From: wmeier <wmeier@f5534014-38df-0310-8fa8-9805f1628bb7>
Date: Tue, 11 May 2010 14:34:16 +0000 (+0000)
Subject: Fix handling of pa-data-type KRB5_PA_PAC_REQUEST (& KRB5_PA_S4U2SELF).
X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=commitdiff_plain;h=ad5f64f3f2564735fdcf6392d832b92b52bfb30f;hp=9c738d827f71464a9e14b6bd8842214acaa66c8c

Fix handling of pa-data-type KRB5_PA_PAC_REQUEST (& KRB5_PA_S4U2SELF).

-Define pa-data-type KRB5_PA_PAC_REQUEST properly so that it is recognized.
  Fixes bug #4752 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4752)
-Also revert definition of  KRB5_PA_S4U2SELF (to be a positive number).
(All of the above reverts part of SVN #31400).

-Display pa-data-type as FT_INT32.
-Display the value for pa-data-type KRB5_PA_PAC_REQUEST as Boolean (not Int).


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@32752 f5534014-38df-0310-8fa8-9805f1628bb7
---

diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index c2a458ce6c..430e817453 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -1029,7 +1029,7 @@ g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
 #define KRB5_CHKSUM_KRB_DES_MAC_K       5
 #define KRB5_CHKSUM_MD5                 7
 #define KRB5_CHKSUM_MD5_DES             8
-/* the following four comes from packetcable */
+/* the following four come from packetcable */
 #define KRB5_CHKSUM_MD5_DES3            9
 #define KRB5_CHKSUM_HMAC_SHA1_DES3_KD   12
 #define KRB5_CHKSUM_HMAC_SHA1_DES3      13
@@ -1089,11 +1089,15 @@ g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
 /* preauthentication types >127 (i.e. negative ones) are app specific.
    Hopefully there will be no collisions here or we will have to
    come up with something better.
-   Note: These values are compared against 32-bit values in the code.
+   XXX: Although KRB5_PA_PAC_REQUEST is " >127 " and thus presumably
+         would be encoded as a negative number, various captures seen all
+         have this pa-data-type encoded as a positive number (0x0080).
+         We'll assume that KRB5_PA_S4U2SELF is also encoded as a positive number.
 */
-#define KRB5_PA_PAC_REQUEST         -128  /* = 0xFFFFFF80 = (gint32)((gint8)0x80) MS extension */
-#define KRB5_PA_S4U2SELF            -127  /* = 0xFFFFFF81 = (gint32)((gint8)0x81) Impersonation (Microsoft extension) */
-#define KRB5_PA_PROV_SRV_LOCATION   -1    /* = 0xFFFFFFFF = (gint32)((gint8)0xFF) packetcable stuff */
+#define KRB5_PA_PAC_REQUEST              128    /* (Microsoft extension) */
+#define KRB5_PA_S4U2SELF                 129    /* Impersonation (Microsoft extension) */
+
+#define KRB5_PA_PROV_SRV_LOCATION 0xffffffff    /* (gint32)0xFF) packetcable stuff */
 
 /* Principal name-type */
 #define KRB5_NT_UNKNOWN        0
@@ -5140,7 +5144,7 @@ proto_register_kerberos(void)
 	    "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
 	    NULL, 0, "A PAC signature blob", HFILL }},
 	{ &hf_krb_PA_DATA_type, {
-	    "Type", "kerberos.padata.type", FT_INT8, BASE_DEC,
+                "Type", "kerberos.padata.type", FT_INT32, BASE_DEC,
 	    VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
 	{ &hf_krb_nonce, {
 	    "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
@@ -5251,7 +5255,7 @@ proto_register_kerberos(void)
 	    "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_NONE,
 	    NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
 	{ &hf_krb_PA_PAC_REQUEST_flag, {
-	    "PAC Request", "kerberos.pac_request.flag", FT_UINT32, BASE_DEC,
+                "PAC Request", "kerberos.pac_request.flag", FT_BOOLEAN, 32,
 	    NULL, 0, "This is a MS PAC Request Flag", HFILL }},
 	{ &hf_krb_w2k_pac_entries, {
 	    "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,