epan/dissectors/packet-dcerpc-krb5rpc.c

   1 /* packet-dcerpc-krb5rpc.c
   2  *
   3  * Routines for dcerpc DCE/KRB5 interface
   4  * Copyright 2002, Jaime Fournier <Jaime.Fournier@hush.com>
   5  * This information is based off the released idl files from opengroup.
   6  * ftp://ftp.opengroup.org/pub/dce122/dce/src/security.tar.gz security/idl/krb5rpc.idl
   7  *
   8  * $Id$
   9  *
  10  * Wireshark - Network traffic analyzer
  11  * By Gerald Combs <gerald@wireshark.org>
  12  * Copyright 1998 Gerald Combs
  13  *
  14  * This program is free software; you can redistribute it and/or
  15  * modify it under the terms of the GNU General Public License
  16  * as published by the Free Software Foundation; either version 2
  17  * of the License, or (at your option) any later version.
  18  *
  19  * This program is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with this program; if not, write to the Free Software
  26  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  27  */
  28
  29 #include "config.h"
  30
  31
  32 #include <glib.h>
  33 #include <epan/packet.h>
  34 #include <epan/asn1.h>
  35 #include "packet-dcerpc.h"
  36 #include "packet-kerberos.h"
  37 #include "packet-dcerpc-dce122.h"
  38
  39 static int proto_krb5rpc = -1;
  40
  41 static gint ett_krb5rpc = -1;
  42
  43
  44 static e_uuid_t uuid_krb5rpc =
  45   { 0x8f73de50, 0x768c, 0x11ca, {0xbf, 0xfc, 0x08, 0x00, 0x1e, 0x03, 0x94,
  46                                  0x31}
  47 };
  48 static guint16 ver_krb5rpc = 1;
  49 static int hf_krb5rpc_opnum = -1;
  50 static int hf_krb5rpc_sendto_kdc_rqst_keysize = -1;
  51 static int hf_krb5rpc_sendto_kdc_rqst_spare1 = -1;
  52 static int hf_krb5rpc_sendto_kdc_resp_len = -1;
  53 static int hf_krb5rpc_sendto_kdc_resp_max = -1;
  54 static int hf_krb5rpc_sendto_kdc_resp_spare1 = -1;
  55 static int hf_krb5rpc_sendto_kdc_resp_keysize = -1;
  56 /* static int hf_krb5rpc_sendto_kdc_resp_st = -1; */
  57 static int hf_krb5rpc_krb5 = -1;
  58 static gint ett_krb5rpc_krb5 = -1;
  59
  60 static int
  61 krb5rpc_dissect_sendto_kdc_rqst (tvbuff_t * tvb, int offset,
  62                                  packet_info * pinfo, proto_tree * tree,
  63                                  dcerpc_info *di, guint8 *drep)
  64 {
  65   guint32 keysize, spare1, remain;
  66   proto_item *item;
  67   tvbuff_t *krb5_tvb;
  68   proto_tree *subtree;
  69
  70
  71   /*
  72    *        [in]        handle_t        h,
  73    *        [in]        unsigned32      len,
  74    *        [in, size_is(len)]
  75    *        byte            message[],
  76    *        [in]        unsigned32      out_buf_len,
  77    */
  78
  79   offset =
  80     dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
  81                         hf_krb5rpc_sendto_kdc_rqst_keysize, &keysize);
  82   offset =
  83     dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
  84                         hf_krb5rpc_sendto_kdc_rqst_spare1, &spare1);
  85   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA);
  86   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
  87
  88   remain = tvb_length_remaining(tvb, offset);
  89   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
  90   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
  91
  92
  93   return offset;
  94 }
  95
  96
  97 static int
  98 krb5rpc_dissect_sendto_kdc_resp (tvbuff_t * tvb, int offset,
  99                                  packet_info * pinfo, proto_tree * tree,
 100                                  dcerpc_info *di, guint8 *drep)
 101 {
 102   guint32 resp_len, maxsize, spare1, keysize, remain;
 103   proto_item *item;
 104   tvbuff_t *krb5_tvb;
 105   proto_tree *subtree;
 106
 107
 108   /*
 109    *
 110    *        [out]       unsigned32      *resp_len,
 111    *        [out, length_is(*resp_len), size_is(out_buf_len)]
 112    *        byte            out_buf[],
 113    *        [out]       error_status_t  *st unsigned long
 114    *
 115    */
 116
 117   offset =
 118     dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
 119                         hf_krb5rpc_sendto_kdc_resp_len, &resp_len);
 120   offset =
 121     dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
 122                         hf_krb5rpc_sendto_kdc_resp_max, &maxsize);
 123   offset =
 124     dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
 125                         hf_krb5rpc_sendto_kdc_resp_spare1, &spare1);
 126   offset =
 127     dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
 128                         hf_krb5rpc_sendto_kdc_resp_keysize, &keysize);
 129
 130
 131   item = proto_tree_add_item (tree, hf_krb5rpc_krb5, tvb, offset, -1, ENC_NA);
 132   subtree = proto_item_add_subtree (item, ett_krb5rpc_krb5);
 133   remain = tvb_length_remaining(tvb, offset);
 134   krb5_tvb = tvb_new_subset (tvb, offset, remain, remain);
 135
 136   offset = dissect_kerberos_main (krb5_tvb, pinfo, subtree, TRUE, NULL);
 137   offset += 16; /* no idea what this is, probably just extended encrypted text. */
 138
 139   return offset;
 140 }
 141
 142
 143 static dcerpc_sub_dissector krb5rpc_dissectors[] = {
 144   {0, "rsec_krb5rpc_sendto_kdc", krb5rpc_dissect_sendto_kdc_rqst,
 145    krb5rpc_dissect_sendto_kdc_resp},
 146   {0, NULL, NULL, NULL},
 147 };
 148
 149
 150 void
 151 proto_register_krb5rpc (void)
 152 {
 153   static hf_register_info hf[] = {
 154     {&hf_krb5rpc_opnum,
 155      {"Opnum", "krb5rpc.opnum", FT_UINT16, BASE_DEC, NULL, 0x0,
 156       NULL, HFILL }},
 157     {&hf_krb5rpc_sendto_kdc_rqst_keysize,
 158      {"Request keysize",
 159       "krb5rpc.sendto_kdc_rqst_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 160       NULL, HFILL}},
 161     {&hf_krb5rpc_sendto_kdc_rqst_spare1,
 162      {"Request spare1",
 163       "krb5rpc.sendto_kdc_rqst_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL,
 164       HFILL}},
 165     {&hf_krb5rpc_sendto_kdc_resp_len,
 166      {"Response length", "krb5rpc.sendto_kdc_resp_len",
 167       FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 168     {&hf_krb5rpc_sendto_kdc_resp_max,
 169      {"Response max", "krb5rpc.sendto_kdc_resp_max",
 170       FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 171     {&hf_krb5rpc_sendto_kdc_resp_spare1,
 172      {"Response spare1",
 173       "krb5rpc.sendto_kdc_resp_spare1", FT_UINT32, BASE_DEC, NULL, 0x0, NULL,
 174       HFILL}},
 175     {&hf_krb5rpc_sendto_kdc_resp_keysize,
 176      {"Response key size",
 177       "krb5rpc.sendto_kdc_resp_keysize", FT_UINT32, BASE_DEC, NULL, 0x0,
 178       NULL, HFILL}},
 179 #if 0
 180     {&hf_krb5rpc_sendto_kdc_resp_st,
 181      {"Response st", "krb5rpc.sendto_kdc_resp_st",
 182       FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL}},
 183 #endif
 184     {&hf_krb5rpc_krb5,
 185      {"krb5", "krb5rpc.krb5", FT_BYTES, BASE_NONE, NULL, 0x0,
 186       "krb5 blob", HFILL}},
 187
 188   };
 189
 190   static gint *ett[] = {
 191     &ett_krb5rpc,
 192     &ett_krb5rpc_krb5,
 193   };
 194   proto_krb5rpc =
 195     proto_register_protocol ("DCE/RPC Kerberos V", "KRB5RPC", "krb5rpc");
 196   proto_register_field_array (proto_krb5rpc, hf, array_length (hf));
 197   proto_register_subtree_array (ett, array_length (ett));
 198 }
 199
 200 void
 201 proto_reg_handoff_krb5rpc (void)
 202 {
 203   /* Register the protocol as dcerpc */
 204   dcerpc_init_uuid (proto_krb5rpc, ett_krb5rpc, &uuid_krb5rpc, ver_krb5rpc,
 205                     krb5rpc_dissectors, hf_krb5rpc_opnum);
 206 }