search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-kerberos.c
blobf0610542b418ddbd1d08003d3976b73f337106f0
1 /* packet-kerberos.c
2 * Routines for Kerberos
3 * Wes Hardaker (c) 2000
4 * wjhardaker@ucdavis.edu
5 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
6 * added AP-REQ and AP-REP dissection
7 *
8 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
9 * decryption of kerberos blobs if keytab is provided
10 *
11 * See RFC 1510, and various I-Ds and other documents showing additions,
12 * e.g. ones listed under
13 *
14 * http://www.isi.edu/people/bcn/krb-revisions/
15 *
16 * and
17 *
18 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
19 *
20 * and
21 *
22 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-05.txt
23 *
24 * Some structures from RFC2630
25 *
26 * Ted Percival ted[AT]midg3t.net
27 * Support for PA-S4U2Self Kerberos packet type based on ASN.1 description
28 * in Heimdal:
29 * http://loka.it.su.se/source/xref/heimdal/heimdal/lib/asn1/k5.asn1
30 *
31 * $Id$
32 *
33 * Wireshark - Network traffic analyzer
34 * By Gerald Combs <gerald@wireshark.org>
35 * Copyright 1998 Gerald Combs
36 *
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License
39 * as published by the Free Software Foundation; either version 2
40 * of the License, or (at your option) any later version.
41 *
42 * This program is distributed in the hope that it will be useful,
43 * but WITHOUT ANY WARRANTY; without even the implied warranty of
44 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 * GNU General Public License for more details.
46 *
47 * You should have received a copy of the GNU General Public License
48 * along with this program; if not, write to the Free Software
49 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
50 */
51
52 /*
53 * Some of the development of the Kerberos protocol decoder was sponsored by
54 * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary
55 * CableLabs' specifications. Your license and use of this protocol decoder
56 * does not mean that you are licensed to use the CableLabs'
57 * specifications. If you have questions about this protocol, contact
58 * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional
59 * information.
60 */
61
62 #include "config.h"
63
64 #include <stdio.h>
65 #include <string.h>
66
67 #include <glib.h>
68
69 #ifdef HAVE_LIBNETTLE
70 #define HAVE_KERBEROS
71 #ifdef _WIN32
72 #include <des.h>
73 #include <cbc.h>
74 #else
75 #include <nettle/des.h>
76 #include <nettle/cbc.h>
77 #endif
78 #include <wsutil/md5.h>
79 #include <sys/stat.h> /* For keyfile manipulation */
80 #endif
81
82 #include <epan/packet.h>
83
84 #include <epan/strutil.h>
85
86 #include <epan/conversation.h>
87 #include <epan/exceptions.h>
88 #include <epan/wmem/wmem.h>
89 #include <epan/asn1.h>
90 #include <epan/expert.h>
91 #include <epan/dissectors/packet-kerberos.h>
92 #include <epan/dissectors/packet-netbios.h>
93 #include <epan/dissectors/packet-tcp.h>
94 #include <epan/prefs.h>
95 #include <epan/dissectors/packet-ber.h>
96 #include <epan/dissectors/packet-pkinit.h>
97 #include <epan/dissectors/packet-cms.h>
98 #include <epan/dissectors/packet-windows-common.h>
99
100 #include <epan/dissectors/packet-dcerpc-netlogon.h>
101 #include <epan/dissectors/packet-dcerpc.h>
102
103 #include <epan/dissectors/packet-gssapi.h>
104 #include <epan/dissectors/packet-smb-common.h>
105
106 #include <wsutil/file_util.h>
107
108 #define UDP_PORT_KERBEROS 88
109 #define TCP_PORT_KERBEROS 88
110
111 static dissector_handle_t kerberos_handle_udp;
112
113 /* Desegment Kerberos over TCP messages */
114 static gboolean krb_desegment = TRUE;
115
116 static gint proto_kerberos = -1;
117 static gint hf_krb_rm_reserved = -1;
118 static gint hf_krb_rm_reclen = -1;
119
120 static gint hf_krb_pac_signature_type = -1;
121 static gint hf_krb_pac_signature_signature = -1;
122 static gint hf_krb_pac_clientid = -1;
123 static gint hf_krb_pac_namelen = -1;
124 static gint hf_krb_pac_clientname = -1;
125 static gint hf_krb_pac_upn_flags = -1;
126 static gint hf_krb_pac_upn_upn_name = -1;
127 static gint hf_krb_pac_upn_dns_name = -1;
128 static gint hf_krb_pac_upn_dns_offset = -1;
129 static gint hf_krb_pac_upn_dns_len = -1;
130 static gint hf_krb_pac_upn_upn_offset = -1;
131 static gint hf_krb_pac_upn_upn_len = -1;
132 static gint hf_krb_w2k_pac_entries = -1;
133 static gint hf_krb_w2k_pac_version = -1;
134 static gint hf_krb_w2k_pac_type = -1;
135 static gint hf_krb_w2k_pac_size = -1;
136 static gint hf_krb_w2k_pac_offset = -1;
137 static gint hf_krb_padata = -1;
138 static gint hf_krb_error_code = -1;
139 static gint hf_krb_ticket = -1;
140 static gint hf_krb_AP_REP_enc = -1;
141 static gint hf_krb_KDC_REP_enc = -1;
142 static gint hf_krb_tkt_vno = -1;
143 static gint hf_krb_e_data = -1;
144 static gint hf_krb_TransitedEncoding = -1;
145 static gint hf_krb_PA_PAC_REQUEST_flag = -1;
146 static gint hf_krb_encrypted_authenticator_data = -1;
147 static gint hf_krb_PAC_LOGON_INFO = -1;
148 static gint hf_krb_PAC_CREDENTIAL_TYPE = -1;
149 static gint hf_krb_PAC_SERVER_CHECKSUM = -1;
150 static gint hf_krb_PAC_PRIVSVR_CHECKSUM = -1;
151 static gint hf_krb_PAC_CLIENT_INFO_TYPE = -1;
152 static gint hf_krb_PAC_S4U_DELEGATION_INFO = -1;
153 static gint hf_krb_PAC_UPN_DNS_INFO = -1;
154 static gint hf_krb_encrypted_PA_ENC_TIMESTAMP = -1;
155 static gint hf_krb_encrypted_enc_authorization_data = -1;
156 static gint hf_krb_encrypted_EncKrbCredPart = -1;
157 static gint hf_krb_checksum_checksum = -1;
158 static gint hf_krb_encrypted_PRIV = -1;
159 static gint hf_krb_encrypted_Ticket_data = -1;
160 static gint hf_krb_encrypted_AP_REP_data = -1;
161 static gint hf_krb_encrypted_KDC_REP_data = -1;
162 static gint hf_krb_PA_DATA_type = -1;
163 static gint hf_krb_PA_DATA_value = -1;
164 static gint hf_krb_etype_info_salt = -1;
165 static gint hf_krb_etype_info2_salt = -1;
166 static gint hf_krb_etype_info2_s2kparams = -1;
167 static gint hf_krb_SAFE_BODY_user_data = -1;
168 static gint hf_krb_PRIV_BODY_user_data = -1;
169 static gint hf_krb_realm = -1;
170 static gint hf_krb_srealm = -1;
171 static gint hf_krb_prealm = -1;
172 static gint hf_krb_crealm = -1;
173 static gint hf_krb_sname = -1;
174 static gint hf_krb_pname = -1;
175 static gint hf_krb_cname = -1;
176 static gint hf_krb_name_string = -1;
177 static gint hf_krb_provsrv_location = -1;
178 static gint hf_krb_e_text = -1;
179 static gint hf_krb_s4u2self_auth = -1;
180 static gint hf_krb_name_type = -1;
181 static gint hf_krb_lr_type = -1;
182 static gint hf_krb_from = -1;
183 static gint hf_krb_till = -1;
184 static gint hf_krb_authtime = -1;
185 static gint hf_krb_patimestamp = -1;
186 static gint hf_krb_SAFE_BODY_timestamp = -1;
187 static gint hf_krb_pausec = -1;
188 static gint hf_krb_lr_time = -1;
189 static gint hf_krb_starttime = -1;
190 static gint hf_krb_endtime = -1;
191 static gint hf_krb_key_expire = -1;
192 static gint hf_krb_renew_till = -1;
193 static gint hf_krb_rtime = -1;
194 static gint hf_krb_ctime = -1;
195 static gint hf_krb_cusec = -1;
196 static gint hf_krb_stime = -1;
197 static gint hf_krb_susec = -1;
198 static gint hf_krb_SAFE_BODY_usec = -1;
199 static gint hf_krb_nonce = -1;
200 static gint hf_krb_transitedtype = -1;
201 static gint hf_krb_transitedcontents = -1;
202 static gint hf_krb_keytype = -1;
203 static gint hf_krb_keyvalue = -1;
204 static gint hf_krb_IF_RELEVANT_type = -1;
205 static gint hf_krb_IF_RELEVANT_value = -1;
206 static gint hf_krb_adtype = -1;
207 static gint hf_krb_advalue = -1;
208 static gint hf_krb_etype = -1;
209 static gint hf_krb_etypes = -1;
210 static gint hf_krb_KrbCredInfos = -1;
211 static gint hf_krb_sq_tickets = -1;
212 static gint hf_krb_LastReqs = -1;
213 static gint hf_krb_IF_RELEVANT = -1;
214 static gint hf_krb_addr_type = -1;
215 static gint hf_krb_address_ip = -1;
216 static gint hf_krb_address_ipv6 = -1;
217 static gint hf_krb_address_netbios = -1;
218 static gint hf_krb_msg_type = -1;
219 static gint hf_krb_pvno = -1;
220 static gint hf_krb_kvno = -1;
221 static gint hf_krb_checksum_type = -1;
222 static gint hf_krb_authenticator_vno = -1;
223 static gint hf_krb_AuthorizationData = -1;
224 static gint hf_krb_key = -1;
225 static gint hf_krb_subkey = -1;
226 static gint hf_krb_seq_number = -1;
227 static gint hf_krb_EncTicketPart = -1;
228 static gint hf_krb_EncAPRepPart = -1;
229 static gint hf_krb_EncKrbPrivPart = -1;
230 static gint hf_krb_EncKrbCredPart = -1;
231 static gint hf_krb_EncKDCRepPart = -1;
232 static gint hf_krb_LastReq = -1;
233 static gint hf_krb_Authenticator = -1;
234 static gint hf_krb_Checksum = -1;
235 static gint hf_krb_s_address = -1;
236 static gint hf_krb_r_address = -1;
237 static gint hf_krb_KrbCredInfo = -1;
238 static gint hf_krb_HostAddress = -1;
239 static gint hf_krb_HostAddresses = -1;
240 static gint hf_krb_APOptions = -1;
241 static gint hf_krb_APOptions_reserved = -1;
242 static gint hf_krb_APOptions_use_session_key = -1;
243 static gint hf_krb_APOptions_mutual_required = -1;
244 static gint hf_krb_TicketFlags = -1;
245 static gint hf_krb_TicketFlags_forwardable = -1;
246 static gint hf_krb_TicketFlags_forwarded = -1;
247 static gint hf_krb_TicketFlags_proxiable = -1;
248 static gint hf_krb_TicketFlags_proxy = -1;
249 static gint hf_krb_TicketFlags_allow_postdate = -1;
250 static gint hf_krb_TicketFlags_postdated = -1;
251 static gint hf_krb_TicketFlags_invalid = -1;
252 static gint hf_krb_TicketFlags_renewable = -1;
253 static gint hf_krb_TicketFlags_initial = -1;
254 static gint hf_krb_TicketFlags_pre_auth = -1;
255 static gint hf_krb_TicketFlags_hw_auth = -1;
256 static gint hf_krb_TicketFlags_transited_policy_checked = -1;
257 static gint hf_krb_TicketFlags_ok_as_delegate = -1;
258 static gint hf_krb_KDCOptions = -1;
259 static gint hf_krb_KDCOptions_forwardable = -1;
260 static gint hf_krb_KDCOptions_forwarded = -1;
261 static gint hf_krb_KDCOptions_proxiable = -1;
262 static gint hf_krb_KDCOptions_proxy = -1;
263 static gint hf_krb_KDCOptions_allow_postdate = -1;
264 static gint hf_krb_KDCOptions_postdated = -1;
265 static gint hf_krb_KDCOptions_renewable = -1;
266 static gint hf_krb_KDCOptions_constrained_delegation = -1;
267 static gint hf_krb_KDCOptions_canonicalize = -1;
268 static gint hf_krb_KDCOptions_opt_hardware_auth = -1;
269 static gint hf_krb_KDCOptions_disable_transited_check = -1;
270 static gint hf_krb_KDCOptions_renewable_ok = -1;
271 static gint hf_krb_KDCOptions_enc_tkt_in_skey = -1;
272 static gint hf_krb_KDCOptions_renew = -1;
273 static gint hf_krb_KDCOptions_validate = -1;
274 static gint hf_krb_KDC_REQ_BODY = -1;
275 static gint hf_krb_PRIV_BODY = -1;
276 static gint hf_krb_CRED_BODY = -1;
277 static gint hf_krb_ENC_PRIV = -1;
278 static gint hf_krb_authenticator_enc = -1;
279 static gint hf_krb_CRED_enc = -1;
280 static gint hf_krb_ticket_enc = -1;
281 static gint hf_krb_e_checksum = -1;
282 static gint hf_krb_gssapi_len = -1;
283 static gint hf_krb_gssapi_bnd = -1;
284 static gint hf_krb_gssapi_dlgopt = -1;
285 static gint hf_krb_gssapi_dlglen = -1;
286 static gint hf_krb_gssapi_c_flag_deleg = -1;
287 static gint hf_krb_gssapi_c_flag_mutual = -1;
288 static gint hf_krb_gssapi_c_flag_replay = -1;
289 static gint hf_krb_gssapi_c_flag_sequence = -1;
290 static gint hf_krb_gssapi_c_flag_conf = -1;
291 static gint hf_krb_gssapi_c_flag_integ = -1;
292 static gint hf_krb_gssapi_c_flag_dce_style = -1;
293 static gint hf_krb_smb_nt_status = -1;
294 static gint hf_krb_smb_unknown = -1;
295 static gint hf_krb_midl_blob_len = -1;
296 static gint hf_krb_midl_fill_bytes = -1;
297 static gint hf_krb_midl_version = -1;
298 static gint hf_krb_midl_hdr_len = -1;
299
300 static gint ett_krb_kerberos = -1;
301 static gint ett_krb_TransitedEncoding = -1;
302 static gint ett_krb_PAC_LOGON_INFO = -1;
303 static gint ett_krb_PAC_SERVER_CHECKSUM = -1;
304 static gint ett_krb_PAC_PRIVSVR_CHECKSUM = -1;
305 static gint ett_krb_PAC_CLIENT_INFO_TYPE = -1;
306 static gint ett_krb_PAC_S4U_DELEGATION_INFO = -1;
307 static gint ett_krb_KDC_REP_enc = -1;
308 static gint ett_krb_EncTicketPart = -1;
309 static gint ett_krb_EncAPRepPart = -1;
310 static gint ett_krb_EncKrbPrivPart = -1;
311 static gint ett_krb_EncKrbCredPart = -1;
312 static gint ett_krb_EncKDCRepPart = -1;
313 static gint ett_krb_LastReq = -1;
314 static gint ett_krb_Authenticator = -1;
315 static gint ett_krb_Checksum = -1;
316 static gint ett_krb_key = -1;
317 static gint ett_krb_subkey = -1;
318 static gint ett_krb_AuthorizationData = -1;
319 static gint ett_krb_sname = -1;
320 static gint ett_krb_pname = -1;
321 static gint ett_krb_cname = -1;
322 static gint ett_krb_AP_REP_enc = -1;
323 static gint ett_krb_padata = -1;
324 static gint ett_krb_etypes = -1;
325 static gint ett_krb_KrbCredInfos = -1;
326 static gint ett_krb_sq_tickets = -1;
327 static gint ett_krb_LastReqs = -1;
328 static gint ett_krb_IF_RELEVANT = -1;
329 static gint ett_krb_PA_DATA_tree = -1;
330 static gint ett_krb_PAC = -1;
331 static gint ett_krb_s_address = -1;
332 static gint ett_krb_r_address = -1;
333 static gint ett_krb_KrbCredInfo = -1;
334 static gint ett_krb_HostAddress = -1;
335 static gint ett_krb_HostAddresses = -1;
336 static gint ett_krb_authenticator_enc = -1;
337 static gint ett_krb_CRED_enc = -1;
338 static gint ett_krb_AP_Options = -1;
339 static gint ett_krb_KDC_Options = -1;
340 static gint ett_krb_Ticket_Flags = -1;
341 static gint ett_krb_request = -1;
342 static gint ett_krb_recordmark = -1;
343 static gint ett_krb_ticket = -1;
344 static gint ett_krb_ticket_enc = -1;
345 static gint ett_krb_CRED = -1;
346 static gint ett_krb_PRIV = -1;
347 static gint ett_krb_PRIV_enc = -1;
348 static gint ett_krb_e_checksum = -1;
349 static gint ett_krb_PAC_MIDL_BLOB = -1;
350 static gint ett_krb_PAC_DREP = -1;
351 static gint ett_krb_PAC_UPN_DNS_INFO = -1;
352
353 static expert_field ei_krb_decrypted_keytype = EI_INIT;
354
355 static guint32 krb5_errorcode;
356
357
358 static dissector_handle_t krb4_handle=NULL;
359
360 static gboolean gbl_do_col_info;
361
362
363 static void
364 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
365 {
366 if(!cb){
367 return;
368 }
369
370 while(cb->tag){
371 if(cb->tag==tag){
372 cb->callback(pinfo, tvb, tree);
373 return;
374 }
375 cb++;
376 }
377 return;
378 }
379
380
381
382 #ifdef HAVE_KERBEROS
383
384 /* Decrypt Kerberos blobs */
385 gboolean krb_decrypt = FALSE;
386
387 /* keytab filename */
388 static const char *keytab_filename = "";
389
390 WS_DLL_PUBLIC
391 void read_keytab_file(const char *);
392
393 void
394 read_keytab_file_from_preferences(void)
395 {
396 static char *last_keytab = NULL;
397
398 if (!krb_decrypt) {
399 return;
400 }
401
402 if (keytab_filename == NULL) {
403 return;
404 }
405
406 if (last_keytab && !strcmp(last_keytab, keytab_filename)) {
407 return;
408 }
409
410 if (last_keytab != NULL) {
411 g_free(last_keytab);
412 last_keytab = NULL;
413 }
414 last_keytab = g_strdup(keytab_filename);
415
416 read_keytab_file(last_keytab);
417 }
418
419 #elif defined(_WIN32)
420
421 /*
422 * Dummy version to allow us to export this function -- even
423 * on systems without KERBEROS.
424 */
425 void
426 read_keytab_file_from_preferences(void)
427 {
428 }
429
430 #endif
431
432 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
433 #ifdef _WIN32
434 /* prevent redefinition warnings in kfw-2.5\inc\win_mac.h */
435 #undef HAVE_STDARG_H
436 #undef HAVE_SYS_TYPES_H
437 #endif
438 #include <krb5.h>
439 enc_key_t *enc_key_list=NULL;
440
441 static void
442 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
443 {
444 enc_key_t *new_key;
445
446 if(pinfo->fd->flags.visited){
447 return;
448 }
449 printf("added key in %u keytype:%d len:%d\n",pinfo->fd->num, keytype, keylength);
450
451 new_key=(enc_key_t *)g_malloc(sizeof(enc_key_t));
452 g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u",origin,pinfo->fd->num);
453 new_key->next=enc_key_list;
454 enc_key_list=new_key;
455 new_key->keytype=keytype;
456 new_key->keylength=keylength;
457 /*XXX this needs to be freed later */
458 new_key->keyvalue=(char *)g_memdup(keyvalue, keylength);
459 }
460 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
461
462 #if defined(_WIN32) && !defined(HAVE_HEIMDAL_KERBEROS) && !defined(HAVE_MIT_KERBEROS) && !defined(HAVE_LIBNETTLE)
463 void
464 read_keytab_file(const char *filename _U_)
465 {
466 }
467 #endif
468
469 #ifdef HAVE_MIT_KERBEROS
470
471 static krb5_context krb5_ctx;
472
473 void
474 read_keytab_file(const char *filename)
475 {
476 krb5_keytab keytab;
477 krb5_error_code ret;
478 krb5_keytab_entry key;
479 krb5_kt_cursor cursor;
480 enc_key_t *new_key;
481 static gboolean first_time=TRUE;
482
483 printf("read keytab file %s\n", filename);
484 if(first_time){
485 first_time=FALSE;
486 ret = krb5_init_context(&krb5_ctx);
487 if(ret && ret != KRB5_CONFIG_CANTOPEN){
488 return;
489 }
490 }
491
492 /* should use a file in the wireshark users dir */
493 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
494 if(ret){
495 fprintf(stderr, "KERBEROS ERROR: Badly formatted keytab filename :%s\n",filename);
496
497 return;
498 }
499
500 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
501 if(ret){
502 fprintf(stderr, "KERBEROS ERROR: Could not open or could not read from keytab file :%s\n",filename);
503 return;
504 }
505
506 do{
507 new_key=(enc_key_t *)g_malloc(sizeof(enc_key_t));
508 new_key->next=enc_key_list;
509 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
510 if(ret==0){
511 int i;
512 char *pos;
513
514 /* generate origin string, describing where this key came from */
515 pos=new_key->key_origin;
516 pos+=MIN(KRB_MAX_ORIG_LEN,
517 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
518 for(i=0;i<key.principal->length;i++){
519 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
520 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),(key.principal->data[i]).data));
521 }
522 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
523 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm.data));
524 *pos=0;
525 /*printf("added key for principal :%s\n", new_key->key_origin);*/
526 new_key->keytype=key.key.enctype;
527 new_key->keylength=key.key.length;
528 new_key->keyvalue=(char *)g_memdup(key.key.contents, key.key.length);
529 enc_key_list=new_key;
530 }
531 }while(ret==0);
532
533 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
534 if(ret){
535 krb5_kt_close(krb5_ctx, keytab);
536 }
537
538 }
539
540
541 guint8 *
542 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
543 int usage,
544 tvbuff_t *cryptotvb,
545 int keytype,
546 int *datalen)
547 {
548 krb5_error_code ret;
549 enc_key_t *ek;
550 krb5_data data = {0,0,NULL};
551 krb5_keytab_entry key;
552 int length = tvb_length(cryptotvb);
553 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
554
555 /* don't do anything if we are not attempting to decrypt data */
556 if(!krb_decrypt || length < 1){
557 return NULL;
558 }
559
560 /* make sure we have all the data we need */
561 if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
562 return NULL;
563 }
564
565 read_keytab_file_from_preferences();
566 data.data = (char *)g_malloc(length);
567 data.length = length;
568
569 for(ek=enc_key_list;ek;ek=ek->next){
570 krb5_enc_data input;
571
572 /* shortcircuit and bail out if enctypes are not matching */
573 if((keytype != -1) && (ek->keytype != keytype)) {
574 continue;
575 }
576
577 input.enctype = ek->keytype;
578 input.ciphertext.length = length;
579 input.ciphertext.data = (guint8 *)cryptotext;
580
581 key.key.enctype=ek->keytype;
582 key.key.length=ek->keylength;
583 key.key.contents=ek->keyvalue;
584 ret = krb5_c_decrypt(krb5_ctx, &(key.key), usage, 0, &input, &data);
585 if(ret == 0){
586 char *user_data;
587
588 expert_add_info_format(pinfo, NULL, &ei_krb_decrypted_keytype,
589 "Decrypted keytype %d in frame %u using %s",
590 ek->keytype, pinfo->fd->num, ek->key_origin);
591
592 proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
593 /* return a private g_malloced blob to the caller */
594 user_data=data.data;
595 if (datalen) {
596 *datalen = data.length;
597 }
598 return user_data;
599 }
600 }
601 g_free(data.data);
602
603 return NULL;
604 }
605
606 #elif defined(HAVE_HEIMDAL_KERBEROS)
607 static krb5_context krb5_ctx;
608
609 void
610 read_keytab_file(const char *filename)
611 {
612 krb5_keytab keytab;
613 krb5_error_code ret;
614 krb5_keytab_entry key;
615 krb5_kt_cursor cursor;
616 enc_key_t *new_key;
617 static gboolean first_time=TRUE;
618
619 if(first_time){
620 first_time=FALSE;
621 ret = krb5_init_context(&krb5_ctx);
622 if(ret){
623 return;
624 }
625 }
626
627 /* should use a file in the wireshark users dir */
628 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
629 if(ret){
630 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
631
632 return;
633 }
634
635 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
636 if(ret){
637 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
638 return;
639 }
640
641 do{
642 new_key=(enc_key_t*)g_malloc(sizeof(enc_key_t));
643 new_key->next=enc_key_list;
644 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
645 if(ret==0){
646 unsigned int i;
647 char *pos;
648
649 /* generate origin string, describing where this key came from */
650 pos=new_key->key_origin;
651 pos+=MIN(KRB_MAX_ORIG_LEN,
652 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
653 for(i=0;i<key.principal->name.name_string.len;i++){
654 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
655 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]));
656 }
657 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
658 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm));
659 *pos=0;
660 new_key->keytype=key.keyblock.keytype;
661 new_key->keylength=key.keyblock.keyvalue.length;
662 new_key->keyvalue=(char*)g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length);
663 enc_key_list=new_key;
664 }
665 }while(ret==0);
666
667 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
668 if(ret){
669 krb5_kt_close(krb5_ctx, keytab);
670 }
671
672 }
673
674
675 guint8 *
676 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
677 int usage,
678 tvbuff_t *cryptotvb,
679 int keytype,
680 int *datalen)
681 {
682 krb5_error_code ret;
683 krb5_data data;
684 enc_key_t *ek;
685 int length = tvb_length(cryptotvb);
686 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
687
688 /* don't do anything if we are not attempting to decrypt data */
689 if(!krb_decrypt){
690 return NULL;
691 }
692
693 /* make sure we have all the data we need */
694 if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
695 return NULL;
696 }
697
698 read_keytab_file_from_preferences();
699
700 for(ek=enc_key_list;ek;ek=ek->next){
701 krb5_keytab_entry key;
702 krb5_crypto crypto;
703 guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
704
705 /* shortcircuit and bail out if enctypes are not matching */
706 if((keytype != -1) && (ek->keytype != keytype)) {
707 continue;
708 }
709
710 key.keyblock.keytype=ek->keytype;
711 key.keyblock.keyvalue.length=ek->keylength;
712 key.keyblock.keyvalue.data=ek->keyvalue;
713 ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), (krb5_enctype)0, &crypto);
714 if(ret){
715 return NULL;
716 }
717
718 /* pre-0.6.1 versions of Heimdal would sometimes change
719 the cryptotext data even when the decryption failed.
720 This would obviously not work since we iterate over the
721 keys. So just give it a copy of the crypto data instead.
722 This has been seen for RC4-HMAC blobs.
723 */
724 cryptocopy=(guint8*)g_memdup(cryptotext, length);
725 ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage,
726 cryptocopy, length,
727 &data,
728 NULL);
729 g_free(cryptocopy);
730 if((ret == 0) && (length>0)){
731 char *user_data;
732
733 printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num);
734 proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
735 krb5_crypto_destroy(krb5_ctx, crypto);
736 /* return a private g_malloced blob to the caller */
737 user_data=(char*)g_memdup(data.data, data.length);
738 if (datalen) {
739 *datalen = data.length;
740 }
741 return user_data;
742 }
743 krb5_crypto_destroy(krb5_ctx, crypto);
744 }
745 return NULL;
746 }
747
748 #elif defined (HAVE_LIBNETTLE)
749
750 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
751 #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */
752
753 typedef struct _service_key_t {
754 guint16 kvno;
755 int keytype;
756 int length;
757 guint8 *contents;
758 char origin[KRB_MAX_ORIG_LEN+1];
759 } service_key_t;
760 GSList *service_key_list = NULL;
761
762
763 static void
764 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
765 {
766 service_key_t *new_key;
767
768 if(pinfo->fd->flags.visited){
769 return;
770 }
771 printf("added key in %u\n",pinfo->fd->num);
772
773 new_key = g_malloc(sizeof(service_key_t));
774 new_key->kvno = 0;
775 new_key->keytype = keytype;
776 new_key->length = keylength;
777 new_key->contents = g_memdup(keyvalue, keylength);
778 g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->fd->num);
779 service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
780 }
781
782 static void
783 clear_keytab(void) {
784 GSList *ske;
785 service_key_t *sk;
786
787 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
788 sk = (service_key_t *) ske->data;
789 if (sk) {
790 g_free(sk->contents);
791 g_free(sk);
792 }
793 }
794 g_slist_free(service_key_list);
795 service_key_list = NULL;
796 }
797
798 static void
799 read_keytab_file(const char *service_key_file)
800 {
801 FILE *skf;
802 ws_statb64 st;
803 service_key_t *sk;
804 unsigned char buf[SERVICE_KEY_SIZE];
805 int newline_skip = 0, count = 0;
806
807 if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) {
808
809 /* The service key file contains raw 192-bit (24 byte) 3DES keys.
810 * There can be zero, one (\n), or two (\r\n) characters between
811 * keys. Trailing characters are ignored.
812 */
813
814 /* XXX We should support the standard keytab format instead */
815 if (st.st_size > SERVICE_KEY_SIZE) {
816 if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) ||
817 (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) {
818 newline_skip = 1;
819 } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) ||
820 (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) {
821 newline_skip = 2;
822 }
823 }
824
825 skf = ws_fopen(service_key_file, "rb");
826 if (! skf) return;
827
828 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
829 sk = g_malloc(sizeof(service_key_t));
830 sk->kvno = buf[0] << 8 | buf[1];
831 sk->keytype = KEYTYPE_DES3_CBC_MD5;
832 sk->length = DES3_KEY_SIZE;
833 sk->contents = g_memdup(buf + 2, DES3_KEY_SIZE);
834 g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
835 service_key_list = g_slist_append(service_key_list, (gpointer) sk);
836 fseek(skf, newline_skip, SEEK_CUR);
837 count++;
838 g_warning("added key: %s", sk->origin);
839 }
840 fclose(skf);
841 }
842 }
843
844 #define CONFOUNDER_PLUS_CHECKSUM 24
845
846 guint8 *
847 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
848 int _U_ usage,
849 tvbuff_t *cryptotvb,
850 int keytype,
851 int *datalen)
852 {
853 tvbuff_t *encr_tvb;
854 guint8 *decrypted_data = NULL, *plaintext = NULL;
855 guint8 cls;
856 gboolean pc;
857 guint32 tag, item_len, data_len;
858 int id_offset, offset;
859 guint8 key[DES3_KEY_SIZE];
860 guint8 initial_vector[DES_BLOCK_SIZE];
861 md5_state_t md5s;
862 md5_byte_t digest[16];
863 md5_byte_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
864 md5_byte_t confounder[8];
865 gboolean ind;
866 GSList *ske;
867 service_key_t *sk;
868 struct des3_ctx ctx;
869 int length = tvb_length(cryptotvb);
870 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
871
872
873 /* don't do anything if we are not attempting to decrypt data */
874 if(!krb_decrypt){
875 return NULL;
876 }
877
878 /* make sure we have all the data we need */
879 if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
880 return NULL;
881 }
882
883 if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
884 return NULL;
885 }
886
887 decrypted_data = g_malloc(length);
888 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
889 gboolean do_continue = FALSE;
890 sk = (service_key_t *) ske->data;
891
892 des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
893
894 md5_init(&md5s);
895 memset(initial_vector, 0, DES_BLOCK_SIZE);
896 des3_set_key(&ctx, key);
897 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
898 length, decrypted_data, cryptotext);
899 encr_tvb = tvb_new_real_data(decrypted_data, length, length);
900
901 tvb_memcpy(encr_tvb, confounder, 0, 8);
902
903 /* We have to pull the decrypted data length from the decrypted
904 * content. If the key doesn't match or we otherwise get garbage,
905 * an exception may get thrown while decoding the ASN.1 header.
906 * Catch it, just in case.
907 */
908 TRY {
909 id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
910 offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind);
911 }
912 CATCH_BOUNDS_ERRORS {
913 tvb_free(encr_tvb);
914 do_continue = TRUE;
915 }
916 ENDTRY;
917
918 if (do_continue) continue;
919
920 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM;
921 if ((int) item_len + offset > length) {
922 tvb_free(encr_tvb);
923 continue;
924 }
925
926 md5_append(&md5s, confounder, 8);
927 md5_append(&md5s, zero_fill, 16);
928 md5_append(&md5s, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
929 md5_finish(&md5s, digest);
930
931 if (tvb_memeql (encr_tvb, 8, digest, 16) == 0) {
932 g_warning("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
933 plaintext = g_malloc(data_len);
934 tvb_memcpy(encr_tvb, plaintext, CONFOUNDER_PLUS_CHECKSUM, data_len);
935 tvb_free(encr_tvb);
936
937 if (datalen) {
938 *datalen = data_len;
939 }
940 g_free(decrypted_data);
941 return(plaintext);
942 }
943 tvb_free(encr_tvb);
944 }
945
946 g_free(decrypted_data);
947 return NULL;
948 }
949
950
951 #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
952
953 #define INET6_ADDRLEN 16
954
955 /* TCP Record Mark */
956 #define KRB_RM_RESERVED 0x80000000U
957 #define KRB_RM_RECLEN 0x7fffffffU
958
959 #define KRB5_MSG_TICKET 1 /* Ticket */
960 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
961 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
962 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
963 #define KRB5_MSG_AS_REP 11 /* AS-REP type */
964 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
965 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
966 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
967 #define KRB5_MSG_AP_REP 15 /* AP-REP type */
968
969 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
970 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
971 #define KRB5_MSG_CRED 22 /* KRB-CRED type */
972 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
973 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
974 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
975 #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */
976 #define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */
977 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
978
979 /* address type constants */
980 #define KRB5_ADDR_IPv4 0x02
981 #define KRB5_ADDR_CHAOS 0x05
982 #define KRB5_ADDR_XEROX 0x06
983 #define KRB5_ADDR_ISO 0x07
984 #define KRB5_ADDR_DECNET 0x0c
985 #define KRB5_ADDR_APPLETALK 0x10
986 #define KRB5_ADDR_NETBIOS 0x14
987 #define KRB5_ADDR_IPv6 0x18
988
989 /* encryption type constants */
990 #define KRB5_ENCTYPE_NULL 0
991 #define KRB5_ENCTYPE_DES_CBC_CRC 1
992 #define KRB5_ENCTYPE_DES_CBC_MD4 2
993 #define KRB5_ENCTYPE_DES_CBC_MD5 3
994 #define KRB5_ENCTYPE_DES_CBC_RAW 4
995 #define KRB5_ENCTYPE_DES3_CBC_SHA 5
996 #define KRB5_ENCTYPE_DES3_CBC_RAW 6
997 #define KRB5_ENCTYPE_DES_HMAC_SHA1 8
998 #define KRB5_ENCTYPE_DSA_SHA1_CMS 9
999 #define KRB5_ENCTYPE_RSA_MD5_CMS 10
1000 #define KRB5_ENCTYPE_RSA_SHA1_CMS 11
1001 #define KRB5_ENCTYPE_RC2_CBC_ENV 12
1002 #define KRB5_ENCTYPE_RSA_ENV 13
1003 #define KRB5_ENCTYPE_RSA_ES_OEAP_ENV 14
1004 #define KRB5_ENCTYPE_DES_EDE3_CBC_ENV 15
1005 #define KRB5_ENCTYPE_DES3_CBC_SHA1 16
1006 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 17
1007 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 18
1008 #define KRB5_ENCTYPE_DES_CBC_MD5_NT 20
1009 #define KERB_ENCTYPE_RC4_HMAC 23
1010 #define KERB_ENCTYPE_RC4_HMAC_EXP 24
1011 #define KRB5_ENCTYPE_UNKNOWN 0x1ff
1012 #define KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
1013 #define KRB5_ENCTYPE_RC4_PLAIN_EXP 0xffffff73
1014 #define KRB5_ENCTYPE_RC4_PLAIN 0xffffff74
1015 #define KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP 0xffffff78
1016 #define KRB5_ENCTYPE_RC4_HMAC_OLD_EXP 0xffffff79
1017 #define KRB5_ENCTYPE_RC4_PLAIN_OLD 0xffffff7a
1018 #define KRB5_ENCTYPE_RC4_HMAC_OLD 0xffffff7b
1019 #define KRB5_ENCTYPE_DES_PLAIN 0xffffff7c
1020 #define KRB5_ENCTYPE_RC4_SHA 0xffffff7d
1021 #define KRB5_ENCTYPE_RC4_LM 0xffffff7e
1022 #define KRB5_ENCTYPE_RC4_PLAIN2 0xffffff7f
1023 #define KRB5_ENCTYPE_RC4_MD4 0xffffff80
1024
1025 /* checksum types */
1026 #define KRB5_CHKSUM_NONE 0
1027 #define KRB5_CHKSUM_CRC32 1
1028 #define KRB5_CHKSUM_MD4 2
1029 #define KRB5_CHKSUM_KRB_DES_MAC 4
1030 #define KRB5_CHKSUM_KRB_DES_MAC_K 5
1031 #define KRB5_CHKSUM_MD5 7
1032 #define KRB5_CHKSUM_MD5_DES 8
1033 /* the following four come from packetcable */
1034 #define KRB5_CHKSUM_MD5_DES3 9
1035 #define KRB5_CHKSUM_HMAC_SHA1_DES3_KD 12
1036 #define KRB5_CHKSUM_HMAC_SHA1_DES3 13
1037 #define KRB5_CHKSUM_SHA1_UNKEYED 14
1038 #define KRB5_CHKSUM_HMAC_MD5 0xffffff76
1039 #define KRB5_CHKSUM_MD5_HMAC 0xffffff77
1040 #define KRB5_CHKSUM_RC4_MD5 0xffffff78
1041 #define KRB5_CHKSUM_MD25 0xffffff79
1042 #define KRB5_CHKSUM_DES_MAC_MD5 0xffffff7a
1043 #define KRB5_CHKSUM_DES_MAC 0xffffff7b
1044 #define KRB5_CHKSUM_REAL_CRC32 0xffffff7c
1045 #define KRB5_CHKSUM_SHA1 0xffffff7d
1046 #define KRB5_CHKSUM_LM 0xffffff7e
1047 #define KRB5_CHKSUM_GSSAPI 0x8003
1048
1049 /*
1050 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
1051 *
1052 * http://www.ietf.org/internet-drafts/draft-brezak-win2k-krb-rc4-hmac-04.txt
1053 *
1054 * unless it's expired.
1055 */
1056
1057 /* pre-authentication type constants */
1058 #define KRB5_PA_TGS_REQ 1
1059 #define KRB5_PA_ENC_TIMESTAMP 2
1060 #define KRB5_PA_PW_SALT 3
1061 #define KRB5_PA_ENC_ENCKEY 4
1062 #define KRB5_PA_ENC_UNIX_TIME 5
1063 #define KRB5_PA_ENC_SANDIA_SECURID 6
1064 #define KRB5_PA_SESAME 7
1065 #define KRB5_PA_OSF_DCE 8
1066 #define KRB5_PA_CYBERSAFE_SECUREID 9
1067 #define KRB5_PA_AFS3_SALT 10
1068 #define KRB5_PA_ENCTYPE_INFO 11
1069 #define KRB5_PA_SAM_CHALLENGE 12
1070 #define KRB5_PA_SAM_RESPONSE 13
1071 #define KRB5_PA_PK_AS_REQ 14
1072 #define KRB5_PA_PK_AS_REP 15
1073 #define KRB5_PA_DASS 16
1074 #define KRB5_PA_ENCTYPE_INFO2 19
1075 #define KRB5_PA_USE_SPECIFIED_KVNO 20
1076 #define KRB5_PA_SAM_REDIRECT 21
1077 #define KRB5_PA_GET_FROM_TYPED_DATA 22
1078 #define KRB5_PA_SAM_ETYPE_INFO 23
1079 #define KRB5_PA_ALT_PRINC 24
1080 #define KRB5_PA_SAM_CHALLENGE2 30
1081 #define KRB5_PA_SAM_RESPONSE2 31
1082 #define KRB5_TD_PKINIT_CMS_CERTIFICATES 101
1083 #define KRB5_TD_KRB_PRINCIPAL 102
1084 #define KRB5_TD_KRB_REALM 103
1085 #define KRB5_TD_TRUSTED_CERTIFIERS 104
1086 #define KRB5_TD_CERTIFICATE_INDEX 105
1087 #define KRB5_TD_APP_DEFINED_ERROR 106
1088 #define KRB5_TD_REQ_NONCE 107
1089 #define KRB5_TD_REQ_SEQ 108
1090
1091 /* preauthentication types >127 (i.e. negative ones) are app specific.
1092 however since Microsoft is the dominant(only?) user of types in this range
1093 we also treat the type as unsigned.
1094 */
1095 #define KRB5_PA_PAC_REQUEST 128 /* (Microsoft extension) */
1096 #define KRB5_PA_FOR_USER 129 /* Impersonation (Microsoft extension) See [MS-SFU] */
1097
1098 #define KRB5_PA_PROV_SRV_LOCATION 0xffffffff /* (gint32)0xFF) packetcable stuff */
1099
1100 /* Principal name-type */
1101 #define KRB5_NT_UNKNOWN 0
1102 #define KRB5_NT_PRINCIPAL 1
1103 #define KRB5_NT_SRV_INST 2
1104 #define KRB5_NT_SRV_HST 3
1105 #define KRB5_NT_SRV_XHST 4
1106 #define KRB5_NT_UID 5
1107 #define KRB5_NT_X500_PRINCIPAL 6
1108 #define KRB5_NT_SMTP_NAME 7
1109 #define KRB5_NT_ENTERPRISE 10
1110
1111 /*
1112 * MS specific name types, from
1113 *
1114 * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
1115 */
1116 #define KRB5_NT_MS_PRINCIPAL -128
1117 #define KRB5_NT_MS_PRINCIPAL_AND_SID -129
1118 #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130
1119 #define KRB5_NT_PRINCIPAL_AND_SID -131
1120 #define KRB5_NT_SRV_INST_AND_SID -132
1121
1122 /* error table constants */
1123 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
1124 #define KRB5_ET_KRB5KDC_ERR_NONE 0
1125 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1
1126 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2
1127 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3
1128 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4
1129 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5
1130 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6
1131 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7
1132 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
1133 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9
1134 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10
1135 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11
1136 #define KRB5_ET_KRB5KDC_ERR_POLICY 12
1137 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13
1138 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14
1139 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15
1140 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16
1141 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17
1142 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18
1143 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19
1144 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20
1145 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21
1146 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22
1147 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23
1148 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
1149 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
1150 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
1151 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
1152 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
1153 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
1154 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
1155 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
1156 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
1157 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34
1158 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35
1159 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36
1160 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37
1161 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38
1162 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39
1163 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40
1164 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41
1165 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42
1166 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43
1167 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44
1168 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45
1169 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46
1170 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47
1171 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
1172 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
1173 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
1174 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
1175 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
1176 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60
1177 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
1178 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
1179 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
1180 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64
1181 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
1182 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
1183 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67
1184 #define KRB5_ET_KDC_ERR_WRONG_REALM 68
1185 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
1186 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
1187 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
1188 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
1189 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
1190 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
1191 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
1192 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
1193
1194 static const value_string krb5_error_codes[] = {
1195 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
1196 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
1197 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
1198 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
1199 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
1200 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
1201 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
1202 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
1203 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
1204 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
1205 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
1206 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
1207 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
1208 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
1209 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
1210 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
1211 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
1212 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
1213 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
1214 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
1215 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
1216 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
1217 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
1218 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
1219 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
1220 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
1221 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
1222 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
1223 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
1224 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
1225 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
1226 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
1227 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
1228 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
1229 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
1230 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
1231 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
1232 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
1233 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
1234 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
1235 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
1236 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
1237 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
1238 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
1239 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
1240 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
1241 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
1242 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
1243 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
1244 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
1245 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
1246 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
1247 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
1248 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
1249 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
1250 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
1251 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
1252 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
1253 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
1254 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
1255 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
1256 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
1257 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
1258 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
1259 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
1260 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
1261 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
1262 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
1263 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
1264 { 0, NULL }
1265 };
1266
1267
1268 #define PAC_LOGON_INFO 1
1269 #define PAC_CREDENTIAL_TYPE 2
1270 #define PAC_SERVER_CHECKSUM 6
1271 #define PAC_PRIVSVR_CHECKSUM 7
1272 #define PAC_CLIENT_INFO_TYPE 10
1273 #define PAC_S4U_DELEGATION_INFO 11
1274 #define PAC_UPN_DNS_INFO 12
1275
1276 static const value_string w2k_pac_types[] = {
1277 { PAC_LOGON_INFO , "Logon Info" },
1278 { PAC_CREDENTIAL_TYPE , "Credential Type" },
1279 { PAC_SERVER_CHECKSUM , "Server Checksum" },
1280 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
1281 { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
1282 { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" },
1283 { PAC_UPN_DNS_INFO , "UPN DNS Info" },
1284 { 0, NULL },
1285 };
1286
1287
1288
1289 static const value_string krb5_princ_types[] = {
1290 { KRB5_NT_UNKNOWN , "Unknown" },
1291 { KRB5_NT_PRINCIPAL , "Principal" },
1292 { KRB5_NT_SRV_INST , "Service and Instance" },
1293 { KRB5_NT_SRV_HST , "Service and Host" },
1294 { KRB5_NT_SRV_XHST , "Service and Host Components" },
1295 { KRB5_NT_UID , "Unique ID" },
1296 { KRB5_NT_X500_PRINCIPAL , "Encoded X.509 Distinguished Name" },
1297 { KRB5_NT_SMTP_NAME , "SMTP Name" },
1298 { KRB5_NT_ENTERPRISE , "Enterprise Name" },
1299 { KRB5_NT_MS_PRINCIPAL , "NT 4.0 style name (MS specific)" },
1300 { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
1301 { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
1302 { KRB5_NT_PRINCIPAL_AND_SID , "Principal name and SID (MS specific)"},
1303 { KRB5_NT_SRV_INST_AND_SID , "SPN and SID (MS specific)"},
1304 { 0 , NULL },
1305 };
1306
1307 static const value_string krb5_preauthentication_types[] = {
1308 { KRB5_PA_TGS_REQ , "PA-TGS-REQ" },
1309 { KRB5_PA_ENC_TIMESTAMP , "PA-ENC-TIMESTAMP" },
1310 { KRB5_PA_PW_SALT , "PA-PW-SALT" },
1311 { KRB5_PA_ENC_ENCKEY , "PA-ENC-ENCKEY" },
1312 { KRB5_PA_ENC_UNIX_TIME , "PA-ENC-UNIX-TIME" },
1313 { KRB5_PA_ENC_SANDIA_SECURID , "PA-PW-SALT" },
1314 { KRB5_PA_SESAME , "PA-SESAME" },
1315 { KRB5_PA_OSF_DCE , "PA-OSF-DCE" },
1316 { KRB5_PA_CYBERSAFE_SECUREID , "PA-CYBERSAFE-SECURID" },
1317 { KRB5_PA_AFS3_SALT , "PA-AFS3-SALT" },
1318 { KRB5_PA_ENCTYPE_INFO , "PA-ENCTYPE-INFO" },
1319 { KRB5_PA_ENCTYPE_INFO2 , "PA-ENCTYPE-INFO2" },
1320 { KRB5_PA_SAM_CHALLENGE , "PA-SAM-CHALLENGE" },
1321 { KRB5_PA_SAM_RESPONSE , "PA-SAM-RESPONSE" },
1322 { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" },
1323 { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" },
1324 { KRB5_PA_DASS , "PA-DASS" },
1325 { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" },
1326 { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" },
1327 { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" },
1328 { KRB5_PA_SAM_ETYPE_INFO , "PA-SAM-ETYPE-INFO" },
1329 { KRB5_PA_ALT_PRINC , "PA-ALT-PRINC" },
1330 { KRB5_PA_SAM_CHALLENGE2 , "PA-SAM-CHALLENGE2" },
1331 { KRB5_PA_SAM_RESPONSE2 , "PA-SAM-RESPONSE2" },
1332 { KRB5_TD_PKINIT_CMS_CERTIFICATES, "TD-PKINIT-CMS-CERTIFICATES" },
1333 { KRB5_TD_KRB_PRINCIPAL , "TD-KRB-PRINCIPAL" },
1334 { KRB5_TD_KRB_REALM , "TD-KRB-REALM" },
1335 { KRB5_TD_TRUSTED_CERTIFIERS , "TD-TRUSTED-CERTIFIERS" },
1336 { KRB5_TD_CERTIFICATE_INDEX , "TD-CERTIFICATE-INDEX" },
1337 { KRB5_TD_APP_DEFINED_ERROR , "TD-APP-DEFINED-ERROR" },
1338 { KRB5_TD_REQ_NONCE , "TD-REQ-NONCE" },
1339 { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" },
1340 { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" },
1341 { KRB5_PA_FOR_USER , "PA-FOR-USER" },
1342 { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" },
1343 { 0 , NULL },
1344 };
1345
1346 static const value_string krb5_encryption_types[] = {
1347 { KRB5_ENCTYPE_NULL , "NULL" },
1348 { KRB5_ENCTYPE_DES_CBC_CRC , "des-cbc-crc" },
1349 { KRB5_ENCTYPE_DES_CBC_MD4 , "des-cbc-md4" },
1350 { KRB5_ENCTYPE_DES_CBC_MD5 , "des-cbc-md5" },
1351 { KRB5_ENCTYPE_DES_CBC_RAW , "des-cbc-raw" },
1352 { KRB5_ENCTYPE_DES3_CBC_SHA , "des3-cbc-sha" },
1353 { KRB5_ENCTYPE_DES3_CBC_RAW , "des3-cbc-raw" },
1354 { KRB5_ENCTYPE_DES_HMAC_SHA1 , "des-hmac-sha1" },
1355 { KRB5_ENCTYPE_DSA_SHA1_CMS , "dsa-sha1-cms" },
1356 { KRB5_ENCTYPE_RSA_MD5_CMS , "rsa-md5-cms" },
1357 { KRB5_ENCTYPE_RSA_SHA1_CMS , "rsa-sha1-cms" },
1358 { KRB5_ENCTYPE_RC2_CBC_ENV , "rc2-cbc-env" },
1359 { KRB5_ENCTYPE_RSA_ENV , "rsa-env" },
1360 { KRB5_ENCTYPE_RSA_ES_OEAP_ENV, "rsa-es-oeap-env" },
1361 { KRB5_ENCTYPE_DES_EDE3_CBC_ENV, "des-ede3-cbc-env" },
1362 { KRB5_ENCTYPE_DES3_CBC_SHA1 , "des3-cbc-sha1" },
1363 { KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 , "aes128-cts-hmac-sha1-96" },
1364 { KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 , "aes256-cts-hmac-sha1-96" },
1365 { KRB5_ENCTYPE_DES_CBC_MD5_NT , "des-cbc-md5-nt" },
1366 { KERB_ENCTYPE_RC4_HMAC , "rc4-hmac" },
1367 { KERB_ENCTYPE_RC4_HMAC_EXP , "rc4-hmac-exp" },
1368 { KRB5_ENCTYPE_UNKNOWN , "unknown" },
1369 { KRB5_ENCTYPE_LOCAL_DES3_HMAC_SHA1 , "local-des3-hmac-sha1" },
1370 { KRB5_ENCTYPE_RC4_PLAIN_EXP , "rc4-plain-exp" },
1371 { KRB5_ENCTYPE_RC4_PLAIN , "rc4-plain" },
1372 { KRB5_ENCTYPE_RC4_PLAIN_OLD_EXP, "rc4-plain-old-exp" },
1373 { KRB5_ENCTYPE_RC4_HMAC_OLD_EXP, "rc4-hmac-old-exp" },
1374 { KRB5_ENCTYPE_RC4_PLAIN_OLD , "rc4-plain-old" },
1375 { KRB5_ENCTYPE_RC4_HMAC_OLD , "rc4-hmac-old" },
1376 { KRB5_ENCTYPE_DES_PLAIN , "des-plain" },
1377 { KRB5_ENCTYPE_RC4_SHA , "rc4-sha" },
1378 { KRB5_ENCTYPE_RC4_LM , "rc4-lm" },
1379 { KRB5_ENCTYPE_RC4_PLAIN2 , "rc4-plain2" },
1380 { KRB5_ENCTYPE_RC4_MD4 , "rc4-md4" },
1381 { 0 , NULL },
1382 };
1383
1384 static const value_string krb5_checksum_types[] = {
1385 { KRB5_CHKSUM_NONE , "none" },
1386 { KRB5_CHKSUM_CRC32 , "crc32" },
1387 { KRB5_CHKSUM_MD4 , "md4" },
1388 { KRB5_CHKSUM_KRB_DES_MAC , "krb-des-mac" },
1389 { KRB5_CHKSUM_KRB_DES_MAC_K , "krb-des-mac-k" },
1390 { KRB5_CHKSUM_MD5 , "md5" },
1391 { KRB5_CHKSUM_MD5_DES , "md5-des" },
1392 { KRB5_CHKSUM_MD5_DES3 , "md5-des3" },
1393 { KRB5_CHKSUM_HMAC_SHA1_DES3_KD, "hmac-sha1-des3-kd" },
1394 { KRB5_CHKSUM_HMAC_SHA1_DES3 , "hmac-sha1-des3" },
1395 { KRB5_CHKSUM_SHA1_UNKEYED , "sha1 (unkeyed)" },
1396 { KRB5_CHKSUM_HMAC_MD5 , "hmac-md5" },
1397 { KRB5_CHKSUM_MD5_HMAC , "md5-hmac" },
1398 { KRB5_CHKSUM_RC4_MD5 , "rc5-md5" },
1399 { KRB5_CHKSUM_MD25 , "md25" },
1400 { KRB5_CHKSUM_DES_MAC_MD5 , "des-mac-md5" },
1401 { KRB5_CHKSUM_DES_MAC , "des-mac" },
1402 { KRB5_CHKSUM_REAL_CRC32 , "real-crc32" },
1403 { KRB5_CHKSUM_SHA1 , "sha1" },
1404 { KRB5_CHKSUM_LM , "lm" },
1405 { KRB5_CHKSUM_GSSAPI , "gssapi-8003" },
1406 { 0 , NULL },
1407 };
1408
1409 #define KRB5_AD_IF_RELEVANT 1
1410 #define KRB5_AD_INTENDED_FOR_SERVER 2
1411 #define KRB5_AD_INTENDED_FOR_APPLICATION_CLASS 3
1412 #define KRB5_AD_KDC_ISSUED 4
1413 #define KRB5_AD_OR 5
1414 #define KRB5_AD_MANDATORY_TICKET_EXTENSIONS 6
1415 #define KRB5_AD_IN_TICKET_EXTENSIONS 7
1416 #define KRB5_AD_MANDATORY_FOR_KDC 8
1417 #define KRB5_AD_OSF_DCE 64
1418 #define KRB5_AD_SESAME 65
1419 #define KRB5_AD_OSF_DCE_PKI_CERTID 66
1420 #define KRB5_AD_WIN2K_PAC 128
1421 #define KRB5_AD_SIGNTICKET 0xffffffef
1422
1423 static const value_string krb5_ad_types[] = {
1424 { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" },
1425 { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" },
1426 { KRB5_AD_INTENDED_FOR_APPLICATION_CLASS , "AD-Intended-For-Application-Class" },
1427 { KRB5_AD_KDC_ISSUED , "AD-KDCIssued" },
1428 { KRB5_AD_OR , "AD-AND-OR" },
1429 { KRB5_AD_MANDATORY_TICKET_EXTENSIONS , "AD-Mandatory-Ticket-Extensions" },
1430 { KRB5_AD_IN_TICKET_EXTENSIONS , "AD-IN-Ticket-Extensions" },
1431 { KRB5_AD_MANDATORY_FOR_KDC , "AD-MANDATORY-FOR-KDC" },
1432 { KRB5_AD_OSF_DCE , "AD-OSF-DCE" },
1433 { KRB5_AD_SESAME , "AD-SESAME" },
1434 { KRB5_AD_OSF_DCE_PKI_CERTID , "AD-OSF-DCE-PKI-CertID" },
1435 { KRB5_AD_WIN2K_PAC , "AD-Win2k-PAC" },
1436 { KRB5_AD_SIGNTICKET , "AD-SignTicket" },
1437 { 0 , NULL },
1438 };
1439
1440 static const value_string krb5_transited_types[] = {
1441 { 1 , "DOMAIN-X500-COMPRESS" },
1442 { 0 , NULL }
1443 };
1444
1445 static const value_string krb5_address_types[] = {
1446 { KRB5_ADDR_IPv4, "IPv4"},
1447 { KRB5_ADDR_CHAOS, "CHAOS"},
1448 { KRB5_ADDR_XEROX, "XEROX"},
1449 { KRB5_ADDR_ISO, "ISO"},
1450 { KRB5_ADDR_DECNET, "DECNET"},
1451 { KRB5_ADDR_APPLETALK, "APPLETALK"},
1452 { KRB5_ADDR_NETBIOS, "NETBIOS"},
1453 { KRB5_ADDR_IPv6, "IPv6"},
1454 { 0, NULL },
1455 };
1456
1457 static const value_string krb5_msg_types[] = {
1458 { KRB5_MSG_TICKET, "Ticket" },
1459 { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
1460 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
1461 { KRB5_MSG_TGS_REQ, "TGS-REQ" },
1462 { KRB5_MSG_TGS_REP, "TGS-REP" },
1463 { KRB5_MSG_AS_REQ, "AS-REQ" },
1464 { KRB5_MSG_AS_REP, "AS-REP" },
1465 { KRB5_MSG_AP_REQ, "AP-REQ" },
1466 { KRB5_MSG_AP_REP, "AP-REP" },
1467 { KRB5_MSG_SAFE, "KRB-SAFE" },
1468 { KRB5_MSG_PRIV, "KRB-PRIV" },
1469 { KRB5_MSG_CRED, "KRB-CRED" },
1470 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
1471 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
1472 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
1473 { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" },
1474 { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" },
1475 { KRB5_MSG_ERROR, "KRB-ERROR" },
1476 { 0, NULL },
1477 };
1478
1479
1480
1481
1482 static int dissect_krb5_application_choice(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1483 static int dissect_krb5_Application_1(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1484 static int dissect_krb5_Authenticator(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1485 static int dissect_krb5_EncTicketPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1486 static int dissect_krb5_EncAPRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1487 static int dissect_krb5_EncKrbPrivPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1488 static int dissect_krb5_EncKrbCredPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1489 static int dissect_krb5_EncKDCRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1490 static int dissect_krb5_KDC_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1491 static int dissect_krb5_KDC_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1492 static int dissect_krb5_AP_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1493 static int dissect_krb5_AP_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1494 static int dissect_krb5_SAFE(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1495 static int dissect_krb5_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1496 static int dissect_krb5_CRED(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1497 static int dissect_krb5_ERROR(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
1498
1499 static const ber_old_choice_t kerberos_applications_choice[] = {
1500 { KRB5_MSG_TICKET, BER_CLASS_APP, KRB5_MSG_TICKET, 0, dissect_krb5_Application_1 },
1501 { KRB5_MSG_AUTHENTICATOR, BER_CLASS_APP, KRB5_MSG_AUTHENTICATOR, 0, dissect_krb5_Authenticator },
1502 { KRB5_MSG_ENC_TICKET_PART, BER_CLASS_APP, KRB5_MSG_ENC_TICKET_PART, 0, dissect_krb5_EncTicketPart },
1503 { KRB5_MSG_AS_REQ, BER_CLASS_APP, KRB5_MSG_AS_REQ, 0, dissect_krb5_KDC_REQ },
1504 { KRB5_MSG_AS_REP, BER_CLASS_APP, KRB5_MSG_AS_REP, 0, dissect_krb5_KDC_REP },
1505 { KRB5_MSG_TGS_REQ, BER_CLASS_APP, KRB5_MSG_TGS_REQ, 0, dissect_krb5_KDC_REQ },
1506 { KRB5_MSG_TGS_REP, BER_CLASS_APP, KRB5_MSG_TGS_REP, 0, dissect_krb5_KDC_REP },
1507 { KRB5_MSG_AP_REQ, BER_CLASS_APP, KRB5_MSG_AP_REQ, 0, dissect_krb5_AP_REQ },
1508 { KRB5_MSG_AP_REP, BER_CLASS_APP, KRB5_MSG_AP_REP, 0, dissect_krb5_AP_REP },
1509 { KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
1510 { KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart },
1511 { KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart },
1512 { KRB5_MSG_ENC_KRB_PRIV_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_PRIV_PART, 0, dissect_krb5_EncKrbPrivPart },
1513 { KRB5_MSG_ENC_KRB_CRED_PART, BER_CLASS_APP, KRB5_MSG_ENC_KRB_CRED_PART, 0, dissect_krb5_EncKrbCredPart },
1514 { KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE },
1515 { KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV },
1516 { KRB5_MSG_CRED, BER_CLASS_APP, KRB5_MSG_CRED, 0, dissect_krb5_CRED },
1517 { KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR },
1518 { 0, 0, 0, 0, NULL }
1519 };
1520
1521
1522 static int
1523 dissect_krb5_application_choice(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1524 {
1525 offset=dissect_ber_old_choice(actx, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
1526 return offset;
1527 }
1528
1529 static const true_false_string krb5_apoptions_reserved = {
1530 "RESERVED bit on",
1531 "RESERVED bit off"
1532 };
1533 static const true_false_string krb5_apoptions_use_session_key = {
1534 "USE SESSION KEY to encrypt the ticket",
1535 "Do NOT use the session key to encrypt the ticket"
1536 };
1537 static const true_false_string krb5_apoptions_mutual_required = {
1538 "MUTUAL authentication is REQUIRED",
1539 "Mutual authentication is NOT required"
1540 };
1541
1542 static int *APOptions_bits[] = {
1543 &hf_krb_APOptions_reserved,
1544 &hf_krb_APOptions_use_session_key,
1545 &hf_krb_APOptions_mutual_required,
1546 NULL
1547 };
1548 static int
1549 dissect_krb5_APOptions(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1550 {
1551 offset=dissect_ber_bitstring32(FALSE, actx, tree, tvb, offset, APOptions_bits, hf_krb_APOptions, ett_krb_AP_Options, NULL);
1552 return offset;
1553 }
1554
1555
1556
1557 static const true_false_string krb5_kdcoptions_forwardable = {
1558 "FORWARDABLE tickets are allowed/requested",
1559 "Do NOT use forwardable tickets"
1560 };
1561 static const true_false_string krb5_kdcoptions_forwarded = {
1562 "This ticket has been FORWARDED",
1563 "This is NOT a forwarded ticket"
1564 };
1565 static const true_false_string krb5_kdcoptions_proxiable = {
1566 "PROXIABLE tickets are allowed/requested",
1567 "Do NOT use proxiable tickets"
1568 };
1569 static const true_false_string krb5_kdcoptions_proxy = {
1570 "This is a PROXY ticket",
1571 "This ticket has NOT been proxied"
1572 };
1573 static const true_false_string krb5_kdcoptions_allow_postdate = {
1574 "We allow the ticket to be POSTDATED",
1575 "We do NOT allow the ticket to be postdated"
1576 };
1577 static const true_false_string krb5_kdcoptions_postdated = {
1578 "This ticket is POSTDATED",
1579 "This ticket is NOT postdated"
1580 };
1581 static const true_false_string krb5_kdcoptions_renewable = {
1582 "This ticket is RENEWABLE",
1583 "This ticket is NOT renewable"
1584 };
1585 static const true_false_string krb5_kdcoptions_constrained_delegation = {
1586 "This is a request for a CONSTRAINED DELEGATION PAC",
1587 "This is a normal request (no constrained delegation)"
1588 };
1589 static const true_false_string krb5_kdcoptions_canonicalize = {
1590 "This is a request for a CANONICALIZED ticket",
1591 "This is NOT a canonicalized ticket request"
1592 };
1593 static const true_false_string krb5_kdcoptions_disable_transited_check = {
1594 "Transited checking is DISABLED",
1595 "Transited checking is NOT disabled"
1596 };
1597 static const true_false_string krb5_kdcoptions_renewable_ok = {
1598 "We accept RENEWED tickets",
1599 "We do NOT accept renewed tickets"
1600 };
1601 static const true_false_string krb5_kdcoptions_enc_tkt_in_skey = {
1602 "ENCrypt TKT in SKEY",
1603 "Do NOT encrypt the tkt using the skey"
1604 };
1605 static const true_false_string krb5_kdcoptions_renew = {
1606 "This is a request to RENEW a ticket",
1607 "This is NOT a request to renew a ticket"
1608 };
1609 static const true_false_string krb5_kdcoptions_validate = {
1610 "This is a request to VALIDATE a postdated ticket",
1611 "This is NOT a request to validate a postdated ticket"
1612 };
1613
1614 static int* KDCOptions_bits[] = {
1615 &hf_krb_KDCOptions_forwardable,
1616 &hf_krb_KDCOptions_forwarded,
1617 &hf_krb_KDCOptions_proxiable,
1618 &hf_krb_KDCOptions_proxy,
1619 &hf_krb_KDCOptions_allow_postdate,
1620 &hf_krb_KDCOptions_postdated,
1621 &hf_krb_KDCOptions_renewable,
1622 &hf_krb_KDCOptions_opt_hardware_auth,
1623 &hf_krb_KDCOptions_constrained_delegation,
1624 &hf_krb_KDCOptions_canonicalize,
1625 &hf_krb_KDCOptions_disable_transited_check,
1626 &hf_krb_KDCOptions_renewable_ok,
1627 &hf_krb_KDCOptions_enc_tkt_in_skey,
1628 &hf_krb_KDCOptions_renew,
1629 &hf_krb_KDCOptions_validate,
1630 NULL
1631 };
1632
1633 static int
1634 dissect_krb5_KDCOptions(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1635 {
1636 offset=dissect_ber_bitstring32(FALSE, actx, tree, tvb, offset, KDCOptions_bits, hf_krb_KDCOptions, ett_krb_KDC_Options, NULL);
1637 return offset;
1638 }
1639
1640 static int
1641 dissect_krb5_rtime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1642 {
1643 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_rtime);
1644 return offset;
1645 }
1646
1647 int
1648 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1649 {
1650 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_ctime);
1651 return offset;
1652 }
1653 static int
1654 dissect_krb5_cusec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1655 {
1656 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_cusec, NULL);
1657 return offset;
1658 }
1659
1660 static int
1661 dissect_krb5_stime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1662 {
1663 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_stime);
1664 return offset;
1665 }
1666 static int
1667 dissect_krb5_susec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1668 {
1669 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_susec, NULL);
1670 return offset;
1671 }
1672
1673
1674 static int
1675 dissect_krb5_error_code(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1676 {
1677 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_error_code, &krb5_errorcode);
1678 if(krb5_errorcode) {
1679 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
1680 "KRB Error: %s",
1681 val_to_str(krb5_errorcode, krb5_error_codes,
1682 "Unknown error code %#x"));
1683 }
1684
1685 return offset;
1686 }
1687
1688
1689 static int
1690 dissect_krb5_till(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1691 {
1692 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_till);
1693 return offset;
1694 }
1695 static int
1696 dissect_krb5_from(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1697 {
1698 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_from);
1699 return offset;
1700 }
1701
1702
1703
1704 static int
1705 dissect_krb5_nonce(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1706 {
1707 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_nonce, NULL);
1708 return offset;
1709 }
1710
1711
1712 /*
1713 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
1714 */
1715 static int
1716 dissect_krb5_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1717 {
1718 guint32 etype;
1719
1720 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &etype);
1721 if(tree){
1722 proto_item_append_text(tree, " %s",
1723 val_to_str(etype, krb5_encryption_types,
1724 "%d"));
1725 }
1726 return offset;
1727 }
1728 static ber_old_sequence_t etype_sequence_of[1] = {
1729 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_krb5_etype },
1730 };
1731 static int
1732 dissect_krb5_etype_sequence_of(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1733 {
1734 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, etype_sequence_of, hf_krb_etypes, ett_krb_etypes);
1735
1736 return offset;
1737 }
1738 static guint32 authenticator_etype;
1739 static int
1740 dissect_krb5_authenticator_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1741 {
1742 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &authenticator_etype);
1743 if(tree){
1744 proto_item_append_text(tree, " %s",
1745 val_to_str(authenticator_etype, krb5_encryption_types,
1746 "%#x"));
1747 }
1748 return offset;
1749 }
1750 static guint32 Ticket_etype;
1751 static int
1752 dissect_krb5_Ticket_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1753 {
1754 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &Ticket_etype);
1755 if(tree){
1756 proto_item_append_text(tree, " %s",
1757 val_to_str(Ticket_etype, krb5_encryption_types,
1758 "%#x"));
1759 }
1760 return offset;
1761 }
1762 static guint32 AP_REP_etype;
1763 static int
1764 dissect_krb5_AP_REP_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1765 {
1766 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &AP_REP_etype);
1767 if(tree){
1768 proto_item_append_text(tree, " %s",
1769 val_to_str(AP_REP_etype, krb5_encryption_types,
1770 "%#x"));
1771 }
1772 return offset;
1773 }
1774 static guint32 PA_ENC_TIMESTAMP_etype;
1775 static int
1776 dissect_krb5_PA_ENC_TIMESTAMP_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1777 {
1778 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &PA_ENC_TIMESTAMP_etype);
1779 if(tree){
1780 proto_item_append_text(tree, " %s",
1781 val_to_str(PA_ENC_TIMESTAMP_etype, krb5_encryption_types,
1782 "%#x"));
1783 }
1784 return offset;
1785 }
1786
1787
1788 /*
1789 * HostAddress ::= SEQUENCE {
1790 * addr-type[0] INTEGER,
1791 * address[1] OCTET STRING
1792 * }
1793 */
1794 static guint32 addr_type;
1795 static int dissect_krb5_addr_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1796 {
1797 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_addr_type, &addr_type);
1798 return offset;
1799 }
1800
1801 #define ADDRESS_STR_BUFSIZ 256
1802 static int dissect_krb5_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1803 {
1804 gint8 appclass;
1805 gboolean pc;
1806 gint32 tag;
1807 guint32 len;
1808 char *address_str;
1809 proto_item *it=NULL;
1810
1811 /* read header and len for the octet string */
1812 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
1813 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
1814
1815 address_str=(char *)wmem_alloc(wmem_packet_scope(), ADDRESS_STR_BUFSIZ);
1816 address_str[0]='\0';
1817 switch(addr_type){
1818 case KRB5_ADDR_IPv4:
1819 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
1820 g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
1821 break;
1822 case KRB5_ADDR_NETBIOS:
1823 {
1824 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
1825 int netbios_name_type;
1826 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
1827
1828 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
1829 g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
1830 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
1831 }
1832 break;
1833 case KRB5_ADDR_IPv6:
1834 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
1835 g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", tvb_ip6_to_str(tvb, offset));
1836 break;
1837 default:
1838 proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I don't know how to parse this type of address yet");
1839
1840 }
1841
1842 /* push it up two levels in the decode pane */
1843 if(it){
1844 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
1845 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
1846 }
1847
1848 offset+=len;
1849 return offset;
1850 }
1851 static ber_old_sequence_t HostAddress_sequence[] = {
1852 { BER_CLASS_CON, 0, 0, dissect_krb5_addr_type },
1853 { BER_CLASS_CON, 1, 0, dissect_krb5_address },
1854 { 0, 0, 0, NULL }
1855 };
1856 static int
1857 dissect_krb5_HostAddress(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1858 {
1859
1860 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, HostAddress_sequence, hf_krb_HostAddress, ett_krb_HostAddress);
1861
1862 return offset;
1863 }
1864 static int
1865 dissect_krb5_s_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1866 {
1867
1868 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, HostAddress_sequence, hf_krb_s_address, ett_krb_s_address);
1869
1870 return offset;
1871 }
1872
1873 static int
1874 dissect_krb5_r_address(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1875 {
1876
1877 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, HostAddress_sequence, hf_krb_r_address, ett_krb_r_address);
1878
1879 return offset;
1880 }
1881
1882 /*
1883 * HostAddresses ::= SEQUENCE OF SEQUENCE {
1884 * addr-type[0] INTEGER,
1885 * address[1] OCTET STRING
1886 * }
1887 *
1888 */
1889 static ber_old_sequence_t HostAddresses_sequence_of[1] = {
1890 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_HostAddress },
1891 };
1892 static int
1893 dissect_krb5_HostAddresses(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1894 {
1895 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, HostAddresses_sequence_of, hf_krb_HostAddresses, ett_krb_HostAddresses);
1896
1897 return offset;
1898 }
1899
1900
1901 /* sequence of tickets */
1902 static ber_old_sequence_t sequence_of_tickets[1] = {
1903 { BER_CLASS_APP, 1, 0, dissect_krb5_Application_1},
1904 };
1905 static int
1906 dissect_krb5_sq_tickets(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1907 {
1908 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, sequence_of_tickets, hf_krb_sq_tickets, ett_krb_sq_tickets);
1909
1910 return offset;
1911 }
1912
1913 static int
1914 dissect_krb5_msg_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1915 {
1916 guint32 msgtype;
1917
1918 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_msg_type, &msgtype);
1919
1920 if (gbl_do_col_info) {
1921 col_add_str(actx->pinfo->cinfo, COL_INFO,
1922 val_to_str(msgtype, krb5_msg_types,
1923 "Unknown msg type %#x"));
1924 }
1925 gbl_do_col_info=FALSE;
1926
1927 /* append the application type to the subtree */
1928 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
1929
1930 return offset;
1931 }
1932
1933
1934
1935 static int
1936 dissect_krb5_pvno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1937 {
1938 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_pvno, NULL);
1939
1940 return offset;
1941 }
1942
1943
1944 /*
1945 * PrincipalName ::= SEQUENCE {
1946 * name-type[0] INTEGER,
1947 * name-string[1] SEQUENCE OF GeneralString
1948 * }
1949 */
1950 static guint32 name_type;
1951 static int
1952 dissect_krb5_name_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1953 {
1954 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_name_type, &name_type);
1955 if(tree){
1956 proto_item_append_text(tree, " (%s):",
1957 val_to_str(name_type, krb5_princ_types,
1958 "Unknown:%d"));
1959 }
1960 return offset;
1961 }
1962 static char name_string_separator;
1963 static int
1964 dissect_krb5_name_string(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1965 {
1966 char name_string[256];
1967
1968 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_name_string, name_string, 255);
1969 if(tree){
1970 proto_item_append_text(tree, "%c%s", name_string_separator, name_string);
1971 name_string_separator='/';
1972 }
1973
1974 return offset;
1975 }
1976 static ber_old_sequence_t name_stringe_sequence_of[1] = {
1977 { BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_krb5_name_string },
1978 };
1979 static int
1980 dissect_krb5_name_strings(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1981 {
1982 name_string_separator=' ';
1983 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, name_stringe_sequence_of, -1, -1);
1984
1985 return offset;
1986 }
1987 static ber_old_sequence_t PrincipalName_sequence[] = {
1988 { BER_CLASS_CON, 0, 0, dissect_krb5_name_type },
1989 { BER_CLASS_CON, 1, 0, dissect_krb5_name_strings },
1990 { 0, 0, 0, NULL }
1991 };
1992 static int
1993 dissect_krb5_sname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
1994 {
1995
1996 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PrincipalName_sequence, hf_krb_sname, ett_krb_sname);
1997
1998 return offset;
1999 }
2000 static int
2001 dissect_krb5_pname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2002 {
2003
2004 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PrincipalName_sequence, hf_krb_pname, ett_krb_pname);
2005
2006 return offset;
2007 }
2008 int
2009 dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2010 {
2011
2012 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PrincipalName_sequence, hf_krb_cname, ett_krb_cname);
2013
2014 return offset;
2015 }
2016
2017
2018 int
2019 dissect_krb5_prealm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2020 {
2021 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_prealm, NULL, 0);
2022 return offset;
2023 }
2024
2025 int
2026 dissect_krb5_srealm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2027 {
2028 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_srealm, NULL, 0);
2029 return offset;
2030 }
2031
2032 int
2033 dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2034 {
2035 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_realm, NULL, 0);
2036 return offset;
2037 }
2038
2039 static int
2040 dissect_krb5_crealm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2041 {
2042 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_crealm, NULL, 0);
2043 return offset;
2044 }
2045
2046
2047
2048 static int
2049 dissect_krb5_PA_PAC_REQUEST_flag(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2050 {
2051 offset=dissect_ber_boolean(FALSE, actx, tree, tvb, offset, hf_krb_PA_PAC_REQUEST_flag, NULL);
2052 return offset;
2053 }
2054
2055
2056 static ber_old_sequence_t PA_PAC_REQUEST_sequence[] = {
2057 { BER_CLASS_CON, 0, 0, dissect_krb5_PA_PAC_REQUEST_flag },
2058 { 0, 0, 0, NULL }
2059 };
2060 static int
2061 dissect_krb5_PA_PAC_REQUEST(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2062 {
2063
2064 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_PAC_REQUEST_sequence, -1, -1);
2065
2066 return offset;
2067 }
2068
2069 static int
2070 dissect_krb5_s4u2self_auth(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2071 {
2072 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_s4u2self_auth, NULL, 0);
2073 return offset;
2074 }
2075
2076 static ber_old_sequence_t PA_FOR_USER_sequence[] = {
2077 { BER_CLASS_CON, 0, 0, dissect_krb5_cname },
2078 { BER_CLASS_CON, 1, 0, dissect_krb5_realm },
2079 { BER_CLASS_CON, 2, 0, dissect_krb5_Checksum },
2080 { BER_CLASS_CON, 3, 0, dissect_krb5_s4u2self_auth },
2081 { 0, 0, 0, NULL }
2082 };
2083
2084 static int
2085 dissect_krb5_PA_FOR_USER(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2086 {
2087 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_FOR_USER_sequence, -1, -1);
2088 return offset;
2089 }
2090
2091
2092 static int
2093 dissect_krb5_PA_PROV_SRV_LOCATION(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2094 {
2095 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
2096
2097 return offset;
2098 }
2099
2100
2101
2102 static int
2103 dissect_krb5_kvno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2104 {
2105 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_kvno, NULL);
2106
2107 return offset;
2108 }
2109
2110
2111
2112 static int
2113 dissect_krb5_seq_number(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2114 {
2115 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_seq_number, NULL);
2116
2117 return offset;
2118 }
2119
2120
2121
2122 static int
2123 dissect_krb5_patimestamp(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2124 {
2125 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_patimestamp);
2126 return offset;
2127 }
2128 #ifdef HAVE_KERBEROS
2129 static int
2130 dissect_krb5_pausec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2131 {
2132 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_pausec, NULL);
2133 return offset;
2134 }
2135 static const ber_old_sequence_t PA_ENC_TS_ENC_sequence[] = {
2136 { BER_CLASS_CON, 0, 0, dissect_krb5_patimestamp },
2137 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_pausec },
2138 { 0, 0, 0, NULL }
2139 };
2140 static int
2141 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2142 {
2143 guint8 *plaintext=NULL;
2144 int length;
2145
2146 length=tvb_length_remaining(tvb, offset);
2147
2148 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
2149 * 7.5.1
2150 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
2151 * == 1
2152 */
2153 if(!plaintext){
2154 tvbuff_t *next_tvb;
2155
2156 next_tvb=tvb_new_subset_remaining(tvb, offset);
2157 plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, PA_ENC_TIMESTAMP_etype, NULL);
2158 }
2159
2160 if(plaintext){
2161 tvbuff_t *next_tvb;
2162 next_tvb = tvb_new_child_real_data(tvb, plaintext,
2163 length,
2164 length);
2165 tvb_set_free_cb(next_tvb, g_free);
2166
2167 /* Add the decrypted data to the data source list. */
2168 add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
2169
2170
2171 offset=dissect_ber_old_sequence(FALSE, actx, tree, next_tvb, 0, PA_ENC_TS_ENC_sequence, -1, -1);
2172
2173 }
2174 return offset;
2175 }
2176 #endif
2177
2178
2179 static int
2180 dissect_krb5_encrypted_PA_ENC_TIMESTAMP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2181 {
2182 #ifdef HAVE_KERBEROS
2183 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
2184 #else
2185 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PA_ENC_TIMESTAMP, NULL);
2186 #endif
2187 return offset;
2188 }
2189 static ber_old_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
2190 { BER_CLASS_CON, 0, 0,
2191 dissect_krb5_PA_ENC_TIMESTAMP_etype },
2192 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2193 dissect_krb5_kvno },
2194 { BER_CLASS_CON, 2, 0,
2195 dissect_krb5_encrypted_PA_ENC_TIMESTAMP },
2196 { 0, 0, 0, NULL }
2197 };
2198 static int
2199 dissect_krb5_PA_ENC_TIMESTAMP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2200 {
2201 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_ENC_TIMESTAMP_sequence, -1, -1);
2202
2203 return offset;
2204 }
2205
2206
2207
2208 static int
2209 dissect_krb5_etype_info_salt(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2210 {
2211 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_etype_info_salt, NULL);
2212 return offset;
2213 }
2214
2215 static int
2216 dissect_krb5_etype_info2_salt(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2217 {
2218 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_etype_info2_salt, NULL, 0);
2219 return offset;
2220 }
2221
2222 static int
2223 dissect_krb5_etype_info2_s2kparams(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2224 {
2225 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_etype_info2_s2kparams, NULL);
2226 return offset;
2227 }
2228
2229 static ber_old_sequence_t PA_ENCTYPE_INFO_ENTRY_sequence[] = {
2230 { BER_CLASS_CON, 0, 0,
2231 dissect_krb5_etype },
2232 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2233 dissect_krb5_etype_info_salt },
2234 { 0, 0, 0, NULL }
2235 };
2236 static int
2237 dissect_krb5_PA_ENCTYPE_INFO_ENTRY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2238 {
2239 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO_ENTRY_sequence, -1, -1);
2240
2241 return offset;
2242 }
2243
2244 static ber_old_sequence_t PA_ENCTYPE_INFO_sequence_of[1] = {
2245 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO_ENTRY },
2246 };
2247 static int
2248 dissect_krb5_PA_ENCTYPE_INFO(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2249 {
2250 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO_sequence_of, -1, -1);
2251
2252 return offset;
2253 }
2254
2255 static ber_old_sequence_t PA_ENCTYPE_INFO2_ENTRY_sequence[] = {
2256 { BER_CLASS_CON, 0, 0,
2257 dissect_krb5_etype },
2258 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
2259 dissect_krb5_etype_info2_salt },
2260 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
2261 dissect_krb5_etype_info2_s2kparams },
2262 { 0, 0, 0, NULL }
2263 };
2264 static int
2265 dissect_krb5_PA_ENCTYPE_INFO2_ENTRY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2266 {
2267 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO2_ENTRY_sequence, -1, -1);
2268
2269 return offset;
2270 }
2271
2272 static ber_old_sequence_t PA_ENCTYPE_INFO2_sequence_of[1] = {
2273 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_ENCTYPE_INFO2_ENTRY },
2274 };
2275 static int
2276 dissect_krb5_PA_ENCTYPE_INFO2(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2277 {
2278 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, PA_ENCTYPE_INFO2_sequence_of, -1, -1);
2279
2280 return offset;
2281 }
2282
2283
2284 static int
2285 dissect_krb5_PW_SALT(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2286 {
2287 guint32 nt_status;
2288
2289 /* Microsoft stores a special 12 byte blob here
2290 * guint32 NT_status
2291 * guint32 unknown
2292 * guint32 unknown
2293 * decode everything as this blob for now until we see if anyone
2294 * else ever uses it or we learn how to tell whether this
2295 * is such an MS blob or not.
2296 */
2297 proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2298 nt_status=tvb_get_letohl(tvb, offset);
2299 if(nt_status) {
2300 col_append_fstr(actx->pinfo->cinfo, COL_INFO,
2301 " NT Status: %s",
2302 val_to_str(nt_status, NT_errors,
2303 "Unknown error code %#x"));
2304 }
2305 offset += 4;
2306
2307 proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2308 offset += 4;
2309
2310 proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2311 offset += 4;
2312
2313 return offset;
2314 }
2315
2316 /*
2317 * PA-DATA ::= SEQUENCE {
2318 * padata-type[1] INTEGER,
2319 * padata-value[2] OCTET STRING,
2320 * -- might be encoded AP-REQ
2321 * }
2322 */
2323 static guint32 krb_PA_DATA_type;
2324 static int
2325 dissect_krb5_PA_DATA_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2326 {
2327 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_PA_DATA_type, &krb_PA_DATA_type);
2328
2329 if(tree){
2330 proto_item_append_text(tree, " %s",
2331 val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
2332 "Unknown:%d"));
2333 }
2334 return offset;
2335 }
2336 static int
2337 dissect_krb5_PA_DATA_value(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2338 {
2339 proto_tree *tree=parent_tree;
2340
2341 if(actx->created_item){
2342 tree=proto_item_add_subtree(actx->created_item, ett_krb_PA_DATA_tree);
2343 }
2344
2345
2346 switch(krb_PA_DATA_type){
2347 case KRB5_PA_TGS_REQ:
2348 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_application_choice);
2349 break;
2350 case KRB5_PA_PK_AS_REQ:
2351 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_pkinit_PA_PK_AS_REQ);
2352 break;
2353 case KRB5_PA_PK_AS_REP:
2354 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_pkinit_PA_PK_AS_REP);
2355 break;
2356 case KRB5_PA_PAC_REQUEST:
2357 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PAC_REQUEST);
2358 break;
2359 case KRB5_PA_FOR_USER:
2360 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_FOR_USER);
2361 break;
2362 case KRB5_PA_PROV_SRV_LOCATION:
2363 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_PROV_SRV_LOCATION);
2364 break;
2365 case KRB5_PA_ENC_TIMESTAMP:
2366 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENC_TIMESTAMP);
2367 break;
2368 case KRB5_PA_ENCTYPE_INFO:
2369 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO);
2370 break;
2371 case KRB5_PA_ENCTYPE_INFO2:
2372 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO2);
2373 break;
2374 case KRB5_PA_PW_SALT:
2375 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PW_SALT);
2376 break;
2377 default:
2378 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
2379 }
2380 return offset;
2381 /*qqq*/
2382 }
2383
2384 static ber_old_sequence_t PA_DATA_sequence[] = {
2385 { BER_CLASS_CON, 1, 0, dissect_krb5_PA_DATA_type },
2386 { BER_CLASS_CON, 2, 0, dissect_krb5_PA_DATA_value },
2387 { 0, 0, 0, NULL }
2388 };
2389 static int
2390 dissect_krb5_PA_DATA(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2391 {
2392 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PA_DATA_sequence, -1, -1);
2393
2394 return offset;
2395 }
2396
2397
2398
2399
2400 /*
2401 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
2402 *
2403 */
2404 static ber_old_sequence_t PA_DATA_sequence_of[1] = {
2405 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_PA_DATA },
2406 };
2407 static int
2408 dissect_krb5_padata(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2409 {
2410 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, PA_DATA_sequence_of, hf_krb_padata, ett_krb_padata);
2411
2412 return offset;
2413 }
2414
2415
2416
2417 static const true_false_string krb5_ticketflags_forwardable = {
2418 "FORWARDABLE tickets are allowed/requested",
2419 "Do NOT use forwardable tickets"
2420 };
2421 static const true_false_string krb5_ticketflags_forwarded = {
2422 "This ticket has been FORWARDED",
2423 "This is NOT a forwarded ticket"
2424 };
2425 static const true_false_string krb5_ticketflags_proxiable = {
2426 "PROXIABLE tickets are allowed/requested",
2427 "Do NOT use proxiable tickets"
2428 };
2429 static const true_false_string krb5_ticketflags_proxy = {
2430 "This is a PROXY ticket",
2431 "This ticket has NOT been proxied"
2432 };
2433 static const true_false_string krb5_ticketflags_allow_postdate = {
2434 "We allow the ticket to be POSTDATED",
2435 "We do NOT allow the ticket to be postdated"
2436 };
2437 static const true_false_string krb5_ticketflags_postdated = {
2438 "This ticket is POSTDATED",
2439 "This ticket is NOT postdated"
2440 };
2441 static const true_false_string krb5_ticketflags_invalid = {
2442 "This ticket is INVALID",
2443 "This ticket is NOT invalid"
2444 };
2445 static const true_false_string krb5_ticketflags_renewable = {
2446 "This ticket is RENEWABLE",
2447 "This ticket is NOT renewable"
2448 };
2449 static const true_false_string krb5_ticketflags_initial = {
2450 "This ticket was granted by AS and not TGT protocol",
2451 "This ticket was granted by TGT and not as protocol"
2452 };
2453 static const true_false_string krb5_ticketflags_pre_auth = {
2454 "The client was PRE-AUTHenticated",
2455 "The client was NOT pre-authenticated"
2456 };
2457 static const true_false_string krb5_ticketflags_hw_auth = {
2458 "The client was authenticated by HardWare",
2459 "The client was NOT authenticated using hardware"
2460 };
2461 static const true_false_string krb5_ticketflags_transited_policy_checked = {
2462 "Kdc has performed TRANSITED POLICY CHECKING",
2463 "Kdc has NOT performed transited policy checking"
2464 };
2465 static const true_false_string krb5_ticketflags_ok_as_delegate = {
2466 "This ticket is OK AS a DELEGATED ticket",
2467 "This ticket is NOT ok as a delegated ticket"
2468 };
2469
2470 static int* TicketFlags_bits[] = {
2471 &hf_krb_TicketFlags_forwardable,
2472 &hf_krb_TicketFlags_forwarded,
2473 &hf_krb_TicketFlags_proxiable,
2474 &hf_krb_TicketFlags_proxy,
2475 &hf_krb_TicketFlags_allow_postdate,
2476 &hf_krb_TicketFlags_postdated,
2477 &hf_krb_TicketFlags_invalid,
2478 &hf_krb_TicketFlags_renewable,
2479 &hf_krb_TicketFlags_initial,
2480 &hf_krb_TicketFlags_pre_auth,
2481 &hf_krb_TicketFlags_hw_auth,
2482 &hf_krb_TicketFlags_transited_policy_checked,
2483 &hf_krb_TicketFlags_ok_as_delegate,
2484 NULL
2485 };
2486
2487 static int
2488 dissect_krb5_TicketFlags(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2489 {
2490 offset=dissect_ber_bitstring32(FALSE, actx, tree, tvb, offset, TicketFlags_bits, hf_krb_TicketFlags, ett_krb_Ticket_Flags, NULL);
2491 return offset;
2492 }
2493
2494
2495 static guint32 keytype;
2496 static int
2497 dissect_krb5_keytype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2498 {
2499 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_keytype, &keytype);
2500 if(tree){
2501 proto_item_append_text(tree, " %s",
2502 val_to_str(keytype, krb5_encryption_types,
2503 "%#x"));
2504 }
2505 return offset;
2506 }
2507 static int keylength;
2508 static const guint8 *keyvalue;
2509 static int
2510 store_keyvalue(proto_tree *tree _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2511 {
2512 keylength=tvb_length_remaining(tvb, offset);
2513 keyvalue=tvb_get_ptr(tvb, offset, keylength);
2514 return 0;
2515 }
2516 static int
2517 dissect_krb5_keyvalue(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2518 {
2519 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_keyvalue, store_keyvalue);
2520 return offset;
2521 }
2522
2523
2524 /*
2525 * EncryptionKey ::= SEQUENCE {
2526 * keytype [0] int32
2527 * keyvalue [1] octet string
2528 */
2529 static ber_old_sequence_t EncryptionKey_sequence[] = {
2530 { BER_CLASS_CON, 0, 0,
2531 dissect_krb5_keytype },
2532 { BER_CLASS_CON, 1, 0,
2533 dissect_krb5_keyvalue },
2534 { 0, 0, 0, NULL }
2535 };
2536 static int
2537 dissect_krb5_key(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2538 {
2539 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncryptionKey_sequence, hf_krb_key, ett_krb_key);
2540
2541 #ifdef HAVE_KERBEROS
2542 add_encryption_key(actx->pinfo, keytype, keylength, keyvalue, "key");
2543 #endif
2544 return offset;
2545 }
2546 static int
2547 dissect_krb5_subkey(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2548 {
2549 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncryptionKey_sequence, hf_krb_subkey, ett_krb_subkey);
2550 #ifdef HAVE_KERBEROS
2551 add_encryption_key(actx->pinfo, keytype, keylength, keyvalue, "subkey");
2552 #endif
2553 return offset;
2554 }
2555
2556 static int
2557 dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep)
2558 {
2559 proto_item *item=NULL;
2560 proto_tree *tree=NULL;
2561 guint8 val;
2562
2563 if(parent_tree){
2564 item=proto_tree_add_text(parent_tree, tvb, offset, 16, "DREP");
2565 tree=proto_item_add_subtree(item, ett_krb_PAC_DREP);
2566 }
2567
2568 val = tvb_get_guint8(tvb, offset);
2569 proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4);
2570
2571 offset++;
2572
2573 if (drep) {
2574 *drep = val;
2575 }
2576
2577 return offset;
2578 }
2579
2580 /* This might be some sort of header that MIDL generates when creating
2581 * marshalling/unmarshalling code for blobs that are not to be transported
2582 * ontop of DCERPC and where the DREP fields specifying things such as
2583 * endianess and similar are not available.
2584 */
2585 static int
2586 dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep, asn1_ctx_t *actx _U_)
2587 {
2588 proto_item *item=NULL;
2589 proto_tree *tree=NULL;
2590
2591 if(parent_tree){
2592 item=proto_tree_add_text(parent_tree, tvb, offset, 16, "MES header");
2593 tree=proto_item_add_subtree(item, ett_krb_PAC_MIDL_BLOB);
2594 }
2595
2596 /* modified DREP field that is used for stuff that is transporetd ontop
2597 of non dcerpc
2598 */
2599 proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
2600 offset++;
2601
2602 offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep);
2603
2604
2605 proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2606 offset+=2;
2607
2608 proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2609 offset += 4;
2610
2611 /* length of blob that follows */
2612 proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN);
2613 offset += 8;
2614
2615 return offset;
2616 }
2617
2618 static int
2619 dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2620 {
2621 proto_item *item=NULL;
2622 proto_tree *tree=NULL;
2623 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
2624 static dcerpc_info di; /* fake dcerpc_info struct */
2625 static dcerpc_call_value call_data;
2626
2627 item=proto_tree_add_item(parent_tree, hf_krb_PAC_LOGON_INFO, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2628 if(parent_tree){
2629 tree=proto_item_add_subtree(item, ett_krb_PAC_LOGON_INFO);
2630 }
2631
2632 /* skip the first 16 bytes, they are some magic created by the idl
2633 * compiler the first 4 bytes might be flags?
2634 */
2635 offset=dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
2636
2637 /* the PAC_LOGON_INFO blob */
2638 /* fake whatever state the dcerpc runtime support needs */
2639 di.conformant_run=0;
2640 /* we need di->call_data->flags.NDR64 == 0 */
2641 di.call_data=&call_data;
2642
2643 init_ndr_pointer_list(&di);
2644 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
2645 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE,
2646 "PAC_LOGON_INFO:", -1);
2647 return offset;
2648 }
2649
2650 static int
2651 dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2652 {
2653 proto_item *item=NULL;
2654 proto_tree *tree=NULL;
2655 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
2656 static dcerpc_info di; /* fake dcerpc_info struct */
2657 static dcerpc_call_value call_data;
2658
2659 item=proto_tree_add_item(parent_tree, hf_krb_PAC_S4U_DELEGATION_INFO, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2660 if(parent_tree){
2661 tree=proto_item_add_subtree(item, ett_krb_PAC_S4U_DELEGATION_INFO);
2662 }
2663
2664 /* skip the first 16 bytes, they are some magic created by the idl
2665 * compiler the first 4 bytes might be flags?
2666 */
2667 offset=dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
2668
2669
2670 /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */
2671 /* fake whatever state the dcerpc runtime support needs */
2672 di.conformant_run=0;
2673 /* we need di->call_data->flags.NDR64 == 0 */
2674 di.call_data=&call_data;
2675
2676 init_ndr_pointer_list(&di);
2677 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
2678 netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE,
2679 "PAC_S4U_DELEGATION_INFO:", -1);
2680
2681 return offset;
2682 }
2683
2684 static int
2685 dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2686 {
2687 proto_item *item=NULL;
2688 proto_tree *tree=NULL;
2689 guint16 dns_offset, dns_len;
2690 guint16 upn_offset, upn_len;
2691 const char *dn;
2692 int dn_len;
2693 guint16 bc;
2694
2695 item=proto_tree_add_item(parent_tree, hf_krb_PAC_UPN_DNS_INFO, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2696 if(parent_tree){
2697 tree=proto_item_add_subtree(item, ett_krb_PAC_UPN_DNS_INFO);
2698 }
2699
2700 /* upn */
2701 upn_len = tvb_get_letohs(tvb, offset);
2702 proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2703 offset+=2;
2704 upn_offset = tvb_get_letohs(tvb, offset);
2705 proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2706 offset+=2;
2707
2708 /* dns */
2709 dns_len = tvb_get_letohs(tvb, offset);
2710 proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2711 offset+=2;
2712 dns_offset = tvb_get_letohs(tvb, offset);
2713 proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
2714 offset+=2;
2715
2716 /* flags */
2717 proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2718
2719 /* upn */
2720 offset = upn_offset;
2721 dn_len = upn_len;
2722 bc = tvb_length_remaining(tvb, offset);
2723 dn = get_unicode_or_ascii_string(tvb, &offset,
2724 TRUE, &dn_len, TRUE, TRUE, &bc);
2725 proto_tree_add_string(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, dn);
2726
2727 /* dns */
2728 offset = dns_offset;
2729 dn_len = dns_len;
2730 bc = tvb_length_remaining(tvb, offset);
2731 dn = get_unicode_or_ascii_string(tvb, &offset,
2732 TRUE, &dn_len, TRUE, TRUE, &bc);
2733 proto_tree_add_string(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, dn);
2734
2735 return offset;
2736 }
2737
2738 static int
2739 dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2740 {
2741 proto_tree_add_item(parent_tree, hf_krb_PAC_CREDENTIAL_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2742
2743 /*qqq*/
2744 return offset;
2745 }
2746
2747 static int
2748 dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2749 {
2750 proto_item *item=NULL;
2751 proto_tree *tree=NULL;
2752
2753 item=proto_tree_add_item(parent_tree, hf_krb_PAC_SERVER_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2754 if(parent_tree){
2755 tree=proto_item_add_subtree(item, ett_krb_PAC_SERVER_CHECKSUM);
2756 }
2757
2758 /* signature type */
2759 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2760 offset+=4;
2761
2762 /* signature data */
2763 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2764
2765 return offset;
2766 }
2767
2768 static int
2769 dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2770 {
2771 proto_item *item=NULL;
2772 proto_tree *tree=NULL;
2773
2774 item=proto_tree_add_item(parent_tree, hf_krb_PAC_PRIVSVR_CHECKSUM, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2775 if(parent_tree){
2776 tree=proto_item_add_subtree(item, ett_krb_PAC_PRIVSVR_CHECKSUM);
2777 }
2778
2779 /* signature type */
2780 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
2781 offset+=4;
2782
2783 /* signature data */
2784 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2785
2786 return offset;
2787 }
2788
2789 static int
2790 dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2791 {
2792 proto_item *item=NULL;
2793 proto_tree *tree=NULL;
2794 guint16 namelen;
2795 char *name;
2796
2797 item=proto_tree_add_item(parent_tree, hf_krb_PAC_CLIENT_INFO_TYPE, tvb, offset, tvb_length_remaining(tvb, offset), ENC_NA);
2798 if(parent_tree){
2799 tree=proto_item_add_subtree(item, ett_krb_PAC_CLIENT_INFO_TYPE);
2800 }
2801
2802 /* clientid */
2803 offset = dissect_nt_64bit_time(tvb, tree, offset,
2804 hf_krb_pac_clientid);
2805
2806 /* name length */
2807 namelen=tvb_get_letohs(tvb, offset);
2808 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
2809 offset+=2;
2810
2811 /* client name */
2812 name=tvb_get_unicode_string(wmem_packet_scope(), tvb, offset, namelen, ENC_LITTLE_ENDIAN);
2813 proto_tree_add_string(tree, hf_krb_pac_clientname, tvb, offset, namelen, name);
2814 offset+=namelen;
2815
2816 return offset;
2817 }
2818
2819 static int
2820 dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2821 {
2822 guint32 pac_type;
2823 guint32 pac_size;
2824 guint32 pac_offset;
2825 proto_item *it=NULL;
2826 proto_tree *tr=NULL;
2827 tvbuff_t *next_tvb;
2828
2829 /* type of pac data */
2830 pac_type=tvb_get_letohl(tvb, offset);
2831 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
2832 if(it){
2833 tr=proto_item_add_subtree(it, ett_krb_PAC);
2834 }
2835
2836 offset += 4;
2837
2838 /* size of pac data */
2839 pac_size=tvb_get_letohl(tvb, offset);
2840 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
2841 offset += 4;
2842
2843 /* offset to pac data */
2844 pac_offset=tvb_get_letohl(tvb, offset);
2845 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
2846 offset += 8;
2847
2848
2849 next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size);
2850 switch(pac_type){
2851 case PAC_LOGON_INFO:
2852 dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
2853 break;
2854 case PAC_CREDENTIAL_TYPE:
2855 dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx);
2856 break;
2857 case PAC_SERVER_CHECKSUM:
2858 dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
2859 break;
2860 case PAC_PRIVSVR_CHECKSUM:
2861 dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx);
2862 break;
2863 case PAC_CLIENT_INFO_TYPE:
2864 dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx);
2865 break;
2866 case PAC_S4U_DELEGATION_INFO:
2867 dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx);
2868 break;
2869 case PAC_UPN_DNS_INFO:
2870 dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
2871 break;
2872
2873 default:;
2874 /*qqq*/
2875 }
2876 return offset;
2877 }
2878
2879 static int
2880 dissect_krb5_AD_WIN2K_PAC(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2881 {
2882 guint32 entries;
2883 guint32 version;
2884 guint32 i;
2885
2886 /* first in the PAC structure comes the number of entries */
2887 entries=tvb_get_letohl(tvb, offset);
2888 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
2889 offset += 4;
2890
2891 /* second comes the version */
2892 version=tvb_get_letohl(tvb, offset);
2893 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
2894 offset += 4;
2895
2896 for(i=0;i<entries;i++){
2897 offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx);
2898 }
2899
2900 return offset;
2901 }
2902
2903
2904 static ber_old_sequence_t AD_SIGNTICKET_sequence[] = {
2905 { BER_CLASS_CON, 0, 0,
2906 dissect_krb5_etype },
2907 { BER_CLASS_CON, 1, 0,
2908 dissect_krb5_Checksum },
2909 { 0, 0, 0, NULL }
2910 };
2911
2912 /* first seen in traces from vista */
2913 static int
2914 dissect_krb5_AD_SIGNTICKET(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
2915 {
2916 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AD_SIGNTICKET_sequence, -1, -1);
2917
2918 return offset;
2919 }
2920
2921 static guint32 IF_RELEVANT_type;
2922 static int
2923 dissect_krb5_IF_RELEVANT_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2924 {
2925 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_IF_RELEVANT_type, &IF_RELEVANT_type);
2926 if(tree){
2927 proto_item_append_text(tree, " %s",
2928 val_to_str(IF_RELEVANT_type, krb5_ad_types,
2929 "%#x"));
2930 }
2931 return offset;
2932 }
2933 static int
2934 dissect_krb5_IF_RELEVANT_value(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2935 {
2936 switch(IF_RELEVANT_type){
2937 case KRB5_AD_WIN2K_PAC:
2938 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_WIN2K_PAC);
2939 break;
2940 case KRB5_AD_SIGNTICKET:
2941 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_advalue, dissect_krb5_AD_SIGNTICKET);
2942 break;
2943 default:
2944 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_IF_RELEVANT_value, NULL);
2945 }
2946 return offset;
2947 }
2948 static ber_old_sequence_t IF_RELEVANT_item_sequence[] = {
2949 { BER_CLASS_CON, 0, 0,
2950 dissect_krb5_IF_RELEVANT_type },
2951 { BER_CLASS_CON, 1, 0,
2952 dissect_krb5_IF_RELEVANT_value },
2953 { 0, 0, 0, NULL }
2954 };
2955 static int
2956 dissect_krb5_IF_RELEVANT_item(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2957 {
2958 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, IF_RELEVANT_item_sequence, hf_krb_IF_RELEVANT, ett_krb_IF_RELEVANT);
2959
2960 return offset;
2961 }
2962
2963 static ber_old_sequence_t IF_RELEVANT_sequence_of[1] = {
2964 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_IF_RELEVANT_item },
2965 };
2966
2967 static int
2968 dissect_krb5_IF_RELEVANT(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2969 {
2970 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, IF_RELEVANT_sequence_of, -1, -1);
2971
2972 return offset;
2973 }
2974
2975 static guint32 adtype;
2976 static int
2977 dissect_krb5_adtype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2978 {
2979 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_adtype, &adtype);
2980 if(tree){
2981 proto_item_append_text(tree, " %s",
2982 val_to_str(adtype, krb5_ad_types,
2983 "%#x"));
2984 }
2985 return offset;
2986 }
2987 static int
2988 dissect_krb5_advalue(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
2989 {
2990 switch(adtype){
2991 case KRB5_AD_IF_RELEVANT:
2992 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_advalue, dissect_krb5_IF_RELEVANT);
2993 break;
2994 default:
2995 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_advalue, NULL);
2996 }
2997 return offset;
2998 }
2999 /*
3000 * AuthorizationData ::= SEQUENCE {
3001 * ad-type [0] int32
3002 * ad-data [1] octet string
3003 */
3004 static ber_old_sequence_t AuthorizationData_item_sequence[] = {
3005 { BER_CLASS_CON, 0, 0,
3006 dissect_krb5_adtype },
3007 { BER_CLASS_CON, 1, 0,
3008 dissect_krb5_advalue },
3009 { 0, 0, 0, NULL }
3010 };
3011 static int
3012 dissect_krb5_AuthorizationData_item(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3013 {
3014 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AuthorizationData_item_sequence, hf_krb_AuthorizationData, ett_krb_AuthorizationData);
3015
3016 return offset;
3017 }
3018
3019 static ber_old_sequence_t AuthorizationData_sequence_of[1] = {
3020 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_AuthorizationData_item },
3021 };
3022 static int
3023 dissect_krb5_AuthorizationData(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3024 {
3025 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, AuthorizationData_sequence_of, -1, -1);
3026
3027 return offset;
3028 }
3029
3030
3031 static int
3032 dissect_krb5_transited_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3033 {
3034 guint32 trtype;
3035
3036 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_transitedtype, &trtype);
3037 if(tree){
3038 proto_item_append_text(tree, " %s",
3039 val_to_str(trtype, krb5_transited_types,
3040 "%#x"));
3041 }
3042 return offset;
3043 }
3044
3045 static int
3046 dissect_krb5_transited_contents(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3047 {
3048 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_transitedcontents, NULL);
3049 return offset;
3050 }
3051
3052 /*
3053 * TransitedEncoding ::= SEQUENCE {
3054 * tr-type [0] int32
3055 * contents [1] octet string
3056 */
3057 static ber_old_sequence_t TransitedEncoding_sequence[] = {
3058 { BER_CLASS_CON, 0, 0,
3059 dissect_krb5_transited_type },
3060 { BER_CLASS_CON, 1, 0,
3061 dissect_krb5_transited_contents },
3062 { 0, 0, 0, NULL }
3063 };
3064 static int
3065 dissect_krb5_transited(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3066 {
3067 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, TransitedEncoding_sequence, hf_krb_TransitedEncoding, ett_krb_TransitedEncoding);
3068
3069 return offset;
3070 }
3071
3072
3073 static int
3074 dissect_krb5_authtime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3075 {
3076 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_authtime);
3077 return offset;
3078 }
3079 static int
3080 dissect_krb5_starttime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3081 {
3082 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_starttime);
3083 return offset;
3084 }
3085 static int
3086 dissect_krb5_endtime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3087 {
3088 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_endtime);
3089 return offset;
3090 }
3091 static int
3092 dissect_krb5_renew_till(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3093 {
3094 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_renew_till);
3095 return offset;
3096 }
3097
3098 /*
3099 * EncTicketPart ::= SEQUENCE {
3100 * flags [0] TicketFlags,
3101 * key [1] EncryptionKey,
3102 * crealm [2] Realm,
3103 * cname [3] PrincipalName,
3104 * transited [4] TransitedEncoding,
3105 * authtime [5] KerberosTime,
3106 * starttime [6] KerberosTime OPTIONAL,
3107 * endtime [7] KerberosTime,
3108 * renew-till [8] KerberosTime OPTIONAL,
3109 * caddr [9] HostAddresses OPTIONAL,
3110 * authorization-data [10] AuthorizationData OPTIONAL
3111 * }
3112 */
3113 static ber_old_sequence_t EncTicketPart_sequence[] = {
3114 { BER_CLASS_CON, 0, 0,
3115 dissect_krb5_TicketFlags },
3116 { BER_CLASS_CON, 1, 0,
3117 dissect_krb5_key },
3118 { BER_CLASS_CON, 2, 0,
3119 dissect_krb5_crealm },
3120 { BER_CLASS_CON, 3, 0,
3121 dissect_krb5_cname },
3122 { BER_CLASS_CON, 4, 0,
3123 dissect_krb5_transited },
3124 { BER_CLASS_CON, 5, 0,
3125 dissect_krb5_authtime },
3126 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3127 dissect_krb5_starttime },
3128 { BER_CLASS_CON, 7, 0,
3129 dissect_krb5_endtime },
3130 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3131 dissect_krb5_renew_till },
3132 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
3133 dissect_krb5_HostAddresses },
3134 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
3135 dissect_krb5_AuthorizationData },
3136 { 0, 0, 0, NULL }
3137 };
3138 static int
3139 dissect_krb5_EncTicketPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3140 {
3141 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncTicketPart_sequence, hf_krb_EncTicketPart, ett_krb_EncTicketPart);
3142
3143 return offset;
3144 }
3145
3146
3147
3148
3149
3150
3151 /*
3152 * EncAPRepPart ::= SEQUENCE {
3153 * ctime [0] KerberosTime
3154 * cusec [1] Microseconds
3155 * subkey [2] encryptionKey OPTIONAL
3156 * seq-number [3] uint32 OPTIONAL
3157 * }
3158 */
3159 static ber_old_sequence_t EncAPRepPart_sequence[] = {
3160 { BER_CLASS_CON, 0, 0,
3161 dissect_krb5_ctime },
3162 { BER_CLASS_CON, 1, 0,
3163 dissect_krb5_cusec },
3164 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3165 dissect_krb5_subkey },
3166 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3167 dissect_krb5_seq_number },
3168 { 0, 0, 0, NULL }
3169 };
3170 static int
3171 dissect_krb5_EncAPRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3172 {
3173 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncAPRepPart_sequence, hf_krb_EncAPRepPart, ett_krb_EncAPRepPart);
3174
3175 return offset;
3176 }
3177
3178
3179
3180 static guint32 lr_type;
3181 static const value_string krb5_lr_types[] = {
3182 { 0 , "No information available" },
3183 { 1 , "Time of last initial TGT request" },
3184 { 2 , "Time of last initial request" },
3185 { 3 , "Time of issue of latest TGT ticket" },
3186 { 4 , "Time of last renewal" },
3187 { 5 , "Time of last request" },
3188 { 6 , "Time when password will expire" },
3189 { 7 , "Time when account will expire" },
3190 { 0, NULL }
3191 };
3192 static int
3193 dissect_krb5_lr_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3194 {
3195 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_lr_type, &lr_type);
3196
3197 return offset;
3198 }
3199 static int
3200 dissect_krb5_lr_value(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3201 {
3202 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_lr_time);
3203
3204 return offset;
3205 }
3206
3207 static ber_old_sequence_t LastReq_sequence[] = {
3208 { BER_CLASS_CON, 0, 0,
3209 dissect_krb5_lr_type },
3210 { BER_CLASS_CON, 1, 0,
3211 dissect_krb5_lr_value },
3212 { 0, 0, 0, NULL }
3213 };
3214 static int
3215 dissect_krb5_LastReq(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3216 {
3217 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, LastReq_sequence, hf_krb_LastReq, ett_krb_LastReq);
3218
3219 return offset;
3220 }
3221 static ber_old_sequence_t LastReq_sequence_of[1] = {
3222 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_LastReq },
3223 };
3224 static int
3225 dissect_krb5_LastReq_sequence_of(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3226 {
3227 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, LastReq_sequence_of, hf_krb_LastReqs, ett_krb_LastReqs);
3228
3229 return offset;
3230 }
3231
3232 static int
3233 dissect_krb5_key_expiration(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3234 {
3235 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_key_expire);
3236 return offset;
3237 }
3238
3239 static ber_old_sequence_t EncKDCRepPart_sequence[] = {
3240 { BER_CLASS_CON, 0, 0,
3241 dissect_krb5_key },
3242 { BER_CLASS_CON, 1, 0,
3243 dissect_krb5_LastReq_sequence_of },
3244 { BER_CLASS_CON, 2, 0,
3245 dissect_krb5_nonce },
3246 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3247 dissect_krb5_key_expiration },
3248 { BER_CLASS_CON, 4, 0,
3249 dissect_krb5_TicketFlags },
3250 { BER_CLASS_CON, 5, 0,
3251 dissect_krb5_authtime },
3252 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3253 dissect_krb5_starttime },
3254 { BER_CLASS_CON, 7, 0,
3255 dissect_krb5_endtime },
3256 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3257 dissect_krb5_renew_till },
3258 { BER_CLASS_CON, 9, 0,
3259 dissect_krb5_realm },
3260 { BER_CLASS_CON, 10, 0,
3261 dissect_krb5_sname },
3262 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
3263 dissect_krb5_HostAddresses },
3264 { 0, 0, 0, NULL }
3265 };
3266 static int
3267 dissect_krb5_EncKDCRepPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3268 {
3269 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncKDCRepPart_sequence, hf_krb_EncKDCRepPart, ett_krb_EncKDCRepPart);
3270
3271 return offset;
3272 }
3273
3274
3275 static int
3276 dissect_krb5_authenticator_vno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3277 {
3278 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_authenticator_vno, NULL);
3279
3280 return offset;
3281 }
3282
3283
3284 #define KRB5_GSS_C_DELEG_FLAG 0x01
3285 #define KRB5_GSS_C_MUTUAL_FLAG 0x02
3286 #define KRB5_GSS_C_REPLAY_FLAG 0x04
3287 #define KRB5_GSS_C_SEQUENCE_FLAG 0x08
3288 #define KRB5_GSS_C_CONF_FLAG 0x10
3289 #define KRB5_GSS_C_INTEG_FLAG 0x20
3290 #define KRB5_GSS_C_DCE_STYLE 0x1000
3291
3292 static const true_false_string tfs_gss_flags_deleg = {
3293 "Delegate credentials to remote peer",
3294 "Do NOT delegate"
3295 };
3296 static const true_false_string tfs_gss_flags_mutual = {
3297 "Request that remote peer authenticates itself",
3298 "Mutual authentication NOT required"
3299 };
3300 static const true_false_string tfs_gss_flags_replay = {
3301 "Enable replay protection for signed or sealed messages",
3302 "Do NOT enable replay protection"
3303 };
3304 static const true_false_string tfs_gss_flags_sequence = {
3305 "Enable Out-of-sequence detection for sign or sealed messages",
3306 "Do NOT enable out-of-sequence detection"
3307 };
3308 static const true_false_string tfs_gss_flags_conf = {
3309 "Confidentiality (sealing) may be invoked",
3310 "Do NOT use Confidentiality (sealing)"
3311 };
3312 static const true_false_string tfs_gss_flags_integ = {
3313 "Integrity protection (signing) may be invoked",
3314 "Do NOT use integrity protection"
3315 };
3316
3317 static const true_false_string tfs_gss_flags_dce_style = {
3318 "DCE-STYLE",
3319 "Not using DCE-STYLE"
3320 };
3321
3322 /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.
3323 */
3324 static int
3325 dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb)
3326 {
3327 int offset=0;
3328 guint32 len;
3329 guint16 dlglen;
3330
3331 /* Length of Bnd field */
3332 len=tvb_get_letohl(tvb, offset);
3333 proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3334 offset += 4;
3335
3336 /* Bnd field */
3337 proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA);
3338 offset += len;
3339
3340
3341 /* flags */
3342 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3343 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3344 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3345 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3346 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3347 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3348 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN);
3349 offset += 4;
3350
3351 /* the next fields are optional so we have to check that we have
3352 * more data in our buffers */
3353 if(tvb_length_remaining(tvb, offset)<2){
3354 return offset;
3355 }
3356 /* dlgopt identifier */
3357 proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3358 offset += 2;
3359
3360 if(tvb_length_remaining(tvb, offset)<2){
3361 return offset;
3362 }
3363 /* dlglen identifier */
3364 dlglen=tvb_get_letohs(tvb, offset);
3365 proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN);
3366 offset += 2;
3367
3368 if(dlglen!=tvb_length_remaining(tvb, offset)){
3369 proto_tree_add_text(tree, tvb, 0, 0, "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_length_remaining(tvb, offset));
3370 return offset;
3371 }
3372
3373 /* this should now be a KRB_CRED message */
3374 offset=dissect_ber_old_choice(actx, tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
3375
3376
3377 return offset;
3378 }
3379
3380 static guint32 checksum_type;
3381
3382 static int
3383 dissect_krb5_checksum_type(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3384 {
3385 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_checksum_type, &checksum_type);
3386
3387 return offset;
3388 }
3389
3390 static int
3391 dissect_krb5_checksum_checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3392 {
3393 tvbuff_t *next_tvb;
3394
3395 switch(checksum_type){
3396 case KRB5_CHKSUM_GSSAPI:
3397 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_checksum_checksum, &next_tvb);
3398 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
3399 break;
3400 default:
3401 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_checksum_checksum, NULL);
3402 }
3403 return offset;
3404 }
3405
3406 /*
3407 * Checksum ::= SEQUENCE {
3408 * }
3409 */
3410 static ber_old_sequence_t Checksum_sequence[] = {
3411 { BER_CLASS_CON, 0, 0,
3412 dissect_krb5_checksum_type },
3413 { BER_CLASS_CON, 1, 0,
3414 dissect_krb5_checksum_checksum },
3415 { 0, 0, 0, NULL }
3416 };
3417 int
3418 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3419 {
3420 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Checksum_sequence, hf_krb_Checksum, ett_krb_Checksum);
3421
3422 return offset;
3423 }
3424
3425 /*
3426 * Authenticator ::= SEQUENCE {
3427 * authenticator-vno [0] integer
3428 * crealm [1] Realm
3429 * cname [2] PrincipalName
3430 * cksum [3] Checksum OPTIONAL
3431 * cusec [4] Microseconds
3432 * ctime [5] KerberosTime
3433 * subkey [6] encryptionKey OPTIONAL
3434 * seq-number [7] uint32 OPTIONAL
3435 * authorization-data [8] AuthorizationData OPTIONAL
3436 * }
3437 */
3438 static ber_old_sequence_t Authenticator_sequence[] = {
3439 { BER_CLASS_CON, 0, 0,
3440 dissect_krb5_authenticator_vno },
3441 { BER_CLASS_CON, 1, 0,
3442 dissect_krb5_crealm },
3443 { BER_CLASS_CON, 2, 0,
3444 dissect_krb5_cname },
3445 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3446 dissect_krb5_Checksum },
3447 { BER_CLASS_CON, 4, 0,
3448 dissect_krb5_cusec },
3449 { BER_CLASS_CON, 5, 0,
3450 dissect_krb5_ctime },
3451 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3452 dissect_krb5_subkey },
3453 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
3454 dissect_krb5_seq_number },
3455 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
3456 dissect_krb5_AuthorizationData },
3457 { 0, 0, 0, NULL }
3458 };
3459 static int
3460 dissect_krb5_Authenticator(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3461 {
3462 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Authenticator_sequence, hf_krb_Authenticator, ett_krb_Authenticator);
3463
3464 return offset;
3465 }
3466
3467
3468 static int
3469 dissect_krb5_PRIV_BODY_user_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
3470 {
3471 tvbuff_t *new_tvb;
3472 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_PRIV_BODY_user_data, &new_tvb);
3473
3474 if (new_tvb)
3475 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data);
3476
3477 return offset;
3478 }
3479
3480 static ber_old_sequence_t EncKrbPrivPart_sequence[] = {
3481 { BER_CLASS_CON, 0, 0,
3482 dissect_krb5_PRIV_BODY_user_data },
3483 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3484 dissect_krb5_patimestamp },
3485 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3486 dissect_krb5_cusec },
3487 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3488 dissect_krb5_seq_number },
3489 { BER_CLASS_CON, 4, 0,
3490 dissect_krb5_s_address },
3491 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3492 dissect_krb5_HostAddresses },
3493 { 0, 0, 0, NULL }
3494 };
3495 static int
3496 dissect_krb5_EncKrbPrivPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3497 {
3498 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncKrbPrivPart_sequence, hf_krb_EncKrbPrivPart, ett_krb_EncKrbPrivPart);
3499
3500 return offset;
3501 }
3502
3503 static guint32 PRIV_etype;
3504 static int
3505 dissect_krb5_PRIV_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3506 {
3507 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &PRIV_etype);
3508 if(tree){
3509 proto_item_append_text(tree, " %s",
3510 val_to_str(PRIV_etype, krb5_encryption_types,
3511 "%#x"));
3512 }
3513 return offset;
3514 }
3515
3516 #ifdef HAVE_KERBEROS
3517 static int
3518 dissect_krb5_decrypt_PRIV (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3519 {
3520 guint8 *plaintext=NULL;
3521 int length;
3522
3523 length=tvb_length_remaining(tvb, offset);
3524
3525 if(!plaintext){
3526 tvbuff_t *next_tvb;
3527
3528 next_tvb=tvb_new_subset_remaining(tvb, offset);
3529 plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, PRIV_etype, NULL);
3530 }
3531
3532 if(plaintext){
3533 tvbuff_t *next_tvb;
3534 next_tvb = tvb_new_child_real_data(tvb, plaintext,
3535 length,
3536 length);
3537 tvb_set_free_cb(next_tvb, g_free);
3538
3539 /* Add the decrypted data to the data source list. */
3540 add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
3541
3542 offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3543
3544 }
3545 return offset;
3546 }
3547 #endif
3548
3549 /*
3550 * PRIV-BODY ::= SEQUENCE {
3551 * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
3552 * pvno[0] INTEGER,
3553 * msg-type[1] INTEGER,
3554 * enc-part[3] EncryptedData
3555 * }
3556 */
3557 static int
3558 dissect_krb5_encrypted_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3559 {
3560 #ifdef HAVE_KERBEROS
3561 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PRIV, dissect_krb5_decrypt_PRIV);
3562 #else
3563 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_PRIV, NULL);
3564 #endif
3565 return offset;
3566 }
3567 static ber_old_sequence_t ENC_PRIV_sequence[] = {
3568 { BER_CLASS_CON, 0, 0,
3569 dissect_krb5_PRIV_etype },
3570 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3571 dissect_krb5_kvno },
3572 { BER_CLASS_CON, 2, 0,
3573 dissect_krb5_encrypted_PRIV },
3574 { 0, 0, 0, NULL }
3575 };
3576 static int
3577 dissect_krb5_ENC_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3578 {
3579 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, ENC_PRIV_sequence, hf_krb_ENC_PRIV, ett_krb_PRIV_enc);
3580 return offset;
3581 }
3582 static ber_old_sequence_t PRIV_BODY_sequence[] = {
3583 { BER_CLASS_CON, 0, 0,
3584 dissect_krb5_pvno },
3585 { BER_CLASS_CON, 1, 0,
3586 dissect_krb5_msg_type },
3587 { BER_CLASS_CON, 3, 0,
3588 dissect_krb5_ENC_PRIV },
3589 { 0, 0, 0, NULL }
3590 };
3591 static int
3592 dissect_krb5_PRIV(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3593 {
3594
3595 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, PRIV_BODY_sequence, hf_krb_PRIV_BODY, ett_krb_PRIV);
3596
3597 return offset;
3598 }
3599
3600 static guint32 EncKrbCredPart_etype;
3601 static int
3602 dissect_krb5_EncKrbCredPart_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3603 {
3604 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &EncKrbCredPart_etype);
3605 if(tree){
3606 proto_item_append_text(tree, " %s",
3607 val_to_str(EncKrbCredPart_etype, krb5_encryption_types,
3608 "%#x"));
3609 }
3610 return offset;
3611 }
3612
3613
3614
3615
3616
3617 static ber_old_sequence_t KrbCredInfo_sequence[] = {
3618 { BER_CLASS_CON, 0, 0, dissect_krb5_key },
3619 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_prealm },
3620 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_pname },
3621 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_TicketFlags },
3622 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_krb5_authtime },
3623 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_krb5_starttime },
3624 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_krb5_endtime },
3625 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_krb5_renew_till },
3626 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_krb5_srealm },
3627 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_krb5_sname },
3628 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_krb5_HostAddresses },
3629 { 0, 0, 0, NULL }
3630 };
3631 static int
3632 dissect_krb5_KrbCredInfo(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3633 {
3634
3635 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KrbCredInfo_sequence, hf_krb_KrbCredInfo, ett_krb_KrbCredInfo);
3636
3637 return offset;
3638 }
3639
3640 static ber_old_sequence_t KrbCredInfo_sequence_of[1] = {
3641 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_krb5_KrbCredInfo },
3642 };
3643 static int
3644 dissect_krb5_KrbCredInfo_sequence_of(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3645 {
3646 offset=dissect_ber_old_sequence_of(FALSE, actx, tree, tvb, offset, KrbCredInfo_sequence_of, hf_krb_KrbCredInfos, ett_krb_KrbCredInfos);
3647
3648 return offset;
3649 }
3650 static const ber_old_sequence_t EncKrbCredPart_sequence[] = {
3651 { BER_CLASS_CON, 0, 0, dissect_krb5_KrbCredInfo_sequence_of },
3652 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_nonce },
3653 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_ctime },
3654 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_krb5_cusec },
3655 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_krb5_s_address },
3656 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_krb5_r_address },
3657 { 0, 0, 0, NULL }
3658 };
3659
3660 static int
3661 dissect_krb5_EncKrbCredPart(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3662 {
3663 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, EncKrbCredPart_sequence, hf_krb_EncKrbCredPart, ett_krb_EncKrbCredPart);
3664
3665 return offset;
3666 }
3667
3668 #ifdef HAVE_KERBEROS
3669 static int
3670 dissect_krb5_decrypt_EncKrbCredPart (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3671 {
3672 guint8 *plaintext=NULL;
3673 int length;
3674 tvbuff_t *next_tvb;
3675
3676 next_tvb=tvb_new_subset_remaining(tvb, offset);
3677
3678 length=tvb_length_remaining(tvb, offset);
3679
3680 /* RFC4120 :
3681 * EncKrbCredPart encrypted with usage
3682 * == 14
3683 */
3684 if(!plaintext){
3685 plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, EncKrbCredPart_etype, NULL);
3686 }
3687
3688 if(plaintext){
3689 tvbuff_t *child_tvb;
3690 child_tvb = tvb_new_child_real_data(tvb, plaintext,
3691 length,
3692 length);
3693 tvb_set_free_cb(child_tvb, g_free);
3694
3695 /* Add the decrypted data to the data source list. */
3696 add_new_data_source(actx->pinfo, child_tvb, "EncKrbCredPart");
3697
3698 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
3699 }
3700 return offset;
3701 }
3702 #endif
3703
3704 static int
3705 dissect_krb5_encrypted_CRED_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3706 {
3707 #ifdef HAVE_KERBEROS
3708 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_EncKrbCredPart, dissect_krb5_decrypt_EncKrbCredPart);
3709 #else
3710 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_EncKrbCredPart, NULL);
3711 #endif
3712 return offset;
3713 }
3714
3715 static ber_old_sequence_t encrypted_CRED_sequence[] = {
3716 { BER_CLASS_CON, 0, 0,
3717 dissect_krb5_EncKrbCredPart_etype },
3718 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3719 dissect_krb5_kvno },
3720 { BER_CLASS_CON, 2, 0,
3721 dissect_krb5_encrypted_CRED_data },
3722 { 0, 0, 0, NULL }
3723 };
3724 static int
3725 dissect_krb5_encrypted_CRED(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3726 {
3727 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_CRED_sequence, hf_krb_CRED_enc, ett_krb_CRED_enc);
3728
3729 return offset;
3730 }
3731
3732 static ber_old_sequence_t CRED_BODY_sequence[] = {
3733 { BER_CLASS_CON, 0, 0,
3734 dissect_krb5_pvno },
3735 { BER_CLASS_CON, 1, 0,
3736 dissect_krb5_msg_type },
3737 { BER_CLASS_CON, 2, 0,
3738 dissect_krb5_sq_tickets },
3739 { BER_CLASS_CON, 3, 0,
3740 dissect_krb5_encrypted_CRED },
3741 { 0, 0, 0, NULL }
3742 };
3743 static int
3744 dissect_krb5_CRED(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3745 {
3746
3747 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, CRED_BODY_sequence, hf_krb_CRED_BODY, ett_krb_CRED);
3748
3749 return offset;
3750 }
3751
3752
3753 static int
3754 dissect_krb5_SAFE_BODY_user_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
3755 {
3756 tvbuff_t *new_tvb;
3757 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, &new_tvb);
3758 if (new_tvb)
3759 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, (kerberos_callbacks*)actx->private_data);
3760 return offset;
3761 }
3762 static int
3763 dissect_krb5_SAFE_BODY_timestamp(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3764 {
3765 offset=dissect_ber_GeneralizedTime(FALSE, actx, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp);
3766 return offset;
3767 }
3768
3769 static int
3770 dissect_krb5_SAFE_BODY_usec(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3771 {
3772 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL);
3773 return offset;
3774 }
3775
3776 static ber_old_sequence_t SAFE_BODY_sequence[] = {
3777 { BER_CLASS_CON, 0, 0,
3778 dissect_krb5_SAFE_BODY_user_data },
3779 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3780 dissect_krb5_SAFE_BODY_timestamp },
3781 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
3782 dissect_krb5_SAFE_BODY_usec },
3783 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3784 dissect_krb5_seq_number },
3785 /*XXX this one is OPTIONAL in packetcable? but mandatory in kerberos */
3786 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
3787 dissect_krb5_s_address },
3788 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3789 dissect_krb5_HostAddresses },
3790 { 0, 0, 0, NULL }
3791 };
3792 static int
3793 dissect_krb5_SAFE_BODY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3794 {
3795
3796 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, SAFE_BODY_sequence, -1, -1);
3797
3798 return offset;
3799 }
3800
3801
3802
3803 static ber_old_sequence_t SAFE_sequence[] = {
3804 { BER_CLASS_CON, 0, 0,
3805 dissect_krb5_pvno },
3806 { BER_CLASS_CON, 1, 0,
3807 dissect_krb5_msg_type },
3808 { BER_CLASS_CON, 2, 0,
3809 dissect_krb5_SAFE_BODY },
3810 { BER_CLASS_CON, 3, 0,
3811 dissect_krb5_Checksum },
3812 { 0, 0, 0, NULL }
3813 };
3814 static int
3815 dissect_krb5_SAFE(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3816 {
3817
3818 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, SAFE_sequence, -1, -1);
3819
3820 return offset;
3821 }
3822
3823 #ifdef HAVE_KERBEROS
3824 static guint32 enc_authorization_data_etype;
3825
3826 static int
3827 dissect_krb5_decrypt_enc_authorization_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3828 {
3829 guint8 *plaintext=NULL;
3830 int length;
3831 tvbuff_t *next_tvb;
3832
3833 next_tvb=tvb_new_subset_remaining(tvb, offset);
3834
3835 length=tvb_length_remaining(tvb, offset);
3836
3837 /*
3838 RFC 4120 : 5.4.1
3839 The key usage value used when encrypting is 5
3840 if a sub-session key is used, or 4 if the session key is used.
3841 */
3842 if(!plaintext){
3843 plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, enc_authorization_data_etype, NULL);
3844 }
3845 if(!plaintext){
3846 plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, enc_authorization_data_etype, NULL);
3847 }
3848
3849 if(plaintext){
3850 tvbuff_t *child_tvb;
3851 child_tvb = tvb_new_child_real_data(tvb, plaintext,
3852 length,
3853 length);
3854 tvb_set_free_cb(child_tvb, g_free);
3855
3856 /* Add the decrypted data to the data source list. */
3857 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
3858
3859
3860 proto_tree_add_text(tree, child_tvb, 0, length, "AtuhorizationData for TGS_REQ not implemented yet");
3861
3862 }
3863 return offset;
3864 }
3865 #endif
3866
3867 static int
3868 dissect_krb5_encrypted_enc_authorization_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3869 {
3870 #ifdef HAVE_KERBEROS
3871 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_enc_authorization_data, dissect_krb5_decrypt_enc_authorization_data);
3872 #else
3873 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_enc_authorization_data, NULL);
3874 #endif
3875 return offset;
3876 }
3877
3878 static int
3879 dissect_krb5_enc_authorization_data_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3880 {
3881 #ifndef HAVE_KERBEROS
3882 guint32 enc_authorization_data_etype;
3883 #endif
3884 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &enc_authorization_data_etype);
3885 if(tree){
3886 proto_item_append_text(tree, " %s",
3887 val_to_str(enc_authorization_data_etype, krb5_encryption_types,
3888 "%#x"));
3889 }
3890 return offset;
3891 }
3892 static ber_old_sequence_t enc_authorization_data_sequence[] = {
3893 { BER_CLASS_CON, 0, 0,
3894 dissect_krb5_enc_authorization_data_etype },
3895 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3896 dissect_krb5_kvno },
3897 { BER_CLASS_CON, 2, 0,
3898 dissect_krb5_encrypted_enc_authorization_data },
3899 { 0, 0, 0, NULL }
3900 };
3901 static int
3902 dissect_krb5_enc_authorization_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3903 {
3904 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, enc_authorization_data_sequence, -1, -1);
3905
3906 return offset;
3907 }
3908
3909 /*
3910 * KDC-REQ-BODY ::= SEQUENCE {
3911 * kdc-options[0] KDCOptions,
3912 * cname[1] PrincipalName OPTIONAL,
3913 * -- Used only in AS-REQ
3914 * realm[2] Realm, -- Server's realm
3915 * -- Also client's in AS-REQ
3916 * sname[3] PrincipalName OPTIONAL,
3917 * from[4] KerberosTime OPTIONAL,
3918 * till[5] KerberosTime,
3919 * rtime[6] KerberosTime OPTIONAL,
3920 * nonce[7] INTEGER,
3921 * etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
3922 * -- in preference order
3923 * addresses[9] HostAddresses OPTIONAL,
3924 * enc-authorization-data[10] EncryptedData OPTIONAL,
3925 * -- Encrypted AuthorizationData encoding
3926 * additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
3927 * }
3928 *
3929 */
3930 static ber_old_sequence_t KDC_REQ_BODY_sequence[] = {
3931 { BER_CLASS_CON, 0, 0,
3932 dissect_krb5_KDCOptions },
3933 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
3934 dissect_krb5_cname },
3935 { BER_CLASS_CON, 2, 0,
3936 dissect_krb5_realm},
3937 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
3938 dissect_krb5_sname },
3939 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL,
3940 dissect_krb5_from },
3941 /* this field is not optional in the kerberos spec,
3942 * however, in the packetcable spec it is optional.
3943 * make it optional here since normal kerberos will
3944 * still decode the pdu correctly.
3945 */
3946 { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL,
3947 dissect_krb5_till },
3948 { BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL,
3949 dissect_krb5_rtime },
3950 { BER_CLASS_CON, 7, 0,
3951 dissect_krb5_nonce },
3952 { BER_CLASS_CON, 8, 0,
3953 dissect_krb5_etype_sequence_of },
3954 { BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL,
3955 dissect_krb5_HostAddresses },
3956 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL,
3957 dissect_krb5_enc_authorization_data },
3958 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
3959 dissect_krb5_sq_tickets },
3960 { 0, 0, 0, NULL }
3961 };
3962 static int
3963 dissect_krb5_KDC_REQ_BODY(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
3964 {
3965 conversation_t *conversation;
3966
3967 /*
3968 * UDP replies to KDC_REQs are sent from the server back to the client's
3969 * source port, similar to the way TFTP works. Set up a conversation
3970 * accordingly.
3971 *
3972 * Ref: Section 7.2.1 of
3973 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
3974 */
3975 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
3976 conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
3977 actx->pinfo->srcport, 0, NO_PORT_B);
3978 if (conversation == NULL) {
3979 conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
3980 actx->pinfo->srcport, 0, NO_PORT2);
3981 conversation_set_dissector(conversation, kerberos_handle_udp);
3982 }
3983 }
3984
3985 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KDC_REQ_BODY_sequence, hf_krb_KDC_REQ_BODY, ett_krb_request);
3986
3987 return offset;
3988 }
3989
3990
3991
3992 /*
3993 * KDC-REQ ::= SEQUENCE {
3994 * pvno[1] INTEGER,
3995 * msg-type[2] INTEGER,
3996 * padata[3] SEQUENCE OF PA-DATA OPTIONAL,
3997 * req-body[4] KDC-REQ-BODY
3998 * }
3999 */
4000 static ber_old_sequence_t KDC_REQ_sequence[] = {
4001 { BER_CLASS_CON, 1, 0,
4002 dissect_krb5_pvno },
4003 { BER_CLASS_CON, 2, 0,
4004 dissect_krb5_msg_type },
4005 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
4006 dissect_krb5_padata },
4007 { BER_CLASS_CON, 4, 0,
4008 dissect_krb5_KDC_REQ_BODY },
4009 { 0, 0, 0, NULL }
4010 };
4011 static int
4012 dissect_krb5_KDC_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4013 {
4014 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KDC_REQ_sequence, -1, -1);
4015
4016 return offset;
4017 }
4018
4019
4020 #ifdef HAVE_KERBEROS
4021 static int
4022 dissect_krb5_decrypt_authenticator_data (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4023 {
4024 guint8 *plaintext=NULL;
4025 int length;
4026 tvbuff_t *next_tvb;
4027
4028 next_tvb=tvb_new_subset_remaining(tvb, offset);
4029
4030 length=tvb_length_remaining(tvb, offset);
4031
4032 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4033 * 7.5.1
4034 * Authenticators are encrypted with usage
4035 * == 7 or
4036 * == 11
4037 */
4038 if(!plaintext){
4039 plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, authenticator_etype, NULL);
4040 }
4041 if(!plaintext){
4042 plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, authenticator_etype, NULL);
4043 }
4044
4045 if(plaintext){
4046 tvbuff_t *child_tvb;
4047 child_tvb = tvb_new_child_real_data(tvb, plaintext,
4048 length,
4049 length);
4050 tvb_set_free_cb(child_tvb, g_free);
4051
4052 /* Add the decrypted data to the data source list. */
4053 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
4054
4055
4056 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4057
4058 }
4059 return offset;
4060 }
4061 #endif
4062
4063
4064 /*
4065 * EncryptedData ::= SEQUENCE {
4066 * etype[0] INTEGER, -- EncryptionType
4067 * kvno[1] INTEGER OPTIONAL,
4068 * cipher[2] OCTET STRING -- ciphertext
4069 * }
4070 */
4071 static int
4072 dissect_krb5_encrypted_authenticator_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4073 {
4074 #ifdef HAVE_KERBEROS
4075 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_authenticator_data, dissect_krb5_decrypt_authenticator_data);
4076 #else
4077 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_authenticator_data, NULL);
4078 #endif
4079 return offset;
4080 }
4081 static ber_old_sequence_t encrypted_authenticator_sequence[] = {
4082 { BER_CLASS_CON, 0, 0,
4083 dissect_krb5_authenticator_etype },
4084 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4085 dissect_krb5_kvno },
4086 { BER_CLASS_CON, 2, 0,
4087 dissect_krb5_encrypted_authenticator_data },
4088 { 0, 0, 0, NULL }
4089 };
4090 static int
4091 dissect_krb5_encrypted_authenticator(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4092 {
4093 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_authenticator_sequence, hf_krb_authenticator_enc, ett_krb_authenticator_enc);
4094
4095 return offset;
4096 }
4097
4098
4099
4100
4101 static int
4102 dissect_krb5_tkt_vno(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4103 {
4104 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_tkt_vno, NULL);
4105 return offset;
4106 }
4107
4108
4109 #ifdef HAVE_KERBEROS
4110 static int
4111 dissect_krb5_decrypt_Ticket_data (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4112 {
4113 guint8 *plaintext;
4114 int length;
4115 tvbuff_t *next_tvb;
4116
4117 next_tvb=tvb_new_subset_remaining(tvb, offset);
4118
4119 length=tvb_length_remaining(tvb, offset);
4120
4121 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4122 * 7.5.1
4123 * All Ticket encrypted parts use usage == 2
4124 */
4125 if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, Ticket_etype, NULL)) ){
4126 tvbuff_t *child_tvb;
4127 child_tvb = tvb_new_child_real_data(tvb, plaintext,
4128 length,
4129 length);
4130 tvb_set_free_cb(child_tvb, g_free);
4131
4132 /* Add the decrypted data to the data source list. */
4133 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
4134
4135
4136 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4137
4138 }
4139 return offset;
4140 }
4141 #endif
4142
4143 static int
4144 dissect_krb5_encrypted_Ticket_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4145 {
4146 #ifdef HAVE_KERBEROS
4147 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_Ticket_data, dissect_krb5_decrypt_Ticket_data);
4148 #else
4149 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_Ticket_data, NULL);
4150 #endif
4151 return offset;
4152 }
4153 static ber_old_sequence_t encrypted_Ticket_sequence[] = {
4154 { BER_CLASS_CON, 0, 0,
4155 dissect_krb5_Ticket_etype },
4156 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4157 dissect_krb5_kvno },
4158 { BER_CLASS_CON, 2, 0,
4159 dissect_krb5_encrypted_Ticket_data },
4160 { 0, 0, 0, NULL }
4161 };
4162 static int
4163 dissect_krb5_Ticket_encrypted(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4164 {
4165 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_Ticket_sequence, hf_krb_ticket_enc, ett_krb_ticket_enc);
4166
4167 return offset;
4168 }
4169
4170 static ber_old_sequence_t Application_1_sequence[] = {
4171 { BER_CLASS_CON, 0, 0,
4172 dissect_krb5_tkt_vno },
4173 { BER_CLASS_CON, 1, 0,
4174 dissect_krb5_realm },
4175 { BER_CLASS_CON, 2, 0,
4176 dissect_krb5_sname },
4177 { BER_CLASS_CON, 3, 0,
4178 dissect_krb5_Ticket_encrypted },
4179 { 0, 0, 0, NULL }
4180 };
4181 static int
4182 dissect_krb5_Application_1(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4183 {
4184 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Application_1_sequence, hf_krb_ticket, ett_krb_ticket);
4185
4186 return offset;
4187 }
4188
4189
4190
4191 static const ber_old_choice_t Ticket_choice[] = {
4192 { 1, BER_CLASS_APP, 1, 0,
4193 dissect_krb5_Application_1 },
4194 { 0, 0, 0, 0, NULL }
4195 };
4196 static int
4197 dissect_krb5_Ticket(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4198 {
4199 offset=dissect_ber_old_choice(actx, tree, tvb, offset, Ticket_choice, -1, -1, NULL);
4200
4201 return offset;
4202 }
4203
4204
4205
4206
4207 /*
4208 * AP-REQ ::= [APPLICATION 14] SEQUENCE {
4209 * pvno[0] INTEGER,
4210 * msg-type[1] INTEGER,
4211 * ap-options[2] APOptions,
4212 * ticket[3] Ticket,
4213 * authenticator[4] EncryptedData
4214 * }
4215 */
4216 static ber_old_sequence_t AP_REQ_sequence[] = {
4217 { BER_CLASS_CON, 0, 0,
4218 dissect_krb5_pvno },
4219 { BER_CLASS_CON, 1, 0,
4220 dissect_krb5_msg_type },
4221 { BER_CLASS_CON, 2, 0,
4222 dissect_krb5_APOptions },
4223 { BER_CLASS_CON, 3, 0,
4224 dissect_krb5_Ticket },
4225 { BER_CLASS_CON, 4, 0,
4226 dissect_krb5_encrypted_authenticator },
4227 { 0, 0, 0, NULL }
4228 };
4229 static int
4230 dissect_krb5_AP_REQ(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4231 {
4232 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AP_REQ_sequence, -1, -1);
4233
4234 return offset;
4235 }
4236
4237
4238
4239
4240 #ifdef HAVE_KERBEROS
4241 static int
4242 dissect_krb5_decrypt_AP_REP_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4243 {
4244 guint8 *plaintext=NULL;
4245 int length;
4246
4247 length=tvb_length_remaining(tvb, offset);
4248
4249 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4250 * 7.5.1
4251 * Authenticators are encrypted with usage
4252 * == 7 or
4253 * == 11
4254 */
4255 if(!plaintext){
4256 tvbuff_t *next_tvb;
4257
4258 next_tvb=tvb_new_subset_remaining(tvb, offset);
4259 plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, AP_REP_etype, NULL);
4260 }
4261
4262 if(plaintext){
4263 tvbuff_t *next_tvb;
4264 next_tvb = tvb_new_child_real_data(tvb, plaintext,
4265 length,
4266 length);
4267 tvb_set_free_cb(next_tvb, g_free);
4268
4269 /* Add the decrypted data to the data source list. */
4270 add_new_data_source(actx->pinfo, next_tvb, "Decrypted Krb5");
4271
4272
4273 offset=dissect_ber_old_choice(actx, tree, next_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4274
4275 }
4276 return offset;
4277 }
4278 #endif
4279
4280
4281 static int
4282 dissect_krb5_encrypted_AP_REP_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4283 {
4284 #ifdef HAVE_KERBEROS
4285 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, dissect_krb5_decrypt_AP_REP_data);
4286 #else
4287 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_AP_REP_data, NULL);
4288 #endif
4289 return offset;
4290 }
4291 static ber_old_sequence_t encrypted_AP_REP_sequence[] = {
4292 { BER_CLASS_CON, 0, 0,
4293 dissect_krb5_AP_REP_etype },
4294 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4295 dissect_krb5_kvno },
4296 { BER_CLASS_CON, 2, 0,
4297 dissect_krb5_encrypted_AP_REP_data },
4298 { 0, 0, 0, NULL }
4299 };
4300 static int
4301 dissect_krb5_encrypted_AP_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4302 {
4303 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_AP_REP_sequence, hf_krb_AP_REP_enc, ett_krb_AP_REP_enc);
4304
4305 return offset;
4306 }
4307
4308 /*
4309 * AP-REP ::= [APPLICATION 15] SEQUENCE {
4310 * pvno[0] INTEGER,
4311 * msg-type[1] INTEGER,
4312 * enc-part[2] EncryptedData
4313 * }
4314 */
4315 static ber_old_sequence_t AP_REP_sequence[] = {
4316 { BER_CLASS_CON, 0, 0,
4317 dissect_krb5_pvno },
4318 { BER_CLASS_CON, 1, 0,
4319 dissect_krb5_msg_type },
4320 { BER_CLASS_CON, 2, 0,
4321 dissect_krb5_encrypted_AP_REP },
4322 { 0, 0, 0, NULL }
4323 };
4324 static int
4325 dissect_krb5_AP_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4326 {
4327 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, AP_REP_sequence, -1, -1);
4328
4329 return offset;
4330 }
4331
4332
4333
4334
4335
4336 static guint32 KDC_REP_etype;
4337 static int
4338 dissect_krb5_KDC_REP_etype(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4339 {
4340 offset=dissect_ber_integer(FALSE, actx, tree, tvb, offset, hf_krb_etype, &KDC_REP_etype);
4341 if(tree){
4342 proto_item_append_text(tree, " %s",
4343 val_to_str(KDC_REP_etype, krb5_encryption_types,
4344 "%#x"));
4345 }
4346 return offset;
4347 }
4348
4349 #ifdef HAVE_KERBEROS
4350 static int
4351 dissect_krb5_decrypt_KDC_REP_data (proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4352 {
4353 guint8 *plaintext=NULL;
4354 int length;
4355 tvbuff_t *next_tvb;
4356
4357 next_tvb=tvb_new_subset_remaining(tvb, offset);
4358
4359 length=tvb_length_remaining(tvb, offset);
4360
4361 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
4362 * 7.5.1
4363 * ASREP/TGSREP encryptedparts are encrypted with usage
4364 * == 3 or
4365 * == 8 or
4366 * == 9
4367 */
4368 if(!plaintext){
4369 plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, KDC_REP_etype, NULL);
4370 }
4371 if(!plaintext){
4372 plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, KDC_REP_etype, NULL);
4373 }
4374 if(!plaintext){
4375 plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, KDC_REP_etype, NULL);
4376 }
4377
4378 if(plaintext){
4379 tvbuff_t *child_tvb;
4380 child_tvb = tvb_new_child_real_data(tvb, plaintext,
4381 length,
4382 length);
4383 tvb_set_free_cb(child_tvb, g_free);
4384
4385 /* Add the decrypted data to the data source list. */
4386 add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
4387
4388
4389 offset=dissect_ber_old_choice(actx, tree, child_tvb, 0, kerberos_applications_choice, -1, -1, NULL);
4390
4391 }
4392 return offset;
4393 }
4394 #endif
4395
4396
4397 static int
4398 dissect_krb5_encrypted_KDC_REP_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4399 {
4400 #ifdef HAVE_KERBEROS
4401 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, dissect_krb5_decrypt_KDC_REP_data);
4402 #else
4403 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_encrypted_KDC_REP_data, NULL);
4404 #endif
4405 return offset;
4406 }
4407 static ber_old_sequence_t encrypted_KDC_REP_sequence[] = {
4408 { BER_CLASS_CON, 0, 0,
4409 dissect_krb5_KDC_REP_etype },
4410 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL,
4411 dissect_krb5_kvno },
4412 { BER_CLASS_CON, 2, 0,
4413 dissect_krb5_encrypted_KDC_REP_data },
4414 { 0, 0, 0, NULL }
4415 };
4416 static int
4417 dissect_krb5_encrypted_KDC_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4418 {
4419 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, encrypted_KDC_REP_sequence, hf_krb_KDC_REP_enc, ett_krb_KDC_REP_enc);
4420
4421 return offset;
4422 }
4423
4424 /*
4425 * KDC-REP ::= SEQUENCE {
4426 * pvno[0] INTEGER,
4427 * msg-type[1] INTEGER,
4428 * padata[2] SEQUENCE OF PA-DATA OPTIONAL,
4429 * crealm[3] Realm,
4430 * cname[4] PrincipalName,
4431 * ticket[5] Ticket,
4432 * enc-part[6] EncryptedData
4433 * }
4434 */
4435 static ber_old_sequence_t KDC_REP_sequence[] = {
4436 { BER_CLASS_CON, 0, 0,
4437 dissect_krb5_pvno },
4438 { BER_CLASS_CON, 1, 0,
4439 dissect_krb5_msg_type },
4440 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
4441 dissect_krb5_padata },
4442 { BER_CLASS_CON, 3, 0,
4443 dissect_krb5_crealm },
4444 { BER_CLASS_CON, 4, 0,
4445 dissect_krb5_cname },
4446 { BER_CLASS_CON, 5, 0,
4447 dissect_krb5_Ticket },
4448 { BER_CLASS_CON, 6, 0,
4449 dissect_krb5_encrypted_KDC_REP },
4450 { 0, 0, 0, NULL }
4451 };
4452 static int
4453 dissect_krb5_KDC_REP(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4454 {
4455 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, KDC_REP_sequence, -1, -1);
4456
4457 return offset;
4458 }
4459
4460
4461
4462
4463 static int
4464 dissect_krb5_e_text(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4465 {
4466 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_e_text, NULL, 0);
4467 return offset;
4468 }
4469
4470 static int
4471 dissect_krb5_e_data(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4472 {
4473 switch(krb5_errorcode){
4474 case KRB5_ET_KRB5KDC_ERR_BADOPTION:
4475 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
4476 case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
4477 case KRB5_ET_KRB5KDC_ERR_POLICY:
4478 /* ms windows kdc sends e-data of this type containing a "salt"
4479 * that contains the nt_status code for these error codes.
4480 */
4481 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_e_data, dissect_krb5_PA_DATA);
4482 break;
4483 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
4484 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
4485 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
4486 offset=dissect_ber_old_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_krb_e_data, dissect_krb5_padata);
4487
4488 break;
4489 default:
4490 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_krb_e_data, NULL);
4491 }
4492 return offset;
4493 }
4494
4495
4496 /* This optional field in KRB_ERR is used by the early drafts which
4497 * PacketCable still use.
4498 */
4499 static int
4500 dissect_krb5_e_checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4501 {
4502 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, Checksum_sequence, hf_krb_e_checksum, ett_krb_e_checksum);
4503
4504 return offset;
4505 }
4506
4507
4508 /*
4509 * KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
4510 * pvno[0] INTEGER,
4511 * msg-type[1] INTEGER,
4512 * ctime[2] KerberosTime OPTIONAL,
4513 * cusec[3] INTEGER OPTIONAL,
4514 * stime[4] KerberosTime,
4515 * susec[5] INTEGER,
4516 * error-code[6] INTEGER,
4517 * crealm[7] Realm OPTIONAL,
4518 * cname[8] PrincipalName OPTIONAL,
4519 * realm[9] Realm, -- Correct realm
4520 * sname[10] PrincipalName, -- Correct name
4521 * e-text[11] GeneralString OPTIONAL,
4522 * e-data[12] OCTET STRING OPTIONAL
4523 * }
4524 *
4525 * e-data This field contains additional data about the error for use
4526 * by the application to help it recover from or handle the
4527 * error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
4528 * the e-data field will contain an encoding of a sequence of
4529 * padata fields, each corresponding to an acceptable pre-
4530 * authentication method and optionally containing data for
4531 * the method:
4532 */
4533 static ber_old_sequence_t ERROR_sequence[] = {
4534 { BER_CLASS_CON, 0, 0,
4535 dissect_krb5_pvno },
4536 { BER_CLASS_CON, 1, 0,
4537 dissect_krb5_msg_type },
4538 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL,
4539 dissect_krb5_ctime },
4540 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL,
4541 dissect_krb5_cusec },
4542 { BER_CLASS_CON, 4, 0,
4543 dissect_krb5_stime },
4544 { BER_CLASS_CON, 5, 0,
4545 dissect_krb5_susec },
4546 { BER_CLASS_CON, 6, 0,
4547 dissect_krb5_error_code },
4548 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL,
4549 dissect_krb5_crealm },
4550 { BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL,
4551 dissect_krb5_cname },
4552 { BER_CLASS_CON, 9, 0,
4553 dissect_krb5_realm },
4554 { BER_CLASS_CON, 10, 0,
4555 dissect_krb5_sname },
4556 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL,
4557 dissect_krb5_e_text },
4558 { BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL,
4559 dissect_krb5_e_data },
4560 { BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL,
4561 dissect_krb5_e_checksum }, /* used by PacketCable */
4562 { 0, 0, 0, NULL }
4563 };
4564 int
4565 dissect_krb5_ERROR(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4566 {
4567 offset=dissect_ber_old_sequence(FALSE, actx, tree, tvb, offset, ERROR_sequence, -1, -1);
4568
4569 return offset;
4570 }
4571
4572
4573
4574 static gint dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo,
4575 proto_tree *tree, gboolean do_col_info,
4576 gboolean do_col_protocol,
4577 gboolean have_rm,
4578 kerberos_callbacks *cb);
4579 static int dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo,
4580 proto_tree *tree, void* data _U_);
4581
4582
4583 gint
4584 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
4585 {
4586 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, FALSE, cb));
4587 }
4588
4589 guint32
4590 kerberos_output_keytype(void)
4591 {
4592 return keytype;
4593 }
4594
4595 static gint
4596 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
4597 {
4598 /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
4599 Since all (except weirdo transarc krb4 stuff) use
4600 an opcode <=16 in the first byte, use this to see if it might
4601 be krb4.
4602 All krb5 commands start with an APPL tag and thus is >=0x60
4603 so if first byte is <=16 just blindly assume it is krb4 then
4604 */
4605 if(tvb_length(tvb) >= 1 && tvb_get_guint8(tvb, 0)<=0x10){
4606 if(krb4_handle){
4607 gboolean res;
4608
4609 res=call_dissector_only(krb4_handle, tvb, pinfo, tree, NULL);
4610 return res;
4611 }else{
4612 return 0;
4613 }
4614 }
4615
4616
4617 return dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, FALSE, NULL);
4618 }
4619
4620 gint
4621 kerberos_rm_to_reclen(guint krb_rm)
4622 {
4623 return (krb_rm & KRB_RM_RECLEN);
4624 }
4625
4626 guint
4627 get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4628 {
4629 guint krb_rm;
4630 gint pdulen;
4631
4632 krb_rm = tvb_get_ntohl(tvb, offset);
4633 pdulen = kerberos_rm_to_reclen(krb_rm);
4634 return (pdulen + 4);
4635 }
4636
4637 static int
4638 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4639 {
4640 pinfo->fragmented = TRUE;
4641 if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, TRUE, NULL) < 0) {
4642 /*
4643 * The dissector failed to recognize this as a valid
4644 * Kerberos message. Mark it as a continuation packet.
4645 */
4646 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
4647 }
4648
4649 return tvb_length(tvb);
4650 }
4651
4652 static int
4653 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
4654 {
4655 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4656 col_clear(pinfo->cinfo, COL_INFO);
4657
4658 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
4659 dissect_kerberos_tcp_pdu, data);
4660 return tvb_length(tvb);
4661 }
4662
4663 /*
4664 * Display the TCP record mark.
4665 */
4666 void
4667 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
4668 {
4669 gint rec_len;
4670 proto_item *rm_item;
4671 proto_tree *rm_tree;
4672
4673 if (tree == NULL)
4674 return;
4675
4676 rec_len = kerberos_rm_to_reclen(krb_rm);
4677 rm_item = proto_tree_add_text(tree, tvb, start, 4,
4678 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
4679 rm_tree = proto_item_add_subtree(rm_item, ett_krb_recordmark);
4680 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
4681 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
4682 }
4683
4684
4685 static gint
4686 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
4687 gboolean dci, gboolean do_col_protocol, gboolean have_rm,
4688 kerberos_callbacks *cb)
4689 {
4690 volatile int offset = 0;
4691 proto_tree *volatile kerberos_tree = NULL;
4692 proto_item *volatile item = NULL;
4693 asn1_ctx_t asn1_ctx;
4694
4695 /* TCP record mark and length */
4696 guint32 krb_rm = 0;
4697 gint krb_reclen = 0;
4698
4699 gbl_do_col_info=dci;
4700
4701 if (have_rm) {
4702 krb_rm = tvb_get_ntohl(tvb, offset);
4703 krb_reclen = kerberos_rm_to_reclen(krb_rm);
4704 /*
4705 * What is a reasonable size limit?
4706 */
4707 if (krb_reclen > 10 * 1024 * 1024) {
4708 return (-1);
4709 }
4710 if (do_col_protocol) {
4711 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4712 }
4713 if (tree) {
4714 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
4715 kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
4716 }
4717 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
4718 offset += 4;
4719 } else {
4720 /* Do some sanity checking here,
4721 * All krb5 packets start with a TAG class that is BER_CLASS_APP
4722 * and a tag value that is either of the values below:
4723 * If it doesnt look like kerberos, return 0 and let someone else have
4724 * a go at it.
4725 */
4726 gint8 tmp_class;
4727 gboolean tmp_pc;
4728 gint32 tmp_tag;
4729
4730 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
4731 if(tmp_class!=BER_CLASS_APP){
4732 return 0;
4733 }
4734 switch(tmp_tag){
4735 case KRB5_MSG_TICKET:
4736 case KRB5_MSG_AUTHENTICATOR:
4737 case KRB5_MSG_ENC_TICKET_PART:
4738 case KRB5_MSG_AS_REQ:
4739 case KRB5_MSG_AS_REP:
4740 case KRB5_MSG_TGS_REQ:
4741 case KRB5_MSG_TGS_REP:
4742 case KRB5_MSG_AP_REQ:
4743 case KRB5_MSG_AP_REP:
4744 case KRB5_MSG_ENC_AS_REP_PART:
4745 case KRB5_MSG_ENC_TGS_REP_PART:
4746 case KRB5_MSG_ENC_AP_REP_PART:
4747 case KRB5_MSG_ENC_KRB_PRIV_PART:
4748 case KRB5_MSG_ENC_KRB_CRED_PART:
4749 case KRB5_MSG_SAFE:
4750 case KRB5_MSG_PRIV:
4751 case KRB5_MSG_ERROR:
4752 break;
4753 default:
4754 return 0;
4755 }
4756 if (do_col_protocol) {
4757 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
4758 }
4759 if (gbl_do_col_info) {
4760 col_clear(pinfo->cinfo, COL_INFO);
4761 }
4762 if (tree) {
4763 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
4764 kerberos_tree = proto_item_add_subtree(item, ett_krb_kerberos);
4765 }
4766 }
4767 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
4768 asn1_ctx.private_data = cb;
4769
4770 TRY {
4771 offset=dissect_ber_old_choice(&asn1_ctx, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL);
4772 } CATCH_BOUNDS_ERRORS {
4773 RETHROW;
4774 } ENDTRY;
4775
4776 proto_item_set_len(item, offset);
4777 return offset;
4778 }
4779
4780 static void
4781 kerberos_prefs_apply_cb(void) {
4782 #ifdef HAVE_LIBNETTLE
4783 clear_keytab();
4784 read_keytab_file(keytab_filename);
4785 #endif
4786 }
4787
4788 void
4789 proto_register_kerberos(void)
4790 {
4791 static hf_register_info hf[] = {
4792 { &hf_krb_rm_reserved, {
4793 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
4794 TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
4795 { &hf_krb_rm_reclen, {
4796 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
4797 NULL, KRB_RM_RECLEN, NULL, HFILL }},
4798 { &hf_krb_transitedtype, {
4799 "Type", "kerberos.transited.type", FT_UINT32, BASE_DEC,
4800 VALS(krb5_transited_types), 0, "Transited Type", HFILL }},
4801 { &hf_krb_transitedcontents, {
4802 "Contents", "kerberos.transited.contents", FT_BYTES, BASE_NONE,
4803 NULL, 0, "Transited Contents string", HFILL }},
4804 { &hf_krb_keytype, {
4805 "Key type", "kerberos.keytype", FT_UINT32, BASE_DEC,
4806 VALS(krb5_encryption_types), 0, NULL, HFILL }},
4807 { &hf_krb_keyvalue, {
4808 "Key value", "kerberos.keyvalue", FT_BYTES, BASE_NONE,
4809 NULL, 0, "Key value (encryption key)", HFILL }},
4810 { &hf_krb_adtype, {
4811 "Type", "kerberos.adtype", FT_UINT32, BASE_DEC,
4812 VALS(krb5_ad_types), 0, "Authorization Data Type", HFILL }},
4813 { &hf_krb_IF_RELEVANT_type, {
4814 "Type", "kerberos.IF_RELEVANT.type", FT_UINT32, BASE_DEC,
4815 VALS(krb5_ad_types), 0, "IF-RELEVANT Data Type", HFILL }},
4816 { &hf_krb_advalue, {
4817 "Data", "kerberos.advalue", FT_BYTES, BASE_NONE,
4818 NULL, 0, "Authentication Data", HFILL }},
4819 { &hf_krb_IF_RELEVANT_value, {
4820 "Data", "kerberos.IF_RELEVANT.value", FT_BYTES, BASE_NONE,
4821 NULL, 0, "IF_RELEVANT Data", HFILL }},
4822 { &hf_krb_etype, {
4823 "Encryption type", "kerberos.etype", FT_INT32, BASE_DEC,
4824 VALS(krb5_encryption_types), 0, NULL, HFILL }},
4825 { &hf_krb_addr_type, {
4826 "Addr-type", "kerberos.addr_type", FT_UINT32, BASE_DEC,
4827 VALS(krb5_address_types), 0, "Address Type", HFILL }},
4828 { &hf_krb_pac_signature_type, {
4829 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
4830 NULL, 0, "PAC Signature Type", HFILL }},
4831 { &hf_krb_name_type, {
4832 "Name-type", "kerberos.name_type", FT_INT32, BASE_DEC,
4833 VALS(krb5_princ_types), 0, "Type of principal name", HFILL }},
4834 { &hf_krb_lr_type, {
4835 "Lr-type", "kerberos.lr_type", FT_UINT32, BASE_DEC,
4836 VALS(krb5_lr_types), 0, "Type of lastreq value", HFILL }},
4837 { &hf_krb_address_ip, {
4838 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
4839 NULL, 0, NULL, HFILL }},
4840 { &hf_krb_address_ipv6, {
4841 "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
4842 NULL, 0, NULL, HFILL }},
4843 { &hf_krb_address_netbios, {
4844 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
4845 NULL, 0, "NetBIOS Address and type", HFILL }},
4846 { &hf_krb_authtime, {
4847 "Authtime", "kerberos.authtime", FT_STRING, BASE_NONE,
4848 NULL, 0, "Time of initial authentication", HFILL }},
4849 { &hf_krb_SAFE_BODY_timestamp, {
4850 "Timestamp", "kerberos.SAFE_BODY.timestamp", FT_STRING, BASE_NONE,
4851 NULL, 0, "Timestamp of this SAFE_BODY", HFILL }},
4852 { &hf_krb_patimestamp, {
4853 "patimestamp", "kerberos.patimestamp", FT_STRING, BASE_NONE,
4854 NULL, 0, "Time of client", HFILL }},
4855 { &hf_krb_pausec, {
4856 "pausec", "kerberos.pausec", FT_UINT32, BASE_DEC,
4857 NULL, 0, "Microsecond component of client time", HFILL }},
4858 { &hf_krb_lr_time, {
4859 "Lr-time", "kerberos.lr_time", FT_STRING, BASE_NONE,
4860 NULL, 0, "Time of LR-entry", HFILL }},
4861 { &hf_krb_starttime, {
4862 "Start time", "kerberos.starttime", FT_STRING, BASE_NONE,
4863 NULL, 0, "The time after which the ticket is valid", HFILL }},
4864 { &hf_krb_endtime, {
4865 "End time", "kerberos.endtime", FT_STRING, BASE_NONE,
4866 NULL, 0, "The time after which the ticket has expired", HFILL }},
4867 { &hf_krb_key_expire, {
4868 "Key Expiration", "kerberos.key_expiration", FT_STRING, BASE_NONE,
4869 NULL, 0, "The time after which the key will expire", HFILL }},
4870 { &hf_krb_renew_till, {
4871 "Renew-till", "kerberos.renenw_till", FT_STRING, BASE_NONE,
4872 NULL, 0, "The maximum time we can renew the ticket until", HFILL }},
4873 { &hf_krb_rtime, {
4874 "rtime", "kerberos.rtime", FT_STRING, BASE_NONE,
4875 NULL, 0, "Renew Until timestamp", HFILL }},
4876 { &hf_krb_ctime, {
4877 "ctime", "kerberos.ctime", FT_STRING, BASE_NONE,
4878 NULL, 0, "Current Time on the client host", HFILL }},
4879 { &hf_krb_cusec, {
4880 "cusec", "kerberos.cusec", FT_UINT32, BASE_DEC,
4881 NULL, 0, "micro second component of client time", HFILL }},
4882 { &hf_krb_SAFE_BODY_usec, {
4883 "usec", "kerberos.SAFE_BODY.usec", FT_UINT32, BASE_DEC,
4884 NULL, 0, "micro second component of SAFE_BODY time", HFILL }},
4885 { &hf_krb_stime, {
4886 "stime", "kerberos.stime", FT_STRING, BASE_NONE,
4887 NULL, 0, "Current Time on the server host", HFILL }},
4888 { &hf_krb_susec, {
4889 "susec", "kerberos.susec", FT_UINT32, BASE_DEC,
4890 NULL, 0, "micro second component of server time", HFILL }},
4891 { &hf_krb_error_code, {
4892 "error_code", "kerberos.error_code", FT_UINT32, BASE_DEC,
4893 VALS(krb5_error_codes), 0, "Kerberos error code", HFILL }},
4894 { &hf_krb_from, {
4895 "from", "kerberos.from", FT_STRING, BASE_NONE,
4896 NULL, 0, "From when the ticket is to be valid (postdating)", HFILL }},
4897 { &hf_krb_till, {
4898 "till", "kerberos.till", FT_STRING, BASE_NONE,
4899 NULL, 0, "When the ticket will expire", HFILL }},
4900 { &hf_krb_name_string, {
4901 "Name", "kerberos.name_string", FT_STRING, BASE_NONE,
4902 NULL, 0, "String component that is part of a PrincipalName", HFILL }},
4903 { &hf_krb_provsrv_location, {
4904 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
4905 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
4906 { &hf_krb_e_text, {
4907 "e-text", "kerberos.e_text", FT_STRING, BASE_NONE,
4908 NULL, 0, "Additional (human readable) error description", HFILL }},
4909 { &hf_krb_s4u2self_auth, {
4910 "S4U2Self Auth", "kerberos.s4u2self.auth", FT_STRING, BASE_NONE,
4911 NULL, 0, "S4U2Self authentication string", HFILL }},
4912 { &hf_krb_realm, {
4913 "Realm", "kerberos.realm", FT_STRING, BASE_NONE,
4914 NULL, 0, "Name of the Kerberos Realm", HFILL }},
4915 { &hf_krb_srealm, {
4916 "SRealm", "kerberos.srealm", FT_STRING, BASE_NONE,
4917 NULL, 0, "Name of the Kerberos SRealm", HFILL }},
4918 { &hf_krb_prealm, {
4919 "Delegated Principal Realm", "kerberos.prealm", FT_STRING, BASE_NONE,
4920 NULL, 0, "Name of the Kerberos PRealm", HFILL }},
4921 { &hf_krb_crealm, {
4922 "Client Realm", "kerberos.crealm", FT_STRING, BASE_NONE,
4923 NULL, 0, "Name of the Clients Kerberos Realm", HFILL }},
4924 { &hf_krb_pac_clientname, {
4925 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
4926 NULL, 0, "Name of the Client in the PAC structure", HFILL }},
4927 { &hf_krb_msg_type, {
4928 "MSG Type", "kerberos.msg.type", FT_UINT32, BASE_DEC,
4929 VALS(krb5_msg_types), 0, "Kerberos Message Type", HFILL }},
4930 { &hf_krb_APOptions, {
4931 "APOptions", "kerberos.apoptions", FT_BYTES, BASE_NONE,
4932 NULL, 0, "Kerberos APOptions bitstring", HFILL }},
4933 { &hf_krb_APOptions_reserved, {
4934 "reserved", "kerberos.apoptions.reserved", FT_BOOLEAN, 32,
4935 TFS(&krb5_apoptions_reserved), 0x80000000, NULL, HFILL }},
4936 { &hf_krb_APOptions_use_session_key, {
4937 "Use Session Key", "kerberos.apoptions.use_session_key", FT_BOOLEAN, 32,
4938 TFS(&krb5_apoptions_use_session_key), 0x40000000, NULL, HFILL }},
4939 { &hf_krb_APOptions_mutual_required, {
4940 "Mutual required", "kerberos.apoptions.mutual_required", FT_BOOLEAN, 32,
4941 TFS(&krb5_apoptions_mutual_required), 0x20000000, NULL, HFILL }},
4942 { &hf_krb_KDCOptions, {
4943 "KDCOptions", "kerberos.kdcoptions", FT_BYTES, BASE_NONE,
4944 NULL, 0, "Kerberos KDCOptions bitstring", HFILL }},
4945 { &hf_krb_TicketFlags, {
4946 "Ticket Flags", "kerberos.ticketflags", FT_NONE, BASE_NONE,
4947 NULL, 0, "Kerberos Ticket Flags", HFILL }},
4948 { &hf_krb_TicketFlags_forwardable, {
4949 "Forwardable", "kerberos.ticketflags.forwardable", FT_BOOLEAN, 32,
4950 TFS(&krb5_ticketflags_forwardable), 0x40000000, "Flag controlling whether the tickets are forwardable or not", HFILL }},
4951 { &hf_krb_TicketFlags_forwarded, {
4952 "Forwarded", "kerberos.ticketflags.forwarded", FT_BOOLEAN, 32,
4953 TFS(&krb5_ticketflags_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
4954 { &hf_krb_TicketFlags_proxiable, {
4955 "Proxiable", "kerberos.ticketflags.proxiable", FT_BOOLEAN, 32,
4956 TFS(&krb5_ticketflags_proxiable), 0x10000000, "Flag controlling whether the tickets are proxiable or not", HFILL }},
4957 { &hf_krb_TicketFlags_proxy, {
4958 "Proxy", "kerberos.ticketflags.proxy", FT_BOOLEAN, 32,
4959 TFS(&krb5_ticketflags_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
4960 { &hf_krb_TicketFlags_allow_postdate, {
4961 "Allow Postdate", "kerberos.ticketflags.allow_postdate", FT_BOOLEAN, 32,
4962 TFS(&krb5_ticketflags_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
4963 { &hf_krb_TicketFlags_postdated, {
4964 "Postdated", "kerberos.ticketflags.postdated", FT_BOOLEAN, 32,
4965 TFS(&krb5_ticketflags_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
4966 { &hf_krb_TicketFlags_invalid, {
4967 "Invalid", "kerberos.ticketflags.invalid", FT_BOOLEAN, 32,
4968 TFS(&krb5_ticketflags_invalid), 0x01000000, "Whether this ticket is invalid or not", HFILL }},
4969 { &hf_krb_TicketFlags_renewable, {
4970 "Renewable", "kerberos.ticketflags.renewable", FT_BOOLEAN, 32,
4971 TFS(&krb5_ticketflags_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
4972 { &hf_krb_TicketFlags_initial, {
4973 "Initial", "kerberos.ticketflags.initial", FT_BOOLEAN, 32,
4974 TFS(&krb5_ticketflags_initial), 0x00400000, "Whether this ticket is an initial ticket or not", HFILL }},
4975 { &hf_krb_TicketFlags_pre_auth, {
4976 "Pre-Auth", "kerberos.ticketflags.pre_auth", FT_BOOLEAN, 32,
4977 TFS(&krb5_ticketflags_pre_auth), 0x00200000, "Whether this ticket is pre-authenticated or not", HFILL }},
4978 { &hf_krb_TicketFlags_hw_auth, {
4979 "HW-Auth", "kerberos.ticketflags.hw_auth", FT_BOOLEAN, 32,
4980 TFS(&krb5_ticketflags_hw_auth), 0x00100000, "Whether this ticket is hardware-authenticated or not", HFILL }},
4981 { &hf_krb_TicketFlags_transited_policy_checked, {
4982 "Transited Policy Checked", "kerberos.ticketflags.transited_policy_checked", FT_BOOLEAN, 32,
4983 TFS(&krb5_ticketflags_transited_policy_checked), 0x00080000, "Whether this ticket is transited policy checked or not", HFILL }},
4984 { &hf_krb_TicketFlags_ok_as_delegate, {
4985 "Ok As Delegate", "kerberos.ticketflags.ok_as_delegate", FT_BOOLEAN, 32,
4986 TFS(&krb5_ticketflags_ok_as_delegate), 0x00040000, "Whether this ticket is Ok As Delegate or not", HFILL }},
4987 { &hf_krb_KDC_REQ_BODY, {
4988 "KDC_REQ_BODY", "kerberos.kdc_req_body", FT_NONE, BASE_NONE,
4989 NULL, 0, "Kerberos KDC REQuest BODY", HFILL }},
4990 { &hf_krb_PRIV_BODY, {
4991 "PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE,
4992 NULL, 0, "Kerberos PRIVate BODY", HFILL }},
4993 { &hf_krb_CRED_BODY, {
4994 "CRED_BODY", "kerberos.cred_body", FT_NONE, BASE_NONE,
4995 NULL, 0, "Kerberos CREDential BODY", HFILL }},
4996 { &hf_krb_encrypted_PRIV, {
4997 "Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE,
4998 NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }},
4999 { &hf_krb_KDCOptions_forwardable, {
5000 "Forwardable", "kerberos.kdcoptions.forwardable", FT_BOOLEAN, 32,
5001 TFS(&krb5_kdcoptions_forwardable), 0x40000000, "Flag controlling whether the tickets are forwardable or not", HFILL }},
5002 { &hf_krb_KDCOptions_forwarded, {
5003 "Forwarded", "kerberos.kdcoptions.forwarded", FT_BOOLEAN, 32,
5004 TFS(&krb5_kdcoptions_forwarded), 0x20000000, "Has this ticket been forwarded?", HFILL }},
5005 { &hf_krb_KDCOptions_proxiable, {
5006 "Proxiable", "kerberos.kdcoptions.proxiable", FT_BOOLEAN, 32,
5007 TFS(&krb5_kdcoptions_proxiable), 0x10000000, "Flag controlling whether the tickets are proxiable or not", HFILL }},
5008 { &hf_krb_KDCOptions_proxy, {
5009 "Proxy", "kerberos.kdcoptions.proxy", FT_BOOLEAN, 32,
5010 TFS(&krb5_kdcoptions_proxy), 0x08000000, "Has this ticket been proxied?", HFILL }},
5011 { &hf_krb_KDCOptions_allow_postdate, {
5012 "Allow Postdate", "kerberos.kdcoptions.allow_postdate", FT_BOOLEAN, 32,
5013 TFS(&krb5_kdcoptions_allow_postdate), 0x04000000, "Flag controlling whether we allow postdated tickets or not", HFILL }},
5014 { &hf_krb_KDCOptions_postdated, {
5015 "Postdated", "kerberos.kdcoptions.postdated", FT_BOOLEAN, 32,
5016 TFS(&krb5_kdcoptions_postdated), 0x02000000, "Whether this ticket is postdated or not", HFILL }},
5017 { &hf_krb_KDCOptions_renewable, {
5018 "Renewable", "kerberos.kdcoptions.renewable", FT_BOOLEAN, 32,
5019 TFS(&krb5_kdcoptions_renewable), 0x00800000, "Whether this ticket is renewable or not", HFILL }},
5020 { &hf_krb_KDCOptions_constrained_delegation, {
5021 "Constrained Delegation", "kerberos.kdcoptions.constrained_delegation", FT_BOOLEAN, 32,
5022 TFS(&krb5_kdcoptions_constrained_delegation), 0x00020000, "Do we want a PAC containing constrained delegation info or not", HFILL }},
5023 { &hf_krb_KDCOptions_canonicalize, {
5024 "Canonicalize", "kerberos.kdcoptions.canonicalize", FT_BOOLEAN, 32,
5025 TFS(&krb5_kdcoptions_canonicalize), 0x00010000, "Do we want the KDC to canonicalize the principal or not", HFILL }},
5026 { &hf_krb_KDCOptions_opt_hardware_auth, {
5027 "Opt HW Auth", "kerberos.kdcoptions.opt_hardware_auth", FT_BOOLEAN, 32,
5028 NULL, 0x00100000, "Opt HW Auth flag", HFILL }},
5029 { &hf_krb_KDCOptions_disable_transited_check, {
5030 "Disable Transited Check", "kerberos.kdcoptions.disable_transited_check", FT_BOOLEAN, 32,
5031 TFS(&krb5_kdcoptions_disable_transited_check), 0x00000020, "Whether we should do transited checking or not", HFILL }},
5032 { &hf_krb_KDCOptions_renewable_ok, {
5033 "Renewable OK", "kerberos.kdcoptions.renewable_ok", FT_BOOLEAN, 32,
5034 TFS(&krb5_kdcoptions_renewable_ok), 0x00000010, "Whether we accept renewed tickets or not", HFILL }},
5035 { &hf_krb_KDCOptions_enc_tkt_in_skey, {
5036 "Enc-Tkt-in-Skey", "kerberos.kdcoptions.enc_tkt_in_skey", FT_BOOLEAN, 32,
5037 TFS(&krb5_kdcoptions_enc_tkt_in_skey), 0x00000008, "Whether the ticket is encrypted in the skey or not", HFILL }},
5038 { &hf_krb_KDCOptions_renew, {
5039 "Renew", "kerberos.kdcoptions.renew", FT_BOOLEAN, 32,
5040 TFS(&krb5_kdcoptions_renew), 0x00000002, "Is this a request to renew a ticket?", HFILL }},
5041 { &hf_krb_KDCOptions_validate, {
5042 "Validate", "kerberos.kdcoptions.validate", FT_BOOLEAN, 32,
5043 TFS(&krb5_kdcoptions_validate), 0x00000001, "Is this a request to validate a postdated ticket?", HFILL }},
5044 { &hf_krb_pvno, {
5045 "Pvno", "kerberos.pvno", FT_UINT32, BASE_DEC,
5046 NULL, 0, "Kerberos Protocol Version Number", HFILL }},
5047 { &hf_krb_kvno, {
5048 "Kvno", "kerberos.kvno", FT_UINT32, BASE_DEC,
5049 NULL, 0, "Version Number for the encryption Key", HFILL }},
5050 { &hf_krb_checksum_type, {
5051 "Type", "kerberos.checksum.type", FT_UINT32, BASE_DEC,
5052 VALS(krb5_checksum_types), 0, "Type of checksum", HFILL }},
5053 { &hf_krb_authenticator_vno, {
5054 "Authenticator vno", "kerberos.authenticator_vno", FT_UINT32, BASE_DEC,
5055 NULL, 0, "Version Number for the Authenticator", HFILL }},
5056 { &hf_krb_encrypted_authenticator_data, {
5057 "Authenticator data", "kerberos.authenticator.data", FT_BYTES, BASE_NONE,
5058 NULL, 0, "Data content of an encrypted authenticator", HFILL }},
5059 { &hf_krb_encrypted_EncKrbCredPart, {
5060 "enc EncKrbCredPart", "kerberos.EncKrbCredPart.encrypted", FT_BYTES, BASE_NONE,
5061 NULL, 0, "Encrypted EncKrbCredPart blob", HFILL }},
5062 { &hf_krb_encrypted_PA_ENC_TIMESTAMP, {
5063 "enc PA_ENC_TIMESTAMP", "kerberos.PA_ENC_TIMESTAMP.encrypted", FT_BYTES, BASE_NONE,
5064 NULL, 0, "Encrypted PA-ENC-TIMESTAMP blob", HFILL }},
5065 { &hf_krb_encrypted_enc_authorization_data, {
5066 "enc-authorization-data", "kerberos.enc_authorization_data.encrypted", FT_BYTES, BASE_NONE,
5067 NULL, 0, NULL, HFILL }},
5068 { &hf_krb_PAC_LOGON_INFO, {
5069 "PAC_LOGON_INFO", "kerberos.PAC_LOGON_INFO", FT_BYTES, BASE_NONE,
5070 NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
5071 { &hf_krb_PAC_CREDENTIAL_TYPE, {
5072 "PAC_CREDENTIAL_TYPE", "kerberos.PAC_CREDENTIAL_TYPE", FT_BYTES, BASE_NONE,
5073 NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
5074 { &hf_krb_PAC_SERVER_CHECKSUM, {
5075 "PAC_SERVER_CHECKSUM", "kerberos.PAC_SERVER_CHECKSUM", FT_BYTES, BASE_NONE,
5076 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
5077 { &hf_krb_PAC_PRIVSVR_CHECKSUM, {
5078 "PAC_PRIVSVR_CHECKSUM", "kerberos.PAC_PRIVSVR_CHECKSUM", FT_BYTES, BASE_NONE,
5079 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
5080 { &hf_krb_PAC_CLIENT_INFO_TYPE, {
5081 "PAC_CLIENT_INFO_TYPE", "kerberos.PAC_CLIENT_INFO_TYPE", FT_BYTES, BASE_NONE,
5082 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
5083 { &hf_krb_PAC_S4U_DELEGATION_INFO, {
5084 "PAC_S4U_DELEGATION_INFO", "kerberos.PAC_S4U_DELEGATION_INFO", FT_BYTES, BASE_NONE,
5085 NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }},
5086 { &hf_krb_PAC_UPN_DNS_INFO, {
5087 "UPN_DNS_INFO", "kerberos.PAC_UPN_DNS_INFO", FT_BYTES, BASE_NONE,
5088 NULL, 0, "UPN_DNS_INFO structure", HFILL }},
5089 { &hf_krb_checksum_checksum, {
5090 "checksum", "kerberos.checksum.checksum", FT_BYTES, BASE_NONE,
5091 NULL, 0, "Kerberos Checksum", HFILL }},
5092 { &hf_krb_ENC_PRIV, {
5093 "enc PRIV", "kerberos.ENC_PRIV", FT_BYTES, BASE_NONE,
5094 NULL, 0, "Encrypted PRIV blob", HFILL }},
5095 { &hf_krb_encrypted_Ticket_data, {
5096 "enc-part", "kerberos.ticket.data", FT_BYTES, BASE_NONE,
5097 NULL, 0, "The encrypted part of a ticket", HFILL }},
5098 { &hf_krb_encrypted_AP_REP_data, {
5099 "enc-part", "kerberos.aprep.data", FT_BYTES, BASE_NONE,
5100 NULL, 0, "The encrypted part of AP-REP", HFILL }},
5101 { &hf_krb_encrypted_KDC_REP_data, {
5102 "enc-part", "kerberos.kdcrep.data", FT_BYTES, BASE_NONE,
5103 NULL, 0, "The encrypted part of KDC-REP", HFILL }},
5104 { &hf_krb_PA_DATA_value, {
5105 "Value", "kerberos.padata.value", FT_BYTES, BASE_NONE,
5106 NULL, 0, "Content of the PADATA blob", HFILL }},
5107 { &hf_krb_etype_info_salt, {
5108 "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_NONE,
5109 NULL, 0, NULL, HFILL }},
5110 { &hf_krb_etype_info2_salt, {
5111 "Salt", "kerberos.etype_info2.salt", FT_BYTES, BASE_NONE,
5112 NULL, 0, NULL, HFILL }},
5113 { &hf_krb_etype_info2_s2kparams, {
5114 "Salt", "kerberos.etype_info.s2kparams", FT_BYTES, BASE_NONE,
5115 NULL, 0, "S2kparams", HFILL }},
5116 { &hf_krb_SAFE_BODY_user_data, {
5117 "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_NONE,
5118 NULL, 0, "SAFE BODY userdata field", HFILL }},
5119 { &hf_krb_PRIV_BODY_user_data, {
5120 "User Data", "kerberos.PRIV_BODY.user_data", FT_BYTES, BASE_NONE,
5121 NULL, 0, "PRIV BODY userdata field", HFILL }},
5122 { &hf_krb_pac_signature_signature, {
5123 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
5124 NULL, 0, "A PAC signature blob", HFILL }},
5125 { &hf_krb_PA_DATA_type, {
5126 "Type", "kerberos.padata.type", FT_INT32, BASE_DEC,
5127 VALS(krb5_preauthentication_types), 0, "Type of preauthentication data", HFILL }},
5128 { &hf_krb_nonce, {
5129 "Nonce", "kerberos.nonce", FT_UINT32, BASE_DEC,
5130 NULL, 0, "Kerberos Nonce random number", HFILL }},
5131 { &hf_krb_tkt_vno, {
5132 "Tkt-vno", "kerberos.tkt_vno", FT_UINT32, BASE_DEC,
5133 NULL, 0, "Version number for the Ticket format", HFILL }},
5134 { &hf_krb_KrbCredInfo, {
5135 "KrbCredInfo", "kerberos.KrbCredInfo", FT_NONE, BASE_NONE,
5136 NULL, 0, "This is a Kerberos KrbCredInfo", HFILL }},
5137 { &hf_krb_HostAddress, {
5138 "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_NONE,
5139 NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }},
5140 { &hf_krb_s_address, {
5141 "S-Address", "kerberos.s_address", FT_NONE, BASE_NONE,
5142 NULL, 0, "This is the Senders address", HFILL }},
5143 { &hf_krb_r_address, {
5144 "R-Address", "kerberos.r_address", FT_NONE, BASE_NONE,
5145 NULL, 0, "This is the Recipient address", HFILL }},
5146 { &hf_krb_key, {
5147 "key", "kerberos.key", FT_NONE, BASE_NONE,
5148 NULL, 0, "This is a Kerberos EncryptionKey sequence", HFILL }},
5149 { &hf_krb_subkey, {
5150 "Subkey", "kerberos.subkey", FT_NONE, BASE_NONE,
5151 NULL, 0, "This is a Kerberos subkey", HFILL }},
5152 { &hf_krb_seq_number, {
5153 "Seq Number", "kerberos.seq_number", FT_UINT32, BASE_DEC,
5154 NULL, 0, "This is a Kerberos sequence number", HFILL }},
5155 { &hf_krb_AuthorizationData, {
5156 "AuthorizationData", "kerberos.AuthorizationData", FT_NONE, BASE_NONE,
5157 NULL, 0, "This is a Kerberos AuthorizationData sequence", HFILL }},
5158 { &hf_krb_EncTicketPart, {
5159 "EncTicketPart", "kerberos.EncTicketPart", FT_NONE, BASE_NONE,
5160 NULL, 0, "This is a decrypted Kerberos EncTicketPart sequence", HFILL }},
5161 { &hf_krb_EncAPRepPart, {
5162 "EncAPRepPart", "kerberos.EncAPRepPart", FT_NONE, BASE_NONE,
5163 NULL, 0, "This is a decrypted Kerberos EncAPRepPart sequence", HFILL }},
5164 { &hf_krb_EncKrbPrivPart, {
5165 "EncKrbPrivPart", "kerberos.EncKrbPrivPart", FT_NONE, BASE_NONE,
5166 NULL, 0, "This is a decrypted Kerberos EncKrbPrivPart sequence", HFILL }},
5167 { &hf_krb_EncKrbCredPart, {
5168 "EncKrbCredPart", "kerberos.EncKrbCredPart", FT_NONE, BASE_NONE,
5169 NULL, 0, "This is a decrypted Kerberos EncKrbCredPart sequence", HFILL }},
5170 { &hf_krb_EncKDCRepPart, {
5171 "EncKDCRepPart", "kerberos.EncKDCRepPart", FT_NONE, BASE_NONE,
5172 NULL, 0, "This is a decrypted Kerberos EncKDCRepPart sequence", HFILL }},
5173 { &hf_krb_LastReq, {
5174 "LastReq", "kerberos.LastReq", FT_NONE, BASE_NONE,
5175 NULL, 0, "This is a LastReq sequence", HFILL }},
5176 { &hf_krb_Authenticator, {
5177 "Authenticator", "kerberos.Authenticator", FT_NONE, BASE_NONE,
5178 NULL, 0, "This is a decrypted Kerberos Authenticator sequence", HFILL }},
5179 { &hf_krb_Checksum, {
5180 "Checksum", "kerberos.Checksum", FT_NONE, BASE_NONE,
5181 NULL, 0, "This is a Kerberos Checksum sequence", HFILL }},
5182 { &hf_krb_HostAddresses, {
5183 "HostAddresses", "kerberos.hostaddresses", FT_NONE, BASE_NONE,
5184 NULL, 0, "This is a list of Kerberos HostAddress sequences", HFILL }},
5185 { &hf_krb_IF_RELEVANT, {
5186 "IF_RELEVANT", "kerberos.if_relevant", FT_NONE, BASE_NONE,
5187 NULL, 0, "This is a list of IF-RELEVANT sequences", HFILL }},
5188 { &hf_krb_etypes, {
5189 "Encryption Types", "kerberos.etypes", FT_NONE, BASE_NONE,
5190 NULL, 0, "This is a list of Kerberos encryption types", HFILL }},
5191 { &hf_krb_KrbCredInfos, {
5192 "Sequence of KrbCredInfo", "kerberos.KrbCredInfos", FT_NONE, BASE_NONE,
5193 NULL, 0, "This is a list of KrbCredInfo", HFILL }},
5194 { &hf_krb_sq_tickets, {
5195 "Tickets", "kerberos.sq.tickets", FT_NONE, BASE_NONE,
5196 NULL, 0, "This is a list of Kerberos Tickets", HFILL }},
5197 { &hf_krb_LastReqs, {
5198 "LastReqs", "kerberos.LastReqs", FT_NONE, BASE_NONE,
5199 NULL, 0, "This is a list of LastReq structures", HFILL }},
5200 { &hf_krb_sname, {
5201 "Server Name", "kerberos.sname", FT_NONE, BASE_NONE,
5202 NULL, 0, "This is the name part server's identity", HFILL }},
5203 { &hf_krb_pname, {
5204 "Delegated Principal Name", "kerberos.pname", FT_NONE, BASE_NONE,
5205 NULL, 0, "Identity of the delegated principal", HFILL }},
5206 { &hf_krb_cname, {
5207 "Client Name", "kerberos.cname", FT_NONE, BASE_NONE,
5208 NULL, 0, "The name part of the client principal identifier", HFILL }},
5209 { &hf_krb_authenticator_enc, {
5210 "Authenticator", "kerberos.authenticator", FT_NONE, BASE_NONE,
5211 NULL, 0, "Encrypted authenticator blob", HFILL }},
5212 { &hf_krb_CRED_enc, {
5213 "EncKrbCredPart", "kerberos.encrypted_cred", FT_NONE, BASE_NONE,
5214 NULL, 0, "Encrypted Cred blob", HFILL }},
5215 { &hf_krb_ticket_enc, {
5216 "enc-part", "kerberos.ticket.enc_part", FT_NONE, BASE_NONE,
5217 NULL, 0, "The structure holding the encrypted part of a ticket", HFILL }},
5218 { &hf_krb_AP_REP_enc, {
5219 "enc-part", "kerberos.aprep.enc_part", FT_NONE, BASE_NONE,
5220 NULL, 0, "The structure holding the encrypted part of AP-REP", HFILL }},
5221 { &hf_krb_KDC_REP_enc, {
5222 "enc-part", "kerberos.kdcrep.enc_part", FT_NONE, BASE_NONE,
5223 NULL, 0, "The structure holding the encrypted part of KDC-REP", HFILL }},
5224 { &hf_krb_e_data, {
5225 "e-data", "kerberos.e_data", FT_NONE, BASE_NONE,
5226 NULL, 0, "The e-data blob", HFILL }},
5227 { &hf_krb_padata, {
5228 "padata", "kerberos.padata", FT_NONE, BASE_NONE,
5229 NULL, 0, "Sequence of preauthentication data", HFILL }},
5230 { &hf_krb_ticket, {
5231 "Ticket", "kerberos.ticket", FT_NONE, BASE_NONE,
5232 NULL, 0, "This is a Kerberos Ticket", HFILL }},
5233 { &hf_krb_TransitedEncoding, {
5234 "TransitedEncoding", "kerberos.TransitedEncoding", FT_NONE, BASE_NONE,
5235 NULL, 0, "This is a Kerberos TransitedEncoding sequence", HFILL }},
5236 { &hf_krb_PA_PAC_REQUEST_flag, {
5237 "PAC Request", "kerberos.pac_request.flag", FT_BOOLEAN, BASE_NONE,
5238 NULL, 0, "This is a MS PAC Request Flag", HFILL }},
5239 { &hf_krb_w2k_pac_entries, {
5240 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
5241 NULL, 0, "Number of W2k PAC entries", HFILL }},
5242 { &hf_krb_w2k_pac_version, {
5243 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
5244 NULL, 0, "Version of PAC structures", HFILL }},
5245 { &hf_krb_w2k_pac_type, {
5246 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
5247 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
5248 { &hf_krb_w2k_pac_size, {
5249 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
5250 NULL, 0, "Size of W2k PAC entry", HFILL }},
5251 { &hf_krb_w2k_pac_offset, {
5252 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
5253 NULL, 0, "Offset to W2k PAC entry", HFILL }},
5254 { &hf_krb_pac_clientid, {
5255 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
5256 NULL, 0, "ClientID Timestamp", HFILL }},
5257 { &hf_krb_pac_namelen, {
5258 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
5259 NULL, 0, "Length of client name", HFILL }},
5260 { &hf_krb_pac_upn_flags, {
5261 "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX,
5262 NULL, 0, "UPN flags", HFILL }},
5263 { &hf_krb_pac_upn_dns_offset, {
5264 "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC,
5265 NULL, 0, NULL, HFILL }},
5266 { &hf_krb_pac_upn_dns_len, {
5267 "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC,
5268 NULL, 0, NULL, HFILL }},
5269 { &hf_krb_pac_upn_upn_offset, {
5270 "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC,
5271 NULL, 0, NULL, HFILL }},
5272 { &hf_krb_pac_upn_upn_len, {
5273 "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC,
5274 NULL, 0, NULL, HFILL }},
5275 { &hf_krb_pac_upn_upn_name, {
5276 "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE,
5277 NULL, 0, NULL, HFILL }},
5278 { &hf_krb_pac_upn_dns_name, {
5279 "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
5280 NULL, 0, NULL, HFILL }},
5281 { &hf_krb_e_checksum, {
5282 "e-checksum", "kerberos.e_checksum", FT_NONE, BASE_NONE,
5283 NULL, 0, "This is a Kerberos e-checksum", HFILL }},
5284 { &hf_krb_gssapi_len, {
5285 "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
5286 NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
5287 { &hf_krb_gssapi_bnd, {
5288 "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE,
5289 NULL, 0, "GSSAPI Bnd field", HFILL }},
5290 { &hf_krb_gssapi_c_flag_deleg, {
5291 "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
5292 TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }},
5293 { &hf_krb_gssapi_c_flag_mutual, {
5294 "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
5295 TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }},
5296 { &hf_krb_gssapi_c_flag_replay, {
5297 "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
5298 TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }},
5299 { &hf_krb_gssapi_c_flag_sequence, {
5300 "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
5301 TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }},
5302 { &hf_krb_gssapi_c_flag_conf, {
5303 "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
5304 TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }},
5305 { &hf_krb_gssapi_c_flag_integ, {
5306 "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
5307 TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }},
5308 { &hf_krb_gssapi_c_flag_dce_style, {
5309 "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
5310 TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }},
5311 { &hf_krb_gssapi_dlgopt, {
5312 "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
5313 NULL, 0, "GSSAPI DlgOpt", HFILL }},
5314 { &hf_krb_gssapi_dlglen, {
5315 "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
5316 NULL, 0, "GSSAPI DlgLen", HFILL }},
5317 { &hf_krb_smb_nt_status, {
5318 "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
5319 VALS(NT_errors), 0, "NT Status code", HFILL }},
5320 { &hf_krb_smb_unknown, {
5321 "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
5322 NULL, 0, NULL, HFILL }},
5323 { &hf_krb_midl_blob_len, {
5324 "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC,
5325 NULL, 0, "Length of NDR encoded data that follows", HFILL }},
5326 { &hf_krb_midl_fill_bytes, {
5327 "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX,
5328 NULL, 0, "Just some fill bytes", HFILL }},
5329 { &hf_krb_midl_version, {
5330 "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC,
5331 NULL, 0, "Version of pickling", HFILL }},
5332 { &hf_krb_midl_hdr_len, {
5333 "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC,
5334 NULL, 0, "Length of header", HFILL }},
5335
5336 };
5337
5338 static gint *ett[] = {
5339 &ett_krb_kerberos,
5340 &ett_krb_KDC_REP_enc,
5341 &ett_krb_sname,
5342 &ett_krb_pname,
5343 &ett_krb_cname,
5344 &ett_krb_AP_REP_enc,
5345 &ett_krb_padata,
5346 &ett_krb_etypes,
5347 &ett_krb_KrbCredInfos,
5348 &ett_krb_sq_tickets,
5349 &ett_krb_LastReqs,
5350 &ett_krb_IF_RELEVANT,
5351 &ett_krb_PA_DATA_tree,
5352 &ett_krb_s_address,
5353 &ett_krb_r_address,
5354 &ett_krb_KrbCredInfo,
5355 &ett_krb_HostAddress,
5356 &ett_krb_HostAddresses,
5357 &ett_krb_authenticator_enc,
5358 &ett_krb_CRED_enc,
5359 &ett_krb_AP_Options,
5360 &ett_krb_KDC_Options,
5361 &ett_krb_Ticket_Flags,
5362 &ett_krb_request,
5363 &ett_krb_recordmark,
5364 &ett_krb_ticket,
5365 &ett_krb_ticket_enc,
5366 &ett_krb_CRED,
5367 &ett_krb_PRIV,
5368 &ett_krb_PRIV_enc,
5369 &ett_krb_EncTicketPart,
5370 &ett_krb_EncAPRepPart,
5371 &ett_krb_EncKrbPrivPart,
5372 &ett_krb_EncKrbCredPart,
5373 &ett_krb_EncKDCRepPart,
5374 &ett_krb_LastReq,
5375 &ett_krb_Authenticator,
5376 &ett_krb_Checksum,
5377 &ett_krb_key,
5378 &ett_krb_subkey,
5379 &ett_krb_AuthorizationData,
5380 &ett_krb_TransitedEncoding,
5381 &ett_krb_PAC,
5382 &ett_krb_PAC_LOGON_INFO,
5383 &ett_krb_PAC_SERVER_CHECKSUM,
5384 &ett_krb_PAC_PRIVSVR_CHECKSUM,
5385 &ett_krb_PAC_CLIENT_INFO_TYPE,
5386 &ett_krb_PAC_S4U_DELEGATION_INFO,
5387 &ett_krb_e_checksum,
5388 &ett_krb_PAC_MIDL_BLOB,
5389 &ett_krb_PAC_DREP,
5390 &ett_krb_PAC_UPN_DNS_INFO
5391 };
5392 static ei_register_info ei[] = {
5393 { &ei_krb_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decrypted keytype", EXPFILL }},
5394 };
5395 module_t *krb_module;
5396 expert_module_t *expert_krb;
5397
5398 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
5399 proto_register_field_array(proto_kerberos, hf, array_length(hf));
5400 proto_register_subtree_array(ett, array_length(ett));
5401 expert_krb = expert_register_protocol(proto_kerberos);
5402 expert_register_field_array(expert_krb, ei, array_length(ei));
5403
5404 /* Register preferences */
5405 krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
5406 prefs_register_bool_preference(krb_module, "desegment",
5407 "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
5408 "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
5409 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5410 &krb_desegment);
5411 #ifdef HAVE_KERBEROS
5412 prefs_register_bool_preference(krb_module, "decrypt",
5413 "Try to decrypt Kerberos blobs",
5414 "Whether the dissector should try to decrypt "
5415 "encrypted Kerberos blobs. This requires that the proper "
5416 "keytab file is installed as well.",
5417 &krb_decrypt);
5418
5419 prefs_register_filename_preference(krb_module, "file",
5420 "Kerberos keytab file",
5421 "The keytab file containing all the secrets",
5422 &keytab_filename);
5423 #endif
5424
5425 }
5426
5427 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
5428 proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
5429 {
5430 tvbuff_t *auth_tvb;
5431
5432 auth_tvb = tvb_new_subset_remaining(tvb, offset);
5433
5434 dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
5435
5436 return tvb_length_remaining(tvb, offset);
5437 }
5438
5439
5440 static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = {
5441 wrap_dissect_gss_kerb, /* Bind */
5442 wrap_dissect_gss_kerb, /* Bind ACK */
5443 wrap_dissect_gss_kerb, /* AUTH3 */
5444 NULL, /* Request verifier */
5445 NULL, /* Response verifier */
5446 NULL, /* Request data */
5447 NULL /* Response data */
5448 };
5449
5450 static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = {
5451 wrap_dissect_gss_kerb, /* Bind */
5452 wrap_dissect_gss_kerb, /* Bind ACK */
5453 wrap_dissect_gss_kerb, /* AUTH3 */
5454 wrap_dissect_gssapi_verf, /* Request verifier */
5455 wrap_dissect_gssapi_verf, /* Response verifier */
5456 NULL, /* Request data */
5457 NULL /* Response data */
5458 };
5459
5460 static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = {
5461 wrap_dissect_gss_kerb, /* Bind */
5462 wrap_dissect_gss_kerb, /* Bind ACK */
5463 wrap_dissect_gss_kerb, /* AUTH3 */
5464 wrap_dissect_gssapi_verf, /* Request verifier */
5465 wrap_dissect_gssapi_verf, /* Response verifier */
5466 wrap_dissect_gssapi_payload, /* Request data */
5467 wrap_dissect_gssapi_payload /* Response data */
5468 };
5469
5470
5471 void
5472 proto_reg_handoff_kerberos(void)
5473 {
5474 dissector_handle_t kerberos_handle_tcp;
5475
5476 krb4_handle = find_dissector("krb4");
5477
5478 kerberos_handle_udp = new_create_dissector_handle(dissect_kerberos_udp,
5479 proto_kerberos);
5480 kerberos_handle_tcp = new_create_dissector_handle(dissect_kerberos_tcp,
5481 proto_kerberos);
5482 dissector_add_uint("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
5483 dissector_add_uint("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
5484
5485 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT,
5486 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5487 &gss_kerb_auth_connect_fns);
5488
5489 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
5490 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5491 &gss_kerb_auth_sign_fns);
5492
5493 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
5494 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
5495 &gss_kerb_auth_seal_fns);
5496
5497 }
5498
5499 /*
5500
5501 MISC definitions from RFC1510:
5502
5503 Realm ::= GeneralString
5504
5505 KerberosTime ::= GeneralizedTime
5506
5507 AuthorizationData ::= SEQUENCE OF SEQUENCE {
5508 ad-type[0] INTEGER,
5509 ad-data[1] OCTET STRING
5510 }
5511 APOptions ::= BIT STRING {
5512 reserved(0),
5513 use-session-key(1),
5514 mutual-required(2)
5515 }
5516
5517
5518 TicketFlags ::= BIT STRING {
5519 reserved(0),
5520 forwardable(1),
5521 forwarded(2),
5522 proxiable(3),
5523 proxy(4),
5524 may-postdate(5),
5525 postdated(6),
5526 invalid(7),
5527 renewable(8),
5528 initial(9),
5529 pre-authent(10),
5530 hw-authent(11)
5531 }
5532
5533 KDCOptions ::= BIT STRING {
5534 reserved(0),
5535 forwardable(1),
5536 forwarded(2),
5537 proxiable(3),
5538 proxy(4),
5539 allow-postdate(5),
5540 postdated(6),
5541 unused7(7),
5542 renewable(8),
5543 unused9(9),
5544 unused10(10),
5545 unused11(11),
5546 renewable-ok(27),
5547 enc-tkt-in-skey(28),
5548 renew(30),
5549 validate(31)
5550 }
5551
5552
5553 LastReq ::= SEQUENCE OF SEQUENCE {
5554 lr-type[0] INTEGER,
5555 lr-value[1] KerberosTime
5556 }
5557
5558 Ticket ::= [APPLICATION 1] SEQUENCE {
5559 tkt-vno[0] INTEGER,
5560 realm[1] Realm,
5561 sname[2] PrincipalName,
5562 enc-part[3] EncryptedData
5563 }
5564
5565 -- Encrypted part of ticket
5566 EncTicketPart ::= [APPLICATION 3] SEQUENCE {
5567 flags[0] TicketFlags,
5568 key[1] EncryptionKey,
5569 crealm[2] Realm,
5570 cname[3] PrincipalName,
5571 transited[4] TransitedEncoding,
5572 authtime[5] KerberosTime,
5573 starttime[6] KerberosTime OPTIONAL,
5574 endtime[7] KerberosTime,
5575 renew-till[8] KerberosTime OPTIONAL,
5576 caddr[9] HostAddresses OPTIONAL,
5577 authorization-data[10] AuthorizationData OPTIONAL
5578 }
5579
5580 -- encoded Transited field
5581 TransitedEncoding ::= SEQUENCE {
5582 tr-type[0] INTEGER, -- must be registered
5583 contents[1] OCTET STRING
5584 }
5585
5586 -- Unencrypted authenticator
5587 Authenticator ::= [APPLICATION 2] SEQUENCE {
5588 authenticator-vno[0] INTEGER,
5589 crealm[1] Realm,
5590 cname[2] PrincipalName,
5591 cksum[3] Checksum OPTIONAL,
5592 cusec[4] INTEGER,
5593 ctime[5] KerberosTime,
5594 subkey[6] EncryptionKey OPTIONAL,
5595 seq-number[7] INTEGER OPTIONAL,
5596 authorization-data[8] AuthorizationData OPTIONAL
5597 }
5598
5599 PA-DATA ::= SEQUENCE {
5600 padata-type[1] INTEGER,
5601 padata-value[2] OCTET STRING,
5602 -- might be encoded AP-REQ
5603 }
5604
5605 padata-type ::= PA-ENC-TIMESTAMP
5606 padata-value ::= EncryptedData -- PA-ENC-TS-ENC
5607
5608 PA-ENC-TS-ENC ::= SEQUENCE {
5609 patimestamp[0] KerberosTime, -- client's time
5610 pausec[1] INTEGER OPTIONAL
5611 }
5612
5613 EncASRepPart ::= [APPLICATION 25[25]] EncKDCRepPart
5614 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
5615
5616 EncKDCRepPart ::= SEQUENCE {
5617 key[0] EncryptionKey,
5618 last-req[1] LastReq,
5619 nonce[2] INTEGER,
5620 key-expiration[3] KerberosTime OPTIONAL,
5621 flags[4] TicketFlags,
5622 authtime[5] KerberosTime,
5623 starttime[6] KerberosTime OPTIONAL,
5624 endtime[7] KerberosTime,
5625 renew-till[8] KerberosTime OPTIONAL,
5626 srealm[9] Realm,
5627 sname[10] PrincipalName,
5628 caddr[11] HostAddresses OPTIONAL
5629 }
5630
5631 APOptions ::= BIT STRING {
5632 reserved(0),
5633 use-session-key(1),
5634 mutual-required(2)
5635 }
5636
5637 EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
5638 ctime[0] KerberosTime,
5639 cusec[1] INTEGER,
5640 subkey[2] EncryptionKey OPTIONAL,
5641 seq-number[3] INTEGER OPTIONAL
5642 }
5643
5644 KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
5645 pvno[0] INTEGER,
5646 msg-type[1] INTEGER,
5647 safe-body[2] KRB-SAFE-BODY,
5648 cksum[3] Checksum
5649 }
5650
5651 KRB-SAFE-BODY ::= SEQUENCE {
5652 user-data[0] OCTET STRING,
5653 timestamp[1] KerberosTime OPTIONAL,
5654 usec[2] INTEGER OPTIONAL,
5655 seq-number[3] INTEGER OPTIONAL,
5656 s-address[4] HostAddress,
5657 r-address[5] HostAddress OPTIONAL
5658 }
5659
5660 KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
5661 pvno[0] INTEGER,
5662 msg-type[1] INTEGER,
5663 enc-part[3] EncryptedData
5664 }
5665
5666 EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
5667 user-data[0] OCTET STRING,
5668 timestamp[1] KerberosTime OPTIONAL,
5669 usec[2] INTEGER OPTIONAL,
5670 seq-number[3] INTEGER OPTIONAL,
5671 s-address[4] HostAddress, -- sender's addr
5672 r-address[5] HostAddress OPTIONAL
5673 -- recip's addr
5674 }
5675
5676 KRB-CRED ::= [APPLICATION 22] SEQUENCE {
5677 pvno[0] INTEGER,
5678 msg-type[1] INTEGER, -- KRB_CRED
5679 tickets[2] SEQUENCE OF Ticket,
5680 enc-part[3] EncryptedData
5681 }
5682
5683 EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
5684 ticket-info[0] SEQUENCE OF KrbCredInfo,
5685 nonce[1] INTEGER OPTIONAL,
5686 timestamp[2] KerberosTime OPTIONAL,
5687 usec[3] INTEGER OPTIONAL,
5688 s-address[4] HostAddress OPTIONAL,
5689 r-address[5] HostAddress OPTIONAL
5690 }
5691
5692 KrbCredInfo ::= SEQUENCE {
5693 key[0] EncryptionKey,
5694 prealm[1] Realm OPTIONAL,
5695 pname[2] PrincipalName OPTIONAL,
5696 flags[3] TicketFlags OPTIONAL,
5697 authtime[4] KerberosTime OPTIONAL,
5698 starttime[5] KerberosTime OPTIONAL,
5699 endtime[6] KerberosTime OPTIONAL
5700 renew-till[7] KerberosTime OPTIONAL,
5701 srealm[8] Realm OPTIONAL,
5702 sname[9] PrincipalName OPTIONAL,
5703 caddr[10] HostAddresses OPTIONAL
5704 }
5705
5706 METHOD-DATA ::= SEQUENCE of PA-DATA
5707
5708 If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
5709 contain an encoding of the following sequence:
5710
5711 METHOD-DATA ::= SEQUENCE {
5712 method-type[0] INTEGER,
5713 method-data[1] OCTET STRING OPTIONAL
5714 }
5715
5716 EncryptionKey ::= SEQUENCE {
5717 keytype[0] INTEGER,
5718 keyvalue[1] OCTET STRING
5719 }
5720
5721 Checksum ::= SEQUENCE {
5722 cksumtype[0] INTEGER,
5723 checksum[1] OCTET STRING
5724 }
5725
5726 */