1710 "Kdc has NOT performed transited policy checking"
1712 static const true_false_string krb5_ticketflags_ok_as_delegate = {
1713 "This ticket is OK AS a DELEGATED ticket",
1714 "This ticket is NOT ok as a delegated ticket"
1717 static int* TicketFlags_bits[] = {
1718 &hf_krb_TicketFlags_forwardable,
1719 &hf_krb_TicketFlags_forwarded,
1720 &hf_krb_TicketFlags_proxyable,
1721 &hf_krb_TicketFlags_proxy,
1722 &hf_krb_TicketFlags_allow_postdate,
1723 &hf_krb_TicketFlags_postdated,
1724 &hf_krb_TicketFlags_invalid,
1725 &hf_krb_TicketFlags_renewable,
1726 &hf_krb_TicketFlags_initial,
1727 &hf_krb_TicketFlags_pre_auth,
1728 &hf_krb_TicketFlags_hw_auth,
1729 &hf_krb_TicketFlags_transited_policy_checked,
1730 &hf_krb_TicketFlags_ok_as_delegate,
1735 dissect_krb5_TicketFlags(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1737 offset=dissect_ber_bitstring32(FALSE, pinfo, tree, tvb, offset, TicketFlags_bits, hf_krb_TicketFlags, ett_krb_Ticket_Flags, NULL);
1742 static guint32 keytype;
1744 dissect_krb5_keytype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1746 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_keytype, &keytype);
1748 proto_item_append_text(tree, " %s",
1749 val_to_str(keytype, krb5_encryption_types,
1754 static int keylength;
1755 static const char *keyvalue;
1757 store_keyvalue(packet_info *pinfo _U_, proto_tree *tree _U_, tvbuff_t *tvb, int offset)
1759 keylength=tvb_length_remaining(tvb, offset);
1760 keyvalue=tvb_get_ptr(tvb, offset, keylength);
1764 dissect_krb5_keyvalue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1766 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_keyvalue, store_keyvalue);
1772 * EncryptionKey ::= SEQUENCE {
1774 * keyvalue [1] octet string
1776 static ber_sequence EncryptionKey_sequence[] = {
1777 { BER_CLASS_CON, 0, 0,
1778 dissect_krb5_keytype },
1779 { BER_CLASS_CON, 1, 0,
1780 dissect_krb5_keyvalue },
1784 dissect_krb5_key(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1786 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncryptionKey_sequence, hf_krb_key, ett_krb_key);
1788 #ifdef HAVE_KERBEROS
1789 add_encryption_key(pinfo, keytype, keylength, keyvalue);
1794 dissect_krb5_subkey(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1796 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncryptionKey_sequence, hf_krb_subkey, ett_krb_subkey);
1797 #ifdef HAVE_KERBEROS
1798 add_encryption_key(pinfo, keytype, keylength, keyvalue);
1806 dissect_krb5_PAC_LOGON_INFO(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
1808 proto_item *item=NULL;
1809 proto_tree *tree=NULL;
1810 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
1811 dcerpc_info di; /* fake dcerpc_info struct */
1812 void *old_private_data;
1814 item=proto_tree_add_item(parent_tree, hf_krb_PAC_LOGON_INFO, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1816 tree=proto_item_add_subtree(item, ett_krb_PAC_LOGON_INFO);
1819 /* skip the first 20 bytes, they look like a unique ndr pointer
1820 followed by (where did it come from?) a contect_handle ?*/
1821 proto_tree_add_text(tree, tvb, offset, 20, "unknown: is this an undocumented policy handle?");
1825 /* the PAC_LOGON_INFO blob */
1826 /* fake whatever state the dcerpc runtime support needs */
1827 di.conformant_run=0;
1829 old_private_data=pinfo->private_data;
1830 pinfo->private_data=&di;
1831 init_ndr_pointer_list(pinfo);
1832 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
1833 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_REF,
1834 "PAC_LOGON_INFO:", -1);
1835 pinfo->private_data=old_private_data;
1841 dissect_krb5_PAC_CREDENTIAL_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
1843 proto_item *item=NULL;
1844 proto_tree *tree=NULL;
1846 item=proto_tree_add_item(parent_tree, hf_krb_PAC_CREDENTIAL_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1848 tree=proto_item_add_subtree(item, ett_krb_PAC_CREDENTIAL_TYPE);
1856 dissect_krb5_PAC_SERVER_CHECKSUM(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
1858 proto_item *item=NULL;
1859 proto_tree *tree=NULL;
1861 item=proto_tree_add_item(parent_tree, hf_krb_PAC_SERVER_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1863 tree=proto_item_add_subtree(item, ett_krb_PAC_SERVER_CHECKSUM);
1866 /* signature type */
1867 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, TRUE);
1870 /* signature data */
1871 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1877 dissect_krb5_PAC_PRIVSVR_CHECKSUM(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
1879 proto_item *item=NULL;
1880 proto_tree *tree=NULL;
1882 item=proto_tree_add_item(parent_tree, hf_krb_PAC_PRIVSVR_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1884 tree=proto_item_add_subtree(item, ett_krb_PAC_PRIVSVR_CHECKSUM);
1887 /* signature type */
1888 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, TRUE);
1891 /* signature data */
1892 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1898 dissect_krb5_PAC_CLIENT_INFO_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
1900 proto_item *item=NULL;
1901 proto_tree *tree=NULL;
1905 item=proto_tree_add_item(parent_tree, hf_krb_PAC_CLIENT_INFO_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
1907 tree=proto_item_add_subtree(item, ett_krb_PAC_CLIENT_INFO_TYPE);
1911 offset = dissect_smb_64bit_time(tvb, tree, offset,
1912 hf_krb_pac_clientid);
1915 namelen=tvb_get_letohs(tvb, offset);
1916 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
1920 name=tvb_fake_unicode(tvb, offset, namelen/2, TRUE);
1921 proto_tree_add_string(tree, hf_krb_pac_clientname, tvb, offset, namelen, name);
1928 dissect_krb5_AD_WIN2K_PAC_struct(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1933 proto_item *it=NULL;
1934 proto_tree *tr=NULL;
1937 /* type of pac data */
1938 pac_type=tvb_get_letohl(tvb, offset);
1939 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
1941 tr=proto_item_add_subtree(it, ett_krb_PAC);
1946 /* size of pac data */
1947 pac_size=tvb_get_letohl(tvb, offset);
1948 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
1951 /* offset to pac data */
1952 pac_offset=tvb_get_letohl(tvb, offset);
1953 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
1957 next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size);
1959 case PAC_LOGON_INFO:
1960 dissect_krb5_PAC_LOGON_INFO(pinfo, tr, next_tvb, 0);
1962 case PAC_CREDENTIAL_TYPE:
1963 dissect_krb5_PAC_CREDENTIAL_TYPE(pinfo, tr, next_tvb, 0);
1965 case PAC_SERVER_CHECKSUM:
1966 dissect_krb5_PAC_SERVER_CHECKSUM(pinfo, tr, next_tvb, 0);
1968 case PAC_PRIVSVR_CHECKSUM:
1969 dissect_krb5_PAC_PRIVSVR_CHECKSUM(pinfo, tr, next_tvb, 0);
1971 case PAC_CLIENT_INFO_TYPE:
1972 dissect_krb5_PAC_CLIENT_INFO_TYPE(pinfo, tr, next_tvb, 0);
1981 dissect_krb5_AD_WIN2K_PAC(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1987 /* first in the PAC structure comes the number of entries */
1988 entries=tvb_get_letohl(tvb, offset);
1989 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
1992 /* second comes the version */
1993 version=tvb_get_letohl(tvb, offset);
1994 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
1997 for(i=0;i<entries;i++){
1998 offset=dissect_krb5_AD_WIN2K_PAC_struct(pinfo, tree, tvb, offset);
2004 static guint32 IF_RELEVANT_type;
2006 dissect_krb5_IF_RELEVANT_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2008 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
2010 proto_item_append_text(tree, " %s",
2011 val_to_str(IF_RELEVANT_type, krb5_ad_types,
2017 dissect_krb5_IF_RELEVANT_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2019 switch(IF_RELEVANT_type){
2020 case KRB5_AD_WIN2K_PAC:
2021 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_WIN2K_PAC);
2024 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_value, NULL);
2028 static ber_sequence IF_RELEVANT_item_sequence[] = {
2029 { BER_CLASS_CON, 0, 0,
2030 dissect_krb5_IF_RELEVANT_type },
2031 { BER_CLASS_CON, 1, 0,
2032 dissect_krb5_IF_RELEVANT_value },
2036 dissect_krb5_IF_RELEVANT_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2038 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, IF_RELEVANT_item_sequence, hf_krb_IF_RELEVANT, ett_krb_IF_RELEVANT);
2043 static ber_sequence IF_RELEVANT_sequence_of[1] = {
2044 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_IF_RELEVANT_item },
2048 dissect_krb5_IF_RELEVANT(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2050 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, IF_RELEVANT_sequence_of, -1, -1);
2055 static guint32 adtype;
2057 dissect_krb5_adtype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2059 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_adtype, &adtype);
2061 proto_item_append_text(tree, " %s",
2062 val_to_str(adtype, krb5_ad_types,
2068 dissect_krb5_advalue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2071 case KRB5_AD_IF_RELEVANT:
2072 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, dissect_krb5_IF_RELEVANT);
2075 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_advalue, NULL);
2080 * AuthorizationData ::= SEQUENCE {
2082 * ad-data [1] octet string
2084 static ber_sequence AuthorizationData_item_sequence[] = {
2085 { BER_CLASS_CON, 0, 0,
2086 dissect_krb5_adtype },
2087 { BER_CLASS_CON, 1, 0,
2088 dissect_krb5_advalue },
2092 dissect_krb5_AuthorizationData_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2094 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AuthorizationData_item_sequence, hf_krb_AuthorizationData, ett_krb_AuthorizationData);
2099 static ber_sequence AuthorizationData_sequence_of[1] = {
2100 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_AuthorizationData_item },
2103 dissect_krb5_AuthorizationData(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2105 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, AuthorizationData_sequence_of, -1, -1);
2112 dissect_krb5_transited_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2116 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_transitedtype, &trtype);
2118 proto_item_append_text(tree, " %s",
2119 val_to_str(trtype, krb5_transited_types,
2126 dissect_krb5_transited_contents(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2128 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_transitedcontents, NULL);
2133 * TransitedEncoding ::= SEQUENCE {
2135 * contents [1] octet string
2137 static ber_sequence TransitedEncoding_sequence[] = {
2138 { BER_CLASS_CON, 0, 0,
2139 dissect_krb5_transited_type },
2140 { BER_CLASS_CON, 1, 0,
2141 dissect_krb5_transited_contents },
2145 dissect_krb5_transited(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2147 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, TransitedEncoding_sequence, hf_krb_TransitedEncoding, ett_krb_TransitedEncoding);
2154 dissect_krb5_authtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2156 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_authtime);
2160 dissect_krb5_starttime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2162 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_starttime);
2166 dissect_krb5_endtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2168 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_endtime);
2172 dissect_krb5_renew_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2174 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_renew_till);
2179 * EncTicketPart ::= SEQUENCE {
2180 * flags [0] TicketFlags,
2181 * key [1] EncryptionKey,
2183 * cname [3] PrincipalName,
2184 * transited [4] TransitedEncoding,
2185 * authtime [5] KerberosTime,
2186 * starttime [6] KerberosTime OPTIONAL,
2187 * endtime [7] KerberosTime,
2188 * renew-till [8] KerberosTime OPTIONAL,
2189 * caddr [9] HostAddresses OPTIONAL,
2190 * authorization-data [10] AuthorizationData OPTIONAL
2193 static ber_sequence EncTicketPart_sequence[] = {
2194 { BER_CLASS_CON, 0, 0,
2195 dissect_krb5_TicketFlags },
2196 { BER_CLASS_CON, 1, 0,
2198 { BER_CLASS_CON, 2, 0,
2199 dissect_krb5_crealm },
2200 { BER_CLASS_CON, 3, 0,
2201 dissect_krb5_cname },
2202 { BER_CLASS_CON, 4, 0,
2203 dissect_krb5_transited },
2204 { BER_CLASS_CON, 5, 0,
2205 dissect_krb5_authtime },
2206 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2207 dissect_krb5_starttime },
2208 { BER_CLASS_CON, 7, 0,
2209 dissect_krb5_endtime },
2210 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
2211 dissect_krb5_renew_till },
2212 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
2213 dissect_krb5_HostAddresses },
2214 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
2215 dissect_krb5_AuthorizationData },
2219 dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2221 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncTicketPart_sequence, hf_krb_EncTicketPart, ett_krb_EncTicketPart);
2232 * EncAPRepPart ::= SEQUENCE {
2233 * ctime [0] KerberosTime
2234 * cusec [1] Microseconds
2235 * subkey [2] encryptionKey OPTIONAL
2236 * seq-number [3] uint32 OPTIONAL
2239 static ber_sequence EncAPRepPart_sequence[] = {
2240 { BER_CLASS_CON, 0, 0,
2241 dissect_krb5_ctime },
2242 { BER_CLASS_CON, 1, 0,
2243 dissect_krb5_cusec },
2244 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
2245 dissect_krb5_subkey },
2246 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2247 dissect_krb5_seq_number },
2251 dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2253 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncAPRepPart_sequence, hf_krb_EncAPRepPart, ett_krb_EncAPRepPart);
2260 static guint32 lr_type;
2261 static const value_string krb5_lr_types[] = {
2262 { 0 , "No information available" },
2263 { 1 , "Time of last initial TGT request" },
2264 { 2 , "Time of last initial request" },
2265 { 3 , "Time of issue of latest TGT ticket" },
2266 { 4 , "Time of last renewal" },
2267 { 5 , "Time of last request" },
2268 { 6 , "Time when password will expire" },
2269 { 7 , "Time when account will expire" },
2273 dissect_krb5_lr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2275 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_lr_type, &lr_type);
2280 dissect_krb5_lr_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2282 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_lr_time);
2287 static ber_sequence LastReq_sequence[] = {
2288 { BER_CLASS_CON, 0, 0,
2289 dissect_krb5_lr_type },
2290 { BER_CLASS_CON, 1, 0,
2291 dissect_krb5_lr_value },
2295 dissect_krb5_LastReq(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2297 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, LastReq_sequence, hf_krb_LastReq, ett_krb_LastReq);
2301 static ber_sequence LastReq_sequence_of[1] = {
2302 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_LastReq },
2305 dissect_krb5_LastReq_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2307 offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, LastReq_sequence_of, hf_krb_LastReqs, ett_krb_LastReqs);
2313 dissect_krb5_key_expiration(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2315 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_key_expire);
2319 static ber_sequence EncKDCRepPart_sequence[] = {
2320 { BER_CLASS_CON, 0, 0,
2322 { BER_CLASS_CON, 1, 0,
2323 dissect_krb5_LastReq_sequence_of },
2324 { BER_CLASS_CON, 2, 0,
2325 dissect_krb5_nonce },
2326 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2327 dissect_krb5_key_expiration },
2328 { BER_CLASS_CON, 4, 0,
2329 dissect_krb5_TicketFlags },
2330 { BER_CLASS_CON, 5, 0,
2331 dissect_krb5_authtime },
2332 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2333 dissect_krb5_starttime },
2334 { BER_CLASS_CON, 7, 0,
2335 dissect_krb5_endtime },
2336 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
2337 dissect_krb5_renew_till },
2338 { BER_CLASS_CON, 9, 0,
2339 dissect_krb5_realm },
2340 { BER_CLASS_CON, 10, 0,
2341 dissect_krb5_sname },
2342 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
2343 dissect_krb5_HostAddresses },
2347 dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2349 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncKDCRepPart_sequence, hf_krb_EncKDCRepPart, ett_krb_EncKDCRepPart);
2356 dissect_krb5_authenticator_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2358 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
2365 dissect_krb5_checksum_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2367 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_checksum_type, NULL);
2372 dissect_krb5_checksum_checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2374 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
2379 * Checksum ::= SEQUENCE {
2382 static ber_sequence Checksum_sequence[] = {
2383 { BER_CLASS_CON, 0, 0,
2384 dissect_krb5_checksum_type },
2385 { BER_CLASS_CON, 1, 0,
2386 dissect_krb5_checksum_checksum },
2390 dissect_krb5_Checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2392 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Checksum_sequence, hf_krb_Checksum, ett_krb_Checksum);
2398 * Authenticator ::= SEQUENCE {
2399 * authenticator-vno [0] integer
2401 * cname [2] PrincipalName
2402 * cksum [3] Checksum OPTIONAL
2403 * cusec [4] Microseconds
2404 * ctime [5] KerberosTime
2405 * subkey [6] encryptionKey OPTIONAL
2406 * seq-number [7] uint32 OPTIONAL
2407 * authorization-data [8] AuthorizationData OPTIONAL
2410 static ber_sequence Authenticator_sequence[] = {
2411 { BER_CLASS_CON, 0, 0,
2412 dissect_krb5_authenticator_vno },
2413 { BER_CLASS_CON, 1, 0,
2414 dissect_krb5_crealm },
2415 { BER_CLASS_CON, 2, 0,
2416 dissect_krb5_cname },
2417 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2418 dissect_krb5_Checksum },
2419 { BER_CLASS_CON, 4, 0,
2420 dissect_krb5_cusec },
2421 { BER_CLASS_CON, 5, 0,
2422 dissect_krb5_ctime },
2423 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2424 dissect_krb5_subkey },
2425 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
2426 dissect_krb5_seq_number },
2427 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
2428 dissect_krb5_AuthorizationData },
2432 dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2434 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Authenticator_sequence, hf_krb_Authenticator, ett_krb_Authenticator);
2441 * PRIV-BODY ::= SEQUENCE {
2442 * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
2444 * msg-type[1] INTEGER,
2445 * enc-part[3] EncryptedData
2449 dissect_krb5_encrypted_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2451 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
2454 static ber_sequence ENC_PRIV_sequence[] = {
2455 { BER_CLASS_CON, 0, 0,
2456 dissect_krb5_etype },
2457 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2458 dissect_krb5_kvno },
2459 { BER_CLASS_CON, 2, 0,
2460 dissect_krb5_encrypted_PRIV },
2464 dissect_krb5_ENC_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2466 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ENC_PRIV_sequence, hf_krb_ENC_PRIV, ett_krb_PRIV_enc);
2469 static ber_sequence PRIV_BODY_sequence[] = {
2470 { BER_CLASS_CON, 0, 0,
2471 dissect_krb5_pvno },
2472 { BER_CLASS_CON, 1, 0,
2473 dissect_krb5_msg_type },
2474 { BER_CLASS_CON, 3, 0,
2475 dissect_krb5_ENC_PRIV },
2479 dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2482 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PRIV_BODY_sequence, hf_krb_PRIV_BODY, ett_krb_PRIV);
2489 dissect_krb5_SAFE_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2491 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, NULL);
2495 dissect_krb5_SAFE_BODY_timestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2497 offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
2502 dissect_krb5_SAFE_BODY_usec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2504 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
2508 static ber_sequence SAFE_BODY_sequence[] = {
2509 { BER_CLASS_CON, 0, 0,
2510 dissect_krb5_SAFE_BODY_user_data },
2511 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2512 dissect_krb5_SAFE_BODY_timestamp },
2513 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
2514 dissect_krb5_SAFE_BODY_usec },
2515 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2516 dissect_krb5_seq_number },
2517 /*XXX this one is OPTIONAL in packetcable? but mandatory in kerberos */
2518 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
2519 dissect_krb5_s_address },
2520 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
2521 dissect_krb5_HostAddresses },
2525 dissect_krb5_SAFE_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2528 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_BODY_sequence, -1, -1);
2535 static ber_sequence SAFE_sequence[] = {
2536 { BER_CLASS_CON, 0, 0,
2537 dissect_krb5_pvno },
2538 { BER_CLASS_CON, 1, 0,
2539 dissect_krb5_msg_type },
2540 { BER_CLASS_CON, 2, 0,
2541 dissect_krb5_SAFE_BODY },
2542 { BER_CLASS_CON, 3, 0,
2543 dissect_krb5_Checksum },
2547 dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2550 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_sequence, -1, -1);
2557 * KDC-REQ-BODY ::= SEQUENCE {
2558 * kdc-options[0] KDCOptions,
2559 * cname[1] PrincipalName OPTIONAL,
2560 * -- Used only in AS-REQ
2561 * realm[2] Realm, -- Server's realm
2562 * -- Also client's in AS-REQ
2563 * sname[3] PrincipalName OPTIONAL,
2564 * from[4] KerberosTime OPTIONAL,
2565 * till[5] KerberosTime,
2566 * rtime[6] KerberosTime OPTIONAL,
2568 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
2569 * -- in preference order
2570 * addresses[9] HostAddresses OPTIONAL,
2571 * enc-authorization-data[10] EncryptedData OPTIONAL,
2572 * -- Encrypted AuthorizationData encoding
2573 * additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
2577 static ber_sequence KDC_REQ_BODY_sequence[] = {
2578 { BER_CLASS_CON, 0, 0,
2579 dissect_krb5_KDCOptions },
2580 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2581 dissect_krb5_cname },
2582 { BER_CLASS_CON, 2, 0,
2583 dissect_krb5_realm},
2584 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2585 dissect_krb5_sname },
2586 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
2587 dissect_krb5_from },
2588 /* this field is not optional in the kerberos spec,
2589 * however, in the packetcable spec it is optional.
2590 * make it optional here since normal kerberos will
2591 * still decode the pdu correctly.
2593 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
2594 dissect_krb5_till },
2595 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
2596 dissect_krb5_rtime },
2597 { BER_CLASS_CON, 7, 0,
2598 dissect_krb5_nonce },
2599 { BER_CLASS_CON, 8, 0,
2600 dissect_krb5_etype_sequence_of },
2601 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
2602 dissect_krb5_HostAddresses },
2603 /* XXX [10] and [11] enc-authorization-data and additional-tickets should be added */
2607 dissect_krb5_KDC_REQ_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2610 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_BODY_sequence, hf_krb_KDC_REQ_BODY, ett_krb_request);
2618 * KDC-REQ ::= SEQUENCE {
2620 * msg-type[2] INTEGER,
2621 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
2622 * req-body[4] KDC-REQ-BODY
2625 static ber_sequence KDC_REQ_sequence[] = {
2626 { BER_CLASS_CON, 1, 0,
2627 dissect_krb5_pvno },
2628 { BER_CLASS_CON, 2, 0,
2629 dissect_krb5_msg_type },
2630 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
2631 dissect_krb5_padata },
2632 { BER_CLASS_CON, 4, 0,
2633 dissect_krb5_KDC_REQ_BODY },
2637 dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2639 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_sequence, -1, -1);
2645 #ifdef HAVE_KERBEROS
2647 dissect_krb5_decrypt_authenticator_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2649 guint8 *plaintext=NULL;
2652 length=tvb_length_remaining(tvb, offset);
2654 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
2656 * Authenticators are encrypted with usage
2661 plaintext=decrypt_krb5_data(pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
2664 plaintext=decrypt_krb5_data(pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
2669 next_tvb = tvb_new_real_data (plaintext,
2672 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
2674 /* Add the decrypted data to the data source list. */
2675 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
2678 offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
2687 * EncryptedData ::= SEQUENCE {
2688 * etype[0] INTEGER, -- EncryptionType
2689 * kvno[1] INTEGER OPTIONAL,
2690 * cipher[2] OCTET STRING -- ciphertext
2694 dissect_krb5_encrypted_authenticator_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2696 #ifdef HAVE_KERBEROS
2697 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_authenticator_data, dissect_krb5_decrypt_authenticator_data);
2699 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_authenticator_data, NULL);
2703 static ber_sequence encrypted_authenticator_sequence[] = {
2704 { BER_CLASS_CON, 0, 0,
2705 dissect_krb5_authenticator_etype },
2706 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2707 dissect_krb5_kvno },
2708 { BER_CLASS_CON, 2, 0,
2709 dissect_krb5_encrypted_authenticator_data },
2713 dissect_krb5_encrypted_authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2715 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_authenticator_sequence, hf_krb_authenticator_enc, ett_krb_authenticator_enc);
2724 dissect_krb5_tkt_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2726 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_tkt_vno, NULL);
2731 #ifdef HAVE_KERBEROS
2733 dissect_krb5_decrypt_Ticket_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2738 length=tvb_length_remaining(tvb, offset);
2740 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
2742 * All Ticket encrypted parts use usage == 2
2744 if( (plaintext=decrypt_krb5_data(pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype)) ){
2746 next_tvb = tvb_new_real_data (plaintext,
2749 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
2751 /* Add the decrypted data to the data source list. */
2752 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
2755 offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
2763 dissect_krb5_encrypted_Ticket_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2765 #ifdef HAVE_KERBEROS
2766 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_Ticket_data, dissect_krb5_decrypt_Ticket_data);
2768 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_Ticket_data, NULL);
2772 static ber_sequence encrypted_Ticket_sequence[] = {
2773 { BER_CLASS_CON, 0, 0,
2774 dissect_krb5_Ticket_etype },
2775 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2776 dissect_krb5_kvno },
2777 { BER_CLASS_CON, 2, 0,
2778 dissect_krb5_encrypted_Ticket_data },
2782 dissect_krb5_Ticket_encrypted(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2784 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_Ticket_sequence, hf_krb_ticket_enc, ett_krb_ticket_enc);
2789 static ber_sequence Application_1_sequence[] = {
2790 { BER_CLASS_CON, 0, 0,
2791 dissect_krb5_tkt_vno },
2792 { BER_CLASS_CON, 1, 0,
2793 dissect_krb5_realm },
2794 { BER_CLASS_CON, 2, 0,
2795 dissect_krb5_sname },
2796 { BER_CLASS_CON, 3, 0,
2797 dissect_krb5_Ticket_encrypted },
2801 dissect_krb5_Application_1(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2803 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, Application_1_sequence, hf_krb_ticket, ett_krb_ticket);
2810 static const ber_choice Ticket_choice[] = {
2811 { 1, BER_CLASS_APP, 1, 0,
2812 dissect_krb5_Application_1 },
2813 { 0, 0, 0, 0, NULL }
2816 dissect_krb5_Ticket(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2818 offset=dissect_ber_choice(pinfo, tree, tvb, offset, Ticket_choice, -1, -1);
2827 * AP-REQ ::= [APPLICATION 14] SEQUENCE {
2829 * msg-type[1] INTEGER,
2830 * ap-options[2] APOptions,
2832 * authenticator[4] EncryptedData
2835 static ber_sequence AP_REQ_sequence[] = {
2836 { BER_CLASS_CON, 0, 0,
2837 dissect_krb5_pvno },
2838 { BER_CLASS_CON, 1, 0,
2839 dissect_krb5_msg_type },
2840 { BER_CLASS_CON, 2, 0,
2841 dissect_krb5_APOptions },
2842 { BER_CLASS_CON, 3, 0,
2843 dissect_krb5_Ticket },
2844 { BER_CLASS_CON, 4, 0,
2845 dissect_krb5_encrypted_authenticator },
2849 dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2851 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AP_REQ_sequence, -1, -1);
2859 #ifdef HAVE_KERBEROS
2861 dissect_krb5_decrypt_AP_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2863 guint8 *plaintext=NULL;
2866 length=tvb_length_remaining(tvb, offset);
2868 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
2870 * Authenticators are encrypted with usage
2875 plaintext=decrypt_krb5_data(pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype);
2880 next_tvb = tvb_new_real_data (plaintext,
2883 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
2885 /* Add the decrypted data to the data source list. */
2886 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
2889 offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
2898 dissect_krb5_encrypted_AP_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2900 #ifdef HAVE_KERBEROS
2901 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, dissect_krb5_decrypt_AP_REP_data);
2903 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, NULL);
2907 static ber_sequence encrypted_AP_REP_sequence[] = {
2908 { BER_CLASS_CON, 0, 0,
2909 dissect_krb5_AP_REP_etype },
2910 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2911 dissect_krb5_kvno },
2912 { BER_CLASS_CON, 2, 0,
2913 dissect_krb5_encrypted_AP_REP_data },
2917 dissect_krb5_encrypted_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2919 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_AP_REP_sequence, hf_krb_AP_REP_enc, ett_krb_AP_REP_enc);
2925 * AP-REP ::= [APPLICATION 15] SEQUENCE {
2927 * msg-type[1] INTEGER,
2928 * enc-part[2] EncryptedData
2931 static ber_sequence AP_REP_sequence[] = {
2932 { BER_CLASS_CON, 0, 0,
2933 dissect_krb5_pvno },
2934 { BER_CLASS_CON, 1, 0,
2935 dissect_krb5_msg_type },
2936 { BER_CLASS_CON, 2, 0,
2937 dissect_krb5_encrypted_AP_REP },
2941 dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2943 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, AP_REP_sequence, -1, -1);
2952 static guint32 KDC_REP_etype;
2954 dissect_krb5_KDC_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2956 offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
2958 proto_item_append_text(tree, " %s",
2959 val_to_str(KDC_REP_etype, krb5_encryption_types,
2965 #ifdef HAVE_KERBEROS
2967 dissect_krb5_decrypt_KDC_REP_data (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
2969 guint8 *plaintext=NULL;
2972 length=tvb_length_remaining(tvb, offset);
2974 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
2976 * ASREP/TGSREP encryptedparts are encrypted with usage
2982 plaintext=decrypt_krb5_data(pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
2985 plaintext=decrypt_krb5_data(pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
2988 plaintext=decrypt_krb5_data(pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
2993 next_tvb = tvb_new_real_data (plaintext,
2996 tvb_set_child_real_data_tvbuff(tvb, next_tvb);
2998 /* Add the decrypted data to the data source list. */
2999 add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
3002 offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
3011 dissect_krb5_encrypted_KDC_REP_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3013 #ifdef HAVE_KERBEROS
3014 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, dissect_krb5_decrypt_KDC_REP_data);
3016 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, NULL);
3020 static ber_sequence encrypted_KDC_REP_sequence[] = {
3021 { BER_CLASS_CON, 0, 0,
3022 dissect_krb5_KDC_REP_etype },
3023 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3024 dissect_krb5_kvno },
3025 { BER_CLASS_CON, 2, 0,
3026 dissect_krb5_encrypted_KDC_REP_data },
3030 dissect_krb5_encrypted_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3032 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_KDC_REP_sequence, hf_krb_KDC_REP_enc, ett_krb_KDC_REP_enc);
3038 * KDC-REP ::= SEQUENCE {
3040 * msg-type[1] INTEGER,
3041 * padata[2] SEQUENCE OF PA-DATA OPTIONAL,
3043 * cname[4] PrincipalName,
3045 * enc-part[6] EncryptedData
3048 static ber_sequence KDC_REP_sequence[] = {
3049 { BER_CLASS_CON, 0, 0,
3050 dissect_krb5_pvno },
3051 { BER_CLASS_CON, 1, 0,
3052 dissect_krb5_msg_type },
3053 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3054 dissect_krb5_padata },
3055 { BER_CLASS_CON, 3, 0,
3056 dissect_krb5_crealm },
3057 { BER_CLASS_CON, 4, 0,
3058 dissect_krb5_cname },
3059 { BER_CLASS_CON, 5, 0,
3060 dissect_krb5_Ticket },
3061 { BER_CLASS_CON, 6, 0,
3062 dissect_krb5_encrypted_KDC_REP },
3066 dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3068 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REP_sequence, -1, -1);
3077 dissect_krb5_e_text(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3079 offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_e_text, NULL, 0);
3084 dissect_krb5_e_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3086 switch(krb5_errorcode){
3087 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
3088 offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, dissect_krb5_padata);
3092 offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, NULL);
3099 * KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
3101 * msg-type[1] INTEGER,
3102 * ctime[2] KerberosTime OPTIONAL,
3103 * cusec[3] INTEGER OPTIONAL,
3104 * stime[4] KerberosTime,
3106 * error-code[6] INTEGER,
3107 * crealm[7] Realm OPTIONAL,
3108 * cname[8] PrincipalName OPTIONAL,
3109 * realm[9] Realm, -- Correct realm
3110 * sname[10] PrincipalName, -- Correct name
3111 * e-text[11] GeneralString OPTIONAL,
3112 * e-data[12] OCTET STRING OPTIONAL
3115 * e-data This field contains additional data about the error for use
3116 * by the application to help it recover from or handle the
3117 * error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
3118 * the e-data field will contain an encoding of a sequence of
3119 * padata fields, each corresponding to an acceptable pre-
3120 * authentication method and optionally containing data for
3123 static ber_sequence ERROR_sequence[] = {
3124 { BER_CLASS_CON, 0, 0,
3125 dissect_krb5_pvno },
3126 { BER_CLASS_CON, 1, 0,
3127 dissect_krb5_msg_type },
3128 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3129 dissect_krb5_ctime },
3130 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3131 dissect_krb5_cusec },
3132 { BER_CLASS_CON, 4, 0,
3133 dissect_krb5_stime },
3134 { BER_CLASS_CON, 5, 0,
3135 dissect_krb5_susec },
3136 { BER_CLASS_CON, 6, 0,
3137 dissect_krb5_error_code },
3138 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
3139 dissect_krb5_crealm },
3140 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3141 dissect_krb5_cname },
3142 { BER_CLASS_CON, 9, 0,
3143 dissect_krb5_realm },
3144 { BER_CLASS_CON, 10, 0,
3145 dissect_krb5_sname },
3146 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
3147 dissect_krb5_e_text },
3148 { BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL,
3149 dissect_krb5_e_data },
3153 dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
3155 offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ERROR_sequence, -1, -1);
3162 static struct { char *set; char *unset; } bitval = { "Set", "Not set" };
3164 static void dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
3166 static void dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo,
3168 static gint dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo,
3169 proto_tree *tree, int do_col_info,
3171 static gint kerberos_rm_to_reclen(guint krb_rm);
3172 static void dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo,
3174 static guint get_krb_pdu_len(tvbuff_t *tvb, int offset);
3179 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info)
3181 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE));
3185 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3187 if (check_col(pinfo->cinfo, COL_PROTOCOL))
3188 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
3190 (void)dissect_kerberos_common(tvb, pinfo, tree, TRUE, FALSE);
3194 kerberos_rm_to_reclen(guint krb_rm)
3196 return (krb_rm & KRB_RM_RECLEN);
3200 get_krb_pdu_len(tvbuff_t *tvb, int offset)
3205 krb_rm = tvb_get_ntohl(tvb, offset);
3206 pdulen = kerberos_rm_to_reclen(krb_rm);
3207 return (pdulen + 4);
3211 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3213 pinfo->fragmented = TRUE;
3214 if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE) < 0) {
3216 * The dissector failed to recognize this as a valid
3217 * Kerberos message. Mark it as a continuation packet.
3219 if (check_col(pinfo->cinfo, COL_INFO)) {
3220 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
3226 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3228 if (check_col(pinfo->cinfo, COL_PROTOCOL))
3229 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
3231 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
3232 dissect_kerberos_tcp_pdu);
3236 * Display the TCP record mark.
3239 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
3242 proto_item *rm_item;
3243 proto_tree *rm_tree;
3248 rec_len = kerberos_rm_to_reclen(krb_rm);
3249 rm_item = proto_tree_add_text(tree, tvb, start, 4,
3250 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
3251 rm_tree = proto_item_add_subtree(rm_item, ett_krb_recordmark);
3252 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
3253 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
3258 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
3259 int dci, gboolean have_rm)
3262 proto_tree *kerberos_tree = NULL;
3263 proto_item *item = NULL;
3265 /* TCP record mark and length */
3267 gint krb_reclen = 0;
3272 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
3273 kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
3277 krb_rm = tvb_get_ntohl(tvb, offset);
3278 krb_reclen = kerberos_rm_to_reclen(krb_rm);
3280 * What is a reasonable size limit?
3282 if (krb_reclen > 10 * 1024 * 1024) {
3285 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
3289 offset=dissect_ber_choice(pinfo, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1);
3291 proto_item_set_len(item, offset);
3297 proto_register_kerberos(void)
3299 static hf_register_info hf[] = {
3300 { &hf_krb_rm_reserved, {
3301 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
3302 &bitval, KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
3303 { &hf_krb_rm_reclen, {
3304 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
3305 NULL, KRB_RM_RECLEN, "Record length", HFILL }},
3306 { &hf_krb_transitedtype, {
3307 "Type", "kerberos.transited.type", FT_UINT32, BASE_DEC,
3308 VALS(krb5_transited_types), 0, "Transited Type", HFILL }},
3309 { &hf_krb_transitedcontents, {
3310 "Contents", "kerberos.transited.contents", FT_BYTES, BASE_HEX,
3311 NULL, 0, "Transitent Contents string", HFILL }},
3312 { &hf_krb_keytype, {
3313 "Key type", "kerberos.keytype", FT_UINT32, BASE_DEC,
3314 VALS(krb5_encryption_types), 0, "Key Type", HFILL }},
3315 { &hf_krb_keyvalue, {
3316 "Key value", "kerberos.keyvalue", FT_BYTES, BASE_HEX,
3317 NULL, 0, "Key value (encryption key)", HFILL }},
3319 "Type", "kerberos.adtype", FT_UINT32, BASE_DEC,
3320 VALS(krb5_ad_types), 0, "Authorization Data Type", HFILL }},
3321 { &hf_krb_IF_RELEVANT_type, {
3322 "Type", "kerberos.IF_RELEVANT.type", FT_UINT32, BASE_DEC,
3323 VALS(krb5_ad_types), 0, "IF-RELEVANT Data Type", HFILL }},
3324 { &hf_krb_advalue, {
3325 "Data", "kerberos.advalue", FT_BYTES, BASE_HEX,
3326 NULL, 0, "Authentication Data", HFILL }},
3327 { &hf_krb_IF_RELEVANT_value, {
3328 "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_HEX,
3329 NULL, 0, "IF_RELEVANT Data", HFILL }},
3331 "Encryption type", "kerberos.etype", FT_INT32, BASE_DEC,
3332 VALS(krb5_encryption_types), 0, "Encryption Type", HFILL }},
3333 { &hf_krb_addr_type, {
3334 "Addr-type", "kerberos.addr_type", FT_UINT32, BASE_DEC,
3335 VALS(krb5_address_types), 0, "Address Type", HFILL }},
3336 { &hf_krb_pac_signature_type, {
3337 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
3338 NULL, 0, "PAC Signature Type", HFILL }},
3339 { &hf_krb_name_type, {
3340 "Name-type", "kerberos.name_type", FT_UINT32, BASE_DEC,
3341 VALS(krb5_princ_types), 0, "Type of principal name", HFILL }},
3342 { &hf_krb_lr_type, {
3343 "Lr-type", "kerberos.lr_type", FT_UINT32, BASE_DEC,
3344 VALS(krb5_lr_types), 0, "Type of lastreq value", HFILL }},
3345 { &hf_krb_address_ip, {
3346 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
3347 NULL, 0, "IP Address", HFILL }},
3348 { &hf_krb_address_netbios, {
3349 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
3350 NULL, 0, "NetBIOS Address and type", HFILL }},
3351 { &hf_krb_contentinfo_contenttype, {
3352 "ContentType", "kerberos.contenttype", FT_STRING, BASE_NONE,
3353 NULL, 0, "ContentInfo ContentType field", HFILL }},
3354 { &hf_krb_authtime, {
3355 "Authtime", "kerberos.authtime", FT_STRING, BASE_NONE,
3356 NULL, 0, "Time of initial authentication", HFILL }},
3357 { &hf_krb_SAFE_BODY_timestamp, {
3358 "Timestamp", "kerberos.SAFE_BODY.timestamp", FT_STRING, BASE_NONE,
3359 NULL, 0, "Timestamp of this SAFE_BODY", HFILL }},
3360 { &hf_krb_patimestamp, {
3361 "patimestamp", "kerberos.patimestamp", FT_STRING, BASE_NONE,
3362 NULL, 0, "Time of client", HFILL }},
3364 "pausec", "kerberos.pausec", FT_UINT32, BASE_DEC,
3365 NULL, 0, "Microsecond component of client time", HFILL }},
3366 { &hf_krb_lr_time, {
3367 "Lr-time", "kerberos.lr_time", FT_STRING, BASE_NONE,
3368 NULL, 0, "Time of LR-entry", HFILL }},
3369 { &hf_krb_starttime, {
3370 "Start time", "kerberos.starttime", FT_STRING, BASE_NONE,
3371 NULL, 0, "The time after which the ticket is valid", HFILL }},
3372 { &hf_krb_endtime, {
3373 "End time", "kerberos.endtime", FT_STRING, BASE_NONE,
3374 NULL, 0, "The time after which the ticket has expired", HFILL }},
3375 { &hf_krb_key_expire, {
3376 "Key Expiration", "kerberos.key_expiration", FT_STRING, BASE_NONE,
3377 NULL, 0, "The time after which the key will expire", HFILL }},
3378 { &hf_krb_renew_till, {
3379 "Renew-till", "kerberos.renenw_till", FT_STRING, BASE_NONE,
3380 NULL, 0, "The maximum time we can renew the ticket until", HFILL }},
3382 "rtime", "kerberos.rtime", FT_STRING, BASE_NONE,
3383 NULL, 0, "Renew Until timestamp", HFILL }},
3385 "ctime", "kerberos.ctime", FT_STRING, BASE_NONE,
3386 NULL, 0, "Current Time on the client host", HFILL }},
3388 "cusec", "kerberos.cusec", FT_UINT32, BASE_DEC,
3389 NULL, 0, "micro second component of client time", HFILL }},
3390 { &hf_krb_SAFE_BODY_usec, {
3391 "usec", "kerberos.SAFE_BODY.usec", FT_UINT32, BASE_DEC,
3392 NULL, 0, "micro second component of SAFE_BODY time", HFILL }},
3394 "stime", "kerberos.stime", FT_STRING, BASE_NONE,
3395 NULL, 0, "Current Time on the server host", HFILL }},
3397 "susec", "kerberos.susec", FT_UINT32, BASE_DEC,
3398 NULL, 0, "micro second component of server time", HFILL }},
3399 { &hf_krb_error_code, {
3400 "error_code", "kerberos.error_code", FT_UINT32, BASE_DEC,
3401 VALS(krb5_error_codes), 0, "Kerberos error code", HFILL }},
3403 "from", "kerberos.from", FT_STRING, BASE_NONE,
3404 NULL, 0, "From when the ticket is to be valid (postdating)", HFILL }},
3406 "till", "kerberos.till", FT_STRING, BASE_NONE,
3407 NULL, 0, "When the ticket will expire", HFILL }},
3408 { &hf_krb_name_string, {
3409 "Name", "kerberos.name_string", FT_STRING, BASE_NONE,
3410 NULL, 0, "String component that is part of a PrincipalName", HFILL }},
3411 { &hf_krb_provsrv_location, {
3412 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
3413 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
3415 "e-text", "kerberos.e_text", FT_STRING, BASE_NONE,
3416 NULL, 0, "Additional (human readable) error description", HFILL }},
3418 "Realm", "kerberos.realm", FT_STRING, BASE_NONE,
3419 NULL, 0, "Name of the Kerberos Realm", HFILL }},
3421 "Client Realm", "kerberos.crealm", FT_STRING, BASE_NONE,
3422 NULL, 0, "Name of the Clients Kerberos Realm", HFILL }},
3423 { &hf_krb_pac_clientname, {
3424 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
3425 NULL, 0, "Name of the Client in the PAC structure", HFILL }},
3426 { &hf_krb_msg_type, {
3427 "MSG Type", "kerberos.msg.type", FT_UINT32, BASE_DEC,
3428 VALS(krb5_msg_types), 0, "Kerberos Message Type", HFILL }},
3429 { &hf_krb_APOptions, {
3430 "APOptions", "kerberos.apoptions", FT_BYTES, BASE_HEX,
3431 NULL, 0, "Kerberos APOptions bitstring", HFILL }},
3432 { &hf_krb_APOptions_use_session_key, {
3433 "Use Session Key", "kerberos.apoptions.use_session_key", FT_BOOLEAN, 32,
3434 TFS(&krb5_apoptions_use_session_key), 0x40000000, "", HFILL }},
3435 { &hf_krb_APOptions_mutual_required, {
3436 "Mutual required", "kerberos.apoptions.mutual_required", FT_BOOLEAN, 32,
3437 TFS(&krb5_apoptions_mutual_required), 0x20000000, "", HFILL }},
3438 { &hf_krb_KDCOptions, {
3439 "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_HEX,
3440 NULL, 0, "Kerberos KDCOptions bitstring", HFILL }},
3441 { &hf_krb_TicketFlags, {
3442 "Ticket Flags", "kerberos.ticketflags", FT_NONE, BASE_NONE,
3443 NULL, 0, "Kerberos Ticket Flags", HFILL }},
3444 { &hf_krb_TicketFlags_forwardable, {
3445 "Forwardable", "kerberos.ticketflags.forwardable", FT_BOOLEAN, 32,
3446 TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
3447 { &hf_krb_TicketFlags_forwarded, {
3448 "Forwarded", "kerberos.ticketflags.forwarded", FT_BOOLEAN, 32,
3449 TFS(&krb5_ticketflags_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
3450 { &hf_krb_TicketFlags_proxyable, {
3451 "Proxyable", "kerberos.ticketflags.proxyable", FT_BOOLEAN, 32,
3452 TFS(&krb5_ticketflags_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
3453 { &hf_krb_TicketFlags_proxy, {
3454 "Proxy", "kerberos.ticketflags.proxy", FT_BOOLEAN, 32,
3455 TFS(&krb5_ticketflags_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
3456 { &hf_krb_TicketFlags_allow_postdate, {
3457 "Allow Postdate", "kerberos.ticketflags.allow_postdate", FT_BOOLEAN, 32,
3458 TFS(&krb5_ticketflags_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
3459 { &hf_krb_TicketFlags_postdated, {
3460 "Postdated", "kerberos.ticketflags.postdated", FT_BOOLEAN, 32,
3461 TFS(&krb5_ticketflags_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
3462 { &hf_krb_TicketFlags_invalid, {
3463 "Invalid", "kerberos.ticketflags.invalid", FT_BOOLEAN, 32,
3464 TFS(&krb5_ticketflags_invalid), 0x01000000, "Whether this ticket is invalid or not", HFILL }},
3465 { &hf_krb_TicketFlags_renewable, {
3466 "Renewable", "kerberos.ticketflags.renewable", FT_BOOLEAN, 32,
3467 TFS(&krb5_ticketflags_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
3468 { &hf_krb_TicketFlags_initial, {
3469 "Initial", "kerberos.ticketflags.initial", FT_BOOLEAN, 32,
3470 TFS(&krb5_ticketflags_initial), 0x00400000, "Whether this ticket is an initial ticket or not", HFILL }},
3471 { &hf_krb_TicketFlags_pre_auth, {
3472 "Pre-Auth", "kerberos.ticketflags.pre_auth", FT_BOOLEAN, 32,
3473 TFS(&krb5_ticketflags_pre_auth), 0x00200000, "Whether this ticket is pre-authenticated or not", HFILL }},
3474 { &hf_krb_TicketFlags_hw_auth, {
3475 "HW-Auth", "kerberos.ticketflags.hw_auth", FT_BOOLEAN, 32,
3476 TFS(&krb5_ticketflags_hw_auth), 0x00100000, "Whether this ticket is hardware-authenticated or not", HFILL }},
3477 { &hf_krb_TicketFlags_transited_policy_checked, {
3478 "Transited Policy Checked", "kerberos.ticketflags.transited_policy_checked", FT_BOOLEAN, 32,
3479 TFS(&krb5_ticketflags_transited_policy_checked), 0x00080000, "Whether this ticket is transited policy checked or not", HFILL }},
3480 { &hf_krb_TicketFlags_ok_as_delegate, {
3481 "Ok As Delegate", "kerberos.ticketflags.ok_as_delegate", FT_BOOLEAN, 32,
3482 TFS(&krb5_ticketflags_ok_as_delegate), 0x00040000, "Whether this ticket is Ok As Delegate or not", HFILL }},
3483 { &hf_krb_KDC_REQ_BODY, {
3484 "KDC_REQ_BODY", "kerberos.kdc_req_body", FT_NONE, BASE_NONE,
3485 NULL, 0, "Kerberos KDC REQuest BODY", HFILL }},
3486 { &hf_krb_PRIV_BODY, {
3487 "PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE,
3488 NULL, 0, "Kerberos PRIVate BODY", HFILL }},
3489 { &hf_krb_encrypted_PRIV, {
3490 "Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE,
3491 NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
3492 { &hf_krb_KDCOptions_forwardable, {
3493 "Forwardable", "kerberos.kdcoptions.forwardable", FT_BOOLEAN, 32,
3494 TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
3495 { &hf_krb_KDCOptions_forwarded, {
3496 "Forwarded", "kerberos.kdcoptions.forwarded", FT_BOOLEAN, 32,
3497 TFS(&krb5_kdcoptions_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
3498 { &hf_krb_KDCOptions_proxyable, {
3499 "Proxyable", "kerberos.kdcoptions.proxyable", FT_BOOLEAN, 32,
3500 TFS(&krb5_kdcoptions_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
3501 { &hf_krb_KDCOptions_proxy, {
3502 "Proxy", "kerberos.kdcoptions.proxy", FT_BOOLEAN, 32,
3503 TFS(&krb5_kdcoptions_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
3504 { &hf_krb_KDCOptions_allow_postdate, {
3505 "Allow Postdate", "kerberos.kdcoptions.allow_postdate", FT_BOOLEAN, 32,
3506 TFS(&krb5_kdcoptions_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
3507 { &hf_krb_KDCOptions_postdated, {
3508 "Postdated", "kerberos.kdcoptions.postdated", FT_BOOLEAN, 32,
3509 TFS(&krb5_kdcoptions_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
3510 { &hf_krb_KDCOptions_renewable, {
3511 "Renewable", "kerberos.kdcoptions.renewable", FT_BOOLEAN, 32,
3512 TFS(&krb5_kdcoptions_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
3513 { &hf_krb_KDCOptions_canonicalize, {
3514 "Canonicalize", "kerberos.kdcoptions.canonicalize", FT_BOOLEAN, 32,
3515 TFS(&krb5_kdcoptions_canonicalize), 0x00010000, "Do we want the KDC to canonicalize the principal or not", HFILL }},
3516 { &hf_krb_KDCOptions_opt_hardware_auth, {
3517 "Opt HW Auth", "kerberos.kdcoptions.opt_hardware_auth", FT_BOOLEAN, 32,
3518 NULL, 0x00100000, "Opt HW Auth flag", HFILL }},
3519 { &hf_krb_KDCOptions_disable_transited_check, {
3520 "Disable Transited Check", "kerberos.kdcoptions.disable_transited_check", FT_BOOLEAN, 32,
3521 TFS(&krb5_kdcoptions_disable_transited_check), 0x00000020, "Whether we should do transited checking or not", HFILL }},
3522 { &hf_krb_KDCOptions_renewable_ok, {
3523 "Renewable OK", "kerberos.kdcoptions.renewable_ok", FT_BOOLEAN, 32,
3524 TFS(&krb5_kdcoptions_renewable_ok), 0x00000010, "Whether we accept renewed tickets or not", HFILL }},
3525 { &hf_krb_KDCOptions_enc_tkt_in_skey, {
3526 "Enc-Tkt-in-Skey", "kerberos.kdcoptions.enc_tkt_in_skey", FT_BOOLEAN, 32,
3527 TFS(&krb5_kdcoptions_enc_tkt_in_skey), 0x00000008, "Whether the ticket is encrypted in the skey or not", HFILL }},
3528 { &hf_krb_KDCOptions_renew, {
3529 "Renew", "kerberos.kdcoptions.renew", FT_BOOLEAN, 32,
3530 TFS(&krb5_kdcoptions_renew), 0x00000002, "Is this a request to renew a ticket?", HFILL }},
3531 { &hf_krb_KDCOptions_validate, {
3532 "Validate", "kerberos.kdcoptions.validate", FT_BOOLEAN, 32,
3533 TFS(&krb5_kdcoptions_validate), 0x00000001, "Is this a request to validate a postdated ticket?", HFILL }},
3535 "Pvno", "kerberos.pvno", FT_UINT32, BASE_DEC,
3536 NULL, 0, "Kerberos Protocol Version Number", HFILL }},
3538 "Kvno", "kerberos.kvno", FT_UINT32, BASE_DEC,
3539 NULL, 0, "Version Number for the encryption Key", HFILL }},
3540 { &hf_krb_checksum_type, {
3541 "Type", "kerberos.checksum.type", FT_UINT32, BASE_DEC,
3542 NULL, 0, "Type of checksum", HFILL }},
3543 { &hf_krb_authenticator_vno, {
3544 "Authenticator vno", "kerberos.authenticator_vno", FT_UINT32, BASE_DEC,
3545 NULL, 0, "Version Number for the Authenticator", HFILL }},
3546 { &hf_krb_encrypted_authenticator_data, {
3547 "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_HEX,
3548 NULL, 0, "Data content of an encrypted authenticator", HFILL }},
3549 { &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
3550 "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_HEX,
3551 NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
3552 { &hf_krb_PAC_LOGON_INFO, {
3553 "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_HEX,
3554 NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
3555 { &hf_krb_PAC_CREDENTIAL_TYPE, {
3556 "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_HEX,
3557 NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
3558 { &hf_krb_PAC_SERVER_CHECKSUM, {
3559 "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_HEX,
3560 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
3561 { &hf_krb_PAC_PRIVSVR_CHECKSUM, {
3562 "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_HEX,
3563 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
3564 { &hf_krb_PAC_CLIENT_INFO_TYPE, {
3565 "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_HEX,
3566 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
3567 { &hf_krb_checksum_checksum, {
3568 "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_HEX,
3569 NULL, 0, "Kerberos Checksum", HFILL }},
3570 { &hf_krb_ENC_PRIV, {
3571 "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_HEX,
3572 NULL, 0, "Encrypted PRIV blob", HFILL }},
3573 { &hf_krb_encrypted_Ticket_data, {
3574 "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_HEX,
3575 NULL, 0, "The encrypted part of a ticket", HFILL }},
3576 { &hf_krb_encrypted_AP_REP_data, {
3577 "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_HEX,
3578 NULL, 0, "The encrypted part of AP-REP", HFILL }},
3579 { &hf_krb_encrypted_KDC_REP_data, {
3580 "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_HEX,
3581 NULL, 0, "The encrypted part of KDC-REP", HFILL }},
3582 { &hf_krb_PA_DATA_value, {
3583 "Value", "kerberos.padata.value", FT_BYTES, BASE_HEX,
3584 NULL, 0, "Content of the PADATA blob", HFILL }},
3585 { &hf_krb_etype_info_salt, {
3586 "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX,
3587 NULL, 0, "Salt", HFILL }},
3588 { &hf_krb_SAFE_BODY_user_data, {
3589 "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX,
3590 NULL, 0, "SAFE BODY userdata field", HFILL }},
3591 { &hf_krb_pac_signature_signature, {
3592 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_HEX,
3593 NULL, 0, "A PAC signature blob", HFILL }},
3594 { &hf_krb_PA_DATA_type, {
3595 "Type", "kerberos.padata.type", FT_UINT32, BASE_DEC,
3596 VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
3598 "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
3599 NULL, 0, "Kerberos Nonce random number", HFILL }},
3600 { &hf_krb_tkt_vno, {
3601 "Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
3602 NULL, 0, "Version number for the Ticket format", HFILL }},
3603 { &hf_krb_HostAddress, {
3604 "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_DEC,
3605 NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
3606 { &hf_krb_s_address, {
3607 "S-Address", "kerberos.s_address", FT_NONE, BASE_DEC,
3608 NULL, 0, "This is the Senders address", HFILL }},
3609 { &hf_krb_signedAuthPack, {
3610 "signedAuthPack", "kerberos.signedAuthPack", FT_NONE, BASE_DEC,
3611 NULL, 0, "This is a Kerberos ContentInfo sequence", HFILL }},
3613 "key", "kerberos.key", FT_NONE, BASE_DEC,
3614 NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
3616 "Subkey", "kerberos.subkey", FT_NONE, BASE_DEC,
3617 NULL, 0, "This is a Kerberos subkey", HFILL }},
3618 { &hf_krb_seq_number, {
3619 "Seq Number", "kerberos.seq_number", FT_UINT32, BASE_DEC,
3620 NULL, 0, "This is a Kerberos sequence number", HFILL }},
3621 { &hf_krb_AuthorizationData, {
3622 "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_DEC,
3623 NULL, 0, "This is a Kerberos AuthorizationData sequence", HFILL }},
3624 { &hf_krb_EncTicketPart, {
3625 "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_DEC,
3626 NULL, 0, "This is a decrypted Kerberos EncTicketPart sequence", HFILL }},
3627 { &hf_krb_EncAPRepPart, {
3628 "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_DEC,
3629 NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
3630 { &hf_krb_EncKDCRepPart, {
3631 "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_DEC,
3632 NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
3633 { &hf_krb_LastReq, {
3634 "LastReq", "kerberos.LastReq", FT_NONE, BASE_DEC,
3635 NULL, 0, "This is a LastReq sequence", HFILL }},
3636 { &hf_krb_Authenticator, {
3637 "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_DEC,
3638 NULL, 0, "This is a decrypted Kerberos Authenticator sequence", HFILL }},
3639 { &hf_krb_Checksum, {
3640 "Checksum", "kerberos.Checksum", FT_NONE, BASE_DEC,
3641 NULL, 0, "This is a Kerberos Checksum sequence", HFILL }},
3642 { &hf_krb_HostAddresses, {
3643 "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_DEC,
3644 NULL, 0, "This is a list of Kerberos HostAddress sequences", HFILL }},
3645 { &hf_krb_IF_RELEVANT, {
3646 "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_DEC,
3647 NULL, 0, "This is a list of IF-RELEVANT sequences", HFILL }},
3649 "Encryption Types", "kerberos.etypes", FT_NONE, BASE_DEC,
3650 NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
3651 { &hf_krb_LastReqs, {
3652 "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_DEC,
3653 NULL, 0, "This is a list of LastReq structures", HFILL }},
3655 "Server Name", "kerberos.sname", FT_NONE, BASE_DEC,
3656 NULL, 0, "This is the name part server's identity", HFILL }},
3658 "Client Name", "kerberos.cname", FT_NONE, BASE_DEC,
3659 NULL, 0, "The name part of the client principal identifier", HFILL }},
3660 { &hf_krb_authenticator_enc, {
3661 "Authenticator", "kerberos.authenticator", FT_NONE, BASE_DEC,
3662 NULL, 0, "Encrypted authenticator blob", HFILL }},
3663 { &hf_krb_ticket_enc, {
3664 "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_DEC,
3665 NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
3666 { &hf_krb_AP_REP_enc, {
3667 "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_DEC,
3668 NULL, 0, "The structure holding the encrypted part of AP-REP", HFILL }},
3669 { &hf_krb_KDC_REP_enc, {
3670 "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_DEC,
3671 NULL, 0, "The structure holding the encrypted part of KDC-REP", HFILL }},
3673 "e-data", "kerberos.e_data", FT_NONE, BASE_DEC,
3674 NULL, 0, "The e-data blob", HFILL }},
3676 "padata", "kerberos.padata", FT_NONE, BASE_DEC,
3677 NULL, 0, "Sequence of preauthentication data", HFILL }},
3679 "Ticket", "kerberos.ticket", FT_NONE, BASE_DEC,
3680 NULL, 0, "This is a Kerberos Ticket", HFILL }},
3681 { &hf_krb_TransitedEncoding, {
3682 "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_DEC,
3683 NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
3684 { &hf_krb_PA_PAC_REQUEST_flag, {
3685 "PAC Request", "kerberos.pac_request.flag", FT_UINT32, BASE_DEC,
3686 NULL, 0, "This is a MS PAC Request Flag", HFILL }},
3687 { &hf_krb_w2k_pac_entries, {
3688 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
3689 NULL, 0, "Number of W2k PAC entries", HFILL }},
3690 { &hf_krb_w2k_pac_version, {
3691 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
3692 NULL, 0, "Version of PAC structures", HFILL }},
3693 { &hf_krb_w2k_pac_type, {
3694 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
3695 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
3696 { &hf_krb_w2k_pac_size, {
3697 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
3698 NULL, 0, "Size of W2k PAC entry", HFILL }},
3699 { &hf_krb_w2k_pac_offset, {
3700 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
3701 NULL, 0, "Offset to W2k PAC entry", HFILL }},
3702 { &hf_krb_pac_clientid, {
3703 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, BASE_NONE,
3704 NULL, 0, "ClientID Timestamp", HFILL }},
3705 { &hf_krb_pac_namelen, {
3706 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
3707 NULL, 0, "Length of client name", HFILL }},
3710 static gint *ett[] = {
3712 &ett_krb_KDC_REP_enc,
3715 &ett_krb_AP_REP_enc,
3719 &ett_krb_IF_RELEVANT,
3720 &ett_krb_PA_DATA_tree,
3722 &ett_krb_HostAddress,
3723 &ett_krb_HostAddresses,
3724 &ett_krb_authenticator_enc,
3725 &ett_krb_AP_Options,
3726 &ett_krb_KDC_Options,
3727 &ett_krb_Ticket_Flags,
3729 &ett_krb_recordmark,
3731 &ett_krb_ticket_enc,
3734 &ett_krb_EncTicketPart,
3735 &ett_krb_EncAPRepPart,
3736 &ett_krb_EncKDCRepPart,
3738 &ett_krb_Authenticator,
3742 &ett_krb_AuthorizationData,
3743 &ett_krb_TransitedEncoding,
3745 &ett_krb_PAC_LOGON_INFO,
3746 &ett_krb_PAC_CREDENTIAL_TYPE,
3747 &ett_krb_PAC_SERVER_CHECKSUM,
3748 &ett_krb_PAC_PRIVSVR_CHECKSUM,
3749 &ett_krb_PAC_CLIENT_INFO_TYPE,
3750 &ett_krb_signedAuthPack,
3752 module_t *krb_module;
3754 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
3755 proto_register_field_array(proto_kerberos, hf, array_length(hf));
3756 proto_register_subtree_array(ett, array_length(ett));
3758 /* Register preferences */
3759 krb_module = prefs_register_protocol(proto_kerberos, NULL);
3760 prefs_register_bool_preference(krb_module, "desegment",
3761 "Desegment Kerberos over TCP messages",
3762 "Whether the dissector should desegment "
3763 "multi-segment Kerberos messages", &krb_desegment);
3764 #ifdef HAVE_KERBEROS
3765 prefs_register_bool_preference(krb_module, "decrypt",
3766 "Try to decrypt Kerberos blobs",
3767 "Whether the dissector should try to decrypt "
3768 "encrypted Kerberos blobs. This requires that the proper "
3769 "keytab file is installed as well.", &krb_decrypt);
3771 prefs_register_string_preference(krb_module, "file",
3772 "Kerberos keytab file",
3773 "The keytab file containing all the secrets",
3779 proto_reg_handoff_kerberos(void)
3781 dissector_handle_t kerberos_handle_udp;
3782 dissector_handle_t kerberos_handle_tcp;
3784 kerberos_handle_udp = create_dissector_handle(dissect_kerberos_udp,
3786 kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp,
3788 dissector_add("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
3789 dissector_add("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
3795 MISC definitions from RFC1510:
3797 Realm ::= GeneralString
3799 KerberosTime ::= GeneralizedTime
3801 AuthorizationData ::= SEQUENCE OF SEQUENCE {
3803 ad-data[1] OCTET STRING
3805 APOptions ::= BIT STRING {
3812 TicketFlags ::= BIT STRING {
3827 KDCOptions ::= BIT STRING {
3841 enc-tkt-in-skey(28),
3847 LastReq ::= SEQUENCE OF SEQUENCE {
3849 lr-value[1] KerberosTime
3852 Ticket ::= [APPLICATION 1] SEQUENCE {
3855 sname[2] PrincipalName,
3856 enc-part[3] EncryptedData
3859 -- Encrypted part of ticket
3860 EncTicketPart ::= [APPLICATION 3] SEQUENCE {
3861 flags[0] TicketFlags,
3862 key[1] EncryptionKey,
3864 cname[3] PrincipalName,
3865 transited[4] TransitedEncoding,
3866 authtime[5] KerberosTime,
3867 starttime[6] KerberosTime OPTIONAL,
3868 endtime[7] KerberosTime,
3869 renew-till[8] KerberosTime OPTIONAL,
3870 caddr[9] HostAddresses OPTIONAL,
3871 authorization-data[10] AuthorizationData OPTIONAL
3874 -- encoded Transited field
3875 TransitedEncoding ::= SEQUENCE {
3876 tr-type[0] INTEGER, -- must be registered
3877 contents[1] OCTET STRING
3880 -- Unencrypted authenticator
3881 Authenticator ::= [APPLICATION 2] SEQUENCE {
3882 authenticator-vno[0] INTEGER,
3884 cname[2] PrincipalName,
3885 cksum[3] Checksum OPTIONAL,
3887 ctime[5] KerberosTime,
3888 subkey[6] EncryptionKey OPTIONAL,
3889 seq-number[7] INTEGER OPTIONAL,
3890 authorization-data[8] AuthorizationData OPTIONAL
3893 PA-DATA ::= SEQUENCE {
3894 padata-type[1] INTEGER,
3895 padata-value[2] OCTET STRING,
3896 -- might be encoded AP-REQ
3899 padata-type ::= PA-ENC-TIMESTAMP
3900 padata-value ::= EncryptedData -- PA-ENC-TS-ENC
3902 PA-ENC-TS-ENC ::= SEQUENCE {
3903 patimestamp[0] KerberosTime, -- client's time
3904 pausec[1] INTEGER OPTIONAL
3907 EncASRepPart ::= [APPLICATION 25[25]] EncKDCRepPart
3908 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
3910 EncKDCRepPart ::= SEQUENCE {
3911 key[0] EncryptionKey,
3912 last-req[1] LastReq,
3914 key-expiration[3] KerberosTime OPTIONAL,
3915 flags[4] TicketFlags,
3916 authtime[5] KerberosTime,
3917 starttime[6] KerberosTime OPTIONAL,
3918 endtime[7] KerberosTime,
3919 renew-till[8] KerberosTime OPTIONAL,
3921 sname[10] PrincipalName,
3922 caddr[11] HostAddresses OPTIONAL
3925 APOptions ::= BIT STRING {
3931 EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
3932 ctime[0] KerberosTime,
3934 subkey[2] EncryptionKey OPTIONAL,
3935 seq-number[3] INTEGER OPTIONAL
3938 KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
3940 msg-type[1] INTEGER,
3941 safe-body[2] KRB-SAFE-BODY,
3945 KRB-SAFE-BODY ::= SEQUENCE {
3946 user-data[0] OCTET STRING,
3947 timestamp[1] KerberosTime OPTIONAL,
3948 usec[2] INTEGER OPTIONAL,
3949 seq-number[3] INTEGER OPTIONAL,
3950 s-address[4] HostAddress,
3951 r-address[5] HostAddress OPTIONAL
3954 KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
3956 msg-type[1] INTEGER,
3957 enc-part[3] EncryptedData
3960 EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
3961 user-data[0] OCTET STRING,
3962 timestamp[1] KerberosTime OPTIONAL,
3963 usec[2] INTEGER OPTIONAL,
3964 seq-number[3] INTEGER OPTIONAL,
3965 s-address[4] HostAddress, -- sender's addr
3966 r-address[5] HostAddress OPTIONAL
3970 KRB-CRED ::= [APPLICATION 22] SEQUENCE {
3972 msg-type[1] INTEGER, -- KRB_CRED
3973 tickets[2] SEQUENCE OF Ticket,
3974 enc-part[3] EncryptedData
3977 EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
3978 ticket-info[0] SEQUENCE OF KrbCredInfo,
3979 nonce[1] INTEGER OPTIONAL,
3980 timestamp[2] KerberosTime OPTIONAL,
3981 usec[3] INTEGER OPTIONAL,
3982 s-address[4] HostAddress OPTIONAL,
3983 r-address[5] HostAddress OPTIONAL
3986 KrbCredInfo ::= SEQUENCE {
3987 key[0] EncryptionKey,
3988 prealm[1] Realm OPTIONAL,
3989 pname[2] PrincipalName OPTIONAL,
3990 flags[3] TicketFlags OPTIONAL,
3991 authtime[4] KerberosTime OPTIONAL,
3992 starttime[5] KerberosTime OPTIONAL,
3993 endtime[6] KerberosTime OPTIONAL
3994 renew-till[7] KerberosTime OPTIONAL,
3995 srealm[8] Realm OPTIONAL,
3996 sname[9] PrincipalName OPTIONAL,
3997 caddr[10] HostAddresses OPTIONAL
4000 METHOD-DATA ::= SEQUENCE of PA-DATA
4002 If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
4003 contain an encoding of the following sequence:
4005 METHOD-DATA ::= SEQUENCE {
4006 method-type[0] INTEGER,
4007 method-data[1] OCTET STRING OPTIONAL
4010 EncryptionKey ::= SEQUENCE {
4012 keyvalue[1] OCTET STRING
4015 Checksum ::= SEQUENCE {
4016 cksumtype[0] INTEGER,
4017 checksum[1] OCTET STRING