*
* and
*
- * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-05.txt
+ * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
*
* and
*
- * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-03.txt
+ * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-05.txt
*
* Some structures from RFC2630
*
* $Id$
*
- * Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@ethereal.com>
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
#include <stdio.h>
#include <string.h>
+#include <glib.h>
#include <ctype.h>
#ifdef HAVE_LIBNETTLE
#include <nettle/des.h>
#include <nettle/cbc.h>
#endif
-#include "crypt-md5.h"
+#include <epan/crypt/crypt-md5.h>
#include <sys/stat.h> /* For keyfile manipulation */
#endif
-#include <glib.h>
-
#include <epan/packet.h>
#include <epan/strutil.h>
#include <epan/conversation.h>
+#include <epan/emem.h>
#include <epan/dissectors/packet-kerberos.h>
#include <epan/dissectors/packet-netbios.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/dissectors/packet-dcerpc-netlogon.h>
#include <epan/dissectors/packet-dcerpc.h>
-#include "asn1.h" /* for "subid_t" */
#include <epan/dissectors/packet-gssapi.h>
+#include <wiretap/file_util.h>
+
#define UDP_PORT_KERBEROS 88
#define TCP_PORT_KERBEROS 88
static gint hf_krb_PAC_SERVER_CHECKSUM = -1;
static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
+static gint hf_krb_PAC_CONSTRAINED_DELEGATION = -1;
static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
+static gint hf_krb_encrypted_EncKrbCredPart = -1;
static gint hf_krb_checksum_checksum = -1;
static gint hf_krb_encrypted_PRIV = -1;
static gint hf_krb_encrypted_Ticket_data = -1;
static gint hf_krb_PA_DATA_type = -1;
static gint hf_krb_PA_DATA_value = -1;
static gint hf_krb_etype_info_salt = -1;
+static gint hf_krb_etype_info2_salt = -1;
+static gint hf_krb_etype_info2_s2kparams = -1;
static gint hf_krb_SAFE_BODY_user_data = -1;
+static gint hf_krb_PRIV_BODY_user_data = -1;
static gint hf_krb_realm = -1;
+static gint hf_krb_srealm = -1;
+static gint hf_krb_prealm = -1;
static gint hf_krb_crealm = -1;
static gint hf_krb_sname = -1;
+static gint hf_krb_pname = -1;
static gint hf_krb_cname = -1;
static gint hf_krb_name_string = -1;
static gint hf_krb_provsrv_location = -1;
static gint hf_krb_advalue = -1;
static gint hf_krb_etype = -1;
static gint hf_krb_etypes = -1;
+static gint hf_krb_KrbCredInfos = -1;
+static gint hf_krb_sq_tickets = -1;
static gint hf_krb_LastReqs = -1;
static gint hf_krb_IF_RELEVANT = -1;
static gint hf_krb_addr_type = -1;
static gint hf_krb_seq_number = -1;
static gint hf_krb_EncTicketPart = -1;
static gint hf_krb_EncAPRepPart = -1;
+static gint hf_krb_EncKrbPrivPart = -1;
+static gint hf_krb_EncKrbCredPart = -1;
static gint hf_krb_EncKDCRepPart = -1;
static gint hf_krb_LastReq = -1;
static gint hf_krb_Authenticator = -1;
static gint hf_krb_Checksum = -1;
static gint hf_krb_s_address = -1;
+static gint hf_krb_r_address = -1;
+static gint hf_krb_KrbCredInfo = -1;
static gint hf_krb_HostAddress = -1;
static gint hf_krb_HostAddresses = -1;
static gint hf_krb_APOptions = -1;
static gint hf_krb_KDCOptions_allow_postdate = -1;
static gint hf_krb_KDCOptions_postdated = -1;
static gint hf_krb_KDCOptions_renewable = -1;
+static gint hf_krb_KDCOptions_constrained_delegation = -1;
static gint hf_krb_KDCOptions_canonicalize = -1;
static gint hf_krb_KDCOptions_opt_hardware_auth = -1;
static gint hf_krb_KDCOptions_disable_transited_check = -1;
static gint hf_krb_KDCOptions_validate = -1;
static gint hf_krb_KDC_REQ_BODY = -1;
static gint hf_krb_PRIV_BODY = -1;
+static gint hf_krb_CRED_BODY = -1;
static gint hf_krb_ENC_PRIV = -1;
static gint hf_krb_authenticator_enc = -1;
+static gint hf_krb_CRED_enc = -1;
static gint hf_krb_ticket_enc = -1;
static gint hf_krb_e_checksum = -1;
+static gint hf_krb_gssapi_len = -1;
+static gint hf_krb_gssapi_bnd = -1;
+static gint hf_krb_gssapi_dlgopt = -1;
+static gint hf_krb_gssapi_dlglen = -1;
+static gint hf_krb_gssapi_c_flag_deleg = -1;
+static gint hf_krb_gssapi_c_flag_mutual = -1;
+static gint hf_krb_gssapi_c_flag_replay = -1;
+static gint hf_krb_gssapi_c_flag_sequence = -1;
+static gint hf_krb_gssapi_c_flag_conf = -1;
+static gint hf_krb_gssapi_c_flag_integ = -1;
+static gint hf_krb_gssapi_c_flag_dce_style = -1;
+static gint hf_krb_smb_nt_status = -1;
+static gint hf_krb_smb_unknown = -1;
static gint ett_krb_kerberos = -1;
static gint ett_krb_TransitedEncoding = -1;
static gint ett_krb_PAC_SERVER_CHECKSUM = -1;
static gint ett_krb_PAC_PRIVSVR_CHECKSUM = -1;
static gint ett_krb_PAC_CLIENT_INFO_TYPE = -1;
+static gint ett_krb_PAC_CONSTRAINED_DELEGATION = -1;
static gint ett_krb_KDC_REP_enc = -1;
static gint ett_krb_EncTicketPart = -1;
static gint ett_krb_EncAPRepPart = -1;
+static gint ett_krb_EncKrbPrivPart = -1;
+static gint ett_krb_EncKrbCredPart = -1;
static gint ett_krb_EncKDCRepPart = -1;
static gint ett_krb_LastReq = -1;
static gint ett_krb_Authenticator = -1;
static gint ett_krb_subkey = -1;
static gint ett_krb_AuthorizationData = -1;
static gint ett_krb_sname = -1;
+static gint ett_krb_pname = -1;
static gint ett_krb_cname = -1;
static gint ett_krb_AP_REP_enc = -1;
static gint ett_krb_padata = -1;
static gint ett_krb_etypes = -1;
+static gint ett_krb_KrbCredInfos = -1;
+static gint ett_krb_sq_tickets = -1;
static gint ett_krb_LastReqs = -1;
static gint ett_krb_IF_RELEVANT = -1;
static gint ett_krb_PA_DATA_tree = -1;
static gint ett_krb_PAC = -1;
static gint ett_krb_s_address = -1;
+static gint ett_krb_r_address = -1;
+static gint ett_krb_KrbCredInfo = -1;
static gint ett_krb_HostAddress = -1;
static gint ett_krb_HostAddresses = -1;
static gint ett_krb_authenticator_enc = -1;
+static gint ett_krb_CRED_enc = -1;
static gint ett_krb_AP_Options = -1;
static gint ett_krb_KDC_Options = -1;
static gint ett_krb_Ticket_Flags = -1;
static gint ett_krb_recordmark = -1;
static gint ett_krb_ticket = -1;
static gint ett_krb_ticket_enc = -1;
+static gint ett_krb_CRED = -1;
static gint ett_krb_PRIV = -1;
static gint ett_krb_PRIV_enc = -1;
static gint ett_krb_e_checksum = -1;
guint32 krb5_errorcode;
-static int do_col_info;
+static dissector_handle_t krb4_handle=NULL;
+
+static gboolean do_col_info;
static void
static gboolean krb_decrypt = FALSE;
/* keytab filename */
-static char *keytab_filename = "insert filename here";
+static const char *keytab_filename = "insert filename here";
#endif
-#ifdef HAVE_MIT_KERBEROS
+#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
#include <krb5.h>
-
-#define MAX_ORIG_LEN 256
-typedef struct _enc_key_t {
- struct _enc_key_t *next;
- krb5_keytab_entry key;
- char key_origin[MAX_ORIG_LEN+1];
-} enc_key_t;
-static enc_key_t *enc_key_list=NULL;
-
+enc_key_t *enc_key_list=NULL;
static void
-add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin)
+add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
{
enc_key_t *new_key;
printf("added key in %d\n",pinfo->fd->num);
new_key=g_malloc(sizeof(enc_key_t));
- sprintf(new_key->key_origin, "%s learnt from frame %d",origin,pinfo->fd->num);
+ g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %d",origin,pinfo->fd->num);
new_key->next=enc_key_list;
enc_key_list=new_key;
- new_key->key.principal=NULL;
- new_key->key.vno=0;
- new_key->key.key.enctype=keytype;
- new_key->key.key.length=keylength;
- new_key->key.key.contents=g_malloc(keylength);
- memcpy(new_key->key.key.contents, keyvalue, keylength);
+ new_key->keytype=keytype;
+ new_key->keylength=keylength;
+ /*XXX this needs to be freed later */
+ new_key->keyvalue=g_memdup(keyvalue, keylength);
}
+#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
+
+
+#ifdef HAVE_MIT_KERBEROS
static void
-read_keytab_file(char *filename, krb5_context *context)
+read_keytab_file(const char *filename, krb5_context *context)
{
krb5_keytab keytab;
+ krb5_keytab_entry key;
krb5_error_code ret;
krb5_kt_cursor cursor;
enc_key_t *new_key;
- /* should use a file in the ethereal users dir */
+ /* should use a file in the wireshark users dir */
ret = krb5_kt_resolve(*context, filename, &keytab);
if(ret){
fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
do{
new_key=g_malloc(sizeof(enc_key_t));
new_key->next=enc_key_list;
- ret = krb5_kt_next_entry(*context, keytab, &(new_key->key), &cursor);
+ ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
if(ret==0){
int i;
char *pos;
/* generate origin string, describing where this key came from */
pos=new_key->key_origin;
- pos+=sprintf(pos, "keytab principal ");
- for(i=0;i<new_key->key.principal->length;i++){
- pos+=sprintf(pos,"%s%s",(i?"/":""),(new_key->key.principal->data[i]).data);
+ pos+=MIN(KRB_MAX_ORIG_LEN,
+ g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
+ for(i=0;i<key.principal->length;i++){
+ pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
+ g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data));
}
- pos+=sprintf(pos,"@%s",new_key->key.principal->realm.data);
+ pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
+ g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data));
*pos=0;
/*printf("added key for principal :%s\n", new_key->key_origin);*/
+ new_key->keytype=key.key.enctype;
+ new_key->keylength=key.key.length;
+ new_key->keyvalue=g_memdup(key.key.contents, key.key.length);
enc_key_list=new_key;
}
}while(ret==0);
}
-static guint8 *
+guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
- krb5_keyusage usage,
+ int usage,
int length,
- const char *cryptotext,
+ const guint8 *cryptotext,
int keytype)
{
static int first_time=1;
krb5_error_code ret;
enc_key_t *ek;
static krb5_data data = {0,0,NULL};
+ krb5_keytab_entry key;
/* dont do anything if we are not attempting to decrypt data */
if(!krb_decrypt){
for(ek=enc_key_list;ek;ek=ek->next){
krb5_enc_data input;
- input.enctype = ek->key.key.enctype;
+ /* shortcircuit and bail out if enctypes are not matching */
+ if(ek->keytype!=keytype){
+ continue;
+ }
+
+ input.enctype = ek->keytype;
input.ciphertext.length = length;
input.ciphertext.data = (guint8 *)cryptotext;
}
data.data = g_malloc(length);
- /* shortcircuit and bail out if enctypes are not matching */
- if(ek->key.key.enctype!=keytype){
- continue;
- }
-
- ret = krb5_c_decrypt(context, &(ek->key.key), usage, 0, &input, &data);
+ key.key.enctype=ek->keytype;
+ key.key.length=ek->keylength;
+ key.key.contents=ek->keyvalue;
+ ret = krb5_c_decrypt(context, &(key.key), usage, 0, &input, &data);
if (ret == 0) {
printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
}
#elif defined(HAVE_HEIMDAL_KERBEROS)
-
-#include <krb5.h>
-
-#define MAX_ORIG_LEN 256
-typedef struct _enc_key_t {
- struct _enc_key_t *next;
- krb5_keytab_entry key;
- char key_origin[MAX_ORIG_LEN+1];
-} enc_key_t;
-static enc_key_t *enc_key_list=NULL;
-
-
-static void
-add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin)
-{
- enc_key_t *new_key;
-
- if(pinfo->fd->flags.visited){
- return;
- }
-printf("added key in %d\n",pinfo->fd->num);
-
- new_key=g_malloc(sizeof(enc_key_t));
- sprintf(new_key->key_origin, "%s learnt from frame %d",origin,pinfo->fd->num);
- new_key->next=enc_key_list;
- enc_key_list=new_key;
- new_key->key.principal=NULL;
- new_key->key.vno=0;
- new_key->key.keyblock.keytype=keytype;
- new_key->key.keyblock.keyvalue.length=keylength;
- new_key->key.keyblock.keyvalue.data=g_malloc(keylength);
- memcpy(new_key->key.keyblock.keyvalue.data, keyvalue, keylength);
- new_key->key.timestamp=0;
-}
-
static void
-read_keytab_file(char *filename, krb5_context *context)
+read_keytab_file(const char *filename, krb5_context *context)
{
krb5_keytab keytab;
+ krb5_keytab_entry key;
krb5_error_code ret;
krb5_kt_cursor cursor;
enc_key_t *new_key;
- /* should use a file in the ethereal users dir */
+ /* should use a file in the wireshark users dir */
ret = krb5_kt_resolve(*context, filename, &keytab);
if(ret){
fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
do{
new_key=g_malloc(sizeof(enc_key_t));
new_key->next=enc_key_list;
- ret = krb5_kt_next_entry(*context, keytab, &(new_key->key), &cursor);
+ ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
if(ret==0){
unsigned int i;
char *pos;
/* generate origin string, describing where this key came from */
pos=new_key->key_origin;
- pos+=sprintf(pos, "keytab principal ");
- for(i=0;i<new_key->key.principal->name.name_string.len;i++){
- pos+=sprintf(pos,"%s%s",(i?"/":""),new_key->key.principal->name.name_string.val[i]);
+ pos+=MIN(KRB_MAX_ORIG_LEN,
+ g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
+ for(i=0;i<key.principal->name.name_string.len;i++){
+ pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
+ g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]));
}
- pos+=sprintf(pos,"@%s",new_key->key.principal->realm);
+ pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
+ g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm));
*pos=0;
-
+ new_key->keytype=key.keyblock.keytype;
+ new_key->keylength=key.keyblock.keyvalue.length;
+ new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length);
enc_key_list=new_key;
}
}while(ret==0);
}
-static guint8 *
+guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
- krb5_keyusage usage,
+ int usage,
int length,
- const char *cryptotext,
+ const guint8 *cryptotext,
int keytype)
{
static int first_time=1;
}
for(ek=enc_key_list;ek;ek=ek->next){
+ krb5_keytab_entry key;
krb5_crypto crypto;
guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
/* shortcircuit and bail out if enctypes are not matching */
- if(ek->key.keyblock.keytype!=keytype){
+ if(ek->keytype!=keytype){
continue;
}
- ret = krb5_crypto_init(context, &(ek->key.keyblock), 0, &crypto);
+ key.keyblock.keytype=ek->keytype;
+ key.keyblock.keyvalue.length=ek->keylength;
+ key.keyblock.keyvalue.data=ek->keyvalue;
+ ret = krb5_crypto_init(context, &(key.keyblock), 0, &crypto);
if(ret){
return NULL;
}
#elif defined (HAVE_LIBNETTLE)
-#define MAX_ORIG_LEN 256
#define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
#define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */
int keytype;
int length;
guint8 *contents;
- char origin[MAX_ORIG_LEN+1];
+ char origin[KRB_MAX_ORIG_LEN+1];
} service_key_t;
GSList *service_key_list = NULL;
static void
-add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin)
+add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
{
service_key_t *new_key;
new_key->length = keylength;
new_key->contents = g_malloc(keylength);
memcpy(new_key->contents, keyvalue, keylength);
- sprintf(new_key->origin, "%s learnt from frame %d", origin, pinfo->fd->num);
+ g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %d", origin, pinfo->fd->num);
+ service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
}
static void
-read_keytab_file(char *service_key_file)
+clear_keytab(void) {
+ GSList *ske;
+ service_key_t *sk;
+
+ for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
+ sk = (service_key_t *) ske->data;
+ if (sk && sk->contents) g_free(sk->contents);
+ if (sk) g_free(sk);
+ }
+ g_slist_free(service_key_list);
+ service_key_list = NULL;
+}
+
+static void
+read_keytab_file(const char *service_key_file)
{
FILE *skf;
struct stat st;
}
}
- skf = fopen(service_key_file, "rb");
+ skf = eth_fopen(service_key_file, "rb");
if (! skf) return;
while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
sk->length = DES3_KEY_SIZE;
sk->contents = g_malloc(DES3_KEY_SIZE);
memcpy(sk->contents, buf + 2, DES3_KEY_SIZE);
- sprintf(sk->origin, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
+ g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
service_key_list = g_slist_append(service_key_list, (gpointer) sk);
fseek(skf, newline_skip, SEEK_CUR);
count++;
#define CONFOUNDER_PLUS_CHECKSUM 24
-static guint8 *
-decrypt_krb5_data(proto_tree _U_ *tree, packet_info *pinfo,
+guint8 *
+decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int _U_ usage,
int length,
- const char *cryptotext,
+ const guint8 *cryptotext,
int keytype)
{
- static gboolean first_time = TRUE;
-
tvbuff_t *encr_tvb;
guint8 *decrypted_data = NULL, *plaintext = NULL;
int res;
return NULL;
}
- /* XXX we should only do this for first time, then store somewhere */
- /* XXX We also need to re-read the keytab when the preference changes */
-
- if(first_time){
- first_time = FALSE;
- read_keytab_file(keytab_filename);
- }
-
if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
return NULL;
}
*/
TRY {
id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
- offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind);
+ offset = get_ber_length(tree, encr_tvb, id_offset, &item_len, &ind);
}
CATCH (BoundsError) {
tvb_free(encr_tvb);
#define KRB_RM_RESERVED 0x80000000L
#define KRB_RM_RECLEN 0x7fffffffL
+#define KRB5_MSG_TICKET 1 /* Ticket */
#define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
#define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
#define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
#define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
#define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
#define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
+#define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */
+#define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */
#define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
/* address type constants */
#define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
#define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
#define KRB5_ENCTYPE_DES3_CBC_SHA1 16
+#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
+#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
#define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
#define KERB_ENCTYPE_RC4_HMAC 23
#define KERB_ENCTYPE_RC4_HMAC_EXP 24
#define KRB5_CHKSUM_REAL_CRC32 0xffffff7c
#define KRB5_CHKSUM_SHA1 0xffffff7d
#define KRB5_CHKSUM_LM 0xffffff7e
-
+#define KRB5_CHKSUM_GSSAPI 0x8003
/*
* For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
#define KRB5_PA_PK_AS_REQ 14
#define KRB5_PA_PK_AS_REP 15
#define KRB5_PA_DASS 16
+#define KRB5_PA_ENCTYPE_INFO2 19
#define KRB5_PA_USE_SPECIFIED_KVNO 20
#define KRB5_PA_SAM_REDIRECT 21
#define KRB5_PA_GET_FROM_TYPED_DATA 22
#define PAC_SERVER_CHECKSUM 6
#define PAC_PRIVSVR_CHECKSUM 7
#define PAC_CLIENT_INFO_TYPE 10
+#define PAC_CONSTRAINED_DELEGATION 11
static const value_string w2k_pac_types[] = {
{ PAC_LOGON_INFO , "Logon Info" },
{ PAC_CREDENTIAL_TYPE , "Credential Type" },
{ PAC_SERVER_CHECKSUM , "Server Checksum" },
{ PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
{ PAC_CLIENT_INFO_TYPE , "Client Info Type" },
+ { PAC_CONSTRAINED_DELEGATION, "Constrained Delegation" },
{ 0, NULL },
};
{ KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
{ KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
{ KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
+ { KRB5_PA_ENCTYPE_INFO2 , "PA-ENCTYPE-INFO2" },
{ KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
{ KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
{ KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
{ KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
{ KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
{ KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
+ { KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 , "aes128-cts-hmac-sha1-96" },
+ { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 , "aes256-cts-hmac-sha1-96" },
{ KRB5_ENCTYPE_DES_CBC_MD5_NT , "des-cbc-md5-nt" },
{ KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
{ KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
{ KRB5_CHKSUM_REAL_CRC32 , "real-crc32" },
{ KRB5_CHKSUM_SHA1 , "sha1" },
{ KRB5_CHKSUM_LM , "lm" },
+ { KRB5_CHKSUM_GSSAPI , "gssapi-8003" },
{ 0 , NULL },
};
};
static const value_string krb5_msg_types[] = {
+ { KRB5_MSG_TICKET, "Ticket" },
{ KRB5_MSG_AUTHENTICATOR, "Authenticator" },
{ KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
{ KRB5_MSG_TGS_REQ, "TGS-REQ" },
{ KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
{ KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
{ KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
+ { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" },
+ { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" },
{ KRB5_MSG_ERROR, "KRB-ERROR" },
{ 0, NULL },
};
static int dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_Application_1(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_Authenticator(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_EncTicketPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_EncAPRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_EncKrbPrivPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_EncKrbCredPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_EncKDCRepPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+static int dissect_krb5_CRED(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
static int dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
-static const ber_choice kerberos_applications_choice[] = {
+static const ber_choice_t kerberos_applications_choice[] = {
+ { KRB5_MSG_TICKET, BER_CLASS_APP, KRB5_MSG_TICKET, 0, dissect_krb5_Application_1 },
{ KRB5_MSG_AUTHENTICATOR, BER_CLASS_APP, KRB5_MSG_AUTHENTICATOR, 0, dissect_krb5_Authenticator },
{ KRB5_MSG_ENC_TICKET_PART, BER_CLASS_APP, KRB5_MSG_ENC_TICKET_PART, 0, dissect_krb5_EncTicketPart },
{ KRB5_MSG_AS_REQ, BER_CLASS_APP, KRB5_MSG_AS_REQ, 0, dissect_krb5_KDC_REQ },
{ KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
{ KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
{ KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart },
+ { KRB5_MSG_ENC_KRB_PRIV_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_PRIV_PART, 0, dissect_krb5_EncKrbPrivPart },
+ { KRB5_MSG_ENC_KRB_CRED_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_CRED_PART, 0, dissect_krb5_EncKrbCredPart },
{ KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE },
{ KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV },
+ { KRB5_MSG_CRED, BER_CLASS_APP, KRB5_MSG_CRED, 0, dissect_krb5_CRED },
{ KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR },
{ 0, 0, 0, 0, NULL }
};
static int
dissect_krb5_application_choice(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_choice(pinfo, tree, tvb, offset, kerberos_applications_choice, -1, -1);
+ offset=dissect_ber_choice(pinfo, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
return offset;
}
"This ticket is RENEWABLE",
"This ticket is NOT renewable"
};
+static const true_false_string krb5_kdcoptions_constrained_delegation = {
+ "This is a request for a CONSTRAINED DELEGATION PAC",
+ "This is a normal request (no constrained delegation)"
+};
static const true_false_string krb5_kdcoptions_canonicalize = {
"This is a request for a CANONICALIZED ticket",
"This is NOT a canonicalized ticket request"
&hf_krb_KDCOptions_postdated,
&hf_krb_KDCOptions_renewable,
&hf_krb_KDCOptions_opt_hardware_auth,
+ &hf_krb_KDCOptions_constrained_delegation,
&hf_krb_KDCOptions_canonicalize,
&hf_krb_KDCOptions_disable_transited_check,
&hf_krb_KDCOptions_renewable_ok,
static int
dissect_krb5_rtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_rtime);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_rtime);
return offset;
}
int
dissect_krb5_ctime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_ctime);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_ctime);
return offset;
}
static int
dissect_krb5_cusec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_cusec, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_cusec, NULL);
return offset;
}
static int
dissect_krb5_stime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_stime);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_stime);
return offset;
}
static int
dissect_krb5_susec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_susec, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_susec, NULL);
return offset;
}
static int
dissect_krb5_error_code(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
if(krb5_errorcode && check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO,
"KRB Error: %s",
static int
dissect_krb5_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_till);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_till);
return offset;
}
static int
dissect_krb5_from(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_from);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_from);
return offset;
}
static int
dissect_krb5_nonce(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_nonce, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_nonce, NULL);
return offset;
}
{
guint32 etype;
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &etype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &etype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(etype, krb5_encryption_types,
}
return offset;
}
-static ber_sequence etype_sequence_of[1] = {
+static ber_sequence_t etype_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_krb5_etype },
};
static int
static int
dissect_krb5_authenticator_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(authenticator_etype, krb5_encryption_types,
static int
dissect_krb5_Ticket_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(Ticket_etype, krb5_encryption_types,
static int
dissect_krb5_AP_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(AP_REP_etype, krb5_encryption_types,
static int
dissect_krb5_PA_ENC_TIMESTAMP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(PA_ENC_TIMESTAMP_etype, krb5_encryption_types,
static guint32 addr_type;
static int dissect_krb5_addr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_addr_type, &addr_type);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_addr_type, &addr_type);
return offset;
}
static int dissect_krb5_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- guint8 class;
+ gint8 class;
gboolean pc;
- guint32 tag;
+ gint32 tag;
guint32 len;
- char address_str[256];
+ char *address_str;
proto_item *it=NULL;
/* read header and len for the octet string */
offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
-
+ address_str=ep_alloc(256);
address_str[0]=0;
address_str[255]=0;
switch(addr_type){
case KRB5_ADDR_IPv4:
it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, FALSE);
- sprintf(address_str,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
+ g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
break;
case KRB5_ADDR_NETBIOS:
{
char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
int netbios_name_type;
+ int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
- netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name);
- snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
+ netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
+ g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
}
break;
offset+=len;
return offset;
}
-static ber_sequence HostAddress_sequence[] = {
+static ber_sequence_t HostAddress_sequence[] = {
{ BER_CLASS_CON, 0, 0, dissect_krb5_addr_type },
{ BER_CLASS_CON, 1, 0, dissect_krb5_address },
{ 0, 0, 0, NULL }
return offset;
}
+static int
+dissect_krb5_r_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_r_address, ett_krb_r_address);
+
+ return offset;
+}
+
/*
* HostAddresses ::= SEQUENCE OF SEQUENCE {
* addr-type[0] INTEGER,
* }
*
*/
-static ber_sequence HostAddresses_sequence_of[1] = {
+static ber_sequence_t HostAddresses_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_HostAddress },
};
static int
}
+/* sequence of tickets */
+static ber_sequence_t sequence_of_tickets[1] = {
+ { BER_CLASS_APP, 1, 0, dissect_krb5_Application_1},
+};
+static int
+dissect_krb5_sq_tickets(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, sequence_of_tickets, hf_krb_sq_tickets, ett_krb_sq_tickets);
+
+ return offset;
+}
static int
dissect_krb5_msg_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
guint32 msgtype;
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_msg_type, &msgtype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_msg_type, &msgtype);
if (do_col_info & check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO,
static int
dissect_krb5_pvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_pvno, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_pvno, NULL);
return offset;
}
dissect_krb5_name_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_name_type, &name_type);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_name_type, &name_type);
if(tree){
proto_item_append_text(tree, " (%s):",
val_to_str(name_type, krb5_princ_types,
return offset;
}
-static ber_sequence name_stringe_sequence_of[1] = {
+static ber_sequence_t name_stringe_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_krb5_name_string },
};
static int
return offset;
}
-static ber_sequence PrincipalName_sequence[] = {
+static ber_sequence_t PrincipalName_sequence[] = {
{ BER_CLASS_CON, 0, 0, dissect_krb5_name_type },
{ BER_CLASS_CON, 1, 0, dissect_krb5_name_strings },
{ 0, 0, 0, NULL }
return offset;
}
static int
+dissect_krb5_pname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PrincipalName_sequence, hf_krb_pname, ett_krb_pname);
+
+ return offset;
+}
+int
dissect_krb5_cname(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
}
-static int
+int
+dissect_krb5_prealm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_prealm, NULL, 0);
+ return offset;
+}
+
+int
+dissect_krb5_srealm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_srealm, NULL, 0);
+ return offset;
+}
+
+int
dissect_krb5_realm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_realm, NULL, 0);
static int
dissect_krb5_PA_PAC_REQUEST_flag(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_boolean(pinfo, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag);
+ offset=dissect_ber_boolean(FALSE, pinfo, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag);
return offset;
}
-static ber_sequence PA_PAC_REQUEST_sequence[] = {
+static ber_sequence_t PA_PAC_REQUEST_sequence[] = {
{ BER_CLASS_CON, 0, 0, dissect_krb5_PA_PAC_REQUEST_flag },
{ 0, 0, 0, NULL }
};
static int
dissect_krb5_kvno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_kvno, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_kvno, NULL);
return offset;
}
static int
dissect_krb5_seq_number(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_seq_number, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_seq_number, NULL);
return offset;
}
-#ifdef HAVE_KERBEROS
static int
-dissect_krb5_pausec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+dissect_krb5_patimestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_pausec, NULL);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_patimestamp);
return offset;
}
+#ifdef HAVE_KERBEROS
static int
-dissect_krb5_patimestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+dissect_krb5_pausec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_patimestamp);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_pausec, NULL);
return offset;
}
-static const ber_sequence PA_ENC_TS_ENC_sequence[] = {
+static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
{ BER_CLASS_CON, 0, 0, dissect_krb5_patimestamp },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_pausec },
{ 0, 0, 0, NULL }
#endif
return offset;
}
-static ber_sequence PA_ENC_TIMESTAMP_sequence[] = {
+static ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_PA_ENC_TIMESTAMP_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
return offset;
}
-static ber_sequence PA_ENCTYPE_INFO_ENTRY_sequence[] = {
+static int
+dissect_krb5_etype_info2_salt(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_GeneralString(pinfo, tree, tvb, offset, hf_krb_etype_info2_salt, NULL, 0);
+ return offset;
+}
+
+static int
+dissect_krb5_etype_info2_s2kparams(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_etype_info2_s2kparams, NULL);
+ return offset;
+}
+
+static ber_sequence_t PA_ENCTYPE_INFO_ENTRY_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
return offset;
}
-static ber_sequence PA_ENCTYPE_INFO_sequence_of[1] = {
+static ber_sequence_t PA_ENCTYPE_INFO_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO_ENTRY },
};
static int
return offset;
}
+static ber_sequence_t PA_ENCTYPE_INFO2_ENTRY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_etype_info2_salt },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
+ dissect_krb5_etype_info2_s2kparams },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_PA_ENCTYPE_INFO2_ENTRY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO2_ENTRY_sequence, -1, -1);
+
+ return offset;
+}
+
+static ber_sequence_t PA_ENCTYPE_INFO2_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO2_ENTRY },
+};
+static int
+dissect_krb5_PA_ENCTYPE_INFO2(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, PA_ENCTYPE_INFO2_sequence_of, -1, -1);
+
+ return offset;
+}
+
+
+static int
+dissect_krb5_PW_SALT(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ /* Microsoft stores a special 12 byte blob here
+ * guint32 NT_status
+ * guint32 unknown
+ * guint32 unknown
+ * decode everything as this blob for now until we see if anyone
+ * else ever uses it or we learn how to tell wether this
+ * is such an MS blob or not.
+ */
+ proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
+ TRUE);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
+ TRUE);
+ offset += 4;
+
+ proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
+ TRUE);
+ offset += 4;
+
+ return offset;
+}
+
/*
* PA-DATA ::= SEQUENCE {
* padata-type[1] INTEGER,
static int
dissect_krb5_PA_DATA_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
krb_PA_DATA_type&=0xff; /*this is really just one single byte */
if(tree){
case KRB5_PA_ENCTYPE_INFO:
offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
break;
+ case KRB5_PA_ENCTYPE_INFO2:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO2);
+ break;
+ case KRB5_PA_PW_SALT:
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PW_SALT);
+ break;
default:
offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
}
/*qqq*/
}
-static ber_sequence PA_DATA_sequence[] = {
+static ber_sequence_t PA_DATA_sequence[] = {
{ BER_CLASS_CON, 1, 0, dissect_krb5_PA_DATA_type },
{ BER_CLASS_CON, 2, 0, dissect_krb5_PA_DATA_value },
{ 0, 0, 0, NULL }
* padata[3] SEQUENCE OF PA-DATA OPTIONAL,
*
*/
-static ber_sequence PA_DATA_sequence_of[1] = {
+static ber_sequence_t PA_DATA_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_DATA },
};
static int
-
static const true_false_string krb5_ticketflags_forwardable = {
"FORWARDABLE tickets are allowed/requested",
"Do NOT use forwardable tickets"
static int
dissect_krb5_keytype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_keytype, &keytype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_keytype, &keytype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(keytype, krb5_encryption_types,
return offset;
}
static int keylength;
-static const char *keyvalue;
+static const guint8 *keyvalue;
static int
store_keyvalue(packet_info *pinfo _U_, proto_tree *tree _U_, tvbuff_t *tvb, int offset)
{
* keytype [0] int32
* keyvalue [1] octet string
*/
-static ber_sequence EncryptionKey_sequence[] = {
+static ber_sequence_t EncryptionKey_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_keytype },
{ BER_CLASS_CON, 1, 0,
tree=proto_item_add_subtree(item, ett_krb_PAC_LOGON_INFO);
}
- /* skip the first 20 bytes, they look like a unique ndr pointer
- followed by (where did it come from?) a contect_handle ?*/
- proto_tree_add_text(tree, tvb, offset, 20, "unknown: is this an undocumented policy handle?");
- offset+=20;
+ /* skip the first 16 bytes, they are some magic created by the idl
+ * compiler the first 4 bytes might be flags?
+ */
+ proto_tree_add_text(tree, tvb, offset, 16, "unknown blob");
+ offset+=16;
/* the PAC_LOGON_INFO blob */
pinfo->private_data=&di;
init_ndr_pointer_list(pinfo);
offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
- netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_REF,
+ netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE,
"PAC_LOGON_INFO:", -1);
pinfo->private_data=old_private_data;
return offset;
}
+static int
+dissect_krb5_PAC_CONSTRAINED_DELEGATION(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+ dcerpc_info di; /* fake dcerpc_info struct */
+ void *old_private_data;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_CONSTRAINED_DELEGATION, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_CONSTRAINED_DELEGATION);
+ }
+
+ /* skip the first 16 bytes, they are some magic created by the idl
+ * compiler the first 4 bytes might be flags?
+ */
+ proto_tree_add_text(tree, tvb, offset, 16, "unknown blob");
+ offset+=16;
+
+
+ /* the PAC_CONSTRAINED_DELEGATION blob */
+ /* fake whatever state the dcerpc runtime support needs */
+ di.conformant_run=0;
+ di.call_data=NULL;
+ old_private_data=pinfo->private_data;
+ pinfo->private_data=&di;
+ init_ndr_pointer_list(pinfo);
+ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
+ netlogon_dissect_PAC_CONSTRAINED_DELEGATION, NDR_POINTER_UNIQUE,
+ "PAC_CONSTRAINED_DELEGATION:", -1);
+ pinfo->private_data=old_private_data;
+
+ return offset;
+}
+
static int
dissect_krb5_PAC_CREDENTIAL_TYPE(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
offset+=2;
/* client name */
- name=tvb_fake_unicode(tvb, offset, namelen/2, TRUE);
+ name=tvb_get_ephemeral_faked_unicode(tvb, offset, namelen/2, TRUE);
proto_tree_add_string(tree, hf_krb_pac_clientname, tvb, offset, namelen, name);
offset+=namelen;
case PAC_CLIENT_INFO_TYPE:
dissect_krb5_PAC_CLIENT_INFO_TYPE(pinfo, tr, next_tvb, 0);
break;
+ case PAC_CONSTRAINED_DELEGATION:
+ dissect_krb5_PAC_CONSTRAINED_DELEGATION(pinfo, tr, next_tvb, 0);
+ break;
default:;
/*qqq*/
}
static int
dissect_krb5_IF_RELEVANT_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(IF_RELEVANT_type, krb5_ad_types,
}
return offset;
}
-static ber_sequence IF_RELEVANT_item_sequence[] = {
+static ber_sequence_t IF_RELEVANT_item_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_IF_RELEVANT_type },
{ BER_CLASS_CON, 1, 0,
return offset;
}
-static ber_sequence IF_RELEVANT_sequence_of[1] = {
+static ber_sequence_t IF_RELEVANT_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_IF_RELEVANT_item },
};
static int
dissect_krb5_adtype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_adtype, &adtype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_adtype, &adtype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(adtype, krb5_ad_types,
* ad-type [0] int32
* ad-data [1] octet string
*/
-static ber_sequence AuthorizationData_item_sequence[] = {
+static ber_sequence_t AuthorizationData_item_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_adtype },
{ BER_CLASS_CON, 1, 0,
return offset;
}
-static ber_sequence AuthorizationData_sequence_of[1] = {
+static ber_sequence_t AuthorizationData_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_AuthorizationData_item },
};
static int
{
guint32 trtype;
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_transitedtype, &trtype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_transitedtype, &trtype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(trtype, krb5_transited_types,
* tr-type [0] int32
* contents [1] octet string
*/
-static ber_sequence TransitedEncoding_sequence[] = {
+static ber_sequence_t TransitedEncoding_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_transited_type },
{ BER_CLASS_CON, 1, 0,
static int
dissect_krb5_authtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_authtime);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_authtime);
return offset;
}
static int
dissect_krb5_starttime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_starttime);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_starttime);
return offset;
}
static int
dissect_krb5_endtime(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_endtime);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_endtime);
return offset;
}
static int
dissect_krb5_renew_till(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_renew_till);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_renew_till);
return offset;
}
* authorization-data [10] AuthorizationData OPTIONAL
* }
*/
-static ber_sequence EncTicketPart_sequence[] = {
+static ber_sequence_t EncTicketPart_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_TicketFlags },
{ BER_CLASS_CON, 1, 0,
* seq-number [3] uint32 OPTIONAL
* }
*/
-static ber_sequence EncAPRepPart_sequence[] = {
+static ber_sequence_t EncAPRepPart_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_ctime },
{ BER_CLASS_CON, 1, 0,
static int
dissect_krb5_lr_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_lr_type, &lr_type);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_lr_type, &lr_type);
return offset;
}
static int
dissect_krb5_lr_value(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_lr_time);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_lr_time);
return offset;
}
-static ber_sequence LastReq_sequence[] = {
+static ber_sequence_t LastReq_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_lr_type },
{ BER_CLASS_CON, 1, 0,
return offset;
}
-static ber_sequence LastReq_sequence_of[1] = {
+static ber_sequence_t LastReq_sequence_of[1] = {
{ BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_LastReq },
};
static int
static int
dissect_krb5_key_expiration(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_key_expire);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_key_expire);
return offset;
}
-static ber_sequence EncKDCRepPart_sequence[] = {
+static ber_sequence_t EncKDCRepPart_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_key },
{ BER_CLASS_CON, 1, 0,
static int
dissect_krb5_authenticator_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
return offset;
}
+#define KRB5_GSS_C_DELEG_FLAG 0x01
+#define KRB5_GSS_C_MUTUAL_FLAG 0x02
+#define KRB5_GSS_C_REPLAY_FLAG 0x04
+#define KRB5_GSS_C_SEQUENCE_FLAG 0x08
+#define KRB5_GSS_C_CONF_FLAG 0x10
+#define KRB5_GSS_C_INTEG_FLAG 0x20
+#define KRB5_GSS_C_DCE_STYLE 0x1000
+static const true_false_string tfs_gss_flags_deleg = {
+ "Delegate credantials to remote peer",
+ "Do NOT delegate"
+};
+static const true_false_string tfs_gss_flags_mutual = {
+ "Request that remote peer authenticates itself",
+ "Mutual authentication NOT required"
+};
+static const true_false_string tfs_gss_flags_replay = {
+ "Enable replay protection for signed or sealed messages",
+ "Do NOT enable replay protection"
+};
+static const true_false_string tfs_gss_flags_sequence = {
+ "Enable Out-of-sequence detection for sign or sealed messages",
+ "Do NOT enable out-of-sequence detection"
+};
+static const true_false_string tfs_gss_flags_conf = {
+ "Confidentiality (sealing) may be invoked",
+ "Do NOT use Confidentiality (sealing)"
+};
+static const true_false_string tfs_gss_flags_integ = {
+ "Integrity protection (signing) may be invoked",
+ "Do NOT use integrity protection"
+};
+
+static const true_false_string tfs_gss_flags_dce_style = {
+ "DCE-STYLE",
+ "Not using DCE-STYLE"
+};
+
+/* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.
+ */
+static int
+dissect_krb5_rfc1964_checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb)
+{
+ int offset=0;
+ guint32 len;
+ guint16 dlglen;
+
+ /* Length of Bnd field */
+ len=tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, TRUE);
+ offset += 4;
+
+ /* Bnd field */
+ proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, TRUE);
+ offset += len;
+
+
+ /* flags */
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, TRUE);
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, TRUE);
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, TRUE);
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, TRUE);
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, TRUE);
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, TRUE);
+ proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, TRUE);
+ offset += 4;
+
+ /* the next fields are optional so we have to check that we have
+ * more data in our buffers */
+ if(tvb_length_remaining(tvb, offset)<2){
+ return offset;
+ }
+ /* dlgopt identifier */
+ proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, TRUE);
+ offset += 2;
+
+ if(tvb_length_remaining(tvb, offset)<2){
+ return offset;
+ }
+ /* dlglen identifier */
+ dlglen=tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, TRUE);
+ offset += 2;
+
+ if(dlglen!=tvb_length_remaining(tvb, offset)){
+ proto_tree_add_text(tree, tvb, 0, 0, "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_length_remaining(tvb, offset));
+ return offset;
+ }
+
+ /* this should now be a KRB_CRED message */
+ offset=dissect_ber_choice(pinfo, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
+
+
+ return offset;
+}
+
+static guint32 checksum_type;
+
static int
dissect_krb5_checksum_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_checksum_type, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_type, &checksum_type);
return offset;
}
+
static int
dissect_krb5_checksum_checksum(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
+ tvbuff_t *next_tvb;
+
+ switch(checksum_type){
+ case KRB5_CHKSUM_GSSAPI:
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_checksum, &next_tvb);
+ dissect_krb5_rfc1964_checksum(pinfo, tree, next_tvb);
+ break;
+ default:
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
+ }
return offset;
}
* Checksum ::= SEQUENCE {
* }
*/
-static ber_sequence Checksum_sequence[] = {
+static ber_sequence_t Checksum_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_checksum_type },
{ BER_CLASS_CON, 1, 0,
* authorization-data [8] AuthorizationData OPTIONAL
* }
*/
-static ber_sequence Authenticator_sequence[] = {
+static ber_sequence_t Authenticator_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_authenticator_vno },
{ BER_CLASS_CON, 1, 0,
}
+static int
+dissect_krb5_PRIV_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ tvbuff_t *new_tvb;
+ offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_PRIV_BODY_user_data, &new_tvb);
+
+ if (new_tvb)
+ call_kerberos_callbacks(pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA);
+
+ return offset;
+}
+
+static ber_sequence_t EncKrbPrivPart_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_PRIV_BODY_user_data },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_patimestamp },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
+ dissect_krb5_cusec },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
+ dissect_krb5_seq_number },
+ { BER_CLASS_CON, 4, 0,
+ dissect_krb5_s_address },
+ { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
+ dissect_krb5_HostAddresses },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_EncKrbPrivPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncKrbPrivPart_sequence, hf_krb_EncKrbPrivPart, ett_krb_EncKrbPrivPart);
+
+ return offset;
+}
+
+static guint32 PRIV_etype;
+static int
+dissect_krb5_PRIV_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &PRIV_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(PRIV_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_decrypt_PRIV (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 *plaintext=NULL;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(tree, pinfo, 13, length, tvb_get_ptr(tvb, offset, length), PRIV_etype);
+ }
+
+ if(plaintext){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
+
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
+
+ }
+ return offset;
+}
+#endif
+
/*
* PRIV-BODY ::= SEQUENCE {
* KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
static int
dissect_krb5_encrypted_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, dissect_krb5_decrypt_PRIV);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
+#endif
return offset;
}
-static ber_sequence ENC_PRIV_sequence[] = {
+static ber_sequence_t ENC_PRIV_sequence[] = {
{ BER_CLASS_CON, 0, 0,
- dissect_krb5_etype },
+ dissect_krb5_PRIV_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
dissect_krb5_kvno },
{ BER_CLASS_CON, 2, 0,
offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ENC_PRIV_sequence, hf_krb_ENC_PRIV, ett_krb_PRIV_enc);
return offset;
}
-static ber_sequence PRIV_BODY_sequence[] = {
+static ber_sequence_t PRIV_BODY_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 1, 0,
return offset;
}
+static guint32 EncKrbCredPart_etype;
+static int
+dissect_krb5_EncKrbCredPart_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &EncKrbCredPart_etype);
+ if(tree){
+ proto_item_append_text(tree, " %s",
+ val_to_str(EncKrbCredPart_etype, krb5_encryption_types,
+ "%#x"));
+ }
+ return offset;
+}
+
+
+
+
+
+static ber_sequence_t KrbCredInfo_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_key },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_prealm },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_pname },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_TicketFlags },
+ { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_krb5_authtime },
+ { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_krb5_starttime },
+ { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_krb5_endtime },
+ { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_krb5_renew_till },
+ { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_krb5_srealm },
+ { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_krb5_sname },
+ { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_krb5_HostAddresses },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_KrbCredInfo(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KrbCredInfo_sequence, hf_krb_KrbCredInfo, ett_krb_KrbCredInfo);
+
+ return offset;
+}
+
+static ber_sequence_t KrbCredInfo_sequence_of[1] = {
+ { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_KrbCredInfo },
+};
+static int
+dissect_krb5_KrbCredInfo_sequence_of(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence_of(FALSE, pinfo, tree, tvb, offset, KrbCredInfo_sequence_of, hf_krb_KrbCredInfos, ett_krb_KrbCredInfos);
+
+ return offset;
+}
+static const ber_sequence_t EncKrbCredPart_sequence[] = {
+ { BER_CLASS_CON, 0, 0, dissect_krb5_KrbCredInfo_sequence_of },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_nonce },
+ { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_ctime },
+ { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_cusec },
+ { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_krb5_s_address },
+ { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_krb5_r_address },
+ { 0, 0, 0, NULL }
+};
+
+static int
+dissect_krb5_EncKrbCredPart(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, EncKrbCredPart_sequence, hf_krb_EncKrbCredPart, ett_krb_EncKrbCredPart);
+
+ return offset;
+}
+
+#ifdef HAVE_KERBEROS
+static int
+dissect_krb5_decrypt_EncKrbCredPart (packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ guint8 *plaintext=NULL;
+ int length;
+
+ length=tvb_length_remaining(tvb, offset);
+
+ /* RFC4120 :
+ * EncKrbCredPart encrypted with usage
+ * == 14
+ */
+ if(!plaintext){
+ plaintext=decrypt_krb5_data(tree, pinfo, 14, length, tvb_get_ptr(tvb, offset, length), EncKrbCredPart_etype);
+ }
+
+ if(plaintext){
+ tvbuff_t *next_tvb;
+ next_tvb = tvb_new_real_data (plaintext,
+ length,
+ length);
+ tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, next_tvb, "EncKrbCredPart");
+
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
+ }
+ return offset;
+}
+#endif
+
+static int
+dissect_krb5_encrypted_CRED_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+#ifdef HAVE_KERBEROS
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_EncKrbCredPart, dissect_krb5_decrypt_EncKrbCredPart);
+#else
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_encrypted_EncKrbCredPart, NULL);
+#endif
+ return offset;
+}
+
+static ber_sequence_t encrypted_CRED_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_EncKrbCredPart_etype },
+ { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
+ dissect_krb5_kvno },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_encrypted_CRED_data },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_encrypted_CRED(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, encrypted_CRED_sequence, hf_krb_CRED_enc, ett_krb_CRED_enc);
+
+ return offset;
+}
+
+static ber_sequence_t CRED_BODY_sequence[] = {
+ { BER_CLASS_CON, 0, 0,
+ dissect_krb5_pvno },
+ { BER_CLASS_CON, 1, 0,
+ dissect_krb5_msg_type },
+ { BER_CLASS_CON, 2, 0,
+ dissect_krb5_sq_tickets },
+ { BER_CLASS_CON, 3, 0,
+ dissect_krb5_encrypted_CRED },
+ { 0, 0, 0, NULL }
+};
+static int
+dissect_krb5_CRED(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+
+ offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, CRED_BODY_sequence, hf_krb_CRED_BODY, ett_krb_CRED);
+
+ return offset;
+}
+
static int
dissect_krb5_SAFE_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
tvbuff_t *new_tvb;
offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, &new_tvb);
- call_kerberos_callbacks(pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
+ if (new_tvb)
+ call_kerberos_callbacks(pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
return offset;
}
static int
dissect_krb5_SAFE_BODY_timestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
+ offset=dissect_ber_GeneralizedTime(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
return offset;
}
static int
dissect_krb5_SAFE_BODY_usec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
return offset;
}
-static ber_sequence SAFE_BODY_sequence[] = {
+static ber_sequence_t SAFE_BODY_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_SAFE_BODY_user_data },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
-static ber_sequence SAFE_sequence[] = {
+static ber_sequence_t SAFE_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 1, 0,
* }
*
*/
-static ber_sequence KDC_REQ_BODY_sequence[] = {
+static ber_sequence_t KDC_REQ_BODY_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_KDCOptions },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
dissect_krb5_etype_sequence_of },
{ BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
dissect_krb5_HostAddresses },
-/* XXX [10] and [11] enc-authorization-data and additional-tickets should be added */
+/* XXX [10] enc-authorization-data should be added */
+ { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
+ dissect_krb5_sq_tickets },
{ 0, 0, 0, NULL }
};
static int
dissect_krb5_KDC_REQ_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
+ conversation_t *conversation;
+
+ /*
+ * UDP replies to KDC_REQs are sent from the server back to the client's
+ * source port, similar to the way TFTP works. Set up a conversation
+ * accordingly.
+ *
+ * Ref: Section 7.2.1 of
+ * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
+ */
+ if (pinfo->destport == UDP_PORT_KERBEROS && pinfo->ptype == PT_UDP) {
+ conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
+ pinfo->srcport, 0, NO_PORT_B);
+ if (conversation == NULL) {
+ conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
+ pinfo->srcport, 0, NO_PORT2);
+ conversation_set_dissector(conversation, kerberos_handle_udp);
+ }
+ }
offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, KDC_REQ_BODY_sequence, hf_krb_KDC_REQ_BODY, ett_krb_request);
* req-body[4] KDC-REQ-BODY
* }
*/
-static ber_sequence KDC_REQ_sequence[] = {
+static ber_sequence_t KDC_REQ_sequence[] = {
{ BER_CLASS_CON, 1, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 2, 0,
add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
- offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
#endif
return offset;
}
-static ber_sequence encrypted_authenticator_sequence[] = {
+static ber_sequence_t encrypted_authenticator_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_authenticator_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
static int
dissect_krb5_tkt_vno(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_tkt_vno, NULL);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_tkt_vno, NULL);
return offset;
}
add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
- offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
#endif
return offset;
}
-static ber_sequence encrypted_Ticket_sequence[] = {
+static ber_sequence_t encrypted_Ticket_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_Ticket_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
return offset;
}
-static ber_sequence Application_1_sequence[] = {
+static ber_sequence_t Application_1_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_tkt_vno },
{ BER_CLASS_CON, 1, 0,
-static const ber_choice Ticket_choice[] = {
+static const ber_choice_t Ticket_choice[] = {
{ 1, BER_CLASS_APP, 1, 0,
dissect_krb5_Application_1 },
{ 0, 0, 0, 0, NULL }
static int
dissect_krb5_Ticket(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_choice(pinfo, tree, tvb, offset, Ticket_choice, -1, -1);
+ offset=dissect_ber_choice(pinfo, tree, tvb, offset, Ticket_choice, -1, -1, NULL);
return offset;
}
* authenticator[4] EncryptedData
* }
*/
-static ber_sequence AP_REQ_sequence[] = {
+static ber_sequence_t AP_REQ_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 1, 0,
add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
- offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
#endif
return offset;
}
-static ber_sequence encrypted_AP_REP_sequence[] = {
+static ber_sequence_t encrypted_AP_REP_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_AP_REP_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
* enc-part[2] EncryptedData
* }
*/
-static ber_sequence AP_REP_sequence[] = {
+static ber_sequence_t AP_REP_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 1, 0,
static int
dissect_krb5_KDC_REP_etype(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
- offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
+ offset=dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(KDC_REP_etype, krb5_encryption_types,
add_new_data_source(pinfo, next_tvb, "Decrypted Krb5");
- offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1);
+ offset=dissect_ber_choice(pinfo, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
#endif
return offset;
}
-static ber_sequence encrypted_KDC_REP_sequence[] = {
+static ber_sequence_t encrypted_KDC_REP_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_KDC_REP_etype },
{ BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
* enc-part[6] EncryptedData
* }
*/
-static ber_sequence KDC_REP_sequence[] = {
+static ber_sequence_t KDC_REP_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 1, 0,
dissect_krb5_e_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
switch(krb5_errorcode){
+ case KRB5_ET_KRB5KDC_ERR_BADOPTION:
+ case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
+ case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
+ case KRB5_ET_KRB5KDC_ERR_POLICY:
+ /* ms windows kdc sends e-data of this type containing a "salt"
+ * that contains the nt_status code for these error codes.
+ */
+ offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, dissect_krb5_PA_DATA);
+ break;
case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
+ case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
+ case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset, hf_krb_e_data, dissect_krb5_padata);
break;
* authentication method and optionally containing data for
* the method:
*/
-static ber_sequence ERROR_sequence[] = {
+static ber_sequence_t ERROR_sequence[] = {
{ BER_CLASS_CON, 0, 0,
dissect_krb5_pvno },
{ BER_CLASS_CON, 1, 0,
dissect_krb5_e_checksum }, /* used by PacketCable */
{ 0, 0, 0, NULL }
};
-static int
+int
dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
{
offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, ERROR_sequence, -1, -1);
-static struct { char *set; char *unset; } bitval = { "Set", "Not set" };
+static struct { const char *set; const char *unset; } bitval = { "Set", "Not set" };
-static void dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
+static gint dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree);
static void dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree);
static gint dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *tree, int do_col_info,
+ proto_tree *tree, gboolean do_col_info,
+ gboolean do_col_protocol,
gboolean have_rm,
kerberos_callbacks *cb);
-static gint kerberos_rm_to_reclen(guint krb_rm);
static void dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree);
-static guint get_krb_pdu_len(tvbuff_t *tvb, int offset);
-
gint
dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
{
- return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, cb));
+ return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, FALSE, cb));
}
-static void
+guint32
+kerberos_output_keytype(void)
+{
+ return keytype;
+}
+
+static gint
dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- conversation_t *conversation;
-
- /*
- * UDP replies from the server are sent back to the client's source
- * port, similar to TFTP.
- */
- /* XXX This test may be too general */
- if (pinfo->destport == UDP_PORT_KERBEROS && pinfo->ptype == PT_UDP) {
- conversation = find_conversation(&pinfo->src, &pinfo->dst, PT_UDP,
- pinfo->srcport, 0, NO_PORT_B);
- if (conversation == NULL) {
- conversation = conversation_new(&pinfo->src, &pinfo->dst, PT_UDP,
- pinfo->srcport, 0, NO_PORT2);
- conversation_set_dissector(conversation, kerberos_handle_udp);
- }
+ /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
+ Since all (except weirdo transarc krb4 stuff) use
+ an opcode <=16 in the first byte, use this to see if it might
+ be krb4.
+ All krb5 commands start with an APPL tag and thus is >=0x60
+ so if first byte is <=16 just blindly assume it is krb4 then
+ */
+ if(tvb_bytes_exist(tvb, 0, 1) && tvb_get_guint8(tvb, 0)<=0x10){
+ if(krb4_handle){
+ gboolean res;
+
+ res=call_dissector_only(krb4_handle, tvb, pinfo, tree);
+ return res;
+ }else{
+ return 0;
+ }
}
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
- (void)dissect_kerberos_common(tvb, pinfo, tree, TRUE, FALSE, NULL);
+ return dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, FALSE, NULL);
}
-static gint
+gint
kerberos_rm_to_reclen(guint krb_rm)
{
return (krb_rm & KRB_RM_RECLEN);
}
-static guint
-get_krb_pdu_len(tvbuff_t *tvb, int offset)
+guint
+get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
{
guint krb_rm;
gint pdulen;
dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
pinfo->fragmented = TRUE;
- if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, NULL) < 0) {
+ if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, TRUE, NULL) < 0) {
/*
* The dissector failed to recognize this as a valid
* Kerberos message. Mark it as a continuation packet.
{
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_clear(pinfo->cinfo, COL_INFO);
tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
dissect_kerberos_tcp_pdu);
/*
* Display the TCP record mark.
*/
-static void
+void
show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
{
gint rec_len;
static gint
dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
- int dci, gboolean have_rm, kerberos_callbacks *cb)
+ gboolean dci, gboolean do_col_protocol, gboolean have_rm,
+ kerberos_callbacks *cb)
{
int offset = 0;
proto_tree *kerberos_tree = NULL;
pinfo->private_data=cb;
do_col_info=dci;
- if (tree) {
- item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
- kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
- }
-
if (have_rm) {
krb_rm = tvb_get_ntohl(tvb, offset);
krb_reclen = kerberos_rm_to_reclen(krb_rm);
pinfo->private_data=saved_private_data;
return (-1);
}
+ if (do_col_protocol) {
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+ }
+ if (tree) {
+ item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
+ kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
+ }
show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
offset += 4;
+ } else {
+ /* Do some sanity checking here,
+ * All krb5 packets start with a TAG class that is BER_CLASS_APP
+ * and a tag value that is either of the values below:
+ * If it doesnt look like kerberos, return 0 and let someone else have
+ * a go at it.
+ */
+ gint8 tmp_class;
+ gboolean tmp_pc;
+ gint32 tmp_tag;
+
+ get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
+ if(tmp_class!=BER_CLASS_APP){
+ return 0;
+ }
+ switch(tmp_tag){
+ case KRB5_MSG_TICKET:
+ case KRB5_MSG_AUTHENTICATOR:
+ case KRB5_MSG_ENC_TICKET_PART:
+ case KRB5_MSG_AS_REQ:
+ case KRB5_MSG_AS_REP:
+ case KRB5_MSG_TGS_REQ:
+ case KRB5_MSG_TGS_REP:
+ case KRB5_MSG_AP_REQ:
+ case KRB5_MSG_AP_REP:
+ case KRB5_MSG_ENC_AS_REP_PART:
+ case KRB5_MSG_ENC_TGS_REP_PART:
+ case KRB5_MSG_ENC_AP_REP_PART:
+ case KRB5_MSG_ENC_KRB_PRIV_PART:
+ case KRB5_MSG_ENC_KRB_CRED_PART:
+ case KRB5_MSG_SAFE:
+ case KRB5_MSG_PRIV:
+ case KRB5_MSG_ERROR:
+ break;
+ default:
+ return 0;
+ }
+ if (do_col_protocol) {
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+ }
+ if (do_col_info) {
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_clear(pinfo->cinfo, COL_INFO);
+ }
+ if (tree) {
+ item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
+ kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
+ }
}
- offset=dissect_ber_choice(pinfo, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1);
+ TRY {
+ offset=dissect_ber_choice(pinfo, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
+ } CATCH_ALL {
+ pinfo->private_data=saved_private_data;
+ RETHROW;
+ } ENDTRY;
proto_item_set_len(item, offset);
pinfo->private_data=saved_private_data;
return offset;
}
+static void
+kerberos_prefs_apply_cb(void) {
+#ifdef HAVE_LIBNETTLE
+ clear_keytab();
+ read_keytab_file(keytab_filename);
+#endif
+}
void
proto_register_kerberos(void)
{ &hf_krb_realm, {
"Realm", "kerberos.realm", FT_STRING, BASE_NONE,
NULL, 0, "Name of the Kerberos Realm", HFILL }},
+ { &hf_krb_srealm, {
+ "SRealm", "kerberos.srealm", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the Kerberos SRealm", HFILL }},
+ { &hf_krb_prealm, {
+ "Delegated Principal Realm", "kerberos.prealm", FT_STRING, BASE_NONE,
+ NULL, 0, "Name of the Kerberos PRealm", HFILL }},
{ &hf_krb_crealm, {
"Client Realm", "kerberos.crealm", FT_STRING, BASE_NONE,
NULL, 0, "Name of the Clients Kerberos Realm", HFILL }},
{ &hf_krb_PRIV_BODY, {
"PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE,
NULL, 0, "Kerberos PRIVate BODY", HFILL }},
+ { &hf_krb_CRED_BODY, {
+ "CRED_BODY", "kerberos.cred_body", FT_NONE, BASE_NONE,
+ NULL, 0, "Kerberos CREDential BODY", HFILL }},
{ &hf_krb_encrypted_PRIV, {
"Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE,
NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
{ &hf_krb_KDCOptions_renewable, {
"Renewable", "kerberos.kdcoptions.renewable", FT_BOOLEAN, 32,
TFS(&krb5_kdcoptions_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
+ { &hf_krb_KDCOptions_constrained_delegation, {
+ "Constrained Delegation", "kerberos.kdcoptions.constrained_delegation", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_constrained_delegation), 0x00020000, "Do we want a PAC containing constrained delegation info or not", HFILL }},
{ &hf_krb_KDCOptions_canonicalize, {
"Canonicalize", "kerberos.kdcoptions.canonicalize", FT_BOOLEAN, 32,
TFS(&krb5_kdcoptions_canonicalize), 0x00010000, "Do we want the KDC to canonicalize the principal or not", HFILL }},
{ &hf_krb_encrypted_authenticator_data, {
"Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_HEX,
NULL, 0, "Data content of an encrypted authenticator", HFILL }},
+ { &hf_krb_encrypted_EncKrbCredPart, {
+ "enc EncKrbCredPart", "kerberos.EncKrbCredPart.encrypted", FT_BYTES, BASE_HEX,
+ NULL, 0, "Encrypted EncKrbCredPart blob", HFILL }},
{ &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
"enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_HEX,
NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
{ &hf_krb_PAC_CLIENT_INFO_TYPE, {
"PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_HEX,
NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
+ { &hf_krb_PAC_CONSTRAINED_DELEGATION, {
+ "PAC_CONSTRAINED_DELEGATION", "kerberos.PAC_CONSTRAINED_DELEGATION", FT_BYTES, BASE_HEX,
+ NULL, 0, "PAC_CONSTRAINED_DELEGATION structure", HFILL }},
{ &hf_krb_checksum_checksum, {
"checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_HEX,
NULL, 0, "Kerberos Checksum", HFILL }},
{ &hf_krb_etype_info_salt, {
"Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX,
NULL, 0, "Salt", HFILL }},
+ { &hf_krb_etype_info2_salt, {
+ "Salt", "kerberos.etype_info2.salt", FT_BYTES, BASE_HEX,
+ NULL, 0, "Salt", HFILL }},
+ { &hf_krb_etype_info2_s2kparams, {
+ "Salt", "kerberos.etype_info.s2kparams", FT_BYTES, BASE_HEX,
+ NULL, 0, "S2kparams", HFILL }},
{ &hf_krb_SAFE_BODY_user_data, {
"User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX,
NULL, 0, "SAFE BODY userdata field", HFILL }},
+ { &hf_krb_PRIV_BODY_user_data, {
+ "User Data", "kerberos.PRIV_BODY.user_data", FT_BYTES, BASE_HEX,
+ NULL, 0, "PRIV BODY userdata field", HFILL }},
{ &hf_krb_pac_signature_signature, {
"Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_HEX,
NULL, 0, "A PAC signature blob", HFILL }},
{ &hf_krb_tkt_vno, {
"Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
NULL, 0, "Version number for the Ticket format", HFILL }},
+ { &hf_krb_KrbCredInfo, {
+ "KrbCredInfo", "kerberos.KrbCredInfo", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a Kerberos KrbCredInfo", HFILL }},
{ &hf_krb_HostAddress, {
"HostAddress", "kerberos.hostaddress", FT_NONE, BASE_DEC,
NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
{ &hf_krb_s_address, {
"S-Address", "kerberos.s_address", FT_NONE, BASE_DEC,
NULL, 0, "This is the Senders address", HFILL }},
+ { &hf_krb_r_address, {
+ "R-Address", "kerberos.r_address", FT_NONE, BASE_DEC,
+ NULL, 0, "This is the Recipient address", HFILL }},
{ &hf_krb_key, {
"key", "kerberos.key", FT_NONE, BASE_DEC,
NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
{ &hf_krb_EncAPRepPart, {
"EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_DEC,
NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
+ { &hf_krb_EncKrbPrivPart, {
+ "EncKrbPrivPart", "kerberos.EncKrbPrivPart", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a decrypted Kerberos EncKrbPrivPart sequence", HFILL }},
+ { &hf_krb_EncKrbCredPart, {
+ "EncKrbCredPart", "kerberos.EncKrbCredPart", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a decrypted Kerberos EncKrbCredPart sequence", HFILL }},
{ &hf_krb_EncKDCRepPart, {
"EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_DEC,
NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
{ &hf_krb_etypes, {
"Encryption Types", "kerberos.etypes", FT_NONE, BASE_DEC,
NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
+ { &hf_krb_KrbCredInfos, {
+ "Sequence of KrbCredInfo", "kerberos.KrbCredInfos", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a list of KrbCredInfo", HFILL }},
+ { &hf_krb_sq_tickets, {
+ "Tickets", "kerberos.sq.tickets", FT_NONE, BASE_DEC,
+ NULL, 0, "This is a list of Kerberos Tickets", HFILL }},
{ &hf_krb_LastReqs, {
"LastReqs", "kerberos.LastReqs", FT_NONE, BASE_DEC,
NULL, 0, "This is a list of LastReq structures", HFILL }},
{ &hf_krb_sname, {
"Server Name", "kerberos.sname", FT_NONE, BASE_DEC,
NULL, 0, "This is the name part server's identity", HFILL }},
+ { &hf_krb_pname, {
+ "Delegated Principal Name", "kerberos.pname", FT_NONE, BASE_DEC,
+ NULL, 0, "Identity of the delegated principal", HFILL }},
{ &hf_krb_cname, {
"Client Name", "kerberos.cname", FT_NONE, BASE_DEC,
NULL, 0, "The name part of the client principal identifier", HFILL }},
{ &hf_krb_authenticator_enc, {
"Authenticator", "kerberos.authenticator", FT_NONE, BASE_DEC,
NULL, 0, "Encrypted authenticator blob", HFILL }},
+ { &hf_krb_CRED_enc, {
+ "EncKrbCredPart", "kerberos.encrypted_cred", FT_NONE, BASE_DEC,
+ NULL, 0, "Encrypted Cred blob", HFILL }},
{ &hf_krb_ticket_enc, {
"enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_DEC,
NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
{ &hf_krb_e_checksum, {
"e-checksum", "kerberos.e_checksum", FT_NONE, BASE_DEC,
NULL, 0, "This is a Kerberos e-checksum", HFILL }},
+ { &hf_krb_gssapi_len, {
+ "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
+ NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
+ { &hf_krb_gssapi_bnd, {
+ "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_HEX,
+ NULL, 0, "GSSAPI Bnd field", HFILL }},
+ { &hf_krb_gssapi_c_flag_deleg, {
+ "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, "", HFILL }},
+ { &hf_krb_gssapi_c_flag_mutual, {
+ "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, "", HFILL }},
+ { &hf_krb_gssapi_c_flag_replay, {
+ "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, "", HFILL }},
+ { &hf_krb_gssapi_c_flag_sequence, {
+ "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, "", HFILL }},
+ { &hf_krb_gssapi_c_flag_conf, {
+ "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, "", HFILL }},
+ { &hf_krb_gssapi_c_flag_integ, {
+ "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, "", HFILL }},
+ { &hf_krb_gssapi_c_flag_dce_style, {
+ "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
+ TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, "", HFILL }},
+ { &hf_krb_gssapi_dlgopt, {
+ "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
+ NULL, 0, "GSSAPI DlgOpt", HFILL }},
+ { &hf_krb_gssapi_dlglen, {
+ "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
+ NULL, 0, "GSSAPI DlgLen", HFILL }},
+ { &hf_krb_smb_nt_status,
+ { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
+ VALS(NT_errors), 0, "NT Status code", HFILL }},
+ { &hf_krb_smb_unknown,
+ { "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
+ NULL, 0, "unknown", HFILL }},
+
};
static gint *ett[] = {
&ett_krb_kerberos,
&ett_krb_KDC_REP_enc,
&ett_krb_sname,
+ &ett_krb_pname,
&ett_krb_cname,
&ett_krb_AP_REP_enc,
&ett_krb_padata,
&ett_krb_etypes,
+ &ett_krb_KrbCredInfos,
+ &ett_krb_sq_tickets,
&ett_krb_LastReqs,
&ett_krb_IF_RELEVANT,
&ett_krb_PA_DATA_tree,
&ett_krb_s_address,
+ &ett_krb_r_address,
+ &ett_krb_KrbCredInfo,
&ett_krb_HostAddress,
&ett_krb_HostAddresses,
&ett_krb_authenticator_enc,
+ &ett_krb_CRED_enc,
&ett_krb_AP_Options,
&ett_krb_KDC_Options,
&ett_krb_Ticket_Flags,
&ett_krb_recordmark,
&ett_krb_ticket,
&ett_krb_ticket_enc,
+ &ett_krb_CRED,
&ett_krb_PRIV,
&ett_krb_PRIV_enc,
&ett_krb_EncTicketPart,
&ett_krb_EncAPRepPart,
+ &ett_krb_EncKrbPrivPart,
+ &ett_krb_EncKrbCredPart,
&ett_krb_EncKDCRepPart,
&ett_krb_LastReq,
&ett_krb_Authenticator,
&ett_krb_PAC_SERVER_CHECKSUM,
&ett_krb_PAC_PRIVSVR_CHECKSUM,
&ett_krb_PAC_CLIENT_INFO_TYPE,
+ &ett_krb_PAC_CONSTRAINED_DELEGATION,
&ett_krb_e_checksum,
};
module_t *krb_module;
proto_register_subtree_array(ett, array_length(ett));
/* Register preferences */
- krb_module = prefs_register_protocol(proto_kerberos, NULL);
+ krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
prefs_register_bool_preference(krb_module, "desegment",
"Reassemble Kerberos over TCP messages spanning multiple TCP segments",
"Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
"The keytab file containing all the secrets",
&keytab_filename);
#endif
+
}
static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
auth_tvb = tvb_new_subset(
tvb, offset, tvb_length_remaining(tvb, offset),
- tvb_length_remaining(tvb, offset));
+ tvb_reported_length_remaining(tvb, offset));
dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
NULL, /* AUTH3 */
wrap_dissect_gssapi_verf, /* Request verifier */
wrap_dissect_gssapi_verf, /* Response verifier */
- NULL, /* Request data */
- NULL /* Response data */
+ wrap_dissect_gssapi_payload, /* Request data */
+ wrap_dissect_gssapi_payload /* Response data */
};
{
dissector_handle_t kerberos_handle_tcp;
- kerberos_handle_udp = create_dissector_handle(dissect_kerberos_udp,
+ krb4_handle = find_dissector("krb4");
+
+ kerberos_handle_udp = new_create_dissector_handle(dissect_kerberos_udp,
proto_kerberos);
kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp,
proto_kerberos);
dissector_add("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
dissector_add("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
+ DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
+ &gss_kerb_auth_fns);
+
register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
&gss_kerb_auth_fns);
}
*/
-