search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-kerberos.c
blob74acc5f0d156216f85b184c4966a3ea8bf321e7e
1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
3 /* packet-kerberos.c */
4 /* asn2wrs.py -b -q -L -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */
5
6 /* packet-kerberos.c
7 * Routines for Kerberos
8 * Wes Hardaker (c) 2000
9 * wjhardaker@ucdavis.edu
10 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
11 * added AP-REQ and AP-REP dissection
12 *
13 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
14 * decryption of kerberos blobs if keytab is provided
15 *
16 * See RFC 1510, and various I-Ds and other documents showing additions,
17 * e.g. ones listed under
18 *
19 * http://clifford.neuman.name/krb-revisions/
20 *
21 * and
22 *
23 * https://tools.ietf.org/html/rfc4120
24 *
25 * and
26 *
27 * https://tools.ietf.org/html/rfc6806
28 *
29 * Some structures from RFC2630
30 *
31 * Wireshark - Network traffic analyzer
32 * By Gerald Combs <gerald@wireshark.org>
33 * Copyright 1998 Gerald Combs
34 *
35 * SPDX-License-Identifier: GPL-2.0-or-later
36 */
37
38 /*
39 * Some of the development of the Kerberos protocol decoder was sponsored by
40 * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary
41 * CableLabs' specifications. Your license and use of this protocol decoder
42 * does not mean that you are licensed to use the CableLabs'
43 * specifications. If you have questions about this protocol, contact
44 * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional
45 * information.
46 */
47
48 #include <config.h>
49
50 #include <stdio.h>
51
52 // krb5.h needs to be included before the defines in packet-kerberos.h
53 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
54 #ifdef _WIN32
55 /* prevent redefinition warnings in krb5's win-mac.h */
56 #define SSIZE_T_DEFINED
57 #endif /* _WIN32 */
58 #include <krb5.h>
59 #endif
60
61 #include <epan/packet.h>
62 #include <epan/proto_data.h>
63 #include <epan/exceptions.h>
64 #include <epan/strutil.h>
65 #include <epan/conversation.h>
66 #include <epan/expert.h>
67 #include <epan/prefs.h>
68 #include <epan/srt_table.h>
69 #include <epan/tfs.h>
70 #include <wsutil/wsgcrypt.h>
71 #include <wsutil/file_util.h>
72 #include <wsutil/str_util.h>
73 #include <wsutil/pint.h>
74 #include <wsutil/array.h>
75 #include "packet-kerberos.h"
76 #include "packet-netbios.h"
77 #include "packet-tcp.h"
78 #include "packet-ber.h"
79 #include "packet-pkinit.h"
80 #include "packet-cms.h"
81 #include "packet-windows-common.h"
82
83 #include "read_keytab_file.h"
84
85 #include "packet-dcerpc-netlogon.h"
86 #include "packet-dcerpc.h"
87
88 #include "packet-gssapi.h"
89 #include "packet-x509af.h"
90
91 #define KEY_USAGE_FAST_REQ_CHKSUM 50
92 #define KEY_USAGE_FAST_ENC 51
93 #define KEY_USAGE_FAST_REP 52
94 #define KEY_USAGE_FAST_FINISHED 53
95 #define KEY_USAGE_ENC_CHALLENGE_CLIENT 54
96 #define KEY_USAGE_ENC_CHALLENGE_KDC 55
97
98 void proto_register_kerberos(void);
99 void proto_reg_handoff_kerberos(void);
100
101 #define UDP_PORT_KERBEROS 88
102 #define TCP_PORT_KERBEROS 88
103
104 #define ADDRESS_STR_BUFSIZ 256
105
106 typedef struct kerberos_key {
107 uint32_t keytype;
108 int keylength;
109 const uint8_t *keyvalue;
110 } kerberos_key_t;
111
112 typedef void (*kerberos_key_save_fn)(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
113 asn1_ctx_t *actx _U_, proto_tree *tree _U_,
114 int parent_hf_index _U_,
115 int hf_index _U_);
116
117 typedef struct kerberos_conv_t {
118 wmem_list_t *frames;
119 } kerberos_conv_t;
120
121 typedef struct kerberos_frame_t {
122 struct kerberos_frame_t *req;
123 uint32_t frame;
124 nstime_t frame_time;
125 uint32_t msg_type;
126 int srt_idx;
127 } kerberos_frame_t;
128
129 typedef struct {
130 uint32_t msg_type;
131 bool is_win2k_pkinit;
132 uint32_t errorcode;
133 uint32_t etype;
134 uint32_t padata_type;
135 uint32_t is_enc_padata;
136 uint32_t enctype;
137 kerberos_key_t key;
138 proto_tree *key_tree;
139 proto_item *key_hidden_item;
140 tvbuff_t *key_tvb;
141 kerberos_callbacks *callbacks;
142 uint32_t ad_type;
143 uint32_t addr_type;
144 uint32_t checksum_type;
145 #ifdef HAVE_KERBEROS
146 enc_key_t *last_decryption_key;
147 enc_key_t *last_added_key;
148 enc_key_t *current_ticket_key;
149 tvbuff_t *last_ticket_enc_part_tvb;
150 #endif
151 int save_encryption_key_parent_hf_index;
152 kerberos_key_save_fn save_encryption_key_fn;
153 unsigned learnt_key_ids;
154 unsigned missing_key_ids;
155 wmem_list_t *decryption_keys;
156 wmem_list_t *learnt_keys;
157 wmem_list_t *missing_keys;
158 uint32_t within_PA_TGS_REQ;
159 struct _kerberos_PA_FX_FAST_REQUEST {
160 bool defer;
161 tvbuff_t *tvb;
162 proto_tree *tree;
163 } PA_FX_FAST_REQUEST;
164 #ifdef HAVE_KERBEROS
165 enc_key_t *PA_TGS_REQ_key;
166 enc_key_t *PA_TGS_REQ_subkey;
167 #endif
168 uint32_t fast_type;
169 uint32_t fast_armor_within_armor_value;
170 #ifdef HAVE_KERBEROS
171 enc_key_t *PA_FAST_ARMOR_AP_key;
172 enc_key_t *PA_FAST_ARMOR_AP_subkey;
173 enc_key_t *fast_armor_key;
174 enc_key_t *fast_strengthen_key;
175 #endif
176 kerberos_conv_t *krb5_conv;
177 uint32_t frame_req, frame_rep;
178 nstime_t req_time;
179 } kerberos_private_data_t;
180
181 static dissector_handle_t kerberos_handle_tcp;
182 static dissector_handle_t kerberos_handle_udp;
183
184 /* Forward declarations */
185 static kerberos_private_data_t *kerberos_get_private_data(asn1_ctx_t *actx);
186 static int dissect_kerberos_Applications(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
187 static int dissect_kerberos_AuthorizationData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
188 static int dissect_kerberos_PA_ENC_TIMESTAMP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
189 #ifdef HAVE_KERBEROS
190 static int dissect_kerberos_PA_ENC_TS_ENC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
191 #endif
192 static int dissect_kerberos_PA_PAC_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
193 static int dissect_kerberos_PA_S4U2Self(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
194 static int dissect_kerberos_PA_S4U_X509_USER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
195 static int dissect_kerberos_ETYPE_INFO(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
196 static int dissect_kerberos_ETYPE_INFO2(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
197 static int dissect_kerberos_AD_IF_RELEVANT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
198 static int dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
199 static int dissect_kerberos_PA_FX_FAST_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
200 static int dissect_kerberos_EncryptedChallenge(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
201 static int dissect_kerberos_PA_KERB_KEY_LIST_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
202 static int dissect_kerberos_PA_KERB_KEY_LIST_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
203 static int dissect_kerberos_PA_FX_FAST_REPLY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
204 static int dissect_kerberos_PA_PAC_OPTIONS(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
205 static int dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
206 static int dissect_kerberos_SEQUENCE_OF_ENCTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
207 static int dissect_kerberos_PA_SPAKE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
208 static int dissect_kerberos_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
209 static int dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
210 #ifdef HAVE_KERBEROS
211 static int dissect_kerberos_KrbFastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
212 static int dissect_kerberos_KrbFastResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
213 static int dissect_kerberos_FastOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
214 #endif
215 static int dissect_kerberos_KRB5_SRP_PA_ANNOUNCE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
216 static int dissect_kerberos_KRB5_SRP_PA_INIT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
217 static int dissect_kerberos_KRB5_SRP_PA_SERVER_CHALLENGE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
218 static int dissect_kerberos_KRB5_SRP_PA_CLIENT_RESPONSE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
219 static int dissect_kerberos_KRB5_SRP_PA_SERVER_VERIFIER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
220 static int dissect_kerberos_AD_CAMMAC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
221 static int dissect_kerberos_AD_AUTHENTICATION_INDICATOR(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
222
223 /* Desegment Kerberos over TCP messages */
224 static bool krb_desegment = true;
225
226 static int proto_kerberos;
227 static int kerberos_tap;
228
229 static int hf_krb_response_to;
230 static int hf_krb_response_in;
231 static int hf_krb_time;
232 static int hf_krb_rm_reserved;
233 static int hf_krb_rm_reclen;
234 static int hf_krb_provsrv_location;
235 static int hf_krb_pw_salt;
236 static int hf_krb_ext_error_nt_status;
237 static int hf_krb_ext_error_reserved;
238 static int hf_krb_ext_error_flags;
239 static int hf_krb_address_ip;
240 static int hf_krb_address_netbios;
241 static int hf_krb_address_ipv6;
242 static int hf_krb_gssapi_len;
243 static int hf_krb_gssapi_bnd;
244 static int hf_krb_gssapi_dlgopt;
245 static int hf_krb_gssapi_dlglen;
246 static int hf_krb_gssapi_c_flag_deleg;
247 static int hf_krb_gssapi_c_flag_mutual;
248 static int hf_krb_gssapi_c_flag_replay;
249 static int hf_krb_gssapi_c_flag_sequence;
250 static int hf_krb_gssapi_c_flag_conf;
251 static int hf_krb_gssapi_c_flag_integ;
252 static int hf_krb_gssapi_c_flag_dce_style;
253 static int hf_krb_midl_version;
254 static int hf_krb_midl_hdr_len;
255 static int hf_krb_midl_fill_bytes;
256 static int hf_krb_midl_blob_len;
257 static int hf_krb_pac_signature_type;
258 static int hf_krb_pac_signature_signature;
259 static int hf_krb_w2k_pac_entries;
260 static int hf_krb_w2k_pac_version;
261 static int hf_krb_w2k_pac_type;
262 static int hf_krb_w2k_pac_size;
263 static int hf_krb_w2k_pac_offset;
264 static int hf_krb_pac_clientid;
265 static int hf_krb_pac_namelen;
266 static int hf_krb_pac_clientname;
267 static int hf_krb_pac_logon_info;
268 static int hf_krb_pac_credential_data;
269 static int hf_krb_pac_credential_info;
270 static int hf_krb_pac_credential_info_version;
271 static int hf_krb_pac_credential_info_etype;
272 static int hf_krb_pac_s4u_delegation_info;
273 static int hf_krb_pac_upn_dns_info;
274 static int hf_krb_pac_upn_flags;
275 static int hf_krb_pac_upn_flag_upn_constructed;
276 static int hf_krb_pac_upn_flag_has_sam_name_and_sid;
277 static int hf_krb_pac_upn_upn_offset;
278 static int hf_krb_pac_upn_upn_len;
279 static int hf_krb_pac_upn_upn_name;
280 static int hf_krb_pac_upn_dns_offset;
281 static int hf_krb_pac_upn_dns_len;
282 static int hf_krb_pac_upn_dns_name;
283 static int hf_krb_pac_upn_samaccountname_offset;
284 static int hf_krb_pac_upn_samaccountname_len;
285 static int hf_krb_pac_upn_samaccountname;
286 static int hf_krb_pac_upn_objectsid_offset;
287 static int hf_krb_pac_upn_objectsid_len;
288 static int hf_krb_pac_server_checksum;
289 static int hf_krb_pac_privsvr_checksum;
290 static int hf_krb_pac_client_info_type;
291 static int hf_krb_pac_client_claims_info;
292 static int hf_krb_pac_device_info;
293 static int hf_krb_pac_device_claims_info;
294 static int hf_krb_pac_ticket_checksum;
295 static int hf_krb_pac_attributes_info;
296 static int hf_krb_pac_attributes_info_length;
297 static int hf_krb_pac_attributes_info_flags;
298 static int hf_krb_pac_attributes_info_flags_pac_was_requested;
299 static int hf_krb_pac_attributes_info_flags_pac_was_given_implicitly;
300 static int hf_krb_pac_requester_sid;
301 static int hf_krb_pac_full_checksum;
302 static int hf_krb_pa_supported_enctypes;
303 static int hf_krb_pa_supported_enctypes_des_cbc_crc;
304 static int hf_krb_pa_supported_enctypes_des_cbc_md5;
305 static int hf_krb_pa_supported_enctypes_rc4_hmac;
306 static int hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96;
307 static int hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96;
308 static int hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96_sk;
309 static int hf_krb_pa_supported_enctypes_fast_supported;
310 static int hf_krb_pa_supported_enctypes_compound_identity_supported;
311 static int hf_krb_pa_supported_enctypes_claims_supported;
312 static int hf_krb_pa_supported_enctypes_resource_sid_compression_disabled;
313 static int hf_krb_ad_ap_options;
314 static int hf_krb_ad_ap_options_cbt;
315 static int hf_krb_ad_ap_options_unverified_target_name;
316 static int hf_krb_ad_target_principal;
317 static int hf_krb_key_hidden_item;
318 static int hf_kerberos_KERB_TICKET_LOGON;
319 static int hf_kerberos_KERB_TICKET_LOGON_MessageType;
320 static int hf_kerberos_KERB_TICKET_LOGON_Flags;
321 static int hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength;
322 static int hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength;
323 static int hf_kerberos_KERB_TICKET_LOGON_ServiceTicket;
324 static int hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket;
325 static int hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET;
326 static int hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED;
327 #ifdef HAVE_KERBEROS
328 static int hf_kerberos_KrbFastResponse;
329 static int hf_kerberos_strengthen_key;
330 static int hf_kerberos_finished;
331 static int hf_kerberos_fast_options;
332 static int hf_kerberos_ticket_checksum;
333 static int hf_krb_patimestamp;
334 static int hf_krb_pausec;
335 static int hf_kerberos_FastOptions_reserved;
336 static int hf_kerberos_FastOptions_hide_client_names;
337 static int hf_kerberos_FastOptions_spare_bit2;
338 static int hf_kerberos_FastOptions_spare_bit3;
339 static int hf_kerberos_FastOptions_spare_bit4;
340 static int hf_kerberos_FastOptions_spare_bit5;
341 static int hf_kerberos_FastOptions_spare_bit6;
342 static int hf_kerberos_FastOptions_spare_bit7;
343 static int hf_kerberos_FastOptions_spare_bit8;
344 static int hf_kerberos_FastOptions_spare_bit9;
345 static int hf_kerberos_FastOptions_spare_bit10;
346 static int hf_kerberos_FastOptions_spare_bit11;
347 static int hf_kerberos_FastOptions_spare_bit12;
348 static int hf_kerberos_FastOptions_spare_bit13;
349 static int hf_kerberos_FastOptions_spare_bit14;
350 static int hf_kerberos_FastOptions_spare_bit15;
351 static int hf_kerberos_FastOptions_kdc_follow_referrals;
352
353 #endif
354 static int hf_kerberos_ticket; /* Ticket */
355 static int hf_kerberos_authenticator; /* Authenticator */
356 static int hf_kerberos_encTicketPart; /* EncTicketPart */
357 static int hf_kerberos_as_req; /* AS_REQ */
358 static int hf_kerberos_as_rep; /* AS_REP */
359 static int hf_kerberos_tgs_req; /* TGS_REQ */
360 static int hf_kerberos_tgs_rep; /* TGS_REP */
361 static int hf_kerberos_ap_req; /* AP_REQ */
362 static int hf_kerberos_ap_rep; /* AP_REP */
363 static int hf_kerberos_krb_safe; /* KRB_SAFE */
364 static int hf_kerberos_krb_priv; /* KRB_PRIV */
365 static int hf_kerberos_krb_cred; /* KRB_CRED */
366 static int hf_kerberos_encASRepPart; /* EncASRepPart */
367 static int hf_kerberos_encTGSRepPart; /* EncTGSRepPart */
368 static int hf_kerberos_encAPRepPart; /* EncAPRepPart */
369 static int hf_kerberos_encKrbPrivPart; /* ENC_KRB_PRIV_PART */
370 static int hf_kerberos_encKrbCredPart; /* EncKrbCredPart */
371 static int hf_kerberos_krb_error; /* KRB_ERROR */
372 static int hf_kerberos_name_type; /* NAME_TYPE */
373 static int hf_kerberos_name_string; /* SEQUENCE_OF_KerberosString */
374 static int hf_kerberos_name_string_item; /* KerberosString */
375 static int hf_kerberos_cname_string; /* SEQUENCE_OF_CNameString */
376 static int hf_kerberos_cname_string_item; /* CNameString */
377 static int hf_kerberos_sname_string; /* SEQUENCE_OF_SNameString */
378 static int hf_kerberos_sname_string_item; /* SNameString */
379 static int hf_kerberos_addr_type; /* ADDR_TYPE */
380 static int hf_kerberos_address; /* T_address */
381 static int hf_kerberos_HostAddresses_item; /* HostAddress */
382 static int hf_kerberos_AuthorizationData_item; /* AuthorizationData_item */
383 static int hf_kerberos_ad_type; /* AUTHDATA_TYPE */
384 static int hf_kerberos_ad_data; /* T_ad_data */
385 static int hf_kerberos_padata_type; /* PADATA_TYPE */
386 static int hf_kerberos_padata_value; /* T_padata_value */
387 static int hf_kerberos_keytype; /* T_keytype */
388 static int hf_kerberos_keyvalue; /* T_keyvalue */
389 static int hf_kerberos_cksumtype; /* CKSUMTYPE */
390 static int hf_kerberos_checksum; /* T_checksum */
391 static int hf_kerberos_etype; /* ENCTYPE */
392 static int hf_kerberos_kvno; /* UInt32 */
393 static int hf_kerberos_encryptedTicketData_cipher; /* T_encryptedTicketData_cipher */
394 static int hf_kerberos_encryptedAuthorizationData_cipher; /* T_encryptedAuthorizationData_cipher */
395 static int hf_kerberos_encryptedAuthenticator_cipher; /* T_encryptedAuthenticator_cipher */
396 static int hf_kerberos_encryptedKDCREPData_cipher; /* T_encryptedKDCREPData_cipher */
397 static int hf_kerberos_encryptedAPREPData_cipher; /* T_encryptedAPREPData_cipher */
398 static int hf_kerberos_encryptedKrbPrivData_cipher; /* T_encryptedKrbPrivData_cipher */
399 static int hf_kerberos_encryptedKrbCredData_cipher; /* T_encryptedKrbCredData_cipher */
400 static int hf_kerberos_tkt_vno; /* INTEGER_5 */
401 static int hf_kerberos_realm; /* Realm */
402 static int hf_kerberos_sname; /* SName */
403 static int hf_kerberos_ticket_enc_part; /* EncryptedTicketData */
404 static int hf_kerberos_flags; /* TicketFlags */
405 static int hf_kerberos_encTicketPart_key; /* T_encTicketPart_key */
406 static int hf_kerberos_crealm; /* Realm */
407 static int hf_kerberos_cname; /* CName */
408 static int hf_kerberos_transited; /* TransitedEncoding */
409 static int hf_kerberos_authtime; /* KerberosTime */
410 static int hf_kerberos_starttime; /* KerberosTime */
411 static int hf_kerberos_endtime; /* KerberosTime */
412 static int hf_kerberos_renew_till; /* KerberosTime */
413 static int hf_kerberos_caddr; /* HostAddresses */
414 static int hf_kerberos_authorization_data; /* AuthorizationData */
415 static int hf_kerberos_tr_type; /* Int32 */
416 static int hf_kerberos_contents; /* OCTET_STRING */
417 static int hf_kerberos_pvno; /* INTEGER_5 */
418 static int hf_kerberos_msg_type; /* MESSAGE_TYPE */
419 static int hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA; /* T_rEQ_SEQUENCE_OF_PA_DATA */
420 static int hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA_item; /* PA_DATA */
421 static int hf_kerberos_req_body; /* KDC_REQ_BODY */
422 static int hf_kerberos_kdc_options; /* KDCOptions */
423 static int hf_kerberos_from; /* KerberosTime */
424 static int hf_kerberos_till; /* KerberosTime */
425 static int hf_kerberos_rtime; /* KerberosTime */
426 static int hf_kerberos_nonce; /* UInt32 */
427 static int hf_kerberos_kDC_REQ_BODY_etype; /* SEQUENCE_OF_ENCTYPE */
428 static int hf_kerberos_kDC_REQ_BODY_etype_item; /* ENCTYPE */
429 static int hf_kerberos_addresses; /* HostAddresses */
430 static int hf_kerberos_enc_authorization_data; /* EncryptedAuthorizationData */
431 static int hf_kerberos_additional_tickets; /* SEQUENCE_OF_Ticket */
432 static int hf_kerberos_additional_tickets_item; /* Ticket */
433 static int hf_kerberos_rEP_SEQUENCE_OF_PA_DATA; /* T_rEP_SEQUENCE_OF_PA_DATA */
434 static int hf_kerberos_rEP_SEQUENCE_OF_PA_DATA_item; /* PA_DATA */
435 static int hf_kerberos_kDC_REP_enc_part; /* EncryptedKDCREPData */
436 static int hf_kerberos_encKDCRepPart_key; /* T_encKDCRepPart_key */
437 static int hf_kerberos_last_req; /* LastReq */
438 static int hf_kerberos_key_expiration; /* KerberosTime */
439 static int hf_kerberos_srealm; /* Realm */
440 static int hf_kerberos_encrypted_pa_data; /* T_encrypted_pa_data */
441 static int hf_kerberos_LastReq_item; /* LastReq_item */
442 static int hf_kerberos_lr_type; /* LR_TYPE */
443 static int hf_kerberos_lr_value; /* KerberosTime */
444 static int hf_kerberos_ap_options; /* APOptions */
445 static int hf_kerberos_authenticator_enc_part; /* EncryptedAuthenticator */
446 static int hf_kerberos_authenticator_vno; /* INTEGER_5 */
447 static int hf_kerberos_cksum; /* Checksum */
448 static int hf_kerberos_cusec; /* Microseconds */
449 static int hf_kerberos_ctime; /* KerberosTime */
450 static int hf_kerberos_authenticator_subkey; /* T_authenticator_subkey */
451 static int hf_kerberos_seq_number; /* UInt32 */
452 static int hf_kerberos_aP_REP_enc_part; /* EncryptedAPREPData */
453 static int hf_kerberos_encAPRepPart_subkey; /* T_encAPRepPart_subkey */
454 static int hf_kerberos_safe_body; /* KRB_SAFE_BODY */
455 static int hf_kerberos_kRB_SAFE_BODY_user_data; /* T_kRB_SAFE_BODY_user_data */
456 static int hf_kerberos_timestamp; /* KerberosTime */
457 static int hf_kerberos_usec; /* Microseconds */
458 static int hf_kerberos_s_address; /* HostAddress */
459 static int hf_kerberos_r_address; /* HostAddress */
460 static int hf_kerberos_kRB_PRIV_enc_part; /* EncryptedKrbPrivData */
461 static int hf_kerberos_encKrbPrivPart_user_data; /* T_encKrbPrivPart_user_data */
462 static int hf_kerberos_tickets; /* SEQUENCE_OF_Ticket */
463 static int hf_kerberos_tickets_item; /* Ticket */
464 static int hf_kerberos_kRB_CRED_enc_part; /* EncryptedKrbCredData */
465 static int hf_kerberos_ticket_info; /* SEQUENCE_OF_KrbCredInfo */
466 static int hf_kerberos_ticket_info_item; /* KrbCredInfo */
467 static int hf_kerberos_krbCredInfo_key; /* T_krbCredInfo_key */
468 static int hf_kerberos_prealm; /* Realm */
469 static int hf_kerberos_pname; /* PrincipalName */
470 static int hf_kerberos_stime; /* KerberosTime */
471 static int hf_kerberos_susec; /* Microseconds */
472 static int hf_kerberos_error_code; /* ERROR_CODE */
473 static int hf_kerberos_e_text; /* KerberosString */
474 static int hf_kerberos_e_data; /* T_e_data */
475 static int hf_kerberos_e_checksum; /* Checksum */
476 static int hf_kerberos_METHOD_DATA_item; /* PA_DATA */
477 static int hf_kerberos_pA_ENC_TIMESTAMP_cipher; /* T_pA_ENC_TIMESTAMP_cipher */
478 static int hf_kerberos_info_salt; /* OCTET_STRING */
479 static int hf_kerberos_ETYPE_INFO_item; /* ETYPE_INFO_ENTRY */
480 static int hf_kerberos_info2_salt; /* KerberosString */
481 static int hf_kerberos_s2kparams; /* OCTET_STRING */
482 static int hf_kerberos_ETYPE_INFO2_item; /* ETYPE_INFO2_ENTRY */
483 static int hf_kerberos_server_name; /* PrincipalName */
484 static int hf_kerberos_include_pac; /* BOOLEAN */
485 static int hf_kerberos_name; /* PrincipalName */
486 static int hf_kerberos_auth; /* GeneralString */
487 static int hf_kerberos_user_id; /* S4UUserID */
488 static int hf_kerberos_checksum_01; /* Checksum */
489 static int hf_kerberos_cname_01; /* PrincipalName */
490 static int hf_kerberos_subject_certificate; /* T_subject_certificate */
491 static int hf_kerberos_options; /* BIT_STRING */
492 static int hf_kerberos_flags_01; /* PAC_OPTIONS_FLAGS */
493 static int hf_kerberos_restriction_type; /* Int32 */
494 static int hf_kerberos_restriction; /* OCTET_STRING */
495 static int hf_kerberos_PA_KERB_KEY_LIST_REQ_item; /* ENCTYPE */
496 static int hf_kerberos_kerbKeyListRep_key; /* PA_KERB_KEY_LIST_REP_item */
497 static int hf_kerberos_srppa_group; /* KRB5_SRP_GROUP */
498 static int hf_kerberos_salt; /* OCTET_STRING */
499 static int hf_kerberos_iterations; /* UInt32 */
500 static int hf_kerberos_groups; /* SET_OF_KRB5_SRP_PA */
501 static int hf_kerberos_groups_item; /* KRB5_SRP_PA */
502 static int hf_kerberos_as_req_01; /* Checksum */
503 static int hf_kerberos_group; /* UInt32 */
504 static int hf_kerberos_a; /* OCTET_STRING */
505 static int hf_kerberos_AD_AUTHENTICATION_INDICATOR_item; /* UTF8String */
506 static int hf_kerberos_elements; /* AuthorizationData */
507 static int hf_kerberos_kdc_verifier; /* Verifier_MAC */
508 static int hf_kerberos_svc_verifier; /* Verifier_MAC */
509 static int hf_kerberos_other_verifiers; /* SEQUENCE_SIZE_1_MAX_OF_Verifier */
510 static int hf_kerberos_other_verifiers_item; /* Verifier */
511 static int hf_kerberos_mac; /* Verifier_MAC */
512 static int hf_kerberos_identifier; /* PrincipalName */
513 static int hf_kerberos_enctype; /* Int32 */
514 static int hf_kerberos_mac_01; /* Checksum */
515 static int hf_kerberos_newpasswd; /* OCTET_STRING */
516 static int hf_kerberos_targname; /* PrincipalName */
517 static int hf_kerberos_targrealm; /* Realm */
518 static int hf_kerberos_pa_type; /* PADATA_TYPE */
519 static int hf_kerberos_pa_hint; /* OCTET_STRING */
520 static int hf_kerberos_pa_value; /* OCTET_STRING */
521 static int hf_kerberos_armor_type; /* KrbFastArmorTypes */
522 static int hf_kerberos_armor_value; /* T_armor_value */
523 static int hf_kerberos_armored_data_request; /* KrbFastArmoredReq */
524 static int hf_kerberos_encryptedKrbFastReq_cipher; /* T_encryptedKrbFastReq_cipher */
525 static int hf_kerberos_armor; /* KrbFastArmor */
526 static int hf_kerberos_req_checksum; /* Checksum */
527 static int hf_kerberos_enc_fast_req; /* EncryptedKrbFastReq */
528 static int hf_kerberos_armored_data_reply; /* KrbFastArmoredRep */
529 static int hf_kerberos_encryptedKrbFastResponse_cipher; /* T_encryptedKrbFastResponse_cipher */
530 static int hf_kerberos_enc_fast_rep; /* EncryptedKrbFastResponse */
531 static int hf_kerberos_encryptedChallenge_cipher; /* T_encryptedChallenge_cipher */
532 static int hf_kerberos_cipher; /* OCTET_STRING */
533 static int hf_kerberos_groups_01; /* SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup */
534 static int hf_kerberos_groups_item_01; /* SPAKEGroup */
535 static int hf_kerberos_spake_group; /* SPAKEGroup */
536 static int hf_kerberos_pubkey; /* OCTET_STRING */
537 static int hf_kerberos_factors; /* SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor */
538 static int hf_kerberos_factors_item; /* SPAKESecondFactor */
539 static int hf_kerberos_type; /* SPAKESecondFactorType */
540 static int hf_kerberos_data; /* OCTET_STRING */
541 static int hf_kerberos_factor; /* EncryptedSpakeResponseData */
542 static int hf_kerberos_support; /* SPAKESupport */
543 static int hf_kerberos_challenge; /* SPAKEChallenge */
544 static int hf_kerberos_response; /* SPAKEResponse */
545 static int hf_kerberos_encdata; /* EncryptedSpakeData */
546 /* named bits */
547 static int hf_kerberos_APOptions_reserved;
548 static int hf_kerberos_APOptions_use_session_key;
549 static int hf_kerberos_APOptions_mutual_required;
550 static int hf_kerberos_TicketFlags_reserved;
551 static int hf_kerberos_TicketFlags_forwardable;
552 static int hf_kerberos_TicketFlags_forwarded;
553 static int hf_kerberos_TicketFlags_proxiable;
554 static int hf_kerberos_TicketFlags_proxy;
555 static int hf_kerberos_TicketFlags_may_postdate;
556 static int hf_kerberos_TicketFlags_postdated;
557 static int hf_kerberos_TicketFlags_invalid;
558 static int hf_kerberos_TicketFlags_renewable;
559 static int hf_kerberos_TicketFlags_initial;
560 static int hf_kerberos_TicketFlags_pre_authent;
561 static int hf_kerberos_TicketFlags_hw_authent;
562 static int hf_kerberos_TicketFlags_transited_policy_checked;
563 static int hf_kerberos_TicketFlags_ok_as_delegate;
564 static int hf_kerberos_TicketFlags_unused;
565 static int hf_kerberos_TicketFlags_enc_pa_rep;
566 static int hf_kerberos_TicketFlags_anonymous;
567 static int hf_kerberos_KDCOptions_reserved;
568 static int hf_kerberos_KDCOptions_forwardable;
569 static int hf_kerberos_KDCOptions_forwarded;
570 static int hf_kerberos_KDCOptions_proxiable;
571 static int hf_kerberos_KDCOptions_proxy;
572 static int hf_kerberos_KDCOptions_allow_postdate;
573 static int hf_kerberos_KDCOptions_postdated;
574 static int hf_kerberos_KDCOptions_unused7;
575 static int hf_kerberos_KDCOptions_renewable;
576 static int hf_kerberos_KDCOptions_unused9;
577 static int hf_kerberos_KDCOptions_unused10;
578 static int hf_kerberos_KDCOptions_opt_hardware_auth;
579 static int hf_kerberos_KDCOptions_unused12;
580 static int hf_kerberos_KDCOptions_unused13;
581 static int hf_kerberos_KDCOptions_constrained_delegation;
582 static int hf_kerberos_KDCOptions_canonicalize;
583 static int hf_kerberos_KDCOptions_request_anonymous;
584 static int hf_kerberos_KDCOptions_unused17;
585 static int hf_kerberos_KDCOptions_unused18;
586 static int hf_kerberos_KDCOptions_unused19;
587 static int hf_kerberos_KDCOptions_unused20;
588 static int hf_kerberos_KDCOptions_unused21;
589 static int hf_kerberos_KDCOptions_unused22;
590 static int hf_kerberos_KDCOptions_unused23;
591 static int hf_kerberos_KDCOptions_unused24;
592 static int hf_kerberos_KDCOptions_unused25;
593 static int hf_kerberos_KDCOptions_disable_transited_check;
594 static int hf_kerberos_KDCOptions_renewable_ok;
595 static int hf_kerberos_KDCOptions_enc_tkt_in_skey;
596 static int hf_kerberos_KDCOptions_unused29;
597 static int hf_kerberos_KDCOptions_renew;
598 static int hf_kerberos_KDCOptions_validate;
599 static int hf_kerberos_PAC_OPTIONS_FLAGS_claims;
600 static int hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware;
601 static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc;
602 static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation;
603
604 /* Initialize the subtree pointers */
605 static int ett_kerberos;
606 static int ett_krb_recordmark;
607 static int ett_krb_pac;
608 static int ett_krb_pac_drep;
609 static int ett_krb_pac_midl_blob;
610 static int ett_krb_pac_logon_info;
611 static int ett_krb_pac_credential_info;
612 static int ett_krb_pac_s4u_delegation_info;
613 static int ett_krb_pac_upn_dns_info;
614 static int ett_krb_pac_upn_dns_info_flags;
615 static int ett_krb_pac_client_claims_info;
616 static int ett_krb_pac_device_info;
617 static int ett_krb_pac_device_claims_info;
618 static int ett_krb_pac_server_checksum;
619 static int ett_krb_pac_privsvr_checksum;
620 static int ett_krb_pac_client_info_type;
621 static int ett_krb_pac_ticket_checksum;
622 static int ett_krb_pac_attributes_info;
623 static int ett_krb_pac_attributes_info_flags;
624 static int ett_krb_pac_requester_sid;
625 static int ett_krb_pac_full_checksum;
626 static int ett_krb_pa_supported_enctypes;
627 static int ett_krb_ad_ap_options;
628 static int ett_kerberos_KERB_TICKET_LOGON;
629 #ifdef HAVE_KERBEROS
630 static int ett_krb_pa_enc_ts_enc;
631 static int ett_kerberos_KrbFastFinished;
632 static int ett_kerberos_KrbFastResponse;
633 static int ett_kerberos_KrbFastReq;
634 static int ett_kerberos_FastOptions;
635 #endif
636 static int ett_kerberos_Applications;
637 static int ett_kerberos_PrincipalName;
638 static int ett_kerberos_SEQUENCE_OF_KerberosString;
639 static int ett_kerberos_CName;
640 static int ett_kerberos_SEQUENCE_OF_CNameString;
641 static int ett_kerberos_SName;
642 static int ett_kerberos_SEQUENCE_OF_SNameString;
643 static int ett_kerberos_HostAddress;
644 static int ett_kerberos_HostAddresses;
645 static int ett_kerberos_AuthorizationData;
646 static int ett_kerberos_AuthorizationData_item;
647 static int ett_kerberos_PA_DATA;
648 static int ett_kerberos_EncryptionKey;
649 static int ett_kerberos_Checksum;
650 static int ett_kerberos_EncryptedTicketData;
651 static int ett_kerberos_EncryptedAuthorizationData;
652 static int ett_kerberos_EncryptedAuthenticator;
653 static int ett_kerberos_EncryptedKDCREPData;
654 static int ett_kerberos_EncryptedAPREPData;
655 static int ett_kerberos_EncryptedKrbPrivData;
656 static int ett_kerberos_EncryptedKrbCredData;
657 static int ett_kerberos_Ticket_U;
658 static int ett_kerberos_EncTicketPart_U;
659 static int ett_kerberos_TransitedEncoding;
660 static int ett_kerberos_KDC_REQ;
661 static int ett_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA;
662 static int ett_kerberos_KDC_REQ_BODY;
663 static int ett_kerberos_SEQUENCE_OF_ENCTYPE;
664 static int ett_kerberos_SEQUENCE_OF_Ticket;
665 static int ett_kerberos_KDC_REP;
666 static int ett_kerberos_T_rEP_SEQUENCE_OF_PA_DATA;
667 static int ett_kerberos_EncKDCRepPart;
668 static int ett_kerberos_LastReq;
669 static int ett_kerberos_LastReq_item;
670 static int ett_kerberos_AP_REQ_U;
671 static int ett_kerberos_Authenticator_U;
672 static int ett_kerberos_AP_REP_U;
673 static int ett_kerberos_EncAPRepPart_U;
674 static int ett_kerberos_KRB_SAFE_U;
675 static int ett_kerberos_KRB_SAFE_BODY;
676 static int ett_kerberos_KRB_PRIV_U;
677 static int ett_kerberos_EncKrbPrivPart;
678 static int ett_kerberos_KRB_CRED_U;
679 static int ett_kerberos_EncKrbCredPart_U;
680 static int ett_kerberos_SEQUENCE_OF_KrbCredInfo;
681 static int ett_kerberos_KrbCredInfo;
682 static int ett_kerberos_KRB_ERROR_U;
683 static int ett_kerberos_METHOD_DATA;
684 static int ett_kerberos_PA_ENC_TIMESTAMP;
685 static int ett_kerberos_ETYPE_INFO_ENTRY;
686 static int ett_kerberos_ETYPE_INFO;
687 static int ett_kerberos_ETYPE_INFO2_ENTRY;
688 static int ett_kerberos_ETYPE_INFO2;
689 static int ett_kerberos_TGT_REQ;
690 static int ett_kerberos_TGT_REP;
691 static int ett_kerberos_APOptions;
692 static int ett_kerberos_TicketFlags;
693 static int ett_kerberos_KDCOptions;
694 static int ett_kerberos_PA_PAC_REQUEST;
695 static int ett_kerberos_PA_S4U2Self;
696 static int ett_kerberos_PA_S4U_X509_USER;
697 static int ett_kerberos_S4UUserID;
698 static int ett_kerberos_PAC_OPTIONS_FLAGS;
699 static int ett_kerberos_PA_PAC_OPTIONS;
700 static int ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U;
701 static int ett_kerberos_PA_KERB_KEY_LIST_REQ;
702 static int ett_kerberos_PA_KERB_KEY_LIST_REP;
703 static int ett_kerberos_KRB5_SRP_PA;
704 static int ett_kerberos_KRB5_SRP_PA_ANNOUNCE;
705 static int ett_kerberos_SET_OF_KRB5_SRP_PA;
706 static int ett_kerberos_KRB5_SRP_PA_INIT_U;
707 static int ett_kerberos_AD_AUTHENTICATION_INDICATOR;
708 static int ett_kerberos_AD_CAMMAC;
709 static int ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier;
710 static int ett_kerberos_Verifier;
711 static int ett_kerberos_Verifier_MAC;
712 static int ett_kerberos_ChangePasswdData;
713 static int ett_kerberos_PA_AUTHENTICATION_SET_ELEM;
714 static int ett_kerberos_KrbFastArmor;
715 static int ett_kerberos_PA_FX_FAST_REQUEST;
716 static int ett_kerberos_EncryptedKrbFastReq;
717 static int ett_kerberos_KrbFastArmoredReq;
718 static int ett_kerberos_PA_FX_FAST_REPLY;
719 static int ett_kerberos_EncryptedKrbFastResponse;
720 static int ett_kerberos_KrbFastArmoredRep;
721 static int ett_kerberos_EncryptedChallenge;
722 static int ett_kerberos_EncryptedSpakeData;
723 static int ett_kerberos_EncryptedSpakeResponseData;
724 static int ett_kerberos_SPAKESupport;
725 static int ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup;
726 static int ett_kerberos_SPAKEChallenge;
727 static int ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor;
728 static int ett_kerberos_SPAKESecondFactor;
729 static int ett_kerberos_SPAKEResponse;
730 static int ett_kerberos_PA_SPAKE;
731
732 static expert_field ei_kerberos_missing_keytype;
733 static expert_field ei_kerberos_decrypted_keytype;
734 static expert_field ei_kerberos_learnt_keytype;
735 static expert_field ei_kerberos_address;
736 static expert_field ei_krb_gssapi_dlglen;
737
738 static dissector_handle_t krb4_handle;
739
740 /* Global variables */
741 static uint32_t gbl_keytype;
742 static bool gbl_do_col_info;
743
744 #define id_krb5 "1.3.6.1.5.2"
745
746 typedef enum _KERBEROS_AUTHDATA_TYPE_enum {
747 KERBEROS_AD_IF_RELEVANT = 1,
748 KERBEROS_AD_INTENDED_FOR_SERVER = 2,
749 KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS = 3,
750 KERBEROS_AD_KDC_ISSUED = 4,
751 KERBEROS_AD_AND_OR = 5,
752 KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS = 6,
753 KERBEROS_AD_IN_TICKET_EXTENSIONS = 7,
754 KERBEROS_AD_MANDATORY_FOR_KDC = 8,
755 KERBEROS_AD_INITIAL_VERIFIED_CAS = 9,
756 KERBEROS_AD_OSF_DCE = 64,
757 KERBEROS_AD_SESAME = 65,
758 KERBEROS_AD_OSF_DCE_PKI_CERTID = 66,
759 KERBEROS_AD_AUTHENTICATION_STRENGTH = 70,
760 KERBEROS_AD_FX_FAST_ARMOR = 71,
761 KERBEROS_AD_FX_FAST_USED = 72,
762 KERBEROS_AD_CAMMAC = 96,
763 KERBEROS_AD_AUTHENTICATION_INDICATOR = 97,
764 KERBEROS_AD_WIN2K_PAC = 128,
765 KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION = 129,
766 KERBEROS_AD_TOKEN_RESTRICTIONS = 141,
767 KERBEROS_AD_LOCAL = 142,
768 KERBEROS_AD_AP_OPTIONS = 143,
769 KERBEROS_AD_TARGET_PRINCIPAL = 144,
770 KERBEROS_AD_SIGNTICKET_OLDER = -17,
771 KERBEROS_AD_SIGNTICKET = 512,
772 KERBEROS_AD_PFS = 513
773 } KERBEROS_AUTHDATA_TYPE_enum;
774
775 /* enumerated values for ADDR_TYPE */
776 #define KERBEROS_ADDR_TYPE_IPV4 2
777 #define KERBEROS_ADDR_TYPE_CHAOS 5
778 #define KERBEROS_ADDR_TYPE_XEROX 6
779 #define KERBEROS_ADDR_TYPE_ISO 7
780 #define KERBEROS_ADDR_TYPE_DECNET 12
781 #define KERBEROS_ADDR_TYPE_APPLETALK 16
782 #define KERBEROS_ADDR_TYPE_NETBIOS 20
783 #define KERBEROS_ADDR_TYPE_IPV6 24
784
785 typedef enum _KERBEROS_PADATA_TYPE_enum {
786 KERBEROS_PA_NONE = 0,
787 KERBEROS_PA_TGS_REQ = 1,
788 KERBEROS_PA_ENC_TIMESTAMP = 2,
789 KERBEROS_PA_PW_SALT = 3,
790 KERBEROS_PA_ENC_UNIX_TIME = 5,
791 KERBEROS_PA_SANDIA_SECUREID = 6,
792 KERBEROS_PA_SESAME = 7,
793 KERBEROS_PA_OSF_DCE = 8,
794 KERBEROS_PA_CYBERSAFE_SECUREID = 9,
795 KERBEROS_PA_AFS3_SALT = 10,
796 KERBEROS_PA_ETYPE_INFO = 11,
797 KERBEROS_PA_SAM_CHALLENGE = 12,
798 KERBEROS_PA_SAM_RESPONSE = 13,
799 KERBEROS_PA_PK_AS_REQ_19 = 14,
800 KERBEROS_PA_PK_AS_REP_19 = 15,
801 KERBEROS_PA_PK_AS_REQ = 16,
802 KERBEROS_PA_PK_AS_REP = 17,
803 KERBEROS_PA_PK_OCSP_RESPONSE = 18,
804 KERBEROS_PA_ETYPE_INFO2 = 19,
805 KERBEROS_PA_USE_SPECIFIED_KVNO = 20,
806 KERBEROS_PA_SAM_REDIRECT = 21,
807 KERBEROS_TD_PADATA = 22,
808 KERBEROS_PA_SAM_ETYPE_INFO = 23,
809 KERBEROS_PA_ALT_PRINC = 24,
810 KERBEROS_PA_SERVER_REFERRAL = 25,
811 KERBEROS_PA_SAM_CHALLENGE2 = 30,
812 KERBEROS_PA_SAM_RESPONSE2 = 31,
813 KERBEROS_PA_EXTRA_TGT = 41,
814 KERBEROS_TD_PKINIT_CMS_CERTIFICATES = 101,
815 KERBEROS_TD_KRB_PRINCIPAL = 102,
816 KERBEROS_TD_KRB_REALM = 103,
817 KERBEROS_TD_TRUSTED_CERTIFIERS = 104,
818 KERBEROS_TD_CERTIFICATE_INDEX = 105,
819 KERBEROS_TD_APP_DEFINED_ERROR = 106,
820 KERBEROS_TD_REQ_NONCE = 107,
821 KERBEROS_TD_REQ_SEQ = 108,
822 KERBEROS_TD_DH_PARAMETERS = 109,
823 KERBEROS_TD_CMS_DIGEST_ALGORITHMS = 111,
824 KERBEROS_TD_CERT_DIGEST_ALGORITHMS = 112,
825 KERBEROS_PA_PAC_REQUEST = 128,
826 KERBEROS_PA_FOR_USER = 129,
827 KERBEROS_PA_FOR_X509_USER = 130,
828 KERBEROS_PA_FOR_CHECK_DUPS = 131,
829 KERBEROS_PA_PK_AS_09_BINDING = 132,
830 KERBEROS_PA_FX_COOKIE = 133,
831 KERBEROS_PA_AUTHENTICATION_SET = 134,
832 KERBEROS_PA_AUTH_SET_SELECTED = 135,
833 KERBEROS_PA_FX_FAST = 136,
834 KERBEROS_PA_FX_ERROR = 137,
835 KERBEROS_PA_ENCRYPTED_CHALLENGE = 138,
836 KERBEROS_PA_OTP_CHALLENGE = 141,
837 KERBEROS_PA_OTP_REQUEST = 142,
838 KERBEROS_PA_OTP_CONFIRM = 143,
839 KERBEROS_PA_OTP_PIN_CHANGE = 144,
840 KERBEROS_PA_EPAK_AS_REQ = 145,
841 KERBEROS_PA_EPAK_AS_REP = 146,
842 KERBEROS_PA_PKINIT_KX = 147,
843 KERBEROS_PA_PKU2U_NAME = 148,
844 KERBEROS_PA_REQ_ENC_PA_REP = 149,
845 KERBEROS_PA_AS_FRESHNESS = 150,
846 KERBEROS_PA_SPAKE = 151,
847 KERBEROS_PA_REDHAT_IDP_OAUTH2 = 152,
848 KERBEROS_PA_REDHAT_PASSKEY = 153,
849 KERBEROS_PA_KERB_KEY_LIST_REQ = 161,
850 KERBEROS_PA_KERB_KEY_LIST_REP = 162,
851 KERBEROS_PA_SUPPORTED_ETYPES = 165,
852 KERBEROS_PA_EXTENDED_ERROR = 166,
853 KERBEROS_PA_PAC_OPTIONS = 167,
854 KERBEROS_PA_SRP = 250,
855 KERBEROS_PA_PROV_SRV_LOCATION = -1
856 } KERBEROS_PADATA_TYPE_enum;
857
858 typedef enum _KERBEROS_KRBFASTARMORTYPES_enum {
859 KERBEROS_FX_FAST_RESERVED = 0,
860 KERBEROS_FX_FAST_ARMOR_AP_REQUEST = 1
861 } KERBEROS_KRBFASTARMORTYPES_enum;
862
863 static void
864 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
865 {
866 if(!cb){
867 return;
868 }
869
870 while(cb->tag){
871 if(cb->tag==tag){
872 cb->callback(pinfo, tvb, tree);
873 return;
874 }
875 cb++;
876 }
877 return;
878 }
879
880 static int
881 krb5_frame_compare(gconstpointer a, gconstpointer b)
882 {
883 kerberos_frame_t *fa = (kerberos_frame_t *)a;
884 kerberos_frame_t *fb = (kerberos_frame_t *)b;
885
886 return fa->frame - fb->frame;
887 }
888
889 static kerberos_conv_t *krb5_conv_find_or_create(packet_info *pinfo)
890 {
891 conversation_t *conversation = NULL;
892 kerberos_conv_t *kconv = NULL;
893
894 conversation = find_or_create_conversation(pinfo);
895 kconv = (kerberos_conv_t *)conversation_get_proto_data(conversation,
896 proto_kerberos);
897 if (kconv == NULL) {
898 kconv = wmem_new0(wmem_file_scope(), kerberos_conv_t);
899 kconv->frames = wmem_list_new(wmem_file_scope());
900
901 conversation_add_proto_data(conversation, proto_kerberos, kconv);
902 }
903
904 return kconv;
905 }
906
907 static void krb5_conf_add_request(asn1_ctx_t *actx)
908 {
909 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
910 packet_info *pinfo = actx->pinfo;
911 kerberos_frame_t _krqf = { .frame = 0, };
912 kerberos_frame_t *krqf = NULL;
913 wmem_list_frame_t *wf = NULL;
914 kerberos_frame_t *krpf = NULL;
915
916 if (private_data->krb5_conv == NULL)
917 return;
918
919 if (!pinfo->fd->visited) {
920 krqf = wmem_new0(wmem_file_scope(), kerberos_frame_t);
921 if (krqf == NULL) {
922 return;
923 }
924 } else {
925 krqf = &_krqf;
926 }
927
928 krqf->frame = pinfo->num;
929 krqf->frame_time = pinfo->abs_ts;
930 krqf->msg_type = private_data->msg_type;
931 krqf->srt_idx = -1;
932
933 if (!pinfo->fd->visited) {
934 wmem_list_insert_sorted(private_data->krb5_conv->frames,
935 krqf, krb5_frame_compare);
936 }
937
938 wf = wmem_list_find_custom(private_data->krb5_conv->frames,
939 krqf, krb5_frame_compare);
940 if (wf != NULL) {
941 /* The next one should be the response */
942 wf = wmem_list_frame_next(wf);
943 }
944 if (wf == NULL) {
945 return;
946 }
947 krpf = (kerberos_frame_t *)wmem_list_frame_data(wf);
948
949 switch (krpf->msg_type) {
950 case KERBEROS_APPLICATIONS_AS_REP:
951 case KERBEROS_APPLICATIONS_TGS_REP:
952 case KERBEROS_APPLICATIONS_KRB_ERROR:
953 break;
954 default:
955 return;
956 }
957
958 private_data->frame_rep = krpf->frame;
959 }
960
961 static void krb5_conf_add_response(asn1_ctx_t *actx)
962 {
963 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
964 packet_info *pinfo = actx->pinfo;
965 kerberos_frame_t _krpf = { .frame = 0, };
966 kerberos_frame_t *krpf = NULL;
967 wmem_list_frame_t *wf = NULL;
968 kerberos_frame_t *krqf = NULL;
969
970 if (private_data->krb5_conv == NULL)
971 return;
972
973 if (!pinfo->fd->visited) {
974 krpf = wmem_new0(wmem_file_scope(), kerberos_frame_t);
975 if (krpf == NULL) {
976 return;
977 }
978 } else {
979 krpf = &_krpf;
980 }
981
982 krpf->frame = pinfo->num;
983 krpf->frame_time = pinfo->abs_ts;
984 krpf->msg_type = private_data->msg_type;
985 krpf->srt_idx = -1;
986
987 if (!pinfo->fd->visited) {
988 wmem_list_insert_sorted(private_data->krb5_conv->frames,
989 krpf, krb5_frame_compare);
990 }
991
992 wf = wmem_list_find_custom(private_data->krb5_conv->frames,
993 krpf, krb5_frame_compare);
994 if (wf != NULL) {
995 /*
996 * replace the pointer with the one allocated on
997 * wmem_file_scope()
998 */
999 krpf = (kerberos_frame_t *)wmem_list_frame_data(wf);
1000 /* The previous one should be the request */
1001 wf = wmem_list_frame_prev(wf);
1002 }
1003 if (wf == NULL) {
1004 return;
1005 }
1006 krqf = (kerberos_frame_t *)wmem_list_frame_data(wf);
1007 krpf->req = krqf;
1008
1009 switch (krqf->msg_type) {
1010 case KERBEROS_APPLICATIONS_AS_REQ:
1011 if (private_data->msg_type == KERBEROS_APPLICATIONS_AS_REP) {
1012 krpf->srt_idx = 0;
1013 break;
1014 }
1015 if (private_data->msg_type == KERBEROS_APPLICATIONS_KRB_ERROR) {
1016 krpf->srt_idx = 1;
1017 break;
1018 }
1019 return;
1020 case KERBEROS_APPLICATIONS_TGS_REQ:
1021 if (private_data->msg_type == KERBEROS_APPLICATIONS_TGS_REP) {
1022 krpf->srt_idx = 2;
1023 break;
1024 }
1025 if (private_data->msg_type == KERBEROS_APPLICATIONS_KRB_ERROR) {
1026 krpf->srt_idx = 3;
1027 break;
1028 }
1029 return;
1030 default:
1031 return;
1032 }
1033
1034 private_data->frame_req = krqf->frame;
1035 private_data->req_time = krqf->frame_time;
1036
1037 tap_queue_packet(kerberos_tap, pinfo, krpf);
1038 }
1039
1040 static void
1041 krb5stat_init(struct register_srt* srt _U_, GArray* srt_array _U_)
1042 {
1043 srt_stat_table *krb5_srt_table = NULL;
1044
1045 krb5_srt_table = init_srt_table("Kerberos", "krb5", srt_array, 4, NULL, "kerberos.msg_type", NULL);
1046 init_srt_table_row(krb5_srt_table, 0, "AS-REP");
1047 init_srt_table_row(krb5_srt_table, 1, "AS-ERROR");
1048 init_srt_table_row(krb5_srt_table, 2, "TGS-REP");
1049 init_srt_table_row(krb5_srt_table, 3, "TGS-ERROR");
1050 }
1051
1052 static tap_packet_status
1053 krb5stat_packet(void *pss _U_, packet_info *pinfo, epan_dissect_t *edt _U_, const void *prv, tap_flags_t flags _U_)
1054 {
1055 srt_stat_table *krb5_srt_table = NULL;
1056 srt_data_t *data = (srt_data_t *)pss;
1057 kerberos_frame_t *krpf = (kerberos_frame_t *)prv;
1058
1059 if (krpf == NULL)
1060 return TAP_PACKET_DONT_REDRAW;
1061
1062 if (krpf->req == NULL)
1063 return TAP_PACKET_DONT_REDRAW;
1064
1065 krb5_srt_table = g_array_index(data->srt_array, srt_stat_table*, 0);
1066 add_srt_table_data(krb5_srt_table, krpf->srt_idx, &krpf->req->frame_time, pinfo);
1067 return TAP_PACKET_REDRAW;
1068 }
1069
1070 static kerberos_private_data_t*
1071 kerberos_new_private_data(packet_info *pinfo)
1072 {
1073 kerberos_private_data_t *p;
1074 void *existing;
1075
1076 p = wmem_new0(pinfo->pool, kerberos_private_data_t);
1077 if (p == NULL) {
1078 return NULL;
1079 }
1080 p->frame_req = UINT32_MAX;
1081 p->frame_rep = UINT32_MAX;
1082
1083 p->decryption_keys = wmem_list_new(pinfo->pool);
1084 p->learnt_keys = wmem_list_new(pinfo->pool);
1085 p->missing_keys = wmem_list_new(pinfo->pool);
1086
1087 existing = p_get_proto_data(pinfo->pool, pinfo, proto_kerberos, 0);
1088 if (existing != NULL) {
1089 /*
1090 * We only remember the first one.
1091 */
1092 return p;
1093 }
1094
1095 p_add_proto_data(pinfo->pool, pinfo, proto_kerberos, 0, p);
1096 p->krb5_conv = krb5_conv_find_or_create(pinfo);
1097 return p;
1098 }
1099
1100 static kerberos_private_data_t*
1101 kerberos_get_private_data(asn1_ctx_t *actx)
1102 {
1103 if (!actx->private_data) {
1104 actx->private_data = kerberos_new_private_data(actx->pinfo);
1105 }
1106 return (kerberos_private_data_t *)(actx->private_data);
1107 }
1108
1109 static bool
1110 kerberos_private_is_kdc_req(kerberos_private_data_t *private_data)
1111 {
1112 switch (private_data->msg_type) {
1113 case KERBEROS_APPLICATIONS_AS_REQ:
1114 case KERBEROS_APPLICATIONS_TGS_REQ:
1115 return true;
1116 }
1117
1118 return false;
1119 }
1120
1121 bool
1122 kerberos_is_win2k_pkinit(asn1_ctx_t *actx)
1123 {
1124 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1125
1126 return private_data->is_win2k_pkinit;
1127 }
1128
1129 static int dissect_kerberos_defer_PA_FX_FAST_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
1130 {
1131 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
1132
1133 /*
1134 * dissect_ber_octet_string_wcb() always passes
1135 * implicit_tag=false, offset=0 and hf_index=-1
1136 *
1137 * It means we only need to remember tvb and tree
1138 * in order to replay dissect_kerberos_PA_FX_FAST_REQUEST()
1139 * in dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA()
1140 */
1141 ws_assert(implicit_tag == false);
1142 ws_assert(offset == 0);
1143 ws_assert(hf_index <= 0);
1144
1145 if (private_data->PA_FX_FAST_REQUEST.defer) {
1146 /*
1147 * Remember the tvb (and the optional tree)
1148 */
1149 private_data->PA_FX_FAST_REQUEST.tvb = tvb;
1150 private_data->PA_FX_FAST_REQUEST.tree = tree;
1151 /*
1152 * only handle the first PA_FX_FAST_REQUEST...
1153 */
1154 private_data->PA_FX_FAST_REQUEST.defer = false;
1155 return tvb_reported_length_remaining(tvb, offset);
1156 }
1157
1158 return dissect_kerberos_PA_FX_FAST_REQUEST(implicit_tag, tvb, offset, actx, tree, hf_index);
1159 }
1160
1161 #ifdef HAVE_KERBEROS
1162
1163 /* Decrypt Kerberos blobs */
1164 bool krb_decrypt;
1165
1166 /* keytab filename */
1167 static const char *keytab_filename = "";
1168
1169 void
1170 read_keytab_file_from_preferences(void)
1171 {
1172 static char *last_keytab = NULL;
1173
1174 if (!krb_decrypt) {
1175 return;
1176 }
1177
1178 if (keytab_filename == NULL) {
1179 return;
1180 }
1181
1182 if (last_keytab && !strcmp(last_keytab, keytab_filename)) {
1183 return;
1184 }
1185
1186 g_free(last_keytab);
1187 last_keytab = g_strdup(keytab_filename);
1188
1189 read_keytab_file(last_keytab);
1190 }
1191 #endif /* HAVE_KERBEROS */
1192
1193 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
1194 enc_key_t *enc_key_list=NULL;
1195 enc_key_t *kerberos_last_decryption_key=NULL;
1196 static unsigned kerberos_longterm_ids;
1197 wmem_map_t *kerberos_longterm_keys;
1198 static wmem_map_t *kerberos_all_keys;
1199 static wmem_map_t *kerberos_app_session_keys;
1200
1201 static bool
1202 enc_key_list_cb(wmem_allocator_t* allocator _U_, wmem_cb_event_t event _U_, void *user_data _U_)
1203 {
1204 enc_key_list = NULL;
1205 kerberos_longterm_ids = 0;
1206 /* keep the callback registered */
1207 return true;
1208 }
1209
1210 static int enc_key_cmp_id(const void *k1, const void *k2)
1211 {
1212 const enc_key_t *key1 = (const enc_key_t *)k1;
1213 const enc_key_t *key2 = (const enc_key_t *)k2;
1214
1215 if (key1->fd_num < key2->fd_num) {
1216 return -1;
1217 }
1218 if (key1->fd_num > key2->fd_num) {
1219 return 1;
1220 }
1221
1222 if (key1->id < key2->id) {
1223 return -1;
1224 }
1225 if (key1->id > key2->id) {
1226 return 1;
1227 }
1228
1229 return 0;
1230 }
1231
1232 static gboolean
1233 enc_key_content_equal(const void *k1, const void *k2)
1234 {
1235 const enc_key_t *key1 = (const enc_key_t *)k1;
1236 const enc_key_t *key2 = (const enc_key_t *)k2;
1237 int cmp;
1238
1239 if (key1->keytype != key2->keytype) {
1240 return false;
1241 }
1242
1243 if (key1->keylength != key2->keylength) {
1244 return false;
1245 }
1246
1247 cmp = memcmp(key1->keyvalue, key2->keyvalue, key1->keylength);
1248 if (cmp != 0) {
1249 return false;
1250 }
1251
1252 return true;
1253 }
1254
1255 static unsigned
1256 enc_key_content_hash(const void *k)
1257 {
1258 const enc_key_t *key = (const enc_key_t *)k;
1259 unsigned ret = 0;
1260
1261 ret += wmem_strong_hash((const uint8_t *)&key->keytype,
1262 sizeof(key->keytype));
1263 ret += wmem_strong_hash((const uint8_t *)&key->keylength,
1264 sizeof(key->keylength));
1265 ret += wmem_strong_hash((const uint8_t *)key->keyvalue,
1266 key->keylength);
1267
1268 return ret;
1269 }
1270
1271 static void
1272 kerberos_key_map_insert(wmem_map_t *key_map, enc_key_t *new_key)
1273 {
1274 enc_key_t *existing = NULL;
1275 enc_key_t *cur = NULL;
1276 int cmp;
1277
1278 existing = (enc_key_t *)wmem_map_lookup(key_map, new_key);
1279 if (existing == NULL) {
1280 wmem_map_insert(key_map, new_key, new_key);
1281 return;
1282 }
1283
1284 if (key_map != kerberos_all_keys) {
1285 /*
1286 * It should already be linked to the existing key...
1287 */
1288 return;
1289 }
1290
1291 if (existing->fd_num == -1 && new_key->fd_num != -1) {
1292 /*
1293 * We can't reference a learnt key
1294 * from a longterm key. As they have
1295 * a shorter lifetime.
1296 *
1297 * So just let the learnt key remember the
1298 * match.
1299 */
1300 new_key->same_list = existing;
1301 new_key->num_same = existing->num_same + 1;
1302 return;
1303 }
1304
1305 /*
1306 * If a key with the same content (keytype,keylength,keyvalue)
1307 * already exists, we want the earliest key to be
1308 * in the list.
1309 */
1310 cmp = enc_key_cmp_id(new_key, existing);
1311 if (cmp == 0) {
1312 /*
1313 * It's the same, nothing to do...
1314 */
1315 return;
1316 }
1317 if (cmp < 0) {
1318 /* The new key has should be added to the list. */
1319 new_key->same_list = existing;
1320 new_key->num_same = existing->num_same + 1;
1321 wmem_map_insert(key_map, new_key, new_key);
1322 return;
1323 }
1324
1325 /*
1326 * We want to link the new_key to the existing one.
1327 *
1328 * But we want keep the list sorted, so we need to forward
1329 * to the correct spot.
1330 */
1331 for (cur = existing; cur->same_list != NULL; cur = cur->same_list) {
1332 cmp = enc_key_cmp_id(new_key, cur->same_list);
1333 if (cmp == 0) {
1334 /*
1335 * It's the same, nothing to do...
1336 */
1337 return;
1338 }
1339
1340 if (cmp < 0) {
1341 /*
1342 * We found the correct spot,
1343 * the new_key should added
1344 * between existing and existing->same_list
1345 */
1346 new_key->same_list = cur->same_list;
1347 new_key->num_same = cur->num_same;
1348 break;
1349 }
1350 }
1351
1352 /*
1353 * finally link new_key to existing
1354 * and fix up the numbers
1355 */
1356 cur->same_list = new_key;
1357 for (cur = existing; cur != new_key; cur = cur->same_list) {
1358 cur->num_same += 1;
1359 }
1360
1361 return;
1362 }
1363
1364 struct insert_longterm_keys_into_key_map_state {
1365 wmem_map_t *key_map;
1366 };
1367
1368 static void insert_longterm_keys_into_key_map_cb(void *__key _U_,
1369 void *value,
1370 void *user_data)
1371 {
1372 struct insert_longterm_keys_into_key_map_state *state =
1373 (struct insert_longterm_keys_into_key_map_state *)user_data;
1374 enc_key_t *key = (enc_key_t *)value;
1375
1376 kerberos_key_map_insert(state->key_map, key);
1377 }
1378
1379 static void insert_longterm_keys_into_key_map(wmem_map_t *key_map)
1380 {
1381 /*
1382 * Because the kerberos_longterm_keys are allocated on
1383 * wmem_epan_scope() and kerberos_all_keys are allocated
1384 * on wmem_file_scope(), we need to plug the longterm keys
1385 * back to kerberos_all_keys if a new file was loaded
1386 * and wmem_file_scope() got cleared.
1387 */
1388 if (wmem_map_size(key_map) < wmem_map_size(kerberos_longterm_keys)) {
1389 struct insert_longterm_keys_into_key_map_state state = {
1390 .key_map = key_map,
1391 };
1392 /*
1393 * Reference all longterm keys into kerberos_all_keys
1394 */
1395 wmem_map_foreach(kerberos_longterm_keys,
1396 insert_longterm_keys_into_key_map_cb,
1397 &state);
1398 }
1399 }
1400
1401 static void
1402 kerberos_key_list_append(wmem_list_t *key_list, enc_key_t *new_key)
1403 {
1404 enc_key_t *existing = NULL;
1405
1406 existing = (enc_key_t *)wmem_list_find(key_list, new_key);
1407 if (existing != NULL) {
1408 return;
1409 }
1410
1411 wmem_list_append(key_list, new_key);
1412 }
1413
1414 void
1415 kerberos_inject_longterm_key(packet_info *pinfo,
1416 proto_tree *key_tree,
1417 proto_item *key_hidden_item,
1418 tvbuff_t *key_tvb,
1419 int keytype, int keylength, const uint8_t *keyvalue,
1420 const char *origin)
1421 {
1422 wmem_allocator_t *key_scope = NULL;
1423 enc_key_t *new_key = NULL;
1424 const char *methodl = "learnt";
1425 const char *methodu = "Learnt";
1426 proto_item *item = NULL;
1427
1428 if(pinfo->fd->visited){
1429 /*
1430 * We already processed this,
1431 * we can use a shortterm scope
1432 */
1433 key_scope = pinfo->pool;
1434 } else {
1435 /*
1436 * As long as we have enc_key_list, we need to
1437 * use wmem_epan_scope(), when that's gone
1438 * we can dynamically select the scope based on
1439 * how long we'll need the particular key.
1440 */
1441 key_scope = wmem_epan_scope();
1442 }
1443
1444 new_key = wmem_new0(key_scope, enc_key_t);
1445 snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s %s in frame %u",
1446 methodl, origin, pinfo->num);
1447 new_key->fd_num = -1; /* indication for longterm key for FAST */
1448 new_key->id = ++kerberos_longterm_ids;
1449 snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "learnt.%d.%u",
1450 pinfo->num, new_key->id);
1451 new_key->keytype=keytype;
1452 new_key->keylength=keylength;
1453 memcpy(new_key->keyvalue, keyvalue, MIN(keylength, KRB_MAX_KEY_LENGTH));
1454
1455 if(!pinfo->fd->visited){
1456 /*
1457 * Only keep it if we don't processed it before.
1458 */
1459 new_key->next=enc_key_list;
1460 enc_key_list=new_key;
1461 kerberos_key_map_insert(kerberos_longterm_keys, new_key);
1462 insert_longterm_keys_into_key_map(kerberos_all_keys);
1463 kerberos_key_map_insert(kerberos_all_keys, new_key);
1464 }
1465
1466 item = proto_tree_add_expert_format(key_tree, pinfo, &ei_kerberos_learnt_keytype,
1467 key_tvb, 0, keylength,
1468 "%s %s keytype %d (id=%s) (%02x%02x%02x%02x...)",
1469 methodu, origin, keytype, new_key->id_str,
1470 keyvalue[0] & 0xFF, keyvalue[1] & 0xFF,
1471 keyvalue[2] & 0xFF, keyvalue[3] & 0xFF);
1472 if (item != NULL && key_hidden_item != NULL) {
1473 proto_tree_move_item(key_tree, key_hidden_item, item);
1474 }
1475 }
1476
1477 static void
1478 add_encryption_key(packet_info *pinfo,
1479 kerberos_private_data_t *private_data,
1480 proto_tree *key_tree,
1481 proto_item *key_hidden_item,
1482 tvbuff_t *key_tvb,
1483 int keytype, int keylength, const char *keyvalue,
1484 const char *origin,
1485 enc_key_t *src1, enc_key_t *src2)
1486 {
1487 wmem_allocator_t *key_scope = NULL;
1488 enc_key_t *new_key = NULL;
1489 const char *methodl = "learnt";
1490 const char *methodu = "Learnt";
1491 proto_item *item = NULL;
1492
1493 private_data->last_added_key = NULL;
1494
1495 if (src1 != NULL && src2 != NULL) {
1496 methodl = "derived";
1497 methodu = "Derived";
1498 }
1499 // dummy
1500 if(pinfo->fd->visited){
1501 /*
1502 * We already processed this,
1503 * we can use a shortterm scope
1504 */
1505 key_scope = pinfo->pool;
1506 } else {
1507 /*
1508 * As long as we have enc_key_list, we need to
1509 * use wmem_epan_scope(), when that's gone
1510 * we can dynamically select the scope based on
1511 * how long we'll need the particular key.
1512 */
1513 key_scope = wmem_epan_scope();
1514 }
1515
1516 new_key = wmem_new0(key_scope, enc_key_t);
1517 snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s %s in frame %u",
1518 methodl, origin, pinfo->num);
1519 new_key->fd_num = pinfo->num;
1520 new_key->id = ++private_data->learnt_key_ids;
1521 snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "%d.%u",
1522 new_key->fd_num, new_key->id);
1523 new_key->keytype=keytype;
1524 new_key->keylength=keylength;
1525 memcpy(new_key->keyvalue, keyvalue, MIN(keylength, KRB_MAX_KEY_LENGTH));
1526 new_key->src1 = src1;
1527 new_key->src2 = src2;
1528
1529 if(!pinfo->fd->visited){
1530 /*
1531 * Only keep it if we don't processed it before.
1532 */
1533 new_key->next=enc_key_list;
1534 enc_key_list=new_key;
1535 insert_longterm_keys_into_key_map(kerberos_all_keys);
1536 kerberos_key_map_insert(kerberos_all_keys, new_key);
1537 }
1538
1539 item = proto_tree_add_expert_format(key_tree, pinfo, &ei_kerberos_learnt_keytype,
1540 key_tvb, 0, keylength,
1541 "%s %s keytype %d (id=%d.%u) (%02x%02x%02x%02x...)",
1542 methodu, origin, keytype, pinfo->num, new_key->id,
1543 keyvalue[0] & 0xFF, keyvalue[1] & 0xFF,
1544 keyvalue[2] & 0xFF, keyvalue[3] & 0xFF);
1545 if (item != NULL && key_hidden_item != NULL) {
1546 proto_tree_move_item(key_tree, key_hidden_item, item);
1547 }
1548 if (src1 != NULL) {
1549 enc_key_t *sek = src1;
1550 expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype,
1551 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1552 sek->key_origin, sek->keytype,
1553 sek->id_str, sek->num_same,
1554 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1555 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1556 }
1557 if (src2 != NULL) {
1558 enc_key_t *sek = src2;
1559 expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype,
1560 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1561 sek->key_origin, sek->keytype,
1562 sek->id_str, sek->num_same,
1563 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1564 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1565 }
1566
1567 kerberos_key_list_append(private_data->learnt_keys, new_key);
1568 private_data->last_added_key = new_key;
1569 }
1570
1571 static void
1572 save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
1573 asn1_ctx_t *actx _U_, proto_tree *tree _U_,
1574 int parent_hf_index _U_,
1575 int hf_index _U_)
1576 {
1577 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1578 const char *parent = proto_registrar_get_name(parent_hf_index);
1579 const char *element = proto_registrar_get_name(hf_index);
1580 char origin[KRB_MAX_ORIG_LEN] = { 0, };
1581
1582 snprintf(origin, KRB_MAX_ORIG_LEN, "%s_%s", parent, element);
1583
1584 add_encryption_key(actx->pinfo,
1585 private_data,
1586 private_data->key_tree,
1587 private_data->key_hidden_item,
1588 private_data->key_tvb,
1589 private_data->key.keytype,
1590 private_data->key.keylength,
1591 private_data->key.keyvalue,
1592 origin,
1593 NULL,
1594 NULL);
1595 }
1596
1597 static void
1598 save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length,
1599 asn1_ctx_t *actx, proto_tree *tree,
1600 int parent_hf_index,
1601 int hf_index)
1602 {
1603 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1604
1605 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1606
1607 if (private_data->last_decryption_key == NULL) {
1608 return;
1609 }
1610 if (private_data->last_added_key == NULL) {
1611 return;
1612 }
1613
1614 if (private_data->within_PA_TGS_REQ != 0) {
1615 private_data->PA_TGS_REQ_key = private_data->last_decryption_key;
1616 private_data->PA_TGS_REQ_subkey = private_data->last_added_key;
1617 }
1618 if (private_data->fast_armor_within_armor_value != 0) {
1619 private_data->PA_FAST_ARMOR_AP_key = private_data->last_decryption_key;
1620 private_data->PA_FAST_ARMOR_AP_subkey = private_data->last_added_key;
1621 }
1622 }
1623
1624 static void
1625 save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length,
1626 asn1_ctx_t *actx, proto_tree *tree,
1627 int parent_hf_index,
1628 int hf_index)
1629 {
1630 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1631
1632 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1633
1634 if (actx->pinfo->fd->visited) {
1635 return;
1636 }
1637
1638 if (private_data->last_added_key == NULL) {
1639 return;
1640 }
1641
1642 private_data->last_added_key->is_ap_rep_key = true;
1643
1644 if (private_data->last_decryption_key != NULL &&
1645 private_data->last_decryption_key->is_ticket_key)
1646 {
1647 enc_key_t *ak = private_data->last_added_key;
1648 enc_key_t *tk = private_data->last_decryption_key;
1649
1650 /*
1651 * The enc_key_t structures and their strings
1652 * in pac_names are all allocated on wmem_epan_scope(),
1653 * so we don't need to copy the content.
1654 */
1655 ak->pac_names = tk->pac_names;
1656 }
1657
1658 kerberos_key_map_insert(kerberos_app_session_keys, private_data->last_added_key);
1659 }
1660
1661 static void
1662 save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length,
1663 asn1_ctx_t *actx, proto_tree *tree,
1664 int parent_hf_index,
1665 int hf_index)
1666 {
1667 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1668 }
1669
1670 static void
1671 save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length,
1672 asn1_ctx_t *actx, proto_tree *tree,
1673 int parent_hf_index,
1674 int hf_index)
1675 {
1676 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1677
1678 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1679
1680 if (actx->pinfo->fd->visited) {
1681 return;
1682 }
1683
1684 if (private_data->last_added_key == NULL) {
1685 return;
1686 }
1687
1688 private_data->current_ticket_key = private_data->last_added_key;
1689 private_data->current_ticket_key->is_ticket_key = true;
1690 }
1691
1692 static void
1693 save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length,
1694 asn1_ctx_t *actx, proto_tree *tree,
1695 int parent_hf_index,
1696 int hf_index)
1697 {
1698 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1699 }
1700
1701 static void
1702 save_KrbFastResponse_strengthen_key(tvbuff_t *tvb, int offset, int length,
1703 asn1_ctx_t *actx, proto_tree *tree,
1704 int parent_hf_index,
1705 int hf_index)
1706 {
1707 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1708
1709 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1710
1711 private_data->fast_strengthen_key = private_data->last_added_key;
1712 }
1713
1714 static void used_encryption_key(proto_tree *tree, packet_info *pinfo,
1715 kerberos_private_data_t *private_data,
1716 enc_key_t *ek, int usage, tvbuff_t *cryptotvb,
1717 const char *keymap_name,
1718 unsigned keymap_size,
1719 unsigned decryption_count)
1720 {
1721 proto_item *item = NULL;
1722 enc_key_t *sek = NULL;
1723
1724 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
1725 cryptotvb, 0, 0,
1726 "Decrypted keytype %d usage %d "
1727 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1728 ek->keytype, usage, ek->key_origin, ek->id_str, ek->num_same,
1729 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
1730 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
1731 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1732 "Used keymap=%s num_keys=%u num_tries=%u)",
1733 keymap_name,
1734 keymap_size,
1735 decryption_count);
1736 if (ek->src1 != NULL) {
1737 sek = ek->src1;
1738 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1739 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1740 sek->key_origin, sek->keytype,
1741 sek->id_str, sek->num_same,
1742 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1743 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1744 }
1745 if (ek->src2 != NULL) {
1746 sek = ek->src2;
1747 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1748 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1749 sek->key_origin, sek->keytype,
1750 sek->id_str, sek->num_same,
1751 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1752 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1753 }
1754 sek = ek->same_list;
1755 while (sek != NULL) {
1756 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1757 "Decrypted keytype %d usage %d "
1758 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1759 sek->keytype, usage, sek->key_origin, sek->id_str, sek->num_same,
1760 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1761 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1762 sek = sek->same_list;
1763 }
1764 kerberos_key_list_append(private_data->decryption_keys, ek);
1765 private_data->last_decryption_key = ek;
1766 kerberos_last_decryption_key = ek;
1767 }
1768 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
1769
1770 #ifdef HAVE_MIT_KERBEROS
1771
1772 static void missing_encryption_key(proto_tree *tree, packet_info *pinfo,
1773 kerberos_private_data_t *private_data,
1774 int keytype, int usage, tvbuff_t *cryptotvb,
1775 const char *keymap_name,
1776 unsigned keymap_size,
1777 unsigned decryption_count)
1778 {
1779 proto_item *item = NULL;
1780 enc_key_t *mek = NULL;
1781
1782 mek = wmem_new0(pinfo->pool, enc_key_t);
1783 snprintf(mek->key_origin, KRB_MAX_ORIG_LEN,
1784 "keytype %d usage %d missing in frame %u",
1785 keytype, usage, pinfo->num);
1786 mek->fd_num = pinfo->num;
1787 mek->id = ++private_data->missing_key_ids;
1788 snprintf(mek->id_str, KRB_MAX_ID_STR_LEN, "missing.%u",
1789 mek->id);
1790 mek->keytype=keytype;
1791
1792 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype,
1793 cryptotvb, 0, 0,
1794 "Missing keytype %d usage %d (id=%s)",
1795 keytype, usage, mek->id_str);
1796 expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype,
1797 "Used keymap=%s num_keys=%u num_tries=%u)",
1798 keymap_name,
1799 keymap_size,
1800 decryption_count);
1801
1802 kerberos_key_list_append(private_data->missing_keys, mek);
1803 }
1804
1805 #ifdef HAVE_KRB5_PAC_VERIFY
1806 static void used_signing_key(proto_tree *tree, packet_info *pinfo,
1807 kerberos_private_data_t *private_data,
1808 enc_key_t *ek, tvbuff_t *tvb,
1809 krb5_cksumtype checksum,
1810 const char *reason,
1811 const char *keymap_name,
1812 unsigned keymap_size,
1813 unsigned verify_count)
1814 {
1815 proto_item *item = NULL;
1816 enc_key_t *sek = NULL;
1817
1818 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
1819 tvb, 0, 0,
1820 "%s checksum %d keytype %d "
1821 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1822 reason, checksum, ek->keytype, ek->key_origin,
1823 ek->id_str, ek->num_same,
1824 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
1825 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
1826 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1827 "Used keymap=%s num_keys=%u num_tries=%u)",
1828 keymap_name,
1829 keymap_size,
1830 verify_count);
1831 sek = ek->same_list;
1832 while (sek != NULL) {
1833 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1834 "%s checksum %d keytype %d "
1835 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1836 reason, checksum, sek->keytype, sek->key_origin,
1837 sek->id_str, sek->num_same,
1838 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1839 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1840 sek = sek->same_list;
1841 }
1842 kerberos_key_list_append(private_data->decryption_keys, ek);
1843 }
1844
1845 static void missing_signing_key(proto_tree *tree, packet_info *pinfo,
1846 kerberos_private_data_t *private_data,
1847 tvbuff_t *tvb,
1848 krb5_cksumtype checksum,
1849 int keytype,
1850 const char *reason,
1851 const char *keymap_name,
1852 unsigned keymap_size,
1853 unsigned verify_count)
1854 {
1855 proto_item *item = NULL;
1856 enc_key_t *mek = NULL;
1857
1858 mek = wmem_new0(pinfo->pool, enc_key_t);
1859 snprintf(mek->key_origin, KRB_MAX_ORIG_LEN,
1860 "checksum %d keytype %d missing in frame %u",
1861 checksum, keytype, pinfo->num);
1862 mek->fd_num = pinfo->num;
1863 mek->id = ++private_data->missing_key_ids;
1864 snprintf(mek->id_str, KRB_MAX_ID_STR_LEN, "missing.%u",
1865 mek->id);
1866 mek->keytype=keytype;
1867
1868 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype,
1869 tvb, 0, 0,
1870 "%s checksum %d keytype %d (id=%s)",
1871 reason, checksum, keytype, mek->id_str);
1872 expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype,
1873 "Used keymap=%s num_keys=%u num_tries=%u)",
1874 keymap_name,
1875 keymap_size,
1876 verify_count);
1877
1878 kerberos_key_list_append(private_data->missing_keys, mek);
1879 }
1880
1881 #endif /* HAVE_KRB5_PAC_VERIFY */
1882
1883 static krb5_context krb5_ctx;
1884
1885 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE
1886 static void
1887 krb5_fast_key(asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb,
1888 enc_key_t *ek1 _U_, const char *p1 _U_,
1889 enc_key_t *ek2 _U_, const char *p2 _U_,
1890 const char *origin _U_)
1891 {
1892 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1893 krb5_error_code ret;
1894 krb5_keyblock k1;
1895 krb5_keyblock k2;
1896 krb5_keyblock *k = NULL;
1897
1898 if (!krb_decrypt) {
1899 return;
1900 }
1901
1902 if (ek1 == NULL) {
1903 return;
1904 }
1905
1906 if (ek2 == NULL) {
1907 return;
1908 }
1909
1910 k1.magic = KV5M_KEYBLOCK;
1911 k1.enctype = ek1->keytype;
1912 k1.length = ek1->keylength;
1913 k1.contents = (uint8_t *)ek1->keyvalue;
1914
1915 k2.magic = KV5M_KEYBLOCK;
1916 k2.enctype = ek2->keytype;
1917 k2.length = ek2->keylength;
1918 k2.contents = (uint8_t *)ek2->keyvalue;
1919
1920 ret = krb5_c_fx_cf2_simple(krb5_ctx, &k1, p1, &k2, p2, &k);
1921 if (ret != 0) {
1922 return;
1923 }
1924
1925 add_encryption_key(actx->pinfo,
1926 private_data,
1927 tree, NULL, tvb,
1928 k->enctype, k->length,
1929 (const char *)k->contents,
1930 origin,
1931 ek1, ek2);
1932
1933 krb5_free_keyblock(krb5_ctx, k);
1934 }
1935 #else /* HAVE_KRB5_C_FX_CF2_SIMPLE */
1936 static void
1937 krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_,
1938 enc_key_t *ek1 _U_, const char *p1 _U_,
1939 enc_key_t *ek2 _U_, const char *p2 _U_,
1940 const char *origin _U_)
1941 {
1942 }
1943 #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */
1944
1945 USES_APPLE_DEPRECATED_API
1946 void
1947 read_keytab_file(const char *filename)
1948 {
1949 krb5_keytab keytab;
1950 krb5_error_code ret;
1951 krb5_keytab_entry key;
1952 krb5_kt_cursor cursor;
1953 static bool first_time=true;
1954
1955 if (filename == NULL || filename[0] == 0) {
1956 return;
1957 }
1958
1959 if(first_time){
1960 first_time=false;
1961 ret = krb5_init_context(&krb5_ctx);
1962 if(ret && ret != KRB5_CONFIG_CANTOPEN){
1963 return;
1964 }
1965 }
1966
1967 /* should use a file in the wireshark users dir */
1968 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
1969 if(ret){
1970 fprintf(stderr, "KERBEROS ERROR: Badly formatted keytab filename :%s\n",filename);
1971
1972 return;
1973 }
1974
1975 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
1976 if(ret){
1977 fprintf(stderr, "KERBEROS ERROR: Could not open or could not read from keytab file :%s\n",filename);
1978 return;
1979 }
1980
1981 do{
1982 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
1983 if(ret==0){
1984 enc_key_t *new_key;
1985 int i;
1986 char *pos;
1987
1988 new_key = wmem_new0(wmem_epan_scope(), enc_key_t);
1989 new_key->fd_num = -1;
1990 new_key->id = ++kerberos_longterm_ids;
1991 snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "keytab.%u", new_key->id);
1992 new_key->next = enc_key_list;
1993
1994 /* generate origin string, describing where this key came from */
1995 pos=new_key->key_origin;
1996 pos+=MIN(KRB_MAX_ORIG_LEN,
1997 snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
1998 for(i=0;i<key.principal->length;i++){
1999 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
2000 snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data));
2001 }
2002 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
2003 snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data));
2004 *pos=0;
2005 new_key->keytype=key.key.enctype;
2006 new_key->keylength=key.key.length;
2007 memcpy(new_key->keyvalue,
2008 key.key.contents,
2009 MIN(key.key.length, KRB_MAX_KEY_LENGTH));
2010
2011 enc_key_list=new_key;
2012 ret = krb5_free_keytab_entry_contents(krb5_ctx, &key);
2013 if (ret) {
2014 fprintf(stderr, "KERBEROS ERROR: Could not release the entry: %d", ret);
2015 ret = 0; /* try to continue with the next entry */
2016 }
2017 kerberos_key_map_insert(kerberos_longterm_keys, new_key);
2018 }
2019 }while(ret==0);
2020
2021 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
2022 if(ret){
2023 fprintf(stderr, "KERBEROS ERROR: Could not release the keytab cursor: %d", ret);
2024 }
2025 ret = krb5_kt_close(krb5_ctx, keytab);
2026 if(ret){
2027 fprintf(stderr, "KERBEROS ERROR: Could not close the key table handle: %d", ret);
2028 }
2029 }
2030
2031 struct decrypt_krb5_with_cb_state {
2032 proto_tree *tree;
2033 packet_info *pinfo;
2034 kerberos_private_data_t *private_data;
2035 int usage;
2036 int keytype;
2037 tvbuff_t *cryptotvb;
2038 krb5_error_code (*decrypt_cb_fn)(
2039 const krb5_keyblock *key,
2040 int usage,
2041 void *decrypt_cb_data);
2042 void *decrypt_cb_data;
2043 unsigned count;
2044 enc_key_t *ek;
2045 };
2046
2047 static void
2048 decrypt_krb5_with_cb_try_key(void *__key _U_, void *value, void *userdata)
2049 {
2050 struct decrypt_krb5_with_cb_state *state =
2051 (struct decrypt_krb5_with_cb_state *)userdata;
2052 enc_key_t *ek = (enc_key_t *)value;
2053 krb5_error_code ret;
2054 krb5_keytab_entry key;
2055 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE
2056 enc_key_t *ak = state->private_data->fast_armor_key;
2057 enc_key_t *sk = state->private_data->fast_strengthen_key;
2058 bool try_with_armor_key = false;
2059 bool try_with_strengthen_key = false;
2060 #endif
2061
2062 if (state->ek != NULL) {
2063 /*
2064 * we're done.
2065 */
2066 return;
2067 }
2068
2069 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE
2070 if (ak != NULL && ak != ek && ak->keytype == state->keytype && ek->fd_num == -1) {
2071 switch (state->usage) {
2072 case KEY_USAGE_ENC_CHALLENGE_CLIENT:
2073 case KEY_USAGE_ENC_CHALLENGE_KDC:
2074 if (ek->fd_num == -1) {
2075 /* Challenges are based on a long term key */
2076 try_with_armor_key = true;
2077 }
2078 break;
2079 }
2080
2081 /*
2082 * If we already have a strengthen_key
2083 * we don't need to try with the armor key
2084 * again
2085 */
2086 if (sk != NULL) {
2087 try_with_armor_key = false;
2088 }
2089 }
2090
2091 if (sk != NULL && sk != ek && sk->keytype == state->keytype && sk->keytype == ek->keytype) {
2092 switch (state->usage) {
2093 case 3:
2094 if (ek->fd_num == -1) {
2095 /* AS-REP is based on a long term key */
2096 try_with_strengthen_key = true;
2097 }
2098 break;
2099 case 8:
2100 case 9:
2101 if (ek->fd_num != -1) {
2102 /* TGS-REP is not based on a long term key */
2103 try_with_strengthen_key = true;
2104 }
2105 break;
2106 }
2107 }
2108
2109 if (try_with_armor_key) {
2110 krb5_keyblock k1;
2111 krb5_keyblock k2;
2112 krb5_keyblock *k = NULL;
2113 const char *p1 = NULL;
2114
2115 k1.magic = KV5M_KEYBLOCK;
2116 k1.enctype = ak->keytype;
2117 k1.length = ak->keylength;
2118 k1.contents = (uint8_t *)ak->keyvalue;
2119
2120 k2.magic = KV5M_KEYBLOCK;
2121 k2.enctype = ek->keytype;
2122 k2.length = ek->keylength;
2123 k2.contents = (uint8_t *)ek->keyvalue;
2124
2125 switch (state->usage) {
2126 case KEY_USAGE_ENC_CHALLENGE_CLIENT:
2127 p1 = "clientchallengearmor";
2128 break;
2129 case KEY_USAGE_ENC_CHALLENGE_KDC:
2130 p1 = "kdcchallengearmor";
2131 break;
2132 default:
2133 /*
2134 * Should never be called!
2135 */
2136 /*
2137 * try the next one...
2138 */
2139 return;
2140 }
2141
2142 ret = krb5_c_fx_cf2_simple(krb5_ctx,
2143 &k1, p1,
2144 &k2, "challengelongterm",
2145 &k);
2146 if (ret != 0) {
2147 /*
2148 * try the next one...
2149 */
2150 return;
2151 }
2152
2153 state->count += 1;
2154 ret = state->decrypt_cb_fn(k,
2155 state->usage,
2156 state->decrypt_cb_data);
2157 if (ret == 0) {
2158 add_encryption_key(state->pinfo,
2159 state->private_data,
2160 state->tree,
2161 NULL,
2162 state->cryptotvb,
2163 k->enctype, k->length,
2164 (const char *)k->contents,
2165 p1,
2166 ak, ek);
2167 krb5_free_keyblock(krb5_ctx, k);
2168 /*
2169 * remember the key and stop traversing
2170 */
2171 state->ek = state->private_data->last_added_key;
2172 return;
2173 }
2174 krb5_free_keyblock(krb5_ctx, k);
2175 /*
2176 * don't stop traversing...
2177 * try the next one...
2178 */
2179 return;
2180 }
2181
2182 if (try_with_strengthen_key) {
2183 krb5_keyblock k1;
2184 krb5_keyblock k2;
2185 krb5_keyblock *k = NULL;
2186
2187 k1.magic = KV5M_KEYBLOCK;
2188 k1.enctype = sk->keytype;
2189 k1.length = sk->keylength;
2190 k1.contents = (uint8_t *)sk->keyvalue;
2191
2192 k2.magic = KV5M_KEYBLOCK;
2193 k2.enctype = ek->keytype;
2194 k2.length = ek->keylength;
2195 k2.contents = (uint8_t *)ek->keyvalue;
2196
2197 ret = krb5_c_fx_cf2_simple(krb5_ctx,
2198 &k1, "strengthenkey",
2199 &k2, "replykey",
2200 &k);
2201 if (ret != 0) {
2202 /*
2203 * try the next one...
2204 */
2205 return;
2206 }
2207
2208 state->count += 1;
2209 ret = state->decrypt_cb_fn(k,
2210 state->usage,
2211 state->decrypt_cb_data);
2212 if (ret == 0) {
2213 add_encryption_key(state->pinfo,
2214 state->private_data,
2215 state->tree,
2216 NULL,
2217 state->cryptotvb,
2218 k->enctype, k->length,
2219 (const char *)k->contents,
2220 "strengthen-reply-key",
2221 sk, ek);
2222 krb5_free_keyblock(krb5_ctx, k);
2223 /*
2224 * remember the key and stop traversing
2225 */
2226 state->ek = state->private_data->last_added_key;
2227 return;
2228 }
2229 krb5_free_keyblock(krb5_ctx, k);
2230 /*
2231 * don't stop traversing...
2232 * try the next one...
2233 */
2234 return;
2235 }
2236 #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */
2237
2238 /* shortcircuit and bail out if enctypes are not matching */
2239 if ((state->keytype != -1) && (ek->keytype != state->keytype)) {
2240 /*
2241 * don't stop traversing...
2242 * try the next one...
2243 */
2244 return;
2245 }
2246
2247 key.key.enctype=ek->keytype;
2248 key.key.length=ek->keylength;
2249 key.key.contents=ek->keyvalue;
2250 state->count += 1;
2251 ret = state->decrypt_cb_fn(&(key.key),
2252 state->usage,
2253 state->decrypt_cb_data);
2254 if (ret != 0) {
2255 /*
2256 * don't stop traversing...
2257 * try the next one...
2258 */
2259 return;
2260 }
2261
2262 /*
2263 * we're done, remember the key
2264 */
2265 state->ek = ek;
2266 }
2267
2268 static krb5_error_code
2269 decrypt_krb5_with_cb(proto_tree *tree,
2270 packet_info *pinfo,
2271 kerberos_private_data_t *private_data,
2272 int usage,
2273 int keytype,
2274 tvbuff_t *cryptotvb,
2275 krb5_error_code (*decrypt_cb_fn)(
2276 const krb5_keyblock *key,
2277 int usage,
2278 void *decrypt_cb_data),
2279 void *decrypt_cb_data)
2280 {
2281 const char *key_map_name = NULL;
2282 wmem_map_t *key_map = NULL;
2283 struct decrypt_krb5_with_cb_state state = {
2284 .tree = tree,
2285 .pinfo = pinfo,
2286 .private_data = private_data,
2287 .usage = usage,
2288 .cryptotvb = cryptotvb,
2289 .keytype = keytype,
2290 .decrypt_cb_fn = decrypt_cb_fn,
2291 .decrypt_cb_data = decrypt_cb_data,
2292 };
2293
2294 read_keytab_file_from_preferences();
2295
2296 switch (usage) {
2297 case KRB5_KU_USAGE_INITIATOR_SEAL:
2298 case KRB5_KU_USAGE_ACCEPTOR_SEAL:
2299 key_map_name = "app_session_keys";
2300 key_map = kerberos_app_session_keys;
2301 break;
2302 default:
2303 key_map_name = "all_keys";
2304 key_map = kerberos_all_keys;
2305 insert_longterm_keys_into_key_map(key_map);
2306 break;
2307 }
2308
2309 wmem_map_foreach(key_map, decrypt_krb5_with_cb_try_key, &state);
2310 if (state.ek != NULL) {
2311 used_encryption_key(tree, pinfo, private_data,
2312 state.ek, usage, cryptotvb,
2313 key_map_name,
2314 wmem_map_size(key_map),
2315 state.count);
2316 return 0;
2317 }
2318
2319 missing_encryption_key(tree, pinfo, private_data,
2320 keytype, usage, cryptotvb,
2321 key_map_name,
2322 wmem_map_size(key_map),
2323 state.count);
2324 return -1;
2325 }
2326
2327 struct decrypt_krb5_data_state {
2328 krb5_data input;
2329 krb5_data output;
2330 };
2331
2332 static krb5_error_code
2333 decrypt_krb5_data_cb(const krb5_keyblock *key,
2334 int usage,
2335 void *decrypt_cb_data)
2336 {
2337 struct decrypt_krb5_data_state *state =
2338 (struct decrypt_krb5_data_state *)decrypt_cb_data;
2339 krb5_enc_data input;
2340
2341 memset(&input, 0, sizeof(input));
2342 input.enctype = key->enctype;
2343 input.ciphertext = state->input;
2344
2345 return krb5_c_decrypt(krb5_ctx,
2346 key,
2347 usage,
2348 0,
2349 &input,
2350 &state->output);
2351 }
2352
2353 static uint8_t *
2354 decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo,
2355 kerberos_private_data_t *private_data,
2356 int usage, tvbuff_t *cryptotvb, int keytype,
2357 int *datalen)
2358 {
2359 #define HAVE_DECRYPT_KRB5_DATA_PRIVATE 1
2360 struct decrypt_krb5_data_state state;
2361 krb5_error_code ret;
2362 int length = tvb_captured_length(cryptotvb);
2363 const uint8_t *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
2364
2365 /* don't do anything if we are not attempting to decrypt data */
2366 if(!krb_decrypt || length < 1){
2367 return NULL;
2368 }
2369
2370 /* make sure we have all the data we need */
2371 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
2372 return NULL;
2373 }
2374
2375 memset(&state, 0, sizeof(state));
2376 state.input.length = length;
2377 state.input.data = (uint8_t *)cryptotext;
2378 state.output.data = (char *)wmem_alloc(pinfo->pool, length);
2379 state.output.length = length;
2380
2381 ret = decrypt_krb5_with_cb(tree,
2382 pinfo,
2383 private_data,
2384 usage,
2385 keytype,
2386 cryptotvb,
2387 decrypt_krb5_data_cb,
2388 &state);
2389 if (ret != 0) {
2390 return NULL;
2391 }
2392
2393 if (datalen) {
2394 *datalen = state.output.length;
2395 }
2396 return (uint8_t *)state.output.data;
2397 }
2398
2399 uint8_t *
2400 decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
2401 int usage,
2402 tvbuff_t *cryptotvb,
2403 int keytype,
2404 int *datalen)
2405 {
2406 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo);
2407 return decrypt_krb5_data_private(tree, pinfo, zero_private,
2408 usage, cryptotvb, keytype,
2409 datalen);
2410 }
2411
2412 USES_APPLE_RST
2413
2414 #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY
2415 struct decrypt_krb5_krb_cfx_dce_state {
2416 const uint8_t *gssapi_header_ptr;
2417 unsigned gssapi_header_len;
2418 tvbuff_t *gssapi_encrypted_tvb;
2419 uint8_t *gssapi_payload;
2420 unsigned gssapi_payload_len;
2421 const uint8_t *gssapi_trailer_ptr;
2422 unsigned gssapi_trailer_len;
2423 tvbuff_t *checksum_tvb;
2424 uint8_t *checksum;
2425 unsigned checksum_len;
2426 };
2427
2428 static krb5_error_code
2429 decrypt_krb5_krb_cfx_dce_cb(const krb5_keyblock *key,
2430 int usage,
2431 void *decrypt_cb_data)
2432 {
2433 struct decrypt_krb5_krb_cfx_dce_state *state =
2434 (struct decrypt_krb5_krb_cfx_dce_state *)decrypt_cb_data;
2435 unsigned int k5_headerlen = 0;
2436 unsigned int k5_headerofs = 0;
2437 unsigned int k5_trailerlen = 0;
2438 unsigned int k5_trailerofs = 0;
2439 size_t _k5_blocksize = 0;
2440 unsigned k5_blocksize;
2441 krb5_crypto_iov iov[6];
2442 krb5_error_code ret;
2443 unsigned checksum_remain = state->checksum_len;
2444 unsigned checksum_crypt_len;
2445
2446 memset(iov, 0, sizeof(iov));
2447
2448 ret = krb5_c_crypto_length(krb5_ctx,
2449 key->enctype,
2450 KRB5_CRYPTO_TYPE_HEADER,
2451 &k5_headerlen);
2452 if (ret != 0) {
2453 return ret;
2454 }
2455 if (checksum_remain < k5_headerlen) {
2456 return -1;
2457 }
2458 checksum_remain -= k5_headerlen;
2459 k5_headerofs = checksum_remain;
2460 ret = krb5_c_crypto_length(krb5_ctx,
2461 key->enctype,
2462 KRB5_CRYPTO_TYPE_TRAILER,
2463 &k5_trailerlen);
2464 if (ret != 0) {
2465 return ret;
2466 }
2467 if (checksum_remain < k5_trailerlen) {
2468 return -1;
2469 }
2470 checksum_remain -= k5_trailerlen;
2471 k5_trailerofs = checksum_remain;
2472 checksum_crypt_len = checksum_remain;
2473
2474 ret = krb5_c_block_size(krb5_ctx,
2475 key->enctype,
2476 &_k5_blocksize);
2477 if (ret != 0) {
2478 return ret;
2479 }
2480 /*
2481 * The cast is required for the Windows build in order
2482 * to avoid the following warning.
2483 *
2484 * warning C4267: '-=': conversion from 'size_t' to 'unsigned',
2485 * possible loss of data
2486 */
2487 k5_blocksize = (unsigned)_k5_blocksize;
2488 if (checksum_remain < k5_blocksize) {
2489 return -1;
2490 }
2491 checksum_remain -= k5_blocksize;
2492 if (checksum_remain < 16) {
2493 return -1;
2494 }
2495
2496 tvb_memcpy(state->gssapi_encrypted_tvb,
2497 state->gssapi_payload,
2498 0,
2499 state->gssapi_payload_len);
2500 tvb_memcpy(state->checksum_tvb,
2501 state->checksum,
2502 0,
2503 state->checksum_len);
2504
2505 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
2506 iov[0].data.data = state->checksum + k5_headerofs;
2507 iov[0].data.length = k5_headerlen;
2508
2509 if (state->gssapi_header_ptr != NULL) {
2510 iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
2511 iov[1].data.data = (uint8_t *)(uintptr_t)state->gssapi_header_ptr;
2512 iov[1].data.length = state->gssapi_header_len;
2513 } else {
2514 iov[1].flags = KRB5_CRYPTO_TYPE_EMPTY;
2515 }
2516
2517 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
2518 iov[2].data.data = state->gssapi_payload;
2519 iov[2].data.length = state->gssapi_payload_len;
2520
2521 if (state->gssapi_trailer_ptr != NULL) {
2522 iov[3].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
2523 iov[3].data.data = (uint8_t *)(uintptr_t)state->gssapi_trailer_ptr;
2524 iov[3].data.length = state->gssapi_trailer_len;
2525 } else {
2526 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
2527 }
2528
2529 iov[4].flags = KRB5_CRYPTO_TYPE_DATA;
2530 iov[4].data.data = state->checksum;
2531 iov[4].data.length = checksum_crypt_len;
2532
2533 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER;
2534 iov[5].data.data = state->checksum + k5_trailerofs;
2535 iov[5].data.length = k5_trailerlen;
2536
2537 return krb5_c_decrypt_iov(krb5_ctx,
2538 key,
2539 usage,
2540 0,
2541 iov,
2542 6);
2543 }
2544
2545 tvbuff_t *
2546 decrypt_krb5_krb_cfx_dce(proto_tree *tree,
2547 packet_info *pinfo,
2548 int usage,
2549 int keytype,
2550 tvbuff_t *gssapi_header_tvb,
2551 tvbuff_t *gssapi_encrypted_tvb,
2552 tvbuff_t *gssapi_trailer_tvb,
2553 tvbuff_t *checksum_tvb)
2554 {
2555 struct decrypt_krb5_krb_cfx_dce_state state;
2556 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo);
2557 tvbuff_t *gssapi_decrypted_tvb = NULL;
2558 krb5_error_code ret;
2559
2560 /* don't do anything if we are not attempting to decrypt data */
2561 if (!krb_decrypt) {
2562 return NULL;
2563 }
2564
2565 memset(&state, 0, sizeof(state));
2566
2567 /* make sure we have all the data we need */
2568 #define __CHECK_TVB_LEN(__tvb) (tvb_captured_length(__tvb) < tvb_reported_length(__tvb))
2569 if (gssapi_header_tvb != NULL) {
2570 if (__CHECK_TVB_LEN(gssapi_header_tvb)) {
2571 return NULL;
2572 }
2573
2574 state.gssapi_header_len = tvb_captured_length(gssapi_header_tvb);
2575 state.gssapi_header_ptr = tvb_get_ptr(gssapi_header_tvb,
2576 0,
2577 state.gssapi_header_len);
2578 }
2579 if (gssapi_encrypted_tvb == NULL || __CHECK_TVB_LEN(gssapi_encrypted_tvb)) {
2580 return NULL;
2581 }
2582 state.gssapi_encrypted_tvb = gssapi_encrypted_tvb;
2583 state.gssapi_payload_len = tvb_captured_length(gssapi_encrypted_tvb);
2584 state.gssapi_payload = (uint8_t *)wmem_alloc0(pinfo->pool, state.gssapi_payload_len);
2585 if (state.gssapi_payload == NULL) {
2586 return NULL;
2587 }
2588 if (gssapi_trailer_tvb != NULL) {
2589 if (__CHECK_TVB_LEN(gssapi_trailer_tvb)) {
2590 return NULL;
2591 }
2592
2593 state.gssapi_trailer_len = tvb_captured_length(gssapi_trailer_tvb);
2594 state.gssapi_trailer_ptr = tvb_get_ptr(gssapi_trailer_tvb,
2595 0,
2596 state.gssapi_trailer_len);
2597 }
2598 if (checksum_tvb == NULL || __CHECK_TVB_LEN(checksum_tvb)) {
2599 return NULL;
2600 }
2601 state.checksum_tvb = checksum_tvb;
2602 state.checksum_len = tvb_captured_length(checksum_tvb);
2603 state.checksum = (uint8_t *)wmem_alloc0(pinfo->pool, state.checksum_len);
2604 if (state.checksum == NULL) {
2605 return NULL;
2606 }
2607
2608 ret = decrypt_krb5_with_cb(tree,
2609 pinfo,
2610 zero_private,
2611 usage,
2612 keytype,
2613 gssapi_encrypted_tvb,
2614 decrypt_krb5_krb_cfx_dce_cb,
2615 &state);
2616 wmem_free(pinfo->pool, state.checksum);
2617 if (ret != 0) {
2618 wmem_free(pinfo->pool, state.gssapi_payload);
2619 return NULL;
2620 }
2621
2622 gssapi_decrypted_tvb = tvb_new_child_real_data(gssapi_encrypted_tvb,
2623 state.gssapi_payload,
2624 state.gssapi_payload_len,
2625 state.gssapi_payload_len);
2626 if (gssapi_decrypted_tvb == NULL) {
2627 wmem_free(pinfo->pool, state.gssapi_payload);
2628 return NULL;
2629 }
2630
2631 return gssapi_decrypted_tvb;
2632 }
2633 #else /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */
2634 #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1
2635 #endif /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */
2636
2637 #ifdef HAVE_KRB5_PAC_VERIFY
2638 /*
2639 * macOS up to 10.14.5 only has a MIT shim layer on top
2640 * of heimdal. It means that krb5_pac_verify() is not available
2641 * in /usr/lib/libkrb5.dylib
2642 *
2643 * https://opensource.apple.com/tarballs/Heimdal/Heimdal-520.260.1.tar.gz
2644 * https://opensource.apple.com/tarballs/MITKerberosShim/MITKerberosShim-71.200.1.tar.gz
2645 */
2646
2647 extern krb5_error_code
2648 krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
2649
2650 extern void krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *);
2651 extern krb5_error_code
2652 decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep);
2653 extern krb5_error_code
2654 encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code);
2655
2656 static int
2657 keytype_for_cksumtype(krb5_cksumtype checksum)
2658 {
2659 static const int keytypes[] = {
2660 18,
2661 17,
2662 23,
2663 };
2664 unsigned i;
2665
2666 for (i = 0; i < array_length(keytypes); i++) {
2667 krb5_cksumtype checksumtype = 0;
2668 krb5_error_code ret;
2669
2670 ret = krb5int_c_mandatory_cksumtype(krb5_ctx,
2671 keytypes[i],
2672 &checksumtype);
2673 if (ret != 0) {
2674 continue;
2675 }
2676 if (checksum == checksumtype) {
2677 return keytypes[i];
2678 }
2679 }
2680
2681 return -1;
2682 }
2683
2684 struct verify_krb5_pac_state {
2685 int pacbuffer_length;
2686 const uint8_t *pacbuffer;
2687 krb5_pac pac;
2688 krb5_cksumtype server_checksum;
2689 unsigned server_count;
2690 enc_key_t *server_ek;
2691 krb5_cksumtype kdc_checksum;
2692 unsigned kdc_count;
2693 enc_key_t *kdc_ek;
2694 krb5_cksumtype ticket_checksum_type;
2695 const krb5_data *ticket_checksum_data;
2696 krb5_cksumtype full_checksum_type;
2697 const krb5_data *full_checksum_data;
2698 unsigned full_count;
2699 enc_key_t *full_ek;
2700 };
2701
2702 static void
2703 verify_krb5_pac_try_server_key(void *__key _U_, void *value, void *userdata)
2704 {
2705 struct verify_krb5_pac_state *state =
2706 (struct verify_krb5_pac_state *)userdata;
2707 enc_key_t *ek = (enc_key_t *)value;
2708 krb5_keyblock keyblock;
2709 krb5_cksumtype checksumtype = 0;
2710 krb5_error_code ret;
2711
2712 if (state->server_checksum == 0) {
2713 /*
2714 * nothing more todo, stop traversing.
2715 */
2716 return;
2717 }
2718
2719 if (state->server_ek != NULL) {
2720 /*
2721 * we're done.
2722 */
2723 return;
2724 }
2725
2726 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype,
2727 &checksumtype);
2728 if (ret != 0) {
2729 /*
2730 * the key is not usable, keep traversing.
2731 * try the next key...
2732 */
2733 return;
2734 }
2735
2736 keyblock.magic = KV5M_KEYBLOCK;
2737 keyblock.enctype = ek->keytype;
2738 keyblock.length = ek->keylength;
2739 keyblock.contents = (uint8_t *)ek->keyvalue;
2740
2741 if (checksumtype == state->server_checksum) {
2742 state->server_count += 1;
2743 ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL,
2744 &keyblock, NULL);
2745 if (ret == 0) {
2746 state->server_ek = ek;
2747 }
2748 }
2749 }
2750
2751 static void
2752 verify_krb5_pac_try_kdc_key(void *__key _U_, void *value, void *userdata)
2753 {
2754 struct verify_krb5_pac_state *state =
2755 (struct verify_krb5_pac_state *)userdata;
2756 enc_key_t *ek = (enc_key_t *)value;
2757 krb5_keyblock keyblock;
2758 krb5_cksumtype checksumtype = 0;
2759 krb5_error_code ret;
2760
2761 if (state->kdc_checksum == 0) {
2762 /*
2763 * nothing more todo, stop traversing.
2764 */
2765 return;
2766 }
2767
2768 if (state->kdc_ek != NULL) {
2769 /*
2770 * we're done.
2771 */
2772 return;
2773 }
2774
2775 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype,
2776 &checksumtype);
2777 if (ret != 0) {
2778 /*
2779 * the key is not usable, keep traversing.
2780 * try the next key...
2781 */
2782 return;
2783 }
2784
2785 keyblock.magic = KV5M_KEYBLOCK;
2786 keyblock.enctype = ek->keytype;
2787 keyblock.length = ek->keylength;
2788 keyblock.contents = (uint8_t *)ek->keyvalue;
2789
2790 if (checksumtype == state->kdc_checksum) {
2791 state->kdc_count += 1;
2792 ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL,
2793 NULL, &keyblock);
2794 if (ret == 0) {
2795 state->kdc_ek = ek;
2796 }
2797 }
2798 }
2799
2800 #define __KRB5_PAC_TICKET_CHECKSUM 16
2801
2802 static void
2803 verify_krb5_pac_ticket_checksum(proto_tree *tree _U_,
2804 asn1_ctx_t *actx _U_,
2805 tvbuff_t *pactvb _U_,
2806 struct verify_krb5_pac_state *state _U_)
2807 {
2808 #ifdef HAVE_DECODE_KRB5_ENC_TKT_PART
2809 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2810 tvbuff_t *teptvb = private_data->last_ticket_enc_part_tvb;
2811 unsigned teplength = 0;
2812 const uint8_t *tepbuffer = NULL;
2813 krb5_data tepdata = { .length = 0, };
2814 krb5_enc_tkt_part *tep = NULL;
2815 krb5_data *tmpdata = NULL;
2816 krb5_error_code ret;
2817 krb5_authdata **recoded_container = NULL;
2818 int ad_orig_idx = -1;
2819 krb5_authdata *ad_orig_ptr = NULL;
2820 int l0idx = 0;
2821 krb5_keyblock kdc_key = { .magic = KV5M_KEYBLOCK, };
2822 size_t checksum_length = 0;
2823 krb5_checksum checksum = { .checksum_type = 0, };
2824 krb5_boolean valid = false;
2825
2826 if (state->kdc_ek == NULL) {
2827 int keytype = keytype_for_cksumtype(state->ticket_checksum_type);
2828 missing_signing_key(tree, actx->pinfo, private_data,
2829 pactvb, state->ticket_checksum_type,
2830 keytype,
2831 "Missing KDC (for ticket)",
2832 "kdc_checksum_key",
2833 0,
2834 0);
2835 return;
2836 }
2837
2838 if (teptvb == NULL) {
2839 return;
2840 }
2841
2842 teplength = tvb_captured_length(teptvb);
2843 /* make sure we have all the data we need */
2844 if (teplength < tvb_reported_length(teptvb)) {
2845 return;
2846 }
2847
2848 tepbuffer = tvb_get_ptr(teptvb, 0, teplength);
2849 if (tepbuffer == NULL) {
2850 return;
2851 }
2852
2853 kdc_key.magic = KV5M_KEYBLOCK;
2854 kdc_key.enctype = state->kdc_ek->keytype;
2855 kdc_key.length = state->kdc_ek->keylength;
2856 kdc_key.contents = (uint8_t *)state->kdc_ek->keyvalue;
2857
2858 checksum.checksum_type = state->ticket_checksum_type;
2859 checksum.length = state->ticket_checksum_data->length;
2860 checksum.contents = (uint8_t *)state->ticket_checksum_data->data;
2861 if (checksum.length >= 4) {
2862 checksum.length -= 4;
2863 checksum.contents += 4;
2864 }
2865
2866 ret = krb5_c_checksum_length(krb5_ctx,
2867 checksum.checksum_type,
2868 &checksum_length);
2869 if (ret != 0) {
2870 missing_signing_key(tree, actx->pinfo, private_data,
2871 pactvb, state->ticket_checksum_type,
2872 state->kdc_ek->keytype,
2873 "krb5_c_checksum_length failed for Ticket Signature",
2874 "kdc_checksum_key",
2875 1,
2876 0);
2877 return;
2878 }
2879 checksum.length = MIN(checksum.length, (unsigned int)checksum_length);
2880
2881 tepdata.data = (void *)tepbuffer;
2882 tepdata.length = teplength;
2883
2884 ret = decode_krb5_enc_tkt_part(&tepdata, &tep);
2885 if (ret != 0) {
2886 missing_signing_key(tree, actx->pinfo, private_data,
2887 pactvb, state->ticket_checksum_type,
2888 state->kdc_ek->keytype,
2889 "decode_krb5_enc_tkt_part failed",
2890 "kdc_checksum_key",
2891 1,
2892 0);
2893 return;
2894 }
2895
2896 for (l0idx = 0; tep->authorization_data[l0idx]; l0idx++) {
2897 krb5_authdata *adl0 = tep->authorization_data[l0idx];
2898 krb5_authdata **decoded_container = NULL;
2899 krb5_authdata *ad_pac = NULL;
2900 int l1idx = 0;
2901
2902 if (adl0->ad_type != KRB5_AUTHDATA_IF_RELEVANT) {
2903 continue;
2904 }
2905
2906 ret = krb5_decode_authdata_container(krb5_ctx,
2907 KRB5_AUTHDATA_IF_RELEVANT,
2908 adl0,
2909 &decoded_container);
2910 if (ret != 0) {
2911 missing_signing_key(tree, actx->pinfo, private_data,
2912 pactvb, state->ticket_checksum_type,
2913 state->kdc_ek->keytype,
2914 "krb5_decode_authdata_container failed",
2915 "kdc_checksum_key",
2916 1,
2917 0);
2918 krb5_free_enc_tkt_part(krb5_ctx, tep);
2919 return;
2920 }
2921
2922 for (l1idx = 0; decoded_container[l1idx]; l1idx++) {
2923 krb5_authdata *adl1 = decoded_container[l1idx];
2924
2925 if (adl1->ad_type != KRB5_AUTHDATA_WIN2K_PAC) {
2926 continue;
2927 }
2928
2929 ad_pac = adl1;
2930 break;
2931 }
2932
2933 if (ad_pac == NULL) {
2934 krb5_free_authdata(krb5_ctx, decoded_container);
2935 continue;
2936 }
2937
2938 ad_pac->length = 1;
2939 ad_pac->contents[0] = '\0';
2940
2941 ret = krb5_encode_authdata_container(krb5_ctx,
2942 KRB5_AUTHDATA_IF_RELEVANT,
2943 decoded_container,
2944 &recoded_container);
2945 krb5_free_authdata(krb5_ctx, decoded_container);
2946 decoded_container = NULL;
2947 if (ret != 0) {
2948 missing_signing_key(tree, actx->pinfo, private_data,
2949 pactvb, state->ticket_checksum_type,
2950 state->kdc_ek->keytype,
2951 "krb5_encode_authdata_container failed",
2952 "kdc_checksum_key",
2953 1,
2954 0);
2955 krb5_free_enc_tkt_part(krb5_ctx, tep);
2956 return;
2957 }
2958
2959 ad_orig_idx = l0idx;
2960 ad_orig_ptr = adl0;
2961 tep->authorization_data[l0idx] = recoded_container[0];
2962 break;
2963 }
2964
2965 ret = encode_krb5_enc_tkt_part(tep, &tmpdata);
2966 if (ad_orig_ptr != NULL) {
2967 tep->authorization_data[ad_orig_idx] = ad_orig_ptr;
2968 }
2969 krb5_free_enc_tkt_part(krb5_ctx, tep);
2970 tep = NULL;
2971 if (recoded_container != NULL) {
2972 krb5_free_authdata(krb5_ctx, recoded_container);
2973 recoded_container = NULL;
2974 }
2975 if (ret != 0) {
2976 missing_signing_key(tree, actx->pinfo, private_data,
2977 pactvb, state->ticket_checksum_type,
2978 state->kdc_ek->keytype,
2979 "encode_krb5_enc_tkt_part failed",
2980 "kdc_checksum_key",
2981 1,
2982 0);
2983 return;
2984 }
2985
2986 ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key,
2987 KRB5_KEYUSAGE_APP_DATA_CKSUM,
2988 tmpdata, &checksum, &valid);
2989 krb5_free_data(krb5_ctx, tmpdata);
2990 tmpdata = NULL;
2991 if (ret != 0) {
2992 missing_signing_key(tree, actx->pinfo, private_data,
2993 pactvb, state->ticket_checksum_type,
2994 state->kdc_ek->keytype,
2995 "krb5_c_verify_checksum failed for Ticket Signature",
2996 "kdc_checksum_key",
2997 1,
2998 1);
2999 return;
3000 }
3001
3002 if (valid == false) {
3003 missing_signing_key(tree, actx->pinfo, private_data,
3004 pactvb, state->ticket_checksum_type,
3005 state->kdc_ek->keytype,
3006 "Invalid Ticket",
3007 "kdc_checksum_key",
3008 1,
3009 1);
3010 return;
3011 }
3012
3013 used_signing_key(tree, actx->pinfo, private_data,
3014 state->kdc_ek, pactvb,
3015 state->ticket_checksum_type,
3016 "Verified Ticket",
3017 "kdc_checksum_key",
3018 1,
3019 1);
3020 #endif /* HAVE_DECODE_KRB5_ENC_TKT_PART */
3021 }
3022
3023 #define __KRB5_PAC_FULL_CHECKSUM 19
3024
3025 static void
3026 verify_krb5_pac_full_checksum(proto_tree *tree,
3027 asn1_ctx_t *actx,
3028 tvbuff_t *orig_pactvb,
3029 struct verify_krb5_pac_state *state)
3030 {
3031 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3032 krb5_error_code ret;
3033 krb5_keyblock kdc_key = { .magic = KV5M_KEYBLOCK, };
3034 size_t checksum_length = 0;
3035 krb5_checksum checksum = { .checksum_type = 0, };
3036 krb5_data pac_data = { .length = 0, };
3037 tvbuff_t *copy_pactvb = NULL;
3038 uint32_t cur_offset;
3039 uint32_t num_buffers;
3040 uint32_t idx;
3041 krb5_boolean valid = false;
3042
3043 if (state->kdc_ek == NULL) {
3044 int keytype = keytype_for_cksumtype(state->full_checksum_type);
3045 missing_signing_key(tree, actx->pinfo, private_data,
3046 orig_pactvb, state->full_checksum_type,
3047 keytype,
3048 "Missing KDC (for full)",
3049 "kdc_checksum_key",
3050 0,
3051 0);
3052 return;
3053 }
3054
3055 kdc_key.magic = KV5M_KEYBLOCK;
3056 kdc_key.enctype = state->kdc_ek->keytype;
3057 kdc_key.length = state->kdc_ek->keylength;
3058 kdc_key.contents = (uint8_t *)state->kdc_ek->keyvalue;
3059
3060 ret = krb5_c_checksum_length(krb5_ctx,
3061 state->full_checksum_type,
3062 &checksum_length);
3063 if (ret != 0) {
3064 missing_signing_key(tree, actx->pinfo, private_data,
3065 orig_pactvb, state->full_checksum_type,
3066 state->kdc_ek->keytype,
3067 "krb5_c_checksum_length failed for Full Signature",
3068 "kdc_checksum_key",
3069 1,
3070 0);
3071 return;
3072 }
3073
3074 /*
3075 * The checksum element begins with 4 bytes of type
3076 * (state->full_checksum_type) before the crypto checksum
3077 */
3078 if (state->full_checksum_data->length < (4 + checksum_length)) {
3079 missing_signing_key(tree, actx->pinfo, private_data,
3080 orig_pactvb, state->full_checksum_type,
3081 state->kdc_ek->keytype,
3082 "pacbuffer_length too short for Full Signature",
3083 "kdc_checksum_key",
3084 1,
3085 0);
3086 return;
3087 }
3088
3089 pac_data.data = wmem_memdup(actx->pinfo->pool, state->pacbuffer, state->pacbuffer_length);
3090 if (pac_data.data == NULL) {
3091 missing_signing_key(tree, actx->pinfo, private_data,
3092 orig_pactvb, state->full_checksum_type,
3093 state->kdc_ek->keytype,
3094 "wmem_memdup(pacbuffer) failed",
3095 "kdc_checksum_key",
3096 1,
3097 0);
3098 return;
3099 }
3100 pac_data.length = state->pacbuffer_length;
3101
3102 copy_pactvb = tvb_new_child_real_data(orig_pactvb,
3103 (uint8_t *)pac_data.data,
3104 pac_data.length,
3105 pac_data.length);
3106 if (copy_pactvb == NULL) {
3107 missing_signing_key(tree, actx->pinfo, private_data,
3108 orig_pactvb, state->full_checksum_type,
3109 state->kdc_ek->keytype,
3110 "tvb_new_child_real_data(pac_copy) failed",
3111 "kdc_checksum_key",
3112 1,
3113 0);
3114 return;
3115 }
3116
3117 #define __PAC_CHECK_OFFSET_SIZE(__offset, __length, __reason) do { \
3118 uint64_t __end = state->pacbuffer_length; \
3119 uint64_t __offset64 = __offset; \
3120 uint64_t __length64 = __length; \
3121 uint64_t __last; \
3122 if (__offset64 > INT32_MAX) { \
3123 missing_signing_key(tree, actx->pinfo, private_data, \
3124 orig_pactvb, state->full_checksum_type, \
3125 state->kdc_ek->keytype, \
3126 __reason, \
3127 "kdc_checksum_key", \
3128 1, \
3129 0); \
3130 return; \
3131 } \
3132 if (__length64 > INT32_MAX) { \
3133 missing_signing_key(tree, actx->pinfo, private_data, \
3134 orig_pactvb, state->full_checksum_type, \
3135 state->kdc_ek->keytype, \
3136 __reason, \
3137 "kdc_checksum_key", \
3138 1, \
3139 0); \
3140 return; \
3141 } \
3142 __last = __offset64 + __length64; \
3143 if (__last > __end) { \
3144 missing_signing_key(tree, actx->pinfo, private_data, \
3145 orig_pactvb, state->full_checksum_type, \
3146 state->kdc_ek->keytype, \
3147 __reason, \
3148 "kdc_checksum_key", \
3149 1, \
3150 0); \
3151 return; \
3152 } \
3153 } while(0)
3154
3155 cur_offset = 0;
3156 __PAC_CHECK_OFFSET_SIZE(cur_offset, 8, "PACTYPE Header");
3157 num_buffers = tvb_get_uint32(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN);
3158 cur_offset += 4;
3159 /* ignore 4 byte version */
3160 cur_offset += 4;
3161
3162 for (idx = 0; idx < num_buffers; idx++) {
3163 uint32_t b_type;
3164 uint32_t b_length;
3165 uint64_t b_offset;
3166
3167 __PAC_CHECK_OFFSET_SIZE(cur_offset, 16, "PAC_INFO_BUFFER Header");
3168 b_type = tvb_get_uint32(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN);
3169 cur_offset += 4;
3170 b_length = tvb_get_uint32(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN);
3171 cur_offset += 4;
3172 b_offset = tvb_get_uint64(copy_pactvb, cur_offset, ENC_LITTLE_ENDIAN);
3173 cur_offset += 8;
3174
3175 __PAC_CHECK_OFFSET_SIZE(b_offset, b_length, "PAC_INFO_BUFFER Payload");
3176
3177 if (b_length <= 4) {
3178 continue;
3179 }
3180
3181 /*
3182 * Leave PAC_TICKET_CHECKSUM and clear all other checksums
3183 * and their possible RODC identifier, but leaving their
3184 * checksum type as is.
3185 */
3186 switch (b_type) {
3187 case KRB5_PAC_SERVER_CHECKSUM:
3188 case KRB5_PAC_PRIVSVR_CHECKSUM:
3189 case __KRB5_PAC_FULL_CHECKSUM:
3190 memset(pac_data.data + b_offset+4, 0, b_length-4);
3191 break;
3192 }
3193 }
3194
3195 checksum.checksum_type = state->full_checksum_type;
3196 checksum.contents = (uint8_t *)state->full_checksum_data->data + 4;
3197 checksum.length = (unsigned)checksum_length;
3198
3199 ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key,
3200 KRB5_KEYUSAGE_APP_DATA_CKSUM,
3201 &pac_data, &checksum, &valid);
3202 if (ret != 0) {
3203 missing_signing_key(tree, actx->pinfo, private_data,
3204 orig_pactvb, state->full_checksum_type,
3205 state->kdc_ek->keytype,
3206 "krb5_c_verify_checksum failed for Full PAC Signature",
3207 "kdc_checksum_key",
3208 1,
3209 1);
3210 return;
3211 }
3212
3213 if (valid == false) {
3214 missing_signing_key(tree, actx->pinfo, private_data,
3215 orig_pactvb, state->full_checksum_type,
3216 state->kdc_ek->keytype,
3217 "Invalid Full PAC Signature",
3218 "kdc_checksum_key",
3219 1,
3220 1);
3221 return;
3222 }
3223
3224 used_signing_key(tree, actx->pinfo, private_data,
3225 state->kdc_ek, orig_pactvb,
3226 state->full_checksum_type,
3227 "Verified Full PAC",
3228 "kdc_checksum_key",
3229 1,
3230 1);
3231 }
3232
3233 static void
3234 verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb)
3235 {
3236 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3237 krb5_error_code ret;
3238 krb5_data checksum_data = {0,0,NULL};
3239 krb5_data ticket_checksum_data = {0,0,NULL};
3240 krb5_data full_checksum_data = {0,0,NULL};
3241 int length = tvb_captured_length(pactvb);
3242 const uint8_t *pacbuffer = NULL;
3243 struct verify_krb5_pac_state state = {
3244 .kdc_checksum = 0,
3245 };
3246
3247 /* don't do anything if we are not attempting to decrypt data */
3248 if(!krb_decrypt || length < 1){
3249 return;
3250 }
3251
3252 /* make sure we have all the data we need */
3253 if (tvb_captured_length(pactvb) < tvb_reported_length(pactvb)) {
3254 return;
3255 }
3256
3257 pacbuffer = tvb_get_ptr(pactvb, 0, length);
3258 state.pacbuffer_length = length;
3259 state.pacbuffer = pacbuffer;
3260
3261 ret = krb5_pac_parse(krb5_ctx, pacbuffer, length, &state.pac);
3262 if (ret != 0) {
3263 proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype,
3264 pactvb, 0, 0,
3265 "Failed to parse PAC buffer %d in frame %u",
3266 ret, actx->pinfo->fd->num);
3267 return;
3268 }
3269
3270 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_SERVER_CHECKSUM,
3271 &checksum_data);
3272 if (ret == 0) {
3273 state.server_checksum = pletoh32(checksum_data.data);
3274 krb5_free_data_contents(krb5_ctx, &checksum_data);
3275 };
3276 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_PRIVSVR_CHECKSUM,
3277 &checksum_data);
3278 if (ret == 0) {
3279 state.kdc_checksum = pletoh32(checksum_data.data);
3280 krb5_free_data_contents(krb5_ctx, &checksum_data);
3281 };
3282 ret = krb5_pac_get_buffer(krb5_ctx, state.pac,
3283 __KRB5_PAC_TICKET_CHECKSUM,
3284 &ticket_checksum_data);
3285 if (ret == 0) {
3286 state.ticket_checksum_data = &ticket_checksum_data;
3287 state.ticket_checksum_type = pletoh32(ticket_checksum_data.data);
3288 };
3289 ret = krb5_pac_get_buffer(krb5_ctx, state.pac,
3290 __KRB5_PAC_FULL_CHECKSUM,
3291 &full_checksum_data);
3292 if (ret == 0) {
3293 state.full_checksum_data = &full_checksum_data;
3294 state.full_checksum_type = pletoh32(full_checksum_data.data);
3295 };
3296
3297 read_keytab_file_from_preferences();
3298
3299 wmem_map_foreach(kerberos_all_keys,
3300 verify_krb5_pac_try_server_key,
3301 &state);
3302 if (state.server_ek != NULL) {
3303 used_signing_key(tree, actx->pinfo, private_data,
3304 state.server_ek, pactvb,
3305 state.server_checksum, "Verified Server",
3306 "all_keys",
3307 wmem_map_size(kerberos_all_keys),
3308 state.server_count);
3309 } else {
3310 int keytype = keytype_for_cksumtype(state.server_checksum);
3311 missing_signing_key(tree, actx->pinfo, private_data,
3312 pactvb, state.server_checksum, keytype,
3313 "Missing Server",
3314 "all_keys",
3315 wmem_map_size(kerberos_all_keys),
3316 state.server_count);
3317 }
3318 wmem_map_foreach(kerberos_longterm_keys,
3319 verify_krb5_pac_try_kdc_key,
3320 &state);
3321 if (state.kdc_ek != NULL) {
3322 used_signing_key(tree, actx->pinfo, private_data,
3323 state.kdc_ek, pactvb,
3324 state.kdc_checksum, "Verified KDC",
3325 "longterm_keys",
3326 wmem_map_size(kerberos_longterm_keys),
3327 state.kdc_count);
3328 } else {
3329 int keytype = keytype_for_cksumtype(state.kdc_checksum);
3330 missing_signing_key(tree, actx->pinfo, private_data,
3331 pactvb, state.kdc_checksum, keytype,
3332 "Missing KDC",
3333 "longterm_keys",
3334 wmem_map_size(kerberos_longterm_keys),
3335 state.kdc_count);
3336 }
3337
3338 if (state.ticket_checksum_type != 0) {
3339 verify_krb5_pac_ticket_checksum(tree, actx, pactvb, &state);
3340 }
3341
3342 if (state.ticket_checksum_data != NULL) {
3343 krb5_free_data_contents(krb5_ctx, &ticket_checksum_data);
3344 }
3345
3346 if (state.full_checksum_type != 0) {
3347 verify_krb5_pac_full_checksum(tree, actx, pactvb, &state);
3348 }
3349
3350 if (state.full_checksum_data != NULL) {
3351 krb5_free_data_contents(krb5_ctx, &full_checksum_data);
3352 }
3353
3354 krb5_pac_free(krb5_ctx, state.pac);
3355 }
3356 #endif /* HAVE_KRB5_PAC_VERIFY */
3357
3358 #elif defined(HAVE_HEIMDAL_KERBEROS)
3359 static krb5_context krb5_ctx;
3360
3361 USES_APPLE_DEPRECATED_API
3362
3363 static void
3364 krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_,
3365 enc_key_t *ek1 _U_, const char *p1 _U_,
3366 enc_key_t *ek2 _U_, const char *p2 _U_,
3367 const char *origin _U_)
3368 {
3369 /* TODO: use krb5_crypto_fx_cf2() from Heimdal */
3370 }
3371 void
3372 read_keytab_file(const char *filename)
3373 {
3374 krb5_keytab keytab;
3375 krb5_error_code ret;
3376 krb5_keytab_entry key;
3377 krb5_kt_cursor cursor;
3378 enc_key_t *new_key;
3379 static bool first_time=true;
3380
3381 if (filename == NULL || filename[0] == 0) {
3382 return;
3383 }
3384
3385 if(first_time){
3386 first_time=false;
3387 ret = krb5_init_context(&krb5_ctx);
3388 if(ret){
3389 return;
3390 }
3391 }
3392
3393 /* should use a file in the wireshark users dir */
3394 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
3395 if(ret){
3396 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
3397
3398 return;
3399 }
3400
3401 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
3402 if(ret){
3403 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
3404 return;
3405 }
3406
3407 do{
3408 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
3409 if(ret==0){
3410 unsigned int i;
3411 char *pos;
3412
3413 new_key = wmem_new0(wmem_epan_scope(), enc_key_t);
3414 new_key->fd_num = -1;
3415 new_key->id = ++kerberos_longterm_ids;
3416 snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "keytab.%u", new_key->id);
3417 new_key->next = enc_key_list;
3418
3419 /* generate origin string, describing where this key came from */
3420 pos=new_key->key_origin;
3421 pos+=MIN(KRB_MAX_ORIG_LEN,
3422 snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
3423 for(i=0;i<key.principal->name.name_string.len;i++){
3424 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
3425 snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]));
3426 }
3427 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
3428 snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm));
3429 *pos=0;
3430 new_key->keytype=key.keyblock.keytype;
3431 new_key->keylength=(int)key.keyblock.keyvalue.length;
3432 memcpy(new_key->keyvalue,
3433 key.keyblock.keyvalue.data,
3434 MIN((unsigned)key.keyblock.keyvalue.length, KRB_MAX_KEY_LENGTH));
3435
3436 enc_key_list=new_key;
3437 ret = krb5_kt_free_entry(krb5_ctx, &key);
3438 if (ret) {
3439 fprintf(stderr, "KERBEROS ERROR: Could not release the entry: %d", ret);
3440 ret = 0; /* try to continue with the next entry */
3441 }
3442 kerberos_key_map_insert(kerberos_longterm_keys, new_key);
3443 }
3444 }while(ret==0);
3445
3446 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
3447 if(ret){
3448 fprintf(stderr, "KERBEROS ERROR: Could not release the keytab cursor: %d", ret);
3449 }
3450 ret = krb5_kt_close(krb5_ctx, keytab);
3451 if(ret){
3452 fprintf(stderr, "KERBEROS ERROR: Could not close the key table handle: %d", ret);
3453 }
3454
3455 }
3456 USES_APPLE_RST
3457
3458
3459 uint8_t *
3460 decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
3461 int usage,
3462 tvbuff_t *cryptotvb,
3463 int keytype,
3464 int *datalen)
3465 {
3466 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo);
3467 krb5_error_code ret;
3468 krb5_data data;
3469 enc_key_t *ek;
3470 int length = tvb_captured_length(cryptotvb);
3471 const uint8_t *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
3472
3473 /* don't do anything if we are not attempting to decrypt data */
3474 if(!krb_decrypt){
3475 return NULL;
3476 }
3477
3478 /* make sure we have all the data we need */
3479 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
3480 return NULL;
3481 }
3482
3483 read_keytab_file_from_preferences();
3484
3485 for(ek=enc_key_list;ek;ek=ek->next){
3486 krb5_keytab_entry key;
3487 krb5_crypto crypto;
3488 uint8_t *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
3489
3490 /* shortcircuit and bail out if enctypes are not matching */
3491 if((keytype != -1) && (ek->keytype != keytype)) {
3492 continue;
3493 }
3494
3495 key.keyblock.keytype=ek->keytype;
3496 key.keyblock.keyvalue.length=ek->keylength;
3497 key.keyblock.keyvalue.data=ek->keyvalue;
3498 ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), (krb5_enctype)ENCTYPE_NULL, &crypto);
3499 if(ret){
3500 return NULL;
3501 }
3502
3503 /* pre-0.6.1 versions of Heimdal would sometimes change
3504 the cryptotext data even when the decryption failed.
3505 This would obviously not work since we iterate over the
3506 keys. So just give it a copy of the crypto data instead.
3507 This has been seen for RC4-HMAC blobs.
3508 */
3509 cryptocopy = (uint8_t *)wmem_memdup(pinfo->pool, cryptotext, length);
3510 ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage,
3511 cryptocopy, length,
3512 &data,
3513 NULL);
3514 if((ret == 0) && (length>0)){
3515 char *user_data;
3516
3517 used_encryption_key(tree, pinfo, zero_private,
3518 ek, usage, cryptotvb,
3519 "enc_key_list", 0, 0);
3520
3521 krb5_crypto_destroy(krb5_ctx, crypto);
3522 /* return a private wmem_alloced blob to the caller */
3523 user_data = (char *)wmem_memdup(pinfo->pool, data.data, (unsigned)data.length);
3524 if (datalen) {
3525 *datalen = (int)data.length;
3526 }
3527 return user_data;
3528 }
3529 krb5_crypto_destroy(krb5_ctx, crypto);
3530 }
3531 return NULL;
3532 }
3533
3534 #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1
3535
3536 #elif defined (HAVE_LIBNETTLE)
3537
3538 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
3539 #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */
3540
3541 typedef struct _service_key_t {
3542 uint16_t kvno;
3543 int keytype;
3544 int length;
3545 uint8_t *contents;
3546 char origin[KRB_MAX_ORIG_LEN+1];
3547 } service_key_t;
3548 GSList *service_key_list;
3549
3550
3551 static void
3552 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
3553 {
3554 service_key_t *new_key;
3555
3556 if(pinfo->fd->visited){
3557 return;
3558 }
3559
3560 new_key = g_malloc(sizeof(service_key_t));
3561 new_key->kvno = 0;
3562 new_key->keytype = keytype;
3563 new_key->length = keylength;
3564 new_key->contents = g_memdup2(keyvalue, keylength);
3565 snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->num);
3566 service_key_list = g_slist_append(service_key_list, (void *) new_key);
3567 }
3568
3569 static void
3570 save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
3571 asn1_ctx_t *actx _U_, proto_tree *tree _U_,
3572 int parent_hf_index _U_,
3573 int hf_index _U_)
3574 {
3575 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3576 const char *parent = proto_registrar_get_name(parent_hf_index);
3577 const char *element = proto_registrar_get_name(hf_index);
3578 char origin[KRB_MAX_ORIG_LEN] = { 0, };
3579
3580 snprintf(origin, KRB_MAX_ORIG_LEN, "%s_%s", parent, element);
3581
3582 add_encryption_key(actx->pinfo,
3583 private_data->key.keytype,
3584 private_data->key.keylength,
3585 private_data->key.keyvalue,
3586 origin);
3587 }
3588
3589 static void
3590 save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length,
3591 asn1_ctx_t *actx, proto_tree *tree,
3592 int parent_hf_index,
3593 int hf_index)
3594 {
3595 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
3596 }
3597
3598 static void
3599 save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length,
3600 asn1_ctx_t *actx, proto_tree *tree,
3601 int parent_hf_index,
3602 int hf_index)
3603 {
3604 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
3605 }
3606
3607 static void
3608 save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length,
3609 asn1_ctx_t *actx, proto_tree *tree,
3610 int parent_hf_index,
3611 int hf_index)
3612 {
3613 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
3614 }
3615
3616 static void
3617 save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length,
3618 asn1_ctx_t *actx, proto_tree *tree,
3619 int parent_hf_index,
3620 int hf_index)
3621 {
3622 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
3623 }
3624
3625 static void
3626 save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length,
3627 asn1_ctx_t *actx, proto_tree *tree,
3628 int parent_hf_index,
3629 int hf_index)
3630 {
3631 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
3632 }
3633
3634 static void
3635 save_KrbFastResponse_strengthen_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
3636 asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
3637 {
3638 save_encryption_key(tvb, offset, length, actx, tree, hf_index);
3639 }
3640
3641 static void
3642 clear_keytab(void) {
3643 GSList *ske;
3644 service_key_t *sk;
3645
3646 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
3647 sk = (service_key_t *) ske->data;
3648 if (sk) {
3649 g_free(sk->contents);
3650 g_free(sk);
3651 }
3652 }
3653 g_slist_free(service_key_list);
3654 service_key_list = NULL;
3655 }
3656
3657 static void
3658 read_keytab_file(const char *service_key_file)
3659 {
3660 FILE *skf;
3661 ws_statb64 st;
3662 service_key_t *sk;
3663 unsigned char buf[SERVICE_KEY_SIZE];
3664 int newline_skip = 0, count = 0;
3665
3666 if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) {
3667
3668 /* The service key file contains raw 192-bit (24 byte) 3DES keys.
3669 * There can be zero, one (\n), or two (\r\n) characters between
3670 * keys. Trailing characters are ignored.
3671 */
3672
3673 /* XXX We should support the standard keytab format instead */
3674 if (st.st_size > SERVICE_KEY_SIZE) {
3675 if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) ||
3676 (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) {
3677 newline_skip = 1;
3678 } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) ||
3679 (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) {
3680 newline_skip = 2;
3681 }
3682 }
3683
3684 skf = ws_fopen(service_key_file, "rb");
3685 if (! skf) return;
3686
3687 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
3688 sk = g_malloc(sizeof(service_key_t));
3689 sk->kvno = buf[0] << 8 | buf[1];
3690 sk->keytype = KEYTYPE_DES3_CBC_MD5;
3691 sk->length = DES3_KEY_SIZE;
3692 sk->contents = g_memdup2(buf + 2, DES3_KEY_SIZE);
3693 snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
3694 service_key_list = g_slist_append(service_key_list, (void *) sk);
3695 if (fseek(skf, newline_skip, SEEK_CUR) < 0) {
3696 fprintf(stderr, "unable to seek...\n");
3697 fclose(skf);
3698 return;
3699 }
3700 count++;
3701 }
3702 fclose(skf);
3703 }
3704 }
3705
3706 #define CONFOUNDER_PLUS_CHECKSUM 24
3707
3708 uint8_t *
3709 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
3710 int _U_ usage,
3711 tvbuff_t *cryptotvb,
3712 int keytype,
3713 int *datalen)
3714 {
3715 tvbuff_t *encr_tvb;
3716 uint8_t *decrypted_data = NULL, *plaintext = NULL;
3717 uint8_t cls;
3718 bool pc;
3719 uint32_t tag, item_len, data_len;
3720 int id_offset, offset;
3721 uint8_t key[DES3_KEY_SIZE];
3722 uint8_t initial_vector[DES_BLOCK_SIZE];
3723 gcry_md_hd_t md5_handle;
3724 uint8_t *digest;
3725 uint8_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
3726 uint8_t confounder[8];
3727 bool ind;
3728 GSList *ske;
3729 service_key_t *sk;
3730 struct des3_ctx ctx;
3731 int length = tvb_captured_length(cryptotvb);
3732 const uint8_t *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
3733
3734
3735 /* don't do anything if we are not attempting to decrypt data */
3736 if(!krb_decrypt){
3737 return NULL;
3738 }
3739
3740 /* make sure we have all the data we need */
3741 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
3742 return NULL;
3743 }
3744
3745 if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
3746 return NULL;
3747 }
3748
3749 decrypted_data = wmem_alloc(pinfo->pool, length);
3750 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
3751 bool do_continue = false;
3752 bool digest_ok;
3753 sk = (service_key_t *) ske->data;
3754
3755 des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
3756
3757 memset(initial_vector, 0, DES_BLOCK_SIZE);
3758 des3_set_key(&ctx, key);
3759 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
3760 length, decrypted_data, cryptotext);
3761 encr_tvb = tvb_new_real_data(decrypted_data, length, length);
3762
3763 tvb_memcpy(encr_tvb, confounder, 0, 8);
3764
3765 /* We have to pull the decrypted data length from the decrypted
3766 * content. If the key doesn't match or we otherwise get garbage,
3767 * an exception may get thrown while decoding the ASN.1 header.
3768 * Catch it, just in case.
3769 */
3770 TRY {
3771 id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
3772 offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind);
3773 }
3774 CATCH_BOUNDS_ERRORS {
3775 tvb_free(encr_tvb);
3776 do_continue = true;
3777 }
3778 ENDTRY;
3779
3780 if (do_continue) continue;
3781
3782 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM;
3783 if ((int) item_len + offset > length) {
3784 tvb_free(encr_tvb);
3785 continue;
3786 }
3787
3788 if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) {
3789 return NULL;
3790 }
3791 gcry_md_write(md5_handle, confounder, 8);
3792 gcry_md_write(md5_handle, zero_fill, 16);
3793 gcry_md_write(md5_handle, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
3794 digest = gcry_md_read(md5_handle, 0);
3795
3796 digest_ok = (tvb_memeql (encr_tvb, 8, digest, HASH_MD5_LENGTH) == 0);
3797 gcry_md_close(md5_handle);
3798 if (digest_ok) {
3799 plaintext = (uint8_t* )tvb_memdup(pinfo->pool, encr_tvb, CONFOUNDER_PLUS_CHECKSUM, data_len);
3800 tvb_free(encr_tvb);
3801
3802 if (datalen) {
3803 *datalen = data_len;
3804 }
3805 return plaintext;
3806 }
3807 tvb_free(encr_tvb);
3808 }
3809
3810 return NULL;
3811 }
3812
3813 #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
3814
3815 #ifdef NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP
3816 tvbuff_t *
3817 decrypt_krb5_krb_cfx_dce(proto_tree *tree _U_,
3818 packet_info *pinfo _U_,
3819 int usage _U_,
3820 int keytype _U_,
3821 tvbuff_t *gssapi_header_tvb _U_,
3822 tvbuff_t *gssapi_encrypted_tvb _U_,
3823 tvbuff_t *gssapi_trailer_tvb _U_,
3824 tvbuff_t *checksum_tvb _U_)
3825 {
3826 return NULL;
3827 }
3828 #endif /* NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP */
3829
3830 #define INET6_ADDRLEN 16
3831
3832 /* TCP Record Mark */
3833 #define KRB_RM_RESERVED 0x80000000U
3834 #define KRB_RM_RECLEN 0x7fffffffU
3835
3836 #define KRB5_MSG_TICKET 1 /* Ticket */
3837 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
3838 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
3839 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
3840 #define KRB5_MSG_AS_REP 11 /* AS-REP type */
3841 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
3842 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
3843 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
3844 #define KRB5_MSG_AP_REP 15 /* AP-REP type */
3845 #define KRB5_MSG_TGT_REQ 16 /* TGT-REQ type */
3846 #define KRB5_MSG_TGT_REP 17 /* TGT-REP type */
3847
3848 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
3849 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
3850 #define KRB5_MSG_CRED 22 /* KRB-CRED type */
3851 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
3852 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
3853 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
3854 #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */
3855 #define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */
3856 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
3857
3858 #define KRB5_CHKSUM_GSSAPI 0x8003
3859 /*
3860 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
3861 *
3862 * https://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-04
3863 *
3864 * unless it's expired.
3865 */
3866
3867 /* Principal name-type */
3868 #define KRB5_NT_UNKNOWN 0
3869 #define KRB5_NT_PRINCIPAL 1
3870 #define KRB5_NT_SRV_INST 2
3871 #define KRB5_NT_SRV_HST 3
3872 #define KRB5_NT_SRV_XHST 4
3873 #define KRB5_NT_UID 5
3874 #define KRB5_NT_X500_PRINCIPAL 6
3875 #define KRB5_NT_SMTP_NAME 7
3876 #define KRB5_NT_ENTERPRISE 10
3877
3878 /*
3879 * MS specific name types, from
3880 *
3881 * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
3882 */
3883 #define KRB5_NT_MS_PRINCIPAL -128
3884 #define KRB5_NT_MS_PRINCIPAL_AND_SID -129
3885 #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130
3886 #define KRB5_NT_PRINCIPAL_AND_SID -131
3887 #define KRB5_NT_SRV_INST_AND_SID -132
3888
3889 /* error table constants */
3890 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
3891 #define KRB5_ET_KRB5KDC_ERR_NONE 0
3892 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1
3893 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2
3894 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3
3895 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4
3896 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5
3897 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6
3898 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7
3899 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
3900 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9
3901 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10
3902 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11
3903 #define KRB5_ET_KRB5KDC_ERR_POLICY 12
3904 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13
3905 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14
3906 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15
3907 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16
3908 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17
3909 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18
3910 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19
3911 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20
3912 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21
3913 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22
3914 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23
3915 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
3916 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
3917 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
3918 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
3919 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
3920 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
3921 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
3922 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
3923 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
3924 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34
3925 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35
3926 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36
3927 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37
3928 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38
3929 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39
3930 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40
3931 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41
3932 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42
3933 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43
3934 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44
3935 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45
3936 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46
3937 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47
3938 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
3939 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
3940 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
3941 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
3942 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
3943 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60
3944 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
3945 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
3946 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
3947 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64
3948 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
3949 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
3950 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67
3951 #define KRB5_ET_KDC_ERR_WRONG_REALM 68
3952 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
3953 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
3954 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
3955 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
3956 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
3957 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
3958 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
3959 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
3960 #define KRB5_ET_KDC_ERR_PREAUTH_EXPIRED 90
3961 #define KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED 91
3962 #define KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET 92
3963 #define KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS 93
3964
3965 static const value_string krb5_error_codes[] = {
3966 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
3967 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
3968 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
3969 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
3970 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
3971 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
3972 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
3973 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
3974 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
3975 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
3976 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
3977 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
3978 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
3979 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
3980 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
3981 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
3982 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
3983 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
3984 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
3985 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
3986 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
3987 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
3988 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
3989 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
3990 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
3991 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
3992 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
3993 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
3994 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
3995 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
3996 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
3997 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
3998 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
3999 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
4000 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
4001 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
4002 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
4003 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
4004 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
4005 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
4006 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
4007 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
4008 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
4009 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
4010 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
4011 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
4012 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
4013 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
4014 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
4015 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
4016 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
4017 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
4018 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
4019 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
4020 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
4021 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
4022 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
4023 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
4024 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
4025 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
4026 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
4027 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
4028 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
4029 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
4030 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
4031 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
4032 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
4033 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
4034 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
4035 { KRB5_ET_KDC_ERR_PREAUTH_EXPIRED, "KDC_ERR_PREAUTH_EXPIRED" },
4036 { KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED, "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED" },
4037 { KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET, "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET" },
4038 { KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS, "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS" },
4039 { 0, NULL }
4040 };
4041
4042
4043 #define PAC_LOGON_INFO 1
4044 #define PAC_CREDENTIAL_TYPE 2
4045 #define PAC_SERVER_CHECKSUM 6
4046 #define PAC_PRIVSVR_CHECKSUM 7
4047 #define PAC_CLIENT_INFO_TYPE 10
4048 #define PAC_S4U_DELEGATION_INFO 11
4049 #define PAC_UPN_DNS_INFO 12
4050 #define PAC_CLIENT_CLAIMS_INFO 13
4051 #define PAC_DEVICE_INFO 14
4052 #define PAC_DEVICE_CLAIMS_INFO 15
4053 #define PAC_TICKET_CHECKSUM 16
4054 #define PAC_ATTRIBUTES_INFO 17
4055 #define PAC_REQUESTER_SID 18
4056 #define PAC_FULL_CHECKSUM 19
4057 static const value_string w2k_pac_types[] = {
4058 { PAC_LOGON_INFO , "Logon Info" },
4059 { PAC_CREDENTIAL_TYPE , "Credential Type" },
4060 { PAC_SERVER_CHECKSUM , "Server Checksum" },
4061 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
4062 { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
4063 { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" },
4064 { PAC_UPN_DNS_INFO , "UPN DNS Info" },
4065 { PAC_CLIENT_CLAIMS_INFO , "Client Claims Info" },
4066 { PAC_DEVICE_INFO , "Device Info" },
4067 { PAC_DEVICE_CLAIMS_INFO , "Device Claims Info" },
4068 { PAC_TICKET_CHECKSUM , "Ticket Checksum" },
4069 { PAC_ATTRIBUTES_INFO , "Attributes Info" },
4070 { PAC_REQUESTER_SID , "Requester Sid" },
4071 { PAC_FULL_CHECKSUM , "Full Checksum" },
4072 { 0, NULL },
4073 };
4074
4075 static const value_string krb5_msg_types[] = {
4076 { KRB5_MSG_TICKET, "Ticket" },
4077 { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
4078 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
4079 { KRB5_MSG_TGS_REQ, "TGS-REQ" },
4080 { KRB5_MSG_TGS_REP, "TGS-REP" },
4081 { KRB5_MSG_AS_REQ, "AS-REQ" },
4082 { KRB5_MSG_AS_REP, "AS-REP" },
4083 { KRB5_MSG_AP_REQ, "AP-REQ" },
4084 { KRB5_MSG_AP_REP, "AP-REP" },
4085 { KRB5_MSG_TGT_REQ, "TGT-REQ" },
4086 { KRB5_MSG_TGT_REP, "TGT-REP" },
4087 { KRB5_MSG_SAFE, "KRB-SAFE" },
4088 { KRB5_MSG_PRIV, "KRB-PRIV" },
4089 { KRB5_MSG_CRED, "KRB-CRED" },
4090 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
4091 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
4092 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
4093 { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" },
4094 { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" },
4095 { KRB5_MSG_ERROR, "KRB-ERROR" },
4096 { 0, NULL },
4097 };
4098
4099 #define KRB5_GSS_C_DELEG_FLAG 0x00000001
4100 #define KRB5_GSS_C_MUTUAL_FLAG 0x00000002
4101 #define KRB5_GSS_C_REPLAY_FLAG 0x00000004
4102 #define KRB5_GSS_C_SEQUENCE_FLAG 0x00000008
4103 #define KRB5_GSS_C_CONF_FLAG 0x00000010
4104 #define KRB5_GSS_C_INTEG_FLAG 0x00000020
4105 #define KRB5_GSS_C_DCE_STYLE 0x00001000
4106
4107 static const true_false_string tfs_gss_flags_deleg = {
4108 "Delegate credentials to remote peer",
4109 "Do NOT delegate"
4110 };
4111 static const true_false_string tfs_gss_flags_mutual = {
4112 "Request that remote peer authenticates itself",
4113 "Mutual authentication NOT required"
4114 };
4115 static const true_false_string tfs_gss_flags_replay = {
4116 "Enable replay protection for signed or sealed messages",
4117 "Do NOT enable replay protection"
4118 };
4119 static const true_false_string tfs_gss_flags_sequence = {
4120 "Enable Out-of-sequence detection for sign or sealed messages",
4121 "Do NOT enable out-of-sequence detection"
4122 };
4123 static const true_false_string tfs_gss_flags_conf = {
4124 "Confidentiality (sealing) may be invoked",
4125 "Do NOT use Confidentiality (sealing)"
4126 };
4127 static const true_false_string tfs_gss_flags_integ = {
4128 "Integrity protection (signing) may be invoked",
4129 "Do NOT use integrity protection"
4130 };
4131
4132 static const true_false_string tfs_gss_flags_dce_style = {
4133 "DCE-STYLE",
4134 "Not using DCE-STYLE"
4135 };
4136
4137 static int dissect_kerberos_KRB5_SRP_PA_APPLICATIONS(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index)
4138 {
4139 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4140 proto_item *pi1 = proto_item_get_parent(actx->created_item);
4141 proto_item *pi2 = proto_item_get_parent(pi1);
4142 int8_t ber_class;
4143 bool pc;
4144 int32_t tag;
4145
4146 /*
4147 * dissect_ber_octet_string_wcb() always passes
4148 * implicit_tag=false, offset=0 and hf_index=-1
4149 */
4150 ws_assert(implicit_tag == false);
4151 ws_assert(offset == 0);
4152 ws_assert(hf_index <= 0);
4153
4154 get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
4155 if (ber_class != BER_CLASS_APP) {
4156 if (kerberos_private_is_kdc_req(private_data)) {
4157 goto unknown;
4158 }
4159 if (private_data->errorcode != KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED) {
4160 goto unknown;
4161 }
4162
4163 proto_item_append_text(pi1, " KRB5_SRP_PA_ANNOUNCE");
4164 proto_item_append_text(pi2, ": KRB5_SRP_PA_ANNOUNCE");
4165 return dissect_kerberos_KRB5_SRP_PA_ANNOUNCE(implicit_tag, tvb, offset, actx, tree, hf_index);
4166 }
4167
4168 switch (tag) {
4169 case 0:
4170 proto_item_append_text(pi1, " KRB5_SRP_PA_INIT");
4171 proto_item_append_text(pi2, ": KRB5_SRP_PA_INIT");
4172 return dissect_kerberos_KRB5_SRP_PA_INIT(implicit_tag, tvb, offset, actx, tree, hf_index);
4173 case 1:
4174 proto_item_append_text(pi1, " KRB5_SRP_PA_SERVER_CHALLENGE");
4175 proto_item_append_text(pi2, ": KRB5_SRP_PA_SERVER_CHALLENGE");
4176 return dissect_kerberos_KRB5_SRP_PA_SERVER_CHALLENGE(implicit_tag, tvb, offset, actx, tree, hf_index);
4177 case 2:
4178 proto_item_append_text(pi1, " KRB5_SRP_PA_CLIENT_RESPONSE");
4179 proto_item_append_text(pi2, ": KRB5_SRP_PA_CLIENT_RESPONSE");
4180 return dissect_kerberos_KRB5_SRP_PA_CLIENT_RESPONSE(implicit_tag, tvb, offset, actx, tree, hf_index);
4181 case 3:
4182 proto_item_append_text(pi1, " KRB5_SRP_PA_SERVER_VERIFIER");
4183 proto_item_append_text(pi2, ": KRB5_SRP_PA_SERVER_VERIFIER");
4184 return dissect_kerberos_KRB5_SRP_PA_SERVER_VERIFIER(implicit_tag, tvb, offset, actx, tree, hf_index);
4185 default:
4186 break;
4187 }
4188
4189 unknown:
4190 proto_item_append_text(pi1, " KRB5_SRP_PA_UNKNOWN: ber_class:%u ber_pc=%u ber_tag:%"PRIu32"", ber_class, pc, tag);
4191 proto_item_append_text(pi2, ": KRB5_SRP_PA_UNKNOWN");
4192 return tvb_reported_length_remaining(tvb, offset);
4193 }
4194
4195 #ifdef HAVE_KERBEROS
4196 static uint8_t *
4197 decrypt_krb5_data_asn1(proto_tree *tree, asn1_ctx_t *actx,
4198 int usage, tvbuff_t *cryptotvb, int *datalen)
4199 {
4200 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4201
4202 #ifdef HAVE_DECRYPT_KRB5_DATA_PRIVATE
4203 return decrypt_krb5_data_private(tree, actx->pinfo, private_data,
4204 usage, cryptotvb,
4205 private_data->etype,
4206 datalen);
4207 #else
4208 return decrypt_krb5_data(tree, actx->pinfo, usage, cryptotvb,
4209 private_data->etype, datalen);
4210 #endif
4211 }
4212
4213 static int
4214 dissect_krb5_decrypt_ticket_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4215 proto_tree *tree, int hf_index _U_)
4216 {
4217 uint8_t *plaintext;
4218 int length;
4219 tvbuff_t *next_tvb;
4220
4221 next_tvb=tvb_new_subset_remaining(tvb, offset);
4222 length=tvb_captured_length_remaining(tvb, offset);
4223
4224 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4225 * 7.5.1
4226 * All Ticket encrypted parts use usage == 2
4227 */
4228 plaintext=decrypt_krb5_data_asn1(tree, actx, 2, next_tvb, &length);
4229
4230 if(plaintext){
4231 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4232 tvbuff_t *last_ticket_enc_part_tvb = private_data->last_ticket_enc_part_tvb;
4233 enc_key_t *current_ticket_key = private_data->current_ticket_key;
4234 tvbuff_t *child_tvb;
4235 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4236
4237 /* Add the decrypted data to the data source list. */
4238 add_new_data_source(actx->pinfo, child_tvb, "Krb5 Ticket");
4239
4240 private_data->last_ticket_enc_part_tvb = child_tvb;
4241 private_data->current_ticket_key = NULL;
4242 offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4243 private_data->current_ticket_key = current_ticket_key;
4244 private_data->last_ticket_enc_part_tvb = last_ticket_enc_part_tvb;
4245 }
4246 return offset;
4247 }
4248
4249 static int
4250 dissect_krb5_decrypt_authenticator_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4251 proto_tree *tree, int hf_index _U_)
4252 {
4253 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4254 uint8_t *plaintext;
4255 int length;
4256 tvbuff_t *next_tvb;
4257
4258 next_tvb=tvb_new_subset_remaining(tvb, offset);
4259 length=tvb_captured_length_remaining(tvb, offset);
4260
4261 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4262 * 7.5.1
4263 * Authenticators are encrypted with usage
4264 * == 7 or
4265 * == 11
4266 *
4267 * 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator
4268 * (includes TGS authenticator subkey), encrypted with the
4269 * TGS session key (section 5.5.1)
4270 * 11. AP-REQ Authenticator (includes application
4271 * authenticator subkey), encrypted with the application
4272 * session key (section 5.5.1)
4273 */
4274 if (private_data->within_PA_TGS_REQ > 0) {
4275 plaintext=decrypt_krb5_data_asn1(tree, actx, 7, next_tvb, &length);
4276 } else {
4277 plaintext=decrypt_krb5_data_asn1(tree, actx, 11, next_tvb, &length);
4278 }
4279
4280 if(plaintext){
4281 tvbuff_t *child_tvb;
4282 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4283
4284 /* Add the decrypted data to the data source list. */
4285 add_new_data_source(actx->pinfo, child_tvb, "Krb5 Authenticator");
4286
4287 offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4288 }
4289 return offset;
4290 }
4291
4292 static int
4293 dissect_krb5_decrypt_authorization_data(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4294 proto_tree *tree, int hf_index _U_)
4295 {
4296 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4297 uint8_t *plaintext;
4298 int length;
4299 tvbuff_t *next_tvb;
4300
4301 next_tvb=tvb_new_subset_remaining(tvb, offset);
4302 length=tvb_captured_length_remaining(tvb, offset);
4303
4304 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4305 * 7.5.1
4306 * Authenticators are encrypted with usage
4307 * == 5 or
4308 * == 4
4309 *
4310 * 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with
4311 * the TGS session key (section 5.4.1)
4312 * 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with
4313 * the TGS authenticator subkey (section 5.4.1)
4314 */
4315 if (private_data->PA_TGS_REQ_subkey != NULL) {
4316 plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, &length);
4317 } else {
4318 plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, &length);
4319 }
4320
4321 if(plaintext){
4322 tvbuff_t *child_tvb;
4323 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4324
4325 /* Add the decrypted data to the data source list. */
4326 add_new_data_source(actx->pinfo, child_tvb, "Krb5 AuthorizationData");
4327
4328 offset=dissect_kerberos_AuthorizationData(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4329 }
4330 return offset;
4331 }
4332
4333 static int
4334 dissect_krb5_decrypt_KDC_REP_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4335 proto_tree *tree, int hf_index _U_)
4336 {
4337 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4338 uint8_t *plaintext = NULL;
4339 int length;
4340 tvbuff_t *next_tvb;
4341
4342 next_tvb=tvb_new_subset_remaining(tvb, offset);
4343 length=tvb_captured_length_remaining(tvb, offset);
4344
4345 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4346 * 7.5.1
4347 * ASREP/TGSREP encryptedparts are encrypted with usage
4348 * == 3 or
4349 * == 8 or
4350 * == 9
4351 *
4352 * 3. AS-REP encrypted part (includes TGS session key or
4353 * application session key), encrypted with the client key
4354 * (section 5.4.2)
4355 *
4356 * 8. TGS-REP encrypted part (includes application session
4357 * key), encrypted with the TGS session key (section
4358 * 5.4.2)
4359 * 9. TGS-REP encrypted part (includes application session
4360 * key), encrypted with the TGS authenticator subkey
4361 * (section 5.4.2)
4362 *
4363 * We currently don't have a way to find the TGS-REQ state
4364 * in order to check if an authenticator subkey was used.
4365 *
4366 * But if we client used FAST and we got a strengthen_key,
4367 * we're sure an authenticator subkey was used.
4368 *
4369 * Windows don't use an authenticator subkey without FAST,
4370 * but heimdal does.
4371 *
4372 * For now try 8 before 9 in order to avoid overhead and false
4373 * positives for the 'kerberos.missing_keytype' filter in pure
4374 * windows captures.
4375 */
4376 switch (private_data->msg_type) {
4377 case KERBEROS_APPLICATIONS_AS_REP:
4378 plaintext=decrypt_krb5_data_asn1(tree, actx, 3, next_tvb, &length);
4379 break;
4380 case KERBEROS_APPLICATIONS_TGS_REP:
4381 if (private_data->fast_strengthen_key != NULL) {
4382 plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length);
4383 } else {
4384 plaintext=decrypt_krb5_data_asn1(tree, actx, 8, next_tvb, &length);
4385 if(!plaintext){
4386 plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length);
4387 }
4388 }
4389 break;
4390 }
4391
4392 if(plaintext){
4393 tvbuff_t *child_tvb;
4394 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4395
4396 /* Add the decrypted data to the data source list. */
4397 add_new_data_source(actx->pinfo, child_tvb, "Krb5 KDC-REP");
4398
4399 offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4400 }
4401 return offset;
4402 }
4403
4404 static int
4405 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4406 proto_tree *tree, int hf_index _U_)
4407 {
4408 uint8_t *plaintext;
4409 int length;
4410 tvbuff_t *next_tvb;
4411
4412 next_tvb=tvb_new_subset_remaining(tvb, offset);
4413 length=tvb_captured_length_remaining(tvb, offset);
4414
4415 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4416 * 7.5.1
4417 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
4418 * == 1
4419 */
4420 plaintext=decrypt_krb5_data_asn1(tree, actx, 1, next_tvb, &length);
4421
4422 if(plaintext){
4423 tvbuff_t *child_tvb;
4424 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4425
4426 /* Add the decrypted data to the data source list. */
4427 add_new_data_source(actx->pinfo, child_tvb, "Krb5 EncTimestamp");
4428
4429 offset=dissect_kerberos_PA_ENC_TS_ENC(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4430 }
4431 return offset;
4432 }
4433
4434 static int
4435 dissect_krb5_decrypt_AP_REP_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4436 proto_tree *tree, int hf_index _U_)
4437 {
4438 uint8_t *plaintext;
4439 int length;
4440 tvbuff_t *next_tvb;
4441
4442 next_tvb=tvb_new_subset_remaining(tvb, offset);
4443 length=tvb_captured_length_remaining(tvb, offset);
4444
4445 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4446 * 7.5.1
4447 * AP-REP are encrypted with usage == 12
4448 */
4449 plaintext=decrypt_krb5_data_asn1(tree, actx, 12, next_tvb, &length);
4450
4451 if(plaintext){
4452 tvbuff_t *child_tvb;
4453 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4454
4455 /* Add the decrypted data to the data source list. */
4456 add_new_data_source(actx->pinfo, child_tvb, "Krb5 AP-REP");
4457
4458 offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4459 }
4460 return offset;
4461 }
4462
4463 static int
4464 dissect_krb5_decrypt_PRIV_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4465 proto_tree *tree, int hf_index _U_)
4466 {
4467 uint8_t *plaintext;
4468 int length;
4469 tvbuff_t *next_tvb;
4470
4471 next_tvb=tvb_new_subset_remaining(tvb, offset);
4472 length=tvb_captured_length_remaining(tvb, offset);
4473
4474 /* RFC4120 :
4475 * EncKrbPrivPart encrypted with usage
4476 * == 13
4477 */
4478 plaintext=decrypt_krb5_data_asn1(tree, actx, 13, next_tvb, &length);
4479
4480 if(plaintext){
4481 tvbuff_t *child_tvb;
4482 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4483
4484 /* Add the decrypted data to the data source list. */
4485 add_new_data_source(actx->pinfo, child_tvb, "Krb5 PRIV");
4486
4487 offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4488 }
4489 return offset;
4490 }
4491
4492 static int
4493 dissect_krb5_decrypt_CRED_data (bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4494 proto_tree *tree, int hf_index _U_)
4495 {
4496 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4497 uint8_t *plaintext;
4498 int length;
4499 tvbuff_t *next_tvb;
4500
4501 next_tvb=tvb_new_subset_remaining(tvb, offset);
4502 length=tvb_captured_length_remaining(tvb, offset);
4503
4504 if (private_data->etype == 0) {
4505 offset=dissect_kerberos_Applications(false, next_tvb, 0, actx , tree, /* hf_index*/ -1);
4506 return offset;
4507 }
4508
4509 /* RFC4120 :
4510 * EncKrbCredPart encrypted with usage
4511 * == 14
4512 */
4513 plaintext=decrypt_krb5_data_asn1(tree, actx, 14, next_tvb, &length);
4514
4515 if(plaintext){
4516 tvbuff_t *child_tvb;
4517 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4518
4519 /* Add the decrypted data to the data source list. */
4520 add_new_data_source(actx->pinfo, child_tvb, "Krb5 CRED");
4521
4522 offset=dissect_kerberos_Applications(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4523 }
4524 return offset;
4525 }
4526
4527 static int
4528 dissect_krb5_decrypt_KrbFastReq(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4529 proto_tree *tree, int hf_index _U_)
4530 {
4531 uint8_t *plaintext;
4532 int length;
4533 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4534 tvbuff_t *next_tvb;
4535
4536 next_tvb=tvb_new_subset_remaining(tvb, offset);
4537 length=tvb_captured_length_remaining(tvb, offset);
4538
4539 private_data->fast_armor_key = NULL;
4540 if (private_data->PA_FAST_ARMOR_AP_subkey != NULL) {
4541 krb5_fast_key(actx, tree, tvb,
4542 private_data->PA_FAST_ARMOR_AP_subkey,
4543 "subkeyarmor",
4544 private_data->PA_FAST_ARMOR_AP_key,
4545 "ticketarmor",
4546 "KrbFastReq_FAST_armorKey");
4547 if (private_data->PA_TGS_REQ_subkey != NULL) {
4548 enc_key_t *explicit_armor_key = private_data->last_added_key;
4549
4550 /*
4551 * See [MS-KILE] 3.3.5.7.4 Compound Identity
4552 */
4553 krb5_fast_key(actx, tree, tvb,
4554 explicit_armor_key,
4555 "explicitarmor",
4556 private_data->PA_TGS_REQ_subkey,
4557 "tgsarmor",
4558 "KrbFastReq_explicitArmorKey");
4559 }
4560 private_data->fast_armor_key = private_data->last_added_key;
4561 } else if (private_data->PA_TGS_REQ_subkey != NULL) {
4562 krb5_fast_key(actx, tree, tvb,
4563 private_data->PA_TGS_REQ_subkey,
4564 "subkeyarmor",
4565 private_data->PA_TGS_REQ_key,
4566 "ticketarmor",
4567 "KrbFastReq_TGS_armorKey");
4568 private_data->fast_armor_key = private_data->last_added_key;
4569 }
4570
4571 /* RFC6113 :
4572 * KrbFastResponse encrypted with usage
4573 * KEY_USAGE_FAST_ENC 51
4574 */
4575 plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_ENC,
4576 next_tvb, &length);
4577
4578 if(plaintext){
4579 tvbuff_t *child_tvb;
4580 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4581
4582 /* Add the decrypted data to the data source list. */
4583 add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastReq");
4584
4585 offset=dissect_kerberos_KrbFastReq(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4586 }
4587 return offset;
4588 }
4589
4590 static int
4591 dissect_krb5_decrypt_KrbFastResponse(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4592 proto_tree *tree, int hf_index _U_)
4593 {
4594 uint8_t *plaintext;
4595 int length;
4596 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4597 tvbuff_t *next_tvb;
4598
4599 next_tvb=tvb_new_subset_remaining(tvb, offset);
4600 length=tvb_captured_length_remaining(tvb, offset);
4601
4602 /*
4603 * RFC6113 :
4604 * KrbFastResponse encrypted with usage
4605 * KEY_USAGE_FAST_REP 52
4606 */
4607 plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_REP,
4608 next_tvb, &length);
4609
4610 if(plaintext){
4611 tvbuff_t *child_tvb;
4612 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4613
4614 /* Add the decrypted data to the data source list. */
4615 add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastRep");
4616
4617 private_data->fast_armor_key = private_data->last_decryption_key;
4618 offset=dissect_kerberos_KrbFastResponse(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4619 }
4620 return offset;
4621 }
4622
4623 static int
4624 dissect_krb5_decrypt_EncryptedChallenge(bool imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
4625 proto_tree *tree, int hf_index _U_)
4626 {
4627 uint8_t *plaintext;
4628 int length;
4629 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4630 tvbuff_t *next_tvb;
4631 int usage = 0;
4632 const char *name = NULL;
4633
4634 next_tvb=tvb_new_subset_remaining(tvb, offset);
4635 length=tvb_captured_length_remaining(tvb, offset);
4636
4637 /* RFC6113 :
4638 * KEY_USAGE_ENC_CHALLENGE_CLIENT 54
4639 * KEY_USAGE_ENC_CHALLENGE_KDC 55
4640 */
4641 if (kerberos_private_is_kdc_req(private_data)) {
4642 usage = KEY_USAGE_ENC_CHALLENGE_CLIENT;
4643 name = "Krb5 CHALLENGE_CLIENT";
4644 } else {
4645 usage = KEY_USAGE_ENC_CHALLENGE_KDC;
4646 name = "Krb5 CHALLENGE_KDC";
4647 }
4648 plaintext=decrypt_krb5_data_asn1(tree, actx, usage, next_tvb, &length);
4649
4650 if(plaintext){
4651 tvbuff_t *child_tvb;
4652 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
4653
4654 /* Add the decrypted data to the data source list. */
4655 add_new_data_source(actx->pinfo, child_tvb, name);
4656
4657 offset=dissect_kerberos_PA_ENC_TS_ENC(false, child_tvb, 0, actx , tree, /* hf_index*/ -1);
4658 }
4659 return offset;
4660 }
4661 #endif /* HAVE_KERBEROS */
4662
4663 static int * const hf_krb_pa_supported_enctypes_fields[] = {
4664 &hf_krb_pa_supported_enctypes_des_cbc_crc,
4665 &hf_krb_pa_supported_enctypes_des_cbc_md5,
4666 &hf_krb_pa_supported_enctypes_rc4_hmac,
4667 &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96,
4668 &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96,
4669 &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96_sk,
4670 &hf_krb_pa_supported_enctypes_fast_supported,
4671 &hf_krb_pa_supported_enctypes_compound_identity_supported,
4672 &hf_krb_pa_supported_enctypes_claims_supported,
4673 &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled,
4674 NULL,
4675 };
4676
4677 static int
4678 dissect_kerberos_PA_SUPPORTED_ENCTYPES(bool implicit_tag _U_, tvbuff_t *tvb _U_,
4679 int offset _U_, asn1_ctx_t *actx _U_,
4680 proto_tree *tree _U_, int hf_index _U_)
4681 {
4682 actx->created_item = proto_tree_add_bitmask(tree, tvb, offset,
4683 hf_krb_pa_supported_enctypes,
4684 ett_krb_pa_supported_enctypes,
4685 hf_krb_pa_supported_enctypes_fields,
4686 ENC_LITTLE_ENDIAN);
4687 offset += 4;
4688
4689 return offset;
4690 }
4691
4692 static int * const hf_krb_ad_ap_options_fields[] = {
4693 &hf_krb_ad_ap_options_cbt,
4694 &hf_krb_ad_ap_options_unverified_target_name,
4695 NULL,
4696 };
4697
4698
4699 static int
4700 dissect_kerberos_AD_AP_OPTIONS(bool implicit_tag _U_, tvbuff_t *tvb _U_,
4701 int offset _U_, asn1_ctx_t *actx _U_,
4702 proto_tree *tree _U_, int hf_index _U_)
4703 {
4704 actx->created_item = proto_tree_add_bitmask(tree, tvb, offset,
4705 hf_krb_ad_ap_options,
4706 ett_krb_ad_ap_options,
4707 hf_krb_ad_ap_options_fields,
4708 ENC_LITTLE_ENDIAN);
4709 offset += 4;
4710
4711 return offset;
4712 }
4713
4714 static int
4715 dissect_kerberos_AD_TARGET_PRINCIPAL(bool implicit_tag _U_, tvbuff_t *tvb _U_,
4716 int offset _U_, asn1_ctx_t *actx _U_,
4717 proto_tree *tree _U_, int hf_index _U_)
4718 {
4719 int tp_offset, tp_len;
4720 uint16_t bc;
4721
4722 bc = tvb_reported_length_remaining(tvb, offset);
4723 tp_offset = offset;
4724 tp_len = bc;
4725 proto_tree_add_item(tree, hf_krb_ad_target_principal, tvb,
4726 tp_offset, tp_len,
4727 ENC_UTF_16 | ENC_LITTLE_ENDIAN);
4728
4729 return offset;
4730 }
4731
4732 /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.
4733 */
4734 static int
4735 dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb)
4736 {
4737 int offset=0;
4738 uint32_t len;
4739 uint16_t dlglen;
4740
4741 /* Length of Bnd field */
4742 len=tvb_get_letohl(tvb, offset);
4743 proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4744 offset += 4;
4745
4746 /* Bnd field */
4747 proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA);
4748 offset += len;
4749
4750
4751 /* flags */
4752 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4753 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4754 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4755 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4756 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4757 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4758 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4759 offset += 4;
4760
4761 /* the next fields are optional so we have to check that we have
4762 * more data in our buffers */
4763 if(tvb_reported_length_remaining(tvb, offset)<2){
4764 return offset;
4765 }
4766 /* dlgopt identifier */
4767 proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4768 offset += 2;
4769
4770 if(tvb_reported_length_remaining(tvb, offset)<2){
4771 return offset;
4772 }
4773 /* dlglen identifier */
4774 dlglen=tvb_get_letohs(tvb, offset);
4775 proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4776 offset += 2;
4777
4778 if(dlglen!=tvb_reported_length_remaining(tvb, offset)){
4779 proto_tree_add_expert_format(tree, actx->pinfo, &ei_krb_gssapi_dlglen, tvb, 0, 0,
4780 "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_captured_length_remaining(tvb, offset));
4781 return offset;
4782 }
4783
4784 /* this should now be a KRB_CRED message */
4785 offset=dissect_kerberos_Applications(false, tvb, offset, actx, tree, /* hf_index */ -1);
4786
4787 return offset;
4788 }
4789
4790 static int
4791 dissect_krb5_PA_PROV_SRV_LOCATION(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
4792 {
4793 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
4794
4795 return offset;
4796 }
4797
4798 static int
4799 dissect_krb5_PW_SALT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
4800 {
4801 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4802 int length;
4803 uint32_t nt_status = 0;
4804 uint32_t reserved = 0;
4805 uint32_t flags = 0;
4806
4807 /*
4808 * Microsoft stores a special 12 byte blob here
4809 * [MS-KILE] 2.2.1 KERB-EXT-ERROR
4810 * uint32_t NT_status
4811 * uint32_t reserved (== 0)
4812 * uint32_t flags (at least 0x00000001 is set)
4813 */
4814 length = tvb_reported_length_remaining(tvb, offset);
4815 if (length <= 0) {
4816 return offset;
4817 }
4818 if (length != 12) {
4819 goto no_error;
4820 }
4821
4822 if (private_data->errorcode == 0) {
4823 goto no_error;
4824 }
4825
4826 nt_status = tvb_get_letohl(tvb, offset);
4827 reserved = tvb_get_letohl(tvb, offset + 4);
4828 flags = tvb_get_letohl(tvb, offset + 8);
4829
4830 if (reserved != 0 || (flags & 1) != 1 || !try_val_to_str_ext(nt_status, &NT_errors_ext)) {
4831 goto no_error;
4832 }
4833
4834 proto_tree_add_item(tree, hf_krb_ext_error_nt_status, tvb, offset, 4,
4835 ENC_LITTLE_ENDIAN);
4836 col_append_fstr(actx->pinfo->cinfo, COL_INFO,
4837 " NT Status: %s",
4838 val_to_str_ext(nt_status, &NT_errors_ext,
4839 "Unknown error code %#x"));
4840 offset += 4;
4841
4842 proto_tree_add_item(tree, hf_krb_ext_error_reserved, tvb, offset, 4,
4843 ENC_LITTLE_ENDIAN);
4844 offset += 4;
4845
4846 proto_tree_add_item(tree, hf_krb_ext_error_flags, tvb, offset, 4,
4847 ENC_LITTLE_ENDIAN);
4848 offset += 4;
4849
4850 return offset;
4851
4852 no_error:
4853 proto_tree_add_item(tree, hf_krb_pw_salt, tvb, offset, length, ENC_NA);
4854 offset += length;
4855
4856 return offset;
4857 }
4858
4859 static int
4860 dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint8_t *drep)
4861 {
4862 proto_tree *tree;
4863 uint8_t val;
4864
4865 tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_drep, NULL, "DREP");
4866
4867 val = tvb_get_uint8(tvb, offset);
4868 proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4);
4869
4870 offset++;
4871
4872 if (drep) {
4873 *drep = val;
4874 }
4875
4876 return offset;
4877 }
4878
4879 /* This might be some sort of header that MIDL generates when creating
4880 * marshalling/unmarshalling code for blobs that are not to be transported
4881 * ontop of DCERPC and where the DREP fields specifying things such as
4882 * endianess and similar are not available.
4883 */
4884 int
4885 dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint8_t *drep)
4886 {
4887 proto_tree *tree;
4888
4889 tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_midl_blob, NULL, "MES header");
4890
4891 /* modified DREP field that is used for stuff that is transporetd ontop
4892 of non dcerpc
4893 */
4894 proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
4895 offset++;
4896
4897 offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep);
4898
4899
4900 proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4901 offset+=2;
4902
4903 proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4904 offset += 4;
4905
4906 /* length of blob that follows */
4907 proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN);
4908 offset += 8;
4909
4910 return offset;
4911 }
4912
4913 static int
4914 dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4915 {
4916 proto_item *item;
4917 proto_tree *tree;
4918 uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4919 /* fake dcerpc_info struct */
4920 dcerpc_call_value call_data = { .flags = 0, };
4921 dcerpc_info di = { .ptype = UINT8_MAX, .call_data = &call_data, };
4922
4923 item = proto_tree_add_item(parent_tree, hf_krb_pac_logon_info, tvb, offset, -1, ENC_NA);
4924 tree = proto_item_add_subtree(item, ett_krb_pac_logon_info);
4925
4926 /* skip the first 16 bytes, they are some magic created by the idl
4927 * compiler the first 4 bytes might be flags?
4928 */
4929 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0]);
4930
4931 /* the PAC_LOGON_INFO blob */
4932 init_ndr_pointer_list(&di);
4933 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
4934 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE,
4935 "PAC_LOGON_INFO:", -1);
4936 free_ndr_pointer_list(&di);
4937
4938 return offset;
4939 }
4940
4941
4942 static int
4943 dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
4944 {
4945 proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA);
4946
4947 return offset;
4948 }
4949
4950 static int
4951 dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
4952 {
4953 proto_item *item;
4954 proto_tree *tree;
4955 uint8_t *plaintext = NULL;
4956 int plainlen = 0;
4957 int length = 0;
4958 #define KRB5_KU_OTHER_ENCRYPTED 16
4959 #ifdef HAVE_KERBEROS
4960 uint32_t etype;
4961 tvbuff_t *next_tvb;
4962 int usage = KRB5_KU_OTHER_ENCRYPTED;
4963 #endif
4964
4965 item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA);
4966 tree = proto_item_add_subtree(item, ett_krb_pac_credential_info);
4967
4968 /* version */
4969 proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb,
4970 offset, 4, ENC_LITTLE_ENDIAN);
4971 offset+=4;
4972
4973 #ifdef HAVE_KERBEROS
4974 /* etype */
4975 etype = tvb_get_letohl(tvb, offset);
4976 #endif
4977 proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb,
4978 offset, 4, ENC_LITTLE_ENDIAN);
4979 offset+=4;
4980
4981 #ifdef HAVE_KERBEROS
4982 /* data */
4983 next_tvb=tvb_new_subset_remaining(tvb, offset);
4984 length=tvb_captured_length_remaining(tvb, offset);
4985
4986 plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen);
4987 #endif
4988
4989 if (plaintext != NULL) {
4990 tvbuff_t *child_tvb;
4991 child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen);
4992
4993 /* Add the decrypted data to the data source list. */
4994 add_new_data_source(actx->pinfo, child_tvb, "Krb5 PAC_CREDENTIAL");
4995
4996 dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo);
4997 }
4998
4999 return offset + length;
5000 }
5001
5002 static int
5003 dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
5004 {
5005 proto_item *item;
5006 proto_tree *tree;
5007 uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
5008 /* fake dcerpc_info struct */
5009 dcerpc_call_value call_data = { .flags = 0, };
5010 dcerpc_info di = { .ptype = UINT8_MAX, .call_data = &call_data, };
5011
5012 item = proto_tree_add_item(parent_tree, hf_krb_pac_s4u_delegation_info, tvb, offset, -1, ENC_NA);
5013 tree = proto_item_add_subtree(item, ett_krb_pac_s4u_delegation_info);
5014
5015 /* skip the first 16 bytes, they are some magic created by the idl
5016 * compiler the first 4 bytes might be flags?
5017 */
5018 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0]);
5019
5020 /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */
5021 init_ndr_pointer_list(&di);
5022 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
5023 netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE,
5024 "PAC_S4U_DELEGATION_INFO:", -1);
5025 free_ndr_pointer_list(&di);
5026
5027 return offset;
5028 }
5029
5030 #define PAC_UPN_DNS_FLAG_CONSTRUCTED 0x00000001
5031 #define PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID 0x00000002
5032 static const true_false_string tfs_krb_pac_upn_flag_upn_constructed = {
5033 "UPN Name is Constructed",
5034 "UPN Name is NOT Constructed",
5035 };
5036 static const true_false_string tfs_krb_pac_upn_flag_has_sam_name_and_sid = {
5037 "SAM_NAME and SID are included",
5038 "SAM_NAME and SID are NOT included",
5039 };
5040 static int * const hf_krb_pac_upn_flags_fields[] = {
5041 &hf_krb_pac_upn_flag_upn_constructed,
5042 &hf_krb_pac_upn_flag_has_sam_name_and_sid,
5043 NULL
5044 };
5045
5046 static int
5047 dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5048 {
5049 #ifdef HAVE_KERBEROS
5050 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5051 #endif /* HAVE_KERBEROS */
5052 proto_item *item;
5053 proto_tree *tree;
5054 uint16_t dns_offset, dns_len;
5055 uint16_t upn_offset, upn_len;
5056 uint16_t samaccountname_offset = 0, samaccountname_len = 0;
5057 uint16_t objectsid_offset = 0, objectsid_len = 0;
5058 char *sid_str = NULL;
5059 uint32_t flags;
5060
5061 item = proto_tree_add_item(parent_tree, hf_krb_pac_upn_dns_info, tvb, offset, -1, ENC_NA);
5062 tree = proto_item_add_subtree(item, ett_krb_pac_upn_dns_info);
5063
5064 /* upn */
5065 upn_len = tvb_get_letohs(tvb, offset);
5066 proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5067 offset+=2;
5068 upn_offset = tvb_get_letohs(tvb, offset);
5069 proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5070 offset+=2;
5071
5072 /* dns */
5073 dns_len = tvb_get_letohs(tvb, offset);
5074 proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5075 offset+=2;
5076 dns_offset = tvb_get_letohs(tvb, offset);
5077 proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5078 offset+=2;
5079
5080 /* flags */
5081 flags = tvb_get_letohl(tvb, offset);
5082 proto_tree_add_bitmask(tree, tvb, offset,
5083 hf_krb_pac_upn_flags,
5084 ett_krb_pac_upn_dns_info_flags,
5085 hf_krb_pac_upn_flags_fields,
5086 ENC_LITTLE_ENDIAN);
5087 offset+=4;
5088
5089 if (flags & PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID) {
5090 samaccountname_len = tvb_get_letohs(tvb, offset);
5091 proto_tree_add_item(tree, hf_krb_pac_upn_samaccountname_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5092 offset+=2;
5093 samaccountname_offset = tvb_get_letohs(tvb, offset);
5094 proto_tree_add_item(tree, hf_krb_pac_upn_samaccountname_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5095 offset+=2;
5096
5097 objectsid_len = tvb_get_letohs(tvb, offset);
5098 proto_tree_add_item(tree, hf_krb_pac_upn_objectsid_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5099 offset+=2;
5100 objectsid_offset = tvb_get_letohs(tvb, offset);
5101 proto_tree_add_item(tree, hf_krb_pac_upn_objectsid_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
5102 /* offset+=2; */
5103 }
5104
5105 /* upn */
5106 proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
5107
5108 /* dns */
5109 proto_tree_add_item(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
5110
5111 /* samaccountname */
5112 if (samaccountname_offset != 0 && samaccountname_len != 0) {
5113 proto_tree_add_item(tree, hf_krb_pac_upn_samaccountname, tvb, samaccountname_offset, samaccountname_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
5114 }
5115 /* objectsid */
5116 if (objectsid_offset != 0 && objectsid_len != 0) {
5117 tvbuff_t *sid_tvb;
5118 sid_tvb=tvb_new_subset_length(tvb, objectsid_offset, objectsid_len);
5119 dissect_nt_sid(sid_tvb, 0, tree, "objectSid", &sid_str, -1);
5120 }
5121
5122 #ifdef HAVE_KERBEROS
5123 if (private_data->current_ticket_key != NULL) {
5124 enc_key_t *ek = private_data->current_ticket_key;
5125
5126 if (samaccountname_offset != 0 && samaccountname_len != 0) {
5127 ek->pac_names.account_name = tvb_get_string_enc(wmem_epan_scope(),
5128 tvb,
5129 samaccountname_offset,
5130 samaccountname_len,
5131 ENC_UTF_16|ENC_LITTLE_ENDIAN);
5132 } else {
5133 ek->pac_names.account_name = tvb_get_string_enc(wmem_epan_scope(),
5134 tvb,
5135 upn_offset,
5136 upn_len,
5137 ENC_UTF_16|ENC_LITTLE_ENDIAN);
5138 }
5139 ek->pac_names.account_domain = tvb_get_string_enc(wmem_epan_scope(),
5140 tvb,
5141 dns_offset,
5142 dns_len,
5143 ENC_UTF_16|ENC_LITTLE_ENDIAN);
5144 if (sid_str != NULL) {
5145 ek->pac_names.account_sid = wmem_strdup(wmem_epan_scope(),
5146 sid_str);
5147 }
5148 }
5149 #endif /* HAVE_KERBEROS */
5150
5151 return dns_offset;
5152 }
5153
5154 static int
5155 dissect_krb5_PAC_CLIENT_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
5156 {
5157 int length = tvb_reported_length_remaining(tvb, offset);
5158 return netlogon_dissect_CLAIMS_SET_METADATA_BLOB(tvb, offset, length,
5159 actx->pinfo,
5160 parent_tree,
5161 hf_krb_pac_client_claims_info,
5162 ett_krb_pac_client_claims_info,
5163 "PAC_CLIENT_CLAIMS_INFO:");
5164 }
5165
5166 static int
5167 dissect_krb5_PAC_DEVICE_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5168 {
5169 #ifdef HAVE_KERBEROS
5170 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5171 const char *device_sid = NULL;
5172 #endif /* HAVE_KERBEROS */
5173 proto_item *item;
5174 proto_tree *tree;
5175 uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
5176 /* fake dcerpc_info struct */
5177 dcerpc_call_value call_data = { .flags = 0, };
5178 dcerpc_info di = { .ptype = UINT8_MAX, .call_data = &call_data, };
5179
5180 #ifdef HAVE_KERBEROS
5181 if (private_data->current_ticket_key != NULL) {
5182 call_data.private_data = (void*)&device_sid;
5183 }
5184 #endif /* HAVE_KERBEROS */
5185
5186 item = proto_tree_add_item(parent_tree, hf_krb_pac_device_info, tvb, offset, -1, ENC_NA);
5187 tree = proto_item_add_subtree(item, ett_krb_pac_device_info);
5188
5189 /* skip the first 16 bytes, they are some magic created by the idl
5190 * compiler the first 4 bytes might be flags?
5191 */
5192 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0]);
5193
5194 /* the PAC_DEVICE_INFO blob */
5195 init_ndr_pointer_list(&di);
5196 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
5197 netlogon_dissect_PAC_DEVICE_INFO, NDR_POINTER_UNIQUE,
5198 "PAC_DEVICE_INFO:", -1);
5199 free_ndr_pointer_list(&di);
5200
5201 #ifdef HAVE_KERBEROS
5202 if (private_data->current_ticket_key != NULL) {
5203 enc_key_t *ek = private_data->current_ticket_key;
5204
5205 /*
5206 * netlogon_dissect_PAC_DEVICE_INFO allocated on
5207 * wmem_epan_scope() for us
5208 */
5209 ek->pac_names.device_sid = device_sid;
5210 }
5211 #endif /* HAVE_KERBEROS */
5212
5213 return offset;
5214 }
5215
5216 static int
5217 dissect_krb5_PAC_DEVICE_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5218 {
5219 int length = tvb_reported_length_remaining(tvb, offset);
5220 return netlogon_dissect_CLAIMS_SET_METADATA_BLOB(tvb, offset, length,
5221 actx->pinfo,
5222 parent_tree,
5223 hf_krb_pac_device_claims_info,
5224 ett_krb_pac_device_claims_info,
5225 "PAC_DEVICE_CLAIMS_INFO:");
5226 }
5227
5228 static int
5229 dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5230 {
5231 proto_item *item;
5232 proto_tree *tree;
5233
5234 item = proto_tree_add_item(parent_tree, hf_krb_pac_server_checksum, tvb, offset, -1, ENC_NA);
5235 tree = proto_item_add_subtree(item, ett_krb_pac_server_checksum);
5236
5237 /* signature type */
5238 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5239 offset+=4;
5240
5241 /* signature data */
5242 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
5243
5244 return offset;
5245 }
5246
5247 static int
5248 dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5249 {
5250 proto_item *item;
5251 proto_tree *tree;
5252
5253 item = proto_tree_add_item(parent_tree, hf_krb_pac_privsvr_checksum, tvb, offset, -1, ENC_NA);
5254 tree = proto_item_add_subtree(item, ett_krb_pac_privsvr_checksum);
5255
5256 /* signature type */
5257 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5258 offset+=4;
5259
5260 /* signature data */
5261 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
5262
5263 return offset;
5264 }
5265
5266 static int
5267 dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5268 {
5269 proto_item *item;
5270 proto_tree *tree;
5271 uint16_t namelen;
5272
5273 item = proto_tree_add_item(parent_tree, hf_krb_pac_client_info_type, tvb, offset, -1, ENC_NA);
5274 tree = proto_item_add_subtree(item, ett_krb_pac_client_info_type);
5275
5276 /* clientid */
5277 dissect_nttime(tvb, tree, offset, hf_krb_pac_clientid, ENC_LITTLE_ENDIAN);
5278 offset+=8;
5279
5280 /* name length */
5281 namelen=tvb_get_letohs(tvb, offset);
5282 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
5283 offset+=2;
5284
5285 /* client name */
5286 proto_tree_add_item(tree, hf_krb_pac_clientname, tvb, offset, namelen, ENC_UTF_16|ENC_LITTLE_ENDIAN);
5287 offset+=namelen;
5288
5289 return offset;
5290 }
5291
5292 static int
5293 dissect_krb5_PAC_TICKET_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5294 {
5295 proto_item *item;
5296 proto_tree *tree;
5297
5298 item = proto_tree_add_item(parent_tree, hf_krb_pac_ticket_checksum, tvb, offset, -1, ENC_NA);
5299 tree = proto_item_add_subtree(item, ett_krb_pac_ticket_checksum);
5300
5301 /* signature type */
5302 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5303 offset+=4;
5304
5305 /* signature data */
5306 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
5307
5308 return offset;
5309 }
5310
5311 #define PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED 0x00000001
5312 #define PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY 0x00000002
5313 static const true_false_string tfs_krb_pac_attributes_info_pac_was_requested = {
5314 "PAC was requested",
5315 "PAC was NOT requested",
5316 };
5317 static const true_false_string tfs_krb_pac_attributes_info_pac_was_given_implicitly = {
5318 "PAC was given implicitly",
5319 "PAC was NOT given implicitly",
5320 };
5321 static int * const hf_krb_pac_attributes_info_flags_fields[] = {
5322 &hf_krb_pac_attributes_info_flags_pac_was_requested,
5323 &hf_krb_pac_attributes_info_flags_pac_was_given_implicitly,
5324 NULL
5325 };
5326
5327 static int
5328 dissect_krb5_PAC_ATTRIBUTES_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5329 {
5330 proto_item *item;
5331 proto_tree *tree;
5332
5333 item = proto_tree_add_item(parent_tree, hf_krb_pac_attributes_info, tvb, offset, -1, ENC_NA);
5334 tree = proto_item_add_subtree(item, ett_krb_pac_attributes_info);
5335
5336 /* flags length*/
5337 proto_tree_add_item(tree, hf_krb_pac_attributes_info_length, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5338 offset+=4;
5339
5340 /* flags */
5341 proto_tree_add_bitmask(tree, tvb, offset,
5342 hf_krb_pac_attributes_info_flags,
5343 ett_krb_pac_attributes_info_flags,
5344 hf_krb_pac_attributes_info_flags_fields,
5345 ENC_LITTLE_ENDIAN);
5346 offset+=4;
5347
5348 return offset;
5349 }
5350
5351 static int
5352 dissect_krb5_PAC_REQUESTER_SID(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5353 {
5354 proto_item *item;
5355 proto_tree *tree;
5356
5357 item = proto_tree_add_item(parent_tree, hf_krb_pac_requester_sid, tvb, offset, -1, ENC_NA);
5358 tree = proto_item_add_subtree(item, ett_krb_pac_requester_sid);
5359
5360 offset = dissect_nt_sid(tvb, offset, tree, "RequesterSid", NULL, -1);
5361
5362 return offset;
5363 }
5364
5365 static int
5366 dissect_krb5_PAC_FULL_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
5367 {
5368 proto_item *item;
5369 proto_tree *tree;
5370
5371 item = proto_tree_add_item(parent_tree, hf_krb_pac_full_checksum, tvb, offset, -1, ENC_NA);
5372 tree = proto_item_add_subtree(item, ett_krb_pac_full_checksum);
5373
5374 /* signature type */
5375 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
5376 offset+=4;
5377
5378 /* signature data */
5379 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
5380
5381 return offset;
5382 }
5383
5384 static int
5385 dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
5386 {
5387 uint32_t pac_type;
5388 uint32_t pac_size;
5389 uint32_t pac_offset;
5390 proto_item *it=NULL;
5391 proto_tree *tr=NULL;
5392 tvbuff_t *next_tvb;
5393
5394 /* type of pac data */
5395 pac_type=tvb_get_letohl(tvb, offset);
5396 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
5397 tr=proto_item_add_subtree(it, ett_krb_pac);
5398
5399 offset += 4;
5400
5401 /* size of pac data */
5402 pac_size=tvb_get_letohl(tvb, offset);
5403 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
5404 offset += 4;
5405
5406 /* offset to pac data */
5407 pac_offset=tvb_get_letohl(tvb, offset);
5408 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
5409 offset += 8;
5410
5411 next_tvb=tvb_new_subset_length_caplen(tvb, pac_offset, pac_size, pac_size);
5412 switch(pac_type){
5413 case PAC_LOGON_INFO:
5414 dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
5415 break;
5416 case PAC_CREDENTIAL_TYPE:
5417 dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx);
5418 break;
5419 case PAC_SERVER_CHECKSUM:
5420 dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
5421 break;
5422 case PAC_PRIVSVR_CHECKSUM:
5423 dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx);
5424 break;
5425 case PAC_CLIENT_INFO_TYPE:
5426 dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx);
5427 break;
5428 case PAC_S4U_DELEGATION_INFO:
5429 dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx);
5430 break;
5431 case PAC_UPN_DNS_INFO:
5432 dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
5433 break;
5434 case PAC_CLIENT_CLAIMS_INFO:
5435 dissect_krb5_PAC_CLIENT_CLAIMS_INFO(tr, next_tvb, 0, actx);
5436 break;
5437 case PAC_DEVICE_INFO:
5438 dissect_krb5_PAC_DEVICE_INFO(tr, next_tvb, 0, actx);
5439 break;
5440 case PAC_DEVICE_CLAIMS_INFO:
5441 dissect_krb5_PAC_DEVICE_CLAIMS_INFO(tr, next_tvb, 0, actx);
5442 break;
5443 case PAC_TICKET_CHECKSUM:
5444 dissect_krb5_PAC_TICKET_CHECKSUM(tr, next_tvb, 0, actx);
5445 break;
5446 case PAC_ATTRIBUTES_INFO:
5447 dissect_krb5_PAC_ATTRIBUTES_INFO(tr, next_tvb, 0, actx);
5448 break;
5449 case PAC_REQUESTER_SID:
5450 dissect_krb5_PAC_REQUESTER_SID(tr, next_tvb, 0, actx);
5451 break;
5452 case PAC_FULL_CHECKSUM:
5453 dissect_krb5_PAC_FULL_CHECKSUM(tr, next_tvb, 0, actx);
5454 break;
5455
5456 default:
5457 break;
5458 }
5459 return offset;
5460 }
5461
5462 static int
5463 dissect_krb5_AD_WIN2K_PAC(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_)
5464 {
5465 uint32_t entries;
5466 uint32_t version;
5467 uint32_t i;
5468
5469 #if defined(HAVE_MIT_KERBEROS) && defined(HAVE_KRB5_PAC_VERIFY)
5470 verify_krb5_pac(tree, actx, tvb);
5471 #endif
5472
5473 /* first in the PAC structure comes the number of entries */
5474 entries=tvb_get_letohl(tvb, offset);
5475 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
5476 offset += 4;
5477
5478 /* second comes the version */
5479 version=tvb_get_letohl(tvb, offset);
5480 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
5481 offset += 4;
5482
5483 for(i=0;i<entries;i++){
5484 offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx);
5485 }
5486
5487 return offset;
5488 }
5489
5490 static int dissect_kerberos_T_e_data_octets(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index)
5491 {
5492 int8_t ber_class;
5493 bool pc;
5494 int32_t tag;
5495 int len_offset;
5496 uint32_t len;
5497 bool ind;
5498 int next_offset;
5499
5500 /*
5501 * dissect_ber_octet_string_wcb() always passes
5502 * implicit_tag=false, offset=0 and hf_index=-1
5503 */
5504 ws_assert(implicit_tag == false);
5505 ws_assert(offset == 0);
5506 ws_assert(hf_index <= 0);
5507
5508 len_offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
5509 if (ber_class != BER_CLASS_UNI || !pc || tag != BER_UNI_TAG_SEQUENCE) {
5510 goto unknown;
5511 }
5512 next_offset = get_ber_length(tvb, len_offset, &len, &ind);
5513 if (len < 1) {
5514 goto unknown;
5515 }
5516 get_ber_identifier(tvb, next_offset, &ber_class, &pc, &tag);
5517 if (ber_class == BER_CLASS_CON && pc && tag == 1) {
5518 return dissect_kerberos_PA_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
5519 }
5520 if (ber_class == BER_CLASS_UNI && pc && tag == BER_UNI_TAG_SEQUENCE) {
5521 return dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
5522 }
5523 unknown:
5524 return tvb_reported_length_remaining(tvb, offset);
5525 }
5526
5527
5528
5529 static int
5530 dissect_kerberos_INTEGER_5(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5531 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5532 NULL);
5533
5534 return offset;
5535 }
5536
5537
5538
5539 static int
5540 dissect_kerberos_KerberosString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5541 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
5542 actx, tree, tvb, offset, hf_index,
5543 NULL);
5544
5545 return offset;
5546 }
5547
5548
5549
5550 static int
5551 dissect_kerberos_Realm(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5552 offset = dissect_kerberos_KerberosString(implicit_tag, tvb, offset, actx, tree, hf_index);
5553
5554 return offset;
5555 }
5556
5557
5558 static const value_string kerberos_NAME_TYPE_vals[] = {
5559 { 0, "kRB5-NT-UNKNOWN" },
5560 { 1, "kRB5-NT-PRINCIPAL" },
5561 { 2, "kRB5-NT-SRV-INST" },
5562 { 3, "kRB5-NT-SRV-HST" },
5563 { 4, "kRB5-NT-SRV-XHST" },
5564 { 5, "kRB5-NT-UID" },
5565 { 6, "kRB5-NT-X500-PRINCIPAL" },
5566 { 7, "kRB5-NT-SMTP-NAME" },
5567 { 10, "kRB5-NT-ENTERPRISE-PRINCIPAL" },
5568 { 11, "kRB5-NT-WELLKNOWN" },
5569 { 12, "kRB5-NT-SRV-HST-DOMAIN" },
5570 { -130, "kRB5-NT-ENT-PRINCIPAL-AND-ID" },
5571 { -128, "kRB5-NT-MS-PRINCIPAL" },
5572 { -129, "kRB5-NT-MS-PRINCIPAL-AND-ID" },
5573 { -1200, "kRB5-NT-NTLM" },
5574 { -1201, "kRB5-NT-X509-GENERAL-NAME" },
5575 { -1202, "kRB5-NT-GSS-HOSTBASED-SERVICE" },
5576 { -1203, "kRB5-NT-CACHE-UUID" },
5577 { -195894762, "kRB5-NT-SRV-HST-NEEDS-CANON" },
5578 { 0, NULL }
5579 };
5580
5581
5582 static int
5583 dissect_kerberos_NAME_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5584 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5585 NULL);
5586
5587 return offset;
5588 }
5589
5590
5591
5592 static int
5593 dissect_kerberos_SNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5594 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
5595 actx, tree, tvb, offset, hf_index,
5596 NULL);
5597
5598 return offset;
5599 }
5600
5601
5602 static const ber_sequence_t SEQUENCE_OF_SNameString_sequence_of[1] = {
5603 { &hf_kerberos_sname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_SNameString },
5604 };
5605
5606 static int
5607 dissect_kerberos_SEQUENCE_OF_SNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5608 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5609 SEQUENCE_OF_SNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_SNameString);
5610
5611 return offset;
5612 }
5613
5614
5615 static const ber_sequence_t SName_sequence[] = {
5616 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
5617 { &hf_kerberos_sname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_SNameString },
5618 { NULL, 0, 0, 0, NULL }
5619 };
5620
5621 static int
5622 dissect_kerberos_SName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5623 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5624 SName_sequence, hf_index, ett_kerberos_SName);
5625
5626 return offset;
5627 }
5628
5629
5630 static const value_string kerberos_ENCTYPE_vals[] = {
5631 { 0, "eTYPE-NULL" },
5632 { 1, "eTYPE-DES-CBC-CRC" },
5633 { 2, "eTYPE-DES-CBC-MD4" },
5634 { 3, "eTYPE-DES-CBC-MD5" },
5635 { 5, "eTYPE-DES3-CBC-MD5" },
5636 { 7, "eTYPE-OLD-DES3-CBC-SHA1" },
5637 { 8, "eTYPE-SIGN-DSA-GENERATE" },
5638 { 9, "eTYPE-DSA-SHA1" },
5639 { 10, "eTYPE-RSA-MD5" },
5640 { 11, "eTYPE-RSA-SHA1" },
5641 { 12, "eTYPE-RC2-CBC" },
5642 { 13, "eTYPE-RSA" },
5643 { 14, "eTYPE-RSAES-OAEP" },
5644 { 15, "eTYPE-DES-EDE3-CBC" },
5645 { 16, "eTYPE-DES3-CBC-SHA1" },
5646 { 17, "eTYPE-AES128-CTS-HMAC-SHA1-96" },
5647 { 18, "eTYPE-AES256-CTS-HMAC-SHA1-96" },
5648 { 19, "eTYPE-AES128-CTS-HMAC-SHA256-128" },
5649 { 20, "eTYPE-AES256-CTS-HMAC-SHA384-192" },
5650 { 23, "eTYPE-ARCFOUR-HMAC-MD5" },
5651 { 24, "eTYPE-ARCFOUR-HMAC-MD5-56" },
5652 { 25, "eTYPE-CAMELLIA128-CTS-CMAC" },
5653 { 26, "eTYPE-CAMELLIA256-CTS-CMAC" },
5654 { 48, "eTYPE-ENCTYPE-PK-CROSS" },
5655 { -128, "eTYPE-ARCFOUR-MD4" },
5656 { -133, "eTYPE-ARCFOUR-HMAC-OLD" },
5657 { -135, "eTYPE-ARCFOUR-HMAC-OLD-EXP" },
5658 { -4096, "eTYPE-DES-CBC-NONE" },
5659 { -4097, "eTYPE-DES3-CBC-NONE" },
5660 { -4098, "eTYPE-DES-CFB64-NONE" },
5661 { -4099, "eTYPE-DES-PCBC-NONE" },
5662 { -4100, "eTYPE-DIGEST-MD5-NONE" },
5663 { -4101, "eTYPE-CRAM-MD5-NONE" },
5664 { 0, NULL }
5665 };
5666
5667
5668 static int
5669 dissect_kerberos_ENCTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5670 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5671 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5672 &(private_data->etype));
5673
5674
5675
5676 return offset;
5677 }
5678
5679
5680
5681 static int
5682 dissect_kerberos_UInt32(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5683 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5684 NULL);
5685
5686 return offset;
5687 }
5688
5689
5690
5691 static int
5692 dissect_kerberos_T_encryptedTicketData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5693 #ifdef HAVE_KERBEROS
5694 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
5695 #else
5696 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
5697 NULL);
5698
5699 #endif
5700
5701
5702 return offset;
5703 }
5704
5705
5706 static const ber_sequence_t EncryptedTicketData_sequence[] = {
5707 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
5708 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
5709 { &hf_kerberos_encryptedTicketData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedTicketData_cipher },
5710 { NULL, 0, 0, 0, NULL }
5711 };
5712
5713 static int
5714 dissect_kerberos_EncryptedTicketData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5715 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5716 EncryptedTicketData_sequence, hf_index, ett_kerberos_EncryptedTicketData);
5717
5718 return offset;
5719 }
5720
5721
5722 static const ber_sequence_t Ticket_U_sequence[] = {
5723 { &hf_kerberos_tkt_vno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
5724 { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
5725 { &hf_kerberos_sname , BER_CLASS_CON, 2, 0, dissect_kerberos_SName },
5726 { &hf_kerberos_ticket_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedTicketData },
5727 { NULL, 0, 0, 0, NULL }
5728 };
5729
5730 static int
5731 dissect_kerberos_Ticket_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5732 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5733 Ticket_U_sequence, hf_index, ett_kerberos_Ticket_U);
5734
5735 return offset;
5736 }
5737
5738
5739
5740 static int
5741 dissect_kerberos_Ticket(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5742 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5743 hf_index, BER_CLASS_APP, 1, false, dissect_kerberos_Ticket_U);
5744
5745 return offset;
5746 }
5747
5748
5749
5750 static int
5751 dissect_kerberos_CNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5752 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
5753 actx, tree, tvb, offset, hf_index,
5754 NULL);
5755
5756 return offset;
5757 }
5758
5759
5760 static const ber_sequence_t SEQUENCE_OF_CNameString_sequence_of[1] = {
5761 { &hf_kerberos_cname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_CNameString },
5762 };
5763
5764 static int
5765 dissect_kerberos_SEQUENCE_OF_CNameString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5766 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5767 SEQUENCE_OF_CNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_CNameString);
5768
5769 return offset;
5770 }
5771
5772
5773 static const ber_sequence_t CName_sequence[] = {
5774 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
5775 { &hf_kerberos_cname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_CNameString },
5776 { NULL, 0, 0, 0, NULL }
5777 };
5778
5779 static int
5780 dissect_kerberos_CName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5781 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5782 CName_sequence, hf_index, ett_kerberos_CName);
5783
5784 return offset;
5785 }
5786
5787
5788 static const value_string kerberos_CKSUMTYPE_vals[] = {
5789 { 0, "cKSUMTYPE-NONE" },
5790 { 1, "cKSUMTYPE-CRC32" },
5791 { 2, "cKSUMTYPE-RSA-MD4" },
5792 { 3, "cKSUMTYPE-RSA-MD4-DES" },
5793 { 4, "cKSUMTYPE-DES-MAC" },
5794 { 5, "cKSUMTYPE-DES-MAC-K" },
5795 { 6, "cKSUMTYPE-RSA-MD4-DES-K" },
5796 { 7, "cKSUMTYPE-RSA-MD5" },
5797 { 8, "cKSUMTYPE-RSA-MD5-DES" },
5798 { 9, "cKSUMTYPE-RSA-MD5-DES3" },
5799 { 10, "cKSUMTYPE-SHA1-OTHER" },
5800 { 12, "cKSUMTYPE-HMAC-SHA1-DES3-KD" },
5801 { 13, "cKSUMTYPE-HMAC-SHA1-DES3" },
5802 { 14, "cKSUMTYPE-SHA1" },
5803 { 15, "cKSUMTYPE-HMAC-SHA1-96-AES-128" },
5804 { 16, "cKSUMTYPE-HMAC-SHA1-96-AES-256" },
5805 { 17, "cKSUMTYPE-CMAC-CAMELLIA128" },
5806 { 18, "cKSUMTYPE-CMAC-CAMELLIA256" },
5807 { 19, "cKSUMTYPE-HMAC-SHA256-128-AES128" },
5808 { 20, "cKSUMTYPE-HMAC-SHA384-192-AES256" },
5809 { 32771, "cKSUMTYPE-GSSAPI" },
5810 { -138, "cKSUMTYPE-HMAC-MD5" },
5811 { -1138, "cKSUMTYPE-HMAC-MD5-ENC" },
5812 { 0, NULL }
5813 };
5814
5815
5816 static int
5817 dissect_kerberos_CKSUMTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5818 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5819 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5820 &(private_data->checksum_type));
5821
5822
5823
5824 return offset;
5825 }
5826
5827
5828
5829 static int
5830 dissect_kerberos_T_checksum(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5831 tvbuff_t *next_tvb;
5832 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5833
5834 switch(private_data->checksum_type){
5835 case KRB5_CHKSUM_GSSAPI:
5836 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &next_tvb);
5837 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
5838 break;
5839 default:
5840 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, NULL);
5841 break;
5842 }
5843
5844
5845 return offset;
5846 }
5847
5848
5849 static const ber_sequence_t Checksum_sequence[] = {
5850 { &hf_kerberos_cksumtype , BER_CLASS_CON, 0, 0, dissect_kerberos_CKSUMTYPE },
5851 { &hf_kerberos_checksum , BER_CLASS_CON, 1, 0, dissect_kerberos_T_checksum },
5852 { NULL, 0, 0, 0, NULL }
5853 };
5854
5855 static int
5856 dissect_kerberos_Checksum(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5857 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5858 Checksum_sequence, hf_index, ett_kerberos_Checksum);
5859
5860 return offset;
5861 }
5862
5863
5864
5865 static int
5866 dissect_kerberos_Microseconds(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5867 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5868 NULL);
5869
5870 return offset;
5871 }
5872
5873
5874
5875 static int
5876 dissect_kerberos_KerberosTime(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5877 offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index);
5878
5879 return offset;
5880 }
5881
5882
5883
5884 static int
5885 dissect_kerberos_Int32(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5886 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5887 NULL);
5888
5889 return offset;
5890 }
5891
5892
5893
5894 static int
5895 dissect_kerberos_T_keytype(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5896 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5897
5898 private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item,
5899 tvb, 0, 0, ENC_NA);
5900 if (private_data->key_hidden_item != NULL) {
5901 proto_item_set_hidden(private_data->key_hidden_item);
5902 }
5903
5904 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5905 &gbl_keytype);
5906 private_data->key.keytype = gbl_keytype;
5907
5908
5909 return offset;
5910 }
5911
5912
5913
5914 static int
5915 dissect_kerberos_T_keyvalue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5916 tvbuff_t *out_tvb;
5917 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5918
5919 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
5920 &out_tvb);
5921
5922
5923 private_data->key.keylength = tvb_reported_length(out_tvb);
5924 private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength);
5925 private_data->key_tree = tree;
5926 private_data->key_tvb = out_tvb;
5927
5928
5929 return offset;
5930 }
5931
5932
5933 static const ber_sequence_t EncryptionKey_sequence[] = {
5934 { &hf_kerberos_keytype , BER_CLASS_CON, 0, 0, dissect_kerberos_T_keytype },
5935 { &hf_kerberos_keyvalue , BER_CLASS_CON, 1, 0, dissect_kerberos_T_keyvalue },
5936 { NULL, 0, 0, 0, NULL }
5937 };
5938
5939 static int
5940 dissect_kerberos_EncryptionKey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5941 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5942 #ifdef HAVE_KERBEROS
5943 int start_offset = offset;
5944 #endif
5945
5946 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5947 EncryptionKey_sequence, hf_index, ett_kerberos_EncryptionKey);
5948
5949
5950 if (private_data->key.keytype != 0 && private_data->key.keylength > 0) {
5951 #ifdef HAVE_KERBEROS
5952 int length = offset - start_offset;
5953 private_data->last_added_key = NULL;
5954 private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree,
5955 private_data->save_encryption_key_parent_hf_index,
5956 hf_index);
5957 private_data->last_added_key = NULL;
5958 #endif
5959 }
5960
5961
5962 return offset;
5963 }
5964
5965
5966
5967 static int
5968 dissect_kerberos_T_authenticator_subkey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5969 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5970 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
5971 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
5972 private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator;
5973 #ifdef HAVE_KERBEROS
5974 private_data->save_encryption_key_fn = save_Authenticator_subkey;
5975 #endif
5976 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
5977
5978 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
5979 private_data->save_encryption_key_fn = saved_encryption_key_fn;
5980
5981
5982 return offset;
5983 }
5984
5985
5986 static const value_string kerberos_AUTHDATA_TYPE_vals[] = {
5987 { KERBEROS_AD_IF_RELEVANT, "aD-IF-RELEVANT" },
5988 { KERBEROS_AD_INTENDED_FOR_SERVER, "aD-INTENDED-FOR-SERVER" },
5989 { KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS, "aD-INTENDED-FOR-APPLICATION-CLASS" },
5990 { KERBEROS_AD_KDC_ISSUED, "aD-KDC-ISSUED" },
5991 { KERBEROS_AD_AND_OR, "aD-AND-OR" },
5992 { KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS, "aD-MANDATORY-TICKET-EXTENSIONS" },
5993 { KERBEROS_AD_IN_TICKET_EXTENSIONS, "aD-IN-TICKET-EXTENSIONS" },
5994 { KERBEROS_AD_MANDATORY_FOR_KDC, "aD-MANDATORY-FOR-KDC" },
5995 { KERBEROS_AD_INITIAL_VERIFIED_CAS, "aD-INITIAL-VERIFIED-CAS" },
5996 { KERBEROS_AD_OSF_DCE, "aD-OSF-DCE" },
5997 { KERBEROS_AD_SESAME, "aD-SESAME" },
5998 { KERBEROS_AD_OSF_DCE_PKI_CERTID, "aD-OSF-DCE-PKI-CERTID" },
5999 { KERBEROS_AD_AUTHENTICATION_STRENGTH, "aD-authentication-strength" },
6000 { KERBEROS_AD_FX_FAST_ARMOR, "aD-fx-fast-armor" },
6001 { KERBEROS_AD_FX_FAST_USED, "aD-fx-fast-used" },
6002 { KERBEROS_AD_CAMMAC, "aD-CAMMAC" },
6003 { KERBEROS_AD_AUTHENTICATION_INDICATOR, "aD-AUTHENTICATION-INDICATOR" },
6004 { KERBEROS_AD_WIN2K_PAC, "aD-WIN2K-PAC" },
6005 { KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION, "aD-GSS-API-ETYPE-NEGOTIATION" },
6006 { KERBEROS_AD_TOKEN_RESTRICTIONS, "aD-TOKEN-RESTRICTIONS" },
6007 { KERBEROS_AD_LOCAL, "aD-LOCAL" },
6008 { KERBEROS_AD_AP_OPTIONS, "aD-AP-OPTIONS" },
6009 { KERBEROS_AD_TARGET_PRINCIPAL, "aD-TARGET-PRINCIPAL" },
6010 { KERBEROS_AD_SIGNTICKET_OLDER, "aD-SIGNTICKET-OLDER" },
6011 { KERBEROS_AD_SIGNTICKET, "aD-SIGNTICKET" },
6012 { KERBEROS_AD_PFS, "aD-PFS" },
6013 { 0, NULL }
6014 };
6015
6016
6017 static int
6018 dissect_kerberos_AUTHDATA_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6019 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6020 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
6021 &(private_data->ad_type));
6022
6023
6024
6025 return offset;
6026 }
6027
6028
6029
6030 static int
6031 dissect_kerberos_T_ad_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6032 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6033
6034 switch(private_data->ad_type){
6035 case KERBEROS_AD_CAMMAC:
6036 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_CAMMAC);
6037 break;
6038 case KERBEROS_AD_AUTHENTICATION_INDICATOR:
6039 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AUTHENTICATION_INDICATOR);
6040 break;
6041 case KERBEROS_AD_WIN2K_PAC:
6042 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
6043 break;
6044 case KERBEROS_AD_IF_RELEVANT:
6045 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
6046 break;
6047 case KERBEROS_AD_AUTHENTICATION_STRENGTH:
6048 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
6049 break;
6050 case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION:
6051 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE);
6052 break;
6053 case KERBEROS_AD_TOKEN_RESTRICTIONS:
6054 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY);
6055 break;
6056 case KERBEROS_AD_AP_OPTIONS:
6057 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS);
6058 break;
6059 case KERBEROS_AD_TARGET_PRINCIPAL:
6060 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL);
6061 break;
6062 default:
6063 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
6064 break;
6065 }
6066
6067
6068 return offset;
6069 }
6070
6071
6072 static const ber_sequence_t AuthorizationData_item_sequence[] = {
6073 { &hf_kerberos_ad_type , BER_CLASS_CON, 0, 0, dissect_kerberos_AUTHDATA_TYPE },
6074 { &hf_kerberos_ad_data , BER_CLASS_CON, 1, 0, dissect_kerberos_T_ad_data },
6075 { NULL, 0, 0, 0, NULL }
6076 };
6077
6078 static int
6079 dissect_kerberos_AuthorizationData_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6080 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6081 AuthorizationData_item_sequence, hf_index, ett_kerberos_AuthorizationData_item);
6082
6083 return offset;
6084 }
6085
6086
6087 static const ber_sequence_t AuthorizationData_sequence_of[1] = {
6088 { &hf_kerberos_AuthorizationData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_AuthorizationData_item },
6089 };
6090
6091 static int
6092 dissect_kerberos_AuthorizationData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6093 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6094 AuthorizationData_sequence_of, hf_index, ett_kerberos_AuthorizationData);
6095
6096 return offset;
6097 }
6098
6099
6100 static const ber_sequence_t Authenticator_U_sequence[] = {
6101 { &hf_kerberos_authenticator_vno, BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6102 { &hf_kerberos_crealm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
6103 { &hf_kerberos_cname , BER_CLASS_CON, 2, 0, dissect_kerberos_CName },
6104 { &hf_kerberos_cksum , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum },
6105 { &hf_kerberos_cusec , BER_CLASS_CON, 4, 0, dissect_kerberos_Microseconds },
6106 { &hf_kerberos_ctime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
6107 { &hf_kerberos_authenticator_subkey, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_T_authenticator_subkey },
6108 { &hf_kerberos_seq_number , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6109 { &hf_kerberos_authorization_data, BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData },
6110 { NULL, 0, 0, 0, NULL }
6111 };
6112
6113 static int
6114 dissect_kerberos_Authenticator_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6115 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6116 Authenticator_U_sequence, hf_index, ett_kerberos_Authenticator_U);
6117
6118 return offset;
6119 }
6120
6121
6122
6123 static int
6124 dissect_kerberos_Authenticator(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6125 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6126 hf_index, BER_CLASS_APP, 2, false, dissect_kerberos_Authenticator_U);
6127
6128 return offset;
6129 }
6130
6131
6132 static int * const TicketFlags_bits[] = {
6133 &hf_kerberos_TicketFlags_reserved,
6134 &hf_kerberos_TicketFlags_forwardable,
6135 &hf_kerberos_TicketFlags_forwarded,
6136 &hf_kerberos_TicketFlags_proxiable,
6137 &hf_kerberos_TicketFlags_proxy,
6138 &hf_kerberos_TicketFlags_may_postdate,
6139 &hf_kerberos_TicketFlags_postdated,
6140 &hf_kerberos_TicketFlags_invalid,
6141 &hf_kerberos_TicketFlags_renewable,
6142 &hf_kerberos_TicketFlags_initial,
6143 &hf_kerberos_TicketFlags_pre_authent,
6144 &hf_kerberos_TicketFlags_hw_authent,
6145 &hf_kerberos_TicketFlags_transited_policy_checked,
6146 &hf_kerberos_TicketFlags_ok_as_delegate,
6147 &hf_kerberos_TicketFlags_unused,
6148 &hf_kerberos_TicketFlags_enc_pa_rep,
6149 &hf_kerberos_TicketFlags_anonymous,
6150 NULL
6151 };
6152
6153 static int
6154 dissect_kerberos_TicketFlags(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6155 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
6156 TicketFlags_bits, 17, hf_index, ett_kerberos_TicketFlags,
6157 NULL);
6158
6159 return offset;
6160 }
6161
6162
6163
6164 static int
6165 dissect_kerberos_T_encTicketPart_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6166 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6167 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
6168 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
6169 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart;
6170 #ifdef HAVE_KERBEROS
6171 private_data->save_encryption_key_fn = save_EncTicketPart_key;
6172 #endif
6173 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
6174
6175 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
6176 private_data->save_encryption_key_fn = saved_encryption_key_fn;
6177
6178
6179 return offset;
6180 }
6181
6182
6183
6184 static int
6185 dissect_kerberos_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6186 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6187 NULL);
6188
6189 return offset;
6190 }
6191
6192
6193 static const ber_sequence_t TransitedEncoding_sequence[] = {
6194 { &hf_kerberos_tr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 },
6195 { &hf_kerberos_contents , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
6196 { NULL, 0, 0, 0, NULL }
6197 };
6198
6199 static int
6200 dissect_kerberos_TransitedEncoding(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6201 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6202 TransitedEncoding_sequence, hf_index, ett_kerberos_TransitedEncoding);
6203
6204 return offset;
6205 }
6206
6207
6208 static const value_string kerberos_ADDR_TYPE_vals[] = {
6209 { KERBEROS_ADDR_TYPE_IPV4, "iPv4" },
6210 { KERBEROS_ADDR_TYPE_CHAOS, "cHAOS" },
6211 { KERBEROS_ADDR_TYPE_XEROX, "xEROX" },
6212 { KERBEROS_ADDR_TYPE_ISO, "iSO" },
6213 { KERBEROS_ADDR_TYPE_DECNET, "dECNET" },
6214 { KERBEROS_ADDR_TYPE_APPLETALK, "aPPLETALK" },
6215 { KERBEROS_ADDR_TYPE_NETBIOS, "nETBIOS" },
6216 { KERBEROS_ADDR_TYPE_IPV6, "iPv6" },
6217 { 0, NULL }
6218 };
6219
6220
6221 static int
6222 dissect_kerberos_ADDR_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6223 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6224 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
6225 &(private_data->addr_type));
6226
6227
6228
6229 return offset;
6230 }
6231
6232
6233
6234 static int
6235 dissect_kerberos_T_address(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6236 int8_t appclass;
6237 bool pc;
6238 int32_t tag;
6239 uint32_t len;
6240 const char *address_str;
6241 proto_item *it=NULL;
6242 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6243
6244 /* read header and len for the octet string */
6245 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
6246 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
6247
6248 switch(private_data->addr_type){
6249 case KERBEROS_ADDR_TYPE_IPV4:
6250 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
6251 address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset);
6252 break;
6253 case KERBEROS_ADDR_TYPE_NETBIOS:
6254 {
6255 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
6256 int netbios_name_type;
6257 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
6258
6259 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
6260 address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type);
6261 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
6262 }
6263 break;
6264 case KERBEROS_ADDR_TYPE_IPV6:
6265 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
6266 address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset);
6267 break;
6268 default:
6269 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len);
6270 address_str = NULL;
6271 break;
6272 }
6273
6274 /* push it up two levels in the decode pane */
6275 if(it && address_str){
6276 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
6277 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
6278 }
6279
6280 offset+=len;
6281
6282
6283
6284 return offset;
6285 }
6286
6287
6288 static const ber_sequence_t HostAddress_sequence[] = {
6289 { &hf_kerberos_addr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_ADDR_TYPE },
6290 { &hf_kerberos_address , BER_CLASS_CON, 1, 0, dissect_kerberos_T_address },
6291 { NULL, 0, 0, 0, NULL }
6292 };
6293
6294 static int
6295 dissect_kerberos_HostAddress(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6296 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6297 HostAddress_sequence, hf_index, ett_kerberos_HostAddress);
6298
6299 return offset;
6300 }
6301
6302
6303 static const ber_sequence_t HostAddresses_sequence_of[1] = {
6304 { &hf_kerberos_HostAddresses_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_HostAddress },
6305 };
6306
6307 static int
6308 dissect_kerberos_HostAddresses(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6309 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6310 HostAddresses_sequence_of, hf_index, ett_kerberos_HostAddresses);
6311
6312 return offset;
6313 }
6314
6315
6316 static const ber_sequence_t EncTicketPart_U_sequence[] = {
6317 { &hf_kerberos_flags , BER_CLASS_CON, 0, 0, dissect_kerberos_TicketFlags },
6318 { &hf_kerberos_encTicketPart_key, BER_CLASS_CON, 1, 0, dissect_kerberos_T_encTicketPart_key },
6319 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
6320 { &hf_kerberos_cname , BER_CLASS_CON, 3, 0, dissect_kerberos_CName },
6321 { &hf_kerberos_transited , BER_CLASS_CON, 4, 0, dissect_kerberos_TransitedEncoding },
6322 { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
6323 { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6324 { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime },
6325 { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6326 { &hf_kerberos_caddr , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
6327 { &hf_kerberos_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData },
6328 { NULL, 0, 0, 0, NULL }
6329 };
6330
6331 static int
6332 dissect_kerberos_EncTicketPart_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6333 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6334 EncTicketPart_U_sequence, hf_index, ett_kerberos_EncTicketPart_U);
6335
6336 return offset;
6337 }
6338
6339
6340
6341 static int
6342 dissect_kerberos_EncTicketPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6343 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6344 hf_index, BER_CLASS_APP, 3, false, dissect_kerberos_EncTicketPart_U);
6345
6346 return offset;
6347 }
6348
6349
6350 static const value_string kerberos_MESSAGE_TYPE_vals[] = {
6351 { 10, "krb-as-req" },
6352 { 11, "krb-as-rep" },
6353 { 12, "krb-tgs-req" },
6354 { 13, "krb-tgs-rep" },
6355 { 14, "krb-ap-req" },
6356 { 15, "krb-ap-rep" },
6357 { 16, "krb-tgt-req" },
6358 { 17, "krb-tgt-rep" },
6359 { 20, "krb-safe" },
6360 { 21, "krb-priv" },
6361 { 22, "krb-cred" },
6362 { 30, "krb-error" },
6363 { 0, NULL }
6364 };
6365
6366
6367 static int
6368 dissect_kerberos_MESSAGE_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6369 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6370 uint32_t msgtype;
6371
6372 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
6373 &msgtype);
6374
6375
6376
6377 if (gbl_do_col_info) {
6378 col_add_str(actx->pinfo->cinfo, COL_INFO,
6379 val_to_str(msgtype, krb5_msg_types,
6380 "Unknown msg type %#x"));
6381 }
6382 gbl_do_col_info=false;
6383
6384 #if 0
6385 /* append the application type to the tree */
6386 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
6387 #endif
6388 if (private_data->msg_type == 0) {
6389 private_data->msg_type = msgtype;
6390 }
6391
6392 return offset;
6393 }
6394
6395
6396 static const value_string kerberos_PADATA_TYPE_vals[] = {
6397 { KERBEROS_PA_NONE, "pA-NONE" },
6398 { KERBEROS_PA_TGS_REQ, "pA-TGS-REQ" },
6399 { KERBEROS_PA_ENC_TIMESTAMP, "pA-ENC-TIMESTAMP" },
6400 { KERBEROS_PA_PW_SALT, "pA-PW-SALT" },
6401 { KERBEROS_PA_ENC_UNIX_TIME, "pA-ENC-UNIX-TIME" },
6402 { KERBEROS_PA_SANDIA_SECUREID, "pA-SANDIA-SECUREID" },
6403 { KERBEROS_PA_SESAME, "pA-SESAME" },
6404 { KERBEROS_PA_OSF_DCE, "pA-OSF-DCE" },
6405 { KERBEROS_PA_CYBERSAFE_SECUREID, "pA-CYBERSAFE-SECUREID" },
6406 { KERBEROS_PA_AFS3_SALT, "pA-AFS3-SALT" },
6407 { KERBEROS_PA_ETYPE_INFO, "pA-ETYPE-INFO" },
6408 { KERBEROS_PA_SAM_CHALLENGE, "pA-SAM-CHALLENGE" },
6409 { KERBEROS_PA_SAM_RESPONSE, "pA-SAM-RESPONSE" },
6410 { KERBEROS_PA_PK_AS_REQ_19, "pA-PK-AS-REQ-19" },
6411 { KERBEROS_PA_PK_AS_REP_19, "pA-PK-AS-REP-19" },
6412 { KERBEROS_PA_PK_AS_REQ, "pA-PK-AS-REQ" },
6413 { KERBEROS_PA_PK_AS_REP, "pA-PK-AS-REP" },
6414 { KERBEROS_PA_PK_OCSP_RESPONSE, "pA-PK-OCSP-RESPONSE" },
6415 { KERBEROS_PA_ETYPE_INFO2, "pA-ETYPE-INFO2" },
6416 { KERBEROS_PA_USE_SPECIFIED_KVNO, "pA-USE-SPECIFIED-KVNO" },
6417 { KERBEROS_PA_SAM_REDIRECT, "pA-SAM-REDIRECT" },
6418 { KERBEROS_TD_PADATA, "tD-PADATA" },
6419 { KERBEROS_PA_SAM_ETYPE_INFO, "pA-SAM-ETYPE-INFO" },
6420 { KERBEROS_PA_ALT_PRINC, "pA-ALT-PRINC" },
6421 { KERBEROS_PA_SERVER_REFERRAL, "pA-SERVER-REFERRAL" },
6422 { KERBEROS_PA_SAM_CHALLENGE2, "pA-SAM-CHALLENGE2" },
6423 { KERBEROS_PA_SAM_RESPONSE2, "pA-SAM-RESPONSE2" },
6424 { KERBEROS_PA_EXTRA_TGT, "pA-EXTRA-TGT" },
6425 { KERBEROS_TD_PKINIT_CMS_CERTIFICATES, "tD-PKINIT-CMS-CERTIFICATES" },
6426 { KERBEROS_TD_KRB_PRINCIPAL, "tD-KRB-PRINCIPAL" },
6427 { KERBEROS_TD_KRB_REALM, "tD-KRB-REALM" },
6428 { KERBEROS_TD_TRUSTED_CERTIFIERS, "tD-TRUSTED-CERTIFIERS" },
6429 { KERBEROS_TD_CERTIFICATE_INDEX, "tD-CERTIFICATE-INDEX" },
6430 { KERBEROS_TD_APP_DEFINED_ERROR, "tD-APP-DEFINED-ERROR" },
6431 { KERBEROS_TD_REQ_NONCE, "tD-REQ-NONCE" },
6432 { KERBEROS_TD_REQ_SEQ, "tD-REQ-SEQ" },
6433 { KERBEROS_TD_DH_PARAMETERS, "tD-DH-PARAMETERS" },
6434 { KERBEROS_TD_CMS_DIGEST_ALGORITHMS, "tD-CMS-DIGEST-ALGORITHMS" },
6435 { KERBEROS_TD_CERT_DIGEST_ALGORITHMS, "tD-CERT-DIGEST-ALGORITHMS" },
6436 { KERBEROS_PA_PAC_REQUEST, "pA-PAC-REQUEST" },
6437 { KERBEROS_PA_FOR_USER, "pA-FOR-USER" },
6438 { KERBEROS_PA_FOR_X509_USER, "pA-FOR-X509-USER" },
6439 { KERBEROS_PA_FOR_CHECK_DUPS, "pA-FOR-CHECK-DUPS" },
6440 { KERBEROS_PA_PK_AS_09_BINDING, "pA-PK-AS-09-BINDING" },
6441 { KERBEROS_PA_FX_COOKIE, "pA-FX-COOKIE" },
6442 { KERBEROS_PA_AUTHENTICATION_SET, "pA-AUTHENTICATION-SET" },
6443 { KERBEROS_PA_AUTH_SET_SELECTED, "pA-AUTH-SET-SELECTED" },
6444 { KERBEROS_PA_FX_FAST, "pA-FX-FAST" },
6445 { KERBEROS_PA_FX_ERROR, "pA-FX-ERROR" },
6446 { KERBEROS_PA_ENCRYPTED_CHALLENGE, "pA-ENCRYPTED-CHALLENGE" },
6447 { KERBEROS_PA_OTP_CHALLENGE, "pA-OTP-CHALLENGE" },
6448 { KERBEROS_PA_OTP_REQUEST, "pA-OTP-REQUEST" },
6449 { KERBEROS_PA_OTP_CONFIRM, "pA-OTP-CONFIRM" },
6450 { KERBEROS_PA_OTP_PIN_CHANGE, "pA-OTP-PIN-CHANGE" },
6451 { KERBEROS_PA_EPAK_AS_REQ, "pA-EPAK-AS-REQ" },
6452 { KERBEROS_PA_EPAK_AS_REP, "pA-EPAK-AS-REP" },
6453 { KERBEROS_PA_PKINIT_KX, "pA-PKINIT-KX" },
6454 { KERBEROS_PA_PKU2U_NAME, "pA-PKU2U-NAME" },
6455 { KERBEROS_PA_REQ_ENC_PA_REP, "pA-REQ-ENC-PA-REP" },
6456 { KERBEROS_PA_AS_FRESHNESS, "pA-AS-FRESHNESS" },
6457 { KERBEROS_PA_SPAKE, "pA-SPAKE" },
6458 { KERBEROS_PA_REDHAT_IDP_OAUTH2, "pA-REDHAT-IDP-OAUTH2" },
6459 { KERBEROS_PA_REDHAT_PASSKEY, "pA-REDHAT-PASSKEY" },
6460 { KERBEROS_PA_KERB_KEY_LIST_REQ, "pA-KERB-KEY-LIST-REQ" },
6461 { KERBEROS_PA_KERB_KEY_LIST_REP, "pA-KERB-KEY-LIST-REP" },
6462 { KERBEROS_PA_SUPPORTED_ETYPES, "pA-SUPPORTED-ETYPES" },
6463 { KERBEROS_PA_EXTENDED_ERROR, "pA-EXTENDED-ERROR" },
6464 { KERBEROS_PA_PAC_OPTIONS, "pA-PAC-OPTIONS" },
6465 { KERBEROS_PA_SRP, "pA-SRP" },
6466 { KERBEROS_PA_PROV_SRV_LOCATION, "pA-PROV-SRV-LOCATION" },
6467 { 0, NULL }
6468 };
6469
6470
6471 static int
6472 dissect_kerberos_PADATA_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6473 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
6474 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
6475 &(private_data->padata_type));
6476
6477
6478 if(tree){
6479 proto_item_append_text(tree, " %s",
6480 val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
6481 "Unknown:%d"));
6482 }
6483
6484 return offset;
6485 }
6486
6487
6488
6489 static int
6490 dissect_kerberos_T_padata_value(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6491 proto_tree *sub_tree=tree;
6492 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
6493
6494 if(actx->created_item){
6495 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
6496 }
6497
6498 switch(private_data->padata_type){
6499 case KERBEROS_PA_TGS_REQ:
6500 private_data->within_PA_TGS_REQ++;
6501 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
6502 private_data->within_PA_TGS_REQ--;
6503 break;
6504 case KERBEROS_PA_PK_AS_REP_19:
6505 private_data->is_win2k_pkinit = true;
6506 if (kerberos_private_is_kdc_req(private_data)) {
6507 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k);
6508 } else {
6509 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k);
6510 }
6511 break;
6512 case KERBEROS_PA_PK_AS_REQ:
6513 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ);
6514 break;
6515 case KERBEROS_PA_PK_AS_REP:
6516 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP);
6517 break;
6518 case KERBEROS_PA_PAC_REQUEST:
6519 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST);
6520 break;
6521 case KERBEROS_PA_FOR_USER: /* S4U2SELF */
6522 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
6523 break;
6524 case KERBEROS_PA_FOR_X509_USER:
6525 if(private_data->msg_type == KRB5_MSG_AS_REQ){
6526 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
6527 }else if(private_data->is_enc_padata){
6528 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, NULL);
6529 }else{
6530 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
6531 }
6532 break;
6533 case KERBEROS_PA_PROV_SRV_LOCATION:
6534 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
6535 break;
6536 case KERBEROS_PA_ENC_TIMESTAMP:
6537 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
6538 break;
6539 case KERBEROS_PA_ETYPE_INFO:
6540 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
6541 break;
6542 case KERBEROS_PA_ETYPE_INFO2:
6543 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
6544 break;
6545 case KERBEROS_PA_PW_SALT:
6546 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
6547 break;
6548 case KERBEROS_PA_AUTH_SET_SELECTED:
6549 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
6550 break;
6551 case KERBEROS_PA_FX_FAST:
6552 if (kerberos_private_is_kdc_req(private_data)) {
6553 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_defer_PA_FX_FAST_REQUEST);
6554 }else{
6555 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
6556 }
6557 break;
6558 case KERBEROS_PA_FX_ERROR:
6559 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
6560 break;
6561 case KERBEROS_PA_ENCRYPTED_CHALLENGE:
6562 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
6563 break;
6564 case KERBEROS_PA_KERB_KEY_LIST_REQ:
6565 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ);
6566 break;
6567 case KERBEROS_PA_KERB_KEY_LIST_REP:
6568 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP);
6569 break;
6570 case KERBEROS_PA_SUPPORTED_ETYPES:
6571 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES);
6572 break;
6573 case KERBEROS_PA_PAC_OPTIONS:
6574 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS);
6575 break;
6576 case KERBEROS_PA_REQ_ENC_PA_REP:
6577 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum);
6578 break;
6579 case KERBEROS_PA_SPAKE:
6580 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE);
6581 break;
6582 case KERBEROS_PA_SRP:
6583 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KRB5_SRP_PA_APPLICATIONS);
6584 break;
6585 default:
6586 offset=dissect_ber_octet_string_wcb(false, actx, sub_tree, tvb, offset,hf_index, NULL);
6587 break;
6588 }
6589
6590
6591 return offset;
6592 }
6593
6594
6595 static const ber_sequence_t PA_DATA_sequence[] = {
6596 { &hf_kerberos_padata_type, BER_CLASS_CON, 1, 0, dissect_kerberos_PADATA_TYPE },
6597 { &hf_kerberos_padata_value, BER_CLASS_CON, 2, 0, dissect_kerberos_T_padata_value },
6598 { NULL, 0, 0, 0, NULL }
6599 };
6600
6601 static int
6602 dissect_kerberos_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6603 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6604 PA_DATA_sequence, hf_index, ett_kerberos_PA_DATA);
6605
6606 return offset;
6607 }
6608
6609
6610 static const ber_sequence_t T_rEQ_SEQUENCE_OF_PA_DATA_sequence_of[1] = {
6611 { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
6612 };
6613
6614 static int
6615 dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6616 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
6617 struct _kerberos_PA_FX_FAST_REQUEST saved_stack = private_data->PA_FX_FAST_REQUEST;
6618
6619 /*
6620 * we need to defer calling dissect_kerberos_PA_FX_FAST_REQUEST,
6621 * see dissect_kerberos_defer_PA_FX_FAST_REQUEST()
6622 */
6623 private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = true, };
6624 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6625 T_rEQ_SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA);
6626
6627 if (private_data->PA_FX_FAST_REQUEST.tvb != NULL) {
6628 struct _kerberos_PA_FX_FAST_REQUEST used_stack = private_data->PA_FX_FAST_REQUEST;
6629 private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = false, };
6630
6631 /*
6632 * dissect_kerberos_defer_PA_FX_FAST_REQUEST() remembered
6633 * a tvb, so replay dissect_kerberos_PA_FX_FAST_REQUEST()
6634 * here.
6635 */
6636 dissect_kerberos_PA_FX_FAST_REQUEST(false,
6637 used_stack.tvb,
6638 0,
6639 actx,
6640 used_stack.tree,
6641 -1);
6642 }
6643 private_data->PA_FX_FAST_REQUEST = saved_stack;
6644
6645
6646 return offset;
6647 }
6648
6649
6650 static int * const KDCOptions_bits[] = {
6651 &hf_kerberos_KDCOptions_reserved,
6652 &hf_kerberos_KDCOptions_forwardable,
6653 &hf_kerberos_KDCOptions_forwarded,
6654 &hf_kerberos_KDCOptions_proxiable,
6655 &hf_kerberos_KDCOptions_proxy,
6656 &hf_kerberos_KDCOptions_allow_postdate,
6657 &hf_kerberos_KDCOptions_postdated,
6658 &hf_kerberos_KDCOptions_unused7,
6659 &hf_kerberos_KDCOptions_renewable,
6660 &hf_kerberos_KDCOptions_unused9,
6661 &hf_kerberos_KDCOptions_unused10,
6662 &hf_kerberos_KDCOptions_opt_hardware_auth,
6663 &hf_kerberos_KDCOptions_unused12,
6664 &hf_kerberos_KDCOptions_unused13,
6665 &hf_kerberos_KDCOptions_constrained_delegation,
6666 &hf_kerberos_KDCOptions_canonicalize,
6667 &hf_kerberos_KDCOptions_request_anonymous,
6668 &hf_kerberos_KDCOptions_unused17,
6669 &hf_kerberos_KDCOptions_unused18,
6670 &hf_kerberos_KDCOptions_unused19,
6671 &hf_kerberos_KDCOptions_unused20,
6672 &hf_kerberos_KDCOptions_unused21,
6673 &hf_kerberos_KDCOptions_unused22,
6674 &hf_kerberos_KDCOptions_unused23,
6675 &hf_kerberos_KDCOptions_unused24,
6676 &hf_kerberos_KDCOptions_unused25,
6677 &hf_kerberos_KDCOptions_disable_transited_check,
6678 &hf_kerberos_KDCOptions_renewable_ok,
6679 &hf_kerberos_KDCOptions_enc_tkt_in_skey,
6680 &hf_kerberos_KDCOptions_unused29,
6681 &hf_kerberos_KDCOptions_renew,
6682 &hf_kerberos_KDCOptions_validate,
6683 NULL
6684 };
6685
6686 static int
6687 dissect_kerberos_KDCOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6688 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
6689 KDCOptions_bits, 32, hf_index, ett_kerberos_KDCOptions,
6690 NULL);
6691
6692 return offset;
6693 }
6694
6695
6696 static const ber_sequence_t SEQUENCE_OF_ENCTYPE_sequence_of[1] = {
6697 { &hf_kerberos_kDC_REQ_BODY_etype_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE },
6698 };
6699
6700 static int
6701 dissect_kerberos_SEQUENCE_OF_ENCTYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6702 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6703 SEQUENCE_OF_ENCTYPE_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_ENCTYPE);
6704
6705 return offset;
6706 }
6707
6708
6709
6710 static int
6711 dissect_kerberos_T_encryptedAuthorizationData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6712 #ifdef HAVE_KERBEROS
6713 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data);
6714 #else
6715 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6716 NULL);
6717
6718 #endif
6719
6720
6721 return offset;
6722 }
6723
6724
6725 static const ber_sequence_t EncryptedAuthorizationData_sequence[] = {
6726 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6727 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6728 { &hf_kerberos_encryptedAuthorizationData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthorizationData_cipher },
6729 { NULL, 0, 0, 0, NULL }
6730 };
6731
6732 static int
6733 dissect_kerberos_EncryptedAuthorizationData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6734 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6735 EncryptedAuthorizationData_sequence, hf_index, ett_kerberos_EncryptedAuthorizationData);
6736
6737 return offset;
6738 }
6739
6740
6741 static const ber_sequence_t SEQUENCE_OF_Ticket_sequence_of[1] = {
6742 { &hf_kerberos_additional_tickets_item, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket },
6743 };
6744
6745 static int
6746 dissect_kerberos_SEQUENCE_OF_Ticket(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6747 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6748 SEQUENCE_OF_Ticket_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_Ticket);
6749
6750 return offset;
6751 }
6752
6753
6754 static const ber_sequence_t KDC_REQ_BODY_sequence[] = {
6755 { &hf_kerberos_kdc_options, BER_CLASS_CON, 0, 0, dissect_kerberos_KDCOptions },
6756 { &hf_kerberos_cname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_CName },
6757 { &hf_kerberos_realm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
6758 { &hf_kerberos_sname , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SName },
6759 { &hf_kerberos_from , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6760 { &hf_kerberos_till , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6761 { &hf_kerberos_rtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6762 { &hf_kerberos_nonce , BER_CLASS_CON, 7, 0, dissect_kerberos_UInt32 },
6763 { &hf_kerberos_kDC_REQ_BODY_etype, BER_CLASS_CON, 8, 0, dissect_kerberos_SEQUENCE_OF_ENCTYPE },
6764 { &hf_kerberos_addresses , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
6765 { &hf_kerberos_enc_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptedAuthorizationData },
6766 { &hf_kerberos_additional_tickets, BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_Ticket },
6767 { NULL, 0, 0, 0, NULL }
6768 };
6769
6770 static int
6771 dissect_kerberos_KDC_REQ_BODY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6772 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6773 KDC_REQ_BODY_sequence, hf_index, ett_kerberos_KDC_REQ_BODY);
6774
6775 return offset;
6776 }
6777
6778
6779 static const ber_sequence_t KDC_REQ_sequence[] = {
6780 { &hf_kerberos_pvno , BER_CLASS_CON, 1, 0, dissect_kerberos_INTEGER_5 },
6781 { &hf_kerberos_msg_type , BER_CLASS_CON, 2, 0, dissect_kerberos_MESSAGE_TYPE },
6782 { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA },
6783 { &hf_kerberos_req_body , BER_CLASS_CON, 4, 0, dissect_kerberos_KDC_REQ_BODY },
6784 { NULL, 0, 0, 0, NULL }
6785 };
6786
6787 static int
6788 dissect_kerberos_KDC_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6789 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6790 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6791 KDC_REQ_sequence, hf_index, ett_kerberos_KDC_REQ);
6792
6793 if (private_data->krb5_conv != NULL) {
6794 krb5_conf_add_request(actx);
6795 }
6796
6797
6798 return offset;
6799 }
6800
6801
6802
6803 static int
6804 dissect_kerberos_AS_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6805 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6806 hf_index, BER_CLASS_APP, 10, false, dissect_kerberos_KDC_REQ);
6807
6808 return offset;
6809 }
6810
6811
6812 static const ber_sequence_t T_rEP_SEQUENCE_OF_PA_DATA_sequence_of[1] = {
6813 { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
6814 };
6815
6816 static int
6817 dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6818 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6819 T_rEP_SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_T_rEP_SEQUENCE_OF_PA_DATA);
6820
6821
6822
6823 return offset;
6824 }
6825
6826
6827
6828 static int
6829 dissect_kerberos_T_encryptedKDCREPData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6830 #ifdef HAVE_KERBEROS
6831 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
6832 #else
6833 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6834 NULL);
6835
6836 #endif
6837
6838
6839 return offset;
6840 }
6841
6842
6843 static const ber_sequence_t EncryptedKDCREPData_sequence[] = {
6844 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6845 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6846 { &hf_kerberos_encryptedKDCREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKDCREPData_cipher },
6847 { NULL, 0, 0, 0, NULL }
6848 };
6849
6850 static int
6851 dissect_kerberos_EncryptedKDCREPData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6852 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6853 EncryptedKDCREPData_sequence, hf_index, ett_kerberos_EncryptedKDCREPData);
6854
6855 return offset;
6856 }
6857
6858
6859 static const ber_sequence_t KDC_REP_sequence[] = {
6860 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6861 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6862 { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA },
6863 { &hf_kerberos_crealm , BER_CLASS_CON, 3, 0, dissect_kerberos_Realm },
6864 { &hf_kerberos_cname , BER_CLASS_CON, 4, 0, dissect_kerberos_CName },
6865 { &hf_kerberos_ticket , BER_CLASS_CON, 5, 0, dissect_kerberos_Ticket },
6866 { &hf_kerberos_kDC_REP_enc_part, BER_CLASS_CON, 6, 0, dissect_kerberos_EncryptedKDCREPData },
6867 { NULL, 0, 0, 0, NULL }
6868 };
6869
6870 static int
6871 dissect_kerberos_KDC_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6872 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6873 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6874 KDC_REP_sequence, hf_index, ett_kerberos_KDC_REP);
6875
6876 if (private_data->krb5_conv != NULL) {
6877 krb5_conf_add_response(actx);
6878 }
6879
6880
6881 return offset;
6882 }
6883
6884
6885
6886 static int
6887 dissect_kerberos_AS_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6888 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6889 hf_index, BER_CLASS_APP, 11, false, dissect_kerberos_KDC_REP);
6890
6891 return offset;
6892 }
6893
6894
6895
6896 static int
6897 dissect_kerberos_TGS_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6898 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6899 hf_index, BER_CLASS_APP, 12, false, dissect_kerberos_KDC_REQ);
6900
6901 return offset;
6902 }
6903
6904
6905
6906 static int
6907 dissect_kerberos_TGS_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6908 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6909 hf_index, BER_CLASS_APP, 13, false, dissect_kerberos_KDC_REP);
6910
6911 return offset;
6912 }
6913
6914
6915 static int * const APOptions_bits[] = {
6916 &hf_kerberos_APOptions_reserved,
6917 &hf_kerberos_APOptions_use_session_key,
6918 &hf_kerberos_APOptions_mutual_required,
6919 NULL
6920 };
6921
6922 static int
6923 dissect_kerberos_APOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6924 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
6925 APOptions_bits, 3, hf_index, ett_kerberos_APOptions,
6926 NULL);
6927
6928 return offset;
6929 }
6930
6931
6932
6933 static int
6934 dissect_kerberos_T_encryptedAuthenticator_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6935 #ifdef HAVE_KERBEROS
6936 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
6937 #else
6938 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6939 NULL);
6940
6941 #endif
6942
6943
6944 return offset;
6945 }
6946
6947
6948 static const ber_sequence_t EncryptedAuthenticator_sequence[] = {
6949 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6950 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6951 { &hf_kerberos_encryptedAuthenticator_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthenticator_cipher },
6952 { NULL, 0, 0, 0, NULL }
6953 };
6954
6955 static int
6956 dissect_kerberos_EncryptedAuthenticator(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6957 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6958 EncryptedAuthenticator_sequence, hf_index, ett_kerberos_EncryptedAuthenticator);
6959
6960 return offset;
6961 }
6962
6963
6964 static const ber_sequence_t AP_REQ_U_sequence[] = {
6965 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6966 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6967 { &hf_kerberos_ap_options , BER_CLASS_CON, 2, 0, dissect_kerberos_APOptions },
6968 { &hf_kerberos_ticket , BER_CLASS_CON, 3, 0, dissect_kerberos_Ticket },
6969 { &hf_kerberos_authenticator_enc_part, BER_CLASS_CON, 4, 0, dissect_kerberos_EncryptedAuthenticator },
6970 { NULL, 0, 0, 0, NULL }
6971 };
6972
6973 static int
6974 dissect_kerberos_AP_REQ_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6975 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6976 AP_REQ_U_sequence, hf_index, ett_kerberos_AP_REQ_U);
6977
6978 return offset;
6979 }
6980
6981
6982
6983 static int
6984 dissect_kerberos_AP_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6985 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6986 hf_index, BER_CLASS_APP, 14, false, dissect_kerberos_AP_REQ_U);
6987
6988 return offset;
6989 }
6990
6991
6992
6993 static int
6994 dissect_kerberos_T_encryptedAPREPData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6995 #ifdef HAVE_KERBEROS
6996 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
6997 #else
6998 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6999 NULL);
7000
7001 #endif
7002
7003
7004 return offset;
7005 }
7006
7007
7008 static const ber_sequence_t EncryptedAPREPData_sequence[] = {
7009 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7010 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7011 { &hf_kerberos_encryptedAPREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAPREPData_cipher },
7012 { NULL, 0, 0, 0, NULL }
7013 };
7014
7015 static int
7016 dissect_kerberos_EncryptedAPREPData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7017 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7018 EncryptedAPREPData_sequence, hf_index, ett_kerberos_EncryptedAPREPData);
7019
7020 return offset;
7021 }
7022
7023
7024 static const ber_sequence_t AP_REP_U_sequence[] = {
7025 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7026 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7027 { &hf_kerberos_aP_REP_enc_part, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedAPREPData },
7028 { NULL, 0, 0, 0, NULL }
7029 };
7030
7031 static int
7032 dissect_kerberos_AP_REP_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7033 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7034 AP_REP_U_sequence, hf_index, ett_kerberos_AP_REP_U);
7035
7036 return offset;
7037 }
7038
7039
7040
7041 static int
7042 dissect_kerberos_AP_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7043 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7044 hf_index, BER_CLASS_APP, 15, false, dissect_kerberos_AP_REP_U);
7045
7046 return offset;
7047 }
7048
7049
7050
7051 static int
7052 dissect_kerberos_T_kRB_SAFE_BODY_user_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7053 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
7054 tvbuff_t *new_tvb;
7055 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &new_tvb);
7056 if (new_tvb) {
7057 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks);
7058 }
7059
7060
7061 return offset;
7062 }
7063
7064
7065 static const ber_sequence_t KRB_SAFE_BODY_sequence[] = {
7066 { &hf_kerberos_kRB_SAFE_BODY_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_kRB_SAFE_BODY_user_data },
7067 { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7068 { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
7069 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7070 { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
7071 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
7072 { NULL, 0, 0, 0, NULL }
7073 };
7074
7075 static int
7076 dissect_kerberos_KRB_SAFE_BODY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7077 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7078 KRB_SAFE_BODY_sequence, hf_index, ett_kerberos_KRB_SAFE_BODY);
7079
7080 return offset;
7081 }
7082
7083
7084 static const ber_sequence_t KRB_SAFE_U_sequence[] = {
7085 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7086 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7087 { &hf_kerberos_safe_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KRB_SAFE_BODY },
7088 { &hf_kerberos_cksum , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum },
7089 { NULL, 0, 0, 0, NULL }
7090 };
7091
7092 static int
7093 dissect_kerberos_KRB_SAFE_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7094 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7095 KRB_SAFE_U_sequence, hf_index, ett_kerberos_KRB_SAFE_U);
7096
7097 return offset;
7098 }
7099
7100
7101
7102 static int
7103 dissect_kerberos_KRB_SAFE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7104 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7105 hf_index, BER_CLASS_APP, 20, false, dissect_kerberos_KRB_SAFE_U);
7106
7107 return offset;
7108 }
7109
7110
7111
7112 static int
7113 dissect_kerberos_T_encryptedKrbPrivData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7114 #ifdef HAVE_KERBEROS
7115 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
7116 #else
7117 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
7118 NULL);
7119
7120 #endif
7121
7122
7123 return offset;
7124 }
7125
7126
7127 static const ber_sequence_t EncryptedKrbPrivData_sequence[] = {
7128 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7129 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7130 { &hf_kerberos_encryptedKrbPrivData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbPrivData_cipher },
7131 { NULL, 0, 0, 0, NULL }
7132 };
7133
7134 static int
7135 dissect_kerberos_EncryptedKrbPrivData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7136 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7137 EncryptedKrbPrivData_sequence, hf_index, ett_kerberos_EncryptedKrbPrivData);
7138
7139 return offset;
7140 }
7141
7142
7143 static const ber_sequence_t KRB_PRIV_U_sequence[] = {
7144 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7145 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7146 { &hf_kerberos_kRB_PRIV_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbPrivData },
7147 { NULL, 0, 0, 0, NULL }
7148 };
7149
7150 static int
7151 dissect_kerberos_KRB_PRIV_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7152 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7153 KRB_PRIV_U_sequence, hf_index, ett_kerberos_KRB_PRIV_U);
7154
7155 return offset;
7156 }
7157
7158
7159
7160 static int
7161 dissect_kerberos_KRB_PRIV(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7162 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7163 hf_index, BER_CLASS_APP, 21, false, dissect_kerberos_KRB_PRIV_U);
7164
7165 return offset;
7166 }
7167
7168
7169
7170 static int
7171 dissect_kerberos_T_encryptedKrbCredData_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7172 #ifdef HAVE_KERBEROS
7173 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
7174 #else
7175 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
7176 NULL);
7177
7178 #endif
7179
7180
7181 return offset;
7182 }
7183
7184
7185 static const ber_sequence_t EncryptedKrbCredData_sequence[] = {
7186 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7187 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7188 { &hf_kerberos_encryptedKrbCredData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbCredData_cipher },
7189 { NULL, 0, 0, 0, NULL }
7190 };
7191
7192 static int
7193 dissect_kerberos_EncryptedKrbCredData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7194 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7195 EncryptedKrbCredData_sequence, hf_index, ett_kerberos_EncryptedKrbCredData);
7196
7197 return offset;
7198 }
7199
7200
7201 static const ber_sequence_t KRB_CRED_U_sequence[] = {
7202 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7203 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7204 { &hf_kerberos_tickets , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_OF_Ticket },
7205 { &hf_kerberos_kRB_CRED_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbCredData },
7206 { NULL, 0, 0, 0, NULL }
7207 };
7208
7209 static int
7210 dissect_kerberos_KRB_CRED_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7211 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7212 KRB_CRED_U_sequence, hf_index, ett_kerberos_KRB_CRED_U);
7213
7214 return offset;
7215 }
7216
7217
7218
7219 static int
7220 dissect_kerberos_KRB_CRED(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7221 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7222 hf_index, BER_CLASS_APP, 22, false, dissect_kerberos_KRB_CRED_U);
7223
7224 return offset;
7225 }
7226
7227
7228
7229 static int
7230 dissect_kerberos_T_encKDCRepPart_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7231 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7232 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
7233 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
7234 switch (private_data->msg_type) {
7235 case KERBEROS_APPLICATIONS_AS_REP:
7236 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart;
7237 break;
7238 case KERBEROS_APPLICATIONS_TGS_REP:
7239 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart;
7240 break;
7241 default:
7242 private_data->save_encryption_key_parent_hf_index = -1;
7243 }
7244 #ifdef HAVE_KERBEROS
7245 private_data->save_encryption_key_fn = save_EncKDCRepPart_key;
7246 #endif
7247 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
7248
7249 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
7250 private_data->save_encryption_key_fn = saved_encryption_key_fn;
7251
7252
7253 return offset;
7254 }
7255
7256
7257 static const value_string kerberos_LR_TYPE_vals[] = {
7258 { 0, "lR-NONE" },
7259 { 1, "lR-INITIAL-TGT" },
7260 { 2, "lR-INITIAL" },
7261 { 3, "lR-ISSUE-USE-TGT" },
7262 { 4, "lR-RENEWAL" },
7263 { 5, "lR-REQUEST" },
7264 { 6, "lR-PW-EXPTIME" },
7265 { 7, "lR-ACCT-EXPTIME" },
7266 { 0, NULL }
7267 };
7268
7269
7270 static int
7271 dissect_kerberos_LR_TYPE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7272 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
7273 NULL);
7274
7275 return offset;
7276 }
7277
7278
7279 static const ber_sequence_t LastReq_item_sequence[] = {
7280 { &hf_kerberos_lr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_LR_TYPE },
7281 { &hf_kerberos_lr_value , BER_CLASS_CON, 1, 0, dissect_kerberos_KerberosTime },
7282 { NULL, 0, 0, 0, NULL }
7283 };
7284
7285 static int
7286 dissect_kerberos_LastReq_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7287 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7288 LastReq_item_sequence, hf_index, ett_kerberos_LastReq_item);
7289
7290 return offset;
7291 }
7292
7293
7294 static const ber_sequence_t LastReq_sequence_of[1] = {
7295 { &hf_kerberos_LastReq_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_LastReq_item },
7296 };
7297
7298 static int
7299 dissect_kerberos_LastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7300 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7301 LastReq_sequence_of, hf_index, ett_kerberos_LastReq);
7302
7303 return offset;
7304 }
7305
7306
7307 static const ber_sequence_t METHOD_DATA_sequence_of[1] = {
7308 { &hf_kerberos_METHOD_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
7309 };
7310
7311 static int
7312 dissect_kerberos_METHOD_DATA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7313 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7314 METHOD_DATA_sequence_of, hf_index, ett_kerberos_METHOD_DATA);
7315
7316 return offset;
7317 }
7318
7319
7320
7321 static int
7322 dissect_kerberos_T_encrypted_pa_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7323 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
7324 private_data->is_enc_padata = true;
7325
7326 offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
7327
7328 private_data->is_enc_padata = false;
7329
7330 return offset;
7331 }
7332
7333
7334 static const ber_sequence_t EncKDCRepPart_sequence[] = {
7335 { &hf_kerberos_encKDCRepPart_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKDCRepPart_key },
7336 { &hf_kerberos_last_req , BER_CLASS_CON, 1, 0, dissect_kerberos_LastReq },
7337 { &hf_kerberos_nonce , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 },
7338 { &hf_kerberos_key_expiration, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7339 { &hf_kerberos_flags , BER_CLASS_CON, 4, 0, dissect_kerberos_TicketFlags },
7340 { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
7341 { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7342 { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime },
7343 { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7344 { &hf_kerberos_srealm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm },
7345 { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName },
7346 { &hf_kerberos_caddr , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
7347 { &hf_kerberos_encrypted_pa_data, BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encrypted_pa_data },
7348 { NULL, 0, 0, 0, NULL }
7349 };
7350
7351 static int
7352 dissect_kerberos_EncKDCRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7353 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7354 EncKDCRepPart_sequence, hf_index, ett_kerberos_EncKDCRepPart);
7355
7356 return offset;
7357 }
7358
7359
7360
7361 static int
7362 dissect_kerberos_EncASRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7363 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7364 hf_index, BER_CLASS_APP, 25, false, dissect_kerberos_EncKDCRepPart);
7365
7366 return offset;
7367 }
7368
7369
7370
7371 static int
7372 dissect_kerberos_EncTGSRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7373 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7374 hf_index, BER_CLASS_APP, 26, false, dissect_kerberos_EncKDCRepPart);
7375
7376 return offset;
7377 }
7378
7379
7380
7381 static int
7382 dissect_kerberos_T_encAPRepPart_subkey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7383 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7384 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
7385 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
7386 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart;
7387 #ifdef HAVE_KERBEROS
7388 private_data->save_encryption_key_fn = save_EncAPRepPart_subkey;
7389 #endif
7390 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
7391
7392 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
7393 private_data->save_encryption_key_fn = saved_encryption_key_fn;
7394
7395
7396 return offset;
7397 }
7398
7399
7400 static const ber_sequence_t EncAPRepPart_U_sequence[] = {
7401 { &hf_kerberos_ctime , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
7402 { &hf_kerberos_cusec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
7403 { &hf_kerberos_encAPRepPart_subkey, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encAPRepPart_subkey },
7404 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7405 { NULL, 0, 0, 0, NULL }
7406 };
7407
7408 static int
7409 dissect_kerberos_EncAPRepPart_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7410 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7411 EncAPRepPart_U_sequence, hf_index, ett_kerberos_EncAPRepPart_U);
7412
7413 return offset;
7414 }
7415
7416
7417
7418 static int
7419 dissect_kerberos_EncAPRepPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7420 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7421 hf_index, BER_CLASS_APP, 27, false, dissect_kerberos_EncAPRepPart_U);
7422
7423 return offset;
7424 }
7425
7426
7427
7428 static int
7429 dissect_kerberos_T_encKrbPrivPart_user_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7430 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
7431 tvbuff_t *new_tvb;
7432 offset=dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &new_tvb);
7433 if (new_tvb) {
7434 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks);
7435 }
7436
7437
7438 return offset;
7439 }
7440
7441
7442 static const ber_sequence_t EncKrbPrivPart_sequence[] = {
7443 { &hf_kerberos_encKrbPrivPart_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKrbPrivPart_user_data },
7444 { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7445 { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
7446 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7447 { &hf_kerberos_s_address , BER_CLASS_CON, 4, 0, dissect_kerberos_HostAddress },
7448 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
7449 { NULL, 0, 0, 0, NULL }
7450 };
7451
7452 static int
7453 dissect_kerberos_EncKrbPrivPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7454 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7455 EncKrbPrivPart_sequence, hf_index, ett_kerberos_EncKrbPrivPart);
7456
7457 return offset;
7458 }
7459
7460
7461
7462 static int
7463 dissect_kerberos_ENC_KRB_PRIV_PART(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7464 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7465 hf_index, BER_CLASS_APP, 28, false, dissect_kerberos_EncKrbPrivPart);
7466
7467 return offset;
7468 }
7469
7470
7471
7472 static int
7473 dissect_kerberos_T_krbCredInfo_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7474 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7475 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
7476 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
7477 private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item;
7478 #ifdef HAVE_KERBEROS
7479 private_data->save_encryption_key_fn = save_KrbCredInfo_key;
7480 #endif
7481 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
7482
7483 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
7484 private_data->save_encryption_key_fn = saved_encryption_key_fn;
7485
7486
7487 return offset;
7488 }
7489
7490
7491 static const ber_sequence_t SEQUENCE_OF_KerberosString_sequence_of[1] = {
7492 { &hf_kerberos_name_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_KerberosString },
7493 };
7494
7495 static int
7496 dissect_kerberos_SEQUENCE_OF_KerberosString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7497 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7498 SEQUENCE_OF_KerberosString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KerberosString);
7499
7500 return offset;
7501 }
7502
7503
7504 static const ber_sequence_t PrincipalName_sequence[] = {
7505 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
7506 { &hf_kerberos_name_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_KerberosString },
7507 { NULL, 0, 0, 0, NULL }
7508 };
7509
7510 static int
7511 dissect_kerberos_PrincipalName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7512 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7513 PrincipalName_sequence, hf_index, ett_kerberos_PrincipalName);
7514
7515 return offset;
7516 }
7517
7518
7519 static const ber_sequence_t KrbCredInfo_sequence[] = {
7520 { &hf_kerberos_krbCredInfo_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_krbCredInfo_key },
7521 { &hf_kerberos_prealm , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
7522 { &hf_kerberos_pname , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
7523 { &hf_kerberos_flags , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_TicketFlags },
7524 { &hf_kerberos_authtime , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7525 { &hf_kerberos_starttime , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7526 { &hf_kerberos_endtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7527 { &hf_kerberos_renew_till , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7528 { &hf_kerberos_srealm , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
7529 { &hf_kerberos_sname , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_SName },
7530 { &hf_kerberos_caddr , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
7531 { NULL, 0, 0, 0, NULL }
7532 };
7533
7534 static int
7535 dissect_kerberos_KrbCredInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7536 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7537 KrbCredInfo_sequence, hf_index, ett_kerberos_KrbCredInfo);
7538
7539 return offset;
7540 }
7541
7542
7543 static const ber_sequence_t SEQUENCE_OF_KrbCredInfo_sequence_of[1] = {
7544 { &hf_kerberos_ticket_info_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KrbCredInfo },
7545 };
7546
7547 static int
7548 dissect_kerberos_SEQUENCE_OF_KrbCredInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7549 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7550 SEQUENCE_OF_KrbCredInfo_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KrbCredInfo);
7551
7552 return offset;
7553 }
7554
7555
7556 static const ber_sequence_t EncKrbCredPart_U_sequence[] = {
7557 { &hf_kerberos_ticket_info, BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_KrbCredInfo },
7558 { &hf_kerberos_nonce , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7559 { &hf_kerberos_timestamp , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7560 { &hf_kerberos_usec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
7561 { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
7562 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
7563 { NULL, 0, 0, 0, NULL }
7564 };
7565
7566 static int
7567 dissect_kerberos_EncKrbCredPart_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7568 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7569 EncKrbCredPart_U_sequence, hf_index, ett_kerberos_EncKrbCredPart_U);
7570
7571 return offset;
7572 }
7573
7574
7575
7576 static int
7577 dissect_kerberos_EncKrbCredPart(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7578 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7579 hf_index, BER_CLASS_APP, 29, false, dissect_kerberos_EncKrbCredPart_U);
7580
7581 return offset;
7582 }
7583
7584
7585 static const value_string kerberos_ERROR_CODE_vals[] = {
7586 { 0, "eRR-NONE" },
7587 { 1, "eRR-NAME-EXP" },
7588 { 2, "eRR-SERVICE-EXP" },
7589 { 3, "eRR-BAD-PVNO" },
7590 { 4, "eRR-C-OLD-MAST-KVNO" },
7591 { 5, "eRR-S-OLD-MAST-KVNO" },
7592 { 6, "eRR-C-PRINCIPAL-UNKNOWN" },
7593 { 7, "eRR-S-PRINCIPAL-UNKNOWN" },
7594 { 8, "eRR-PRINCIPAL-NOT-UNIQUE" },
7595 { 9, "eRR-NULL-KEY" },
7596 { 10, "eRR-CANNOT-POSTDATE" },
7597 { 11, "eRR-NEVER-VALID" },
7598 { 12, "eRR-POLICY" },
7599 { 13, "eRR-BADOPTION" },
7600 { 14, "eRR-ETYPE-NOSUPP" },
7601 { 15, "eRR-SUMTYPE-NOSUPP" },
7602 { 16, "eRR-PADATA-TYPE-NOSUPP" },
7603 { 17, "eRR-TRTYPE-NOSUPP" },
7604 { 18, "eRR-CLIENT-REVOKED" },
7605 { 19, "eRR-SERVICE-REVOKED" },
7606 { 20, "eRR-TGT-REVOKED" },
7607 { 21, "eRR-CLIENT-NOTYET" },
7608 { 22, "eRR-SERVICE-NOTYET" },
7609 { 23, "eRR-KEY-EXP" },
7610 { 24, "eRR-PREAUTH-FAILED" },
7611 { 25, "eRR-PREAUTH-REQUIRED" },
7612 { 26, "eRR-SERVER-NOMATCH" },
7613 { 27, "eRR-MUST-USE-USER2USER" },
7614 { 28, "eRR-PATH-NOT-ACCEPTED" },
7615 { 29, "eRR-SVC-UNAVAILABLE" },
7616 { 31, "eRR-BAD-INTEGRITY" },
7617 { 32, "eRR-TKT-EXPIRED" },
7618 { 33, "eRR-TKT-NYV" },
7619 { 34, "eRR-REPEAT" },
7620 { 35, "eRR-NOT-US" },
7621 { 36, "eRR-BADMATCH" },
7622 { 37, "eRR-SKEW" },
7623 { 38, "eRR-BADADDR" },
7624 { 39, "eRR-BADVERSION" },
7625 { 40, "eRR-MSG-TYPE" },
7626 { 41, "eRR-MODIFIED" },
7627 { 42, "eRR-BADORDER" },
7628 { 43, "eRR-ILL-CR-TKT" },
7629 { 44, "eRR-BADKEYVER" },
7630 { 45, "eRR-NOKEY" },
7631 { 46, "eRR-MUT-FAIL" },
7632 { 47, "eRR-BADDIRECTION" },
7633 { 48, "eRR-METHOD" },
7634 { 49, "eRR-BADSEQ" },
7635 { 50, "eRR-INAPP-CKSUM" },
7636 { 51, "pATH-NOT-ACCEPTED" },
7637 { 52, "eRR-RESPONSE-TOO-BIG" },
7638 { 60, "eRR-GENERIC" },
7639 { 61, "eRR-FIELD-TOOLONG" },
7640 { 62, "eRROR-CLIENT-NOT-TRUSTED" },
7641 { 63, "eRROR-KDC-NOT-TRUSTED" },
7642 { 64, "eRROR-INVALID-SIG" },
7643 { 65, "eRR-KEY-TOO-WEAK" },
7644 { 66, "eRR-CERTIFICATE-MISMATCH" },
7645 { 67, "eRR-NO-TGT" },
7646 { 68, "eRR-WRONG-REALM" },
7647 { 69, "eRR-USER-TO-USER-REQUIRED" },
7648 { 70, "eRR-CANT-VERIFY-CERTIFICATE" },
7649 { 71, "eRR-INVALID-CERTIFICATE" },
7650 { 72, "eRR-REVOKED-CERTIFICATE" },
7651 { 73, "eRR-REVOCATION-STATUS-UNKNOWN" },
7652 { 74, "eRR-REVOCATION-STATUS-UNAVAILABLE" },
7653 { 75, "eRR-CLIENT-NAME-MISMATCH" },
7654 { 76, "eRR-KDC-NAME-MISMATCH" },
7655 { 91, "eRR-KDC-MORE-PREAUTH-DATA-REQUIRED" },
7656 { 0, NULL }
7657 };
7658
7659
7660 static int
7661 dissect_kerberos_ERROR_CODE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7662 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7663 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
7664 &private_data->errorcode);
7665
7666
7667
7668 if (private_data->errorcode) {
7669 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
7670 "KRB Error: %s",
7671 val_to_str(private_data->errorcode, krb5_error_codes,
7672 "Unknown error code %#x"));
7673 }
7674
7675 return offset;
7676 }
7677
7678
7679
7680 static int
7681 dissect_kerberos_T_e_data(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7682 offset = dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_T_e_data_octets);
7683
7684
7685 return offset;
7686 }
7687
7688
7689 static const ber_sequence_t KRB_ERROR_U_sequence[] = {
7690 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7691 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7692 { &hf_kerberos_ctime , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
7693 { &hf_kerberos_cusec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
7694 { &hf_kerberos_stime , BER_CLASS_CON, 4, 0, dissect_kerberos_KerberosTime },
7695 { &hf_kerberos_susec , BER_CLASS_CON, 5, 0, dissect_kerberos_Microseconds },
7696 { &hf_kerberos_error_code , BER_CLASS_CON, 6, 0, dissect_kerberos_ERROR_CODE },
7697 { &hf_kerberos_crealm , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
7698 { &hf_kerberos_cname , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_CName },
7699 { &hf_kerberos_realm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm },
7700 { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName },
7701 { &hf_kerberos_e_text , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString },
7702 { &hf_kerberos_e_data , BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_e_data },
7703 { &hf_kerberos_e_checksum , BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum },
7704 { NULL, 0, 0, 0, NULL }
7705 };
7706
7707 static int
7708 dissect_kerberos_KRB_ERROR_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7709 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7710 KRB_ERROR_U_sequence, hf_index, ett_kerberos_KRB_ERROR_U);
7711
7712 return offset;
7713 }
7714
7715
7716
7717 static int
7718 dissect_kerberos_KRB_ERROR(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7719 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7720 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7721 hf_index, BER_CLASS_APP, 30, false, dissect_kerberos_KRB_ERROR_U);
7722
7723 if (private_data->krb5_conv != NULL) {
7724 krb5_conf_add_response(actx);
7725 }
7726
7727
7728 return offset;
7729 }
7730
7731
7732 static const ber_choice_t Applications_choice[] = {
7733 { KERBEROS_APPLICATIONS_TICKET, &hf_kerberos_ticket , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket },
7734 { KERBEROS_APPLICATIONS_AUTHENTICATOR, &hf_kerberos_authenticator, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_kerberos_Authenticator },
7735 { KERBEROS_APPLICATIONS_ENCTICKETPART, &hf_kerberos_encTicketPart, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTicketPart },
7736 { KERBEROS_APPLICATIONS_AS_REQ, &hf_kerberos_as_req , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REQ },
7737 { KERBEROS_APPLICATIONS_AS_REP, &hf_kerberos_as_rep , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REP },
7738 { KERBEROS_APPLICATIONS_TGS_REQ, &hf_kerberos_tgs_req , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REQ },
7739 { KERBEROS_APPLICATIONS_TGS_REP, &hf_kerberos_tgs_rep , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REP },
7740 { KERBEROS_APPLICATIONS_AP_REQ, &hf_kerberos_ap_req , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REQ },
7741 { KERBEROS_APPLICATIONS_AP_REP, &hf_kerberos_ap_rep , BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REP },
7742 { KERBEROS_APPLICATIONS_KRB_SAFE, &hf_kerberos_krb_safe , BER_CLASS_APP, 20, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_SAFE },
7743 { KERBEROS_APPLICATIONS_KRB_PRIV, &hf_kerberos_krb_priv , BER_CLASS_APP, 21, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_PRIV },
7744 { KERBEROS_APPLICATIONS_KRB_CRED, &hf_kerberos_krb_cred , BER_CLASS_APP, 22, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_CRED },
7745 { KERBEROS_APPLICATIONS_ENCASREPPART, &hf_kerberos_encASRepPart, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncASRepPart },
7746 { KERBEROS_APPLICATIONS_ENCTGSREPPART, &hf_kerberos_encTGSRepPart, BER_CLASS_APP, 26, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTGSRepPart },
7747 { KERBEROS_APPLICATIONS_ENCAPREPPART, &hf_kerberos_encAPRepPart, BER_CLASS_APP, 27, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncAPRepPart },
7748 { KERBEROS_APPLICATIONS_ENCKRBPRIVPART, &hf_kerberos_encKrbPrivPart, BER_CLASS_APP, 28, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENC_KRB_PRIV_PART },
7749 { KERBEROS_APPLICATIONS_ENCKRBCREDPART, &hf_kerberos_encKrbCredPart, BER_CLASS_APP, 29, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncKrbCredPart },
7750 { KERBEROS_APPLICATIONS_KRB_ERROR, &hf_kerberos_krb_error , BER_CLASS_APP, 30, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_ERROR },
7751 { 0, NULL, 0, 0, 0, NULL }
7752 };
7753
7754 static int
7755 dissect_kerberos_Applications(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7756 offset = dissect_ber_choice(actx, tree, tvb, offset,
7757 Applications_choice, hf_index, ett_kerberos_Applications,
7758 NULL);
7759
7760 return offset;
7761 }
7762
7763
7764
7765 static int
7766 dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7767 #ifdef HAVE_KERBEROS
7768 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
7769 #else
7770 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
7771 NULL);
7772
7773 #endif
7774
7775
7776 return offset;
7777 }
7778
7779
7780 static const ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
7781 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7782 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7783 { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher },
7784 { NULL, 0, 0, 0, NULL }
7785 };
7786
7787 static int
7788 dissect_kerberos_PA_ENC_TIMESTAMP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7789 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7790 PA_ENC_TIMESTAMP_sequence, hf_index, ett_kerberos_PA_ENC_TIMESTAMP);
7791
7792 return offset;
7793 }
7794
7795
7796 static const ber_sequence_t ETYPE_INFO_ENTRY_sequence[] = {
7797 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7798 { &hf_kerberos_info_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
7799 { NULL, 0, 0, 0, NULL }
7800 };
7801
7802 static int
7803 dissect_kerberos_ETYPE_INFO_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7804 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7805 ETYPE_INFO_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO_ENTRY);
7806
7807 return offset;
7808 }
7809
7810
7811 static const ber_sequence_t ETYPE_INFO_sequence_of[1] = {
7812 { &hf_kerberos_ETYPE_INFO_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO_ENTRY },
7813 };
7814
7815 static int
7816 dissect_kerberos_ETYPE_INFO(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7817 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7818 ETYPE_INFO_sequence_of, hf_index, ett_kerberos_ETYPE_INFO);
7819
7820 return offset;
7821 }
7822
7823
7824 static const ber_sequence_t ETYPE_INFO2_ENTRY_sequence[] = {
7825 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7826 { &hf_kerberos_info2_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString },
7827 { &hf_kerberos_s2kparams , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
7828 { NULL, 0, 0, 0, NULL }
7829 };
7830
7831 static int
7832 dissect_kerberos_ETYPE_INFO2_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7833 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7834 ETYPE_INFO2_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO2_ENTRY);
7835
7836 return offset;
7837 }
7838
7839
7840 static const ber_sequence_t ETYPE_INFO2_sequence_of[1] = {
7841 { &hf_kerberos_ETYPE_INFO2_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO2_ENTRY },
7842 };
7843
7844 static int
7845 dissect_kerberos_ETYPE_INFO2(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7846 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7847 ETYPE_INFO2_sequence_of, hf_index, ett_kerberos_ETYPE_INFO2);
7848
7849 return offset;
7850 }
7851
7852
7853
7854 static int
7855 dissect_kerberos_AD_IF_RELEVANT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7856 offset = dissect_kerberos_AuthorizationData(implicit_tag, tvb, offset, actx, tree, hf_index);
7857
7858 return offset;
7859 }
7860
7861
7862 static const ber_sequence_t TGT_REQ_sequence[] = {
7863 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7864 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7865 { &hf_kerberos_server_name, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
7866 { &hf_kerberos_realm , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
7867 { NULL, 0, 0, 0, NULL }
7868 };
7869
7870 int
7871 dissect_kerberos_TGT_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7872 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7873 TGT_REQ_sequence, hf_index, ett_kerberos_TGT_REQ);
7874
7875 return offset;
7876 }
7877
7878
7879 static const ber_sequence_t TGT_REP_sequence[] = {
7880 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7881 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7882 { &hf_kerberos_ticket , BER_CLASS_CON, 2, 0, dissect_kerberos_Ticket },
7883 { NULL, 0, 0, 0, NULL }
7884 };
7885
7886 int
7887 dissect_kerberos_TGT_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7888 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7889 TGT_REP_sequence, hf_index, ett_kerberos_TGT_REP);
7890
7891 return offset;
7892 }
7893
7894
7895
7896 static int
7897 dissect_kerberos_BOOLEAN(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7898 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
7899
7900 return offset;
7901 }
7902
7903
7904 static const ber_sequence_t PA_PAC_REQUEST_sequence[] = {
7905 { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN },
7906 { NULL, 0, 0, 0, NULL }
7907 };
7908
7909 static int
7910 dissect_kerberos_PA_PAC_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7911 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7912 PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_PA_PAC_REQUEST);
7913
7914 return offset;
7915 }
7916
7917
7918
7919 static int
7920 dissect_kerberos_GeneralString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7921 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
7922 actx, tree, tvb, offset, hf_index,
7923 NULL);
7924
7925 return offset;
7926 }
7927
7928
7929 static const ber_sequence_t PA_S4U2Self_sequence[] = {
7930 { &hf_kerberos_name , BER_CLASS_CON, 0, 0, dissect_kerberos_PrincipalName },
7931 { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
7932 { &hf_kerberos_cksum , BER_CLASS_CON, 2, 0, dissect_kerberos_Checksum },
7933 { &hf_kerberos_auth , BER_CLASS_CON, 3, 0, dissect_kerberos_GeneralString },
7934 { NULL, 0, 0, 0, NULL }
7935 };
7936
7937 static int
7938 dissect_kerberos_PA_S4U2Self(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7939 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7940 PA_S4U2Self_sequence, hf_index, ett_kerberos_PA_S4U2Self);
7941
7942 return offset;
7943 }
7944
7945
7946
7947 static int
7948 dissect_kerberos_T_subject_certificate(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7949 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
7950
7951
7952 return offset;
7953 }
7954
7955
7956
7957 static int
7958 dissect_kerberos_BIT_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7959 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
7960 NULL, 0, hf_index, -1,
7961 NULL);
7962
7963 return offset;
7964 }
7965
7966
7967 static const ber_sequence_t S4UUserID_sequence[] = {
7968 { &hf_kerberos_nonce , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 },
7969 { &hf_kerberos_cname_01 , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
7970 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
7971 { &hf_kerberos_subject_certificate, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_subject_certificate },
7972 { &hf_kerberos_options , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_BIT_STRING },
7973 { NULL, 0, 0, 0, NULL }
7974 };
7975
7976 static int
7977 dissect_kerberos_S4UUserID(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7978 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7979 S4UUserID_sequence, hf_index, ett_kerberos_S4UUserID);
7980
7981 return offset;
7982 }
7983
7984
7985 static const ber_sequence_t PA_S4U_X509_USER_sequence[] = {
7986 { &hf_kerberos_user_id , BER_CLASS_CON, 0, 0, dissect_kerberos_S4UUserID },
7987 { &hf_kerberos_checksum_01, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum },
7988 { NULL, 0, 0, 0, NULL }
7989 };
7990
7991 static int
7992 dissect_kerberos_PA_S4U_X509_USER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7993 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7994 PA_S4U_X509_USER_sequence, hf_index, ett_kerberos_PA_S4U_X509_USER);
7995
7996 return offset;
7997 }
7998
7999
8000 static int * const PAC_OPTIONS_FLAGS_bits[] = {
8001 &hf_kerberos_PAC_OPTIONS_FLAGS_claims,
8002 &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware,
8003 &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc,
8004 &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation,
8005 NULL
8006 };
8007
8008 static int
8009 dissect_kerberos_PAC_OPTIONS_FLAGS(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8010 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
8011 PAC_OPTIONS_FLAGS_bits, 4, hf_index, ett_kerberos_PAC_OPTIONS_FLAGS,
8012 NULL);
8013
8014 return offset;
8015 }
8016
8017
8018 static const ber_sequence_t PA_PAC_OPTIONS_sequence[] = {
8019 { &hf_kerberos_flags_01 , BER_CLASS_CON, 0, 0, dissect_kerberos_PAC_OPTIONS_FLAGS },
8020 { NULL, 0, 0, 0, NULL }
8021 };
8022
8023 static int
8024 dissect_kerberos_PA_PAC_OPTIONS(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8025 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8026 PA_PAC_OPTIONS_sequence, hf_index, ett_kerberos_PA_PAC_OPTIONS);
8027
8028 return offset;
8029 }
8030
8031
8032 static const ber_sequence_t KERB_AD_RESTRICTION_ENTRY_U_sequence[] = {
8033 { &hf_kerberos_restriction_type, BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 },
8034 { &hf_kerberos_restriction, BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
8035 { NULL, 0, 0, 0, NULL }
8036 };
8037
8038 static int
8039 dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8040 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8041 KERB_AD_RESTRICTION_ENTRY_U_sequence, hf_index, ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U);
8042
8043 return offset;
8044 }
8045
8046
8047
8048 static int
8049 dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8050 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
8051 hf_index, BER_CLASS_UNI, 16, false, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U);
8052
8053 return offset;
8054 }
8055
8056
8057 static const ber_sequence_t PA_KERB_KEY_LIST_REQ_sequence_of[1] = {
8058 { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE },
8059 };
8060
8061 static int
8062 dissect_kerberos_PA_KERB_KEY_LIST_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8063 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
8064 PA_KERB_KEY_LIST_REQ_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REQ);
8065
8066 return offset;
8067 }
8068
8069
8070
8071 static int
8072 dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8073 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
8074
8075 return offset;
8076 }
8077
8078
8079
8080 static int
8081 dissect_kerberos_PA_KERB_KEY_LIST_REP_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8082 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
8083 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
8084 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
8085 private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key;
8086 #ifdef HAVE_KERBEROS
8087 private_data->save_encryption_key_fn = save_encryption_key;
8088 #endif
8089 offset = dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(implicit_tag, tvb, offset, actx, tree, hf_index);
8090
8091 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
8092 private_data->save_encryption_key_fn = saved_encryption_key_fn;
8093
8094
8095 return offset;
8096 }
8097
8098
8099 static const ber_sequence_t PA_KERB_KEY_LIST_REP_sequence_of[1] = {
8100 { &hf_kerberos_kerbKeyListRep_key, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_KERB_KEY_LIST_REP_item },
8101 };
8102
8103 static int
8104 dissect_kerberos_PA_KERB_KEY_LIST_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8105 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
8106 PA_KERB_KEY_LIST_REP_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REP);
8107
8108 return offset;
8109 }
8110
8111
8112 static const value_string kerberos_KRB5_SRP_GROUP_vals[] = {
8113 { 0, "kRB5-SRP-GROUP-INVALID" },
8114 { 1, "kRB5-SRP-GROUP-RFC5054-4096-PBKDF2-SHA512" },
8115 { 0, NULL }
8116 };
8117
8118
8119 static int
8120 dissect_kerberos_KRB5_SRP_GROUP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8121 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
8122 NULL);
8123
8124 return offset;
8125 }
8126
8127
8128 static const ber_sequence_t KRB5_SRP_PA_sequence[] = {
8129 { &hf_kerberos_srppa_group, BER_CLASS_CON, 0, 0, dissect_kerberos_KRB5_SRP_GROUP },
8130 { &hf_kerberos_salt , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
8131 { &hf_kerberos_iterations , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 },
8132 { NULL, 0, 0, 0, NULL }
8133 };
8134
8135 static int
8136 dissect_kerberos_KRB5_SRP_PA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8137 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8138 KRB5_SRP_PA_sequence, hf_index, ett_kerberos_KRB5_SRP_PA);
8139
8140 return offset;
8141 }
8142
8143
8144 static const ber_sequence_t SET_OF_KRB5_SRP_PA_set_of[1] = {
8145 { &hf_kerberos_groups_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB5_SRP_PA },
8146 };
8147
8148 static int
8149 dissect_kerberos_SET_OF_KRB5_SRP_PA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8150 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
8151 SET_OF_KRB5_SRP_PA_set_of, hf_index, ett_kerberos_SET_OF_KRB5_SRP_PA);
8152
8153 return offset;
8154 }
8155
8156
8157 static const ber_sequence_t KRB5_SRP_PA_ANNOUNCE_sequence[] = {
8158 { &hf_kerberos_groups , BER_CLASS_CON, 0, 0, dissect_kerberos_SET_OF_KRB5_SRP_PA },
8159 { &hf_kerberos_as_req_01 , BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum },
8160 { NULL, 0, 0, 0, NULL }
8161 };
8162
8163 static int
8164 dissect_kerberos_KRB5_SRP_PA_ANNOUNCE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8165 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8166 KRB5_SRP_PA_ANNOUNCE_sequence, hf_index, ett_kerberos_KRB5_SRP_PA_ANNOUNCE);
8167
8168 return offset;
8169 }
8170
8171
8172 static const ber_sequence_t KRB5_SRP_PA_INIT_U_sequence[] = {
8173 { &hf_kerberos_group , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 },
8174 { &hf_kerberos_a , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
8175 { NULL, 0, 0, 0, NULL }
8176 };
8177
8178 static int
8179 dissect_kerberos_KRB5_SRP_PA_INIT_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8180 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8181 KRB5_SRP_PA_INIT_U_sequence, hf_index, ett_kerberos_KRB5_SRP_PA_INIT_U);
8182
8183 return offset;
8184 }
8185
8186
8187
8188 static int
8189 dissect_kerberos_KRB5_SRP_PA_INIT(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8190 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
8191 hf_index, BER_CLASS_APP, 0, false, dissect_kerberos_KRB5_SRP_PA_INIT_U);
8192
8193 return offset;
8194 }
8195
8196
8197
8198 static int
8199 dissect_kerberos_KRB5_SRP_PA_SERVER_CHALLENGE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8200 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
8201 hf_index, BER_CLASS_APP, 1, false, dissect_kerberos_OCTET_STRING);
8202
8203 return offset;
8204 }
8205
8206
8207
8208 static int
8209 dissect_kerberos_KRB5_SRP_PA_CLIENT_RESPONSE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8210 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
8211 hf_index, BER_CLASS_APP, 2, false, dissect_kerberos_OCTET_STRING);
8212
8213 return offset;
8214 }
8215
8216
8217
8218 static int
8219 dissect_kerberos_KRB5_SRP_PA_SERVER_VERIFIER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8220 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
8221 hf_index, BER_CLASS_APP, 3, false, dissect_kerberos_OCTET_STRING);
8222
8223 return offset;
8224 }
8225
8226
8227
8228 static int
8229 dissect_kerberos_UTF8String(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8230 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_UTF8String,
8231 actx, tree, tvb, offset, hf_index,
8232 NULL);
8233
8234 return offset;
8235 }
8236
8237
8238 static const ber_sequence_t AD_AUTHENTICATION_INDICATOR_sequence_of[1] = {
8239 { &hf_kerberos_AD_AUTHENTICATION_INDICATOR_item, BER_CLASS_UNI, BER_UNI_TAG_UTF8String, BER_FLAGS_NOOWNTAG, dissect_kerberos_UTF8String },
8240 };
8241
8242 static int
8243 dissect_kerberos_AD_AUTHENTICATION_INDICATOR(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8244 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
8245 AD_AUTHENTICATION_INDICATOR_sequence_of, hf_index, ett_kerberos_AD_AUTHENTICATION_INDICATOR);
8246
8247 return offset;
8248 }
8249
8250
8251 static const ber_sequence_t Verifier_MAC_sequence[] = {
8252 { &hf_kerberos_identifier , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
8253 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
8254 { &hf_kerberos_enctype , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Int32 },
8255 { &hf_kerberos_mac_01 , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum },
8256 { NULL, 0, 0, 0, NULL }
8257 };
8258
8259 static int
8260 dissect_kerberos_Verifier_MAC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8261 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8262 Verifier_MAC_sequence, hf_index, ett_kerberos_Verifier_MAC);
8263
8264 return offset;
8265 }
8266
8267
8268 static const value_string kerberos_Verifier_vals[] = {
8269 { 0, "mac" },
8270 { 0, NULL }
8271 };
8272
8273 static const ber_choice_t Verifier_choice[] = {
8274 { 0, &hf_kerberos_mac , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_Verifier_MAC },
8275 { 0, NULL, 0, 0, 0, NULL }
8276 };
8277
8278 static int
8279 dissect_kerberos_Verifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8280 offset = dissect_ber_choice(actx, tree, tvb, offset,
8281 Verifier_choice, hf_index, ett_kerberos_Verifier,
8282 NULL);
8283
8284 return offset;
8285 }
8286
8287
8288 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_Verifier_sequence_of[1] = {
8289 { &hf_kerberos_other_verifiers_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_kerberos_Verifier },
8290 };
8291
8292 static int
8293 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8294 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
8295 SEQUENCE_SIZE_1_MAX_OF_Verifier_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier);
8296
8297 return offset;
8298 }
8299
8300
8301 static const ber_sequence_t AD_CAMMAC_sequence[] = {
8302 { &hf_kerberos_elements , BER_CLASS_CON, 0, 0, dissect_kerberos_AuthorizationData },
8303 { &hf_kerberos_kdc_verifier, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Verifier_MAC },
8304 { &hf_kerberos_svc_verifier, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Verifier_MAC },
8305 { &hf_kerberos_other_verifiers, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier },
8306 { NULL, 0, 0, 0, NULL }
8307 };
8308
8309 static int
8310 dissect_kerberos_AD_CAMMAC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8311 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8312 AD_CAMMAC_sequence, hf_index, ett_kerberos_AD_CAMMAC);
8313
8314 return offset;
8315 }
8316
8317
8318 static const ber_sequence_t ChangePasswdData_sequence[] = {
8319 { &hf_kerberos_newpasswd , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING },
8320 { &hf_kerberos_targname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
8321 { &hf_kerberos_targrealm , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
8322 { NULL, 0, 0, 0, NULL }
8323 };
8324
8325 int
8326 dissect_kerberos_ChangePasswdData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8327 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8328 ChangePasswdData_sequence, hf_index, ett_kerberos_ChangePasswdData);
8329
8330 return offset;
8331 }
8332
8333
8334 static const ber_sequence_t PA_AUTHENTICATION_SET_ELEM_sequence[] = {
8335 { &hf_kerberos_pa_type , BER_CLASS_CON, 0, 0, dissect_kerberos_PADATA_TYPE },
8336 { &hf_kerberos_pa_hint , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
8337 { &hf_kerberos_pa_value , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
8338 { NULL, 0, 0, 0, NULL }
8339 };
8340
8341 static int
8342 dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8343 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8344 PA_AUTHENTICATION_SET_ELEM_sequence, hf_index, ett_kerberos_PA_AUTHENTICATION_SET_ELEM);
8345
8346 return offset;
8347 }
8348
8349
8350 static const value_string kerberos_KrbFastArmorTypes_vals[] = {
8351 { KERBEROS_FX_FAST_RESERVED, "fX-FAST-reserved" },
8352 { KERBEROS_FX_FAST_ARMOR_AP_REQUEST, "fX-FAST-ARMOR-AP-REQUEST" },
8353 { 0, NULL }
8354 };
8355
8356
8357 static int
8358 dissect_kerberos_KrbFastArmorTypes(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8359 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
8360 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
8361 &(private_data->fast_type));
8362
8363
8364
8365 return offset;
8366 }
8367
8368
8369
8370 static int
8371 dissect_kerberos_T_armor_value(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8372 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
8373
8374 switch(private_data->fast_type){
8375 case KERBEROS_FX_FAST_ARMOR_AP_REQUEST:
8376 private_data->fast_armor_within_armor_value++;
8377 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications);
8378 private_data->fast_armor_within_armor_value--;
8379 break;
8380 default:
8381 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
8382 break;
8383 }
8384
8385
8386 return offset;
8387 }
8388
8389
8390 static const ber_sequence_t KrbFastArmor_sequence[] = {
8391 { &hf_kerberos_armor_type , BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmorTypes },
8392 { &hf_kerberos_armor_value, BER_CLASS_CON, 1, 0, dissect_kerberos_T_armor_value },
8393 { NULL, 0, 0, 0, NULL }
8394 };
8395
8396 static int
8397 dissect_kerberos_KrbFastArmor(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8398 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8399 KrbFastArmor_sequence, hf_index, ett_kerberos_KrbFastArmor);
8400
8401 return offset;
8402 }
8403
8404
8405
8406 static int
8407 dissect_kerberos_T_encryptedKrbFastReq_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8408 #ifdef HAVE_KERBEROS
8409 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
8410 #else
8411 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
8412 NULL);
8413
8414 #endif
8415
8416
8417 return offset;
8418 }
8419
8420
8421 static const ber_sequence_t EncryptedKrbFastReq_sequence[] = {
8422 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
8423 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
8424 { &hf_kerberos_encryptedKrbFastReq_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastReq_cipher },
8425 { NULL, 0, 0, 0, NULL }
8426 };
8427
8428 static int
8429 dissect_kerberos_EncryptedKrbFastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8430 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8431 EncryptedKrbFastReq_sequence, hf_index, ett_kerberos_EncryptedKrbFastReq);
8432
8433 return offset;
8434 }
8435
8436
8437 static const ber_sequence_t KrbFastArmoredReq_sequence[] = {
8438 { &hf_kerberos_armor , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastArmor },
8439 { &hf_kerberos_req_checksum, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum },
8440 { &hf_kerberos_enc_fast_req, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedKrbFastReq },
8441 { NULL, 0, 0, 0, NULL }
8442 };
8443
8444 static int
8445 dissect_kerberos_KrbFastArmoredReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8446 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8447 KrbFastArmoredReq_sequence, hf_index, ett_kerberos_KrbFastArmoredReq);
8448
8449 return offset;
8450 }
8451
8452
8453 static const ber_choice_t PA_FX_FAST_REQUEST_choice[] = {
8454 { 0, &hf_kerberos_armored_data_request, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredReq },
8455 { 0, NULL, 0, 0, 0, NULL }
8456 };
8457
8458 static int
8459 dissect_kerberos_PA_FX_FAST_REQUEST(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8460 offset = dissect_ber_choice(actx, tree, tvb, offset,
8461 PA_FX_FAST_REQUEST_choice, hf_index, ett_kerberos_PA_FX_FAST_REQUEST,
8462 NULL);
8463
8464 return offset;
8465 }
8466
8467
8468
8469 static int
8470 dissect_kerberos_T_encryptedKrbFastResponse_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8471 #ifdef HAVE_KERBEROS
8472 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
8473 #else
8474 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
8475 NULL);
8476
8477 #endif
8478
8479
8480 return offset;
8481 }
8482
8483
8484 static const ber_sequence_t EncryptedKrbFastResponse_sequence[] = {
8485 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
8486 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
8487 { &hf_kerberos_encryptedKrbFastResponse_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastResponse_cipher },
8488 { NULL, 0, 0, 0, NULL }
8489 };
8490
8491 static int
8492 dissect_kerberos_EncryptedKrbFastResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8493 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8494 EncryptedKrbFastResponse_sequence, hf_index, ett_kerberos_EncryptedKrbFastResponse);
8495
8496 return offset;
8497 }
8498
8499
8500 static const ber_sequence_t KrbFastArmoredRep_sequence[] = {
8501 { &hf_kerberos_enc_fast_rep, BER_CLASS_CON, 0, 0, dissect_kerberos_EncryptedKrbFastResponse },
8502 { NULL, 0, 0, 0, NULL }
8503 };
8504
8505 static int
8506 dissect_kerberos_KrbFastArmoredRep(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8507 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8508 KrbFastArmoredRep_sequence, hf_index, ett_kerberos_KrbFastArmoredRep);
8509
8510 return offset;
8511 }
8512
8513
8514 static const ber_choice_t PA_FX_FAST_REPLY_choice[] = {
8515 { 0, &hf_kerberos_armored_data_reply, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredRep },
8516 { 0, NULL, 0, 0, 0, NULL }
8517 };
8518
8519 static int
8520 dissect_kerberos_PA_FX_FAST_REPLY(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8521 offset = dissect_ber_choice(actx, tree, tvb, offset,
8522 PA_FX_FAST_REPLY_choice, hf_index, ett_kerberos_PA_FX_FAST_REPLY,
8523 NULL);
8524
8525 return offset;
8526 }
8527
8528
8529
8530 static int
8531 dissect_kerberos_T_encryptedChallenge_cipher(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8532 #ifdef HAVE_KERBEROS
8533 offset=dissect_ber_octet_string_wcb(false, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
8534 #else
8535 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
8536 NULL);
8537
8538 #endif
8539
8540
8541 return offset;
8542 }
8543
8544
8545 static const ber_sequence_t EncryptedChallenge_sequence[] = {
8546 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
8547 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
8548 { &hf_kerberos_encryptedChallenge_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedChallenge_cipher },
8549 { NULL, 0, 0, 0, NULL }
8550 };
8551
8552 static int
8553 dissect_kerberos_EncryptedChallenge(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8554 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8555 EncryptedChallenge_sequence, hf_index, ett_kerberos_EncryptedChallenge);
8556
8557 return offset;
8558 }
8559
8560
8561 static const ber_sequence_t EncryptedSpakeData_sequence[] = {
8562 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
8563 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
8564 { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING },
8565 { NULL, 0, 0, 0, NULL }
8566 };
8567
8568 static int
8569 dissect_kerberos_EncryptedSpakeData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8570 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8571 EncryptedSpakeData_sequence, hf_index, ett_kerberos_EncryptedSpakeData);
8572
8573 return offset;
8574 }
8575
8576
8577 static const ber_sequence_t EncryptedSpakeResponseData_sequence[] = {
8578 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
8579 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
8580 { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING },
8581 { NULL, 0, 0, 0, NULL }
8582 };
8583
8584 static int
8585 dissect_kerberos_EncryptedSpakeResponseData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8586 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8587 EncryptedSpakeResponseData_sequence, hf_index, ett_kerberos_EncryptedSpakeResponseData);
8588
8589 return offset;
8590 }
8591
8592
8593 static const value_string kerberos_SPAKEGroup_vals[] = {
8594 { 1, "sPAKEGroup-edwards25519" },
8595 { 2, "sPAKEGroup-P-256" },
8596 { 3, "sPAKEGroup-P-384" },
8597 { 4, "sPAKEGroup-P-521" },
8598 { 0, NULL }
8599 };
8600
8601
8602 static int
8603 dissect_kerberos_SPAKEGroup(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8604 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
8605 NULL);
8606
8607 return offset;
8608 }
8609
8610
8611 static const value_string kerberos_SPAKESecondFactorType_vals[] = {
8612 { 1, "sPAKESecondFactor-SF-NONE" },
8613 { 0, NULL }
8614 };
8615
8616
8617 static int
8618 dissect_kerberos_SPAKESecondFactorType(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8619 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
8620 NULL);
8621
8622 return offset;
8623 }
8624
8625
8626 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of[1] = {
8627 { &hf_kerberos_groups_item_01, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKEGroup },
8628 };
8629
8630 static int
8631 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8632 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
8633 SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup);
8634
8635 return offset;
8636 }
8637
8638
8639 static const ber_sequence_t SPAKESupport_sequence[] = {
8640 { &hf_kerberos_groups_01 , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup },
8641 { NULL, 0, 0, 0, NULL }
8642 };
8643
8644 static int
8645 dissect_kerberos_SPAKESupport(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8646 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8647 SPAKESupport_sequence, hf_index, ett_kerberos_SPAKESupport);
8648
8649 return offset;
8650 }
8651
8652
8653 static const ber_sequence_t SPAKESecondFactor_sequence[] = {
8654 { &hf_kerberos_type , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESecondFactorType },
8655 { &hf_kerberos_data , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
8656 { NULL, 0, 0, 0, NULL }
8657 };
8658
8659 static int
8660 dissect_kerberos_SPAKESecondFactor(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8661 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8662 SPAKESecondFactor_sequence, hf_index, ett_kerberos_SPAKESecondFactor);
8663
8664 return offset;
8665 }
8666
8667
8668 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of[1] = {
8669 { &hf_kerberos_factors_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKESecondFactor },
8670 };
8671
8672 static int
8673 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8674 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
8675 SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor);
8676
8677 return offset;
8678 }
8679
8680
8681 static const ber_sequence_t SPAKEChallenge_sequence[] = {
8682 { &hf_kerberos_spake_group, BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKEGroup },
8683 { &hf_kerberos_pubkey , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
8684 { &hf_kerberos_factors , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor },
8685 { NULL, 0, 0, 0, NULL }
8686 };
8687
8688 static int
8689 dissect_kerberos_SPAKEChallenge(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8690 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8691 SPAKEChallenge_sequence, hf_index, ett_kerberos_SPAKEChallenge);
8692
8693 return offset;
8694 }
8695
8696
8697 static const ber_sequence_t SPAKEResponse_sequence[] = {
8698 { &hf_kerberos_pubkey , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING },
8699 { &hf_kerberos_factor , BER_CLASS_CON, 1, 0, dissect_kerberos_EncryptedSpakeResponseData },
8700 { NULL, 0, 0, 0, NULL }
8701 };
8702
8703 static int
8704 dissect_kerberos_SPAKEResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8705 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8706 SPAKEResponse_sequence, hf_index, ett_kerberos_SPAKEResponse);
8707
8708 return offset;
8709 }
8710
8711
8712 static const value_string kerberos_PA_SPAKE_vals[] = {
8713 { 0, "support" },
8714 { 1, "challenge" },
8715 { 2, "response" },
8716 { 3, "encdata" },
8717 { 0, NULL }
8718 };
8719
8720 static const ber_choice_t PA_SPAKE_choice[] = {
8721 { 0, &hf_kerberos_support , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESupport },
8722 { 1, &hf_kerberos_challenge , BER_CLASS_CON, 1, 0, dissect_kerberos_SPAKEChallenge },
8723 { 2, &hf_kerberos_response , BER_CLASS_CON, 2, 0, dissect_kerberos_SPAKEResponse },
8724 { 3, &hf_kerberos_encdata , BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedSpakeData },
8725 { 0, NULL, 0, 0, 0, NULL }
8726 };
8727
8728 static int
8729 dissect_kerberos_PA_SPAKE(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8730 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
8731 offset = dissect_ber_choice(actx, tree, tvb, offset,
8732 PA_SPAKE_choice, hf_index, ett_kerberos_PA_SPAKE,
8733 &(private_data->padata_type));
8734
8735
8736 if(tree){
8737 proto_item_append_text(tree, " %s",
8738 val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals,
8739 "Unknown:%d"));
8740 }
8741 return offset;
8742 }
8743
8744
8745 #ifdef HAVE_KERBEROS
8746 static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
8747 { &hf_krb_patimestamp, BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
8748 { &hf_krb_pausec , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
8749 { NULL, 0, 0, 0, NULL }
8750 };
8751
8752 static int
8753 dissect_kerberos_PA_ENC_TS_ENC(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8754 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8755 PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc);
8756 return offset;
8757 }
8758
8759 static int
8760 dissect_kerberos_T_strengthen_key(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8761 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
8762 int save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
8763 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
8764 private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse;
8765 #ifdef HAVE_KERBEROS
8766 private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key;
8767 #endif
8768 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
8769
8770 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
8771 private_data->save_encryption_key_fn = saved_encryption_key_fn;
8772 return offset;
8773 }
8774
8775 static const ber_sequence_t KrbFastFinished_sequence[] = {
8776 { &hf_kerberos_timestamp , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
8777 { &hf_kerberos_usec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
8778 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
8779 { &hf_kerberos_cname_01 , BER_CLASS_CON, 3, 0, dissect_kerberos_PrincipalName },
8780 { &hf_kerberos_ticket_checksum, BER_CLASS_CON, 4, 0, dissect_kerberos_Checksum },
8781 { NULL, 0, 0, 0, NULL }
8782 };
8783
8784 static int
8785 dissect_kerberos_KrbFastFinished(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8786 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8787 KrbFastFinished_sequence, hf_index, ett_kerberos_KrbFastFinished);
8788
8789 return offset;
8790 }
8791
8792 static const ber_sequence_t KrbFastResponse_sequence[] = {
8793 { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 0, 0, dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA },
8794 { &hf_kerberos_strengthen_key, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_T_strengthen_key },
8795 { &hf_kerberos_finished , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastFinished },
8796 { &hf_kerberos_nonce , BER_CLASS_CON, 3, 0, dissect_kerberos_UInt32 },
8797 { NULL, 0, 0, 0, NULL }
8798 };
8799
8800 static int
8801 dissect_kerberos_KrbFastResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8802 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8803 KrbFastResponse_sequence, hf_index, ett_kerberos_KrbFastResponse);
8804
8805 return offset;
8806 }
8807
8808 static const ber_sequence_t KrbFastReq_sequence[] = {
8809 { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions },
8810 { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA, BER_CLASS_CON, 1, 0, dissect_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA },
8811 { &hf_kerberos_req_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY },
8812 { NULL, 0, 0, 0, NULL }
8813 };
8814
8815 static int
8816 dissect_kerberos_KrbFastReq(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8817 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
8818 struct _kerberos_PA_FX_FAST_REQUEST saved_stack = private_data->PA_FX_FAST_REQUEST;
8819 private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = false, };
8820 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
8821 KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq);
8822 private_data->PA_FX_FAST_REQUEST = saved_stack;
8823
8824 return offset;
8825 }
8826
8827 static int * const FastOptions_bits[] = {
8828 &hf_kerberos_FastOptions_reserved,
8829 &hf_kerberos_FastOptions_hide_client_names,
8830 &hf_kerberos_FastOptions_spare_bit2,
8831 &hf_kerberos_FastOptions_spare_bit3,
8832 &hf_kerberos_FastOptions_spare_bit4,
8833 &hf_kerberos_FastOptions_spare_bit5,
8834 &hf_kerberos_FastOptions_spare_bit6,
8835 &hf_kerberos_FastOptions_spare_bit7,
8836 &hf_kerberos_FastOptions_spare_bit8,
8837 &hf_kerberos_FastOptions_spare_bit9,
8838 &hf_kerberos_FastOptions_spare_bit10,
8839 &hf_kerberos_FastOptions_spare_bit11,
8840 &hf_kerberos_FastOptions_spare_bit12,
8841 &hf_kerberos_FastOptions_spare_bit13,
8842 &hf_kerberos_FastOptions_spare_bit14,
8843 &hf_kerberos_FastOptions_spare_bit15,
8844 &hf_kerberos_FastOptions_kdc_follow_referrals,
8845 NULL
8846 };
8847
8848 static int
8849 dissect_kerberos_FastOptions(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
8850 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
8851 FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions,
8852 NULL);
8853
8854 return offset;
8855 }
8856
8857 #endif /* HAVE_KERBEROS */
8858
8859 /* Make wrappers around exported functions for now */
8860 int
8861 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
8862 {
8863 return dissect_kerberos_Checksum(false, tvb, offset, actx, tree, hf_kerberos_cksum);
8864
8865 }
8866
8867 int
8868 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
8869 {
8870 return dissect_kerberos_KerberosTime(false, tvb, offset, actx, tree, hf_kerberos_ctime);
8871 }
8872
8873
8874 int
8875 dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
8876 {
8877 return dissect_kerberos_PrincipalName(false, tvb, offset, actx, tree, hf_kerberos_cname);
8878 }
8879 int
8880 dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
8881 {
8882 return dissect_kerberos_Realm(false, tvb, offset, actx, tree, hf_kerberos_realm);
8883 }
8884
8885 struct kerberos_display_key_state {
8886 proto_tree *tree;
8887 packet_info *pinfo;
8888 expert_field *expindex;
8889 const char *name;
8890 tvbuff_t *tvb;
8891 int start;
8892 int length;
8893 };
8894
8895 static void
8896 #ifdef HAVE_KERBEROS
8897 kerberos_display_key(void *data, void *userdata)
8898 #else
8899 kerberos_display_key(void *data _U_, void *userdata _U_)
8900 #endif
8901 {
8902 #ifdef HAVE_KERBEROS
8903 struct kerberos_display_key_state *state =
8904 (struct kerberos_display_key_state *)userdata;
8905 const enc_key_t *ek = (const enc_key_t *)data;
8906 proto_item *item = NULL;
8907 enc_key_t *sek = NULL;
8908
8909 item = proto_tree_add_expert_format(state->tree,
8910 state->pinfo,
8911 state->expindex,
8912 state->tvb,
8913 state->start,
8914 state->length,
8915 "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
8916 state->name,
8917 ek->key_origin, ek->keytype,
8918 ek->id_str, ek->num_same,
8919 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
8920 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
8921 if (ek->src1 != NULL) {
8922 sek = ek->src1;
8923 expert_add_info_format(state->pinfo,
8924 item,
8925 state->expindex,
8926 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
8927 sek->key_origin, sek->keytype,
8928 sek->id_str, sek->num_same,
8929 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
8930 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
8931 }
8932 if (ek->src2 != NULL) {
8933 sek = ek->src2;
8934 expert_add_info_format(state->pinfo,
8935 item,
8936 state->expindex,
8937 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
8938 sek->key_origin, sek->keytype,
8939 sek->id_str, sek->num_same,
8940 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
8941 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
8942 }
8943 sek = ek->same_list;
8944 while (sek != NULL) {
8945 expert_add_info_format(state->pinfo,
8946 item,
8947 state->expindex,
8948 "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
8949 state->name,
8950 sek->key_origin, sek->keytype,
8951 sek->id_str, sek->num_same,
8952 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
8953 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
8954 sek = sek->same_list;
8955 }
8956 #endif /* HAVE_KERBEROS */
8957 }
8958
8959 static const value_string KERB_LOGON_SUBMIT_TYPE[] = {
8960 { 2, "KerbInteractiveLogon" },
8961 { 6, "KerbSmartCardLogon" },
8962 { 7, "KerbWorkstationUnlockLogon" },
8963 { 8, "KerbSmartCardUnlockLogon" },
8964 { 9, "KerbProxyLogon" },
8965 { 10, "KerbTicketLogon" },
8966 { 11, "KerbTicketUnlockLogon" },
8967 { 12, "KerbS4ULogon" },
8968 { 13, "KerbCertificateLogon" },
8969 { 14, "KerbCertificateS4ULogon" },
8970 { 15, "KerbCertificateUnlockLogon" },
8971 { 0, NULL }
8972 };
8973
8974
8975 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1
8976 #define KERB_LOGON_FLAG_REDIRECTED 0x2
8977
8978 static int* const ktl_flags_bits[] = {
8979 &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET,
8980 &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED,
8981 NULL
8982 };
8983
8984 int
8985 dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree)
8986 {
8987 proto_item *item;
8988 proto_tree *subtree;
8989 uint32_t ServiceTicketLength;
8990 uint32_t TicketGrantingTicketLength;
8991 int orig_offset;
8992
8993 if (tvb_captured_length(tvb) < 32)
8994 return offset;
8995
8996 item = proto_tree_add_item(tree, hf_kerberos_KERB_TICKET_LOGON, tvb, offset, -1, ENC_NA);
8997 subtree = proto_item_add_subtree(item, ett_kerberos_KERB_TICKET_LOGON);
8998
8999 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_MessageType, tvb, offset, 4,
9000 ENC_LITTLE_ENDIAN);
9001 offset+=4;
9002
9003 proto_tree_add_bitmask(subtree, tvb, offset, hf_kerberos_KERB_TICKET_LOGON_Flags,
9004 ett_kerberos, ktl_flags_bits, ENC_LITTLE_ENDIAN);
9005 offset+=4;
9006
9007 ServiceTicketLength = tvb_get_letohl(tvb, offset);
9008 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength, tvb,
9009 offset, 4, ENC_LITTLE_ENDIAN);
9010 offset+=4;
9011
9012 TicketGrantingTicketLength = tvb_get_letohl(tvb, offset);
9013 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength,
9014 tvb, offset, 4, ENC_LITTLE_ENDIAN);
9015 offset+=4;
9016
9017 /* Skip two PUCHAR of ServiceTicket and TicketGrantingTicket */
9018 offset+=16;
9019
9020 if (ServiceTicketLength == 0)
9021 return offset;
9022
9023 orig_offset = offset;
9024 offset = dissect_kerberos_Ticket(false, tvb, offset, actx, subtree,
9025 hf_kerberos_KERB_TICKET_LOGON_ServiceTicket);
9026
9027 if ((unsigned)(offset-orig_offset) != ServiceTicketLength)
9028 return offset;
9029
9030 if (TicketGrantingTicketLength == 0)
9031 return offset;
9032
9033 offset = dissect_kerberos_KRB_CRED(false, tvb, offset, actx, subtree,
9034 hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket);
9035
9036 if ((unsigned)(offset-orig_offset) != ServiceTicketLength + TicketGrantingTicketLength)
9037 return offset;
9038
9039 return offset;
9040 }
9041
9042 static int
9043 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
9044 bool dci, bool do_col_protocol, bool have_rm,
9045 kerberos_callbacks *cb)
9046 {
9047 volatile int offset = 0;
9048 proto_tree *volatile kerberos_tree = NULL;
9049 proto_item *volatile item = NULL;
9050 kerberos_private_data_t *private_data = NULL;
9051 asn1_ctx_t asn1_ctx;
9052
9053 /* TCP record mark and length */
9054 uint32_t krb_rm = 0;
9055 int krb_reclen = 0;
9056
9057 gbl_do_col_info=dci;
9058
9059 if (have_rm) {
9060 krb_rm = tvb_get_ntohl(tvb, offset);
9061 krb_reclen = kerberos_rm_to_reclen(krb_rm);
9062 /*
9063 * What is a reasonable size limit?
9064 */
9065 if (krb_reclen > 10 * 1024 * 1024) {
9066 return (-1);
9067 }
9068
9069 if (do_col_protocol) {
9070 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
9071 }
9072
9073 if (tree) {
9074 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
9075 kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
9076 }
9077
9078 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
9079 offset += 4;
9080 } else {
9081 /* Do some sanity checking here,
9082 * All krb5 packets start with a TAG class that is BER_CLASS_APP
9083 * and a tag value that is either of the values below:
9084 * If it doesn't look like kerberos, return 0 and let someone else have
9085 * a go at it.
9086 */
9087 int8_t tmp_class;
9088 bool tmp_pc;
9089 int32_t tmp_tag;
9090
9091 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
9092 if(tmp_class!=BER_CLASS_APP){
9093 return 0;
9094 }
9095 switch(tmp_tag){
9096 case KRB5_MSG_TICKET:
9097 case KRB5_MSG_AUTHENTICATOR:
9098 case KRB5_MSG_ENC_TICKET_PART:
9099 case KRB5_MSG_AS_REQ:
9100 case KRB5_MSG_AS_REP:
9101 case KRB5_MSG_TGS_REQ:
9102 case KRB5_MSG_TGS_REP:
9103 case KRB5_MSG_AP_REQ:
9104 case KRB5_MSG_AP_REP:
9105 case KRB5_MSG_ENC_AS_REP_PART:
9106 case KRB5_MSG_ENC_TGS_REP_PART:
9107 case KRB5_MSG_ENC_AP_REP_PART:
9108 case KRB5_MSG_ENC_KRB_PRIV_PART:
9109 case KRB5_MSG_ENC_KRB_CRED_PART:
9110 case KRB5_MSG_SAFE:
9111 case KRB5_MSG_PRIV:
9112 case KRB5_MSG_ERROR:
9113 break;
9114 default:
9115 return 0;
9116 }
9117 if (do_col_protocol) {
9118 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
9119 }
9120 if (gbl_do_col_info) {
9121 col_clear(pinfo->cinfo, COL_INFO);
9122 }
9123 if (tree) {
9124 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
9125 kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
9126 }
9127 }
9128 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
9129 asn1_ctx.private_data = NULL;
9130 private_data = kerberos_get_private_data(&asn1_ctx);
9131 private_data->callbacks = cb;
9132
9133 TRY {
9134 offset=dissect_kerberos_Applications(false, tvb, offset, &asn1_ctx , kerberos_tree, /* hf_index */ -1);
9135 } CATCH_BOUNDS_ERRORS {
9136 RETHROW;
9137 } ENDTRY;
9138
9139 if (private_data->frame_rep != UINT32_MAX) {
9140 proto_item *tmp_item;
9141
9142 tmp_item = proto_tree_add_uint(kerberos_tree, hf_krb_response_in, tvb, 0, 0, private_data->frame_rep);
9143 proto_item_set_generated(tmp_item);
9144 }
9145
9146 if (private_data->frame_req != UINT32_MAX) {
9147 proto_item *tmp_item;
9148 nstime_t t, deltat;
9149
9150 tmp_item = proto_tree_add_uint(kerberos_tree, hf_krb_response_to, tvb, 0, 0, private_data->frame_req);
9151 proto_item_set_generated(tmp_item);
9152
9153 t = pinfo->abs_ts;
9154 nstime_delta(&deltat, &t, &private_data->req_time);
9155 tmp_item = proto_tree_add_time(kerberos_tree, hf_krb_time, tvb, 0, 0, &deltat);
9156 proto_item_set_generated(tmp_item);
9157 }
9158
9159 if (kerberos_tree != NULL) {
9160 struct kerberos_display_key_state display_state = {
9161 .tree = kerberos_tree,
9162 .pinfo = pinfo,
9163 .expindex = &ei_kerberos_learnt_keytype,
9164 .name = "Provides",
9165 .tvb = tvb,
9166 };
9167
9168 wmem_list_foreach(private_data->learnt_keys,
9169 kerberos_display_key,
9170 &display_state);
9171 }
9172
9173 if (kerberos_tree != NULL) {
9174 struct kerberos_display_key_state display_state = {
9175 .tree = kerberos_tree,
9176 .pinfo = pinfo,
9177 .expindex = &ei_kerberos_missing_keytype,
9178 .name = "Missing",
9179 .tvb = tvb,
9180 };
9181
9182 wmem_list_foreach(private_data->missing_keys,
9183 kerberos_display_key,
9184 &display_state);
9185 }
9186
9187 if (kerberos_tree != NULL) {
9188 struct kerberos_display_key_state display_state = {
9189 .tree = kerberos_tree,
9190 .pinfo = pinfo,
9191 .expindex = &ei_kerberos_decrypted_keytype,
9192 .name = "Used",
9193 .tvb = tvb,
9194 };
9195
9196 wmem_list_foreach(private_data->decryption_keys,
9197 kerberos_display_key,
9198 &display_state);
9199 }
9200
9201 proto_item_set_len(item, offset);
9202 return offset;
9203 }
9204
9205 /*
9206 * Display the TCP record mark.
9207 */
9208 void
9209 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, int start, uint32_t krb_rm)
9210 {
9211 int rec_len;
9212 proto_tree *rm_tree;
9213
9214 if (tree == NULL)
9215 return;
9216
9217 rec_len = kerberos_rm_to_reclen(krb_rm);
9218 rm_tree = proto_tree_add_subtree_format(tree, tvb, start, 4, ett_krb_recordmark, NULL,
9219 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
9220 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
9221 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
9222 }
9223
9224 int
9225 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool do_col_info, kerberos_callbacks *cb)
9226 {
9227 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, false, false, cb));
9228 }
9229
9230 uint32_t
9231 kerberos_output_keytype(void)
9232 {
9233 return gbl_keytype;
9234 }
9235
9236 static int
9237 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
9238 {
9239 /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
9240 Since all (except weirdo transarc krb4 stuff) use
9241 an opcode <=16 in the first byte, use this to see if it might
9242 be krb4.
9243 All krb5 commands start with an APPL tag and thus is >=0x60
9244 so if first byte is <=16 just blindly assume it is krb4 then
9245 */
9246 if(tvb_captured_length(tvb) >= 1 && tvb_get_uint8(tvb, 0)<=0x10){
9247 if(krb4_handle){
9248 bool res;
9249
9250 res=call_dissector_only(krb4_handle, tvb, pinfo, tree, NULL);
9251 return res;
9252 }else{
9253 return 0;
9254 }
9255 }
9256
9257
9258 return dissect_kerberos_common(tvb, pinfo, tree, true, true, false, NULL);
9259 }
9260
9261 int
9262 kerberos_rm_to_reclen(unsigned krb_rm)
9263 {
9264 return (krb_rm & KRB_RM_RECLEN);
9265 }
9266
9267 unsigned
9268 get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
9269 {
9270 unsigned krb_rm;
9271 int pdulen;
9272
9273 krb_rm = tvb_get_ntohl(tvb, offset);
9274 pdulen = kerberos_rm_to_reclen(krb_rm);
9275 return (pdulen + 4);
9276 }
9277 static void
9278 kerberos_prefs_apply_cb(void) {
9279 #ifdef HAVE_LIBNETTLE
9280 clear_keytab();
9281 read_keytab_file(keytab_filename);
9282 #endif
9283 }
9284
9285 static int
9286 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
9287 {
9288 pinfo->fragmented = true;
9289 if (dissect_kerberos_common(tvb, pinfo, tree, true, true, true, NULL) < 0) {
9290 /*
9291 * The dissector failed to recognize this as a valid
9292 * Kerberos message. Mark it as a continuation packet.
9293 */
9294 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
9295 }
9296
9297 return tvb_captured_length(tvb);
9298 }
9299
9300 static int
9301 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
9302 {
9303 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
9304 col_clear(pinfo->cinfo, COL_INFO);
9305
9306 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
9307 dissect_kerberos_tcp_pdu, data);
9308 return tvb_captured_length(tvb);
9309 }
9310
9311 /*--- proto_register_kerberos -------------------------------------------*/
9312 void proto_register_kerberos(void) {
9313
9314 /* List of fields */
9315
9316 static hf_register_info hf[] = {
9317 { &hf_krb_response_to,
9318 { "Response to", "kerberos.response_to", FT_FRAMENUM, BASE_NONE,
9319 FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0, "This packet is a response to the packet in this frame", HFILL }},
9320 { &hf_krb_response_in,
9321 { "Response in", "kerberos.response_in", FT_FRAMENUM, BASE_NONE,
9322 FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0, "The response to this packet is in this packet", HFILL }},
9323 { &hf_krb_time,
9324 { "Time from request", "kerberos.time", FT_RELATIVE_TIME, BASE_NONE,
9325 NULL, 0, "Time between Request and Response for Kerberos KDC requests", HFILL }},
9326 { &hf_krb_rm_reserved, {
9327 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
9328 TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
9329 { &hf_krb_rm_reclen, {
9330 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
9331 NULL, KRB_RM_RECLEN, NULL, HFILL }},
9332 { &hf_krb_provsrv_location, {
9333 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
9334 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
9335 { &hf_krb_pw_salt,
9336 { "pw-salt", "kerberos.pw_salt", FT_BYTES, BASE_NONE,
9337 NULL, 0, NULL, HFILL }},
9338 { &hf_krb_ext_error_nt_status, /* we keep kerberos.smb.nt_status for compat reasons */
9339 { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX|BASE_EXT_STRING,
9340 &NT_errors_ext, 0, "NT Status code", HFILL }},
9341 { &hf_krb_ext_error_reserved,
9342 { "Reserved", "kerberos.ext_error.reserved", FT_UINT32, BASE_HEX,
9343 NULL, 0, NULL, HFILL }},
9344 { &hf_krb_ext_error_flags,
9345 { "Flags", "kerberos.ext_error.flags", FT_UINT32, BASE_HEX,
9346 NULL, 0, NULL, HFILL }},
9347 { &hf_krb_address_ip, {
9348 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
9349 NULL, 0, NULL, HFILL }},
9350 { &hf_krb_address_ipv6, {
9351 "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
9352 NULL, 0, NULL, HFILL }},
9353 { &hf_krb_address_netbios, {
9354 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
9355 NULL, 0, "NetBIOS Address and type", HFILL }},
9356 { &hf_krb_gssapi_len, {
9357 "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
9358 NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
9359 { &hf_krb_gssapi_bnd, {
9360 "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE,
9361 NULL, 0, "GSSAPI Bnd field", HFILL }},
9362 { &hf_krb_gssapi_c_flag_deleg, {
9363 "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
9364 TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }},
9365 { &hf_krb_gssapi_c_flag_mutual, {
9366 "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
9367 TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }},
9368 { &hf_krb_gssapi_c_flag_replay, {
9369 "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
9370 TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }},
9371 { &hf_krb_gssapi_c_flag_sequence, {
9372 "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
9373 TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }},
9374 { &hf_krb_gssapi_c_flag_conf, {
9375 "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
9376 TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }},
9377 { &hf_krb_gssapi_c_flag_integ, {
9378 "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
9379 TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }},
9380 { &hf_krb_gssapi_c_flag_dce_style, {
9381 "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
9382 TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }},
9383 { &hf_krb_gssapi_dlgopt, {
9384 "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
9385 NULL, 0, "GSSAPI DlgOpt", HFILL }},
9386 { &hf_krb_gssapi_dlglen, {
9387 "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
9388 NULL, 0, "GSSAPI DlgLen", HFILL }},
9389 { &hf_krb_midl_blob_len, {
9390 "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC,
9391 NULL, 0, "Length of NDR encoded data that follows", HFILL }},
9392 { &hf_krb_midl_fill_bytes, {
9393 "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX,
9394 NULL, 0, "Just some fill bytes", HFILL }},
9395 { &hf_krb_midl_version, {
9396 "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC,
9397 NULL, 0, "Version of pickling", HFILL }},
9398 { &hf_krb_midl_hdr_len, {
9399 "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC,
9400 NULL, 0, "Length of header", HFILL }},
9401 { &hf_krb_pac_signature_type, {
9402 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
9403 NULL, 0, "PAC Signature Type", HFILL }},
9404 { &hf_krb_pac_signature_signature, {
9405 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
9406 NULL, 0, "A PAC signature blob", HFILL }},
9407 { &hf_krb_w2k_pac_entries, {
9408 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
9409 NULL, 0, "Number of W2k PAC entries", HFILL }},
9410 { &hf_krb_w2k_pac_version, {
9411 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
9412 NULL, 0, "Version of PAC structures", HFILL }},
9413 { &hf_krb_w2k_pac_type, {
9414 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
9415 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
9416 { &hf_krb_w2k_pac_size, {
9417 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
9418 NULL, 0, "Size of W2k PAC entry", HFILL }},
9419 { &hf_krb_w2k_pac_offset, {
9420 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
9421 NULL, 0, "Offset to W2k PAC entry", HFILL }},
9422 { &hf_krb_pac_clientid, {
9423 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
9424 NULL, 0, "ClientID Timestamp", HFILL }},
9425 { &hf_krb_pac_namelen, {
9426 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
9427 NULL, 0, "Length of client name", HFILL }},
9428 { &hf_krb_pac_clientname, {
9429 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
9430 NULL, 0, "Name of the Client in the PAC structure", HFILL }},
9431 { &hf_krb_pac_logon_info, {
9432 "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE,
9433 NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
9434 { &hf_krb_pac_credential_data, {
9435 "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE,
9436 NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }},
9437 { &hf_krb_pac_credential_info, {
9438 "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE,
9439 NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }},
9440 { &hf_krb_pac_credential_info_version, {
9441 "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC,
9442 NULL, 0, NULL, HFILL }},
9443 { &hf_krb_pac_credential_info_etype, {
9444 "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC,
9445 NULL, 0, NULL, HFILL }},
9446 { &hf_krb_pac_server_checksum, {
9447 "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE,
9448 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
9449 { &hf_krb_pac_privsvr_checksum, {
9450 "PAC_PRIVSVR_CHECKSUM", "kerberos.pac_privsvr_checksum", FT_BYTES, BASE_NONE,
9451 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
9452 { &hf_krb_pac_client_info_type, {
9453 "PAC_CLIENT_INFO_TYPE", "kerberos.pac_client_info_type", FT_BYTES, BASE_NONE,
9454 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
9455 { &hf_krb_pac_s4u_delegation_info, {
9456 "PAC_S4U_DELEGATION_INFO", "kerberos.pac_s4u_delegation_info", FT_BYTES, BASE_NONE,
9457 NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }},
9458 { &hf_krb_pac_upn_dns_info, {
9459 "UPN_DNS_INFO", "kerberos.pac_upn_dns_info", FT_BYTES, BASE_NONE,
9460 NULL, 0, "UPN_DNS_INFO structure", HFILL }},
9461 { &hf_krb_pac_upn_flags, {
9462 "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX,
9463 NULL, 0, "UPN flags", HFILL }},
9464 { &hf_krb_pac_upn_flag_upn_constructed, {
9465 "UPN Name Constructed",
9466 "kerberos.pac.upn.flags.upn_constructed",
9467 FT_BOOLEAN, 32,
9468 TFS(&tfs_krb_pac_upn_flag_upn_constructed),
9469 PAC_UPN_DNS_FLAG_CONSTRUCTED,
9470 "Is the UPN Name constructed?", HFILL }},
9471 { &hf_krb_pac_upn_flag_has_sam_name_and_sid, {
9472 "SAM_NAME and SID Included",
9473 "kerberos.pac.upn.flags.has_sam_name_and_sid",
9474 FT_BOOLEAN, 32,
9475 TFS(&tfs_krb_pac_upn_flag_has_sam_name_and_sid),
9476 PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID,
9477 "Are SAM_NAME and SID included?", HFILL }},
9478 { &hf_krb_pac_upn_upn_offset, {
9479 "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC,
9480 NULL, 0, NULL, HFILL }},
9481 { &hf_krb_pac_upn_upn_len, {
9482 "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC,
9483 NULL, 0, NULL, HFILL }},
9484 { &hf_krb_pac_upn_upn_name, {
9485 "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE,
9486 NULL, 0, NULL, HFILL }},
9487 { &hf_krb_pac_upn_dns_offset, {
9488 "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC,
9489 NULL, 0, NULL, HFILL }},
9490 { &hf_krb_pac_upn_dns_len, {
9491 "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC,
9492 NULL, 0, NULL, HFILL }},
9493 { &hf_krb_pac_upn_dns_name, {
9494 "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
9495 NULL, 0, NULL, HFILL }},
9496 { &hf_krb_pac_upn_samaccountname_offset, {
9497 "sAMAccountName Offset", "kerberos.pac.upn.samaccountname_offset", FT_UINT16, BASE_DEC,
9498 NULL, 0, NULL, HFILL }},
9499 { &hf_krb_pac_upn_samaccountname_len, {
9500 "sAMAccountName Len", "kerberos.pac.upn.samaccountname_len", FT_UINT16, BASE_DEC,
9501 NULL, 0, NULL, HFILL }},
9502 { &hf_krb_pac_upn_samaccountname, {
9503 "sAMAccountName", "kerberos.pac.upn.samaccountname", FT_STRING, BASE_NONE,
9504 NULL, 0, NULL, HFILL }},
9505 { &hf_krb_pac_upn_objectsid_offset, {
9506 "objectSid Offset", "kerberos.pac.upn.objectsid_offset", FT_UINT16, BASE_DEC,
9507 NULL, 0, NULL, HFILL }},
9508 { &hf_krb_pac_upn_objectsid_len, {
9509 "objectSid Len", "kerberos.pac.upn.objectsid_len", FT_UINT16, BASE_DEC,
9510 NULL, 0, NULL, HFILL }},
9511 { &hf_krb_pac_client_claims_info, {
9512 "PAC_CLIENT_CLAIMS_INFO", "kerberos.pac_client_claims_info", FT_BYTES, BASE_NONE,
9513 NULL, 0, "PAC_CLIENT_CLAIMS_INFO structure", HFILL }},
9514 { &hf_krb_pac_device_info, {
9515 "PAC_DEVICE_INFO", "kerberos.pac_device_info", FT_BYTES, BASE_NONE,
9516 NULL, 0, "PAC_DEVICE_INFO structure", HFILL }},
9517 { &hf_krb_pac_device_claims_info, {
9518 "PAC_DEVICE_CLAIMS_INFO", "kerberos.pac_device_claims_info", FT_BYTES, BASE_NONE,
9519 NULL, 0, "PAC_DEVICE_CLAIMS_INFO structure", HFILL }},
9520 { &hf_krb_pac_ticket_checksum, {
9521 "PAC_TICKET_CHECKSUM", "kerberos.pac_ticket_checksum", FT_BYTES, BASE_NONE,
9522 NULL, 0, "PAC_TICKET_CHECKSUM structure", HFILL }},
9523 { &hf_krb_pac_attributes_info, {
9524 "PAC_ATTRIBUTES_INFO", "kerberos.pac_attributes_info", FT_BYTES, BASE_NONE,
9525 NULL, 0, "PAC_ATTRIBUTES_INFO structure", HFILL }},
9526 { &hf_krb_pac_attributes_info_length, {
9527 "Flags Valid Length", "kerberos.pac.attributes_info.length", FT_UINT32, BASE_DEC,
9528 NULL, 0, NULL, HFILL }},
9529 { &hf_krb_pac_attributes_info_flags, {
9530 "Flags", "kerberos.pac.attributes_info.flags",
9531 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
9532 { &hf_krb_pac_attributes_info_flags_pac_was_requested, {
9533 "PAC Requested",
9534 "kerberos.pac.attributes.flags.pac_was_requested",
9535 FT_BOOLEAN, 32,
9536 TFS(&tfs_krb_pac_attributes_info_pac_was_requested),
9537 PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED,
9538 "Was a PAC requested?", HFILL }},
9539 { &hf_krb_pac_attributes_info_flags_pac_was_given_implicitly, {
9540 "PAC given Implicitly",
9541 "kerberos.pac.attributes.flags.pac_was_given_implicitly",
9542 FT_BOOLEAN, 32,
9543 TFS(&tfs_krb_pac_attributes_info_pac_was_given_implicitly),
9544 PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
9545 "Was PAC given implicitly?", HFILL }},
9546 { &hf_krb_pac_requester_sid, {
9547 "PAC_REQUESTER_SID", "kerberos.pac_requester_sid", FT_BYTES, BASE_NONE,
9548 NULL, 0, "PAC_REQUESTER_SID structure", HFILL }},
9549 { &hf_krb_pac_full_checksum, {
9550 "PAC_FULL_CHECKSUM", "kerberos.pac_full_checksum", FT_BYTES, BASE_NONE,
9551 NULL, 0, "PAC_FULL_CHECKSUM structure", HFILL }},
9552 { &hf_krb_pa_supported_enctypes,
9553 { "SupportedEnctypes", "kerberos.supported_entypes",
9554 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
9555 { &hf_krb_pa_supported_enctypes_des_cbc_crc,
9556 { "des-cbc-crc", "kerberos.supported_entypes.des-cbc-crc",
9557 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000001, NULL, HFILL }},
9558 { &hf_krb_pa_supported_enctypes_des_cbc_md5,
9559 { "des-cbc-md5", "kerberos.supported_entypes.des-cbc-md5",
9560 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000002, NULL, HFILL }},
9561 { &hf_krb_pa_supported_enctypes_rc4_hmac,
9562 { "rc4-hmac", "kerberos.supported_entypes.rc4-hmac",
9563 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000004, NULL, HFILL }},
9564 { &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96,
9565 { "aes128-cts-hmac-sha1-96", "kerberos.supported_entypes.aes128-cts-hmac-sha1-96",
9566 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000008, NULL, HFILL }},
9567 { &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96,
9568 { "aes256-cts-hmac-sha1-96", "kerberos.supported_entypes.aes256-cts-hmac-sha1-96",
9569 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000010, NULL, HFILL }},
9570 { &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96_sk,
9571 { "aes256-cts-hmac-sha1-96-sk", "kerberos.supported_entypes.aes256-cts-hmac-sha1-96-sk",
9572 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000020, NULL, HFILL }},
9573 { &hf_krb_pa_supported_enctypes_fast_supported,
9574 { "fast-supported", "kerberos.supported_entypes.fast-supported",
9575 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00010000, NULL, HFILL }},
9576 { &hf_krb_pa_supported_enctypes_compound_identity_supported,
9577 { "compound-identity-supported", "kerberos.supported_entypes.compound-identity-supported",
9578 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00020000, NULL, HFILL }},
9579 { &hf_krb_pa_supported_enctypes_claims_supported,
9580 { "claims-supported", "kerberos.supported_entypes.claims-supported",
9581 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00040000, NULL, HFILL }},
9582 { &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled,
9583 { "resource-sid-compression-disabled", "kerberos.supported_entypes.resource-sid-compression-disabled",
9584 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00080000, NULL, HFILL }},
9585 { &hf_krb_ad_ap_options,
9586 { "AD-AP-Options", "kerberos.ad_ap_options",
9587 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
9588 { &hf_krb_ad_ap_options_cbt,
9589 { "ChannelBindings", "kerberos.ad_ap_options.cbt",
9590 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00004000, NULL, HFILL }},
9591 { &hf_krb_ad_ap_options_unverified_target_name,
9592 { "UnverifiedTargetName", "kerberos.ad_ap_options.unverified_target_name",
9593 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00008000, NULL, HFILL }},
9594 { &hf_krb_ad_target_principal,
9595 { "Target Principal", "kerberos.ad_target_principal",
9596 FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
9597 { &hf_krb_key_hidden_item,
9598 { "KeyHiddenItem", "krb5.key_hidden_item",
9599 FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
9600 { &hf_kerberos_KERB_TICKET_LOGON,
9601 { "KERB_TICKET_LOGON", "kerberos.KERB_TICKET_LOGON",
9602 FT_NONE, BASE_NONE, NULL, 0,
9603 NULL, HFILL }},
9604 { &hf_kerberos_KERB_TICKET_LOGON_MessageType,
9605 { "MessageType", "kerberos.KERB_TICKET_LOGON.MessageType",
9606 FT_UINT32, BASE_DEC, VALS(KERB_LOGON_SUBMIT_TYPE), 0,
9607 NULL, HFILL }},
9608 { &hf_kerberos_KERB_TICKET_LOGON_Flags,
9609 { "Flags", "kerberos.KERB_TICKET_LOGON.Flags",
9610 FT_UINT32, BASE_DEC, NULL, 0,
9611 NULL, HFILL }},
9612 { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength,
9613 { "ServiceTicketLength", "kerberos.KERB_TICKET_LOGON.ServiceTicketLength",
9614 FT_UINT32, BASE_DEC, NULL, 0,
9615 NULL, HFILL }},
9616 { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength,
9617 { "TicketGrantingTicketLength", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicketLength",
9618 FT_UINT32, BASE_DEC, NULL, 0,
9619 NULL, HFILL }},
9620 { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicket,
9621 { "ServiceTicket", "kerberos.KERB_TICKET_LOGON.ServiceTicket",
9622 FT_NONE, BASE_NONE, NULL, 0,
9623 NULL, HFILL }},
9624 { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket,
9625 { "TicketGrantingTicket", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicket",
9626 FT_NONE, BASE_NONE, NULL, 0,
9627 NULL, HFILL }},
9628 { &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET,
9629 { "allow_expired_ticket", "kerberos.KERB_TICKET_LOGON.FLAG_ALLOW_EXPIRED_TICKET",
9630 FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET,
9631 NULL, HFILL }},
9632 { &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED,
9633 { "redirected", "kerberos.KERB_TICKET_LOGON.FLAG_REDIRECTED",
9634 FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_REDIRECTED,
9635 NULL, HFILL }},
9636 #ifdef HAVE_KERBEROS
9637 { &hf_kerberos_KrbFastResponse,
9638 { "KrbFastResponse", "kerberos.KrbFastResponse_element",
9639 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
9640 { &hf_kerberos_strengthen_key,
9641 { "strengthen-key", "kerberos.strengthen_key_element",
9642 FT_NONE, BASE_NONE, NULL, 0,
9643 NULL, HFILL }},
9644 { &hf_kerberos_finished,
9645 { "finished", "kerberos.finished_element",
9646 FT_NONE, BASE_NONE, NULL, 0,
9647 "KrbFastFinished", HFILL }},
9648 { &hf_kerberos_fast_options,
9649 { "fast-options", "kerberos.fast_options",
9650 FT_BYTES, BASE_NONE, NULL, 0,
9651 "FastOptions", HFILL }},
9652 { &hf_kerberos_FastOptions_reserved,
9653 { "reserved", "kerberos.FastOptions.reserved",
9654 FT_BOOLEAN, 8, NULL, 0x80,
9655 NULL, HFILL }},
9656 { &hf_kerberos_FastOptions_hide_client_names,
9657 { "hide-client-names", "kerberos.FastOptions.hide.client.names",
9658 FT_BOOLEAN, 8, NULL, 0x40,
9659 NULL, HFILL }},
9660 { &hf_kerberos_FastOptions_spare_bit2,
9661 { "spare_bit2", "kerberos.FastOptions.spare.bit2",
9662 FT_BOOLEAN, 8, NULL, 0x20,
9663 NULL, HFILL }},
9664 { &hf_kerberos_FastOptions_spare_bit3,
9665 { "spare_bit3", "kerberos.FastOptions.spare.bit3",
9666 FT_BOOLEAN, 8, NULL, 0x10,
9667 NULL, HFILL }},
9668 { &hf_kerberos_FastOptions_spare_bit4,
9669 { "spare_bit4", "kerberos.FastOptions.spare.bit4",
9670 FT_BOOLEAN, 8, NULL, 0x08,
9671 NULL, HFILL }},
9672 { &hf_kerberos_FastOptions_spare_bit5,
9673 { "spare_bit5", "kerberos.FastOptions.spare.bit5",
9674 FT_BOOLEAN, 8, NULL, 0x04,
9675 NULL, HFILL }},
9676 { &hf_kerberos_FastOptions_spare_bit6,
9677 { "spare_bit6", "kerberos.FastOptions.spare.bit6",
9678 FT_BOOLEAN, 8, NULL, 0x02,
9679 NULL, HFILL }},
9680 { &hf_kerberos_FastOptions_spare_bit7,
9681 { "spare_bit7", "kerberos.FastOptions.spare.bit7",
9682 FT_BOOLEAN, 8, NULL, 0x01,
9683 NULL, HFILL }},
9684 { &hf_kerberos_FastOptions_spare_bit8,
9685 { "spare_bit8", "kerberos.FastOptions.spare.bit8",
9686 FT_BOOLEAN, 8, NULL, 0x80,
9687 NULL, HFILL }},
9688 { &hf_kerberos_FastOptions_spare_bit9,
9689 { "spare_bit9", "kerberos.FastOptions.spare.bit9",
9690 FT_BOOLEAN, 8, NULL, 0x40,
9691 NULL, HFILL }},
9692 { &hf_kerberos_FastOptions_spare_bit10,
9693 { "spare_bit10", "kerberos.FastOptions.spare.bit10",
9694 FT_BOOLEAN, 8, NULL, 0x20,
9695 NULL, HFILL }},
9696 { &hf_kerberos_FastOptions_spare_bit11,
9697 { "spare_bit11", "kerberos.FastOptions.spare.bit11",
9698 FT_BOOLEAN, 8, NULL, 0x10,
9699 NULL, HFILL }},
9700 { &hf_kerberos_FastOptions_spare_bit12,
9701 { "spare_bit12", "kerberos.FastOptions.spare.bit12",
9702 FT_BOOLEAN, 8, NULL, 0x08,
9703 NULL, HFILL }},
9704 { &hf_kerberos_FastOptions_spare_bit13,
9705 { "spare_bit13", "kerberos.FastOptions.spare.bit13",
9706 FT_BOOLEAN, 8, NULL, 0x04,
9707 NULL, HFILL }},
9708 { &hf_kerberos_FastOptions_spare_bit14,
9709 { "spare_bit14", "kerberos.FastOptions.spare.bit14",
9710 FT_BOOLEAN, 8, NULL, 0x02,
9711 NULL, HFILL }},
9712 { &hf_kerberos_FastOptions_spare_bit15,
9713 { "spare_bit15", "kerberos.FastOptions.spare.bit15",
9714 FT_BOOLEAN, 8, NULL, 0x01,
9715 NULL, HFILL }},
9716 { &hf_kerberos_FastOptions_kdc_follow_referrals,
9717 { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals",
9718 FT_BOOLEAN, 8, NULL, 0x80,
9719 NULL, HFILL }},
9720 { &hf_kerberos_ticket_checksum,
9721 { "ticket-checksum", "kerberos.ticket_checksum_element",
9722 FT_NONE, BASE_NONE, NULL, 0,
9723 "Checksum", HFILL }},
9724 { &hf_krb_patimestamp,
9725 { "patimestamp", "kerberos.patimestamp",
9726 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0, "KerberosTime", HFILL }},
9727 { &hf_krb_pausec,
9728 { "pausec", "kerberos.pausec",
9729 FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }},
9730 #endif /* HAVE_KERBEROS */
9731
9732 { &hf_kerberos_ticket,
9733 { "ticket", "kerberos.ticket_element",
9734 FT_NONE, BASE_NONE, NULL, 0,
9735 NULL, HFILL }},
9736 { &hf_kerberos_authenticator,
9737 { "authenticator", "kerberos.authenticator_element",
9738 FT_NONE, BASE_NONE, NULL, 0,
9739 NULL, HFILL }},
9740 { &hf_kerberos_encTicketPart,
9741 { "encTicketPart", "kerberos.encTicketPart_element",
9742 FT_NONE, BASE_NONE, NULL, 0,
9743 NULL, HFILL }},
9744 { &hf_kerberos_as_req,
9745 { "as-req", "kerberos.as_req_element",
9746 FT_NONE, BASE_NONE, NULL, 0,
9747 NULL, HFILL }},
9748 { &hf_kerberos_as_rep,
9749 { "as-rep", "kerberos.as_rep_element",
9750 FT_NONE, BASE_NONE, NULL, 0,
9751 NULL, HFILL }},
9752 { &hf_kerberos_tgs_req,
9753 { "tgs-req", "kerberos.tgs_req_element",
9754 FT_NONE, BASE_NONE, NULL, 0,
9755 NULL, HFILL }},
9756 { &hf_kerberos_tgs_rep,
9757 { "tgs-rep", "kerberos.tgs_rep_element",
9758 FT_NONE, BASE_NONE, NULL, 0,
9759 NULL, HFILL }},
9760 { &hf_kerberos_ap_req,
9761 { "ap-req", "kerberos.ap_req_element",
9762 FT_NONE, BASE_NONE, NULL, 0,
9763 NULL, HFILL }},
9764 { &hf_kerberos_ap_rep,
9765 { "ap-rep", "kerberos.ap_rep_element",
9766 FT_NONE, BASE_NONE, NULL, 0,
9767 NULL, HFILL }},
9768 { &hf_kerberos_krb_safe,
9769 { "krb-safe", "kerberos.krb_safe_element",
9770 FT_NONE, BASE_NONE, NULL, 0,
9771 NULL, HFILL }},
9772 { &hf_kerberos_krb_priv,
9773 { "krb-priv", "kerberos.krb_priv_element",
9774 FT_NONE, BASE_NONE, NULL, 0,
9775 NULL, HFILL }},
9776 { &hf_kerberos_krb_cred,
9777 { "krb-cred", "kerberos.krb_cred_element",
9778 FT_NONE, BASE_NONE, NULL, 0,
9779 NULL, HFILL }},
9780 { &hf_kerberos_encASRepPart,
9781 { "encASRepPart", "kerberos.encASRepPart_element",
9782 FT_NONE, BASE_NONE, NULL, 0,
9783 NULL, HFILL }},
9784 { &hf_kerberos_encTGSRepPart,
9785 { "encTGSRepPart", "kerberos.encTGSRepPart_element",
9786 FT_NONE, BASE_NONE, NULL, 0,
9787 NULL, HFILL }},
9788 { &hf_kerberos_encAPRepPart,
9789 { "encAPRepPart", "kerberos.encAPRepPart_element",
9790 FT_NONE, BASE_NONE, NULL, 0,
9791 NULL, HFILL }},
9792 { &hf_kerberos_encKrbPrivPart,
9793 { "encKrbPrivPart", "kerberos.encKrbPrivPart_element",
9794 FT_NONE, BASE_NONE, NULL, 0,
9795 "ENC_KRB_PRIV_PART", HFILL }},
9796 { &hf_kerberos_encKrbCredPart,
9797 { "encKrbCredPart", "kerberos.encKrbCredPart_element",
9798 FT_NONE, BASE_NONE, NULL, 0,
9799 NULL, HFILL }},
9800 { &hf_kerberos_krb_error,
9801 { "krb-error", "kerberos.krb_error_element",
9802 FT_NONE, BASE_NONE, NULL, 0,
9803 NULL, HFILL }},
9804 { &hf_kerberos_name_type,
9805 { "name-type", "kerberos.name_type",
9806 FT_INT32, BASE_DEC, VALS(kerberos_NAME_TYPE_vals), 0,
9807 NULL, HFILL }},
9808 { &hf_kerberos_name_string,
9809 { "name-string", "kerberos.name_string",
9810 FT_UINT32, BASE_DEC, NULL, 0,
9811 "SEQUENCE_OF_KerberosString", HFILL }},
9812 { &hf_kerberos_name_string_item,
9813 { "KerberosString", "kerberos.KerberosString",
9814 FT_STRING, BASE_NONE, NULL, 0,
9815 NULL, HFILL }},
9816 { &hf_kerberos_cname_string,
9817 { "cname-string", "kerberos.cname_string",
9818 FT_UINT32, BASE_DEC, NULL, 0,
9819 "SEQUENCE_OF_CNameString", HFILL }},
9820 { &hf_kerberos_cname_string_item,
9821 { "CNameString", "kerberos.CNameString",
9822 FT_STRING, BASE_NONE, NULL, 0,
9823 NULL, HFILL }},
9824 { &hf_kerberos_sname_string,
9825 { "sname-string", "kerberos.sname_string",
9826 FT_UINT32, BASE_DEC, NULL, 0,
9827 "SEQUENCE_OF_SNameString", HFILL }},
9828 { &hf_kerberos_sname_string_item,
9829 { "SNameString", "kerberos.SNameString",
9830 FT_STRING, BASE_NONE, NULL, 0,
9831 NULL, HFILL }},
9832 { &hf_kerberos_addr_type,
9833 { "addr-type", "kerberos.addr_type",
9834 FT_INT32, BASE_DEC, VALS(kerberos_ADDR_TYPE_vals), 0,
9835 NULL, HFILL }},
9836 { &hf_kerberos_address,
9837 { "address", "kerberos.address",
9838 FT_BYTES, BASE_NONE, NULL, 0,
9839 NULL, HFILL }},
9840 { &hf_kerberos_HostAddresses_item,
9841 { "HostAddress", "kerberos.HostAddress_element",
9842 FT_NONE, BASE_NONE, NULL, 0,
9843 NULL, HFILL }},
9844 { &hf_kerberos_AuthorizationData_item,
9845 { "AuthorizationData item", "kerberos.AuthorizationData_item_element",
9846 FT_NONE, BASE_NONE, NULL, 0,
9847 NULL, HFILL }},
9848 { &hf_kerberos_ad_type,
9849 { "ad-type", "kerberos.ad_type",
9850 FT_INT32, BASE_DEC, VALS(kerberos_AUTHDATA_TYPE_vals), 0,
9851 "AUTHDATA_TYPE", HFILL }},
9852 { &hf_kerberos_ad_data,
9853 { "ad-data", "kerberos.ad_data",
9854 FT_BYTES, BASE_NONE, NULL, 0,
9855 NULL, HFILL }},
9856 { &hf_kerberos_padata_type,
9857 { "padata-type", "kerberos.padata_type",
9858 FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0,
9859 NULL, HFILL }},
9860 { &hf_kerberos_padata_value,
9861 { "padata-value", "kerberos.padata_value",
9862 FT_BYTES, BASE_NONE, NULL, 0,
9863 NULL, HFILL }},
9864 { &hf_kerberos_keytype,
9865 { "keytype", "kerberos.keytype",
9866 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
9867 NULL, HFILL }},
9868 { &hf_kerberos_keyvalue,
9869 { "keyvalue", "kerberos.keyvalue",
9870 FT_BYTES, BASE_NONE, NULL, 0,
9871 NULL, HFILL }},
9872 { &hf_kerberos_cksumtype,
9873 { "cksumtype", "kerberos.cksumtype",
9874 FT_INT32, BASE_DEC, VALS(kerberos_CKSUMTYPE_vals), 0,
9875 NULL, HFILL }},
9876 { &hf_kerberos_checksum,
9877 { "checksum", "kerberos.checksum",
9878 FT_BYTES, BASE_NONE, NULL, 0,
9879 NULL, HFILL }},
9880 { &hf_kerberos_etype,
9881 { "etype", "kerberos.etype",
9882 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
9883 "ENCTYPE", HFILL }},
9884 { &hf_kerberos_kvno,
9885 { "kvno", "kerberos.kvno",
9886 FT_UINT32, BASE_DEC, NULL, 0,
9887 "UInt32", HFILL }},
9888 { &hf_kerberos_encryptedTicketData_cipher,
9889 { "cipher", "kerberos.encryptedTicketData_cipher",
9890 FT_BYTES, BASE_NONE, NULL, 0,
9891 "T_encryptedTicketData_cipher", HFILL }},
9892 { &hf_kerberos_encryptedAuthorizationData_cipher,
9893 { "cipher", "kerberos.encryptedAuthorizationData_cipher",
9894 FT_BYTES, BASE_NONE, NULL, 0,
9895 "T_encryptedAuthorizationData_cipher", HFILL }},
9896 { &hf_kerberos_encryptedAuthenticator_cipher,
9897 { "cipher", "kerberos.encryptedAuthenticator_cipher",
9898 FT_BYTES, BASE_NONE, NULL, 0,
9899 "T_encryptedAuthenticator_cipher", HFILL }},
9900 { &hf_kerberos_encryptedKDCREPData_cipher,
9901 { "cipher", "kerberos.encryptedKDCREPData_cipher",
9902 FT_BYTES, BASE_NONE, NULL, 0,
9903 "T_encryptedKDCREPData_cipher", HFILL }},
9904 { &hf_kerberos_encryptedAPREPData_cipher,
9905 { "cipher", "kerberos.encryptedAPREPData_cipher",
9906 FT_BYTES, BASE_NONE, NULL, 0,
9907 "T_encryptedAPREPData_cipher", HFILL }},
9908 { &hf_kerberos_encryptedKrbPrivData_cipher,
9909 { "cipher", "kerberos.encryptedKrbPrivData_cipher",
9910 FT_BYTES, BASE_NONE, NULL, 0,
9911 "T_encryptedKrbPrivData_cipher", HFILL }},
9912 { &hf_kerberos_encryptedKrbCredData_cipher,
9913 { "cipher", "kerberos.encryptedKrbCredData_cipher",
9914 FT_BYTES, BASE_NONE, NULL, 0,
9915 "T_encryptedKrbCredData_cipher", HFILL }},
9916 { &hf_kerberos_tkt_vno,
9917 { "tkt-vno", "kerberos.tkt_vno",
9918 FT_UINT32, BASE_DEC, NULL, 0,
9919 "INTEGER_5", HFILL }},
9920 { &hf_kerberos_realm,
9921 { "realm", "kerberos.realm",
9922 FT_STRING, BASE_NONE, NULL, 0,
9923 NULL, HFILL }},
9924 { &hf_kerberos_sname,
9925 { "sname", "kerberos.sname_element",
9926 FT_NONE, BASE_NONE, NULL, 0,
9927 NULL, HFILL }},
9928 { &hf_kerberos_ticket_enc_part,
9929 { "enc-part", "kerberos.ticket_enc_part_element",
9930 FT_NONE, BASE_NONE, NULL, 0,
9931 "EncryptedTicketData", HFILL }},
9932 { &hf_kerberos_flags,
9933 { "flags", "kerberos.flags",
9934 FT_BYTES, BASE_NONE, NULL, 0,
9935 "TicketFlags", HFILL }},
9936 { &hf_kerberos_encTicketPart_key,
9937 { "key", "kerberos.encTicketPart_key_element",
9938 FT_NONE, BASE_NONE, NULL, 0,
9939 "T_encTicketPart_key", HFILL }},
9940 { &hf_kerberos_crealm,
9941 { "crealm", "kerberos.crealm",
9942 FT_STRING, BASE_NONE, NULL, 0,
9943 "Realm", HFILL }},
9944 { &hf_kerberos_cname,
9945 { "cname", "kerberos.cname_element",
9946 FT_NONE, BASE_NONE, NULL, 0,
9947 NULL, HFILL }},
9948 { &hf_kerberos_transited,
9949 { "transited", "kerberos.transited_element",
9950 FT_NONE, BASE_NONE, NULL, 0,
9951 "TransitedEncoding", HFILL }},
9952 { &hf_kerberos_authtime,
9953 { "authtime", "kerberos.authtime",
9954 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
9955 "KerberosTime", HFILL }},
9956 { &hf_kerberos_starttime,
9957 { "starttime", "kerberos.starttime",
9958 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
9959 "KerberosTime", HFILL }},
9960 { &hf_kerberos_endtime,
9961 { "endtime", "kerberos.endtime",
9962 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
9963 "KerberosTime", HFILL }},
9964 { &hf_kerberos_renew_till,
9965 { "renew-till", "kerberos.renew_till",
9966 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
9967 "KerberosTime", HFILL }},
9968 { &hf_kerberos_caddr,
9969 { "caddr", "kerberos.caddr",
9970 FT_UINT32, BASE_DEC, NULL, 0,
9971 "HostAddresses", HFILL }},
9972 { &hf_kerberos_authorization_data,
9973 { "authorization-data", "kerberos.authorization_data",
9974 FT_UINT32, BASE_DEC, NULL, 0,
9975 "AuthorizationData", HFILL }},
9976 { &hf_kerberos_tr_type,
9977 { "tr-type", "kerberos.tr_type",
9978 FT_INT32, BASE_DEC, NULL, 0,
9979 "Int32", HFILL }},
9980 { &hf_kerberos_contents,
9981 { "contents", "kerberos.contents",
9982 FT_BYTES, BASE_NONE, NULL, 0,
9983 "OCTET_STRING", HFILL }},
9984 { &hf_kerberos_pvno,
9985 { "pvno", "kerberos.pvno",
9986 FT_UINT32, BASE_DEC, NULL, 0,
9987 "INTEGER_5", HFILL }},
9988 { &hf_kerberos_msg_type,
9989 { "msg-type", "kerberos.msg_type",
9990 FT_INT32, BASE_DEC, VALS(kerberos_MESSAGE_TYPE_vals), 0,
9991 "MESSAGE_TYPE", HFILL }},
9992 { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA,
9993 { "padata", "kerberos.rEQ_SEQUENCE_OF_PA_DATA",
9994 FT_UINT32, BASE_DEC, NULL, 0,
9995 "T_rEQ_SEQUENCE_OF_PA_DATA", HFILL }},
9996 { &hf_kerberos_rEQ_SEQUENCE_OF_PA_DATA_item,
9997 { "PA-DATA", "kerberos.PA_DATA_element",
9998 FT_NONE, BASE_NONE, NULL, 0,
9999 NULL, HFILL }},
10000 { &hf_kerberos_req_body,
10001 { "req-body", "kerberos.req_body_element",
10002 FT_NONE, BASE_NONE, NULL, 0,
10003 "KDC_REQ_BODY", HFILL }},
10004 { &hf_kerberos_kdc_options,
10005 { "kdc-options", "kerberos.kdc_options",
10006 FT_BYTES, BASE_NONE, NULL, 0,
10007 "KDCOptions", HFILL }},
10008 { &hf_kerberos_from,
10009 { "from", "kerberos.from",
10010 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10011 "KerberosTime", HFILL }},
10012 { &hf_kerberos_till,
10013 { "till", "kerberos.till",
10014 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10015 "KerberosTime", HFILL }},
10016 { &hf_kerberos_rtime,
10017 { "rtime", "kerberos.rtime",
10018 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10019 "KerberosTime", HFILL }},
10020 { &hf_kerberos_nonce,
10021 { "nonce", "kerberos.nonce",
10022 FT_UINT32, BASE_DEC, NULL, 0,
10023 "UInt32", HFILL }},
10024 { &hf_kerberos_kDC_REQ_BODY_etype,
10025 { "etype", "kerberos.kdc-req-body.etype",
10026 FT_UINT32, BASE_DEC, NULL, 0,
10027 "SEQUENCE_OF_ENCTYPE", HFILL }},
10028 { &hf_kerberos_kDC_REQ_BODY_etype_item,
10029 { "ENCTYPE", "kerberos.ENCTYPE",
10030 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
10031 NULL, HFILL }},
10032 { &hf_kerberos_addresses,
10033 { "addresses", "kerberos.addresses",
10034 FT_UINT32, BASE_DEC, NULL, 0,
10035 "HostAddresses", HFILL }},
10036 { &hf_kerberos_enc_authorization_data,
10037 { "enc-authorization-data", "kerberos.enc_authorization_data_element",
10038 FT_NONE, BASE_NONE, NULL, 0,
10039 "EncryptedAuthorizationData", HFILL }},
10040 { &hf_kerberos_additional_tickets,
10041 { "additional-tickets", "kerberos.additional_tickets",
10042 FT_UINT32, BASE_DEC, NULL, 0,
10043 "SEQUENCE_OF_Ticket", HFILL }},
10044 { &hf_kerberos_additional_tickets_item,
10045 { "Ticket", "kerberos.Ticket_element",
10046 FT_NONE, BASE_NONE, NULL, 0,
10047 NULL, HFILL }},
10048 { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA,
10049 { "padata", "kerberos.rEP_SEQUENCE_OF_PA_DATA",
10050 FT_UINT32, BASE_DEC, NULL, 0,
10051 "T_rEP_SEQUENCE_OF_PA_DATA", HFILL }},
10052 { &hf_kerberos_rEP_SEQUENCE_OF_PA_DATA_item,
10053 { "PA-DATA", "kerberos.PA_DATA_element",
10054 FT_NONE, BASE_NONE, NULL, 0,
10055 NULL, HFILL }},
10056 { &hf_kerberos_kDC_REP_enc_part,
10057 { "enc-part", "kerberos.kDC_REP_enc_part_element",
10058 FT_NONE, BASE_NONE, NULL, 0,
10059 "EncryptedKDCREPData", HFILL }},
10060 { &hf_kerberos_encKDCRepPart_key,
10061 { "key", "kerberos.encKDCRepPart_key_element",
10062 FT_NONE, BASE_NONE, NULL, 0,
10063 "T_encKDCRepPart_key", HFILL }},
10064 { &hf_kerberos_last_req,
10065 { "last-req", "kerberos.last_req",
10066 FT_UINT32, BASE_DEC, NULL, 0,
10067 "LastReq", HFILL }},
10068 { &hf_kerberos_key_expiration,
10069 { "key-expiration", "kerberos.key_expiration",
10070 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10071 "KerberosTime", HFILL }},
10072 { &hf_kerberos_srealm,
10073 { "srealm", "kerberos.srealm",
10074 FT_STRING, BASE_NONE, NULL, 0,
10075 "Realm", HFILL }},
10076 { &hf_kerberos_encrypted_pa_data,
10077 { "encrypted-pa-data", "kerberos.encrypted_pa_data",
10078 FT_UINT32, BASE_DEC, NULL, 0,
10079 NULL, HFILL }},
10080 { &hf_kerberos_LastReq_item,
10081 { "LastReq item", "kerberos.LastReq_item_element",
10082 FT_NONE, BASE_NONE, NULL, 0,
10083 NULL, HFILL }},
10084 { &hf_kerberos_lr_type,
10085 { "lr-type", "kerberos.lr_type",
10086 FT_INT32, BASE_DEC, VALS(kerberos_LR_TYPE_vals), 0,
10087 NULL, HFILL }},
10088 { &hf_kerberos_lr_value,
10089 { "lr-value", "kerberos.lr_value",
10090 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10091 "KerberosTime", HFILL }},
10092 { &hf_kerberos_ap_options,
10093 { "ap-options", "kerberos.ap_options",
10094 FT_BYTES, BASE_NONE, NULL, 0,
10095 "APOptions", HFILL }},
10096 { &hf_kerberos_authenticator_enc_part,
10097 { "authenticator", "kerberos.authenticator_enc_part_element",
10098 FT_NONE, BASE_NONE, NULL, 0,
10099 "EncryptedAuthenticator", HFILL }},
10100 { &hf_kerberos_authenticator_vno,
10101 { "authenticator-vno", "kerberos.authenticator_vno",
10102 FT_UINT32, BASE_DEC, NULL, 0,
10103 "INTEGER_5", HFILL }},
10104 { &hf_kerberos_cksum,
10105 { "cksum", "kerberos.cksum_element",
10106 FT_NONE, BASE_NONE, NULL, 0,
10107 "Checksum", HFILL }},
10108 { &hf_kerberos_cusec,
10109 { "cusec", "kerberos.cusec",
10110 FT_UINT32, BASE_DEC, NULL, 0,
10111 "Microseconds", HFILL }},
10112 { &hf_kerberos_ctime,
10113 { "ctime", "kerberos.ctime",
10114 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10115 "KerberosTime", HFILL }},
10116 { &hf_kerberos_authenticator_subkey,
10117 { "subkey", "kerberos.authenticator_subkey_element",
10118 FT_NONE, BASE_NONE, NULL, 0,
10119 "T_authenticator_subkey", HFILL }},
10120 { &hf_kerberos_seq_number,
10121 { "seq-number", "kerberos.seq_number",
10122 FT_UINT32, BASE_DEC, NULL, 0,
10123 "UInt32", HFILL }},
10124 { &hf_kerberos_aP_REP_enc_part,
10125 { "enc-part", "kerberos.aP_REP_enc_part_element",
10126 FT_NONE, BASE_NONE, NULL, 0,
10127 "EncryptedAPREPData", HFILL }},
10128 { &hf_kerberos_encAPRepPart_subkey,
10129 { "subkey", "kerberos.encAPRepPart_subkey_element",
10130 FT_NONE, BASE_NONE, NULL, 0,
10131 "T_encAPRepPart_subkey", HFILL }},
10132 { &hf_kerberos_safe_body,
10133 { "safe-body", "kerberos.safe_body_element",
10134 FT_NONE, BASE_NONE, NULL, 0,
10135 "KRB_SAFE_BODY", HFILL }},
10136 { &hf_kerberos_kRB_SAFE_BODY_user_data,
10137 { "user-data", "kerberos.kRB_SAFE_BODY_user_data",
10138 FT_BYTES, BASE_NONE, NULL, 0,
10139 "T_kRB_SAFE_BODY_user_data", HFILL }},
10140 { &hf_kerberos_timestamp,
10141 { "timestamp", "kerberos.timestamp",
10142 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10143 "KerberosTime", HFILL }},
10144 { &hf_kerberos_usec,
10145 { "usec", "kerberos.usec",
10146 FT_UINT32, BASE_DEC, NULL, 0,
10147 "Microseconds", HFILL }},
10148 { &hf_kerberos_s_address,
10149 { "s-address", "kerberos.s_address_element",
10150 FT_NONE, BASE_NONE, NULL, 0,
10151 "HostAddress", HFILL }},
10152 { &hf_kerberos_r_address,
10153 { "r-address", "kerberos.r_address_element",
10154 FT_NONE, BASE_NONE, NULL, 0,
10155 "HostAddress", HFILL }},
10156 { &hf_kerberos_kRB_PRIV_enc_part,
10157 { "enc-part", "kerberos.kRB_PRIV_enc_part_element",
10158 FT_NONE, BASE_NONE, NULL, 0,
10159 "EncryptedKrbPrivData", HFILL }},
10160 { &hf_kerberos_encKrbPrivPart_user_data,
10161 { "user-data", "kerberos.encKrbPrivPart_user_data",
10162 FT_BYTES, BASE_NONE, NULL, 0,
10163 "T_encKrbPrivPart_user_data", HFILL }},
10164 { &hf_kerberos_tickets,
10165 { "tickets", "kerberos.tickets",
10166 FT_UINT32, BASE_DEC, NULL, 0,
10167 "SEQUENCE_OF_Ticket", HFILL }},
10168 { &hf_kerberos_tickets_item,
10169 { "Ticket", "kerberos.Ticket_element",
10170 FT_NONE, BASE_NONE, NULL, 0,
10171 NULL, HFILL }},
10172 { &hf_kerberos_kRB_CRED_enc_part,
10173 { "enc-part", "kerberos.kRB_CRED_enc_part_element",
10174 FT_NONE, BASE_NONE, NULL, 0,
10175 "EncryptedKrbCredData", HFILL }},
10176 { &hf_kerberos_ticket_info,
10177 { "ticket-info", "kerberos.ticket_info",
10178 FT_UINT32, BASE_DEC, NULL, 0,
10179 "SEQUENCE_OF_KrbCredInfo", HFILL }},
10180 { &hf_kerberos_ticket_info_item,
10181 { "KrbCredInfo", "kerberos.KrbCredInfo_element",
10182 FT_NONE, BASE_NONE, NULL, 0,
10183 NULL, HFILL }},
10184 { &hf_kerberos_krbCredInfo_key,
10185 { "key", "kerberos.krbCredInfo_key_element",
10186 FT_NONE, BASE_NONE, NULL, 0,
10187 "T_krbCredInfo_key", HFILL }},
10188 { &hf_kerberos_prealm,
10189 { "prealm", "kerberos.prealm",
10190 FT_STRING, BASE_NONE, NULL, 0,
10191 "Realm", HFILL }},
10192 { &hf_kerberos_pname,
10193 { "pname", "kerberos.pname_element",
10194 FT_NONE, BASE_NONE, NULL, 0,
10195 "PrincipalName", HFILL }},
10196 { &hf_kerberos_stime,
10197 { "stime", "kerberos.stime",
10198 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
10199 "KerberosTime", HFILL }},
10200 { &hf_kerberos_susec,
10201 { "susec", "kerberos.susec",
10202 FT_UINT32, BASE_DEC, NULL, 0,
10203 "Microseconds", HFILL }},
10204 { &hf_kerberos_error_code,
10205 { "error-code", "kerberos.error_code",
10206 FT_INT32, BASE_DEC, VALS(kerberos_ERROR_CODE_vals), 0,
10207 NULL, HFILL }},
10208 { &hf_kerberos_e_text,
10209 { "e-text", "kerberos.e_text",
10210 FT_STRING, BASE_NONE, NULL, 0,
10211 "KerberosString", HFILL }},
10212 { &hf_kerberos_e_data,
10213 { "e-data", "kerberos.e_data",
10214 FT_BYTES, BASE_NONE, NULL, 0,
10215 NULL, HFILL }},
10216 { &hf_kerberos_e_checksum,
10217 { "e-checksum", "kerberos.e_checksum_element",
10218 FT_NONE, BASE_NONE, NULL, 0,
10219 "Checksum", HFILL }},
10220 { &hf_kerberos_METHOD_DATA_item,
10221 { "PA-DATA", "kerberos.PA_DATA_element",
10222 FT_NONE, BASE_NONE, NULL, 0,
10223 NULL, HFILL }},
10224 { &hf_kerberos_pA_ENC_TIMESTAMP_cipher,
10225 { "cipher", "kerberos.pA_ENC_TIMESTAMP_cipher",
10226 FT_BYTES, BASE_NONE, NULL, 0,
10227 "T_pA_ENC_TIMESTAMP_cipher", HFILL }},
10228 { &hf_kerberos_info_salt,
10229 { "salt", "kerberos.info_salt",
10230 FT_BYTES, BASE_NONE, NULL, 0,
10231 "OCTET_STRING", HFILL }},
10232 { &hf_kerberos_ETYPE_INFO_item,
10233 { "ETYPE-INFO-ENTRY", "kerberos.ETYPE_INFO_ENTRY_element",
10234 FT_NONE, BASE_NONE, NULL, 0,
10235 NULL, HFILL }},
10236 { &hf_kerberos_info2_salt,
10237 { "salt", "kerberos.info2_salt",
10238 FT_STRING, BASE_NONE, NULL, 0,
10239 "KerberosString", HFILL }},
10240 { &hf_kerberos_s2kparams,
10241 { "s2kparams", "kerberos.s2kparams",
10242 FT_BYTES, BASE_NONE, NULL, 0,
10243 "OCTET_STRING", HFILL }},
10244 { &hf_kerberos_ETYPE_INFO2_item,
10245 { "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element",
10246 FT_NONE, BASE_NONE, NULL, 0,
10247 NULL, HFILL }},
10248 { &hf_kerberos_server_name,
10249 { "server-name", "kerberos.server_name_element",
10250 FT_NONE, BASE_NONE, NULL, 0,
10251 "PrincipalName", HFILL }},
10252 { &hf_kerberos_include_pac,
10253 { "include-pac", "kerberos.include_pac",
10254 FT_BOOLEAN, BASE_NONE, NULL, 0,
10255 "BOOLEAN", HFILL }},
10256 { &hf_kerberos_name,
10257 { "name", "kerberos.name_element",
10258 FT_NONE, BASE_NONE, NULL, 0,
10259 "PrincipalName", HFILL }},
10260 { &hf_kerberos_auth,
10261 { "auth", "kerberos.auth",
10262 FT_STRING, BASE_NONE, NULL, 0,
10263 "GeneralString", HFILL }},
10264 { &hf_kerberos_user_id,
10265 { "user-id", "kerberos.user_id_element",
10266 FT_NONE, BASE_NONE, NULL, 0,
10267 "S4UUserID", HFILL }},
10268 { &hf_kerberos_checksum_01,
10269 { "checksum", "kerberos.checksum_element",
10270 FT_NONE, BASE_NONE, NULL, 0,
10271 NULL, HFILL }},
10272 { &hf_kerberos_cname_01,
10273 { "cname", "kerberos.cname_element",
10274 FT_NONE, BASE_NONE, NULL, 0,
10275 "PrincipalName", HFILL }},
10276 { &hf_kerberos_subject_certificate,
10277 { "subject-certificate", "kerberos.subject_certificate",
10278 FT_BYTES, BASE_NONE, NULL, 0,
10279 "T_subject_certificate", HFILL }},
10280 { &hf_kerberos_options,
10281 { "options", "kerberos.options",
10282 FT_BYTES, BASE_NONE, NULL, 0,
10283 "BIT_STRING", HFILL }},
10284 { &hf_kerberos_flags_01,
10285 { "flags", "kerberos.flags",
10286 FT_BYTES, BASE_NONE, NULL, 0,
10287 "PAC_OPTIONS_FLAGS", HFILL }},
10288 { &hf_kerberos_restriction_type,
10289 { "restriction-type", "kerberos.restriction_type",
10290 FT_INT32, BASE_DEC, NULL, 0,
10291 "Int32", HFILL }},
10292 { &hf_kerberos_restriction,
10293 { "restriction", "kerberos.restriction",
10294 FT_BYTES, BASE_NONE, NULL, 0,
10295 "OCTET_STRING", HFILL }},
10296 { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item,
10297 { "ENCTYPE", "kerberos.ENCTYPE",
10298 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
10299 NULL, HFILL }},
10300 { &hf_kerberos_kerbKeyListRep_key,
10301 { "key", "kerberos.kerbKeyListRep.key_element",
10302 FT_NONE, BASE_NONE, NULL, 0,
10303 "PA_KERB_KEY_LIST_REP_item", HFILL }},
10304 { &hf_kerberos_srppa_group,
10305 { "group", "kerberos.srppa_group",
10306 FT_INT32, BASE_DEC, VALS(kerberos_KRB5_SRP_GROUP_vals), 0,
10307 "KRB5_SRP_GROUP", HFILL }},
10308 { &hf_kerberos_salt,
10309 { "salt", "kerberos.salt",
10310 FT_BYTES, BASE_NONE, NULL, 0,
10311 "OCTET_STRING", HFILL }},
10312 { &hf_kerberos_iterations,
10313 { "iterations", "kerberos.iterations",
10314 FT_UINT32, BASE_DEC, NULL, 0,
10315 "UInt32", HFILL }},
10316 { &hf_kerberos_groups,
10317 { "groups", "kerberos.groups",
10318 FT_UINT32, BASE_DEC, NULL, 0,
10319 "SET_OF_KRB5_SRP_PA", HFILL }},
10320 { &hf_kerberos_groups_item,
10321 { "KRB5-SRP-PA", "kerberos.KRB5_SRP_PA_element",
10322 FT_NONE, BASE_NONE, NULL, 0,
10323 NULL, HFILL }},
10324 { &hf_kerberos_as_req_01,
10325 { "as-req", "kerberos.as_req_element",
10326 FT_NONE, BASE_NONE, NULL, 0,
10327 "Checksum", HFILL }},
10328 { &hf_kerberos_group,
10329 { "group", "kerberos.group",
10330 FT_UINT32, BASE_DEC, NULL, 0,
10331 "UInt32", HFILL }},
10332 { &hf_kerberos_a,
10333 { "a", "kerberos.a",
10334 FT_BYTES, BASE_NONE, NULL, 0,
10335 "OCTET_STRING", HFILL }},
10336 { &hf_kerberos_AD_AUTHENTICATION_INDICATOR_item,
10337 { "AD-AUTHENTICATION-INDICATOR item", "kerberos.AD_AUTHENTICATION_INDICATOR_item",
10338 FT_STRING, BASE_NONE, NULL, 0,
10339 "UTF8String", HFILL }},
10340 { &hf_kerberos_elements,
10341 { "elements", "kerberos.elements",
10342 FT_UINT32, BASE_DEC, NULL, 0,
10343 "AuthorizationData", HFILL }},
10344 { &hf_kerberos_kdc_verifier,
10345 { "kdc-verifier", "kerberos.kdc_verifier_element",
10346 FT_NONE, BASE_NONE, NULL, 0,
10347 "Verifier_MAC", HFILL }},
10348 { &hf_kerberos_svc_verifier,
10349 { "svc-verifier", "kerberos.svc_verifier_element",
10350 FT_NONE, BASE_NONE, NULL, 0,
10351 "Verifier_MAC", HFILL }},
10352 { &hf_kerberos_other_verifiers,
10353 { "other-verifiers", "kerberos.other_verifiers",
10354 FT_UINT32, BASE_DEC, NULL, 0,
10355 "SEQUENCE_SIZE_1_MAX_OF_Verifier", HFILL }},
10356 { &hf_kerberos_other_verifiers_item,
10357 { "Verifier", "kerberos.Verifier",
10358 FT_UINT32, BASE_DEC, VALS(kerberos_Verifier_vals), 0,
10359 NULL, HFILL }},
10360 { &hf_kerberos_mac,
10361 { "mac", "kerberos.mac_element",
10362 FT_NONE, BASE_NONE, NULL, 0,
10363 "Verifier_MAC", HFILL }},
10364 { &hf_kerberos_identifier,
10365 { "identifier", "kerberos.identifier_element",
10366 FT_NONE, BASE_NONE, NULL, 0,
10367 "PrincipalName", HFILL }},
10368 { &hf_kerberos_enctype,
10369 { "enctype", "kerberos.enctype",
10370 FT_INT32, BASE_DEC, NULL, 0,
10371 "Int32", HFILL }},
10372 { &hf_kerberos_mac_01,
10373 { "mac", "kerberos.mac_element",
10374 FT_NONE, BASE_NONE, NULL, 0,
10375 "Checksum", HFILL }},
10376 { &hf_kerberos_newpasswd,
10377 { "newpasswd", "kerberos.newpasswd",
10378 FT_BYTES, BASE_NONE, NULL, 0,
10379 "OCTET_STRING", HFILL }},
10380 { &hf_kerberos_targname,
10381 { "targname", "kerberos.targname_element",
10382 FT_NONE, BASE_NONE, NULL, 0,
10383 "PrincipalName", HFILL }},
10384 { &hf_kerberos_targrealm,
10385 { "targrealm", "kerberos.targrealm",
10386 FT_STRING, BASE_NONE, NULL, 0,
10387 "Realm", HFILL }},
10388 { &hf_kerberos_pa_type,
10389 { "pa-type", "kerberos.pa_type",
10390 FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0,
10391 "PADATA_TYPE", HFILL }},
10392 { &hf_kerberos_pa_hint,
10393 { "pa-hint", "kerberos.pa_hint",
10394 FT_BYTES, BASE_NONE, NULL, 0,
10395 "OCTET_STRING", HFILL }},
10396 { &hf_kerberos_pa_value,
10397 { "pa-value", "kerberos.pa_value",
10398 FT_BYTES, BASE_NONE, NULL, 0,
10399 "OCTET_STRING", HFILL }},
10400 { &hf_kerberos_armor_type,
10401 { "armor-type", "kerberos.armor_type",
10402 FT_INT32, BASE_DEC, VALS(kerberos_KrbFastArmorTypes_vals), 0,
10403 "KrbFastArmorTypes", HFILL }},
10404 { &hf_kerberos_armor_value,
10405 { "armor-value", "kerberos.armor_value",
10406 FT_BYTES, BASE_NONE, NULL, 0,
10407 NULL, HFILL }},
10408 { &hf_kerberos_armored_data_request,
10409 { "armored-data", "kerberos.armored_data_request_element",
10410 FT_NONE, BASE_NONE, NULL, 0,
10411 "KrbFastArmoredReq", HFILL }},
10412 { &hf_kerberos_encryptedKrbFastReq_cipher,
10413 { "cipher", "kerberos.encryptedKrbFastReq_cipher",
10414 FT_BYTES, BASE_NONE, NULL, 0,
10415 "T_encryptedKrbFastReq_cipher", HFILL }},
10416 { &hf_kerberos_armor,
10417 { "armor", "kerberos.armor_element",
10418 FT_NONE, BASE_NONE, NULL, 0,
10419 "KrbFastArmor", HFILL }},
10420 { &hf_kerberos_req_checksum,
10421 { "req-checksum", "kerberos.req_checksum_element",
10422 FT_NONE, BASE_NONE, NULL, 0,
10423 "Checksum", HFILL }},
10424 { &hf_kerberos_enc_fast_req,
10425 { "enc-fast-req", "kerberos.enc_fast_req_element",
10426 FT_NONE, BASE_NONE, NULL, 0,
10427 "EncryptedKrbFastReq", HFILL }},
10428 { &hf_kerberos_armored_data_reply,
10429 { "armored-data", "kerberos.armored_data_reply_element",
10430 FT_NONE, BASE_NONE, NULL, 0,
10431 "KrbFastArmoredRep", HFILL }},
10432 { &hf_kerberos_encryptedKrbFastResponse_cipher,
10433 { "cipher", "kerberos.encryptedKrbFastResponse_cipher",
10434 FT_BYTES, BASE_NONE, NULL, 0,
10435 "T_encryptedKrbFastResponse_cipher", HFILL }},
10436 { &hf_kerberos_enc_fast_rep,
10437 { "enc-fast-rep", "kerberos.enc_fast_rep_element",
10438 FT_NONE, BASE_NONE, NULL, 0,
10439 "EncryptedKrbFastResponse", HFILL }},
10440 { &hf_kerberos_encryptedChallenge_cipher,
10441 { "cipher", "kerberos.encryptedChallenge_cipher",
10442 FT_BYTES, BASE_NONE, NULL, 0,
10443 "T_encryptedChallenge_cipher", HFILL }},
10444 { &hf_kerberos_cipher,
10445 { "cipher", "kerberos.cipher",
10446 FT_BYTES, BASE_NONE, NULL, 0,
10447 "OCTET_STRING", HFILL }},
10448 { &hf_kerberos_groups_01,
10449 { "groups", "kerberos.groups",
10450 FT_UINT32, BASE_DEC, NULL, 0,
10451 "SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup", HFILL }},
10452 { &hf_kerberos_groups_item_01,
10453 { "SPAKEGroup", "kerberos.SPAKEGroup",
10454 FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0,
10455 NULL, HFILL }},
10456 { &hf_kerberos_spake_group,
10457 { "group", "kerberos.spake_group",
10458 FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0,
10459 "SPAKEGroup", HFILL }},
10460 { &hf_kerberos_pubkey,
10461 { "pubkey", "kerberos.pubkey",
10462 FT_BYTES, BASE_NONE, NULL, 0,
10463 "OCTET_STRING", HFILL }},
10464 { &hf_kerberos_factors,
10465 { "factors", "kerberos.factors",
10466 FT_UINT32, BASE_DEC, NULL, 0,
10467 "SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor", HFILL }},
10468 { &hf_kerberos_factors_item,
10469 { "SPAKESecondFactor", "kerberos.SPAKESecondFactor_element",
10470 FT_NONE, BASE_NONE, NULL, 0,
10471 NULL, HFILL }},
10472 { &hf_kerberos_type,
10473 { "type", "kerberos.type",
10474 FT_INT32, BASE_DEC, VALS(kerberos_SPAKESecondFactorType_vals), 0,
10475 "SPAKESecondFactorType", HFILL }},
10476 { &hf_kerberos_data,
10477 { "data", "kerberos.data",
10478 FT_BYTES, BASE_NONE, NULL, 0,
10479 "OCTET_STRING", HFILL }},
10480 { &hf_kerberos_factor,
10481 { "factor", "kerberos.factor_element",
10482 FT_NONE, BASE_NONE, NULL, 0,
10483 "EncryptedSpakeResponseData", HFILL }},
10484 { &hf_kerberos_support,
10485 { "support", "kerberos.support_element",
10486 FT_NONE, BASE_NONE, NULL, 0,
10487 "SPAKESupport", HFILL }},
10488 { &hf_kerberos_challenge,
10489 { "challenge", "kerberos.challenge_element",
10490 FT_NONE, BASE_NONE, NULL, 0,
10491 "SPAKEChallenge", HFILL }},
10492 { &hf_kerberos_response,
10493 { "response", "kerberos.response_element",
10494 FT_NONE, BASE_NONE, NULL, 0,
10495 "SPAKEResponse", HFILL }},
10496 { &hf_kerberos_encdata,
10497 { "encdata", "kerberos.encdata_element",
10498 FT_NONE, BASE_NONE, NULL, 0,
10499 "EncryptedSpakeData", HFILL }},
10500 { &hf_kerberos_APOptions_reserved,
10501 { "reserved", "kerberos.APOptions.reserved",
10502 FT_BOOLEAN, 8, NULL, 0x80,
10503 NULL, HFILL }},
10504 { &hf_kerberos_APOptions_use_session_key,
10505 { "use-session-key", "kerberos.APOptions.use.session.key",
10506 FT_BOOLEAN, 8, NULL, 0x40,
10507 NULL, HFILL }},
10508 { &hf_kerberos_APOptions_mutual_required,
10509 { "mutual-required", "kerberos.APOptions.mutual.required",
10510 FT_BOOLEAN, 8, NULL, 0x20,
10511 NULL, HFILL }},
10512 { &hf_kerberos_TicketFlags_reserved,
10513 { "reserved", "kerberos.TicketFlags.reserved",
10514 FT_BOOLEAN, 8, NULL, 0x80,
10515 NULL, HFILL }},
10516 { &hf_kerberos_TicketFlags_forwardable,
10517 { "forwardable", "kerberos.TicketFlags.forwardable",
10518 FT_BOOLEAN, 8, NULL, 0x40,
10519 NULL, HFILL }},
10520 { &hf_kerberos_TicketFlags_forwarded,
10521 { "forwarded", "kerberos.TicketFlags.forwarded",
10522 FT_BOOLEAN, 8, NULL, 0x20,
10523 NULL, HFILL }},
10524 { &hf_kerberos_TicketFlags_proxiable,
10525 { "proxiable", "kerberos.TicketFlags.proxiable",
10526 FT_BOOLEAN, 8, NULL, 0x10,
10527 NULL, HFILL }},
10528 { &hf_kerberos_TicketFlags_proxy,
10529 { "proxy", "kerberos.TicketFlags.proxy",
10530 FT_BOOLEAN, 8, NULL, 0x08,
10531 NULL, HFILL }},
10532 { &hf_kerberos_TicketFlags_may_postdate,
10533 { "may-postdate", "kerberos.TicketFlags.may.postdate",
10534 FT_BOOLEAN, 8, NULL, 0x04,
10535 NULL, HFILL }},
10536 { &hf_kerberos_TicketFlags_postdated,
10537 { "postdated", "kerberos.TicketFlags.postdated",
10538 FT_BOOLEAN, 8, NULL, 0x02,
10539 NULL, HFILL }},
10540 { &hf_kerberos_TicketFlags_invalid,
10541 { "invalid", "kerberos.TicketFlags.invalid",
10542 FT_BOOLEAN, 8, NULL, 0x01,
10543 NULL, HFILL }},
10544 { &hf_kerberos_TicketFlags_renewable,
10545 { "renewable", "kerberos.TicketFlags.renewable",
10546 FT_BOOLEAN, 8, NULL, 0x80,
10547 NULL, HFILL }},
10548 { &hf_kerberos_TicketFlags_initial,
10549 { "initial", "kerberos.TicketFlags.initial",
10550 FT_BOOLEAN, 8, NULL, 0x40,
10551 NULL, HFILL }},
10552 { &hf_kerberos_TicketFlags_pre_authent,
10553 { "pre-authent", "kerberos.TicketFlags.pre.authent",
10554 FT_BOOLEAN, 8, NULL, 0x20,
10555 NULL, HFILL }},
10556 { &hf_kerberos_TicketFlags_hw_authent,
10557 { "hw-authent", "kerberos.TicketFlags.hw.authent",
10558 FT_BOOLEAN, 8, NULL, 0x10,
10559 NULL, HFILL }},
10560 { &hf_kerberos_TicketFlags_transited_policy_checked,
10561 { "transited-policy-checked", "kerberos.TicketFlags.transited.policy.checked",
10562 FT_BOOLEAN, 8, NULL, 0x08,
10563 NULL, HFILL }},
10564 { &hf_kerberos_TicketFlags_ok_as_delegate,
10565 { "ok-as-delegate", "kerberos.TicketFlags.ok.as.delegate",
10566 FT_BOOLEAN, 8, NULL, 0x04,
10567 NULL, HFILL }},
10568 { &hf_kerberos_TicketFlags_unused,
10569 { "unused", "kerberos.TicketFlags.unused",
10570 FT_BOOLEAN, 8, NULL, 0x02,
10571 NULL, HFILL }},
10572 { &hf_kerberos_TicketFlags_enc_pa_rep,
10573 { "enc-pa-rep", "kerberos.TicketFlags.enc.pa.rep",
10574 FT_BOOLEAN, 8, NULL, 0x01,
10575 NULL, HFILL }},
10576 { &hf_kerberos_TicketFlags_anonymous,
10577 { "anonymous", "kerberos.TicketFlags.anonymous",
10578 FT_BOOLEAN, 8, NULL, 0x80,
10579 NULL, HFILL }},
10580 { &hf_kerberos_KDCOptions_reserved,
10581 { "reserved", "kerberos.KDCOptions.reserved",
10582 FT_BOOLEAN, 8, NULL, 0x80,
10583 NULL, HFILL }},
10584 { &hf_kerberos_KDCOptions_forwardable,
10585 { "forwardable", "kerberos.KDCOptions.forwardable",
10586 FT_BOOLEAN, 8, NULL, 0x40,
10587 NULL, HFILL }},
10588 { &hf_kerberos_KDCOptions_forwarded,
10589 { "forwarded", "kerberos.KDCOptions.forwarded",
10590 FT_BOOLEAN, 8, NULL, 0x20,
10591 NULL, HFILL }},
10592 { &hf_kerberos_KDCOptions_proxiable,
10593 { "proxiable", "kerberos.KDCOptions.proxiable",
10594 FT_BOOLEAN, 8, NULL, 0x10,
10595 NULL, HFILL }},
10596 { &hf_kerberos_KDCOptions_proxy,
10597 { "proxy", "kerberos.KDCOptions.proxy",
10598 FT_BOOLEAN, 8, NULL, 0x08,
10599 NULL, HFILL }},
10600 { &hf_kerberos_KDCOptions_allow_postdate,
10601 { "allow-postdate", "kerberos.KDCOptions.allow.postdate",
10602 FT_BOOLEAN, 8, NULL, 0x04,
10603 NULL, HFILL }},
10604 { &hf_kerberos_KDCOptions_postdated,
10605 { "postdated", "kerberos.KDCOptions.postdated",
10606 FT_BOOLEAN, 8, NULL, 0x02,
10607 NULL, HFILL }},
10608 { &hf_kerberos_KDCOptions_unused7,
10609 { "unused7", "kerberos.KDCOptions.unused7",
10610 FT_BOOLEAN, 8, NULL, 0x01,
10611 NULL, HFILL }},
10612 { &hf_kerberos_KDCOptions_renewable,
10613 { "renewable", "kerberos.KDCOptions.renewable",
10614 FT_BOOLEAN, 8, NULL, 0x80,
10615 NULL, HFILL }},
10616 { &hf_kerberos_KDCOptions_unused9,
10617 { "unused9", "kerberos.KDCOptions.unused9",
10618 FT_BOOLEAN, 8, NULL, 0x40,
10619 NULL, HFILL }},
10620 { &hf_kerberos_KDCOptions_unused10,
10621 { "unused10", "kerberos.KDCOptions.unused10",
10622 FT_BOOLEAN, 8, NULL, 0x20,
10623 NULL, HFILL }},
10624 { &hf_kerberos_KDCOptions_opt_hardware_auth,
10625 { "opt-hardware-auth", "kerberos.KDCOptions.opt.hardware.auth",
10626 FT_BOOLEAN, 8, NULL, 0x10,
10627 NULL, HFILL }},
10628 { &hf_kerberos_KDCOptions_unused12,
10629 { "unused12", "kerberos.KDCOptions.unused12",
10630 FT_BOOLEAN, 8, NULL, 0x08,
10631 NULL, HFILL }},
10632 { &hf_kerberos_KDCOptions_unused13,
10633 { "unused13", "kerberos.KDCOptions.unused13",
10634 FT_BOOLEAN, 8, NULL, 0x04,
10635 NULL, HFILL }},
10636 { &hf_kerberos_KDCOptions_constrained_delegation,
10637 { "constrained-delegation", "kerberos.KDCOptions.constrained.delegation",
10638 FT_BOOLEAN, 8, NULL, 0x02,
10639 NULL, HFILL }},
10640 { &hf_kerberos_KDCOptions_canonicalize,
10641 { "canonicalize", "kerberos.KDCOptions.canonicalize",
10642 FT_BOOLEAN, 8, NULL, 0x01,
10643 NULL, HFILL }},
10644 { &hf_kerberos_KDCOptions_request_anonymous,
10645 { "request-anonymous", "kerberos.KDCOptions.request.anonymous",
10646 FT_BOOLEAN, 8, NULL, 0x80,
10647 NULL, HFILL }},
10648 { &hf_kerberos_KDCOptions_unused17,
10649 { "unused17", "kerberos.KDCOptions.unused17",
10650 FT_BOOLEAN, 8, NULL, 0x40,
10651 NULL, HFILL }},
10652 { &hf_kerberos_KDCOptions_unused18,
10653 { "unused18", "kerberos.KDCOptions.unused18",
10654 FT_BOOLEAN, 8, NULL, 0x20,
10655 NULL, HFILL }},
10656 { &hf_kerberos_KDCOptions_unused19,
10657 { "unused19", "kerberos.KDCOptions.unused19",
10658 FT_BOOLEAN, 8, NULL, 0x10,
10659 NULL, HFILL }},
10660 { &hf_kerberos_KDCOptions_unused20,
10661 { "unused20", "kerberos.KDCOptions.unused20",
10662 FT_BOOLEAN, 8, NULL, 0x08,
10663 NULL, HFILL }},
10664 { &hf_kerberos_KDCOptions_unused21,
10665 { "unused21", "kerberos.KDCOptions.unused21",
10666 FT_BOOLEAN, 8, NULL, 0x04,
10667 NULL, HFILL }},
10668 { &hf_kerberos_KDCOptions_unused22,
10669 { "unused22", "kerberos.KDCOptions.unused22",
10670 FT_BOOLEAN, 8, NULL, 0x02,
10671 NULL, HFILL }},
10672 { &hf_kerberos_KDCOptions_unused23,
10673 { "unused23", "kerberos.KDCOptions.unused23",
10674 FT_BOOLEAN, 8, NULL, 0x01,
10675 NULL, HFILL }},
10676 { &hf_kerberos_KDCOptions_unused24,
10677 { "unused24", "kerberos.KDCOptions.unused24",
10678 FT_BOOLEAN, 8, NULL, 0x80,
10679 NULL, HFILL }},
10680 { &hf_kerberos_KDCOptions_unused25,
10681 { "unused25", "kerberos.KDCOptions.unused25",
10682 FT_BOOLEAN, 8, NULL, 0x40,
10683 NULL, HFILL }},
10684 { &hf_kerberos_KDCOptions_disable_transited_check,
10685 { "disable-transited-check", "kerberos.KDCOptions.disable.transited.check",
10686 FT_BOOLEAN, 8, NULL, 0x20,
10687 NULL, HFILL }},
10688 { &hf_kerberos_KDCOptions_renewable_ok,
10689 { "renewable-ok", "kerberos.KDCOptions.renewable.ok",
10690 FT_BOOLEAN, 8, NULL, 0x10,
10691 NULL, HFILL }},
10692 { &hf_kerberos_KDCOptions_enc_tkt_in_skey,
10693 { "enc-tkt-in-skey", "kerberos.KDCOptions.enc.tkt.in.skey",
10694 FT_BOOLEAN, 8, NULL, 0x08,
10695 NULL, HFILL }},
10696 { &hf_kerberos_KDCOptions_unused29,
10697 { "unused29", "kerberos.KDCOptions.unused29",
10698 FT_BOOLEAN, 8, NULL, 0x04,
10699 NULL, HFILL }},
10700 { &hf_kerberos_KDCOptions_renew,
10701 { "renew", "kerberos.KDCOptions.renew",
10702 FT_BOOLEAN, 8, NULL, 0x02,
10703 NULL, HFILL }},
10704 { &hf_kerberos_KDCOptions_validate,
10705 { "validate", "kerberos.KDCOptions.validate",
10706 FT_BOOLEAN, 8, NULL, 0x01,
10707 NULL, HFILL }},
10708 { &hf_kerberos_PAC_OPTIONS_FLAGS_claims,
10709 { "claims", "kerberos.PAC.OPTIONS.FLAGS.claims",
10710 FT_BOOLEAN, 8, NULL, 0x80,
10711 NULL, HFILL }},
10712 { &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware,
10713 { "branch-aware", "kerberos.PAC.OPTIONS.FLAGS.branch.aware",
10714 FT_BOOLEAN, 8, NULL, 0x40,
10715 NULL, HFILL }},
10716 { &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc,
10717 { "forward-to-full-dc", "kerberos.PAC.OPTIONS.FLAGS.forward.to.full.dc",
10718 FT_BOOLEAN, 8, NULL, 0x20,
10719 NULL, HFILL }},
10720 { &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation,
10721 { "resource-based-constrained-delegation", "kerberos.PAC.OPTIONS.FLAGS.resource.based.constrained.delegation",
10722 FT_BOOLEAN, 8, NULL, 0x10,
10723 NULL, HFILL }},
10724 };
10725
10726 /* List of subtrees */
10727 static int *ett[] = {
10728 &ett_kerberos,
10729 &ett_krb_recordmark,
10730 &ett_krb_pac,
10731 &ett_krb_pac_drep,
10732 &ett_krb_pac_midl_blob,
10733 &ett_krb_pac_logon_info,
10734 &ett_krb_pac_credential_info,
10735 &ett_krb_pac_s4u_delegation_info,
10736 &ett_krb_pac_upn_dns_info,
10737 &ett_krb_pac_upn_dns_info_flags,
10738 &ett_krb_pac_client_claims_info,
10739 &ett_krb_pac_device_info,
10740 &ett_krb_pac_device_claims_info,
10741 &ett_krb_pac_server_checksum,
10742 &ett_krb_pac_privsvr_checksum,
10743 &ett_krb_pac_client_info_type,
10744 &ett_krb_pac_ticket_checksum,
10745 &ett_krb_pac_attributes_info,
10746 &ett_krb_pac_attributes_info_flags,
10747 &ett_krb_pac_requester_sid,
10748 &ett_krb_pac_full_checksum,
10749 &ett_krb_pa_supported_enctypes,
10750 &ett_krb_ad_ap_options,
10751 &ett_kerberos_KERB_TICKET_LOGON,
10752 #ifdef HAVE_KERBEROS
10753 &ett_krb_pa_enc_ts_enc,
10754 &ett_kerberos_KrbFastFinished,
10755 &ett_kerberos_KrbFastResponse,
10756 &ett_kerberos_KrbFastReq,
10757 &ett_kerberos_FastOptions,
10758 #endif
10759 &ett_kerberos_Applications,
10760 &ett_kerberos_PrincipalName,
10761 &ett_kerberos_SEQUENCE_OF_KerberosString,
10762 &ett_kerberos_CName,
10763 &ett_kerberos_SEQUENCE_OF_CNameString,
10764 &ett_kerberos_SName,
10765 &ett_kerberos_SEQUENCE_OF_SNameString,
10766 &ett_kerberos_HostAddress,
10767 &ett_kerberos_HostAddresses,
10768 &ett_kerberos_AuthorizationData,
10769 &ett_kerberos_AuthorizationData_item,
10770 &ett_kerberos_PA_DATA,
10771 &ett_kerberos_EncryptionKey,
10772 &ett_kerberos_Checksum,
10773 &ett_kerberos_EncryptedTicketData,
10774 &ett_kerberos_EncryptedAuthorizationData,
10775 &ett_kerberos_EncryptedAuthenticator,
10776 &ett_kerberos_EncryptedKDCREPData,
10777 &ett_kerberos_EncryptedAPREPData,
10778 &ett_kerberos_EncryptedKrbPrivData,
10779 &ett_kerberos_EncryptedKrbCredData,
10780 &ett_kerberos_Ticket_U,
10781 &ett_kerberos_EncTicketPart_U,
10782 &ett_kerberos_TransitedEncoding,
10783 &ett_kerberos_KDC_REQ,
10784 &ett_kerberos_T_rEQ_SEQUENCE_OF_PA_DATA,
10785 &ett_kerberos_KDC_REQ_BODY,
10786 &ett_kerberos_SEQUENCE_OF_ENCTYPE,
10787 &ett_kerberos_SEQUENCE_OF_Ticket,
10788 &ett_kerberos_KDC_REP,
10789 &ett_kerberos_T_rEP_SEQUENCE_OF_PA_DATA,
10790 &ett_kerberos_EncKDCRepPart,
10791 &ett_kerberos_LastReq,
10792 &ett_kerberos_LastReq_item,
10793 &ett_kerberos_AP_REQ_U,
10794 &ett_kerberos_Authenticator_U,
10795 &ett_kerberos_AP_REP_U,
10796 &ett_kerberos_EncAPRepPart_U,
10797 &ett_kerberos_KRB_SAFE_U,
10798 &ett_kerberos_KRB_SAFE_BODY,
10799 &ett_kerberos_KRB_PRIV_U,
10800 &ett_kerberos_EncKrbPrivPart,
10801 &ett_kerberos_KRB_CRED_U,
10802 &ett_kerberos_EncKrbCredPart_U,
10803 &ett_kerberos_SEQUENCE_OF_KrbCredInfo,
10804 &ett_kerberos_KrbCredInfo,
10805 &ett_kerberos_KRB_ERROR_U,
10806 &ett_kerberos_METHOD_DATA,
10807 &ett_kerberos_PA_ENC_TIMESTAMP,
10808 &ett_kerberos_ETYPE_INFO_ENTRY,
10809 &ett_kerberos_ETYPE_INFO,
10810 &ett_kerberos_ETYPE_INFO2_ENTRY,
10811 &ett_kerberos_ETYPE_INFO2,
10812 &ett_kerberos_TGT_REQ,
10813 &ett_kerberos_TGT_REP,
10814 &ett_kerberos_APOptions,
10815 &ett_kerberos_TicketFlags,
10816 &ett_kerberos_KDCOptions,
10817 &ett_kerberos_PA_PAC_REQUEST,
10818 &ett_kerberos_PA_S4U2Self,
10819 &ett_kerberos_PA_S4U_X509_USER,
10820 &ett_kerberos_S4UUserID,
10821 &ett_kerberos_PAC_OPTIONS_FLAGS,
10822 &ett_kerberos_PA_PAC_OPTIONS,
10823 &ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U,
10824 &ett_kerberos_PA_KERB_KEY_LIST_REQ,
10825 &ett_kerberos_PA_KERB_KEY_LIST_REP,
10826 &ett_kerberos_KRB5_SRP_PA,
10827 &ett_kerberos_KRB5_SRP_PA_ANNOUNCE,
10828 &ett_kerberos_SET_OF_KRB5_SRP_PA,
10829 &ett_kerberos_KRB5_SRP_PA_INIT_U,
10830 &ett_kerberos_AD_AUTHENTICATION_INDICATOR,
10831 &ett_kerberos_AD_CAMMAC,
10832 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_Verifier,
10833 &ett_kerberos_Verifier,
10834 &ett_kerberos_Verifier_MAC,
10835 &ett_kerberos_ChangePasswdData,
10836 &ett_kerberos_PA_AUTHENTICATION_SET_ELEM,
10837 &ett_kerberos_KrbFastArmor,
10838 &ett_kerberos_PA_FX_FAST_REQUEST,
10839 &ett_kerberos_EncryptedKrbFastReq,
10840 &ett_kerberos_KrbFastArmoredReq,
10841 &ett_kerberos_PA_FX_FAST_REPLY,
10842 &ett_kerberos_EncryptedKrbFastResponse,
10843 &ett_kerberos_KrbFastArmoredRep,
10844 &ett_kerberos_EncryptedChallenge,
10845 &ett_kerberos_EncryptedSpakeData,
10846 &ett_kerberos_EncryptedSpakeResponseData,
10847 &ett_kerberos_SPAKESupport,
10848 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup,
10849 &ett_kerberos_SPAKEChallenge,
10850 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor,
10851 &ett_kerberos_SPAKESecondFactor,
10852 &ett_kerberos_SPAKEResponse,
10853 &ett_kerberos_PA_SPAKE,
10854 };
10855
10856 static ei_register_info ei[] = {
10857 { &ei_kerberos_missing_keytype, { "kerberos.missing_keytype", PI_DECRYPTION, PI_WARN, "Missing keytype", EXPFILL }},
10858 { &ei_kerberos_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decrypted keytype", EXPFILL }},
10859 { &ei_kerberos_learnt_keytype, { "kerberos.learnt_keytype", PI_SECURITY, PI_CHAT, "Learnt keytype", EXPFILL }},
10860 { &ei_kerberos_address, { "kerberos.address.unknown", PI_UNDECODED, PI_WARN, "KRB Address: I don't know how to parse this type of address yet", EXPFILL }},
10861 { &ei_krb_gssapi_dlglen, { "kerberos.gssapi.dlglen.error", PI_MALFORMED, PI_ERROR, "DlgLen is not the same as number of bytes remaining", EXPFILL }},
10862 };
10863
10864 expert_module_t* expert_krb;
10865 module_t *krb_module;
10866
10867 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
10868 proto_register_field_array(proto_kerberos, hf, array_length(hf));
10869 proto_register_subtree_array(ett, array_length(ett));
10870 expert_krb = expert_register_protocol(proto_kerberos);
10871 expert_register_field_array(expert_krb, ei, array_length(ei));
10872
10873 kerberos_tap = register_tap("kerberos");
10874 register_srt_table(proto_kerberos, NULL, 1, krb5stat_packet, krb5stat_init, NULL);
10875
10876 /* Register dissectors */
10877 kerberos_handle_udp = register_dissector("kerberos.udp", dissect_kerberos_udp, proto_kerberos);
10878 kerberos_handle_tcp = register_dissector("kerberos.tcp", dissect_kerberos_tcp, proto_kerberos);
10879
10880 /* Register preferences */
10881 krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
10882 prefs_register_bool_preference(krb_module, "desegment",
10883 "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
10884 "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
10885 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
10886 &krb_desegment);
10887 #ifdef HAVE_KERBEROS
10888 prefs_register_bool_preference(krb_module, "decrypt",
10889 "Try to decrypt Kerberos blobs",
10890 "Whether the dissector should try to decrypt "
10891 "encrypted Kerberos blobs. This requires that the proper "
10892 "keytab file is installed as well.", &krb_decrypt);
10893
10894 prefs_register_filename_preference(krb_module, "file",
10895 "Kerberos keytab file",
10896 "The keytab file containing all the secrets",
10897 &keytab_filename, false);
10898
10899 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
10900 wmem_register_callback(wmem_epan_scope(), enc_key_list_cb, NULL);
10901 kerberos_longterm_keys = wmem_map_new(wmem_epan_scope(),
10902 enc_key_content_hash,
10903 enc_key_content_equal);
10904 kerberos_all_keys = wmem_map_new_autoreset(wmem_epan_scope(),
10905 wmem_file_scope(),
10906 enc_key_content_hash,
10907 enc_key_content_equal);
10908 kerberos_app_session_keys = wmem_map_new_autoreset(wmem_epan_scope(),
10909 wmem_file_scope(),
10910 enc_key_content_hash,
10911 enc_key_content_equal);
10912 #endif /* defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) */
10913 #endif /* HAVE_KERBEROS */
10914
10915 }
10916 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
10917 proto_tree *tree, dcerpc_info *di _U_,uint8_t *drep _U_)
10918 {
10919 tvbuff_t *auth_tvb;
10920
10921 auth_tvb = tvb_new_subset_remaining(tvb, offset);
10922
10923 dissect_kerberos_main(auth_tvb, pinfo, tree, false, NULL);
10924
10925 return tvb_captured_length_remaining(tvb, offset);
10926 }
10927
10928
10929 static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = {
10930 wrap_dissect_gss_kerb, /* Bind */
10931 wrap_dissect_gss_kerb, /* Bind ACK */
10932 wrap_dissect_gss_kerb, /* AUTH3 */
10933 NULL, /* Request verifier */
10934 NULL, /* Response verifier */
10935 NULL, /* Request data */
10936 NULL /* Response data */
10937 };
10938
10939 static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = {
10940 wrap_dissect_gss_kerb, /* Bind */
10941 wrap_dissect_gss_kerb, /* Bind ACK */
10942 wrap_dissect_gss_kerb, /* AUTH3 */
10943 wrap_dissect_gssapi_verf, /* Request verifier */
10944 wrap_dissect_gssapi_verf, /* Response verifier */
10945 NULL, /* Request data */
10946 NULL /* Response data */
10947 };
10948
10949 static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = {
10950 wrap_dissect_gss_kerb, /* Bind */
10951 wrap_dissect_gss_kerb, /* Bind ACK */
10952 wrap_dissect_gss_kerb, /* AUTH3 */
10953 wrap_dissect_gssapi_verf, /* Request verifier */
10954 wrap_dissect_gssapi_verf, /* Response verifier */
10955 wrap_dissect_gssapi_payload, /* Request data */
10956 wrap_dissect_gssapi_payload /* Response data */
10957 };
10958
10959
10960
10961 void
10962 proto_reg_handoff_kerberos(void)
10963 {
10964 krb4_handle = find_dissector_add_dependency("krb4", proto_kerberos);
10965
10966 dissector_add_uint_with_preference("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
10967 dissector_add_uint_with_preference("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
10968
10969 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT,
10970 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
10971 &gss_kerb_auth_connect_fns);
10972
10973 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
10974 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
10975 &gss_kerb_auth_sign_fns);
10976
10977 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
10978 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
10979 &gss_kerb_auth_seal_fns);
10980 }
10981
10982 /*
10983 * Editor modelines - https://www.wireshark.org/tools/modelines.html
10984 *
10985 * Local variables:
10986 * c-basic-offset: 8
10987 * tab-width: 8
10988 * indent-tabs-mode: t
10989 * End:
10990 *
10991 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
10992 * :indentSize=8:tabSize=8:noTabs=false:
10993 */
Metzes wireshark repo