| blob | ec8e4fe17f1727971680d2a3782661a622beef98 |
1 # kerberos.cnf
2 # kerberos conformation file
3 # Copyright 2008 Anders Broman
5 #.EXPORTS
6 ChangePasswdData
7 Applications ONLY_ENUM
8 TGT-REQ
9 TGT-REP
11 #.FIELD_RENAME
12 Authenticator/_untag/subkey authenticator_subkey
13 KDC-REQ-BODY/etype kDC-REQ-BODY_etype
14 KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
15 EncKrbPrivPart/user-data encKrbPrivPart_user_data
16 EncryptedTicketData/cipher encryptedTicketData_cipher
17 EncryptedAuthenticator/cipher encryptedAuthenticator_cipher
18 EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
19 EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
20 PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
21 EncryptedAPREPData/cipher encryptedAPREPData_cipher
22 EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
23 EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
24 EncryptedKrbFastReq/cipher encryptedKrbFastReq_cipher
25 EncryptedKrbFastResponse/cipher encryptedKrbFastResponse_cipher
26 EncryptedChallenge/cipher encryptedChallenge_cipher
27 EncAPRepPart/_untag/subkey encAPRepPart_subkey
28 EncTicketPart/_untag/key encTicketPart_key
29 EncKDCRepPart/key encKDCRepPart_key
30 KRB-CRED/_untag/enc-part kRB_CRED_enc_part
31 KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
32 KrbCredInfo/key krbCredInfo_key
33 AP-REP/_untag/enc-part aP_REP_enc_part
34 KDC-REP/enc-part kDC_REP_enc_part
35 KDC-REP/padata rEP_SEQUENCE_OF_PA_DATA
36 KDC-REQ/padata rEQ_SEQUENCE_OF_PA_DATA
37 Ticket/_untag/enc-part ticket_enc_part
38 ETYPE-INFO-ENTRY/salt info_salt
39 ETYPE-INFO2-ENTRY/salt info2_salt
40 AP-REQ/_untag/authenticator authenticator_enc_part
41 PA-FX-FAST-REQUEST/armored-data armored_data_request
42 PA-FX-FAST-REPLY/armored-data armored_data_reply
43 PA-KERB-KEY-LIST-REP/_item kerbKeyListRep_key
44 KRB5-SRP-PA/group srppa_group
45 SPAKEChallenge/group spake_group
47 #.FIELD_ATTR
48 KDC-REQ-BODY/etype ABBREV=kdc-req-body.etype
49 ETYPE-INFO-ENTRY/salt ABBREV=info_salt
50 ETYPE-INFO2-ENTRY/salt ABBREV=info2_salt
51 PA-KERB-KEY-LIST-REP/_item ABBREV=kerbKeyListRep.key NAME="key"
52 KRB5-SRP-PA/group BBREV=srppa_group
53 SPAKEChallenge/group ABBREV=spake_group
55 #.OMIT_ASSIGNMENT
56 AD-AND-OR
57 AD-KDCIssued
58 AD-LoginAlias
59 AD-MANDATORY-FOR-KDC
60 ChangePasswdDataMS
61 EncryptedData
62 EtypeList
63 FastOptions
64 KerberosFlags
65 KrbFastFinished
66 KrbFastResponse
67 KrbFastReq
68 KRB5SignedPath
69 KRB5SignedPathData
70 KRB5SignedPathPrincipals
71 Krb5int32
72 Krb5uint32
73 PA-AUTHENTICATION-SET
74 PA-ClientCanonicalized
75 PA-ClientCanonicalizedNames
76 PA-ENC-TS-ENC
77 PA-ENC-SAM-RESPONSE-ENC
78 PA-SAM-CHALLENGE-2
79 PA-SAM-CHALLENGE-2-BODY
80 PA-SAM-REDIRECT
81 PA-SAM-RESPONSE-2
82 PA-SAM-TYPE
83 PA-SERVER-REFERRAL-DATA
84 PA-ServerReferralData
85 PA-SvrReferralData
86 Principal
87 PROV-SRV-LOCATION
88 SAMFlags
89 TYPED-DATA
90 KRB5-PFS-GROUP
91 KRB5-PFS-SELECTION
92 KRB5-PFS-SELECTIONS
93 KRB5-PFS-PROPOSE
94 KRB5-PFS-ACCEPT
95 KRB5-PFS-ERROR
97 #.NO_EMIT ONLY_VALS
98 Applications
99 PA-FX-FAST-REPLY
100 PA-FX-FAST-REQUEST
102 #.MAKE_DEFINES
103 ADDR-TYPE TYPE_PREFIX
104 Applications TYPE_PREFIX
106 #.MAKE_ENUM
107 PADATA-TYPE PROT_PREFIX UPPER_CASE
108 AUTHDATA-TYPE PROT_PREFIX UPPER_CASE
109 KrbFastArmorTypes PROT_PREFIX UPPER_CASE
111 #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
112 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
113 uint32_t msgtype;
115 %(DEFAULT_BODY)s
117 #.FN_FTR MESSAGE-TYPE
118 if (gbl_do_col_info) {
119 col_add_str(actx->pinfo->cinfo, COL_INFO,
120 val_to_str(msgtype, krb5_msg_types,
121 "Unknown msg type %#x"));
122 }
123 gbl_do_col_info=false;
125 ##if 0
126 /* append the application type to the tree */
127 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
128 ##endif
129 if (private_data->msg_type == 0) {
130 private_data->msg_type = msgtype;
131 }
133 #.FN_BODY ERROR-CODE VAL_PTR = &private_data->errorcode
134 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
135 %(DEFAULT_BODY)s
137 #.FN_FTR ERROR-CODE
138 if (private_data->errorcode) {
139 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
140 "KRB Error: %s",
141 val_to_str(private_data->errorcode, krb5_error_codes,
142 "Unknown error code %#x"));
143 }
145 #.END
146 #.FN_BODY KRB-ERROR/_untag/e-data
147 offset = dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_T_e_data_octets);
149 #.FN_BODY PADATA-TYPE VAL_PTR=&(private_data->padata_type)
150 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
151 %(DEFAULT_BODY)s
152 #.FN_FTR PADATA-TYPE
153 if(tree){
154 proto_item_append_text(tree, " %s",
155 val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
156 "Unknown:%d"));
157 }
159 #.FN_BODY KDC-REQ/padata
160 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
161 struct _kerberos_PA_FX_FAST_REQUEST saved_stack = private_data->PA_FX_FAST_REQUEST;
163 /*
164 * we need to defer calling dissect_kerberos_PA_FX_FAST_REQUEST,
165 * see dissect_kerberos_defer_PA_FX_FAST_REQUEST()
166 */
167 private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = true, };
168 %(DEFAULT_BODY)s
169 if (private_data->PA_FX_FAST_REQUEST.tvb != NULL) {
170 struct _kerberos_PA_FX_FAST_REQUEST used_stack = private_data->PA_FX_FAST_REQUEST;
171 private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = false, };
173 /*
174 * dissect_kerberos_defer_PA_FX_FAST_REQUEST() remembered
175 * a tvb, so replay dissect_kerberos_PA_FX_FAST_REQUEST()
176 * here.
177 */
178 dissect_kerberos_PA_FX_FAST_REQUEST(false,
179 used_stack.tvb,
180 0,
181 actx,
182 used_stack.tree,
183 -1);
184 }
185 private_data->PA_FX_FAST_REQUEST = saved_stack;
187 #.FN_BODY KDC-REP/padata
188 %(DEFAULT_BODY)s
190 #.FN_BODY PA-DATA/padata-value
191 proto_tree *sub_tree=tree;
192 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
194 if(actx->created_item){
195 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
196 }
198 switch(private_data->padata_type){
199 case KERBEROS_PA_TGS_REQ:
200 private_data->within_PA_TGS_REQ++;
201 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
202 private_data->within_PA_TGS_REQ--;
203 break;
204 case KERBEROS_PA_PK_AS_REP_19:
205 private_data->is_win2k_pkinit = true;
206 if (kerberos_private_is_kdc_req(private_data)) {
207 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k);
208 } else {
209 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k);
210 }
211 break;
212 case KERBEROS_PA_PK_AS_REQ:
213 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ);
214 break;
215 case KERBEROS_PA_PK_AS_REP:
216 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP);
217 break;
218 case KERBEROS_PA_PAC_REQUEST:
219 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST);
220 break;
221 case KERBEROS_PA_FOR_USER: /* S4U2SELF */
222 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
223 break;
224 case KERBEROS_PA_FOR_X509_USER:
225 if(private_data->msg_type == KRB5_MSG_AS_REQ){
226 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
227 }else if(private_data->is_enc_padata){
228 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, NULL);
229 }else{
230 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
231 }
232 break;
233 case KERBEROS_PA_PROV_SRV_LOCATION:
234 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
235 break;
236 case KERBEROS_PA_ENC_TIMESTAMP:
237 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
238 break;
239 case KERBEROS_PA_ETYPE_INFO:
240 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
241 break;
242 case KERBEROS_PA_ETYPE_INFO2:
243 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
244 break;
245 case KERBEROS_PA_PW_SALT:
246 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
247 break;
248 case KERBEROS_PA_AUTH_SET_SELECTED:
249 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
250 break;
251 case KERBEROS_PA_FX_FAST:
252 if (kerberos_private_is_kdc_req(private_data)) {
253 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_defer_PA_FX_FAST_REQUEST);
254 }else{
255 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
256 }
257 break;
258 case KERBEROS_PA_FX_ERROR:
259 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
260 break;
261 case KERBEROS_PA_ENCRYPTED_CHALLENGE:
262 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
263 break;
264 case KERBEROS_PA_KERB_KEY_LIST_REQ:
265 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ);
266 break;
267 case KERBEROS_PA_KERB_KEY_LIST_REP:
268 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP);
269 break;
270 case KERBEROS_PA_SUPPORTED_ETYPES:
271 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES);
272 break;
273 case KERBEROS_PA_PAC_OPTIONS:
274 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS);
275 break;
276 case KERBEROS_PA_REQ_ENC_PA_REP:
277 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum);
278 break;
279 case KERBEROS_PA_SPAKE:
280 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE);
281 break;
282 case KERBEROS_PA_SRP:
283 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KRB5_SRP_PA_APPLICATIONS);
284 break;
285 default:
286 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, NULL);
287 break;
288 }
290 #.FN_BODY HostAddress/address
291 int8_t appclass;
292 bool pc;
293 int32_t tag;
294 uint32_t len;
295 const char *address_str;
296 proto_item *it=NULL;
297 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
299 /* read header and len for the octet string */
300 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
301 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
303 switch(private_data->addr_type){
304 case KERBEROS_ADDR_TYPE_IPV4:
305 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
306 address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset);
307 break;
308 case KERBEROS_ADDR_TYPE_NETBIOS:
309 {
310 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
311 int netbios_name_type;
312 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
314 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
315 address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type);
316 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
317 }
318 break;
319 case KERBEROS_ADDR_TYPE_IPV6:
320 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
321 address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset);
322 break;
323 default:
324 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len);
325 address_str = NULL;
326 break;
327 }
329 /* push it up two levels in the decode pane */
330 if(it && address_str){
331 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
332 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
333 }
335 offset+=len;
338 #.TYPE_ATTR
339 #xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
341 EncryptionKey/keytype STRINGS = VALS(kerberos_ENCTYPE_vals)
343 #.FN_BODY ENCTYPE VAL_PTR=&(private_data->etype)
344 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
345 %(DEFAULT_BODY)s
347 #.FN_BODY EncryptedTicketData/cipher
348 ##ifdef HAVE_KERBEROS
349 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
350 ##else
351 %(DEFAULT_BODY)s
352 ##endif
354 #.FN_BODY EncryptedAuthorizationData/cipher
355 ##ifdef HAVE_KERBEROS
356 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data);
357 ##else
358 %(DEFAULT_BODY)s
359 ##endif
361 #.FN_BODY EncryptedAuthenticator/cipher
362 ##ifdef HAVE_KERBEROS
363 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
364 ##else
365 %(DEFAULT_BODY)s
366 ##endif
368 #.FN_BODY EncryptedKDCREPData/cipher
369 ##ifdef HAVE_KERBEROS
370 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
371 ##else
372 %(DEFAULT_BODY)s
373 ##endif
375 #.FN_BODY PA-ENC-TIMESTAMP/cipher
376 ##ifdef HAVE_KERBEROS
377 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
378 ##else
379 %(DEFAULT_BODY)s
380 ##endif
382 #.FN_BODY EncryptedAPREPData/cipher
383 ##ifdef HAVE_KERBEROS
384 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
385 ##else
386 %(DEFAULT_BODY)s
387 ##endif
389 #.FN_BODY EncryptedKrbPrivData/cipher
390 ##ifdef HAVE_KERBEROS
391 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
392 ##else
393 %(DEFAULT_BODY)s
394 ##endif
396 #.FN_BODY EncryptedKrbCredData/cipher
397 ##ifdef HAVE_KERBEROS
398 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
399 ##else
400 %(DEFAULT_BODY)s
401 ##endif
403 #.FN_BODY CKSUMTYPE VAL_PTR=&(private_data->checksum_type)
404 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
405 %(DEFAULT_BODY)s
407 #.FN_BODY Checksum/checksum
408 tvbuff_t *next_tvb;
409 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
411 switch(private_data->checksum_type){
412 case KRB5_CHKSUM_GSSAPI:
413 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &next_tvb);
414 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
415 break;
416 default:
417 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, NULL);
418 break;
419 }
421 #.FN_BODY EncryptionKey/keytype VAL_PTR=&gbl_keytype
422 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
424 private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item,
425 tvb, 0, 0, ENC_NA);
426 if (private_data->key_hidden_item != NULL) {
427 proto_item_set_hidden(private_data->key_hidden_item);
428 }
430 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
431 &gbl_keytype);
432 private_data->key.keytype = gbl_keytype;
434 #.FN_BODY EncryptionKey/keyvalue VAL_PTR=&out_tvb
435 tvbuff_t *out_tvb;
436 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
438 %(DEFAULT_BODY)s
440 private_data->key.keylength = tvb_reported_length(out_tvb);
441 private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength);
442 private_data->key_tree = tree;
443 private_data->key_tvb = out_tvb;
445 #.FN_BODY EncryptionKey
446 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
447 ##ifdef HAVE_KERBEROS
448 int start_offset = offset;
449 ##endif
451 %(DEFAULT_BODY)s
453 if (private_data->key.keytype != 0 && private_data->key.keylength > 0) {
454 ##ifdef HAVE_KERBEROS
455 int length = offset - start_offset;
456 private_data->last_added_key = NULL;
457 private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree,
458 private_data->save_encryption_key_parent_hf_index,
459 hf_index);
460 private_data->last_added_key = NULL;
461 ##endif
462 }
464 #.FN_BODY Authenticator/_untag/subkey
465 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
466 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
467 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
468 private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator;
469 ##ifdef HAVE_KERBEROS
470 private_data->save_encryption_key_fn = save_Authenticator_subkey;
471 ##endif
472 %(DEFAULT_BODY)s
473 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
474 private_data->save_encryption_key_fn = saved_encryption_key_fn;
476 #.FN_BODY EncAPRepPart/_untag/subkey
477 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
478 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
479 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
480 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart;
481 ##ifdef HAVE_KERBEROS
482 private_data->save_encryption_key_fn = save_EncAPRepPart_subkey;
483 ##endif
484 %(DEFAULT_BODY)s
485 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
486 private_data->save_encryption_key_fn = saved_encryption_key_fn;
488 #.FN_BODY EncKDCRepPart/key
489 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
490 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
491 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
492 switch (private_data->msg_type) {
493 case KERBEROS_APPLICATIONS_AS_REP:
494 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart;
495 break;
496 case KERBEROS_APPLICATIONS_TGS_REP:
497 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart;
498 break;
499 default:
500 private_data->save_encryption_key_parent_hf_index = -1;
501 }
502 ##ifdef HAVE_KERBEROS
503 private_data->save_encryption_key_fn = save_EncKDCRepPart_key;
504 ##endif
505 %(DEFAULT_BODY)s
506 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
507 private_data->save_encryption_key_fn = saved_encryption_key_fn;
509 #.FN_BODY EncTicketPart/_untag/key
510 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
511 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
512 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
513 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart;
514 ##ifdef HAVE_KERBEROS
515 private_data->save_encryption_key_fn = save_EncTicketPart_key;
516 ##endif
517 %(DEFAULT_BODY)s
518 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
519 private_data->save_encryption_key_fn = saved_encryption_key_fn;
521 #.FN_BODY KrbCredInfo/key
522 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
523 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
524 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
525 private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item;
526 ##ifdef HAVE_KERBEROS
527 private_data->save_encryption_key_fn = save_KrbCredInfo_key;
528 ##endif
529 %(DEFAULT_BODY)s
530 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
531 private_data->save_encryption_key_fn = saved_encryption_key_fn;
533 #.FN_BODY PA-KERB-KEY-LIST-REP/_item
534 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
535 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
536 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
537 private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key;
538 ##ifdef HAVE_KERBEROS
539 private_data->save_encryption_key_fn = save_encryption_key;
540 ##endif
541 %(DEFAULT_BODY)s
542 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
543 private_data->save_encryption_key_fn = saved_encryption_key_fn;
545 #.FN_BODY AUTHDATA-TYPE VAL_PTR=&(private_data->ad_type)
546 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
547 %(DEFAULT_BODY)s
549 #.FN_BODY AuthorizationData/_item/ad-data
550 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
552 switch(private_data->ad_type){
553 case KERBEROS_AD_CAMMAC:
554 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_CAMMAC);
555 break;
556 case KERBEROS_AD_AUTHENTICATION_INDICATOR:
557 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AUTHENTICATION_INDICATOR);
558 break;
559 case KERBEROS_AD_WIN2K_PAC:
560 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
561 break;
562 case KERBEROS_AD_IF_RELEVANT:
563 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
564 break;
565 case KERBEROS_AD_AUTHENTICATION_STRENGTH:
566 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
567 break;
568 case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION:
569 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE);
570 break;
571 case KERBEROS_AD_TOKEN_RESTRICTIONS:
572 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY);
573 break;
574 case KERBEROS_AD_AP_OPTIONS:
575 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS);
576 break;
577 case KERBEROS_AD_TARGET_PRINCIPAL:
578 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL);
579 break;
580 default:
581 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
582 break;
583 }
585 #.FN_BODY S4UUserID/subject-certificate
586 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
588 #.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type)
589 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
590 %(DEFAULT_BODY)s
592 #.FN_BODY KDC-REQ
593 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
594 %(DEFAULT_BODY)s
595 if (private_data->krb5_conv != NULL) {
596 krb5_conf_add_request(actx);
597 }
599 #.FN_BODY KDC-REP
600 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
601 %(DEFAULT_BODY)s
602 if (private_data->krb5_conv != NULL) {
603 krb5_conf_add_response(actx);
604 }
606 #.FN_BODY KRB-ERROR
607 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
608 %(DEFAULT_BODY)s
609 if (private_data->krb5_conv != NULL) {
610 krb5_conf_add_response(actx);
611 }
613 #.FN_BODY KRB-SAFE-BODY/user-data
614 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
615 tvbuff_t *new_tvb;
616 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &new_tvb);
617 if (new_tvb) {
618 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks);
619 }
621 #.FN_BODY EncKrbPrivPart/user-data
622 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
623 tvbuff_t *new_tvb;
624 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &new_tvb);
625 if (new_tvb) {
626 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks);
627 }
629 #.FN_HDR EncKDCRepPart/encrypted-pa-data
630 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
631 private_data->is_enc_padata = true;
633 #.FN_FTR EncKDCRepPart/encrypted-pa-data
634 private_data->is_enc_padata = false;
636 #.FN_BODY EncryptedKrbFastReq/cipher
637 ##ifdef HAVE_KERBEROS
638 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
639 ##else
640 %(DEFAULT_BODY)s
641 ##endif
643 #.FN_BODY EncryptedKrbFastResponse/cipher
644 ##ifdef HAVE_KERBEROS
645 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
646 ##else
647 %(DEFAULT_BODY)s
648 ##endif
650 #.FN_BODY EncryptedChallenge/cipher
651 ##ifdef HAVE_KERBEROS
652 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
653 ##else
654 %(DEFAULT_BODY)s
655 ##endif
657 #.FN_BODY KrbFastArmorTypes VAL_PTR=&(private_data->fast_type)
658 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
659 %(DEFAULT_BODY)s
661 #.FN_BODY KrbFastArmor/armor-value
662 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
664 switch(private_data->fast_type){
665 case KERBEROS_FX_FAST_ARMOR_AP_REQUEST:
666 private_data->fast_armor_within_armor_value++;
667 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications);
668 private_data->fast_armor_within_armor_value--;
669 break;
670 default:
671 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
672 break;
673 }
675 #.FN_BODY PA-SPAKE VAL_PTR=&(private_data->padata_type)
676 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
677 %(DEFAULT_BODY)s
678 #.FN_FTR PA-SPAKE
679 if(tree){
680 proto_item_append_text(tree, " %s",
681 val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals,
682 "Unknown:%d"));
683 }