/src/wireshark/epan/dissectors/packet-kerberos.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Do not modify this file. Changes will be overwritten. */ |
2 | | /* Generated automatically by the ASN.1 to Wireshark dissector compiler */ |
3 | | /* packet-kerberos.c */ |
4 | | /* asn2wrs.py -b -q -L -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */ |
5 | | |
6 | | /* packet-kerberos.c |
7 | | * Routines for Kerberos |
8 | | * Wes Hardaker (c) 2000 |
9 | | * wjhardaker@ucdavis.edu |
10 | | * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and |
11 | | * added AP-REQ and AP-REP dissection |
12 | | * |
13 | | * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API. |
14 | | * decryption of kerberos blobs if keytab is provided |
15 | | * |
16 | | * See RFC 1510, and various I-Ds and other documents showing additions, |
17 | | * e.g. ones listed under |
18 | | * |
19 | | * http://clifford.neuman.name/krb-revisions/ |
20 | | * |
21 | | * and |
22 | | * |
23 | | * https://tools.ietf.org/html/rfc4120 |
24 | | * |
25 | | * and |
26 | | * |
27 | | * https://tools.ietf.org/html/rfc6806 |
28 | | * |
29 | | * Some structures from RFC2630 |
30 | | * |
31 | | * Wireshark - Network traffic analyzer |
32 | | * By Gerald Combs <gerald@wireshark.org> |
33 | | * Copyright 1998 Gerald Combs |
34 | | * |
35 | | * SPDX-License-Identifier: GPL-2.0-or-later |
36 | | */ |
37 | | |
38 | | /* |
39 | | * Some of the development of the Kerberos protocol decoder was sponsored by |
40 | | * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary |
41 | | * CableLabs' specifications. Your license and use of this protocol decoder |
42 | | * does not mean that you are licensed to use the CableLabs' |
43 | | * specifications. If you have questions about this protocol, contact |
44 | | * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional |
45 | | * information. |
46 | | */ |
47 | | |
48 | 0 | #define WS_LOG_DOMAIN "packet-kerberos" |
49 | | #include <config.h> |
50 | | #include <wireshark.h> |
51 | | |
52 | | // krb5.h needs to be included before the defines in packet-kerberos.h |
53 | | #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) |
54 | | #ifdef _WIN32 |
55 | | /* prevent redefinition warnings in krb5's win-mac.h */ |
56 | | #define SSIZE_T_DEFINED |
57 | | #endif /* _WIN32 */ |
58 | | #include <krb5.h> |
59 | | #endif |
60 | | |
61 | | #include <epan/packet.h> |
62 | | #include <epan/proto_data.h> |
63 | | #include <epan/exceptions.h> |
64 | | #include <epan/strutil.h> |
65 | | #include <epan/conversation.h> |
66 | | #include <epan/asn1.h> |
67 | | #include <epan/expert.h> |
68 | | #include <epan/prefs.h> |
69 | | #include <epan/srt_table.h> |
70 | | #include <epan/tfs.h> |
71 | | #include <wsutil/wsgcrypt.h> |
72 | | #include <wsutil/file_util.h> |
73 | | #include <wsutil/str_util.h> |
74 | | #include <wsutil/pint.h> |
75 | | #include <wsutil/array.h> |
76 | | #include "packet-kerberos.h" |
77 | | #include "packet-netbios.h" |
78 | | #include "packet-tcp.h" |
79 | | #include "packet-ber.h" |
80 | | #include "packet-pkinit.h" |
81 | | #include "packet-cms.h" |
82 | | #include "packet-windows-common.h" |
83 | | |
84 | | #include "read_keytab_file.h" |
85 | | |
86 | | #include "packet-dcerpc-netlogon.h" |
87 | | #include "packet-dcerpc.h" |
88 | | |
89 | | #include "packet-gssapi.h" |
90 | | #include "packet-x509af.h" |
91 | | |
92 | | #define KEY_USAGE_FAST_REQ_CHKSUM 50 |
93 | | #define KEY_USAGE_FAST_ENC 51 |
94 | | #define KEY_USAGE_FAST_REP 52 |
95 | | #define KEY_USAGE_FAST_FINISHED 53 |
96 | | #define KEY_USAGE_ENC_CHALLENGE_CLIENT 54 |
97 | | #define KEY_USAGE_ENC_CHALLENGE_KDC 55 |
98 | | |
99 | | void proto_register_kerberos(void); |
100 | | void proto_reg_handoff_kerberos(void); |
101 | | |
102 | 14 | #define UDP_PORT_KERBEROS 88 |
103 | 14 | #define TCP_PORT_KERBEROS 88 |
104 | | |
105 | | #define ADDRESS_STR_BUFSIZ 256 |
106 | | |
107 | | typedef struct kerberos_key { |
108 | | uint32_t keytype; |
109 | | int keylength; |
110 | | const uint8_t *keyvalue; |
111 | | } kerberos_key_t; |
112 | | |
113 | | typedef void (*kerberos_key_save_fn)(tvbuff_t *tvb _U_, int offset _U_, int length _U_, |
114 | | asn1_ctx_t *actx _U_, proto_tree *tree _U_, |
115 | | int parent_hf_index _U_, |
116 | | int hf_index _U_); |
117 | | |
118 | | typedef struct kerberos_conv_t { |
119 | | wmem_list_t *frames; |
120 | | } kerberos_conv_t; |
121 | | |
122 | | typedef struct kerberos_frame_t { |
123 | | struct kerberos_frame_t *req; |
124 | | uint32_t frame; |
125 | | nstime_t frame_time; |
126 | | uint32_t msg_type; |
127 | | bool tgs_authenticator_subkey; |
128 | | int srt_idx; |
129 | | } kerberos_frame_t; |
130 | | |
131 | | struct missing_key_details { |
132 | | const char *keymap_name; |
133 | | unsigned keymap_size; |
134 | | unsigned decryption_count; |
135 | | }; |
136 | | |
137 | | typedef struct { |
138 | | uint32_t msg_type; |
139 | | bool is_win2k_pkinit; |
140 | | uint32_t errorcode; |
141 | | uint32_t etype; |
142 | | uint32_t padata_type; |
143 | | uint32_t is_enc_padata; |
144 | | uint32_t enctype; |
145 | | kerberos_key_t key; |
146 | | proto_tree *key_tree; |
147 | | proto_item *key_hidden_item; |
148 | | tvbuff_t *key_tvb; |
149 | | kerberos_callbacks *callbacks; |
150 | | uint32_t ad_type; |
151 | | uint32_t addr_type; |
152 | | uint32_t checksum_type; |
153 | | #ifdef HAVE_KERBEROS |
154 | | enc_key_t *last_decryption_key; |
155 | | enc_key_t *last_added_key; |
156 | | enc_key_t *current_ticket_key; |
157 | | tvbuff_t *last_ticket_enc_part_tvb; |
158 | | #endif |
159 | | struct missing_key_details *missing_key_stash; |
160 | | int save_encryption_key_parent_hf_index; |
161 | | kerberos_key_save_fn save_encryption_key_fn; |
162 | | unsigned learnt_key_ids; |
163 | | unsigned missing_key_ids; |
164 | | wmem_list_t *decryption_keys; |
165 | | wmem_list_t *learnt_keys; |
166 | | wmem_list_t *missing_keys; |
167 | | uint32_t within_PA_TGS_REQ; |
168 | | struct _kerberos_PA_FX_FAST_REQUEST { |
169 | | bool defer; |
170 | | tvbuff_t *tvb; |
171 | | proto_tree *tree; |
172 | | } PA_FX_FAST_REQUEST; |
173 | | #ifdef HAVE_KERBEROS |
174 | | enc_key_t *PA_TGS_REQ_key; |
175 | | enc_key_t *PA_TGS_REQ_subkey; |
176 | | #endif |
177 | | uint32_t fast_type; |
178 | | uint32_t fast_armor_within_armor_value; |
179 | | #ifdef HAVE_KERBEROS |
180 | | enc_key_t *PA_FAST_ARMOR_AP_key; |
181 | | enc_key_t *PA_FAST_ARMOR_AP_subkey; |
182 | | enc_key_t *fast_armor_key; |
183 | | enc_key_t *fast_strengthen_key; |
184 | | #endif |
185 | | kerberos_conv_t *krb5_conv; |
186 | | uint32_t frame_req, frame_rep; |
187 | | nstime_t req_time; |
188 | | bool req_tgs_authenticator_subkey; |
189 | | } kerberos_private_data_t; |
190 | | |
191 | | static dissector_handle_t kerberos_handle_tcp; |
192 | | static dissector_handle_t kerberos_handle_udp; |
193 | | |
194 | | /* Forward declarations */ |
195 | | static kerberos_private_data_t *kerberos_get_private_data(asn1_ctx_t *actx); |
196 | | static int dissect_kerberos_Applications(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
197 | | static int dissect_kerberos_AuthorizationData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
198 | | static int dissect_kerberos_PA_ENC_TIMESTAMP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
199 | | #ifdef HAVE_KERBEROS |
200 | | static int dissect_kerberos_PA_ENC_TS_ENC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
201 | | #endif |
202 | | static int dissect_kerberos_PA_PAC_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
203 | | static int dissect_kerberos_PA_S4U2Self(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
204 | | static int dissect_kerberos_PA_S4U_X509_USER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
205 | | static int dissect_kerberos_ETYPE_INFO(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
206 | | static int dissect_kerberos_ETYPE_INFO2(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
207 | | static int dissect_kerberos_AD_IF_RELEVANT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
208 | | static int dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
209 | | static int dissect_kerberos_PA_FX_FAST_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
210 | | static int dissect_kerberos_EncryptedChallenge(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
211 | | static int dissect_kerberos_PA_KERB_KEY_LIST_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
212 | | static int dissect_kerberos_PA_KERB_KEY_LIST_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
213 | | static int dissect_kerberos_PA_FX_FAST_REPLY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
214 | | static int dissect_kerberos_PA_PAC_OPTIONS(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
215 | | static int dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
216 | | static int dissect_kerberos_SEQUENCE_OF_ENCTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
217 | | static int dissect_kerberos_PA_SPAKE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
218 | | static int dissect_kerberos_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
219 | | static int dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
220 | | #ifdef HAVE_KERBEROS |
221 | | static int dissect_kerberos_KrbFastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
222 | | static int dissect_kerberos_KrbFastResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
223 | | static int dissect_kerberos_FastOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
224 | | #endif |
225 | | static int dissect_kerberos_KRB5_SRP_PA_ANNOUNCE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
226 | | static int dissect_kerberos_KRB5_SRP_PA_INIT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
227 | | static int dissect_kerberos_KRB5_SRP_PA_SERVER_CHALLENGE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
228 | | static int dissect_kerberos_KRB5_SRP_PA_CLIENT_RESPONSE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
229 | | static int dissect_kerberos_KRB5_SRP_PA_SERVER_VERIFIER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
230 | | static int dissect_kerberos_AD_CAMMAC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
231 | | static int dissect_kerberos_AD_AUTHENTICATION_INDICATOR(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
232 | | |
233 | | /* Desegment Kerberos over TCP messages */ |
234 | | static bool krb_desegment = true; |
235 | | |
236 | | static int proto_kerberos; |
237 | | static int kerberos_tap; |
238 | | |
239 | | static int hf_krb_response_to; |
240 | | static int hf_krb_response_in; |
241 | | static int hf_krb_time; |
242 | | static int hf_krb_rm_reserved; |
243 | | static int hf_krb_rm_reclen; |
244 | | static int hf_krb_provsrv_location; |
245 | | static int hf_krb_pw_salt; |
246 | | static int hf_krb_ext_error_nt_status; |
247 | | static int hf_krb_ext_error_reserved; |
248 | | static int hf_krb_ext_error_flags; |
249 | | static int hf_krb_address_ip; |
250 | | static int hf_krb_address_netbios; |
251 | | static int hf_krb_address_ipv6; |
252 | | static int hf_krb_gssapi_len; |
253 | | static int hf_krb_gssapi_bnd; |
254 | | static int hf_krb_gssapi_dlgopt; |
255 | | static int hf_krb_gssapi_dlglen; |
256 | | static int hf_krb_gssapi_c_flag_deleg; |
257 | | static int hf_krb_gssapi_c_flag_mutual; |
258 | | static int hf_krb_gssapi_c_flag_replay; |
259 | | static int hf_krb_gssapi_c_flag_sequence; |
260 | | static int hf_krb_gssapi_c_flag_conf; |
261 | | static int hf_krb_gssapi_c_flag_integ; |
262 | | static int hf_krb_gssapi_c_flag_dce_style; |
263 | | static int hf_krb_midl_version; |
264 | | static int hf_krb_midl_hdr_len; |
265 | | static int hf_krb_midl_fill_bytes; |
266 | | static int hf_krb_midl_blob_len; |
267 | | static int hf_krb_pac_signature_type; |
268 | | static int hf_krb_pac_signature_signature; |
269 | | static int hf_krb_w2k_pac_entries; |
270 | | static int hf_krb_w2k_pac_version; |
271 | | static int hf_krb_w2k_pac_type; |
272 | | static int hf_krb_w2k_pac_size; |
273 | | static int hf_krb_w2k_pac_offset; |
274 | | static int hf_krb_pac_clientid; |
275 | | static int hf_krb_pac_namelen; |
276 | | static int hf_krb_pac_clientname; |
277 | | static int hf_krb_pac_logon_info; |
278 | | static int hf_krb_pac_credential_data; |
279 | | static int hf_krb_pac_credential_info; |
280 | | static int hf_krb_pac_credential_info_version; |
281 | | static int hf_krb_pac_credential_info_etype; |
282 | | static int hf_krb_pac_s4u_delegation_info; |
283 | | static int hf_krb_pac_upn_dns_info; |
284 | | static int hf_krb_pac_upn_flags; |
285 | | static int hf_krb_pac_upn_flag_upn_constructed; |
286 | | static int hf_krb_pac_upn_flag_has_sam_name_and_sid; |
287 | | static int hf_krb_pac_upn_upn_offset; |
288 | | static int hf_krb_pac_upn_upn_len; |
289 | | static int hf_krb_pac_upn_upn_name; |
290 | | static int hf_krb_pac_upn_dns_offset; |
291 | | static int hf_krb_pac_upn_dns_len; |
292 | | static int hf_krb_pac_upn_dns_name; |
293 | | static int hf_krb_pac_upn_samaccountname_offset; |
294 | | static int hf_krb_pac_upn_samaccountname_len; |
295 | | static int hf_krb_pac_upn_samaccountname; |
296 | | static int hf_krb_pac_upn_objectsid_offset; |
297 | | static int hf_krb_pac_upn_objectsid_len; |
298 | | static int hf_krb_pac_server_checksum; |
299 | | static int hf_krb_pac_privsvr_checksum; |
300 | | static int hf_krb_pac_client_info_type; |
301 | | static int hf_krb_pac_client_claims_info; |
302 | | static int hf_krb_pac_device_info; |
303 | | static int hf_krb_pac_device_claims_info; |
304 | | static int hf_krb_pac_ticket_checksum; |
305 | | static int hf_krb_pac_attributes_info; |
306 | | static int hf_krb_pac_attributes_info_length; |
307 | | static int hf_krb_pac_attributes_info_flags; |
308 | | static int hf_krb_pac_attributes_info_flags_pac_was_requested; |
309 | | static int hf_krb_pac_attributes_info_flags_pac_was_given_implicitly; |
310 | | static int hf_krb_pac_requester_sid; |
311 | | static int hf_krb_pac_full_checksum; |
312 | | static int hf_krb_pa_supported_enctypes; |
313 | | static int hf_krb_pa_supported_enctypes_des_cbc_crc; |
314 | | static int hf_krb_pa_supported_enctypes_des_cbc_md5; |
315 | | static int hf_krb_pa_supported_enctypes_rc4_hmac; |
316 | | static int hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96; |
317 | | static int hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96; |
318 | | static int hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96_sk; |
319 | | static int hf_krb_pa_supported_enctypes_fast_supported; |
320 | | static int hf_krb_pa_supported_enctypes_compound_identity_supported; |
321 | | static int hf_krb_pa_supported_enctypes_claims_supported; |
322 | | static int hf_krb_pa_supported_enctypes_resource_sid_compression_disabled; |
323 | | static int hf_krb_ad_ap_options; |
324 | | static int hf_krb_ad_ap_options_cbt; |
325 | | static int hf_krb_ad_ap_options_unverified_target_name; |
326 | | static int hf_krb_ad_target_principal; |
327 | | static int hf_krb_key_hidden_item; |
328 | | static int hf_kerberos_KERB_TICKET_LOGON; |
329 | | static int hf_kerberos_KERB_TICKET_LOGON_MessageType; |
330 | | static int hf_kerberos_KERB_TICKET_LOGON_Flags; |
331 | | static int hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength; |
332 | | static int hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength; |
333 | | static int hf_kerberos_KERB_TICKET_LOGON_ServiceTicket; |
334 | | static int hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket; |
335 | | static int hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET; |
336 | | static int hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED; |
337 | | #ifdef HAVE_KERBEROS |
338 | | static int hf_kerberos_KrbFastResponse; |
339 | | static int hf_kerberos_strengthen_key; |
340 | | static int hf_kerberos_finished; |
341 | | static int hf_kerberos_fast_options; |
342 | | static int hf_kerberos_ticket_checksum; |
343 | | static int hf_krb_patimestamp; |
344 | | static int hf_krb_pausec; |
345 | | static int hf_kerberos_FastOptions_reserved; |
346 | | static int hf_kerberos_FastOptions_hide_client_names; |
347 | | static int hf_kerberos_FastOptions_spare_bit2; |
348 | | static int hf_kerberos_FastOptions_spare_bit3; |
349 | | static int hf_kerberos_FastOptions_spare_bit4; |
350 | | static int hf_kerberos_FastOptions_spare_bit5; |
351 | | static int hf_kerberos_FastOptions_spare_bit6; |
352 | | static int hf_kerberos_FastOptions_spare_bit7; |
353 | | static int hf_kerberos_FastOptions_spare_bit8; |
354 | | static int hf_kerberos_FastOptions_spare_bit9; |
355 | | static int hf_kerberos_FastOptions_spare_bit10; |
356 | | static int hf_kerberos_FastOptions_spare_bit11; |
357 | | static int hf_kerberos_FastOptions_spare_bit12; |
358 | | static int hf_kerberos_FastOptions_spare_bit13; |
359 | | static int hf_kerberos_FastOptions_spare_bit14; |
360 | | static int hf_kerberos_FastOptions_spare_bit15; |
361 | | static int hf_kerberos_FastOptions_kdc_follow_referrals; |
362 | | |
363 | | #endif |
364 | | static int hf_kerberos_ticket; /* Ticket */ |
365 | | static int hf_kerberos_authenticator; /* Authenticator */ |
366 | | static int hf_kerberos_encTicketPart; /* EncTicketPart */ |
367 | | static int hf_kerberos_as_req; /* AS_REQ */ |
368 | | static int hf_kerberos_as_rep; /* AS_REP */ |
369 | | static int hf_kerberos_tgs_req; /* TGS_REQ */ |
370 | | static int hf_kerberos_tgs_rep; /* TGS_REP */ |
371 | | static int hf_kerberos_ap_req; /* AP_REQ */ |
372 | | static int hf_kerberos_ap_rep; /* AP_REP */ |
373 | | static int hf_kerberos_krb_safe; /* KRB_SAFE */ |
374 | | static int hf_kerberos_krb_priv; /* KRB_PRIV */ |
375 | | static int hf_kerberos_krb_cred; /* KRB_CRED */ |
376 | | static int hf_kerberos_encASRepPart; /* EncASRepPart */ |
377 | | static int hf_kerberos_encTGSRepPart; /* EncTGSRepPart */ |
378 | | static int hf_kerberos_encAPRepPart; /* EncAPRepPart */ |
379 | | static int hf_kerberos_encKrbPrivPart; /* ENC_KRB_PRIV_PART */ |
380 | | static int hf_kerberos_encKrbCredPart; /* EncKrbCredPart */ |
381 | | static int hf_kerberos_krb_error; /* KRB_ERROR */ |
382 | | static int hf_kerberos_name_type; /* NAME_TYPE */ |
383 | | static int hf_kerberos_name_string; /* SEQUENCE_OF_KerberosString */ |
384 | | static int hf_kerberos_name_string_item; /* KerberosString */ |
385 | | static int hf_kerberos_cname_string; /* SEQUENCE_OF_CNameString */ |
386 | | static int hf_kerberos_cname_string_item; /* CNameString */ |
387 | | static int hf_kerberos_sname_string; /* SEQUENCE_OF_SNameString */ |
388 | | static int hf_kerberos_sname_string_item; /* SNameString */ |
389 | | static int hf_kerberos_addr_type; /* ADDR_TYPE */ |
390 | | static int hf_kerberos_address; /* T_address */ |
391 | | static int hf_kerberos_HostAddresses_item; /* HostAddress */ |
392 | | static int hf_kerberos_AuthorizationData_item; /* AuthorizationData_item */ |
393 | | static int hf_kerberos_ad_type; /* AUTHDATA_TYPE */ |
394 | | static int hf_kerberos_ad_data; /* T_ad_data */ |
395 | | static int hf_kerberos_padata_type; /* PADATA_TYPE */ |
396 | | static int hf_kerberos_padata_value; /* T_padata_value */ |
397 | | static int hf_kerberos_keytype; /* T_keytype */ |
398 | | static int hf_kerberos_keyvalue; /* T_keyvalue */ |
399 | | static int hf_kerberos_cksumtype; /* CKSUMTYPE */ |
400 | | static int hf_kerberos_checksum; /* T_checksum */ |
401 | | static int hf_kerberos_etype; /* ENCTYPE */ |
402 | | static int hf_kerberos_kvno; /* UInt32 */ |
403 | | static int hf_kerberos_encryptedTicketData_cipher; /* T_encryptedTicketData_cipher */ |
404 | | static int hf_kerberos_encryptedAuthorizationData_cipher; /* T_encryptedAuthorizationData_cipher */ |
405 | | static int hf_kerberos_encryptedAuthenticator_cipher; /* T_encryptedAuthenticator_cipher */ |
406 | | static int hf_kerberos_encryptedKDCREPData_cipher; /* T_encryptedKDCREPData_cipher */ |
407 | | static int hf_kerberos_encryptedAPREPData_cipher; /* T_encryptedAPREPData_cipher */ |
408 | | static int hf_kerberos_encryptedKrbPrivData_cipher; /* T_encryptedKrbPrivData_cipher */ |
409 | | static int hf_kerberos_encryptedKrbCredData_cipher; /* T_encryptedKrbCredData_cipher */ |
410 | | static int hf_kerberos_tkt_vno; /* INTEGER_5 */ |
411 | | static int hf_kerberos_realm; /* Realm */ |
412 | | static int hf_kerberos_sname; /* SName */ |
413 | | static int hf_kerberos_ticket_enc_part; /* EncryptedTicketData */ |
414 | | static int hf_kerberos_flags; /* TicketFlags */ |
415 | | static int hf_kerberos_encTicketPart_key; /* T_encTicketPart_key */ |
416 | | static int hf_kerberos_crealm; /* Realm */ |
417 | | static int hf_kerberos_cname; /* CName */ |
418 | | static int hf_kerberos_transited; /* TransitedEncoding */ |
419 | | static int hf_kerberos_authtime; /* KerberosTime */ |
420 | | static int hf_kerberos_starttime; /* KerberosTime */ |
421 | | static int hf_kerberos_endtime; /* KerberosTime */ |
422 | | static int hf_kerberos_renew_till; /* KerberosTime */ |
423 | | static int hf_kerberos_caddr; /* HostAddresses */ |
424 | | static int hf_kerberos_authorization_data; /* AuthorizationData */ |
425 | | static int hf_kerberos_tr_type; /* Int32 */ |
426 | | static int hf_kerberos_contents; /* OCTET_STRING */ |
427 | | static int hf_kerberos_pvno; /* INTEGER_5 */ |
428 | | static int hf_kerberos_msg_type; /* MESSAGE_TYPE */ |
429 | | static int hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA; /* T_rEQ_SEQUENCE_OF_PA_DATA */ |
430 | | static int hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA_item; /* PA_DATA */ |
431 | | static int hf_kerberos_req_body; /* KDC_REQ_BODY */ |
432 | | static int hf_kerberos_kdc_options; /* KDCOptions */ |
433 | | static int hf_kerberos_from; /* KerberosTime */ |
434 | | static int hf_kerberos_till; /* KerberosTime */ |
435 | | static int hf_kerberos_rtime; /* KerberosTime */ |
436 | | static int hf_kerberos_nonce; /* UInt32 */ |
437 | | static int hf_kerberos_kDC_REQ_BODY_etype; /* SEQUENCE_OF_ENCTYPE */ |
438 | | static int hf_kerberos_kDC_REQ_BODY_etype_item; /* ENCTYPE */ |
439 | | static int hf_kerberos_addresses; /* HostAddresses */ |
440 | | static int hf_kerberos_enc_authorization_data; /* EncryptedAuthorizationData */ |
441 | | static int hf_kerberos_additional_tickets; /* SEQUENCE_OF_Ticket */ |
442 | | static int hf_kerberos_additional_tickets_item; /* Ticket */ |
443 | | static int hf_kerberos_rEP_SEQUENCE_OF_PA_DATA; /* T_rEP_SEQUENCE_OF_PA_DATA */ |
444 | | static int hf_kerberos_rEP_SEQUENCE_OF_PA_DATA_item; /* PA_DATA */ |
445 | | static int hf_kerberos_kDC_REP_enc_part; /* EncryptedKDCREPData */ |
446 | | static int hf_kerberos_encKDCRepPart_key; /* T_encKDCRepPart_key */ |
447 | | static int hf_kerberos_last_req; /* LastReq */ |
448 | | static int hf_kerberos_key_expiration; /* KerberosTime */ |
449 | | static int hf_kerberos_srealm; /* Realm */ |
450 | | static int hf_kerberos_encrypted_pa_data; /* T_encrypted_pa_data */ |
451 | | static int hf_kerberos_LastReq_item; /* LastReq_item */ |
452 | | static int hf_kerberos_lr_type; /* LR_TYPE */ |
453 | | static int hf_kerberos_lr_value; /* KerberosTime */ |
454 | | static int hf_kerberos_ap_options; /* APOptions */ |
455 | | static int hf_kerberos_authenticator_enc_part; /* EncryptedAuthenticator */ |
456 | | static int hf_kerberos_authenticator_vno; /* INTEGER_5 */ |
457 | | static int hf_kerberos_cksum; /* Checksum */ |
458 | | static int hf_kerberos_cusec; /* Microseconds */ |
459 | | static int hf_kerberos_ctime; /* KerberosTime */ |
460 | | static int hf_kerberos_authenticator_subkey; /* T_authenticator_subkey */ |
461 | | static int hf_kerberos_seq_number; /* UInt32 */ |
462 | | static int hf_kerberos_aP_REP_enc_part; /* EncryptedAPREPData */ |
463 | | static int hf_kerberos_encAPRepPart_subkey; /* T_encAPRepPart_subkey */ |
464 | | static int hf_kerberos_safe_body; /* KRB_SAFE_BODY */ |
465 | | static int hf_kerberos_kRB_SAFE_BODY_user_data; /* T_kRB_SAFE_BODY_user_data */ |
466 | | static int hf_kerberos_timestamp; /* KerberosTime */ |
467 | | static int hf_kerberos_usec; /* Microseconds */ |
468 | | static int hf_kerberos_s_address; /* HostAddress */ |
469 | | static int hf_kerberos_r_address; /* HostAddress */ |
470 | | static int hf_kerberos_kRB_PRIV_enc_part; /* EncryptedKrbPrivData */ |
471 | | static int hf_kerberos_encKrbPrivPart_user_data; /* T_encKrbPrivPart_user_data */ |
472 | | static int hf_kerberos_tickets; /* SEQUENCE_OF_Ticket */ |
473 | | static int hf_kerberos_tickets_item; /* Ticket */ |
474 | | static int hf_kerberos_kRB_CRED_enc_part; /* EncryptedKrbCredData */ |
475 | | static int hf_kerberos_ticket_info; /* SEQUENCE_OF_KrbCredInfo */ |
476 | | static int hf_kerberos_ticket_info_item; /* KrbCredInfo */ |
477 | | static int hf_kerberos_krbCredInfo_key; /* T_krbCredInfo_key */ |
478 | | static int hf_kerberos_prealm; /* Realm */ |
479 | | static int hf_kerberos_pname; /* PrincipalName */ |
480 | | static int hf_kerberos_stime; /* KerberosTime */ |
481 | | static int hf_kerberos_susec; /* Microseconds */ |
482 | | static int hf_kerberos_error_code; /* ERROR_CODE */ |
483 | | static int hf_kerberos_e_text; /* KerberosString */ |
484 | | static int hf_kerberos_e_data; /* T_e_data */ |
485 | | static int hf_kerberos_e_checksum; /* Checksum */ |
486 | | static int hf_kerberos_METHOD_DATA_item; /* PA_DATA */ |
487 | | static int hf_kerberos_pA_ENC_TIMESTAMP_cipher; /* T_pA_ENC_TIMESTAMP_cipher */ |
488 | | static int hf_kerberos_info_salt; /* OCTET_STRING */ |
489 | | static int hf_kerberos_ETYPE_INFO_item; /* ETYPE_INFO_ENTRY */ |
490 | | static int hf_kerberos_info2_salt; /* KerberosString */ |
491 | | static int hf_kerberos_s2kparams; /* OCTET_STRING */ |
492 | | static int hf_kerberos_ETYPE_INFO2_item; /* ETYPE_INFO2_ENTRY */ |
493 | | static int hf_kerberos_server_name; /* PrincipalName */ |
494 | | static int hf_kerberos_include_pac; /* BOOLEAN */ |
495 | | static int hf_kerberos_name; /* PrincipalName */ |
496 | | static int hf_kerberos_auth; /* GeneralString */ |
497 | | static int hf_kerberos_user_id; /* S4UUserID */ |
498 | | static int hf_kerberos_checksum_01; /* Checksum */ |
499 | | static int hf_kerberos_cname_01; /* PrincipalName */ |
500 | | static int hf_kerberos_subject_certificate; /* T_subject_certificate */ |
501 | | static int hf_kerberos_options; /* BIT_STRING */ |
502 | | static int hf_kerberos_flags_01; /* PAC_OPTIONS_FLAGS */ |
503 | | static int hf_kerberos_restriction_type; /* Int32 */ |
504 | | static int hf_kerberos_restriction; /* OCTET_STRING */ |
505 | | static int hf_kerberos_PA_KERB_KEY_LIST_REQ_item; /* ENCTYPE */ |
506 | | static int hf_kerberos_kerbKeyListRep_key; /* PA_KERB_KEY_LIST_REP_item */ |
507 | | static int hf_kerberos_srppa_group; /* KRB5_SRP_GROUP */ |
508 | | static int hf_kerberos_salt; /* OCTET_STRING */ |
509 | | static int hf_kerberos_iterations; /* UInt32 */ |
510 | | static int hf_kerberos_groups; /* SET_OF_KRB5_SRP_PA */ |
511 | | static int hf_kerberos_groups_item; /* KRB5_SRP_PA */ |
512 | | static int hf_kerberos_as_req_01; /* Checksum */ |
513 | | static int hf_kerberos_group; /* UInt32 */ |
514 | | static int hf_kerberos_a; /* OCTET_STRING */ |
515 | | static int hf_kerberos_AD_AUTHENTICATION_INDICATOR_item; /* UTF8String */ |
516 | | static int hf_kerberos_elements; /* AuthorizationData */ |
517 | | static int hf_kerberos_kdc_verifier; /* Verifier_MAC */ |
518 | | static int hf_kerberos_svc_verifier; /* Verifier_MAC */ |
519 | | static int hf_kerberos_other_verifiers; /* SEQUENCE_SIZE_1_MAX_OF_Verifier */ |
520 | | static int hf_kerberos_other_verifiers_item; /* Verifier */ |
521 | | static int hf_kerberos_mac; /* Verifier_MAC */ |
522 | | static int hf_kerberos_identifier; /* PrincipalName */ |
523 | | static int hf_kerberos_enctype; /* Int32 */ |
524 | | static int hf_kerberos_mac_01; /* Checksum */ |
525 | | static int hf_kerberos_newpasswd; /* OCTET_STRING */ |
526 | | static int hf_kerberos_targname; /* PrincipalName */ |
527 | | static int hf_kerberos_targrealm; /* Realm */ |
528 | | static int hf_kerberos_pa_type; /* PADATA_TYPE */ |
529 | | static int hf_kerberos_pa_hint; /* OCTET_STRING */ |
530 | | static int hf_kerberos_pa_value; /* OCTET_STRING */ |
531 | | static int hf_kerberos_armor_type; /* KrbFastArmorTypes */ |
532 | | static int hf_kerberos_armor_value; /* T_armor_value */ |
533 | | static int hf_kerberos_armored_data_request; /* KrbFastArmoredReq */ |
534 | | static int hf_kerberos_encryptedKrbFastReq_cipher; /* T_encryptedKrbFastReq_cipher */ |
535 | | static int hf_kerberos_armor; /* KrbFastArmor */ |
536 | | static int hf_kerberos_req_checksum; /* Checksum */ |
537 | | static int hf_kerberos_enc_fast_req; /* EncryptedKrbFastReq */ |
538 | | static int hf_kerberos_armored_data_reply; /* KrbFastArmoredRep */ |
539 | | static int hf_kerberos_encryptedKrbFastResponse_cipher; /* T_encryptedKrbFastResponse_cipher */ |
540 | | static int hf_kerberos_enc_fast_rep; /* EncryptedKrbFastResponse */ |
541 | | static int hf_kerberos_encryptedChallenge_cipher; /* T_encryptedChallenge_cipher */ |
542 | | static int hf_kerberos_cipher; /* OCTET_STRING */ |
543 | | static int hf_kerberos_groups_01; /* SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup */ |
544 | | static int hf_kerberos_groups_item_01; /* SPAKEGroup */ |
545 | | static int hf_kerberos_spake_group; /* SPAKEGroup */ |
546 | | static int hf_kerberos_pubkey; /* OCTET_STRING */ |
547 | | static int hf_kerberos_factors; /* SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor */ |
548 | | static int hf_kerberos_factors_item; /* SPAKESecondFactor */ |
549 | | static int hf_kerberos_type; /* SPAKESecondFactorType */ |
550 | | static int hf_kerberos_data; /* OCTET_STRING */ |
551 | | static int hf_kerberos_factor; /* EncryptedSpakeResponseData */ |
552 | | static int hf_kerberos_support; /* SPAKESupport */ |
553 | | static int hf_kerberos_challenge; /* SPAKEChallenge */ |
554 | | static int hf_kerberos_response; /* SPAKEResponse */ |
555 | | static int hf_kerberos_encdata; /* EncryptedSpakeData */ |
556 | | /* named bits */ |
557 | | static int hf_kerberos_APOptions_reserved; |
558 | | static int hf_kerberos_APOptions_use_session_key; |
559 | | static int hf_kerberos_APOptions_mutual_required; |
560 | | static int hf_kerberos_TicketFlags_reserved; |
561 | | static int hf_kerberos_TicketFlags_forwardable; |
562 | | static int hf_kerberos_TicketFlags_forwarded; |
563 | | static int hf_kerberos_TicketFlags_proxiable; |
564 | | static int hf_kerberos_TicketFlags_proxy; |
565 | | static int hf_kerberos_TicketFlags_may_postdate; |
566 | | static int hf_kerberos_TicketFlags_postdated; |
567 | | static int hf_kerberos_TicketFlags_invalid; |
568 | | static int hf_kerberos_TicketFlags_renewable; |
569 | | static int hf_kerberos_TicketFlags_initial; |
570 | | static int hf_kerberos_TicketFlags_pre_authent; |
571 | | static int hf_kerberos_TicketFlags_hw_authent; |
572 | | static int hf_kerberos_TicketFlags_transited_policy_checked; |
573 | | static int hf_kerberos_TicketFlags_ok_as_delegate; |
574 | | static int hf_kerberos_TicketFlags_unused; |
575 | | static int hf_kerberos_TicketFlags_enc_pa_rep; |
576 | | static int hf_kerberos_TicketFlags_anonymous; |
577 | | static int hf_kerberos_KDCOptions_reserved; |
578 | | static int hf_kerberos_KDCOptions_forwardable; |
579 | | static int hf_kerberos_KDCOptions_forwarded; |
580 | | static int hf_kerberos_KDCOptions_proxiable; |
581 | | static int hf_kerberos_KDCOptions_proxy; |
582 | | static int hf_kerberos_KDCOptions_allow_postdate; |
583 | | static int hf_kerberos_KDCOptions_postdated; |
584 | | static int hf_kerberos_KDCOptions_unused7; |
585 | | static int hf_kerberos_KDCOptions_renewable; |
586 | | static int hf_kerberos_KDCOptions_unused9; |
587 | | static int hf_kerberos_KDCOptions_unused10; |
588 | | static int hf_kerberos_KDCOptions_opt_hardware_auth; |
589 | | static int hf_kerberos_KDCOptions_unused12; |
590 | | static int hf_kerberos_KDCOptions_unused13; |
591 | | static int hf_kerberos_KDCOptions_constrained_delegation; |
592 | | static int hf_kerberos_KDCOptions_canonicalize; |
593 | | static int hf_kerberos_KDCOptions_request_anonymous; |
594 | | static int hf_kerberos_KDCOptions_unused17; |
595 | | static int hf_kerberos_KDCOptions_unused18; |
596 | | static int hf_kerberos_KDCOptions_unused19; |
597 | | static int hf_kerberos_KDCOptions_unused20; |
598 | | static int hf_kerberos_KDCOptions_unused21; |
599 | | static int hf_kerberos_KDCOptions_unused22; |
600 | | static int hf_kerberos_KDCOptions_unused23; |
601 | | static int hf_kerberos_KDCOptions_unused24; |
602 | | static int hf_kerberos_KDCOptions_unused25; |
603 | | static int hf_kerberos_KDCOptions_disable_transited_check; |
604 | | static int hf_kerberos_KDCOptions_renewable_ok; |
605 | | static int hf_kerberos_KDCOptions_enc_tkt_in_skey; |
606 | | static int hf_kerberos_KDCOptions_unused29; |
607 | | static int hf_kerberos_KDCOptions_renew; |
608 | | static int hf_kerberos_KDCOptions_validate; |
609 | | static int hf_kerberos_PAC_OPTIONS_FLAGS_claims; |
610 | | static int hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware; |
611 | | static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc; |
612 | | static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation; |
613 | | |
614 | | /* Initialize the subtree pointers */ |
615 | | static int ett_kerberos; |
616 | | static int ett_krb_recordmark; |
617 | | static int ett_krb_pac; |
618 | | static int ett_krb_pac_drep; |
619 | | static int ett_krb_pac_midl_blob; |
620 | | static int ett_krb_pac_logon_info; |
621 | | static int ett_krb_pac_credential_info; |
622 | | static int ett_krb_pac_s4u_delegation_info; |
623 | | static int ett_krb_pac_upn_dns_info; |
624 | | static int ett_krb_pac_upn_dns_info_flags; |
625 | | static int ett_krb_pac_client_claims_info; |
626 | | static int ett_krb_pac_device_info; |
627 | | static int ett_krb_pac_device_claims_info; |
628 | | static int ett_krb_pac_server_checksum; |
629 | | static int ett_krb_pac_privsvr_checksum; |
630 | | static int ett_krb_pac_client_info_type; |
631 | | static int ett_krb_pac_ticket_checksum; |
632 | | static int ett_krb_pac_attributes_info; |
633 | | static int ett_krb_pac_attributes_info_flags; |
634 | | static int ett_krb_pac_requester_sid; |
635 | | static int ett_krb_pac_full_checksum; |
636 | | static int ett_krb_pa_supported_enctypes; |
637 | | static int ett_krb_ad_ap_options; |
638 | | static int ett_kerberos_KERB_TICKET_LOGON; |
639 | | #ifdef HAVE_KERBEROS |
640 | | static int ett_krb_pa_enc_ts_enc; |
641 | | static int ett_kerberos_KrbFastFinished; |
642 | | static int ett_kerberos_KrbFastResponse; |
643 | | static int ett_kerberos_KrbFastReq; |
644 | | static int ett_kerberos_FastOptions; |
645 | | #endif |
646 | | static int ett_kerberos_Applications; |
647 | | static int ett_kerberos_PrincipalName; |
648 | | static int ett_kerberos_SEQUENCE_OF_KerberosString; |
649 | | static int ett_kerberos_CName; |
650 | | static int ett_kerberos_SEQUENCE_OF_CNameString; |
651 | | static int ett_kerberos_SName; |
652 | | static int ett_kerberos_SEQUENCE_OF_SNameString; |
653 | | static int ett_kerberos_HostAddress; |
654 | | static int ett_kerberos_HostAddresses; |
655 | | static int ett_kerberos_AuthorizationData; |
656 | | static int ett_kerberos_AuthorizationData_item; |
657 | | static int ett_kerberos_PA_DATA; |
658 | | static int ett_kerberos_EncryptionKey; |
659 | | static int ett_kerberos_Checksum; |
660 | | static int ett_kerberos_EncryptedTicketData; |
661 | | static int ett_kerberos_EncryptedAuthorizationData; |
662 | | static int ett_kerberos_EncryptedAuthenticator; |
663 | | static int ett_kerberos_EncryptedKDCREPData; |
664 | | static int ett_kerberos_EncryptedAPREPData; |
665 | | static int ett_kerberos_EncryptedKrbPrivData; |
666 | | static int ett_kerberos_EncryptedKrbCredData; |
667 | | static int ett_kerberos_Ticket_U; |
668 | | static int ett_kerberos_EncTicketPart_U; |
669 | | static int ett_kerberos_TransitedEncoding; |
670 | | static int ett_kerberos_KDC_REQ; |
671 | | static int ett_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA; |
672 | | static int ett_kerberos_KDC_REQ_BODY; |
673 | | static int ett_kerberos_SEQUENCE_OF_ENCTYPE; |
674 | | static int ett_kerberos_SEQUENCE_OF_Ticket; |
675 | | static int ett_kerberos_KDC_REP; |
676 | | static int ett_kerberos_T_rEP_SEQUENCE_OF_PA_DATA; |
677 | | static int ett_kerberos_EncKDCRepPart; |
678 | | static int ett_kerberos_LastReq; |
679 | | static int ett_kerberos_LastReq_item; |
680 | | static int ett_kerberos_AP_REQ_U; |
681 | | static int ett_kerberos_Authenticator_U; |
682 | | static int ett_kerberos_AP_REP_U; |
683 | | static int ett_kerberos_EncAPRepPart_U; |
684 | | static int ett_kerberos_KRB_SAFE_U; |
685 | | static int ett_kerberos_KRB_SAFE_BODY; |
686 | | static int ett_kerberos_KRB_PRIV_U; |
687 | | static int ett_kerberos_EncKrbPrivPart; |
688 | | static int ett_kerberos_KRB_CRED_U; |
689 | | static int ett_kerberos_EncKrbCredPart_U; |
690 | | static int ett_kerberos_SEQUENCE_OF_KrbCredInfo; |
691 | | static int ett_kerberos_KrbCredInfo; |
692 | | static int ett_kerberos_KRB_ERROR_U; |
693 | | static int ett_kerberos_METHOD_DATA; |
694 | | static int ett_kerberos_PA_ENC_TIMESTAMP; |
695 | | static int ett_kerberos_ETYPE_INFO_ENTRY; |
696 | | static int ett_kerberos_ETYPE_INFO; |
697 | | static int ett_kerberos_ETYPE_INFO2_ENTRY; |
698 | | static int ett_kerberos_ETYPE_INFO2; |
699 | | static int ett_kerberos_TGT_REQ; |
700 | | static int ett_kerberos_TGT_REP; |
701 | | static int ett_kerberos_APOptions; |
702 | | static int ett_kerberos_TicketFlags; |
703 | | static int ett_kerberos_KDCOptions; |
704 | | static int ett_kerberos_PA_PAC_REQUEST; |
705 | | static int ett_kerberos_PA_S4U2Self; |
706 | | static int ett_kerberos_PA_S4U_X509_USER; |
707 | | static int ett_kerberos_S4UUserID; |
708 | | static int ett_kerberos_PAC_OPTIONS_FLAGS; |
709 | | static int ett_kerberos_PA_PAC_OPTIONS; |
710 | | static int ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U; |
711 | | static int ett_kerberos_PA_KERB_KEY_LIST_REQ; |
712 | | static int ett_kerberos_PA_KERB_KEY_LIST_REP; |
713 | | static int ett_kerberos_KRB5_SRP_PA; |
714 | | static int ett_kerberos_KRB5_SRP_PA_ANNOUNCE; |
715 | | static int ett_kerberos_SET_OF_KRB5_SRP_PA; |
716 | | static int ett_kerberos_KRB5_SRP_PA_INIT_U; |
717 | | static int ett_kerberos_AD_AUTHENTICATION_INDICATOR; |
718 | | static int ett_kerberos_AD_CAMMAC; |
719 | | static int ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier; |
720 | | static int ett_kerberos_Verifier; |
721 | | static int ett_kerberos_Verifier_MAC; |
722 | | static int ett_kerberos_ChangePasswdData; |
723 | | static int ett_kerberos_PA_AUTHENTICATION_SET_ELEM; |
724 | | static int ett_kerberos_KrbFastArmor; |
725 | | static int ett_kerberos_PA_FX_FAST_REQUEST; |
726 | | static int ett_kerberos_EncryptedKrbFastReq; |
727 | | static int ett_kerberos_KrbFastArmoredReq; |
728 | | static int ett_kerberos_PA_FX_FAST_REPLY; |
729 | | static int ett_kerberos_EncryptedKrbFastResponse; |
730 | | static int ett_kerberos_KrbFastArmoredRep; |
731 | | static int ett_kerberos_EncryptedChallenge; |
732 | | static int ett_kerberos_EncryptedSpakeData; |
733 | | static int ett_kerberos_EncryptedSpakeResponseData; |
734 | | static int ett_kerberos_SPAKESupport; |
735 | | static int ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup; |
736 | | static int ett_kerberos_SPAKEChallenge; |
737 | | static int ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor; |
738 | | static int ett_kerberos_SPAKESecondFactor; |
739 | | static int ett_kerberos_SPAKEResponse; |
740 | | static int ett_kerberos_PA_SPAKE; |
741 | | |
742 | | static expert_field ei_kerberos_missing_keytype; |
743 | | static expert_field ei_kerberos_decrypted_keytype; |
744 | | static expert_field ei_kerberos_learnt_keytype; |
745 | | static expert_field ei_kerberos_address; |
746 | | static expert_field ei_krb_gssapi_dlglen; |
747 | | |
748 | | static dissector_handle_t krb4_handle; |
749 | | |
750 | | /* Global variables */ |
751 | | static uint32_t gbl_keytype; |
752 | | static bool gbl_do_col_info; |
753 | | |
754 | | #define id_krb5 "1.3.6.1.5.2" |
755 | | |
756 | | typedef enum _KERBEROS_AUTHDATA_TYPE_enum { |
757 | | KERBEROS_AD_IF_RELEVANT = 1, |
758 | | KERBEROS_AD_INTENDED_FOR_SERVER = 2, |
759 | | KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS = 3, |
760 | | KERBEROS_AD_KDC_ISSUED = 4, |
761 | | KERBEROS_AD_AND_OR = 5, |
762 | | KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS = 6, |
763 | | KERBEROS_AD_IN_TICKET_EXTENSIONS = 7, |
764 | | KERBEROS_AD_MANDATORY_FOR_KDC = 8, |
765 | | KERBEROS_AD_INITIAL_VERIFIED_CAS = 9, |
766 | | KERBEROS_AD_OSF_DCE = 64, |
767 | | KERBEROS_AD_SESAME = 65, |
768 | | KERBEROS_AD_OSF_DCE_PKI_CERTID = 66, |
769 | | KERBEROS_AD_AUTHENTICATION_STRENGTH = 70, |
770 | | KERBEROS_AD_FX_FAST_ARMOR = 71, |
771 | | KERBEROS_AD_FX_FAST_USED = 72, |
772 | | KERBEROS_AD_CAMMAC = 96, |
773 | | KERBEROS_AD_AUTHENTICATION_INDICATOR = 97, |
774 | | KERBEROS_AD_WIN2K_PAC = 128, |
775 | | KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION = 129, |
776 | | KERBEROS_AD_TOKEN_RESTRICTIONS = 141, |
777 | | KERBEROS_AD_LOCAL = 142, |
778 | | KERBEROS_AD_AP_OPTIONS = 143, |
779 | | KERBEROS_AD_TARGET_PRINCIPAL = 144, |
780 | | KERBEROS_AD_SIGNTICKET_OLDER = -17, |
781 | | KERBEROS_AD_SIGNTICKET = 512, |
782 | | KERBEROS_AD_PFS = 513 |
783 | | } KERBEROS_AUTHDATA_TYPE_enum; |
784 | | |
785 | | /* enumerated values for ADDR_TYPE */ |
786 | 0 | #define KERBEROS_ADDR_TYPE_IPV4 2 |
787 | | #define KERBEROS_ADDR_TYPE_CHAOS 5 |
788 | | #define KERBEROS_ADDR_TYPE_XEROX 6 |
789 | | #define KERBEROS_ADDR_TYPE_ISO 7 |
790 | | #define KERBEROS_ADDR_TYPE_DECNET 12 |
791 | | #define KERBEROS_ADDR_TYPE_APPLETALK 16 |
792 | 0 | #define KERBEROS_ADDR_TYPE_NETBIOS 20 |
793 | 0 | #define KERBEROS_ADDR_TYPE_IPV6 24 |
794 | | |
795 | | typedef enum _KERBEROS_PADATA_TYPE_enum { |
796 | | KERBEROS_PA_NONE = 0, |
797 | | KERBEROS_PA_TGS_REQ = 1, |
798 | | KERBEROS_PA_ENC_TIMESTAMP = 2, |
799 | | KERBEROS_PA_PW_SALT = 3, |
800 | | KERBEROS_PA_ENC_UNIX_TIME = 5, |
801 | | KERBEROS_PA_SANDIA_SECUREID = 6, |
802 | | KERBEROS_PA_SESAME = 7, |
803 | | KERBEROS_PA_OSF_DCE = 8, |
804 | | KERBEROS_PA_CYBERSAFE_SECUREID = 9, |
805 | | KERBEROS_PA_AFS3_SALT = 10, |
806 | | KERBEROS_PA_ETYPE_INFO = 11, |
807 | | KERBEROS_PA_SAM_CHALLENGE = 12, |
808 | | KERBEROS_PA_SAM_RESPONSE = 13, |
809 | | KERBEROS_PA_PK_AS_REQ_19 = 14, |
810 | | KERBEROS_PA_PK_AS_REP_19 = 15, |
811 | | KERBEROS_PA_PK_AS_REQ = 16, |
812 | | KERBEROS_PA_PK_AS_REP = 17, |
813 | | KERBEROS_PA_PK_OCSP_RESPONSE = 18, |
814 | | KERBEROS_PA_ETYPE_INFO2 = 19, |
815 | | KERBEROS_PA_USE_SPECIFIED_KVNO = 20, |
816 | | KERBEROS_PA_SAM_REDIRECT = 21, |
817 | | KERBEROS_TD_PADATA = 22, |
818 | | KERBEROS_PA_SAM_ETYPE_INFO = 23, |
819 | | KERBEROS_PA_ALT_PRINC = 24, |
820 | | KERBEROS_PA_SERVER_REFERRAL = 25, |
821 | | KERBEROS_PA_SAM_CHALLENGE2 = 30, |
822 | | KERBEROS_PA_SAM_RESPONSE2 = 31, |
823 | | KERBEROS_PA_EXTRA_TGT = 41, |
824 | | KERBEROS_TD_PKINIT_CMS_CERTIFICATES = 101, |
825 | | KERBEROS_TD_KRB_PRINCIPAL = 102, |
826 | | KERBEROS_TD_KRB_REALM = 103, |
827 | | KERBEROS_TD_TRUSTED_CERTIFIERS = 104, |
828 | | KERBEROS_TD_CERTIFICATE_INDEX = 105, |
829 | | KERBEROS_TD_APP_DEFINED_ERROR = 106, |
830 | | KERBEROS_TD_REQ_NONCE = 107, |
831 | | KERBEROS_TD_REQ_SEQ = 108, |
832 | | KERBEROS_TD_DH_PARAMETERS = 109, |
833 | | KERBEROS_TD_CMS_DIGEST_ALGORITHMS = 111, |
834 | | KERBEROS_TD_CERT_DIGEST_ALGORITHMS = 112, |
835 | | KERBEROS_PA_PAC_REQUEST = 128, |
836 | | KERBEROS_PA_FOR_USER = 129, |
837 | | KERBEROS_PA_FOR_X509_USER = 130, |
838 | | KERBEROS_PA_FOR_CHECK_DUPS = 131, |
839 | | KERBEROS_PA_PK_AS_09_BINDING = 132, |
840 | | KERBEROS_PA_FX_COOKIE = 133, |
841 | | KERBEROS_PA_AUTHENTICATION_SET = 134, |
842 | | KERBEROS_PA_AUTH_SET_SELECTED = 135, |
843 | | KERBEROS_PA_FX_FAST = 136, |
844 | | KERBEROS_PA_FX_ERROR = 137, |
845 | | KERBEROS_PA_ENCRYPTED_CHALLENGE = 138, |
846 | | KERBEROS_PA_OTP_CHALLENGE = 141, |
847 | | KERBEROS_PA_OTP_REQUEST = 142, |
848 | | KERBEROS_PA_OTP_CONFIRM = 143, |
849 | | KERBEROS_PA_OTP_PIN_CHANGE = 144, |
850 | | KERBEROS_PA_EPAK_AS_REQ = 145, |
851 | | KERBEROS_PA_EPAK_AS_REP = 146, |
852 | | KERBEROS_PA_PKINIT_KX = 147, |
853 | | KERBEROS_PA_PKU2U_NAME = 148, |
854 | | KERBEROS_PA_REQ_ENC_PA_REP = 149, |
855 | | KERBEROS_PA_AS_FRESHNESS = 150, |
856 | | KERBEROS_PA_SPAKE = 151, |
857 | | KERBEROS_PA_REDHAT_IDP_OAUTH2 = 152, |
858 | | KERBEROS_PA_REDHAT_PASSKEY = 153, |
859 | | KERBEROS_PA_KERB_KEY_LIST_REQ = 161, |
860 | | KERBEROS_PA_KERB_KEY_LIST_REP = 162, |
861 | | KERBEROS_PA_SUPPORTED_ETYPES = 165, |
862 | | KERBEROS_PA_EXTENDED_ERROR = 166, |
863 | | KERBEROS_PA_PAC_OPTIONS = 167, |
864 | | KERBEROS_PA_SRP = 250, |
865 | | KERBEROS_PA_PROV_SRV_LOCATION = -1 |
866 | | } KERBEROS_PADATA_TYPE_enum; |
867 | | |
868 | | typedef enum _KERBEROS_KRBFASTARMORTYPES_enum { |
869 | | KERBEROS_FX_FAST_RESERVED = 0, |
870 | | KERBEROS_FX_FAST_ARMOR_AP_REQUEST = 1 |
871 | | } KERBEROS_KRBFASTARMORTYPES_enum; |
872 | | |
873 | | static void |
874 | | call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb) |
875 | 3 | { |
876 | 3 | if(!cb){ |
877 | 3 | return; |
878 | 3 | } |
879 | | |
880 | 0 | while(cb->tag){ |
881 | 0 | if(cb->tag==tag){ |
882 | 0 | cb->callback(pinfo, tvb, tree); |
883 | 0 | return; |
884 | 0 | } |
885 | 0 | cb++; |
886 | 0 | } |
887 | 0 | return; |
888 | 0 | } |
889 | | |
890 | | static int |
891 | | krb5_frame_compare(gconstpointer a, gconstpointer b) |
892 | 81 | { |
893 | 81 | kerberos_frame_t *fa = (kerberos_frame_t *)a; |
894 | 81 | kerberos_frame_t *fb = (kerberos_frame_t *)b; |
895 | | |
896 | 81 | return fa->frame - fb->frame; |
897 | 81 | } |
898 | | |
899 | | static kerberos_conv_t *krb5_conv_find_or_create(packet_info *pinfo) |
900 | 137 | { |
901 | 137 | conversation_t *conversation = NULL; |
902 | 137 | kerberos_conv_t *kconv = NULL; |
903 | | |
904 | 137 | conversation = find_or_create_conversation(pinfo); |
905 | 137 | kconv = (kerberos_conv_t *)conversation_get_proto_data(conversation, |
906 | 137 | proto_kerberos); |
907 | 137 | if (kconv == NULL) { |
908 | 64 | kconv = wmem_new0(wmem_file_scope(), kerberos_conv_t); |
909 | 64 | kconv->frames = wmem_list_new(wmem_file_scope()); |
910 | | |
911 | 64 | conversation_add_proto_data(conversation, proto_kerberos, kconv); |
912 | 64 | } |
913 | | |
914 | 137 | return kconv; |
915 | 137 | } |
916 | | |
917 | | static void krb5_conf_add_request(asn1_ctx_t *actx) |
918 | 4 | { |
919 | 4 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
920 | 4 | packet_info *pinfo = actx->pinfo; |
921 | 4 | kerberos_frame_t _krqf = { .frame = 0, }; |
922 | 4 | kerberos_frame_t *krqf = NULL; |
923 | 4 | wmem_list_frame_t *wf = NULL; |
924 | 4 | kerberos_frame_t *krpf = NULL; |
925 | | |
926 | 4 | if (private_data->krb5_conv == NULL) |
927 | 2 | return; |
928 | | |
929 | 2 | switch (private_data->msg_type) { |
930 | 0 | case KERBEROS_APPLICATIONS_AS_REQ: |
931 | 0 | case KERBEROS_APPLICATIONS_TGS_REQ: |
932 | 0 | break; |
933 | 2 | default: |
934 | 2 | return; |
935 | 2 | } |
936 | | |
937 | 0 | if (!pinfo->fd->visited) { |
938 | 0 | krqf = wmem_new0(wmem_file_scope(), kerberos_frame_t); |
939 | 0 | if (krqf == NULL) { |
940 | 0 | return; |
941 | 0 | } |
942 | 0 | } else { |
943 | 0 | krqf = &_krqf; |
944 | 0 | } |
945 | | |
946 | 0 | krqf->frame = pinfo->num; |
947 | 0 | krqf->frame_time = pinfo->abs_ts; |
948 | 0 | krqf->msg_type = private_data->msg_type; |
949 | | #ifdef HAVE_KERBEROS |
950 | | if (private_data->PA_TGS_REQ_subkey != NULL) { |
951 | | krqf->tgs_authenticator_subkey = true; |
952 | | } |
953 | | #endif |
954 | 0 | krqf->srt_idx = -1; |
955 | |
|
956 | 0 | if (!pinfo->fd->visited) { |
957 | 0 | wmem_list_insert_sorted(private_data->krb5_conv->frames, |
958 | 0 | krqf, krb5_frame_compare); |
959 | 0 | } |
960 | |
|
961 | 0 | wf = wmem_list_find_custom(private_data->krb5_conv->frames, |
962 | 0 | krqf, krb5_frame_compare); |
963 | 0 | if (wf != NULL) { |
964 | | /* The next one should be the response */ |
965 | 0 | wf = wmem_list_frame_next(wf); |
966 | 0 | } |
967 | 0 | if (wf == NULL) { |
968 | 0 | return; |
969 | 0 | } |
970 | 0 | krpf = (kerberos_frame_t *)wmem_list_frame_data(wf); |
971 | |
|
972 | 0 | switch (krpf->msg_type) { |
973 | 0 | case KERBEROS_APPLICATIONS_AS_REP: |
974 | 0 | case KERBEROS_APPLICATIONS_TGS_REP: |
975 | 0 | case KERBEROS_APPLICATIONS_KRB_ERROR: |
976 | 0 | break; |
977 | 0 | default: |
978 | 0 | return; |
979 | 0 | } |
980 | | |
981 | 0 | private_data->frame_rep = krpf->frame; |
982 | 0 | } |
983 | | |
984 | | static void krb5_conf_add_response(asn1_ctx_t *actx) |
985 | 11 | { |
986 | 11 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
987 | 11 | packet_info *pinfo = actx->pinfo; |
988 | 11 | kerberos_frame_t _krpf = { .frame = 0, }; |
989 | 11 | kerberos_frame_t *krpf = NULL; |
990 | 11 | wmem_list_frame_t *wf = NULL; |
991 | 11 | kerberos_frame_t *krqf = NULL; |
992 | | |
993 | 11 | if (private_data->krb5_conv == NULL) |
994 | 0 | return; |
995 | | |
996 | 11 | switch (private_data->msg_type) { |
997 | 1 | case KERBEROS_APPLICATIONS_AS_REP: |
998 | 7 | case KERBEROS_APPLICATIONS_TGS_REP: |
999 | 9 | case KERBEROS_APPLICATIONS_KRB_ERROR: |
1000 | 9 | break; |
1001 | 2 | default: |
1002 | 2 | return; |
1003 | 11 | } |
1004 | | |
1005 | 9 | if (!pinfo->fd->visited) { |
1006 | 9 | krpf = wmem_new0(wmem_file_scope(), kerberos_frame_t); |
1007 | 9 | if (krpf == NULL) { |
1008 | 0 | return; |
1009 | 0 | } |
1010 | 9 | } else { |
1011 | 0 | krpf = &_krpf; |
1012 | 0 | } |
1013 | | |
1014 | 9 | krpf->frame = pinfo->num; |
1015 | 9 | krpf->frame_time = pinfo->abs_ts; |
1016 | 9 | krpf->msg_type = private_data->msg_type; |
1017 | 9 | krpf->srt_idx = -1; |
1018 | | |
1019 | 9 | if (!pinfo->fd->visited) { |
1020 | 9 | wmem_list_insert_sorted(private_data->krb5_conv->frames, |
1021 | 9 | krpf, krb5_frame_compare); |
1022 | 9 | } |
1023 | | |
1024 | 9 | wf = wmem_list_find_custom(private_data->krb5_conv->frames, |
1025 | 9 | krpf, krb5_frame_compare); |
1026 | 9 | if (wf != NULL) { |
1027 | | /* |
1028 | | * replace the pointer with the one allocated on |
1029 | | * wmem_file_scope() |
1030 | | */ |
1031 | 9 | krpf = (kerberos_frame_t *)wmem_list_frame_data(wf); |
1032 | | /* The previous one should be the request */ |
1033 | 9 | wf = wmem_list_frame_prev(wf); |
1034 | 9 | } |
1035 | 9 | if (wf == NULL) { |
1036 | 1 | return; |
1037 | 1 | } |
1038 | 8 | krqf = (kerberos_frame_t *)wmem_list_frame_data(wf); |
1039 | 8 | krpf->req = krqf; |
1040 | | |
1041 | 8 | switch (krqf->msg_type) { |
1042 | 0 | case KERBEROS_APPLICATIONS_AS_REQ: |
1043 | 0 | if (private_data->msg_type == KERBEROS_APPLICATIONS_AS_REP) { |
1044 | 0 | krpf->srt_idx = 0; |
1045 | 0 | break; |
1046 | 0 | } |
1047 | 0 | if (private_data->msg_type == KERBEROS_APPLICATIONS_KRB_ERROR) { |
1048 | 0 | krpf->srt_idx = 1; |
1049 | 0 | break; |
1050 | 0 | } |
1051 | 0 | return; |
1052 | 0 | case KERBEROS_APPLICATIONS_TGS_REQ: |
1053 | 0 | if (private_data->msg_type == KERBEROS_APPLICATIONS_TGS_REP) { |
1054 | 0 | krpf->srt_idx = 2; |
1055 | 0 | private_data->req_tgs_authenticator_subkey = |
1056 | 0 | krqf->tgs_authenticator_subkey; |
1057 | 0 | break; |
1058 | 0 | } |
1059 | 0 | if (private_data->msg_type == KERBEROS_APPLICATIONS_KRB_ERROR) { |
1060 | 0 | krpf->srt_idx = 3; |
1061 | 0 | break; |
1062 | 0 | } |
1063 | 0 | return; |
1064 | 8 | default: |
1065 | 8 | return; |
1066 | 8 | } |
1067 | | |
1068 | 0 | private_data->frame_req = krqf->frame; |
1069 | 0 | private_data->req_time = krqf->frame_time; |
1070 | |
|
1071 | 0 | tap_queue_packet(kerberos_tap, pinfo, krpf); |
1072 | 0 | } |
1073 | | |
1074 | | static void |
1075 | | krb5stat_init(struct register_srt* srt _U_, GArray* srt_array _U_) |
1076 | 0 | { |
1077 | 0 | srt_stat_table *krb5_srt_table = NULL; |
1078 | |
|
1079 | 0 | krb5_srt_table = init_srt_table("Kerberos", "krb5", srt_array, 4, NULL, "kerberos.msg_type", NULL); |
1080 | 0 | init_srt_table_row(krb5_srt_table, 0, "AS-REP"); |
1081 | 0 | init_srt_table_row(krb5_srt_table, 1, "AS-ERROR"); |
1082 | 0 | init_srt_table_row(krb5_srt_table, 2, "TGS-REP"); |
1083 | 0 | init_srt_table_row(krb5_srt_table, 3, "TGS-ERROR"); |
1084 | 0 | } |
1085 | | |
1086 | | static tap_packet_status |
1087 | | krb5stat_packet(void *pss _U_, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv, tap_flags_t flags _U_) |
1088 | 0 | { |
1089 | 0 | srt_stat_table *krb5_srt_table = NULL; |
1090 | 0 | srt_data_t *data = (srt_data_t *)pss; |
1091 | 0 | kerberos_frame_t *krpf = (kerberos_frame_t *)prv; |
1092 | |
|
1093 | 0 | if (krpf == NULL) |
1094 | 0 | return TAP_PACKET_DONT_REDRAW; |
1095 | | |
1096 | 0 | if (krpf->req == NULL) |
1097 | 0 | return TAP_PACKET_DONT_REDRAW; |
1098 | | |
1099 | 0 | krb5_srt_table = g_array_index(data->srt_array, srt_stat_table*, 0); |
1100 | 0 | add_srt_table_data(krb5_srt_table, krpf->srt_idx, &krpf->req->frame_time, pinfo); |
1101 | 0 | return TAP_PACKET_REDRAW; |
1102 | 0 | } |
1103 | | |
1104 | | static kerberos_private_data_t* |
1105 | | kerberos_new_private_data(packet_info *pinfo) |
1106 | 333 | { |
1107 | 333 | kerberos_private_data_t *p; |
1108 | 333 | void *existing; |
1109 | | |
1110 | 333 | p = wmem_new0(pinfo->pool, kerberos_private_data_t); |
1111 | 333 | if (p == NULL) { |
1112 | 0 | return NULL; |
1113 | 0 | } |
1114 | 333 | p->frame_req = UINT32_MAX; |
1115 | 333 | p->frame_rep = UINT32_MAX; |
1116 | | |
1117 | 333 | p->decryption_keys = wmem_list_new(pinfo->pool); |
1118 | 333 | p->learnt_keys = wmem_list_new(pinfo->pool); |
1119 | 333 | p->missing_keys = wmem_list_new(pinfo->pool); |
1120 | | |
1121 | 333 | existing = p_get_proto_data(pinfo->pool, pinfo, proto_kerberos, 0); |
1122 | 333 | if (existing != NULL) { |
1123 | | /* |
1124 | | * We only remember the first one. |
1125 | | */ |
1126 | 196 | return p; |
1127 | 196 | } |
1128 | | |
1129 | 137 | p_add_proto_data(pinfo->pool, pinfo, proto_kerberos, 0, p); |
1130 | 137 | p->krb5_conv = krb5_conv_find_or_create(pinfo); |
1131 | 137 | return p; |
1132 | 333 | } |
1133 | | |
1134 | | static kerberos_private_data_t* |
1135 | | kerberos_get_private_data(asn1_ctx_t *actx) |
1136 | 361 | { |
1137 | 361 | if (!actx->private_data) { |
1138 | 333 | actx->private_data = kerberos_new_private_data(actx->pinfo); |
1139 | 333 | } |
1140 | 361 | return (kerberos_private_data_t *)(actx->private_data); |
1141 | 361 | } |
1142 | | |
1143 | | static bool |
1144 | | kerberos_private_is_kdc_req(kerberos_private_data_t *private_data) |
1145 | 0 | { |
1146 | 0 | switch (private_data->msg_type) { |
1147 | 0 | case KERBEROS_APPLICATIONS_AS_REQ: |
1148 | 0 | case KERBEROS_APPLICATIONS_TGS_REQ: |
1149 | 0 | return true; |
1150 | 0 | } |
1151 | | |
1152 | 0 | return false; |
1153 | 0 | } |
1154 | | |
1155 | | bool |
1156 | | kerberos_is_win2k_pkinit(asn1_ctx_t *actx) |
1157 | 0 | { |
1158 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1159 | |
|
1160 | 0 | return private_data->is_win2k_pkinit; |
1161 | 0 | } |
1162 | | |
1163 | | static int dissect_kerberos_defer_PA_FX_FAST_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) |
1164 | 0 | { |
1165 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
1166 | | |
1167 | | /* |
1168 | | * dissect_ber_octet_string_wcb() always passes |
1169 | | * implicit_tag=false, offset=0 and hf_index=-1 |
1170 | | * |
1171 | | * It means we only need to remember tvb and tree |
1172 | | * in order to replay dissect_kerberos_PA_FX_FAST_REQUEST() |
1173 | | * in dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA() |
1174 | | */ |
1175 | 0 | ws_assert(implicit_tag == false); |
1176 | 0 | ws_assert(offset == 0); |
1177 | 0 | ws_assert(hf_index <= 0); |
1178 | |
|
1179 | 0 | if (private_data->PA_FX_FAST_REQUEST.defer) { |
1180 | | /* |
1181 | | * Remember the tvb (and the optional tree) |
1182 | | */ |
1183 | 0 | private_data->PA_FX_FAST_REQUEST.tvb = tvb; |
1184 | 0 | private_data->PA_FX_FAST_REQUEST.tree = tree; |
1185 | | /* |
1186 | | * only handle the first PA_FX_FAST_REQUEST... |
1187 | | */ |
1188 | 0 | private_data->PA_FX_FAST_REQUEST.defer = false; |
1189 | 0 | return tvb_reported_length_remaining(tvb, offset); |
1190 | 0 | } |
1191 | | |
1192 | 0 | return dissect_kerberos_PA_FX_FAST_REQUEST(implicit_tag, tvb, offset, actx, tree, hf_index); |
1193 | 0 | } |
1194 | | |
1195 | | #ifdef HAVE_KERBEROS |
1196 | | |
1197 | | /* Decrypt Kerberos blobs */ |
1198 | | bool krb_decrypt; |
1199 | | |
1200 | | /* keytab filename */ |
1201 | | static const char *keytab_filename = ""; |
1202 | | |
1203 | | void |
1204 | | read_keytab_file_from_preferences(void) |
1205 | | { |
1206 | | static char *last_keytab = NULL; |
1207 | | |
1208 | | if (!krb_decrypt) { |
1209 | | return; |
1210 | | } |
1211 | | |
1212 | | if (keytab_filename == NULL) { |
1213 | | return; |
1214 | | } |
1215 | | |
1216 | | if (last_keytab && !strcmp(last_keytab, keytab_filename)) { |
1217 | | return; |
1218 | | } |
1219 | | |
1220 | | g_free(last_keytab); |
1221 | | last_keytab = g_strdup(keytab_filename); |
1222 | | |
1223 | | read_keytab_file(last_keytab); |
1224 | | } |
1225 | | #endif /* HAVE_KERBEROS */ |
1226 | | |
1227 | | #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) |
1228 | | enc_key_t *enc_key_list=NULL; |
1229 | | static unsigned kerberos_longterm_ids; |
1230 | | wmem_map_t *kerberos_longterm_keys; |
1231 | | static wmem_map_t *kerberos_all_keys; |
1232 | | static wmem_map_t *kerberos_app_session_keys; |
1233 | | |
1234 | | static bool |
1235 | | enc_key_list_cb(wmem_allocator_t* allocator _U_, wmem_cb_event_t event _U_, void *user_data _U_) |
1236 | | { |
1237 | | enc_key_list = NULL; |
1238 | | kerberos_longterm_ids = 0; |
1239 | | /* keep the callback registered */ |
1240 | | return true; |
1241 | | } |
1242 | | |
1243 | | static int enc_key_cmp_id(const void *k1, const void *k2) |
1244 | | { |
1245 | | const enc_key_t *key1 = (const enc_key_t *)k1; |
1246 | | const enc_key_t *key2 = (const enc_key_t *)k2; |
1247 | | |
1248 | | if (key1->fd_num < key2->fd_num) { |
1249 | | return -1; |
1250 | | } |
1251 | | if (key1->fd_num > key2->fd_num) { |
1252 | | return 1; |
1253 | | } |
1254 | | |
1255 | | if (key1->id < key2->id) { |
1256 | | return -1; |
1257 | | } |
1258 | | if (key1->id > key2->id) { |
1259 | | return 1; |
1260 | | } |
1261 | | |
1262 | | return 0; |
1263 | | } |
1264 | | |
1265 | | static gboolean |
1266 | | enc_key_content_equal(const void *k1, const void *k2) |
1267 | | { |
1268 | | const enc_key_t *key1 = (const enc_key_t *)k1; |
1269 | | const enc_key_t *key2 = (const enc_key_t *)k2; |
1270 | | int cmp; |
1271 | | |
1272 | | if (key1->keytype != key2->keytype) { |
1273 | | return false; |
1274 | | } |
1275 | | |
1276 | | if (key1->keylength != key2->keylength) { |
1277 | | return false; |
1278 | | } |
1279 | | |
1280 | | cmp = memcmp(key1->keyvalue, key2->keyvalue, key1->keylength); |
1281 | | if (cmp != 0) { |
1282 | | return false; |
1283 | | } |
1284 | | |
1285 | | return true; |
1286 | | } |
1287 | | |
1288 | | static unsigned |
1289 | | enc_key_content_hash(const void *k) |
1290 | | { |
1291 | | const enc_key_t *key = (const enc_key_t *)k; |
1292 | | unsigned ret = 0; |
1293 | | |
1294 | | ret += wmem_strong_hash((const uint8_t *)&key->keytype, |
1295 | | sizeof(key->keytype)); |
1296 | | ret += wmem_strong_hash((const uint8_t *)&key->keylength, |
1297 | | sizeof(key->keylength)); |
1298 | | ret += wmem_strong_hash((const uint8_t *)key->keyvalue, |
1299 | | key->keylength); |
1300 | | |
1301 | | return ret; |
1302 | | } |
1303 | | |
1304 | | static void |
1305 | | kerberos_key_map_insert(wmem_map_t *key_map, enc_key_t *new_key) |
1306 | | { |
1307 | | enc_key_t *existing = NULL; |
1308 | | enc_key_t *cur = NULL; |
1309 | | int cmp; |
1310 | | |
1311 | | existing = (enc_key_t *)wmem_map_lookup(key_map, new_key); |
1312 | | if (existing == NULL) { |
1313 | | wmem_map_insert(key_map, new_key, new_key); |
1314 | | return; |
1315 | | } |
1316 | | |
1317 | | if (key_map != kerberos_all_keys) { |
1318 | | /* |
1319 | | * It should already be linked to the existing key... |
1320 | | */ |
1321 | | return; |
1322 | | } |
1323 | | |
1324 | | if (existing->fd_num == -1 && new_key->fd_num != -1) { |
1325 | | /* |
1326 | | * We can't reference a learnt key |
1327 | | * from a longterm key. As they have |
1328 | | * a shorter lifetime. |
1329 | | * |
1330 | | * So just let the learnt key remember the |
1331 | | * match. |
1332 | | */ |
1333 | | new_key->same_list = existing; |
1334 | | new_key->num_same = existing->num_same + 1; |
1335 | | return; |
1336 | | } |
1337 | | |
1338 | | /* |
1339 | | * If a key with the same content (keytype,keylength,keyvalue) |
1340 | | * already exists, we want the earliest key to be |
1341 | | * in the list. |
1342 | | */ |
1343 | | cmp = enc_key_cmp_id(new_key, existing); |
1344 | | if (cmp == 0) { |
1345 | | /* |
1346 | | * It's the same, nothing to do... |
1347 | | */ |
1348 | | return; |
1349 | | } |
1350 | | if (cmp < 0) { |
1351 | | /* The new key has should be added to the list. */ |
1352 | | new_key->same_list = existing; |
1353 | | new_key->num_same = existing->num_same + 1; |
1354 | | wmem_map_insert(key_map, new_key, new_key); |
1355 | | return; |
1356 | | } |
1357 | | |
1358 | | /* |
1359 | | * We want to link the new_key to the existing one. |
1360 | | * |
1361 | | * But we want keep the list sorted, so we need to forward |
1362 | | * to the correct spot. |
1363 | | */ |
1364 | | for (cur = existing; cur->same_list != NULL; cur = cur->same_list) { |
1365 | | cmp = enc_key_cmp_id(new_key, cur->same_list); |
1366 | | if (cmp == 0) { |
1367 | | /* |
1368 | | * It's the same, nothing to do... |
1369 | | */ |
1370 | | return; |
1371 | | } |
1372 | | |
1373 | | if (cmp < 0) { |
1374 | | /* |
1375 | | * We found the correct spot, |
1376 | | * the new_key should added |
1377 | | * between existing and existing->same_list |
1378 | | */ |
1379 | | new_key->same_list = cur->same_list; |
1380 | | new_key->num_same = cur->num_same; |
1381 | | break; |
1382 | | } |
1383 | | } |
1384 | | |
1385 | | /* |
1386 | | * finally link new_key to existing |
1387 | | * and fix up the numbers |
1388 | | */ |
1389 | | cur->same_list = new_key; |
1390 | | for (cur = existing; cur != new_key; cur = cur->same_list) { |
1391 | | cur->num_same += 1; |
1392 | | } |
1393 | | |
1394 | | return; |
1395 | | } |
1396 | | |
1397 | | struct insert_longterm_keys_into_key_map_state { |
1398 | | wmem_map_t *key_map; |
1399 | | }; |
1400 | | |
1401 | | static void insert_longterm_keys_into_key_map_cb(void *__key _U_, |
1402 | | void *value, |
1403 | | void *user_data) |
1404 | | { |
1405 | | struct insert_longterm_keys_into_key_map_state *state = |
1406 | | (struct insert_longterm_keys_into_key_map_state *)user_data; |
1407 | | enc_key_t *key = (enc_key_t *)value; |
1408 | | |
1409 | | kerberos_key_map_insert(state->key_map, key); |
1410 | | } |
1411 | | |
1412 | | static void insert_longterm_keys_into_key_map(wmem_map_t *key_map) |
1413 | | { |
1414 | | /* |
1415 | | * Because the kerberos_longterm_keys are allocated on |
1416 | | * wmem_epan_scope() and kerberos_all_keys are allocated |
1417 | | * on wmem_file_scope(), we need to plug the longterm keys |
1418 | | * back to kerberos_all_keys if a new file was loaded |
1419 | | * and wmem_file_scope() got cleared. |
1420 | | */ |
1421 | | if (wmem_map_size(key_map) < wmem_map_size(kerberos_longterm_keys)) { |
1422 | | struct insert_longterm_keys_into_key_map_state state = { |
1423 | | .key_map = key_map, |
1424 | | }; |
1425 | | /* |
1426 | | * Reference all longterm keys into kerberos_all_keys |
1427 | | */ |
1428 | | wmem_map_foreach(kerberos_longterm_keys, |
1429 | | insert_longterm_keys_into_key_map_cb, |
1430 | | &state); |
1431 | | } |
1432 | | } |
1433 | | |
1434 | | static void |
1435 | | kerberos_key_list_append(wmem_list_t *key_list, enc_key_t *new_key) |
1436 | | { |
1437 | | enc_key_t *existing = NULL; |
1438 | | |
1439 | | existing = (enc_key_t *)wmem_list_find(key_list, new_key); |
1440 | | if (existing != NULL) { |
1441 | | return; |
1442 | | } |
1443 | | |
1444 | | wmem_list_append(key_list, new_key); |
1445 | | } |
1446 | | |
1447 | | static void |
1448 | | add_encryption_key(packet_info *pinfo, |
1449 | | kerberos_private_data_t *private_data, |
1450 | | proto_tree *key_tree, |
1451 | | proto_item *key_hidden_item, |
1452 | | tvbuff_t *key_tvb, |
1453 | | int keytype, int keylength, const char *keyvalue, |
1454 | | const char *origin, |
1455 | | enc_key_t *src1, enc_key_t *src2) |
1456 | | { |
1457 | | wmem_allocator_t *key_scope = NULL; |
1458 | | enc_key_t *new_key = NULL; |
1459 | | const char *methodl = "learnt"; |
1460 | | const char *methodu = "Learnt"; |
1461 | | proto_item *item = NULL; |
1462 | | |
1463 | | private_data->last_added_key = NULL; |
1464 | | |
1465 | | if (src1 != NULL && src2 != NULL) { |
1466 | | methodl = "derived"; |
1467 | | methodu = "Derived"; |
1468 | | } |
1469 | | |
1470 | | if(pinfo->fd->visited){ |
1471 | | /* |
1472 | | * We already processed this, |
1473 | | * we can use a shortterm scope |
1474 | | */ |
1475 | | key_scope = pinfo->pool; |
1476 | | } else { |
1477 | | /* |
1478 | | * As long as we have enc_key_list, we need to |
1479 | | * use wmem_epan_scope(), when that's gone |
1480 | | * we can dynamically select the scope based on |
1481 | | * how long we'll need the particular key. |
1482 | | */ |
1483 | | key_scope = wmem_epan_scope(); |
1484 | | } |
1485 | | |
1486 | | new_key = wmem_new0(key_scope, enc_key_t); |
1487 | | new_key->key_origin = wmem_strdup_printf(key_scope, "%s %s in frame %u", methodl, origin, pinfo->num); |
1488 | | new_key->fd_num = pinfo->num; |
1489 | | new_key->id = ++private_data->learnt_key_ids; |
1490 | | new_key->id_str = wmem_strdup_printf(key_scope, "%d.%u", new_key->fd_num, new_key->id); |
1491 | | new_key->keytype=keytype; |
1492 | | new_key->keylength=keylength; |
1493 | | memcpy(new_key->keyvalue, keyvalue, MIN(keylength, KRB_MAX_KEY_LENGTH)); |
1494 | | new_key->src1 = src1; |
1495 | | new_key->src2 = src2; |
1496 | | |
1497 | | if(!pinfo->fd->visited){ |
1498 | | /* |
1499 | | * Only keep it if we don't processed it before. |
1500 | | */ |
1501 | | new_key->next=enc_key_list; |
1502 | | enc_key_list=new_key; |
1503 | | insert_longterm_keys_into_key_map(kerberos_all_keys); |
1504 | | kerberos_key_map_insert(kerberos_all_keys, new_key); |
1505 | | } |
1506 | | |
1507 | | item = proto_tree_add_expert_format(key_tree, pinfo, &ei_kerberos_learnt_keytype, |
1508 | | key_tvb, 0, keylength, |
1509 | | "%s %s keytype %d (id=%d.%u) (%02x%02x%02x%02x...)", |
1510 | | methodu, origin, keytype, pinfo->num, new_key->id, |
1511 | | keyvalue[0] & 0xFF, keyvalue[1] & 0xFF, |
1512 | | keyvalue[2] & 0xFF, keyvalue[3] & 0xFF); |
1513 | | if (item != NULL && key_hidden_item != NULL) { |
1514 | | proto_tree_move_item(key_tree, key_hidden_item, item); |
1515 | | } |
1516 | | if (src1 != NULL) { |
1517 | | enc_key_t *sek = src1; |
1518 | | expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype, |
1519 | | "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
1520 | | sek->key_origin, sek->keytype, |
1521 | | sek->id_str, sek->num_same, |
1522 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
1523 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
1524 | | } |
1525 | | if (src2 != NULL) { |
1526 | | enc_key_t *sek = src2; |
1527 | | expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype, |
1528 | | "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
1529 | | sek->key_origin, sek->keytype, |
1530 | | sek->id_str, sek->num_same, |
1531 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
1532 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
1533 | | } |
1534 | | |
1535 | | kerberos_key_list_append(private_data->learnt_keys, new_key); |
1536 | | private_data->last_added_key = new_key; |
1537 | | } |
1538 | | |
1539 | | static void |
1540 | | save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_, |
1541 | | asn1_ctx_t *actx _U_, proto_tree *tree _U_, |
1542 | | int parent_hf_index _U_, |
1543 | | int hf_index _U_) |
1544 | | { |
1545 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1546 | | const char *parent = proto_registrar_get_name(parent_hf_index); |
1547 | | const char *element = proto_registrar_get_name(hf_index); |
1548 | | char *origin = wmem_strdup_printf(actx->pinfo->pool, "%s_%s", parent, element); |
1549 | | |
1550 | | add_encryption_key(actx->pinfo, |
1551 | | private_data, |
1552 | | private_data->key_tree, |
1553 | | private_data->key_hidden_item, |
1554 | | private_data->key_tvb, |
1555 | | private_data->key.keytype, |
1556 | | private_data->key.keylength, |
1557 | | private_data->key.keyvalue, |
1558 | | origin, |
1559 | | NULL, |
1560 | | NULL); |
1561 | | } |
1562 | | |
1563 | | static void |
1564 | | save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length, |
1565 | | asn1_ctx_t *actx, proto_tree *tree, |
1566 | | int parent_hf_index, |
1567 | | int hf_index) |
1568 | | { |
1569 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1570 | | |
1571 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
1572 | | |
1573 | | if (private_data->last_decryption_key == NULL) { |
1574 | | return; |
1575 | | } |
1576 | | if (private_data->last_added_key == NULL) { |
1577 | | return; |
1578 | | } |
1579 | | |
1580 | | if (private_data->within_PA_TGS_REQ != 0) { |
1581 | | private_data->PA_TGS_REQ_key = private_data->last_decryption_key; |
1582 | | private_data->PA_TGS_REQ_subkey = private_data->last_added_key; |
1583 | | } |
1584 | | if (private_data->fast_armor_within_armor_value != 0) { |
1585 | | private_data->PA_FAST_ARMOR_AP_key = private_data->last_decryption_key; |
1586 | | private_data->PA_FAST_ARMOR_AP_subkey = private_data->last_added_key; |
1587 | | } |
1588 | | } |
1589 | | |
1590 | | static void |
1591 | | save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length, |
1592 | | asn1_ctx_t *actx, proto_tree *tree, |
1593 | | int parent_hf_index, |
1594 | | int hf_index) |
1595 | | { |
1596 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1597 | | |
1598 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
1599 | | |
1600 | | if (actx->pinfo->fd->visited) { |
1601 | | return; |
1602 | | } |
1603 | | |
1604 | | if (private_data->last_added_key == NULL) { |
1605 | | return; |
1606 | | } |
1607 | | |
1608 | | private_data->last_added_key->is_ap_rep_key = true; |
1609 | | |
1610 | | if (private_data->last_decryption_key != NULL && |
1611 | | private_data->last_decryption_key->is_ticket_key) |
1612 | | { |
1613 | | enc_key_t *ak = private_data->last_added_key; |
1614 | | enc_key_t *tk = private_data->last_decryption_key; |
1615 | | |
1616 | | /* |
1617 | | * The enc_key_t structures and their strings |
1618 | | * in pac_names are all allocated on wmem_epan_scope(), |
1619 | | * so we don't need to copy the content. |
1620 | | */ |
1621 | | ak->pac_names = tk->pac_names; |
1622 | | } |
1623 | | |
1624 | | kerberos_key_map_insert(kerberos_app_session_keys, private_data->last_added_key); |
1625 | | } |
1626 | | |
1627 | | static void |
1628 | | save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length, |
1629 | | asn1_ctx_t *actx, proto_tree *tree, |
1630 | | int parent_hf_index, |
1631 | | int hf_index) |
1632 | | { |
1633 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
1634 | | } |
1635 | | |
1636 | | static void |
1637 | | save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length, |
1638 | | asn1_ctx_t *actx, proto_tree *tree, |
1639 | | int parent_hf_index, |
1640 | | int hf_index) |
1641 | | { |
1642 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1643 | | |
1644 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
1645 | | |
1646 | | if (actx->pinfo->fd->visited) { |
1647 | | return; |
1648 | | } |
1649 | | |
1650 | | if (private_data->last_added_key == NULL) { |
1651 | | return; |
1652 | | } |
1653 | | |
1654 | | private_data->current_ticket_key = private_data->last_added_key; |
1655 | | private_data->current_ticket_key->is_ticket_key = true; |
1656 | | } |
1657 | | |
1658 | | static void |
1659 | | save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length, |
1660 | | asn1_ctx_t *actx, proto_tree *tree, |
1661 | | int parent_hf_index, |
1662 | | int hf_index) |
1663 | | { |
1664 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
1665 | | } |
1666 | | |
1667 | | static void |
1668 | | save_KrbFastResponse_strengthen_key(tvbuff_t *tvb, int offset, int length, |
1669 | | asn1_ctx_t *actx, proto_tree *tree, |
1670 | | int parent_hf_index, |
1671 | | int hf_index) |
1672 | | { |
1673 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1674 | | |
1675 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
1676 | | |
1677 | | private_data->fast_strengthen_key = private_data->last_added_key; |
1678 | | } |
1679 | | |
1680 | | static void used_encryption_key(proto_tree *tree, packet_info *pinfo, |
1681 | | kerberos_private_data_t *private_data, |
1682 | | enc_key_t *ek, int usage, tvbuff_t *cryptotvb, |
1683 | | const char *keymap_name, |
1684 | | unsigned keymap_size, |
1685 | | unsigned decryption_count) |
1686 | | { |
1687 | | proto_item *item = NULL; |
1688 | | enc_key_t *sek = NULL; |
1689 | | |
1690 | | item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype, |
1691 | | cryptotvb, 0, 0, |
1692 | | "Decrypted keytype %d usage %d " |
1693 | | "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", |
1694 | | ek->keytype, usage, ek->key_origin, ek->id_str, ek->num_same, |
1695 | | ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF, |
1696 | | ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF); |
1697 | | expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, |
1698 | | "Used keymap=%s num_keys=%u num_tries=%u)", |
1699 | | keymap_name, |
1700 | | keymap_size, |
1701 | | decryption_count); |
1702 | | if (ek->src1 != NULL) { |
1703 | | sek = ek->src1; |
1704 | | expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, |
1705 | | "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
1706 | | sek->key_origin, sek->keytype, |
1707 | | sek->id_str, sek->num_same, |
1708 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
1709 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
1710 | | } |
1711 | | if (ek->src2 != NULL) { |
1712 | | sek = ek->src2; |
1713 | | expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, |
1714 | | "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
1715 | | sek->key_origin, sek->keytype, |
1716 | | sek->id_str, sek->num_same, |
1717 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
1718 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
1719 | | } |
1720 | | sek = ek->same_list; |
1721 | | while (sek != NULL) { |
1722 | | expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, |
1723 | | "Decrypted keytype %d usage %d " |
1724 | | "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", |
1725 | | sek->keytype, usage, sek->key_origin, sek->id_str, sek->num_same, |
1726 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
1727 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
1728 | | sek = sek->same_list; |
1729 | | } |
1730 | | kerberos_key_list_append(private_data->decryption_keys, ek); |
1731 | | private_data->last_decryption_key = ek; |
1732 | | } |
1733 | | #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ |
1734 | | |
1735 | | #ifdef HAVE_MIT_KERBEROS |
1736 | | |
1737 | | static void missing_encryption_key_ex(proto_tree *tree, packet_info *pinfo, |
1738 | | kerberos_private_data_t *private_data, |
1739 | | int keytype, const char *usage, |
1740 | | tvbuff_t *cryptotvb, |
1741 | | struct missing_key_details *details) |
1742 | | { |
1743 | | const char *keymap_name = details->keymap_name; |
1744 | | unsigned keymap_size = details->keymap_size; |
1745 | | unsigned decryption_count = details->decryption_count; |
1746 | | proto_item *item = NULL; |
1747 | | enc_key_t *mek = NULL; |
1748 | | |
1749 | | mek = wmem_new0(pinfo->pool, enc_key_t); |
1750 | | mek->key_origin = wmem_strdup_printf(pinfo->pool, "keytype %d usage %s missing in frame %u", |
1751 | | keytype, usage, pinfo->num); |
1752 | | mek->fd_num = pinfo->num; |
1753 | | mek->id = ++private_data->missing_key_ids; |
1754 | | mek->id_str = wmem_strdup_printf(pinfo->pool, "missing.%u", mek->id); |
1755 | | mek->keytype=keytype; |
1756 | | |
1757 | | item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype, |
1758 | | cryptotvb, 0, 0, |
1759 | | "Missing keytype %d usage %s (id=%s)", |
1760 | | keytype, usage, mek->id_str); |
1761 | | expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype, |
1762 | | "Used keymap=%s num_keys=%u num_tries=%u)", |
1763 | | keymap_name, |
1764 | | keymap_size, |
1765 | | decryption_count); |
1766 | | |
1767 | | kerberos_key_list_append(private_data->missing_keys, mek); |
1768 | | } |
1769 | | |
1770 | | static void missing_encryption_key(proto_tree *tree, packet_info *pinfo, |
1771 | | kerberos_private_data_t *private_data, |
1772 | | int keytype, int usage, tvbuff_t *cryptotvb, |
1773 | | const char *keymap_name, |
1774 | | unsigned keymap_size, |
1775 | | unsigned decryption_count) |
1776 | | { |
1777 | | char* usage_str; |
1778 | | struct missing_key_details details = { |
1779 | | .keymap_name = keymap_name, |
1780 | | .keymap_size = keymap_size, |
1781 | | .decryption_count = decryption_count, |
1782 | | }; |
1783 | | |
1784 | | if (private_data->missing_key_stash != NULL) { |
1785 | | *private_data->missing_key_stash = details; |
1786 | | return; |
1787 | | } |
1788 | | |
1789 | | usage_str = wmem_strdup_printf(pinfo->pool, "%d", usage); |
1790 | | |
1791 | | missing_encryption_key_ex(tree, pinfo, private_data, keytype, |
1792 | | usage_str, cryptotvb, &details); |
1793 | | } |
1794 | | |
1795 | | #ifdef HAVE_KRB5_PAC_VERIFY |
1796 | | static void used_signing_key(proto_tree *tree, packet_info *pinfo, |
1797 | | kerberos_private_data_t *private_data, |
1798 | | enc_key_t *ek, tvbuff_t *tvb, |
1799 | | krb5_cksumtype checksum, |
1800 | | const char *reason, |
1801 | | const char *keymap_name, |
1802 | | unsigned keymap_size, |
1803 | | unsigned verify_count) |
1804 | | { |
1805 | | proto_item *item = NULL; |
1806 | | enc_key_t *sek = NULL; |
1807 | | |
1808 | | item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype, |
1809 | | tvb, 0, 0, |
1810 | | "%s checksum %d keytype %d " |
1811 | | "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", |
1812 | | reason, checksum, ek->keytype, ek->key_origin, |
1813 | | ek->id_str, ek->num_same, |
1814 | | ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF, |
1815 | | ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF); |
1816 | | expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, |
1817 | | "Used keymap=%s num_keys=%u num_tries=%u)", |
1818 | | keymap_name, |
1819 | | keymap_size, |
1820 | | verify_count); |
1821 | | sek = ek->same_list; |
1822 | | while (sek != NULL) { |
1823 | | expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, |
1824 | | "%s checksum %d keytype %d " |
1825 | | "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", |
1826 | | reason, checksum, sek->keytype, sek->key_origin, |
1827 | | sek->id_str, sek->num_same, |
1828 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
1829 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
1830 | | sek = sek->same_list; |
1831 | | } |
1832 | | kerberos_key_list_append(private_data->decryption_keys, ek); |
1833 | | } |
1834 | | |
1835 | | static void missing_signing_key(proto_tree *tree, packet_info *pinfo, |
1836 | | kerberos_private_data_t *private_data, |
1837 | | tvbuff_t *tvb, |
1838 | | krb5_cksumtype checksum, |
1839 | | int keytype, |
1840 | | const char *reason, |
1841 | | const char *keymap_name, |
1842 | | unsigned keymap_size, |
1843 | | unsigned verify_count) |
1844 | | { |
1845 | | proto_item *item = NULL; |
1846 | | enc_key_t *mek = NULL; |
1847 | | |
1848 | | mek = wmem_new0(pinfo->pool, enc_key_t); |
1849 | | mek->key_origin = wmem_strdup_printf(pinfo->pool, "checksum %d keytype %d missing in frame %u", |
1850 | | checksum, keytype, pinfo->num); |
1851 | | mek->fd_num = pinfo->num; |
1852 | | mek->id = ++private_data->missing_key_ids; |
1853 | | mek->id_str = wmem_strdup_printf(pinfo->pool, "missing.%u", mek->id); |
1854 | | mek->keytype=keytype; |
1855 | | |
1856 | | item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype, |
1857 | | tvb, 0, 0, |
1858 | | "%s checksum %d keytype %d (id=%s)", |
1859 | | reason, checksum, keytype, mek->id_str); |
1860 | | expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype, |
1861 | | "Used keymap=%s num_keys=%u num_tries=%u)", |
1862 | | keymap_name, |
1863 | | keymap_size, |
1864 | | verify_count); |
1865 | | |
1866 | | kerberos_key_list_append(private_data->missing_keys, mek); |
1867 | | } |
1868 | | |
1869 | | #endif /* HAVE_KRB5_PAC_VERIFY */ |
1870 | | |
1871 | | static krb5_context krb5_ctx; |
1872 | | |
1873 | | #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE |
1874 | | static void |
1875 | | krb5_fast_key(asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, |
1876 | | enc_key_t *ek1 _U_, const char *p1 _U_, |
1877 | | enc_key_t *ek2 _U_, const char *p2 _U_, |
1878 | | const char *origin _U_) |
1879 | | { |
1880 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
1881 | | krb5_error_code ret; |
1882 | | krb5_keyblock k1; |
1883 | | krb5_keyblock k2; |
1884 | | krb5_keyblock *k = NULL; |
1885 | | |
1886 | | if (!krb_decrypt) { |
1887 | | return; |
1888 | | } |
1889 | | |
1890 | | if (ek1 == NULL) { |
1891 | | return; |
1892 | | } |
1893 | | |
1894 | | if (ek2 == NULL) { |
1895 | | return; |
1896 | | } |
1897 | | |
1898 | | k1.magic = KV5M_KEYBLOCK; |
1899 | | k1.enctype = ek1->keytype; |
1900 | | k1.length = ek1->keylength; |
1901 | | k1.contents = (uint8_t *)ek1->keyvalue; |
1902 | | |
1903 | | k2.magic = KV5M_KEYBLOCK; |
1904 | | k2.enctype = ek2->keytype; |
1905 | | k2.length = ek2->keylength; |
1906 | | k2.contents = (uint8_t *)ek2->keyvalue; |
1907 | | |
1908 | | ret = krb5_c_fx_cf2_simple(krb5_ctx, &k1, p1, &k2, p2, &k); |
1909 | | if (ret != 0) { |
1910 | | return; |
1911 | | } |
1912 | | |
1913 | | add_encryption_key(actx->pinfo, |
1914 | | private_data, |
1915 | | tree, NULL, tvb, |
1916 | | k->enctype, k->length, |
1917 | | (const char *)k->contents, |
1918 | | origin, |
1919 | | ek1, ek2); |
1920 | | |
1921 | | krb5_free_keyblock(krb5_ctx, k); |
1922 | | } |
1923 | | #else /* HAVE_KRB5_C_FX_CF2_SIMPLE */ |
1924 | | static void |
1925 | | krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_, |
1926 | | enc_key_t *ek1 _U_, const char *p1 _U_, |
1927 | | enc_key_t *ek2 _U_, const char *p2 _U_, |
1928 | | const char *origin _U_) |
1929 | | { |
1930 | | } |
1931 | | #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */ |
1932 | | |
1933 | | USES_APPLE_DEPRECATED_API |
1934 | | void |
1935 | | read_keytab_file(const char *filename) |
1936 | | { |
1937 | | krb5_keytab keytab; |
1938 | | krb5_error_code ret; |
1939 | | krb5_keytab_entry key; |
1940 | | krb5_kt_cursor cursor; |
1941 | | static bool first_time=true; |
1942 | | |
1943 | | if (filename == NULL || filename[0] == 0) { |
1944 | | return; |
1945 | | } |
1946 | | |
1947 | | if(first_time){ |
1948 | | first_time=false; |
1949 | | ret = krb5_init_context(&krb5_ctx); |
1950 | | if(ret && ret != KRB5_CONFIG_CANTOPEN){ |
1951 | | return; |
1952 | | } |
1953 | | } |
1954 | | |
1955 | | /* should use a file in the wireshark users dir */ |
1956 | | ret = krb5_kt_resolve(krb5_ctx, filename, &keytab); |
1957 | | if(ret){ |
1958 | | ws_critical("KERBEROS ERROR: Badly formatted keytab filename: %s", filename); |
1959 | | |
1960 | | return; |
1961 | | } |
1962 | | |
1963 | | ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor); |
1964 | | if(ret){ |
1965 | | ws_critical("KERBEROS ERROR: Could not open or could not read from keytab file: %s", filename); |
1966 | | return; |
1967 | | } |
1968 | | |
1969 | | do{ |
1970 | | ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor); |
1971 | | if(ret==0){ |
1972 | | enc_key_t *new_key; |
1973 | | int i; |
1974 | | wmem_strbuf_t* str_principal = wmem_strbuf_new(wmem_epan_scope(), "keytab principal "); |
1975 | | |
1976 | | new_key = wmem_new0(wmem_epan_scope(), enc_key_t); |
1977 | | new_key->fd_num = -1; |
1978 | | new_key->id = ++kerberos_longterm_ids; |
1979 | | new_key->id_str = wmem_strdup_printf(wmem_epan_scope(), "keytab.%u", new_key->id); |
1980 | | new_key->next = enc_key_list; |
1981 | | |
1982 | | /* generate origin string, describing where this key came from */ |
1983 | | for(i=0;i<key.principal->length;i++){ |
1984 | | wmem_strbuf_append_printf(str_principal, "%s%s",(i?"/":""),(key.principal->data[i]).data); |
1985 | | } |
1986 | | wmem_strbuf_append_printf(str_principal, "@%s",key.principal->realm.data); |
1987 | | new_key->key_origin = (char*)wmem_strbuf_get_str(str_principal); |
1988 | | new_key->keytype=key.key.enctype; |
1989 | | new_key->keylength=key.key.length; |
1990 | | memcpy(new_key->keyvalue, |
1991 | | key.key.contents, |
1992 | | MIN(key.key.length, KRB_MAX_KEY_LENGTH)); |
1993 | | |
1994 | | enc_key_list=new_key; |
1995 | | ret = krb5_free_keytab_entry_contents(krb5_ctx, &key); |
1996 | | if (ret) { |
1997 | | ws_critical("KERBEROS ERROR: Could not release the entry: %d", ret); |
1998 | | ret = 0; /* try to continue with the next entry */ |
1999 | | } |
2000 | | kerberos_key_map_insert(kerberos_longterm_keys, new_key); |
2001 | | } |
2002 | | }while(ret==0); |
2003 | | |
2004 | | ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor); |
2005 | | if(ret){ |
2006 | | ws_critical("KERBEROS ERROR: Could not release the keytab cursor: %d", ret); |
2007 | | } |
2008 | | ret = krb5_kt_close(krb5_ctx, keytab); |
2009 | | if(ret){ |
2010 | | ws_critical("KERBEROS ERROR: Could not close the key table handle: %d", ret); |
2011 | | } |
2012 | | } |
2013 | | |
2014 | | struct decrypt_krb5_with_cb_state { |
2015 | | proto_tree *tree; |
2016 | | packet_info *pinfo; |
2017 | | kerberos_private_data_t *private_data; |
2018 | | int usage; |
2019 | | int keytype; |
2020 | | tvbuff_t *cryptotvb; |
2021 | | krb5_error_code (*decrypt_cb_fn)( |
2022 | | const krb5_keyblock *key, |
2023 | | int usage, |
2024 | | void *decrypt_cb_data); |
2025 | | void *decrypt_cb_data; |
2026 | | unsigned count; |
2027 | | enc_key_t *ek; |
2028 | | }; |
2029 | | |
2030 | | static void |
2031 | | decrypt_krb5_with_cb_try_key(void *__key _U_, void *value, void *userdata) |
2032 | | { |
2033 | | struct decrypt_krb5_with_cb_state *state = |
2034 | | (struct decrypt_krb5_with_cb_state *)userdata; |
2035 | | enc_key_t *ek = (enc_key_t *)value; |
2036 | | krb5_error_code ret; |
2037 | | krb5_keytab_entry key; |
2038 | | #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE |
2039 | | enc_key_t *ak = state->private_data->fast_armor_key; |
2040 | | enc_key_t *sk = state->private_data->fast_strengthen_key; |
2041 | | bool try_with_armor_key = false; |
2042 | | bool try_with_strengthen_key = false; |
2043 | | #endif |
2044 | | |
2045 | | if (state->ek != NULL) { |
2046 | | /* |
2047 | | * we're done. |
2048 | | */ |
2049 | | return; |
2050 | | } |
2051 | | |
2052 | | #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE |
2053 | | if (ak != NULL && ak != ek && ak->keytype == state->keytype && ek->fd_num == -1) { |
2054 | | switch (state->usage) { |
2055 | | case KEY_USAGE_ENC_CHALLENGE_CLIENT: |
2056 | | case KEY_USAGE_ENC_CHALLENGE_KDC: |
2057 | | if (ek->fd_num == -1) { |
2058 | | /* Challenges are based on a long term key */ |
2059 | | try_with_armor_key = true; |
2060 | | } |
2061 | | break; |
2062 | | } |
2063 | | |
2064 | | /* |
2065 | | * If we already have a strengthen_key |
2066 | | * we don't need to try with the armor key |
2067 | | * again |
2068 | | */ |
2069 | | if (sk != NULL) { |
2070 | | try_with_armor_key = false; |
2071 | | } |
2072 | | } |
2073 | | |
2074 | | if (sk != NULL && sk != ek && sk->keytype == state->keytype && sk->keytype == ek->keytype) { |
2075 | | switch (state->usage) { |
2076 | | case 3: |
2077 | | if (ek->fd_num == -1) { |
2078 | | /* AS-REP is based on a long term key */ |
2079 | | try_with_strengthen_key = true; |
2080 | | } |
2081 | | break; |
2082 | | case 8: |
2083 | | case 9: |
2084 | | if (ek->fd_num != -1) { |
2085 | | /* TGS-REP is not based on a long term key */ |
2086 | | try_with_strengthen_key = true; |
2087 | | } |
2088 | | break; |
2089 | | } |
2090 | | } |
2091 | | |
2092 | | if (try_with_armor_key) { |
2093 | | krb5_keyblock k1; |
2094 | | krb5_keyblock k2; |
2095 | | krb5_keyblock *k = NULL; |
2096 | | const char *p1 = NULL; |
2097 | | |
2098 | | k1.magic = KV5M_KEYBLOCK; |
2099 | | k1.enctype = ak->keytype; |
2100 | | k1.length = ak->keylength; |
2101 | | k1.contents = (uint8_t *)ak->keyvalue; |
2102 | | |
2103 | | k2.magic = KV5M_KEYBLOCK; |
2104 | | k2.enctype = ek->keytype; |
2105 | | k2.length = ek->keylength; |
2106 | | k2.contents = (uint8_t *)ek->keyvalue; |
2107 | | |
2108 | | switch (state->usage) { |
2109 | | case KEY_USAGE_ENC_CHALLENGE_CLIENT: |
2110 | | p1 = "clientchallengearmor"; |
2111 | | break; |
2112 | | case KEY_USAGE_ENC_CHALLENGE_KDC: |
2113 | | p1 = "kdcchallengearmor"; |
2114 | | break; |
2115 | | default: |
2116 | | /* |
2117 | | * Should never be called! |
2118 | | */ |
2119 | | /* |
2120 | | * try the next one... |
2121 | | */ |
2122 | | return; |
2123 | | } |
2124 | | |
2125 | | ret = krb5_c_fx_cf2_simple(krb5_ctx, |
2126 | | &k1, p1, |
2127 | | &k2, "challengelongterm", |
2128 | | &k); |
2129 | | if (ret != 0) { |
2130 | | /* |
2131 | | * try the next one... |
2132 | | */ |
2133 | | return; |
2134 | | } |
2135 | | |
2136 | | state->count += 1; |
2137 | | ret = state->decrypt_cb_fn(k, |
2138 | | state->usage, |
2139 | | state->decrypt_cb_data); |
2140 | | if (ret == 0) { |
2141 | | add_encryption_key(state->pinfo, |
2142 | | state->private_data, |
2143 | | state->tree, |
2144 | | NULL, |
2145 | | state->cryptotvb, |
2146 | | k->enctype, k->length, |
2147 | | (const char *)k->contents, |
2148 | | p1, |
2149 | | ak, ek); |
2150 | | krb5_free_keyblock(krb5_ctx, k); |
2151 | | /* |
2152 | | * remember the key and stop traversing |
2153 | | */ |
2154 | | state->ek = state->private_data->last_added_key; |
2155 | | return; |
2156 | | } |
2157 | | krb5_free_keyblock(krb5_ctx, k); |
2158 | | /* |
2159 | | * don't stop traversing... |
2160 | | * try the next one... |
2161 | | */ |
2162 | | return; |
2163 | | } |
2164 | | |
2165 | | if (try_with_strengthen_key) { |
2166 | | krb5_keyblock k1; |
2167 | | krb5_keyblock k2; |
2168 | | krb5_keyblock *k = NULL; |
2169 | | |
2170 | | k1.magic = KV5M_KEYBLOCK; |
2171 | | k1.enctype = sk->keytype; |
2172 | | k1.length = sk->keylength; |
2173 | | k1.contents = (uint8_t *)sk->keyvalue; |
2174 | | |
2175 | | k2.magic = KV5M_KEYBLOCK; |
2176 | | k2.enctype = ek->keytype; |
2177 | | k2.length = ek->keylength; |
2178 | | k2.contents = (uint8_t *)ek->keyvalue; |
2179 | | |
2180 | | ret = krb5_c_fx_cf2_simple(krb5_ctx, |
2181 | | &k1, "strengthenkey", |
2182 | | &k2, "replykey", |
2183 | | &k); |
2184 | | if (ret != 0) { |
2185 | | /* |
2186 | | * try the next one... |
2187 | | */ |
2188 | | return; |
2189 | | } |
2190 | | |
2191 | | state->count += 1; |
2192 | | ret = state->decrypt_cb_fn(k, |
2193 | | state->usage, |
2194 | | state->decrypt_cb_data); |
2195 | | if (ret == 0) { |
2196 | | add_encryption_key(state->pinfo, |
2197 | | state->private_data, |
2198 | | state->tree, |
2199 | | NULL, |
2200 | | state->cryptotvb, |
2201 | | k->enctype, k->length, |
2202 | | (const char *)k->contents, |
2203 | | "strengthen-reply-key", |
2204 | | sk, ek); |
2205 | | krb5_free_keyblock(krb5_ctx, k); |
2206 | | /* |
2207 | | * remember the key and stop traversing |
2208 | | */ |
2209 | | state->ek = state->private_data->last_added_key; |
2210 | | return; |
2211 | | } |
2212 | | krb5_free_keyblock(krb5_ctx, k); |
2213 | | /* |
2214 | | * don't stop traversing... |
2215 | | * try the next one... |
2216 | | */ |
2217 | | return; |
2218 | | } |
2219 | | #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */ |
2220 | | |
2221 | | /* shortcircuit and bail out if enctypes are not matching */ |
2222 | | if ((state->keytype != -1) && (ek->keytype != state->keytype)) { |
2223 | | /* |
2224 | | * don't stop traversing... |
2225 | | * try the next one... |
2226 | | */ |
2227 | | return; |
2228 | | } |
2229 | | |
2230 | | key.key.enctype=ek->keytype; |
2231 | | key.key.length=ek->keylength; |
2232 | | key.key.contents=ek->keyvalue; |
2233 | | state->count += 1; |
2234 | | ret = state->decrypt_cb_fn(&(key.key), |
2235 | | state->usage, |
2236 | | state->decrypt_cb_data); |
2237 | | if (ret != 0) { |
2238 | | /* |
2239 | | * don't stop traversing... |
2240 | | * try the next one... |
2241 | | */ |
2242 | | return; |
2243 | | } |
2244 | | |
2245 | | /* |
2246 | | * we're done, remember the key |
2247 | | */ |
2248 | | state->ek = ek; |
2249 | | } |
2250 | | |
2251 | | static krb5_error_code |
2252 | | decrypt_krb5_with_cb(proto_tree *tree, |
2253 | | packet_info *pinfo, |
2254 | | kerberos_private_data_t *private_data, |
2255 | | int usage, |
2256 | | int keytype, |
2257 | | tvbuff_t *cryptotvb, |
2258 | | krb5_error_code (*decrypt_cb_fn)( |
2259 | | const krb5_keyblock *key, |
2260 | | int usage, |
2261 | | void *decrypt_cb_data), |
2262 | | void *decrypt_cb_data) |
2263 | | { |
2264 | | const char *key_map_name = NULL; |
2265 | | wmem_map_t *key_map = NULL; |
2266 | | struct decrypt_krb5_with_cb_state state = { |
2267 | | .tree = tree, |
2268 | | .pinfo = pinfo, |
2269 | | .private_data = private_data, |
2270 | | .usage = usage, |
2271 | | .cryptotvb = cryptotvb, |
2272 | | .keytype = keytype, |
2273 | | .decrypt_cb_fn = decrypt_cb_fn, |
2274 | | .decrypt_cb_data = decrypt_cb_data, |
2275 | | }; |
2276 | | |
2277 | | read_keytab_file_from_preferences(); |
2278 | | |
2279 | | switch (usage) { |
2280 | | case KRB5_KU_USAGE_INITIATOR_SEAL: |
2281 | | case KRB5_KU_USAGE_ACCEPTOR_SEAL: |
2282 | | key_map_name = "app_session_keys"; |
2283 | | key_map = kerberos_app_session_keys; |
2284 | | break; |
2285 | | default: |
2286 | | key_map_name = "all_keys"; |
2287 | | key_map = kerberos_all_keys; |
2288 | | insert_longterm_keys_into_key_map(key_map); |
2289 | | break; |
2290 | | } |
2291 | | |
2292 | | wmem_map_foreach(key_map, decrypt_krb5_with_cb_try_key, &state); |
2293 | | if (state.ek != NULL) { |
2294 | | used_encryption_key(tree, pinfo, private_data, |
2295 | | state.ek, usage, cryptotvb, |
2296 | | key_map_name, |
2297 | | wmem_map_size(key_map), |
2298 | | state.count); |
2299 | | return 0; |
2300 | | } |
2301 | | |
2302 | | missing_encryption_key(tree, pinfo, private_data, |
2303 | | keytype, usage, cryptotvb, |
2304 | | key_map_name, |
2305 | | wmem_map_size(key_map), |
2306 | | state.count); |
2307 | | return -1; |
2308 | | } |
2309 | | |
2310 | | struct decrypt_krb5_data_state { |
2311 | | krb5_data input; |
2312 | | krb5_data output; |
2313 | | }; |
2314 | | |
2315 | | static krb5_error_code |
2316 | | decrypt_krb5_data_cb(const krb5_keyblock *key, |
2317 | | int usage, |
2318 | | void *decrypt_cb_data) |
2319 | | { |
2320 | | struct decrypt_krb5_data_state *state = |
2321 | | (struct decrypt_krb5_data_state *)decrypt_cb_data; |
2322 | | krb5_enc_data input; |
2323 | | |
2324 | | memset(&input, 0, sizeof(input)); |
2325 | | input.enctype = key->enctype; |
2326 | | input.ciphertext = state->input; |
2327 | | |
2328 | | return krb5_c_decrypt(krb5_ctx, |
2329 | | key, |
2330 | | usage, |
2331 | | 0, |
2332 | | &input, |
2333 | | &state->output); |
2334 | | } |
2335 | | |
2336 | | static uint8_t * |
2337 | | decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo, |
2338 | | kerberos_private_data_t *private_data, |
2339 | | int usage, tvbuff_t *cryptotvb, int keytype, |
2340 | | int *datalen) |
2341 | | { |
2342 | | #define HAVE_DECRYPT_KRB5_DATA_PRIVATE 1 |
2343 | | struct decrypt_krb5_data_state state; |
2344 | | krb5_error_code ret; |
2345 | | int length = tvb_captured_length(cryptotvb); |
2346 | | const uint8_t *cryptotext = tvb_get_ptr(cryptotvb, 0, length); |
2347 | | |
2348 | | /* don't do anything if we are not attempting to decrypt data */ |
2349 | | if(!krb_decrypt || length < 1){ |
2350 | | return NULL; |
2351 | | } |
2352 | | |
2353 | | /* make sure we have all the data we need */ |
2354 | | if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) { |
2355 | | return NULL; |
2356 | | } |
2357 | | |
2358 | | memset(&state, 0, sizeof(state)); |
2359 | | state.input.length = length; |
2360 | | state.input.data = (uint8_t *)cryptotext; |
2361 | | state.output.data = (char *)wmem_alloc(pinfo->pool, length); |
2362 | | state.output.length = length; |
2363 | | |
2364 | | ret = decrypt_krb5_with_cb(tree, |
2365 | | pinfo, |
2366 | | private_data, |
2367 | | usage, |
2368 | | keytype, |
2369 | | cryptotvb, |
2370 | | decrypt_krb5_data_cb, |
2371 | | &state); |
2372 | | if (ret != 0) { |
2373 | | return NULL; |
2374 | | } |
2375 | | |
2376 | | if (datalen) { |
2377 | | *datalen = state.output.length; |
2378 | | } |
2379 | | return (uint8_t *)state.output.data; |
2380 | | } |
2381 | | |
2382 | | uint8_t * |
2383 | | decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, |
2384 | | int usage, |
2385 | | tvbuff_t *cryptotvb, |
2386 | | int keytype, |
2387 | | int *datalen) |
2388 | | { |
2389 | | kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo); |
2390 | | return decrypt_krb5_data_private(tree, pinfo, zero_private, |
2391 | | usage, cryptotvb, keytype, |
2392 | | datalen); |
2393 | | } |
2394 | | |
2395 | | USES_APPLE_RST |
2396 | | |
2397 | | #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY |
2398 | | struct decrypt_krb5_krb_cfx_dce_state { |
2399 | | const uint8_t *gssapi_header_ptr; |
2400 | | unsigned gssapi_header_len; |
2401 | | tvbuff_t *gssapi_encrypted_tvb; |
2402 | | uint8_t *gssapi_payload; |
2403 | | unsigned gssapi_payload_len; |
2404 | | const uint8_t *gssapi_trailer_ptr; |
2405 | | unsigned gssapi_trailer_len; |
2406 | | tvbuff_t *checksum_tvb; |
2407 | | uint8_t *checksum; |
2408 | | unsigned checksum_len; |
2409 | | }; |
2410 | | |
2411 | | static krb5_error_code |
2412 | | decrypt_krb5_krb_cfx_dce_cb(const krb5_keyblock *key, |
2413 | | int usage, |
2414 | | void *decrypt_cb_data) |
2415 | | { |
2416 | | struct decrypt_krb5_krb_cfx_dce_state *state = |
2417 | | (struct decrypt_krb5_krb_cfx_dce_state *)decrypt_cb_data; |
2418 | | unsigned int k5_headerlen = 0; |
2419 | | unsigned int k5_headerofs = 0; |
2420 | | unsigned int k5_trailerlen = 0; |
2421 | | unsigned int k5_trailerofs = 0; |
2422 | | size_t _k5_blocksize = 0; |
2423 | | unsigned k5_blocksize; |
2424 | | krb5_crypto_iov iov[6]; |
2425 | | krb5_error_code ret; |
2426 | | unsigned checksum_remain = state->checksum_len; |
2427 | | unsigned checksum_crypt_len; |
2428 | | |
2429 | | memset(iov, 0, sizeof(iov)); |
2430 | | |
2431 | | ret = krb5_c_crypto_length(krb5_ctx, |
2432 | | key->enctype, |
2433 | | KRB5_CRYPTO_TYPE_HEADER, |
2434 | | &k5_headerlen); |
2435 | | if (ret != 0) { |
2436 | | return ret; |
2437 | | } |
2438 | | if (checksum_remain < k5_headerlen) { |
2439 | | return -1; |
2440 | | } |
2441 | | checksum_remain -= k5_headerlen; |
2442 | | k5_headerofs = checksum_remain; |
2443 | | ret = krb5_c_crypto_length(krb5_ctx, |
2444 | | key->enctype, |
2445 | | KRB5_CRYPTO_TYPE_TRAILER, |
2446 | | &k5_trailerlen); |
2447 | | if (ret != 0) { |
2448 | | return ret; |
2449 | | } |
2450 | | if (checksum_remain < k5_trailerlen) { |
2451 | | return -1; |
2452 | | } |
2453 | | checksum_remain -= k5_trailerlen; |
2454 | | k5_trailerofs = checksum_remain; |
2455 | | checksum_crypt_len = checksum_remain; |
2456 | | |
2457 | | ret = krb5_c_block_size(krb5_ctx, |
2458 | | key->enctype, |
2459 | | &_k5_blocksize); |
2460 | | if (ret != 0) { |
2461 | | return ret; |
2462 | | } |
2463 | | /* |
2464 | | * The cast is required for the Windows build in order |
2465 | | * to avoid the following warning. |
2466 | | * |
2467 | | * warning C4267: '-=': conversion from 'size_t' to 'unsigned', |
2468 | | * possible loss of data |
2469 | | */ |
2470 | | k5_blocksize = (unsigned)_k5_blocksize; |
2471 | | if (checksum_remain < k5_blocksize) { |
2472 | | return -1; |
2473 | | } |
2474 | | checksum_remain -= k5_blocksize; |
2475 | | if (checksum_remain < 16) { |
2476 | | return -1; |
2477 | | } |
2478 | | |
2479 | | tvb_memcpy(state->gssapi_encrypted_tvb, |
2480 | | state->gssapi_payload, |
2481 | | 0, |
2482 | | state->gssapi_payload_len); |
2483 | | tvb_memcpy(state->checksum_tvb, |
2484 | | state->checksum, |
2485 | | 0, |
2486 | | state->checksum_len); |
2487 | | |
2488 | | iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; |
2489 | | iov[0].data.data = state->checksum + k5_headerofs; |
2490 | | iov[0].data.length = k5_headerlen; |
2491 | | |
2492 | | if (state->gssapi_header_ptr != NULL) { |
2493 | | iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; |
2494 | | iov[1].data.data = (uint8_t *)(uintptr_t)state->gssapi_header_ptr; |
2495 | | iov[1].data.length = state->gssapi_header_len; |
2496 | | } else { |
2497 | | iov[1].flags = KRB5_CRYPTO_TYPE_EMPTY; |
2498 | | } |
2499 | | |
2500 | | iov[2].flags = KRB5_CRYPTO_TYPE_DATA; |
2501 | | iov[2].data.data = state->gssapi_payload; |
2502 | | iov[2].data.length = state->gssapi_payload_len; |
2503 | | |
2504 | | if (state->gssapi_trailer_ptr != NULL) { |
2505 | | iov[3].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; |
2506 | | iov[3].data.data = (uint8_t *)(uintptr_t)state->gssapi_trailer_ptr; |
2507 | | iov[3].data.length = state->gssapi_trailer_len; |
2508 | | } else { |
2509 | | iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY; |
2510 | | } |
2511 | | |
2512 | | iov[4].flags = KRB5_CRYPTO_TYPE_DATA; |
2513 | | iov[4].data.data = state->checksum; |
2514 | | iov[4].data.length = checksum_crypt_len; |
2515 | | |
2516 | | iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER; |
2517 | | iov[5].data.data = state->checksum + k5_trailerofs; |
2518 | | iov[5].data.length = k5_trailerlen; |
2519 | | |
2520 | | return krb5_c_decrypt_iov(krb5_ctx, |
2521 | | key, |
2522 | | usage, |
2523 | | 0, |
2524 | | iov, |
2525 | | 6); |
2526 | | } |
2527 | | |
2528 | | tvbuff_t * |
2529 | | decrypt_krb5_krb_cfx_dce(proto_tree *tree, |
2530 | | packet_info *pinfo, |
2531 | | int usage, |
2532 | | int keytype, |
2533 | | tvbuff_t *gssapi_header_tvb, |
2534 | | tvbuff_t *gssapi_encrypted_tvb, |
2535 | | tvbuff_t *gssapi_trailer_tvb, |
2536 | | tvbuff_t *checksum_tvb) |
2537 | | { |
2538 | | struct decrypt_krb5_krb_cfx_dce_state state; |
2539 | | kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo); |
2540 | | tvbuff_t *gssapi_decrypted_tvb = NULL; |
2541 | | krb5_error_code ret; |
2542 | | |
2543 | | /* don't do anything if we are not attempting to decrypt data */ |
2544 | | if (!krb_decrypt) { |
2545 | | return NULL; |
2546 | | } |
2547 | | |
2548 | | memset(&state, 0, sizeof(state)); |
2549 | | |
2550 | | /* make sure we have all the data we need */ |
2551 | | #define __CHECK_TVB_LEN(__tvb) (tvb_captured_length(__tvb) < tvb_reported_length(__tvb)) |
2552 | | if (gssapi_header_tvb != NULL) { |
2553 | | if (__CHECK_TVB_LEN(gssapi_header_tvb)) { |
2554 | | return NULL; |
2555 | | } |
2556 | | |
2557 | | state.gssapi_header_len = tvb_captured_length(gssapi_header_tvb); |
2558 | | state.gssapi_header_ptr = tvb_get_ptr(gssapi_header_tvb, |
2559 | | 0, |
2560 | | state.gssapi_header_len); |
2561 | | } |
2562 | | if (gssapi_encrypted_tvb == NULL || __CHECK_TVB_LEN(gssapi_encrypted_tvb)) { |
2563 | | return NULL; |
2564 | | } |
2565 | | state.gssapi_encrypted_tvb = gssapi_encrypted_tvb; |
2566 | | state.gssapi_payload_len = tvb_captured_length(gssapi_encrypted_tvb); |
2567 | | state.gssapi_payload = (uint8_t *)wmem_alloc0(pinfo->pool, state.gssapi_payload_len); |
2568 | | if (state.gssapi_payload == NULL) { |
2569 | | return NULL; |
2570 | | } |
2571 | | if (gssapi_trailer_tvb != NULL) { |
2572 | | if (__CHECK_TVB_LEN(gssapi_trailer_tvb)) { |
2573 | | return NULL; |
2574 | | } |
2575 | | |
2576 | | state.gssapi_trailer_len = tvb_captured_length(gssapi_trailer_tvb); |
2577 | | state.gssapi_trailer_ptr = tvb_get_ptr(gssapi_trailer_tvb, |
2578 | | 0, |
2579 | | state.gssapi_trailer_len); |
2580 | | } |
2581 | | if (checksum_tvb == NULL || __CHECK_TVB_LEN(checksum_tvb)) { |
2582 | | return NULL; |
2583 | | } |
2584 | | state.checksum_tvb = checksum_tvb; |
2585 | | state.checksum_len = tvb_captured_length(checksum_tvb); |
2586 | | state.checksum = (uint8_t *)wmem_alloc0(pinfo->pool, state.checksum_len); |
2587 | | if (state.checksum == NULL) { |
2588 | | return NULL; |
2589 | | } |
2590 | | |
2591 | | ret = decrypt_krb5_with_cb(tree, |
2592 | | pinfo, |
2593 | | zero_private, |
2594 | | usage, |
2595 | | keytype, |
2596 | | gssapi_encrypted_tvb, |
2597 | | decrypt_krb5_krb_cfx_dce_cb, |
2598 | | &state); |
2599 | | wmem_free(pinfo->pool, state.checksum); |
2600 | | if (ret != 0) { |
2601 | | wmem_free(pinfo->pool, state.gssapi_payload); |
2602 | | return NULL; |
2603 | | } |
2604 | | |
2605 | | gssapi_decrypted_tvb = tvb_new_child_real_data(gssapi_encrypted_tvb, |
2606 | | state.gssapi_payload, |
2607 | | state.gssapi_payload_len, |
2608 | | state.gssapi_payload_len); |
2609 | | if (gssapi_decrypted_tvb == NULL) { |
2610 | | wmem_free(pinfo->pool, state.gssapi_payload); |
2611 | | return NULL; |
2612 | | } |
2613 | | |
2614 | | return gssapi_decrypted_tvb; |
2615 | | } |
2616 | | #else /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */ |
2617 | | #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1 |
2618 | | #endif /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */ |
2619 | | |
2620 | | #ifdef HAVE_KRB5_PAC_VERIFY |
2621 | | /* |
2622 | | * macOS up to 10.14.5 only has a MIT shim layer on top |
2623 | | * of heimdal. It means that krb5_pac_verify() is not available |
2624 | | * in /usr/lib/libkrb5.dylib |
2625 | | * |
2626 | | * https://opensource.apple.com/tarballs/Heimdal/Heimdal-520.260.1.tar.gz |
2627 | | * https://opensource.apple.com/tarballs/MITKerberosShim/MITKerberosShim-71.200.1.tar.gz |
2628 | | */ |
2629 | | |
2630 | | extern krb5_error_code |
2631 | | krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); |
2632 | | |
2633 | | extern void krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *); |
2634 | | extern krb5_error_code |
2635 | | decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep); |
2636 | | extern krb5_error_code |
2637 | | encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code); |
2638 | | |
2639 | | static int |
2640 | | keytype_for_cksumtype(krb5_cksumtype checksum) |
2641 | | { |
2642 | | static const int keytypes[] = { |
2643 | | 18, |
2644 | | 17, |
2645 | | 23, |
2646 | | }; |
2647 | | unsigned i; |
2648 | | |
2649 | | for (i = 0; i < array_length(keytypes); i++) { |
2650 | | krb5_cksumtype checksumtype = 0; |
2651 | | krb5_error_code ret; |
2652 | | |
2653 | | ret = krb5int_c_mandatory_cksumtype(krb5_ctx, |
2654 | | keytypes[i], |
2655 | | &checksumtype); |
2656 | | if (ret != 0) { |
2657 | | continue; |
2658 | | } |
2659 | | if (checksum == checksumtype) { |
2660 | | return keytypes[i]; |
2661 | | } |
2662 | | } |
2663 | | |
2664 | | return -1; |
2665 | | } |
2666 | | |
2667 | | struct verify_krb5_pac_state { |
2668 | | int pacbuffer_length; |
2669 | | const uint8_t *pacbuffer; |
2670 | | krb5_pac pac; |
2671 | | krb5_cksumtype server_checksum; |
2672 | | unsigned server_count; |
2673 | | enc_key_t *server_ek; |
2674 | | krb5_cksumtype kdc_checksum; |
2675 | | unsigned kdc_count; |
2676 | | enc_key_t *kdc_ek; |
2677 | | krb5_cksumtype ticket_checksum_type; |
2678 | | const krb5_data *ticket_checksum_data; |
2679 | | krb5_cksumtype full_checksum_type; |
2680 | | const krb5_data *full_checksum_data; |
2681 | | unsigned full_count; |
2682 | | enc_key_t *full_ek; |
2683 | | }; |
2684 | | |
2685 | | static void |
2686 | | verify_krb5_pac_try_server_key(void *__key _U_, void *value, void *userdata) |
2687 | | { |
2688 | | struct verify_krb5_pac_state *state = |
2689 | | (struct verify_krb5_pac_state *)userdata; |
2690 | | enc_key_t *ek = (enc_key_t *)value; |
2691 | | krb5_keyblock keyblock; |
2692 | | krb5_cksumtype checksumtype = 0; |
2693 | | krb5_error_code ret; |
2694 | | |
2695 | | if (state->server_checksum == 0) { |
2696 | | /* |
2697 | | * nothing more todo, stop traversing. |
2698 | | */ |
2699 | | return; |
2700 | | } |
2701 | | |
2702 | | if (state->server_ek != NULL) { |
2703 | | /* |
2704 | | * we're done. |
2705 | | */ |
2706 | | return; |
2707 | | } |
2708 | | |
2709 | | ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype, |
2710 | | &checksumtype); |
2711 | | if (ret != 0) { |
2712 | | /* |
2713 | | * the key is not usable, keep traversing. |
2714 | | * try the next key... |
2715 | | */ |
2716 | | return; |
2717 | | } |
2718 | | |
2719 | | keyblock.magic = KV5M_KEYBLOCK; |
2720 | | keyblock.enctype = ek->keytype; |
2721 | | keyblock.length = ek->keylength; |
2722 | | keyblock.contents = (uint8_t *)ek->keyvalue; |
2723 | | |
2724 | | if (checksumtype == state->server_checksum) { |
2725 | | state->server_count += 1; |
2726 | | ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL, |
2727 | | &keyblock, NULL); |
2728 | | if (ret == 0) { |
2729 | | state->server_ek = ek; |
2730 | | } |
2731 | | } |
2732 | | } |
2733 | | |
2734 | | static void |
2735 | | verify_krb5_pac_try_kdc_key(void *__key _U_, void *value, void *userdata) |
2736 | | { |
2737 | | struct verify_krb5_pac_state *state = |
2738 | | (struct verify_krb5_pac_state *)userdata; |
2739 | | enc_key_t *ek = (enc_key_t *)value; |
2740 | | krb5_keyblock keyblock; |
2741 | | krb5_cksumtype checksumtype = 0; |
2742 | | krb5_error_code ret; |
2743 | | |
2744 | | if (state->kdc_checksum == 0) { |
2745 | | /* |
2746 | | * nothing more todo, stop traversing. |
2747 | | */ |
2748 | | return; |
2749 | | } |
2750 | | |
2751 | | if (state->kdc_ek != NULL) { |
2752 | | /* |
2753 | | * we're done. |
2754 | | */ |
2755 | | return; |
2756 | | } |
2757 | | |
2758 | | ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype, |
2759 | | &checksumtype); |
2760 | | if (ret != 0) { |
2761 | | /* |
2762 | | * the key is not usable, keep traversing. |
2763 | | * try the next key... |
2764 | | */ |
2765 | | return; |
2766 | | } |
2767 | | |
2768 | | keyblock.magic = KV5M_KEYBLOCK; |
2769 | | keyblock.enctype = ek->keytype; |
2770 | | keyblock.length = ek->keylength; |
2771 | | keyblock.contents = (uint8_t *)ek->keyvalue; |
2772 | | |
2773 | | if (checksumtype == state->kdc_checksum) { |
2774 | | state->kdc_count += 1; |
2775 | | ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL, |
2776 | | NULL, &keyblock); |
2777 | | if (ret == 0) { |
2778 | | state->kdc_ek = ek; |
2779 | | } |
2780 | | } |
2781 | | } |
2782 | | |
2783 | | #define __KRB5_PAC_TICKET_CHECKSUM 16 |
2784 | | |
2785 | | static void |
2786 | | verify_krb5_pac_ticket_checksum(proto_tree *tree _U_, |
2787 | | asn1_ctx_t *actx _U_, |
2788 | | tvbuff_t *pactvb _U_, |
2789 | | struct verify_krb5_pac_state *state _U_) |
2790 | | { |
2791 | | #ifdef HAVE_DECODE_KRB5_ENC_TKT_PART |
2792 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
2793 | | tvbuff_t *teptvb = private_data->last_ticket_enc_part_tvb; |
2794 | | unsigned teplength = 0; |
2795 | | const uint8_t *tepbuffer = NULL; |
2796 | | krb5_data tepdata = { .length = 0, }; |
2797 | | krb5_enc_tkt_part *tep = NULL; |
2798 | | krb5_data *tmpdata = NULL; |
2799 | | krb5_error_code ret; |
2800 | | krb5_authdata **recoded_container = NULL; |
2801 | | int ad_orig_idx = -1; |
2802 | | krb5_authdata *ad_orig_ptr = NULL; |
2803 | | int l0idx = 0; |
2804 | | krb5_keyblock kdc_key = { .magic = KV5M_KEYBLOCK, }; |
2805 | | size_t checksum_length = 0; |
2806 | | krb5_checksum checksum = { .checksum_type = 0, }; |
2807 | | krb5_boolean valid = false; |
2808 | | |
2809 | | if (state->kdc_ek == NULL) { |
2810 | | int keytype = keytype_for_cksumtype(state->ticket_checksum_type); |
2811 | | missing_signing_key(tree, actx->pinfo, private_data, |
2812 | | pactvb, state->ticket_checksum_type, |
2813 | | keytype, |
2814 | | "Missing KDC (for ticket)", |
2815 | | "kdc_checksum_key", |
2816 | | 0, |
2817 | | 0); |
2818 | | return; |
2819 | | } |
2820 | | |
2821 | | if (teptvb == NULL) { |
2822 | | return; |
2823 | | } |
2824 | | |
2825 | | teplength = tvb_captured_length(teptvb); |
2826 | | /* make sure we have all the data we need */ |
2827 | | if (teplength < tvb_reported_length(teptvb)) { |
2828 | | return; |
2829 | | } |
2830 | | |
2831 | | tepbuffer = tvb_get_ptr(teptvb, 0, teplength); |
2832 | | if (tepbuffer == NULL) { |
2833 | | return; |
2834 | | } |
2835 | | |
2836 | | kdc_key.magic = KV5M_KEYBLOCK; |
2837 | | kdc_key.enctype = state->kdc_ek->keytype; |
2838 | | kdc_key.length = state->kdc_ek->keylength; |
2839 | | kdc_key.contents = (uint8_t *)state->kdc_ek->keyvalue; |
2840 | | |
2841 | | checksum.checksum_type = state->ticket_checksum_type; |
2842 | | checksum.length = state->ticket_checksum_data->length; |
2843 | | checksum.contents = (uint8_t *)state->ticket_checksum_data->data; |
2844 | | if (checksum.length >= 4) { |
2845 | | checksum.length -= 4; |
2846 | | checksum.contents += 4; |
2847 | | } |
2848 | | |
2849 | | ret = krb5_c_checksum_length(krb5_ctx, |
2850 | | checksum.checksum_type, |
2851 | | &checksum_length); |
2852 | | if (ret != 0) { |
2853 | | missing_signing_key(tree, actx->pinfo, private_data, |
2854 | | pactvb, state->ticket_checksum_type, |
2855 | | state->kdc_ek->keytype, |
2856 | | "krb5_c_checksum_length failed for Ticket Signature", |
2857 | | "kdc_checksum_key", |
2858 | | 1, |
2859 | | 0); |
2860 | | return; |
2861 | | } |
2862 | | checksum.length = MIN(checksum.length, (unsigned int)checksum_length); |
2863 | | |
2864 | | tepdata.data = (void *)tepbuffer; |
2865 | | tepdata.length = teplength; |
2866 | | |
2867 | | ret = decode_krb5_enc_tkt_part(&tepdata, &tep); |
2868 | | if (ret != 0) { |
2869 | | missing_signing_key(tree, actx->pinfo, private_data, |
2870 | | pactvb, state->ticket_checksum_type, |
2871 | | state->kdc_ek->keytype, |
2872 | | "decode_krb5_enc_tkt_part failed", |
2873 | | "kdc_checksum_key", |
2874 | | 1, |
2875 | | 0); |
2876 | | return; |
2877 | | } |
2878 | | |
2879 | | for (l0idx = 0; tep->authorization_data[l0idx]; l0idx++) { |
2880 | | krb5_authdata *adl0 = tep->authorization_data[l0idx]; |
2881 | | krb5_authdata **decoded_container = NULL; |
2882 | | krb5_authdata *ad_pac = NULL; |
2883 | | int l1idx = 0; |
2884 | | |
2885 | | if (adl0->ad_type != KRB5_AUTHDATA_IF_RELEVANT) { |
2886 | | continue; |
2887 | | } |
2888 | | |
2889 | | ret = krb5_decode_authdata_container(krb5_ctx, |
2890 | | KRB5_AUTHDATA_IF_RELEVANT, |
2891 | | adl0, |
2892 | | &decoded_container); |
2893 | | if (ret != 0) { |
2894 | | missing_signing_key(tree, actx->pinfo, private_data, |
2895 | | pactvb, state->ticket_checksum_type, |
2896 | | state->kdc_ek->keytype, |
2897 | | "krb5_decode_authdata_container failed", |
2898 | | "kdc_checksum_key", |
2899 | | 1, |
2900 | | 0); |
2901 | | krb5_free_enc_tkt_part(krb5_ctx, tep); |
2902 | | return; |
2903 | | } |
2904 | | |
2905 | | for (l1idx = 0; decoded_container[l1idx]; l1idx++) { |
2906 | | krb5_authdata *adl1 = decoded_container[l1idx]; |
2907 | | |
2908 | | if (adl1->ad_type != KRB5_AUTHDATA_WIN2K_PAC) { |
2909 | | continue; |
2910 | | } |
2911 | | |
2912 | | ad_pac = adl1; |
2913 | | break; |
2914 | | } |
2915 | | |
2916 | | if (ad_pac == NULL) { |
2917 | | krb5_free_authdata(krb5_ctx, decoded_container); |
2918 | | continue; |
2919 | | } |
2920 | | |
2921 | | ad_pac->length = 1; |
2922 | | ad_pac->contents[0] = '\0'; |
2923 | | |
2924 | | ret = krb5_encode_authdata_container(krb5_ctx, |
2925 | | KRB5_AUTHDATA_IF_RELEVANT, |
2926 | | decoded_container, |
2927 | | &recoded_container); |
2928 | | krb5_free_authdata(krb5_ctx, decoded_container); |
2929 | | decoded_container = NULL; |
2930 | | if (ret != 0) { |
2931 | | missing_signing_key(tree, actx->pinfo, private_data, |
2932 | | pactvb, state->ticket_checksum_type, |
2933 | | state->kdc_ek->keytype, |
2934 | | "krb5_encode_authdata_container failed", |
2935 | | "kdc_checksum_key", |
2936 | | 1, |
2937 | | 0); |
2938 | | krb5_free_enc_tkt_part(krb5_ctx, tep); |
2939 | | return; |
2940 | | } |
2941 | | |
2942 | | ad_orig_idx = l0idx; |
2943 | | ad_orig_ptr = adl0; |
2944 | | tep->authorization_data[l0idx] = recoded_container[0]; |
2945 | | break; |
2946 | | } |
2947 | | |
2948 | | ret = encode_krb5_enc_tkt_part(tep, &tmpdata); |
2949 | | if (ad_orig_ptr != NULL) { |
2950 | | tep->authorization_data[ad_orig_idx] = ad_orig_ptr; |
2951 | | } |
2952 | | krb5_free_enc_tkt_part(krb5_ctx, tep); |
2953 | | tep = NULL; |
2954 | | if (recoded_container != NULL) { |
2955 | | krb5_free_authdata(krb5_ctx, recoded_container); |
2956 | | recoded_container = NULL; |
2957 | | } |
2958 | | if (ret != 0) { |
2959 | | missing_signing_key(tree, actx->pinfo, private_data, |
2960 | | pactvb, state->ticket_checksum_type, |
2961 | | state->kdc_ek->keytype, |
2962 | | "encode_krb5_enc_tkt_part failed", |
2963 | | "kdc_checksum_key", |
2964 | | 1, |
2965 | | 0); |
2966 | | return; |
2967 | | } |
2968 | | |
2969 | | ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key, |
2970 | | KRB5_KEYUSAGE_APP_DATA_CKSUM, |
2971 | | tmpdata, &checksum, &valid); |
2972 | | krb5_free_data(krb5_ctx, tmpdata); |
2973 | | tmpdata = NULL; |
2974 | | if (ret != 0) { |
2975 | | missing_signing_key(tree, actx->pinfo, private_data, |
2976 | | pactvb, state->ticket_checksum_type, |
2977 | | state->kdc_ek->keytype, |
2978 | | "krb5_c_verify_checksum failed for Ticket Signature", |
2979 | | "kdc_checksum_key", |
2980 | | 1, |
2981 | | 1); |
2982 | | return; |
2983 | | } |
2984 | | |
2985 | | if (valid == false) { |
2986 | | missing_signing_key(tree, actx->pinfo, private_data, |
2987 | | pactvb, state->ticket_checksum_type, |
2988 | | state->kdc_ek->keytype, |
2989 | | "Invalid Ticket", |
2990 | | "kdc_checksum_key", |
2991 | | 1, |
2992 | | 1); |
2993 | | return; |
2994 | | } |
2995 | | |
2996 | | used_signing_key(tree, actx->pinfo, private_data, |
2997 | | state->kdc_ek, pactvb, |
2998 | | state->ticket_checksum_type, |
2999 | | "Verified Ticket", |
3000 | | "kdc_checksum_key", |
3001 | | 1, |
3002 | | 1); |
3003 | | #endif /* HAVE_DECODE_KRB5_ENC_TKT_PART */ |
3004 | | } |
3005 | | |
3006 | | #define __KRB5_PAC_FULL_CHECKSUM 19 |
3007 | | |
3008 | | static void |
3009 | | verify_krb5_pac_full_checksum(proto_tree *tree, |
3010 | | asn1_ctx_t *actx, |
3011 | | tvbuff_t *orig_pactvb, |
3012 | | struct verify_krb5_pac_state *state) |
3013 | | { |
3014 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
3015 | | krb5_error_code ret; |
3016 | | krb5_keyblock kdc_key = { .magic = KV5M_KEYBLOCK, }; |
3017 | | size_t checksum_length = 0; |
3018 | | krb5_checksum checksum = { .checksum_type = 0, }; |
3019 | | krb5_data pac_data = { .length = 0, }; |
3020 | | tvbuff_t *copy_pactvb = NULL; |
3021 | | uint32_t cur_offset; |
3022 | | uint32_t num_buffers; |
3023 | | uint32_t idx; |
3024 | | krb5_boolean valid = false; |
3025 | | |
3026 | | if (state->kdc_ek == NULL) { |
3027 | | int keytype = keytype_for_cksumtype(state->full_checksum_type); |
3028 | | missing_signing_key(tree, actx->pinfo, private_data, |
3029 | | orig_pactvb, state->full_checksum_type, |
3030 | | keytype, |
3031 | | "Missing KDC (for full)", |
3032 | | "kdc_checksum_key", |
3033 | | 0, |
3034 | | 0); |
3035 | | return; |
3036 | | } |
3037 | | |
3038 | | kdc_key.magic = KV5M_KEYBLOCK; |
3039 | | kdc_key.enctype = state->kdc_ek->keytype; |
3040 | | kdc_key.length = state->kdc_ek->keylength; |
3041 | | kdc_key.contents = (uint8_t *)state->kdc_ek->keyvalue; |
3042 | | |
3043 | | ret = krb5_c_checksum_length(krb5_ctx, |
3044 | | state->full_checksum_type, |
3045 | | &checksum_length); |
3046 | | if (ret != 0) { |
3047 | | missing_signing_key(tree, actx->pinfo, private_data, |
3048 | | orig_pactvb, state->full_checksum_type, |
3049 | | state->kdc_ek->keytype, |
3050 | | "krb5_c_checksum_length failed for Full Signature", |
3051 | | "kdc_checksum_key", |
3052 | | 1, |
3053 | | 0); |
3054 | | return; |
3055 | | } |
3056 | | |
3057 | | /* |
3058 | | * The checksum element begins with 4 bytes of type |
3059 | | * (state->full_checksum_type) before the crypto checksum |
3060 | | */ |
3061 | | if (state->full_checksum_data->length < (4 + checksum_length)) { |
3062 | | missing_signing_key(tree, actx->pinfo, private_data, |
3063 | | orig_pactvb, state->full_checksum_type, |
3064 | | state->kdc_ek->keytype, |
3065 | | "pacbuffer_length too short for Full Signature", |
3066 | | "kdc_checksum_key", |
3067 | | 1, |
3068 | | 0); |
3069 | | return; |
3070 | | } |
3071 | | |
3072 | | pac_data.data = wmem_memdup(actx->pinfo->pool, state->pacbuffer, state->pacbuffer_length); |
3073 | | if (pac_data.data == NULL) { |
3074 | | missing_signing_key(tree, actx->pinfo, private_data, |
3075 | | orig_pactvb, state->full_checksum_type, |
3076 | | state->kdc_ek->keytype, |
3077 | | "wmem_memdup(pacbuffer) failed", |
3078 | | "kdc_checksum_key", |
3079 | | 1, |
3080 | | 0); |
3081 | | return; |
3082 | | } |
3083 | | pac_data.length = state->pacbuffer_length; |
3084 | | |
3085 | | copy_pactvb = tvb_new_child_real_data(orig_pactvb, |
3086 | | (uint8_t *)pac_data.data, |
3087 | | pac_data.length, |
3088 | | pac_data.length); |
3089 | | if (copy_pactvb == NULL) { |
3090 | | missing_signing_key(tree, actx->pinfo, private_data, |
3091 | | orig_pactvb, state->full_checksum_type, |
3092 | | state->kdc_ek->keytype, |
3093 | | "tvb_new_child_real_data(pac_copy) failed", |
3094 | | "kdc_checksum_key", |
3095 | | 1, |
3096 | | 0); |
3097 | | return; |
3098 | | } |
3099 | | |
3100 | | #define __PAC_CHECK_OFFSET_SIZE(__offset, __length, __reason) do { \ |
3101 | | uint64_t __end = state->pacbuffer_length; \ |
3102 | | uint64_t __offset64 = __offset; \ |
3103 | | uint64_t __length64 = __length; \ |
3104 | | uint64_t __last; \ |
3105 | | if (__offset64 > INT32_MAX) { \ |
3106 | | missing_signing_key(tree, actx->pinfo, private_data, \ |
3107 | | orig_pactvb, state->full_checksum_type, \ |
3108 | | state->kdc_ek->keytype, \ |
3109 | | __reason, \ |
3110 | | "kdc_checksum_key", \ |
3111 | | 1, \ |
3112 | | 0); \ |
3113 | | return; \ |
3114 | | } \ |
3115 | | if (__length64 > INT32_MAX) { \ |
3116 | | missing_signing_key(tree, actx->pinfo, private_data, \ |
3117 | | orig_pactvb, state->full_checksum_type, \ |
3118 | | state->kdc_ek->keytype, \ |
3119 | | __reason, \ |
3120 | | "kdc_checksum_key", \ |
3121 | | 1, \ |
3122 | | 0); \ |
3123 | | return; \ |
3124 | | } \ |
3125 | | __last = __offset64 + __length64; \ |
3126 | | if (__last > __end) { \ |
3127 | | missing_signing_key(tree, actx->pinfo, private_data, \ |
3128 | | orig_pactvb, state->full_checksum_type, \ |
3129 | | state->kdc_ek->keytype, \ |
3130 | | __reason, \ |
3131 | | "kdc_checksum_key", \ |
3132 | | 1, \ |
3133 | | 0); \ |
3134 | | return; \ |
3135 | | } \ |
3136 | | } while(0) |
3137 | | |
3138 | | cur_offset = 0; |
3139 | | __PAC_CHECK_OFFSET_SIZE(cur_offset, 8, "PACTYPE Header"); |
3140 | | num_buffers = tvb_get_uint32(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN); |
3141 | | cur_offset += 4; |
3142 | | /* ignore 4 byte version */ |
3143 | | cur_offset += 4; |
3144 | | |
3145 | | for (idx = 0; idx < num_buffers; idx++) { |
3146 | | uint32_t b_type; |
3147 | | uint32_t b_length; |
3148 | | uint64_t b_offset; |
3149 | | |
3150 | | __PAC_CHECK_OFFSET_SIZE(cur_offset, 16, "PAC_INFO_BUFFER Header"); |
3151 | | b_type = tvb_get_uint32(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN); |
3152 | | cur_offset += 4; |
3153 | | b_length = tvb_get_uint32(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN); |
3154 | | cur_offset += 4; |
3155 | | b_offset = tvb_get_uint64(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN); |
3156 | | cur_offset += 8; |
3157 | | |
3158 | | __PAC_CHECK_OFFSET_SIZE(b_offset, b_length, "PAC_INFO_BUFFER Payload"); |
3159 | | |
3160 | | if (b_length <= 4) { |
3161 | | continue; |
3162 | | } |
3163 | | |
3164 | | /* |
3165 | | * Leave PAC_TICKET_CHECKSUM and clear all other checksums |
3166 | | * and their possible RODC identifier, but leaving their |
3167 | | * checksum type as is. |
3168 | | */ |
3169 | | switch (b_type) { |
3170 | | case KRB5_PAC_SERVER_CHECKSUM: |
3171 | | case KRB5_PAC_PRIVSVR_CHECKSUM: |
3172 | | case __KRB5_PAC_FULL_CHECKSUM: |
3173 | | memset(pac_data.data + b_offset+4, 0, b_length-4); |
3174 | | break; |
3175 | | } |
3176 | | } |
3177 | | |
3178 | | checksum.checksum_type = state->full_checksum_type; |
3179 | | checksum.contents = (uint8_t *)state->full_checksum_data->data + 4; |
3180 | | checksum.length = (unsigned)checksum_length; |
3181 | | |
3182 | | ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key, |
3183 | | KRB5_KEYUSAGE_APP_DATA_CKSUM, |
3184 | | &pac_data, &checksum, &valid); |
3185 | | if (ret != 0) { |
3186 | | missing_signing_key(tree, actx->pinfo, private_data, |
3187 | | orig_pactvb, state->full_checksum_type, |
3188 | | state->kdc_ek->keytype, |
3189 | | "krb5_c_verify_checksum failed for Full PAC Signature", |
3190 | | "kdc_checksum_key", |
3191 | | 1, |
3192 | | 1); |
3193 | | return; |
3194 | | } |
3195 | | |
3196 | | if (valid == false) { |
3197 | | missing_signing_key(tree, actx->pinfo, private_data, |
3198 | | orig_pactvb, state->full_checksum_type, |
3199 | | state->kdc_ek->keytype, |
3200 | | "Invalid Full PAC Signature", |
3201 | | "kdc_checksum_key", |
3202 | | 1, |
3203 | | 1); |
3204 | | return; |
3205 | | } |
3206 | | |
3207 | | used_signing_key(tree, actx->pinfo, private_data, |
3208 | | state->kdc_ek, orig_pactvb, |
3209 | | state->full_checksum_type, |
3210 | | "Verified Full PAC", |
3211 | | "kdc_checksum_key", |
3212 | | 1, |
3213 | | 1); |
3214 | | } |
3215 | | |
3216 | | static void |
3217 | | verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb) |
3218 | | { |
3219 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
3220 | | krb5_error_code ret; |
3221 | | krb5_data checksum_data = {0,0,NULL}; |
3222 | | krb5_data ticket_checksum_data = {0,0,NULL}; |
3223 | | krb5_data full_checksum_data = {0,0,NULL}; |
3224 | | int length = tvb_captured_length(pactvb); |
3225 | | const uint8_t *pacbuffer = NULL; |
3226 | | struct verify_krb5_pac_state state = { |
3227 | | .kdc_checksum = 0, |
3228 | | }; |
3229 | | |
3230 | | /* don't do anything if we are not attempting to decrypt data */ |
3231 | | if(!krb_decrypt || length < 1){ |
3232 | | return; |
3233 | | } |
3234 | | |
3235 | | /* make sure we have all the data we need */ |
3236 | | if (tvb_captured_length(pactvb) < tvb_reported_length(pactvb)) { |
3237 | | return; |
3238 | | } |
3239 | | |
3240 | | pacbuffer = tvb_get_ptr(pactvb, 0, length); |
3241 | | state.pacbuffer_length = length; |
3242 | | state.pacbuffer = pacbuffer; |
3243 | | |
3244 | | ret = krb5_pac_parse(krb5_ctx, pacbuffer, length, &state.pac); |
3245 | | if (ret != 0) { |
3246 | | proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype, |
3247 | | pactvb, 0, 0, |
3248 | | "Failed to parse PAC buffer %d in frame %u", |
3249 | | ret, actx->pinfo->fd->num); |
3250 | | return; |
3251 | | } |
3252 | | |
3253 | | ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_SERVER_CHECKSUM, |
3254 | | &checksum_data); |
3255 | | if (ret == 0) { |
3256 | | state.server_checksum = pletoh32(checksum_data.data); |
3257 | | krb5_free_data_contents(krb5_ctx, &checksum_data); |
3258 | | }; |
3259 | | ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_PRIVSVR_CHECKSUM, |
3260 | | &checksum_data); |
3261 | | if (ret == 0) { |
3262 | | state.kdc_checksum = pletoh32(checksum_data.data); |
3263 | | krb5_free_data_contents(krb5_ctx, &checksum_data); |
3264 | | }; |
3265 | | ret = krb5_pac_get_buffer(krb5_ctx, state.pac, |
3266 | | __KRB5_PAC_TICKET_CHECKSUM, |
3267 | | &ticket_checksum_data); |
3268 | | if (ret == 0) { |
3269 | | state.ticket_checksum_data = &ticket_checksum_data; |
3270 | | state.ticket_checksum_type = pletoh32(ticket_checksum_data.data); |
3271 | | }; |
3272 | | ret = krb5_pac_get_buffer(krb5_ctx, state.pac, |
3273 | | __KRB5_PAC_FULL_CHECKSUM, |
3274 | | &full_checksum_data); |
3275 | | if (ret == 0) { |
3276 | | state.full_checksum_data = &full_checksum_data; |
3277 | | state.full_checksum_type = pletoh32(full_checksum_data.data); |
3278 | | }; |
3279 | | |
3280 | | read_keytab_file_from_preferences(); |
3281 | | |
3282 | | wmem_map_foreach(kerberos_all_keys, |
3283 | | verify_krb5_pac_try_server_key, |
3284 | | &state); |
3285 | | if (state.server_ek != NULL) { |
3286 | | used_signing_key(tree, actx->pinfo, private_data, |
3287 | | state.server_ek, pactvb, |
3288 | | state.server_checksum, "Verified Server", |
3289 | | "all_keys", |
3290 | | wmem_map_size(kerberos_all_keys), |
3291 | | state.server_count); |
3292 | | } else { |
3293 | | int keytype = keytype_for_cksumtype(state.server_checksum); |
3294 | | missing_signing_key(tree, actx->pinfo, private_data, |
3295 | | pactvb, state.server_checksum, keytype, |
3296 | | "Missing Server", |
3297 | | "all_keys", |
3298 | | wmem_map_size(kerberos_all_keys), |
3299 | | state.server_count); |
3300 | | } |
3301 | | wmem_map_foreach(kerberos_longterm_keys, |
3302 | | verify_krb5_pac_try_kdc_key, |
3303 | | &state); |
3304 | | if (state.kdc_ek != NULL) { |
3305 | | used_signing_key(tree, actx->pinfo, private_data, |
3306 | | state.kdc_ek, pactvb, |
3307 | | state.kdc_checksum, "Verified KDC", |
3308 | | "longterm_keys", |
3309 | | wmem_map_size(kerberos_longterm_keys), |
3310 | | state.kdc_count); |
3311 | | } else { |
3312 | | int keytype = keytype_for_cksumtype(state.kdc_checksum); |
3313 | | missing_signing_key(tree, actx->pinfo, private_data, |
3314 | | pactvb, state.kdc_checksum, keytype, |
3315 | | "Missing KDC", |
3316 | | "longterm_keys", |
3317 | | wmem_map_size(kerberos_longterm_keys), |
3318 | | state.kdc_count); |
3319 | | } |
3320 | | |
3321 | | if (state.ticket_checksum_type != 0) { |
3322 | | verify_krb5_pac_ticket_checksum(tree, actx, pactvb, &state); |
3323 | | } |
3324 | | |
3325 | | if (state.ticket_checksum_data != NULL) { |
3326 | | krb5_free_data_contents(krb5_ctx, &ticket_checksum_data); |
3327 | | } |
3328 | | |
3329 | | if (state.full_checksum_type != 0) { |
3330 | | verify_krb5_pac_full_checksum(tree, actx, pactvb, &state); |
3331 | | } |
3332 | | |
3333 | | if (state.full_checksum_data != NULL) { |
3334 | | krb5_free_data_contents(krb5_ctx, &full_checksum_data); |
3335 | | } |
3336 | | |
3337 | | krb5_pac_free(krb5_ctx, state.pac); |
3338 | | } |
3339 | | #endif /* HAVE_KRB5_PAC_VERIFY */ |
3340 | | |
3341 | | #elif defined(HAVE_HEIMDAL_KERBEROS) |
3342 | | static krb5_context krb5_ctx; |
3343 | | |
3344 | | USES_APPLE_DEPRECATED_API |
3345 | | |
3346 | | static void |
3347 | | krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_, |
3348 | | enc_key_t *ek1 _U_, const char *p1 _U_, |
3349 | | enc_key_t *ek2 _U_, const char *p2 _U_, |
3350 | | const char *origin _U_) |
3351 | | { |
3352 | | /* TODO: use krb5_crypto_fx_cf2() from Heimdal */ |
3353 | | } |
3354 | | void |
3355 | | read_keytab_file(const char *filename) |
3356 | | { |
3357 | | krb5_keytab keytab; |
3358 | | krb5_error_code ret; |
3359 | | krb5_keytab_entry key; |
3360 | | krb5_kt_cursor cursor; |
3361 | | enc_key_t *new_key; |
3362 | | static bool first_time=true; |
3363 | | |
3364 | | if (filename == NULL || filename[0] == 0) { |
3365 | | return; |
3366 | | } |
3367 | | |
3368 | | if(first_time){ |
3369 | | first_time=false; |
3370 | | ret = krb5_init_context(&krb5_ctx); |
3371 | | if(ret){ |
3372 | | return; |
3373 | | } |
3374 | | } |
3375 | | |
3376 | | /* should use a file in the wireshark users dir */ |
3377 | | ret = krb5_kt_resolve(krb5_ctx, filename, &keytab); |
3378 | | if(ret){ |
3379 | | ws_critical("KERBEROS ERROR: Could not open keytab file: %s", filename); |
3380 | | |
3381 | | return; |
3382 | | } |
3383 | | |
3384 | | ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor); |
3385 | | if(ret){ |
3386 | | ws_critical("KERBEROS ERROR: Could not read from keytab file: %s", filename); |
3387 | | return; |
3388 | | } |
3389 | | |
3390 | | do{ |
3391 | | ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor); |
3392 | | if(ret==0){ |
3393 | | unsigned int i; |
3394 | | wmem_strbuf_t* str_principal = wmem_strbuf_new(wmem_epan_scope(), "keytab principal "); |
3395 | | |
3396 | | new_key = wmem_new0(wmem_epan_scope(), enc_key_t); |
3397 | | new_key->fd_num = -1; |
3398 | | new_key->id = ++kerberos_longterm_ids; |
3399 | | new_key->id_str = wmem_strdup_printf(wmem_epan_scope(), "keytab.%u", new_key->id); |
3400 | | new_key->next = enc_key_list; |
3401 | | |
3402 | | /* generate origin string, describing where this key came from */ |
3403 | | for(i=0;i<key.principal->name.name_string.len;i++){ |
3404 | | wmem_strbuf_append_printf(str_principal, "%s%s",(i?"/":""),key.principal->name.name_string.val[i])); |
3405 | | } |
3406 | | wmem_strbuf_append_printf(str_principal, "@%s",key.principal->realm); |
3407 | | new_key->key_origin = (char*)wmem_strbuf_get_str(str_principal); |
3408 | | new_key->keytype=key.keyblock.keytype; |
3409 | | new_key->keylength=(int)key.keyblock.keyvalue.length; |
3410 | | memcpy(new_key->keyvalue, |
3411 | | key.keyblock.keyvalue.data, |
3412 | | MIN((unsigned)key.keyblock.keyvalue.length, KRB_MAX_KEY_LENGTH)); |
3413 | | |
3414 | | enc_key_list=new_key; |
3415 | | ret = krb5_kt_free_entry(krb5_ctx, &key); |
3416 | | if (ret) { |
3417 | | ws_critical("KERBEROS ERROR: Could not release the entry: %d", ret); |
3418 | | ret = 0; /* try to continue with the next entry */ |
3419 | | } |
3420 | | kerberos_key_map_insert(kerberos_longterm_keys, new_key); |
3421 | | } |
3422 | | }while(ret==0); |
3423 | | |
3424 | | ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor); |
3425 | | if(ret){ |
3426 | | ws_critical("KERBEROS ERROR: Could not release the keytab cursor: %d", ret); |
3427 | | } |
3428 | | ret = krb5_kt_close(krb5_ctx, keytab); |
3429 | | if(ret){ |
3430 | | ws_critical("KERBEROS ERROR: Could not close the key table handle: %d", ret); |
3431 | | } |
3432 | | |
3433 | | } |
3434 | | USES_APPLE_RST |
3435 | | |
3436 | | |
3437 | | uint8_t * |
3438 | | decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, |
3439 | | int usage, |
3440 | | tvbuff_t *cryptotvb, |
3441 | | int keytype, |
3442 | | int *datalen) |
3443 | | { |
3444 | | kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo); |
3445 | | krb5_error_code ret; |
3446 | | krb5_data data; |
3447 | | enc_key_t *ek; |
3448 | | int length = tvb_captured_length(cryptotvb); |
3449 | | const uint8_t *cryptotext = tvb_get_ptr(cryptotvb, 0, length); |
3450 | | |
3451 | | /* don't do anything if we are not attempting to decrypt data */ |
3452 | | if(!krb_decrypt){ |
3453 | | return NULL; |
3454 | | } |
3455 | | |
3456 | | /* make sure we have all the data we need */ |
3457 | | if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) { |
3458 | | return NULL; |
3459 | | } |
3460 | | |
3461 | | read_keytab_file_from_preferences(); |
3462 | | |
3463 | | for(ek=enc_key_list;ek;ek=ek->next){ |
3464 | | krb5_keytab_entry key; |
3465 | | krb5_crypto crypto; |
3466 | | uint8_t *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */ |
3467 | | |
3468 | | /* shortcircuit and bail out if enctypes are not matching */ |
3469 | | if((keytype != -1) && (ek->keytype != keytype)) { |
3470 | | continue; |
3471 | | } |
3472 | | |
3473 | | key.keyblock.keytype=ek->keytype; |
3474 | | key.keyblock.keyvalue.length=ek->keylength; |
3475 | | key.keyblock.keyvalue.data=ek->keyvalue; |
3476 | | ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), (krb5_enctype)ENCTYPE_NULL, &crypto); |
3477 | | if(ret){ |
3478 | | return NULL; |
3479 | | } |
3480 | | |
3481 | | /* pre-0.6.1 versions of Heimdal would sometimes change |
3482 | | the cryptotext data even when the decryption failed. |
3483 | | This would obviously not work since we iterate over the |
3484 | | keys. So just give it a copy of the crypto data instead. |
3485 | | This has been seen for RC4-HMAC blobs. |
3486 | | */ |
3487 | | cryptocopy = (uint8_t *)wmem_memdup(pinfo->pool, cryptotext, length); |
3488 | | ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage, |
3489 | | cryptocopy, length, |
3490 | | &data, |
3491 | | NULL); |
3492 | | if((ret == 0) && (length>0)){ |
3493 | | char *user_data; |
3494 | | |
3495 | | used_encryption_key(tree, pinfo, zero_private, |
3496 | | ek, usage, cryptotvb, |
3497 | | "enc_key_list", 0, 0); |
3498 | | |
3499 | | krb5_crypto_destroy(krb5_ctx, crypto); |
3500 | | /* return a private wmem_alloced blob to the caller */ |
3501 | | user_data = (char *)wmem_memdup(pinfo->pool, data.data, (unsigned)data.length); |
3502 | | if (datalen) { |
3503 | | *datalen = (int)data.length; |
3504 | | } |
3505 | | return user_data; |
3506 | | } |
3507 | | krb5_crypto_destroy(krb5_ctx, crypto); |
3508 | | } |
3509 | | return NULL; |
3510 | | } |
3511 | | |
3512 | | #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1 |
3513 | | |
3514 | | #elif defined (HAVE_LIBNETTLE) |
3515 | | |
3516 | | #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2) |
3517 | | #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */ |
3518 | | |
3519 | | typedef struct _service_key_t { |
3520 | | uint16_t kvno; |
3521 | | int keytype; |
3522 | | int length; |
3523 | | uint8_t *contents; |
3524 | | char *origin; |
3525 | | } service_key_t; |
3526 | | GSList *service_key_list; |
3527 | | |
3528 | | |
3529 | | static void |
3530 | | add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin) |
3531 | | { |
3532 | | service_key_t *new_key; |
3533 | | |
3534 | | if(pinfo->fd->visited){ |
3535 | | return; |
3536 | | } |
3537 | | |
3538 | | new_key = g_malloc(sizeof(service_key_t)); |
3539 | | new_key->kvno = 0; |
3540 | | new_key->keytype = keytype; |
3541 | | new_key->length = keylength; |
3542 | | new_key->contents = g_memdup2(keyvalue, keylength); |
3543 | | new_key->origin = g_strdup_printf("%s learnt from frame %u", origin, pinfo->num); |
3544 | | service_key_list = g_slist_append(service_key_list, (void *) new_key); |
3545 | | } |
3546 | | |
3547 | | static void |
3548 | | save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_, |
3549 | | asn1_ctx_t *actx _U_, proto_tree *tree _U_, |
3550 | | int parent_hf_index _U_, |
3551 | | int hf_index _U_) |
3552 | | { |
3553 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
3554 | | const char *parent = proto_registrar_get_name(parent_hf_index); |
3555 | | const char *element = proto_registrar_get_name(hf_index); |
3556 | | char* origin = wmem_strdup_printf(actx->pinfo->pool, "%s_%s", parent, element); |
3557 | | |
3558 | | add_encryption_key(actx->pinfo, |
3559 | | private_data->key.keytype, |
3560 | | private_data->key.keylength, |
3561 | | private_data->key.keyvalue, |
3562 | | origin); |
3563 | | } |
3564 | | |
3565 | | static void |
3566 | | save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length, |
3567 | | asn1_ctx_t *actx, proto_tree *tree, |
3568 | | int parent_hf_index, |
3569 | | int hf_index) |
3570 | | { |
3571 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
3572 | | } |
3573 | | |
3574 | | static void |
3575 | | save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length, |
3576 | | asn1_ctx_t *actx, proto_tree *tree, |
3577 | | int parent_hf_index, |
3578 | | int hf_index) |
3579 | | { |
3580 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
3581 | | } |
3582 | | |
3583 | | static void |
3584 | | save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length, |
3585 | | asn1_ctx_t *actx, proto_tree *tree, |
3586 | | int parent_hf_index, |
3587 | | int hf_index) |
3588 | | { |
3589 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
3590 | | } |
3591 | | |
3592 | | static void |
3593 | | save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length, |
3594 | | asn1_ctx_t *actx, proto_tree *tree, |
3595 | | int parent_hf_index, |
3596 | | int hf_index) |
3597 | | { |
3598 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
3599 | | } |
3600 | | |
3601 | | static void |
3602 | | save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length, |
3603 | | asn1_ctx_t *actx, proto_tree *tree, |
3604 | | int parent_hf_index, |
3605 | | int hf_index) |
3606 | | { |
3607 | | save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); |
3608 | | } |
3609 | | |
3610 | | static void |
3611 | | save_KrbFastResponse_strengthen_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_, |
3612 | | asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) |
3613 | | { |
3614 | | save_encryption_key(tvb, offset, length, actx, tree, hf_index); |
3615 | | } |
3616 | | |
3617 | | static void |
3618 | | clear_keytab(void) { |
3619 | | GSList *ske; |
3620 | | service_key_t *sk; |
3621 | | |
3622 | | for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){ |
3623 | | sk = (service_key_t *) ske->data; |
3624 | | if (sk) { |
3625 | | g_free(sk->contents); |
3626 | | g_free(sk->origin); |
3627 | | g_free(sk); |
3628 | | } |
3629 | | } |
3630 | | g_slist_free(service_key_list); |
3631 | | service_key_list = NULL; |
3632 | | } |
3633 | | |
3634 | | static void |
3635 | | read_keytab_file(const char *service_key_file) |
3636 | | { |
3637 | | FILE *skf; |
3638 | | ws_statb64 st; |
3639 | | service_key_t *sk; |
3640 | | unsigned char buf[SERVICE_KEY_SIZE]; |
3641 | | int newline_skip = 0, count = 0; |
3642 | | |
3643 | | if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) { |
3644 | | |
3645 | | /* The service key file contains raw 192-bit (24 byte) 3DES keys. |
3646 | | * There can be zero, one (\n), or two (\r\n) characters between |
3647 | | * keys. Trailing characters are ignored. |
3648 | | */ |
3649 | | |
3650 | | /* XXX We should support the standard keytab format instead */ |
3651 | | if (st.st_size > SERVICE_KEY_SIZE) { |
3652 | | if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) || |
3653 | | (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) { |
3654 | | newline_skip = 1; |
3655 | | } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) || |
3656 | | (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) { |
3657 | | newline_skip = 2; |
3658 | | } |
3659 | | } |
3660 | | |
3661 | | skf = ws_fopen(service_key_file, "rb"); |
3662 | | if (! skf) return; |
3663 | | |
3664 | | while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) { |
3665 | | sk = g_malloc(sizeof(service_key_t)); |
3666 | | sk->kvno = buf[0] << 8 | buf[1]; |
3667 | | sk->keytype = KEYTYPE_DES3_CBC_MD5; |
3668 | | sk->length = DES3_KEY_SIZE; |
3669 | | sk->contents = g_memdup2(buf + 2, DES3_KEY_SIZE); |
3670 | | sk->origin = g_strdup_printf("3DES service key file, key #%d, offset %ld", count, ftell(skf)); |
3671 | | service_key_list = g_slist_append(service_key_list, (void *) sk); |
3672 | | if (fseek(skf, newline_skip, SEEK_CUR) < 0) { |
3673 | | ws_critical("unable to seek..."); |
3674 | | fclose(skf); |
3675 | | return; |
3676 | | } |
3677 | | count++; |
3678 | | } |
3679 | | fclose(skf); |
3680 | | } |
3681 | | } |
3682 | | |
3683 | | #define CONFOUNDER_PLUS_CHECKSUM 24 |
3684 | | |
3685 | | uint8_t * |
3686 | | decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, |
3687 | | int _U_ usage, |
3688 | | tvbuff_t *cryptotvb, |
3689 | | int keytype, |
3690 | | int *datalen) |
3691 | | { |
3692 | | tvbuff_t *encr_tvb; |
3693 | | uint8_t *decrypted_data = NULL, *plaintext = NULL; |
3694 | | uint8_t cls; |
3695 | | bool pc; |
3696 | | uint32_t tag, item_len, data_len; |
3697 | | int id_offset, offset; |
3698 | | uint8_t key[DES3_KEY_SIZE]; |
3699 | | uint8_t initial_vector[DES_BLOCK_SIZE]; |
3700 | | gcry_md_hd_t md5_handle; |
3701 | | uint8_t *digest; |
3702 | | uint8_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
3703 | | uint8_t confounder[8]; |
3704 | | bool ind; |
3705 | | GSList *ske; |
3706 | | service_key_t *sk; |
3707 | | struct des3_ctx ctx; |
3708 | | int length = tvb_captured_length(cryptotvb); |
3709 | | const uint8_t *cryptotext = tvb_get_ptr(cryptotvb, 0, length); |
3710 | | |
3711 | | |
3712 | | /* don't do anything if we are not attempting to decrypt data */ |
3713 | | if(!krb_decrypt){ |
3714 | | return NULL; |
3715 | | } |
3716 | | |
3717 | | /* make sure we have all the data we need */ |
3718 | | if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) { |
3719 | | return NULL; |
3720 | | } |
3721 | | |
3722 | | if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) { |
3723 | | return NULL; |
3724 | | } |
3725 | | |
3726 | | decrypted_data = wmem_alloc(pinfo->pool, length); |
3727 | | for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){ |
3728 | | bool do_continue = false; |
3729 | | bool digest_ok; |
3730 | | sk = (service_key_t *) ske->data; |
3731 | | |
3732 | | des_fix_parity(DES3_KEY_SIZE, key, sk->contents); |
3733 | | |
3734 | | memset(initial_vector, 0, DES_BLOCK_SIZE); |
3735 | | des3_set_key(&ctx, key); |
3736 | | cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector, |
3737 | | length, decrypted_data, cryptotext); |
3738 | | encr_tvb = tvb_new_real_data(decrypted_data, length, length); |
3739 | | |
3740 | | tvb_memcpy(encr_tvb, confounder, 0, 8); |
3741 | | |
3742 | | /* We have to pull the decrypted data length from the decrypted |
3743 | | * content. If the key doesn't match or we otherwise get garbage, |
3744 | | * an exception may get thrown while decoding the ASN.1 header. |
3745 | | * Catch it, just in case. |
3746 | | */ |
3747 | | TRY { |
3748 | | id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag); |
3749 | | offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind); |
3750 | | } |
3751 | | CATCH_BOUNDS_ERRORS { |
3752 | | tvb_free(encr_tvb); |
3753 | | do_continue = true; |
3754 | | } |
3755 | | ENDTRY; |
3756 | | |
3757 | | if (do_continue) continue; |
3758 | | |
3759 | | data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM; |
3760 | | if ((int) item_len + offset > length) { |
3761 | | tvb_free(encr_tvb); |
3762 | | continue; |
3763 | | } |
3764 | | |
3765 | | if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) { |
3766 | | return NULL; |
3767 | | } |
3768 | | gcry_md_write(md5_handle, confounder, 8); |
3769 | | gcry_md_write(md5_handle, zero_fill, 16); |
3770 | | gcry_md_write(md5_handle, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len); |
3771 | | digest = gcry_md_read(md5_handle, 0); |
3772 | | |
3773 | | digest_ok = (tvb_memeql (encr_tvb, 8, digest, HASH_MD5_LENGTH) == 0); |
3774 | | gcry_md_close(md5_handle); |
3775 | | if (digest_ok) { |
3776 | | plaintext = (uint8_t* )tvb_memdup(pinfo->pool, encr_tvb, CONFOUNDER_PLUS_CHECKSUM, data_len); |
3777 | | tvb_free(encr_tvb); |
3778 | | |
3779 | | if (datalen) { |
3780 | | *datalen = data_len; |
3781 | | } |
3782 | | return plaintext; |
3783 | | } |
3784 | | tvb_free(encr_tvb); |
3785 | | } |
3786 | | |
3787 | | return NULL; |
3788 | | } |
3789 | | |
3790 | | #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */ |
3791 | | |
3792 | | #ifdef NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP |
3793 | | tvbuff_t * |
3794 | | decrypt_krb5_krb_cfx_dce(proto_tree *tree _U_, |
3795 | | packet_info *pinfo _U_, |
3796 | | int usage _U_, |
3797 | | int keytype _U_, |
3798 | | tvbuff_t *gssapi_header_tvb _U_, |
3799 | | tvbuff_t *gssapi_encrypted_tvb _U_, |
3800 | | tvbuff_t *gssapi_trailer_tvb _U_, |
3801 | | tvbuff_t *checksum_tvb _U_) |
3802 | | { |
3803 | | return NULL; |
3804 | | } |
3805 | | #endif /* NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP */ |
3806 | | |
3807 | 0 | #define INET6_ADDRLEN 16 |
3808 | | |
3809 | | /* TCP Record Mark */ |
3810 | 14 | #define KRB_RM_RESERVED 0x80000000U |
3811 | 894 | #define KRB_RM_RECLEN 0x7fffffffU |
3812 | | |
3813 | 12 | #define KRB5_MSG_TICKET 1 /* Ticket */ |
3814 | 15 | #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */ |
3815 | 28 | #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */ |
3816 | 33 | #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */ |
3817 | 35 | #define KRB5_MSG_AS_REP 11 /* AS-REP type */ |
3818 | 40 | #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */ |
3819 | 44 | #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */ |
3820 | 47 | #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */ |
3821 | 48 | #define KRB5_MSG_AP_REP 15 /* AP-REP type */ |
3822 | | #define KRB5_MSG_TGT_REQ 16 /* TGT-REQ type */ |
3823 | | #define KRB5_MSG_TGT_REP 17 /* TGT-REP type */ |
3824 | | |
3825 | 90 | #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */ |
3826 | 92 | #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */ |
3827 | | #define KRB5_MSG_CRED 22 /* KRB-CRED type */ |
3828 | 53 | #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */ |
3829 | 57 | #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */ |
3830 | 67 | #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */ |
3831 | 76 | #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */ |
3832 | 84 | #define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */ |
3833 | 95 | #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */ |
3834 | | |
3835 | 0 | #define KRB5_CHKSUM_GSSAPI 0x8003 |
3836 | | /* |
3837 | | * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see |
3838 | | * |
3839 | | * https://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-04 |
3840 | | * |
3841 | | * unless it's expired. |
3842 | | */ |
3843 | | |
3844 | | /* Principal name-type */ |
3845 | | #define KRB5_NT_UNKNOWN 0 |
3846 | | #define KRB5_NT_PRINCIPAL 1 |
3847 | | #define KRB5_NT_SRV_INST 2 |
3848 | | #define KRB5_NT_SRV_HST 3 |
3849 | | #define KRB5_NT_SRV_XHST 4 |
3850 | | #define KRB5_NT_UID 5 |
3851 | | #define KRB5_NT_X500_PRINCIPAL 6 |
3852 | | #define KRB5_NT_SMTP_NAME 7 |
3853 | | #define KRB5_NT_ENTERPRISE 10 |
3854 | | |
3855 | | /* |
3856 | | * MS specific name types, from |
3857 | | * |
3858 | | * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp |
3859 | | */ |
3860 | | #define KRB5_NT_MS_PRINCIPAL -128 |
3861 | | #define KRB5_NT_MS_PRINCIPAL_AND_SID -129 |
3862 | | #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130 |
3863 | | #define KRB5_NT_PRINCIPAL_AND_SID -131 |
3864 | | #define KRB5_NT_SRV_INST_AND_SID -132 |
3865 | | |
3866 | | /* error table constants */ |
3867 | | /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */ |
3868 | | #define KRB5_ET_KRB5KDC_ERR_NONE 0 |
3869 | | #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1 |
3870 | | #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2 |
3871 | | #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3 |
3872 | | #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4 |
3873 | | #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5 |
3874 | | #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6 |
3875 | | #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7 |
3876 | | #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 |
3877 | | #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9 |
3878 | | #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10 |
3879 | | #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11 |
3880 | | #define KRB5_ET_KRB5KDC_ERR_POLICY 12 |
3881 | | #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13 |
3882 | | #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14 |
3883 | | #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15 |
3884 | | #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16 |
3885 | | #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17 |
3886 | | #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18 |
3887 | | #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19 |
3888 | | #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20 |
3889 | | #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21 |
3890 | | #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22 |
3891 | | #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23 |
3892 | | #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24 |
3893 | 0 | #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25 |
3894 | | #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26 |
3895 | | #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27 |
3896 | | #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28 |
3897 | | #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29 |
3898 | | #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31 |
3899 | | #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32 |
3900 | | #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33 |
3901 | | #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34 |
3902 | | #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35 |
3903 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36 |
3904 | | #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37 |
3905 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38 |
3906 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39 |
3907 | | #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40 |
3908 | | #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41 |
3909 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42 |
3910 | | #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43 |
3911 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44 |
3912 | | #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45 |
3913 | | #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46 |
3914 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47 |
3915 | | #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48 |
3916 | | #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49 |
3917 | | #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50 |
3918 | | #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51 |
3919 | | #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52 |
3920 | | #define KRB5_ET_KRB5KRB_ERR_GENERIC 60 |
3921 | | #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61 |
3922 | | #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62 |
3923 | | #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63 |
3924 | | #define KRB5_ET_KDC_ERROR_INVALID_SIG 64 |
3925 | | #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65 |
3926 | | #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66 |
3927 | | #define KRB5_ET_KRB_AP_ERR_NO_TGT 67 |
3928 | | #define KRB5_ET_KDC_ERR_WRONG_REALM 68 |
3929 | | #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69 |
3930 | | #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70 |
3931 | | #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71 |
3932 | | #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72 |
3933 | | #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 |
3934 | | #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 |
3935 | | #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75 |
3936 | | #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76 |
3937 | | #define KRB5_ET_KRB_AP_ERR_IAKERB_KDC_NOT_FOUND 85 |
3938 | | #define KRB5_ET_KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE 86 |
3939 | | #define KRB5_ET_KDC_ERR_PREAUTH_EXPIRED 90 |
3940 | | #define KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED 91 |
3941 | | #define KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET 92 |
3942 | | #define KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS 93 |
3943 | | |
3944 | | static const value_string krb5_error_codes[] = { |
3945 | | { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" }, |
3946 | | { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" }, |
3947 | | { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" }, |
3948 | | { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" }, |
3949 | | { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" }, |
3950 | | { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" }, |
3951 | | { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" }, |
3952 | | { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" }, |
3953 | | { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" }, |
3954 | | { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" }, |
3955 | | { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" }, |
3956 | | { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" }, |
3957 | | { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" }, |
3958 | | { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" }, |
3959 | | { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" }, |
3960 | | { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" }, |
3961 | | { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" }, |
3962 | | { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" }, |
3963 | | { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" }, |
3964 | | { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" }, |
3965 | | { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" }, |
3966 | | { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" }, |
3967 | | { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" }, |
3968 | | { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" }, |
3969 | | { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" }, |
3970 | | { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" }, |
3971 | | { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" }, |
3972 | | { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" }, |
3973 | | { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" }, |
3974 | | { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" }, |
3975 | | { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" }, |
3976 | | { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" }, |
3977 | | { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" }, |
3978 | | { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" }, |
3979 | | { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" }, |
3980 | | { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" }, |
3981 | | { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" }, |
3982 | | { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" }, |
3983 | | { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" }, |
3984 | | { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" }, |
3985 | | { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" }, |
3986 | | { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" }, |
3987 | | { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" }, |
3988 | | { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" }, |
3989 | | { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" }, |
3990 | | { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" }, |
3991 | | { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" }, |
3992 | | { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" }, |
3993 | | { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" }, |
3994 | | { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" }, |
3995 | | { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" }, |
3996 | | { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"}, |
3997 | | { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" }, |
3998 | | { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" }, |
3999 | | { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" }, |
4000 | | { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" }, |
4001 | | { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" }, |
4002 | | { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" }, |
4003 | | { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" }, |
4004 | | { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" }, |
4005 | | { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" }, |
4006 | | { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" }, |
4007 | | { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" }, |
4008 | | { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" }, |
4009 | | { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" }, |
4010 | | { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" }, |
4011 | | { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" }, |
4012 | | { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" }, |
4013 | | { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" }, |
4014 | | { KRB5_ET_KRB_AP_ERR_IAKERB_KDC_NOT_FOUND, "KRB_AP_ERR_IAKERB_KDC_NOT_FOUND" }, |
4015 | | { KRB5_ET_KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE, "KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE" }, |
4016 | | { KRB5_ET_KDC_ERR_PREAUTH_EXPIRED, "KDC_ERR_PREAUTH_EXPIRED" }, |
4017 | | { KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED, "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED" }, |
4018 | | { KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET, "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET" }, |
4019 | | { KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS, "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS" }, |
4020 | | { 0, NULL } |
4021 | | }; |
4022 | | |
4023 | | |
4024 | 0 | #define PAC_LOGON_INFO 1 |
4025 | 0 | #define PAC_CREDENTIAL_TYPE 2 |
4026 | 0 | #define PAC_SERVER_CHECKSUM 6 |
4027 | 0 | #define PAC_PRIVSVR_CHECKSUM 7 |
4028 | 0 | #define PAC_CLIENT_INFO_TYPE 10 |
4029 | 0 | #define PAC_S4U_DELEGATION_INFO 11 |
4030 | 0 | #define PAC_UPN_DNS_INFO 12 |
4031 | 0 | #define PAC_CLIENT_CLAIMS_INFO 13 |
4032 | 0 | #define PAC_DEVICE_INFO 14 |
4033 | 0 | #define PAC_DEVICE_CLAIMS_INFO 15 |
4034 | 0 | #define PAC_TICKET_CHECKSUM 16 |
4035 | 0 | #define PAC_ATTRIBUTES_INFO 17 |
4036 | 0 | #define PAC_REQUESTER_SID 18 |
4037 | 0 | #define PAC_FULL_CHECKSUM 19 |
4038 | | static const value_string w2k_pac_types[] = { |
4039 | | { PAC_LOGON_INFO , "Logon Info" }, |
4040 | | { PAC_CREDENTIAL_TYPE , "Credential Type" }, |
4041 | | { PAC_SERVER_CHECKSUM , "Server Checksum" }, |
4042 | | { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" }, |
4043 | | { PAC_CLIENT_INFO_TYPE , "Client Info Type" }, |
4044 | | { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" }, |
4045 | | { PAC_UPN_DNS_INFO , "UPN DNS Info" }, |
4046 | | { PAC_CLIENT_CLAIMS_INFO , "Client Claims Info" }, |
4047 | | { PAC_DEVICE_INFO , "Device Info" }, |
4048 | | { PAC_DEVICE_CLAIMS_INFO , "Device Claims Info" }, |
4049 | | { PAC_TICKET_CHECKSUM , "Ticket Checksum" }, |
4050 | | { PAC_ATTRIBUTES_INFO , "Attributes Info" }, |
4051 | | { PAC_REQUESTER_SID , "Requester Sid" }, |
4052 | | { PAC_FULL_CHECKSUM , "Full Checksum" }, |
4053 | | { 0, NULL }, |
4054 | | }; |
4055 | | |
4056 | | static const value_string krb5_msg_types[] = { |
4057 | | { KRB5_MSG_TICKET, "Ticket" }, |
4058 | | { KRB5_MSG_AUTHENTICATOR, "Authenticator" }, |
4059 | | { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" }, |
4060 | | { KRB5_MSG_TGS_REQ, "TGS-REQ" }, |
4061 | | { KRB5_MSG_TGS_REP, "TGS-REP" }, |
4062 | | { KRB5_MSG_AS_REQ, "AS-REQ" }, |
4063 | | { KRB5_MSG_AS_REP, "AS-REP" }, |
4064 | | { KRB5_MSG_AP_REQ, "AP-REQ" }, |
4065 | | { KRB5_MSG_AP_REP, "AP-REP" }, |
4066 | | { KRB5_MSG_TGT_REQ, "TGT-REQ" }, |
4067 | | { KRB5_MSG_TGT_REP, "TGT-REP" }, |
4068 | | { KRB5_MSG_SAFE, "KRB-SAFE" }, |
4069 | | { KRB5_MSG_PRIV, "KRB-PRIV" }, |
4070 | | { KRB5_MSG_CRED, "KRB-CRED" }, |
4071 | | { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" }, |
4072 | | { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" }, |
4073 | | { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" }, |
4074 | | { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" }, |
4075 | | { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" }, |
4076 | | { KRB5_MSG_ERROR, "KRB-ERROR" }, |
4077 | | { 0, NULL }, |
4078 | | }; |
4079 | | |
4080 | 14 | #define KRB5_GSS_C_DELEG_FLAG 0x00000001 |
4081 | 14 | #define KRB5_GSS_C_MUTUAL_FLAG 0x00000002 |
4082 | 14 | #define KRB5_GSS_C_REPLAY_FLAG 0x00000004 |
4083 | 14 | #define KRB5_GSS_C_SEQUENCE_FLAG 0x00000008 |
4084 | 14 | #define KRB5_GSS_C_CONF_FLAG 0x00000010 |
4085 | 14 | #define KRB5_GSS_C_INTEG_FLAG 0x00000020 |
4086 | 14 | #define KRB5_GSS_C_DCE_STYLE 0x00001000 |
4087 | | |
4088 | | static const true_false_string tfs_gss_flags_deleg = { |
4089 | | "Delegate credentials to remote peer", |
4090 | | "Do NOT delegate" |
4091 | | }; |
4092 | | static const true_false_string tfs_gss_flags_mutual = { |
4093 | | "Request that remote peer authenticates itself", |
4094 | | "Mutual authentication NOT required" |
4095 | | }; |
4096 | | static const true_false_string tfs_gss_flags_replay = { |
4097 | | "Enable replay protection for signed or sealed messages", |
4098 | | "Do NOT enable replay protection" |
4099 | | }; |
4100 | | static const true_false_string tfs_gss_flags_sequence = { |
4101 | | "Enable Out-of-sequence detection for sign or sealed messages", |
4102 | | "Do NOT enable out-of-sequence detection" |
4103 | | }; |
4104 | | static const true_false_string tfs_gss_flags_conf = { |
4105 | | "Confidentiality (sealing) may be invoked", |
4106 | | "Do NOT use Confidentiality (sealing)" |
4107 | | }; |
4108 | | static const true_false_string tfs_gss_flags_integ = { |
4109 | | "Integrity protection (signing) may be invoked", |
4110 | | "Do NOT use integrity protection" |
4111 | | }; |
4112 | | |
4113 | | static const true_false_string tfs_gss_flags_dce_style = { |
4114 | | "DCE-STYLE", |
4115 | | "Not using DCE-STYLE" |
4116 | | }; |
4117 | | |
4118 | | static int dissect_kerberos_KRB5_SRP_PA_APPLICATIONS(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) |
4119 | 0 | { |
4120 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4121 | 0 | proto_item *pi1 = proto_item_get_parent(actx->created_item); |
4122 | 0 | proto_item *pi2 = proto_item_get_parent(pi1); |
4123 | 0 | int8_t ber_class; |
4124 | 0 | bool pc; |
4125 | 0 | int32_t tag; |
4126 | | |
4127 | | /* |
4128 | | * dissect_ber_octet_string_wcb() always passes |
4129 | | * implicit_tag=false, offset=0 and hf_index=-1 |
4130 | | */ |
4131 | 0 | ws_assert(implicit_tag == false); |
4132 | 0 | ws_assert(offset == 0); |
4133 | 0 | ws_assert(hf_index <= 0); |
4134 | |
|
4135 | 0 | get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); |
4136 | 0 | if (ber_class != BER_CLASS_APP) { |
4137 | 0 | if (kerberos_private_is_kdc_req(private_data)) { |
4138 | 0 | goto unknown; |
4139 | 0 | } |
4140 | 0 | if (private_data->errorcode != KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED) { |
4141 | 0 | goto unknown; |
4142 | 0 | } |
4143 | | |
4144 | 0 | proto_item_append_text(pi1, " KRB5_SRP_PA_ANNOUNCE"); |
4145 | 0 | proto_item_append_text(pi2, ": KRB5_SRP_PA_ANNOUNCE"); |
4146 | 0 | return dissect_kerberos_KRB5_SRP_PA_ANNOUNCE(implicit_tag, tvb, offset, actx, tree, hf_index); |
4147 | 0 | } |
4148 | | |
4149 | 0 | switch (tag) { |
4150 | 0 | case 0: |
4151 | 0 | proto_item_append_text(pi1, " KRB5_SRP_PA_INIT"); |
4152 | 0 | proto_item_append_text(pi2, ": KRB5_SRP_PA_INIT"); |
4153 | 0 | return dissect_kerberos_KRB5_SRP_PA_INIT(implicit_tag, tvb, offset, actx, tree, hf_index); |
4154 | 0 | case 1: |
4155 | 0 | proto_item_append_text(pi1, " KRB5_SRP_PA_SERVER_CHALLENGE"); |
4156 | 0 | proto_item_append_text(pi2, ": KRB5_SRP_PA_SERVER_CHALLENGE"); |
4157 | 0 | return dissect_kerberos_KRB5_SRP_PA_SERVER_CHALLENGE(implicit_tag, tvb, offset, actx, tree, hf_index); |
4158 | 0 | case 2: |
4159 | 0 | proto_item_append_text(pi1, " KRB5_SRP_PA_CLIENT_RESPONSE"); |
4160 | 0 | proto_item_append_text(pi2, ": KRB5_SRP_PA_CLIENT_RESPONSE"); |
4161 | 0 | return dissect_kerberos_KRB5_SRP_PA_CLIENT_RESPONSE(implicit_tag, tvb, offset, actx, tree, hf_index); |
4162 | 0 | case 3: |
4163 | 0 | proto_item_append_text(pi1, " KRB5_SRP_PA_SERVER_VERIFIER"); |
4164 | 0 | proto_item_append_text(pi2, ": KRB5_SRP_PA_SERVER_VERIFIER"); |
4165 | 0 | return dissect_kerberos_KRB5_SRP_PA_SERVER_VERIFIER(implicit_tag, tvb, offset, actx, tree, hf_index); |
4166 | 0 | default: |
4167 | 0 | break; |
4168 | 0 | } |
4169 | | |
4170 | 0 | unknown: |
4171 | 0 | proto_item_append_text(pi1, " KRB5_SRP_PA_UNKNOWN: ber_class:%u ber_pc=%u ber_tag:%"PRIu32"", ber_class, pc, tag); |
4172 | 0 | proto_item_append_text(pi2, ": KRB5_SRP_PA_UNKNOWN"); |
4173 | 0 | return tvb_reported_length_remaining(tvb, offset); |
4174 | 0 | } |
4175 | | |
4176 | | #ifdef HAVE_KERBEROS |
4177 | | static uint8_t * |
4178 | | decrypt_krb5_data_asn1(proto_tree *tree, asn1_ctx_t *actx, |
4179 | | int usage, tvbuff_t *cryptotvb, int *datalen) |
4180 | | { |
4181 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4182 | | |
4183 | | #ifdef HAVE_DECRYPT_KRB5_DATA_PRIVATE |
4184 | | return decrypt_krb5_data_private(tree, actx->pinfo, private_data, |
4185 | | usage, cryptotvb, |
4186 | | private_data->etype, |
4187 | | datalen); |
4188 | | #else |
4189 | | return decrypt_krb5_data(tree, actx->pinfo, usage, cryptotvb, |
4190 | | private_data->etype, datalen); |
4191 | | #endif |
4192 | | } |
4193 | | |
4194 | | static int |
4195 | | dissect_krb5_decrypt_ticket_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4196 | | proto_tree *tree, int hf_index _U_) |
4197 | | { |
4198 | | uint8_t *plaintext; |
4199 | | int length; |
4200 | | tvbuff_t *next_tvb; |
4201 | | |
4202 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4203 | | length=tvb_captured_length_remaining(tvb, offset); |
4204 | | |
4205 | | /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : |
4206 | | * 7.5.1 |
4207 | | * All Ticket encrypted parts use usage == 2 |
4208 | | */ |
4209 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 2, next_tvb, &length); |
4210 | | |
4211 | | if(plaintext){ |
4212 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4213 | | tvbuff_t *last_ticket_enc_part_tvb = private_data->last_ticket_enc_part_tvb; |
4214 | | enc_key_t *current_ticket_key = private_data->current_ticket_key; |
4215 | | tvbuff_t *child_tvb; |
4216 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4217 | | |
4218 | | /* Add the decrypted data to the data source list. */ |
4219 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 Ticket"); |
4220 | | |
4221 | | private_data->last_ticket_enc_part_tvb = child_tvb; |
4222 | | private_data->current_ticket_key = NULL; |
4223 | | offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4224 | | private_data->current_ticket_key = current_ticket_key; |
4225 | | private_data->last_ticket_enc_part_tvb = last_ticket_enc_part_tvb; |
4226 | | } |
4227 | | return offset; |
4228 | | } |
4229 | | |
4230 | | static int |
4231 | | dissect_krb5_decrypt_authenticator_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4232 | | proto_tree *tree, int hf_index _U_) |
4233 | | { |
4234 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4235 | | uint8_t *plaintext; |
4236 | | int length; |
4237 | | tvbuff_t *next_tvb; |
4238 | | |
4239 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4240 | | length=tvb_captured_length_remaining(tvb, offset); |
4241 | | |
4242 | | /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : |
4243 | | * 7.5.1 |
4244 | | * Authenticators are encrypted with usage |
4245 | | * == 7 or |
4246 | | * == 11 |
4247 | | * |
4248 | | * 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator |
4249 | | * (includes TGS authenticator subkey), encrypted with the |
4250 | | * TGS session key (section 5.5.1) |
4251 | | * 11. AP-REQ Authenticator (includes application |
4252 | | * authenticator subkey), encrypted with the application |
4253 | | * session key (section 5.5.1) |
4254 | | */ |
4255 | | if (private_data->within_PA_TGS_REQ > 0) { |
4256 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 7, next_tvb, &length); |
4257 | | } else { |
4258 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 11, next_tvb, &length); |
4259 | | } |
4260 | | |
4261 | | if(plaintext){ |
4262 | | tvbuff_t *child_tvb; |
4263 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4264 | | |
4265 | | /* Add the decrypted data to the data source list. */ |
4266 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 Authenticator"); |
4267 | | |
4268 | | offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4269 | | } |
4270 | | return offset; |
4271 | | } |
4272 | | |
4273 | | static int |
4274 | | dissect_krb5_decrypt_authorization_data(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4275 | | proto_tree *tree, int hf_index _U_) |
4276 | | { |
4277 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4278 | | uint8_t *plaintext; |
4279 | | int length; |
4280 | | tvbuff_t *next_tvb; |
4281 | | |
4282 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4283 | | length=tvb_captured_length_remaining(tvb, offset); |
4284 | | |
4285 | | /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : |
4286 | | * 7.5.1 |
4287 | | * Authenticators are encrypted with usage |
4288 | | * == 5 or |
4289 | | * == 4 |
4290 | | * |
4291 | | * 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with |
4292 | | * the TGS session key (section 5.4.1) |
4293 | | * 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with |
4294 | | * the TGS authenticator subkey (section 5.4.1) |
4295 | | */ |
4296 | | if (private_data->PA_TGS_REQ_subkey != NULL) { |
4297 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, &length); |
4298 | | } else { |
4299 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, &length); |
4300 | | } |
4301 | | |
4302 | | if(plaintext){ |
4303 | | tvbuff_t *child_tvb; |
4304 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4305 | | |
4306 | | /* Add the decrypted data to the data source list. */ |
4307 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 AuthorizationData"); |
4308 | | |
4309 | | offset=dissect_kerberos_AuthorizationData(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4310 | | } |
4311 | | return offset; |
4312 | | } |
4313 | | |
4314 | | static int |
4315 | | dissect_krb5_decrypt_KDC_REP_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4316 | | proto_tree *tree, int hf_index _U_) |
4317 | | { |
4318 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4319 | | uint8_t *plaintext = NULL; |
4320 | | int length; |
4321 | | tvbuff_t *next_tvb; |
4322 | | |
4323 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4324 | | length=tvb_captured_length_remaining(tvb, offset); |
4325 | | |
4326 | | /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : |
4327 | | * 7.5.1 |
4328 | | * ASREP/TGSREP encryptedparts are encrypted with usage |
4329 | | * == 3 or |
4330 | | * == 8 or |
4331 | | * == 9 |
4332 | | * |
4333 | | * 3. AS-REP encrypted part (includes TGS session key or |
4334 | | * application session key), encrypted with the client key |
4335 | | * (section 5.4.2) |
4336 | | * |
4337 | | * 8. TGS-REP encrypted part (includes application session |
4338 | | * key), encrypted with the TGS session key (section |
4339 | | * 5.4.2) |
4340 | | * 9. TGS-REP encrypted part (includes application session |
4341 | | * key), encrypted with the TGS authenticator subkey |
4342 | | * (section 5.4.2) |
4343 | | * |
4344 | | * We currently don't have a way to find the TGS-REQ state |
4345 | | * in order to check if an authenticator subkey was used. |
4346 | | * |
4347 | | * But if we client used FAST and we got a strengthen_key, |
4348 | | * we're sure an authenticator subkey was used. |
4349 | | * |
4350 | | * Windows don't use an authenticator subkey without FAST, |
4351 | | * but heimdal does. |
4352 | | * |
4353 | | * For now try 8 before 9 in order to avoid overhead and false |
4354 | | * positives for the 'kerberos.missing_keytype' filter in pure |
4355 | | * windows captures. |
4356 | | */ |
4357 | | switch (private_data->msg_type) { |
4358 | | case KERBEROS_APPLICATIONS_AS_REP: |
4359 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 3, next_tvb, &length); |
4360 | | break; |
4361 | | case KERBEROS_APPLICATIONS_TGS_REP: |
4362 | | if (private_data->fast_strengthen_key != NULL) { |
4363 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length); |
4364 | | } else if (private_data->req_tgs_authenticator_subkey) { |
4365 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length); |
4366 | | } else { |
4367 | | struct missing_key_details mk8 = { |
4368 | | .keymap_name = NULL, |
4369 | | }; |
4370 | | struct missing_key_details mk9 = { |
4371 | | .keymap_name = NULL, |
4372 | | }; |
4373 | | |
4374 | | private_data->missing_key_stash = &mk8; |
4375 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 8, next_tvb, &length); |
4376 | | private_data->missing_key_stash = NULL; |
4377 | | if(!plaintext){ |
4378 | | private_data->missing_key_stash = &mk9; |
4379 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length); |
4380 | | private_data->missing_key_stash = NULL; |
4381 | | } |
4382 | | |
4383 | | #ifdef HAVE_MIT_KERBEROS |
4384 | | if (!plaintext) { |
4385 | | if (mk8.keymap_name == mk9.keymap_name) { |
4386 | | mk8.decryption_count += mk9.decryption_count; |
4387 | | |
4388 | | missing_encryption_key_ex(tree, |
4389 | | actx->pinfo, |
4390 | | private_data, |
4391 | | private_data->etype, |
4392 | | "8 or 9", |
4393 | | next_tvb, |
4394 | | &mk8); |
4395 | | } else { |
4396 | | missing_encryption_key_ex(tree, |
4397 | | actx->pinfo, |
4398 | | private_data, |
4399 | | private_data->etype, |
4400 | | "8 (or 9)", |
4401 | | next_tvb, |
4402 | | &mk8); |
4403 | | missing_encryption_key_ex(tree, |
4404 | | actx->pinfo, |
4405 | | private_data, |
4406 | | private_data->etype, |
4407 | | "9 (or 8)", |
4408 | | next_tvb, |
4409 | | &mk9); |
4410 | | } |
4411 | | } |
4412 | | #endif /* HAVE_MIT_KERBEROS */ |
4413 | | } |
4414 | | break; |
4415 | | } |
4416 | | |
4417 | | if(plaintext){ |
4418 | | tvbuff_t *child_tvb; |
4419 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4420 | | |
4421 | | /* Add the decrypted data to the data source list. */ |
4422 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 KDC-REP"); |
4423 | | |
4424 | | offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4425 | | } |
4426 | | return offset; |
4427 | | } |
4428 | | |
4429 | | static int |
4430 | | dissect_krb5_decrypt_PA_ENC_TIMESTAMP (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4431 | | proto_tree *tree, int hf_index _U_) |
4432 | | { |
4433 | | uint8_t *plaintext; |
4434 | | int length; |
4435 | | tvbuff_t *next_tvb; |
4436 | | |
4437 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4438 | | length=tvb_captured_length_remaining(tvb, offset); |
4439 | | |
4440 | | /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : |
4441 | | * 7.5.1 |
4442 | | * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage |
4443 | | * == 1 |
4444 | | */ |
4445 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 1, next_tvb, &length); |
4446 | | |
4447 | | if(plaintext){ |
4448 | | tvbuff_t *child_tvb; |
4449 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4450 | | |
4451 | | /* Add the decrypted data to the data source list. */ |
4452 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 EncTimestamp"); |
4453 | | |
4454 | | offset=dissect_kerberos_PA_ENC_TS_ENC(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4455 | | } |
4456 | | return offset; |
4457 | | } |
4458 | | |
4459 | | static int |
4460 | | dissect_krb5_decrypt_AP_REP_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4461 | | proto_tree *tree, int hf_index _U_) |
4462 | | { |
4463 | | uint8_t *plaintext; |
4464 | | int length; |
4465 | | tvbuff_t *next_tvb; |
4466 | | |
4467 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4468 | | length=tvb_captured_length_remaining(tvb, offset); |
4469 | | |
4470 | | /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : |
4471 | | * 7.5.1 |
4472 | | * AP-REP are encrypted with usage == 12 |
4473 | | */ |
4474 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 12, next_tvb, &length); |
4475 | | |
4476 | | if(plaintext){ |
4477 | | tvbuff_t *child_tvb; |
4478 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4479 | | |
4480 | | /* Add the decrypted data to the data source list. */ |
4481 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 AP-REP"); |
4482 | | |
4483 | | offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4484 | | } |
4485 | | return offset; |
4486 | | } |
4487 | | |
4488 | | static int |
4489 | | dissect_krb5_decrypt_PRIV_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4490 | | proto_tree *tree, int hf_index _U_) |
4491 | | { |
4492 | | uint8_t *plaintext; |
4493 | | int length; |
4494 | | tvbuff_t *next_tvb; |
4495 | | |
4496 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4497 | | length=tvb_captured_length_remaining(tvb, offset); |
4498 | | |
4499 | | /* RFC4120 : |
4500 | | * EncKrbPrivPart encrypted with usage |
4501 | | * == 13 |
4502 | | */ |
4503 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 13, next_tvb, &length); |
4504 | | |
4505 | | if(plaintext){ |
4506 | | tvbuff_t *child_tvb; |
4507 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4508 | | |
4509 | | /* Add the decrypted data to the data source list. */ |
4510 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 PRIV"); |
4511 | | |
4512 | | offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4513 | | } |
4514 | | return offset; |
4515 | | } |
4516 | | |
4517 | | static int |
4518 | | dissect_krb5_decrypt_CRED_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4519 | | proto_tree *tree, int hf_index _U_) |
4520 | | { |
4521 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4522 | | uint8_t *plaintext; |
4523 | | int length; |
4524 | | tvbuff_t *next_tvb; |
4525 | | |
4526 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4527 | | length=tvb_captured_length_remaining(tvb, offset); |
4528 | | |
4529 | | if (private_data->etype == 0) { |
4530 | | offset=dissect_kerberos_Applications(false, next_tvb, 0, actx , tree, /* hf_index*/ -1); |
4531 | | return offset; |
4532 | | } |
4533 | | |
4534 | | /* RFC4120 : |
4535 | | * EncKrbCredPart encrypted with usage |
4536 | | * == 14 |
4537 | | */ |
4538 | | plaintext=decrypt_krb5_data_asn1(tree, actx, 14, next_tvb, &length); |
4539 | | |
4540 | | if(plaintext){ |
4541 | | tvbuff_t *child_tvb; |
4542 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4543 | | |
4544 | | /* Add the decrypted data to the data source list. */ |
4545 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 CRED"); |
4546 | | |
4547 | | offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4548 | | } |
4549 | | return offset; |
4550 | | } |
4551 | | |
4552 | | static int |
4553 | | dissect_krb5_decrypt_KrbFastReq(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4554 | | proto_tree *tree, int hf_index _U_) |
4555 | | { |
4556 | | uint8_t *plaintext; |
4557 | | int length; |
4558 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4559 | | tvbuff_t *next_tvb; |
4560 | | |
4561 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4562 | | length=tvb_captured_length_remaining(tvb, offset); |
4563 | | |
4564 | | private_data->fast_armor_key = NULL; |
4565 | | if (private_data->PA_FAST_ARMOR_AP_subkey != NULL) { |
4566 | | krb5_fast_key(actx, tree, tvb, |
4567 | | private_data->PA_FAST_ARMOR_AP_subkey, |
4568 | | "subkeyarmor", |
4569 | | private_data->PA_FAST_ARMOR_AP_key, |
4570 | | "ticketarmor", |
4571 | | "KrbFastReq_FAST_armorKey"); |
4572 | | if (private_data->PA_TGS_REQ_subkey != NULL) { |
4573 | | enc_key_t *explicit_armor_key = private_data->last_added_key; |
4574 | | |
4575 | | /* |
4576 | | * See [MS-KILE] 3.3.5.7.4 Compound Identity |
4577 | | */ |
4578 | | krb5_fast_key(actx, tree, tvb, |
4579 | | explicit_armor_key, |
4580 | | "explicitarmor", |
4581 | | private_data->PA_TGS_REQ_subkey, |
4582 | | "tgsarmor", |
4583 | | "KrbFastReq_explicitArmorKey"); |
4584 | | } |
4585 | | private_data->fast_armor_key = private_data->last_added_key; |
4586 | | } else if (private_data->PA_TGS_REQ_subkey != NULL) { |
4587 | | krb5_fast_key(actx, tree, tvb, |
4588 | | private_data->PA_TGS_REQ_subkey, |
4589 | | "subkeyarmor", |
4590 | | private_data->PA_TGS_REQ_key, |
4591 | | "ticketarmor", |
4592 | | "KrbFastReq_TGS_armorKey"); |
4593 | | private_data->fast_armor_key = private_data->last_added_key; |
4594 | | } |
4595 | | |
4596 | | /* RFC6113 : |
4597 | | * KrbFastResponse encrypted with usage |
4598 | | * KEY_USAGE_FAST_ENC 51 |
4599 | | */ |
4600 | | plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_ENC, |
4601 | | next_tvb, &length); |
4602 | | |
4603 | | if(plaintext){ |
4604 | | tvbuff_t *child_tvb; |
4605 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4606 | | |
4607 | | /* Add the decrypted data to the data source list. */ |
4608 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastReq"); |
4609 | | |
4610 | | offset=dissect_kerberos_KrbFastReq(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4611 | | } |
4612 | | return offset; |
4613 | | } |
4614 | | |
4615 | | static int |
4616 | | dissect_krb5_decrypt_KrbFastResponse(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4617 | | proto_tree *tree, int hf_index _U_) |
4618 | | { |
4619 | | uint8_t *plaintext; |
4620 | | int length; |
4621 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4622 | | tvbuff_t *next_tvb; |
4623 | | |
4624 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4625 | | length=tvb_captured_length_remaining(tvb, offset); |
4626 | | |
4627 | | /* |
4628 | | * RFC6113 : |
4629 | | * KrbFastResponse encrypted with usage |
4630 | | * KEY_USAGE_FAST_REP 52 |
4631 | | */ |
4632 | | plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_REP, |
4633 | | next_tvb, &length); |
4634 | | |
4635 | | if(plaintext){ |
4636 | | tvbuff_t *child_tvb; |
4637 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4638 | | |
4639 | | /* Add the decrypted data to the data source list. */ |
4640 | | add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastRep"); |
4641 | | |
4642 | | private_data->fast_armor_key = private_data->last_decryption_key; |
4643 | | offset=dissect_kerberos_KrbFastResponse(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4644 | | } |
4645 | | return offset; |
4646 | | } |
4647 | | |
4648 | | static int |
4649 | | dissect_krb5_decrypt_EncryptedChallenge(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, |
4650 | | proto_tree *tree, int hf_index _U_) |
4651 | | { |
4652 | | uint8_t *plaintext; |
4653 | | int length; |
4654 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4655 | | tvbuff_t *next_tvb; |
4656 | | int usage = 0; |
4657 | | const char *name = NULL; |
4658 | | |
4659 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
4660 | | length=tvb_captured_length_remaining(tvb, offset); |
4661 | | |
4662 | | /* RFC6113 : |
4663 | | * KEY_USAGE_ENC_CHALLENGE_CLIENT 54 |
4664 | | * KEY_USAGE_ENC_CHALLENGE_KDC 55 |
4665 | | */ |
4666 | | if (kerberos_private_is_kdc_req(private_data)) { |
4667 | | usage = KEY_USAGE_ENC_CHALLENGE_CLIENT; |
4668 | | name = "Krb5 CHALLENGE_CLIENT"; |
4669 | | } else { |
4670 | | usage = KEY_USAGE_ENC_CHALLENGE_KDC; |
4671 | | name = "Krb5 CHALLENGE_KDC"; |
4672 | | } |
4673 | | plaintext=decrypt_krb5_data_asn1(tree, actx, usage, next_tvb, &length); |
4674 | | |
4675 | | if(plaintext){ |
4676 | | tvbuff_t *child_tvb; |
4677 | | child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); |
4678 | | |
4679 | | /* Add the decrypted data to the data source list. */ |
4680 | | add_new_data_source(actx->pinfo, child_tvb, name); |
4681 | | |
4682 | | offset=dissect_kerberos_PA_ENC_TS_ENC(false, child_tvb, 0, actx , tree, /* hf_index*/ -1); |
4683 | | } |
4684 | | return offset; |
4685 | | } |
4686 | | #endif /* HAVE_KERBEROS */ |
4687 | | |
4688 | | static int * const hf_krb_pa_supported_enctypes_fields[] = { |
4689 | | &hf_krb_pa_supported_enctypes_des_cbc_crc, |
4690 | | &hf_krb_pa_supported_enctypes_des_cbc_md5, |
4691 | | &hf_krb_pa_supported_enctypes_rc4_hmac, |
4692 | | &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96, |
4693 | | &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96, |
4694 | | &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96_sk, |
4695 | | &hf_krb_pa_supported_enctypes_fast_supported, |
4696 | | &hf_krb_pa_supported_enctypes_compound_identity_supported, |
4697 | | &hf_krb_pa_supported_enctypes_claims_supported, |
4698 | | &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled, |
4699 | | NULL, |
4700 | | }; |
4701 | | |
4702 | | static int |
4703 | | dissect_kerberos_PA_SUPPORTED_ENCTYPES(bool implicit_tag _U_, tvbuff_t *tvb _U_, |
4704 | | int offset _U_, asn1_ctx_t *actx _U_, |
4705 | | proto_tree *tree _U_, int hf_index _U_) |
4706 | 0 | { |
4707 | 0 | actx->created_item = proto_tree_add_bitmask(tree, tvb, offset, |
4708 | 0 | hf_krb_pa_supported_enctypes, |
4709 | 0 | ett_krb_pa_supported_enctypes, |
4710 | 0 | hf_krb_pa_supported_enctypes_fields, |
4711 | 0 | ENC_LITTLE_ENDIAN); |
4712 | 0 | offset += 4; |
4713 | |
|
4714 | 0 | return offset; |
4715 | 0 | } |
4716 | | |
4717 | | static int * const hf_krb_ad_ap_options_fields[] = { |
4718 | | &hf_krb_ad_ap_options_cbt, |
4719 | | &hf_krb_ad_ap_options_unverified_target_name, |
4720 | | NULL, |
4721 | | }; |
4722 | | |
4723 | | |
4724 | | static int |
4725 | | dissect_kerberos_AD_AP_OPTIONS(bool implicit_tag _U_, tvbuff_t *tvb _U_, |
4726 | | int offset _U_, asn1_ctx_t *actx _U_, |
4727 | | proto_tree *tree _U_, int hf_index _U_) |
4728 | 0 | { |
4729 | 0 | actx->created_item = proto_tree_add_bitmask(tree, tvb, offset, |
4730 | 0 | hf_krb_ad_ap_options, |
4731 | 0 | ett_krb_ad_ap_options, |
4732 | 0 | hf_krb_ad_ap_options_fields, |
4733 | 0 | ENC_LITTLE_ENDIAN); |
4734 | 0 | offset += 4; |
4735 | |
|
4736 | 0 | return offset; |
4737 | 0 | } |
4738 | | |
4739 | | static int |
4740 | | dissect_kerberos_AD_TARGET_PRINCIPAL(bool implicit_tag _U_, tvbuff_t *tvb _U_, |
4741 | | int offset _U_, asn1_ctx_t *actx _U_, |
4742 | | proto_tree *tree _U_, int hf_index _U_) |
4743 | 0 | { |
4744 | 0 | int tp_offset, tp_len; |
4745 | 0 | uint16_t bc; |
4746 | |
|
4747 | 0 | bc = tvb_reported_length_remaining(tvb, offset); |
4748 | 0 | tp_offset = offset; |
4749 | 0 | tp_len = bc; |
4750 | 0 | proto_tree_add_item(tree, hf_krb_ad_target_principal, tvb, |
4751 | 0 | tp_offset, tp_len, |
4752 | 0 | ENC_UTF_16 | ENC_LITTLE_ENDIAN); |
4753 | |
|
4754 | 0 | return offset; |
4755 | 0 | } |
4756 | | |
4757 | | /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded. |
4758 | | */ |
4759 | | static int |
4760 | | dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb) |
4761 | 0 | { |
4762 | 0 | int offset=0; |
4763 | 0 | uint32_t len; |
4764 | 0 | uint16_t dlglen; |
4765 | | |
4766 | | /* Length of Bnd field */ |
4767 | 0 | len=tvb_get_letohl(tvb, offset); |
4768 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4769 | 0 | offset += 4; |
4770 | | |
4771 | | /* Bnd field */ |
4772 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA); |
4773 | 0 | offset += len; |
4774 | | |
4775 | | |
4776 | | /* flags */ |
4777 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4778 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4779 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4780 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4781 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4782 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4783 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4784 | 0 | offset += 4; |
4785 | | |
4786 | | /* the next fields are optional so we have to check that we have |
4787 | | * more data in our buffers */ |
4788 | 0 | if(tvb_reported_length_remaining(tvb, offset)<2){ |
4789 | 0 | return offset; |
4790 | 0 | } |
4791 | | /* dlgopt identifier */ |
4792 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4793 | 0 | offset += 2; |
4794 | |
|
4795 | 0 | if(tvb_reported_length_remaining(tvb, offset)<2){ |
4796 | 0 | return offset; |
4797 | 0 | } |
4798 | | /* dlglen identifier */ |
4799 | 0 | dlglen=tvb_get_letohs(tvb, offset); |
4800 | 0 | proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4801 | 0 | offset += 2; |
4802 | |
|
4803 | 0 | if(dlglen!=tvb_reported_length_remaining(tvb, offset)){ |
4804 | 0 | proto_tree_add_expert_format(tree, actx->pinfo, &ei_krb_gssapi_dlglen, tvb, 0, 0, |
4805 | 0 | "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_captured_length_remaining(tvb, offset)); |
4806 | 0 | return offset; |
4807 | 0 | } |
4808 | | |
4809 | | /* this should now be a KRB_CRED message */ |
4810 | 0 | offset=dissect_kerberos_Applications(false, tvb, offset, actx, tree, /* hf_index */ -1); |
4811 | |
|
4812 | 0 | return offset; |
4813 | 0 | } |
4814 | | |
4815 | | static int |
4816 | | dissect_krb5_PA_PROV_SRV_LOCATION(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) |
4817 | 0 | { |
4818 | 0 | offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0); |
4819 | |
|
4820 | 0 | return offset; |
4821 | 0 | } |
4822 | | |
4823 | | static int |
4824 | | dissect_krb5_PW_SALT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) |
4825 | 0 | { |
4826 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
4827 | 0 | int length; |
4828 | 0 | uint32_t nt_status = 0; |
4829 | 0 | uint32_t reserved = 0; |
4830 | 0 | uint32_t flags = 0; |
4831 | | |
4832 | | /* |
4833 | | * Microsoft stores a special 12 byte blob here |
4834 | | * [MS-KILE] 2.2.1 KERB-EXT-ERROR |
4835 | | * uint32_t NT_status |
4836 | | * uint32_t reserved (== 0) |
4837 | | * uint32_t flags (at least 0x00000001 is set) |
4838 | | */ |
4839 | 0 | length = tvb_reported_length_remaining(tvb, offset); |
4840 | 0 | if (length <= 0) { |
4841 | 0 | return offset; |
4842 | 0 | } |
4843 | 0 | if (length != 12) { |
4844 | 0 | goto no_error; |
4845 | 0 | } |
4846 | | |
4847 | 0 | if (private_data->errorcode == 0) { |
4848 | 0 | goto no_error; |
4849 | 0 | } |
4850 | | |
4851 | 0 | nt_status = tvb_get_letohl(tvb, offset); |
4852 | 0 | reserved = tvb_get_letohl(tvb, offset + 4); |
4853 | 0 | flags = tvb_get_letohl(tvb, offset + 8); |
4854 | |
|
4855 | 0 | if (reserved != 0 || (flags & 1) != 1 || !try_val_to_str_ext(nt_status, &NT_errors_ext)) { |
4856 | 0 | goto no_error; |
4857 | 0 | } |
4858 | | |
4859 | 0 | proto_tree_add_item(tree, hf_krb_ext_error_nt_status, tvb, offset, 4, |
4860 | 0 | ENC_LITTLE_ENDIAN); |
4861 | 0 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, |
4862 | 0 | " NT Status: %s", |
4863 | 0 | val_to_str_ext(nt_status, &NT_errors_ext, |
4864 | 0 | "Unknown error code %#x")); |
4865 | 0 | offset += 4; |
4866 | |
|
4867 | 0 | proto_tree_add_item(tree, hf_krb_ext_error_reserved, tvb, offset, 4, |
4868 | 0 | ENC_LITTLE_ENDIAN); |
4869 | 0 | offset += 4; |
4870 | |
|
4871 | 0 | proto_tree_add_item(tree, hf_krb_ext_error_flags, tvb, offset, 4, |
4872 | 0 | ENC_LITTLE_ENDIAN); |
4873 | 0 | offset += 4; |
4874 | |
|
4875 | 0 | return offset; |
4876 | | |
4877 | 0 | no_error: |
4878 | 0 | proto_tree_add_item(tree, hf_krb_pw_salt, tvb, offset, length, ENC_NA); |
4879 | 0 | offset += length; |
4880 | |
|
4881 | 0 | return offset; |
4882 | 0 | } |
4883 | | |
4884 | | static int |
4885 | | dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint8_t *drep) |
4886 | 0 | { |
4887 | 0 | proto_tree *tree; |
4888 | 0 | uint8_t val; |
4889 | |
|
4890 | 0 | tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_drep, NULL, "DREP"); |
4891 | |
|
4892 | 0 | val = tvb_get_uint8(tvb, offset); |
4893 | 0 | proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4); |
4894 | |
|
4895 | 0 | offset++; |
4896 | |
|
4897 | 0 | if (drep) { |
4898 | 0 | *drep = val; |
4899 | 0 | } |
4900 | |
|
4901 | 0 | return offset; |
4902 | 0 | } |
4903 | | |
4904 | | /* This might be some sort of header that MIDL generates when creating |
4905 | | * marshalling/unmarshalling code for blobs that are not to be transported |
4906 | | * ontop of DCERPC and where the DREP fields specifying things such as |
4907 | | * endianess and similar are not available. |
4908 | | */ |
4909 | | static int |
4910 | | dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint8_t *drep, asn1_ctx_t *actx _U_) |
4911 | 0 | { |
4912 | 0 | proto_tree *tree; |
4913 | |
|
4914 | 0 | tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_midl_blob, NULL, "MES header"); |
4915 | | |
4916 | | /* modified DREP field that is used for stuff that is transporetd ontop |
4917 | | of non dcerpc |
4918 | | */ |
4919 | 0 | proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
4920 | 0 | offset++; |
4921 | |
|
4922 | 0 | offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep); |
4923 | | |
4924 | |
|
4925 | 0 | proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4926 | 0 | offset+=2; |
4927 | |
|
4928 | 0 | proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
4929 | 0 | offset += 4; |
4930 | | |
4931 | | /* length of blob that follows */ |
4932 | 0 | proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN); |
4933 | 0 | offset += 8; |
4934 | |
|
4935 | 0 | return offset; |
4936 | 0 | } |
4937 | | |
4938 | | static int |
4939 | | dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
4940 | 0 | { |
4941 | 0 | proto_item *item; |
4942 | 0 | proto_tree *tree; |
4943 | 0 | uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ |
4944 | | /* fake dcerpc_info struct */ |
4945 | 0 | dcerpc_call_value call_data = { .flags = 0, }; |
4946 | 0 | dcerpc_info di = { .ptype = UINT8_MAX, .call_data = &call_data, }; |
4947 | |
|
4948 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_logon_info, tvb, offset, -1, ENC_NA); |
4949 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_logon_info); |
4950 | | |
4951 | | /* skip the first 16 bytes, they are some magic created by the idl |
4952 | | * compiler the first 4 bytes might be flags? |
4953 | | */ |
4954 | 0 | offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); |
4955 | | |
4956 | | /* the PAC_LOGON_INFO blob */ |
4957 | 0 | init_ndr_pointer_list(&di); |
4958 | 0 | offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, |
4959 | 0 | netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE, |
4960 | 0 | "PAC_LOGON_INFO:", -1); |
4961 | 0 | free_ndr_pointer_list(&di); |
4962 | |
|
4963 | 0 | return offset; |
4964 | 0 | } |
4965 | | |
4966 | | |
4967 | | static int |
4968 | | dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_) |
4969 | 0 | { |
4970 | 0 | proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA); |
4971 | |
|
4972 | 0 | return offset; |
4973 | 0 | } |
4974 | | |
4975 | | static int |
4976 | | dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) |
4977 | 0 | { |
4978 | 0 | proto_item *item; |
4979 | 0 | proto_tree *tree; |
4980 | 0 | uint8_t *plaintext = NULL; |
4981 | 0 | int plainlen = 0; |
4982 | 0 | int length = 0; |
4983 | 0 | #define KRB5_KU_OTHER_ENCRYPTED 16 |
4984 | | #ifdef HAVE_KERBEROS |
4985 | | uint32_t etype; |
4986 | | tvbuff_t *next_tvb; |
4987 | | int usage = KRB5_KU_OTHER_ENCRYPTED; |
4988 | | #endif |
4989 | |
|
4990 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA); |
4991 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_credential_info); |
4992 | | |
4993 | | /* version */ |
4994 | 0 | proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb, |
4995 | 0 | offset, 4, ENC_LITTLE_ENDIAN); |
4996 | 0 | offset+=4; |
4997 | |
|
4998 | | #ifdef HAVE_KERBEROS |
4999 | | /* etype */ |
5000 | | etype = tvb_get_letohl(tvb, offset); |
5001 | | #endif |
5002 | 0 | proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb, |
5003 | 0 | offset, 4, ENC_LITTLE_ENDIAN); |
5004 | 0 | offset+=4; |
5005 | |
|
5006 | | #ifdef HAVE_KERBEROS |
5007 | | /* data */ |
5008 | | next_tvb=tvb_new_subset_remaining(tvb, offset); |
5009 | | length=tvb_captured_length_remaining(tvb, offset); |
5010 | | |
5011 | | plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen); |
5012 | | #endif |
5013 | |
|
5014 | 0 | if (plaintext != NULL) { |
5015 | 0 | tvbuff_t *child_tvb; |
5016 | 0 | child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen); |
5017 | | |
5018 | | /* Add the decrypted data to the data source list. */ |
5019 | 0 | add_new_data_source(actx->pinfo, child_tvb, "Krb5 PAC_CREDENTIAL"); |
5020 | |
|
5021 | 0 | dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo); |
5022 | 0 | } |
5023 | |
|
5024 | 0 | return offset + length; |
5025 | 0 | } |
5026 | | |
5027 | | static int |
5028 | | dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) |
5029 | 0 | { |
5030 | 0 | proto_item *item; |
5031 | 0 | proto_tree *tree; |
5032 | 0 | uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ |
5033 | | /* fake dcerpc_info struct */ |
5034 | 0 | dcerpc_call_value call_data = { .flags = 0, }; |
5035 | 0 | dcerpc_info di = { .ptype = UINT8_MAX, .call_data = &call_data, }; |
5036 | |
|
5037 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_s4u_delegation_info, tvb, offset, -1, ENC_NA); |
5038 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_s4u_delegation_info); |
5039 | | |
5040 | | /* skip the first 16 bytes, they are some magic created by the idl |
5041 | | * compiler the first 4 bytes might be flags? |
5042 | | */ |
5043 | 0 | offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); |
5044 | | |
5045 | | /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */ |
5046 | 0 | init_ndr_pointer_list(&di); |
5047 | 0 | offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, |
5048 | 0 | netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE, |
5049 | 0 | "PAC_S4U_DELEGATION_INFO:", -1); |
5050 | 0 | free_ndr_pointer_list(&di); |
5051 | |
|
5052 | 0 | return offset; |
5053 | 0 | } |
5054 | | |
5055 | 14 | #define PAC_UPN_DNS_FLAG_CONSTRUCTED 0x00000001 |
5056 | 14 | #define PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID 0x00000002 |
5057 | | static const true_false_string tfs_krb_pac_upn_flag_upn_constructed = { |
5058 | | "UPN Name is Constructed", |
5059 | | "UPN Name is NOT Constructed", |
5060 | | }; |
5061 | | static const true_false_string tfs_krb_pac_upn_flag_has_sam_name_and_sid = { |
5062 | | "SAM_NAME and SID are included", |
5063 | | "SAM_NAME and SID are NOT included", |
5064 | | }; |
5065 | | static int * const hf_krb_pac_upn_flags_fields[] = { |
5066 | | &hf_krb_pac_upn_flag_upn_constructed, |
5067 | | &hf_krb_pac_upn_flag_has_sam_name_and_sid, |
5068 | | NULL |
5069 | | }; |
5070 | | |
5071 | | static int |
5072 | | dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) |
5073 | 0 | { |
5074 | | #ifdef HAVE_KERBEROS |
5075 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5076 | | #endif /* HAVE_KERBEROS */ |
5077 | 0 | proto_item *item; |
5078 | 0 | proto_tree *tree; |
5079 | 0 | uint16_t dns_offset, dns_len; |
5080 | 0 | uint16_t upn_offset, upn_len; |
5081 | 0 | uint16_t samaccountname_offset = 0, samaccountname_len = 0; |
5082 | 0 | uint16_t objectsid_offset = 0, objectsid_len = 0; |
5083 | 0 | char *sid_str = NULL; |
5084 | 0 | uint32_t flags; |
5085 | |
|
5086 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_upn_dns_info, tvb, offset, -1, ENC_NA); |
5087 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_upn_dns_info); |
5088 | | |
5089 | | /* upn */ |
5090 | 0 | upn_len = tvb_get_letohs(tvb, offset); |
5091 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5092 | 0 | offset+=2; |
5093 | 0 | upn_offset = tvb_get_letohs(tvb, offset); |
5094 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5095 | 0 | offset+=2; |
5096 | | |
5097 | | /* dns */ |
5098 | 0 | dns_len = tvb_get_letohs(tvb, offset); |
5099 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5100 | 0 | offset+=2; |
5101 | 0 | dns_offset = tvb_get_letohs(tvb, offset); |
5102 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5103 | 0 | offset+=2; |
5104 | | |
5105 | | /* flags */ |
5106 | 0 | flags = tvb_get_letohl(tvb, offset); |
5107 | 0 | proto_tree_add_bitmask(tree, tvb, offset, |
5108 | 0 | hf_krb_pac_upn_flags, |
5109 | 0 | ett_krb_pac_upn_dns_info_flags, |
5110 | 0 | hf_krb_pac_upn_flags_fields, |
5111 | 0 | ENC_LITTLE_ENDIAN); |
5112 | 0 | offset+=4; |
5113 | |
|
5114 | 0 | if (flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID) { |
5115 | 0 | samaccountname_len = tvb_get_letohs(tvb, offset); |
5116 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_samaccountname_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5117 | 0 | offset+=2; |
5118 | 0 | samaccountname_offset = tvb_get_letohs(tvb, offset); |
5119 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_samaccountname_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5120 | 0 | offset+=2; |
5121 | |
|
5122 | 0 | objectsid_len = tvb_get_letohs(tvb, offset); |
5123 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_objectsid_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5124 | 0 | offset+=2; |
5125 | 0 | objectsid_offset = tvb_get_letohs(tvb, offset); |
5126 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_objectsid_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
5127 | | /* offset+=2; */ |
5128 | 0 | } |
5129 | | |
5130 | | /* upn */ |
5131 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5132 | | |
5133 | | /* dns */ |
5134 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5135 | | |
5136 | | /* samaccountname */ |
5137 | 0 | if (samaccountname_offset != 0 && samaccountname_len != 0) { |
5138 | 0 | proto_tree_add_item(tree, hf_krb_pac_upn_samaccountname, tvb, samaccountname_offset, samaccountname_len, ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5139 | 0 | } |
5140 | | /* objectsid */ |
5141 | 0 | if (objectsid_offset != 0 && objectsid_len != 0) { |
5142 | 0 | tvbuff_t *sid_tvb; |
5143 | 0 | sid_tvb=tvb_new_subset_length(tvb, objectsid_offset, objectsid_len); |
5144 | 0 | dissect_nt_sid(sid_tvb, actx->pinfo, 0, tree, "objectSid", &sid_str, -1); |
5145 | 0 | } |
5146 | |
|
5147 | | #ifdef HAVE_KERBEROS |
5148 | | if (private_data->current_ticket_key != NULL) { |
5149 | | enc_key_t *ek = private_data->current_ticket_key; |
5150 | | |
5151 | | if (samaccountname_offset != 0 && samaccountname_len != 0) { |
5152 | | ek->pac_names.account_name = tvb_get_string_enc(wmem_epan_scope(), |
5153 | | tvb, |
5154 | | samaccountname_offset, |
5155 | | samaccountname_len, |
5156 | | ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5157 | | } else { |
5158 | | ek->pac_names.account_name = tvb_get_string_enc(wmem_epan_scope(), |
5159 | | tvb, |
5160 | | upn_offset, |
5161 | | upn_len, |
5162 | | ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5163 | | } |
5164 | | ek->pac_names.account_domain = tvb_get_string_enc(wmem_epan_scope(), |
5165 | | tvb, |
5166 | | dns_offset, |
5167 | | dns_len, |
5168 | | ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5169 | | if (sid_str != NULL) { |
5170 | | ek->pac_names.account_sid = wmem_strdup(wmem_epan_scope(), |
5171 | | sid_str); |
5172 | | } |
5173 | | } |
5174 | | #endif /* HAVE_KERBEROS */ |
5175 | |
|
5176 | 0 | return dns_offset; |
5177 | 0 | } |
5178 | | |
5179 | | static int |
5180 | | dissect_krb5_PAC_CLIENT_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) |
5181 | 0 | { |
5182 | 0 | int length = tvb_reported_length_remaining(tvb, offset); |
5183 | 0 | return netlogon_dissect_CLAIMS_SET_METADATA_BLOB(tvb, offset, length, |
5184 | 0 | actx->pinfo, |
5185 | 0 | parent_tree, |
5186 | 0 | hf_krb_pac_client_claims_info, |
5187 | 0 | ett_krb_pac_client_claims_info, |
5188 | 0 | "PAC_CLIENT_CLAIMS_INFO:"); |
5189 | 0 | } |
5190 | | |
5191 | | static int |
5192 | | dissect_krb5_PAC_DEVICE_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5193 | 0 | { |
5194 | | #ifdef HAVE_KERBEROS |
5195 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5196 | | const char *device_sid = NULL; |
5197 | | #endif /* HAVE_KERBEROS */ |
5198 | 0 | proto_item *item; |
5199 | 0 | proto_tree *tree; |
5200 | 0 | uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ |
5201 | | /* fake dcerpc_info struct */ |
5202 | 0 | dcerpc_call_value call_data = { .flags = 0, }; |
5203 | 0 | dcerpc_info di = { .ptype = UINT8_MAX, .call_data = &call_data, }; |
5204 | |
|
5205 | | #ifdef HAVE_KERBEROS |
5206 | | if (private_data->current_ticket_key != NULL) { |
5207 | | call_data.private_data = (void*)&device_sid; |
5208 | | } |
5209 | | #endif /* HAVE_KERBEROS */ |
5210 | |
|
5211 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_device_info, tvb, offset, -1, ENC_NA); |
5212 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_device_info); |
5213 | | |
5214 | | /* skip the first 16 bytes, they are some magic created by the idl |
5215 | | * compiler the first 4 bytes might be flags? |
5216 | | */ |
5217 | 0 | offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); |
5218 | | |
5219 | | /* the PAC_DEVICE_INFO blob */ |
5220 | 0 | init_ndr_pointer_list(&di); |
5221 | 0 | offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, |
5222 | 0 | netlogon_dissect_PAC_DEVICE_INFO, NDR_POINTER_UNIQUE, |
5223 | 0 | "PAC_DEVICE_INFO:", -1); |
5224 | 0 | free_ndr_pointer_list(&di); |
5225 | |
|
5226 | | #ifdef HAVE_KERBEROS |
5227 | | if (private_data->current_ticket_key != NULL) { |
5228 | | enc_key_t *ek = private_data->current_ticket_key; |
5229 | | |
5230 | | /* |
5231 | | * netlogon_dissect_PAC_DEVICE_INFO allocated on |
5232 | | * wmem_epan_scope() for us |
5233 | | */ |
5234 | | ek->pac_names.device_sid = device_sid; |
5235 | | } |
5236 | | #endif /* HAVE_KERBEROS */ |
5237 | |
|
5238 | 0 | return offset; |
5239 | 0 | } |
5240 | | |
5241 | | static int |
5242 | | dissect_krb5_PAC_DEVICE_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5243 | 0 | { |
5244 | 0 | int length = tvb_reported_length_remaining(tvb, offset); |
5245 | 0 | return netlogon_dissect_CLAIMS_SET_METADATA_BLOB(tvb, offset, length, |
5246 | 0 | actx->pinfo, |
5247 | 0 | parent_tree, |
5248 | 0 | hf_krb_pac_device_claims_info, |
5249 | 0 | ett_krb_pac_device_claims_info, |
5250 | 0 | "PAC_DEVICE_CLAIMS_INFO:"); |
5251 | 0 | } |
5252 | | |
5253 | | static int |
5254 | | dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5255 | 0 | { |
5256 | 0 | proto_item *item; |
5257 | 0 | proto_tree *tree; |
5258 | |
|
5259 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_server_checksum, tvb, offset, -1, ENC_NA); |
5260 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_server_checksum); |
5261 | | |
5262 | | /* signature type */ |
5263 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
5264 | 0 | offset+=4; |
5265 | | |
5266 | | /* signature data */ |
5267 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); |
5268 | |
|
5269 | 0 | return offset; |
5270 | 0 | } |
5271 | | |
5272 | | static int |
5273 | | dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5274 | 0 | { |
5275 | 0 | proto_item *item; |
5276 | 0 | proto_tree *tree; |
5277 | |
|
5278 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_privsvr_checksum, tvb, offset, -1, ENC_NA); |
5279 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_privsvr_checksum); |
5280 | | |
5281 | | /* signature type */ |
5282 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
5283 | 0 | offset+=4; |
5284 | | |
5285 | | /* signature data */ |
5286 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); |
5287 | |
|
5288 | 0 | return offset; |
5289 | 0 | } |
5290 | | |
5291 | | static int |
5292 | | dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5293 | 0 | { |
5294 | 0 | proto_item *item; |
5295 | 0 | proto_tree *tree; |
5296 | 0 | uint16_t namelen; |
5297 | |
|
5298 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_client_info_type, tvb, offset, -1, ENC_NA); |
5299 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_client_info_type); |
5300 | | |
5301 | | /* clientid */ |
5302 | 0 | dissect_nttime(tvb, tree, offset, hf_krb_pac_clientid, ENC_LITTLE_ENDIAN); |
5303 | 0 | offset+=8; |
5304 | | |
5305 | | /* name length */ |
5306 | 0 | namelen=tvb_get_letohs(tvb, offset); |
5307 | 0 | proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen); |
5308 | 0 | offset+=2; |
5309 | | |
5310 | | /* client name */ |
5311 | 0 | proto_tree_add_item(tree, hf_krb_pac_clientname, tvb, offset, namelen, ENC_UTF_16|ENC_LITTLE_ENDIAN); |
5312 | 0 | offset+=namelen; |
5313 | |
|
5314 | 0 | return offset; |
5315 | 0 | } |
5316 | | |
5317 | | static int |
5318 | | dissect_krb5_PAC_TICKET_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5319 | 0 | { |
5320 | 0 | proto_item *item; |
5321 | 0 | proto_tree *tree; |
5322 | |
|
5323 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_ticket_checksum, tvb, offset, -1, ENC_NA); |
5324 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_ticket_checksum); |
5325 | | |
5326 | | /* signature type */ |
5327 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
5328 | 0 | offset+=4; |
5329 | | |
5330 | | /* signature data */ |
5331 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); |
5332 | |
|
5333 | 0 | return offset; |
5334 | 0 | } |
5335 | | |
5336 | 14 | #define PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED 0x00000001 |
5337 | 14 | #define PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY 0x00000002 |
5338 | | static const true_false_string tfs_krb_pac_attributes_info_pac_was_requested = { |
5339 | | "PAC was requested", |
5340 | | "PAC was NOT requested", |
5341 | | }; |
5342 | | static const true_false_string tfs_krb_pac_attributes_info_pac_was_given_implicitly = { |
5343 | | "PAC was given implicitly", |
5344 | | "PAC was NOT given implicitly", |
5345 | | }; |
5346 | | static int * const hf_krb_pac_attributes_info_flags_fields[] = { |
5347 | | &hf_krb_pac_attributes_info_flags_pac_was_requested, |
5348 | | &hf_krb_pac_attributes_info_flags_pac_was_given_implicitly, |
5349 | | NULL |
5350 | | }; |
5351 | | |
5352 | | static int |
5353 | | dissect_krb5_PAC_ATTRIBUTES_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5354 | 0 | { |
5355 | 0 | proto_item *item; |
5356 | 0 | proto_tree *tree; |
5357 | |
|
5358 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_attributes_info, tvb, offset, -1, ENC_NA); |
5359 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_attributes_info); |
5360 | | |
5361 | | /* flags length*/ |
5362 | 0 | proto_tree_add_item(tree, hf_krb_pac_attributes_info_length, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
5363 | 0 | offset+=4; |
5364 | | |
5365 | | /* flags */ |
5366 | 0 | proto_tree_add_bitmask(tree, tvb, offset, |
5367 | 0 | hf_krb_pac_attributes_info_flags, |
5368 | 0 | ett_krb_pac_attributes_info_flags, |
5369 | 0 | hf_krb_pac_attributes_info_flags_fields, |
5370 | 0 | ENC_LITTLE_ENDIAN); |
5371 | 0 | offset+=4; |
5372 | |
|
5373 | 0 | return offset; |
5374 | 0 | } |
5375 | | |
5376 | | static int |
5377 | | dissect_krb5_PAC_REQUESTER_SID(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) |
5378 | 0 | { |
5379 | 0 | proto_item *item; |
5380 | 0 | proto_tree *tree; |
5381 | |
|
5382 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_requester_sid, tvb, offset, -1, ENC_NA); |
5383 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_requester_sid); |
5384 | |
|
5385 | 0 | offset = dissect_nt_sid(tvb, actx->pinfo, offset, tree, "RequesterSid", NULL, -1); |
5386 | |
|
5387 | 0 | return offset; |
5388 | 0 | } |
5389 | | |
5390 | | static int |
5391 | | dissect_krb5_PAC_FULL_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
5392 | 0 | { |
5393 | 0 | proto_item *item; |
5394 | 0 | proto_tree *tree; |
5395 | |
|
5396 | 0 | item = proto_tree_add_item(parent_tree, hf_krb_pac_full_checksum, tvb, offset, -1, ENC_NA); |
5397 | 0 | tree = proto_item_add_subtree(item, ett_krb_pac_full_checksum); |
5398 | | |
5399 | | /* signature type */ |
5400 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
5401 | 0 | offset+=4; |
5402 | | |
5403 | | /* signature data */ |
5404 | 0 | proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); |
5405 | |
|
5406 | 0 | return offset; |
5407 | 0 | } |
5408 | | |
5409 | | static int |
5410 | | dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) |
5411 | 0 | { |
5412 | 0 | uint32_t pac_type; |
5413 | 0 | uint32_t pac_size; |
5414 | 0 | uint32_t pac_offset; |
5415 | 0 | proto_item *it=NULL; |
5416 | 0 | proto_tree *tr=NULL; |
5417 | 0 | tvbuff_t *next_tvb; |
5418 | | |
5419 | | /* type of pac data */ |
5420 | 0 | pac_type=tvb_get_letohl(tvb, offset); |
5421 | 0 | it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type); |
5422 | 0 | tr=proto_item_add_subtree(it, ett_krb_pac); |
5423 | |
|
5424 | 0 | offset += 4; |
5425 | | |
5426 | | /* size of pac data */ |
5427 | 0 | pac_size=tvb_get_letohl(tvb, offset); |
5428 | 0 | proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size); |
5429 | 0 | offset += 4; |
5430 | | |
5431 | | /* offset to pac data */ |
5432 | 0 | pac_offset=tvb_get_letohl(tvb, offset); |
5433 | 0 | proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset); |
5434 | 0 | offset += 8; |
5435 | |
|
5436 | 0 | next_tvb=tvb_new_subset_length_caplen(tvb, pac_offset, pac_size, pac_size); |
5437 | 0 | switch(pac_type){ |
5438 | 0 | case PAC_LOGON_INFO: |
5439 | 0 | dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx); |
5440 | 0 | break; |
5441 | 0 | case PAC_CREDENTIAL_TYPE: |
5442 | 0 | dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx); |
5443 | 0 | break; |
5444 | 0 | case PAC_SERVER_CHECKSUM: |
5445 | 0 | dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx); |
5446 | 0 | break; |
5447 | 0 | case PAC_PRIVSVR_CHECKSUM: |
5448 | 0 | dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx); |
5449 | 0 | break; |
5450 | 0 | case PAC_CLIENT_INFO_TYPE: |
5451 | 0 | dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx); |
5452 | 0 | break; |
5453 | 0 | case PAC_S4U_DELEGATION_INFO: |
5454 | 0 | dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx); |
5455 | 0 | break; |
5456 | 0 | case PAC_UPN_DNS_INFO: |
5457 | 0 | dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx); |
5458 | 0 | break; |
5459 | 0 | case PAC_CLIENT_CLAIMS_INFO: |
5460 | 0 | dissect_krb5_PAC_CLIENT_CLAIMS_INFO(tr, next_tvb, 0, actx); |
5461 | 0 | break; |
5462 | 0 | case PAC_DEVICE_INFO: |
5463 | 0 | dissect_krb5_PAC_DEVICE_INFO(tr, next_tvb, 0, actx); |
5464 | 0 | break; |
5465 | 0 | case PAC_DEVICE_CLAIMS_INFO: |
5466 | 0 | dissect_krb5_PAC_DEVICE_CLAIMS_INFO(tr, next_tvb, 0, actx); |
5467 | 0 | break; |
5468 | 0 | case PAC_TICKET_CHECKSUM: |
5469 | 0 | dissect_krb5_PAC_TICKET_CHECKSUM(tr, next_tvb, 0, actx); |
5470 | 0 | break; |
5471 | 0 | case PAC_ATTRIBUTES_INFO: |
5472 | 0 | dissect_krb5_PAC_ATTRIBUTES_INFO(tr, next_tvb, 0, actx); |
5473 | 0 | break; |
5474 | 0 | case PAC_REQUESTER_SID: |
5475 | 0 | dissect_krb5_PAC_REQUESTER_SID(tr, next_tvb, 0, actx); |
5476 | 0 | break; |
5477 | 0 | case PAC_FULL_CHECKSUM: |
5478 | 0 | dissect_krb5_PAC_FULL_CHECKSUM(tr, next_tvb, 0, actx); |
5479 | 0 | break; |
5480 | | |
5481 | 0 | default: |
5482 | 0 | break; |
5483 | 0 | } |
5484 | 0 | return offset; |
5485 | 0 | } |
5486 | | |
5487 | | static int |
5488 | | dissect_krb5_AD_WIN2K_PAC(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) |
5489 | 0 | { |
5490 | 0 | uint32_t entries; |
5491 | 0 | uint32_t version; |
5492 | 0 | uint32_t i; |
5493 | |
|
5494 | | #if defined(HAVE_MIT_KERBEROS) && defined(HAVE_KRB5_PAC_VERIFY) |
5495 | | verify_krb5_pac(tree, actx, tvb); |
5496 | | #endif |
5497 | | |
5498 | | /* first in the PAC structure comes the number of entries */ |
5499 | 0 | entries=tvb_get_letohl(tvb, offset); |
5500 | 0 | proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries); |
5501 | 0 | offset += 4; |
5502 | | |
5503 | | /* second comes the version */ |
5504 | 0 | version=tvb_get_letohl(tvb, offset); |
5505 | 0 | proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version); |
5506 | 0 | offset += 4; |
5507 | |
|
5508 | 0 | for(i=0;i<entries;i++){ |
5509 | 0 | offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx); |
5510 | 0 | } |
5511 | |
|
5512 | 0 | return offset; |
5513 | 0 | } |
5514 | | |
5515 | | static int dissect_kerberos_T_e_data_octets(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) |
5516 | 0 | { |
5517 | 0 | int8_t ber_class; |
5518 | 0 | bool pc; |
5519 | 0 | int32_t tag; |
5520 | 0 | int len_offset; |
5521 | 0 | uint32_t len; |
5522 | 0 | bool ind; |
5523 | 0 | int next_offset; |
5524 | | |
5525 | | /* |
5526 | | * dissect_ber_octet_string_wcb() always passes |
5527 | | * implicit_tag=false, offset=0 and hf_index=-1 |
5528 | | */ |
5529 | 0 | ws_assert(implicit_tag == false); |
5530 | 0 | ws_assert(offset == 0); |
5531 | 0 | ws_assert(hf_index <= 0); |
5532 | |
|
5533 | 0 | len_offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); |
5534 | 0 | if (ber_class != BER_CLASS_UNI || !pc || tag != BER_UNI_TAG_SEQUENCE) { |
5535 | 0 | goto unknown; |
5536 | 0 | } |
5537 | 0 | next_offset = get_ber_length(tvb, len_offset, &len, &ind); |
5538 | 0 | if (len < 1) { |
5539 | 0 | goto unknown; |
5540 | 0 | } |
5541 | 0 | get_ber_identifier(tvb, next_offset, &ber_class, &pc, &tag); |
5542 | 0 | if (ber_class == BER_CLASS_CON && pc && tag == 1) { |
5543 | 0 | return dissect_kerberos_PA_DATA(implicit_tag, tvb, offset, actx, tree, hf_index); |
5544 | 0 | } |
5545 | 0 | if (ber_class == BER_CLASS_UNI && pc && tag == BER_UNI_TAG_SEQUENCE) { |
5546 | 0 | return dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA(implicit_tag, tvb, offset, actx, tree, hf_index); |
5547 | 0 | } |
5548 | 0 | unknown: |
5549 | 0 | return tvb_reported_length_remaining(tvb, offset); |
5550 | 0 | } |
5551 | | |
5552 | | |
5553 | | |
5554 | | static int |
5555 | 5 | dissect_kerberos_INTEGER_5(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5556 | 5 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5557 | 5 | NULL); |
5558 | | |
5559 | 5 | return offset; |
5560 | 5 | } |
5561 | | |
5562 | | |
5563 | | |
5564 | | static int |
5565 | 3 | dissect_kerberos_KerberosString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5566 | 3 | offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, |
5567 | 3 | actx, tree, tvb, offset, hf_index, |
5568 | 3 | NULL); |
5569 | | |
5570 | 3 | return offset; |
5571 | 3 | } |
5572 | | |
5573 | | |
5574 | | |
5575 | | static int |
5576 | 3 | dissect_kerberos_Realm(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5577 | 3 | offset = dissect_kerberos_KerberosString(implicit_tag, tvb, offset, actx, tree, hf_index); |
5578 | | |
5579 | 3 | return offset; |
5580 | 3 | } |
5581 | | |
5582 | | |
5583 | | static const value_string kerberos_NAME_TYPE_vals[] = { |
5584 | | { 0, "kRB5-NT-UNKNOWN" }, |
5585 | | { 1, "kRB5-NT-PRINCIPAL" }, |
5586 | | { 2, "kRB5-NT-SRV-INST" }, |
5587 | | { 3, "kRB5-NT-SRV-HST" }, |
5588 | | { 4, "kRB5-NT-SRV-XHST" }, |
5589 | | { 5, "kRB5-NT-UID" }, |
5590 | | { 6, "kRB5-NT-X500-PRINCIPAL" }, |
5591 | | { 7, "kRB5-NT-SMTP-NAME" }, |
5592 | | { 10, "kRB5-NT-ENTERPRISE-PRINCIPAL" }, |
5593 | | { 11, "kRB5-NT-WELLKNOWN" }, |
5594 | | { 12, "kRB5-NT-SRV-HST-DOMAIN" }, |
5595 | | { -130, "kRB5-NT-ENT-PRINCIPAL-AND-ID" }, |
5596 | | { -128, "kRB5-NT-MS-PRINCIPAL" }, |
5597 | | { -129, "kRB5-NT-MS-PRINCIPAL-AND-ID" }, |
5598 | | { -1200, "kRB5-NT-NTLM" }, |
5599 | | { -1201, "kRB5-NT-X509-GENERAL-NAME" }, |
5600 | | { -1202, "kRB5-NT-GSS-HOSTBASED-SERVICE" }, |
5601 | | { -1203, "kRB5-NT-CACHE-UUID" }, |
5602 | | { -195894762, "kRB5-NT-SRV-HST-NEEDS-CANON" }, |
5603 | | { 0, NULL } |
5604 | | }; |
5605 | | |
5606 | | |
5607 | | static int |
5608 | 0 | dissect_kerberos_NAME_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5609 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5610 | 0 | NULL); |
5611 | |
|
5612 | 0 | return offset; |
5613 | 0 | } |
5614 | | |
5615 | | |
5616 | | |
5617 | | static int |
5618 | 0 | dissect_kerberos_SNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5619 | 0 | offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, |
5620 | 0 | actx, tree, tvb, offset, hf_index, |
5621 | 0 | NULL); |
5622 | |
|
5623 | 0 | return offset; |
5624 | 0 | } |
5625 | | |
5626 | | |
5627 | | static const ber_sequence_t SEQUENCE_OF_SNameString_sequence_of[1] = { |
5628 | | { &hf_kerberos_sname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_SNameString }, |
5629 | | }; |
5630 | | |
5631 | | static int |
5632 | 0 | dissect_kerberos_SEQUENCE_OF_SNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5633 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
5634 | 0 | SEQUENCE_OF_SNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_SNameString); |
5635 | |
|
5636 | 0 | return offset; |
5637 | 0 | } |
5638 | | |
5639 | | |
5640 | | static const ber_sequence_t SName_sequence[] = { |
5641 | | { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE }, |
5642 | | { &hf_kerberos_sname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_SNameString }, |
5643 | | { NULL, 0, 0, 0, NULL } |
5644 | | }; |
5645 | | |
5646 | | static int |
5647 | 0 | dissect_kerberos_SName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5648 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
5649 | 0 | SName_sequence, hf_index, ett_kerberos_SName); |
5650 | |
|
5651 | 0 | return offset; |
5652 | 0 | } |
5653 | | |
5654 | | |
5655 | | static const value_string kerberos_ENCTYPE_vals[] = { |
5656 | | { 0, "eTYPE-NULL" }, |
5657 | | { 1, "eTYPE-DES-CBC-CRC" }, |
5658 | | { 2, "eTYPE-DES-CBC-MD4" }, |
5659 | | { 3, "eTYPE-DES-CBC-MD5" }, |
5660 | | { 5, "eTYPE-DES3-CBC-MD5" }, |
5661 | | { 7, "eTYPE-OLD-DES3-CBC-SHA1" }, |
5662 | | { 8, "eTYPE-SIGN-DSA-GENERATE" }, |
5663 | | { 9, "eTYPE-DSA-SHA1" }, |
5664 | | { 10, "eTYPE-RSA-MD5" }, |
5665 | | { 11, "eTYPE-RSA-SHA1" }, |
5666 | | { 12, "eTYPE-RC2-CBC" }, |
5667 | | { 13, "eTYPE-RSA" }, |
5668 | | { 14, "eTYPE-RSAES-OAEP" }, |
5669 | | { 15, "eTYPE-DES-EDE3-CBC" }, |
5670 | | { 16, "eTYPE-DES3-CBC-SHA1" }, |
5671 | | { 17, "eTYPE-AES128-CTS-HMAC-SHA1-96" }, |
5672 | | { 18, "eTYPE-AES256-CTS-HMAC-SHA1-96" }, |
5673 | | { 19, "eTYPE-AES128-CTS-HMAC-SHA256-128" }, |
5674 | | { 20, "eTYPE-AES256-CTS-HMAC-SHA384-192" }, |
5675 | | { 23, "eTYPE-ARCFOUR-HMAC-MD5" }, |
5676 | | { 24, "eTYPE-ARCFOUR-HMAC-MD5-56" }, |
5677 | | { 25, "eTYPE-CAMELLIA128-CTS-CMAC" }, |
5678 | | { 26, "eTYPE-CAMELLIA256-CTS-CMAC" }, |
5679 | | { 48, "eTYPE-ENCTYPE-PK-CROSS" }, |
5680 | | { -128, "eTYPE-ARCFOUR-MD4" }, |
5681 | | { -133, "eTYPE-ARCFOUR-HMAC-OLD" }, |
5682 | | { -135, "eTYPE-ARCFOUR-HMAC-OLD-EXP" }, |
5683 | | { -4096, "eTYPE-DES-CBC-NONE" }, |
5684 | | { -4097, "eTYPE-DES3-CBC-NONE" }, |
5685 | | { -4098, "eTYPE-DES-CFB64-NONE" }, |
5686 | | { -4099, "eTYPE-DES-PCBC-NONE" }, |
5687 | | { -4100, "eTYPE-DIGEST-MD5-NONE" }, |
5688 | | { -4101, "eTYPE-CRAM-MD5-NONE" }, |
5689 | | { 0, NULL } |
5690 | | }; |
5691 | | |
5692 | | |
5693 | | static int |
5694 | 0 | dissect_kerberos_ENCTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5695 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5696 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5697 | 0 | &(private_data->etype)); |
5698 | | |
5699 | | |
5700 | |
|
5701 | 0 | return offset; |
5702 | 0 | } |
5703 | | |
5704 | | |
5705 | | |
5706 | | static int |
5707 | 1 | dissect_kerberos_UInt32(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5708 | 1 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5709 | 1 | NULL); |
5710 | | |
5711 | 1 | return offset; |
5712 | 1 | } |
5713 | | |
5714 | | |
5715 | | |
5716 | | static int |
5717 | 0 | dissect_kerberos_T_encryptedTicketData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5718 | | #ifdef HAVE_KERBEROS |
5719 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); |
5720 | | #else |
5721 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
5722 | 0 | NULL); |
5723 | |
|
5724 | 0 | #endif |
5725 | | |
5726 | |
|
5727 | 0 | return offset; |
5728 | 0 | } |
5729 | | |
5730 | | |
5731 | | static const ber_sequence_t EncryptedTicketData_sequence[] = { |
5732 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
5733 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
5734 | | { &hf_kerberos_encryptedTicketData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedTicketData_cipher }, |
5735 | | { NULL, 0, 0, 0, NULL } |
5736 | | }; |
5737 | | |
5738 | | static int |
5739 | 0 | dissect_kerberos_EncryptedTicketData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5740 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
5741 | 0 | EncryptedTicketData_sequence, hf_index, ett_kerberos_EncryptedTicketData); |
5742 | |
|
5743 | 0 | return offset; |
5744 | 0 | } |
5745 | | |
5746 | | |
5747 | | static const ber_sequence_t Ticket_U_sequence[] = { |
5748 | | { &hf_kerberos_tkt_vno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
5749 | | { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm }, |
5750 | | { &hf_kerberos_sname , BER_CLASS_CON, 2, 0, dissect_kerberos_SName }, |
5751 | | { &hf_kerberos_ticket_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedTicketData }, |
5752 | | { NULL, 0, 0, 0, NULL } |
5753 | | }; |
5754 | | |
5755 | | static int |
5756 | 13 | dissect_kerberos_Ticket_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5757 | 13 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
5758 | 13 | Ticket_U_sequence, hf_index, ett_kerberos_Ticket_U); |
5759 | | |
5760 | 13 | return offset; |
5761 | 13 | } |
5762 | | |
5763 | | |
5764 | | |
5765 | | static int |
5766 | 13 | dissect_kerberos_Ticket(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5767 | 13 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
5768 | 13 | hf_index, BER_CLASS_APP, 1, false, dissect_kerberos_Ticket_U); |
5769 | | |
5770 | 13 | return offset; |
5771 | 13 | } |
5772 | | |
5773 | | |
5774 | | |
5775 | | static int |
5776 | 0 | dissect_kerberos_CNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5777 | 0 | offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, |
5778 | 0 | actx, tree, tvb, offset, hf_index, |
5779 | 0 | NULL); |
5780 | |
|
5781 | 0 | return offset; |
5782 | 0 | } |
5783 | | |
5784 | | |
5785 | | static const ber_sequence_t SEQUENCE_OF_CNameString_sequence_of[1] = { |
5786 | | { &hf_kerberos_cname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_CNameString }, |
5787 | | }; |
5788 | | |
5789 | | static int |
5790 | 0 | dissect_kerberos_SEQUENCE_OF_CNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5791 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
5792 | 0 | SEQUENCE_OF_CNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_CNameString); |
5793 | |
|
5794 | 0 | return offset; |
5795 | 0 | } |
5796 | | |
5797 | | |
5798 | | static const ber_sequence_t CName_sequence[] = { |
5799 | | { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE }, |
5800 | | { &hf_kerberos_cname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_CNameString }, |
5801 | | { NULL, 0, 0, 0, NULL } |
5802 | | }; |
5803 | | |
5804 | | static int |
5805 | 0 | dissect_kerberos_CName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5806 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
5807 | 0 | CName_sequence, hf_index, ett_kerberos_CName); |
5808 | |
|
5809 | 0 | return offset; |
5810 | 0 | } |
5811 | | |
5812 | | |
5813 | | static const value_string kerberos_CKSUMTYPE_vals[] = { |
5814 | | { 0, "cKSUMTYPE-NONE" }, |
5815 | | { 1, "cKSUMTYPE-CRC32" }, |
5816 | | { 2, "cKSUMTYPE-RSA-MD4" }, |
5817 | | { 3, "cKSUMTYPE-RSA-MD4-DES" }, |
5818 | | { 4, "cKSUMTYPE-DES-MAC" }, |
5819 | | { 5, "cKSUMTYPE-DES-MAC-K" }, |
5820 | | { 6, "cKSUMTYPE-RSA-MD4-DES-K" }, |
5821 | | { 7, "cKSUMTYPE-RSA-MD5" }, |
5822 | | { 8, "cKSUMTYPE-RSA-MD5-DES" }, |
5823 | | { 9, "cKSUMTYPE-RSA-MD5-DES3" }, |
5824 | | { 10, "cKSUMTYPE-SHA1-OTHER" }, |
5825 | | { 12, "cKSUMTYPE-HMAC-SHA1-DES3-KD" }, |
5826 | | { 13, "cKSUMTYPE-HMAC-SHA1-DES3" }, |
5827 | | { 14, "cKSUMTYPE-SHA1" }, |
5828 | | { 15, "cKSUMTYPE-HMAC-SHA1-96-AES-128" }, |
5829 | | { 16, "cKSUMTYPE-HMAC-SHA1-96-AES-256" }, |
5830 | | { 17, "cKSUMTYPE-CMAC-CAMELLIA128" }, |
5831 | | { 18, "cKSUMTYPE-CMAC-CAMELLIA256" }, |
5832 | | { 19, "cKSUMTYPE-HMAC-SHA256-128-AES128" }, |
5833 | | { 20, "cKSUMTYPE-HMAC-SHA384-192-AES256" }, |
5834 | | { 32771, "cKSUMTYPE-GSSAPI" }, |
5835 | | { -138, "cKSUMTYPE-HMAC-MD5" }, |
5836 | | { -1138, "cKSUMTYPE-HMAC-MD5-ENC" }, |
5837 | | { 0, NULL } |
5838 | | }; |
5839 | | |
5840 | | |
5841 | | static int |
5842 | 0 | dissect_kerberos_CKSUMTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5843 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5844 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5845 | 0 | &(private_data->checksum_type)); |
5846 | | |
5847 | | |
5848 | |
|
5849 | 0 | return offset; |
5850 | 0 | } |
5851 | | |
5852 | | |
5853 | | |
5854 | | static int |
5855 | 0 | dissect_kerberos_T_checksum(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5856 | 0 | tvbuff_t *next_tvb; |
5857 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5858 | |
|
5859 | 0 | switch(private_data->checksum_type){ |
5860 | 0 | case KRB5_CHKSUM_GSSAPI: |
5861 | 0 | offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &next_tvb); |
5862 | 0 | dissect_krb5_rfc1964_checksum(actx, tree, next_tvb); |
5863 | 0 | break; |
5864 | 0 | default: |
5865 | 0 | offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, NULL); |
5866 | 0 | break; |
5867 | 0 | } |
5868 | | |
5869 | | |
5870 | 0 | return offset; |
5871 | 0 | } |
5872 | | |
5873 | | |
5874 | | static const ber_sequence_t Checksum_sequence[] = { |
5875 | | { &hf_kerberos_cksumtype , BER_CLASS_CON, 0, 0, dissect_kerberos_CKSUMTYPE }, |
5876 | | { &hf_kerberos_checksum , BER_CLASS_CON, 1, 0, dissect_kerberos_T_checksum }, |
5877 | | { NULL, 0, 0, 0, NULL } |
5878 | | }; |
5879 | | |
5880 | | static int |
5881 | 0 | dissect_kerberos_Checksum(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5882 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
5883 | 0 | Checksum_sequence, hf_index, ett_kerberos_Checksum); |
5884 | |
|
5885 | 0 | return offset; |
5886 | 0 | } |
5887 | | |
5888 | | |
5889 | | |
5890 | | static int |
5891 | 1 | dissect_kerberos_Microseconds(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5892 | 1 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5893 | 1 | NULL); |
5894 | | |
5895 | 1 | return offset; |
5896 | 1 | } |
5897 | | |
5898 | | |
5899 | | |
5900 | | static int |
5901 | 4 | dissect_kerberos_KerberosTime(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5902 | 4 | offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index); |
5903 | | |
5904 | 4 | return offset; |
5905 | 4 | } |
5906 | | |
5907 | | |
5908 | | |
5909 | | static int |
5910 | 0 | dissect_kerberos_Int32(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5911 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5912 | 0 | NULL); |
5913 | |
|
5914 | 0 | return offset; |
5915 | 0 | } |
5916 | | |
5917 | | |
5918 | | |
5919 | | static int |
5920 | 1 | dissect_kerberos_T_keytype(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5921 | 1 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5922 | | |
5923 | 1 | private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item, |
5924 | 1 | tvb, 0, 0, ENC_NA); |
5925 | 1 | if (private_data->key_hidden_item != NULL) { |
5926 | 1 | proto_item_set_hidden(private_data->key_hidden_item); |
5927 | 1 | } |
5928 | | |
5929 | 1 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
5930 | 1 | &gbl_keytype); |
5931 | 1 | private_data->key.keytype = gbl_keytype; |
5932 | | |
5933 | | |
5934 | 1 | return offset; |
5935 | 1 | } |
5936 | | |
5937 | | |
5938 | | |
5939 | | static int |
5940 | 0 | dissect_kerberos_T_keyvalue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5941 | 0 | tvbuff_t *out_tvb; |
5942 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5943 | |
|
5944 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
5945 | 0 | &out_tvb); |
5946 | | |
5947 | |
|
5948 | 0 | private_data->key.keylength = tvb_reported_length(out_tvb); |
5949 | 0 | private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength); |
5950 | 0 | private_data->key_tree = tree; |
5951 | 0 | private_data->key_tvb = out_tvb; |
5952 | | |
5953 | |
|
5954 | 0 | return offset; |
5955 | 0 | } |
5956 | | |
5957 | | |
5958 | | static const ber_sequence_t EncryptionKey_sequence[] = { |
5959 | | { &hf_kerberos_keytype , BER_CLASS_CON, 0, 0, dissect_kerberos_T_keytype }, |
5960 | | { &hf_kerberos_keyvalue , BER_CLASS_CON, 1, 0, dissect_kerberos_T_keyvalue }, |
5961 | | { NULL, 0, 0, 0, NULL } |
5962 | | }; |
5963 | | |
5964 | | static int |
5965 | 3 | dissect_kerberos_EncryptionKey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5966 | 3 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5967 | | #ifdef HAVE_KERBEROS |
5968 | | int start_offset = offset; |
5969 | | #endif |
5970 | | |
5971 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
5972 | 3 | EncryptionKey_sequence, hf_index, ett_kerberos_EncryptionKey); |
5973 | | |
5974 | | |
5975 | 3 | if (private_data->key.keytype != 0 && private_data->key.keylength > 0) { |
5976 | | #ifdef HAVE_KERBEROS |
5977 | | int length = offset - start_offset; |
5978 | | private_data->last_added_key = NULL; |
5979 | | private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree, |
5980 | | private_data->save_encryption_key_parent_hf_index, |
5981 | | hf_index); |
5982 | | private_data->last_added_key = NULL; |
5983 | | #endif |
5984 | 0 | } |
5985 | | |
5986 | | |
5987 | 3 | return offset; |
5988 | 3 | } |
5989 | | |
5990 | | |
5991 | | |
5992 | | static int |
5993 | 0 | dissect_kerberos_T_authenticator_subkey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
5994 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
5995 | 0 | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
5996 | 0 | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
5997 | 0 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator; |
5998 | | #ifdef HAVE_KERBEROS |
5999 | | private_data->save_encryption_key_fn = save_Authenticator_subkey; |
6000 | | #endif |
6001 | 0 | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
6002 | |
|
6003 | 0 | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
6004 | 0 | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
6005 | | |
6006 | |
|
6007 | 0 | return offset; |
6008 | 0 | } |
6009 | | |
6010 | | |
6011 | | static const value_string kerberos_AUTHDATA_TYPE_vals[] = { |
6012 | | { KERBEROS_AD_IF_RELEVANT, "aD-IF-RELEVANT" }, |
6013 | | { KERBEROS_AD_INTENDED_FOR_SERVER, "aD-INTENDED-FOR-SERVER" }, |
6014 | | { KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS, "aD-INTENDED-FOR-APPLICATION-CLASS" }, |
6015 | | { KERBEROS_AD_KDC_ISSUED, "aD-KDC-ISSUED" }, |
6016 | | { KERBEROS_AD_AND_OR, "aD-AND-OR" }, |
6017 | | { KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS, "aD-MANDATORY-TICKET-EXTENSIONS" }, |
6018 | | { KERBEROS_AD_IN_TICKET_EXTENSIONS, "aD-IN-TICKET-EXTENSIONS" }, |
6019 | | { KERBEROS_AD_MANDATORY_FOR_KDC, "aD-MANDATORY-FOR-KDC" }, |
6020 | | { KERBEROS_AD_INITIAL_VERIFIED_CAS, "aD-INITIAL-VERIFIED-CAS" }, |
6021 | | { KERBEROS_AD_OSF_DCE, "aD-OSF-DCE" }, |
6022 | | { KERBEROS_AD_SESAME, "aD-SESAME" }, |
6023 | | { KERBEROS_AD_OSF_DCE_PKI_CERTID, "aD-OSF-DCE-PKI-CERTID" }, |
6024 | | { KERBEROS_AD_AUTHENTICATION_STRENGTH, "aD-authentication-strength" }, |
6025 | | { KERBEROS_AD_FX_FAST_ARMOR, "aD-fx-fast-armor" }, |
6026 | | { KERBEROS_AD_FX_FAST_USED, "aD-fx-fast-used" }, |
6027 | | { KERBEROS_AD_CAMMAC, "aD-CAMMAC" }, |
6028 | | { KERBEROS_AD_AUTHENTICATION_INDICATOR, "aD-AUTHENTICATION-INDICATOR" }, |
6029 | | { KERBEROS_AD_WIN2K_PAC, "aD-WIN2K-PAC" }, |
6030 | | { KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION, "aD-GSS-API-ETYPE-NEGOTIATION" }, |
6031 | | { KERBEROS_AD_TOKEN_RESTRICTIONS, "aD-TOKEN-RESTRICTIONS" }, |
6032 | | { KERBEROS_AD_LOCAL, "aD-LOCAL" }, |
6033 | | { KERBEROS_AD_AP_OPTIONS, "aD-AP-OPTIONS" }, |
6034 | | { KERBEROS_AD_TARGET_PRINCIPAL, "aD-TARGET-PRINCIPAL" }, |
6035 | | { KERBEROS_AD_SIGNTICKET_OLDER, "aD-SIGNTICKET-OLDER" }, |
6036 | | { KERBEROS_AD_SIGNTICKET, "aD-SIGNTICKET" }, |
6037 | | { KERBEROS_AD_PFS, "aD-PFS" }, |
6038 | | { 0, NULL } |
6039 | | }; |
6040 | | |
6041 | | |
6042 | | static int |
6043 | 0 | dissect_kerberos_AUTHDATA_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6044 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
6045 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
6046 | 0 | &(private_data->ad_type)); |
6047 | | |
6048 | | |
6049 | |
|
6050 | 0 | return offset; |
6051 | 0 | } |
6052 | | |
6053 | | |
6054 | | |
6055 | | static int |
6056 | 0 | dissect_kerberos_T_ad_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6057 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
6058 | |
|
6059 | 0 | switch(private_data->ad_type){ |
6060 | 0 | case KERBEROS_AD_CAMMAC: |
6061 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_CAMMAC); |
6062 | 0 | break; |
6063 | 0 | case KERBEROS_AD_AUTHENTICATION_INDICATOR: |
6064 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AUTHENTICATION_INDICATOR); |
6065 | 0 | break; |
6066 | 0 | case KERBEROS_AD_WIN2K_PAC: |
6067 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC); |
6068 | 0 | break; |
6069 | 0 | case KERBEROS_AD_IF_RELEVANT: |
6070 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT); |
6071 | 0 | break; |
6072 | 0 | case KERBEROS_AD_AUTHENTICATION_STRENGTH: |
6073 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); |
6074 | 0 | break; |
6075 | 0 | case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION: |
6076 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE); |
6077 | 0 | break; |
6078 | 0 | case KERBEROS_AD_TOKEN_RESTRICTIONS: |
6079 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY); |
6080 | 0 | break; |
6081 | 0 | case KERBEROS_AD_AP_OPTIONS: |
6082 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS); |
6083 | 0 | break; |
6084 | 0 | case KERBEROS_AD_TARGET_PRINCIPAL: |
6085 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL); |
6086 | 0 | break; |
6087 | 0 | default: |
6088 | 0 | offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); |
6089 | 0 | break; |
6090 | 0 | } |
6091 | | |
6092 | | |
6093 | 0 | return offset; |
6094 | 0 | } |
6095 | | |
6096 | | |
6097 | | static const ber_sequence_t AuthorizationData_item_sequence[] = { |
6098 | | { &hf_kerberos_ad_type , BER_CLASS_CON, 0, 0, dissect_kerberos_AUTHDATA_TYPE }, |
6099 | | { &hf_kerberos_ad_data , BER_CLASS_CON, 1, 0, dissect_kerberos_T_ad_data }, |
6100 | | { NULL, 0, 0, 0, NULL } |
6101 | | }; |
6102 | | |
6103 | | static int |
6104 | 0 | dissect_kerberos_AuthorizationData_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6105 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6106 | 0 | AuthorizationData_item_sequence, hf_index, ett_kerberos_AuthorizationData_item); |
6107 | |
|
6108 | 0 | return offset; |
6109 | 0 | } |
6110 | | |
6111 | | |
6112 | | static const ber_sequence_t AuthorizationData_sequence_of[1] = { |
6113 | | { &hf_kerberos_AuthorizationData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_AuthorizationData_item }, |
6114 | | }; |
6115 | | |
6116 | | static int |
6117 | 0 | dissect_kerberos_AuthorizationData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6118 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
6119 | 0 | AuthorizationData_sequence_of, hf_index, ett_kerberos_AuthorizationData); |
6120 | |
|
6121 | 0 | return offset; |
6122 | 0 | } |
6123 | | |
6124 | | |
6125 | | static const ber_sequence_t Authenticator_U_sequence[] = { |
6126 | | { &hf_kerberos_authenticator_vno, BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
6127 | | { &hf_kerberos_crealm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm }, |
6128 | | { &hf_kerberos_cname , BER_CLASS_CON, 2, 0, dissect_kerberos_CName }, |
6129 | | { &hf_kerberos_cksum , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum }, |
6130 | | { &hf_kerberos_cusec , BER_CLASS_CON, 4, 0, dissect_kerberos_Microseconds }, |
6131 | | { &hf_kerberos_ctime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime }, |
6132 | | { &hf_kerberos_authenticator_subkey, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_T_authenticator_subkey }, |
6133 | | { &hf_kerberos_seq_number , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
6134 | | { &hf_kerberos_authorization_data, BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData }, |
6135 | | { NULL, 0, 0, 0, NULL } |
6136 | | }; |
6137 | | |
6138 | | static int |
6139 | 3 | dissect_kerberos_Authenticator_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6140 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6141 | 3 | Authenticator_U_sequence, hf_index, ett_kerberos_Authenticator_U); |
6142 | | |
6143 | 3 | return offset; |
6144 | 3 | } |
6145 | | |
6146 | | |
6147 | | |
6148 | | static int |
6149 | 3 | dissect_kerberos_Authenticator(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6150 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
6151 | 3 | hf_index, BER_CLASS_APP, 2, false, dissect_kerberos_Authenticator_U); |
6152 | | |
6153 | 3 | return offset; |
6154 | 3 | } |
6155 | | |
6156 | | |
6157 | | static int * const TicketFlags_bits[] = { |
6158 | | &hf_kerberos_TicketFlags_reserved, |
6159 | | &hf_kerberos_TicketFlags_forwardable, |
6160 | | &hf_kerberos_TicketFlags_forwarded, |
6161 | | &hf_kerberos_TicketFlags_proxiable, |
6162 | | &hf_kerberos_TicketFlags_proxy, |
6163 | | &hf_kerberos_TicketFlags_may_postdate, |
6164 | | &hf_kerberos_TicketFlags_postdated, |
6165 | | &hf_kerberos_TicketFlags_invalid, |
6166 | | &hf_kerberos_TicketFlags_renewable, |
6167 | | &hf_kerberos_TicketFlags_initial, |
6168 | | &hf_kerberos_TicketFlags_pre_authent, |
6169 | | &hf_kerberos_TicketFlags_hw_authent, |
6170 | | &hf_kerberos_TicketFlags_transited_policy_checked, |
6171 | | &hf_kerberos_TicketFlags_ok_as_delegate, |
6172 | | &hf_kerberos_TicketFlags_unused, |
6173 | | &hf_kerberos_TicketFlags_enc_pa_rep, |
6174 | | &hf_kerberos_TicketFlags_anonymous, |
6175 | | NULL |
6176 | | }; |
6177 | | |
6178 | | static int |
6179 | 9 | dissect_kerberos_TicketFlags(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6180 | 9 | offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, |
6181 | 9 | TicketFlags_bits, 17, hf_index, ett_kerberos_TicketFlags, |
6182 | 9 | NULL); |
6183 | | |
6184 | 9 | return offset; |
6185 | 9 | } |
6186 | | |
6187 | | |
6188 | | |
6189 | | static int |
6190 | 1 | dissect_kerberos_T_encTicketPart_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6191 | 1 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
6192 | 1 | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
6193 | 1 | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
6194 | 1 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart; |
6195 | | #ifdef HAVE_KERBEROS |
6196 | | private_data->save_encryption_key_fn = save_EncTicketPart_key; |
6197 | | #endif |
6198 | 1 | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
6199 | | |
6200 | 1 | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
6201 | 1 | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
6202 | | |
6203 | | |
6204 | 1 | return offset; |
6205 | 1 | } |
6206 | | |
6207 | | |
6208 | | |
6209 | | static int |
6210 | 0 | dissect_kerberos_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6211 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
6212 | 0 | NULL); |
6213 | |
|
6214 | 0 | return offset; |
6215 | 0 | } |
6216 | | |
6217 | | |
6218 | | static const ber_sequence_t TransitedEncoding_sequence[] = { |
6219 | | { &hf_kerberos_tr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 }, |
6220 | | { &hf_kerberos_contents , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, |
6221 | | { NULL, 0, 0, 0, NULL } |
6222 | | }; |
6223 | | |
6224 | | static int |
6225 | 0 | dissect_kerberos_TransitedEncoding(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6226 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6227 | 0 | TransitedEncoding_sequence, hf_index, ett_kerberos_TransitedEncoding); |
6228 | |
|
6229 | 0 | return offset; |
6230 | 0 | } |
6231 | | |
6232 | | |
6233 | | static const value_string kerberos_ADDR_TYPE_vals[] = { |
6234 | | { KERBEROS_ADDR_TYPE_IPV4, "iPv4" }, |
6235 | | { KERBEROS_ADDR_TYPE_CHAOS, "cHAOS" }, |
6236 | | { KERBEROS_ADDR_TYPE_XEROX, "xEROX" }, |
6237 | | { KERBEROS_ADDR_TYPE_ISO, "iSO" }, |
6238 | | { KERBEROS_ADDR_TYPE_DECNET, "dECNET" }, |
6239 | | { KERBEROS_ADDR_TYPE_APPLETALK, "aPPLETALK" }, |
6240 | | { KERBEROS_ADDR_TYPE_NETBIOS, "nETBIOS" }, |
6241 | | { KERBEROS_ADDR_TYPE_IPV6, "iPv6" }, |
6242 | | { 0, NULL } |
6243 | | }; |
6244 | | |
6245 | | |
6246 | | static int |
6247 | 0 | dissect_kerberos_ADDR_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6248 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
6249 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
6250 | 0 | &(private_data->addr_type)); |
6251 | | |
6252 | | |
6253 | |
|
6254 | 0 | return offset; |
6255 | 0 | } |
6256 | | |
6257 | | |
6258 | | |
6259 | | static int |
6260 | 0 | dissect_kerberos_T_address(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6261 | 0 | int8_t appclass; |
6262 | 0 | bool pc; |
6263 | 0 | int32_t tag; |
6264 | 0 | uint32_t len; |
6265 | 0 | const char *address_str; |
6266 | 0 | proto_item *it=NULL; |
6267 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
6268 | | |
6269 | | /* read header and len for the octet string */ |
6270 | 0 | offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag); |
6271 | 0 | offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); |
6272 | |
|
6273 | 0 | switch(private_data->addr_type){ |
6274 | 0 | case KERBEROS_ADDR_TYPE_IPV4: |
6275 | 0 | it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN); |
6276 | 0 | address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset); |
6277 | 0 | break; |
6278 | 0 | case KERBEROS_ADDR_TYPE_NETBIOS: |
6279 | 0 | { |
6280 | 0 | char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1]; |
6281 | 0 | int netbios_name_type; |
6282 | 0 | int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1; |
6283 | |
|
6284 | 0 | netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len); |
6285 | 0 | address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type); |
6286 | 0 | it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type)); |
6287 | 0 | } |
6288 | 0 | break; |
6289 | 0 | case KERBEROS_ADDR_TYPE_IPV6: |
6290 | 0 | it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA); |
6291 | 0 | address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset); |
6292 | 0 | break; |
6293 | 0 | default: |
6294 | 0 | proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len); |
6295 | 0 | address_str = NULL; |
6296 | 0 | break; |
6297 | 0 | } |
6298 | | |
6299 | | /* push it up two levels in the decode pane */ |
6300 | 0 | if(it && address_str){ |
6301 | 0 | proto_item_append_text(proto_item_get_parent(it), " %s",address_str); |
6302 | 0 | proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str); |
6303 | 0 | } |
6304 | |
|
6305 | 0 | offset+=len; |
6306 | | |
6307 | | |
6308 | |
|
6309 | 0 | return offset; |
6310 | 0 | } |
6311 | | |
6312 | | |
6313 | | static const ber_sequence_t HostAddress_sequence[] = { |
6314 | | { &hf_kerberos_addr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_ADDR_TYPE }, |
6315 | | { &hf_kerberos_address , BER_CLASS_CON, 1, 0, dissect_kerberos_T_address }, |
6316 | | { NULL, 0, 0, 0, NULL } |
6317 | | }; |
6318 | | |
6319 | | static int |
6320 | 1 | dissect_kerberos_HostAddress(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6321 | 1 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6322 | 1 | HostAddress_sequence, hf_index, ett_kerberos_HostAddress); |
6323 | | |
6324 | 1 | return offset; |
6325 | 1 | } |
6326 | | |
6327 | | |
6328 | | static const ber_sequence_t HostAddresses_sequence_of[1] = { |
6329 | | { &hf_kerberos_HostAddresses_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_HostAddress }, |
6330 | | }; |
6331 | | |
6332 | | static int |
6333 | 0 | dissect_kerberos_HostAddresses(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6334 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
6335 | 0 | HostAddresses_sequence_of, hf_index, ett_kerberos_HostAddresses); |
6336 | |
|
6337 | 0 | return offset; |
6338 | 0 | } |
6339 | | |
6340 | | |
6341 | | static const ber_sequence_t EncTicketPart_U_sequence[] = { |
6342 | | { &hf_kerberos_flags , BER_CLASS_CON, 0, 0, dissect_kerberos_TicketFlags }, |
6343 | | { &hf_kerberos_encTicketPart_key, BER_CLASS_CON, 1, 0, dissect_kerberos_T_encTicketPart_key }, |
6344 | | { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, |
6345 | | { &hf_kerberos_cname , BER_CLASS_CON, 3, 0, dissect_kerberos_CName }, |
6346 | | { &hf_kerberos_transited , BER_CLASS_CON, 4, 0, dissect_kerberos_TransitedEncoding }, |
6347 | | { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime }, |
6348 | | { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
6349 | | { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime }, |
6350 | | { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
6351 | | { &hf_kerberos_caddr , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, |
6352 | | { &hf_kerberos_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData }, |
6353 | | { NULL, 0, 0, 0, NULL } |
6354 | | }; |
6355 | | |
6356 | | static int |
6357 | 14 | dissect_kerberos_EncTicketPart_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6358 | 14 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6359 | 14 | EncTicketPart_U_sequence, hf_index, ett_kerberos_EncTicketPart_U); |
6360 | | |
6361 | 14 | return offset; |
6362 | 14 | } |
6363 | | |
6364 | | |
6365 | | |
6366 | | static int |
6367 | 14 | dissect_kerberos_EncTicketPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6368 | 14 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
6369 | 14 | hf_index, BER_CLASS_APP, 3, false, dissect_kerberos_EncTicketPart_U); |
6370 | | |
6371 | 14 | return offset; |
6372 | 14 | } |
6373 | | |
6374 | | |
6375 | | static const value_string kerberos_MESSAGE_TYPE_vals[] = { |
6376 | | { 10, "krb-as-req" }, |
6377 | | { 11, "krb-as-rep" }, |
6378 | | { 12, "krb-tgs-req" }, |
6379 | | { 13, "krb-tgs-rep" }, |
6380 | | { 14, "krb-ap-req" }, |
6381 | | { 15, "krb-ap-rep" }, |
6382 | | { 16, "krb-tgt-req" }, |
6383 | | { 17, "krb-tgt-rep" }, |
6384 | | { 20, "krb-safe" }, |
6385 | | { 21, "krb-priv" }, |
6386 | | { 22, "krb-cred" }, |
6387 | | { 30, "krb-error" }, |
6388 | | { 0, NULL } |
6389 | | }; |
6390 | | |
6391 | | |
6392 | | static int |
6393 | 14 | dissect_kerberos_MESSAGE_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6394 | 14 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
6395 | 14 | uint32_t msgtype; |
6396 | | |
6397 | 14 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
6398 | 14 | &msgtype); |
6399 | | |
6400 | | |
6401 | | |
6402 | 14 | if (gbl_do_col_info) { |
6403 | 0 | col_add_str(actx->pinfo->cinfo, COL_INFO, |
6404 | 0 | val_to_str(msgtype, krb5_msg_types, |
6405 | 0 | "Unknown msg type %#x")); |
6406 | 0 | } |
6407 | 14 | gbl_do_col_info=false; |
6408 | | |
6409 | | #if 0 |
6410 | | /* append the application type to the tree */ |
6411 | | proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x")); |
6412 | | #endif |
6413 | 14 | if (private_data->msg_type == 0) { |
6414 | 11 | private_data->msg_type = msgtype; |
6415 | 11 | krb5_conf_add_response(actx); |
6416 | 11 | } |
6417 | | |
6418 | 14 | return offset; |
6419 | 14 | } |
6420 | | |
6421 | | |
6422 | | static const value_string kerberos_PADATA_TYPE_vals[] = { |
6423 | | { KERBEROS_PA_NONE, "pA-NONE" }, |
6424 | | { KERBEROS_PA_TGS_REQ, "pA-TGS-REQ" }, |
6425 | | { KERBEROS_PA_ENC_TIMESTAMP, "pA-ENC-TIMESTAMP" }, |
6426 | | { KERBEROS_PA_PW_SALT, "pA-PW-SALT" }, |
6427 | | { KERBEROS_PA_ENC_UNIX_TIME, "pA-ENC-UNIX-TIME" }, |
6428 | | { KERBEROS_PA_SANDIA_SECUREID, "pA-SANDIA-SECUREID" }, |
6429 | | { KERBEROS_PA_SESAME, "pA-SESAME" }, |
6430 | | { KERBEROS_PA_OSF_DCE, "pA-OSF-DCE" }, |
6431 | | { KERBEROS_PA_CYBERSAFE_SECUREID, "pA-CYBERSAFE-SECUREID" }, |
6432 | | { KERBEROS_PA_AFS3_SALT, "pA-AFS3-SALT" }, |
6433 | | { KERBEROS_PA_ETYPE_INFO, "pA-ETYPE-INFO" }, |
6434 | | { KERBEROS_PA_SAM_CHALLENGE, "pA-SAM-CHALLENGE" }, |
6435 | | { KERBEROS_PA_SAM_RESPONSE, "pA-SAM-RESPONSE" }, |
6436 | | { KERBEROS_PA_PK_AS_REQ_19, "pA-PK-AS-REQ-19" }, |
6437 | | { KERBEROS_PA_PK_AS_REP_19, "pA-PK-AS-REP-19" }, |
6438 | | { KERBEROS_PA_PK_AS_REQ, "pA-PK-AS-REQ" }, |
6439 | | { KERBEROS_PA_PK_AS_REP, "pA-PK-AS-REP" }, |
6440 | | { KERBEROS_PA_PK_OCSP_RESPONSE, "pA-PK-OCSP-RESPONSE" }, |
6441 | | { KERBEROS_PA_ETYPE_INFO2, "pA-ETYPE-INFO2" }, |
6442 | | { KERBEROS_PA_USE_SPECIFIED_KVNO, "pA-USE-SPECIFIED-KVNO" }, |
6443 | | { KERBEROS_PA_SAM_REDIRECT, "pA-SAM-REDIRECT" }, |
6444 | | { KERBEROS_TD_PADATA, "tD-PADATA" }, |
6445 | | { KERBEROS_PA_SAM_ETYPE_INFO, "pA-SAM-ETYPE-INFO" }, |
6446 | | { KERBEROS_PA_ALT_PRINC, "pA-ALT-PRINC" }, |
6447 | | { KERBEROS_PA_SERVER_REFERRAL, "pA-SERVER-REFERRAL" }, |
6448 | | { KERBEROS_PA_SAM_CHALLENGE2, "pA-SAM-CHALLENGE2" }, |
6449 | | { KERBEROS_PA_SAM_RESPONSE2, "pA-SAM-RESPONSE2" }, |
6450 | | { KERBEROS_PA_EXTRA_TGT, "pA-EXTRA-TGT" }, |
6451 | | { KERBEROS_TD_PKINIT_CMS_CERTIFICATES, "tD-PKINIT-CMS-CERTIFICATES" }, |
6452 | | { KERBEROS_TD_KRB_PRINCIPAL, "tD-KRB-PRINCIPAL" }, |
6453 | | { KERBEROS_TD_KRB_REALM, "tD-KRB-REALM" }, |
6454 | | { KERBEROS_TD_TRUSTED_CERTIFIERS, "tD-TRUSTED-CERTIFIERS" }, |
6455 | | { KERBEROS_TD_CERTIFICATE_INDEX, "tD-CERTIFICATE-INDEX" }, |
6456 | | { KERBEROS_TD_APP_DEFINED_ERROR, "tD-APP-DEFINED-ERROR" }, |
6457 | | { KERBEROS_TD_REQ_NONCE, "tD-REQ-NONCE" }, |
6458 | | { KERBEROS_TD_REQ_SEQ, "tD-REQ-SEQ" }, |
6459 | | { KERBEROS_TD_DH_PARAMETERS, "tD-DH-PARAMETERS" }, |
6460 | | { KERBEROS_TD_CMS_DIGEST_ALGORITHMS, "tD-CMS-DIGEST-ALGORITHMS" }, |
6461 | | { KERBEROS_TD_CERT_DIGEST_ALGORITHMS, "tD-CERT-DIGEST-ALGORITHMS" }, |
6462 | | { KERBEROS_PA_PAC_REQUEST, "pA-PAC-REQUEST" }, |
6463 | | { KERBEROS_PA_FOR_USER, "pA-FOR-USER" }, |
6464 | | { KERBEROS_PA_FOR_X509_USER, "pA-FOR-X509-USER" }, |
6465 | | { KERBEROS_PA_FOR_CHECK_DUPS, "pA-FOR-CHECK-DUPS" }, |
6466 | | { KERBEROS_PA_PK_AS_09_BINDING, "pA-PK-AS-09-BINDING" }, |
6467 | | { KERBEROS_PA_FX_COOKIE, "pA-FX-COOKIE" }, |
6468 | | { KERBEROS_PA_AUTHENTICATION_SET, "pA-AUTHENTICATION-SET" }, |
6469 | | { KERBEROS_PA_AUTH_SET_SELECTED, "pA-AUTH-SET-SELECTED" }, |
6470 | | { KERBEROS_PA_FX_FAST, "pA-FX-FAST" }, |
6471 | | { KERBEROS_PA_FX_ERROR, "pA-FX-ERROR" }, |
6472 | | { KERBEROS_PA_ENCRYPTED_CHALLENGE, "pA-ENCRYPTED-CHALLENGE" }, |
6473 | | { KERBEROS_PA_OTP_CHALLENGE, "pA-OTP-CHALLENGE" }, |
6474 | | { KERBEROS_PA_OTP_REQUEST, "pA-OTP-REQUEST" }, |
6475 | | { KERBEROS_PA_OTP_CONFIRM, "pA-OTP-CONFIRM" }, |
6476 | | { KERBEROS_PA_OTP_PIN_CHANGE, "pA-OTP-PIN-CHANGE" }, |
6477 | | { KERBEROS_PA_EPAK_AS_REQ, "pA-EPAK-AS-REQ" }, |
6478 | | { KERBEROS_PA_EPAK_AS_REP, "pA-EPAK-AS-REP" }, |
6479 | | { KERBEROS_PA_PKINIT_KX, "pA-PKINIT-KX" }, |
6480 | | { KERBEROS_PA_PKU2U_NAME, "pA-PKU2U-NAME" }, |
6481 | | { KERBEROS_PA_REQ_ENC_PA_REP, "pA-REQ-ENC-PA-REP" }, |
6482 | | { KERBEROS_PA_AS_FRESHNESS, "pA-AS-FRESHNESS" }, |
6483 | | { KERBEROS_PA_SPAKE, "pA-SPAKE" }, |
6484 | | { KERBEROS_PA_REDHAT_IDP_OAUTH2, "pA-REDHAT-IDP-OAUTH2" }, |
6485 | | { KERBEROS_PA_REDHAT_PASSKEY, "pA-REDHAT-PASSKEY" }, |
6486 | | { KERBEROS_PA_KERB_KEY_LIST_REQ, "pA-KERB-KEY-LIST-REQ" }, |
6487 | | { KERBEROS_PA_KERB_KEY_LIST_REP, "pA-KERB-KEY-LIST-REP" }, |
6488 | | { KERBEROS_PA_SUPPORTED_ETYPES, "pA-SUPPORTED-ETYPES" }, |
6489 | | { KERBEROS_PA_EXTENDED_ERROR, "pA-EXTENDED-ERROR" }, |
6490 | | { KERBEROS_PA_PAC_OPTIONS, "pA-PAC-OPTIONS" }, |
6491 | | { KERBEROS_PA_SRP, "pA-SRP" }, |
6492 | | { KERBEROS_PA_PROV_SRV_LOCATION, "pA-PROV-SRV-LOCATION" }, |
6493 | | { 0, NULL } |
6494 | | }; |
6495 | | |
6496 | | |
6497 | | static int |
6498 | 0 | dissect_kerberos_PADATA_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6499 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
6500 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
6501 | 0 | &(private_data->padata_type)); |
6502 | | |
6503 | |
|
6504 | 0 | if(tree){ |
6505 | 0 | proto_item_append_text(tree, " %s", |
6506 | 0 | val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals, |
6507 | 0 | "Unknown:%d")); |
6508 | 0 | } |
6509 | |
|
6510 | 0 | return offset; |
6511 | 0 | } |
6512 | | |
6513 | | |
6514 | | |
6515 | | static int |
6516 | 0 | dissect_kerberos_T_padata_value(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6517 | 0 | proto_tree *sub_tree=tree; |
6518 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
6519 | |
|
6520 | 0 | if(actx->created_item){ |
6521 | 0 | sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA); |
6522 | 0 | } |
6523 | |
|
6524 | 0 | switch(private_data->padata_type){ |
6525 | 0 | case KERBEROS_PA_TGS_REQ: |
6526 | 0 | private_data->within_PA_TGS_REQ++; |
6527 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); |
6528 | 0 | private_data->within_PA_TGS_REQ--; |
6529 | 0 | break; |
6530 | 0 | case KERBEROS_PA_PK_AS_REP_19: |
6531 | 0 | private_data->is_win2k_pkinit = true; |
6532 | 0 | if (kerberos_private_is_kdc_req(private_data)) { |
6533 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k); |
6534 | 0 | } else { |
6535 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k); |
6536 | 0 | } |
6537 | 0 | break; |
6538 | 0 | case KERBEROS_PA_PK_AS_REQ: |
6539 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ); |
6540 | 0 | break; |
6541 | 0 | case KERBEROS_PA_PK_AS_REP: |
6542 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP); |
6543 | 0 | break; |
6544 | 0 | case KERBEROS_PA_PAC_REQUEST: |
6545 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST); |
6546 | 0 | break; |
6547 | 0 | case KERBEROS_PA_FOR_USER: /* S4U2SELF */ |
6548 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); |
6549 | 0 | break; |
6550 | 0 | case KERBEROS_PA_FOR_X509_USER: |
6551 | 0 | if(private_data->msg_type == KRB5_MSG_AS_REQ){ |
6552 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate); |
6553 | 0 | }else if(private_data->is_enc_padata){ |
6554 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, NULL); |
6555 | 0 | }else{ |
6556 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER); |
6557 | 0 | } |
6558 | 0 | break; |
6559 | 0 | case KERBEROS_PA_PROV_SRV_LOCATION: |
6560 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION); |
6561 | 0 | break; |
6562 | 0 | case KERBEROS_PA_ENC_TIMESTAMP: |
6563 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP); |
6564 | 0 | break; |
6565 | 0 | case KERBEROS_PA_ETYPE_INFO: |
6566 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO); |
6567 | 0 | break; |
6568 | 0 | case KERBEROS_PA_ETYPE_INFO2: |
6569 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2); |
6570 | 0 | break; |
6571 | 0 | case KERBEROS_PA_PW_SALT: |
6572 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT); |
6573 | 0 | break; |
6574 | 0 | case KERBEROS_PA_AUTH_SET_SELECTED: |
6575 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); |
6576 | 0 | break; |
6577 | 0 | case KERBEROS_PA_FX_FAST: |
6578 | 0 | if (kerberos_private_is_kdc_req(private_data)) { |
6579 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_defer_PA_FX_FAST_REQUEST); |
6580 | 0 | }else{ |
6581 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY); |
6582 | 0 | } |
6583 | 0 | break; |
6584 | 0 | case KERBEROS_PA_FX_ERROR: |
6585 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); |
6586 | 0 | break; |
6587 | 0 | case KERBEROS_PA_ENCRYPTED_CHALLENGE: |
6588 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge); |
6589 | 0 | break; |
6590 | 0 | case KERBEROS_PA_KERB_KEY_LIST_REQ: |
6591 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ); |
6592 | 0 | break; |
6593 | 0 | case KERBEROS_PA_KERB_KEY_LIST_REP: |
6594 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP); |
6595 | 0 | break; |
6596 | 0 | case KERBEROS_PA_SUPPORTED_ETYPES: |
6597 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES); |
6598 | 0 | break; |
6599 | 0 | case KERBEROS_PA_PAC_OPTIONS: |
6600 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS); |
6601 | 0 | break; |
6602 | 0 | case KERBEROS_PA_REQ_ENC_PA_REP: |
6603 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum); |
6604 | 0 | break; |
6605 | 0 | case KERBEROS_PA_SPAKE: |
6606 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE); |
6607 | 0 | break; |
6608 | 0 | case KERBEROS_PA_SRP: |
6609 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KRB5_SRP_PA_APPLICATIONS); |
6610 | 0 | break; |
6611 | 0 | default: |
6612 | 0 | offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, NULL); |
6613 | 0 | break; |
6614 | 0 | } |
6615 | | |
6616 | | |
6617 | 0 | return offset; |
6618 | 0 | } |
6619 | | |
6620 | | |
6621 | | static const ber_sequence_t PA_DATA_sequence[] = { |
6622 | | { &hf_kerberos_padata_type, BER_CLASS_CON, 1, 0, dissect_kerberos_PADATA_TYPE }, |
6623 | | { &hf_kerberos_padata_value, BER_CLASS_CON, 2, 0, dissect_kerberos_T_padata_value }, |
6624 | | { NULL, 0, 0, 0, NULL } |
6625 | | }; |
6626 | | |
6627 | | static int |
6628 | 0 | dissect_kerberos_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6629 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6630 | 0 | PA_DATA_sequence, hf_index, ett_kerberos_PA_DATA); |
6631 | |
|
6632 | 0 | return offset; |
6633 | 0 | } |
6634 | | |
6635 | | |
6636 | | static const ber_sequence_t T_rEQ_SEQUENCE_OF_PA_DATA_sequence_of[1] = { |
6637 | | { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA }, |
6638 | | }; |
6639 | | |
6640 | | static int |
6641 | 0 | dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6642 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
6643 | 0 | struct _kerberos_PA_FX_FAST_REQUEST saved_stack = private_data->PA_FX_FAST_REQUEST; |
6644 | | |
6645 | | /* |
6646 | | * we need to defer calling dissect_kerberos_PA_FX_FAST_REQUEST, |
6647 | | * see dissect_kerberos_defer_PA_FX_FAST_REQUEST() |
6648 | | */ |
6649 | 0 | private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = true, }; |
6650 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
6651 | 0 | T_rEQ_SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA); |
6652 | |
|
6653 | 0 | if (private_data->PA_FX_FAST_REQUEST.tvb != NULL) { |
6654 | 0 | struct _kerberos_PA_FX_FAST_REQUEST used_stack = private_data->PA_FX_FAST_REQUEST; |
6655 | 0 | private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = false, }; |
6656 | | |
6657 | | /* |
6658 | | * dissect_kerberos_defer_PA_FX_FAST_REQUEST() remembered |
6659 | | * a tvb, so replay dissect_kerberos_PA_FX_FAST_REQUEST() |
6660 | | * here. |
6661 | | */ |
6662 | 0 | dissect_kerberos_PA_FX_FAST_REQUEST(false, |
6663 | 0 | used_stack.tvb, |
6664 | 0 | 0, |
6665 | 0 | actx, |
6666 | 0 | used_stack.tree, |
6667 | 0 | -1); |
6668 | 0 | } |
6669 | 0 | private_data->PA_FX_FAST_REQUEST = saved_stack; |
6670 | | |
6671 | |
|
6672 | 0 | return offset; |
6673 | 0 | } |
6674 | | |
6675 | | |
6676 | | static int * const KDCOptions_bits[] = { |
6677 | | &hf_kerberos_KDCOptions_reserved, |
6678 | | &hf_kerberos_KDCOptions_forwardable, |
6679 | | &hf_kerberos_KDCOptions_forwarded, |
6680 | | &hf_kerberos_KDCOptions_proxiable, |
6681 | | &hf_kerberos_KDCOptions_proxy, |
6682 | | &hf_kerberos_KDCOptions_allow_postdate, |
6683 | | &hf_kerberos_KDCOptions_postdated, |
6684 | | &hf_kerberos_KDCOptions_unused7, |
6685 | | &hf_kerberos_KDCOptions_renewable, |
6686 | | &hf_kerberos_KDCOptions_unused9, |
6687 | | &hf_kerberos_KDCOptions_unused10, |
6688 | | &hf_kerberos_KDCOptions_opt_hardware_auth, |
6689 | | &hf_kerberos_KDCOptions_unused12, |
6690 | | &hf_kerberos_KDCOptions_unused13, |
6691 | | &hf_kerberos_KDCOptions_constrained_delegation, |
6692 | | &hf_kerberos_KDCOptions_canonicalize, |
6693 | | &hf_kerberos_KDCOptions_request_anonymous, |
6694 | | &hf_kerberos_KDCOptions_unused17, |
6695 | | &hf_kerberos_KDCOptions_unused18, |
6696 | | &hf_kerberos_KDCOptions_unused19, |
6697 | | &hf_kerberos_KDCOptions_unused20, |
6698 | | &hf_kerberos_KDCOptions_unused21, |
6699 | | &hf_kerberos_KDCOptions_unused22, |
6700 | | &hf_kerberos_KDCOptions_unused23, |
6701 | | &hf_kerberos_KDCOptions_unused24, |
6702 | | &hf_kerberos_KDCOptions_unused25, |
6703 | | &hf_kerberos_KDCOptions_disable_transited_check, |
6704 | | &hf_kerberos_KDCOptions_renewable_ok, |
6705 | | &hf_kerberos_KDCOptions_enc_tkt_in_skey, |
6706 | | &hf_kerberos_KDCOptions_unused29, |
6707 | | &hf_kerberos_KDCOptions_renew, |
6708 | | &hf_kerberos_KDCOptions_validate, |
6709 | | NULL |
6710 | | }; |
6711 | | |
6712 | | static int |
6713 | 0 | dissect_kerberos_KDCOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6714 | 0 | offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, |
6715 | 0 | KDCOptions_bits, 32, hf_index, ett_kerberos_KDCOptions, |
6716 | 0 | NULL); |
6717 | |
|
6718 | 0 | return offset; |
6719 | 0 | } |
6720 | | |
6721 | | |
6722 | | static const ber_sequence_t SEQUENCE_OF_ENCTYPE_sequence_of[1] = { |
6723 | | { &hf_kerberos_kDC_REQ_BODY_etype_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE }, |
6724 | | }; |
6725 | | |
6726 | | static int |
6727 | 0 | dissect_kerberos_SEQUENCE_OF_ENCTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6728 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
6729 | 0 | SEQUENCE_OF_ENCTYPE_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_ENCTYPE); |
6730 | |
|
6731 | 0 | return offset; |
6732 | 0 | } |
6733 | | |
6734 | | |
6735 | | |
6736 | | static int |
6737 | 0 | dissect_kerberos_T_encryptedAuthorizationData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6738 | | #ifdef HAVE_KERBEROS |
6739 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data); |
6740 | | #else |
6741 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
6742 | 0 | NULL); |
6743 | |
|
6744 | 0 | #endif |
6745 | | |
6746 | |
|
6747 | 0 | return offset; |
6748 | 0 | } |
6749 | | |
6750 | | |
6751 | | static const ber_sequence_t EncryptedAuthorizationData_sequence[] = { |
6752 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
6753 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
6754 | | { &hf_kerberos_encryptedAuthorizationData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthorizationData_cipher }, |
6755 | | { NULL, 0, 0, 0, NULL } |
6756 | | }; |
6757 | | |
6758 | | static int |
6759 | 0 | dissect_kerberos_EncryptedAuthorizationData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6760 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6761 | 0 | EncryptedAuthorizationData_sequence, hf_index, ett_kerberos_EncryptedAuthorizationData); |
6762 | |
|
6763 | 0 | return offset; |
6764 | 0 | } |
6765 | | |
6766 | | |
6767 | | static const ber_sequence_t SEQUENCE_OF_Ticket_sequence_of[1] = { |
6768 | | { &hf_kerberos_additional_tickets_item, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket }, |
6769 | | }; |
6770 | | |
6771 | | static int |
6772 | 0 | dissect_kerberos_SEQUENCE_OF_Ticket(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6773 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
6774 | 0 | SEQUENCE_OF_Ticket_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_Ticket); |
6775 | |
|
6776 | 0 | return offset; |
6777 | 0 | } |
6778 | | |
6779 | | |
6780 | | static const ber_sequence_t KDC_REQ_BODY_sequence[] = { |
6781 | | { &hf_kerberos_kdc_options, BER_CLASS_CON, 0, 0, dissect_kerberos_KDCOptions }, |
6782 | | { &hf_kerberos_cname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_CName }, |
6783 | | { &hf_kerberos_realm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, |
6784 | | { &hf_kerberos_sname , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SName }, |
6785 | | { &hf_kerberos_from , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
6786 | | { &hf_kerberos_till , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
6787 | | { &hf_kerberos_rtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
6788 | | { &hf_kerberos_nonce , BER_CLASS_CON, 7, 0, dissect_kerberos_UInt32 }, |
6789 | | { &hf_kerberos_kDC_REQ_BODY_etype, BER_CLASS_CON, 8, 0, dissect_kerberos_SEQUENCE_OF_ENCTYPE }, |
6790 | | { &hf_kerberos_addresses , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, |
6791 | | { &hf_kerberos_enc_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptedAuthorizationData }, |
6792 | | { &hf_kerberos_additional_tickets, BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_Ticket }, |
6793 | | { NULL, 0, 0, 0, NULL } |
6794 | | }; |
6795 | | |
6796 | | static int |
6797 | 0 | dissect_kerberos_KDC_REQ_BODY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6798 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6799 | 0 | KDC_REQ_BODY_sequence, hf_index, ett_kerberos_KDC_REQ_BODY); |
6800 | |
|
6801 | 0 | return offset; |
6802 | 0 | } |
6803 | | |
6804 | | |
6805 | | static const ber_sequence_t KDC_REQ_sequence[] = { |
6806 | | { &hf_kerberos_pvno , BER_CLASS_CON, 1, 0, dissect_kerberos_INTEGER_5 }, |
6807 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 2, 0, dissect_kerberos_MESSAGE_TYPE }, |
6808 | | { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA }, |
6809 | | { &hf_kerberos_req_body , BER_CLASS_CON, 4, 0, dissect_kerberos_KDC_REQ_BODY }, |
6810 | | { NULL, 0, 0, 0, NULL } |
6811 | | }; |
6812 | | |
6813 | | static int |
6814 | 10 | dissect_kerberos_KDC_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6815 | 10 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6816 | 10 | KDC_REQ_sequence, hf_index, ett_kerberos_KDC_REQ); |
6817 | | |
6818 | 10 | krb5_conf_add_request(actx); |
6819 | | |
6820 | | |
6821 | 10 | return offset; |
6822 | 10 | } |
6823 | | |
6824 | | |
6825 | | |
6826 | | static int |
6827 | 3 | dissect_kerberos_AS_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6828 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
6829 | 3 | hf_index, BER_CLASS_APP, 10, false, dissect_kerberos_KDC_REQ); |
6830 | | |
6831 | 3 | return offset; |
6832 | 3 | } |
6833 | | |
6834 | | |
6835 | | static const ber_sequence_t T_rEP_SEQUENCE_OF_PA_DATA_sequence_of[1] = { |
6836 | | { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA }, |
6837 | | }; |
6838 | | |
6839 | | static int |
6840 | 0 | dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6841 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
6842 | 0 | T_rEP_SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_T_rEP_SEQUENCE_OF_PA_DATA); |
6843 | | |
6844 | | |
6845 | |
|
6846 | 0 | return offset; |
6847 | 0 | } |
6848 | | |
6849 | | |
6850 | | |
6851 | | static int |
6852 | 0 | dissect_kerberos_T_encryptedKDCREPData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6853 | | #ifdef HAVE_KERBEROS |
6854 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); |
6855 | | #else |
6856 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
6857 | 0 | NULL); |
6858 | |
|
6859 | 0 | #endif |
6860 | | |
6861 | |
|
6862 | 0 | return offset; |
6863 | 0 | } |
6864 | | |
6865 | | |
6866 | | static const ber_sequence_t EncryptedKDCREPData_sequence[] = { |
6867 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
6868 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
6869 | | { &hf_kerberos_encryptedKDCREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKDCREPData_cipher }, |
6870 | | { NULL, 0, 0, 0, NULL } |
6871 | | }; |
6872 | | |
6873 | | static int |
6874 | 0 | dissect_kerberos_EncryptedKDCREPData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6875 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6876 | 0 | EncryptedKDCREPData_sequence, hf_index, ett_kerberos_EncryptedKDCREPData); |
6877 | |
|
6878 | 0 | return offset; |
6879 | 0 | } |
6880 | | |
6881 | | |
6882 | | static const ber_sequence_t KDC_REP_sequence[] = { |
6883 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
6884 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
6885 | | { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA }, |
6886 | | { &hf_kerberos_crealm , BER_CLASS_CON, 3, 0, dissect_kerberos_Realm }, |
6887 | | { &hf_kerberos_cname , BER_CLASS_CON, 4, 0, dissect_kerberos_CName }, |
6888 | | { &hf_kerberos_ticket , BER_CLASS_CON, 5, 0, dissect_kerberos_Ticket }, |
6889 | | { &hf_kerberos_kDC_REP_enc_part, BER_CLASS_CON, 6, 0, dissect_kerberos_EncryptedKDCREPData }, |
6890 | | { NULL, 0, 0, 0, NULL } |
6891 | | }; |
6892 | | |
6893 | | static int |
6894 | 8 | dissect_kerberos_KDC_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6895 | 8 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6896 | 8 | KDC_REP_sequence, hf_index, ett_kerberos_KDC_REP); |
6897 | | |
6898 | 8 | return offset; |
6899 | 8 | } |
6900 | | |
6901 | | |
6902 | | |
6903 | | static int |
6904 | 4 | dissect_kerberos_AS_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6905 | 4 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
6906 | 4 | hf_index, BER_CLASS_APP, 11, false, dissect_kerberos_KDC_REP); |
6907 | | |
6908 | 4 | return offset; |
6909 | 4 | } |
6910 | | |
6911 | | |
6912 | | |
6913 | | static int |
6914 | 7 | dissect_kerberos_TGS_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6915 | 7 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
6916 | 7 | hf_index, BER_CLASS_APP, 12, false, dissect_kerberos_KDC_REQ); |
6917 | | |
6918 | 7 | return offset; |
6919 | 7 | } |
6920 | | |
6921 | | |
6922 | | |
6923 | | static int |
6924 | 4 | dissect_kerberos_TGS_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6925 | 4 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
6926 | 4 | hf_index, BER_CLASS_APP, 13, false, dissect_kerberos_KDC_REP); |
6927 | | |
6928 | 4 | return offset; |
6929 | 4 | } |
6930 | | |
6931 | | |
6932 | | static int * const APOptions_bits[] = { |
6933 | | &hf_kerberos_APOptions_reserved, |
6934 | | &hf_kerberos_APOptions_use_session_key, |
6935 | | &hf_kerberos_APOptions_mutual_required, |
6936 | | NULL |
6937 | | }; |
6938 | | |
6939 | | static int |
6940 | 0 | dissect_kerberos_APOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6941 | 0 | offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, |
6942 | 0 | APOptions_bits, 3, hf_index, ett_kerberos_APOptions, |
6943 | 0 | NULL); |
6944 | |
|
6945 | 0 | return offset; |
6946 | 0 | } |
6947 | | |
6948 | | |
6949 | | |
6950 | | static int |
6951 | 0 | dissect_kerberos_T_encryptedAuthenticator_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6952 | | #ifdef HAVE_KERBEROS |
6953 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); |
6954 | | #else |
6955 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
6956 | 0 | NULL); |
6957 | |
|
6958 | 0 | #endif |
6959 | | |
6960 | |
|
6961 | 0 | return offset; |
6962 | 0 | } |
6963 | | |
6964 | | |
6965 | | static const ber_sequence_t EncryptedAuthenticator_sequence[] = { |
6966 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
6967 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
6968 | | { &hf_kerberos_encryptedAuthenticator_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthenticator_cipher }, |
6969 | | { NULL, 0, 0, 0, NULL } |
6970 | | }; |
6971 | | |
6972 | | static int |
6973 | 0 | dissect_kerberos_EncryptedAuthenticator(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6974 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6975 | 0 | EncryptedAuthenticator_sequence, hf_index, ett_kerberos_EncryptedAuthenticator); |
6976 | |
|
6977 | 0 | return offset; |
6978 | 0 | } |
6979 | | |
6980 | | |
6981 | | static const ber_sequence_t AP_REQ_U_sequence[] = { |
6982 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
6983 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
6984 | | { &hf_kerberos_ap_options , BER_CLASS_CON, 2, 0, dissect_kerberos_APOptions }, |
6985 | | { &hf_kerberos_ticket , BER_CLASS_CON, 3, 0, dissect_kerberos_Ticket }, |
6986 | | { &hf_kerberos_authenticator_enc_part, BER_CLASS_CON, 4, 0, dissect_kerberos_EncryptedAuthenticator }, |
6987 | | { NULL, 0, 0, 0, NULL } |
6988 | | }; |
6989 | | |
6990 | | static int |
6991 | 3 | dissect_kerberos_AP_REQ_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
6992 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
6993 | 3 | AP_REQ_U_sequence, hf_index, ett_kerberos_AP_REQ_U); |
6994 | | |
6995 | 3 | return offset; |
6996 | 3 | } |
6997 | | |
6998 | | |
6999 | | |
7000 | | static int |
7001 | 3 | dissect_kerberos_AP_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7002 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7003 | 3 | hf_index, BER_CLASS_APP, 14, false, dissect_kerberos_AP_REQ_U); |
7004 | | |
7005 | 3 | return offset; |
7006 | 3 | } |
7007 | | |
7008 | | |
7009 | | |
7010 | | static int |
7011 | 0 | dissect_kerberos_T_encryptedAPREPData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7012 | | #ifdef HAVE_KERBEROS |
7013 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); |
7014 | | #else |
7015 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
7016 | 0 | NULL); |
7017 | |
|
7018 | 0 | #endif |
7019 | | |
7020 | |
|
7021 | 0 | return offset; |
7022 | 0 | } |
7023 | | |
7024 | | |
7025 | | static const ber_sequence_t EncryptedAPREPData_sequence[] = { |
7026 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
7027 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7028 | | { &hf_kerberos_encryptedAPREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAPREPData_cipher }, |
7029 | | { NULL, 0, 0, 0, NULL } |
7030 | | }; |
7031 | | |
7032 | | static int |
7033 | 0 | dissect_kerberos_EncryptedAPREPData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7034 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7035 | 0 | EncryptedAPREPData_sequence, hf_index, ett_kerberos_EncryptedAPREPData); |
7036 | |
|
7037 | 0 | return offset; |
7038 | 0 | } |
7039 | | |
7040 | | |
7041 | | static const ber_sequence_t AP_REP_U_sequence[] = { |
7042 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7043 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7044 | | { &hf_kerberos_aP_REP_enc_part, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedAPREPData }, |
7045 | | { NULL, 0, 0, 0, NULL } |
7046 | | }; |
7047 | | |
7048 | | static int |
7049 | 1 | dissect_kerberos_AP_REP_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7050 | 1 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7051 | 1 | AP_REP_U_sequence, hf_index, ett_kerberos_AP_REP_U); |
7052 | | |
7053 | 1 | return offset; |
7054 | 1 | } |
7055 | | |
7056 | | |
7057 | | |
7058 | | static int |
7059 | 1 | dissect_kerberos_AP_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7060 | 1 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7061 | 1 | hf_index, BER_CLASS_APP, 15, false, dissect_kerberos_AP_REP_U); |
7062 | | |
7063 | 1 | return offset; |
7064 | 1 | } |
7065 | | |
7066 | | |
7067 | | |
7068 | | static int |
7069 | 0 | dissect_kerberos_T_kRB_SAFE_BODY_user_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7070 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
7071 | 0 | tvbuff_t *new_tvb; |
7072 | 0 | offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &new_tvb); |
7073 | 0 | if (new_tvb) { |
7074 | 0 | call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks); |
7075 | 0 | } |
7076 | | |
7077 | |
|
7078 | 0 | return offset; |
7079 | 0 | } |
7080 | | |
7081 | | |
7082 | | static const ber_sequence_t KRB_SAFE_BODY_sequence[] = { |
7083 | | { &hf_kerberos_kRB_SAFE_BODY_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_kRB_SAFE_BODY_user_data }, |
7084 | | { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7085 | | { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, |
7086 | | { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7087 | | { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, |
7088 | | { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, |
7089 | | { NULL, 0, 0, 0, NULL } |
7090 | | }; |
7091 | | |
7092 | | static int |
7093 | 0 | dissect_kerberos_KRB_SAFE_BODY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7094 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7095 | 0 | KRB_SAFE_BODY_sequence, hf_index, ett_kerberos_KRB_SAFE_BODY); |
7096 | |
|
7097 | 0 | return offset; |
7098 | 0 | } |
7099 | | |
7100 | | |
7101 | | static const ber_sequence_t KRB_SAFE_U_sequence[] = { |
7102 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7103 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7104 | | { &hf_kerberos_safe_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KRB_SAFE_BODY }, |
7105 | | { &hf_kerberos_cksum , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum }, |
7106 | | { NULL, 0, 0, 0, NULL } |
7107 | | }; |
7108 | | |
7109 | | static int |
7110 | 6 | dissect_kerberos_KRB_SAFE_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7111 | 6 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7112 | 6 | KRB_SAFE_U_sequence, hf_index, ett_kerberos_KRB_SAFE_U); |
7113 | | |
7114 | 6 | return offset; |
7115 | 6 | } |
7116 | | |
7117 | | |
7118 | | |
7119 | | static int |
7120 | 6 | dissect_kerberos_KRB_SAFE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7121 | 6 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7122 | 6 | hf_index, BER_CLASS_APP, 20, false, dissect_kerberos_KRB_SAFE_U); |
7123 | | |
7124 | 6 | return offset; |
7125 | 6 | } |
7126 | | |
7127 | | |
7128 | | |
7129 | | static int |
7130 | 0 | dissect_kerberos_T_encryptedKrbPrivData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7131 | | #ifdef HAVE_KERBEROS |
7132 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); |
7133 | | #else |
7134 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
7135 | 0 | NULL); |
7136 | |
|
7137 | 0 | #endif |
7138 | | |
7139 | |
|
7140 | 0 | return offset; |
7141 | 0 | } |
7142 | | |
7143 | | |
7144 | | static const ber_sequence_t EncryptedKrbPrivData_sequence[] = { |
7145 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
7146 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7147 | | { &hf_kerberos_encryptedKrbPrivData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbPrivData_cipher }, |
7148 | | { NULL, 0, 0, 0, NULL } |
7149 | | }; |
7150 | | |
7151 | | static int |
7152 | 0 | dissect_kerberos_EncryptedKrbPrivData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7153 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7154 | 0 | EncryptedKrbPrivData_sequence, hf_index, ett_kerberos_EncryptedKrbPrivData); |
7155 | |
|
7156 | 0 | return offset; |
7157 | 0 | } |
7158 | | |
7159 | | |
7160 | | static const ber_sequence_t KRB_PRIV_U_sequence[] = { |
7161 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7162 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7163 | | { &hf_kerberos_kRB_PRIV_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbPrivData }, |
7164 | | { NULL, 0, 0, 0, NULL } |
7165 | | }; |
7166 | | |
7167 | | static int |
7168 | 2 | dissect_kerberos_KRB_PRIV_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7169 | 2 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7170 | 2 | KRB_PRIV_U_sequence, hf_index, ett_kerberos_KRB_PRIV_U); |
7171 | | |
7172 | 2 | return offset; |
7173 | 2 | } |
7174 | | |
7175 | | |
7176 | | |
7177 | | static int |
7178 | 2 | dissect_kerberos_KRB_PRIV(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7179 | 2 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7180 | 2 | hf_index, BER_CLASS_APP, 21, false, dissect_kerberos_KRB_PRIV_U); |
7181 | | |
7182 | 2 | return offset; |
7183 | 2 | } |
7184 | | |
7185 | | |
7186 | | |
7187 | | static int |
7188 | 0 | dissect_kerberos_T_encryptedKrbCredData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7189 | | #ifdef HAVE_KERBEROS |
7190 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); |
7191 | | #else |
7192 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
7193 | 0 | NULL); |
7194 | |
|
7195 | 0 | #endif |
7196 | | |
7197 | |
|
7198 | 0 | return offset; |
7199 | 0 | } |
7200 | | |
7201 | | |
7202 | | static const ber_sequence_t EncryptedKrbCredData_sequence[] = { |
7203 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
7204 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7205 | | { &hf_kerberos_encryptedKrbCredData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbCredData_cipher }, |
7206 | | { NULL, 0, 0, 0, NULL } |
7207 | | }; |
7208 | | |
7209 | | static int |
7210 | 0 | dissect_kerberos_EncryptedKrbCredData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7211 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7212 | 0 | EncryptedKrbCredData_sequence, hf_index, ett_kerberos_EncryptedKrbCredData); |
7213 | |
|
7214 | 0 | return offset; |
7215 | 0 | } |
7216 | | |
7217 | | |
7218 | | static const ber_sequence_t KRB_CRED_U_sequence[] = { |
7219 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7220 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7221 | | { &hf_kerberos_tickets , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_OF_Ticket }, |
7222 | | { &hf_kerberos_kRB_CRED_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbCredData }, |
7223 | | { NULL, 0, 0, 0, NULL } |
7224 | | }; |
7225 | | |
7226 | | static int |
7227 | 1 | dissect_kerberos_KRB_CRED_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7228 | 1 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7229 | 1 | KRB_CRED_U_sequence, hf_index, ett_kerberos_KRB_CRED_U); |
7230 | | |
7231 | 1 | return offset; |
7232 | 1 | } |
7233 | | |
7234 | | |
7235 | | |
7236 | | static int |
7237 | 1 | dissect_kerberos_KRB_CRED(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7238 | 1 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7239 | 1 | hf_index, BER_CLASS_APP, 22, false, dissect_kerberos_KRB_CRED_U); |
7240 | | |
7241 | 1 | return offset; |
7242 | 1 | } |
7243 | | |
7244 | | |
7245 | | |
7246 | | static int |
7247 | 2 | dissect_kerberos_T_encKDCRepPart_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7248 | 2 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
7249 | 2 | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
7250 | 2 | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
7251 | 2 | switch (private_data->msg_type) { |
7252 | 0 | case KERBEROS_APPLICATIONS_AS_REP: |
7253 | 0 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart; |
7254 | 0 | break; |
7255 | 0 | case KERBEROS_APPLICATIONS_TGS_REP: |
7256 | 0 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart; |
7257 | 0 | break; |
7258 | 2 | default: |
7259 | 2 | private_data->save_encryption_key_parent_hf_index = -1; |
7260 | 2 | } |
7261 | | #ifdef HAVE_KERBEROS |
7262 | | private_data->save_encryption_key_fn = save_EncKDCRepPart_key; |
7263 | | #endif |
7264 | 2 | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
7265 | | |
7266 | 2 | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
7267 | 2 | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
7268 | | |
7269 | | |
7270 | 2 | return offset; |
7271 | 2 | } |
7272 | | |
7273 | | |
7274 | | static const value_string kerberos_LR_TYPE_vals[] = { |
7275 | | { 0, "lR-NONE" }, |
7276 | | { 1, "lR-INITIAL-TGT" }, |
7277 | | { 2, "lR-INITIAL" }, |
7278 | | { 3, "lR-ISSUE-USE-TGT" }, |
7279 | | { 4, "lR-RENEWAL" }, |
7280 | | { 5, "lR-REQUEST" }, |
7281 | | { 6, "lR-PW-EXPTIME" }, |
7282 | | { 7, "lR-ACCT-EXPTIME" }, |
7283 | | { 0, NULL } |
7284 | | }; |
7285 | | |
7286 | | |
7287 | | static int |
7288 | 0 | dissect_kerberos_LR_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7289 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
7290 | 0 | NULL); |
7291 | |
|
7292 | 0 | return offset; |
7293 | 0 | } |
7294 | | |
7295 | | |
7296 | | static const ber_sequence_t LastReq_item_sequence[] = { |
7297 | | { &hf_kerberos_lr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_LR_TYPE }, |
7298 | | { &hf_kerberos_lr_value , BER_CLASS_CON, 1, 0, dissect_kerberos_KerberosTime }, |
7299 | | { NULL, 0, 0, 0, NULL } |
7300 | | }; |
7301 | | |
7302 | | static int |
7303 | 0 | dissect_kerberos_LastReq_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7304 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7305 | 0 | LastReq_item_sequence, hf_index, ett_kerberos_LastReq_item); |
7306 | |
|
7307 | 0 | return offset; |
7308 | 0 | } |
7309 | | |
7310 | | |
7311 | | static const ber_sequence_t LastReq_sequence_of[1] = { |
7312 | | { &hf_kerberos_LastReq_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_LastReq_item }, |
7313 | | }; |
7314 | | |
7315 | | static int |
7316 | 1 | dissect_kerberos_LastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7317 | 1 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
7318 | 1 | LastReq_sequence_of, hf_index, ett_kerberos_LastReq); |
7319 | | |
7320 | 1 | return offset; |
7321 | 1 | } |
7322 | | |
7323 | | |
7324 | | static const ber_sequence_t METHOD_DATA_sequence_of[1] = { |
7325 | | { &hf_kerberos_METHOD_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA }, |
7326 | | }; |
7327 | | |
7328 | | static int |
7329 | 0 | dissect_kerberos_METHOD_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7330 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
7331 | 0 | METHOD_DATA_sequence_of, hf_index, ett_kerberos_METHOD_DATA); |
7332 | |
|
7333 | 0 | return offset; |
7334 | 0 | } |
7335 | | |
7336 | | |
7337 | | |
7338 | | static int |
7339 | 0 | dissect_kerberos_T_encrypted_pa_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7340 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
7341 | 0 | private_data->is_enc_padata = true; |
7342 | |
|
7343 | 0 | offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index); |
7344 | |
|
7345 | 0 | private_data->is_enc_padata = false; |
7346 | |
|
7347 | 0 | return offset; |
7348 | 0 | } |
7349 | | |
7350 | | |
7351 | | static const ber_sequence_t EncKDCRepPart_sequence[] = { |
7352 | | { &hf_kerberos_encKDCRepPart_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKDCRepPart_key }, |
7353 | | { &hf_kerberos_last_req , BER_CLASS_CON, 1, 0, dissect_kerberos_LastReq }, |
7354 | | { &hf_kerberos_nonce , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 }, |
7355 | | { &hf_kerberos_key_expiration, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7356 | | { &hf_kerberos_flags , BER_CLASS_CON, 4, 0, dissect_kerberos_TicketFlags }, |
7357 | | { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime }, |
7358 | | { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7359 | | { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime }, |
7360 | | { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7361 | | { &hf_kerberos_srealm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm }, |
7362 | | { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName }, |
7363 | | { &hf_kerberos_caddr , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, |
7364 | | { &hf_kerberos_encrypted_pa_data, BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encrypted_pa_data }, |
7365 | | { NULL, 0, 0, 0, NULL } |
7366 | | }; |
7367 | | |
7368 | | static int |
7369 | 10 | dissect_kerberos_EncKDCRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7370 | 10 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7371 | 10 | EncKDCRepPart_sequence, hf_index, ett_kerberos_EncKDCRepPart); |
7372 | | |
7373 | 10 | return offset; |
7374 | 10 | } |
7375 | | |
7376 | | |
7377 | | |
7378 | | static int |
7379 | 6 | dissect_kerberos_EncASRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7380 | 6 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7381 | 6 | hf_index, BER_CLASS_APP, 25, false, dissect_kerberos_EncKDCRepPart); |
7382 | | |
7383 | 6 | return offset; |
7384 | 6 | } |
7385 | | |
7386 | | |
7387 | | |
7388 | | static int |
7389 | 4 | dissect_kerberos_EncTGSRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7390 | 4 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7391 | 4 | hf_index, BER_CLASS_APP, 26, false, dissect_kerberos_EncKDCRepPart); |
7392 | | |
7393 | 4 | return offset; |
7394 | 4 | } |
7395 | | |
7396 | | |
7397 | | |
7398 | | static int |
7399 | 0 | dissect_kerberos_T_encAPRepPart_subkey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7400 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
7401 | 0 | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
7402 | 0 | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
7403 | 0 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart; |
7404 | | #ifdef HAVE_KERBEROS |
7405 | | private_data->save_encryption_key_fn = save_EncAPRepPart_subkey; |
7406 | | #endif |
7407 | 0 | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
7408 | |
|
7409 | 0 | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
7410 | 0 | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
7411 | | |
7412 | |
|
7413 | 0 | return offset; |
7414 | 0 | } |
7415 | | |
7416 | | |
7417 | | static const ber_sequence_t EncAPRepPart_U_sequence[] = { |
7418 | | { &hf_kerberos_ctime , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime }, |
7419 | | { &hf_kerberos_cusec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds }, |
7420 | | { &hf_kerberos_encAPRepPart_subkey, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encAPRepPart_subkey }, |
7421 | | { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7422 | | { NULL, 0, 0, 0, NULL } |
7423 | | }; |
7424 | | |
7425 | | static int |
7426 | 8 | dissect_kerberos_EncAPRepPart_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7427 | 8 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7428 | 8 | EncAPRepPart_U_sequence, hf_index, ett_kerberos_EncAPRepPart_U); |
7429 | | |
7430 | 8 | return offset; |
7431 | 8 | } |
7432 | | |
7433 | | |
7434 | | |
7435 | | static int |
7436 | 8 | dissect_kerberos_EncAPRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7437 | 8 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7438 | 8 | hf_index, BER_CLASS_APP, 27, false, dissect_kerberos_EncAPRepPart_U); |
7439 | | |
7440 | 8 | return offset; |
7441 | 8 | } |
7442 | | |
7443 | | |
7444 | | |
7445 | | static int |
7446 | 5 | dissect_kerberos_T_encKrbPrivPart_user_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7447 | 5 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
7448 | 5 | tvbuff_t *new_tvb; |
7449 | 5 | offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &new_tvb); |
7450 | 5 | if (new_tvb) { |
7451 | 3 | call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks); |
7452 | 3 | } |
7453 | | |
7454 | | |
7455 | 5 | return offset; |
7456 | 5 | } |
7457 | | |
7458 | | |
7459 | | static const ber_sequence_t EncKrbPrivPart_sequence[] = { |
7460 | | { &hf_kerberos_encKrbPrivPart_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKrbPrivPart_user_data }, |
7461 | | { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7462 | | { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, |
7463 | | { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7464 | | { &hf_kerberos_s_address , BER_CLASS_CON, 4, 0, dissect_kerberos_HostAddress }, |
7465 | | { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, |
7466 | | { NULL, 0, 0, 0, NULL } |
7467 | | }; |
7468 | | |
7469 | | static int |
7470 | 9 | dissect_kerberos_EncKrbPrivPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7471 | 9 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7472 | 9 | EncKrbPrivPart_sequence, hf_index, ett_kerberos_EncKrbPrivPart); |
7473 | | |
7474 | 9 | return offset; |
7475 | 9 | } |
7476 | | |
7477 | | |
7478 | | |
7479 | | static int |
7480 | 9 | dissect_kerberos_ENC_KRB_PRIV_PART(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7481 | 9 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7482 | 9 | hf_index, BER_CLASS_APP, 28, false, dissect_kerberos_EncKrbPrivPart); |
7483 | | |
7484 | 9 | return offset; |
7485 | 9 | } |
7486 | | |
7487 | | |
7488 | | |
7489 | | static int |
7490 | 0 | dissect_kerberos_T_krbCredInfo_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7491 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
7492 | 0 | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
7493 | 0 | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
7494 | 0 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item; |
7495 | | #ifdef HAVE_KERBEROS |
7496 | | private_data->save_encryption_key_fn = save_KrbCredInfo_key; |
7497 | | #endif |
7498 | 0 | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
7499 | |
|
7500 | 0 | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
7501 | 0 | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
7502 | | |
7503 | |
|
7504 | 0 | return offset; |
7505 | 0 | } |
7506 | | |
7507 | | |
7508 | | static const ber_sequence_t SEQUENCE_OF_KerberosString_sequence_of[1] = { |
7509 | | { &hf_kerberos_name_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_KerberosString }, |
7510 | | }; |
7511 | | |
7512 | | static int |
7513 | 0 | dissect_kerberos_SEQUENCE_OF_KerberosString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7514 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
7515 | 0 | SEQUENCE_OF_KerberosString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KerberosString); |
7516 | |
|
7517 | 0 | return offset; |
7518 | 0 | } |
7519 | | |
7520 | | |
7521 | | static const ber_sequence_t PrincipalName_sequence[] = { |
7522 | | { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE }, |
7523 | | { &hf_kerberos_name_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_KerberosString }, |
7524 | | { NULL, 0, 0, 0, NULL } |
7525 | | }; |
7526 | | |
7527 | | static int |
7528 | 0 | dissect_kerberos_PrincipalName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7529 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7530 | 0 | PrincipalName_sequence, hf_index, ett_kerberos_PrincipalName); |
7531 | |
|
7532 | 0 | return offset; |
7533 | 0 | } |
7534 | | |
7535 | | |
7536 | | static const ber_sequence_t KrbCredInfo_sequence[] = { |
7537 | | { &hf_kerberos_krbCredInfo_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_krbCredInfo_key }, |
7538 | | { &hf_kerberos_prealm , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, |
7539 | | { &hf_kerberos_pname , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, |
7540 | | { &hf_kerberos_flags , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_TicketFlags }, |
7541 | | { &hf_kerberos_authtime , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7542 | | { &hf_kerberos_starttime , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7543 | | { &hf_kerberos_endtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7544 | | { &hf_kerberos_renew_till , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7545 | | { &hf_kerberos_srealm , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, |
7546 | | { &hf_kerberos_sname , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_SName }, |
7547 | | { &hf_kerberos_caddr , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, |
7548 | | { NULL, 0, 0, 0, NULL } |
7549 | | }; |
7550 | | |
7551 | | static int |
7552 | 1 | dissect_kerberos_KrbCredInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7553 | 1 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7554 | 1 | KrbCredInfo_sequence, hf_index, ett_kerberos_KrbCredInfo); |
7555 | | |
7556 | 1 | return offset; |
7557 | 1 | } |
7558 | | |
7559 | | |
7560 | | static const ber_sequence_t SEQUENCE_OF_KrbCredInfo_sequence_of[1] = { |
7561 | | { &hf_kerberos_ticket_info_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KrbCredInfo }, |
7562 | | }; |
7563 | | |
7564 | | static int |
7565 | 4 | dissect_kerberos_SEQUENCE_OF_KrbCredInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7566 | 4 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
7567 | 4 | SEQUENCE_OF_KrbCredInfo_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KrbCredInfo); |
7568 | | |
7569 | 4 | return offset; |
7570 | 4 | } |
7571 | | |
7572 | | |
7573 | | static const ber_sequence_t EncKrbCredPart_U_sequence[] = { |
7574 | | { &hf_kerberos_ticket_info, BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_KrbCredInfo }, |
7575 | | { &hf_kerberos_nonce , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7576 | | { &hf_kerberos_timestamp , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7577 | | { &hf_kerberos_usec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, |
7578 | | { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, |
7579 | | { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, |
7580 | | { NULL, 0, 0, 0, NULL } |
7581 | | }; |
7582 | | |
7583 | | static int |
7584 | 11 | dissect_kerberos_EncKrbCredPart_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7585 | 11 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7586 | 11 | EncKrbCredPart_U_sequence, hf_index, ett_kerberos_EncKrbCredPart_U); |
7587 | | |
7588 | 11 | return offset; |
7589 | 11 | } |
7590 | | |
7591 | | |
7592 | | |
7593 | | static int |
7594 | 11 | dissect_kerberos_EncKrbCredPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7595 | 11 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7596 | 11 | hf_index, BER_CLASS_APP, 29, false, dissect_kerberos_EncKrbCredPart_U); |
7597 | | |
7598 | 11 | return offset; |
7599 | 11 | } |
7600 | | |
7601 | | |
7602 | | static const value_string kerberos_ERROR_CODE_vals[] = { |
7603 | | { 0, "eRR-NONE" }, |
7604 | | { 1, "eRR-NAME-EXP" }, |
7605 | | { 2, "eRR-SERVICE-EXP" }, |
7606 | | { 3, "eRR-BAD-PVNO" }, |
7607 | | { 4, "eRR-C-OLD-MAST-KVNO" }, |
7608 | | { 5, "eRR-S-OLD-MAST-KVNO" }, |
7609 | | { 6, "eRR-C-PRINCIPAL-UNKNOWN" }, |
7610 | | { 7, "eRR-S-PRINCIPAL-UNKNOWN" }, |
7611 | | { 8, "eRR-PRINCIPAL-NOT-UNIQUE" }, |
7612 | | { 9, "eRR-NULL-KEY" }, |
7613 | | { 10, "eRR-CANNOT-POSTDATE" }, |
7614 | | { 11, "eRR-NEVER-VALID" }, |
7615 | | { 12, "eRR-POLICY" }, |
7616 | | { 13, "eRR-BADOPTION" }, |
7617 | | { 14, "eRR-ETYPE-NOSUPP" }, |
7618 | | { 15, "eRR-SUMTYPE-NOSUPP" }, |
7619 | | { 16, "eRR-PADATA-TYPE-NOSUPP" }, |
7620 | | { 17, "eRR-TRTYPE-NOSUPP" }, |
7621 | | { 18, "eRR-CLIENT-REVOKED" }, |
7622 | | { 19, "eRR-SERVICE-REVOKED" }, |
7623 | | { 20, "eRR-TGT-REVOKED" }, |
7624 | | { 21, "eRR-CLIENT-NOTYET" }, |
7625 | | { 22, "eRR-SERVICE-NOTYET" }, |
7626 | | { 23, "eRR-KEY-EXP" }, |
7627 | | { 24, "eRR-PREAUTH-FAILED" }, |
7628 | | { 25, "eRR-PREAUTH-REQUIRED" }, |
7629 | | { 26, "eRR-SERVER-NOMATCH" }, |
7630 | | { 27, "eRR-MUST-USE-USER2USER" }, |
7631 | | { 28, "eRR-PATH-NOT-ACCEPTED" }, |
7632 | | { 29, "eRR-SVC-UNAVAILABLE" }, |
7633 | | { 31, "eRR-BAD-INTEGRITY" }, |
7634 | | { 32, "eRR-TKT-EXPIRED" }, |
7635 | | { 33, "eRR-TKT-NYV" }, |
7636 | | { 34, "eRR-REPEAT" }, |
7637 | | { 35, "eRR-NOT-US" }, |
7638 | | { 36, "eRR-BADMATCH" }, |
7639 | | { 37, "eRR-SKEW" }, |
7640 | | { 38, "eRR-BADADDR" }, |
7641 | | { 39, "eRR-BADVERSION" }, |
7642 | | { 40, "eRR-MSG-TYPE" }, |
7643 | | { 41, "eRR-MODIFIED" }, |
7644 | | { 42, "eRR-BADORDER" }, |
7645 | | { 43, "eRR-ILL-CR-TKT" }, |
7646 | | { 44, "eRR-BADKEYVER" }, |
7647 | | { 45, "eRR-NOKEY" }, |
7648 | | { 46, "eRR-MUT-FAIL" }, |
7649 | | { 47, "eRR-BADDIRECTION" }, |
7650 | | { 48, "eRR-METHOD" }, |
7651 | | { 49, "eRR-BADSEQ" }, |
7652 | | { 50, "eRR-INAPP-CKSUM" }, |
7653 | | { 51, "pATH-NOT-ACCEPTED" }, |
7654 | | { 52, "eRR-RESPONSE-TOO-BIG" }, |
7655 | | { 60, "eRR-GENERIC" }, |
7656 | | { 61, "eRR-FIELD-TOOLONG" }, |
7657 | | { 62, "eRROR-CLIENT-NOT-TRUSTED" }, |
7658 | | { 63, "eRROR-KDC-NOT-TRUSTED" }, |
7659 | | { 64, "eRROR-INVALID-SIG" }, |
7660 | | { 65, "eRR-KEY-TOO-WEAK" }, |
7661 | | { 66, "eRR-CERTIFICATE-MISMATCH" }, |
7662 | | { 67, "eRR-NO-TGT" }, |
7663 | | { 68, "eRR-WRONG-REALM" }, |
7664 | | { 69, "eRR-USER-TO-USER-REQUIRED" }, |
7665 | | { 70, "eRR-CANT-VERIFY-CERTIFICATE" }, |
7666 | | { 71, "eRR-INVALID-CERTIFICATE" }, |
7667 | | { 72, "eRR-REVOKED-CERTIFICATE" }, |
7668 | | { 73, "eRR-REVOCATION-STATUS-UNKNOWN" }, |
7669 | | { 74, "eRR-REVOCATION-STATUS-UNAVAILABLE" }, |
7670 | | { 75, "eRR-CLIENT-NAME-MISMATCH" }, |
7671 | | { 76, "eRR-KDC-NAME-MISMATCH" }, |
7672 | | { 85, "eRR-IAKERB-KDC-NOT-FOUND" }, |
7673 | | { 86, "eRR-IAKERB-KDC-NO-RESPONSE" }, |
7674 | | { 91, "eRR-KDC-MORE-PREAUTH-DATA-REQUIRED" }, |
7675 | | { 0, NULL } |
7676 | | }; |
7677 | | |
7678 | | |
7679 | | static int |
7680 | 0 | dissect_kerberos_ERROR_CODE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7681 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
7682 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
7683 | 0 | &private_data->errorcode); |
7684 | | |
7685 | | |
7686 | |
|
7687 | 0 | if (private_data->errorcode) { |
7688 | 0 | col_add_fstr(actx->pinfo->cinfo, COL_INFO, |
7689 | 0 | "KRB Error: %s", |
7690 | 0 | val_to_str(private_data->errorcode, krb5_error_codes, |
7691 | 0 | "Unknown error code %#x")); |
7692 | 0 | } |
7693 | |
|
7694 | 0 | return offset; |
7695 | 0 | } |
7696 | | |
7697 | | |
7698 | | |
7699 | | static int |
7700 | 0 | dissect_kerberos_T_e_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7701 | 0 | offset = dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_T_e_data_octets); |
7702 | | |
7703 | |
|
7704 | 0 | return offset; |
7705 | 0 | } |
7706 | | |
7707 | | |
7708 | | static const ber_sequence_t KRB_ERROR_U_sequence[] = { |
7709 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7710 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7711 | | { &hf_kerberos_ctime , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, |
7712 | | { &hf_kerberos_cusec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, |
7713 | | { &hf_kerberos_stime , BER_CLASS_CON, 4, 0, dissect_kerberos_KerberosTime }, |
7714 | | { &hf_kerberos_susec , BER_CLASS_CON, 5, 0, dissect_kerberos_Microseconds }, |
7715 | | { &hf_kerberos_error_code , BER_CLASS_CON, 6, 0, dissect_kerberos_ERROR_CODE }, |
7716 | | { &hf_kerberos_crealm , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, |
7717 | | { &hf_kerberos_cname , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_CName }, |
7718 | | { &hf_kerberos_realm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm }, |
7719 | | { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName }, |
7720 | | { &hf_kerberos_e_text , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString }, |
7721 | | { &hf_kerberos_e_data , BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_e_data }, |
7722 | | { &hf_kerberos_e_checksum , BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum }, |
7723 | | { NULL, 0, 0, 0, NULL } |
7724 | | }; |
7725 | | |
7726 | | static int |
7727 | 4 | dissect_kerberos_KRB_ERROR_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7728 | 4 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7729 | 4 | KRB_ERROR_U_sequence, hf_index, ett_kerberos_KRB_ERROR_U); |
7730 | | |
7731 | 4 | return offset; |
7732 | 4 | } |
7733 | | |
7734 | | |
7735 | | |
7736 | | static int |
7737 | 4 | dissect_kerberos_KRB_ERROR(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7738 | 4 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
7739 | 4 | hf_index, BER_CLASS_APP, 30, false, dissect_kerberos_KRB_ERROR_U); |
7740 | | |
7741 | 4 | return offset; |
7742 | 4 | } |
7743 | | |
7744 | | |
7745 | | static const ber_choice_t Applications_choice[] = { |
7746 | | { KERBEROS_APPLICATIONS_TICKET, &hf_kerberos_ticket , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket }, |
7747 | | { KERBEROS_APPLICATIONS_AUTHENTICATOR, &hf_kerberos_authenticator, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_kerberos_Authenticator }, |
7748 | | { KERBEROS_APPLICATIONS_ENCTICKETPART, &hf_kerberos_encTicketPart, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTicketPart }, |
7749 | | { KERBEROS_APPLICATIONS_AS_REQ, &hf_kerberos_as_req , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REQ }, |
7750 | | { KERBEROS_APPLICATIONS_AS_REP, &hf_kerberos_as_rep , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REP }, |
7751 | | { KERBEROS_APPLICATIONS_TGS_REQ, &hf_kerberos_tgs_req , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REQ }, |
7752 | | { KERBEROS_APPLICATIONS_TGS_REP, &hf_kerberos_tgs_rep , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REP }, |
7753 | | { KERBEROS_APPLICATIONS_AP_REQ, &hf_kerberos_ap_req , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REQ }, |
7754 | | { KERBEROS_APPLICATIONS_AP_REP, &hf_kerberos_ap_rep , BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REP }, |
7755 | | { KERBEROS_APPLICATIONS_KRB_SAFE, &hf_kerberos_krb_safe , BER_CLASS_APP, 20, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_SAFE }, |
7756 | | { KERBEROS_APPLICATIONS_KRB_PRIV, &hf_kerberos_krb_priv , BER_CLASS_APP, 21, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_PRIV }, |
7757 | | { KERBEROS_APPLICATIONS_KRB_CRED, &hf_kerberos_krb_cred , BER_CLASS_APP, 22, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_CRED }, |
7758 | | { KERBEROS_APPLICATIONS_ENCASREPPART, &hf_kerberos_encASRepPart, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncASRepPart }, |
7759 | | { KERBEROS_APPLICATIONS_ENCTGSREPPART, &hf_kerberos_encTGSRepPart, BER_CLASS_APP, 26, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTGSRepPart }, |
7760 | | { KERBEROS_APPLICATIONS_ENCAPREPPART, &hf_kerberos_encAPRepPart, BER_CLASS_APP, 27, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncAPRepPart }, |
7761 | | { KERBEROS_APPLICATIONS_ENCKRBPRIVPART, &hf_kerberos_encKrbPrivPart, BER_CLASS_APP, 28, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENC_KRB_PRIV_PART }, |
7762 | | { KERBEROS_APPLICATIONS_ENCKRBCREDPART, &hf_kerberos_encKrbCredPart, BER_CLASS_APP, 29, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncKrbCredPart }, |
7763 | | { KERBEROS_APPLICATIONS_KRB_ERROR, &hf_kerberos_krb_error , BER_CLASS_APP, 30, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_ERROR }, |
7764 | | { 0, NULL, 0, 0, 0, NULL } |
7765 | | }; |
7766 | | |
7767 | | static int |
7768 | 320 | dissect_kerberos_Applications(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7769 | 320 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
7770 | 320 | Applications_choice, hf_index, ett_kerberos_Applications, |
7771 | 320 | NULL); |
7772 | | |
7773 | 320 | return offset; |
7774 | 320 | } |
7775 | | |
7776 | | |
7777 | | |
7778 | | static int |
7779 | 0 | dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7780 | | #ifdef HAVE_KERBEROS |
7781 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); |
7782 | | #else |
7783 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
7784 | 0 | NULL); |
7785 | |
|
7786 | 0 | #endif |
7787 | | |
7788 | |
|
7789 | 0 | return offset; |
7790 | 0 | } |
7791 | | |
7792 | | |
7793 | | static const ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = { |
7794 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
7795 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
7796 | | { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher }, |
7797 | | { NULL, 0, 0, 0, NULL } |
7798 | | }; |
7799 | | |
7800 | | static int |
7801 | 0 | dissect_kerberos_PA_ENC_TIMESTAMP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7802 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7803 | 0 | PA_ENC_TIMESTAMP_sequence, hf_index, ett_kerberos_PA_ENC_TIMESTAMP); |
7804 | |
|
7805 | 0 | return offset; |
7806 | 0 | } |
7807 | | |
7808 | | |
7809 | | static const ber_sequence_t ETYPE_INFO_ENTRY_sequence[] = { |
7810 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
7811 | | { &hf_kerberos_info_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, |
7812 | | { NULL, 0, 0, 0, NULL } |
7813 | | }; |
7814 | | |
7815 | | static int |
7816 | 0 | dissect_kerberos_ETYPE_INFO_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7817 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7818 | 0 | ETYPE_INFO_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO_ENTRY); |
7819 | |
|
7820 | 0 | return offset; |
7821 | 0 | } |
7822 | | |
7823 | | |
7824 | | static const ber_sequence_t ETYPE_INFO_sequence_of[1] = { |
7825 | | { &hf_kerberos_ETYPE_INFO_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO_ENTRY }, |
7826 | | }; |
7827 | | |
7828 | | static int |
7829 | 0 | dissect_kerberos_ETYPE_INFO(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7830 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
7831 | 0 | ETYPE_INFO_sequence_of, hf_index, ett_kerberos_ETYPE_INFO); |
7832 | |
|
7833 | 0 | return offset; |
7834 | 0 | } |
7835 | | |
7836 | | |
7837 | | static const ber_sequence_t ETYPE_INFO2_ENTRY_sequence[] = { |
7838 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
7839 | | { &hf_kerberos_info2_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString }, |
7840 | | { &hf_kerberos_s2kparams , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, |
7841 | | { NULL, 0, 0, 0, NULL } |
7842 | | }; |
7843 | | |
7844 | | static int |
7845 | 0 | dissect_kerberos_ETYPE_INFO2_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7846 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7847 | 0 | ETYPE_INFO2_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO2_ENTRY); |
7848 | |
|
7849 | 0 | return offset; |
7850 | 0 | } |
7851 | | |
7852 | | |
7853 | | static const ber_sequence_t ETYPE_INFO2_sequence_of[1] = { |
7854 | | { &hf_kerberos_ETYPE_INFO2_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO2_ENTRY }, |
7855 | | }; |
7856 | | |
7857 | | static int |
7858 | 0 | dissect_kerberos_ETYPE_INFO2(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7859 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
7860 | 0 | ETYPE_INFO2_sequence_of, hf_index, ett_kerberos_ETYPE_INFO2); |
7861 | |
|
7862 | 0 | return offset; |
7863 | 0 | } |
7864 | | |
7865 | | |
7866 | | |
7867 | | static int |
7868 | 0 | dissect_kerberos_AD_IF_RELEVANT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7869 | 0 | offset = dissect_kerberos_AuthorizationData(implicit_tag, tvb, offset, actx, tree, hf_index); |
7870 | |
|
7871 | 0 | return offset; |
7872 | 0 | } |
7873 | | |
7874 | | |
7875 | | static const ber_sequence_t TGT_REQ_sequence[] = { |
7876 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7877 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7878 | | { &hf_kerberos_server_name, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, |
7879 | | { &hf_kerberos_realm , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, |
7880 | | { NULL, 0, 0, 0, NULL } |
7881 | | }; |
7882 | | |
7883 | | int |
7884 | 7 | dissect_kerberos_TGT_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7885 | 7 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7886 | 7 | TGT_REQ_sequence, hf_index, ett_kerberos_TGT_REQ); |
7887 | | |
7888 | 7 | return offset; |
7889 | 7 | } |
7890 | | |
7891 | | |
7892 | | static const ber_sequence_t TGT_REP_sequence[] = { |
7893 | | { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, |
7894 | | { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, |
7895 | | { &hf_kerberos_ticket , BER_CLASS_CON, 2, 0, dissect_kerberos_Ticket }, |
7896 | | { NULL, 0, 0, 0, NULL } |
7897 | | }; |
7898 | | |
7899 | | int |
7900 | 10 | dissect_kerberos_TGT_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7901 | 10 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7902 | 10 | TGT_REP_sequence, hf_index, ett_kerberos_TGT_REP); |
7903 | | |
7904 | 10 | return offset; |
7905 | 10 | } |
7906 | | |
7907 | | |
7908 | | |
7909 | | static int |
7910 | 0 | dissect_kerberos_BOOLEAN(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7911 | 0 | offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); |
7912 | |
|
7913 | 0 | return offset; |
7914 | 0 | } |
7915 | | |
7916 | | |
7917 | | static const ber_sequence_t PA_PAC_REQUEST_sequence[] = { |
7918 | | { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN }, |
7919 | | { NULL, 0, 0, 0, NULL } |
7920 | | }; |
7921 | | |
7922 | | static int |
7923 | 0 | dissect_kerberos_PA_PAC_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7924 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7925 | 0 | PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_PA_PAC_REQUEST); |
7926 | |
|
7927 | 0 | return offset; |
7928 | 0 | } |
7929 | | |
7930 | | |
7931 | | |
7932 | | static int |
7933 | 0 | dissect_kerberos_GeneralString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7934 | 0 | offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, |
7935 | 0 | actx, tree, tvb, offset, hf_index, |
7936 | 0 | NULL); |
7937 | |
|
7938 | 0 | return offset; |
7939 | 0 | } |
7940 | | |
7941 | | |
7942 | | static const ber_sequence_t PA_S4U2Self_sequence[] = { |
7943 | | { &hf_kerberos_name , BER_CLASS_CON, 0, 0, dissect_kerberos_PrincipalName }, |
7944 | | { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm }, |
7945 | | { &hf_kerberos_cksum , BER_CLASS_CON, 2, 0, dissect_kerberos_Checksum }, |
7946 | | { &hf_kerberos_auth , BER_CLASS_CON, 3, 0, dissect_kerberos_GeneralString }, |
7947 | | { NULL, 0, 0, 0, NULL } |
7948 | | }; |
7949 | | |
7950 | | static int |
7951 | 0 | dissect_kerberos_PA_S4U2Self(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7952 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7953 | 0 | PA_S4U2Self_sequence, hf_index, ett_kerberos_PA_S4U2Self); |
7954 | |
|
7955 | 0 | return offset; |
7956 | 0 | } |
7957 | | |
7958 | | |
7959 | | |
7960 | | static int |
7961 | 0 | dissect_kerberos_T_subject_certificate(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7962 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate); |
7963 | | |
7964 | |
|
7965 | 0 | return offset; |
7966 | 0 | } |
7967 | | |
7968 | | |
7969 | | |
7970 | | static int |
7971 | 0 | dissect_kerberos_BIT_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7972 | 0 | offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, |
7973 | 0 | NULL, 0, hf_index, -1, |
7974 | 0 | NULL); |
7975 | |
|
7976 | 0 | return offset; |
7977 | 0 | } |
7978 | | |
7979 | | |
7980 | | static const ber_sequence_t S4UUserID_sequence[] = { |
7981 | | { &hf_kerberos_nonce , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 }, |
7982 | | { &hf_kerberos_cname_01 , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, |
7983 | | { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, |
7984 | | { &hf_kerberos_subject_certificate, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_subject_certificate }, |
7985 | | { &hf_kerberos_options , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_BIT_STRING }, |
7986 | | { NULL, 0, 0, 0, NULL } |
7987 | | }; |
7988 | | |
7989 | | static int |
7990 | 0 | dissect_kerberos_S4UUserID(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
7991 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
7992 | 0 | S4UUserID_sequence, hf_index, ett_kerberos_S4UUserID); |
7993 | |
|
7994 | 0 | return offset; |
7995 | 0 | } |
7996 | | |
7997 | | |
7998 | | static const ber_sequence_t PA_S4U_X509_USER_sequence[] = { |
7999 | | { &hf_kerberos_user_id , BER_CLASS_CON, 0, 0, dissect_kerberos_S4UUserID }, |
8000 | | { &hf_kerberos_checksum_01, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum }, |
8001 | | { NULL, 0, 0, 0, NULL } |
8002 | | }; |
8003 | | |
8004 | | static int |
8005 | 0 | dissect_kerberos_PA_S4U_X509_USER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8006 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8007 | 0 | PA_S4U_X509_USER_sequence, hf_index, ett_kerberos_PA_S4U_X509_USER); |
8008 | |
|
8009 | 0 | return offset; |
8010 | 0 | } |
8011 | | |
8012 | | |
8013 | | static int * const PAC_OPTIONS_FLAGS_bits[] = { |
8014 | | &hf_kerberos_PAC_OPTIONS_FLAGS_claims, |
8015 | | &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware, |
8016 | | &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc, |
8017 | | &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation, |
8018 | | NULL |
8019 | | }; |
8020 | | |
8021 | | static int |
8022 | 0 | dissect_kerberos_PAC_OPTIONS_FLAGS(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8023 | 0 | offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, |
8024 | 0 | PAC_OPTIONS_FLAGS_bits, 4, hf_index, ett_kerberos_PAC_OPTIONS_FLAGS, |
8025 | 0 | NULL); |
8026 | |
|
8027 | 0 | return offset; |
8028 | 0 | } |
8029 | | |
8030 | | |
8031 | | static const ber_sequence_t PA_PAC_OPTIONS_sequence[] = { |
8032 | | { &hf_kerberos_flags_01 , BER_CLASS_CON, 0, 0, dissect_kerberos_PAC_OPTIONS_FLAGS }, |
8033 | | { NULL, 0, 0, 0, NULL } |
8034 | | }; |
8035 | | |
8036 | | static int |
8037 | 0 | dissect_kerberos_PA_PAC_OPTIONS(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8038 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8039 | 0 | PA_PAC_OPTIONS_sequence, hf_index, ett_kerberos_PA_PAC_OPTIONS); |
8040 | |
|
8041 | 0 | return offset; |
8042 | 0 | } |
8043 | | |
8044 | | |
8045 | | static const ber_sequence_t KERB_AD_RESTRICTION_ENTRY_U_sequence[] = { |
8046 | | { &hf_kerberos_restriction_type, BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 }, |
8047 | | { &hf_kerberos_restriction, BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, |
8048 | | { NULL, 0, 0, 0, NULL } |
8049 | | }; |
8050 | | |
8051 | | static int |
8052 | 0 | dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8053 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8054 | 0 | KERB_AD_RESTRICTION_ENTRY_U_sequence, hf_index, ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U); |
8055 | |
|
8056 | 0 | return offset; |
8057 | 0 | } |
8058 | | |
8059 | | |
8060 | | |
8061 | | static int |
8062 | 0 | dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8063 | 0 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
8064 | 0 | hf_index, BER_CLASS_UNI, 16, false, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U); |
8065 | |
|
8066 | 0 | return offset; |
8067 | 0 | } |
8068 | | |
8069 | | |
8070 | | static const ber_sequence_t PA_KERB_KEY_LIST_REQ_sequence_of[1] = { |
8071 | | { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE }, |
8072 | | }; |
8073 | | |
8074 | | static int |
8075 | 0 | dissect_kerberos_PA_KERB_KEY_LIST_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8076 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
8077 | 0 | PA_KERB_KEY_LIST_REQ_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REQ); |
8078 | |
|
8079 | 0 | return offset; |
8080 | 0 | } |
8081 | | |
8082 | | |
8083 | | |
8084 | | static int |
8085 | 0 | dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8086 | 0 | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
8087 | |
|
8088 | 0 | return offset; |
8089 | 0 | } |
8090 | | |
8091 | | |
8092 | | |
8093 | | static int |
8094 | 0 | dissect_kerberos_PA_KERB_KEY_LIST_REP_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8095 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
8096 | 0 | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
8097 | 0 | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
8098 | 0 | private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key; |
8099 | | #ifdef HAVE_KERBEROS |
8100 | | private_data->save_encryption_key_fn = save_encryption_key; |
8101 | | #endif |
8102 | 0 | offset = dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(implicit_tag, tvb, offset, actx, tree, hf_index); |
8103 | |
|
8104 | 0 | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
8105 | 0 | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
8106 | | |
8107 | |
|
8108 | 0 | return offset; |
8109 | 0 | } |
8110 | | |
8111 | | |
8112 | | static const ber_sequence_t PA_KERB_KEY_LIST_REP_sequence_of[1] = { |
8113 | | { &hf_kerberos_kerbKeyListRep_key, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_KERB_KEY_LIST_REP_item }, |
8114 | | }; |
8115 | | |
8116 | | static int |
8117 | 0 | dissect_kerberos_PA_KERB_KEY_LIST_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8118 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
8119 | 0 | PA_KERB_KEY_LIST_REP_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REP); |
8120 | |
|
8121 | 0 | return offset; |
8122 | 0 | } |
8123 | | |
8124 | | |
8125 | | static const value_string kerberos_KRB5_SRP_GROUP_vals[] = { |
8126 | | { 0, "kRB5-SRP-GROUP-INVALID" }, |
8127 | | { 1, "kRB5-SRP-GROUP-RFC5054-4096-PBKDF2-SHA512" }, |
8128 | | { 0, NULL } |
8129 | | }; |
8130 | | |
8131 | | |
8132 | | static int |
8133 | 0 | dissect_kerberos_KRB5_SRP_GROUP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8134 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
8135 | 0 | NULL); |
8136 | |
|
8137 | 0 | return offset; |
8138 | 0 | } |
8139 | | |
8140 | | |
8141 | | static const ber_sequence_t KRB5_SRP_PA_sequence[] = { |
8142 | | { &hf_kerberos_srppa_group, BER_CLASS_CON, 0, 0, dissect_kerberos_KRB5_SRP_GROUP }, |
8143 | | { &hf_kerberos_salt , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, |
8144 | | { &hf_kerberos_iterations , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 }, |
8145 | | { NULL, 0, 0, 0, NULL } |
8146 | | }; |
8147 | | |
8148 | | static int |
8149 | 0 | dissect_kerberos_KRB5_SRP_PA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8150 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8151 | 0 | KRB5_SRP_PA_sequence, hf_index, ett_kerberos_KRB5_SRP_PA); |
8152 | |
|
8153 | 0 | return offset; |
8154 | 0 | } |
8155 | | |
8156 | | |
8157 | | static const ber_sequence_t SET_OF_KRB5_SRP_PA_set_of[1] = { |
8158 | | { &hf_kerberos_groups_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB5_SRP_PA }, |
8159 | | }; |
8160 | | |
8161 | | static int |
8162 | 0 | dissect_kerberos_SET_OF_KRB5_SRP_PA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8163 | 0 | offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, |
8164 | 0 | SET_OF_KRB5_SRP_PA_set_of, hf_index, ett_kerberos_SET_OF_KRB5_SRP_PA); |
8165 | |
|
8166 | 0 | return offset; |
8167 | 0 | } |
8168 | | |
8169 | | |
8170 | | static const ber_sequence_t KRB5_SRP_PA_ANNOUNCE_sequence[] = { |
8171 | | { &hf_kerberos_groups , BER_CLASS_CON, 0, 0, dissect_kerberos_SET_OF_KRB5_SRP_PA }, |
8172 | | { &hf_kerberos_as_req_01 , BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum }, |
8173 | | { NULL, 0, 0, 0, NULL } |
8174 | | }; |
8175 | | |
8176 | | static int |
8177 | 0 | dissect_kerberos_KRB5_SRP_PA_ANNOUNCE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8178 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8179 | 0 | KRB5_SRP_PA_ANNOUNCE_sequence, hf_index, ett_kerberos_KRB5_SRP_PA_ANNOUNCE); |
8180 | |
|
8181 | 0 | return offset; |
8182 | 0 | } |
8183 | | |
8184 | | |
8185 | | static const ber_sequence_t KRB5_SRP_PA_INIT_U_sequence[] = { |
8186 | | { &hf_kerberos_group , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 }, |
8187 | | { &hf_kerberos_a , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, |
8188 | | { NULL, 0, 0, 0, NULL } |
8189 | | }; |
8190 | | |
8191 | | static int |
8192 | 0 | dissect_kerberos_KRB5_SRP_PA_INIT_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8193 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8194 | 0 | KRB5_SRP_PA_INIT_U_sequence, hf_index, ett_kerberos_KRB5_SRP_PA_INIT_U); |
8195 | |
|
8196 | 0 | return offset; |
8197 | 0 | } |
8198 | | |
8199 | | |
8200 | | |
8201 | | static int |
8202 | 0 | dissect_kerberos_KRB5_SRP_PA_INIT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8203 | 0 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
8204 | 0 | hf_index, BER_CLASS_APP, 0, false, dissect_kerberos_KRB5_SRP_PA_INIT_U); |
8205 | |
|
8206 | 0 | return offset; |
8207 | 0 | } |
8208 | | |
8209 | | |
8210 | | |
8211 | | static int |
8212 | 0 | dissect_kerberos_KRB5_SRP_PA_SERVER_CHALLENGE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8213 | 0 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
8214 | 0 | hf_index, BER_CLASS_APP, 1, false, dissect_kerberos_OCTET_STRING); |
8215 | |
|
8216 | 0 | return offset; |
8217 | 0 | } |
8218 | | |
8219 | | |
8220 | | |
8221 | | static int |
8222 | 0 | dissect_kerberos_KRB5_SRP_PA_CLIENT_RESPONSE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8223 | 0 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
8224 | 0 | hf_index, BER_CLASS_APP, 2, false, dissect_kerberos_OCTET_STRING); |
8225 | |
|
8226 | 0 | return offset; |
8227 | 0 | } |
8228 | | |
8229 | | |
8230 | | |
8231 | | static int |
8232 | 0 | dissect_kerberos_KRB5_SRP_PA_SERVER_VERIFIER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8233 | 0 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
8234 | 0 | hf_index, BER_CLASS_APP, 3, false, dissect_kerberos_OCTET_STRING); |
8235 | |
|
8236 | 0 | return offset; |
8237 | 0 | } |
8238 | | |
8239 | | |
8240 | | |
8241 | | static int |
8242 | 0 | dissect_kerberos_UTF8String(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8243 | 0 | offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_UTF8String, |
8244 | 0 | actx, tree, tvb, offset, hf_index, |
8245 | 0 | NULL); |
8246 | |
|
8247 | 0 | return offset; |
8248 | 0 | } |
8249 | | |
8250 | | |
8251 | | static const ber_sequence_t AD_AUTHENTICATION_INDICATOR_sequence_of[1] = { |
8252 | | { &hf_kerberos_AD_AUTHENTICATION_INDICATOR_item, BER_CLASS_UNI, BER_UNI_TAG_UTF8String, BER_FLAGS_NOOWNTAG, dissect_kerberos_UTF8String }, |
8253 | | }; |
8254 | | |
8255 | | static int |
8256 | 0 | dissect_kerberos_AD_AUTHENTICATION_INDICATOR(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8257 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
8258 | 0 | AD_AUTHENTICATION_INDICATOR_sequence_of, hf_index, ett_kerberos_AD_AUTHENTICATION_INDICATOR); |
8259 | |
|
8260 | 0 | return offset; |
8261 | 0 | } |
8262 | | |
8263 | | |
8264 | | static const ber_sequence_t Verifier_MAC_sequence[] = { |
8265 | | { &hf_kerberos_identifier , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, |
8266 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
8267 | | { &hf_kerberos_enctype , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Int32 }, |
8268 | | { &hf_kerberos_mac_01 , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum }, |
8269 | | { NULL, 0, 0, 0, NULL } |
8270 | | }; |
8271 | | |
8272 | | static int |
8273 | 0 | dissect_kerberos_Verifier_MAC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8274 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8275 | 0 | Verifier_MAC_sequence, hf_index, ett_kerberos_Verifier_MAC); |
8276 | |
|
8277 | 0 | return offset; |
8278 | 0 | } |
8279 | | |
8280 | | |
8281 | | static const value_string kerberos_Verifier_vals[] = { |
8282 | | { 0, "mac" }, |
8283 | | { 0, NULL } |
8284 | | }; |
8285 | | |
8286 | | static const ber_choice_t Verifier_choice[] = { |
8287 | | { 0, &hf_kerberos_mac , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_Verifier_MAC }, |
8288 | | { 0, NULL, 0, 0, 0, NULL } |
8289 | | }; |
8290 | | |
8291 | | static int |
8292 | 0 | dissect_kerberos_Verifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8293 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
8294 | 0 | Verifier_choice, hf_index, ett_kerberos_Verifier, |
8295 | 0 | NULL); |
8296 | |
|
8297 | 0 | return offset; |
8298 | 0 | } |
8299 | | |
8300 | | |
8301 | | static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_Verifier_sequence_of[1] = { |
8302 | | { &hf_kerberos_other_verifiers_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_kerberos_Verifier }, |
8303 | | }; |
8304 | | |
8305 | | static int |
8306 | 0 | dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8307 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
8308 | 0 | SEQUENCE_SIZE_1_MAX_OF_Verifier_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier); |
8309 | |
|
8310 | 0 | return offset; |
8311 | 0 | } |
8312 | | |
8313 | | |
8314 | | static const ber_sequence_t AD_CAMMAC_sequence[] = { |
8315 | | { &hf_kerberos_elements , BER_CLASS_CON, 0, 0, dissect_kerberos_AuthorizationData }, |
8316 | | { &hf_kerberos_kdc_verifier, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Verifier_MAC }, |
8317 | | { &hf_kerberos_svc_verifier, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Verifier_MAC }, |
8318 | | { &hf_kerberos_other_verifiers, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier }, |
8319 | | { NULL, 0, 0, 0, NULL } |
8320 | | }; |
8321 | | |
8322 | | static int |
8323 | 0 | dissect_kerberos_AD_CAMMAC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8324 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8325 | 0 | AD_CAMMAC_sequence, hf_index, ett_kerberos_AD_CAMMAC); |
8326 | |
|
8327 | 0 | return offset; |
8328 | 0 | } |
8329 | | |
8330 | | |
8331 | | static const ber_sequence_t ChangePasswdData_sequence[] = { |
8332 | | { &hf_kerberos_newpasswd , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING }, |
8333 | | { &hf_kerberos_targname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, |
8334 | | { &hf_kerberos_targrealm , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, |
8335 | | { NULL, 0, 0, 0, NULL } |
8336 | | }; |
8337 | | |
8338 | | int |
8339 | 0 | dissect_kerberos_ChangePasswdData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8340 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8341 | 0 | ChangePasswdData_sequence, hf_index, ett_kerberos_ChangePasswdData); |
8342 | |
|
8343 | 0 | return offset; |
8344 | 0 | } |
8345 | | |
8346 | | |
8347 | | static const ber_sequence_t PA_AUTHENTICATION_SET_ELEM_sequence[] = { |
8348 | | { &hf_kerberos_pa_type , BER_CLASS_CON, 0, 0, dissect_kerberos_PADATA_TYPE }, |
8349 | | { &hf_kerberos_pa_hint , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, |
8350 | | { &hf_kerberos_pa_value , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, |
8351 | | { NULL, 0, 0, 0, NULL } |
8352 | | }; |
8353 | | |
8354 | | static int |
8355 | 0 | dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8356 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8357 | 0 | PA_AUTHENTICATION_SET_ELEM_sequence, hf_index, ett_kerberos_PA_AUTHENTICATION_SET_ELEM); |
8358 | |
|
8359 | 0 | return offset; |
8360 | 0 | } |
8361 | | |
8362 | | |
8363 | | static const value_string kerberos_KrbFastArmorTypes_vals[] = { |
8364 | | { KERBEROS_FX_FAST_RESERVED, "fX-FAST-reserved" }, |
8365 | | { KERBEROS_FX_FAST_ARMOR_AP_REQUEST, "fX-FAST-ARMOR-AP-REQUEST" }, |
8366 | | { 0, NULL } |
8367 | | }; |
8368 | | |
8369 | | |
8370 | | static int |
8371 | 0 | dissect_kerberos_KrbFastArmorTypes(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8372 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
8373 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
8374 | 0 | &(private_data->fast_type)); |
8375 | | |
8376 | | |
8377 | |
|
8378 | 0 | return offset; |
8379 | 0 | } |
8380 | | |
8381 | | |
8382 | | |
8383 | | static int |
8384 | 0 | dissect_kerberos_T_armor_value(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8385 | 0 | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
8386 | |
|
8387 | 0 | switch(private_data->fast_type){ |
8388 | 0 | case KERBEROS_FX_FAST_ARMOR_AP_REQUEST: |
8389 | 0 | private_data->fast_armor_within_armor_value++; |
8390 | 0 | offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications); |
8391 | 0 | private_data->fast_armor_within_armor_value--; |
8392 | 0 | break; |
8393 | 0 | default: |
8394 | 0 | offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); |
8395 | 0 | break; |
8396 | 0 | } |
8397 | | |
8398 | | |
8399 | 0 | return offset; |
8400 | 0 | } |
8401 | | |
8402 | | |
8403 | | static const ber_sequence_t KrbFastArmor_sequence[] = { |
8404 | | { &hf_kerberos_armor_type , BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmorTypes }, |
8405 | | { &hf_kerberos_armor_value, BER_CLASS_CON, 1, 0, dissect_kerberos_T_armor_value }, |
8406 | | { NULL, 0, 0, 0, NULL } |
8407 | | }; |
8408 | | |
8409 | | static int |
8410 | 0 | dissect_kerberos_KrbFastArmor(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8411 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8412 | 0 | KrbFastArmor_sequence, hf_index, ett_kerberos_KrbFastArmor); |
8413 | |
|
8414 | 0 | return offset; |
8415 | 0 | } |
8416 | | |
8417 | | |
8418 | | |
8419 | | static int |
8420 | 0 | dissect_kerberos_T_encryptedKrbFastReq_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8421 | | #ifdef HAVE_KERBEROS |
8422 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq); |
8423 | | #else |
8424 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
8425 | 0 | NULL); |
8426 | |
|
8427 | 0 | #endif |
8428 | | |
8429 | |
|
8430 | 0 | return offset; |
8431 | 0 | } |
8432 | | |
8433 | | |
8434 | | static const ber_sequence_t EncryptedKrbFastReq_sequence[] = { |
8435 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
8436 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
8437 | | { &hf_kerberos_encryptedKrbFastReq_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastReq_cipher }, |
8438 | | { NULL, 0, 0, 0, NULL } |
8439 | | }; |
8440 | | |
8441 | | static int |
8442 | 0 | dissect_kerberos_EncryptedKrbFastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8443 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8444 | 0 | EncryptedKrbFastReq_sequence, hf_index, ett_kerberos_EncryptedKrbFastReq); |
8445 | |
|
8446 | 0 | return offset; |
8447 | 0 | } |
8448 | | |
8449 | | |
8450 | | static const ber_sequence_t KrbFastArmoredReq_sequence[] = { |
8451 | | { &hf_kerberos_armor , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastArmor }, |
8452 | | { &hf_kerberos_req_checksum, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum }, |
8453 | | { &hf_kerberos_enc_fast_req, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedKrbFastReq }, |
8454 | | { NULL, 0, 0, 0, NULL } |
8455 | | }; |
8456 | | |
8457 | | static int |
8458 | 0 | dissect_kerberos_KrbFastArmoredReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8459 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8460 | 0 | KrbFastArmoredReq_sequence, hf_index, ett_kerberos_KrbFastArmoredReq); |
8461 | |
|
8462 | 0 | return offset; |
8463 | 0 | } |
8464 | | |
8465 | | |
8466 | | static const ber_choice_t PA_FX_FAST_REQUEST_choice[] = { |
8467 | | { 0, &hf_kerberos_armored_data_request, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredReq }, |
8468 | | { 0, NULL, 0, 0, 0, NULL } |
8469 | | }; |
8470 | | |
8471 | | static int |
8472 | 0 | dissect_kerberos_PA_FX_FAST_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8473 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
8474 | 0 | PA_FX_FAST_REQUEST_choice, hf_index, ett_kerberos_PA_FX_FAST_REQUEST, |
8475 | 0 | NULL); |
8476 | |
|
8477 | 0 | return offset; |
8478 | 0 | } |
8479 | | |
8480 | | |
8481 | | |
8482 | | static int |
8483 | 0 | dissect_kerberos_T_encryptedKrbFastResponse_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8484 | | #ifdef HAVE_KERBEROS |
8485 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse); |
8486 | | #else |
8487 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
8488 | 0 | NULL); |
8489 | |
|
8490 | 0 | #endif |
8491 | | |
8492 | |
|
8493 | 0 | return offset; |
8494 | 0 | } |
8495 | | |
8496 | | |
8497 | | static const ber_sequence_t EncryptedKrbFastResponse_sequence[] = { |
8498 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
8499 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
8500 | | { &hf_kerberos_encryptedKrbFastResponse_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastResponse_cipher }, |
8501 | | { NULL, 0, 0, 0, NULL } |
8502 | | }; |
8503 | | |
8504 | | static int |
8505 | 0 | dissect_kerberos_EncryptedKrbFastResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8506 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8507 | 0 | EncryptedKrbFastResponse_sequence, hf_index, ett_kerberos_EncryptedKrbFastResponse); |
8508 | |
|
8509 | 0 | return offset; |
8510 | 0 | } |
8511 | | |
8512 | | |
8513 | | static const ber_sequence_t KrbFastArmoredRep_sequence[] = { |
8514 | | { &hf_kerberos_enc_fast_rep, BER_CLASS_CON, 0, 0, dissect_kerberos_EncryptedKrbFastResponse }, |
8515 | | { NULL, 0, 0, 0, NULL } |
8516 | | }; |
8517 | | |
8518 | | static int |
8519 | 0 | dissect_kerberos_KrbFastArmoredRep(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8520 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8521 | 0 | KrbFastArmoredRep_sequence, hf_index, ett_kerberos_KrbFastArmoredRep); |
8522 | |
|
8523 | 0 | return offset; |
8524 | 0 | } |
8525 | | |
8526 | | |
8527 | | static const ber_choice_t PA_FX_FAST_REPLY_choice[] = { |
8528 | | { 0, &hf_kerberos_armored_data_reply, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredRep }, |
8529 | | { 0, NULL, 0, 0, 0, NULL } |
8530 | | }; |
8531 | | |
8532 | | static int |
8533 | 0 | dissect_kerberos_PA_FX_FAST_REPLY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8534 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
8535 | 0 | PA_FX_FAST_REPLY_choice, hf_index, ett_kerberos_PA_FX_FAST_REPLY, |
8536 | 0 | NULL); |
8537 | |
|
8538 | 0 | return offset; |
8539 | 0 | } |
8540 | | |
8541 | | |
8542 | | |
8543 | | static int |
8544 | 0 | dissect_kerberos_T_encryptedChallenge_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8545 | | #ifdef HAVE_KERBEROS |
8546 | | offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge); |
8547 | | #else |
8548 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
8549 | 0 | NULL); |
8550 | |
|
8551 | 0 | #endif |
8552 | | |
8553 | |
|
8554 | 0 | return offset; |
8555 | 0 | } |
8556 | | |
8557 | | |
8558 | | static const ber_sequence_t EncryptedChallenge_sequence[] = { |
8559 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
8560 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
8561 | | { &hf_kerberos_encryptedChallenge_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedChallenge_cipher }, |
8562 | | { NULL, 0, 0, 0, NULL } |
8563 | | }; |
8564 | | |
8565 | | static int |
8566 | 0 | dissect_kerberos_EncryptedChallenge(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8567 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8568 | 0 | EncryptedChallenge_sequence, hf_index, ett_kerberos_EncryptedChallenge); |
8569 | |
|
8570 | 0 | return offset; |
8571 | 0 | } |
8572 | | |
8573 | | |
8574 | | static const ber_sequence_t EncryptedSpakeData_sequence[] = { |
8575 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
8576 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
8577 | | { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING }, |
8578 | | { NULL, 0, 0, 0, NULL } |
8579 | | }; |
8580 | | |
8581 | | static int |
8582 | 0 | dissect_kerberos_EncryptedSpakeData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8583 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8584 | 0 | EncryptedSpakeData_sequence, hf_index, ett_kerberos_EncryptedSpakeData); |
8585 | |
|
8586 | 0 | return offset; |
8587 | 0 | } |
8588 | | |
8589 | | |
8590 | | static const ber_sequence_t EncryptedSpakeResponseData_sequence[] = { |
8591 | | { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, |
8592 | | { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, |
8593 | | { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING }, |
8594 | | { NULL, 0, 0, 0, NULL } |
8595 | | }; |
8596 | | |
8597 | | static int |
8598 | 0 | dissect_kerberos_EncryptedSpakeResponseData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8599 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8600 | 0 | EncryptedSpakeResponseData_sequence, hf_index, ett_kerberos_EncryptedSpakeResponseData); |
8601 | |
|
8602 | 0 | return offset; |
8603 | 0 | } |
8604 | | |
8605 | | |
8606 | | static const value_string kerberos_SPAKEGroup_vals[] = { |
8607 | | { 1, "sPAKEGroup-edwards25519" }, |
8608 | | { 2, "sPAKEGroup-P-256" }, |
8609 | | { 3, "sPAKEGroup-P-384" }, |
8610 | | { 4, "sPAKEGroup-P-521" }, |
8611 | | { 0, NULL } |
8612 | | }; |
8613 | | |
8614 | | |
8615 | | static int |
8616 | 0 | dissect_kerberos_SPAKEGroup(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8617 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
8618 | 0 | NULL); |
8619 | |
|
8620 | 0 | return offset; |
8621 | 0 | } |
8622 | | |
8623 | | |
8624 | | static const value_string kerberos_SPAKESecondFactorType_vals[] = { |
8625 | | { 1, "sPAKESecondFactor-SF-NONE" }, |
8626 | | { 0, NULL } |
8627 | | }; |
8628 | | |
8629 | | |
8630 | | static int |
8631 | 0 | dissect_kerberos_SPAKESecondFactorType(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8632 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
8633 | 0 | NULL); |
8634 | |
|
8635 | 0 | return offset; |
8636 | 0 | } |
8637 | | |
8638 | | |
8639 | | static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of[1] = { |
8640 | | { &hf_kerberos_groups_item_01, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKEGroup }, |
8641 | | }; |
8642 | | |
8643 | | static int |
8644 | 0 | dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8645 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
8646 | 0 | SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup); |
8647 | |
|
8648 | 0 | return offset; |
8649 | 0 | } |
8650 | | |
8651 | | |
8652 | | static const ber_sequence_t SPAKESupport_sequence[] = { |
8653 | | { &hf_kerberos_groups_01 , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup }, |
8654 | | { NULL, 0, 0, 0, NULL } |
8655 | | }; |
8656 | | |
8657 | | static int |
8658 | 0 | dissect_kerberos_SPAKESupport(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8659 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8660 | 0 | SPAKESupport_sequence, hf_index, ett_kerberos_SPAKESupport); |
8661 | |
|
8662 | 0 | return offset; |
8663 | 0 | } |
8664 | | |
8665 | | |
8666 | | static const ber_sequence_t SPAKESecondFactor_sequence[] = { |
8667 | | { &hf_kerberos_type , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESecondFactorType }, |
8668 | | { &hf_kerberos_data , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, |
8669 | | { NULL, 0, 0, 0, NULL } |
8670 | | }; |
8671 | | |
8672 | | static int |
8673 | 0 | dissect_kerberos_SPAKESecondFactor(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8674 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8675 | 0 | SPAKESecondFactor_sequence, hf_index, ett_kerberos_SPAKESecondFactor); |
8676 | |
|
8677 | 0 | return offset; |
8678 | 0 | } |
8679 | | |
8680 | | |
8681 | | static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of[1] = { |
8682 | | { &hf_kerberos_factors_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKESecondFactor }, |
8683 | | }; |
8684 | | |
8685 | | static int |
8686 | 0 | dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8687 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
8688 | 0 | SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor); |
8689 | |
|
8690 | 0 | return offset; |
8691 | 0 | } |
8692 | | |
8693 | | |
8694 | | static const ber_sequence_t SPAKEChallenge_sequence[] = { |
8695 | | { &hf_kerberos_spake_group, BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKEGroup }, |
8696 | | { &hf_kerberos_pubkey , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, |
8697 | | { &hf_kerberos_factors , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor }, |
8698 | | { NULL, 0, 0, 0, NULL } |
8699 | | }; |
8700 | | |
8701 | | static int |
8702 | 0 | dissect_kerberos_SPAKEChallenge(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8703 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8704 | 0 | SPAKEChallenge_sequence, hf_index, ett_kerberos_SPAKEChallenge); |
8705 | |
|
8706 | 0 | return offset; |
8707 | 0 | } |
8708 | | |
8709 | | |
8710 | | static const ber_sequence_t SPAKEResponse_sequence[] = { |
8711 | | { &hf_kerberos_pubkey , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING }, |
8712 | | { &hf_kerberos_factor , BER_CLASS_CON, 1, 0, dissect_kerberos_EncryptedSpakeResponseData }, |
8713 | | { NULL, 0, 0, 0, NULL } |
8714 | | }; |
8715 | | |
8716 | | static int |
8717 | 0 | dissect_kerberos_SPAKEResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8718 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8719 | 0 | SPAKEResponse_sequence, hf_index, ett_kerberos_SPAKEResponse); |
8720 | |
|
8721 | 0 | return offset; |
8722 | 0 | } |
8723 | | |
8724 | | |
8725 | | static const value_string kerberos_PA_SPAKE_vals[] = { |
8726 | | { 0, "support" }, |
8727 | | { 1, "challenge" }, |
8728 | | { 2, "response" }, |
8729 | | { 3, "encdata" }, |
8730 | | { 0, NULL } |
8731 | | }; |
8732 | | |
8733 | | static const ber_choice_t PA_SPAKE_choice[] = { |
8734 | | { 0, &hf_kerberos_support , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESupport }, |
8735 | | { 1, &hf_kerberos_challenge , BER_CLASS_CON, 1, 0, dissect_kerberos_SPAKEChallenge }, |
8736 | | { 2, &hf_kerberos_response , BER_CLASS_CON, 2, 0, dissect_kerberos_SPAKEResponse }, |
8737 | | { 3, &hf_kerberos_encdata , BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedSpakeData }, |
8738 | | { 0, NULL, 0, 0, 0, NULL } |
8739 | | }; |
8740 | | |
8741 | | static int |
8742 | 0 | dissect_kerberos_PA_SPAKE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8743 | 0 | kerberos_private_data_t* private_data = kerberos_get_private_data(actx); |
8744 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
8745 | 0 | PA_SPAKE_choice, hf_index, ett_kerberos_PA_SPAKE, |
8746 | 0 | &(private_data->padata_type)); |
8747 | | |
8748 | |
|
8749 | 0 | if(tree){ |
8750 | 0 | proto_item_append_text(tree, " %s", |
8751 | 0 | val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals, |
8752 | 0 | "Unknown:%d")); |
8753 | 0 | } |
8754 | 0 | return offset; |
8755 | 0 | } |
8756 | | |
8757 | | |
8758 | | #ifdef HAVE_KERBEROS |
8759 | | static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = { |
8760 | | { &hf_krb_patimestamp, BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime }, |
8761 | | { &hf_krb_pausec , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, |
8762 | | { NULL, 0, 0, 0, NULL } |
8763 | | }; |
8764 | | |
8765 | | static int |
8766 | | dissect_kerberos_PA_ENC_TS_ENC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8767 | | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8768 | | PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc); |
8769 | | return offset; |
8770 | | } |
8771 | | |
8772 | | static int |
8773 | | dissect_kerberos_T_strengthen_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8774 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
8775 | | int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; |
8776 | | kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; |
8777 | | private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse; |
8778 | | #ifdef HAVE_KERBEROS |
8779 | | private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key; |
8780 | | #endif |
8781 | | offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); |
8782 | | |
8783 | | private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; |
8784 | | private_data->save_encryption_key_fn = saved_encryption_key_fn; |
8785 | | return offset; |
8786 | | } |
8787 | | |
8788 | | static const ber_sequence_t KrbFastFinished_sequence[] = { |
8789 | | { &hf_kerberos_timestamp , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime }, |
8790 | | { &hf_kerberos_usec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds }, |
8791 | | { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, |
8792 | | { &hf_kerberos_cname_01 , BER_CLASS_CON, 3, 0, dissect_kerberos_PrincipalName }, |
8793 | | { &hf_kerberos_ticket_checksum, BER_CLASS_CON, 4, 0, dissect_kerberos_Checksum }, |
8794 | | { NULL, 0, 0, 0, NULL } |
8795 | | }; |
8796 | | |
8797 | | static int |
8798 | | dissect_kerberos_KrbFastFinished(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8799 | | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8800 | | KrbFastFinished_sequence, hf_index, ett_kerberos_KrbFastFinished); |
8801 | | |
8802 | | return offset; |
8803 | | } |
8804 | | |
8805 | | static const ber_sequence_t KrbFastResponse_sequence[] = { |
8806 | | { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 0, 0, dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA }, |
8807 | | { &hf_kerberos_strengthen_key, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_T_strengthen_key }, |
8808 | | { &hf_kerberos_finished , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastFinished }, |
8809 | | { &hf_kerberos_nonce , BER_CLASS_CON, 3, 0, dissect_kerberos_UInt32 }, |
8810 | | { NULL, 0, 0, 0, NULL } |
8811 | | }; |
8812 | | |
8813 | | static int |
8814 | | dissect_kerberos_KrbFastResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8815 | | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8816 | | KrbFastResponse_sequence, hf_index, ett_kerberos_KrbFastResponse); |
8817 | | |
8818 | | return offset; |
8819 | | } |
8820 | | |
8821 | | static const ber_sequence_t KrbFastReq_sequence[] = { |
8822 | | { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions }, |
8823 | | { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 1, 0, dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA }, |
8824 | | { &hf_kerberos_req_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY }, |
8825 | | { NULL, 0, 0, 0, NULL } |
8826 | | }; |
8827 | | |
8828 | | static int |
8829 | | dissect_kerberos_KrbFastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8830 | | kerberos_private_data_t *private_data = kerberos_get_private_data(actx); |
8831 | | struct _kerberos_PA_FX_FAST_REQUEST saved_stack = private_data->PA_FX_FAST_REQUEST; |
8832 | | private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = false, }; |
8833 | | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
8834 | | KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq); |
8835 | | private_data->PA_FX_FAST_REQUEST = saved_stack; |
8836 | | |
8837 | | return offset; |
8838 | | } |
8839 | | |
8840 | | static int * const FastOptions_bits[] = { |
8841 | | &hf_kerberos_FastOptions_reserved, |
8842 | | &hf_kerberos_FastOptions_hide_client_names, |
8843 | | &hf_kerberos_FastOptions_spare_bit2, |
8844 | | &hf_kerberos_FastOptions_spare_bit3, |
8845 | | &hf_kerberos_FastOptions_spare_bit4, |
8846 | | &hf_kerberos_FastOptions_spare_bit5, |
8847 | | &hf_kerberos_FastOptions_spare_bit6, |
8848 | | &hf_kerberos_FastOptions_spare_bit7, |
8849 | | &hf_kerberos_FastOptions_spare_bit8, |
8850 | | &hf_kerberos_FastOptions_spare_bit9, |
8851 | | &hf_kerberos_FastOptions_spare_bit10, |
8852 | | &hf_kerberos_FastOptions_spare_bit11, |
8853 | | &hf_kerberos_FastOptions_spare_bit12, |
8854 | | &hf_kerberos_FastOptions_spare_bit13, |
8855 | | &hf_kerberos_FastOptions_spare_bit14, |
8856 | | &hf_kerberos_FastOptions_spare_bit15, |
8857 | | &hf_kerberos_FastOptions_kdc_follow_referrals, |
8858 | | NULL |
8859 | | }; |
8860 | | |
8861 | | static int |
8862 | | dissect_kerberos_FastOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
8863 | | offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, |
8864 | | FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions, |
8865 | | NULL); |
8866 | | |
8867 | | return offset; |
8868 | | } |
8869 | | |
8870 | | #endif /* HAVE_KERBEROS */ |
8871 | | |
8872 | | /* Make wrappers around exported functions for now */ |
8873 | | int |
8874 | | dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
8875 | 0 | { |
8876 | 0 | return dissect_kerberos_Checksum(false, tvb, offset, actx, tree, hf_kerberos_cksum); |
8877 | |
|
8878 | 0 | } |
8879 | | |
8880 | | int |
8881 | | dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
8882 | 0 | { |
8883 | 0 | return dissect_kerberos_KerberosTime(false, tvb, offset, actx, tree, hf_kerberos_ctime); |
8884 | 0 | } |
8885 | | |
8886 | | |
8887 | | int |
8888 | | dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
8889 | 0 | { |
8890 | 0 | return dissect_kerberos_PrincipalName(false, tvb, offset, actx, tree, hf_kerberos_cname); |
8891 | 0 | } |
8892 | | int |
8893 | | dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) |
8894 | 0 | { |
8895 | 0 | return dissect_kerberos_Realm(false, tvb, offset, actx, tree, hf_kerberos_realm); |
8896 | 0 | } |
8897 | | |
8898 | | struct kerberos_display_key_state { |
8899 | | proto_tree *tree; |
8900 | | packet_info *pinfo; |
8901 | | expert_field *expindex; |
8902 | | const char *name; |
8903 | | tvbuff_t *tvb; |
8904 | | int start; |
8905 | | int length; |
8906 | | }; |
8907 | | |
8908 | | static void |
8909 | | #ifdef HAVE_KERBEROS |
8910 | | kerberos_display_key(void *data, void *userdata) |
8911 | | #else |
8912 | | kerberos_display_key(void *data _U_, void *userdata _U_) |
8913 | | #endif |
8914 | 0 | { |
8915 | | #ifdef HAVE_KERBEROS |
8916 | | struct kerberos_display_key_state *state = |
8917 | | (struct kerberos_display_key_state *)userdata; |
8918 | | const enc_key_t *ek = (const enc_key_t *)data; |
8919 | | proto_item *item = NULL; |
8920 | | enc_key_t *sek = NULL; |
8921 | | |
8922 | | item = proto_tree_add_expert_format(state->tree, |
8923 | | state->pinfo, |
8924 | | state->expindex, |
8925 | | state->tvb, |
8926 | | state->start, |
8927 | | state->length, |
8928 | | "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
8929 | | state->name, |
8930 | | ek->key_origin, ek->keytype, |
8931 | | ek->id_str, ek->num_same, |
8932 | | ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF, |
8933 | | ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF); |
8934 | | if (ek->src1 != NULL) { |
8935 | | sek = ek->src1; |
8936 | | expert_add_info_format(state->pinfo, |
8937 | | item, |
8938 | | state->expindex, |
8939 | | "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
8940 | | sek->key_origin, sek->keytype, |
8941 | | sek->id_str, sek->num_same, |
8942 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
8943 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
8944 | | } |
8945 | | if (ek->src2 != NULL) { |
8946 | | sek = ek->src2; |
8947 | | expert_add_info_format(state->pinfo, |
8948 | | item, |
8949 | | state->expindex, |
8950 | | "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
8951 | | sek->key_origin, sek->keytype, |
8952 | | sek->id_str, sek->num_same, |
8953 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
8954 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
8955 | | } |
8956 | | sek = ek->same_list; |
8957 | | while (sek != NULL) { |
8958 | | expert_add_info_format(state->pinfo, |
8959 | | item, |
8960 | | state->expindex, |
8961 | | "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", |
8962 | | state->name, |
8963 | | sek->key_origin, sek->keytype, |
8964 | | sek->id_str, sek->num_same, |
8965 | | sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, |
8966 | | sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); |
8967 | | sek = sek->same_list; |
8968 | | } |
8969 | | #endif /* HAVE_KERBEROS */ |
8970 | 0 | } |
8971 | | |
8972 | | static const value_string KERB_LOGON_SUBMIT_TYPE[] = { |
8973 | | { 2, "KerbInteractiveLogon" }, |
8974 | | { 6, "KerbSmartCardLogon" }, |
8975 | | { 7, "KerbWorkstationUnlockLogon" }, |
8976 | | { 8, "KerbSmartCardUnlockLogon" }, |
8977 | | { 9, "KerbProxyLogon" }, |
8978 | | { 10, "KerbTicketLogon" }, |
8979 | | { 11, "KerbTicketUnlockLogon" }, |
8980 | | { 12, "KerbS4ULogon" }, |
8981 | | { 13, "KerbCertificateLogon" }, |
8982 | | { 14, "KerbCertificateS4ULogon" }, |
8983 | | { 15, "KerbCertificateUnlockLogon" }, |
8984 | | { 0, NULL } |
8985 | | }; |
8986 | | |
8987 | | |
8988 | 14 | #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 |
8989 | 14 | #define KERB_LOGON_FLAG_REDIRECTED 0x2 |
8990 | | |
8991 | | static int* const ktl_flags_bits[] = { |
8992 | | &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET, |
8993 | | &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED, |
8994 | | NULL |
8995 | | }; |
8996 | | |
8997 | | int |
8998 | | dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree) |
8999 | 0 | { |
9000 | 0 | proto_item *item; |
9001 | 0 | proto_tree *subtree; |
9002 | 0 | uint32_t ServiceTicketLength; |
9003 | 0 | uint32_t TicketGrantingTicketLength; |
9004 | 0 | int orig_offset; |
9005 | |
|
9006 | 0 | if (tvb_captured_length(tvb) < 32) |
9007 | 0 | return offset; |
9008 | | |
9009 | 0 | item = proto_tree_add_item(tree, hf_kerberos_KERB_TICKET_LOGON, tvb, offset, -1, ENC_NA); |
9010 | 0 | subtree = proto_item_add_subtree(item, ett_kerberos_KERB_TICKET_LOGON); |
9011 | |
|
9012 | 0 | proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_MessageType, tvb, offset, 4, |
9013 | 0 | ENC_LITTLE_ENDIAN); |
9014 | 0 | offset+=4; |
9015 | |
|
9016 | 0 | proto_tree_add_bitmask(subtree, tvb, offset, hf_kerberos_KERB_TICKET_LOGON_Flags, |
9017 | 0 | ett_kerberos, ktl_flags_bits, ENC_LITTLE_ENDIAN); |
9018 | 0 | offset+=4; |
9019 | |
|
9020 | 0 | ServiceTicketLength = tvb_get_letohl(tvb, offset); |
9021 | 0 | proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength, tvb, |
9022 | 0 | offset, 4, ENC_LITTLE_ENDIAN); |
9023 | 0 | offset+=4; |
9024 | |
|
9025 | 0 | TicketGrantingTicketLength = tvb_get_letohl(tvb, offset); |
9026 | 0 | proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength, |
9027 | 0 | tvb, offset, 4, ENC_LITTLE_ENDIAN); |
9028 | 0 | offset+=4; |
9029 | | |
9030 | | /* Skip two PUCHAR of ServiceTicket and TicketGrantingTicket */ |
9031 | 0 | offset+=16; |
9032 | |
|
9033 | 0 | if (ServiceTicketLength == 0) |
9034 | 0 | return offset; |
9035 | | |
9036 | 0 | orig_offset = offset; |
9037 | 0 | offset = dissect_kerberos_Ticket(false, tvb, offset, actx, subtree, |
9038 | 0 | hf_kerberos_KERB_TICKET_LOGON_ServiceTicket); |
9039 | |
|
9040 | 0 | if ((unsigned)(offset-orig_offset) != ServiceTicketLength) |
9041 | 0 | return offset; |
9042 | | |
9043 | 0 | if (TicketGrantingTicketLength == 0) |
9044 | 0 | return offset; |
9045 | | |
9046 | 0 | offset = dissect_kerberos_KRB_CRED(false, tvb, offset, actx, subtree, |
9047 | 0 | hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket); |
9048 | |
|
9049 | 0 | if ((unsigned)(offset-orig_offset) != ServiceTicketLength + TicketGrantingTicketLength) |
9050 | 0 | return offset; |
9051 | | |
9052 | 0 | return offset; |
9053 | 0 | } |
9054 | | |
9055 | | static int |
9056 | | dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
9057 | | bool dci, bool do_col_protocol, bool have_rm, |
9058 | | kerberos_callbacks *cb) |
9059 | 389 | { |
9060 | 389 | volatile int offset = 0; |
9061 | 389 | proto_tree *volatile kerberos_tree = NULL; |
9062 | 389 | proto_item *volatile item = NULL; |
9063 | 389 | kerberos_private_data_t *private_data = NULL; |
9064 | 389 | asn1_ctx_t asn1_ctx; |
9065 | | |
9066 | | /* TCP record mark and length */ |
9067 | 389 | uint32_t krb_rm = 0; |
9068 | 389 | int krb_reclen = 0; |
9069 | | |
9070 | 389 | gbl_do_col_info=dci; |
9071 | | |
9072 | 389 | if (have_rm) { |
9073 | 233 | krb_rm = tvb_get_ntohl(tvb, offset); |
9074 | 233 | krb_reclen = kerberos_rm_to_reclen(krb_rm); |
9075 | | /* |
9076 | | * What is a reasonable size limit? |
9077 | | */ |
9078 | 233 | if (krb_reclen > 10 * 1024 * 1024) { |
9079 | 8 | return (-1); |
9080 | 8 | } |
9081 | | |
9082 | 225 | if (do_col_protocol) { |
9083 | 225 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); |
9084 | 225 | } |
9085 | | |
9086 | 225 | if (tree) { |
9087 | 225 | item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA); |
9088 | 225 | kerberos_tree = proto_item_add_subtree(item, ett_kerberos); |
9089 | 225 | } |
9090 | | |
9091 | 225 | show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm); |
9092 | 225 | offset += 4; |
9093 | 225 | } else { |
9094 | | /* Do some sanity checking here, |
9095 | | * All krb5 packets start with a TAG class that is BER_CLASS_APP |
9096 | | * and a tag value that is either of the values below: |
9097 | | * If it doesn't look like kerberos, return 0 and let someone else have |
9098 | | * a go at it. |
9099 | | */ |
9100 | 156 | int8_t tmp_class; |
9101 | 156 | bool tmp_pc; |
9102 | 156 | int32_t tmp_tag; |
9103 | | |
9104 | 156 | get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag); |
9105 | 156 | if(tmp_class!=BER_CLASS_APP){ |
9106 | 43 | return 0; |
9107 | 43 | } |
9108 | 113 | switch(tmp_tag){ |
9109 | 12 | case KRB5_MSG_TICKET: |
9110 | 15 | case KRB5_MSG_AUTHENTICATOR: |
9111 | 28 | case KRB5_MSG_ENC_TICKET_PART: |
9112 | 33 | case KRB5_MSG_AS_REQ: |
9113 | 35 | case KRB5_MSG_AS_REP: |
9114 | 40 | case KRB5_MSG_TGS_REQ: |
9115 | 44 | case KRB5_MSG_TGS_REP: |
9116 | 47 | case KRB5_MSG_AP_REQ: |
9117 | 48 | case KRB5_MSG_AP_REP: |
9118 | 53 | case KRB5_MSG_ENC_AS_REP_PART: |
9119 | 57 | case KRB5_MSG_ENC_TGS_REP_PART: |
9120 | 67 | case KRB5_MSG_ENC_AP_REP_PART: |
9121 | 76 | case KRB5_MSG_ENC_KRB_PRIV_PART: |
9122 | 84 | case KRB5_MSG_ENC_KRB_CRED_PART: |
9123 | 90 | case KRB5_MSG_SAFE: |
9124 | 92 | case KRB5_MSG_PRIV: |
9125 | 95 | case KRB5_MSG_ERROR: |
9126 | 95 | break; |
9127 | 13 | default: |
9128 | 13 | return 0; |
9129 | 113 | } |
9130 | 95 | if (do_col_protocol) { |
9131 | 27 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); |
9132 | 27 | } |
9133 | 95 | if (gbl_do_col_info) { |
9134 | 27 | col_clear(pinfo->cinfo, COL_INFO); |
9135 | 27 | } |
9136 | 95 | if (tree) { |
9137 | 95 | item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA); |
9138 | 95 | kerberos_tree = proto_item_add_subtree(item, ett_kerberos); |
9139 | 95 | } |
9140 | 95 | } |
9141 | 320 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
9142 | 320 | asn1_ctx.private_data = NULL; |
9143 | 320 | private_data = kerberos_get_private_data(&asn1_ctx); |
9144 | 320 | private_data->callbacks = cb; |
9145 | | |
9146 | 320 | TRY { |
9147 | 320 | offset=dissect_kerberos_Applications(false, tvb, offset, &asn1_ctx , kerberos_tree, /* hf_index */ -1); |
9148 | 320 | } CATCH_BOUNDS_ERRORS { |
9149 | 97 | RETHROW; |
9150 | 223 | } ENDTRY; |
9151 | | |
9152 | 223 | if (private_data->frame_rep != UINT32_MAX) { |
9153 | 0 | proto_item *tmp_item; |
9154 | |
|
9155 | 0 | tmp_item = proto_tree_add_uint(kerberos_tree, hf_krb_response_in, tvb, 0, 0, private_data->frame_rep); |
9156 | 0 | proto_item_set_generated(tmp_item); |
9157 | 0 | } |
9158 | | |
9159 | 223 | if (private_data->frame_req != UINT32_MAX) { |
9160 | 0 | proto_item *tmp_item; |
9161 | 0 | nstime_t t, deltat; |
9162 | |
|
9163 | 0 | tmp_item = proto_tree_add_uint(kerberos_tree, hf_krb_response_to, tvb, 0, 0, private_data->frame_req); |
9164 | 0 | proto_item_set_generated(tmp_item); |
9165 | |
|
9166 | 0 | t = pinfo->abs_ts; |
9167 | 0 | nstime_delta(&deltat, &t, &private_data->req_time); |
9168 | 0 | tmp_item = proto_tree_add_time(kerberos_tree, hf_krb_time, tvb, 0, 0, &deltat); |
9169 | 0 | proto_item_set_generated(tmp_item); |
9170 | 0 | } |
9171 | | |
9172 | 223 | if (kerberos_tree != NULL) { |
9173 | 223 | struct kerberos_display_key_state display_state = { |
9174 | 223 | .tree = kerberos_tree, |
9175 | 223 | .pinfo = pinfo, |
9176 | 223 | .expindex = &ei_kerberos_learnt_keytype, |
9177 | 223 | .name = "Provides", |
9178 | 223 | .tvb = tvb, |
9179 | 223 | }; |
9180 | | |
9181 | 223 | wmem_list_foreach(private_data->learnt_keys, |
9182 | 223 | kerberos_display_key, |
9183 | 223 | &display_state); |
9184 | 223 | } |
9185 | | |
9186 | 223 | if (kerberos_tree != NULL) { |
9187 | 223 | struct kerberos_display_key_state display_state = { |
9188 | 223 | .tree = kerberos_tree, |
9189 | 223 | .pinfo = pinfo, |
9190 | 223 | .expindex = &ei_kerberos_missing_keytype, |
9191 | 223 | .name = "Missing", |
9192 | 223 | .tvb = tvb, |
9193 | 223 | }; |
9194 | | |
9195 | 223 | wmem_list_foreach(private_data->missing_keys, |
9196 | 223 | kerberos_display_key, |
9197 | 223 | &display_state); |
9198 | 223 | } |
9199 | | |
9200 | 223 | if (kerberos_tree != NULL) { |
9201 | 223 | struct kerberos_display_key_state display_state = { |
9202 | 223 | .tree = kerberos_tree, |
9203 | 223 | .pinfo = pinfo, |
9204 | 223 | .expindex = &ei_kerberos_decrypted_keytype, |
9205 | 223 | .name = "Used", |
9206 | 223 | .tvb = tvb, |
9207 | 223 | }; |
9208 | | |
9209 | 223 | wmem_list_foreach(private_data->decryption_keys, |
9210 | 223 | kerberos_display_key, |
9211 | 223 | &display_state); |
9212 | 223 | } |
9213 | | |
9214 | 223 | proto_item_set_len(item, offset); |
9215 | 223 | return offset; |
9216 | 320 | } |
9217 | | |
9218 | | /* |
9219 | | * Display the TCP record mark. |
9220 | | */ |
9221 | | void |
9222 | | show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, int start, uint32_t krb_rm) |
9223 | 240 | { |
9224 | 240 | int rec_len; |
9225 | 240 | proto_tree *rm_tree; |
9226 | | |
9227 | 240 | if (tree == NULL) |
9228 | 0 | return; |
9229 | | |
9230 | 240 | rec_len = kerberos_rm_to_reclen(krb_rm); |
9231 | 240 | rm_tree = proto_tree_add_subtree_format(tree, tvb, start, 4, ett_krb_recordmark, NULL, |
9232 | 240 | "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes")); |
9233 | 240 | proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm); |
9234 | 240 | proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm); |
9235 | 240 | } |
9236 | | |
9237 | | int |
9238 | | dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool do_col_info, kerberos_callbacks *cb) |
9239 | 120 | { |
9240 | 120 | return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, false, false, cb)); |
9241 | 120 | } |
9242 | | |
9243 | | uint32_t |
9244 | | kerberos_output_keytype(void) |
9245 | 8 | { |
9246 | 8 | return gbl_keytype; |
9247 | 8 | } |
9248 | | |
9249 | | static int |
9250 | | dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) |
9251 | 53 | { |
9252 | | /* Some weird kerberos implementation apparently do krb4 on the krb5 port. |
9253 | | Since all (except weirdo transarc krb4 stuff) use |
9254 | | an opcode <=16 in the first byte, use this to see if it might |
9255 | | be krb4. |
9256 | | All krb5 commands start with an APPL tag and thus is >=0x60 |
9257 | | so if first byte is <=16 just blindly assume it is krb4 then |
9258 | | */ |
9259 | 53 | if(tvb_captured_length(tvb) >= 1 && tvb_get_uint8(tvb, 0)<=0x10){ |
9260 | 17 | if(krb4_handle){ |
9261 | 17 | bool res; |
9262 | | |
9263 | 17 | res=call_dissector_only(krb4_handle, tvb, pinfo, tree, NULL); |
9264 | 17 | return res; |
9265 | 17 | }else{ |
9266 | 0 | return 0; |
9267 | 0 | } |
9268 | 17 | } |
9269 | | |
9270 | | |
9271 | 36 | return dissect_kerberos_common(tvb, pinfo, tree, true, true, false, NULL); |
9272 | 53 | } |
9273 | | |
9274 | | int |
9275 | | kerberos_rm_to_reclen(unsigned krb_rm) |
9276 | 880 | { |
9277 | 880 | return (krb_rm & KRB_RM_RECLEN); |
9278 | 880 | } |
9279 | | |
9280 | | unsigned |
9281 | | get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) |
9282 | 320 | { |
9283 | 320 | unsigned krb_rm; |
9284 | 320 | int pdulen; |
9285 | | |
9286 | 320 | krb_rm = tvb_get_ntohl(tvb, offset); |
9287 | 320 | pdulen = kerberos_rm_to_reclen(krb_rm); |
9288 | 320 | return (pdulen + 4); |
9289 | 320 | } |
9290 | | static void |
9291 | 0 | kerberos_prefs_apply_cb(void) { |
9292 | | #ifdef HAVE_LIBNETTLE |
9293 | | clear_keytab(); |
9294 | | read_keytab_file(keytab_filename); |
9295 | | #endif |
9296 | 0 | } |
9297 | | |
9298 | | static int |
9299 | | dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
9300 | 233 | { |
9301 | 233 | pinfo->fragmented = true; |
9302 | 233 | if (dissect_kerberos_common(tvb, pinfo, tree, true, true, true, NULL) < 0) { |
9303 | | /* |
9304 | | * The dissector failed to recognize this as a valid |
9305 | | * Kerberos message. Mark it as a continuation packet. |
9306 | | */ |
9307 | 8 | col_set_str(pinfo->cinfo, COL_INFO, "Continuation"); |
9308 | 8 | } |
9309 | | |
9310 | 233 | return tvb_captured_length(tvb); |
9311 | 233 | } |
9312 | | |
9313 | | static int |
9314 | | dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) |
9315 | 37 | { |
9316 | 37 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); |
9317 | 37 | col_clear(pinfo->cinfo, COL_INFO); |
9318 | | |
9319 | 37 | tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len, |
9320 | 37 | dissect_kerberos_tcp_pdu, data); |
9321 | 37 | return tvb_captured_length(tvb); |
9322 | 37 | } |
9323 | | |
9324 | | /*--- proto_register_kerberos -------------------------------------------*/ |
9325 | 14 | void proto_register_kerberos(void) { |
9326 | | |
9327 | | /* List of fields */ |
9328 | | |
9329 | 14 | static hf_register_info hf[] = { |
9330 | 14 | { &hf_krb_response_to, |
9331 | 14 | { "Response to", "kerberos.response_to", FT_FRAMENUM, BASE_NONE, |
9332 | 14 | FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0, "This packet is a response to the packet in this frame", HFILL }}, |
9333 | 14 | { &hf_krb_response_in, |
9334 | 14 | { "Response in", "kerberos.response_in", FT_FRAMENUM, BASE_NONE, |
9335 | 14 | FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0, "The response to this packet is in this packet", HFILL }}, |
9336 | 14 | { &hf_krb_time, |
9337 | 14 | { "Time from request", "kerberos.time", FT_RELATIVE_TIME, BASE_NONE, |
9338 | 14 | NULL, 0, "Time between Request and Response for Kerberos KDC requests", HFILL }}, |
9339 | 14 | { &hf_krb_rm_reserved, { |
9340 | 14 | "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32, |
9341 | 14 | TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }}, |
9342 | 14 | { &hf_krb_rm_reclen, { |
9343 | 14 | "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC, |
9344 | 14 | NULL, KRB_RM_RECLEN, NULL, HFILL }}, |
9345 | 14 | { &hf_krb_provsrv_location, { |
9346 | 14 | "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE, |
9347 | 14 | NULL, 0, "PacketCable PROV SRV Location", HFILL }}, |
9348 | 14 | { &hf_krb_pw_salt, |
9349 | 14 | { "pw-salt", "kerberos.pw_salt", FT_BYTES, BASE_NONE, |
9350 | 14 | NULL, 0, NULL, HFILL }}, |
9351 | 14 | { &hf_krb_ext_error_nt_status, /* we keep kerberos.smb.nt_status for compat reasons */ |
9352 | 14 | { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX|BASE_EXT_STRING, |
9353 | 14 | &NT_errors_ext, 0, "NT Status code", HFILL }}, |
9354 | 14 | { &hf_krb_ext_error_reserved, |
9355 | 14 | { "Reserved", "kerberos.ext_error.reserved", FT_UINT32, BASE_HEX, |
9356 | 14 | NULL, 0, NULL, HFILL }}, |
9357 | 14 | { &hf_krb_ext_error_flags, |
9358 | 14 | { "Flags", "kerberos.ext_error.flags", FT_UINT32, BASE_HEX, |
9359 | 14 | NULL, 0, NULL, HFILL }}, |
9360 | 14 | { &hf_krb_address_ip, { |
9361 | 14 | "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE, |
9362 | 14 | NULL, 0, NULL, HFILL }}, |
9363 | 14 | { &hf_krb_address_ipv6, { |
9364 | 14 | "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE, |
9365 | 14 | NULL, 0, NULL, HFILL }}, |
9366 | 14 | { &hf_krb_address_netbios, { |
9367 | 14 | "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE, |
9368 | 14 | NULL, 0, "NetBIOS Address and type", HFILL }}, |
9369 | 14 | { &hf_krb_gssapi_len, { |
9370 | 14 | "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC, |
9371 | 14 | NULL, 0, "Length of GSSAPI Bnd field", HFILL }}, |
9372 | 14 | { &hf_krb_gssapi_bnd, { |
9373 | 14 | "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE, |
9374 | 14 | NULL, 0, "GSSAPI Bnd field", HFILL }}, |
9375 | 14 | { &hf_krb_gssapi_c_flag_deleg, { |
9376 | 14 | "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32, |
9377 | 14 | TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }}, |
9378 | 14 | { &hf_krb_gssapi_c_flag_mutual, { |
9379 | 14 | "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32, |
9380 | 14 | TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }}, |
9381 | 14 | { &hf_krb_gssapi_c_flag_replay, { |
9382 | 14 | "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32, |
9383 | 14 | TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }}, |
9384 | 14 | { &hf_krb_gssapi_c_flag_sequence, { |
9385 | 14 | "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32, |
9386 | 14 | TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }}, |
9387 | 14 | { &hf_krb_gssapi_c_flag_conf, { |
9388 | 14 | "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32, |
9389 | 14 | TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }}, |
9390 | 14 | { &hf_krb_gssapi_c_flag_integ, { |
9391 | 14 | "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32, |
9392 | 14 | TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }}, |
9393 | 14 | { &hf_krb_gssapi_c_flag_dce_style, { |
9394 | 14 | "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32, |
9395 | 14 | TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }}, |
9396 | 14 | { &hf_krb_gssapi_dlgopt, { |
9397 | 14 | "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC, |
9398 | 14 | NULL, 0, "GSSAPI DlgOpt", HFILL }}, |
9399 | 14 | { &hf_krb_gssapi_dlglen, { |
9400 | 14 | "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC, |
9401 | 14 | NULL, 0, "GSSAPI DlgLen", HFILL }}, |
9402 | 14 | { &hf_krb_midl_blob_len, { |
9403 | 14 | "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC, |
9404 | 14 | NULL, 0, "Length of NDR encoded data that follows", HFILL }}, |
9405 | 14 | { &hf_krb_midl_fill_bytes, { |
9406 | 14 | "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX, |
9407 | 14 | NULL, 0, "Just some fill bytes", HFILL }}, |
9408 | 14 | { &hf_krb_midl_version, { |
9409 | 14 | "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC, |
9410 | 14 | NULL, 0, "Version of pickling", HFILL }}, |
9411 | 14 | { &hf_krb_midl_hdr_len, { |
9412 | 14 | "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC, |
9413 | 14 | NULL, 0, "Length of header", HFILL }}, |
9414 | 14 | { &hf_krb_pac_signature_type, { |
9415 | 14 | "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC, |
9416 | 14 | NULL, 0, "PAC Signature Type", HFILL }}, |
9417 | 14 | { &hf_krb_pac_signature_signature, { |
9418 | 14 | "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE, |
9419 | 14 | NULL, 0, "A PAC signature blob", HFILL }}, |
9420 | 14 | { &hf_krb_w2k_pac_entries, { |
9421 | 14 | "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC, |
9422 | 14 | NULL, 0, "Number of W2k PAC entries", HFILL }}, |
9423 | 14 | { &hf_krb_w2k_pac_version, { |
9424 | 14 | "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC, |
9425 | 14 | NULL, 0, "Version of PAC structures", HFILL }}, |
9426 | 14 | { &hf_krb_w2k_pac_type, { |
9427 | 14 | "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC, |
9428 | 14 | VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }}, |
9429 | 14 | { &hf_krb_w2k_pac_size, { |
9430 | 14 | "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC, |
9431 | 14 | NULL, 0, "Size of W2k PAC entry", HFILL }}, |
9432 | 14 | { &hf_krb_w2k_pac_offset, { |
9433 | 14 | "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC, |
9434 | 14 | NULL, 0, "Offset to W2k PAC entry", HFILL }}, |
9435 | 14 | { &hf_krb_pac_clientid, { |
9436 | 14 | "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, |
9437 | 14 | NULL, 0, "ClientID Timestamp", HFILL }}, |
9438 | 14 | { &hf_krb_pac_namelen, { |
9439 | 14 | "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC, |
9440 | 14 | NULL, 0, "Length of client name", HFILL }}, |
9441 | 14 | { &hf_krb_pac_clientname, { |
9442 | 14 | "Name", "kerberos.pac.name", FT_STRING, BASE_NONE, |
9443 | 14 | NULL, 0, "Name of the Client in the PAC structure", HFILL }}, |
9444 | 14 | { &hf_krb_pac_logon_info, { |
9445 | 14 | "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE, |
9446 | 14 | NULL, 0, "PAC_LOGON_INFO structure", HFILL }}, |
9447 | 14 | { &hf_krb_pac_credential_data, { |
9448 | 14 | "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE, |
9449 | 14 | NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }}, |
9450 | 14 | { &hf_krb_pac_credential_info, { |
9451 | 14 | "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE, |
9452 | 14 | NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }}, |
9453 | 14 | { &hf_krb_pac_credential_info_version, { |
9454 | 14 | "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC, |
9455 | 14 | NULL, 0, NULL, HFILL }}, |
9456 | 14 | { &hf_krb_pac_credential_info_etype, { |
9457 | 14 | "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC, |
9458 | 14 | NULL, 0, NULL, HFILL }}, |
9459 | 14 | { &hf_krb_pac_server_checksum, { |
9460 | 14 | "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE, |
9461 | 14 | NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }}, |
9462 | 14 | { &hf_krb_pac_privsvr_checksum, { |
9463 | 14 | "PAC_PRIVSVR_CHECKSUM", "kerberos.pac_privsvr_checksum", FT_BYTES, BASE_NONE, |
9464 | 14 | NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }}, |
9465 | 14 | { &hf_krb_pac_client_info_type, { |
9466 | 14 | "PAC_CLIENT_INFO_TYPE", "kerberos.pac_client_info_type", FT_BYTES, BASE_NONE, |
9467 | 14 | NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }}, |
9468 | 14 | { &hf_krb_pac_s4u_delegation_info, { |
9469 | 14 | "PAC_S4U_DELEGATION_INFO", "kerberos.pac_s4u_delegation_info", FT_BYTES, BASE_NONE, |
9470 | 14 | NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }}, |
9471 | 14 | { &hf_krb_pac_upn_dns_info, { |
9472 | 14 | "UPN_DNS_INFO", "kerberos.pac_upn_dns_info", FT_BYTES, BASE_NONE, |
9473 | 14 | NULL, 0, "UPN_DNS_INFO structure", HFILL }}, |
9474 | 14 | { &hf_krb_pac_upn_flags, { |
9475 | 14 | "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX, |
9476 | 14 | NULL, 0, "UPN flags", HFILL }}, |
9477 | 14 | { &hf_krb_pac_upn_flag_upn_constructed, { |
9478 | 14 | "UPN Name Constructed", |
9479 | 14 | "kerberos.pac.upn.flags.upn_constructed", |
9480 | 14 | FT_BOOLEAN, 32, |
9481 | 14 | TFS(&tfs_krb_pac_upn_flag_upn_constructed), |
9482 | 14 | PAC_UPN_DNS_FLAG_CONSTRUCTED, |
9483 | 14 | "Is the UPN Name constructed?", HFILL }}, |
9484 | 14 | { &hf_krb_pac_upn_flag_has_sam_name_and_sid, { |
9485 | 14 | "SAM_NAME and SID Included", |
9486 | 14 | "kerberos.pac.upn.flags.has_sam_name_and_sid", |
9487 | 14 | FT_BOOLEAN, 32, |
9488 | 14 | TFS(&tfs_krb_pac_upn_flag_has_sam_name_and_sid), |
9489 | 14 | PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID, |
9490 | 14 | "Are SAM_NAME and SID included?", HFILL }}, |
9491 | 14 | { &hf_krb_pac_upn_upn_offset, { |
9492 | 14 | "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC, |
9493 | 14 | NULL, 0, NULL, HFILL }}, |
9494 | 14 | { &hf_krb_pac_upn_upn_len, { |
9495 | 14 | "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC, |
9496 | 14 | NULL, 0, NULL, HFILL }}, |
9497 | 14 | { &hf_krb_pac_upn_upn_name, { |
9498 | 14 | "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE, |
9499 | 14 | NULL, 0, NULL, HFILL }}, |
9500 | 14 | { &hf_krb_pac_upn_dns_offset, { |
9501 | 14 | "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC, |
9502 | 14 | NULL, 0, NULL, HFILL }}, |
9503 | 14 | { &hf_krb_pac_upn_dns_len, { |
9504 | 14 | "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC, |
9505 | 14 | NULL, 0, NULL, HFILL }}, |
9506 | 14 | { &hf_krb_pac_upn_dns_name, { |
9507 | 14 | "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE, |
9508 | 14 | NULL, 0, NULL, HFILL }}, |
9509 | 14 | { &hf_krb_pac_upn_samaccountname_offset, { |
9510 | 14 | "sAMAccountName Offset", "kerberos.pac.upn.samaccountname_offset", FT_UINT16, BASE_DEC, |
9511 | 14 | NULL, 0, NULL, HFILL }}, |
9512 | 14 | { &hf_krb_pac_upn_samaccountname_len, { |
9513 | 14 | "sAMAccountName Len", "kerberos.pac.upn.samaccountname_len", FT_UINT16, BASE_DEC, |
9514 | 14 | NULL, 0, NULL, HFILL }}, |
9515 | 14 | { &hf_krb_pac_upn_samaccountname, { |
9516 | 14 | "sAMAccountName", "kerberos.pac.upn.samaccountname", FT_STRING, BASE_NONE, |
9517 | 14 | NULL, 0, NULL, HFILL }}, |
9518 | 14 | { &hf_krb_pac_upn_objectsid_offset, { |
9519 | 14 | "objectSid Offset", "kerberos.pac.upn.objectsid_offset", FT_UINT16, BASE_DEC, |
9520 | 14 | NULL, 0, NULL, HFILL }}, |
9521 | 14 | { &hf_krb_pac_upn_objectsid_len, { |
9522 | 14 | "objectSid Len", "kerberos.pac.upn.objectsid_len", FT_UINT16, BASE_DEC, |
9523 | 14 | NULL, 0, NULL, HFILL }}, |
9524 | 14 | { &hf_krb_pac_client_claims_info, { |
9525 | 14 | "PAC_CLIENT_CLAIMS_INFO", "kerberos.pac_client_claims_info", FT_BYTES, BASE_NONE, |
9526 | 14 | NULL, 0, "PAC_CLIENT_CLAIMS_INFO structure", HFILL }}, |
9527 | 14 | { &hf_krb_pac_device_info, { |
9528 | 14 | "PAC_DEVICE_INFO", "kerberos.pac_device_info", FT_BYTES, BASE_NONE, |
9529 | 14 | NULL, 0, "PAC_DEVICE_INFO structure", HFILL }}, |
9530 | 14 | { &hf_krb_pac_device_claims_info, { |
9531 | 14 | "PAC_DEVICE_CLAIMS_INFO", "kerberos.pac_device_claims_info", FT_BYTES, BASE_NONE, |
9532 | 14 | NULL, 0, "PAC_DEVICE_CLAIMS_INFO structure", HFILL }}, |
9533 | 14 | { &hf_krb_pac_ticket_checksum, { |
9534 | 14 | "PAC_TICKET_CHECKSUM", "kerberos.pac_ticket_checksum", FT_BYTES, BASE_NONE, |
9535 | 14 | NULL, 0, "PAC_TICKET_CHECKSUM structure", HFILL }}, |
9536 | 14 | { &hf_krb_pac_attributes_info, { |
9537 | 14 | "PAC_ATTRIBUTES_INFO", "kerberos.pac_attributes_info", FT_BYTES, BASE_NONE, |
9538 | 14 | NULL, 0, "PAC_ATTRIBUTES_INFO structure", HFILL }}, |
9539 | 14 | { &hf_krb_pac_attributes_info_length, { |
9540 | 14 | "Flags Valid Length", "kerberos.pac.attributes_info.length", FT_UINT32, BASE_DEC, |
9541 | 14 | NULL, 0, NULL, HFILL }}, |
9542 | 14 | { &hf_krb_pac_attributes_info_flags, { |
9543 | 14 | "Flags", "kerberos.pac.attributes_info.flags", |
9544 | 14 | FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, |
9545 | 14 | { &hf_krb_pac_attributes_info_flags_pac_was_requested, { |
9546 | 14 | "PAC Requested", |
9547 | 14 | "kerberos.pac.attributes.flags.pac_was_requested", |
9548 | 14 | FT_BOOLEAN, 32, |
9549 | 14 | TFS(&tfs_krb_pac_attributes_info_pac_was_requested), |
9550 | 14 | PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED, |
9551 | 14 | "Was a PAC requested?", HFILL }}, |
9552 | 14 | { &hf_krb_pac_attributes_info_flags_pac_was_given_implicitly, { |
9553 | 14 | "PAC given Implicitly", |
9554 | 14 | "kerberos.pac.attributes.flags.pac_was_given_implicitly", |
9555 | 14 | FT_BOOLEAN, 32, |
9556 | 14 | TFS(&tfs_krb_pac_attributes_info_pac_was_given_implicitly), |
9557 | 14 | PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY, |
9558 | 14 | "Was PAC given implicitly?", HFILL }}, |
9559 | 14 | { &hf_krb_pac_requester_sid, { |
9560 | 14 | "PAC_REQUESTER_SID", "kerberos.pac_requester_sid", FT_BYTES, BASE_NONE, |
9561 | 14 | NULL, 0, "PAC_REQUESTER_SID structure", HFILL }}, |
9562 | 14 | { &hf_krb_pac_full_checksum, { |
9563 | 14 | "PAC_FULL_CHECKSUM", "kerberos.pac_full_checksum", FT_BYTES, BASE_NONE, |
9564 | 14 | NULL, 0, "PAC_FULL_CHECKSUM structure", HFILL }}, |
9565 | 14 | { &hf_krb_pa_supported_enctypes, |
9566 | 14 | { "SupportedEnctypes", "kerberos.supported_entypes", |
9567 | 14 | FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, |
9568 | 14 | { &hf_krb_pa_supported_enctypes_des_cbc_crc, |
9569 | 14 | { "des-cbc-crc", "kerberos.supported_entypes.des-cbc-crc", |
9570 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000001, NULL, HFILL }}, |
9571 | 14 | { &hf_krb_pa_supported_enctypes_des_cbc_md5, |
9572 | 14 | { "des-cbc-md5", "kerberos.supported_entypes.des-cbc-md5", |
9573 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000002, NULL, HFILL }}, |
9574 | 14 | { &hf_krb_pa_supported_enctypes_rc4_hmac, |
9575 | 14 | { "rc4-hmac", "kerberos.supported_entypes.rc4-hmac", |
9576 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000004, NULL, HFILL }}, |
9577 | 14 | { &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96, |
9578 | 14 | { "aes128-cts-hmac-sha1-96", "kerberos.supported_entypes.aes128-cts-hmac-sha1-96", |
9579 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000008, NULL, HFILL }}, |
9580 | 14 | { &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96, |
9581 | 14 | { "aes256-cts-hmac-sha1-96", "kerberos.supported_entypes.aes256-cts-hmac-sha1-96", |
9582 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000010, NULL, HFILL }}, |
9583 | 14 | { &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96_sk, |
9584 | 14 | { "aes256-cts-hmac-sha1-96-sk", "kerberos.supported_entypes.aes256-cts-hmac-sha1-96-sk", |
9585 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000020, NULL, HFILL }}, |
9586 | 14 | { &hf_krb_pa_supported_enctypes_fast_supported, |
9587 | 14 | { "fast-supported", "kerberos.supported_entypes.fast-supported", |
9588 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00010000, NULL, HFILL }}, |
9589 | 14 | { &hf_krb_pa_supported_enctypes_compound_identity_supported, |
9590 | 14 | { "compound-identity-supported", "kerberos.supported_entypes.compound-identity-supported", |
9591 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00020000, NULL, HFILL }}, |
9592 | 14 | { &hf_krb_pa_supported_enctypes_claims_supported, |
9593 | 14 | { "claims-supported", "kerberos.supported_entypes.claims-supported", |
9594 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00040000, NULL, HFILL }}, |
9595 | 14 | { &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled, |
9596 | 14 | { "resource-sid-compression-disabled", "kerberos.supported_entypes.resource-sid-compression-disabled", |
9597 | 14 | FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00080000, NULL, HFILL }}, |
9598 | 14 | { &hf_krb_ad_ap_options, |
9599 | 14 | { "AD-AP-Options", "kerberos.ad_ap_options", |
9600 | 14 | FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, |
9601 | 14 | { &hf_krb_ad_ap_options_cbt, |
9602 | 14 | { "ChannelBindings", "kerberos.ad_ap_options.cbt", |
9603 | 14 | FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00004000, NULL, HFILL }}, |
9604 | 14 | { &hf_krb_ad_ap_options_unverified_target_name, |
9605 | 14 | { "UnverifiedTargetName", "kerberos.ad_ap_options.unverified_target_name", |
9606 | 14 | FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00008000, NULL, HFILL }}, |
9607 | 14 | { &hf_krb_ad_target_principal, |
9608 | 14 | { "Target Principal", "kerberos.ad_target_principal", |
9609 | 14 | FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, |
9610 | 14 | { &hf_krb_key_hidden_item, |
9611 | 14 | { "KeyHiddenItem", "krb5.key_hidden_item", |
9612 | 14 | FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, |
9613 | 14 | { &hf_kerberos_KERB_TICKET_LOGON, |
9614 | 14 | { "KERB_TICKET_LOGON", "kerberos.KERB_TICKET_LOGON", |
9615 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9616 | 14 | NULL, HFILL }}, |
9617 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_MessageType, |
9618 | 14 | { "MessageType", "kerberos.KERB_TICKET_LOGON.MessageType", |
9619 | 14 | FT_UINT32, BASE_DEC, VALS(KERB_LOGON_SUBMIT_TYPE), 0, |
9620 | 14 | NULL, HFILL }}, |
9621 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_Flags, |
9622 | 14 | { "Flags", "kerberos.KERB_TICKET_LOGON.Flags", |
9623 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9624 | 14 | NULL, HFILL }}, |
9625 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength, |
9626 | 14 | { "ServiceTicketLength", "kerberos.KERB_TICKET_LOGON.ServiceTicketLength", |
9627 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9628 | 14 | NULL, HFILL }}, |
9629 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength, |
9630 | 14 | { "TicketGrantingTicketLength", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicketLength", |
9631 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9632 | 14 | NULL, HFILL }}, |
9633 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicket, |
9634 | 14 | { "ServiceTicket", "kerberos.KERB_TICKET_LOGON.ServiceTicket", |
9635 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9636 | 14 | NULL, HFILL }}, |
9637 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket, |
9638 | 14 | { "TicketGrantingTicket", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicket", |
9639 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9640 | 14 | NULL, HFILL }}, |
9641 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET, |
9642 | 14 | { "allow_expired_ticket", "kerberos.KERB_TICKET_LOGON.FLAG_ALLOW_EXPIRED_TICKET", |
9643 | 14 | FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET, |
9644 | 14 | NULL, HFILL }}, |
9645 | 14 | { &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED, |
9646 | 14 | { "redirected", "kerberos.KERB_TICKET_LOGON.FLAG_REDIRECTED", |
9647 | 14 | FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_REDIRECTED, |
9648 | 14 | NULL, HFILL }}, |
9649 | | #ifdef HAVE_KERBEROS |
9650 | | { &hf_kerberos_KrbFastResponse, |
9651 | | { "KrbFastResponse", "kerberos.KrbFastResponse_element", |
9652 | | FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
9653 | | { &hf_kerberos_strengthen_key, |
9654 | | { "strengthen-key", "kerberos.strengthen_key_element", |
9655 | | FT_NONE, BASE_NONE, NULL, 0, |
9656 | | NULL, HFILL }}, |
9657 | | { &hf_kerberos_finished, |
9658 | | { "finished", "kerberos.finished_element", |
9659 | | FT_NONE, BASE_NONE, NULL, 0, |
9660 | | "KrbFastFinished", HFILL }}, |
9661 | | { &hf_kerberos_fast_options, |
9662 | | { "fast-options", "kerberos.fast_options", |
9663 | | FT_BYTES, BASE_NONE, NULL, 0, |
9664 | | "FastOptions", HFILL }}, |
9665 | | { &hf_kerberos_FastOptions_reserved, |
9666 | | { "reserved", "kerberos.FastOptions.reserved", |
9667 | | FT_BOOLEAN, 8, NULL, 0x80, |
9668 | | NULL, HFILL }}, |
9669 | | { &hf_kerberos_FastOptions_hide_client_names, |
9670 | | { "hide-client-names", "kerberos.FastOptions.hide.client.names", |
9671 | | FT_BOOLEAN, 8, NULL, 0x40, |
9672 | | NULL, HFILL }}, |
9673 | | { &hf_kerberos_FastOptions_spare_bit2, |
9674 | | { "spare_bit2", "kerberos.FastOptions.spare.bit2", |
9675 | | FT_BOOLEAN, 8, NULL, 0x20, |
9676 | | NULL, HFILL }}, |
9677 | | { &hf_kerberos_FastOptions_spare_bit3, |
9678 | | { "spare_bit3", "kerberos.FastOptions.spare.bit3", |
9679 | | FT_BOOLEAN, 8, NULL, 0x10, |
9680 | | NULL, HFILL }}, |
9681 | | { &hf_kerberos_FastOptions_spare_bit4, |
9682 | | { "spare_bit4", "kerberos.FastOptions.spare.bit4", |
9683 | | FT_BOOLEAN, 8, NULL, 0x08, |
9684 | | NULL, HFILL }}, |
9685 | | { &hf_kerberos_FastOptions_spare_bit5, |
9686 | | { "spare_bit5", "kerberos.FastOptions.spare.bit5", |
9687 | | FT_BOOLEAN, 8, NULL, 0x04, |
9688 | | NULL, HFILL }}, |
9689 | | { &hf_kerberos_FastOptions_spare_bit6, |
9690 | | { "spare_bit6", "kerberos.FastOptions.spare.bit6", |
9691 | | FT_BOOLEAN, 8, NULL, 0x02, |
9692 | | NULL, HFILL }}, |
9693 | | { &hf_kerberos_FastOptions_spare_bit7, |
9694 | | { "spare_bit7", "kerberos.FastOptions.spare.bit7", |
9695 | | FT_BOOLEAN, 8, NULL, 0x01, |
9696 | | NULL, HFILL }}, |
9697 | | { &hf_kerberos_FastOptions_spare_bit8, |
9698 | | { "spare_bit8", "kerberos.FastOptions.spare.bit8", |
9699 | | FT_BOOLEAN, 8, NULL, 0x80, |
9700 | | NULL, HFILL }}, |
9701 | | { &hf_kerberos_FastOptions_spare_bit9, |
9702 | | { "spare_bit9", "kerberos.FastOptions.spare.bit9", |
9703 | | FT_BOOLEAN, 8, NULL, 0x40, |
9704 | | NULL, HFILL }}, |
9705 | | { &hf_kerberos_FastOptions_spare_bit10, |
9706 | | { "spare_bit10", "kerberos.FastOptions.spare.bit10", |
9707 | | FT_BOOLEAN, 8, NULL, 0x20, |
9708 | | NULL, HFILL }}, |
9709 | | { &hf_kerberos_FastOptions_spare_bit11, |
9710 | | { "spare_bit11", "kerberos.FastOptions.spare.bit11", |
9711 | | FT_BOOLEAN, 8, NULL, 0x10, |
9712 | | NULL, HFILL }}, |
9713 | | { &hf_kerberos_FastOptions_spare_bit12, |
9714 | | { "spare_bit12", "kerberos.FastOptions.spare.bit12", |
9715 | | FT_BOOLEAN, 8, NULL, 0x08, |
9716 | | NULL, HFILL }}, |
9717 | | { &hf_kerberos_FastOptions_spare_bit13, |
9718 | | { "spare_bit13", "kerberos.FastOptions.spare.bit13", |
9719 | | FT_BOOLEAN, 8, NULL, 0x04, |
9720 | | NULL, HFILL }}, |
9721 | | { &hf_kerberos_FastOptions_spare_bit14, |
9722 | | { "spare_bit14", "kerberos.FastOptions.spare.bit14", |
9723 | | FT_BOOLEAN, 8, NULL, 0x02, |
9724 | | NULL, HFILL }}, |
9725 | | { &hf_kerberos_FastOptions_spare_bit15, |
9726 | | { "spare_bit15", "kerberos.FastOptions.spare.bit15", |
9727 | | FT_BOOLEAN, 8, NULL, 0x01, |
9728 | | NULL, HFILL }}, |
9729 | | { &hf_kerberos_FastOptions_kdc_follow_referrals, |
9730 | | { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals", |
9731 | | FT_BOOLEAN, 8, NULL, 0x80, |
9732 | | NULL, HFILL }}, |
9733 | | { &hf_kerberos_ticket_checksum, |
9734 | | { "ticket-checksum", "kerberos.ticket_checksum_element", |
9735 | | FT_NONE, BASE_NONE, NULL, 0, |
9736 | | "Checksum", HFILL }}, |
9737 | | { &hf_krb_patimestamp, |
9738 | | { "patimestamp", "kerberos.patimestamp", |
9739 | | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, "KerberosTime", HFILL }}, |
9740 | | { &hf_krb_pausec, |
9741 | | { "pausec", "kerberos.pausec", |
9742 | | FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }}, |
9743 | | #endif /* HAVE_KERBEROS */ |
9744 | | |
9745 | 14 | { &hf_kerberos_ticket, |
9746 | 14 | { "ticket", "kerberos.ticket_element", |
9747 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9748 | 14 | NULL, HFILL }}, |
9749 | 14 | { &hf_kerberos_authenticator, |
9750 | 14 | { "authenticator", "kerberos.authenticator_element", |
9751 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9752 | 14 | NULL, HFILL }}, |
9753 | 14 | { &hf_kerberos_encTicketPart, |
9754 | 14 | { "encTicketPart", "kerberos.encTicketPart_element", |
9755 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9756 | 14 | NULL, HFILL }}, |
9757 | 14 | { &hf_kerberos_as_req, |
9758 | 14 | { "as-req", "kerberos.as_req_element", |
9759 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9760 | 14 | NULL, HFILL }}, |
9761 | 14 | { &hf_kerberos_as_rep, |
9762 | 14 | { "as-rep", "kerberos.as_rep_element", |
9763 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9764 | 14 | NULL, HFILL }}, |
9765 | 14 | { &hf_kerberos_tgs_req, |
9766 | 14 | { "tgs-req", "kerberos.tgs_req_element", |
9767 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9768 | 14 | NULL, HFILL }}, |
9769 | 14 | { &hf_kerberos_tgs_rep, |
9770 | 14 | { "tgs-rep", "kerberos.tgs_rep_element", |
9771 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9772 | 14 | NULL, HFILL }}, |
9773 | 14 | { &hf_kerberos_ap_req, |
9774 | 14 | { "ap-req", "kerberos.ap_req_element", |
9775 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9776 | 14 | NULL, HFILL }}, |
9777 | 14 | { &hf_kerberos_ap_rep, |
9778 | 14 | { "ap-rep", "kerberos.ap_rep_element", |
9779 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9780 | 14 | NULL, HFILL }}, |
9781 | 14 | { &hf_kerberos_krb_safe, |
9782 | 14 | { "krb-safe", "kerberos.krb_safe_element", |
9783 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9784 | 14 | NULL, HFILL }}, |
9785 | 14 | { &hf_kerberos_krb_priv, |
9786 | 14 | { "krb-priv", "kerberos.krb_priv_element", |
9787 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9788 | 14 | NULL, HFILL }}, |
9789 | 14 | { &hf_kerberos_krb_cred, |
9790 | 14 | { "krb-cred", "kerberos.krb_cred_element", |
9791 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9792 | 14 | NULL, HFILL }}, |
9793 | 14 | { &hf_kerberos_encASRepPart, |
9794 | 14 | { "encASRepPart", "kerberos.encASRepPart_element", |
9795 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9796 | 14 | NULL, HFILL }}, |
9797 | 14 | { &hf_kerberos_encTGSRepPart, |
9798 | 14 | { "encTGSRepPart", "kerberos.encTGSRepPart_element", |
9799 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9800 | 14 | NULL, HFILL }}, |
9801 | 14 | { &hf_kerberos_encAPRepPart, |
9802 | 14 | { "encAPRepPart", "kerberos.encAPRepPart_element", |
9803 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9804 | 14 | NULL, HFILL }}, |
9805 | 14 | { &hf_kerberos_encKrbPrivPart, |
9806 | 14 | { "encKrbPrivPart", "kerberos.encKrbPrivPart_element", |
9807 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9808 | 14 | "ENC_KRB_PRIV_PART", HFILL }}, |
9809 | 14 | { &hf_kerberos_encKrbCredPart, |
9810 | 14 | { "encKrbCredPart", "kerberos.encKrbCredPart_element", |
9811 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9812 | 14 | NULL, HFILL }}, |
9813 | 14 | { &hf_kerberos_krb_error, |
9814 | 14 | { "krb-error", "kerberos.krb_error_element", |
9815 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9816 | 14 | NULL, HFILL }}, |
9817 | 14 | { &hf_kerberos_name_type, |
9818 | 14 | { "name-type", "kerberos.name_type", |
9819 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_NAME_TYPE_vals), 0, |
9820 | 14 | NULL, HFILL }}, |
9821 | 14 | { &hf_kerberos_name_string, |
9822 | 14 | { "name-string", "kerberos.name_string", |
9823 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9824 | 14 | "SEQUENCE_OF_KerberosString", HFILL }}, |
9825 | 14 | { &hf_kerberos_name_string_item, |
9826 | 14 | { "KerberosString", "kerberos.KerberosString", |
9827 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
9828 | 14 | NULL, HFILL }}, |
9829 | 14 | { &hf_kerberos_cname_string, |
9830 | 14 | { "cname-string", "kerberos.cname_string", |
9831 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9832 | 14 | "SEQUENCE_OF_CNameString", HFILL }}, |
9833 | 14 | { &hf_kerberos_cname_string_item, |
9834 | 14 | { "CNameString", "kerberos.CNameString", |
9835 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
9836 | 14 | NULL, HFILL }}, |
9837 | 14 | { &hf_kerberos_sname_string, |
9838 | 14 | { "sname-string", "kerberos.sname_string", |
9839 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9840 | 14 | "SEQUENCE_OF_SNameString", HFILL }}, |
9841 | 14 | { &hf_kerberos_sname_string_item, |
9842 | 14 | { "SNameString", "kerberos.SNameString", |
9843 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
9844 | 14 | NULL, HFILL }}, |
9845 | 14 | { &hf_kerberos_addr_type, |
9846 | 14 | { "addr-type", "kerberos.addr_type", |
9847 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_ADDR_TYPE_vals), 0, |
9848 | 14 | NULL, HFILL }}, |
9849 | 14 | { &hf_kerberos_address, |
9850 | 14 | { "address", "kerberos.address", |
9851 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9852 | 14 | NULL, HFILL }}, |
9853 | 14 | { &hf_kerberos_HostAddresses_item, |
9854 | 14 | { "HostAddress", "kerberos.HostAddress_element", |
9855 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9856 | 14 | NULL, HFILL }}, |
9857 | 14 | { &hf_kerberos_AuthorizationData_item, |
9858 | 14 | { "AuthorizationData item", "kerberos.AuthorizationData_item_element", |
9859 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9860 | 14 | NULL, HFILL }}, |
9861 | 14 | { &hf_kerberos_ad_type, |
9862 | 14 | { "ad-type", "kerberos.ad_type", |
9863 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_AUTHDATA_TYPE_vals), 0, |
9864 | 14 | "AUTHDATA_TYPE", HFILL }}, |
9865 | 14 | { &hf_kerberos_ad_data, |
9866 | 14 | { "ad-data", "kerberos.ad_data", |
9867 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9868 | 14 | NULL, HFILL }}, |
9869 | 14 | { &hf_kerberos_padata_type, |
9870 | 14 | { "padata-type", "kerberos.padata_type", |
9871 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0, |
9872 | 14 | NULL, HFILL }}, |
9873 | 14 | { &hf_kerberos_padata_value, |
9874 | 14 | { "padata-value", "kerberos.padata_value", |
9875 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9876 | 14 | NULL, HFILL }}, |
9877 | 14 | { &hf_kerberos_keytype, |
9878 | 14 | { "keytype", "kerberos.keytype", |
9879 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, |
9880 | 14 | NULL, HFILL }}, |
9881 | 14 | { &hf_kerberos_keyvalue, |
9882 | 14 | { "keyvalue", "kerberos.keyvalue", |
9883 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9884 | 14 | NULL, HFILL }}, |
9885 | 14 | { &hf_kerberos_cksumtype, |
9886 | 14 | { "cksumtype", "kerberos.cksumtype", |
9887 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_CKSUMTYPE_vals), 0, |
9888 | 14 | NULL, HFILL }}, |
9889 | 14 | { &hf_kerberos_checksum, |
9890 | 14 | { "checksum", "kerberos.checksum", |
9891 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9892 | 14 | NULL, HFILL }}, |
9893 | 14 | { &hf_kerberos_etype, |
9894 | 14 | { "etype", "kerberos.etype", |
9895 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, |
9896 | 14 | "ENCTYPE", HFILL }}, |
9897 | 14 | { &hf_kerberos_kvno, |
9898 | 14 | { "kvno", "kerberos.kvno", |
9899 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9900 | 14 | "UInt32", HFILL }}, |
9901 | 14 | { &hf_kerberos_encryptedTicketData_cipher, |
9902 | 14 | { "cipher", "kerberos.encryptedTicketData_cipher", |
9903 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9904 | 14 | "T_encryptedTicketData_cipher", HFILL }}, |
9905 | 14 | { &hf_kerberos_encryptedAuthorizationData_cipher, |
9906 | 14 | { "cipher", "kerberos.encryptedAuthorizationData_cipher", |
9907 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9908 | 14 | "T_encryptedAuthorizationData_cipher", HFILL }}, |
9909 | 14 | { &hf_kerberos_encryptedAuthenticator_cipher, |
9910 | 14 | { "cipher", "kerberos.encryptedAuthenticator_cipher", |
9911 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9912 | 14 | "T_encryptedAuthenticator_cipher", HFILL }}, |
9913 | 14 | { &hf_kerberos_encryptedKDCREPData_cipher, |
9914 | 14 | { "cipher", "kerberos.encryptedKDCREPData_cipher", |
9915 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9916 | 14 | "T_encryptedKDCREPData_cipher", HFILL }}, |
9917 | 14 | { &hf_kerberos_encryptedAPREPData_cipher, |
9918 | 14 | { "cipher", "kerberos.encryptedAPREPData_cipher", |
9919 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9920 | 14 | "T_encryptedAPREPData_cipher", HFILL }}, |
9921 | 14 | { &hf_kerberos_encryptedKrbPrivData_cipher, |
9922 | 14 | { "cipher", "kerberos.encryptedKrbPrivData_cipher", |
9923 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9924 | 14 | "T_encryptedKrbPrivData_cipher", HFILL }}, |
9925 | 14 | { &hf_kerberos_encryptedKrbCredData_cipher, |
9926 | 14 | { "cipher", "kerberos.encryptedKrbCredData_cipher", |
9927 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9928 | 14 | "T_encryptedKrbCredData_cipher", HFILL }}, |
9929 | 14 | { &hf_kerberos_tkt_vno, |
9930 | 14 | { "tkt-vno", "kerberos.tkt_vno", |
9931 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9932 | 14 | "INTEGER_5", HFILL }}, |
9933 | 14 | { &hf_kerberos_realm, |
9934 | 14 | { "realm", "kerberos.realm", |
9935 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
9936 | 14 | NULL, HFILL }}, |
9937 | 14 | { &hf_kerberos_sname, |
9938 | 14 | { "sname", "kerberos.sname_element", |
9939 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9940 | 14 | NULL, HFILL }}, |
9941 | 14 | { &hf_kerberos_ticket_enc_part, |
9942 | 14 | { "enc-part", "kerberos.ticket_enc_part_element", |
9943 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9944 | 14 | "EncryptedTicketData", HFILL }}, |
9945 | 14 | { &hf_kerberos_flags, |
9946 | 14 | { "flags", "kerberos.flags", |
9947 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9948 | 14 | "TicketFlags", HFILL }}, |
9949 | 14 | { &hf_kerberos_encTicketPart_key, |
9950 | 14 | { "key", "kerberos.encTicketPart_key_element", |
9951 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9952 | 14 | "T_encTicketPart_key", HFILL }}, |
9953 | 14 | { &hf_kerberos_crealm, |
9954 | 14 | { "crealm", "kerberos.crealm", |
9955 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
9956 | 14 | "Realm", HFILL }}, |
9957 | 14 | { &hf_kerberos_cname, |
9958 | 14 | { "cname", "kerberos.cname_element", |
9959 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9960 | 14 | NULL, HFILL }}, |
9961 | 14 | { &hf_kerberos_transited, |
9962 | 14 | { "transited", "kerberos.transited_element", |
9963 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
9964 | 14 | "TransitedEncoding", HFILL }}, |
9965 | 14 | { &hf_kerberos_authtime, |
9966 | 14 | { "authtime", "kerberos.authtime", |
9967 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
9968 | 14 | "KerberosTime", HFILL }}, |
9969 | 14 | { &hf_kerberos_starttime, |
9970 | 14 | { "starttime", "kerberos.starttime", |
9971 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
9972 | 14 | "KerberosTime", HFILL }}, |
9973 | 14 | { &hf_kerberos_endtime, |
9974 | 14 | { "endtime", "kerberos.endtime", |
9975 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
9976 | 14 | "KerberosTime", HFILL }}, |
9977 | 14 | { &hf_kerberos_renew_till, |
9978 | 14 | { "renew-till", "kerberos.renew_till", |
9979 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
9980 | 14 | "KerberosTime", HFILL }}, |
9981 | 14 | { &hf_kerberos_caddr, |
9982 | 14 | { "caddr", "kerberos.caddr", |
9983 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9984 | 14 | "HostAddresses", HFILL }}, |
9985 | 14 | { &hf_kerberos_authorization_data, |
9986 | 14 | { "authorization-data", "kerberos.authorization_data", |
9987 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
9988 | 14 | "AuthorizationData", HFILL }}, |
9989 | 14 | { &hf_kerberos_tr_type, |
9990 | 14 | { "tr-type", "kerberos.tr_type", |
9991 | 14 | FT_INT32, BASE_DEC, NULL, 0, |
9992 | 14 | "Int32", HFILL }}, |
9993 | 14 | { &hf_kerberos_contents, |
9994 | 14 | { "contents", "kerberos.contents", |
9995 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
9996 | 14 | "OCTET_STRING", HFILL }}, |
9997 | 14 | { &hf_kerberos_pvno, |
9998 | 14 | { "pvno", "kerberos.pvno", |
9999 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10000 | 14 | "INTEGER_5", HFILL }}, |
10001 | 14 | { &hf_kerberos_msg_type, |
10002 | 14 | { "msg-type", "kerberos.msg_type", |
10003 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_MESSAGE_TYPE_vals), 0, |
10004 | 14 | "MESSAGE_TYPE", HFILL }}, |
10005 | 14 | { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA, |
10006 | 14 | { "padata", "kerberos.rEQ_SEQUENCE_OF_PA_DATA", |
10007 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10008 | 14 | "T_rEQ_SEQUENCE_OF_PA_DATA", HFILL }}, |
10009 | 14 | { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA_item, |
10010 | 14 | { "PA-DATA", "kerberos.PA_DATA_element", |
10011 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10012 | 14 | NULL, HFILL }}, |
10013 | 14 | { &hf_kerberos_req_body, |
10014 | 14 | { "req-body", "kerberos.req_body_element", |
10015 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10016 | 14 | "KDC_REQ_BODY", HFILL }}, |
10017 | 14 | { &hf_kerberos_kdc_options, |
10018 | 14 | { "kdc-options", "kerberos.kdc_options", |
10019 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10020 | 14 | "KDCOptions", HFILL }}, |
10021 | 14 | { &hf_kerberos_from, |
10022 | 14 | { "from", "kerberos.from", |
10023 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10024 | 14 | "KerberosTime", HFILL }}, |
10025 | 14 | { &hf_kerberos_till, |
10026 | 14 | { "till", "kerberos.till", |
10027 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10028 | 14 | "KerberosTime", HFILL }}, |
10029 | 14 | { &hf_kerberos_rtime, |
10030 | 14 | { "rtime", "kerberos.rtime", |
10031 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10032 | 14 | "KerberosTime", HFILL }}, |
10033 | 14 | { &hf_kerberos_nonce, |
10034 | 14 | { "nonce", "kerberos.nonce", |
10035 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10036 | 14 | "UInt32", HFILL }}, |
10037 | 14 | { &hf_kerberos_kDC_REQ_BODY_etype, |
10038 | 14 | { "etype", "kerberos.kdc-req-body.etype", |
10039 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10040 | 14 | "SEQUENCE_OF_ENCTYPE", HFILL }}, |
10041 | 14 | { &hf_kerberos_kDC_REQ_BODY_etype_item, |
10042 | 14 | { "ENCTYPE", "kerberos.ENCTYPE", |
10043 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, |
10044 | 14 | NULL, HFILL }}, |
10045 | 14 | { &hf_kerberos_addresses, |
10046 | 14 | { "addresses", "kerberos.addresses", |
10047 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10048 | 14 | "HostAddresses", HFILL }}, |
10049 | 14 | { &hf_kerberos_enc_authorization_data, |
10050 | 14 | { "enc-authorization-data", "kerberos.enc_authorization_data_element", |
10051 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10052 | 14 | "EncryptedAuthorizationData", HFILL }}, |
10053 | 14 | { &hf_kerberos_additional_tickets, |
10054 | 14 | { "additional-tickets", "kerberos.additional_tickets", |
10055 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10056 | 14 | "SEQUENCE_OF_Ticket", HFILL }}, |
10057 | 14 | { &hf_kerberos_additional_tickets_item, |
10058 | 14 | { "Ticket", "kerberos.Ticket_element", |
10059 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10060 | 14 | NULL, HFILL }}, |
10061 | 14 | { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA, |
10062 | 14 | { "padata", "kerberos.rEP_SEQUENCE_OF_PA_DATA", |
10063 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10064 | 14 | "T_rEP_SEQUENCE_OF_PA_DATA", HFILL }}, |
10065 | 14 | { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA_item, |
10066 | 14 | { "PA-DATA", "kerberos.PA_DATA_element", |
10067 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10068 | 14 | NULL, HFILL }}, |
10069 | 14 | { &hf_kerberos_kDC_REP_enc_part, |
10070 | 14 | { "enc-part", "kerberos.kDC_REP_enc_part_element", |
10071 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10072 | 14 | "EncryptedKDCREPData", HFILL }}, |
10073 | 14 | { &hf_kerberos_encKDCRepPart_key, |
10074 | 14 | { "key", "kerberos.encKDCRepPart_key_element", |
10075 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10076 | 14 | "T_encKDCRepPart_key", HFILL }}, |
10077 | 14 | { &hf_kerberos_last_req, |
10078 | 14 | { "last-req", "kerberos.last_req", |
10079 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10080 | 14 | "LastReq", HFILL }}, |
10081 | 14 | { &hf_kerberos_key_expiration, |
10082 | 14 | { "key-expiration", "kerberos.key_expiration", |
10083 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10084 | 14 | "KerberosTime", HFILL }}, |
10085 | 14 | { &hf_kerberos_srealm, |
10086 | 14 | { "srealm", "kerberos.srealm", |
10087 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10088 | 14 | "Realm", HFILL }}, |
10089 | 14 | { &hf_kerberos_encrypted_pa_data, |
10090 | 14 | { "encrypted-pa-data", "kerberos.encrypted_pa_data", |
10091 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10092 | 14 | NULL, HFILL }}, |
10093 | 14 | { &hf_kerberos_LastReq_item, |
10094 | 14 | { "LastReq item", "kerberos.LastReq_item_element", |
10095 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10096 | 14 | NULL, HFILL }}, |
10097 | 14 | { &hf_kerberos_lr_type, |
10098 | 14 | { "lr-type", "kerberos.lr_type", |
10099 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_LR_TYPE_vals), 0, |
10100 | 14 | NULL, HFILL }}, |
10101 | 14 | { &hf_kerberos_lr_value, |
10102 | 14 | { "lr-value", "kerberos.lr_value", |
10103 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10104 | 14 | "KerberosTime", HFILL }}, |
10105 | 14 | { &hf_kerberos_ap_options, |
10106 | 14 | { "ap-options", "kerberos.ap_options", |
10107 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10108 | 14 | "APOptions", HFILL }}, |
10109 | 14 | { &hf_kerberos_authenticator_enc_part, |
10110 | 14 | { "authenticator", "kerberos.authenticator_enc_part_element", |
10111 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10112 | 14 | "EncryptedAuthenticator", HFILL }}, |
10113 | 14 | { &hf_kerberos_authenticator_vno, |
10114 | 14 | { "authenticator-vno", "kerberos.authenticator_vno", |
10115 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10116 | 14 | "INTEGER_5", HFILL }}, |
10117 | 14 | { &hf_kerberos_cksum, |
10118 | 14 | { "cksum", "kerberos.cksum_element", |
10119 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10120 | 14 | "Checksum", HFILL }}, |
10121 | 14 | { &hf_kerberos_cusec, |
10122 | 14 | { "cusec", "kerberos.cusec", |
10123 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10124 | 14 | "Microseconds", HFILL }}, |
10125 | 14 | { &hf_kerberos_ctime, |
10126 | 14 | { "ctime", "kerberos.ctime", |
10127 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10128 | 14 | "KerberosTime", HFILL }}, |
10129 | 14 | { &hf_kerberos_authenticator_subkey, |
10130 | 14 | { "subkey", "kerberos.authenticator_subkey_element", |
10131 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10132 | 14 | "T_authenticator_subkey", HFILL }}, |
10133 | 14 | { &hf_kerberos_seq_number, |
10134 | 14 | { "seq-number", "kerberos.seq_number", |
10135 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10136 | 14 | "UInt32", HFILL }}, |
10137 | 14 | { &hf_kerberos_aP_REP_enc_part, |
10138 | 14 | { "enc-part", "kerberos.aP_REP_enc_part_element", |
10139 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10140 | 14 | "EncryptedAPREPData", HFILL }}, |
10141 | 14 | { &hf_kerberos_encAPRepPart_subkey, |
10142 | 14 | { "subkey", "kerberos.encAPRepPart_subkey_element", |
10143 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10144 | 14 | "T_encAPRepPart_subkey", HFILL }}, |
10145 | 14 | { &hf_kerberos_safe_body, |
10146 | 14 | { "safe-body", "kerberos.safe_body_element", |
10147 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10148 | 14 | "KRB_SAFE_BODY", HFILL }}, |
10149 | 14 | { &hf_kerberos_kRB_SAFE_BODY_user_data, |
10150 | 14 | { "user-data", "kerberos.kRB_SAFE_BODY_user_data", |
10151 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10152 | 14 | "T_kRB_SAFE_BODY_user_data", HFILL }}, |
10153 | 14 | { &hf_kerberos_timestamp, |
10154 | 14 | { "timestamp", "kerberos.timestamp", |
10155 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10156 | 14 | "KerberosTime", HFILL }}, |
10157 | 14 | { &hf_kerberos_usec, |
10158 | 14 | { "usec", "kerberos.usec", |
10159 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10160 | 14 | "Microseconds", HFILL }}, |
10161 | 14 | { &hf_kerberos_s_address, |
10162 | 14 | { "s-address", "kerberos.s_address_element", |
10163 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10164 | 14 | "HostAddress", HFILL }}, |
10165 | 14 | { &hf_kerberos_r_address, |
10166 | 14 | { "r-address", "kerberos.r_address_element", |
10167 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10168 | 14 | "HostAddress", HFILL }}, |
10169 | 14 | { &hf_kerberos_kRB_PRIV_enc_part, |
10170 | 14 | { "enc-part", "kerberos.kRB_PRIV_enc_part_element", |
10171 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10172 | 14 | "EncryptedKrbPrivData", HFILL }}, |
10173 | 14 | { &hf_kerberos_encKrbPrivPart_user_data, |
10174 | 14 | { "user-data", "kerberos.encKrbPrivPart_user_data", |
10175 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10176 | 14 | "T_encKrbPrivPart_user_data", HFILL }}, |
10177 | 14 | { &hf_kerberos_tickets, |
10178 | 14 | { "tickets", "kerberos.tickets", |
10179 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10180 | 14 | "SEQUENCE_OF_Ticket", HFILL }}, |
10181 | 14 | { &hf_kerberos_tickets_item, |
10182 | 14 | { "Ticket", "kerberos.Ticket_element", |
10183 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10184 | 14 | NULL, HFILL }}, |
10185 | 14 | { &hf_kerberos_kRB_CRED_enc_part, |
10186 | 14 | { "enc-part", "kerberos.kRB_CRED_enc_part_element", |
10187 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10188 | 14 | "EncryptedKrbCredData", HFILL }}, |
10189 | 14 | { &hf_kerberos_ticket_info, |
10190 | 14 | { "ticket-info", "kerberos.ticket_info", |
10191 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10192 | 14 | "SEQUENCE_OF_KrbCredInfo", HFILL }}, |
10193 | 14 | { &hf_kerberos_ticket_info_item, |
10194 | 14 | { "KrbCredInfo", "kerberos.KrbCredInfo_element", |
10195 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10196 | 14 | NULL, HFILL }}, |
10197 | 14 | { &hf_kerberos_krbCredInfo_key, |
10198 | 14 | { "key", "kerberos.krbCredInfo_key_element", |
10199 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10200 | 14 | "T_krbCredInfo_key", HFILL }}, |
10201 | 14 | { &hf_kerberos_prealm, |
10202 | 14 | { "prealm", "kerberos.prealm", |
10203 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10204 | 14 | "Realm", HFILL }}, |
10205 | 14 | { &hf_kerberos_pname, |
10206 | 14 | { "pname", "kerberos.pname_element", |
10207 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10208 | 14 | "PrincipalName", HFILL }}, |
10209 | 14 | { &hf_kerberos_stime, |
10210 | 14 | { "stime", "kerberos.stime", |
10211 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, |
10212 | 14 | "KerberosTime", HFILL }}, |
10213 | 14 | { &hf_kerberos_susec, |
10214 | 14 | { "susec", "kerberos.susec", |
10215 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10216 | 14 | "Microseconds", HFILL }}, |
10217 | 14 | { &hf_kerberos_error_code, |
10218 | 14 | { "error-code", "kerberos.error_code", |
10219 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_ERROR_CODE_vals), 0, |
10220 | 14 | NULL, HFILL }}, |
10221 | 14 | { &hf_kerberos_e_text, |
10222 | 14 | { "e-text", "kerberos.e_text", |
10223 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10224 | 14 | "KerberosString", HFILL }}, |
10225 | 14 | { &hf_kerberos_e_data, |
10226 | 14 | { "e-data", "kerberos.e_data", |
10227 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10228 | 14 | NULL, HFILL }}, |
10229 | 14 | { &hf_kerberos_e_checksum, |
10230 | 14 | { "e-checksum", "kerberos.e_checksum_element", |
10231 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10232 | 14 | "Checksum", HFILL }}, |
10233 | 14 | { &hf_kerberos_METHOD_DATA_item, |
10234 | 14 | { "PA-DATA", "kerberos.PA_DATA_element", |
10235 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10236 | 14 | NULL, HFILL }}, |
10237 | 14 | { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, |
10238 | 14 | { "cipher", "kerberos.pA_ENC_TIMESTAMP_cipher", |
10239 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10240 | 14 | "T_pA_ENC_TIMESTAMP_cipher", HFILL }}, |
10241 | 14 | { &hf_kerberos_info_salt, |
10242 | 14 | { "salt", "kerberos.info_salt", |
10243 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10244 | 14 | "OCTET_STRING", HFILL }}, |
10245 | 14 | { &hf_kerberos_ETYPE_INFO_item, |
10246 | 14 | { "ETYPE-INFO-ENTRY", "kerberos.ETYPE_INFO_ENTRY_element", |
10247 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10248 | 14 | NULL, HFILL }}, |
10249 | 14 | { &hf_kerberos_info2_salt, |
10250 | 14 | { "salt", "kerberos.info2_salt", |
10251 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10252 | 14 | "KerberosString", HFILL }}, |
10253 | 14 | { &hf_kerberos_s2kparams, |
10254 | 14 | { "s2kparams", "kerberos.s2kparams", |
10255 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10256 | 14 | "OCTET_STRING", HFILL }}, |
10257 | 14 | { &hf_kerberos_ETYPE_INFO2_item, |
10258 | 14 | { "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element", |
10259 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10260 | 14 | NULL, HFILL }}, |
10261 | 14 | { &hf_kerberos_server_name, |
10262 | 14 | { "server-name", "kerberos.server_name_element", |
10263 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10264 | 14 | "PrincipalName", HFILL }}, |
10265 | 14 | { &hf_kerberos_include_pac, |
10266 | 14 | { "include-pac", "kerberos.include_pac", |
10267 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
10268 | 14 | "BOOLEAN", HFILL }}, |
10269 | 14 | { &hf_kerberos_name, |
10270 | 14 | { "name", "kerberos.name_element", |
10271 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10272 | 14 | "PrincipalName", HFILL }}, |
10273 | 14 | { &hf_kerberos_auth, |
10274 | 14 | { "auth", "kerberos.auth", |
10275 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10276 | 14 | "GeneralString", HFILL }}, |
10277 | 14 | { &hf_kerberos_user_id, |
10278 | 14 | { "user-id", "kerberos.user_id_element", |
10279 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10280 | 14 | "S4UUserID", HFILL }}, |
10281 | 14 | { &hf_kerberos_checksum_01, |
10282 | 14 | { "checksum", "kerberos.checksum_element", |
10283 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10284 | 14 | NULL, HFILL }}, |
10285 | 14 | { &hf_kerberos_cname_01, |
10286 | 14 | { "cname", "kerberos.cname_element", |
10287 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10288 | 14 | "PrincipalName", HFILL }}, |
10289 | 14 | { &hf_kerberos_subject_certificate, |
10290 | 14 | { "subject-certificate", "kerberos.subject_certificate", |
10291 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10292 | 14 | "T_subject_certificate", HFILL }}, |
10293 | 14 | { &hf_kerberos_options, |
10294 | 14 | { "options", "kerberos.options", |
10295 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10296 | 14 | "BIT_STRING", HFILL }}, |
10297 | 14 | { &hf_kerberos_flags_01, |
10298 | 14 | { "flags", "kerberos.flags", |
10299 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10300 | 14 | "PAC_OPTIONS_FLAGS", HFILL }}, |
10301 | 14 | { &hf_kerberos_restriction_type, |
10302 | 14 | { "restriction-type", "kerberos.restriction_type", |
10303 | 14 | FT_INT32, BASE_DEC, NULL, 0, |
10304 | 14 | "Int32", HFILL }}, |
10305 | 14 | { &hf_kerberos_restriction, |
10306 | 14 | { "restriction", "kerberos.restriction", |
10307 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10308 | 14 | "OCTET_STRING", HFILL }}, |
10309 | 14 | { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item, |
10310 | 14 | { "ENCTYPE", "kerberos.ENCTYPE", |
10311 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, |
10312 | 14 | NULL, HFILL }}, |
10313 | 14 | { &hf_kerberos_kerbKeyListRep_key, |
10314 | 14 | { "key", "kerberos.kerbKeyListRep.key_element", |
10315 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10316 | 14 | "PA_KERB_KEY_LIST_REP_item", HFILL }}, |
10317 | 14 | { &hf_kerberos_srppa_group, |
10318 | 14 | { "group", "kerberos.srppa_group", |
10319 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_KRB5_SRP_GROUP_vals), 0, |
10320 | 14 | "KRB5_SRP_GROUP", HFILL }}, |
10321 | 14 | { &hf_kerberos_salt, |
10322 | 14 | { "salt", "kerberos.salt", |
10323 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10324 | 14 | "OCTET_STRING", HFILL }}, |
10325 | 14 | { &hf_kerberos_iterations, |
10326 | 14 | { "iterations", "kerberos.iterations", |
10327 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10328 | 14 | "UInt32", HFILL }}, |
10329 | 14 | { &hf_kerberos_groups, |
10330 | 14 | { "groups", "kerberos.groups", |
10331 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10332 | 14 | "SET_OF_KRB5_SRP_PA", HFILL }}, |
10333 | 14 | { &hf_kerberos_groups_item, |
10334 | 14 | { "KRB5-SRP-PA", "kerberos.KRB5_SRP_PA_element", |
10335 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10336 | 14 | NULL, HFILL }}, |
10337 | 14 | { &hf_kerberos_as_req_01, |
10338 | 14 | { "as-req", "kerberos.as_req_element", |
10339 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10340 | 14 | "Checksum", HFILL }}, |
10341 | 14 | { &hf_kerberos_group, |
10342 | 14 | { "group", "kerberos.group", |
10343 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10344 | 14 | "UInt32", HFILL }}, |
10345 | 14 | { &hf_kerberos_a, |
10346 | 14 | { "a", "kerberos.a", |
10347 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10348 | 14 | "OCTET_STRING", HFILL }}, |
10349 | 14 | { &hf_kerberos_AD_AUTHENTICATION_INDICATOR_item, |
10350 | 14 | { "AD-AUTHENTICATION-INDICATOR item", "kerberos.AD_AUTHENTICATION_INDICATOR_item", |
10351 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10352 | 14 | "UTF8String", HFILL }}, |
10353 | 14 | { &hf_kerberos_elements, |
10354 | 14 | { "elements", "kerberos.elements", |
10355 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10356 | 14 | "AuthorizationData", HFILL }}, |
10357 | 14 | { &hf_kerberos_kdc_verifier, |
10358 | 14 | { "kdc-verifier", "kerberos.kdc_verifier_element", |
10359 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10360 | 14 | "Verifier_MAC", HFILL }}, |
10361 | 14 | { &hf_kerberos_svc_verifier, |
10362 | 14 | { "svc-verifier", "kerberos.svc_verifier_element", |
10363 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10364 | 14 | "Verifier_MAC", HFILL }}, |
10365 | 14 | { &hf_kerberos_other_verifiers, |
10366 | 14 | { "other-verifiers", "kerberos.other_verifiers", |
10367 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10368 | 14 | "SEQUENCE_SIZE_1_MAX_OF_Verifier", HFILL }}, |
10369 | 14 | { &hf_kerberos_other_verifiers_item, |
10370 | 14 | { "Verifier", "kerberos.Verifier", |
10371 | 14 | FT_UINT32, BASE_DEC, VALS(kerberos_Verifier_vals), 0, |
10372 | 14 | NULL, HFILL }}, |
10373 | 14 | { &hf_kerberos_mac, |
10374 | 14 | { "mac", "kerberos.mac_element", |
10375 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10376 | 14 | "Verifier_MAC", HFILL }}, |
10377 | 14 | { &hf_kerberos_identifier, |
10378 | 14 | { "identifier", "kerberos.identifier_element", |
10379 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10380 | 14 | "PrincipalName", HFILL }}, |
10381 | 14 | { &hf_kerberos_enctype, |
10382 | 14 | { "enctype", "kerberos.enctype", |
10383 | 14 | FT_INT32, BASE_DEC, NULL, 0, |
10384 | 14 | "Int32", HFILL }}, |
10385 | 14 | { &hf_kerberos_mac_01, |
10386 | 14 | { "mac", "kerberos.mac_element", |
10387 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10388 | 14 | "Checksum", HFILL }}, |
10389 | 14 | { &hf_kerberos_newpasswd, |
10390 | 14 | { "newpasswd", "kerberos.newpasswd", |
10391 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10392 | 14 | "OCTET_STRING", HFILL }}, |
10393 | 14 | { &hf_kerberos_targname, |
10394 | 14 | { "targname", "kerberos.targname_element", |
10395 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10396 | 14 | "PrincipalName", HFILL }}, |
10397 | 14 | { &hf_kerberos_targrealm, |
10398 | 14 | { "targrealm", "kerberos.targrealm", |
10399 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
10400 | 14 | "Realm", HFILL }}, |
10401 | 14 | { &hf_kerberos_pa_type, |
10402 | 14 | { "pa-type", "kerberos.pa_type", |
10403 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0, |
10404 | 14 | "PADATA_TYPE", HFILL }}, |
10405 | 14 | { &hf_kerberos_pa_hint, |
10406 | 14 | { "pa-hint", "kerberos.pa_hint", |
10407 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10408 | 14 | "OCTET_STRING", HFILL }}, |
10409 | 14 | { &hf_kerberos_pa_value, |
10410 | 14 | { "pa-value", "kerberos.pa_value", |
10411 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10412 | 14 | "OCTET_STRING", HFILL }}, |
10413 | 14 | { &hf_kerberos_armor_type, |
10414 | 14 | { "armor-type", "kerberos.armor_type", |
10415 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_KrbFastArmorTypes_vals), 0, |
10416 | 14 | "KrbFastArmorTypes", HFILL }}, |
10417 | 14 | { &hf_kerberos_armor_value, |
10418 | 14 | { "armor-value", "kerberos.armor_value", |
10419 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10420 | 14 | NULL, HFILL }}, |
10421 | 14 | { &hf_kerberos_armored_data_request, |
10422 | 14 | { "armored-data", "kerberos.armored_data_request_element", |
10423 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10424 | 14 | "KrbFastArmoredReq", HFILL }}, |
10425 | 14 | { &hf_kerberos_encryptedKrbFastReq_cipher, |
10426 | 14 | { "cipher", "kerberos.encryptedKrbFastReq_cipher", |
10427 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10428 | 14 | "T_encryptedKrbFastReq_cipher", HFILL }}, |
10429 | 14 | { &hf_kerberos_armor, |
10430 | 14 | { "armor", "kerberos.armor_element", |
10431 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10432 | 14 | "KrbFastArmor", HFILL }}, |
10433 | 14 | { &hf_kerberos_req_checksum, |
10434 | 14 | { "req-checksum", "kerberos.req_checksum_element", |
10435 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10436 | 14 | "Checksum", HFILL }}, |
10437 | 14 | { &hf_kerberos_enc_fast_req, |
10438 | 14 | { "enc-fast-req", "kerberos.enc_fast_req_element", |
10439 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10440 | 14 | "EncryptedKrbFastReq", HFILL }}, |
10441 | 14 | { &hf_kerberos_armored_data_reply, |
10442 | 14 | { "armored-data", "kerberos.armored_data_reply_element", |
10443 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10444 | 14 | "KrbFastArmoredRep", HFILL }}, |
10445 | 14 | { &hf_kerberos_encryptedKrbFastResponse_cipher, |
10446 | 14 | { "cipher", "kerberos.encryptedKrbFastResponse_cipher", |
10447 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10448 | 14 | "T_encryptedKrbFastResponse_cipher", HFILL }}, |
10449 | 14 | { &hf_kerberos_enc_fast_rep, |
10450 | 14 | { "enc-fast-rep", "kerberos.enc_fast_rep_element", |
10451 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10452 | 14 | "EncryptedKrbFastResponse", HFILL }}, |
10453 | 14 | { &hf_kerberos_encryptedChallenge_cipher, |
10454 | 14 | { "cipher", "kerberos.encryptedChallenge_cipher", |
10455 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10456 | 14 | "T_encryptedChallenge_cipher", HFILL }}, |
10457 | 14 | { &hf_kerberos_cipher, |
10458 | 14 | { "cipher", "kerberos.cipher", |
10459 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10460 | 14 | "OCTET_STRING", HFILL }}, |
10461 | 14 | { &hf_kerberos_groups_01, |
10462 | 14 | { "groups", "kerberos.groups", |
10463 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10464 | 14 | "SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup", HFILL }}, |
10465 | 14 | { &hf_kerberos_groups_item_01, |
10466 | 14 | { "SPAKEGroup", "kerberos.SPAKEGroup", |
10467 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0, |
10468 | 14 | NULL, HFILL }}, |
10469 | 14 | { &hf_kerberos_spake_group, |
10470 | 14 | { "group", "kerberos.spake_group", |
10471 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0, |
10472 | 14 | "SPAKEGroup", HFILL }}, |
10473 | 14 | { &hf_kerberos_pubkey, |
10474 | 14 | { "pubkey", "kerberos.pubkey", |
10475 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10476 | 14 | "OCTET_STRING", HFILL }}, |
10477 | 14 | { &hf_kerberos_factors, |
10478 | 14 | { "factors", "kerberos.factors", |
10479 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
10480 | 14 | "SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor", HFILL }}, |
10481 | 14 | { &hf_kerberos_factors_item, |
10482 | 14 | { "SPAKESecondFactor", "kerberos.SPAKESecondFactor_element", |
10483 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10484 | 14 | NULL, HFILL }}, |
10485 | 14 | { &hf_kerberos_type, |
10486 | 14 | { "type", "kerberos.type", |
10487 | 14 | FT_INT32, BASE_DEC, VALS(kerberos_SPAKESecondFactorType_vals), 0, |
10488 | 14 | "SPAKESecondFactorType", HFILL }}, |
10489 | 14 | { &hf_kerberos_data, |
10490 | 14 | { "data", "kerberos.data", |
10491 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
10492 | 14 | "OCTET_STRING", HFILL }}, |
10493 | 14 | { &hf_kerberos_factor, |
10494 | 14 | { "factor", "kerberos.factor_element", |
10495 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10496 | 14 | "EncryptedSpakeResponseData", HFILL }}, |
10497 | 14 | { &hf_kerberos_support, |
10498 | 14 | { "support", "kerberos.support_element", |
10499 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10500 | 14 | "SPAKESupport", HFILL }}, |
10501 | 14 | { &hf_kerberos_challenge, |
10502 | 14 | { "challenge", "kerberos.challenge_element", |
10503 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10504 | 14 | "SPAKEChallenge", HFILL }}, |
10505 | 14 | { &hf_kerberos_response, |
10506 | 14 | { "response", "kerberos.response_element", |
10507 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10508 | 14 | "SPAKEResponse", HFILL }}, |
10509 | 14 | { &hf_kerberos_encdata, |
10510 | 14 | { "encdata", "kerberos.encdata_element", |
10511 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
10512 | 14 | "EncryptedSpakeData", HFILL }}, |
10513 | 14 | { &hf_kerberos_APOptions_reserved, |
10514 | 14 | { "reserved", "kerberos.APOptions.reserved", |
10515 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10516 | 14 | NULL, HFILL }}, |
10517 | 14 | { &hf_kerberos_APOptions_use_session_key, |
10518 | 14 | { "use-session-key", "kerberos.APOptions.use.session.key", |
10519 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10520 | 14 | NULL, HFILL }}, |
10521 | 14 | { &hf_kerberos_APOptions_mutual_required, |
10522 | 14 | { "mutual-required", "kerberos.APOptions.mutual.required", |
10523 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10524 | 14 | NULL, HFILL }}, |
10525 | 14 | { &hf_kerberos_TicketFlags_reserved, |
10526 | 14 | { "reserved", "kerberos.TicketFlags.reserved", |
10527 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10528 | 14 | NULL, HFILL }}, |
10529 | 14 | { &hf_kerberos_TicketFlags_forwardable, |
10530 | 14 | { "forwardable", "kerberos.TicketFlags.forwardable", |
10531 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10532 | 14 | NULL, HFILL }}, |
10533 | 14 | { &hf_kerberos_TicketFlags_forwarded, |
10534 | 14 | { "forwarded", "kerberos.TicketFlags.forwarded", |
10535 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10536 | 14 | NULL, HFILL }}, |
10537 | 14 | { &hf_kerberos_TicketFlags_proxiable, |
10538 | 14 | { "proxiable", "kerberos.TicketFlags.proxiable", |
10539 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10540 | 14 | NULL, HFILL }}, |
10541 | 14 | { &hf_kerberos_TicketFlags_proxy, |
10542 | 14 | { "proxy", "kerberos.TicketFlags.proxy", |
10543 | 14 | FT_BOOLEAN, 8, NULL, 0x08, |
10544 | 14 | NULL, HFILL }}, |
10545 | 14 | { &hf_kerberos_TicketFlags_may_postdate, |
10546 | 14 | { "may-postdate", "kerberos.TicketFlags.may.postdate", |
10547 | 14 | FT_BOOLEAN, 8, NULL, 0x04, |
10548 | 14 | NULL, HFILL }}, |
10549 | 14 | { &hf_kerberos_TicketFlags_postdated, |
10550 | 14 | { "postdated", "kerberos.TicketFlags.postdated", |
10551 | 14 | FT_BOOLEAN, 8, NULL, 0x02, |
10552 | 14 | NULL, HFILL }}, |
10553 | 14 | { &hf_kerberos_TicketFlags_invalid, |
10554 | 14 | { "invalid", "kerberos.TicketFlags.invalid", |
10555 | 14 | FT_BOOLEAN, 8, NULL, 0x01, |
10556 | 14 | NULL, HFILL }}, |
10557 | 14 | { &hf_kerberos_TicketFlags_renewable, |
10558 | 14 | { "renewable", "kerberos.TicketFlags.renewable", |
10559 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10560 | 14 | NULL, HFILL }}, |
10561 | 14 | { &hf_kerberos_TicketFlags_initial, |
10562 | 14 | { "initial", "kerberos.TicketFlags.initial", |
10563 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10564 | 14 | NULL, HFILL }}, |
10565 | 14 | { &hf_kerberos_TicketFlags_pre_authent, |
10566 | 14 | { "pre-authent", "kerberos.TicketFlags.pre.authent", |
10567 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10568 | 14 | NULL, HFILL }}, |
10569 | 14 | { &hf_kerberos_TicketFlags_hw_authent, |
10570 | 14 | { "hw-authent", "kerberos.TicketFlags.hw.authent", |
10571 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10572 | 14 | NULL, HFILL }}, |
10573 | 14 | { &hf_kerberos_TicketFlags_transited_policy_checked, |
10574 | 14 | { "transited-policy-checked", "kerberos.TicketFlags.transited.policy.checked", |
10575 | 14 | FT_BOOLEAN, 8, NULL, 0x08, |
10576 | 14 | NULL, HFILL }}, |
10577 | 14 | { &hf_kerberos_TicketFlags_ok_as_delegate, |
10578 | 14 | { "ok-as-delegate", "kerberos.TicketFlags.ok.as.delegate", |
10579 | 14 | FT_BOOLEAN, 8, NULL, 0x04, |
10580 | 14 | NULL, HFILL }}, |
10581 | 14 | { &hf_kerberos_TicketFlags_unused, |
10582 | 14 | { "unused", "kerberos.TicketFlags.unused", |
10583 | 14 | FT_BOOLEAN, 8, NULL, 0x02, |
10584 | 14 | NULL, HFILL }}, |
10585 | 14 | { &hf_kerberos_TicketFlags_enc_pa_rep, |
10586 | 14 | { "enc-pa-rep", "kerberos.TicketFlags.enc.pa.rep", |
10587 | 14 | FT_BOOLEAN, 8, NULL, 0x01, |
10588 | 14 | NULL, HFILL }}, |
10589 | 14 | { &hf_kerberos_TicketFlags_anonymous, |
10590 | 14 | { "anonymous", "kerberos.TicketFlags.anonymous", |
10591 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10592 | 14 | NULL, HFILL }}, |
10593 | 14 | { &hf_kerberos_KDCOptions_reserved, |
10594 | 14 | { "reserved", "kerberos.KDCOptions.reserved", |
10595 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10596 | 14 | NULL, HFILL }}, |
10597 | 14 | { &hf_kerberos_KDCOptions_forwardable, |
10598 | 14 | { "forwardable", "kerberos.KDCOptions.forwardable", |
10599 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10600 | 14 | NULL, HFILL }}, |
10601 | 14 | { &hf_kerberos_KDCOptions_forwarded, |
10602 | 14 | { "forwarded", "kerberos.KDCOptions.forwarded", |
10603 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10604 | 14 | NULL, HFILL }}, |
10605 | 14 | { &hf_kerberos_KDCOptions_proxiable, |
10606 | 14 | { "proxiable", "kerberos.KDCOptions.proxiable", |
10607 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10608 | 14 | NULL, HFILL }}, |
10609 | 14 | { &hf_kerberos_KDCOptions_proxy, |
10610 | 14 | { "proxy", "kerberos.KDCOptions.proxy", |
10611 | 14 | FT_BOOLEAN, 8, NULL, 0x08, |
10612 | 14 | NULL, HFILL }}, |
10613 | 14 | { &hf_kerberos_KDCOptions_allow_postdate, |
10614 | 14 | { "allow-postdate", "kerberos.KDCOptions.allow.postdate", |
10615 | 14 | FT_BOOLEAN, 8, NULL, 0x04, |
10616 | 14 | NULL, HFILL }}, |
10617 | 14 | { &hf_kerberos_KDCOptions_postdated, |
10618 | 14 | { "postdated", "kerberos.KDCOptions.postdated", |
10619 | 14 | FT_BOOLEAN, 8, NULL, 0x02, |
10620 | 14 | NULL, HFILL }}, |
10621 | 14 | { &hf_kerberos_KDCOptions_unused7, |
10622 | 14 | { "unused7", "kerberos.KDCOptions.unused7", |
10623 | 14 | FT_BOOLEAN, 8, NULL, 0x01, |
10624 | 14 | NULL, HFILL }}, |
10625 | 14 | { &hf_kerberos_KDCOptions_renewable, |
10626 | 14 | { "renewable", "kerberos.KDCOptions.renewable", |
10627 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10628 | 14 | NULL, HFILL }}, |
10629 | 14 | { &hf_kerberos_KDCOptions_unused9, |
10630 | 14 | { "unused9", "kerberos.KDCOptions.unused9", |
10631 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10632 | 14 | NULL, HFILL }}, |
10633 | 14 | { &hf_kerberos_KDCOptions_unused10, |
10634 | 14 | { "unused10", "kerberos.KDCOptions.unused10", |
10635 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10636 | 14 | NULL, HFILL }}, |
10637 | 14 | { &hf_kerberos_KDCOptions_opt_hardware_auth, |
10638 | 14 | { "opt-hardware-auth", "kerberos.KDCOptions.opt.hardware.auth", |
10639 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10640 | 14 | NULL, HFILL }}, |
10641 | 14 | { &hf_kerberos_KDCOptions_unused12, |
10642 | 14 | { "unused12", "kerberos.KDCOptions.unused12", |
10643 | 14 | FT_BOOLEAN, 8, NULL, 0x08, |
10644 | 14 | NULL, HFILL }}, |
10645 | 14 | { &hf_kerberos_KDCOptions_unused13, |
10646 | 14 | { "unused13", "kerberos.KDCOptions.unused13", |
10647 | 14 | FT_BOOLEAN, 8, NULL, 0x04, |
10648 | 14 | NULL, HFILL }}, |
10649 | 14 | { &hf_kerberos_KDCOptions_constrained_delegation, |
10650 | 14 | { "constrained-delegation", "kerberos.KDCOptions.constrained.delegation", |
10651 | 14 | FT_BOOLEAN, 8, NULL, 0x02, |
10652 | 14 | NULL, HFILL }}, |
10653 | 14 | { &hf_kerberos_KDCOptions_canonicalize, |
10654 | 14 | { "canonicalize", "kerberos.KDCOptions.canonicalize", |
10655 | 14 | FT_BOOLEAN, 8, NULL, 0x01, |
10656 | 14 | NULL, HFILL }}, |
10657 | 14 | { &hf_kerberos_KDCOptions_request_anonymous, |
10658 | 14 | { "request-anonymous", "kerberos.KDCOptions.request.anonymous", |
10659 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10660 | 14 | NULL, HFILL }}, |
10661 | 14 | { &hf_kerberos_KDCOptions_unused17, |
10662 | 14 | { "unused17", "kerberos.KDCOptions.unused17", |
10663 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10664 | 14 | NULL, HFILL }}, |
10665 | 14 | { &hf_kerberos_KDCOptions_unused18, |
10666 | 14 | { "unused18", "kerberos.KDCOptions.unused18", |
10667 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10668 | 14 | NULL, HFILL }}, |
10669 | 14 | { &hf_kerberos_KDCOptions_unused19, |
10670 | 14 | { "unused19", "kerberos.KDCOptions.unused19", |
10671 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10672 | 14 | NULL, HFILL }}, |
10673 | 14 | { &hf_kerberos_KDCOptions_unused20, |
10674 | 14 | { "unused20", "kerberos.KDCOptions.unused20", |
10675 | 14 | FT_BOOLEAN, 8, NULL, 0x08, |
10676 | 14 | NULL, HFILL }}, |
10677 | 14 | { &hf_kerberos_KDCOptions_unused21, |
10678 | 14 | { "unused21", "kerberos.KDCOptions.unused21", |
10679 | 14 | FT_BOOLEAN, 8, NULL, 0x04, |
10680 | 14 | NULL, HFILL }}, |
10681 | 14 | { &hf_kerberos_KDCOptions_unused22, |
10682 | 14 | { "unused22", "kerberos.KDCOptions.unused22", |
10683 | 14 | FT_BOOLEAN, 8, NULL, 0x02, |
10684 | 14 | NULL, HFILL }}, |
10685 | 14 | { &hf_kerberos_KDCOptions_unused23, |
10686 | 14 | { "unused23", "kerberos.KDCOptions.unused23", |
10687 | 14 | FT_BOOLEAN, 8, NULL, 0x01, |
10688 | 14 | NULL, HFILL }}, |
10689 | 14 | { &hf_kerberos_KDCOptions_unused24, |
10690 | 14 | { "unused24", "kerberos.KDCOptions.unused24", |
10691 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10692 | 14 | NULL, HFILL }}, |
10693 | 14 | { &hf_kerberos_KDCOptions_unused25, |
10694 | 14 | { "unused25", "kerberos.KDCOptions.unused25", |
10695 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10696 | 14 | NULL, HFILL }}, |
10697 | 14 | { &hf_kerberos_KDCOptions_disable_transited_check, |
10698 | 14 | { "disable-transited-check", "kerberos.KDCOptions.disable.transited.check", |
10699 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10700 | 14 | NULL, HFILL }}, |
10701 | 14 | { &hf_kerberos_KDCOptions_renewable_ok, |
10702 | 14 | { "renewable-ok", "kerberos.KDCOptions.renewable.ok", |
10703 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10704 | 14 | NULL, HFILL }}, |
10705 | 14 | { &hf_kerberos_KDCOptions_enc_tkt_in_skey, |
10706 | 14 | { "enc-tkt-in-skey", "kerberos.KDCOptions.enc.tkt.in.skey", |
10707 | 14 | FT_BOOLEAN, 8, NULL, 0x08, |
10708 | 14 | NULL, HFILL }}, |
10709 | 14 | { &hf_kerberos_KDCOptions_unused29, |
10710 | 14 | { "unused29", "kerberos.KDCOptions.unused29", |
10711 | 14 | FT_BOOLEAN, 8, NULL, 0x04, |
10712 | 14 | NULL, HFILL }}, |
10713 | 14 | { &hf_kerberos_KDCOptions_renew, |
10714 | 14 | { "renew", "kerberos.KDCOptions.renew", |
10715 | 14 | FT_BOOLEAN, 8, NULL, 0x02, |
10716 | 14 | NULL, HFILL }}, |
10717 | 14 | { &hf_kerberos_KDCOptions_validate, |
10718 | 14 | { "validate", "kerberos.KDCOptions.validate", |
10719 | 14 | FT_BOOLEAN, 8, NULL, 0x01, |
10720 | 14 | NULL, HFILL }}, |
10721 | 14 | { &hf_kerberos_PAC_OPTIONS_FLAGS_claims, |
10722 | 14 | { "claims", "kerberos.PAC.OPTIONS.FLAGS.claims", |
10723 | 14 | FT_BOOLEAN, 8, NULL, 0x80, |
10724 | 14 | NULL, HFILL }}, |
10725 | 14 | { &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware, |
10726 | 14 | { "branch-aware", "kerberos.PAC.OPTIONS.FLAGS.branch.aware", |
10727 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
10728 | 14 | NULL, HFILL }}, |
10729 | 14 | { &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc, |
10730 | 14 | { "forward-to-full-dc", "kerberos.PAC.OPTIONS.FLAGS.forward.to.full.dc", |
10731 | 14 | FT_BOOLEAN, 8, NULL, 0x20, |
10732 | 14 | NULL, HFILL }}, |
10733 | 14 | { &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation, |
10734 | 14 | { "resource-based-constrained-delegation", "kerberos.PAC.OPTIONS.FLAGS.resource.based.constrained.delegation", |
10735 | 14 | FT_BOOLEAN, 8, NULL, 0x10, |
10736 | 14 | NULL, HFILL }}, |
10737 | 14 | }; |
10738 | | |
10739 | | /* List of subtrees */ |
10740 | 14 | static int *ett[] = { |
10741 | 14 | &ett_kerberos, |
10742 | 14 | &ett_krb_recordmark, |
10743 | 14 | &ett_krb_pac, |
10744 | 14 | &ett_krb_pac_drep, |
10745 | 14 | &ett_krb_pac_midl_blob, |
10746 | 14 | &ett_krb_pac_logon_info, |
10747 | 14 | &ett_krb_pac_credential_info, |
10748 | 14 | &ett_krb_pac_s4u_delegation_info, |
10749 | 14 | &ett_krb_pac_upn_dns_info, |
10750 | 14 | &ett_krb_pac_upn_dns_info_flags, |
10751 | 14 | &ett_krb_pac_client_claims_info, |
10752 | 14 | &ett_krb_pac_device_info, |
10753 | 14 | &ett_krb_pac_device_claims_info, |
10754 | 14 | &ett_krb_pac_server_checksum, |
10755 | 14 | &ett_krb_pac_privsvr_checksum, |
10756 | 14 | &ett_krb_pac_client_info_type, |
10757 | 14 | &ett_krb_pac_ticket_checksum, |
10758 | 14 | &ett_krb_pac_attributes_info, |
10759 | 14 | &ett_krb_pac_attributes_info_flags, |
10760 | 14 | &ett_krb_pac_requester_sid, |
10761 | 14 | &ett_krb_pac_full_checksum, |
10762 | 14 | &ett_krb_pa_supported_enctypes, |
10763 | 14 | &ett_krb_ad_ap_options, |
10764 | 14 | &ett_kerberos_KERB_TICKET_LOGON, |
10765 | | #ifdef HAVE_KERBEROS |
10766 | | &ett_krb_pa_enc_ts_enc, |
10767 | | &ett_kerberos_KrbFastFinished, |
10768 | | &ett_kerberos_KrbFastResponse, |
10769 | | &ett_kerberos_KrbFastReq, |
10770 | | &ett_kerberos_FastOptions, |
10771 | | #endif |
10772 | 14 | &ett_kerberos_Applications, |
10773 | 14 | &ett_kerberos_PrincipalName, |
10774 | 14 | &ett_kerberos_SEQUENCE_OF_KerberosString, |
10775 | 14 | &ett_kerberos_CName, |
10776 | 14 | &ett_kerberos_SEQUENCE_OF_CNameString, |
10777 | 14 | &ett_kerberos_SName, |
10778 | 14 | &ett_kerberos_SEQUENCE_OF_SNameString, |
10779 | 14 | &ett_kerberos_HostAddress, |
10780 | 14 | &ett_kerberos_HostAddresses, |
10781 | 14 | &ett_kerberos_AuthorizationData, |
10782 | 14 | &ett_kerberos_AuthorizationData_item, |
10783 | 14 | &ett_kerberos_PA_DATA, |
10784 | 14 | &ett_kerberos_EncryptionKey, |
10785 | 14 | &ett_kerberos_Checksum, |
10786 | 14 | &ett_kerberos_EncryptedTicketData, |
10787 | 14 | &ett_kerberos_EncryptedAuthorizationData, |
10788 | 14 | &ett_kerberos_EncryptedAuthenticator, |
10789 | 14 | &ett_kerberos_EncryptedKDCREPData, |
10790 | 14 | &ett_kerberos_EncryptedAPREPData, |
10791 | 14 | &ett_kerberos_EncryptedKrbPrivData, |
10792 | 14 | &ett_kerberos_EncryptedKrbCredData, |
10793 | 14 | &ett_kerberos_Ticket_U, |
10794 | 14 | &ett_kerberos_EncTicketPart_U, |
10795 | 14 | &ett_kerberos_TransitedEncoding, |
10796 | 14 | &ett_kerberos_KDC_REQ, |
10797 | 14 | &ett_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA, |
10798 | 14 | &ett_kerberos_KDC_REQ_BODY, |
10799 | 14 | &ett_kerberos_SEQUENCE_OF_ENCTYPE, |
10800 | 14 | &ett_kerberos_SEQUENCE_OF_Ticket, |
10801 | 14 | &ett_kerberos_KDC_REP, |
10802 | 14 | &ett_kerberos_T_rEP_SEQUENCE_OF_PA_DATA, |
10803 | 14 | &ett_kerberos_EncKDCRepPart, |
10804 | 14 | &ett_kerberos_LastReq, |
10805 | 14 | &ett_kerberos_LastReq_item, |
10806 | 14 | &ett_kerberos_AP_REQ_U, |
10807 | 14 | &ett_kerberos_Authenticator_U, |
10808 | 14 | &ett_kerberos_AP_REP_U, |
10809 | 14 | &ett_kerberos_EncAPRepPart_U, |
10810 | 14 | &ett_kerberos_KRB_SAFE_U, |
10811 | 14 | &ett_kerberos_KRB_SAFE_BODY, |
10812 | 14 | &ett_kerberos_KRB_PRIV_U, |
10813 | 14 | &ett_kerberos_EncKrbPrivPart, |
10814 | 14 | &ett_kerberos_KRB_CRED_U, |
10815 | 14 | &ett_kerberos_EncKrbCredPart_U, |
10816 | 14 | &ett_kerberos_SEQUENCE_OF_KrbCredInfo, |
10817 | 14 | &ett_kerberos_KrbCredInfo, |
10818 | 14 | &ett_kerberos_KRB_ERROR_U, |
10819 | 14 | &ett_kerberos_METHOD_DATA, |
10820 | 14 | &ett_kerberos_PA_ENC_TIMESTAMP, |
10821 | 14 | &ett_kerberos_ETYPE_INFO_ENTRY, |
10822 | 14 | &ett_kerberos_ETYPE_INFO, |
10823 | 14 | &ett_kerberos_ETYPE_INFO2_ENTRY, |
10824 | 14 | &ett_kerberos_ETYPE_INFO2, |
10825 | 14 | &ett_kerberos_TGT_REQ, |
10826 | 14 | &ett_kerberos_TGT_REP, |
10827 | 14 | &ett_kerberos_APOptions, |
10828 | 14 | &ett_kerberos_TicketFlags, |
10829 | 14 | &ett_kerberos_KDCOptions, |
10830 | 14 | &ett_kerberos_PA_PAC_REQUEST, |
10831 | 14 | &ett_kerberos_PA_S4U2Self, |
10832 | 14 | &ett_kerberos_PA_S4U_X509_USER, |
10833 | 14 | &ett_kerberos_S4UUserID, |
10834 | 14 | &ett_kerberos_PAC_OPTIONS_FLAGS, |
10835 | 14 | &ett_kerberos_PA_PAC_OPTIONS, |
10836 | 14 | &ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U, |
10837 | 14 | &ett_kerberos_PA_KERB_KEY_LIST_REQ, |
10838 | 14 | &ett_kerberos_PA_KERB_KEY_LIST_REP, |
10839 | 14 | &ett_kerberos_KRB5_SRP_PA, |
10840 | 14 | &ett_kerberos_KRB5_SRP_PA_ANNOUNCE, |
10841 | 14 | &ett_kerberos_SET_OF_KRB5_SRP_PA, |
10842 | 14 | &ett_kerberos_KRB5_SRP_PA_INIT_U, |
10843 | 14 | &ett_kerberos_AD_AUTHENTICATION_INDICATOR, |
10844 | 14 | &ett_kerberos_AD_CAMMAC, |
10845 | 14 | &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier, |
10846 | 14 | &ett_kerberos_Verifier, |
10847 | 14 | &ett_kerberos_Verifier_MAC, |
10848 | 14 | &ett_kerberos_ChangePasswdData, |
10849 | 14 | &ett_kerberos_PA_AUTHENTICATION_SET_ELEM, |
10850 | 14 | &ett_kerberos_KrbFastArmor, |
10851 | 14 | &ett_kerberos_PA_FX_FAST_REQUEST, |
10852 | 14 | &ett_kerberos_EncryptedKrbFastReq, |
10853 | 14 | &ett_kerberos_KrbFastArmoredReq, |
10854 | 14 | &ett_kerberos_PA_FX_FAST_REPLY, |
10855 | 14 | &ett_kerberos_EncryptedKrbFastResponse, |
10856 | 14 | &ett_kerberos_KrbFastArmoredRep, |
10857 | 14 | &ett_kerberos_EncryptedChallenge, |
10858 | 14 | &ett_kerberos_EncryptedSpakeData, |
10859 | 14 | &ett_kerberos_EncryptedSpakeResponseData, |
10860 | 14 | &ett_kerberos_SPAKESupport, |
10861 | 14 | &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup, |
10862 | 14 | &ett_kerberos_SPAKEChallenge, |
10863 | 14 | &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor, |
10864 | 14 | &ett_kerberos_SPAKESecondFactor, |
10865 | 14 | &ett_kerberos_SPAKEResponse, |
10866 | 14 | &ett_kerberos_PA_SPAKE, |
10867 | 14 | }; |
10868 | | |
10869 | 14 | static ei_register_info ei[] = { |
10870 | 14 | { &ei_kerberos_missing_keytype, { "kerberos.missing_keytype", PI_DECRYPTION, PI_WARN, "Missing keytype", EXPFILL }}, |
10871 | 14 | { &ei_kerberos_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decrypted keytype", EXPFILL }}, |
10872 | 14 | { &ei_kerberos_learnt_keytype, { "kerberos.learnt_keytype", PI_SECURITY, PI_CHAT, "Learnt keytype", EXPFILL }}, |
10873 | 14 | { &ei_kerberos_address, { "kerberos.address.unknown", PI_UNDECODED, PI_WARN, "KRB Address: I don't know how to parse this type of address yet", EXPFILL }}, |
10874 | 14 | { &ei_krb_gssapi_dlglen, { "kerberos.gssapi.dlglen.error", PI_MALFORMED, PI_ERROR, "DlgLen is not the same as number of bytes remaining", EXPFILL }}, |
10875 | 14 | }; |
10876 | | |
10877 | 14 | expert_module_t* expert_krb; |
10878 | 14 | module_t *krb_module; |
10879 | | |
10880 | 14 | proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos"); |
10881 | 14 | proto_register_field_array(proto_kerberos, hf, array_length(hf)); |
10882 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
10883 | 14 | expert_krb = expert_register_protocol(proto_kerberos); |
10884 | 14 | expert_register_field_array(expert_krb, ei, array_length(ei)); |
10885 | | |
10886 | 14 | kerberos_tap = register_tap("kerberos"); |
10887 | 14 | register_srt_table(proto_kerberos, NULL, 1, krb5stat_packet, krb5stat_init, NULL); |
10888 | | |
10889 | | /* Register dissectors */ |
10890 | 14 | kerberos_handle_udp = register_dissector("kerberos.udp", dissect_kerberos_udp, proto_kerberos); |
10891 | 14 | kerberos_handle_tcp = register_dissector("kerberos.tcp", dissect_kerberos_tcp, proto_kerberos); |
10892 | | |
10893 | | /* Register preferences */ |
10894 | 14 | krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb); |
10895 | 14 | prefs_register_bool_preference(krb_module, "desegment", |
10896 | 14 | "Reassemble Kerberos over TCP messages spanning multiple TCP segments", |
10897 | 14 | "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments." |
10898 | 14 | " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", |
10899 | 14 | &krb_desegment); |
10900 | | #ifdef HAVE_KERBEROS |
10901 | | prefs_register_bool_preference(krb_module, "decrypt", |
10902 | | "Try to decrypt Kerberos blobs", |
10903 | | "Whether the dissector should try to decrypt " |
10904 | | "encrypted Kerberos blobs. This requires that the proper " |
10905 | | "keytab file is installed as well.", &krb_decrypt); |
10906 | | |
10907 | | prefs_register_filename_preference(krb_module, "file", |
10908 | | "Kerberos keytab file", |
10909 | | "The keytab file containing all the secrets", |
10910 | | &keytab_filename, false); |
10911 | | |
10912 | | #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) |
10913 | | wmem_register_callback(wmem_epan_scope(), enc_key_list_cb, NULL); |
10914 | | kerberos_longterm_keys = wmem_map_new(wmem_epan_scope(), |
10915 | | enc_key_content_hash, |
10916 | | enc_key_content_equal); |
10917 | | kerberos_all_keys = wmem_map_new_autoreset(wmem_epan_scope(), |
10918 | | wmem_file_scope(), |
10919 | | enc_key_content_hash, |
10920 | | enc_key_content_equal); |
10921 | | kerberos_app_session_keys = wmem_map_new_autoreset(wmem_epan_scope(), |
10922 | | wmem_file_scope(), |
10923 | | enc_key_content_hash, |
10924 | | enc_key_content_equal); |
10925 | | #endif /* defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) */ |
10926 | | #endif /* HAVE_KERBEROS */ |
10927 | | |
10928 | 14 | } |
10929 | | static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo, |
10930 | | proto_tree *tree, dcerpc_info *di _U_,uint8_t *drep _U_) |
10931 | 0 | { |
10932 | 0 | tvbuff_t *auth_tvb; |
10933 | |
|
10934 | 0 | auth_tvb = tvb_new_subset_remaining(tvb, offset); |
10935 | |
|
10936 | 0 | dissect_kerberos_main(auth_tvb, pinfo, tree, false, NULL); |
10937 | |
|
10938 | 0 | return tvb_captured_length_remaining(tvb, offset); |
10939 | 0 | } |
10940 | | |
10941 | | |
10942 | | static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = { |
10943 | | wrap_dissect_gss_kerb, /* Bind */ |
10944 | | wrap_dissect_gss_kerb, /* Bind ACK */ |
10945 | | wrap_dissect_gss_kerb, /* AUTH3 */ |
10946 | | NULL, /* Request verifier */ |
10947 | | NULL, /* Response verifier */ |
10948 | | NULL, /* Request data */ |
10949 | | NULL /* Response data */ |
10950 | | }; |
10951 | | |
10952 | | static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = { |
10953 | | wrap_dissect_gss_kerb, /* Bind */ |
10954 | | wrap_dissect_gss_kerb, /* Bind ACK */ |
10955 | | wrap_dissect_gss_kerb, /* AUTH3 */ |
10956 | | wrap_dissect_gssapi_verf, /* Request verifier */ |
10957 | | wrap_dissect_gssapi_verf, /* Response verifier */ |
10958 | | NULL, /* Request data */ |
10959 | | NULL /* Response data */ |
10960 | | }; |
10961 | | |
10962 | | static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = { |
10963 | | wrap_dissect_gss_kerb, /* Bind */ |
10964 | | wrap_dissect_gss_kerb, /* Bind ACK */ |
10965 | | wrap_dissect_gss_kerb, /* AUTH3 */ |
10966 | | wrap_dissect_gssapi_verf, /* Request verifier */ |
10967 | | wrap_dissect_gssapi_verf, /* Response verifier */ |
10968 | | wrap_dissect_gssapi_payload, /* Request data */ |
10969 | | wrap_dissect_gssapi_payload /* Response data */ |
10970 | | }; |
10971 | | |
10972 | | |
10973 | | |
10974 | | void |
10975 | | proto_reg_handoff_kerberos(void) |
10976 | 14 | { |
10977 | 14 | krb4_handle = find_dissector_add_dependency("krb4", proto_kerberos); |
10978 | | |
10979 | 14 | dissector_add_uint_with_preference("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp); |
10980 | 14 | dissector_add_uint_with_preference("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp); |
10981 | | |
10982 | 14 | register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT, |
10983 | 14 | DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS, |
10984 | 14 | &gss_kerb_auth_connect_fns); |
10985 | | |
10986 | 14 | register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY, |
10987 | 14 | DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS, |
10988 | 14 | &gss_kerb_auth_sign_fns); |
10989 | | |
10990 | 14 | register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY, |
10991 | 14 | DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS, |
10992 | 14 | &gss_kerb_auth_seal_fns); |
10993 | 14 | } |
10994 | | |
10995 | | /* |
10996 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
10997 | | * |
10998 | | * Local variables: |
10999 | | * c-basic-offset: 8 |
11000 | | * tab-width: 8 |
11001 | | * indent-tabs-mode: t |
11002 | | * End: |
11003 | | * |
11004 | | * vi: set shiftwidth=8 tabstop=8 noexpandtab: |
11005 | | * :indentSize=8:tabSize=8:noTabs=false: |
11006 | | */ |