search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-kpasswd.c
blob7983dd5ff44b535d8faa3d46756a1be34db5b964
1 /* packet-kpasswd.c
2 * Routines for kpasswd packet dissection
3 * Ronnie Sahlberg 2003
4 *
5 * See RFC 3244
6 *
7 * $Id$
8 *
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28 #include "config.h"
29
30 #include <epan/packet.h>
31 #include <epan/asn1.h>
32 #include "packet-tcp.h"
33 #include "packet-kerberos.h"
34 #include "packet-ber.h"
35 #include <epan/prefs.h>
36
37 /* Desegment Kerberos over TCP messages */
38 static gboolean kpasswd_desegment = TRUE;
39
40 static int proto_kpasswd = -1;
41 static int hf_kpasswd_message_len = -1;
42 static int hf_kpasswd_version = -1;
43 static int hf_kpasswd_result = -1;
44 static int hf_kpasswd_result_string = -1;
45 static int hf_kpasswd_newpassword = -1;
46 static int hf_kpasswd_ap_req_len = -1;
47 static int hf_kpasswd_ap_req_data = -1;
48 static int hf_kpasswd_krb_priv_message = -1;
49 static int hf_kpasswd_ChangePasswdData = -1;
50
51 static gint ett_kpasswd = -1;
52 static gint ett_ap_req_data = -1;
53 static gint ett_krb_priv_message = -1;
54 static gint ett_ChangePasswdData = -1;
55
56
57 #define UDP_PORT_KPASSWD 464
58 #define TCP_PORT_KPASSWD 464
59
60
61 static const value_string vers_vals[] = {
62 { 0x0001, "Reply" },
63 { 0xff80, "Request" },
64 { 0, NULL },
65 };
66
67
68 /** Dissects AP-REQ or AP-REP part of password change. */
69 static void
70 dissect_kpasswd_ap_req_data(packet_info *pinfo _U_, tvbuff_t *tvb, proto_tree *parent_tree)
71 {
72 proto_item *it;
73 proto_tree *tree=NULL;
74
75 if(parent_tree){
76 it=proto_tree_add_item(parent_tree, hf_kpasswd_ap_req_data, tvb, 0, -1, ENC_NA);
77 tree=proto_item_add_subtree(it, ett_ap_req_data);
78 }
79 dissect_kerberos_main(tvb, pinfo, tree, FALSE, NULL);
80 }
81
82
83 static int dissect_kpasswd_newpassword(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
84 {
85 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kpasswd_newpassword, NULL);
86 return offset;
87 }
88
89 static ber_old_sequence_t ChangePasswdData_sequence[] = {
90 { BER_CLASS_CON, 0, 0, dissect_kpasswd_newpassword },
91 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_krb5_cname },
92 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_krb5_realm },
93 { 0, 0, 0, NULL }
94 };
95
96 static int
97 dissect_kpasswd_user_data_request(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
98 {
99 int offset=0;
100 asn1_ctx_t asn1_ctx;
101 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
102
103 offset=dissect_ber_old_sequence(FALSE, &asn1_ctx, tree, tvb, offset, ChangePasswdData_sequence, hf_kpasswd_ChangePasswdData, ett_ChangePasswdData);
104 return offset;
105 }
106
107 static kerberos_callbacks cb_req[] = {
108 { KRB_CBTAG_PRIV_USER_DATA, dissect_kpasswd_user_data_request },
109 { 0, NULL }
110 };
111
112 #define KRB5_KPASSWD_SUCCESS 0
113 #define KRB5_KPASSWD_MALFORMED 1
114 #define KRB5_KPASSWD_HARDERROR 2
115 #define KRB5_KPASSWD_AUTHERROR 3
116 #define KRB5_KPASSWD_SOFTERROR 4
117 #define KRB5_KPASSWD_ACCESSDENIED 5
118 #define KRB5_KPASSWD_BAD_VERSION 6
119 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
120 static const value_string kpasswd_result_types[] = {
121 { KRB5_KPASSWD_SUCCESS, "Success" },
122 { KRB5_KPASSWD_MALFORMED, "Malformed" },
123 { KRB5_KPASSWD_HARDERROR, "HardError" },
124 { KRB5_KPASSWD_AUTHERROR, "AuthError" },
125 { KRB5_KPASSWD_SOFTERROR, "SoftError" },
126 { KRB5_KPASSWD_ACCESSDENIED, "AccessDenied" },
127 { KRB5_KPASSWD_BAD_VERSION, "BadVersion" },
128 { KRB5_KPASSWD_INITIAL_FLAG_NEEDED, "InitialFlagNeeded" },
129 { 0, NULL }
130 };
131
132 static int
133 dissect_kpasswd_user_data_reply(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
134 {
135 int offset=0;
136 guint16 result;
137
138 /* result */
139 result = tvb_get_ntohs(tvb, offset);
140 proto_tree_add_uint(tree, hf_kpasswd_result, tvb, offset, 2, result);
141 offset+=2;
142 col_add_str(pinfo->cinfo, COL_INFO,
143 val_to_str(result, kpasswd_result_types, "Result: %u"));
144
145
146 /* optional result string */
147 if(tvb_reported_length_remaining(tvb, offset) > 0){
148 proto_tree_add_item(tree, hf_kpasswd_result_string, tvb, offset, tvb_reported_length_remaining(tvb, offset), ENC_ASCII|ENC_NA);
149 offset = tvb_reported_length(tvb);
150 }
151
152 return offset;
153 }
154
155
156 static kerberos_callbacks cb_rep[] = {
157 { KRB_CBTAG_PRIV_USER_DATA, dissect_kpasswd_user_data_reply },
158 { 0, NULL }
159 };
160
161 static gint
162 dissect_kpasswd_krb_priv_message(packet_info *pinfo _U_, tvbuff_t *tvb, proto_tree *parent_tree, gboolean isrequest)
163 {
164 proto_item *it;
165 proto_tree *tree=NULL;
166 gint offset;
167
168 if(parent_tree){
169 it=proto_tree_add_item(parent_tree, hf_kpasswd_krb_priv_message, tvb, 0, -1, ENC_NA);
170 tree=proto_item_add_subtree(it, ett_krb_priv_message);
171 }
172 if(isrequest){
173 offset = dissect_kerberos_main(tvb, pinfo, tree, FALSE, cb_req);
174 } else {
175 offset = dissect_kerberos_main(tvb, pinfo, tree, FALSE, cb_rep);
176 }
177
178 /* offset is bytes consumed in child tvb given to us */
179 return offset;
180 }
181
182
183 static gint
184 dissect_kpasswd_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean have_rm)
185 {
186 proto_item *kpasswd_item=NULL;
187 proto_tree *kpasswd_tree=NULL;
188 int offset = 0;
189 guint16 message_len, version, ap_req_len;
190 tvbuff_t *next_tvb;
191
192 /* TCP record mark and length */
193 guint32 krb_rm = 0;
194 gint krb_reclen = 0;
195 gint krb_rm_size = 0; /* bytes consumed by record mark: 0 or 4 */
196
197 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KPASSWD");
198 col_clear(pinfo->cinfo, COL_INFO);
199
200 /* can't pass have_rm to dissect_kerberos_main, so strip rm first */
201 if (have_rm) {
202 krb_rm = tvb_get_ntohl(tvb, offset);
203 krb_reclen = kerberos_rm_to_reclen(krb_rm);
204 krb_rm_size = 4;
205 /*
206 * What is a reasonable size limit?
207 */
208 if (krb_reclen > 10 * 1024 * 1024) {
209 return (-1);
210 }
211 offset += krb_rm_size;
212 }
213
214 /* it might be a KERBEROS ERROR */
215 if(tvb_get_guint8(tvb, offset)==0x7e){
216 /* TCP record mark, if any, not displayed. But hopefully
217 * KRB-ERROR dissection will proceed correctly. */
218 next_tvb=tvb_new_subset_remaining(tvb, offset);
219 return dissect_kerberos_main(next_tvb, pinfo, tree, FALSE, NULL);
220 }
221
222 message_len=tvb_get_ntohs(tvb, offset);
223 version=tvb_get_ntohs(tvb, offset+2);
224 ap_req_len=tvb_get_ntohs(tvb, offset+4);
225 if(tree){
226 kpasswd_item=proto_tree_add_item(tree, proto_kpasswd, tvb, offset-krb_rm_size, message_len+krb_rm_size, ENC_NA);
227 kpasswd_tree=proto_item_add_subtree(kpasswd_item, ett_kpasswd);
228 if (have_rm) {
229 show_krb_recordmark(kpasswd_tree, tvb, offset-krb_rm_size, krb_rm);
230 }
231 }
232
233 proto_tree_add_uint(kpasswd_tree, hf_kpasswd_message_len, tvb, offset, 2, message_len);
234 proto_tree_add_uint(kpasswd_tree, hf_kpasswd_version, tvb, offset+2, 2, version);
235 col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(version, vers_vals, "Unknown command"));
236 proto_tree_add_uint(kpasswd_tree, hf_kpasswd_ap_req_len, tvb, offset+4, 2, ap_req_len);
237 offset+=6;
238
239 /* AP-REQ / AP-REP data */
240 next_tvb=tvb_new_subset(tvb, offset, ap_req_len, ap_req_len);
241 dissect_kpasswd_ap_req_data(pinfo, next_tvb, kpasswd_tree);
242 offset+=ap_req_len;
243
244 /* KRB-PRIV message */
245 next_tvb=tvb_new_subset_remaining(tvb, offset);
246 offset += dissect_kpasswd_krb_priv_message(pinfo, next_tvb, kpasswd_tree, (version==0xff80));
247
248 proto_item_set_len(kpasswd_item, offset);
249 return offset;
250
251 }
252
253 static void
254 dissect_kpasswd_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
255 {
256 dissect_kpasswd_common(tvb, pinfo, tree, FALSE);
257 }
258
259 static int
260 dissect_kpasswd_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
261 {
262 pinfo->fragmented = TRUE;
263 if (dissect_kpasswd_common(tvb, pinfo, tree, TRUE) < 0) {
264 /*
265 * The dissector failed to recognize this as a valid
266 * Kerberos message. Mark it as a continuation packet.
267 */
268 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
269 }
270 return tvb_length(tvb);
271 }
272
273 static int
274 dissect_kpasswd_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
275 {
276 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KPASSWD");
277 col_clear(pinfo->cinfo, COL_INFO);
278
279 tcp_dissect_pdus(tvb, pinfo, tree, kpasswd_desegment, 4, get_krb_pdu_len, dissect_kpasswd_tcp_pdu, data);
280 return tvb_length(tvb);
281 }
282
283 void
284 proto_register_kpasswd(void)
285 {
286 static hf_register_info hf[] = {
287 { &hf_kpasswd_message_len,
288 { "Message Length", "kpasswd.message_len", FT_UINT16, BASE_DEC,
289 NULL, 0, NULL, HFILL }},
290 { &hf_kpasswd_ap_req_len,
291 { "AP_REQ Length", "kpasswd.ap_req_len", FT_UINT16, BASE_DEC,
292 NULL, 0, "Length of AP_REQ data", HFILL }},
293 { &hf_kpasswd_version,
294 { "Version", "kpasswd.version", FT_UINT16, BASE_HEX,
295 VALS(vers_vals), 0, NULL, HFILL }},
296 { &hf_kpasswd_result,
297 { "Result", "kpasswd.result", FT_UINT16, BASE_DEC,
298 VALS(kpasswd_result_types), 0, NULL, HFILL }},
299 { &hf_kpasswd_result_string,
300 { "Result String", "kpasswd.result_string", FT_STRING, BASE_NONE,
301 NULL, 0, NULL, HFILL }},
302 { &hf_kpasswd_newpassword,
303 { "New Password", "kpasswd.new_password", FT_STRING, BASE_NONE,
304 NULL, 0, NULL, HFILL }},
305 { &hf_kpasswd_ap_req_data,
306 { "AP_REQ", "kpasswd.ap_req", FT_NONE, BASE_NONE,
307 NULL, 0, "AP_REQ structure", HFILL }},
308 { &hf_kpasswd_krb_priv_message,
309 { "KRB-PRIV", "kpasswd.krb_priv", FT_NONE, BASE_NONE,
310 NULL, 0, "KRB-PRIV message", HFILL }},
311 { &hf_kpasswd_ChangePasswdData, {
312 "ChangePasswdData", "kpasswd.ChangePasswdData", FT_NONE, BASE_NONE,
313 NULL, 0, "Change Password Data structure", HFILL }},
314 };
315
316 static gint *ett[] = {
317 &ett_kpasswd,
318 &ett_ap_req_data,
319 &ett_krb_priv_message,
320 &ett_ChangePasswdData,
321 };
322 module_t *kpasswd_module;
323
324 proto_kpasswd = proto_register_protocol("MS Kpasswd",
325 "Kpasswd", "kpasswd");
326 proto_register_field_array(proto_kpasswd, hf, array_length(hf));
327 proto_register_subtree_array(ett, array_length(ett));
328
329 /* Register preferences */
330 kpasswd_module = prefs_register_protocol(proto_kpasswd, NULL);
331 prefs_register_bool_preference(kpasswd_module, "desegment",
332 "Reassemble Kpasswd over TCP messages spanning multiple TCP segments",
333 "Whether the Kpasswd dissector should reassemble messages spanning multiple TCP segments."
334 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
335 &kpasswd_desegment);
336 }
337
338 void
339 proto_reg_handoff_kpasswd(void)
340 {
341 dissector_handle_t kpasswd_handle_udp;
342 dissector_handle_t kpasswd_handle_tcp;
343
344 kpasswd_handle_udp = create_dissector_handle(dissect_kpasswd_udp, proto_kpasswd);
345 kpasswd_handle_tcp = new_create_dissector_handle(dissect_kpasswd_tcp, proto_kpasswd);
346 dissector_add_uint("udp.port", UDP_PORT_KPASSWD, kpasswd_handle_udp);
347 dissector_add_uint("tcp.port", TCP_PORT_KPASSWD, kpasswd_handle_tcp);
348 }