#include <epan/conversation.h>
#include <epan/emem.h>
#include <epan/asn1.h>
+#include <epan/expert.h>
#include <epan/dissectors/packet-kerberos.h>
#include <epan/dissectors/packet-netbios.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/dissectors/packet-dcerpc.h>
#include <epan/dissectors/packet-gssapi.h>
+#include <epan/dissectors/packet-smb-common.h>
#include <wsutil/file_util.h>
static gint hf_krb_pac_clientid = -1;
static gint hf_krb_pac_namelen = -1;
static gint hf_krb_pac_clientname = -1;
+static gint hf_krb_pac_upn_flags = -1;
+static gint hf_krb_pac_upn_upn_name = -1;
+static gint hf_krb_pac_upn_dns_name = -1;
+static gint hf_krb_pac_upn_dns_offset = -1;
+static gint hf_krb_pac_upn_dns_len = -1;
+static gint hf_krb_pac_upn_upn_offset = -1;
+static gint hf_krb_pac_upn_upn_len = -1;
static gint hf_krb_w2k_pac_entries = -1;
static gint hf_krb_w2k_pac_version = -1;
static gint hf_krb_w2k_pac_type = -1;
static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
static gint hf_krb_PAC_CONSTRAINED_DELEGATION = -1;
+static gint hf_krb_PAC_UPN_DNS_INFO = -1;
static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
static gint hf_krb_encrypted_enc_authorization_data = -1;
static gint hf_krb_encrypted_EncKrbCredPart = -1;
static gint hf_krb_IF_RELEVANT = -1;
static gint hf_krb_addr_type = -1;
static gint hf_krb_address_ip = -1;
+static gint hf_krb_address_ipv6 = -1;
static gint hf_krb_address_netbios = -1;
static gint hf_krb_msg_type = -1;
static gint hf_krb_pvno = -1;
static gint hf_krb_TicketFlags = -1;
static gint hf_krb_TicketFlags_forwardable = -1;
static gint hf_krb_TicketFlags_forwarded = -1;
-static gint hf_krb_TicketFlags_proxyable = -1;
+static gint hf_krb_TicketFlags_proxiable = -1;
static gint hf_krb_TicketFlags_proxy = -1;
static gint hf_krb_TicketFlags_allow_postdate = -1;
static gint hf_krb_TicketFlags_postdated = -1;
static gint hf_krb_KDCOptions = -1;
static gint hf_krb_KDCOptions_forwardable = -1;
static gint hf_krb_KDCOptions_forwarded = -1;
-static gint hf_krb_KDCOptions_proxyable = -1;
+static gint hf_krb_KDCOptions_proxiable = -1;
static gint hf_krb_KDCOptions_proxy = -1;
static gint hf_krb_KDCOptions_allow_postdate = -1;
static gint hf_krb_KDCOptions_postdated = -1;
static gint ett_krb_e_checksum = -1;
static gint ett_krb_PAC_MIDL_BLOB = -1;
static gint ett_krb_PAC_DREP = -1;
+static gint ett_krb_PAC_UPN_DNS_INFO = -1;
guint32 krb5_errorcode;
static dissector_handle_t krb4_handle=NULL;
-static gboolean do_col_info;
+static gboolean gbl_do_col_info;
static void
#ifdef HAVE_KERBEROS
/* Decrypt Kerberos blobs */
-static gboolean krb_decrypt = FALSE;
+gboolean krb_decrypt = FALSE;
/* keytab filename */
static const char *keytab_filename = "insert filename here";
+void read_keytab_file(const char *);
+
+void
+read_keytab_file_from_preferences(void)
+{
+ static char *last_keytab = NULL;
+
+ if (!krb_decrypt) {
+ return;
+ }
+
+ if (keytab_filename == NULL) {
+ return;
+ }
+
+ if (last_keytab && !strcmp(last_keytab, keytab_filename)) {
+ return;
+ }
+
+ if (last_keytab != NULL) {
+ g_free(last_keytab);
+ last_keytab = NULL;
+ }
+ last_keytab = g_strdup(keytab_filename);
+
+ read_keytab_file(last_keytab);
+}
+
+#elif defined(_WIN32)
+
+/* Dummy version to allow us to put this function in libwireshark.def--even
+ * on systems without KERBEROS.
+ */
+void
+read_keytab_file_from_preferences(void)
+{
+}
+
#endif
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
if(pinfo->fd->flags.visited){
return;
}
-printf("added key in %u\n",pinfo->fd->num);
+printf("added key in %u keytype:%d len:%d\n",pinfo->fd->num, keytype, keylength);
new_key=g_malloc(sizeof(enc_key_t));
g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u",origin,pinfo->fd->num);
}
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
+#if defined(_WIN32) && !defined(HAVE_HEIMDAL_KERBEROS) && !defined(HAVE_MIT_KERBEROS) && !defined(HAVE_LIBNETTLE)
+void
+read_keytab_file(const char *filename _U_)
+{
+}
+#endif
#ifdef HAVE_MIT_KERBEROS
-static void
-read_keytab_file(const char *filename, krb5_context *context)
+static krb5_context krb5_ctx;
+
+void
+read_keytab_file(const char *filename)
{
krb5_keytab keytab;
- krb5_keytab_entry key;
krb5_error_code ret;
+ krb5_keytab_entry key;
krb5_kt_cursor cursor;
enc_key_t *new_key;
+ static gboolean first_time=TRUE;
+
+ printf("read keytab file %s\n", filename);
+ if(first_time){
+ first_time=FALSE;
+ ret = krb5_init_context(&krb5_ctx);
+ if(ret && ret != KRB5_CONFIG_CANTOPEN){
+ return;
+ }
+ }
/* should use a file in the wireshark users dir */
- ret = krb5_kt_resolve(*context, filename, &keytab);
+ ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
if(ret){
fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
return;
}
- ret = krb5_kt_start_seq_get(*context, keytab, &cursor);
+ ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
if(ret){
fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
return;
do{
new_key=g_malloc(sizeof(enc_key_t));
new_key->next=enc_key_list;
- ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
+ ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
if(ret==0){
int i;
char *pos;
}
}while(ret==0);
- ret = krb5_kt_end_seq_get(*context, keytab, &cursor);
+ ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
if(ret){
- krb5_kt_close(*context, keytab);
+ krb5_kt_close(krb5_ctx, keytab);
}
}
guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
- int length,
- const guint8 *cryptotext,
- int keytype)
+ tvbuff_t *cryptotvb,
+ int keytype,
+ int *datalen)
{
- static int first_time=1;
- static krb5_context context;
krb5_error_code ret;
enc_key_t *ek;
- static krb5_data data = {0,0,NULL};
+ krb5_data data = {0,0,NULL};
krb5_keytab_entry key;
+ int length = tvb_length(cryptotvb);
+ const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
- /* dont do anything if we are not attempting to decrypt data */
- if(!krb_decrypt){
+ /* don't do anything if we are not attempting to decrypt data */
+ if(!krb_decrypt || length < 1){
return NULL;
}
- /* XXX we should only do this for first time, then store somewhere */
- /* XXX We also need to re-read the keytab when the preference changes */
-
- /* should this have a destroy context ? MIT people would know */
- if(first_time){
- first_time=0;
- ret = krb5_init_context(&context);
- if(ret){
- return NULL;
- }
- read_keytab_file(keytab_filename, &context);
+ /* make sure we have all the data we need */
+ if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
+ return NULL;
}
+ read_keytab_file_from_preferences();
+ data.data = g_malloc(length);
+ data.length = length;
+
for(ek=enc_key_list;ek;ek=ek->next){
krb5_enc_data input;
/* shortcircuit and bail out if enctypes are not matching */
- if(ek->keytype!=keytype){
+ if((keytype != -1) && (ek->keytype != keytype)) {
continue;
}
input.ciphertext.length = length;
input.ciphertext.data = (guint8 *)cryptotext;
- data.length = length;
- if(data.data){
- g_free(data.data);
- }
- data.data = g_malloc(length);
-
key.key.enctype=ek->keytype;
key.key.length=ek->keylength;
key.key.contents=ek->keyvalue;
- ret = krb5_c_decrypt(context, &(key.key), usage, 0, &input, &data);
- if((ret == 0) && (length>0)){
+ ret = krb5_c_decrypt(krb5_ctx, &(key.key), usage, 0, &input, &data);
+ if(ret == 0){
char *user_data;
+
+ expert_add_info_format(pinfo, NULL, PI_SECURITY, PI_CHAT,
+ "Decrypted keytype %d in frame %u using %s",
+ ek->keytype, pinfo->fd->num, ek->key_origin);
-printf("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
/* return a private g_malloced blob to the caller */
- user_data=g_malloc(data.length);
- memcpy(user_data, data.data, data.length);
+ user_data=data.data;
+ if (datalen) {
+ *datalen = data.length;
+ }
return user_data;
}
}
+ g_free(data.data);
return NULL;
}
#elif defined(HAVE_HEIMDAL_KERBEROS)
-static void
-read_keytab_file(const char *filename, krb5_context *context)
+static krb5_context krb5_ctx;
+
+void
+read_keytab_file(const char *filename)
{
krb5_keytab keytab;
- krb5_keytab_entry key;
krb5_error_code ret;
+ krb5_keytab_entry key;
krb5_kt_cursor cursor;
enc_key_t *new_key;
+ static gboolean first_time=TRUE;
+
+ if(first_time){
+ first_time=FALSE;
+ ret = krb5_init_context(&krb5_ctx);
+ if(ret){
+ return;
+ }
+ }
/* should use a file in the wireshark users dir */
- ret = krb5_kt_resolve(*context, filename, &keytab);
+ ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
if(ret){
fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
return;
}
- ret = krb5_kt_start_seq_get(*context, keytab, &cursor);
+ ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
if(ret){
fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
return;
do{
new_key=g_malloc(sizeof(enc_key_t));
new_key->next=enc_key_list;
- ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
+ ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
if(ret==0){
unsigned int i;
char *pos;
}
}while(ret==0);
- ret = krb5_kt_end_seq_get(*context, keytab, &cursor);
+ ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
if(ret){
- krb5_kt_close(*context, keytab);
+ krb5_kt_close(krb5_ctx, keytab);
}
}
guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
- int length,
- const guint8 *cryptotext,
- int keytype)
+ tvbuff_t *cryptotvb,
+ int keytype,
+ int *datalen)
{
- static int first_time=1;
- static krb5_context context;
krb5_error_code ret;
krb5_data data;
enc_key_t *ek;
+ int length = tvb_length(cryptotvb);
+ const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
- /* dont do anything if we are not attempting to decrypt data */
+ /* don't do anything if we are not attempting to decrypt data */
if(!krb_decrypt){
return NULL;
}
- /* XXX we should only do this for first time, then store somewhere */
- /* XXX We also need to re-read the keytab when the preference changes */
-
- /* should this have a destroy context ? Heimdal people would know */
- if(first_time){
- first_time=0;
- ret = krb5_init_context(&context);
- if(ret){
- return NULL;
- }
- read_keytab_file(keytab_filename, &context);
+ /* make sure we have all the data we need */
+ if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
+ return NULL;
}
+ read_keytab_file_from_preferences();
+
for(ek=enc_key_list;ek;ek=ek->next){
krb5_keytab_entry key;
krb5_crypto crypto;
guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
/* shortcircuit and bail out if enctypes are not matching */
- if(ek->keytype!=keytype){
+ if((keytype != -1) && (ek->keytype != keytype)) {
continue;
}
key.keyblock.keytype=ek->keytype;
key.keyblock.keyvalue.length=ek->keylength;
key.keyblock.keyvalue.data=ek->keyvalue;
- ret = krb5_crypto_init(context, &(key.keyblock), 0, &crypto);
+ ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), 0, &crypto);
if(ret){
return NULL;
}
keys. So just give it a copy of the crypto data instead.
This has been seen for RC4-HMAC blobs.
*/
- cryptocopy=g_malloc(length);
- memcpy(cryptocopy, cryptotext, length);
- ret = krb5_decrypt_ivec(context, crypto, usage,
+ cryptocopy=g_memdup(cryptotext, length);
+ ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage,
cryptocopy, length,
&data,
NULL);
if((ret == 0) && (length>0)){
char *user_data;
-printf("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
+printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num);
proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
- krb5_crypto_destroy(context, crypto);
+ krb5_crypto_destroy(krb5_ctx, crypto);
/* return a private g_malloced blob to the caller */
- user_data=g_malloc(data.length);
- memcpy(user_data, data.data, data.length);
+ user_data=g_memdup(data.data, data.length);
+ if (datalen) {
+ *datalen = data.length;
+ }
return user_data;
}
- krb5_crypto_destroy(context, crypto);
+ krb5_crypto_destroy(krb5_ctx, crypto);
}
return NULL;
}
new_key->kvno = 0;
new_key->keytype = keytype;
new_key->length = keylength;
- new_key->contents = g_malloc(keylength);
- memcpy(new_key->contents, keyvalue, keylength);
+ new_key->contents = g_memdup(keyvalue, keylength);
g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->fd->num);
service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
}
for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
sk = (service_key_t *) ske->data;
- if (sk && sk->contents) g_free(sk->contents);
- if (sk) g_free(sk);
+ if (sk) {
+ g_free(sk->contents);
+ g_free(sk);
+ }
}
g_slist_free(service_key_list);
service_key_list = NULL;
sk->kvno = buf[0] << 8 | buf[1];
sk->keytype = KEYTYPE_DES3_CBC_MD5;
sk->length = DES3_KEY_SIZE;
- sk->contents = g_malloc(DES3_KEY_SIZE);
- memcpy(sk->contents, buf + 2, DES3_KEY_SIZE);
+ sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
service_key_list = g_slist_append(service_key_list, (gpointer) sk);
fseek(skf, newline_skip, SEEK_CUR);
guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int _U_ usage,
- int length,
- const guint8 *cryptotext,
- int keytype)
+ tvbuff_t *cryptotvb,
+ int keytype,
+ int *datalen)
{
tvbuff_t *encr_tvb;
guint8 *decrypted_data = NULL, *plaintext = NULL;
GSList *ske;
service_key_t *sk;
struct des3_ctx ctx;
+ int length = tvb_length(cryptotvb);
+ const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
- /* dont do anything if we are not attempting to decrypt data */
+ /* don't do anything if we are not attempting to decrypt data */
if(!krb_decrypt){
return NULL;
}
+ /* make sure we have all the data we need */
+ if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
+ return NULL;
+ }
+
if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
return NULL;
}
tvb_memcpy(encr_tvb, plaintext, CONFOUNDER_PLUS_CHECKSUM, data_len);
tvb_free(encr_tvb);
+ if (datalen) {
+ *datalen = data_len;
+ }
g_free(decrypted_data);
return(plaintext);
}
#endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
-
+#define INET6_ADDRLEN 16
/* TCP Record Mark */
#define KRB_RM_RESERVED 0x80000000L
#define KRB5_CHKSUM_KRB_DES_MAC_K 5
#define KRB5_CHKSUM_MD5 7
#define KRB5_CHKSUM_MD5_DES 8
-/* the following four comes from packetcable */
+/* the following four come from packetcable */
#define KRB5_CHKSUM_MD5_DES3 9
#define KRB5_CHKSUM_HMAC_SHA1_DES3_KD 12
#define KRB5_CHKSUM_HMAC_SHA1_DES3 13
#define KRB5_TD_REQ_NONCE 107
#define KRB5_TD_REQ_SEQ 108
/* preauthentication types >127 (i.e. negative ones) are app specific.
- hopefully there will be no collissions here or we will have to
- come up with something better
+ Hopefully there will be no collisions here or we will have to
+ come up with something better.
+ XXX: Although KRB5_PA_PAC_REQUEST is " >127 " and thus presumably
+ would be encoded as a negative number, various captures seen all
+ have this pa-data-type encoded as a positive number (0x0080).
+ We'll assume that KRB5_PA_S4U2SELF is also encoded as a positive number.
*/
-#define KRB5_PA_PAC_REQUEST 128 /* MS extension */
-#define KRB5_PA_S4U2SELF 129 /* Impersonation (Microsoft extension) */
-#define KRB5_PA_PROV_SRV_LOCATION 255 /* packetcable stuff */
+#define KRB5_PA_PAC_REQUEST 128 /* (Microsoft extension) */
+#define KRB5_PA_S4U2SELF 129 /* Impersonation (Microsoft extension) */
+
+#define KRB5_PA_PROV_SRV_LOCATION 0xffffffff /* (gint32)0xFF) packetcable stuff */
/* Principal name-type */
#define KRB5_NT_UNKNOWN 0
#define PAC_PRIVSVR_CHECKSUM 7
#define PAC_CLIENT_INFO_TYPE 10
#define PAC_CONSTRAINED_DELEGATION 11
+#define PAC_UPN_DNS_INFO 12
static const value_string w2k_pac_types[] = {
{ PAC_LOGON_INFO , "Logon Info" },
{ PAC_CREDENTIAL_TYPE , "Credential Type" },
{ PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
{ PAC_CLIENT_INFO_TYPE , "Client Info Type" },
{ PAC_CONSTRAINED_DELEGATION, "Constrained Delegation" },
+ { PAC_UPN_DNS_INFO , "UPN DNS Info" },
{ 0, NULL },
};
"This ticket has been FORWARDED",
"This is NOT a forwarded ticket"
};
-static const true_false_string krb5_kdcoptions_proxyable = {
+static const true_false_string krb5_kdcoptions_proxiable = {
"PROXIABLE tickets are allowed/requested",
"Do NOT use proxiable tickets"
};
static int* KDCOptions_bits[] = {
&hf_krb_KDCOptions_forwardable,
&hf_krb_KDCOptions_forwarded,
- &hf_krb_KDCOptions_proxyable,
+ &hf_krb_KDCOptions_proxiable,
&hf_krb_KDCOptions_proxy,
&hf_krb_KDCOptions_allow_postdate,
&hf_krb_KDCOptions_postdated,
offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_addr_type, &addr_type);
return offset;
}
+
+#define ADDRESS_STR_BUFSIZ 256
static int dissect_krb5_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
gint8 class;
offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
- address_str=ep_alloc(256);
- address_str[0]=0;
- address_str[255]=0;
+ address_str=ep_alloc(ADDRESS_STR_BUFSIZ);
+ address_str[0]='\0';
switch(addr_type){
case KRB5_ADDR_IPv4:
it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, FALSE);
- g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
+ g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
break;
case KRB5_ADDR_NETBIOS:
{
int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
- g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
+ g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
}
break;
+ case KRB5_ADDR_IPv6:
+ it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, FALSE);
+ g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
+ break;
default:
- proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
+ proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I don't know how to parse this type of address yet");
}
offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_msg_type, &msgtype);
- if (do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) {
+ if (gbl_do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) {
col_add_str(actx->pinfo->cinfo, COL_INFO,
val_to_str(msgtype, krb5_msg_types,
"Unknown msg type %#x"));
}
- do_col_info=FALSE;
+ gbl_do_col_info=FALSE;
/* append the application type to the subtree */
proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
* == 1
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, PA_ENC_TIMESTAMP_etype, NULL);
}
if(plaintext){
tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ next_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
* guint32 unknown
* guint32 unknown
* decode everything as this blob for now until we see if anyone
- * else ever uses it or we learn how to tell wether this
+ * else ever uses it or we learn how to tell whether this
* is such an MS blob or not.
*/
proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
dissect_krb5_PA_DATA_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
- krb_PA_DATA_type&=0xff; /*this is really just one single byte */
if(tree){
proto_item_append_text(tree, " %s",
"This ticket has been FORWARDED",
"This is NOT a forwarded ticket"
};
-static const true_false_string krb5_ticketflags_proxyable = {
+static const true_false_string krb5_ticketflags_proxiable = {
"PROXIABLE tickets are allowed/requested",
"Do NOT use proxiable tickets"
};
static int* TicketFlags_bits[] = {
&hf_krb_TicketFlags_forwardable,
&hf_krb_TicketFlags_forwarded,
- &hf_krb_TicketFlags_proxyable,
+ &hf_krb_TicketFlags_proxiable,
&hf_krb_TicketFlags_proxy,
&hf_krb_TicketFlags_allow_postdate,
&hf_krb_TicketFlags_postdated,
proto_item *item=NULL;
proto_tree *tree=NULL;
guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
- dcerpc_info di; /* fake dcerpc_info struct */
+ static dcerpc_info di; /* fake dcerpc_info struct */
+ static dcerpc_call_value call_data;
void *old_private_data;
item=proto_tree_add_item(parent_tree, hf_krb_PAC_LOGON_INFO, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
/* the PAC_LOGON_INFO blob */
/* fake whatever state the dcerpc runtime support needs */
di.conformant_run=0;
- di.call_data=NULL;
+ /* we need di->call_data->flags.NDR64 == 0 */
+ di.call_data=&call_data;
old_private_data=actx->pinfo->private_data;
actx->pinfo->private_data=&di;
init_ndr_pointer_list(actx->pinfo);
proto_item *item=NULL;
proto_tree *tree=NULL;
guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
- dcerpc_info di; /* fake dcerpc_info struct */
+ static dcerpc_info di; /* fake dcerpc_info struct */
+ static dcerpc_call_value call_data;
void *old_private_data;
item=proto_tree_add_item(parent_tree, hf_krb_PAC_CONSTRAINED_DELEGATION, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
/* the PAC_CONSTRAINED_DELEGATION blob */
/* fake whatever state the dcerpc runtime support needs */
di.conformant_run=0;
- di.call_data=NULL;
+ /* we need di->call_data->flags.NDR64 == 0 */
+ di.call_data=&call_data;
old_private_data=actx->pinfo->private_data;
actx->pinfo->private_data=&di;
init_ndr_pointer_list(actx->pinfo);
return offset;
}
+static int
+dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ guint16 dns_offset, dns_len;
+ guint16 upn_offset, upn_len;
+ const char *dn;
+ int dn_len;
+ guint16 bc;
+
+ item=proto_tree_add_item(parent_tree, hf_krb_PAC_UPN_DNS_INFO, tvb, offset, tvb_length_remaining(tvb, offset), FALSE);
+ if(parent_tree){
+ tree=proto_item_add_subtree(item, ett_krb_PAC_UPN_DNS_INFO);
+ }
+
+ /* upn */
+ upn_len = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, TRUE);
+ offset+=2;
+ upn_offset = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, TRUE);
+ offset+=2;
+
+ /* dns */
+ dns_len = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, TRUE);
+ offset+=2;
+ dns_offset = tvb_get_letohs(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, TRUE);
+ offset+=2;
+
+ /* flags */
+ proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, TRUE);
+
+ /* upn */
+ offset = upn_offset;
+ dn_len = upn_len;
+ bc = tvb_length_remaining(tvb, offset);
+ dn = get_unicode_or_ascii_string(tvb, &offset,
+ TRUE, &dn_len, TRUE, TRUE, &bc);
+ proto_tree_add_string(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, dn);
+
+ /* dns */
+ offset = dns_offset;
+ dn_len = dns_len;
+ bc = tvb_length_remaining(tvb, offset);
+ dn = get_unicode_or_ascii_string(tvb, &offset,
+ TRUE, &dn_len, TRUE, TRUE, &bc);
+ proto_tree_add_string(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, dn);
+
+ return offset;
+}
+
static int
dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
case PAC_CONSTRAINED_DELEGATION:
dissect_krb5_PAC_CONSTRAINED_DELEGATION(tr, next_tvb, 0, actx);
break;
+ case PAC_UPN_DNS_INFO:
+ dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
+ break;
+
default:;
/*qqq*/
}
#define KRB5_GSS_C_INTEG_FLAG 0x20
#define KRB5_GSS_C_DCE_STYLE 0x1000
static const true_false_string tfs_gss_flags_deleg = {
- "Delegate credantials to remote peer",
+ "Delegate credentials to remote peer",
"Do NOT delegate"
};
static const true_false_string tfs_gss_flags_mutual = {
length=tvb_length_remaining(tvb, offset);
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, length, tvb_get_ptr(tvb, offset, length), PRIV_etype);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, PRIV_etype, NULL);
}
if(plaintext){
tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ next_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* == 14
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, length, tvb_get_ptr(tvb, offset, length), EncKrbCredPart_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, EncKrbCredPart_etype, NULL);
}
if(plaintext){
- tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
- tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
- add_new_data_source(actx->pinfo, next_tvb, "EncKrbCredPart");
+ add_new_data_source(actx->pinfo, child_tvb, "EncKrbCredPart");
- offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
+ offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
}
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
if a sub-session key is used, or 4 if the session key is used.
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, enc_authorization_data_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, enc_authorization_data_etype, NULL);
}
if(plaintext){
- tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
- tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
- add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
- proto_tree_add_text(tree, next_tvb, 0, length, "AtuhorizationData for TGS_REQ not implemented yet");
+ proto_tree_add_text(tree, child_tvb, 0, length, "AtuhorizationData for TGS_REQ not implemented yet");
}
return offset;
static int
dissect_krb5_enc_authorization_data_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
+#ifndef HAVE_KERBEROS
+ guint32 enc_authorization_data_etype;
+#endif
offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &enc_authorization_data_etype);
if(tree){
proto_item_append_text(tree, " %s",
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* == 11
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, authenticator_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, authenticator_etype, NULL);
}
if(plaintext){
- tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
- tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
- add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
- offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
+ offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
{
guint8 *plaintext;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* 7.5.1
* All Ticket encrypted parts use usage == 2
*/
- if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype)) ){
- tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, Ticket_etype, NULL)) ){
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
- tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
- add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
- offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
+ offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
* == 11
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, AP_REP_etype, NULL);
}
if(plaintext){
tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ next_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
/* Add the decrypted data to the data source list. */
add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* == 9
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, KDC_REP_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, KDC_REP_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, KDC_REP_etype, NULL);
}
if(plaintext){
- tvbuff_t *next_tvb;
- next_tvb = tvb_new_real_data (plaintext,
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
length);
- tvb_set_free_cb(next_tvb, g_free);
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
+ tvb_set_free_cb(child_tvb, g_free);
/* Add the decrypted data to the data source list. */
- add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
- offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
+ offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
}
return offset;
-static struct { const char *set; const char *unset; } bitval = { "Set", "Not set" };
-
static gint dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree);
static void dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo,
* The dissector failed to recognize this as a valid
* Kerberos message. Mark it as a continuation packet.
*/
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
- }
+ col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
}
}
static void
dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
- if (check_col(pinfo->cinfo, COL_INFO))
- col_clear(pinfo->cinfo, COL_INFO);
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+ col_clear(pinfo->cinfo, COL_INFO);
tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
dissect_kerberos_tcp_pdu);
saved_private_data=pinfo->private_data;
pinfo->private_data=cb;
- do_col_info=dci;
+ gbl_do_col_info=dci;
if (have_rm) {
krb_rm = tvb_get_ntohl(tvb, offset);
return (-1);
}
if (do_col_protocol) {
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
}
if (tree) {
item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
return 0;
}
if (do_col_protocol) {
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
}
- if (do_col_info) {
- if (check_col(pinfo->cinfo, COL_INFO))
- col_clear(pinfo->cinfo, COL_INFO);
+ if (gbl_do_col_info) {
+ col_clear(pinfo->cinfo, COL_INFO);
}
if (tree) {
item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, FALSE);
static hf_register_info hf[] = {
{ &hf_krb_rm_reserved, {
"Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
- &bitval, KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
+ TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
{ &hf_krb_rm_reclen, {
"Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
NULL, KRB_RM_RECLEN, "Record length", HFILL }},
"Type", "kerberos.transited.type", FT_UINT32, BASE_DEC,
VALS(krb5_transited_types), 0, "Transited Type", HFILL }},
{ &hf_krb_transitedcontents, {
- "Contents", "kerberos.transited.contents", FT_BYTES, BASE_HEX,
- NULL, 0, "Transitent Contents string", HFILL }},
+ "Contents", "kerberos.transited.contents", FT_BYTES, BASE_NONE,
+ NULL, 0, "Transited Contents string", HFILL }},
{ &hf_krb_keytype, {
"Key type", "kerberos.keytype", FT_UINT32, BASE_DEC,
VALS(krb5_encryption_types), 0, "Key Type", HFILL }},
{ &hf_krb_keyvalue, {
- "Key value", "kerberos.keyvalue", FT_BYTES, BASE_HEX,
+ "Key value", "kerberos.keyvalue", FT_BYTES, BASE_NONE,
NULL, 0, "Key value (encryption key)", HFILL }},
{ &hf_krb_adtype, {
"Type", "kerberos.adtype", FT_UINT32, BASE_DEC,
"Type", "kerberos.IF_RELEVANT.type", FT_UINT32, BASE_DEC,
VALS(krb5_ad_types), 0, "IF-RELEVANT Data Type", HFILL }},
{ &hf_krb_advalue, {
- "Data", "kerberos.advalue", FT_BYTES, BASE_HEX,
+ "Data", "kerberos.advalue", FT_BYTES, BASE_NONE,
NULL, 0, "Authentication Data", HFILL }},
{ &hf_krb_IF_RELEVANT_value, {
- "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_HEX,
+ "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_NONE,
NULL, 0, "IF_RELEVANT Data", HFILL }},
{ &hf_krb_etype, {
"Encryption type", "kerberos.etype", FT_INT32, BASE_DEC,
VALS(krb5_lr_types), 0, "Type of lastreq value", HFILL }},
{ &hf_krb_address_ip, {
"IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
- NULL, 0, "IP Address", HFILL }},
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_address_ipv6, {
+ "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_address_netbios, {
"NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
NULL, 0, "NetBIOS Address and type", HFILL }},
"MSG Type", "kerberos.msg.type", FT_UINT32, BASE_DEC,
VALS(krb5_msg_types), 0, "Kerberos Message Type", HFILL }},
{ &hf_krb_APOptions, {
- "APOptions", "kerberos.apoptions", FT_BYTES, BASE_HEX,
+ "APOptions", "kerberos.apoptions", FT_BYTES, BASE_NONE,
NULL, 0, "Kerberos APOptions bitstring", HFILL }},
{ &hf_krb_APOptions_use_session_key, {
"Use Session Key", "kerberos.apoptions.use_session_key", FT_BOOLEAN, 32,
- TFS(&krb5_apoptions_use_session_key), 0x40000000, "", HFILL }},
+ TFS(&krb5_apoptions_use_session_key), 0x40000000, NULL, HFILL }},
{ &hf_krb_APOptions_mutual_required, {
"Mutual required", "kerberos.apoptions.mutual_required", FT_BOOLEAN, 32,
- TFS(&krb5_apoptions_mutual_required), 0x20000000, "", HFILL }},
+ TFS(&krb5_apoptions_mutual_required), 0x20000000, NULL, HFILL }},
{ &hf_krb_KDCOptions, {
- "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_HEX,
+ "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_NONE,
NULL, 0, "Kerberos KDCOptions bitstring", HFILL }},
{ &hf_krb_TicketFlags, {
"Ticket Flags", "kerberos.ticketflags", FT_NONE, BASE_NONE,
NULL, 0, "Kerberos Ticket Flags", HFILL }},
{ &hf_krb_TicketFlags_forwardable, {
"Forwardable", "kerberos.ticketflags.forwardable", FT_BOOLEAN, 32,
- TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
+ TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickets are forwardable or not", HFILL }},
{ &hf_krb_TicketFlags_forwarded, {
"Forwarded", "kerberos.ticketflags.forwarded", FT_BOOLEAN, 32,
TFS(&krb5_ticketflags_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
- { &hf_krb_TicketFlags_proxyable, {
- "Proxyable", "kerberos.ticketflags.proxyable", FT_BOOLEAN, 32,
- TFS(&krb5_ticketflags_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
+ { &hf_krb_TicketFlags_proxiable, {
+ "Proxiable", "kerberos.ticketflags.proxiable", FT_BOOLEAN, 32,
+ TFS(&krb5_ticketflags_proxiable), 0x10000000, "Flag controlling whether the tickets are proxiable or not", HFILL }},
{ &hf_krb_TicketFlags_proxy, {
"Proxy", "kerberos.ticketflags.proxy", FT_BOOLEAN, 32,
TFS(&krb5_ticketflags_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
{ &hf_krb_KDCOptions_forwardable, {
"Forwardable", "kerberos.kdcoptions.forwardable", FT_BOOLEAN, 32,
- TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickes are forwardable or not", HFILL }},
+ TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickets are forwardable or not", HFILL }},
{ &hf_krb_KDCOptions_forwarded, {
"Forwarded", "kerberos.kdcoptions.forwarded", FT_BOOLEAN, 32,
TFS(&krb5_kdcoptions_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
- { &hf_krb_KDCOptions_proxyable, {
- "Proxyable", "kerberos.kdcoptions.proxyable", FT_BOOLEAN, 32,
- TFS(&krb5_kdcoptions_proxyable), 0x10000000, "Flag controlling whether the tickes are proxyable or not", HFILL }},
+ { &hf_krb_KDCOptions_proxiable, {
+ "Proxiable", "kerberos.kdcoptions.proxiable", FT_BOOLEAN, 32,
+ TFS(&krb5_kdcoptions_proxiable), 0x10000000, "Flag controlling whether the tickets are proxiable or not", HFILL }},
{ &hf_krb_KDCOptions_proxy, {
"Proxy", "kerberos.kdcoptions.proxy", FT_BOOLEAN, 32,
TFS(&krb5_kdcoptions_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
"Authenticator vno", "kerberos.authenticator_vno", FT_UINT32, BASE_DEC,
NULL, 0, "Version Number for the Authenticator", HFILL }},
{ &hf_krb_encrypted_authenticator_data, {
- "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_HEX,
+ "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_NONE,
NULL, 0, "Data content of an encrypted authenticator", HFILL }},
{ &hf_krb_encrypted_EncKrbCredPart, {
- "enc EncKrbCredPart", "kerberos.EncKrbCredPart.encrypted", FT_BYTES, BASE_HEX,
+ "enc EncKrbCredPart", "kerberos.EncKrbCredPart.encrypted", FT_BYTES, BASE_NONE,
NULL, 0, "Encrypted EncKrbCredPart blob", HFILL }},
{ &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
- "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_HEX,
+ "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_NONE,
NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
{ &hf_krb_encrypted_enc_authorization_data, {
- "enc-authorization-data", "kerberos.enc_authorization_data.encrypted", FT_BYTES, BASE_HEX,
- NULL, 0, "", HFILL }},
+ "enc-authorization-data", "kerberos.enc_authorization_data.encrypted", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_PAC_LOGON_INFO, {
- "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_HEX,
+ "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
{ &hf_krb_PAC_CREDENTIAL_TYPE, {
- "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_HEX,
+ "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
{ &hf_krb_PAC_SERVER_CHECKSUM, {
- "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_HEX,
+ "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
{ &hf_krb_PAC_PRIVSVR_CHECKSUM, {
- "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_HEX,
+ "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
{ &hf_krb_PAC_CLIENT_INFO_TYPE, {
- "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_HEX,
+ "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
{ &hf_krb_PAC_CONSTRAINED_DELEGATION, {
- "PAC_CONSTRAINED_DELEGATION", "kerberos.PAC_CONSTRAINED_DELEGATION", FT_BYTES, BASE_HEX,
+ "PAC_CONSTRAINED_DELEGATION", "kerberos.PAC_CONSTRAINED_DELEGATION", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_CONSTRAINED_DELEGATION structure", HFILL }},
+ { &hf_krb_PAC_UPN_DNS_INFO, {
+ "UPN_DNS_INFO", "kerberos.PAC_UPN_DNS_INFO", FT_BYTES, BASE_NONE,
+ NULL, 0, "UPN_DNS_INFO structure", HFILL }},
{ &hf_krb_checksum_checksum, {
- "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_HEX,
+ "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_NONE,
NULL, 0, "Kerberos Checksum", HFILL }},
{ &hf_krb_ENC_PRIV, {
- "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_HEX,
+ "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_NONE,
NULL, 0, "Encrypted PRIV blob", HFILL }},
{ &hf_krb_encrypted_Ticket_data, {
- "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_HEX,
+ "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_NONE,
NULL, 0, "The encrypted part of a ticket", HFILL }},
{ &hf_krb_encrypted_AP_REP_data, {
- "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_HEX,
+ "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_NONE,
NULL, 0, "The encrypted part of AP-REP", HFILL }},
{ &hf_krb_encrypted_KDC_REP_data, {
- "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_HEX,
+ "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_NONE,
NULL, 0, "The encrypted part of KDC-REP", HFILL }},
{ &hf_krb_PA_DATA_value, {
- "Value", "kerberos.padata.value", FT_BYTES, BASE_HEX,
+ "Value", "kerberos.padata.value", FT_BYTES, BASE_NONE,
NULL, 0, "Content of the PADATA blob", HFILL }},
{ &hf_krb_etype_info_salt, {
- "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX,
- NULL, 0, "Salt", HFILL }},
+ "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_etype_info2_salt, {
- "Salt", "kerberos.etype_info2.salt", FT_BYTES, BASE_HEX,
- NULL, 0, "Salt", HFILL }},
+ "Salt", "kerberos.etype_info2.salt", FT_BYTES, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_etype_info2_s2kparams, {
- "Salt", "kerberos.etype_info.s2kparams", FT_BYTES, BASE_HEX,
+ "Salt", "kerberos.etype_info.s2kparams", FT_BYTES, BASE_NONE,
NULL, 0, "S2kparams", HFILL }},
{ &hf_krb_SAFE_BODY_user_data, {
- "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX,
+ "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_NONE,
NULL, 0, "SAFE BODY userdata field", HFILL }},
{ &hf_krb_PRIV_BODY_user_data, {
- "User Data", "kerberos.PRIV_BODY.user_data", FT_BYTES, BASE_HEX,
+ "User Data", "kerberos.PRIV_BODY.user_data", FT_BYTES, BASE_NONE,
NULL, 0, "PRIV BODY userdata field", HFILL }},
{ &hf_krb_pac_signature_signature, {
- "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_HEX,
+ "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
NULL, 0, "A PAC signature blob", HFILL }},
{ &hf_krb_PA_DATA_type, {
- "Type", "kerberos.padata.type", FT_UINT32, BASE_DEC,
+ "Type", "kerberos.padata.type", FT_INT32, BASE_DEC,
VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
{ &hf_krb_nonce, {
"Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
"Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
NULL, 0, "Version number for the Ticket format", HFILL }},
{ &hf_krb_KrbCredInfo, {
- "KrbCredInfo", "kerberos.KrbCredInfo", FT_NONE, BASE_DEC,
+ "KrbCredInfo", "kerberos.KrbCredInfo", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos KrbCredInfo", HFILL }},
{ &hf_krb_HostAddress, {
- "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_DEC,
+ "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
{ &hf_krb_s_address, {
- "S-Address", "kerberos.s_address", FT_NONE, BASE_DEC,
+ "S-Address", "kerberos.s_address", FT_NONE, BASE_NONE,
NULL, 0, "This is the Senders address", HFILL }},
{ &hf_krb_r_address, {
- "R-Address", "kerberos.r_address", FT_NONE, BASE_DEC,
+ "R-Address", "kerberos.r_address", FT_NONE, BASE_NONE,
NULL, 0, "This is the Recipient address", HFILL }},
{ &hf_krb_key, {
- "key", "kerberos.key", FT_NONE, BASE_DEC,
+ "key", "kerberos.key", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
{ &hf_krb_subkey, {
- "Subkey", "kerberos.subkey", FT_NONE, BASE_DEC,
+ "Subkey", "kerberos.subkey", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos subkey", HFILL }},
{ &hf_krb_seq_number, {
"Seq Number", "kerberos.seq_number", FT_UINT32, BASE_DEC,
NULL, 0, "This is a Kerberos sequence number", HFILL }},
{ &hf_krb_AuthorizationData, {
- "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_DEC,
+ "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos AuthorizationData sequence", HFILL }},
{ &hf_krb_EncTicketPart, {
- "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_DEC,
+ "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_NONE,
NULL, 0, "This is a decrypted Kerberos EncTicketPart sequence", HFILL }},
{ &hf_krb_EncAPRepPart, {
- "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_DEC,
+ "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_NONE,
NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
{ &hf_krb_EncKrbPrivPart, {
- "EncKrbPrivPart", "kerberos.EncKrbPrivPart", FT_NONE, BASE_DEC,
+ "EncKrbPrivPart", "kerberos.EncKrbPrivPart", FT_NONE, BASE_NONE,
NULL, 0, "This is a decrypted Kerberos EncKrbPrivPart sequence", HFILL }},
{ &hf_krb_EncKrbCredPart, {
- "EncKrbCredPart", "kerberos.EncKrbCredPart", FT_NONE, BASE_DEC,
+ "EncKrbCredPart", "kerberos.EncKrbCredPart", FT_NONE, BASE_NONE,
NULL, 0, "This is a decrypted Kerberos EncKrbCredPart sequence", HFILL }},
{ &hf_krb_EncKDCRepPart, {
- "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_DEC,
+ "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_NONE,
NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
{ &hf_krb_LastReq, {
- "LastReq", "kerberos.LastReq", FT_NONE, BASE_DEC,
+ "LastReq", "kerberos.LastReq", FT_NONE, BASE_NONE,
NULL, 0, "This is a LastReq sequence", HFILL }},
{ &hf_krb_Authenticator, {
- "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_DEC,
+ "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_NONE,
NULL, 0, "This is a decrypted Kerberos Authenticator sequence", HFILL }},
{ &hf_krb_Checksum, {
- "Checksum", "kerberos.Checksum", FT_NONE, BASE_DEC,
+ "Checksum", "kerberos.Checksum", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos Checksum sequence", HFILL }},
{ &hf_krb_HostAddresses, {
- "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_DEC,
+ "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_NONE,
NULL, 0, "This is a list of Kerberos HostAddress sequences", HFILL }},
{ &hf_krb_IF_RELEVANT, {
- "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_DEC,
+ "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_NONE,
NULL, 0, "This is a list of IF-RELEVANT sequences", HFILL }},
{ &hf_krb_etypes, {
- "Encryption Types", "kerberos.etypes", FT_NONE, BASE_DEC,
+ "Encryption Types", "kerberos.etypes", FT_NONE, BASE_NONE,
NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
{ &hf_krb_KrbCredInfos, {
- "Sequence of KrbCredInfo", "kerberos.KrbCredInfos", FT_NONE, BASE_DEC,
+ "Sequence of KrbCredInfo", "kerberos.KrbCredInfos", FT_NONE, BASE_NONE,
NULL, 0, "This is a list of KrbCredInfo", HFILL }},
{ &hf_krb_sq_tickets, {
- "Tickets", "kerberos.sq.tickets", FT_NONE, BASE_DEC,
+ "Tickets", "kerberos.sq.tickets", FT_NONE, BASE_NONE,
NULL, 0, "This is a list of Kerberos Tickets", HFILL }},
{ &hf_krb_LastReqs, {
- "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_DEC,
+ "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_NONE,
NULL, 0, "This is a list of LastReq structures", HFILL }},
{ &hf_krb_sname, {
- "Server Name", "kerberos.sname", FT_NONE, BASE_DEC,
+ "Server Name", "kerberos.sname", FT_NONE, BASE_NONE,
NULL, 0, "This is the name part server's identity", HFILL }},
{ &hf_krb_pname, {
- "Delegated Principal Name", "kerberos.pname", FT_NONE, BASE_DEC,
+ "Delegated Principal Name", "kerberos.pname", FT_NONE, BASE_NONE,
NULL, 0, "Identity of the delegated principal", HFILL }},
{ &hf_krb_cname, {
- "Client Name", "kerberos.cname", FT_NONE, BASE_DEC,
+ "Client Name", "kerberos.cname", FT_NONE, BASE_NONE,
NULL, 0, "The name part of the client principal identifier", HFILL }},
{ &hf_krb_authenticator_enc, {
- "Authenticator", "kerberos.authenticator", FT_NONE, BASE_DEC,
+ "Authenticator", "kerberos.authenticator", FT_NONE, BASE_NONE,
NULL, 0, "Encrypted authenticator blob", HFILL }},
{ &hf_krb_CRED_enc, {
- "EncKrbCredPart", "kerberos.encrypted_cred", FT_NONE, BASE_DEC,
+ "EncKrbCredPart", "kerberos.encrypted_cred", FT_NONE, BASE_NONE,
NULL, 0, "Encrypted Cred blob", HFILL }},
{ &hf_krb_ticket_enc, {
- "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_DEC,
+ "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_NONE,
NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
{ &hf_krb_AP_REP_enc, {
- "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_DEC,
+ "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_NONE,
NULL, 0, "The structure holding the encrypted part of AP-REP", HFILL }},
{ &hf_krb_KDC_REP_enc, {
- "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_DEC,
+ "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_NONE,
NULL, 0, "The structure holding the encrypted part of KDC-REP", HFILL }},
{ &hf_krb_e_data, {
- "e-data", "kerberos.e_data", FT_NONE, BASE_DEC,
+ "e-data", "kerberos.e_data", FT_NONE, BASE_NONE,
NULL, 0, "The e-data blob", HFILL }},
{ &hf_krb_padata, {
- "padata", "kerberos.padata", FT_NONE, BASE_DEC,
+ "padata", "kerberos.padata", FT_NONE, BASE_NONE,
NULL, 0, "Sequence of preauthentication data", HFILL }},
{ &hf_krb_ticket, {
- "Ticket", "kerberos.ticket", FT_NONE, BASE_DEC,
+ "Ticket", "kerberos.ticket", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos Ticket", HFILL }},
{ &hf_krb_TransitedEncoding, {
- "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_DEC,
+ "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
{ &hf_krb_PA_PAC_REQUEST_flag, {
- "PAC Request", "kerberos.pac_request.flag", FT_UINT32, BASE_DEC,
+ "PAC Request", "kerberos.pac_request.flag", FT_BOOLEAN, 32,
NULL, 0, "This is a MS PAC Request Flag", HFILL }},
{ &hf_krb_w2k_pac_entries, {
"Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
"Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
NULL, 0, "Offset to W2k PAC entry", HFILL }},
{ &hf_krb_pac_clientid, {
- "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, BASE_NONE,
+ "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "ClientID Timestamp", HFILL }},
{ &hf_krb_pac_namelen, {
"Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
NULL, 0, "Length of client name", HFILL }},
+ { &hf_krb_pac_upn_flags, {
+ "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX,
+ NULL, 0, "UPN flags", HFILL }},
+ { &hf_krb_pac_upn_dns_offset, {
+ "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_upn_dns_len, {
+ "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_upn_upn_offset, {
+ "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_upn_upn_len, {
+ "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_upn_upn_name, {
+ "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_upn_dns_name, {
+ "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_e_checksum, {
- "e-checksum", "kerberos.e_checksum", FT_NONE, BASE_DEC,
+ "e-checksum", "kerberos.e_checksum", FT_NONE, BASE_NONE,
NULL, 0, "This is a Kerberos e-checksum", HFILL }},
{ &hf_krb_gssapi_len, {
"Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
{ &hf_krb_gssapi_bnd, {
- "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_HEX,
+ "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE,
NULL, 0, "GSSAPI Bnd field", HFILL }},
{ &hf_krb_gssapi_c_flag_deleg, {
"Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, "", HFILL }},
+ TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }},
{ &hf_krb_gssapi_c_flag_mutual, {
"Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, "", HFILL }},
+ TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }},
{ &hf_krb_gssapi_c_flag_replay, {
"Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, "", HFILL }},
+ TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }},
{ &hf_krb_gssapi_c_flag_sequence, {
"Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, "", HFILL }},
+ TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }},
{ &hf_krb_gssapi_c_flag_conf, {
"Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, "", HFILL }},
+ TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }},
{ &hf_krb_gssapi_c_flag_integ, {
"Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, "", HFILL }},
+ TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }},
{ &hf_krb_gssapi_c_flag_dce_style, {
"DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
- TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, "", HFILL }},
+ TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }},
{ &hf_krb_gssapi_dlgopt, {
"DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
NULL, 0, "GSSAPI DlgOpt", HFILL }},
&ett_krb_PAC_CONSTRAINED_DELEGATION,
&ett_krb_e_checksum,
&ett_krb_PAC_MIDL_BLOB,
- &ett_krb_PAC_DREP
+ &ett_krb_PAC_DREP,
+ &ett_krb_PAC_UPN_DNS_INFO
};
module_t *krb_module;
}
-static dcerpc_auth_subdissector_fns gss_kerb_auth_fns = {
+static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = {
+ wrap_dissect_gss_kerb, /* Bind */
+ wrap_dissect_gss_kerb, /* Bind ACK */
+ wrap_dissect_gss_kerb, /* AUTH3 */
+ NULL, /* Request verifier */
+ NULL, /* Response verifier */
+ NULL, /* Request data */
+ NULL /* Response data */
+};
+
+static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = {
+ wrap_dissect_gss_kerb, /* Bind */
+ wrap_dissect_gss_kerb, /* Bind ACK */
+ wrap_dissect_gss_kerb, /* AUTH3 */
+ wrap_dissect_gssapi_verf, /* Request verifier */
+ wrap_dissect_gssapi_verf, /* Response verifier */
+ NULL, /* Request data */
+ NULL /* Response data */
+};
+
+static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = {
wrap_dissect_gss_kerb, /* Bind */
wrap_dissect_gss_kerb, /* Bind ACK */
- NULL, /* AUTH3 */
+ wrap_dissect_gss_kerb, /* AUTH3 */
wrap_dissect_gssapi_verf, /* Request verifier */
wrap_dissect_gssapi_verf, /* Response verifier */
wrap_dissect_gssapi_payload, /* Request data */
dissector_add("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
dissector_add("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
+ register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT,
+ DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
+ &gss_kerb_auth_connect_fns);
+
register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
- &gss_kerb_auth_fns);
+ &gss_kerb_auth_sign_fns);
register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
- &gss_kerb_auth_fns);
+ &gss_kerb_auth_seal_fns);
}