Fix handling of pa-data-type KRB5_PA_PAC_REQUEST (& KRB5_PA_S4U2SELF).
authorwmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7>
Tue, 11 May 2010 14:34:16 +0000 (14:34 +0000)
committerwmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7>
Tue, 11 May 2010 14:34:16 +0000 (14:34 +0000)
-Define pa-data-type KRB5_PA_PAC_REQUEST properly so that it is recognized.
  Fixes bug #4752 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4752)
-Also revert definition of  KRB5_PA_S4U2SELF (to be a positive number).
(All of the above reverts part of SVN #31400).

-Display pa-data-type as FT_INT32.
-Display the value for pa-data-type KRB5_PA_PAC_REQUEST as Boolean (not Int).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32752 f5534014-38df-0310-8fa8-9805f1628bb7

epan/dissectors/packet-kerberos.c

index c2a458ce6cfe94142b7fb2170cef17d193143421..430e81745372c4825b3c8a1a0c398babcc841f1a 100644 (file)
@@ -1029,7 +1029,7 @@ g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
 #define KRB5_CHKSUM_KRB_DES_MAC_K       5
 #define KRB5_CHKSUM_MD5                 7
 #define KRB5_CHKSUM_MD5_DES             8
-/* the following four comes from packetcable */
+/* the following four come from packetcable */
 #define KRB5_CHKSUM_MD5_DES3            9
 #define KRB5_CHKSUM_HMAC_SHA1_DES3_KD   12
 #define KRB5_CHKSUM_HMAC_SHA1_DES3      13
@@ -1089,11 +1089,15 @@ g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
 /* preauthentication types >127 (i.e. negative ones) are app specific.
    Hopefully there will be no collisions here or we will have to
    come up with something better.
-   Note: These values are compared against 32-bit values in the code.
+   XXX: Although KRB5_PA_PAC_REQUEST is " >127 " and thus presumably
+         would be encoded as a negative number, various captures seen all
+         have this pa-data-type encoded as a positive number (0x0080).
+         We'll assume that KRB5_PA_S4U2SELF is also encoded as a positive number.
 */
-#define KRB5_PA_PAC_REQUEST         -128  /* = 0xFFFFFF80 = (gint32)((gint8)0x80) MS extension */
-#define KRB5_PA_S4U2SELF            -127  /* = 0xFFFFFF81 = (gint32)((gint8)0x81) Impersonation (Microsoft extension) */
-#define KRB5_PA_PROV_SRV_LOCATION   -1    /* = 0xFFFFFFFF = (gint32)((gint8)0xFF) packetcable stuff */
+#define KRB5_PA_PAC_REQUEST              128    /* (Microsoft extension) */
+#define KRB5_PA_S4U2SELF                 129    /* Impersonation (Microsoft extension) */
+
+#define KRB5_PA_PROV_SRV_LOCATION 0xffffffff    /* (gint32)0xFF) packetcable stuff */
 
 /* Principal name-type */
 #define KRB5_NT_UNKNOWN        0
@@ -5140,7 +5144,7 @@ proto_register_kerberos(void)
            "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
            NULL, 0, "A PAC signature blob", HFILL }},
        { &hf_krb_PA_DATA_type, {
-           "Type", "kerberos.padata.type", FT_INT8, BASE_DEC,
+                "Type", "kerberos.padata.type", FT_INT32, BASE_DEC,
            VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
        { &hf_krb_nonce, {
            "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
@@ -5251,7 +5255,7 @@ proto_register_kerberos(void)
            "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_NONE,
            NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
        { &hf_krb_PA_PAC_REQUEST_flag, {
-           "PAC Request", "kerberos.pac_request.flag", FT_UINT32, BASE_DEC,
+                "PAC Request", "kerberos.pac_request.flag", FT_BOOLEAN, 32,
            NULL, 0, "This is a MS PAC Request Flag", HFILL }},
        { &hf_krb_w2k_pac_entries, {
            "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,