1# kerberos.cnf 2# kerberos conformation file 3# Copyright 2008 Anders Broman 4 5#.EXPORTS 6ChangePasswdData 7Applications ONLY_ENUM 8TGT-REQ 9TGT-REP 10 11#.FIELD_RENAME 12Authenticator/_untag/subkey authenticator_subkey 13KDC-REQ-BODY/etype kDC-REQ-BODY_etype 14KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data 15EncKrbPrivPart/user-data encKrbPrivPart_user_data 16EncryptedTicketData/cipher encryptedTicketData_cipher 17EncryptedAuthenticator/cipher encryptedAuthenticator_cipher 18EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher 19EncryptedKDCREPData/cipher encryptedKDCREPData_cipher 20PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher 21EncryptedAPREPData/cipher encryptedAPREPData_cipher 22EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher 23EncryptedKrbCredData/cipher encryptedKrbCredData_cipher 24EncryptedKrbFastReq/cipher encryptedKrbFastReq_cipher 25EncryptedKrbFastResponse/cipher encryptedKrbFastResponse_cipher 26EncryptedChallenge/cipher encryptedChallenge_cipher 27EncAPRepPart/_untag/subkey encAPRepPart_subkey 28EncTicketPart/_untag/key encTicketPart_key 29EncKDCRepPart/key encKDCRepPart_key 30KRB-CRED/_untag/enc-part kRB_CRED_enc_part 31KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part 32KrbCredInfo/key krbCredInfo_key 33AP-REP/_untag/enc-part aP_REP_enc_part 34KDC-REP/enc-part kDC_REP_enc_part 35Ticket/_untag/enc-part ticket_enc_part 36ETYPE-INFO-ENTRY/salt info_salt 37ETYPE-INFO2-ENTRY/salt info2_salt 38AP-REQ/_untag/authenticator authenticator_enc_part 39PA-FX-FAST-REQUEST/armored-data armored_data_request 40PA-FX-FAST-REPLY/armored-data armored_data_reply 41PA-KERB-KEY-LIST-REP/_item kerbKeyListRep_key 42 43#.FIELD_ATTR 44KDC-REQ-BODY/etype ABBREV=kdc-req-body.etype 45ETYPE-INFO-ENTRY/salt ABBREV=info_salt 46ETYPE-INFO2-ENTRY/salt ABBREV=info2_salt 47PA-KERB-KEY-LIST-REP/_item ABBREV=kerbKeyListRep.key NAME="key" 48 49#.OMIT_ASSIGNMENT 50AD-AND-OR 51AD-KDCIssued 52AD-LoginAlias 53AD-MANDATORY-FOR-KDC 54ChangePasswdDataMS 55EncryptedData 56EtypeList 57FastOptions 58KerberosFlags 59KrbFastFinished 60KrbFastResponse 61KrbFastReq 62KRB5SignedPath 63KRB5SignedPathData 64KRB5SignedPathPrincipals 65Krb5int32 66Krb5uint32 67PA-AUTHENTICATION-SET 68PA-ClientCanonicalized 69PA-ClientCanonicalizedNames 70PA-ENC-TS-ENC 71PA-ENC-SAM-RESPONSE-ENC 72PA-SAM-CHALLENGE-2 73PA-SAM-CHALLENGE-2-BODY 74PA-SAM-REDIRECT 75PA-SAM-RESPONSE-2 76PA-SAM-TYPE 77PA-SERVER-REFERRAL-DATA 78PA-ServerReferralData 79PA-SvrReferralData 80Principal 81PROV-SRV-LOCATION 82SAMFlags 83TYPED-DATA 84 85#.NO_EMIT ONLY_VALS 86Applications 87PA-FX-FAST-REPLY 88PA-FX-FAST-REQUEST 89 90#.MAKE_DEFINES 91ADDR-TYPE TYPE_PREFIX 92Applications TYPE_PREFIX 93 94#.MAKE_ENUM 95PADATA-TYPE PROT_PREFIX UPPER_CASE 96AUTHDATA-TYPE PROT_PREFIX UPPER_CASE 97KrbFastArmorTypes PROT_PREFIX UPPER_CASE 98 99#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype 100 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 101 guint32 msgtype; 102 103%(DEFAULT_BODY)s 104 105#.FN_FTR MESSAGE-TYPE 106 if (gbl_do_col_info) { 107 col_add_str(actx->pinfo->cinfo, COL_INFO, 108 val_to_str(msgtype, krb5_msg_types, 109 "Unknown msg type %#x")); 110 } 111 gbl_do_col_info=FALSE; 112 113##if 0 114 /* append the application type to the tree */ 115 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x")); 116##endif 117 if (private_data->msg_type == 0) { 118 private_data->msg_type = msgtype; 119 } 120 121#.FN_BODY ERROR-CODE VAL_PTR = &private_data->errorcode 122 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 123%(DEFAULT_BODY)s 124 125#.FN_FTR ERROR-CODE 126 if (private_data->errorcode) { 127 col_add_fstr(actx->pinfo->cinfo, COL_INFO, 128 "KRB Error: %s", 129 val_to_str(private_data->errorcode, krb5_error_codes, 130 "Unknown error code %#x")); 131 } 132 133#.END 134#.FN_BODY KRB-ERROR/_untag/e-data 135 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 136 137 switch (private_data->errorcode) { 138 case KRB5_ET_KRB5KDC_ERR_BADOPTION: 139 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED: 140 case KRB5_ET_KRB5KDC_ERR_KEY_EXP: 141 case KRB5_ET_KRB5KDC_ERR_POLICY: 142 /* ms windows kdc sends e-data of this type containing a "salt" 143 * that contains the nt_status code for these error codes. 144 */ 145 private_data->try_nt_status = TRUE; 146 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA); 147 break; 148 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED: 149 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED: 150 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP: 151 case KRB5_ET_KDC_ERR_WRONG_REALM: 152 case KRB5_ET_KDC_ERR_PREAUTH_EXPIRED: 153 case KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED: 154 case KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET: 155 case KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS: 156 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA); 157 break; 158 default: 159 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL); 160 break; 161 } 162 163 164#.FN_BODY PADATA-TYPE VAL_PTR=&(private_data->padata_type) 165 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 166%(DEFAULT_BODY)s 167#.FN_FTR PADATA-TYPE 168 if(tree){ 169 proto_item_append_text(tree, " %s", 170 val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals, 171 "Unknown:%d")); 172 } 173 174#.FN_BODY PA-DATA/padata-value 175 proto_tree *sub_tree=tree; 176 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 177 178 if(actx->created_item){ 179 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA); 180 } 181 182 switch(private_data->padata_type){ 183 case KERBEROS_PA_TGS_REQ: 184 private_data->within_PA_TGS_REQ++; 185 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); 186 private_data->within_PA_TGS_REQ--; 187 break; 188 case KERBEROS_PA_PK_AS_REP_19: 189 private_data->is_win2k_pkinit = TRUE; 190 if (kerberos_private_is_kdc_req(private_data)) { 191 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k); 192 } else { 193 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k); 194 } 195 break; 196 case KERBEROS_PA_PK_AS_REQ: 197 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq); 198 break; 199 case KERBEROS_PA_PK_AS_REP: 200 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep); 201 break; 202 case KERBEROS_PA_PAC_REQUEST: 203 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST); 204 break; 205 case KERBEROS_PA_FOR_USER: /* S4U2SELF */ 206 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); 207 break; 208 case KERBEROS_PA_FOR_X509_USER: 209 if(private_data->msg_type == KRB5_MSG_AS_REQ){ 210 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate); 211 }else if(private_data->is_enc_padata){ 212 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); 213 }else{ 214 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER); 215 } 216 break; 217 case KERBEROS_PA_PROV_SRV_LOCATION: 218 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION); 219 break; 220 case KERBEROS_PA_ENC_TIMESTAMP: 221 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP); 222 break; 223 case KERBEROS_PA_ETYPE_INFO: 224 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO); 225 break; 226 case KERBEROS_PA_ETYPE_INFO2: 227 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2); 228 break; 229 case KERBEROS_PA_PW_SALT: 230 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT); 231 break; 232 case KERBEROS_PA_AUTH_SET_SELECTED: 233 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); 234 break; 235 case KERBEROS_PA_FX_FAST: 236 if (kerberos_private_is_kdc_req(private_data)) { 237 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST); 238 }else{ 239 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY); 240 } 241 break; 242 case KERBEROS_PA_FX_ERROR: 243 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); 244 break; 245 case KERBEROS_PA_ENCRYPTED_CHALLENGE: 246 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge); 247 break; 248 case KERBEROS_PA_KERB_KEY_LIST_REQ: 249 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ); 250 break; 251 case KERBEROS_PA_KERB_KEY_LIST_REP: 252 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP); 253 break; 254 case KERBEROS_PA_SUPPORTED_ETYPES: 255 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES); 256 break; 257 case KERBEROS_PA_PAC_OPTIONS: 258 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS); 259 break; 260 case KERBEROS_PA_REQ_ENC_PA_REP: 261 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum); 262 break; 263 case KERBEROS_PA_SPAKE: 264 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE); 265 break; 266 default: 267 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); 268 break; 269 } 270 271#.FN_BODY HostAddress/address 272 gint8 appclass; 273 gboolean pc; 274 gint32 tag; 275 guint32 len; 276 const char *address_str; 277 proto_item *it=NULL; 278 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 279 280 /* read header and len for the octet string */ 281 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag); 282 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); 283 284 switch(private_data->addr_type){ 285 case KERBEROS_ADDR_TYPE_IPV4: 286 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN); 287 address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset); 288 break; 289 case KERBEROS_ADDR_TYPE_NETBIOS: 290 { 291 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1]; 292 int netbios_name_type; 293 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1; 294 295 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len); 296 address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type); 297 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type)); 298 } 299 break; 300 case KERBEROS_ADDR_TYPE_IPV6: 301 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA); 302 address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset); 303 break; 304 default: 305 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len); 306 address_str = NULL; 307 break; 308 } 309 310 /* push it up two levels in the decode pane */ 311 if(it && address_str){ 312 proto_item_append_text(proto_item_get_parent(it), " %s",address_str); 313 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str); 314 } 315 316 offset+=len; 317 318 319#.TYPE_ATTR 320#xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals) 321 322#.FN_BODY ENCTYPE VAL_PTR=&(private_data->etype) 323 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 324%(DEFAULT_BODY)s 325 326#.FN_BODY EncryptedTicketData/cipher 327##ifdef HAVE_KERBEROS 328 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); 329##else 330%(DEFAULT_BODY)s 331##endif 332 333#.FN_BODY EncryptedAuthorizationData/cipher 334##ifdef HAVE_KERBEROS 335 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data); 336##else 337%(DEFAULT_BODY)s 338##endif 339 340#.FN_BODY EncryptedAuthenticator/cipher 341##ifdef HAVE_KERBEROS 342 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); 343##else 344%(DEFAULT_BODY)s 345##endif 346 347#.FN_BODY EncryptedKDCREPData/cipher 348##ifdef HAVE_KERBEROS 349 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); 350##else 351%(DEFAULT_BODY)s 352##endif 353 354#.FN_BODY PA-ENC-TIMESTAMP/cipher 355##ifdef HAVE_KERBEROS 356 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); 357##else 358%(DEFAULT_BODY)s 359##endif 360 361#.FN_BODY EncryptedAPREPData/cipher 362##ifdef HAVE_KERBEROS 363 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); 364##else 365%(DEFAULT_BODY)s 366##endif 367 368#.FN_BODY EncryptedKrbPrivData/cipher 369##ifdef HAVE_KERBEROS 370 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); 371##else 372%(DEFAULT_BODY)s 373##endif 374 375#.FN_BODY EncryptedKrbCredData/cipher 376##ifdef HAVE_KERBEROS 377 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); 378##else 379%(DEFAULT_BODY)s 380##endif 381 382#.FN_BODY CKSUMTYPE VAL_PTR=&(private_data->checksum_type) 383 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 384%(DEFAULT_BODY)s 385 386#.FN_BODY Checksum/checksum 387 tvbuff_t *next_tvb; 388 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 389 390 switch(private_data->checksum_type){ 391 case KRB5_CHKSUM_GSSAPI: 392 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb); 393 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb); 394 break; 395 default: 396 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL); 397 break; 398 } 399 400#.FN_BODY EncryptionKey/keytype VAL_PTR=&gbl_keytype 401 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 402 403 private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item, 404 tvb, 0, 0, ENC_NA); 405 if (private_data->key_hidden_item != NULL) { 406 proto_item_set_hidden(private_data->key_hidden_item); 407 } 408 409 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 410 &gbl_keytype); 411 private_data->key.keytype = gbl_keytype; 412 413#.FN_BODY EncryptionKey/keyvalue VAL_PTR=&out_tvb 414 tvbuff_t *out_tvb; 415 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 416 417%(DEFAULT_BODY)s 418 419 private_data->key.keylength = tvb_reported_length(out_tvb); 420 private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength); 421 private_data->key_tree = tree; 422 private_data->key_tvb = out_tvb; 423 424#.FN_BODY EncryptionKey 425 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 426##ifdef HAVE_KERBEROS 427 int start_offset = offset; 428##endif 429 430 %(DEFAULT_BODY)s 431 432 if (private_data->key.keytype != 0 && private_data->key.keylength > 0) { 433##ifdef HAVE_KERBEROS 434 int length = offset - start_offset; 435 private_data->last_added_key = NULL; 436 private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree, 437 private_data->save_encryption_key_parent_hf_index, 438 hf_index); 439 private_data->last_added_key = NULL; 440##endif 441 } 442 443#.FN_BODY Authenticator/_untag/subkey 444 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 445 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 446 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 447 private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator; 448##ifdef HAVE_KERBEROS 449 private_data->save_encryption_key_fn = save_Authenticator_subkey; 450##endif 451%(DEFAULT_BODY)s 452 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 453 private_data->save_encryption_key_fn = saved_encryption_key_fn; 454 455#.FN_BODY EncAPRepPart/_untag/subkey 456 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 457 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 458 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 459 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart; 460##ifdef HAVE_KERBEROS 461 private_data->save_encryption_key_fn = save_EncAPRepPart_subkey; 462##endif 463%(DEFAULT_BODY)s 464 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 465 private_data->save_encryption_key_fn = saved_encryption_key_fn; 466 467#.FN_BODY EncKDCRepPart/key 468 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 469 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 470 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 471 switch (private_data->msg_type) { 472 case KERBEROS_APPLICATIONS_AS_REP: 473 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart; 474 break; 475 case KERBEROS_APPLICATIONS_TGS_REP: 476 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart; 477 break; 478 default: 479 private_data->save_encryption_key_parent_hf_index = -1; 480 } 481##ifdef HAVE_KERBEROS 482 private_data->save_encryption_key_fn = save_EncKDCRepPart_key; 483##endif 484%(DEFAULT_BODY)s 485 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 486 private_data->save_encryption_key_fn = saved_encryption_key_fn; 487 488#.FN_BODY EncTicketPart/_untag/key 489 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 490 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 491 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 492 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart; 493##ifdef HAVE_KERBEROS 494 private_data->save_encryption_key_fn = save_EncTicketPart_key; 495##endif 496%(DEFAULT_BODY)s 497 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 498 private_data->save_encryption_key_fn = saved_encryption_key_fn; 499 500#.FN_BODY KrbCredInfo/key 501 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 502 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 503 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 504 private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item; 505##ifdef HAVE_KERBEROS 506 private_data->save_encryption_key_fn = save_KrbCredInfo_key; 507##endif 508%(DEFAULT_BODY)s 509 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 510 private_data->save_encryption_key_fn = saved_encryption_key_fn; 511 512#.FN_BODY PA-KERB-KEY-LIST-REP/_item 513 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 514 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 515 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 516 private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key; 517##ifdef HAVE_KERBEROS 518 private_data->save_encryption_key_fn = save_encryption_key; 519##endif 520%(DEFAULT_BODY)s 521 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 522 private_data->save_encryption_key_fn = saved_encryption_key_fn; 523 524#.FN_BODY AUTHDATA-TYPE VAL_PTR=&(private_data->ad_type) 525 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 526%(DEFAULT_BODY)s 527 528#.FN_BODY AuthorizationData/_item/ad-data 529 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 530 531 switch(private_data->ad_type){ 532 case KERBEROS_AD_WIN2K_PAC: 533 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC); 534 break; 535 case KERBEROS_AD_IF_RELEVANT: 536 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT); 537 break; 538 case KERBEROS_AD_AUTHENTICATION_STRENGTH: 539 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); 540 break; 541 case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION: 542 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE); 543 break; 544 case KERBEROS_AD_TOKEN_RESTRICTIONS: 545 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY); 546 break; 547 case KERBEROS_AD_AP_OPTIONS: 548 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS); 549 break; 550 case KERBEROS_AD_TARGET_PRINCIPAL: 551 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL); 552 break; 553 default: 554 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); 555 break; 556 } 557 558#.FN_BODY S4UUserID/subject-certificate 559 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate); 560 561#.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type) 562 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 563%(DEFAULT_BODY)s 564 565#.FN_BODY KDC-REQ-BODY 566 conversation_t *conversation; 567 568 /* 569 * UDP replies to KDC_REQs are sent from the server back to the client's 570 * source port, similar to the way TFTP works. Set up a conversation 571 * accordingly. 572 * 573 * Ref: Section 7.2.1 of 574 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt 575 */ 576 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) { 577 conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP, 578 actx->pinfo->srcport, 0, NO_PORT_B); 579 if (conversation == NULL) { 580 conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP, 581 actx->pinfo->srcport, 0, NO_PORT2); 582 conversation_set_dissector(conversation, kerberos_handle_udp); 583 } 584 } 585 586 %(DEFAULT_BODY)s 587 588#.FN_BODY KRB-SAFE-BODY/user-data 589 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 590 tvbuff_t *new_tvb; 591 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); 592 if (new_tvb) { 593 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks); 594 } 595 596#.FN_BODY EncKrbPrivPart/user-data 597 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 598 tvbuff_t *new_tvb; 599 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); 600 if (new_tvb) { 601 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks); 602 } 603 604#.FN_HDR EncKDCRepPart/encrypted-pa-data 605 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 606 private_data->is_enc_padata = TRUE; 607 608#.FN_FTR EncKDCRepPart/encrypted-pa-data 609 private_data->is_enc_padata = FALSE; 610 611#.FN_BODY EncryptedKrbFastReq/cipher 612##ifdef HAVE_KERBEROS 613 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq); 614##else 615%(DEFAULT_BODY)s 616##endif 617 return offset; 618 619#.FN_BODY EncryptedKrbFastResponse/cipher 620##ifdef HAVE_KERBEROS 621 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse); 622##else 623%(DEFAULT_BODY)s 624##endif 625 return offset; 626 627#.FN_BODY EncryptedChallenge/cipher 628##ifdef HAVE_KERBEROS 629 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge); 630##else 631%(DEFAULT_BODY)s 632##endif 633 return offset; 634 635#.FN_BODY KrbFastArmorTypes VAL_PTR=&(private_data->fast_type) 636 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 637%(DEFAULT_BODY)s 638 639#.FN_BODY KrbFastArmor/armor-value 640 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 641 642 switch(private_data->fast_type){ 643 case KERBEROS_FX_FAST_ARMOR_AP_REQUEST: 644 private_data->fast_armor_within_armor_value++; 645 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications); 646 private_data->fast_armor_within_armor_value--; 647 break; 648 default: 649 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); 650 break; 651 } 652 653#.FN_BODY PA-SPAKE VAL_PTR=&(private_data->padata_type) 654 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 655%(DEFAULT_BODY)s 656#.FN_FTR PA-SPAKE 657 if(tree){ 658 proto_item_append_text(tree, " %s", 659 val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals, 660 "Unknown:%d")); 661 } 662