| blob | b2a7e8cf7c5d168e9e5596026431b9361d084c9a |
1 # kerberos.cnf
2 # kerberos conformation file
3 # Copyright 2008 Anders Broman
4 # $Id$
6 #.FIELD_RENAME
7 #EncryptedData/etype encryptedData_etype
8 KDC-REQ-BODY/etype kDC-REQ-BODY_etype
9 KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
10 EncKrbPrivPart/user-data encKrbPrivPart_user_data
11 EncryptedTicketData/cipher encryptedTicketData_cipher
12 EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
13 EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
14 PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
15 EncryptedAPREPData/cipher encryptedAPREPData_cipher
16 EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
17 EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
18 KRB-CRED/_untag/enc-part kRB_CRED_enc_part
19 KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
20 AP-REP/_untag/enc-part aP_REP_enc_part
21 KDC-REP/enc-part kDC_REP_enc_part
22 Ticket/_untag/enc-part ticket_enc_part
24 #.OMIT_ASSIGNMENT
25 AD-AND-OR
26 AD-KDCIssued
27 AD-LoginAlias
28 AD-MANDATORY-FOR-KDC
29 ADDR-TYPE
30 AUTHDATA-TYPE
31 ChangePasswdDataMS
32 EncryptedData
33 EtypeList
34 KerberosFlags
35 KRB5SignedPath
36 KRB5SignedPathData
37 KRB5SignedPathPrincipals
38 Krb5int32
39 Krb5uint32
40 PA-ClientCanonicalized
41 PA-ClientCanonicalizedNames
42 PA-ENC-TS-ENC
43 PA-ENC-SAM-RESPONSE-ENC
44 PA-PAC-REQUEST
45 PA-SAM-CHALLENGE-2
46 PA-SAM-CHALLENGE-2-BODY
47 PA-SAM-REDIRECT
48 PA-SAM-RESPONSE-2
49 PA-SAM-TYPE
50 PA-SERVER-REFERRAL-DATA
51 PA-ServerReferralData
52 PA-SvrReferralData
53 Principal
54 PROV-SRV-LOCATION
55 SAMFlags
56 TYPED-DATA
58 #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
59 guint32 msgtype;
61 %(DEFAULT_BODY)s
63 #.FN_FTR MESSAGE-TYPE
64 if (gbl_do_col_info) {
65 col_add_str(actx->pinfo->cinfo, COL_INFO,
66 val_to_str(msgtype, krb5_msg_types,
67 "Unknown msg type %#x"));
68 }
69 gbl_do_col_info=FALSE;
71 /* append the application type to the tree */
72 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
75 #.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
76 %(DEFAULT_BODY)s
78 #.FN_FTR ERROR-CODE
79 if(krb5_errorcode) {
80 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
81 "KRB Error: %s",
82 val_to_str(krb5_errorcode, krb5_error_codes,
83 "Unknown error code %#x"));
84 }
86 return offset;
87 #.END
88 #.FN_BODY KRB-ERROR/_untag/e-data
89 switch(krb5_errorcode){
90 case KRB5_ET_KRB5KDC_ERR_BADOPTION:
91 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
92 case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
93 case KRB5_ET_KRB5KDC_ERR_POLICY:
94 /* ms windows kdc sends e-data of this type containing a "salt"
95 * that contains the nt_status code for these error codes.
96 */
97 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
98 break;
99 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
100 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
101 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
102 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
104 break;
105 default:
106 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
107 }
110 #.FN_BODY Int32 VAL_PTR = (guint32*)actx->value_ptr
111 %(DEFAULT_BODY)s
113 #.FN_BODY PADATA-TYPE
115 actx->value_ptr = wmem_alloc(wmem_packet_scope(), sizeof(guint32));
117 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
118 (guint32*)actx->value_ptr);
120 if(tree){
121 proto_item_append_text(tree, " %s",
122 val_to_str(*((guint32*)actx->value_ptr), krb5_preauthentication_types,
123 "Unknown:%d"));
124 }
126 #.FN_BODY PA-DATA/padata-value
127 proto_tree *sub_tree=tree;
128 guint32 PA_DATA_type = 0;
130 if (actx->value_ptr) {
131 PA_DATA_type = *((guint32*)actx->value_ptr);
132 }
134 if(actx->created_item){
135 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
136 }
138 switch(PA_DATA_type){
139 case KRB5_PA_TGS_REQ:
140 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
141 break;
142 case KRB5_PA_PK_AS_REQ:
143 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
144 break;
145 case KRB5_PA_PK_AS_REP:
146 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
147 break;
148 case KRB5_PA_PAC_REQUEST:
149 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST);
150 break;
151 case KRB5_PA_S4U2SELF:
152 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
153 break;
154 case KRB5_PA_PROV_SRV_LOCATION:
155 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
156 break;
157 case KRB5_PA_ENC_TIMESTAMP:
158 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
159 break;
160 case KRB5_PA_ENCTYPE_INFO:
161 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
162 break;
163 case KRB5_PA_ENCTYPE_INFO2:
164 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
165 break;
166 case KRB5_PA_PW_SALT:
167 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
168 break;
169 default:
170 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
171 }
173 #.FN_BODY HostAddress/address
174 gint8 appclass;
175 gboolean pc;
176 gint32 tag;
177 guint32 len;
178 char *address_str;
179 proto_item *it=NULL;
180 guint32 addr_type = 0;
182 /* read header and len for the octet string */
183 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
184 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
186 if (actx->value_ptr) {
187 addr_type = *((guint32*)actx->value_ptr);
188 }
190 address_str=(char*)wmem_alloc(wmem_packet_scope(), ADDRESS_STR_BUFSIZ);
191 address_str[0]=0;
192 switch(addr_type){
193 case KRB5_ADDR_IPv4:
194 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
195 g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
196 break;
197 case KRB5_ADDR_NETBIOS:
198 {
199 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
200 int netbios_name_type;
201 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
203 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
204 g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
205 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
206 }
207 break;
208 case KRB5_ADDR_IPv6:
209 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
210 g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
211 break;
212 default:
213 proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
215 }
217 /* push it up two levels in the decode pane */
218 if(it){
219 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
220 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
221 }
223 offset+=len;
224 return offset;
227 #.TYPE_ATTR
228 #xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
230 #.FN_BODY ENCTYPE
231 actx->value_ptr = wmem_alloc(wmem_packet_scope(), sizeof(guint32));
233 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
234 (guint32*)actx->value_ptr);
236 #.FN_BODY EncryptedTicketData/cipher
237 /**/#ifdef HAVE_KERBEROS
238 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
239 /**/#else
240 %(DEFAULT_BODY)s
241 /**/#endif
242 return offset;
244 #.FN_BODY EncryptedAuthorizationData/cipher
245 /**/#ifdef HAVE_KERBEROS
246 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
247 /**/#else
248 %(DEFAULT_BODY)s
249 /**/#endif
250 return offset;
252 #.FN_BODY EncryptedKDCREPData/cipher
253 /**/#ifdef HAVE_KERBEROS
254 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
255 /**/#else
256 %(DEFAULT_BODY)s
257 /**/#endif
258 return offset;
260 #.FN_BODY PA-ENC-TIMESTAMP/cipher
261 /**/#ifdef HAVE_KERBEROS
262 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
263 /**/#else
264 %(DEFAULT_BODY)s
265 /**/#endif
266 return offset;
268 #.FN_BODY EncryptedAPREPData/cipher
269 /**/#ifdef HAVE_KERBEROS
270 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
271 /**/#else
272 %(DEFAULT_BODY)s
273 /**/#endif
274 return offset;
276 #.FN_BODY EncryptedKrbPrivData/cipher
277 /**/#ifdef HAVE_KERBEROS
278 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
279 /**/#else
280 %(DEFAULT_BODY)s
281 /**/#endif
282 return offset;
284 #.FN_BODY EncryptedKrbCredData/cipher
285 /**/#ifdef HAVE_KERBEROS
286 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
287 /**/#else
288 %(DEFAULT_BODY)s
289 /**/#endif
290 return offset;
293 #.FN_BODY CKSUMTYPE
294 actx->value_ptr = wmem_alloc(wmem_packet_scope(), sizeof(guint32));
296 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
297 (guint32*)actx->value_ptr);
299 #.FN_BODY Checksum/checksum
300 tvbuff_t *next_tvb;
301 guint32 checksum_type = 0;
303 if (actx->value_ptr) {
304 checksum_type = *((guint32*)actx->value_ptr);
305 }
307 switch(checksum_type){
308 case KRB5_CHKSUM_GSSAPI:
309 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
310 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
311 break;
312 default:
313 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
314 }
315 return offset;
317 #.FN_BODY EncryptionKey/keytype
318 kerberos_key_t* key = (kerberos_key_t*)wmem_alloc(wmem_packet_scope(), sizeof(kerberos_key_t));
319 actx->value_ptr = key;
321 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
322 &gbl_keytype);
323 key->keytype = gbl_keytype;
325 #.FN_BODY EncryptionKey/keyvalue
326 kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
328 if (key != NULL) {
329 key->keylength = tvb_length_remaining(tvb, offset);
330 key->keyvalue = tvb_get_ptr(tvb, offset, key->keylength);
331 }
333 %(DEFAULT_BODY)s
335 #.FN_BODY EncryptionKey
336 kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
338 %(DEFAULT_BODY)s
340 if (key != NULL) {
341 /**/#ifdef HAVE_KERBEROS
342 add_encryption_key(actx->pinfo, key->keytype, key->keylength, key->keyvalue, "key");
343 /**/#endif
344 }
346 #.FN_BODY AuthorizationData/_item/ad-type
347 actx->value_ptr = wmem_alloc(wmem_packet_scope(), sizeof(guint32));
349 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
350 (guint32*)actx->value_ptr);
352 #.FN_BODY AuthorizationData/_item/ad-data
353 guint32 adtype = 0;
355 if (actx->value_ptr) {
356 adtype = *((guint32*)actx->value_ptr);
357 }
359 switch(adtype){
360 case KRB5_AD_IF_RELEVANT:
361 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
362 break;
363 default:
364 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
365 }
367 #.FN_BODY HostAddress/addr-type
368 actx->value_ptr = wmem_alloc(wmem_packet_scope(), sizeof(guint32));
370 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
371 (guint32*)actx->value_ptr);
374 #.FN_BODY KDC-REQ-BODY
375 conversation_t *conversation;
377 /*
378 * UDP replies to KDC_REQs are sent from the server back to the client's
379 * source port, similar to the way TFTP works. Set up a conversation
380 * accordingly.
381 *
382 * Ref: Section 7.2.1 of
383 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
384 */
385 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
386 conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
387 actx->pinfo->srcport, 0, NO_PORT_B);
388 if (conversation == NULL) {
389 conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
390 actx->pinfo->srcport, 0, NO_PORT2);
391 conversation_set_dissector(conversation, kerberos_handle_udp);
392 }
393 }
395 %(DEFAULT_BODY)s
397 #.FN_BODY KRB-SAFE-BODY/user-data
398 tvbuff_t *new_tvb;
399 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
400 if (new_tvb) {
401 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, (kerberos_callbacks*)actx->private_data);
402 }
404 #.FN_BODY EncKrbPrivPart/user-data
405 tvbuff_t *new_tvb;
406 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
407 if (new_tvb) {
408 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data);
409 }